1 /* 2 * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.io; 27 28 import java.lang.invoke.MethodHandle; 29 import java.lang.invoke.MethodHandles; 30 import java.lang.invoke.MethodType; 31 import java.lang.reflect.Constructor; 32 import java.lang.reflect.Field; 33 import java.lang.reflect.InvocationTargetException; 34 import java.lang.reflect.RecordComponent; 35 import java.lang.reflect.UndeclaredThrowableException; 36 import java.lang.reflect.Member; 37 import java.lang.reflect.Method; 38 import java.lang.reflect.Modifier; 39 import java.lang.reflect.Proxy; 40 import java.security.AccessControlContext; 41 import java.security.AccessController; 42 import java.security.MessageDigest; 43 import java.security.NoSuchAlgorithmException; 44 import java.security.PermissionCollection; 45 import java.security.Permissions; 46 import java.security.PrivilegedAction; 47 import java.security.PrivilegedActionException; 48 import java.security.PrivilegedExceptionAction; 49 import java.security.ProtectionDomain; 50 import java.util.ArrayList; 51 import java.util.Arrays; 52 import java.util.Collections; 53 import java.util.Comparator; 54 import java.util.HashSet; 55 import java.util.Map; 56 import java.util.Set; 57 import java.util.concurrent.ConcurrentHashMap; 58 import jdk.internal.misc.Unsafe; 59 import jdk.internal.reflect.CallerSensitive; 60 import jdk.internal.reflect.Reflection; 61 import jdk.internal.reflect.ReflectionFactory; 62 import jdk.internal.access.SharedSecrets; 63 import jdk.internal.access.JavaSecurityAccess; 64 import jdk.internal.util.ByteArray; 65 import sun.reflect.misc.ReflectUtil; 66 67 /** 68 * Serialization's descriptor for classes. It contains the name and 69 * serialVersionUID of the class. The ObjectStreamClass for a specific class 70 * loaded in this Java VM can be found/created using the lookup method. 71 * 72 * <p>The algorithm to compute the SerialVersionUID is described in 73 * <a href="{@docRoot}/../specs/serialization/class.html#stream-unique-identifiers"> 74 * <cite>Java Object Serialization Specification,</cite> Section 4.6, "Stream Unique Identifiers"</a>. 75 * 76 * @spec serialization/index.html Java Object Serialization Specification 77 * @author Mike Warres 78 * @author Roger Riggs 79 * @see ObjectStreamField 80 * @see <a href="{@docRoot}/../specs/serialization/class.html"> 81 * <cite>Java Object Serialization Specification,</cite> Section 4, "Class Descriptors"</a> 82 * @since 1.1 83 */ 84 public final class ObjectStreamClass implements Serializable { 85 86 /** serialPersistentFields value indicating no serializable fields */ 87 public static final ObjectStreamField[] NO_FIELDS = 88 new ObjectStreamField[0]; 89 90 @java.io.Serial 91 private static final long serialVersionUID = -6120832682080437368L; 92 /** 93 * {@code ObjectStreamClass} has no fields for default serialization. 94 */ 95 @java.io.Serial 96 private static final ObjectStreamField[] serialPersistentFields = 97 NO_FIELDS; 98 99 /** reflection factory for obtaining serialization constructors */ 100 @SuppressWarnings("removal") 101 private static final ReflectionFactory reflFactory = 102 AccessController.doPrivileged( 103 new ReflectionFactory.GetReflectionFactoryAction()); 104 105 private static class Caches { 106 /** cache mapping local classes -> descriptors */ 107 static final ClassCache<ObjectStreamClass> localDescs = 108 new ClassCache<>() { 109 @Override 110 protected ObjectStreamClass computeValue(Class<?> type) { 111 return new ObjectStreamClass(type); 112 } 113 }; 114 115 /** cache mapping field group/local desc pairs -> field reflectors */ 116 static final ClassCache<Map<FieldReflectorKey, FieldReflector>> reflectors = 117 new ClassCache<>() { 118 @Override 119 protected Map<FieldReflectorKey, FieldReflector> computeValue(Class<?> type) { 120 return new ConcurrentHashMap<>(); 121 } 122 }; 123 } 124 125 /** class associated with this descriptor (if any) */ 126 private Class<?> cl; 127 /** name of class represented by this descriptor */ 128 private String name; 129 /** serialVersionUID of represented class (null if not computed yet) */ 130 private volatile Long suid; 131 132 /** true if represents dynamic proxy class */ 133 private boolean isProxy; 134 /** true if represents enum type */ 135 private boolean isEnum; 136 /** true if represents record type */ 137 private boolean isRecord; 138 /** true if represented class implements Serializable */ 139 private boolean serializable; 140 /** true if represented class implements Externalizable */ 141 private boolean externalizable; 142 /** true if desc has data written by class-defined writeObject method */ 143 private boolean hasWriteObjectData; 144 /** 145 * true if desc has externalizable data written in block data format; this 146 * must be true by default to accommodate ObjectInputStream subclasses which 147 * override readClassDescriptor() to return class descriptors obtained from 148 * ObjectStreamClass.lookup() (see 4461737) 149 */ 150 private boolean hasBlockExternalData = true; 151 152 /** 153 * Contains information about InvalidClassException instances to be thrown 154 * when attempting operations on an invalid class. Note that instances of 155 * this class are immutable and are potentially shared among 156 * ObjectStreamClass instances. 157 */ 158 private static class ExceptionInfo { 159 private final String className; 160 private final String message; 161 162 ExceptionInfo(String cn, String msg) { 163 className = cn; 164 message = msg; 165 } 166 167 /** 168 * Returns (does not throw) an InvalidClassException instance created 169 * from the information in this object, suitable for being thrown by 170 * the caller. 171 */ 172 InvalidClassException newInvalidClassException() { 173 return new InvalidClassException(className, message); 174 } 175 } 176 177 /** exception (if any) thrown while attempting to resolve class */ 178 private ClassNotFoundException resolveEx; 179 /** exception (if any) to throw if non-enum deserialization attempted */ 180 private ExceptionInfo deserializeEx; 181 /** exception (if any) to throw if non-enum serialization attempted */ 182 private ExceptionInfo serializeEx; 183 /** exception (if any) to throw if default serialization attempted */ 184 private ExceptionInfo defaultSerializeEx; 185 186 /** serializable fields */ 187 private ObjectStreamField[] fields; 188 /** aggregate marshalled size of primitive fields */ 189 private int primDataSize; 190 /** number of non-primitive fields */ 191 private int numObjFields; 192 /** reflector for setting/getting serializable field values */ 193 private FieldReflector fieldRefl; 194 /** data layout of serialized objects described by this class desc */ 195 private volatile ClassDataSlot[] dataLayout; 196 197 /** serialization-appropriate constructor, or null if none */ 198 private Constructor<?> cons; 199 /** record canonical constructor (shared among OSCs for same class), or null */ 200 private MethodHandle canonicalCtr; 201 /** cache of record deserialization constructors per unique set of stream fields 202 * (shared among OSCs for same class), or null */ 203 private DeserializationConstructorsCache deserializationCtrs; 204 /** session-cache of record deserialization constructor 205 * (in de-serialized OSC only), or null */ 206 private MethodHandle deserializationCtr; 207 /** protection domains that need to be checked when calling the constructor */ 208 private ProtectionDomain[] domains; 209 210 /** class-defined writeObject method, or null if none */ 211 private Method writeObjectMethod; 212 /** class-defined readObject method, or null if none */ 213 private Method readObjectMethod; 214 /** class-defined readObjectNoData method, or null if none */ 215 private Method readObjectNoDataMethod; 216 /** class-defined writeReplace method, or null if none */ 217 private Method writeReplaceMethod; 218 /** class-defined readResolve method, or null if none */ 219 private Method readResolveMethod; 220 221 /** local class descriptor for represented class (may point to self) */ 222 private ObjectStreamClass localDesc; 223 /** superclass descriptor appearing in stream */ 224 private ObjectStreamClass superDesc; 225 226 /** true if, and only if, the object has been correctly initialized */ 227 private boolean initialized; 228 229 /** 230 * Initializes native code. 231 */ 232 private static native void initNative(); 233 static { 234 initNative(); 235 } 236 237 /** 238 * Find the descriptor for a class that can be serialized. Creates an 239 * ObjectStreamClass instance if one does not exist yet for class. Null is 240 * returned if the specified class does not implement java.io.Serializable 241 * or java.io.Externalizable. 242 * 243 * @param cl class for which to get the descriptor 244 * @return the class descriptor for the specified class 245 */ 246 public static ObjectStreamClass lookup(Class<?> cl) { 247 return lookup(cl, false); 248 } 249 250 /** 251 * Returns the descriptor for any class, regardless of whether it 252 * implements {@link Serializable}. 253 * 254 * @param cl class for which to get the descriptor 255 * @return the class descriptor for the specified class 256 * @since 1.6 257 */ 258 public static ObjectStreamClass lookupAny(Class<?> cl) { 259 return lookup(cl, true); 260 } 261 262 /** 263 * Returns the name of the class described by this descriptor. 264 * This method returns the name of the class in the format that 265 * is used by the {@link Class#getName} method. 266 * 267 * @return a string representing the name of the class 268 */ 269 public String getName() { 270 return name; 271 } 272 273 /** 274 * Return the serialVersionUID for this class. The serialVersionUID 275 * defines a set of classes all with the same name that have evolved from a 276 * common root class and agree to be serialized and deserialized using a 277 * common format. NonSerializable classes have a serialVersionUID of 0L. 278 * 279 * @return the SUID of the class described by this descriptor 280 */ 281 @SuppressWarnings("removal") 282 public long getSerialVersionUID() { 283 // REMIND: synchronize instead of relying on volatile? 284 if (suid == null) { 285 if (isRecord) 286 return 0L; 287 288 suid = AccessController.doPrivileged( 289 new PrivilegedAction<Long>() { 290 public Long run() { 291 return computeDefaultSUID(cl); 292 } 293 } 294 ); 295 } 296 return suid.longValue(); 297 } 298 299 /** 300 * Return the class in the local VM that this version is mapped to. Null 301 * is returned if there is no corresponding local class. 302 * 303 * @return the {@code Class} instance that this descriptor represents 304 */ 305 @SuppressWarnings("removal") 306 @CallerSensitive 307 public Class<?