archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8286503: Enhance security classes

Browse source 
Reviewed-by: rhalade, mullan, skoivu, weijun
This commit is contained in:
Bradford Wetmore 2023-05-19 00:58:30 +00:00 committed by Henry Jen
parent 195c9b2c48
commit adca97b659
39 changed files with 931 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
View file

@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
@ -45,7 +47,7 @@ import jdk.internal.ref.CleanerFactory;
final class DESKey implements SecretKey {
@java.io.Serial
static final long serialVersionUID = 7724971015953279128L;
private static final long serialVersionUID = 7724971015953279128L;
private byte[] key;
@ -143,17 +145,26 @@ final class DESKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
byte[] temp = key;
key = temp.clone();
Arrays.fill(temp, (byte)0x00);
DESKeyGenerator.setParityBit(key, 0);
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,

21
src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
View file

@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
@ -45,7 +47,7 @@ import jdk.internal.ref.CleanerFactory;
final class DESedeKey implements SecretKey {
@java.io.Serial
static final long serialVersionUID = 2463986565756745178L;
private static final long serialVersionUID = 2463986565756745178L;
private byte[] key;
@ -144,17 +146,28 @@ final class DESedeKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
byte[] temp = key;
this.key = temp.clone();
java.util.Arrays.fill(temp, (byte)0x00);
DESKeyGenerator.setParityBit(key, 0);
DESKeyGenerator.setParityBit(key, 8);
DESKeyGenerator.setParityBit(key, 16);
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,

32
src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
View file

@ -40,8 +40,6 @@ import sun.security.util.*;
* algorithm.
*
* @author Jan Luehe
*
*
* @see DHPublicKey
* @see javax.crypto.KeyAgreement
*/
@ -49,7 +47,7 @@ final class DHPrivateKey implements PrivateKey,
javax.crypto.interfaces.DHPrivateKey, Serializable {
@java.io.Serial
static final long serialVersionUID = 7565477590005668886L;
private static final long serialVersionUID = 7565477590005668886L;
// only supported version of PKCS#8 PrivateKeyInfo
private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
@ -64,10 +62,10 @@ final class DHPrivateKey implements PrivateKey,
private byte[] encodedKey;
// the prime modulus
private BigInteger p;
private final BigInteger p;
// the base generator
private BigInteger g;
private final BigInteger g;
// the private-value length (optional)
private int l;
@ -321,4 +319,28 @@ final class DHPrivateKey implements PrivateKey,
getFormat(),
encodedKey);
}
/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}

32
src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
View file

@ -39,8 +39,6 @@ import sun.security.util.*;
* A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
*
* @author Jan Luehe
*
*
* @see DHPrivateKey
* @see javax.crypto.KeyAgreement
*/
@ -48,7 +46,7 @@ final class DHPublicKey implements PublicKey,
javax.crypto.interfaces.DHPublicKey, Serializable {
@java.io.Serial
static final long serialVersionUID = 7647557958927458271L;
private static final long serialVersionUID = 7647557958927458271L;
// the public key
private BigInteger y;
@ -60,10 +58,10 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
private byte[] encodedKey;
// the prime modulus
private BigInteger p;
private final BigInteger p;
// the base generator
private BigInteger g;
private final BigInteger g;
// the private-value length (optional)
private int l;
@ -313,4 +311,28 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}

30
src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
View file

@ -25,6 +25,8 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.lang.ref.Cleaner.Cleanable;
import java.security.MessageDigest;
@ -46,11 +48,11 @@ import jdk.internal.ref.CleanerFactory;
final class PBEKey implements SecretKey {
@java.io.Serial
static final long serialVersionUID = -2234768909660948176L;
private static final long serialVersionUID = -2234768909660948176L;
private byte[] key;
private String type;
private final String type;
private transient Cleanable cleanable;
@ -162,17 +164,35 @@ final class PBEKey implements SecretKey {
}
/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if (key == null) {
throw new InvalidObjectException(
"PBEKey couldn't be deserialized");
}
byte[] temp = key;
key = temp.clone();
Arrays.fill(temp, (byte)0x00);
// Accept "\0" to signify "zero-length password with no terminator".
if (!(key.length == 1 && key[0] == 0)) {
for (int i = 0; i < key.length; i++) {
if ((key[i] < '\u0020') || (key[i] > '\u007E')) {
throw new InvalidObjectException(
"PBEKey had non-ASCII chars");
}
}
}
// Use cleaner to zero the key when no longer referenced
final byte[] k = this.key;
cleanable = CleanerFactory.cleaner().register(this,

