RFR: 4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath

Sean Mullan mullan at openjdk.java.net
Mon Nov 15 19:08:39 UTC 2021

On Mon, 15 Nov 2021 18:59:17 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

> The serialized form doc for both classes should say something about what is serialized. Since it is using writeReplace, it can indicate that CertificateRep/CertPathRep is used instead (and the arguments). likely you'll need to use the @serial javadoc tag and check the generated javadoc to verify.

The `writeReplace` methods do have `@serial` tags, and they do show up in the Serialized Form of the javadoc, ex: https://docs.oracle.com/en/java/javase/17/docs/api/serialized-form.html#java.security.cert.Certificate

Is your comment more that these methods could more clearly specify what is returned?


PR: https://git.openjdk.java.net/jdk/pull/6392

More information about the security-dev mailing list