> forClass() { 308 if (cl == null) { 309 return null; 310 } 311 requireInitialized(); 312 if (System.getSecurityManager() != null) { 313 Class<?> caller = Reflection.getCallerClass(); 314 if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) { 315 ReflectUtil.checkPackageAccess(cl); 316 } 317 } 318 return cl; 319 } 320 321 /** 322 * Return an array of the fields of this serializable class. 323 * 324 * @return an array containing an element for each persistent field of 325 * this class. Returns an array of length zero if there are no 326 * fields. 327 * @since 1.2 328 */ 329 public ObjectStreamField[] getFields() { 330 return getFields(true); 331 } 332 333 /** 334 * Get the field of this class by name. 335 * 336 * @param name the name of the data field to look for 337 * @return The ObjectStreamField object of the named field or null if 338 * there is no such named field. 339 */ 340 public ObjectStreamField getField(String name) { 341 return getField(name, null); 342 } 343 344 /** 345 * Return a string describing this ObjectStreamClass. 346 */ 347 public String toString() { 348 return name + ": static final long serialVersionUID = " + 349 getSerialVersionUID() + "L;"; 350 } 351 352 /** 353 * Looks up and returns class descriptor for given class, or null if class 354 * is non-serializable and "all" is set to false. 355 * 356 * @param cl class to look up 357 * @param all if true, return descriptors for all classes; if false, only 358 * return descriptors for serializable classes 359 */ 360 static ObjectStreamClass lookup(Class<?> cl, boolean all) { 361 if (!(all || Serializable.class.isAssignableFrom(cl))) { 362 return null; 363 } 364 return Caches.localDescs.get(cl); 365 } 366 367 /** 368 * Creates local class descriptor representing given class. 369 */ 370 @SuppressWarnings("removal") 371 private ObjectStreamClass(final Class<?> cl) { 372 this.cl = cl; 373 name = cl.getName(); 374 isProxy = Proxy.isProxyClass(cl); 375 isEnum = Enum.class.isAssignableFrom(cl); 376 isRecord = cl.isRecord(); 377 serializable = Serializable.class.isAssignableFrom(cl); 378 externalizable = Externalizable.class.isAssignableFrom(cl); 379 380 Class<?> superCl = cl.getSuperclass(); 381 superDesc = (superCl != null) ? lookup(superCl, false) : null; 382 localDesc = this; 383 384 if (serializable) { 385 AccessController.doPrivileged(new PrivilegedAction<>() { 386 public Void run() { 387 if (isEnum) { 388 suid = 0L; 389 fields = NO_FIELDS; 390 return null; 391 } 392 if (cl.isArray()) { 393 fields = NO_FIELDS; 394 return null; 395 } 396 397 suid = getDeclaredSUID(cl); 398 try { 399 fields = getSerialFields(cl); 400 computeFieldOffsets(); 401 } catch (InvalidClassException e) { 402 serializeEx = deserializeEx = 403 new ExceptionInfo(e.classname, e.getMessage()); 404 fields = NO_FIELDS; 405 } 406 407 if (isRecord) { 408 canonicalCtr = canonicalRecordCtr(cl); 409 deserializationCtrs = new DeserializationConstructorsCache(); 410 } else if (externalizable) { 411 cons = getExternalizableConstructor(cl); 412 } else { 413 cons = getSerializableConstructor(cl); 414 writeObjectMethod = getPrivateMethod(cl, "writeObject", 415 new Class<?>[] { ObjectOutputStream.class }, 416 Void.TYPE); 417 readObjectMethod = getPrivateMethod(cl, "readObject", 418 new Class<?>[] { ObjectInputStream.class }, 419 Void.TYPE); 420 readObjectNoDataMethod = getPrivateMethod( 421 cl, "readObjectNoData", null, Void.TYPE); 422 hasWriteObjectData = (writeObjectMethod != null); 423 } 424 domains = getProtectionDomains(cons, cl); 425 writeReplaceMethod = getInheritableMethod( 426 cl, "writeReplace", null, Object.class); 427 readResolveMethod = getInheritableMethod( 428 cl, "readResolve", null, Object.class); 429 return null; 430 } 431 }); 432 } else { 433 suid = 0L; 434 fields = NO_FIELDS; 435 } 436 437 try { 438 fieldRefl = getReflector(fields, this); 439 } catch (InvalidClassException ex) { 440 // field mismatches impossible when matching local fields vs. self 441 throw new InternalError(ex); 442 } 443 444 if (deserializeEx == null) { 445 if (isEnum) { 446 deserializeEx = new ExceptionInfo(name, "enum type"); 447 } else if (cons == null && !isRecord) { 448 deserializeEx = new ExceptionInfo(name, "no valid constructor"); 449 } 450 } 451 if (isRecord && canonicalCtr == null) { 452 deserializeEx = new ExceptionInfo(name, "record canonical constructor not found"); 453 } else { 454 for (int i = 0; i < fields.length; i++) { 455 if (fields[i].getField() == null) { 456 defaultSerializeEx = new ExceptionInfo( 457 name, "unmatched serializable field(s) declared"); 458 } 459 } 460 } 461 initialized = true; 462 } 463 464 /** 465 * Creates blank class descriptor which should be initialized via a 466 * subsequent call to initProxy(), initNonProxy() or readNonProxy(). 467 */ 468 ObjectStreamClass() { 469 } 470 471 /** 472 * Creates a PermissionDomain that grants no permission. 473 */ 474 private ProtectionDomain noPermissionsDomain() { 475 PermissionCollection perms = new Permissions(); 476 perms.setReadOnly(); 477 return new ProtectionDomain(null, perms); 478 } 479 480 /** 481 * Aggregate the ProtectionDomains of all the classes that separate 482 * a concrete class {@code cl} from its ancestor's class declaring 483 * a constructor {@code cons}. 484 * 485 * If {@code cl} is defined by the boot loader, or the constructor 486 * {@code cons} is declared by {@code cl}, or if there is no security 487 * manager, then this method does nothing and {@code null} is returned. 488 * 489 * @param cons A constructor declared by {@code cl} or one of its 490 * ancestors. 491 * @param cl A concrete class, which is either the class declaring 492 * the constructor {@code cons}, or a serializable subclass 493 * of that class. 494 * @return An array of ProtectionDomain representing the set of 495 * ProtectionDomain that separate the concrete class {@code cl} 496 * from its ancestor's declaring {@code cons}, or {@code null}. 497 */ 498 @SuppressWarnings("removal") 499 private ProtectionDomain[] getProtectionDomains(Constructor<?> cons, 500 Class<?> cl) { 501 ProtectionDomain[] domains = null; 502 if (cons != null && cl.getClassLoader() != null 503 && System.getSecurityManager() != null) { 504 Class<?> cls = cl; 505 Class<?> fnscl = cons.getDeclaringClass(); 506 Set<ProtectionDomain> pds = null; 507 while (cls != fnscl) { 508 ProtectionDomain pd = cls.getProtectionDomain(); 509 if (pd != null) { 510 if (pds == null) pds = new HashSet<>(); 511 pds.add(pd); 512 } 513 cls = cls.getSuperclass(); 514 if (cls == null) { 515 // that's not supposed to happen 516 // make a ProtectionDomain with no permission. 517 // should we throw instead? 518 if (pds == null) pds = new HashSet<>(); 519 else pds.clear(); 520 pds.add(noPermissionsDomain()); 521 break; 522 } 523 } 524 if (pds != null) { 525 domains = pds.toArray(new ProtectionDomain[0]); 526 } 527 } 528 return domains; 529 } 530 531 /** 532 * Initializes class descriptor representing a proxy class. 533 */ 534 void initProxy(Class<?> cl, 535 ClassNotFoundException resolveEx, 536 ObjectStreamClass superDesc) 537 throws InvalidClassException 538 { 539 ObjectStreamClass osc = null; 540 if (cl != null) { 541 osc = lookup(cl, true); 542 if (!osc.isProxy) { 543 throw new InvalidClassException( 544 "cannot bind proxy descriptor to a non-proxy class"); 545 } 546 } 547 this.cl = cl; 548 this.resolveEx = resolveEx; 549 this.superDesc = superDesc; 550 isProxy = true; 551 serializable = true; 552 suid = 0L; 553 fields = NO_FIELDS; 554 if (osc != null) { 555 localDesc = osc; 556 name = localDesc.name; 557 externalizable = localDesc.externalizable; 558 writeReplaceMethod = localDesc.writeReplaceMethod; 559 readResolveMethod = localDesc.readResolveMethod; 560 deserializeEx = localDesc.deserializeEx; 561 domains = localDesc.domains; 562 cons = localDesc.cons; 563 } 564 fieldRefl = getReflector(fields, localDesc); 565 initialized = true; 566 } 567 568 /** 569 * Initializes class descriptor representing a non-proxy class. 570 */ 571 void initNonProxy(ObjectStreamClass model, 572 Class<?> cl, 573 ClassNotFoundException resolveEx, 574 ObjectStreamClass superDesc) 575 throws InvalidClassException 576 { 577 long suid = model.getSerialVersionUID(); 578 ObjectStreamClass osc = null; 579 if (cl != null) { 580 osc = lookup(cl, true); 581 if (osc.isProxy) { 582 throw new InvalidClassException( 583 "cannot bind non-proxy descriptor to a proxy class"); 584 } 585 if (model.isEnum != osc.isEnum) { 586 throw new InvalidClassException(model.isEnum ? 587 "cannot bind enum descriptor to a non-enum class" : 588 "cannot bind non-enum descriptor to an enum class"); 589 } 590 591 if (model.serializable == osc.serializable && 592 !cl.isArray() && !cl.isRecord() && 593 suid != osc.getSerialVersionUID()) { 594 throw new InvalidClassException(osc.name, 595 "local class incompatible: " + 596 "stream classdesc serialVersionUID = " + suid + 597 ", local class serialVersionUID = " + 598 osc.getSerialVersionUID()); 599 } 600 601 if (!classNamesEqual(model.name, osc.name)) { 602 throw new InvalidClassException(osc.name, 603 "local class name incompatible with stream class " + 604 "name \"" + model.name + "\""); 605 } 606 607 if (!model.isEnum) { 608 if ((model.serializable == osc.serializable) && 609 (model.externalizable != osc.externalizable)) { 610 throw new InvalidClassException(osc.name, 611 "Serializable incompatible with Externalizable"); 612 } 613 614 if ((model.serializable != osc.serializable) || 615 (model.externalizable != osc.externalizable) || 616 !(model.serializable || model.externalizable)) { 617 deserializeEx = new ExceptionInfo( 618 osc.name, "class invalid for deserialization"); 619 } 620 } 621 } 622 623 this.cl = cl; 624 this.resolveEx = resolveEx; 625 this.superDesc = superDesc; 626 name = model.name; 627 this.suid = suid; 628 isProxy = false; 629 isEnum = model.isEnum; 630 serializable = model.serializable; 631 externalizable = model.externalizable; 632 hasBlockExternalData = model.hasBlockExternalData; 633 hasWriteObjectData = model.hasWriteObjectData; 634 fields = model.fields; 635 primDataSize = model.primDataSize; 636 numObjFields = model.numObjFields; 637 638 if (osc != null) { 639 localDesc = osc; 640 isRecord = localDesc.isRecord; 641 // canonical record constructor is shared 642 canonicalCtr = localDesc.canonicalCtr; 643 // cache of deserialization constructors is shared 644 deserializationCtrs = localDesc.deserializationCtrs; 645 writeObjectMethod = localDesc.writeObjectMethod; 646 readObjectMethod = localDesc.readObjectMethod; 647 readObjectNoDataMethod = localDesc.readObjectNoDataMethod; 648 writeReplaceMethod = localDesc.writeReplaceMethod; 649 readResolveMethod = localDesc.readResolveMethod; 650 if (deserializeEx == null) { 651 deserializeEx = localDesc.deserializeEx; 652 } 653 domains = localDesc.domains; 654 assert cl.isRecord() ? localDesc.cons == null : true; 655 cons = localDesc.cons; 656 } 657 658 fieldRefl = getReflector(fields, localDesc); 659 // reassign to matched fields so as to reflect local unshared settings 660 fields = fieldRefl.getFields(); 661 662 initialized = true; 663 } 664 665 /** 666 * Reads non-proxy class descriptor information from given input stream. 