1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package java.io; 19 20 import java.lang.ref.SoftReference; 21 import java.lang.reflect.Constructor; 22 import java.lang.reflect.Field; 23 import java.lang.reflect.Method; 24 import java.lang.reflect.Modifier; 25 import java.lang.reflect.Proxy; 26 import java.nio.ByteOrder; 27 import java.security.MessageDigest; 28 import java.security.NoSuchAlgorithmException; 29 import java.util.ArrayList; 30 import java.util.Arrays; 31 import java.util.Comparator; 32 import java.util.HashMap; 33 import java.util.List; 34 import java.util.WeakHashMap; 35 import libcore.io.Memory; 36 import libcore.util.EmptyArray; 37 38 /** 39 * Represents a descriptor for identifying a class during serialization and 40 * deserialization. Information contained in the descriptor includes the name 41 * and SUID of the class as well as field names and types. Information inherited 42 * from the superclasses is also taken into account. 43 * 44 * @see ObjectOutputStream 45 * @see ObjectInputStream 46 * @see java.lang.Class 47 */ 48 public class ObjectStreamClass implements Serializable { 49 50 // No need to compute the SUID for ObjectStreamClass, just use the value 51 // below 52 private static final long serialVersionUID = -6120832682080437368L; 53 54 // Name of the field that contains the SUID value (if present) 55 private static final String UID_FIELD_NAME = "serialVersionUID"; 56 57 static final long CONSTRUCTOR_IS_NOT_RESOLVED = -1; 58 59 private static final int CLASS_MODIFIERS_MASK = Modifier.PUBLIC | Modifier.FINAL | 60 Modifier.INTERFACE | Modifier.ABSTRACT; 61 62 private static final int FIELD_MODIFIERS_MASK = Modifier.PUBLIC | Modifier.PRIVATE | 63 Modifier.PROTECTED | Modifier.STATIC | Modifier.FINAL | Modifier.VOLATILE | 64 Modifier.TRANSIENT; 65 66 private static final int METHOD_MODIFIERS_MASK = Modifier.PUBLIC | Modifier.PRIVATE | 67 Modifier.PROTECTED | Modifier.STATIC | Modifier.FINAL | Modifier.SYNCHRONIZED | 68 Modifier.NATIVE | Modifier.ABSTRACT | Modifier.STRICT; 69 70 private static final Class<?>[] READ_PARAM_TYPES = new Class[] { ObjectInputStream.class }; 71 private static final Class<?>[] WRITE_PARAM_TYPES = new Class[] { ObjectOutputStream.class }; 72 73 /** 74 * Constant indicating that the class has no Serializable fields. 75 */ 76 public static final ObjectStreamField[] NO_FIELDS = new ObjectStreamField[0]; 77 78 /* 79 * used to fetch field serialPersistentFields and checking its type 80 */ 81 static final Class<?> ARRAY_OF_FIELDS; 82 83 static { 84 try { 85 ARRAY_OF_FIELDS = Class.forName("[Ljava.io.ObjectStreamField;"); 86 } catch (ClassNotFoundException e) { 87 // This should not happen 88 throw new AssertionError(e); 89 } 90 } 91 92 private static final String CLINIT_NAME = "<clinit>"; 93 94 private static final int CLINIT_MODIFIERS = Modifier.STATIC; 95 96 private static final String CLINIT_SIGNATURE = "()V"; 97 98 // Used to determine if an object is Serializable or Externalizable 99 private static final Class<Serializable> SERIALIZABLE = Serializable.class; 100 101 private static final Class<Externalizable> EXTERNALIZABLE = Externalizable.class; 102 103 // Used to test if the object is a String or a class. 104 static final Class<String> STRINGCLASS = String.class; 105 106 static final Class<?> CLASSCLASS = Class.class; 107 108 static final Class<ObjectStreamClass> OBJECTSTREAMCLASSCLASS = ObjectStreamClass.class; 109 110 private transient Method methodWriteReplace; 111 112 private transient Method methodReadResolve; 113 114 private transient Method methodWriteObject; 115 116 private transient Method methodReadObject; 117 118 private transient Method methodReadObjectNoData; 119 120 /** 121 * Indicates whether the class properties resolved 122 * 123 * @see #resolveProperties() 124 */ 125 private transient boolean arePropertiesResolved; 126 127 /** 128 * Cached class properties 129 * 130 * @see #resolveProperties() 131 * @see #isSerializable() 132 * @see #isExternalizable() 133 * @see #isProxy() 134 * @see #isEnum() 135 */ 136 private transient boolean isSerializable; 137 private transient boolean isExternalizable; 138 private transient boolean isProxy; 139 private transient boolean isEnum; 140 141 // ClassDesc // 142 143 // Name of the class this descriptor represents 144 private transient String className; 145 146 // Corresponding loaded class with the name above 147 private transient Class<?> resolvedClass; 148 149 private transient Class<?> resolvedConstructorClass; 150 private transient long resolvedConstructorMethodId; 151 152 // Serial version UID of the class the descriptor represents 153 private transient long svUID; 154 155 // ClassDescInfo // 156 157 // Any combination of SC_WRITE_METHOD, SC_SERIALIZABLE and SC_EXTERNALIZABLE 158 // (see ObjectStreamConstants) 159 private transient byte flags; 160 161 // Descriptor for the superclass of the class associated with this 162 // descriptor 163 private transient ObjectStreamClass superclass; 164 165 // Array of ObjectStreamField (see below) describing the fields of this 166 // class 167 private transient ObjectStreamField[] fields; 168 169 // Array of ObjectStreamField describing the serialized fields of this class 170 private transient ObjectStreamField[] loadFields; 171 172 // ObjectStreamField doesn't override hashCode or equals, so this is equivalent to an 173 // IdentityHashMap, which is fine for our purposes. 