46
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View file

@ -25,7 +25,7 @@
package com.sun.crypto.provider;
import java.io.ObjectStreamException;
import java.io.*;
import java.lang.ref.Reference;
import java.lang.ref.Cleaner;
import java.nio.ByteBuffer;
@ -58,16 +58,16 @@ import jdk.internal.ref.CleanerFactory;
final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
@java.io.Serial
static final long serialVersionUID = -2234868909660948157L;
private static final long serialVersionUID = -2234868909660948157L;
private char[] passwd;
private byte[] salt;
private int iterCount;
private final char[] passwd;
private final byte[] salt;
private final int iterCount;
private byte[] key;
// The following fields are not Serializable. See writeReplace method.
private transient Mac prf;
private transient Cleaner.Cleanable cleaner;
private final transient Mac prf;
private final transient Cleaner.Cleanable cleaner;
private static byte[] getPasswordBytes(char[] passwd) {
CharBuffer cb = CharBuffer.wrap(passwd);
@ -141,13 +141,14 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
int intR = keyLength - (intL - 1)*hlen; // residue
byte[] ui = new byte[hlen];
byte[] ti = new byte[hlen];
String algName = prf.getAlgorithm();
// SecretKeySpec cannot be used, since password can be empty here.
SecretKey macKey = new SecretKey() {
@java.io.Serial
private static final long serialVersionUID = 7874493593505141603L;
@Override
public String getAlgorithm() {
return prf.getAlgorithm();
return algName;
}
@Override
public String getFormat() {
@ -160,18 +161,27 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
@Override
public int hashCode() {
return Arrays.hashCode(password) * 41 +
prf.getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode();
algName.toLowerCase(Locale.ENGLISH).hashCode();
}
@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null || this.getClass() != obj.getClass()) return false;
SecretKey sk = (SecretKey)obj;
return prf.getAlgorithm().equalsIgnoreCase(
return algName.equalsIgnoreCase(
sk.getAlgorithm()) &&
MessageDigest.isEqual(password, sk.getEncoded());
}
// This derived key can't be deserialized.
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"PBKDF2KeyImpl SecretKeys are not " +
"directly deserializable");
}
};
prf.init(macKey);
byte[] ibytes = new byte[4];
@ -303,4 +313,20 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
Reference.reachabilityFence(this);
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this class is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"PBKDF2KeyImpl keys are not directly deserializable");
}
}

27
src/java.base/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package com.sun.crypto.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
@ -62,11 +65,11 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
@SuppressWarnings("deprecation")
protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsMasterSecretParameterSpec == false) {
if (!(params instanceof TlsMasterSecretParameterSpec)) {
throw new InvalidAlgorithmParameterException(MSG);
}
this.spec = (TlsMasterSecretParameterSpec)params;
if ("RAW".equals(spec.getPremasterSecret().getFormat()) == false) {
if (!"RAW".equals(spec.getPremasterSecret().getFormat())) {
throw new InvalidAlgorithmParameterException(
"Key format must be RAW");
}
@ -191,6 +194,22 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
return key.clone();
}
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("TlsMasterSecretKey is null");
}
key = key.clone();
}
}
}

13
src/java.base/share/classes/java/security/CodeSigner.java
View file

@ -142,9 +142,9 @@ public final class CodeSigner implements Serializable {
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("(");
sb.append("Signer: " + signerCertPath.getCertificates().get(0));
sb.append("Signer: ").append(signerCertPath.getCertificates().get(0));
if (timestamp != null) {
sb.append("timestamp: " + timestamp);
sb.append("timestamp: ").append(timestamp);
}
sb.append(")");
return sb.toString();
@ -160,8 +160,11 @@ public final class CodeSigner implements Serializable {
*/
@java.io.Serial
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
ois.defaultReadObject();
myhash = -1;
throws IOException, ClassNotFoundException {
ois.defaultReadObject();
if (signerCertPath == null) {
throw new InvalidObjectException("signerCertPath is null");
}
myhash = -1;
}
}

