1.1 --- a/emul/compact/src/main/java/java/io/ObjectInputStream.java Mon Jan 28 18:12:47 2013 +0100
1.2 +++ b/emul/compact/src/main/java/java/io/ObjectInputStream.java Tue Feb 26 14:55:55 2013 +0100
1.3 @@ -25,22 +25,12 @@
1.4
1.5 package java.io;
1.6
1.7 -import java.io.ObjectStreamClass.WeakClassKey;
1.8 -import java.lang.ref.ReferenceQueue;
1.9 import java.lang.reflect.Array;
1.10 import java.lang.reflect.Modifier;
1.11 import java.lang.reflect.Proxy;
1.12 -import java.security.AccessControlContext;
1.13 -import java.security.AccessController;
1.14 -import java.security.PrivilegedAction;
1.15 -import java.security.PrivilegedActionException;
1.16 -import java.security.PrivilegedExceptionAction;
1.17 import java.util.Arrays;
1.18 import java.util.HashMap;
1.19 -import java.util.concurrent.ConcurrentHashMap;
1.20 -import java.util.concurrent.ConcurrentMap;
1.21 -import java.util.concurrent.atomic.AtomicBoolean;
1.22 -import static java.io.ObjectStreamClass.processQueue;
1.23 +import org.apidesign.bck2brwsr.emul.lang.System;
1.24
1.25 /**
1.26 * An ObjectInputStream deserializes primitive data and objects previously
1.27 @@ -226,16 +216,6 @@
1.28 primClasses.put("void", void.class);
1.29 }
1.30
1.31 - private static class Caches {
1.32 - /** cache of subclass security audit results */
1.33 - static final ConcurrentMap<WeakClassKey,Boolean> subclassAudits =
1.34 - new ConcurrentHashMap<>();
1.35 -
1.36 - /** queue for WeakReferences to audited subclasses */
1.37 - static final ReferenceQueue<Class<?>> subclassAuditsQueue =
1.38 - new ReferenceQueue<>();
1.39 - }
1.40 -
1.41 /** filter stream for handling block data conversion */
1.42 private final BlockDataInputStream bin;
1.43 /** validation callback list */
1.44 @@ -265,7 +245,7 @@
1.45 * object currently being deserialized and descriptor for current class.
1.46 * Null when not during readObject upcall.
1.47 */
1.48 - private SerialCallbackContext curContext;
1.49 + private Object curContext;
1.50
1.51 /**
1.52 * Creates an ObjectInputStream that reads from the specified InputStream.
1.53 @@ -316,14 +296,7 @@
1.54 * @see java.io.SerializablePermission
1.55 */
1.56 protected ObjectInputStream() throws IOException, SecurityException {
1.57 - SecurityManager sm = System.getSecurityManager();
1.58 - if (sm != null) {
1.59 - sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
1.60 - }
1.61 - bin = null;
1.62 - handles = null;
1.63 - vlist = null;
1.64 - enableOverride = true;
1.65 + throw new SecurityException();
1.66 }
1.67
1.68 /**
1.69 @@ -359,29 +332,7 @@
1.70 public final Object readObject()
1.71 throws IOException, ClassNotFoundException
1.72 {
1.73 - if (enableOverride) {
1.74 - return readObjectOverride();
1.75 - }
1.76 -
1.77 - // if nested read, passHandle contains handle of enclosing object
1.78 - int outerHandle = passHandle;
1.79 - try {
1.80 - Object obj = readObject0(false);
1.81 - handles.markDependency(outerHandle, passHandle);
1.82 - ClassNotFoundException ex = handles.lookupException(passHandle);
1.83 - if (ex != null) {
1.84 - throw ex;
1.85 - }
1.86 - if (depth == 0) {
1.87 - vlist.doCallbacks();
1.88 - }
1.89 - return obj;
1.90 - } finally {
1.91 - passHandle = outerHandle;
1.92 - if (closed && depth == 0) {
1.93 - clear();
1.94 - }
1.95 - }
1.96 + throw new IOException();
1.97 }
1.98
1.99 /**
1.100 @@ -492,8 +443,8 @@
1.101 if (curContext == null) {
1.102 throw new NotActiveException("not in call to readObject");
1.103 }
1.104 - Object curObj = curContext.getObj();
1.105 - ObjectStreamClass curDesc = curContext.getDesc();
1.106 + Object curObj = null; // curContext.getObj();
1.107 + ObjectStreamClass curDesc = null; // curContext.getDesc();
1.108 bin.setBlockDataMode(false);
1.109 defaultReadFields(curObj, curDesc);
1.110 bin.setBlockDataMode(true);
1.111 @@ -530,8 +481,8 @@
1.112 if (curContext == null) {
1.113 throw new NotActiveException("not in call to readObject");
1.114 }
1.115 - Object curObj = curContext.getObj();
1.116 - ObjectStreamClass curDesc = curContext.getDesc();
1.117 + Object curObj = null; // curContext.getObj();
1.118 + ObjectStreamClass curDesc = null; // curContext.getDesc();
1.119 bin.setBlockDataMode(false);
1.120 GetFieldImpl getField = new GetFieldImpl(curDesc);
1.121 getField.readFields();
1.122 @@ -769,17 +720,7 @@
1.123 protected boolean enableResolveObject(boolean enable)
1.124 throws SecurityException
1.125 {
1.126 - if (enable == enableResolve) {
1.127 - return enable;
1.128 - }
1.129 - if (enable) {
1.130 - SecurityManager sm = System.getSecurityManager();
1.131 - if (sm != null) {
1.132 - sm.checkPermission(SUBSTITUTION_PERMISSION);
1.133 - }
1.134 - }
1.135 - enableResolve = enable;
1.136 - return !enableResolve;
1.137 + throw new SecurityException();
1.138 }
1.139
1.140 /**
1.141 @@ -1233,53 +1174,7 @@
1.142 if (cl == ObjectInputStream.class) {
1.143 return;
1.144 }
1.145 - SecurityManager sm = System.getSecurityManager();
1.146 - if (sm == null) {
1.147 - return;
1.148 - }
1.149 - processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
1.150 - WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
1.151 - Boolean result = Caches.subclassAudits.get(key);
1.152 - if (result == null) {
1.153 - result = Boolean.valueOf(auditSubclass(cl));
1.154 - Caches.subclassAudits.putIfAbsent(key, result);
1.155 - }
1.156 - if (result.booleanValue()) {
1.157 - return;
1.158 - }
1.159 - sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
1.160 - }
1.161 -
1.162 - /**
1.163 - * Performs reflective checks on given subclass to verify that it doesn't
1.164 - * override security-sensitive non-final methods. Returns true if subclass
1.165 - * is "safe", false otherwise.