174 private transient HashMap<ObjectStreamField, Field> reflectionFields = 175 new HashMap<ObjectStreamField, Field>(); 176 177 // MethodID for deserialization constructor 178 private transient long constructor = CONSTRUCTOR_IS_NOT_RESOLVED; 179 setConstructor(long newConstructor)180 void setConstructor(long newConstructor) { 181 constructor = newConstructor; 182 } 183 getConstructor()184 long getConstructor() { 185 return constructor; 186 } 187 getReflectionField(ObjectStreamField osf)188 Field getReflectionField(ObjectStreamField osf) { 189 synchronized (reflectionFields) { 190 Field field = reflectionFields.get(osf); 191 if (field != null) { 192 return field; 193 } 194 } 195 196 try { 197 Class<?> declaringClass = forClass(); 198 Field field = declaringClass.getDeclaredField(osf.getName()); 199 field.setAccessible(true); 200 synchronized (reflectionFields) { 201 reflectionFields.put(osf, field); 202 } 203 return reflectionFields.get(osf); 204 } catch (NoSuchFieldException ex) { 205 // The caller messed up. We'll return null and won't try to resolve this again. 206 return null; 207 } 208 } 209 210 /* 211 * If an ObjectStreamClass describes an Externalizable class, it (the 212 * descriptor) should not have field descriptors (ObjectStreamField) at all. 213 * The ObjectStreamClass that gets saved should simply have no field info. 214 * This is a footnote in page 1511 (class Serializable) of "The Java Class 215 * Libraries, Second Edition, Vol. I". 216 */ 217 218 /** 219 * Constructs a new instance of this class. 220 */ ObjectStreamClass()221 ObjectStreamClass() { 222 } 223 224 /** 225 * Compute class descriptor for a given class <code>cl</code>. 226 * 227 * @param cl 228 * a java.langClass for which to compute the corresponding 229 * descriptor 230 * @return the computer class descriptor 231 */ createClassDesc(Class<?> cl)232 private static ObjectStreamClass createClassDesc(Class<?> cl) { 233 234 ObjectStreamClass result = new ObjectStreamClass(); 235 236 boolean isArray = cl.isArray(); 237 boolean serializable = isSerializable(cl); 238 boolean externalizable = isExternalizable(cl); 239 240 result.isSerializable = serializable; 241 result.isExternalizable = externalizable; 242 243 // Now we fill in the values 244 result.setName(cl.getName()); 245 result.setClass(cl); 246 Class<?> superclass = cl.getSuperclass(); 247 if (superclass != null) { 248 result.setSuperclass(lookup(superclass)); 249 } 250 251 Field[] declaredFields = null; 252 253 // Compute the SUID 254 if (serializable || externalizable) { 255 if (result.isEnum() || result.isProxy()) { 256 result.setSerialVersionUID(0L); 257 } else { 258 declaredFields = cl.getDeclaredFields(); 259 result.setSerialVersionUID(computeSerialVersionUID(cl, declaredFields)); 260 } 261 } 262 263 // Serializables need field descriptors 264 if (serializable && !isArray) { 265 if (declaredFields == null) { 266 declaredFields = cl.getDeclaredFields(); 267 } 268 result.buildFieldDescriptors(declaredFields); 269 } else { 270 // Externalizables or arrays do not need FieldDesc info 271 result.setFields(NO_FIELDS); 272 } 273 274 // Copy all fields to loadFields - they should be read by default in 275 // ObjectInputStream.defaultReadObject() method 276 ObjectStreamField[] fields = result.getFields(); 277 278 if (fields != null) { 279 ObjectStreamField[] loadFields = new ObjectStreamField[fields.length]; 280 281 for (int i = 0; i < fields.length; ++i) { 282 loadFields[i] = new ObjectStreamField(fields[i].getName(), 283 fields[i].getType(), fields[i].isUnshared()); 284 285 // resolve type string to init typeString field in 286 // ObjectStreamField 287 loadFields[i].getTypeString(); 288 } 289 result.setLoadFields(loadFields); 290 } 291 292 byte flags = 0; 293 if (externalizable) { 294 flags |= ObjectStreamConstants.SC_EXTERNALIZABLE; 295 flags |= ObjectStreamConstants.SC_BLOCK_DATA; // use protocol version 2 by default 296 } else if (serializable) { 297 flags |= ObjectStreamConstants.SC_SERIALIZABLE; 298 } 299 result.methodWriteReplace = findMethod(cl, "writeReplace"); 300 result.methodReadResolve = findMethod(cl, "readResolve"); 301 result.methodWriteObject = findPrivateMethod(cl, "writeObject", WRITE_PARAM_TYPES); 302 result.methodReadObject = findPrivateMethod(cl, "readObject", READ_PARAM_TYPES); 303 result.methodReadObjectNoData = findPrivateMethod(cl, "readObjectNoData", EmptyArray.CLASS); 304 if (result.hasMethodWriteObject()) { 305 flags |= ObjectStreamConstants.SC_WRITE_METHOD; 306 } 307 result.setFlags(flags); 308 309 return result; 310 } 311 312 /** 313 * Builds the collection of field descriptors for the receiver 314 * 315 * @param declaredFields 316 * collection of java.lang.reflect.Field for which to compute 317 * field descriptors 318 */ buildFieldDescriptors(Field[] declaredFields)319 void buildFieldDescriptors(Field[] declaredFields) { 320 // We could find the field ourselves in the collection, but calling 321 // reflect is easier. Optimize if needed. 