java.io.InvalidClassException Java Examples

The following examples show how to use java.io.InvalidClassException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IIOPInputStream.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
private void skipCustomUsingFVD(ValueMember[] fields,
                                com.sun.org.omg.SendingContext.CodeBase sender)
                                throws InvalidClassException, StreamCorruptedException,
                                       ClassNotFoundException, IOException
{
    readFormatVersion();
    boolean calledDefaultWriteObject = readBoolean();

    if (calledDefaultWriteObject)
        throwAwayData(fields, sender);

    if (getStreamFormatVersion() == 2) {

        ((ValueInputStream)getOrbStream()).start_value();
        ((ValueInputStream)getOrbStream()).end_value();
    }
}
 
Example #2
Source File: CheckArrayTest.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test SharedSecrets checkArray with unmodified ObjectInputStream.
 */
@Test(dataProvider = "Patterns")
public void normalOIS(String pattern, int arraySize, Object[] array) throws IOException {
    ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
    byte[] bytes = SerialFilterTest.writeObjects(array);
    try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
         ObjectInputStream ois = new ObjectInputStream(bais)) {
        // Check the arraysize against the filter
        try {
            ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
            SharedSecrets.getJavaOISAccess()
                    .checkArray(ois, array.getClass(), arraySize);
            Assert.assertTrue(array.length >= arraySize,
                    "Should have thrown InvalidClassException due to array size");
        } catch (InvalidClassException ice) {
            Assert.assertFalse(array.length > arraySize,
                    "Should NOT have thrown InvalidClassException due to array size");
        }
    }
}
 
Example #3
Source File: IIOPInputStream.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
private void skipCustomUsingFVD(ValueMember[] fields,
                                com.sun.org.omg.SendingContext.CodeBase sender)
                                throws InvalidClassException, StreamCorruptedException,
                                       ClassNotFoundException, IOException
{
    readFormatVersion();
    boolean calledDefaultWriteObject = readBoolean();

    if (calledDefaultWriteObject)
        throwAwayData(fields, sender);

    if (getStreamFormatVersion() == 2) {

        ((ValueInputStream)getOrbStream()).start_value();
        ((ValueInputStream)getOrbStream()).end_value();
    }
}
 
Example #4
Source File: TestSerialization.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static void testReadWrite() {
    try {
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(baos);
        testWrite(oos);
        oos.flush();
        oos.close();
        byte buf[] = baos.toByteArray();
        ByteArrayInputStream bais = new ByteArrayInputStream(buf);
        ObjectInputStream ois = new ObjectInputStream(bais);
        testRead(ois, true);
    } catch (InvalidClassException ice) {
        throw new RuntimeException("Object read failed from loopback");
    } catch (IOException e) {
        e.printStackTrace();
        throw new RuntimeException("IOException testing loopback");
    }
}
 
Example #5
Source File: CheckArrayTest.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test SharedSecrets checkArray with unmodified ObjectInputStream.
 */
@Test(dataProvider = "Patterns")
public void normalOIS(String pattern, int arraySize, Object[] array) throws IOException {
    ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
    byte[] bytes = SerialFilterTest.writeObjects(array);
    try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
         ObjectInputStream ois = new ObjectInputStream(bais)) {
        // Check the arraysize against the filter
        try {
            ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
            SharedSecrets.getJavaOISAccess()
                    .checkArray(ois, array.getClass(), arraySize);
            Assert.assertTrue(array.length >= arraySize,
                    "Should have thrown InvalidClassException due to array size");
        } catch (InvalidClassException ice) {
            Assert.assertFalse(array.length > arraySize,
                    "Should NOT have thrown InvalidClassException due to array size");
        }
    }
}
 