667 * The resulting class descriptor is not fully functional; it can only be 668 * used as input to the ObjectInputStream.resolveClass() and 669 * ObjectStreamClass.initNonProxy() methods. 670 */ 671 void readNonProxy(ObjectInputStream in) 672 throws IOException, ClassNotFoundException 673 { 674 name = in.readUTF(); 675 suid = in.readLong(); 676 isProxy = false; 677 678 byte flags = in.readByte(); 679 hasWriteObjectData = 680 ((flags & ObjectStreamConstants.SC_WRITE_METHOD) != 0); 681 hasBlockExternalData = 682 ((flags & ObjectStreamConstants.SC_BLOCK_DATA) != 0); 683 externalizable = 684 ((flags & ObjectStreamConstants.SC_EXTERNALIZABLE) != 0); 685 boolean sflag = 686 ((flags & ObjectStreamConstants.SC_SERIALIZABLE) != 0); 687 if (externalizable && sflag) { 688 throw new InvalidClassException( 689 name, "serializable and externalizable flags conflict"); 690 } 691 serializable = externalizable || sflag; 692 isEnum = ((flags & ObjectStreamConstants.SC_ENUM) != 0); 693 if (isEnum && suid.longValue() != 0L) { 694 throw new InvalidClassException(name, 695 "enum descriptor has non-zero serialVersionUID: " + suid); 696 } 697 698 int numFields = in.readShort(); 699 if (isEnum && numFields != 0) { 700 throw new InvalidClassException(name, 701 "enum descriptor has non-zero field count: " + numFields); 702 } 703 fields = (numFields > 0) ? 704 new ObjectStreamField[numFields] : NO_FIELDS; 705 for (int i = 0; i < numFields; i++) { 706 char tcode = (char) in.readByte(); 707 String fname = in.readUTF(); 708 String signature = ((tcode == 'L') || (tcode == '[')) ? 709 in.readTypeString() : String.valueOf(tcode); 710 try { 711 fields[i] = new ObjectStreamField(fname, signature, false); 712 } catch (RuntimeException e) { 713 throw new InvalidClassException(name, 714 "invalid descriptor for field " + 715 fname, e); 716 } 717 } 718 computeFieldOffsets(); 719 } 720 721 /** 722 * Writes non-proxy class descriptor information to given output stream. 723 */ 724 void writeNonProxy(ObjectOutputStream out) throws IOException { 725 out.writeUTF(name); 726 out.writeLong(getSerialVersionUID()); 727 728 byte flags = 0; 729 if (externalizable) { 730 flags |= ObjectStreamConstants.SC_EXTERNALIZABLE; 731 int protocol = out.getProtocolVersion(); 732 if (protocol != ObjectStreamConstants.PROTOCOL_VERSION_1) { 733 flags |= ObjectStreamConstants.SC_BLOCK_DATA; 734 } 735 } else if (serializable) { 736 flags |= ObjectStreamConstants.SC_SERIALIZABLE; 737 } 738 if (hasWriteObjectData) { 739 flags |= ObjectStreamConstants.SC_WRITE_METHOD; 740 } 741 if (isEnum) { 742 flags |= ObjectStreamConstants.SC_ENUM; 743 } 744 out.writeByte(flags); 745 746 out.writeShort(fields.length); 747 for (int i = 0; i < fields.length; i++) { 748 ObjectStreamField f = fields[i]; 749 out.writeByte(f.getTypeCode()); 750 out.writeUTF(f.getName()); 751 if (!f.isPrimitive()) { 752 out.writeTypeString(f.getTypeString()); 753 } 754 } 755 } 756 757 /** 758 * Returns ClassNotFoundException (if any) thrown while attempting to 759 * resolve local class corresponding to this class descriptor. 760 */ 761 ClassNotFoundException getResolveException() { 762 return resolveEx; 763 } 764 765 /** 766 * Throws InternalError if not initialized. 767 */ 768 private final void requireInitialized() { 769 if (!initialized) 770 throw new InternalError("Unexpected call when not initialized"); 771 } 772 773 /** 774 * Throws InvalidClassException if not initialized. 775 * To be called in cases where an uninitialized class descriptor indicates 776 * a problem in the serialization stream. 777 */ 778 final void checkInitialized() throws InvalidClassException { 779 if (!initialized) { 780 throw new InvalidClassException("Class descriptor should be initialized"); 781 } 782 } 783 784 /** 785 * Throws an InvalidClassException if object instances referencing this 786 * class descriptor should not be allowed to deserialize. This method does 787 * not apply to deserialization of enum constants. 788 */ 789 void checkDeserialize() throws InvalidClassException { 790 requireInitialized(); 791 if (deserializeEx != null) { 792 throw deserializeEx.newInvalidClassException(); 793 } 794 } 795 796 /** 797 * Throws an InvalidClassException if objects whose class is represented by 798 * this descriptor should not be allowed to serialize. This method does 799 * not apply to serialization of enum constants. 800 */ 801 void checkSerialize() throws InvalidClassException { 802 requireInitialized(); 803 if (serializeEx != null) { 804 throw serializeEx.newInvalidClassException(); 805 } 806 } 807 808 /** 809 * Throws an InvalidClassException if objects whose class is represented by 810 * this descriptor should not be permitted to use default serialization 811 * (e.g., if the class declares serializable fields that do not correspond 812 * to actual fields, and hence must use the GetField API). This method 813 * does not apply to deserialization of enum constants. 814 */ 815 void checkDefaultSerialize() throws InvalidClassException { 816 requireInitialized(); 817 if (defaultSerializeEx != null) { 818 throw defaultSerializeEx.newInvalidClassException(); 819 } 820 } 821 822 /** 823 * Returns superclass descriptor. Note that on the receiving side, the 824 * superclass descriptor may be bound to a class that is not a superclass 825 * of the subclass descriptor's bound class. 826 */ 827 ObjectStreamClass getSuperDesc() { 828 requireInitialized(); 829 return superDesc; 830 } 831 832 /** 833 * Returns the "local" class descriptor for the class associated with this 834 * class descriptor (i.e., the result of 835 * ObjectStreamClass.lookup(this.forClass())) or null if there is no class 836 * associated with this descriptor. 837 */ 838 ObjectStreamClass getLocalDesc() { 839 requireInitialized(); 840 return localDesc; 841 } 842 843 /** 844 * Returns arrays of ObjectStreamFields representing the serializable 845 * fields of the represented class. If copy is true, a clone of this class 846 * descriptor's field array is returned, otherwise the array itself is 847 * returned. 848 */ 849 ObjectStreamField[] getFields(boolean copy) { 850 return copy ? fields.clone() : fields; 851 } 852 853 /** 854 * Looks up a serializable field of the represented class by name and type. 855 * A specified type of null matches all types, Object.class matches all 856 * non-primitive types, and any other non-null type matches assignable 857 * types only. Returns matching field, or null if no match found. 858 */ 859 ObjectStreamField getField(String name, Class<?> type) { 860 for (int i = 0; i < fields.length; i++) { 861 ObjectStreamField f = fields[i]; 862 if (f.getName().equals(name)) { 863 if (type == null || 864 (type == Object.class && !f.isPrimitive())) 865 { 866 return f; 867 } 868 Class<?> ftype = f.getType(); 869 if (ftype != null && type.isAssignableFrom(ftype)) { 870 return f; 871 } 872 } 873 } 874 return null; 875 } 876 877 /** 878 * Returns true if class descriptor represents a dynamic proxy class, false 879 * otherwise. 880 */ 881 boolean isProxy() { 882 requireInitialized(); 883 return isProxy; 884 } 885 886 /** 887 * Returns true if class descriptor represents an enum type, false 888 * otherwise. 889 */ 890 boolean isEnum() { 891 requireInitialized(); 892 return isEnum; 893 } 894 895 /** 896 * Returns true if class descriptor represents a record type, false 897 * otherwise. 898 */ 899 boolean isRecord() { 900 requireInitialized(); 901 return isRecord; 902 } 903 904 /** 905 * Returns true if represented class implements Externalizable, false 906 * otherwise. 907 */ 908 boolean isExternalizable() { 909 requireInitialized(); 910 return externalizable; 911 } 912 913 /** 914 * Returns true if represented class implements Serializable, false 915 * otherwise. 916 */ 917 boolean isSerializable() { 918 requireInitialized(); 919 return serializable; 920 } 921 922 /** 923 * Returns true if class descriptor represents externalizable class that 924 * has written its data in 1.2 (block data) format, false otherwise. 925 */ 926 boolean hasBlockExternalData() { 927 requireInitialized(); 928 return hasBlockExternalData; 929 } 930 931 /** 932 * Returns true if class descriptor represents serializable (but not 933 * externalizable) class which has written its data via a custom 934 * writeObject() method, false otherwise. 935 */ 936 boolean hasWriteObjectData() { 937 requireInitialized(); 938 return hasWriteObjectData; 939 } 940 941 /** 942 * Returns true if represented class is serializable/externalizable and can 943 * be instantiated by the serialization runtime--i.e., if it is 944 * externalizable and defines a public no-arg constructor, or if it is 945 * non-externalizable and its first non-serializable superclass defines an 946 * accessible no-arg constructor. Otherwise, returns false. 947 */ 948 boolean isInstantiable() { 949 requireInitialized(); 950 return (cons != null); 951 } 952 953 /** 954 * Returns true if represented class is serializable (but not 955 * externalizable) and defines a conformant writeObject method. Otherwise, 956 * returns false. 957 */ 958 boolean hasWriteObjectMethod() { 959 requireInitialized(); 960 return (writeObjectMethod != null); 961 } 962 963 /** 964 * Returns true if represented class is serializable (but not 965 * externalizable) and defines a conformant readObject method. Otherwise, 966 * returns false. 967 */ 968 boolean hasReadObjectMethod() { 969 requireInitialized(); 970 return (readObjectMethod != null); 971 } 972 973 /** 974 * Returns true if represented class is serializable (but not 975 * externalizable) and defines a conformant readObjectNoData method. 976 * Otherwise, returns false. 977 */ 978 boolean hasReadObjectNoDataMethod() { 979 requireInitialized(); 980 return (readObjectNoDataMethod != null); 981 } 982 983 /** 984 * Returns true if represented class is serializable or externalizable and 985 * defines a conformant writeReplace method. Otherwise, returns false. 