322 final Field f = ObjectStreamClass.fieldSerialPersistentFields(this.forClass()); 323 // If we could not find the emulated fields, we'll have to compute 324 // dumpable fields from reflect fields 325 boolean useReflectFields = f == null; // Assume we will compute the 326 // fields to dump based on the 327 // reflect fields 328 329 ObjectStreamField[] _fields = null; 330 if (!useReflectFields) { 331 // The user declared a collection of emulated fields. Use them. 332 // We have to be able to fetch its value, even if it is private 333 f.setAccessible(true); 334 try { 335 // static field, pass null 336 _fields = (ObjectStreamField[]) f.get(null); 337 } catch (IllegalAccessException ex) { 338 throw new AssertionError(ex); 339 } 340 } else { 341 // Compute collection of dumpable fields based on reflect fields 342 List<ObjectStreamField> serializableFields = 343 new ArrayList<ObjectStreamField>(declaredFields.length); 344 // Filter, we are only interested in fields that are serializable 345 for (Field declaredField : declaredFields) { 346 int modifiers = declaredField.getModifiers(); 347 if (!Modifier.isStatic(modifiers) && !Modifier.isTransient(modifiers)) { 348 ObjectStreamField field = new ObjectStreamField(declaredField.getName(), 349 declaredField.getType()); 350 serializableFields.add(field); 351 } 352 } 353 354 if (serializableFields.size() == 0) { 355 _fields = NO_FIELDS; // If no serializable fields, share the 356 // special value so that users can test 357 } else { 358 _fields = serializableFields.toArray(new ObjectStreamField[serializableFields.size()]); 359 } 360 } 361 Arrays.sort(_fields); 362 // assign offsets 363 int primOffset = 0, objectOffset = 0; 364 for (int i = 0; i < _fields.length; i++) { 365 Class<?> type = _fields[i].getType(); 366 if (type.isPrimitive()) { 367 _fields[i].offset = primOffset; 368 primOffset += primitiveSize(type); 369 } else { 370 _fields[i].offset = objectOffset++; 371 } 372 } 373 fields = _fields; 374 } 375 376 /** 377 * Compute and return the Serial Version UID of the class {@code cl}. 378 * The value is computed based on the class name, superclass chain, field 379 * names, method names, modifiers, etc. 380 * 381 * @param cl 382 * a java.lang.Class for which to compute the SUID 383 * @param fields 384 * cl.getDeclaredFields(), pre-computed by the caller 385 * @return the value of SUID of this class 386 */ computeSerialVersionUID(Class<?> cl, Field[] fields)387 private static long computeSerialVersionUID(Class<?> cl, Field[] fields) { 388 /* 389 * First we should try to fetch the static slot 'static final long 390 * serialVersionUID'. If it is defined, return it. If not defined, we 391 * really need to compute SUID using SHAOutputStream 392 */ 393 for (int i = 0; i < fields.length; i++) { 394 final Field field = fields[i]; 395 if (field.getType() == long.class) { 396 int modifiers = field.getModifiers(); 397 if (Modifier.isStatic(modifiers) && Modifier.isFinal(modifiers)) { 398 if (UID_FIELD_NAME.equals(field.getName())) { 399 /* 400 * We need to be able to see it even if we have no 401 * visibility. That is why we set accessible first (new 402 * API in reflect 1.2) 403 */ 404 field.setAccessible(true); 405 try { 406 // Static field, parameter is ignored 407 return field.getLong(null); 408 } catch (IllegalAccessException iae) { 409 throw new RuntimeException("Error fetching SUID: " + iae); 410 } 411 } 412 } 413 } 414 } 415 416 MessageDigest digest; 417 try { 418 digest = MessageDigest.getInstance("SHA"); 419 } catch (NoSuchAlgorithmException e) { 420 throw new Error(e); 421 } 422 ByteArrayOutputStream sha = new ByteArrayOutputStream(); 423 try { 424 DataOutputStream output = new DataOutputStream(sha); 425 output.writeUTF(cl.getName()); 426 int classModifiers = CLASS_MODIFIERS_MASK & cl.getModifiers(); 427 /* 428 * Workaround for 1F9LOQO. Arrays are ABSTRACT in JDK, but that is 429 * not in the specification. Since we want to be compatible for 430 * X-loading, we have to pretend we have the same shape 431 */ 432 boolean isArray = cl.isArray(); 433 if (isArray) { 434 classModifiers |= Modifier.ABSTRACT; 435 } 436 // Required for JDK UID compatibility 437 if (cl.isInterface() && !Modifier.isPublic(classModifiers)) { 438 classModifiers &= ~Modifier.ABSTRACT; 439 } 440 output.writeInt(classModifiers); 441 442 /* 443 * In JDK1.2 arrays implement Cloneable and Serializable but not in 444 * JDK 1.1.7. So, JDK 1.2 "pretends" arrays have no interfaces when 445 * computing SHA-1 to be compatible. 446 */ 447 if (!isArray) { 448 // Interface information 449 Class<?>[] interfaces = cl.getInterfaces(); 450 if (interfaces.length > 1) { 451 // Only attempt to sort if really needed (saves object 452 // creation, etc) 453 Comparator<Class<?>> interfaceComparator = new Comparator<Class<?>>() { 454 public int compare(Class<?> itf1, Class<?> itf2) { 455 return itf1.getName().compareTo(itf2.getName()); 456 } 457 }; 458 Arrays.sort(interfaces, interfaceComparator); 459 } 460 461 // Dump them 462 for (int i = 0; i < interfaces.length; i++) { 463 output.writeUTF(interfaces[i].getName()); 464 } 465 } 466 467 // Field information 468 if (fields.length > 1) { 469 // Only attempt to sort if really needed (saves object creation, 470 // etc) 471 Comparator<Field> fieldComparator = new Comparator<Field>() { 472 public int compare(Field field1, Field field2) { 473 return field1.getName().compareTo(field2.getName()); 474 } 475 }; 476 Arrays.sort(fields, fieldComparator); 477 } 478 479 // Dump them 480 for (int i = 0; i < fields.length; i++) { 481 Field field = fields[i]; 482 int modifiers = field.getModifiers() & FIELD_MODIFIERS_MASK; 483 484 boolean skip = Modifier.isPrivate(modifiers) && 485 (Modifier.isTransient(modifiers) || Modifier.isStatic(modifiers)); 486 if (!skip) { 487 // write name, modifier & "descriptor" of all but private 488 // static and private transient 489 output.writeUTF(field.getName()); 490 output.writeInt(modifiers); 491 output.writeUTF(descriptorForFieldSignature(getFieldSignature(field))); 492 } 493 } 494 495 /* 496 * Normally constructors come before methods (because <init> < 497 * anyMethodName). However, <clinit> is an exception. Besides, 498 * reflect will not let us get to it. 499 */ 500 if (hasClinit(cl)) { 501 // write name, modifier & "descriptor" 502 output.writeUTF(CLINIT_NAME); 503 output.writeInt(CLINIT_MODIFIERS); 504 output.writeUTF(CLINIT_SIGNATURE); 505 } 506 507 // Constructor information 508 Constructor<?