Example #6
Source File: SerialKillerTest.java    From SerialKiller with Apache License 2.0 6 votes vote down vote up
@Test(expected = InvalidClassException.class)
public void testThreadIssue() throws Exception {
    ByteArrayOutputStream bytes = new ByteArrayOutputStream();

    try (ObjectOutputStream stream = new ObjectOutputStream(bytes)) {
        stream.writeObject(42);
    }

    try (ObjectInputStream stream = new SerialKiller(new ByteArrayInputStream(bytes.toByteArray()), "src/test/resources/blacklist-all.conf")) {
        // Create a dummy SK with different config
        new SerialKiller(new ByteArrayInputStream(bytes.toByteArray()), "src/test/resources/whitelist-all.conf");

        stream.readObject();
        fail("All should be blacklisted");
    }
}
 
Example #7
Source File: Ser.java    From JDKSourceCode1.8 with MIT License 6 votes vote down vote up
private static void writeInternal(byte type, Object object, DataOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case ZRULES:
            ((ZoneRules) object).writeExternal(out);
            break;
        case ZOT:
            ((ZoneOffsetTransition) object).writeExternal(out);
            break;
        case ZOTRULE:
            ((ZoneOffsetTransitionRule) object).writeExternal(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #8
Source File: CheckArrayTest.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Test SharedSecrets checkArray with an ObjectInputStream subclassed to
 * handle all input stream functions.
 */
@Test(dataProvider = "Patterns")
public void subclassedOIS(String pattern, int arraySize, Object[] array) throws IOException {
    byte[] bytes = SerialFilterTest.writeObjects(array);
    try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
         ObjectInputStream ois = new MyInputStream(bais)) {
        // Check the arraysize against the filter
        ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
        ObjectInputFilter.Config.setObjectInputFilter(ois, filter);
        SharedSecrets.getJavaOISAccess()
                .checkArray(ois, array.getClass(), arraySize);
        Assert.assertTrue(array.length >= arraySize,
                "Should have thrown InvalidClassException due to array size");
    } catch (InvalidClassException ice) {
        Assert.assertFalse(array.length > arraySize,
                "Should NOT have thrown InvalidClassException due to array size");
    }
}
 
Example #9
Source File: Ser.java    From desugar_jdk_libs with GNU General Public License v2.0 6 votes vote down vote up
private static void writeInternal(byte type, Object object, DataOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case ZRULES:
            ((ZoneRules) object).writeExternal(out);
            break;
        case ZOT:
            ((ZoneOffsetTransition) object).writeExternal(out);
            break;
        case ZOTRULE:
            ((ZoneOffsetTransitionRule) object).writeExternal(out);
            break;
        case TZRULES:
            ((ZoneRules) object).writeExternalTimeZone(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #10
Source File: IIOPInputStream.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
private void skipCustomUsingFVD(ValueMember[] fields,
                                com.sun.org.omg.SendingContext.CodeBase sender)
                                throws InvalidClassException, StreamCorruptedException,
                                       ClassNotFoundException, IOException
{
    readFormatVersion();
    boolean calledDefaultWriteObject = readBoolean();

    if (calledDefaultWriteObject)
        throwAwayData(fields, sender);

    if (getStreamFormatVersion() == 2) {

        ((ValueInputStream)getOrbStream()).start_value();
        ((ValueInputStream)getOrbStream()).end_value();
    }
}
 
Example #11
Source File: IIOPInputStream.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
private void skipCustomUsingFVD(ValueMember[] fields,
                                com.sun.org.omg.SendingContext.CodeBase sender)
                                throws InvalidClassException, StreamCorruptedException,
                                       ClassNotFoundException, IOException
{
    readFormatVersion();
    boolean calledDefaultWriteObject = readBoolean();

    if (calledDefaultWriteObject)
        throwAwayData(fields, sender);

    if (getStreamFormatVersion() == 2) {

        ((ValueInputStream)getOrbStream()).start_value();
        ((ValueInputStream)getOrbStream()).end_value();
    }
}
 
