It seems that XML Apache
security (Version 1.3) is not thread safe. Here what I am doing
and the errors encountered:
I sign XML documents using XML
apache security and just after a document has been signed it is verified
(signature verification) using XML apache security. One thread treats one XML
document after another.
I have two kinds of errors that appear randomly:
1) I got a null pointer from
XML Apache security
Message: null
Class:
java.lang.NullPointerException
Stack trace:
java.lang.NullPointerException
at
org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver.engineResolveX509Certificate(Unknown
Source)
at
org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certificate(Unknown
Source)
at
org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResolvers(Unknown
Source)
at
org.apache.xml.security.keys.KeyInfo.getX509Certificate(Unknown
Source)
at
com.imtf.atlas.sphinx2.xmlsig.Verifier.verify(Verifier.java:646)
2) The verification failed saying that the XML document is not valid/corrupted (not the hash but the signature itself according the Apache log).
If I run the same test in a single
environment (all documents are treated by
only on thread), I never got an error.
Can somebody help me to resolve the problem? It is critical problem because our application failed and we have to work in a multi-thread environment.
Thanks for your answer. Yvan Hess
Yvan Hess
Chief software
architect
http://www.imtf.com