>[] constructors = cl.getDeclaredConstructors(); 509 if (constructors.length > 1) { 510 // Only attempt to sort if really needed (saves object creation, 511 // etc) 512 Comparator<Constructor<?>> constructorComparator = new Comparator<Constructor<?>>() { 513 public int compare(Constructor<?> ctr1, Constructor<?> ctr2) { 514 // All constructors have same name, so we sort based on 515 // signature 516 return (getConstructorSignature(ctr1) 517 .compareTo(getConstructorSignature(ctr2))); 518 } 519 }; 520 Arrays.sort(constructors, constructorComparator); 521 } 522 523 // Dump them 524 for (int i = 0; i < constructors.length; i++) { 525 Constructor<?> constructor = constructors[i]; 526 int modifiers = constructor.getModifiers() 527 & METHOD_MODIFIERS_MASK; 528 boolean isPrivate = Modifier.isPrivate(modifiers); 529 if (!isPrivate) { 530 /* 531 * write name, modifier & "descriptor" of all but private 532 * ones 533 * 534 * constructor.getName() returns the constructor name as 535 * typed, not the VM name 536 */ 537 output.writeUTF("<init>"); 538 output.writeInt(modifiers); 539 output.writeUTF(descriptorForSignature( 540 getConstructorSignature(constructor)).replace('/', 541 '.')); 542 } 543 } 544 545 // Method information 546 Method[] methods = cl.getDeclaredMethods(); 547 if (methods.length > 1) { 548 Comparator<Method> methodComparator = new Comparator<Method>() { 549 public int compare(Method m1, Method m2) { 550 int result = m1.getName().compareTo(m2.getName()); 551 if (result == 0) { 552 // same name, signature will tell which one comes 553 // first 554 return getMethodSignature(m1).compareTo( 555 getMethodSignature(m2)); 556 } 557 return result; 558 } 559 }; 560 Arrays.sort(methods, methodComparator); 561 } 562 563 // Dump them 564 for (int i = 0; i < methods.length; i++) { 565 Method method = methods[i]; 566 int modifiers = method.getModifiers() & METHOD_MODIFIERS_MASK; 567 boolean isPrivate = Modifier.isPrivate(modifiers); 568 if (!isPrivate) { 569 // write name, modifier & "descriptor" of all but private 570 // ones 571 output.writeUTF(method.getName()); 572 output.writeInt(modifiers); 573 output.writeUTF(descriptorForSignature( 574 getMethodSignature(method)).replace('/', '.')); 575 } 576 } 577 } catch (IOException e) { 578 throw new RuntimeException(e + " computing SHA-1/SUID"); 579 } 580 581 // now compute the UID based on the SHA 582 byte[] hash = digest.digest(sha.toByteArray()); 583 return Memory.peekLong(hash, 0, ByteOrder.LITTLE_ENDIAN); 584 } 585 586 /** 587 * Returns what the serialization specification calls "descriptor" given a 588 * field signature. 589 * 590 * @param signature 591 * a field signature 592 * @return containing the descriptor 593 */ descriptorForFieldSignature(String signature)594 private static String descriptorForFieldSignature(String signature) { 595 return signature.replace('.', '/'); 596 } 597 598 /** 599 * Return what the serialization specification calls "descriptor" given a 600 * method/constructor signature. 601 * 602 * @param signature 603 * a method or constructor signature 604 * @return containing the descriptor 605 */ descriptorForSignature(String signature)606 private static String descriptorForSignature(String signature) { 607 return signature.substring(signature.indexOf("(")); 608 } 609 610 /** 611 * Return the java.lang.reflect.Field {@code serialPersistentFields} 612 * if class {@code cl} implements it. Return null otherwise. 613 * 614 * @param cl 615 * a java.lang.Class which to test 616 * @return {@code java.lang.reflect.Field} if the class has 617 * serialPersistentFields {@code null} if the class does not 618 * have serialPersistentFields 619 */ fieldSerialPersistentFields(Class<?> cl)620 static Field fieldSerialPersistentFields(Class<?> cl) { 621 try { 622 Field f = cl.getDeclaredField("serialPersistentFields"); 623 int modifiers = f.getModifiers(); 624 if (Modifier.isStatic(modifiers) && Modifier.isPrivate(modifiers) 625 && Modifier.isFinal(modifiers)) { 626 if (f.getType() == ARRAY_OF_FIELDS) { 627 return f; 628 } 629 } 630 } catch (NoSuchFieldException nsm) { 631 // Ignored 632 } 633 return null; 634 } 635 636 /** 637 * Returns the class (java.lang.Class) for this descriptor. 638 * 639 * @return the class in the local VM that this descriptor represents; 640 * {@code null} if there is no corresponding class. 641 */ forClass()642 public Class<?> forClass() { 643 return resolvedClass; 644 } 645 646 /** 647 * Create and return a new instance of class 'instantiationClass' 648 * using JNI to call the constructor chosen by resolveConstructorClass. 649 * 650 * The returned instance may have uninitialized fields, including final fields. 