Hi Ruchith, It is not feasible for me to checkout the whole wss4j in order to see the problem. Did the problem arise when you do something like this? PrivateKey xk; PublicKey pk=xk.getPublickKey(); XMLSignature s1=...; XMLSignature s2=...; s1.sign(xk); s2.sign(xk); s1.checkSignatureValue(pk);
Or other kind of sequence? Regards, On 11/3/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
Hi Raul, I'm using the SVN head (revision : 470741). I'm working on fixing the issue dims reported yesterday[1] and fixing WSS4J/Rampart and AXIOM to work with the changes :-). And I have a patch for [1] which I will post soon. I will try to send a test case as soon as I possible, Until then you can easily reproduce the error with WSS4J test suite. You can get a chackout of [2] and simply run "ant clean test" to run the unit tests after replacing the xml-sec-1.3.0.jar in the lib dir with the latest. Thanks, Ruchith [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40880 [2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > Hi Ruchith, > > It looks strange to me, because all the junits that we pass do in > essence what are you describing(several verifying in one thread). But > on the other hand your explanation looks sound. > What version of xmlsec are you using? > Can you post a simple test case that triggers this error? > > Regards, > > Raul > > On 11/3/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > > Hi Devs, > > > > I ran into an "java.security.SignatureException: object not > > initialized for verification" exception when trying to do sign and > > verify *twice* in the same thread, using different XMLSignature > > instances. > > > > I tracked this down to the use of "keysVerify" thread local tracker in > > org.apache.xml.security.algorithms.SignatureAlgorithm to tack the > > initialization of the java.security.Signature instance with > > private/public keys. > > > > When the first signature verification occurs the public key is set in > > "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies > > successfully. But when we try to carryout the second verification the > > "keysVerify" returns the same key for the thread and the > > java.security.Signature instance is not initialized with the public > > key. Therefore we run into the above exception. > > > > What do you folks think? Have I overlooked something in my scenario? > > > > Thanks, > > Ruchith > > > > -- > > www.ruchith.org > > > > > -- > http://r-bg.com > -- www.ruchith.org
-- http://r-bg.com