986 */ 987 boolean hasWriteReplaceMethod() { 988 requireInitialized(); 989 return (writeReplaceMethod != null); 990 } 991 992 /** 993 * Returns true if represented class is serializable or externalizable and 994 * defines a conformant readResolve method. Otherwise, returns false. 995 */ 996 boolean hasReadResolveMethod() { 997 requireInitialized(); 998 return (readResolveMethod != null); 999 } 1000 1001 /** 1002 * Creates a new instance of the represented class. If the class is 1003 * externalizable, invokes its public no-arg constructor; otherwise, if the 1004 * class is serializable, invokes the no-arg constructor of the first 1005 * non-serializable superclass. Throws UnsupportedOperationException if 1006 * this class descriptor is not associated with a class, if the associated 1007 * class is non-serializable or if the appropriate no-arg constructor is 1008 * inaccessible/unavailable. 1009 */ 1010 @SuppressWarnings("removal") 1011 Object newInstance() 1012 throws InstantiationException, InvocationTargetException, 1013 UnsupportedOperationException 1014 { 1015 requireInitialized(); 1016 if (cons != null) { 1017 try { 1018 if (domains == null || domains.length == 0) { 1019 return cons.newInstance(); 1020 } else { 1021 JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); 1022 PrivilegedAction<?> pea = () -> { 1023 try { 1024 return cons.newInstance(); 1025 } catch (InstantiationException 1026 | InvocationTargetException 1027 | IllegalAccessException x) { 1028 throw new UndeclaredThrowableException(x); 1029 } 1030 }; // Can't use PrivilegedExceptionAction with jsa 1031 try { 1032 return jsa.doIntersectionPrivilege(pea, 1033 AccessController.getContext(), 1034 new AccessControlContext(domains)); 1035 } catch (UndeclaredThrowableException x) { 1036 Throwable cause = x.getCause(); 1037 if (cause instanceof InstantiationException ie) 1038 throw ie; 1039 if (cause instanceof InvocationTargetException ite) 1040 throw ite; 1041 if (cause instanceof IllegalAccessException iae) 1042 throw iae; 1043 // not supposed to happen 1044 throw x; 1045 } 1046 } 1047 } catch (IllegalAccessException ex) { 1048 // should not occur, as access checks have been suppressed 1049 throw new InternalError(ex); 1050 } catch (InvocationTargetException ex) { 1051 Throwable cause = ex.getCause(); 1052 if (cause instanceof Error err) 1053 throw err; 1054 else 1055 throw ex; 1056 } catch (InstantiationError err) { 1057 var ex = new InstantiationException(); 1058 ex.initCause(err); 1059 throw ex; 1060 } 1061 } else { 1062 throw new UnsupportedOperationException(); 1063 } 1064 } 1065 1066 /** 1067 * Invokes the writeObject method of the represented serializable class. 1068 * Throws UnsupportedOperationException if this class descriptor is not 1069 * associated with a class, or if the class is externalizable, 1070 * non-serializable or does not define writeObject. 1071 */ 1072 void invokeWriteObject(Object obj, ObjectOutputStream out) 1073 throws IOException, UnsupportedOperationException 1074 { 1075 requireInitialized(); 1076 if (writeObjectMethod != null) { 1077 try { 1078 writeObjectMethod.invoke(obj, new Object[]{ out }); 1079 } catch (InvocationTargetException ex) { 1080 Throwable th = ex.getCause(); 1081 if (th instanceof IOException) { 1082 throw (IOException) th; 1083 } else { 1084 throwMiscException(th); 1085 } 1086 } catch (IllegalAccessException ex) { 1087 // should not occur, as access checks have been suppressed 1088 throw new InternalError(ex); 1089 } 1090 } else { 1091 throw new UnsupportedOperationException(); 1092 } 1093 } 1094 1095 /** 1096 * Invokes the readObject method of the represented serializable class. 1097 * Throws UnsupportedOperationException if this class descriptor is not 1098 * associated with a class, or if the class is externalizable, 1099 * non-serializable or does not define readObject. 1100 */ 1101 void invokeReadObject(Object obj, ObjectInputStream in) 1102 throws ClassNotFoundException, IOException, 1103 UnsupportedOperationException 1104 { 1105 requireInitialized(); 1106 if (readObjectMethod != null) { 1107 try { 1108 readObjectMethod.invoke(obj, new Object[]{ in }); 1109 } catch (InvocationTargetException ex) { 1110 Throwable th = ex.getCause(); 1111 if (th instanceof ClassNotFoundException) { 1112 throw (ClassNotFoundException) th; 1113 } else if (th instanceof IOException) { 1114 throw (IOException) th; 1115 } else { 1116 throwMiscException(th); 1117 } 1118 } catch (IllegalAccessException ex) { 1119 // should not occur, as access checks have been suppressed 1120 throw new InternalError(ex); 1121 } 1122 } else { 1123 throw new UnsupportedOperationException(); 1124 } 1125 } 1126 1127 /** 1128 * Invokes the readObjectNoData method of the represented serializable 1129 * class. Throws UnsupportedOperationException if this class descriptor is 1130 * not associated with a class, or if the class is externalizable, 1131 * non-serializable or does not define readObjectNoData. 1132 */ 1133 void invokeReadObjectNoData(Object obj) 1134 throws IOException, UnsupportedOperationException 1135 { 1136 requireInitialized(); 1137 if (readObjectNoDataMethod != null) { 1138 try { 1139 readObjectNoDataMethod.invoke(obj, (Object[]) null); 1140 } catch (InvocationTargetException ex) { 1141 Throwable th = ex.getCause(); 1142 if (th instanceof ObjectStreamException) { 1143 throw (ObjectStreamException) th; 1144 } else { 1145 throwMiscException(th); 1146 } 1147 } catch (IllegalAccessException ex) { 1148 // should not occur, as access checks have been suppressed 1149 throw new InternalError(ex); 1150 } 1151 } else { 1152 throw new UnsupportedOperationException(); 1153 } 1154 } 1155 1156 /** 1157 * Invokes the writeReplace method of the represented serializable class and 1158 * returns the result. Throws UnsupportedOperationException if this class 1159 * descriptor is not associated with a class, or if the class is 1160 * non-serializable or does not define writeReplace. 1161 */ 1162 Object invokeWriteReplace(Object obj) 1163 throws IOException, UnsupportedOperationException 1164 { 1165 requireInitialized(); 1166 if (writeReplaceMethod != null) { 1167 try { 1168 return writeReplaceMethod.invoke(obj, (Object[]) null); 1169 } catch (InvocationTargetException ex) { 1170 Throwable th = ex.getCause(); 1171 if (th instanceof ObjectStreamException) { 1172 throw (ObjectStreamException) th; 1173 } else { 1174 throwMiscException(th); 1175 throw new InternalError(th); // never reached 1176 } 1177 } catch (IllegalAccessException ex) { 1178 // should not occur, as access checks have been suppressed 1179 throw new InternalError(ex); 1180 } 1181 } else { 1182 throw new UnsupportedOperationException(); 1183 } 1184 } 1185 1186 /** 1187 * Invokes the readResolve method of the represented serializable class and 1188 * returns the result. Throws UnsupportedOperationException if this class 1189 * descriptor is not associated with a class, or if the class is 1190 * non-serializable or does not define readResolve. 1191 */ 1192 Object invokeReadResolve(Object obj) 1193 throws IOException, UnsupportedOperationException 1194 { 1195 requireInitialized(); 1196 if (readResolveMethod != null) { 1197 try { 1198 return readResolveMethod.invoke(obj, (Object[]) null); 1199 } catch (InvocationTargetException ex) { 1200 Throwable th = ex.getCause(); 1201 if (th instanceof ObjectStreamException) { 1202 throw (ObjectStreamException) th; 1203 } else { 1204 throwMiscException(th); 1205 throw new InternalError(th); // never reached 1206 } 1207 } catch (IllegalAccessException ex) { 1208 // should not occur, as access checks have been suppressed 1209 throw new InternalError(ex); 1210 } 1211 } else { 1212 throw new UnsupportedOperationException(); 1213 } 1214 } 1215 1216 /** 1217 * Class representing the portion of an object's serialized form allotted 1218 * to data described by a given class descriptor. If "hasData" is false, 1219 * the object's serialized form does not contain data associated with the 1220 * class descriptor. 1221 */ 1222 static class ClassDataSlot { 1223 1224 /** class descriptor "occupying" this slot */ 1225 final ObjectStreamClass desc; 1226 /** true if serialized form includes data for this slot's descriptor */ 1227 final boolean hasData; 1228 1229 ClassDataSlot(ObjectStreamClass desc, boolean hasData) { 1230 this.desc = desc; 1231 this.hasData = hasData; 1232 } 1233 } 1234 1235 /** 1236 * Returns array of ClassDataSlot instances representing the data layout 1237 * (including superclass data) for serialized objects described by this 1238 * class descriptor. ClassDataSlots are ordered by inheritance with those 1239 * containing "higher" superclasses appearing first. The final 1240 * ClassDataSlot contains a reference to this descriptor. 1241 */ 1242 ClassDataSlot[] getClassDataLayout() throws InvalidClassException { 1243 // REMIND: synchronize instead of relying on volatile? 1244 if (dataLayout == null) { 1245 dataLayout = getClassDataLayout0(); 1246 } 1247 return dataLayout; 1248 } 1249 1250 private ClassDataSlot[] getClassDataLayout0() 1251 throws InvalidClassException 1252 { 1253 ArrayList<ClassDataSlot> slots = new ArrayList<>(); 1254 Class<?> start = cl, end = cl; 1255 1256 // locate closest non-serializable superclass 1257 while (end != null && Serializable.class.isAssignableFrom(end)) { 1258 end = end.getSuperclass(); 1259 } 1260 1261 HashSet<String> oscNames = new HashSet<>(3); 1262 1263 for (ObjectStreamClass d = this; d != null; d = d.superDesc) { 1264 if (oscNames.contains(d.name)) { 1265 throw new InvalidClassException("Circular reference."); 1266 } else { 1267 oscNames.add(d.name); 1268 } 1269 1270 // search up inheritance hierarchy for class with matching name 1271 String searchName = (d.cl != null) ? d.cl.getName() : d.name; 1272 Class<?> match = null; 1273 for (Class<?> c = start; c != end; c = c.getSuperclass()) { 1274 if (searchName.equals(c.getName())) { 1275 match = c; 1276 break; 1277 } 1278 } 1279 1280 // add "no data" slot for each unmatched class below match 1281 if (match != null) { 1282 for (Class<?> c = start; c != match; c = c.getSuperclass()) { 1283 slots.add(new ClassDataSlot( 1284 ObjectStreamClass.lookup(c, true), false)); 1285 } 1286 start = match.getSuperclass(); 1287 } 1288 1289 // record descriptor/class pairing 1290 slots.add(new ClassDataSlot(d.getVariantFor(match), true)); 1291 } 1292 1293 // add "no data" slot for any leftover unmatched classes 1294 for (Class<?> c = start; c != end; c = c.getSuperclass()) { 1295 slots.add(new ClassDataSlot( 1296 ObjectStreamClass.lookup(c, true), false)); 1297 } 1298 1299 // order slots from superclass -> subclass 1300 Collections.reverse(slots); 1301 return slots.toArray(new ClassDataSlot[slots.size()]); 1302 } 1303 1304 /** 1305 * Returns aggregate size (in bytes) of marshalled primitive field values 1306 * for represented class. 