Hi Devs, I ran into an "java.security.SignatureException: object not initialized for verification" exception when trying to do sign and verify *twice* in the same thread, using different XMLSignature instances.
I tracked this down to the use of "keysVerify" thread local tracker in org.apache.xml.security.algorithms.SignatureAlgorithm to tack the initialization of the java.security.Signature instance with private/public keys. When the first signature verification occurs the public key is set in "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies successfully. But when we try to carryout the second verification the "keysVerify" returns the same key for the thread and the java.security.Signature instance is not initialized with the public key. Therefore we run into the above exception. What do you folks think? Have I overlooked something in my scenario? Thanks, Ruchith -- www.ruchith.org