Example #12
Source File: GlobalFilterTest.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
     * Serialize and deserialize an object using the default process-wide filter
     * and check allowed or reject.
     *
     * @param pattern the pattern
     * @param object the test object
     * @param allowed the expected result from ObjectInputStream (exception or not)
     */
    static void testGlobalPattern(String pattern, Object object, boolean allowed) {
        try {
//            System.out.printf("global %s pattern: %s, obj: %s%n", (allowed ? "allowed" : "not allowed"), pattern, object);
            byte[] bytes = SerialFilterTest.writeObjects(object);
            try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
                 ObjectInputStream ois = new ObjectInputStream(bais)) {
                Object o = ois.readObject();
            } catch (EOFException eof) {
                // normal completion
            } catch (ClassNotFoundException cnf) {
                Assert.fail("Deserializing", cnf);
            }
            Assert.assertTrue(allowed, "filter should have thrown an exception");
        } catch (IllegalArgumentException iae) {
            Assert.fail("bad format pattern", iae);
        } catch (InvalidClassException ice) {
            Assert.assertFalse(allowed, "filter should not have thrown an exception: " + ice);
        } catch (IOException ioe) {
            Assert.fail("Unexpected IOException", ioe);
        }
    }
 
Example #13
Source File: Session.java    From org.openntf.domino with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public void readExternal(final ObjectInput in) throws IOException, ClassNotFoundException {
	//super.readExternal(in);
	parent = Factory.getWrapperFactory();
	int version = in.readInt();
	if (version != EXTERNALVERSIONUID) {
		throw new InvalidClassException("Cannot read dataversion " + version);
	}

	sessionType_ = (SessionType) in.readObject();
	username_ = (String) in.readObject();
	currentDatabaseApiPath_ = (String) in.readObject();

	isAutoMime_ = (AutoMime) in.readObject();
	fixes_ = (Set<Fixes>) in.readObject();
	eventFactory_ = (IDominoEventFactory) in.readObject();
	featureRestricted_ = in.readBoolean();

}
 
Example #14
Source File: SparkTransformServerChooser.java    From DataVec with Apache License 2.0 6 votes vote down vote up
public void runMain(String[] args) throws Exception {

        int pos = getMatchingPosition(args, "-dt", "--dataType");
        if (pos == -1) {
            log.error("no valid options");
            log.error("-dt, --dataType   Options: [CSV, IMAGE]");
            throw new Exception("no valid options");
        } else {
            transformDataType = TransformDataType.valueOf(args[pos + 1]);
        }

        switch (transformDataType) {
            case CSV:
                sparkTransformServer = new CSVSparkTransformServer();
                break;
            case IMAGE:
                sparkTransformServer = new ImageSparkTransformServer();
                break;
            default:
                throw new InvalidClassException("no matching SparkTransform class");
        }

        sparkTransformServer.runMain(args);
    }
 
Example #15
Source File: IllegalRegistryBind.java    From BaRMIe with MIT License 5 votes vote down vote up
/*******************
 * Check if the given endpoint can be attacked.
 * 
 * This check is performed by executing a dummy attack against the
 * endpoint and observing the resulting exception.
 * 
 * @param ep An enumerated RMI endpoint.
 * @return True if we can attack it.
 ******************/
public boolean canAttackEndpoint(RMIEndpoint ep) {
	RMIBindExploitProxy proxy = null;
	Registry reg;
	
	//Execute a dummy attack
	try {
		//Start a bind exploit proxy
		proxy = new RMIBindExploitProxy(InetAddress.getByName(ep.getEndpoint().getHost()), ep.getEndpoint().getPort(), this._options, this._dummyPayload);
		proxy.startProxy();
		
		//Get a proxied RMI registry reference
		reg = LocateRegistry.getRegistry(proxy.getServerListenAddress().getHostAddress(), proxy.getServerListenPort());
		
