Bug 49456 - StorageResolver.next() gives ClassCastException
Summary: StorageResolver.next() gives ClassCastException
Status: RESOLVED FIXED
Alias: None
Product: Security - Now in JIRA
Classification: Unclassified
Component: Encryption (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: XML Security Developers Mailing List
URL:
Keywords:
Depends on:
Blocks: 49458
  Show dependency tree
 
Reported: 2010-06-17 11:48 UTC by Clement Pellerin
Modified: 2010-06-18 07:20 UTC (History)
0 users



Attachments
source code patch and new junit (6.59 KB, patch)
2010-06-17 11:48 UTC, Clement Pellerin
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Clement Pellerin 2010-06-17 11:48:00 UTC
Created attachment 25607 [details]
source code patch and new junit

The return type of StorageResolver.next() is X509Certificate, but the implementation attempts to return a StorageResolverSpi instance causing a ClassCastException. The way the KeyResolvers call this method, it appears the API is correct but the implementation is wrong.
Comment 1 coheigea 2010-06-17 11:53:18 UTC
Thanks, I'll take a look. You may have missed my reply to your mail on the security-dev list (reproduced below):

Hi Clement,

I took a look at this issue after applying your patches for the other
StorageResolver stuff.

There's clearly an issue in StorageResolver, in that calling "next"
returns the next object in the StorageResolverIterator, which is a
StorageResolverSpi instance, not an X509Certificate. The solution here
is to fix the StorageResolverIterator so that it iterates over both
the "outer" and "inner" iterators looking for the next certificate.

I also noticed that a few other StorageResolverSpi instances cache the
iterator rather than create a new one each time, which is clearly a
bug.

I don't like the "hasNext()" and "next()" methods of StorageResolver.
Instead the user should get the iterator and use that instead. I will
make these changes, and create a patch in a new Bugzilla entry which
you can review, if you'd like.

Colm.
Comment 2 Clement Pellerin 2010-06-17 12:29:47 UTC
Maybe your email was caught in our spam filter. I'll know tomorrow.
I already logged a patch for this in Bug 49458.
Since the summary line is so small, I'm trying to keep each bug separate.
Comment 3 coheigea 2010-06-18 07:20:16 UTC
Patch applied, thanks.

Colm.