27
src/java.base/share/classes/javax/crypto/spec/SecretKeySpec.java
View file

@ -28,6 +28,9 @@ package javax.crypto.spec;
import jdk.internal.access.SharedSecrets;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.MessageDigest;
import java.security.spec.KeySpec;
import java.util.Arrays;
@ -60,7 +63,7 @@ public class SecretKeySpec implements KeySpec, SecretKey {
*
* @serial
*/
private final byte[] key;
private byte[] key;
/**
* The name of the algorithm associated with this key.
@ -251,4 +254,26 @@ public class SecretKeySpec implements KeySpec, SecretKey {
void clear() {
Arrays.fill(key, (byte)0);
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (key == null || algorithm == null) {
throw new InvalidObjectException("Missing argument");
}
this.key = key.clone();
if (key.length == 0) {
throw new InvalidObjectException("Invalid key length");
}
}
}

53
src/java.base/share/classes/javax/security/auth/callback/ChoiceCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,10 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
/**
* <p> Underlying security services instantiate and pass a
* {@code ChoiceCallback} to the {@code handle}
@ -48,7 +52,7 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
* @serial the list of choices
* @since 1.4
*/
private final String[] choices;
private String[] choices;
/**
* @serial the choice to be used as the default choice
* @since 1.4
@ -72,7 +76,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
* a list of choices, a default choice, and a boolean specifying
* whether multiple selections from the list of choices are allowed.
*
*
* @param prompt the prompt used to describe the list of choices.
*
* @param choices the list of choices. The array is cloned to protect
@ -104,15 +107,15 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
defaultChoice < 0 || defaultChoice >= choices.length)
throw new IllegalArgumentException();
this.prompt = prompt;
this.defaultChoice = defaultChoice;
this.multipleSelectionsAllowed = multipleSelectionsAllowed;
this.choices = choices.clone();
for (int i = 0; i < choices.length; i++) {
if (choices[i] == null || choices[i].isEmpty())
throw new IllegalArgumentException();
}
this.prompt = prompt;
this.choices = choices.clone();
this.defaultChoice = defaultChoice;
this.multipleSelectionsAllowed = multipleSelectionsAllowed;
}
/**
@ -196,4 +199,38 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
public int[] getSelectedIndexes() {
return selections == null ? null : selections.clone();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((prompt == null) || prompt.isEmpty() ||
(choices == null) || (choices.length == 0) ||
(defaultChoice < 0) || (defaultChoice >= choices.length)) {
throw new InvalidObjectException(
"Missing/invalid prompt/choices");
}
choices = choices.clone();
for (int i = 0; i < choices.length; i++) {
if ((choices[i] == null) || choices[i].isEmpty())
throw new InvalidObjectException("Null/empty choices");
}
if (selections != null) {
selections = selections.clone();
if (!multipleSelectionsAllowed && (selections.length != 1)) {
throw new InvalidObjectException(
"Multiple selections not allowed");
}
}
}
}

47
src/java.base/share/classes/javax/security/auth/callback/ConfirmationCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.ObjectInputStream;
/**
* <p> Underlying security services instantiate and pass a
* {@code ConfirmationCallback} to the {@code handle}
@ -147,7 +150,7 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
* @serial
* @since 1.4
*/
private final String[] options;
private String[] options;
/**
* @serial
* @since 1.4
@ -252,16 +255,16 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
defaultOption < 0 || defaultOption >= options.length)
throw new IllegalArgumentException();
this.prompt = null;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.defaultOption = defaultOption;
this.options = options.clone();
for (int i = 0; i < options.length; i++) {
if (options[i] == null || options[i].isEmpty())
throw new IllegalArgumentException();
}
this.prompt = null;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.options = options.clone();
this.defaultOption = defaultOption;
}
/**
@ -372,16 +375,16 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
defaultOption < 0 || defaultOption >= options.length)
throw new IllegalArgumentException();
this.prompt = prompt;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.defaultOption = defaultOption;
this.options = options.clone();
for (int i = 0; i < options.length; i++) {
if (options[i] == null || options[i].isEmpty())
throw new IllegalArgumentException();
}
this.prompt = prompt;
this.messageType = messageType;
this.optionType = UNSPECIFIED_OPTION;
this.options = options.clone();
this.defaultOption = defaultOption;
}
/**
@ -487,4 +490,20 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
public int getSelectedIndex() {
return selection;
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (options != null) {
options = options.clone();
}
}
}

