8029788: Certificate validation - java.lang.ClassCastException
Reviewed-by: xuelei, mullan, weijun
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Dec 18 11:00:48 2013 +0100
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Wed Dec 18 12:23:41 2013 +0000
@@ -427,9 +427,14 @@
if (signerCert == null) {
// Add the Issuing CA cert and/or Trusted Responder cert to the list
// of certs from the OCSP response
- certs.add((X509CertImpl) issuerCert);
- if (responderCert != null) {
- certs.add((X509CertImpl) responderCert);
+ try {
+ certs.add(X509CertImpl.toImpl(issuerCert));
+ if (responderCert != null) {
+ certs.add(X509CertImpl.toImpl(responderCert));
+ }
+ } catch (CertificateException ce) {
+ throw new CertPathValidatorException(
+ "Invalid issuer or trusted responder certificate", ce);
}
if (responderName != null) {