DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41519>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41519 Summary: Cannot generate with the same key but different algorithms Product: Security Version: Java 1.3 Platform: All OS/Version: All Status: NEW Keywords: PatchAvailable Severity: major Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] If you issue a second signature but with different algorithm, e.g., RSAWithSHA1 for the first signature, and RSAWithRipeMD160 for the second, you will get the exception that says: org.apache.xml.security.signature.XMLSignatureException: object not initialized for signature or verification Original Exception was java.security.SignatureException: object not initialized for signature or verification at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineUpdate(SignatureBaseRSA.java:203) at org.apache.xml.security.algorithms.SignatureAlgorithm.update(SignatureAlgorithm.java:249) at org.apache.xml.security.utils.SignerOutputStream.write(SignerOutputStream.java:64) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(UnsyncBufferedOutputStream.java:69) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(UnsyncBufferedOutputStream.java:85) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(UnsyncBufferedOutputStream.java:91) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:207) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:121) at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Canonicalizer.java:268) at org.apache.xml.security.signature.SignedInfo.signInOctectStream(SignedInfo.java:286) at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:501) at org.apache.xml.security.samples.signature.CopyOfCreateSignature.sign(CopyOfCreateSignature.java:172) at org.apache.xml.security.samples.signature.CopyOfCreateSignature.main(CopyOfCreateSignature.java:83) java.security.SignatureException: object not initialized for signature or verification at java.security.Signature.update(Signature.java:690) at org.apache.xml.security.algorithms.implementations.SignatureBaseRSA.engineUpdate(SignatureBaseRSA.java:201) at org.apache.xml.security.algorithms.SignatureAlgorithm.update(SignatureAlgorithm.java:249) at org.apache.xml.security.utils.SignerOutputStream.write(SignerOutputStream.java:64) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(UnsyncBufferedOutputStream.java:69) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(UnsyncBufferedOutputStream.java:85) at org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(UnsyncBufferedOutputStream.java:91) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:207) at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:121) at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Canonicalizer.java:268) at org.apache.xml.security.signature.SignedInfo.signInOctectStream(SignedInfo.java:286) at org.apache.xml.security.signature.XMLSignature.sign(XMLSignature.java:501) at org.apache.xml.security.samples.signature.CopyOfCreateSignature.sign(CopyOfCreateSignature.java:172) at org.apache.xml.security.samples.signature.CopyOfCreateSignature.main(CopyOfCreateSignature.java:83). This problem is caused by the initSign method in class SignatureAlgorithm: [1] public void initSign(Key signingKey) throws XMLSignatureException { [2] initializeAlgorithm(true); [3] if (keysSigning.get()==signingKey) { [4] return; [5] } [6] keysSigning.set(signingKey); [7] this._signatureAlgorithm.engineInitSign(signingKey); [8] } The lines 3-5 should be commented to solve above problem. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