1307 */ 1308 int getPrimDataSize() { 1309 return primDataSize; 1310 } 1311 1312 /** 1313 * Returns number of non-primitive serializable fields of represented 1314 * class. 1315 */ 1316 int getNumObjFields() { 1317 return numObjFields; 1318 } 1319 1320 /** 1321 * Fetches the serializable primitive field values of object obj and 1322 * marshals them into byte array buf starting at offset 0. It is the 1323 * responsibility of the caller to ensure that obj is of the proper type if 1324 * non-null. 1325 */ 1326 void getPrimFieldValues(Object obj, byte[] buf) { 1327 fieldRefl.getPrimFieldValues(obj, buf); 1328 } 1329 1330 /** 1331 * Sets the serializable primitive fields of object obj using values 1332 * unmarshalled from byte array buf starting at offset 0. It is the 1333 * responsibility of the caller to ensure that obj is of the proper type if 1334 * non-null. 1335 */ 1336 void setPrimFieldValues(Object obj, byte[] buf) { 1337 fieldRefl.setPrimFieldValues(obj, buf); 1338 } 1339 1340 /** 1341 * Fetches the serializable object field values of object obj and stores 1342 * them in array vals starting at offset 0. It is the responsibility of 1343 * the caller to ensure that obj is of the proper type if non-null. 1344 */ 1345 void getObjFieldValues(Object obj, Object[] vals) { 1346 fieldRefl.getObjFieldValues(obj, vals); 1347 } 1348 1349 /** 1350 * Checks that the given values, from array vals starting at offset 0, 1351 * are assignable to the given serializable object fields. 1352 * @throws ClassCastException if any value is not assignable 1353 */ 1354 void checkObjFieldValueTypes(Object obj, Object[] vals) { 1355 fieldRefl.checkObjectFieldValueTypes(obj, vals); 1356 } 1357 1358 /** 1359 * Sets the serializable object fields of object obj using values from 1360 * array vals starting at offset 0. It is the responsibility of the caller 1361 * to ensure that obj is of the proper type if non-null. 1362 */ 1363 void setObjFieldValues(Object obj, Object[] vals) { 1364 fieldRefl.setObjFieldValues(obj, vals); 1365 } 1366 1367 /** 1368 * Calculates and sets serializable field offsets, as well as primitive 1369 * data size and object field count totals. Throws InvalidClassException 1370 * if fields are illegally ordered. 1371 */ 1372 private void computeFieldOffsets() throws InvalidClassException { 1373 primDataSize = 0; 1374 numObjFields = 0; 1375 int firstObjIndex = -1; 1376 1377 for (int i = 0; i < fields.length; i++) { 1378 ObjectStreamField f = fields[i]; 1379 switch (f.getTypeCode()) { 1380 case 'Z', 'B' -> f.setOffset(primDataSize++); 1381 case 'C', 'S' -> { 1382 f.setOffset(primDataSize); 1383 primDataSize += 2; 1384 } 1385 case 'I', 'F' -> { 1386 f.setOffset(primDataSize); 1387 primDataSize += 4; 1388 } 1389 case 'J', 'D' -> { 1390 f.setOffset(primDataSize); 1391 primDataSize += 8; 1392 } 1393 case '[', 'L' -> { 1394 f.setOffset(numObjFields++); 1395 if (firstObjIndex == -1) { 1396 firstObjIndex = i; 1397 } 1398 } 1399 default -> throw new InternalError(); 1400 } 1401 } 1402 if (firstObjIndex != -1 && 1403 firstObjIndex + numObjFields != fields.length) 1404 { 1405 throw new InvalidClassException(name, "illegal field order"); 1406 } 1407 } 1408 1409 /** 1410 * If given class is the same as the class associated with this class 1411 * descriptor, returns reference to this class descriptor. Otherwise, 1412 * returns variant of this class descriptor bound to given class. 1413 */ 1414 private ObjectStreamClass getVariantFor(Class<?> cl) 1415 throws InvalidClassException 1416 { 1417 if (this.cl == cl) { 1418 return this; 1419 } 1420 ObjectStreamClass desc = new ObjectStreamClass(); 1421 if (isProxy) { 1422 desc.initProxy(cl, null, superDesc); 1423 } else { 1424 desc.initNonProxy(this, cl, null, superDesc); 1425 } 1426 return desc; 1427 } 1428 1429 /** 1430 * Returns public no-arg constructor of given class, or null if none found. 1431 * Access checks are disabled on the returned constructor (if any), since 1432 * the defining class may still be non-public. 1433 */ 1434 private static Constructor<?> getExternalizableConstructor(Class<?> cl) { 1435 try { 1436 Constructor<?> cons = cl.getDeclaredConstructor((Class<?>[]) null); 1437 cons.setAccessible(true); 1438 return ((cons.getModifiers() & Modifier.PUBLIC) != 0) ? 1439 cons : null; 1440 } catch (NoSuchMethodException ex) { 1441 return null; 1442 } 1443 } 1444 1445 /** 1446 * Returns subclass-accessible no-arg constructor of first non-serializable 1447 * superclass, or null if none found. Access checks are disabled on the 1448 * returned constructor (if any). 1449 */ 1450 private static Constructor<?> getSerializableConstructor(Class<?> cl) { 1451 return reflFactory.newConstructorForSerialization(cl); 1452 } 1453 1454 /** 1455 * Returns the canonical constructor for the given record class, or null if 1456 * the not found ( which should never happen for correctly generated record 1457 * classes ). 1458 */ 1459 @SuppressWarnings("removal") 1460 private static MethodHandle canonicalRecordCtr(Class<?> cls) { 1461 assert cls.isRecord() : "Expected record, got: " + cls; 1462 PrivilegedAction<MethodHandle> pa = () -> { 1463 Class<?>[] paramTypes = Arrays.stream(cls.getRecordComponents()) 1464 .map(RecordComponent::getType) 1465 .toArray(Class<?>[]::new); 1466 try { 1467 Constructor<?> ctr = cls.getDeclaredConstructor(paramTypes); 1468 ctr.setAccessible(true); 1469 return MethodHandles.lookup().unreflectConstructor(ctr); 1470 } catch (IllegalAccessException | NoSuchMethodException e) { 1471 return null; 1472 } 1473 }; 1474 return AccessController.doPrivileged(pa); 1475 } 1476 1477 /** 1478 * Returns the canonical constructor, if the local class equivalent of this 1479 * stream class descriptor is a record class, otherwise null. 1480 */ 1481 MethodHandle getRecordConstructor() { 1482 return canonicalCtr; 1483 } 1484 1485 /** 1486 * Returns non-static, non-abstract method with given signature provided it 1487 * is defined by or accessible (via inheritance) by the given class, or 1488 * null if no match found. Access checks are disabled on the returned 1489 * method (if any). 1490 */ 1491 private static Method getInheritableMethod(Class<?> cl, String name, 1492 Class<?>[] argTypes, 1493 Class<?> returnType) 1494 { 1495 Method meth = null; 1496 Class<?> defCl = cl; 1497 while (defCl != null) { 1498 try { 1499 meth = defCl.getDeclaredMethod(name, argTypes); 1500 break; 1501 } catch (NoSuchMethodException ex) { 1502 defCl = defCl.getSuperclass(); 1503 } 1504 } 1505 1506 if ((meth == null) || (meth.getReturnType() != returnType)) { 1507 return null; 1508 } 1509 meth.setAccessible(true); 1510 int mods = meth.getModifiers(); 1511 if ((mods & (Modifier.STATIC | Modifier.ABSTRACT)) != 0) { 1512 return null; 1513 } else if ((mods & (Modifier.PUBLIC | Modifier.PROTECTED)) != 0) { 1514 return meth; 1515 } else if ((mods & Modifier.PRIVATE) != 0) { 1516 return (cl == defCl) ? meth : null; 1517 } else { 1518 return packageEquals(cl, defCl) ? meth : null; 1519 } 1520 } 1521 1522 /** 1523 * Returns non-static private method with given signature defined by given 1524 * class, or null if none found. Access checks are disabled on the 1525 * returned method (if any). 1526 */ 1527 private static Method getPrivateMethod(Class<?> cl, String name, 1528 Class<?>[] argTypes, 1529 Class<?> returnType) 1530 { 1531 try { 1532 Method meth = cl.getDeclaredMethod(name, argTypes); 1533 meth.setAccessible(true); 1534 int mods = meth.getModifiers(); 1535 return ((meth.getReturnType() == returnType) && 1536 ((mods & Modifier.STATIC) == 0) && 1537 ((mods & Modifier.PRIVATE) != 0)) ? meth : null; 1538 } catch (NoSuchMethodException ex) { 1539 return null; 1540 } 1541 } 1542 1543 /** 1544 * Returns true if classes are defined in the same runtime package, false 1545 * otherwise. 1546 */ 1547 private static boolean packageEquals(Class<?> cl1, Class<?> cl2) { 1548 return cl1.getClassLoader() == cl2.getClassLoader() && 1549 cl1.getPackageName() == cl2.getPackageName(); 1550 } 1551 1552 /** 1553 * Compares class names for equality, ignoring package names. Returns true 1554 * if class names equal, false otherwise. 1555 */ 1556 private static boolean classNamesEqual(String name1, String name2) { 1557 int idx1 = name1.lastIndexOf('.') + 1; 1558 int idx2 = name2.lastIndexOf('.') + 1; 1559 int len1 = name1.length() - idx1; 1560 int len2 = name2.length() - idx2; 1561 return len1 == len2 && 1562 name1.regionMatches(idx1, name2, idx2, len1); 1563 } 1564 1565 /** 1566 * Returns JVM type signature for given list of parameters and return type. 1567 */ 1568 private static String getMethodSignature(Class<?>[] paramTypes, 1569 Class<?> retType) 1570 { 1571 StringBuilder sb = new StringBuilder(); 1572 sb.append('('); 1573 for (int i = 0; i < paramTypes.length; i++) { 1574 sb.append(paramTypes[i].descriptorString()); 1575 } 1576 sb.append(')'); 1577 sb.append(retType.descriptorString()); 1578 return sb.toString(); 1579 } 1580 1581 /** 1582 * Convenience method for throwing an exception that is either a 1583 * RuntimeException, Error, or of some unexpected type (in which case it is 1584 * wrapped inside an IOException). 1585 */ 1586 private static void throwMiscException(Throwable th) throws IOException { 1587 if (th instanceof RuntimeException) { 1588 throw (RuntimeException) th; 1589 } else if (th instanceof Error) { 1590 throw (Error) th; 1591 } else { 1592 throw new IOException("unexpected exception type", th); 1593 } 1594 } 1595 1596 /** 1597 * Returns ObjectStreamField array describing the serializable fields of 1598 * the given class. Serializable fields backed by an actual field of the 1599 * class are represented by ObjectStreamFields with corresponding non-null 1600 * Field objects. Throws InvalidClassException if the (explicitly 1601 * declared) serializable fields are invalid. 1602 */ 1603 private static ObjectStreamField[] getSerialFields(Class<?