651 */ newInstance(Class<?> instantiationClass)652 Object newInstance(Class<?> instantiationClass) throws InvalidClassException { 653 resolveConstructorClass(instantiationClass); 654 return newInstance(instantiationClass, resolvedConstructorMethodId); 655 } newInstance(Class<?> instantiationClass, long methodId)656 private static native Object newInstance(Class<?> instantiationClass, long methodId); 657 resolveConstructorClass(Class<?> objectClass)658 private Class<?> resolveConstructorClass(Class<?> objectClass) throws InvalidClassException { 659 if (resolvedConstructorClass != null) { 660 return resolvedConstructorClass; 661 } 662 663 // The class of the instance may not be the same as the class of the 664 // constructor to run 665 // This is the constructor to run if Externalizable 666 Class<?> constructorClass = objectClass; 667 668 // WARNING - What if the object is serializable and externalizable ? 669 // Is that possible ? 670 boolean wasSerializable = (flags & ObjectStreamConstants.SC_SERIALIZABLE) != 0; 671 if (wasSerializable) { 672 // Now we must run the constructor of the class just above the 673 // one that implements Serializable so that slots that were not 674 // dumped can be initialized properly 675 while (constructorClass != null && ObjectStreamClass.isSerializable(constructorClass)) { 676 constructorClass = constructorClass.getSuperclass(); 677 } 678 } 679 680 // Fetch the empty constructor, or null if none. 681 Constructor<?> constructor = null; 682 if (constructorClass != null) { 683 try { 684 constructor = constructorClass.getDeclaredConstructor(EmptyArray.CLASS); 685 } catch (NoSuchMethodException ignored) { 686 } 687 } 688 689 // Has to have an empty constructor 690 if (constructor == null) { 691 String className = constructorClass != null ? constructorClass.getName() : null; 692 throw new InvalidClassException(className, "IllegalAccessException"); 693 } 694 695 int constructorModifiers = constructor.getModifiers(); 696 boolean isPublic = Modifier.isPublic(constructorModifiers); 697 boolean isProtected = Modifier.isProtected(constructorModifiers); 698 boolean isPrivate = Modifier.isPrivate(constructorModifiers); 699 700 // Now we must check if the empty constructor is visible to the 701 // instantiation class 702 boolean wasExternalizable = (flags & ObjectStreamConstants.SC_EXTERNALIZABLE) != 0; 703 if (isPrivate || (wasExternalizable && !isPublic)) { 704 throw new InvalidClassException(constructorClass.getName(), "IllegalAccessException"); 705 } 706 707 // We know we are testing from a subclass, so the only other case 708 // where the visibility is not allowed is when the constructor has 709 // default visibility and the instantiation class is in a different 710 // package than the constructor class 711 if (!isPublic && !isProtected) { 712 // Not public, not private and not protected...means default 713 // visibility. Check if same package 714 if (!inSamePackage(constructorClass, objectClass)) { 715 throw new InvalidClassException(constructorClass.getName(), "IllegalAccessException"); 716 } 717 } 718 719 resolvedConstructorClass = constructorClass; 720 resolvedConstructorMethodId = getConstructorId(resolvedConstructorClass); 721 return constructorClass; 722 } getConstructorId(Class<?> c)723 private static native long getConstructorId(Class<?> c); 724 725 /** 726 * Checks if two classes belong to the same package. 727 * 728 * @param c1 729 * one of the classes to test. 730 * @param c2 731 * the other class to test. 732 * @return {@code true} if the two classes belong to the same package, 733 * {@code false} otherwise. 734 */ inSamePackage(Class<?> c1, Class<?> c2)735 private boolean inSamePackage(Class<?> c1, Class<?> c2) { 736 String nameC1 = c1.getName(); 737 String nameC2 = c2.getName(); 738 int indexDotC1 = nameC1.lastIndexOf('.'); 739 int indexDotC2 = nameC2.lastIndexOf('.'); 740 if (indexDotC1 != indexDotC2) { 741 return false; // cannot be in the same package if indices are not the same 742 } 743 if (indexDotC1 == -1) { 744 return true; // both of them are in default package 745 } 746 return nameC1.regionMatches(0, nameC2, 0, indexDotC1); 747 } 748 749 /** 750 * Return a String representing the signature for a Constructor {@code c}. 751 * 752 * @param c 753 * a java.lang.reflect.Constructor for which to compute the 754 * signature 755 * @return the constructor's signature 756 */ getConstructorSignature(Constructor<?> c)757 static native String getConstructorSignature(Constructor<?> c); 758 759 /** 760 * Gets a field descriptor of the class represented by this class 761 * descriptor. 762 * 763 * @param name 764 * the name of the desired field. 765 * @return the field identified by {@code name} or {@code null} if there is 766 * no such field. 767 */ getField(String name)768 public ObjectStreamField getField(String name) { 769 ObjectStreamField[] allFields = getFields(); 770 for (int i = 0; i < allFields.length; i++) { 771 ObjectStreamField f = allFields[i]; 772 if (f.getName().equals(name)) { 773 return f; 774 } 775 } 776 return null; 777 } 778 779 /** 780 * Returns the collection of field descriptors for the fields of the 781 * corresponding class 782 * 783 * @return the receiver's collection of declared fields for the class it 784 * represents 785 */ fields()786 ObjectStreamField[] fields() { 787 if (fields == null) { 788 Class<?