santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: Cannot sign-verify twice in the same thread with different XMLSignature instances
Date Fri, 03 Nov 2006 10:08:03 GMT
Hi Raul,

I'm using the SVN head (revision : 470741).

I'm working on fixing the issue dims reported yesterday[1] and fixing
WSS4J/Rampart and AXIOM to work with the changes :-). And I have a
patch for [1] which I will post soon.

I will try to send a test case as soon as I possible,

Until then you can easily reproduce the error with WSS4J test suite.
You can get a chackout of [2] and simply run "ant clean test" to run
the unit tests after replacing  the xml-sec-1.3.0.jar in the lib dir
with the latest.

Thanks,
Ruchith

[1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40880
[2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk

On 11/3/06, Raul Benito <raul@apache.org> wrote:
> Hi Ruchith,
>
> It looks strange to me, because all the junits that we pass do in
> essence what are you describing(several verifying in one thread). But
> on the other hand your explanation looks sound.
> What version of xmlsec are you using?
> Can you post a simple test case that triggers this error?
>
> Regards,
>
> Raul
>
> On 11/3/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > Hi Devs,
> >
> > I ran into an "java.security.SignatureException: object not
> > initialized for verification" exception when trying to do sign and
> > verify *twice* in the same thread, using different XMLSignature
> > instances.
> >
> > I tracked this down to the use of "keysVerify" thread local tracker in
> > org.apache.xml.security.algorithms.SignatureAlgorithm to tack the
> > initialization of the java.security.Signature instance with
> > private/public keys.
> >
> > When the first signature verification occurs the public key is set in
> > "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies
> > successfully. But when we try to carryout the second verification the
> > "keysVerify" returns the same key for the thread and the
> > java.security.Signature instance is not initialized with the public
> > key. Therefore we run into the above exception.
> >
> > What do you folks think? Have I overlooked something in my scenario?
> >
> > Thanks,
> > Ruchith
> >
> > --
> > www.ruchith.org
> >
>
>
> --
> http://r-bg.com
>


-- 
www.ruchith.org

Mime
View raw message