santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: XML security seems to be not thread safe...Please Help
Date Wed, 05 Jul 2006 16:19:03 GMT
Hi Hess,
You have be hit by the infamous 38605 bug.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38605

You can obtain a beta of the new 1.4 release that will fix this problem here:
http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar

And you can help debugging the next version, so it does not happen the
same problem again.

Regards

On 7/5/06, Hess Yvan <Yvan.Hess@imtf.ch> wrote:
>
>
>
> It seems that XML Apache security (Version 1.3) is not thread safe. Here
> what I am doing and the errors encountered:
>
>
>
> I sign XML documents using XML apache security and just after a document has
> been signed it is verified (signature verification) using XML apache
> security. One thread treats one XML document after another.
>
>
>
> I have two kinds of errors that appear randomly:
>
>
>
> 1) I got a null pointer from XML Apache security
>
>
>
> Message: null
> Class: java.lang.NullPointerException
> Stack trace:
> java.lang.NullPointerException
>  at
> org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver.engineResolveX509Certificate(Unknown
> Source)
>  at
> org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certificate(Unknown
> Source)
>  at
> org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResolvers(Unknown
> Source)
>  at
> org.apache.xml.security.keys.KeyInfo.getX509Certificate(Unknown
> Source)
>  at
> com.imtf.atlas.sphinx2.xmlsig.Verifier.verify(Verifier.java:646)
>
>
>
> 2) The verification failed saying that the XML document is not
> valid/corrupted  (not the hash but the signature itself according the Apache
> log).
>
>
>
> If I run the same test in a single environment (all documents are treated by
> only on thread), I never got an error.
>
>
>
> Can somebody help me to resolve the problem? It is critical problem because
> our application failed and we have to work in a multi-thread environment.
>
>
>
> Thanks for your answer. Yvan Hess
>
>
>
> Yvan Hess
>
> Chief software architect
>
> http://www.imtf.com
>
>


-- 
http://r-bg.com

Mime
View raw message