Cache the Google Cloud private key when the alias contains the versio…

…n or the algorithm
ebourg · Apr 30, 2024 · 7b5b22f · 7b5b22f
1 parent 9e6df4d
commit 7b5b22f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/jsign-core/src/main/java/net/jsign/jca/GoogleCloudSigningService.java b/jsign-core/src/main/java/net/jsign/jca/GoogleCloudSigningService.java
@@ -156,6 +156,8 @@ public SigningServicePrivateKey getPrivateKey(String alias, char[] password) thr
 
         SigningServicePrivateKey key = new SigningServicePrivateKey(alias, algorithm, this);
         keys.put(alias, key);
+        keys.put(alias.substring(0, alias.indexOf("/cryptoKeyVersions")), key); // cache without the version
+        keys.put(alias + ":" + algorithm, key); // cache with the algorithm appended
         return key;
     }
 

diff --git a/jsign-core/src/test/java/net/jsign/jca/GoogleCloudSigningServiceTest.java b/jsign-core/src/test/java/net/jsign/jca/GoogleCloudSigningServiceTest.java
@@ -153,6 +153,10 @@ public void testGetPrivateKey(String alias, boolean certificate) throws Exceptio
         assertNotNull("null key", key);
         assertEquals("id", "projects/fifth-glider-316809/locations/global/keyRings/jsignkeyring/cryptoKeys/jsign-rsa-2048/cryptoKeyVersions/2", key.getId());
         assertEquals("algorithm", "RSA", key.getAlgorithm());
+
+        // check if the key is cached
+        SigningServicePrivateKey key2 = service.getPrivateKey(alias, null);
+        assertSame("private key not cached", key, key2);
     }
 
     @Test