santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: SignatureAlgorithm problem with initSign and initVerify methods (xmlsec-1.4.1)
Date Tue, 12 Jun 2007 13:35:01 GMT
Hi Kevin,
It seems a bug, can you write a test case that shows the same problem?
and attached it to a bugzilla entry

Regards,

Raul

On 6/12/07, Kevin Troy <kevin.troy@digitary.net> wrote:
> Hi,
>
> We're migrating a working web application from Java 1.4.2 to Java 1.5.
> Our 1.4.2 application used xmlsec-1.2.1 and worked fine. We've upgraded
> to xmlsec-1.4.1 in the process and we have encountered a problem that
> occurs when we try to sign/verify multiple documents with the same key
> pair:
>
> Consider a scenario when multiple XML documents need to be signed and
> verified with the same key pair. (The verification is just to confirm
> that signing worked). Therefore, for a given KeyPair instance, we do the
> following on each iteration:
>
> 1. XMLSignature sig = new XMLSignature(....);
> 2. Sign XML document with PrivateKey
> 3. Verify XML document with PublicKey (sanity check)
>
>
> The problem occurs on the second iteration. It appears that, because we
> are using the same PrivateKey to sign on each iteration, the code
> remains initialised for verification (a result of step 3 above), and is
> not re-initialised for signing as it is using a cached Private Key.
>
> We were unable to find an API call to resolve this. We made changes to
> SignatureAlgorithm::initSign(Key) and
> SignatureAlgorithm::initVerify(Key) so that cached keys were no longer
> used. We are therefore always calling the engineInitSign(Key) and
> engineInitVerify(Key) on the SignatureAlgorithm implementation.
> Just wondering if:
>
> a) we have missing something obvious here
> OR
> b) this is a legitimate limitation that may need to be addressed in code
>
>
> Thanks in advance,
>
> Kevin
>
>
>
>
>
>


-- 
http://r-bg.com

Mime
View raw message