Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8031191

Warning exception when XMLSignature logging is enabled

    Details

      Backports

        Description

        A "Signature.init() not first method called, disabling delayed provider selection" warning is given from com.sun.org.apache.xml.internal.security.signature.XMLSignature class if FINE level logging is enabled. It's a result of calling the SignatureBaseRSA.engineGetJCEProviderName method before initializing the Signature.

        Stack trace :

        Signature: Signature.init() not first method called, disabling delayed provider selection
        java.lang.Exception: Call trace
            at java.security.Signature$Delegate.chooseFirstProvider(Signature.java:972)
            at java.security.Signature.getProvider(Signature.java:400)
            at com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA.engineGetJCEProviderName(SignatureBaseRSA.java:224)
            at com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm.getJCEProviderName(SignatureAlgorithm.java:195)
            at com.sun.org.apache.xml.internal.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:638)
            at com.sun.identity.saml.xmlsig.AMSignatureProvider.verifyXMLSignature(AMSignatureProvider.java:1419)

        Fix is simply to move the "sa.initVerify(pk);" call up before the logging code


        ====

        @@ -632,13 +634,13 @@ private Element signatureValueElement;
                  //create a SignatureAlgorithms from the SignatureMethod inside
                  //SignedInfo. This is used to validate the signature.
                  SignatureAlgorithm sa =si.getSignatureAlgorithm();
        + sa.initVerify(pk);
                  if (log.isLoggable(java.util.logging.Level.FINE)) {
                         log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI());
                         log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
                         log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
                         log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
                  }
        - sa.initVerify(pk);
         
                  // Get the canonicalized (normalized) SignedInfo
                  SignerOutputStream so=new SignerOutputStream(sa);

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coffeys Sean Coffey
                  Reporter:
                  coffeys Sean Coffey
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: