Yeah you may be right, though I don't think the behavior has ever been
documented one way or another. Hoping Raul will answer as he is more
familiar with that code than I am.
JSR 105 is consistent with your view and documents the behavior. If the
contents of the document are subsequently modified, then you need to
instantiate a new XMLSignature object.
--Sean
Scott Cantor wrote:
Sean Mullan wrote on 2009-03-25:
I don't think the behavior is intentional. Can you please file a bug at
http://issues.apache.org/bugzilla in the security category and attach
your test case?
At least dating back to the 1.2 days, it was quite intentional. I found
numerous issues with reusing the objects back then because the library
wouldn't reparse the result of signing so that information like the KeyInfo
would be populated. At the time it seemed quite unsupported to do this, but
I don't know if that's changed.
-- Scott