> cl) 1604 throws InvalidClassException 1605 { 1606 if (!Serializable.class.isAssignableFrom(cl)) 1607 return NO_FIELDS; 1608 1609 ObjectStreamField[] fields; 1610 if (cl.isRecord()) { 1611 fields = getDefaultSerialFields(cl); 1612 Arrays.sort(fields); 1613 } else if (!Externalizable.class.isAssignableFrom(cl) && 1614 !Proxy.isProxyClass(cl) && 1615 !cl.isInterface()) { 1616 if ((fields = getDeclaredSerialFields(cl)) == null) { 1617 fields = getDefaultSerialFields(cl); 1618 } 1619 Arrays.sort(fields); 1620 } else { 1621 fields = NO_FIELDS; 1622 } 1623 return fields; 1624 } 1625 1626 /** 1627 * Returns serializable fields of given class as defined explicitly by a 1628 * "serialPersistentFields" field, or null if no appropriate 1629 * "serialPersistentFields" field is defined. Serializable fields backed 1630 * by an actual field of the class are represented by ObjectStreamFields 1631 * with corresponding non-null Field objects. For compatibility with past 1632 * releases, a "serialPersistentFields" field with a null value is 1633 * considered equivalent to not declaring "serialPersistentFields". Throws 1634 * InvalidClassException if the declared serializable fields are 1635 * invalid--e.g., if multiple fields share the same name. 1636 */ 1637 private static ObjectStreamField[] getDeclaredSerialFields(Class<?> cl) 1638 throws InvalidClassException 1639 { 1640 ObjectStreamField[] serialPersistentFields = null; 1641 try { 1642 Field f = cl.getDeclaredField("serialPersistentFields"); 1643 int mask = Modifier.PRIVATE | Modifier.STATIC | Modifier.FINAL; 1644 if ((f.getModifiers() & mask) == mask) { 1645 f.setAccessible(true); 1646 serialPersistentFields = (ObjectStreamField[]) f.get(null); 1647 } 1648 } catch (Exception ex) { 1649 } 1650 if (serialPersistentFields == null) { 1651 return null; 1652 } else if (serialPersistentFields.length == 0) { 1653 return NO_FIELDS; 1654 } 1655 1656 ObjectStreamField[] boundFields = 1657 new ObjectStreamField[serialPersistentFields.length]; 1658 Set<String> fieldNames = HashSet.newHashSet(serialPersistentFields.length); 1659 1660 for (int i = 0; i < serialPersistentFields.length; i++) { 1661 ObjectStreamField spf = serialPersistentFields[i]; 1662 1663 String fname = spf.getName(); 1664 if (fieldNames.contains(fname)) { 1665 throw new InvalidClassException( 1666 "multiple serializable fields named " + fname); 1667 } 1668 fieldNames.add(fname); 1669 1670 try { 1671 Field f = cl.getDeclaredField(fname); 1672 if ((f.getType() == spf.getType()) && 1673 ((f.getModifiers() & Modifier.STATIC) == 0)) 1674 { 1675 boundFields[i] = 1676 new ObjectStreamField(f, spf.isUnshared(), true); 1677 } 1678 } catch (NoSuchFieldException ex) { 1679 } 1680 if (boundFields[i] == null) { 1681 boundFields[i] = new ObjectStreamField( 1682 fname, spf.getType(), spf.isUnshared()); 1683 } 1684 } 1685 return boundFields; 1686 } 1687 1688 /** 1689 * Returns array of ObjectStreamFields corresponding to all non-static 1690 * non-transient fields declared by given class. Each ObjectStreamField 1691 * contains a Field object for the field it represents. If no default 1692 * serializable fields exist, NO_FIELDS is returned. 1693 */ 1694 private static ObjectStreamField[] getDefaultSerialFields(Class<?> cl) { 1695 Field[] clFields = cl.getDeclaredFields(); 1696 ArrayList<ObjectStreamField> list = new ArrayList<>(); 1697 int mask = Modifier.STATIC | Modifier.TRANSIENT; 1698 1699 for (int i = 0; i < clFields.length; i++) { 1700 if ((clFields[i].getModifiers() & mask) == 0) { 1701 list.add(new ObjectStreamField(clFields[i], false, true)); 1702 } 1703 } 1704 int size = list.size(); 1705 return (size == 0) ? NO_FIELDS : 1706 list.toArray(new ObjectStreamField[size]); 1707 } 1708 1709 /** 1710 * Returns explicit serial version UID value declared by given class, or 1711 * null if none. 1712 */ 1713 private static Long getDeclaredSUID(Class<?> cl) { 1714 try { 1715 Field f = cl.getDeclaredField("serialVersionUID"); 1716 int mask = Modifier.STATIC | Modifier.FINAL; 1717 if ((f.getModifiers() & mask) == mask) { 1718 f.setAccessible(true); 1719 return f.getLong(null); 1720 } 1721 } catch (Exception ex) { 1722 } 1723 return null; 1724 } 1725 1726 /** 1727 * Computes the default serial version UID value for the given class. 1728 */ 1729 private static long computeDefaultSUID(Class<?> cl) { 1730 if (!Serializable.class.isAssignableFrom(cl) || Proxy.isProxyClass(cl)) 1731 { 1732 return 0L; 1733 } 1734 1735 try { 1736 ByteArrayOutputStream bout = new ByteArrayOutputStream(); 1737 DataOutputStream dout = new DataOutputStream(bout); 1738 1739 dout.writeUTF(cl.getName()); 1740 1741 int classMods = cl.getModifiers() & 1742 (Modifier.PUBLIC | Modifier.FINAL | 1743 Modifier.INTERFACE | Modifier.ABSTRACT); 1744 1745 /* 1746 * compensate for javac bug in which ABSTRACT bit was set for an 1747 * interface only if the interface declared methods 1748 */ 1749 Method[] methods = cl.getDeclaredMethods(); 1750 if ((classMods & Modifier.INTERFACE) != 0) { 1751 classMods = (methods.length > 0) ? 1752 (classMods | Modifier.ABSTRACT) : 1753 (classMods & ~Modifier.ABSTRACT); 1754 } 1755 dout.writeInt(classMods); 1756 1757 if (!cl.isArray()) { 1758 /* 1759 * compensate for change in 1.2FCS in which 1760 * Class.getInterfaces() was modified to return Cloneable and 1761 * Serializable for array classes. 1762 */ 1763 Class<?>[] interfaces = cl.getInterfaces(); 1764 String[] ifaceNames = new String[interfaces.length]; 1765 for (int i = 0; i < interfaces.length; i++) { 1766 ifaceNames[i] = interfaces[i].getName(); 1767 } 1768 Arrays.sort(ifaceNames); 1769 for (int i = 0; i < ifaceNames.length; i++) { 1770 dout.writeUTF(ifaceNames[i]); 1771 } 1772 } 1773 1774 Field[] fields = cl.getDeclaredFields(); 1775 MemberSignature[] fieldSigs = new MemberSignature[fields.length]; 1776 for (int i = 0; i < fields.length; i++) { 1777 fieldSigs[i] = new MemberSignature(fields[i]); 1778 } 1779 Arrays.sort(fieldSigs, new Comparator<>() { 1780 public int compare(MemberSignature ms1, MemberSignature ms2) { 1781 return ms1.name.compareTo(ms2.name); 1782 } 1783 }); 1784 for (int i = 0; i < fieldSigs.length; i++) { 1785 MemberSignature sig = fieldSigs[i]; 1786 int mods = sig.member.getModifiers() & 1787 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1788 Modifier.STATIC | Modifier.FINAL | Modifier.VOLATILE | 1789 Modifier.TRANSIENT); 1790 if (((mods & Modifier.PRIVATE) == 0) || 1791 ((mods & (Modifier.STATIC | Modifier.TRANSIENT)) == 0)) 1792 { 1793 dout.writeUTF(sig.name); 1794 dout.writeInt(mods); 1795 dout.writeUTF(sig.signature); 1796 } 1797 } 1798 1799 if (hasStaticInitializer(cl)) { 1800 dout.writeUTF("<clinit>"); 1801 dout.writeInt(Modifier.STATIC); 1802 dout.writeUTF("()V"); 1803 } 1804 1805 Constructor<?>[] cons = cl.getDeclaredConstructors(); 1806 MemberSignature[] consSigs = new MemberSignature[cons.length]; 1807 for (int i = 0; i < cons.length; i++) { 1808 consSigs[i] = new MemberSignature(cons[i]); 1809 } 1810 Arrays.sort(consSigs, new Comparator<>() { 1811 public int compare(MemberSignature ms1, MemberSignature ms2) { 1812 return ms1.signature.compareTo(ms2.signature); 1813 } 1814 }); 1815 for (int i = 0; i < consSigs.length; i++) { 1816 MemberSignature sig = consSigs[i]; 1817 int mods = sig.member.getModifiers() & 1818 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1819 Modifier.STATIC | Modifier.FINAL | 1820 Modifier.SYNCHRONIZED | Modifier.NATIVE | 1821 Modifier.ABSTRACT | Modifier.STRICT); 1822 if ((mods & Modifier.PRIVATE) == 0) { 1823 dout.writeUTF("<init>"); 1824 dout.writeInt(mods); 1825 dout.writeUTF(sig.signature.replace('/', '.')); 1826 } 1827 } 1828 1829 MemberSignature[] methSigs = new MemberSignature[methods.length]; 1830 for (int i = 0; i < methods.length; i++) { 1831 methSigs[i] = new MemberSignature(methods[i]); 1832 } 1833 Arrays.sort(methSigs, new Comparator<>() { 1834 public int compare(MemberSignature ms1, MemberSignature ms2) { 1835 int comp = ms1.name.compareTo(ms2.name); 1836 if (comp == 0) { 1837 comp = ms1.signature.compareTo(ms2.signature); 1838 } 1839 return comp; 1840 } 1841 }); 1842 for (int i = 0; i < methSigs.length; i++) { 1843 MemberSignature sig = methSigs[i]; 1844 int mods = sig.member.getModifiers() & 1845 (Modifier.PUBLIC | Modifier.PRIVATE | Modifier.PROTECTED | 1846 Modifier.STATIC | Modifier.FINAL | 1847 Modifier.SYNCHRONIZED | Modifier.NATIVE | 1848 Modifier.ABSTRACT | Modifier.STRICT); 1849 if ((mods & Modifier.PRIVATE) == 0) { 1850 dout.writeUTF(sig.name); 1851 dout.writeInt(mods); 1852 dout.writeUTF(sig.signature.replace('/', '.')); 1853 } 1854 } 1855 1856 dout.flush(); 1857 1858 MessageDigest md = MessageDigest.getInstance("SHA"); 1859 byte[] hashBytes = md.digest(bout.toByteArray()); 1860 long hash = 0; 1861 for (int i = Math.min(hashBytes.length, 8) - 1; i >= 0; i--) { 1862 hash = (hash << 8) | (hashBytes[i] & 0xFF); 1863 } 1864 return hash; 1865 } catch (IOException ex) { 1866 throw new InternalError(ex); 1867 } catch (NoSuchAlgorithmException ex) { 1868 throw new SecurityException(ex.getMessage()); 1869 } 1870 } 1871 1872 /** 1873 * Returns true if the given class defines a static initializer method, 1874 * false otherwise. 1875 */ 1876 private static native boolean hasStaticInitializer(Class<?> cl); 1877 1878 /** 1879 * Class for computing and caching field/constructor/method signatures 1880 * during serialVersionUID calculation. 1881 */ 1882 private static final class MemberSignature { 1883 1884 public final Member member; 1885 public final String name; 1886 public final String signature; 1887 1888 public MemberSignature(Field field) { 1889 member = field; 1890 name = field.getName(); 1891 signature = field.getType().descriptorString(); 1892 } 1893 1894 public MemberSignature(Constructor<?> cons) { 1895 member = cons; 1896 name = cons.getName(); 1897 signature = getMethodSignature( 1898 cons.getParameterTypes(), Void.TYPE); 1899 } 1900 1901 public MemberSignature(Method meth) { 1902 member = meth; 1903 name = meth.getName(); 1904 signature = getMethodSignature( 1905 meth.getParameterTypes(), meth.getReturnType()); 1906 } 1907 } 1908 1909 /** 1910 * Class for setting and retrieving serializable field values in batch. 1911 */ 1912 // REMIND: dynamically generate these? 1913 private static final class FieldReflector { 1914 1915 /** handle for performing unsafe operations */ 1916 private static final Unsafe UNSAFE = Unsafe.getUnsafe(); 1917 1918 /** fields to operate on */ 1919 private final ObjectStreamField[] fields; 1920 /** number of primitive fields */ 1921 private final int numPrimFields; 1922 /** unsafe field keys for reading fields - may contain dupes */ 1923 private final long[] readKeys; 1924 /** unsafe fields keys for writing fields - no dupes */ 1925 private final long[] writeKeys; 1926 /** field data offsets */ 1927 private final int[] offsets; 1928 /** field type codes */ 1929 private final char[] typeCodes; 1930 /** field types */ 1931 private final Class<?