> forCl = forClass(); 789 if (forCl != null && isSerializable() && !forCl.isArray()) { 790 buildFieldDescriptors(forCl.getDeclaredFields()); 791 } else { 792 // Externalizables or arrays do not need FieldDesc info 793 setFields(NO_FIELDS); 794 } 795 } 796 return fields; 797 } 798 799 /** 800 * Returns a collection of field descriptors for the serialized fields of 801 * the class represented by this class descriptor. 802 * 803 * @return an array of field descriptors or an array of length zero if there 804 * are no fields in this descriptor's class. 805 */ getFields()806 public ObjectStreamField[] getFields() { 807 copyFieldAttributes(); 808 return loadFields == null ? fields().clone() : loadFields.clone(); 809 } 810 811 private transient volatile List<ObjectStreamClass> cachedHierarchy; 812 getHierarchy()813 List<ObjectStreamClass> getHierarchy() { 814 List<ObjectStreamClass> result = cachedHierarchy; 815 if (result == null) { 816 cachedHierarchy = result = makeHierarchy(); 817 } 818 return result; 819 } 820 makeHierarchy()821 private List<ObjectStreamClass> makeHierarchy() { 822 ArrayList<ObjectStreamClass> result = new ArrayList<ObjectStreamClass>(); 823 for (ObjectStreamClass osc = this; osc != null; osc = osc.getSuperclass()) { 824 result.add(0, osc); 825 } 826 return result; 827 } 828 829 /** 830 * If a Class uses "serialPersistentFields" to define the serialized fields, 831 * this.loadFields cannot get the "unshared" information when deserializing 832 * fields using current implementation of ObjectInputStream. This method 833 * provides a way to copy the "unshared" attribute from this.fields. 834 * 835 */ copyFieldAttributes()836 private void copyFieldAttributes() { 837 if ((loadFields == null) || fields == null) { 838 return; 839 } 840 841 for (int i = 0; i < loadFields.length; i++) { 842 ObjectStreamField loadField = loadFields[i]; 843 String name = loadField.getName(); 844 for (int j = 0; j < fields.length; j++) { 845 ObjectStreamField field = fields[j]; 846 if (name.equals(field.getName())) { 847 loadField.setUnshared(field.isUnshared()); 848 loadField.setOffset(field.getOffset()); 849 break; 850 } 851 } 852 } 853 } 854 855 /** 856 * Returns the collection of field descriptors for the input fields of the 857 * corresponding class 858 * 859 * @return the receiver's collection of input fields for the class it 860 * represents 861 */ getLoadFields()862 ObjectStreamField[] getLoadFields() { 863 return loadFields; 864 } 865 866 /** 867 * Return a String representing the signature for a field {@code f}. 868 * 869 * @param f 870 * a java.lang.reflect.Field for which to compute the signature 871 * @return the field's signature 872 */ getFieldSignature(Field f)873 private static native String getFieldSignature(Field f); 874 875 /** 876 * Returns the flags for this descriptor, where possible combined values are 877 * 878 * ObjectStreamConstants.SC_WRITE_METHOD 879 * ObjectStreamConstants.SC_SERIALIZABLE 880 * ObjectStreamConstants.SC_EXTERNALIZABLE 881 * 882 * @return byte the receiver's flags for the class it represents 883 */ getFlags()884 byte getFlags() { 885 return flags; 886 } 887 888 /** 889 * Return a String representing the signature for a method {@code m}. 890 * 891 * @param m 892 * a java.lang.reflect.Method for which to compute the signature 893 * @return the method's signature 894 */ getMethodSignature(Method m)895 static native String getMethodSignature(Method m); 896 897 /** 898 * Returns the name of the class represented by this descriptor. 899 * 900 * @return the fully qualified name of the class this descriptor represents. 901 */ getName()902 public String getName() { 903 return className; 904 } 905 906 /** 907 * Returns the Serial Version User ID of the class represented by this 908 * descriptor. 909 * 910 * @return the SUID for the class represented by this descriptor. 911 */ getSerialVersionUID()912 public long getSerialVersionUID() { 913 return svUID; 914 } 915 916 /** 917 * Returns the descriptor (ObjectStreamClass) of the superclass of the class 918 * represented by the receiver. 919 * 920 * @return an ObjectStreamClass representing the superclass of the class 921 * represented by the receiver. 922 */ getSuperclass()923 ObjectStreamClass getSuperclass() { 924 return superclass; 925 } 926 927 /** 928 * Return true if the given class {@code cl} has the 929 * compiler-generated method {@code clinit}. Even though it is 930 * compiler-generated, it is used by the serialization code to compute SUID. 931 * This is unfortunate, since it may depend on compiler optimizations in 932 * some cases. 933 * 934 * @param cl 935 * a java.lang.Class which to test 936 * @return {@code true} if the class has <clinit> {@code false} 937 * if the class does not have <clinit> 938 */ hasClinit(Class<?> cl)939 private static native boolean hasClinit(Class<?> cl); 940 941 /** 942 * Return true if instances of class {@code cl} are Externalizable, 943 * false otherwise. 944 * 945 * @param cl 946 * a java.lang.Class which to test 947 * @return {@code true} if instances of the class are Externalizable 948 * {@code false} if instances of the class are not 949 * Externalizable 950 * 951 * @see Object#hashCode 952 */ isExternalizable(Class<?> cl)953 static boolean isExternalizable(Class<?