Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 30065 invoked from network); 26 Apr 2009 13:46:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 26 Apr 2009 13:46:05 -0000 Received: (qmail 67983 invoked by uid 500); 26 Apr 2009 13:46:04 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 67938 invoked by uid 500); 26 Apr 2009 13:46:04 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 67930 invoked by uid 99); 26 Apr 2009 13:46:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Apr 2009 13:46:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Apr 2009 13:46:02 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 5CFAB234C054; Sun, 26 Apr 2009 06:45:41 -0700 (PDT) From: bugzilla@apache.org To: security-dev@xml.apache.org Subject: DO NOT REPLY [Bug 47097] New: Reusing XMLSignature for signing and verifying fails on same thread X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Security X-Bugzilla-Component: Signature X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: Bruno.Harbulot@manchester.ac.uk X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: security-dev@xml.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Sun, 26 Apr 2009 06:45:41 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=47097 Summary: Reusing XMLSignature for signing and verifying fails on same thread Product: Security Version: Java 1.4.2 Platform: PC URL: http://mail-archives.apache.org/mod_mbox/xml-security- dev/200903.mbox/%3Cgq97pt$e5c$1@ger.gmane.org%3E OS/Version: Mac OS X 10.4 Status: NEW Severity: normal Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: Bruno.Harbulot@manchester.ac.uk Created an attachment (id=23543) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23543) Maven2 test-case If the same instance of XMLSignature is used on the same thread for verifying after being used for signing, this exception occurs: org.apache.xml.security.signature.XMLSignatureException: object not initialized for verification If the verification is done on a different thread, it works fine. I believe this is due to: due to org.apache.xml.security.algorithms.SignatureAlgorithm#initializeAlgorithm(boolean): private void initializeAlgorithm(boolean isForSigning) throws XMLSignatureException { if (_signatureAlgorithm!=null) { return; } _signatureAlgorithm=isForSigning ? getInstanceForSigning(algorithmURI) : getInstanceForVerify(algorithmURI); this._signatureAlgorithm .engineGetContextFromElement(this._constructionElement); } If '_signatureAlgorithm' has already been initialised, even if it's not for the purpose intended for another use, it won't be initialised again. Commenting out the 'if' block solves the problem. I've noticed that there was an 'isForSigning' field commented out in revision 515521 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=515521 ), which completely disappeared in revision 695520 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=695520 ) (current one). I guess it might have been the original intent for this flag. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.