>[] types; 1932 1933 /** 1934 * Constructs FieldReflector capable of setting/getting values from the 1935 * subset of fields whose ObjectStreamFields contain non-null 1936 * reflective Field objects. ObjectStreamFields with null Fields are 1937 * treated as filler, for which get operations return default values 1938 * and set operations discard given values. 1939 */ 1940 FieldReflector(ObjectStreamField[] fields) { 1941 this.fields = fields; 1942 int nfields = fields.length; 1943 readKeys = new long[nfields]; 1944 writeKeys = new long[nfields]; 1945 offsets = new int[nfields]; 1946 typeCodes = new char[nfields]; 1947 ArrayList<Class<?>> typeList = new ArrayList<>(); 1948 Set<Long> usedKeys = new HashSet<>(); 1949 1950 1951 for (int i = 0; i < nfields; i++) { 1952 ObjectStreamField f = fields[i]; 1953 Field rf = f.getField(); 1954 long key = (rf != null) ? 1955 UNSAFE.objectFieldOffset(rf) : Unsafe.INVALID_FIELD_OFFSET; 1956 readKeys[i] = key; 1957 writeKeys[i] = usedKeys.add(key) ? 1958 key : Unsafe.INVALID_FIELD_OFFSET; 1959 offsets[i] = f.getOffset(); 1960 typeCodes[i] = f.getTypeCode(); 1961 if (!f.isPrimitive()) { 1962 typeList.add((rf != null) ? rf.getType() : null); 1963 } 1964 } 1965 1966 types = typeList.toArray(new Class<?>[typeList.size()]); 1967 numPrimFields = nfields - types.length; 1968 } 1969 1970 /** 1971 * Returns list of ObjectStreamFields representing fields operated on 1972 * by this reflector. The shared/unshared values and Field objects 1973 * contained by ObjectStreamFields in the list reflect their bindings 1974 * to locally defined serializable fields. 1975 */ 1976 ObjectStreamField[] getFields() { 1977 return fields; 1978 } 1979 1980 /** 1981 * Fetches the serializable primitive field values of object obj and 1982 * marshals them into byte array buf starting at offset 0. The caller 1983 * is responsible for ensuring that obj is of the proper type. 1984 */ 1985 void getPrimFieldValues(Object obj, byte[] buf) { 1986 if (obj == null) { 1987 throw new NullPointerException(); 1988 } 1989 /* assuming checkDefaultSerialize() has been called on the class 1990 * descriptor this FieldReflector was obtained from, no field keys 1991 * in array should be equal to Unsafe.INVALID_FIELD_OFFSET. 1992 */ 1993 for (int i = 0; i < numPrimFields; i++) { 1994 long key = readKeys[i]; 1995 int off = offsets[i]; 1996 switch (typeCodes[i]) { 1997 case 'Z' -> ByteArray.setBoolean(buf, off, UNSAFE.getBoolean(obj, key)); 1998 case 'B' -> buf[off] = UNSAFE.getByte(obj, key); 1999 case 'C' -> ByteArray.setChar(buf, off, UNSAFE.getChar(obj, key)); 2000 case 'S' -> ByteArray.setShort(buf, off, UNSAFE.getShort(obj, key)); 2001 case 'I' -> ByteArray.setInt(buf, off, UNSAFE.getInt(obj, key)); 2002 case 'F' -> ByteArray.setFloat(buf, off, UNSAFE.getFloat(obj, key)); 2003 case 'J' -> ByteArray.setLong(buf, off, UNSAFE.getLong(obj, key)); 2004 case 'D' -> ByteArray.setDouble(buf, off, UNSAFE.getDouble(obj, key)); 2005 default -> throw new InternalError(); 2006 } 2007 } 2008 } 2009 2010 /** 2011 * Sets the serializable primitive fields of object obj using values 2012 * unmarshalled from byte array buf starting at offset 0. The caller 2013 * is responsible for ensuring that obj is of the proper type. 2014 */ 2015 void setPrimFieldValues(Object obj, byte[] buf) { 2016 if (obj == null) { 2017 throw new NullPointerException(); 2018 } 2019 for (int i = 0; i < numPrimFields; i++) { 2020 long key = writeKeys[i]; 2021 if (key == Unsafe.INVALID_FIELD_OFFSET) { 2022 continue; // discard value 2023 } 2024 int off = offsets[i]; 2025 switch (typeCodes[i]) { 2026 case 'Z' -> UNSAFE.putBoolean(obj, key, ByteArray.getBoolean(buf, off)); 2027 case 'B' -> UNSAFE.putByte(obj, key, buf[off]); 2028 case 'C' -> UNSAFE.putChar(obj, key, ByteArray.getChar(buf, off)); 2029 case 'S' -> UNSAFE.putShort(obj, key, ByteArray.getShort(buf, off)); 2030 case 'I' -> UNSAFE.putInt(obj, key, ByteArray.getInt(buf, off)); 2031 case 'F' -> UNSAFE.putFloat(obj, key, ByteArray.getFloat(buf, off)); 2032 case 'J' -> UNSAFE.putLong(obj, key, ByteArray.getLong(buf, off)); 2033 case 'D' -> UNSAFE.putDouble(obj, key, ByteArray.getDouble(buf, off)); 2034 default -> throw new InternalError(); 2035 } 2036 } 2037 } 2038 2039 /** 2040 * Fetches the serializable object field values of object obj and 2041 * stores them in array vals starting at offset 0. The caller is 2042 * responsible for ensuring that obj is of the proper type. 2043 */ 2044 void getObjFieldValues(Object obj, Object[] vals) { 2045 if (obj == null) { 2046 throw new NullPointerException(); 2047 } 2048 /* assuming checkDefaultSerialize() has been called on the class 2049 * descriptor this FieldReflector was obtained from, no field keys 2050 * in array should be equal to Unsafe.INVALID_FIELD_OFFSET. 2051 */ 2052 for (int i = numPrimFields; i < fields.length; i++) { 2053 vals[offsets[i]] = switch (typeCodes[i]) { 2054 case 'L', '[' -> UNSAFE.getReference(obj, readKeys[i]); 2055 default -> throw new InternalError(); 2056 }; 2057 } 2058 } 2059 2060 /** 2061 * Checks that the given values, from array vals starting at offset 0, 2062 * are assignable to the given serializable object fields. 2063 * @throws ClassCastException if any value is not assignable 2064 */ 2065 void checkObjectFieldValueTypes(Object obj, Object[] vals) { 2066 setObjFieldValues(obj, vals, true); 2067 } 2068 2069 /** 2070 * Sets the serializable object fields of object obj using values from 2071 * array vals starting at offset 0. The caller is responsible for 2072 * ensuring that obj is of the proper type; however, attempts to set a 2073 * field with a value of the wrong type will trigger an appropriate 2074 * ClassCastException. 2075 */ 2076 void setObjFieldValues(Object obj, Object[] vals) { 2077 setObjFieldValues(obj, vals, false); 2078 } 2079 2080 private void setObjFieldValues(Object obj, Object[] vals, boolean dryRun) { 2081 if (obj == null) { 2082 throw new NullPointerException(); 2083 } 2084 for (int i = numPrimFields; i < fields.length; i++) { 2085 long key = writeKeys[i]; 2086 if (key == Unsafe.INVALID_FIELD_OFFSET) { 2087 continue; // discard value 2088 } 2089 switch (typeCodes[i]) { 2090 case 'L', '[' -> { 2091 Object val = vals[offsets[i]]; 2092 if (val != null && 2093 !types[i - numPrimFields].isInstance(val)) 2094 { 2095 Field f = fields[i].getField(); 2096 throw new ClassCastException( 2097 "cannot assign instance of " + 2098 val.getClass().getName() + " to field " + 2099 f.getDeclaringClass().getName() + "." + 2100 f.getName() + " of type " + 2101 f.getType().getName() + " in instance of " + 2102 obj.getClass().getName()); 2103 } 2104 if (!dryRun) 2105 UNSAFE.putReference(obj, key, val); 2106 } 2107 default -> throw new InternalError(); 2108 } 2109 } 2110 } 2111 } 2112 2113 /** 2114 * Matches given set of serializable fields with serializable fields 2115 * described by the given local class descriptor, and returns a 2116 * FieldReflector instance capable of setting/getting values from the 2117 * subset of fields that match (non-matching fields are treated as filler, 2118 * for which get operations return default values and set operations 2119 * discard given values). Throws InvalidClassException if unresolvable 2120 * type conflicts exist between the two sets of fields. 2121 */ 2122 private static FieldReflector getReflector(ObjectStreamField[] fields, 2123 ObjectStreamClass localDesc) 2124 throws InvalidClassException 2125 { 2126 // class irrelevant if no fields 2127 Class<?> cl = (localDesc != null && fields.length > 0) ? 2128 localDesc.cl : Void.class; 2129 2130 var clReflectors = Caches.reflectors.get(cl); 2131 var key = new FieldReflectorKey(fields); 2132 var reflector = clReflectors.get(key); 2133 if (reflector == null) { 2134 reflector = new FieldReflector(matchFields(fields, localDesc)); 2135 var oldReflector = clReflectors.putIfAbsent(key, reflector); 2136 if (oldReflector != null) { 2137 reflector = oldReflector; 2138 } 2139 } 2140 return reflector; 2141 } 2142 2143 /** 2144 * FieldReflector cache lookup key. Keys are considered equal if they 2145 * refer to equivalent field formats. 2146 */ 2147 private static class FieldReflectorKey { 2148 2149 private final String[] sigs; 2150 private final int hash; 2151 2152 FieldReflectorKey(ObjectStreamField[] fields) 2153 { 2154 sigs = new String[2 * fields.length]; 2155 for (int i = 0, j = 0; i < fields.length; i++) { 2156 ObjectStreamField f = fields[i]; 2157 sigs[j++] = f.getName(); 2158 sigs[j++] = f.getSignature(); 2159 } 2160 hash = Arrays.hashCode(sigs); 2161 } 2162 2163 public int hashCode() { 2164 return hash; 2165 } 2166 2167 public boolean equals(Object obj) { 2168 return obj == this || 2169 obj instanceof FieldReflectorKey other && 2170 Arrays.equals(sigs, other.sigs); 2171 } 2172 } 2173 2174 /** 2175 * Matches given set of serializable fields with serializable fields 2176 * obtained from the given local class descriptor (which contain bindings 2177 * to reflective Field objects). Returns list of ObjectStreamFields in 2178 * which each ObjectStreamField whose signature matches that of a local 2179 * field contains a Field object for that field; unmatched 2180 * ObjectStreamFields contain null Field objects. Shared/unshared settings 2181 * of the returned ObjectStreamFields also reflect those of matched local 2182 * ObjectStreamFields. Throws InvalidClassException if unresolvable type 2183 * conflicts exist between the two sets of fields. 2184 */ 2185 private static ObjectStreamField[] matchFields(ObjectStreamField[] fields, 2186 ObjectStreamClass localDesc) 2187 throws InvalidClassException 2188 { 2189 ObjectStreamField[] localFields = (localDesc != null) ? 2190 localDesc.fields : NO_FIELDS; 2191 2192 /* 2193 * Even if fields == localFields, we cannot simply return localFields 2194 * here. In previous implementations of serialization, 2195 * ObjectStreamField.getType() returned Object.class if the 2196 * ObjectStreamField represented a non-primitive field and belonged to 2197 * a non-local class descriptor. To preserve this (questionable) 2198 * behavior, the ObjectStreamField instances returned by matchFields 2199 * cannot report non-primitive types other than Object.class; hence 2200 * localFields cannot be returned directly. 2201 */ 2202 2203 ObjectStreamField[] matches = new ObjectStreamField[fields.length]; 2204 for (int i = 0; i < fields.length; i++) { 2205 ObjectStreamField f = fields[i], m = null; 2206 for (int j = 0; j < localFields.length; j++) { 2207 ObjectStreamField lf = localFields[j]; 2208 if (f.getName().equals(lf.getName())) { 2209 if ((f.isPrimitive() || lf.isPrimitive()) && 2210 f.getTypeCode() != lf.getTypeCode()) 2211 { 2212 throw new InvalidClassException(localDesc.name, 2213 "incompatible types for field " + f.getName()); 2214 } 2215 if (lf.getField() != null) { 2216 m = new ObjectStreamField( 2217 lf.getField(), lf.isUnshared(), false); 2218 } else { 2219 m = new ObjectStreamField( 2220 lf.getName(), lf.getSignature(), lf.isUnshared()); 2221 } 2222 } 2223 } 2224 if (m == null) { 2225 m = new ObjectStreamField( 2226 f.getName(), f.getSignature(), false); 2227 } 2228 m.setOffset(f.getOffset()); 2229 matches[i] = m; 2230 } 2231 return matches; 2232 } 2233 2234 /** 2235 * A LRA cache of record deserialization constructors. 