Created attachment 23543 [details] Maven2 test-case If the same instance of XMLSignature is used on the same thread for verifying after being used for signing, this exception occurs: org.apache.xml.security.signature.XMLSignatureException: object not initialized for verification If the verification is done on a different thread, it works fine. I believe this is due to: due to org.apache.xml.security.algorithms.SignatureAlgorithm#initializeAlgorithm(boolean): private void initializeAlgorithm(boolean isForSigning) throws XMLSignatureException { if (_signatureAlgorithm!=null) { return; } _signatureAlgorithm=isForSigning ? getInstanceForSigning(algorithmURI) : getInstanceForVerify(algorithmURI); this._signatureAlgorithm .engineGetContextFromElement(this._constructionElement); } If '_signatureAlgorithm' has already been initialised, even if it's not for the purpose intended for another use, it won't be initialised again. Commenting out the 'if' block solves the problem. I've noticed that there was an 'isForSigning' field commented out in revision 515521, which completely disappeared in revision 695520 (current one). I guess it might have been the original intent for this flag.
Fixed as suggested in HEAD. Thanks for the test case!
*** Bug 44204 has been marked as a duplicate of this bug. ***