Hi, We're migrating a working web application from Java 1.4.2 to Java 1.5. Our 1.4.2 application used xmlsec-1.2.1 and worked fine. We've upgraded to xmlsec-1.4.1 in the process and we have encountered a problem that occurs when we try to sign/verify multiple documents with the same key pair:
Consider a scenario when multiple XML documents need to be signed and verified with the same key pair. (The verification is just to confirm that signing worked). Therefore, for a given KeyPair instance, we do the following on each iteration: 1. XMLSignature sig = new XMLSignature(....); 2. Sign XML document with PrivateKey 3. Verify XML document with PublicKey (sanity check) The problem occurs on the second iteration. It appears that, because we are using the same PrivateKey to sign on each iteration, the code remains initialised for verification (a result of step 3 above), and is not re-initialised for signing as it is using a cached Private Key. We were unable to find an API call to resolve this. We made changes to SignatureAlgorithm::initSign(Key) and SignatureAlgorithm::initVerify(Key) so that cached keys were no longerused. We are therefore always calling the engineInitSign(Key) and engineInitVerify(Key) on the SignatureAlgorithm implementation. Just wondering if:
a) we have missing something obvious here OR b) this is a legitimate limitation that may need to be addressed in code Thanks in advance, Kevin
smime.p7s
Description: S/MIME Cryptographic Signature