1.166 - */
1.167 - private static boolean auditSubclass(final Class<?> subcl) {
1.168 - Boolean result = AccessController.doPrivileged(
1.169 - new PrivilegedAction<Boolean>() {
1.170 - public Boolean run() {
1.171 - for (Class<?> cl = subcl;
1.172 - cl != ObjectInputStream.class;
1.173 - cl = cl.getSuperclass())
1.174 - {
1.175 - try {
1.176 - cl.getDeclaredMethod(
1.177 - "readUnshared", (Class[]) null);
1.178 - return Boolean.FALSE;
1.179 - } catch (NoSuchMethodException ex) {
1.180 - }
1.181 - try {
1.182 - cl.getDeclaredMethod("readFields", (Class[]) null);
1.183 - return Boolean.FALSE;
1.184 - } catch (NoSuchMethodException ex) {
1.185 - }
1.186 - }
1.187 - return Boolean.TRUE;
1.188 - }
1.189 - }
1.190 - );
1.191 - return result.booleanValue();
1.192 + throw new SecurityException();
1.193 }
1.194
1.195 /**
1.196 @@ -1798,7 +1693,7 @@
1.197 private void readExternalData(Externalizable obj, ObjectStreamClass desc)
1.198 throws IOException
1.199 {
1.200 - SerialCallbackContext oldContext = curContext;
1.201 + Object oldContext = curContext;
1.202 curContext = null;
1.203 try {
1.204 boolean blocked = desc.hasBlockExternalData();
1.205 @@ -1857,10 +1752,10 @@
1.206 slotDesc.hasReadObjectMethod() &&
1.207 handles.lookupException(passHandle) == null)
1.208 {
1.209 - SerialCallbackContext oldContext = curContext;
1.210 + Object oldContext = curContext;
1.211
1.212 try {
1.213 - curContext = new SerialCallbackContext(obj, slotDesc);
1.214 + curContext = null; //new SerialCallbackContext(obj, slotDesc);
1.215
1.216 bin.setBlockDataMode(true);
1.217 slotDesc.invokeReadObject(obj, this);
1.218 @@ -1874,7 +1769,7 @@
1.219 */
1.220 handles.markException(passHandle, ex);
1.221 } finally {
1.222 - curContext.setUsed();
1.223 + //curContext.setUsed();
1.224 curContext = oldContext;
1.225 }
1.226
1.227 @@ -2158,24 +2053,6 @@
1.228 */
1.229 private static class ValidationList {
1.230
1.231 - private static class Callback {
1.232 - final ObjectInputValidation obj;
1.233 - final int priority;
1.234 - Callback next;
1.235 - final AccessControlContext acc;
1.236 -
1.237 - Callback(ObjectInputValidation obj, int priority, Callback next,
1.238 - AccessControlContext acc)
1.239 - {
1.240 - this.obj = obj;
1.241 - this.priority = priority;
1.242 - this.next = next;
1.243 - this.acc = acc;
1.244 - }
1.245 - }
1.246 -
1.247 - /** linked list of callbacks */
1.248 - private Callback list;
1.249
1.250 /**
1.251 * Creates new (empty) ValidationList.
1.252 @@ -2193,18 +2070,7 @@
1.253 if (obj == null) {
1.254 throw new InvalidObjectException("null callback");
1.255 }
1.256 -
1.257 - Callback prev = null, cur = list;
1.258 - while (cur != null && priority < cur.priority) {
1.259 - prev = cur;
1.260 - cur = cur.next;
1.261 - }
1.262 - AccessControlContext acc = AccessController.getContext();
1.263 - if (prev != null) {
1.264 - prev.next = new Callback(obj, priority, cur, acc);
1.265 - } else {
1.266 - list = new Callback(obj, priority, list, acc);
1.267 - }
1.268 + throw new InvalidObjectException("Does not work.");
1.269 }
1.270
1.271 /**
1.272 @@ -2215,29 +2081,12 @@
1.273 * and the exception propagated upwards.
1.274 */
1.275 void doCallbacks() throws InvalidObjectException {
1.276 - try {
1.277 - while (list != null) {
1.278 - AccessController.doPrivileged(
1.279 - new PrivilegedExceptionAction<Void>()
1.280 - {
1.281 - public Void run() throws InvalidObjectException {
1.282 - list.obj.validateObject();
1.283 - return null;
1.284 - }
1.285 - }, list.acc);
1.286 - list = list.next;
1.287 - }
1.288 - } catch (PrivilegedActionException ex) {
1.289 - list = null;
1.290 - throw (InvalidObjectException) ex.getException();
1.291 - }
1.292 }
1.293
1.294 /**
1.295 * Resets the callback list to its initial (empty) state.
1.296 */
1.297 public void clear() {
1.298 - list = null;
1.299 }
1.300 }
1.301