RFR: 4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath [v2]
Sean Mullan
mullan at openjdk.java.net
Mon Nov 15 21:53:57 UTC 2021
On Mon, 15 Nov 2021 19:15:47 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
> > > The serialized form doc for both classes should say something about what is serialized. Since it is using writeReplace, it can indicate that CertificateRep/CertPathRep is used instead (and the arguments). likely you'll need to use the @serial javadoc tag and check the generated javadoc to verify.
> >
> >
> > The `writeReplace` methods do have `@serial` tags, and they do show up in the Serialized Form of the javadoc, ex: https://docs.oracle.com/en/java/javase/17/docs/api/serialized-form.html#java.security.cert.Certificate
> > Is your comment more that these methods could more clearly specify what is returned?
>
> The `@java.io.Serial` annotation doesn't add any description to the generated javadoc or serialized form doc.
>
> The javadoc in the serialized for says only: "Replace the Certificate to be serialized." For my purposes it would enough to reword it to say it returns a CertificateRep holding the type and data or something similar. The `@serial` javadoc tag might be useful but not necessary if the regular javadoc that is in the serialized form doc is concrete.
Sounds good, see the latest commit for improvements to `writeReplace` and a few other wording improvements in related methods/fields.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6392
More information about the security-dev
mailing list