		//Bind a dummy object in an attempt to trigger the vulnerability
		reg.bind(this.generateRandomString(), new BaRMIeBindExploit());
	} catch(BaRMIeException | UnknownHostException | RemoteException | AlreadyBoundException ex) {
		//An up to date RMI registry will, by default, reject the dummy object
		if(ex instanceof ServerException && ex.getCause() != null && ex.getCause() instanceof UnmarshalException && ex.getCause().getCause() != null && ex.getCause().getCause() instanceof InvalidClassException) {
			//Check for "filter status: REJECTED"
			if(ex.getCause().getCause().toString().contains("filter status: REJECTED")) {
				//Test payload was filtered, likely this attack isn't possible
				return false;
			}
		}
	} finally {
		//Stop the proxy
		if(proxy != null) {
			proxy.stopProxy(true);
		}
	}
	
	//In all other cases we should be able to attack the registry
	return true;
}
 
Example #16
Source File: IIOPInputStream.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
void readFields(java.util.Map fieldToValueMap)
    throws InvalidClassException, StreamCorruptedException,
           ClassNotFoundException, IOException {

    if (mustUseRemoteValueMembers()) {
        inputRemoteMembersForReadFields(fieldToValueMap);
    } else
        inputCurrentClassFieldsForReadFields(fieldToValueMap);
}
 
Example #17
Source File: Ser.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private static void writeInternal(byte type, Object object, ObjectOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case CHRONO_TYPE:
            ((AbstractChronology) object).writeExternal(out);
            break;
        case CHRONO_LOCAL_DATE_TIME_TYPE:
            ((ChronoLocalDateTimeImpl<?>) object).writeExternal(out);
            break;
        case CHRONO_ZONE_DATE_TIME_TYPE:
            ((ChronoZonedDateTimeImpl<?>) object).writeExternal(out);
            break;
        case JAPANESE_DATE_TYPE:
            ((JapaneseDate) object).writeExternal(out);
            break;
        case JAPANESE_ERA_TYPE:
            ((JapaneseEra) object).writeExternal(out);
            break;
        case HIJRAH_DATE_TYPE:
            ((HijrahDate) object).writeExternal(out);
            break;
        case MINGUO_DATE_TYPE:
            ((MinguoDate) object).writeExternal(out);
            break;
        case THAIBUDDHIST_DATE_TYPE:
            ((ThaiBuddhistDate) object).writeExternal(out);
            break;
        case CHRONO_PERIOD_TYPE:
            ((ChronoPeriodImpl) object).writeExternal(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #18
Source File: CachedDocumentComparator.java    From Ngram-Graphs with Apache License 2.0 5 votes vote down vote up
public GraphSimilarity getSimilarityBetween(Object oFirst, Object oSecond) throws InvalidClassException {
    if (!((oFirst instanceof NGramDocument) && (oSecond instanceof NGramDocument)))
        throw new InvalidClassException("Both operands should be Documents (" + NGramDocument.class.getName() + 
                " class)");
    NGramDocument dFirst = (NGramDocument)oFirst;
    NGramDocument dSecond = (NGramDocument)oSecond;
    NGramCachedGraphComparator gcComparator = new NGramCachedGraphComparator();
    NGramHistogramComparator hcComparator = new NGramHistogramComparator();
    
    GraphSimilarity[] saSimil = new GraphSimilarity[2];
    //gcComparator.setNotificationListener(this); // Set this to listener
    // Graph GraphSimilarity
    saSimil[0] = gcComparator.getSimilarityBetween(dFirst.getDocumentGraph(), dSecond.getDocumentGraph());
    sGraph = saSimil[0];
    // Histogram GraphSimilarity
    saSimil[1] = hcComparator.getSimilarityBetween(dFirst.getDocumentHistogram(), dSecond.getDocumentHistogram());
    sHistogram = saSimil[1];
    