2236 */ 2237 @SuppressWarnings("serial") 2238 private static final class DeserializationConstructorsCache 2239 extends ConcurrentHashMap<DeserializationConstructorsCache.Key, MethodHandle> { 2240 2241 // keep max. 10 cached entries - when the 11th element is inserted the oldest 2242 // is removed and 10 remains - 11 is the biggest map size where internal 2243 // table of 16 elements is sufficient (inserting 12th element would resize it to 32) 2244 private static final int MAX_SIZE = 10; 2245 private Key.Impl first, last; // first and last in FIFO queue 2246 2247 DeserializationConstructorsCache() { 2248 // start small - if there is more than one shape of ObjectStreamClass 2249 // deserialized, there will typically be two (current version and previous version) 2250 super(2); 2251 } 2252 2253 MethodHandle get(ObjectStreamField[] fields) { 2254 return get(new Key.Lookup(fields)); 2255 } 2256 2257 synchronized MethodHandle putIfAbsentAndGet(ObjectStreamField[] fields, MethodHandle mh) { 2258 Key.Impl key = new Key.Impl(fields); 2259 var oldMh = putIfAbsent(key, mh); 2260 if (oldMh != null) return oldMh; 2261 // else we did insert new entry -> link the new key as last 2262 if (last == null) { 2263 last = first = key; 2264 } else { 2265 last = (last.next = key); 2266 } 2267 // may need to remove first 2268 if (size() > MAX_SIZE) { 2269 assert first != null; 2270 remove(first); 2271 first = first.next; 2272 if (first == null) { 2273 last = null; 2274 } 2275 } 2276 return mh; 2277 } 2278 2279 // a key composed of ObjectStreamField[] names and types 2280 abstract static class Key { 2281 abstract int length(); 2282 abstract String fieldName(int i); 2283 abstract Class<?> fieldType(int i); 2284 2285 @Override 2286 public final int hashCode() { 2287 int n = length(); 2288 int h = 0; 2289 for (int i = 0; i < n; i++) h = h * 31 + fieldType(i).hashCode(); 2290 for (int i = 0; i < n; i++) h = h * 31 + fieldName(i).hashCode(); 2291 return h; 2292 } 2293 2294 @Override 2295 public final boolean equals(Object obj) { 2296 if (!(obj instanceof Key other)) return false; 2297 int n = length(); 2298 if (n != other.length()) return false; 2299 for (int i = 0; i < n; i++) if (fieldType(i) != other.fieldType(i)) return false; 2300 for (int i = 0; i < n; i++) if (!fieldName(i).equals(other.fieldName(i))) return false; 2301 return true; 2302 } 2303 2304 // lookup key - just wraps ObjectStreamField[] 2305 static final class Lookup extends Key { 2306 final ObjectStreamField[] fields; 2307 2308 Lookup(ObjectStreamField[] fields) { this.fields = fields; } 2309 2310 @Override 2311 int length() { return fields.length; } 2312 2313 @Override 2314 String fieldName(int i) { return fields[i].getName(); } 2315 2316 @Override 2317 Class<?> fieldType(int i) { return fields[i].getType(); } 2318 } 2319 2320 // real key - copies field names and types and forms FIFO queue in cache 2321 static final class Impl extends Key { 2322 Impl next; 2323 final String[] fieldNames; 2324 final Class<?>[] fieldTypes; 2325 2326 Impl(ObjectStreamField[] fields) { 2327 this.fieldNames = new String[fields.length]; 2328 this.fieldTypes = new Class<?>[fields.length]; 2329 for (int i = 0; i < fields.length; i++) { 2330 fieldNames[i] = fields[i].getName(); 2331 fieldTypes[i] = fields[i].getType(); 2332 } 2333 } 2334 2335 @Override 2336 int length() { return fieldNames.length; } 2337 2338 @Override 2339 String fieldName(int i) { return fieldNames[i]; } 2340 2341 @Override 2342 Class<?> fieldType(int i) { return fieldTypes[i]; } 2343 } 2344 } 2345 } 2346 2347 /** Record specific support for retrieving and binding stream field values. */ 2348 static final class RecordSupport { 2349 /** 2350 * Returns canonical record constructor adapted to take two arguments: 2351 * {@code (byte[] primValues, Object[] objValues)} 2352 * and return 2353 * {@code Object} 2354 */ 2355 @SuppressWarnings("removal") 2356 static MethodHandle deserializationCtr(ObjectStreamClass desc) { 2357 // check the cached value 1st 2358 MethodHandle mh = desc.deserializationCtr; 2359 if (mh != null) return mh; 2360 mh = desc.deserializationCtrs.get(desc.getFields(false)); 2361 if (mh != null) return desc.deserializationCtr = mh; 2362 2363 // retrieve record components 2364 RecordComponent[] recordComponents; 2365 try { 2366 Class<?> cls = desc.forClass(); 2367 PrivilegedExceptionAction<RecordComponent[]> pa = cls::getRecordComponents; 2368 recordComponents = AccessController.doPrivileged(pa); 2369 } catch (PrivilegedActionException e) { 2370 throw new InternalError(e.getCause()); 2371 } 2372 2373 // retrieve the canonical constructor 2374 // (T1, T2, ..., Tn):TR 2375 mh = desc.getRecordConstructor(); 2376 2377 // change return type to Object 2378 // (T1, T2, ..., Tn):TR -> (T1, T2, ..., Tn):Object 2379 mh = mh.asType(mh.type().changeReturnType(Object.class)); 2380 2381 // drop last 2 arguments representing primValues and objValues arrays 2382 // (T1, T2, ..., Tn):Object -> (T1, T2, ..., Tn, byte[], Object[]):Object 2383 mh = MethodHandles.dropArguments(mh, mh.type().parameterCount(), byte[].class, Object[].class); 2384 2385 for (int i = recordComponents.length-1; i >= 0; i--) { 2386 String name = recordComponents[i].getName(); 2387 Class<?> type = recordComponents[i].getType(); 2388 // obtain stream field extractor that extracts argument at 2389 // position i (Ti+1) from primValues and objValues arrays 2390 // (byte[], Object[]):Ti+1 2391 MethodHandle combiner = streamFieldExtractor(name, type, desc); 2392 // fold byte[] privValues and Object[] objValues into argument at position i (Ti+1) 2393 // (..., Ti, Ti+1, byte[], Object[]):Object -> (..., Ti, byte[], Object[]):Object 2394 mh = MethodHandles.foldArguments(mh, i, combiner); 2395 } 2396 // what we are left with is a MethodHandle taking just the primValues 2397 // and objValues arrays and returning the constructed record instance 2398 // (byte[], Object[]):Object 2399 2400 // store it into cache and return the 1st value stored 2401 return desc.deserializationCtr = 2402 desc.deserializationCtrs.putIfAbsentAndGet(desc.getFields(false), mh); 2403 } 2404 2405 /** Returns the number of primitive fields for the given descriptor. */ 2406 private static int numberPrimValues(ObjectStreamClass desc) { 2407 ObjectStreamField[] fields = desc.getFields(); 2408 int primValueCount = 0; 2409 for (int i = 0; i < fields.length; i++) { 2410 if (fields[i].isPrimitive()) 2411 primValueCount++; 2412 else 2413 break; // can be no more 2414 } 2415 return primValueCount; 2416 } 2417 2418 /** 2419 * Returns extractor MethodHandle taking the primValues and objValues arrays 2420 * and extracting the argument of canonical constructor with given name and type 2421 * or producing default value for the given type if the field is absent. 2422 */ 2423 private static MethodHandle streamFieldExtractor(String pName, 2424 Class<?> pType, 2425 ObjectStreamClass desc) { 2426 ObjectStreamField[] fields = desc.getFields(false); 2427 2428 for (int i = 0; i < fields.length; i++) { 2429 ObjectStreamField f = fields[i]; 2430 String fName = f.getName(); 2431 if (!fName.equals(pName)) 2432 continue; 2433 2434 Class<?> fType = f.getField().getType(); 2435 if (!pType.isAssignableFrom(fType)) 2436 throw new InternalError(fName + " unassignable, pType:" + pType + ", fType:" + fType); 2437 2438 if (f.isPrimitive()) { 2439 // (byte[], int):fType 2440 MethodHandle mh = PRIM_VALUE_EXTRACTORS.get(fType); 2441 if (mh == null) { 2442 throw new InternalError("Unexpected type: " + fType); 2443 } 2444 // bind offset 2445 // (byte[], int):fType -> (byte[]):fType 2446 mh = MethodHandles.insertArguments(mh, 1, f.getOffset()); 2447 // drop objValues argument 2448 // (byte[]):fType -> (byte[], Object[]):fType 2449 mh = MethodHandles.dropArguments(mh, 1, Object[].class); 2450 // adapt return type to pType 2451 // (byte[], Object[]):fType -> (byte[], Object[]):pType 2452 if (pType != fType) { 2453 mh = mh.asType(mh.type().changeReturnType(pType)); 2454 } 2455 return mh; 2456 } else { // reference 2457 // (Object[], int):Object 2458 MethodHandle mh = MethodHandles.arrayElementGetter(Object[].class); 2459 // bind index 2460 // (Object[], int):Object -> (Object[]):Object 2461 mh = MethodHandles.insertArguments(mh, 1, i - numberPrimValues(desc)); 2462 // drop primValues argument 2463 // (Object[]):Object -> (byte[], Object[]):Object 2464 mh = MethodHandles.dropArguments(mh, 0, byte[].class); 2465 // adapt return type to pType 2466 // (byte[], Object[]):Object -> (byte[], Object[]):pType 2467 if (pType != Object.class) { 2468 mh = mh.asType(mh.type().changeReturnType(pType)); 2469 } 2470 return mh; 2471 } 2472 } 2473 2474 // return default value extractor if no field matches pName 2475 return MethodHandles.empty(MethodType.methodType(pType, byte[].class, Object[].class)); 2476 } 2477 2478 private static final Map<Class<?>, MethodHandle> PRIM_VALUE_EXTRACTORS; 2479 static { 2480 var lkp = MethodHandles.lookup(); 2481 try { 2482 PRIM_VALUE_EXTRACTORS = Map.of( 2483 byte.class, MethodHandles.arrayElementGetter(byte[].class), 2484 short.class, lkp.findStatic(ByteArray.class, "getShort", MethodType.methodType(short.class, byte[].class, int.class)), 2485 int.class, lkp.findStatic(ByteArray.class, "getInt", MethodType.methodType(int.class, byte[].class, int.class)), 2486 long.class, lkp.findStatic(ByteArray.class, "getLong", MethodType.methodType(long.class, byte[].class, int.class)), 2487 float.class, lkp.findStatic(ByteArray.class, "getFloat", MethodType.methodType(float.class, byte[].class, int.class)), 2488 double.class, lkp.findStatic(ByteArray.class, "getDouble", MethodType.methodType(double.class, byte[].class, int.class)), 2489 char.class, lkp.findStatic(ByteArray.class, "getChar", MethodType.methodType(char.class, byte[].class, int.class)), 2490 boolean.class, lkp.findStatic(ByteArray.class, "getBoolean", MethodType.methodType(boolean.class, byte[].class, int.class)) 2491 ); 2492 } catch (NoSuchMethodException | IllegalAccessException e) { 2493 throw new InternalError("Can't lookup " + ByteArray.class.getName() + ".getXXX", e); 2494 } 2495 } 2496 } 2497 }