Hi Hess, You have be hit by the infamous 38605 bug. http://issues.apache.org/bugzilla/show_bug.cgi?id=38605
You can obtain a beta of the new 1.4 release that will fix this problem here: http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar And you can help debugging the next version, so it does not happen the same problem again. Regards On 7/5/06, Hess Yvan <[EMAIL PROTECTED]> wrote:
It seems that XML Apache security (Version 1.3) is not thread safe. Here what I am doing and the errors encountered: I sign XML documents using XML apache security and just after a document has been signed it is verified (signature verification) using XML apache security. One thread treats one XML document after another. I have two kinds of errors that appear randomly: 1) I got a null pointer from XML Apache security Message: null Class: java.lang.NullPointerException Stack trace: java.lang.NullPointerException at org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver.engineResolveX509Certificate(Unknown Source) at org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certificate(Unknown Source) at org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResolvers(Unknown Source) at org.apache.xml.security.keys.KeyInfo.getX509Certificate(Unknown Source) at com.imtf.atlas.sphinx2.xmlsig.Verifier.verify(Verifier.java:646) 2) The verification failed saying that the XML document is not valid/corrupted (not the hash but the signature itself according the Apache log). If I run the same test in a single environment (all documents are treated by only on thread), I never got an error. Can somebody help me to resolve the problem? It is critical problem because our application failed and we have to work in a multi-thread environment. Thanks for your answer. Yvan Hess Yvan Hess Chief software architect http://www.imtf.com
-- http://r-bg.com