    GraphSimilarity sSimil = new GraphSimilarity();
    sSimil.ContainmentSimilarity = saSimil[0].ContainmentSimilarity * GraphImportance +
            saSimil[1].ContainmentSimilarity * (1 - GraphImportance);
    sSimil.ValueSimilarity = saSimil[0].ValueSimilarity * GraphImportance +
            saSimil[1].ValueSimilarity * (1 - GraphImportance);
    sSimil.SizeSimilarity = saSimil[0].SizeSimilarity * GraphImportance +
            saSimil[1].SizeSimilarity * (1 - GraphImportance);
            
    return sSimil;
}
 
Example #19
Source File: XPathException.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Reads the "cause" field from the stream.
 * And initializes the "cause" if it wasn't
 * done before.
 *
 * @param in stream used for deserialization
 * @throws IOException thrown by <code>ObjectInputStream</code>
 * @throws ClassNotFoundException  thrown by <code>ObjectInputStream</code>
 */
private void readObject(ObjectInputStream in)
        throws IOException, ClassNotFoundException
{
    ObjectInputStream.GetField fields = in.readFields();
    Throwable scause = (Throwable) fields.get("cause", null);

    if (super.getCause() == null && scause != null) {
        try {
            super.initCause(scause);
        } catch(IllegalStateException e) {
            throw new InvalidClassException("Inconsistent state: two causes");
        }
    }
}
 
Example #20
Source File: Ser.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
private static void writeInternal(byte type, Object object, ObjectOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case CHRONO_TYPE:
            ((AbstractChronology) object).writeExternal(out);
            break;
        case CHRONO_LOCAL_DATE_TIME_TYPE:
            ((ChronoLocalDateTimeImpl<?>) object).writeExternal(out);
            break;
        case CHRONO_ZONE_DATE_TIME_TYPE:
            ((ChronoZonedDateTimeImpl<?>) object).writeExternal(out);
            break;
        case JAPANESE_DATE_TYPE:
            ((JapaneseDate) object).writeExternal(out);
            break;
        case JAPANESE_ERA_TYPE:
            ((JapaneseEra) object).writeExternal(out);
            break;
        case HIJRAH_DATE_TYPE:
            ((HijrahDate) object).writeExternal(out);
            break;
        case MINGUO_DATE_TYPE:
            ((MinguoDate) object).writeExternal(out);
            break;
        case THAIBUDDHIST_DATE_TYPE:
            ((ThaiBuddhistDate) object).writeExternal(out);
            break;
        case CHRONO_PERIOD_TYPE:
            ((ChronoPeriodImpl) object).writeExternal(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #21
Source File: SerialFilterTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Test that returning null from a filter causes deserialization to fail.
 */
@Test(expectedExceptions=InvalidClassException.class)
static void testNullStatus() throws IOException {
    byte[] bytes = writeObjects(0); // an Integer
    try {
        Object o = validate(bytes, new ObjectInputFilter() {
            public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo f) {
                return null;
            }
        });
    } catch (InvalidClassException ice) {
        System.out.printf("Success exception: %s%n", ice);
        throw ice;
    }
}
 
Example #22
Source File: SimilarityBasedIndex.java    From Ngram-Graphs with Apache License 2.0 5 votes vote down vote up
/** Initializes the comparator object to a default comparator, if null. */
protected void initComparator() {
    final ProgressEvent peCreation = new ProgressEvent("Comparison", 0.0);
    
    final NGramCachedGraphComparator gcComparator = 
            new NGramCachedGraphComparator();
    
    if (Comparator == null)
        Comparator = new SimilarityComparatorListener() {
            public ProgressEvent event = peCreation;
            
        @Override
            public synchronized ISimilarity getSimilarityBetween(Object oFirst, 
                    Object oSecond) throws InvalidClassException {
                NamedDocumentNGramGraph pCurDocArg = 
                        (NamedDocumentNGramGraph)oFirst;
                NamedDocumentNGramGraph pCompareToDocArg = 
                        (NamedDocumentNGramGraph)oSecond;
                GraphSimilarity sSimil = null;

                peCreation.updateSubtask("Comparing documents");
                sSimil = gcComparator.getSimilarityBetween(pCurDocArg,
                        pCompareToDocArg);
                if (Notifier != null)
                    Notifier.Notify(this, 
                            peCreation.updateProgress(peCreation.Progress + 1.0));
                /*sSimil.setCalculator(new CalculatorListener<GraphSimilarity, GraphSimilarity>() {
                    public double Calculate(GraphSimilarity oCaller, GraphSimilarity oCalculationParams) {
                        // Return size normalized value similarity
                        return oCalculationParams.ValueSimilarity / oCalculationParams.SizeSimilarity;
                    }
                });*/
                return sSimil;
            }
        };
}
 
