I have this Spring Boot app branch CAS_integration
in Java 8 that I integrated with an Apereo CAS server. To do so I added an Apereo CAS client to the dependencies of the project.
Everything works, but since I added the Apereo CAS client dependency the startup time of my app increased by 3 minutes.
Today I started debugging to see the cause of the issue or at least understand what the app is doing during that time.
I found out that the application is producing jdk.event.security
for more than 3 minutes, and is printing repeteadly the same data of four X509Certificates that I am not sure where are they coming from.
It seems that is not doing anything since it is just printing data. Before and after these prints there is no signals
This is the data of the 4 certificates that is printing over and over again (almost 100 MB of log text):
2024-01-19 15:42:11.125 DEBUG 423972 --- [ main] jdk.event.security : X509Certificate: Alg:SHA1withDSA, Serial:10, Subject:CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US, Issuer:CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US, Key type:DSA, Length:1024, Cert Id:1776909028, Valid from:4/25/01, 9:00 AM, Valid until:4/25/20, 9:00 AM
2024-01-19 15:42:11.125 DEBUG 423972 --- [ main] jdk.event.security : X509Certificate: Alg:SHA1withDSA, Serial:47f, Subject:CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc, Issuer:CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US, Key type:DSA, Length:1024, Cert Id:-2023852845, Valid from:3/11/17, 2:15 AM, Valid until:4/25/20, 9:00 AM
2024-01-19 15:42:11.127 DEBUG 423972 --- [ main] jdk.event.security : X509Certificate: Alg:SHA256withRSA, Serial:d424ae0be3a88ff604021ce1400f0dd, Subject:CN=DigiCert Timestamp 2021, O="DigiCert, Inc.", C=US, Issuer:CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Key type:RSA, Length:2048, Cert Id:1348208542, Valid from:1/1/21, 1:00 AM, Valid until:1/6/31, 1:00 AM
2024-01-19 15:42:11.127 DEBUG 423972 --- [ main] jdk.event.security : X509Certificate: Alg:SHA256withRSA, Serial:aa125d6d6321b7e41e405da3697c215, Subject:CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Issuer:CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Key type:RSA, Length:2048, Cert Id:-1680473293, Valid from:1/7/16, 1:00 PM, Valid until:1/7/31, 1:00 PM
Does anybody has any idea what is happening and why these certificates are print over and over again? I would like to reduce a little the startup time of my application.
I spent many days trying to find the problem. What finally did the trick was doing a general refactor of my project. What I did was the following:
pom.xml
by changing the targeted version of Java of my project and also changing the version of java that I had installed.pom.xml
by removing old dependencies that I could rid of because of upgrading to java 17 or that were not used anymore.