santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hess Yvan" <Yvan.H...@imtf.ch>
Subject XML security seems to be not thread safe...Please Help
Date Wed, 05 Jul 2006 15:55:26 GMT
It seems that XML Apache security (Version 1.3) is not thread safe. Here
what I am doing and the errors encountered:

 

I sign XML documents using XML apache security and just after a document
has been signed it is verified (signature verification) using XML apache
security. One thread treats one XML document after another.

 

I have two kinds of errors that appear randomly:

 

1) I got a null pointer from XML Apache security 

 

Message: null
Class: java.lang.NullPointerException
Stack trace: 
java.lang.NullPointerException
 at
org.apache.xml.security.keys.keyresolver.implementations.X509Certificate
Resolver.engineResolveX509Certificate(Unknown Source)
 at
org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certific
ate(Unknown Source)
 at
org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResolve
rs(Unknown Source)
 at org.apache.xml.security.keys.KeyInfo.getX509Certificate(Unknown
Source)
 at com.imtf.atlas.sphinx2.xmlsig.Verifier.verify(Verifier.java:646)

 

2) The verification failed saying that the XML document is not
valid/corrupted  (not the hash but the signature itself according the
Apache log).

 

If I run the same test in a single environment (all documents are
treated by only on thread), I never got an error. 

 

Can somebody help me to resolve the problem? It is critical problem
because our application failed and we have to work in a multi-thread
environment.

 

Thanks for your answer. Yvan Hess

 

Yvan Hess 

Chief software architect

http://www.imtf.com <http://www.imtf.com/> 

 


Mime
View raw message