santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: Cannot sign-verify twice in the same thread with different XMLSignature instances
Date Fri, 03 Nov 2006 15:30:44 GMT
Can you also post the exception backtrace?
Regards,

On 11/3/06, Raul Benito <raul@apache.org> wrote:
> Hi Ruchith,
> It is not feasible for me to checkout the whole wss4j in order to see
> the problem.
> Did the problem arise  when you do something like this?
> PrivateKey xk; PublicKey pk=xk.getPublickKey();
> XMLSignature s1=...;
> XMLSignature s2=...;
> s1.sign(xk);
> s2.sign(xk);
> s1.checkSignatureValue(pk);
>
> Or other kind of sequence?
> Regards,
>
>
>
> On 11/3/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > Hi Raul,
> >
> > I'm using the SVN head (revision : 470741).
> >
> > I'm working on fixing the issue dims reported yesterday[1] and fixing
> > WSS4J/Rampart and AXIOM to work with the changes :-). And I have a
> > patch for [1] which I will post soon.
> >
> > I will try to send a test case as soon as I possible,
> >
> > Until then you can easily reproduce the error with WSS4J test suite.
> > You can get a chackout of [2] and simply run "ant clean test" to run
> > the unit tests after replacing  the xml-sec-1.3.0.jar in the lib dir
> > with the latest.
> >
> > Thanks,
> > Ruchith
> >
> > [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40880
> > [2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk
> >
> > On 11/3/06, Raul Benito <raul@apache.org> wrote:
> > > Hi Ruchith,
> > >
> > > It looks strange to me, because all the junits that we pass do in
> > > essence what are you describing(several verifying in one thread). But
> > > on the other hand your explanation looks sound.
> > > What version of xmlsec are you using?
> > > Can you post a simple test case that triggers this error?
> > >
> > > Regards,
> > >
> > > Raul
> > >
> > > On 11/3/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > > > Hi Devs,
> > > >
> > > > I ran into an "java.security.SignatureException: object not
> > > > initialized for verification" exception when trying to do sign and
> > > > verify *twice* in the same thread, using different XMLSignature
> > > > instances.
> > > >
> > > > I tracked this down to the use of "keysVerify" thread local tracker in
> > > > org.apache.xml.security.algorithms.SignatureAlgorithm to tack the
> > > > initialization of the java.security.Signature instance with
> > > > private/public keys.
> > > >
> > > > When the first signature verification occurs the public key is set in
> > > > "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies
> > > > successfully. But when we try to carryout the second verification the
> > > > "keysVerify" returns the same key for the thread and the
> > > > java.security.Signature instance is not initialized with the public
> > > > key. Therefore we run into the above exception.
> > > >
> > > > What do you folks think? Have I overlooked something in my scenario?
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > >
> > >
> > > --
> > > http://r-bg.com
> > >
> >
> >
> > --
> > www.ruchith.org
> >
>
>
> --
> http://r-bg.com
>


-- 
http://r-bg.com

Mime
View raw message