Hi Raul, On 11/5/06, Raul Benito <[EMAIL PROTECTED]> wrote:
You Wss4j guy always using untested XMLSignature constructors!!! ;) Just joking. You hit again another XMLSignature constructor that there is no unit test for it. The problem is that for creating new Signatures(for signing) public XMLSignature( Document doc, String BaseURI, Element SignatureMethodElem, Element CanonicalizationMethodElem) throws XMLSecurityExceptionUse the SignatureAlgorithm (Element) constructor, that normally is only used for verifying.
I just reviewed the WSS4J signature code ...the reason for using this constructor is to provide the "CanonicalizationMethod" element carrying an "InclusiveNamespaces" element, to be included in "SignedInfo". See here [1] for the code snippet from WSS4J where we create the XMLSignature instance.
The SignatureAlgorith obtain a java.security.Signature from the verifying pool but is going to be use for signing and when latter is recycled for verifying it gives you the error. Now the SignatureAlgorihtm is more lazy and only obtains a signature when asked for sign or verify and obtain it from the right pool. Anyway you are doing a lot of redundat work creating firs a SignatureAlgorithm DOMificated it and later make the XMLSignature library read it again from DOM. (Before the fix it will be worse as it obtain a new java.security.Signature that is even slower). Perhaps I should take a look in WSS4J for performance improvements.
A big +1 !
Can you raise a bug report in bugzilla, for proper tracking?
will do. Thanks, Ruchith [1] http://rafb.net/paste/results/TYGEY793.html
Regards, And thanks for finding the bug. On 11/4/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Hi Raul, > > I was able to reproduce the issue. > > Please drop the attached interop.jks file to your classpath along with > xml-sec and other pre-reqs and run the test case (TestSig.java). I ran > this inside my IDE within the xml-security project. > > The exception stack trace is here : > http://rafb.net/paste/results/QSCZ1587.html > > Thanks, > Ruchith > > On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > > Can you also post the exception backtrace? > > Regards, > > > > On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > > > Hi Ruchith, > > > It is not feasible for me to checkout the whole wss4j in order to see > > > the problem. > > > Did the problem arise when you do something like this? > > > PrivateKey xk; PublicKey pk=xk.getPublickKey(); > > > XMLSignature s1=...; > > > XMLSignature s2=...; > > > s1.sign(xk); > > > s2.sign(xk); > > > s1.checkSignatureValue(pk); > > > > > > Or other kind of sequence? > > > Regards, > > > > > > > > > > > > On 11/3/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > > > > Hi Raul, > > > > > > > > I'm using the SVN head (revision : 470741). > > > > > > > > I'm working on fixing the issue dims reported yesterday[1] and fixing > > > > WSS4J/Rampart and AXIOM to work with the changes :-). And I have a > > > > patch for [1] which I will post soon. > > > > > > > > I will try to send a test case as soon as I possible, > > > > > > > > Until then you can easily reproduce the error with WSS4J test suite. > > > > You can get a chackout of [2] and simply run "ant clean test" to run > > > > the unit tests after replacing the xml-sec-1.3.0.jar in the lib dir > > > > with the latest. > > > > > > > > Thanks, > > > > Ruchith > > > > > > > > [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40880 > > > > [2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk > > > > > > > > On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > > > > > Hi Ruchith, > > > > > > > > > > It looks strange to me, because all the junits that we pass do in > > > > > essence what are you describing(several verifying in one thread). But > > > > > on the other hand your explanation looks sound. > > > > > What version of xmlsec are you using? > > > > > Can you post a simple test case that triggers this error? > > > > > > > > > > Regards, > > > > > > > > > > Raul > > > > > > > > > > On 11/3/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > > > > > > Hi Devs, > > > > > > > > > > > > I ran into an "java.security.SignatureException: object not > > > > > > initialized for verification" exception when trying to do sign and > > > > > > verify *twice* in the same thread, using different XMLSignature > > > > > > instances. > > > > > > > > > > > > I tracked this down to the use of "keysVerify" thread local tracker in > > > > > > org.apache.xml.security.algorithms.SignatureAlgorithm to tack the > > > > > > initialization of the java.security.Signature instance with > > > > > > private/public keys. > > > > > > > > > > > > When the first signature verification occurs the public key is set in > > > > > > "keysVerify" in SignatureAlgorithm#initVerify(). And it verifies > > > > > > successfully. But when we try to carryout the second verification the > > > > > > "keysVerify" returns the same key for the thread and the > > > > > > java.security.Signature instance is not initialized with the public > > > > > > key. Therefore we run into the above exception. > > > > > > > > > > > > What do you folks think? Have I overlooked something in my scenario? > > > > > > > > > > > > Thanks, > > > > > > Ruchith > > > > > > > > > > > > -- > > > > > > www.ruchith.org > > > > > > > > > > > > > > > > > > > > > -- > > > > > http://r-bg.com > > > > > > > > > > > > > > > > > -- > > > > www.ruchith.org > > > > > > > > > > > > > -- > > > http://r-bg.com > > > > > > > > > -- > > http://r-bg.com > > > > > -- > www.ruchith.org > > > -- http://r-bg.com
-- www.ruchith.org
