Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 38062 invoked from network); 3 Nov 2006 09:34:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Nov 2006 09:34:14 -0000 Received: (qmail 76101 invoked by uid 500); 3 Nov 2006 09:34:25 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 76084 invoked by uid 500); 3 Nov 2006 09:34:25 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 76068 invoked by uid 99); 3 Nov 2006 09:34:25 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Nov 2006 01:34:25 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of raul.benito.garcia@gmail.com designates 66.249.82.224 as permitted sender) Received: from [66.249.82.224] (HELO wx-out-0506.google.com) (66.249.82.224) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Nov 2006 01:34:13 -0800 Received: by wx-out-0506.google.com with SMTP id r21so473815wxc for ; Fri, 03 Nov 2006 01:33:52 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=uc2TB/ibpl9bvgtg3ohqFUI3Mi70Xe3b/Z3JJn8ZgA4qXde26ZxTekLPcmEiqvIQigyrQSTCupPyShysdKyJfhWJezq00h7OwPhdBYeLi8er9afRN1DVz/Iwspm7flls3zKj6iX7vgNv5GsOroZhU3uQ+e/ACTbq39GYnytaY7Q= Received: by 10.90.86.10 with SMTP id j10mr7201agb.1162546432333; Fri, 03 Nov 2006 01:33:52 -0800 (PST) Received: by 10.90.50.20 with HTTP; Fri, 3 Nov 2006 01:33:52 -0800 (PST) Message-ID: <949ac9410611030133u67f9ed54nf03132bed4c9b934@mail.gmail.com> Date: Fri, 3 Nov 2006 10:33:52 +0100 From: "Raul Benito" Sender: raul.benito.garcia@gmail.com To: security-dev@xml.apache.org Subject: Re: Cannot sign-verify twice in the same thread with different XMLSignature instances In-Reply-To: <559c463d0611030112j43ce2be0oa97b37ae55a80633@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <559c463d0611030112j43ce2be0oa97b37ae55a80633@mail.gmail.com> X-Google-Sender-Auth: 4f82be618560f89d X-Virus-Checked: Checked by ClamAV on apache.org Hi Ruchith, It looks strange to me, because all the junits that we pass do in essence what are you describing(several verifying in one thread). But on the other hand your explanation looks sound. What version of xmlsec are you using? Can you post a simple test case that triggers this error? Regards, Raul On 11/3/06, Ruchith Fernando wrote: > Hi Devs, > > I ran into an "java.security.SignatureException: object not > initialized for verification" exception when trying to do sign and > verify *twice* in the same thread, using different XMLSignature > instances. > > I tracked this down to the use of "keysVerify" thread local tracker in > org.apache.xml.security.algorithms.SignatureAlgorithm to tack the > initialization of the java.security.Signature instance with > private/public keys. > > When the first signature verification occurs the public key is set in > "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies > successfully. But when we try to carryout the second verification the > "keysVerify" returns the same key for the thread and the > java.security.Signature instance is not initialized with the public > key. Therefore we run into the above exception. > > What do you folks think? Have I overlooked something in my scenario? > > Thanks, > Ruchith > > -- > www.ruchith.org > -- http://r-bg.com