Example #23
Source File: CachedDocumentComparator.java    From Ngram-Graphs with Apache License 2.0 5 votes vote down vote up
public GraphSimilarity getSimilarityBetween(Object oFirst, Object oSecond) throws InvalidClassException {
    if (!((oFirst instanceof NGramDocument) && (oSecond instanceof NGramDocument)))
        throw new InvalidClassException("Both operands should be Documents (" + NGramDocument.class.getName() + 
                " class)");
    NGramDocument dFirst = (NGramDocument)oFirst;
    NGramDocument dSecond = (NGramDocument)oSecond;
    NGramCachedGraphComparator gcComparator = new NGramCachedGraphComparator();
    NGramHistogramComparator hcComparator = new NGramHistogramComparator();
    
    GraphSimilarity[] saSimil = new GraphSimilarity[2];
    //gcComparator.setNotificationListener(this); // Set this to listener
    // Graph GraphSimilarity
    saSimil[0] = gcComparator.getSimilarityBetween(dFirst.getDocumentGraph(), dSecond.getDocumentGraph());
    sGraph = saSimil[0];
    // Histogram GraphSimilarity
    saSimil[1] = hcComparator.getSimilarityBetween(dFirst.getDocumentHistogram(), dSecond.getDocumentHistogram());
    sHistogram = saSimil[1];
    
    GraphSimilarity sSimil = new GraphSimilarity();
    sSimil.ContainmentSimilarity = saSimil[0].ContainmentSimilarity * GraphImportance +
            saSimil[1].ContainmentSimilarity * (1 - GraphImportance);
    sSimil.ValueSimilarity = saSimil[0].ValueSimilarity * GraphImportance +
            saSimil[1].ValueSimilarity * (1 - GraphImportance);
    sSimil.SizeSimilarity = saSimil[0].SizeSimilarity * GraphImportance +
            saSimil[1].SizeSimilarity * (1 - GraphImportance);
            
    return sSimil;
}
 
Example #24
Source File: Ser.java    From Java8CN with Apache License 2.0 5 votes vote down vote up
private static void writeInternal(byte type, Object object, ObjectOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case CHRONO_TYPE:
            ((AbstractChronology) object).writeExternal(out);
            break;
        case CHRONO_LOCAL_DATE_TIME_TYPE:
            ((ChronoLocalDateTimeImpl<?>) object).writeExternal(out);
            break;
        case CHRONO_ZONE_DATE_TIME_TYPE:
            ((ChronoZonedDateTimeImpl<?>) object).writeExternal(out);
            break;
        case JAPANESE_DATE_TYPE:
            ((JapaneseDate) object).writeExternal(out);
            break;
        case JAPANESE_ERA_TYPE:
            ((JapaneseEra) object).writeExternal(out);
            break;
        case HIJRAH_DATE_TYPE:
            ((HijrahDate) object).writeExternal(out);
            break;
        case MINGUO_DATE_TYPE:
            ((MinguoDate) object).writeExternal(out);
            break;
        case THAIBUDDHIST_DATE_TYPE:
            ((ThaiBuddhistDate) object).writeExternal(out);
            break;
        case CHRONO_PERIOD_TYPE:
            ((ChronoPeriodImpl) object).writeExternal(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #25
Source File: SerialFilterTest.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Create a filter from a pattern and API factory, then serialize and
 * deserialize an object and check allowed or reject.
 *
 * @param pattern the pattern
 * @param object the test object
 * @param allowed the expected result from ObjectInputStream (exception or not)
 */
static void testPatterns(String pattern, Object object, boolean allowed) {
    try {
        byte[] bytes = SerialFilterTest.writeObjects(object);
        ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(pattern);
        validate(bytes, filter);
        Assert.assertTrue(allowed, "filter should have thrown an exception");
    } catch (IllegalArgumentException iae) {
        Assert.fail("bad format pattern", iae);
    } catch (InvalidClassException ice) {
        Assert.assertFalse(allowed, "filter should not have thrown an exception: " + ice);
    } catch (IOException ioe) {
        Assert.fail("Unexpected IOException", ioe);
    }
}
 
