[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Tue Aug 14 14:18:07 UTC 2018

Hi Max,

On 8/14/2018 1:33 AM, Weijun Wang wrote:
> Here is the change for both classes. I use "original object" so a caller would know what the filter should expect.
ok
>
> diff --git a/src/java.base/share/classes/java/security/SignedObject.java b/src/java.base/share/classes/java/security/SignedObject.java
> --- a/src/java.base/share/classes/java/security/SignedObject.java
> +++ b/src/java.base/share/classes/java/security/SignedObject.java
> @@ -59,10 +59,16 @@
>    *     Signature.getInstance(algorithm, provider);
>    * if (so.verify(publickey, verificationEngine))
>    *     try {
> - *         Object myobj = so.getObject();
> + *         ObjectInputFilter myfilter = ...;
> + *         Object myobj = so.getObject(myfilter);
>    *     } catch (java.lang.ClassNotFoundException e) {};
>    * }</pre>
>    *
> + * In this example, an {@link ObjectInputFilter}object  is used during
> + * deserialization of the original object. If {@link #getObject()} is
> + * called, the {@link ObjectInputFilter.Config#getSerialFilter()
> + * initial process-wide filter} is used instead.
> + *
Just saying "an ObjectInputFilter is used"... is fine.
>    * <p> Several points are worth noting.  First, there is no need to
>    * initialize the signing or verification engine, as it will be
>    * re-initialized inside the constructor and the {@code verify}
> diff --git a/src/java.base/share/classes/javax/crypto/SealedObject.java b/src/java.base/share/classes/javax/crypto/SealedObject.java
> --- a/src/java.base/share/classes/javax/crypto/SealedObject.java
> +++ b/src/java.base/share/classes/javax/crypto/SealedObject.java
> @@ -86,6 +86,12 @@
>    *
>    * </ul>
>    *
> + * Both methods have overloaded forms that accept an {@link ObjectInputFilter}
> + * parameter, which will be used during deserialization of the original object.
> + * If a {@code getObject} method without a {@code ObjectInputFilter} parameter
> + * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
> + * initial process-wide filter} is used instead.
>
> This last paragraph is after the <ul> of lines 57-86 [1] that talks about 2 getObject() methods to retrieve the original object.
>
> I'll update the CSR if you're OK with the words.
Looks fine to me.

Thanks, Roger

>
> Thanks
> Max
>
> [1] http://hg.openjdk.java.net/jdk/jdk/file/977c6dd636bd/src/java.base/share/classes/javax/crypto/SealedObject.java#l57
>
>
>> On Aug 14, 2018, at 12:29 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>>> On Aug 7, 2018, at 10:57 PM, Roger Riggs <roger.riggs at oracle.com> wrote:
>>>
>>> It may be useful to include in the descriptions a reminder that if no ObjectInputFilter
>>> is supplied the global filter is used.  Details in ObjectInputStream.
>> The new getObject() methods with an ObjectInputFilter does not allow it to be null, so it looks strange to mention this in the method spec.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180814/e19c2a1b/attachment.htm>