https://issues.apache.org/bugzilla/show_bug.cgi?id=44991
Summary: Concurrent invocation of KeyInfo.getX509Certificate()
occasionally fails
Product: Security
Version: unspecified
Platform: PC
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: [EMAIL PROTECTED]
When executed concurrently in several threads,
org.apache.xml.security.keys.KeyInfo.getX509Certificate() occasionally returns
null.
The log entries made from the failing thread are:
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.KeyInfo
getX509CertificateFromInternalResolvers
Start getX509CertificateFromInternalResolvers() with 0 resolvers
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.KeyInfo
getX509Certificate
I couldn't find a X509Certificate using the per-KeyInfo key resolvers
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.KeyInfo
getX509CertificateFromStaticResolvers
Start getX509CertificateFromStaticResolvers() with 7 resolvers
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver
engineLookupResolveX509Certificate
Can I resolve X509Data?
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver
engineLookupResolveX509Certificate
I can't
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver
engineLookupResolveX509Certificate
Can I resolve X509Data?
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver
engineLookupResolveX509Certificate
I can't
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver
engineLookupResolveX509Certificate
Can I resolve X509Data?
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.utils.ElementProxy
<init>
setElement("X509Data", "http://www.w3.org/2000/09/xmldsig#";)
--------------------------------------------------
2008-05-13T20:21:50
org.apache.xml.security.keys.KeyInfo
getX509Certificate
I couldn't find a X509Certificate using the system-wide key resolvers
--------------------------------------------------
Possible cause:
KeyInfo.getX509CertificateFromStaticResolvers() operates on
org.apache.xml.security.keys.keyresolver.KeyResolver class: it iterates through
all KeyResolver items, trying to applyCurrentResolver(), and, in case of
success, calls KeyResolver.hit().
When getX509CertificateFromStaticResolvers() in Thread-1 founds a "good"
resolver at iteration, say, i=5, and calls hit(), that resolver is moved at the
beginning of the static KeyResolver._resolverVector list. If Thread-2 at the
same time executes getX509CertificateFromStaticResolvers() at iteration, say,
i=3, it will never see that resolver.
Possible fix:
With the present design, it seems, KeyResolver can not support item() and hit()
methods together, since hit() changes the order of the _resolverVector items.
Either hit() should be removed or a copy of _resolverVector should be made
before accessing it's elements.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
