-
Bug
-
Resolution: Fixed
-
P4
-
9
-
b34
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8084404 | emb-9 | Sean Coffey | P4 | Resolved | Fixed | team |
| JDK-8237054 | openjdk8u252 | Sean Coffey | P4 | Resolved | Fixed | b01 |
A "Signature.init() not first method called, disabling delayed provider selection" warning is given from com.sun.org.apache.xml.internal.security.signature.XMLSignature class if FINE level logging is enabled. It's a result of calling the SignatureBaseRSA.engineGetJCEProviderName method before initializing the Signature.
Stack trace :
Signature: Signature.init() not first method called, disabling delayed provider selection
java.lang.Exception: Call trace
at java.security.Signature$Delegate.chooseFirstProvider(Signature.java:972)
at java.security.Signature.getProvider(Signature.java:400)
at com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA.engineGetJCEProviderName(SignatureBaseRSA.java:224)
at com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm.getJCEProviderName(SignatureAlgorithm.java:195)
at com.sun.org.apache.xml.internal.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:638)
at com.sun.identity.saml.xmlsig.AMSignatureProvider.verifyXMLSignature(AMSignatureProvider.java:1419)
Fix is simply to move the "sa.initVerify(pk);" call up before the logging code
====
@@ -632,13 +634,13 @@ private Element signatureValueElement;
//create a SignatureAlgorithms from the SignatureMethod inside
//SignedInfo. This is used to validate the signature.
SignatureAlgorithm sa =si.getSignatureAlgorithm();
+ sa.initVerify(pk);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI());
log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
}
- sa.initVerify(pk);
// Get the canonicalized (normalized) SignedInfo
SignerOutputStream so=new SignerOutputStream(sa);
Stack trace :
Signature: Signature.init() not first method called, disabling delayed provider selection
java.lang.Exception: Call trace
at java.security.Signature$Delegate.chooseFirstProvider(Signature.java:972)
at java.security.Signature.getProvider(Signature.java:400)
at com.sun.org.apache.xml.internal.security.algorithms.implementations.SignatureBaseRSA.engineGetJCEProviderName(SignatureBaseRSA.java:224)
at com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm.getJCEProviderName(SignatureAlgorithm.java:195)
at com.sun.org.apache.xml.internal.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:638)
at com.sun.identity.saml.xmlsig.AMSignatureProvider.verifyXMLSignature(AMSignatureProvider.java:1419)
Fix is simply to move the "sa.initVerify(pk);" call up before the logging code
====
@@ -632,13 +634,13 @@ private Element signatureValueElement;
//create a SignatureAlgorithms from the SignatureMethod inside
//SignedInfo. This is used to validate the signature.
SignatureAlgorithm sa =si.getSignatureAlgorithm();
+ sa.initVerify(pk);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI());
log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString());
log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName());
log.log(java.util.logging.Level.FINE, "PublicKey = " + pk);
}
- sa.initVerify(pk);
// Get the canonicalized (normalized) SignedInfo
SignerOutputStream so=new SignerOutputStream(sa);
- backported by
-
JDK-8084404 Warning exception when XMLSignature logging is enabled
-
- Resolved
-
-
-
- Resolved
-