> cl) { 954 return EXTERNALIZABLE.isAssignableFrom(cl); 955 } 956 957 /** 958 * Return true if the type code 959 * <code>typecode<code> describes a primitive type 960 * 961 * @param typecode a char describing the typecode 962 * @return {@code true} if the typecode represents a primitive type 963 * {@code false} if the typecode represents an Object type (including arrays) 964 * 965 * @see Object#hashCode 966 */ isPrimitiveType(char typecode)967 static boolean isPrimitiveType(char typecode) { 968 return !(typecode == '[' || typecode == 'L'); 969 } 970 971 /** 972 * Return true if instances of class {@code cl} are Serializable, 973 * false otherwise. 974 * 975 * @param cl 976 * a java.lang.Class which to test 977 * @return {@code true} if instances of the class are Serializable 978 * {@code false} if instances of the class are not 979 * Serializable 980 * 981 * @see Object#hashCode 982 */ isSerializable(Class<?> cl)983 static boolean isSerializable(Class<?> cl) { 984 return SERIALIZABLE.isAssignableFrom(cl); 985 } 986 987 /** 988 * Resolves the class properties, if they weren't already 989 */ resolveProperties()990 private void resolveProperties() { 991 if (arePropertiesResolved) { 992 return; 993 } 994 995 Class<?> cl = forClass(); 996 isProxy = Proxy.isProxyClass(cl); 997 isEnum = Enum.class.isAssignableFrom(cl); 998 isSerializable = isSerializable(cl); 999 isExternalizable = isExternalizable(cl); 1000 1001 arePropertiesResolved = true; 1002 } 1003 isSerializable()1004 boolean isSerializable() { 1005 resolveProperties(); 1006 return isSerializable; 1007 } 1008 isExternalizable()1009 boolean isExternalizable() { 1010 resolveProperties(); 1011 return isExternalizable; 1012 } 1013 isProxy()1014 boolean isProxy() { 1015 resolveProperties(); 1016 return isProxy; 1017 } 1018 isEnum()1019 boolean isEnum() { 1020 resolveProperties(); 1021 return isEnum; 1022 } 1023 1024 /** 1025 * Returns the descriptor for a serializable class. 1026 * Returns null if the class doesn't implement {@code Serializable} or {@code Externalizable}. 1027 * 1028 * @param cl 1029 * a java.lang.Class for which to obtain the corresponding 1030 * descriptor 1031 * @return the corresponding descriptor if the class is serializable or 1032 * externalizable; null otherwise. 1033 */ lookup(Class<?> cl)1034 public static ObjectStreamClass lookup(Class<?> cl) { 1035 ObjectStreamClass osc = lookupStreamClass(cl); 1036 return (osc.isSerializable() || osc.isExternalizable()) ? osc : null; 1037 } 1038 1039 /** 1040 * Returns the descriptor for any class, whether or not the class 1041 * implements Serializable or Externalizable. 1042 * 1043 * @param cl 1044 * a java.lang.Class for which to obtain the corresponding 1045 * descriptor 1046 * @return the descriptor 1047 * @since 1.6 1048 */ lookupAny(Class<?> cl)1049 public static ObjectStreamClass lookupAny(Class<?> cl) { 1050 return lookupStreamClass(cl); 1051 } 1052 1053 /** 1054 * Return the descriptor (ObjectStreamClass) corresponding to the class 1055 * {@code cl}. Returns an ObjectStreamClass even if instances of the 1056 * class cannot be serialized 1057 * 1058 * @param cl 1059 * a java.langClass for which to obtain the corresponding 1060 * descriptor 1061 * @return the corresponding descriptor 1062 */ lookupStreamClass(Class<?> cl)1063 static ObjectStreamClass lookupStreamClass(Class<?> cl) { 1064 WeakHashMap<Class<?>, ObjectStreamClass> tlc = getCache(); 1065 ObjectStreamClass cachedValue = tlc.get(cl); 1066 if (cachedValue == null) { 1067 cachedValue = createClassDesc(cl); 1068 tlc.put(cl, cachedValue); 1069 } 1070 return cachedValue; 1071 1072 } 1073 1074 /** 1075 * A ThreadLocal cache for lookupStreamClass, with the possibility of discarding the thread 1076 * local storage content when the heap is exhausted. 1077 */ 1078 private static SoftReference<ThreadLocal<WeakHashMap<Class<?>, ObjectStreamClass>>> storage = 1079 new SoftReference<ThreadLocal<WeakHashMap<Class<?>, ObjectStreamClass>>>(null); 1080 getCache()1081 private static WeakHashMap<Class<?>, ObjectStreamClass> getCache() { 1082 ThreadLocal<WeakHashMap<Class<?>, ObjectStreamClass>> tls = storage.get(); 1083 if (tls == null) { 1084 tls = new ThreadLocal<WeakHashMap<Class<?>, ObjectStreamClass>>() { 1085 public WeakHashMap<Class<?>, ObjectStreamClass> initialValue() { 1086 return new WeakHashMap<Class<?>, ObjectStreamClass>(); 1087 } 1088 }; 1089 storage = new SoftReference<ThreadLocal<WeakHashMap<Class<?>, ObjectStreamClass>>>(tls); 1090 } 1091 return tls.get(); 1092 } 1093 1094 /** 1095 * Return the java.lang.reflect.Method if class <code>cl</code> implements 1096 * <code>methodName</code> . Return null otherwise. 1097 * 1098 * @param cl 1099 * a java.lang.Class which to test 1100 * @return <code>java.lang.reflect.Method</code> if the class implements 1101 * writeReplace <code>null</code> if the class does not implement 1102 * writeReplace 1103 */ findMethod(Class<?> cl, String methodName)1104 static Method findMethod(Class<?> cl, String methodName) { 1105 Class<?> search = cl; 1106 Method method = null; 1107 while (search != null) { 1108 try { 1109 method = search.getDeclaredMethod(methodName, (Class[]) null); 1110 if (search == cl 1111 || (method.getModifiers() & Modifier.PRIVATE) == 0) { 1112 method.setAccessible(true); 1113 return method; 1114 } 1115 } catch (NoSuchMethodException nsm) { 1116 } 1117 search = search.getSuperclass(); 1118 } 1119 return null; 1120 } 1121 1122 /** 1123 * Return the java.lang.reflect.Method if class <code>cl</code> implements 1124 * private <code>methodName</code> . Return null otherwise. 