Increase public key cache size for Jwks [DPP-681] (#13802)

* Increase public key cache size for Jwks to decrease the risk of DDOS attack. CHANGELOG_BEGIN CHANGELOG_END * Update ledger-service/jwt/src/main/scala/com/digitalasset/jwt/JwksVerifier.scala Co-authored-by: Robert Autenrieth <31539813+rautenrieth-da@users.noreply.github.com> Co-authored-by: Robert Autenrieth <31539813+rautenrieth-da@users.noreply.github.com>
digital-asset · May 6, 2022 · e32a1e6 · e32a1e6
1 parent 8c31310
commit e32a1e6
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/ledger-service/jwt/src/main/scala/com/digitalasset/jwt/JwksVerifier.scala b/ledger-service/jwt/src/main/scala/com/digitalasset/jwt/JwksVerifier.scala
@@ -31,7 +31,9 @@ import scalaz.syntax.show._
   */
 class JwksVerifier(
     url: URL,
-    cacheMaxSize: Long = 10,
+    // Large enough such that malicious users can't cycle through all keys from reasonably sized JWKS,
+    // forcing cache eviction and thus introducing additional latency.
+    cacheMaxSize: Long = 1000,
     cacheExpirationTime: Long = 10,
     cacheExpirationUnit: TimeUnit = TimeUnit.HOURS,
     connectionTimeout: Long = 10,