28
src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package javax.security.auth.callback;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.lang.ref.Cleaner;
import java.util.Arrays;
@ -157,4 +160,27 @@ public class PasswordCallback implements Callback, java.io.Serializable {
private static Runnable cleanerFor(char[] password) {
return () -> Arrays.fill(password, ' ');
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (prompt == null || prompt.isEmpty()) {
throw new InvalidObjectException("Missing prompt");
}
if (inputPassword != null) {
inputPassword = inputPassword.clone();
cleanable = CleanerFactory.cleaner().register(
this, cleanerFor(inputPassword));
}
}
}

21
src/java.base/share/classes/sun/security/ec/ECPrivateKeyImpl.java
View file

@ -26,6 +26,8 @@
package sun.security.ec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -41,7 +43,7 @@ import sun.security.pkcs.PKCS8Key;
/**
* Key implementation for EC private keys.
*
* <p>
* ASN.1 syntax for EC private keys from SEC 1 v1.5 (draft):
*
* <pre>
@ -64,6 +66,7 @@ import sun.security.pkcs.PKCS8Key;
*/
public final class ECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey {
@java.io.Serial
private static final long serialVersionUID = 88695385615075129L;
private BigInteger s; // private value
@ -218,4 +221,20 @@ public final class ECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey {
"Unexpected error calculating public key", e);
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"ECPrivateKeyImpl keys are not directly deserializable");
}
}

26
src/java.base/share/classes/sun/security/ec/ECPublicKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,8 @@ package sun.security.ec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
@ -44,6 +46,7 @@ import sun.security.x509.*;
*/
public final class ECPublicKeyImpl extends X509Key implements ECPublicKey {
@java.io.Serial
private static final long serialVersionUID = -2462037275160462289L;
@SuppressWarnings("serial") // Type of field is not
@ -123,10 +126,27 @@ public final class ECPublicKeyImpl extends X509Key implements ECPublicKey {
+ "\n parameters: " + params;
}
protected Object writeReplace() throws java.io.ObjectStreamException {
@java.io.Serial
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"ECPublicKeyImpl keys are not directly deserializable");
}
}

18
src/java.base/share/classes/sun/security/ec/XDHPrivateKeyImpl.java
View file

@ -37,6 +37,7 @@ import sun.security.util.*;
public final class XDHPrivateKeyImpl extends PKCS8Key implements XECPrivateKey {
@java.io.Serial
private static final long serialVersionUID = 1L;
@SuppressWarnings("serial") // Type of field is not Serializable
@ -114,5 +115,20 @@ public final class XDHPrivateKeyImpl extends PKCS8Key implements XECPrivateKey {
"Unexpected error calculating public key", e);
}
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"XDHPrivateKeyImpl keys are not directly deserializable");
}
}

25
src/java.base/share/classes/sun/security/ec/XDHPublicKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package sun.security.ec;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyRep;
@ -39,6 +42,7 @@ import sun.security.x509.X509Key;
public final class XDHPublicKeyImpl extends X509Key implements XECPublicKey {
@java.io.Serial
private static final long serialVersionUID = 1L;
private final BigInteger u;
@ -107,7 +111,8 @@ public final class XDHPublicKeyImpl extends X509Key implements XECPublicKey {
return "XDH";
}
protected Object writeReplace() throws java.io.ObjectStreamException {
@java.io.Serial
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
@ -130,5 +135,21 @@ public final class XDHPublicKeyImpl extends X509Key implements XECPublicKey {
j--;
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"XDHPublicKeyImpl keys are not directly deserializable");
}
}

21
src/java.base/share/classes/sun/security/ec/ed/EdDSAPrivateKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.ec.ed;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.InvalidKeyException;
import java.security.interfaces.EdECPrivateKey;
import java.util.Optional;
@ -38,6 +40,7 @@ import sun.security.util.*;
public final class EdDSAPrivateKeyImpl
extends PKCS8Key implements EdECPrivateKey {
@java.io.Serial
private static final long serialVersionUID = 1L;
@SuppressWarnings("serial") // Type of field is not Serializable
@ -102,4 +105,20 @@ public final class EdDSAPrivateKeyImpl
public Optional<byte[]> getBytes() {
return Optional.of(getKey());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"EdDSAPrivateKeyImpl keys are not directly deserializable");
}
}