Example #26
Source File: Ser.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
private static void writeInternal(byte type, Object object, ObjectOutput out) throws IOException {
    out.writeByte(type);
    switch (type) {
        case CHRONO_TYPE:
            ((AbstractChronology) object).writeExternal(out);
            break;
        case CHRONO_LOCAL_DATE_TIME_TYPE:
            ((ChronoLocalDateTimeImpl<?>) object).writeExternal(out);
            break;
        case CHRONO_ZONE_DATE_TIME_TYPE:
            ((ChronoZonedDateTimeImpl<?>) object).writeExternal(out);
            break;
        case JAPANESE_DATE_TYPE:
            ((JapaneseDate) object).writeExternal(out);
            break;
        case JAPANESE_ERA_TYPE:
            ((JapaneseEra) object).writeExternal(out);
            break;
        case HIJRAH_DATE_TYPE:
            ((HijrahDate) object).writeExternal(out);
            break;
        case MINGUO_DATE_TYPE:
            ((MinguoDate) object).writeExternal(out);
            break;
        case THAIBUDDHIST_DATE_TYPE:
            ((ThaiBuddhistDate) object).writeExternal(out);
            break;
        case CHRONO_PERIOD_TYPE:
            ((ChronoPeriodImpl) object).writeExternal(out);
            break;
        default:
            throw new InvalidClassException("Unknown serialized type");
    }
}
 
Example #27
Source File: TestSerialization.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void readSer(String filename, boolean shouldsucceed) {
    try {
        FileInputStream fis = new FileInputStream(resolve(filename));
        ObjectInputStream ois = new ObjectInputStream(fis);
        testRead(ois, shouldsucceed);
    } catch (InvalidClassException ice) {
        throw new RuntimeException("Object read failed from: "+filename);
    } catch (IOException e) {
        e.printStackTrace();
        throw new RuntimeException("IOException reading: "+filename);
    }
}
 
Example #28
Source File: SerialFilterTest.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Test that returning null from a filter causes deserialization to fail.
 */
@Test(expectedExceptions=InvalidClassException.class)
static void testNullStatus() throws IOException {
    byte[] bytes = writeObjects(0); // an Integer
    try {
        Object o = validate(bytes, new ObjectInputFilter() {
            public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo f) {
                return null;
            }
        });
    } catch (InvalidClassException ice) {
        System.out.printf("Success exception: %s%n", ice);
        throw ice;
    }
}
 
Example #29
Source File: PreferenceUtils.java    From jeddict with Apache License 2.0 5 votes vote down vote up
private static Object deserialize(byte[] objectData, ClassLoader classLoader) throws InvalidClassException {
    if (objectData == null) {
        throw new IllegalArgumentException("The byte[] must not be null");
    }
    ByteArrayInputStream bais = new ByteArrayInputStream(objectData);
    return deserialize(bais, classLoader);
}
 
Example #30
Source File: XdrString.java    From java-stellar-sdk with Apache License 2.0 5 votes vote down vote up
public static XdrString decode(XdrDataInputStream stream, int maxSize) throws IOException {
    int size = stream.readInt();
    if (size > maxSize) {
        throw new InvalidClassException("String length "+size+" exceeds max size "+maxSize);
    }
    byte[] bytes = new byte[size];
    stream.read(bytes);
    return new XdrString(bytes);
}