1125 * 1126 * @param cl 1127 * a java.lang.Class which to test 1128 * @return {@code java.lang.reflect.Method} if the class implements 1129 * writeReplace {@code null} if the class does not implement 1130 * writeReplace 1131 */ findPrivateMethod(Class<?> cl, String methodName, Class<?>[] param)1132 static Method findPrivateMethod(Class<?> cl, String methodName, 1133 Class<?>[] param) { 1134 try { 1135 Method method = cl.getDeclaredMethod(methodName, param); 1136 if (Modifier.isPrivate(method.getModifiers()) && method.getReturnType() == void.class) { 1137 method.setAccessible(true); 1138 return method; 1139 } 1140 } catch (NoSuchMethodException nsm) { 1141 // Ignored 1142 } 1143 return null; 1144 } 1145 hasMethodWriteReplace()1146 boolean hasMethodWriteReplace() { 1147 return (methodWriteReplace != null); 1148 } 1149 getMethodWriteReplace()1150 Method getMethodWriteReplace() { 1151 return methodWriteReplace; 1152 } 1153 hasMethodReadResolve()1154 boolean hasMethodReadResolve() { 1155 return (methodReadResolve != null); 1156 } 1157 getMethodReadResolve()1158 Method getMethodReadResolve() { 1159 return methodReadResolve; 1160 } 1161 hasMethodWriteObject()1162 boolean hasMethodWriteObject() { 1163 return (methodWriteObject != null); 1164 } 1165 getMethodWriteObject()1166 Method getMethodWriteObject() { 1167 return methodWriteObject; 1168 } 1169 hasMethodReadObject()1170 boolean hasMethodReadObject() { 1171 return (methodReadObject != null); 1172 } 1173 getMethodReadObject()1174 Method getMethodReadObject() { 1175 return methodReadObject; 1176 } 1177 hasMethodReadObjectNoData()1178 boolean hasMethodReadObjectNoData() { 1179 return (methodReadObjectNoData != null); 1180 } 1181 getMethodReadObjectNoData()1182 Method getMethodReadObjectNoData() { 1183 return methodReadObjectNoData; 1184 } 1185 initPrivateFields(ObjectStreamClass desc)1186 void initPrivateFields(ObjectStreamClass desc) { 1187 methodWriteReplace = desc.methodWriteReplace; 1188 methodReadResolve = desc.methodReadResolve; 1189 methodWriteObject = desc.methodWriteObject; 1190 methodReadObject = desc.methodReadObject; 1191 methodReadObjectNoData = desc.methodReadObjectNoData; 1192 } 1193 1194 /** 1195 * Set the class (java.lang.Class) that the receiver represents 1196 * 1197 * @param c 1198 * aClass, the new class that the receiver describes 1199 */ setClass(Class<?> c)1200 void setClass(Class<?> c) { 1201 resolvedClass = c; 1202 } 1203 1204 /** 1205 * Set the collection of field descriptors for the fields of the 1206 * corresponding class 1207 * 1208 * @param f 1209 * ObjectStreamField[], the receiver's new collection of declared 1210 * fields for the class it represents 1211 */ setFields(ObjectStreamField[] f)1212 void setFields(ObjectStreamField[] f) { 1213 fields = f; 1214 } 1215 1216 /** 1217 * Set the collection of field descriptors for the input fields of the 1218 * corresponding class 1219 * 1220 * @param f 1221 * ObjectStreamField[], the receiver's new collection of input 1222 * fields for the class it represents 1223 */ setLoadFields(ObjectStreamField[] f)1224 void setLoadFields(ObjectStreamField[] f) { 1225 loadFields = f; 1226 } 1227 1228 /** 1229 * Set the flags for this descriptor, where possible combined values are 1230 * 1231 * ObjectStreamConstants.SC_WRITE_METHOD 1232 * ObjectStreamConstants.SC_SERIALIZABLE 1233 * ObjectStreamConstants.SC_EXTERNALIZABLE 1234 * 1235 * @param b 1236 * byte, the receiver's new flags for the class it represents 1237 */ setFlags(byte b)1238 void setFlags(byte b) { 1239 flags = b; 1240 } 1241 1242 /** 1243 * Set the name of the class represented by the receiver 1244 * 1245 * @param newName 1246 * a String, the new fully qualified name of the class the 1247 * receiver represents 1248 */ setName(String newName)1249 void setName(String newName) { 1250 className = newName; 1251 } 1252 1253 /** 1254 * Set the Serial Version User ID of the class represented by the receiver 1255 * 1256 * @param l 1257 * a long, the new SUID for the class represented by the receiver 1258 */ setSerialVersionUID(long l)1259 void setSerialVersionUID(long l) { 1260 svUID = l; 1261 } 1262 1263 /** 1264 * Set the descriptor for the superclass of the class described by the 1265 * receiver 1266 * 1267 * @param c 1268 * an ObjectStreamClass, the new ObjectStreamClass for the 1269 * superclass of the class represented by the receiver 1270 */ setSuperclass(ObjectStreamClass c)1271 void setSuperclass(ObjectStreamClass c) { 1272 superclass = c; 1273 } 1274 primitiveSize(Class<?> type)1275 private int primitiveSize(Class<?> type) { 1276 if (type == byte.class || type == boolean.class) { 1277 return 1; 1278 } 1279 if (type == short.class || type == char.class) { 1280 return 2; 1281 } 1282 if (type == int.class || type == float.class) { 1283 return 4; 1284 } 1285 if (type == long.class || type == double.class) { 1286 return 8; 1287 } 1288 throw new AssertionError(); 1289 } 1290 1291 /** 1292 * Returns a string containing a concise, human-readable description of this 1293 * descriptor. 1294 * 1295 * @return a printable representation of this descriptor. 1296 */ 1297 @Override toString()1298 public String toString() { 1299 return getName() + ": static final long serialVersionUID =" + getSerialVersionUID() + "L;"; 1300 } 1301 } 1302