25
src/java.base/share/classes/sun/security/ec/ed/EdDSAPublicKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package sun.security.ec.ed;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyRep;
@ -39,6 +42,7 @@ import sun.security.x509.X509Key;
public final class EdDSAPublicKeyImpl extends X509Key implements EdECPublicKey {
@java.io.Serial
private static final long serialVersionUID = 1L;
@SuppressWarnings("serial") // Type of field is not Serializable
@ -108,7 +112,8 @@ public final class EdDSAPublicKeyImpl extends X509Key implements EdECPublicKey {
return "EdDSA";
}
protected Object writeReplace() throws java.io.ObjectStreamException {
@java.io.Serial
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC, getAlgorithm(), getFormat(),
getEncoded());
}
@ -129,4 +134,20 @@ public final class EdDSAPublicKeyImpl extends X509Key implements EdECPublicKey {
j--;
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"EdDSAPublicKeyImpl keys are not directly deserializable");
}
}

27
src/java.base/share/classes/sun/security/provider/DSAPublicKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,17 +25,20 @@
package sun.security.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.KeyRep;
import java.security.InvalidKeyException;
/**
* An X.509 public key for the Digital Signature Algorithm.
*
* <p>
* The difference between DSAPublicKeyImpl and DSAPublicKey is that
* DSAPublicKeyImpl calls writeReplace with KeyRep, and DSAPublicKey
* calls writeObject.
*
* <p>
* See the comments in DSAKeyFactory, 4532506, and 6232513.
*
*/
@ -72,10 +75,26 @@ public final class DSAPublicKeyImpl extends DSAPublicKey {
}
@java.io.Serial
protected Object writeReplace() throws java.io.ObjectStreamException {
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"DSAPublicKeyImpl keys are not directly deserializable");
}
}

29
src/java.base/share/classes/sun/security/provider/PolicyFile.java
View file

@ -2098,8 +2098,17 @@ public class PolicyFile extends java.security.Policy {
this.actions.equals(that.actions)))
return false;
if (this.certs.length != that.certs.length)
if ((this.certs == null) && (that.certs == null)) {
return true;
}
if ((this.certs == null) || (that.certs == null)) {
return false;
}
if (this.certs.length != that.certs.length) {
return false;
}
int i,j;
boolean match;
@ -2163,7 +2172,7 @@ public class PolicyFile extends java.security.Policy {
}
public Certificate[] getCerts() {
return certs;
return (certs == null ? null : certs.clone());
}
/**
@ -2176,6 +2185,22 @@ public class PolicyFile extends java.security.Policy {
@Override public String toString() {
return "(SelfPermission " + type + " " + name + " " + actions + ")";
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (certs != null) {
this.certs = certs.clone();
}
}
}
/**

54
src/java.base/share/classes/sun/security/provider/SecureRandom.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
package sun.security.provider;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.security.MessageDigest;
import java.security.SecureRandomSpi;
import java.security.NoSuchAlgorithmException;
@ -192,7 +193,7 @@ implements java.io.Serializable {
/**
* This static object will be seeded by SeedGenerator, and used
* to seed future instances of SHA1PRNG SecureRandoms.
*
* <p>
* Bloch, Effective Java Second Edition: Item 71
*/
private static class SeederHolder {
@ -265,18 +266,24 @@ implements java.io.Serializable {
}
/*
* readObject is called to restore the state of the random object from
* a stream. We have to create a new instance of MessageDigest, because
* This method is called to restore the state of the random object from
* a stream.
* <p>
* We have to create a new instance of {@code MessageDigest}, because
* it is not included in the stream (it is marked "transient").
*
* Note that the engineNextBytes() method invoked on the restored random
* object will yield the exact same (random) bytes as the original.
* <p>
* Note that the {@code engineNextBytes()} method invoked on the restored
* random object will yield the exact same (random) bytes as the original.
* If you do not want this behaviour, you should re-seed the restored
* random object, using engineSetSeed().
* random object, using {@code engineSetSeed()}.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException {
throws IOException, ClassNotFoundException {
s.defaultReadObject ();
@ -295,5 +302,34 @@ implements java.io.Serializable {
"internal error: SHA-1 not available.", exc);
}
}
// Various consistency checks
if ((remainder == null) && (remCount > 0)) {
throw new InvalidObjectException(
"Remainder indicated, but no data available");
}
// Not yet allocated state
if (state == null) {
if (remainder == null) {
return;
} else {
throw new InvalidObjectException(
"Inconsistent buffer allocations");
}
}
// Sanity check on sizes/pointer
if ((state.length != DIGEST_SIZE) ||
((remainder != null) && (remainder.length != DIGEST_SIZE)) ||
(remCount < 0 ) || (remCount >= DIGEST_SIZE)) {
throw new InvalidObjectException(
"Inconsistent buffer sizes/state");
}
state = state.clone();
if (remainder != null) {
remainder = remainder.clone();
}
}
}

