Skip to Content.
Sympa Menu

mace-opensaml-users - Signature Validation Error: object not initialized for signature or verification

Subject: OpenSAML user discussion

List archive

Signature Validation Error: object not initialized for signature or verification


Chronological Thread 
  • From: "Dave Badia" <>
  • To:
  • Subject: Signature Validation Error: object not initialized for signature or verification
  • Date: Thu, 17 Jan 2008 10:50:53 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=VEL6ysxmm5jk25i9IiZJSUOiNO9JMbDTnX1O4IY191sKEEpwFOUpscgp9uG6Axjh92XxHvydWR5ZskzkWWbFNH3cgIyxp5mrhO3Z82pq+tDn9/UlNzfke+rJoPDDYrGkwGpCck7xgCvKR2Z/sics7au4cLakdTWGeSIYVpCdyNk=
Hi -
        I encountered this issue and have since found a resolution, but wanted to pass the info along in case others have this problem.
While trying to process a SAML Response message with multiple digital signatures, I received the error "object not initialized for signature or verification".
        I mapped this error back to a bug in Apache XML Sec 1.4.1: http://issues.apache.org/bugzilla/show_bug.cgi?id=44204
Since the bug has not be resolved as of time of this writing, I found a workaround .  Basically, a new PublicKey object needs to be created on the Credential before each validation.
This will force the Apache XML Sec library to do full initialization of the necessary objects prior to each signature verification.

// Load java keystore to get java KeyPair, build credential object
// before each validation:
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPublicKeySpec spec = new RSAPublicKeySpec(publicKey.getModulus(), publicKey.getPublicExponent());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPublicKey newPublicKey = (RSAPublicKey) keyFactory.generatePublic(spec);
        credential.setPublicKey(newPublicKey);
        SignatureValidator validator = new SignatureValidator(credential);

Here is the original exception for reference:
Original Exception was java.security.SignatureException: object not initialized for signature or verification
        at org.apache.xml.security.utils.SignerOutputStream.write(SignerOutputStream.java:66)
        at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flushBuffer(UnsyncBufferedOutputStream.java:69)
        at org.apache.xml.security.utils.UnsyncBufferedOutputStream.flush(UnsyncBufferedOutputStream.java:85)
        at org.apache.xml.security.utils.UnsyncBufferedOutputStream.close(UnsyncBufferedOutputStream.java:91)
        at org.apache.xml.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:207)
        at org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.engineCanonicalizeSubTree(Canonicalizer20010315Excl.java:108)
        at org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.engineCanonicalizeSubTree(Canonicalizer20010315Excl.java:82)
        at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtree(Canonicalizer.java:242)
        at org.apache.xml.security.signature.SignedInfo.signInOctectStream(SignedInfo.java:280)
        at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:601)
        at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:68)
  • Signature Validation Error: object not initialized for signature or verification, Dave Badia, 01/17/2008

Archive powered by MHonArc 2.6.16.

Top of Page