[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Weijun Wang weijun.wang at oracle.com
Tue Aug 14 04:29:02 UTC 2018 

Sorry for the late reply.

> On Aug 7, 2018, at 10:57 PM, Roger Riggs <roger.riggs at oracle.com> wrote:
> 
> Hi Max,
> 
> It may be useful to include in the descriptions a reminder that if no ObjectInputFilter
> is supplied the global filter is used.  Details in ObjectInputStream.

The new getObject() methods with an ObjectInputFilter does not allow it to be null, so it looks strange to mention this in the method spec.

I'm thinking about these changes in the example part of the class spec:

  *     Signature.getInstance(algorithm, provider);
  * if (so.verify(publickey, verificationEngine))
  *     try {
- *         Object myobj = so.getObject();
+ *         ObjectInputFilter myfilter = ...;
+ *         Object myobj = so.getObject(myfilter);
  *     } catch (java.lang.ClassNotFoundException e) {};
  * }</pre>
  *
+ * In this example, the {@link ObjectInputFilter} object is used during
+ * deserialization to check the contents of the stream. If {@link #getObject()}
+ * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
+ * initial process-wide filter} is used.

I copied the words from ObjectInputStream::getObjectInputFilter. Is this a formal name of the "global filter"?

> 
> Typically, the @throws clauses that are not full sentences do not include a final period "."
> For consistency with the existing javadoc, omit the "."
> For example, SealedObject.java:191, 239, 240, 330
> SignedObject.java: 128, 130, 229, 252, 253
> 
> While you are editing SealedObject.java: 143-145, please indent the continuation lines of @throws.

OK.

> 
> Are there any caveats on what the serial filter needs to allow when used in SealedObject or SignedObject?

I'll think about this. In reality, a user first get a SignedObject from an ObjectInputStream and then call getObject() to read it. I should probably point out a user can check the content of SignedObject themselves while retrieving the SignedObject itself and the new method only takes care about deserializing the internal object only.

Thanks
Max

> 
> Thanks, Roger
> 
> 
> On 8/7/18 2:31 AM, Weijun Wang wrote:
>> Please review the code change at
>> 
>>    webrev: http://cr.openjdk.java.net/~weijun/8193859/webrev.00/
>> 
>> where
>> 
>>       JBS: https://bugs.openjdk.java.net/browse/JDK-8193859
>>       CSR: https://bugs.openjdk.java.net/browse/JDK-8193887
>> 
>> Thanks
>> Max
>> 
>> 
>

More information about the security-dev mailing list