Created attachment 25607 [details] source code patch and new junit The return type of StorageResolver.next() is X509Certificate, but the implementation attempts to return a StorageResolverSpi instance causing a ClassCastException. The way the KeyResolvers call this method, it appears the API is correct but the implementation is wrong.
Thanks, I'll take a look. You may have missed my reply to your mail on the security-dev list (reproduced below): Hi Clement, I took a look at this issue after applying your patches for the other StorageResolver stuff. There's clearly an issue in StorageResolver, in that calling "next" returns the next object in the StorageResolverIterator, which is a StorageResolverSpi instance, not an X509Certificate. The solution here is to fix the StorageResolverIterator so that it iterates over both the "outer" and "inner" iterators looking for the next certificate. I also noticed that a few other StorageResolverSpi instances cache the iterator rather than create a new one each time, which is clearly a bug. I don't like the "hasNext()" and "next()" methods of StorageResolver. Instead the user should get the iterator and use that instead. I will make these changes, and create a patch in a new Bugzilla entry which you can review, if you'd like. Colm.
Maybe your email was caught in our spam filter. I'll know tomorrow. I already logged a patch for this in Bug 49458. Since the summary line is so small, I'm trying to keep each bug separate.
Patch applied, thanks. Colm.