Bug 47097 - Reusing XMLSignature for signing and verifying fails on same thread
Reusing XMLSignature for signing and verifying fails on same thread
Product: Security - Now in JIRA
Classification: Unclassified
Component: Signature
Java 1.4.2
PC Mac OS X 10.4
: P2 normal
: ---
Assigned To: XML Security Developers Mailing List
: 44204 (view as bug list)
Depends on:
  Show dependency tree
Reported: 2009-04-26 06:45 UTC by Bruno Harbulot
Modified: 2009-06-18 03:45 UTC (History)
1 user (show)

Maven2 test-case (2.52 KB, application/x-tar)
2009-04-26 06:45 UTC, Bruno Harbulot

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Harbulot 2009-04-26 06:45:38 UTC
Created attachment 23543 [details]
Maven2 test-case

If the same instance of XMLSignature is used on the same thread for verifying after being used for signing, this exception occurs:
org.apache.xml.security.signature.XMLSignatureException: object not initialized for verification 
If the verification is done on a different thread, it works fine.

I believe this is due to:

due to org.apache.xml.security.algorithms.SignatureAlgorithm#initializeAlgorithm(boolean):

    private void initializeAlgorithm(boolean isForSigning)
        throws XMLSignatureException {
        if (_signatureAlgorithm!=null) {
        _signatureAlgorithm=isForSigning ? getInstanceForSigning(algorithmURI) :

If '_signatureAlgorithm' has already been initialised, even if it's not for the purpose intended for another use, it won't be initialised again. Commenting out the 'if' block solves the problem.

I've noticed that there was an 'isForSigning' field commented out in revision 515521, which completely disappeared in revision 695520 (current one). I guess it might have been the original intent for this flag.
Comment 1 sean.mullan 2009-05-06 14:29:11 UTC
Fixed as suggested in HEAD. Thanks for the test case!
Comment 2 coheigea 2009-06-18 03:45:07 UTC
*** Bug 44204 has been marked as a duplicate of this bug. ***