[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Weijun Wang weijun.wang at oracle.com
Tue Aug 14 05:33:40 UTC 2018 

Here is the change for both classes. I use "original object" so a caller would know what the filter should expect.

diff --git a/src/java.base/share/classes/java/security/SignedObject.java b/src/java.base/share/classes/java/security/SignedObject.java
--- a/src/java.base/share/classes/java/security/SignedObject.java
+++ b/src/java.base/share/classes/java/security/SignedObject.java
@@ -59,10 +59,16 @@
  *     Signature.getInstance(algorithm, provider);
  * if (so.verify(publickey, verificationEngine))
  *     try {
- *         Object myobj = so.getObject();
+ *         ObjectInputFilter myfilter = ...;
+ *         Object myobj = so.getObject(myfilter);
  *     } catch (java.lang.ClassNotFoundException e) {};
  * }</pre>
  *
+ * In this example, an {@link ObjectInputFilter} object is used during
+ * deserialization of the original object. If {@link #getObject()} is
+ * called, the {@link ObjectInputFilter.Config#getSerialFilter()
+ * initial process-wide filter} is used instead.
+ *
  * <p> Several points are worth noting.  First, there is no need to
  * initialize the signing or verification engine, as it will be
  * re-initialized inside the constructor and the {@code verify}
diff --git a/src/java.base/share/classes/javax/crypto/SealedObject.java b/src/java.base/share/classes/javax/crypto/SealedObject.java
--- a/src/java.base/share/classes/javax/crypto/SealedObject.java
+++ b/src/java.base/share/classes/javax/crypto/SealedObject.java
@@ -86,6 +86,12 @@
  *
  * </ul>
  *
+ * Both methods have overloaded forms that accept an {@link ObjectInputFilter}
+ * parameter, which will be used during deserialization of the original object.
+ * If a {@code getObject} method without a {@code ObjectInputFilter} parameter
+ * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
+ * initial process-wide filter} is used instead.

This last paragraph is after the <ul> of lines 57-86 [1] that talks about 2 getObject() methods to retrieve the original object.

I'll update the CSR if you're OK with the words.

Thanks
Max

[1] http://hg.openjdk.java.net/jdk/jdk/file/977c6dd636bd/src/java.base/share/classes/javax/crypto/SealedObject.java#l57


> On Aug 14, 2018, at 12:29 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
>> On Aug 7, 2018, at 10:57 PM, Roger Riggs <roger.riggs at oracle.com> wrote:
>> 
>> It may be useful to include in the descriptions a reminder that if no ObjectInputFilter
>> is supplied the global filter is used.  Details in ObjectInputStream.
> 
> The new getObject() methods with an ObjectInputFilter does not allow it to be null, so it looks strange to mention this in the method spec.

More information about the security-dev mailing list