santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: Cannot sign-verify twice in the same thread with different XMLSignature instances
Date Fri, 03 Nov 2006 09:33:52 GMT
Hi Ruchith,

It looks strange to me, because all the junits that we pass do in
essence what are you describing(several verifying in one thread). But
on the other hand your explanation looks sound.
What version of xmlsec are you using?
Can you post a simple test case that triggers this error?

Regards,

Raul

On 11/3/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> Hi Devs,
>
> I ran into an "java.security.SignatureException: object not
> initialized for verification" exception when trying to do sign and
> verify *twice* in the same thread, using different XMLSignature
> instances.
>
> I tracked this down to the use of "keysVerify" thread local tracker in
> org.apache.xml.security.algorithms.SignatureAlgorithm to tack the
> initialization of the java.security.Signature instance with
> private/public keys.
>
> When the first signature verification occurs the public key is set in
> "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies
> successfully. But when we try to carryout the second verification the
> "keysVerify" returns the same key for the thread and the
> java.security.Signature instance is not initialized with the public
> key. Therefore we run into the above exception.
>
> What do you folks think? Have I overlooked something in my scenario?
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>


-- 
http://r-bg.com

Mime
View raw message