22
src/java.base/share/classes/sun/security/provider/certpath/X509CertPath.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,9 +25,7 @@
package sun.security.provider.certpath;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.*;
import java.security.cert.CertificateEncodingException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
@ -379,4 +377,20 @@ public class X509CertPath extends CertPath {
public List<X509Certificate> getCertificates() {
return certs;
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"X509CertPaths are not directly deserializable");
}
}

22
src/java.base/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -43,7 +45,7 @@ import sun.security.rsa.RSAUtil.KeyType;
* RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in CRT form.
* For non-CRT private keys, see RSAPrivateKeyImpl. We need separate classes
* to ensure correct behavior in instanceof checks, etc.
*
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateKeyImpl
@ -356,4 +358,20 @@ public final class RSAPrivateCrtKeyImpl
throw new InvalidKeyException("Invalid RSA private key", e);
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPrivateCrtKeyImpl keys are not directly deserializable");
}
}

30
src/java.base/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,6 +25,9 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -39,10 +42,11 @@ import sun.security.rsa.RSAUtil.KeyType;
/**
* RSA private key implementation for "RSA", "RSASSA-PSS" algorithms in non-CRT
* form (modulus, private exponent only). For CRT private keys, see
* RSAPrivateCrtKeyImpl. We need separate classes to ensure correct behavior
* in instanceof checks, etc.
*
* form (modulus, private exponent only).
* <p>
* For CRT private keys, see RSAPrivateCrtKeyImpl. We need separate classes
* to ensure correct behavior in instanceof checks, etc.
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateCrtKeyImpl
@ -141,4 +145,20 @@ public final class RSAPrivateKeyImpl extends PKCS8Key implements RSAPrivateKey {
+ " bits" + "\n params: " + keyParams + "\n modulus: " + n
+ "\n private exponent: " + d;
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPrivateKeyImpl keys are not directly deserializable");
}
}

24
src/java.base/share/classes/sun/security/rsa/RSAPublicKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
package sun.security.rsa;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.math.BigInteger;
import java.security.*;
@ -39,7 +41,7 @@ import sun.security.rsa.RSAUtil.KeyType;
/**
* RSA public key implementation for "RSA", "RSASSA-PSS" algorithms.
*
* <p>
* Note: RSA keys must be at least 512 bits long
*
* @see RSAPrivateCrtKeyImpl
@ -233,10 +235,26 @@ public final class RSAPublicKeyImpl extends X509Key implements RSAPublicKey {
}
@java.io.Serial
protected Object writeReplace() throws java.io.ObjectStreamException {
private Object writeReplace() throws java.io.ObjectStreamException {
return new KeyRep(KeyRep.Type.PUBLIC,
getAlgorithm(),
getFormat(),
getEncoded());
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"RSAPublicKeyImpl keys are not directly deserializable");
}
}

22
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -536,7 +536,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
/**
* Return the requested attribute from the certificate.
*
* <p>
* Note that the X509CertInfo is not cloned for performance reasons.
* Callers must ensure that they do not modify it. All other
* attributes are cloned.
@ -1218,7 +1218,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
for (GeneralName gname : names.names()) {
GeneralNameInterface name = gname.getName();
List<Object> nameEntry = new ArrayList<>(2);
nameEntry.add(Integer.valueOf(name.getType()));
nameEntry.add(name.getType());
switch (name.getType()) {
case GeneralNameInterface.NAME_RFC822:
nameEntry.add(((RFC822Name) name).getName());
@ -1631,4 +1631,20 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
}
}
}
/**
* Restores the state of this object from the stream.
* <p>
* Deserialization of this object is not supported.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
throw new InvalidObjectException(
"X509CertImpls are not directly deserializable");
}
}