check type on X509::Store.verify

mkristian · mkristian · commit 742b9e62b906 · 2015-09-11T18:39:50.000+02:00
throw a TypeError if the argument is not a OpenSSL::X509::Certificate fixes #69 Sponsored by Lookout Inc.
diff --git a/src/main/java/org/jruby/ext/openssl/X509StoreContext.java b/src/main/java/org/jruby/ext/openssl/X509StoreContext.java
@@ -114,7 +114,16 @@ public IRubyObject initialize(final ThreadContext context, final IRubyObject[] a
             if ( args.length > 2) chain = args[2];
         }
 
-        final X509AuxCertificate _cert = cert.isNil() ? null : ((X509Cert) cert).getAuxCert();
+        final X509AuxCertificate _cert;
+        if (cert.isNil()) {
+            _cert = null;
+        }
+        else {
+            if (! (cert instanceof X509Cert)) {
+                throw getRuntime().newTypeError(cert, "OpenSSL::X509::Certificate");
+            }
+            _cert = ((X509Cert) cert).getAuxCert();
+        }
         final List<X509AuxCertificate> _chain;
         if ( ! chain.isNil() ) {
             @SuppressWarnings("unchecked")
diff --git a/src/test/ruby/x509/test_x509store.rb b/src/test/ruby/x509/test_x509store.rb
@@ -55,6 +55,11 @@ def test_add_file_to_store_with_custom_cert_file
     assert store.verify( OpenSSL::X509::Certificate.new(File.read(@pem)))
   end
 
+  def test_verfy_with_wrong_argument
+    store = OpenSSL::X509::Store.new
+    assert_raise(TypeError) { store.verify( 'not an cert object' ) }
+  end
+
   def test_add_cert_concurrently
     store = OpenSSL::X509::Store.new
     t = []
