8286503: Enhance security classes

Reviewed-by: rhalade, mullan, skoivu, weijun
2025-08-27 06:45:07 +02:00 · 2023-05-19 00:58:30 +00:00 · 2023-05-19 00:58:30 +00:00 · adca97b659
commit adca97b659
parent 195c9b2c48
39 changed files with 931 additions and 149 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
@ -39,8 +39,6 @@ import sun.security.util.*;
 * A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
 *
 * @author Jan Luehe
- *
- *
 * @see DHPrivateKey
 * @see javax.crypto.KeyAgreement
 */
@ -48,7 +46,7 @@ final class DHPublicKey implements PublicKey,
 javax.crypto.interfaces.DHPublicKey, Serializable {

    @java.io.Serial
-    static final long serialVersionUID = 7647557958927458271L;
+    private static final long serialVersionUID = 7647557958927458271L;

    // the public key
    private BigInteger y;
@ -60,10 +58,10 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
    private byte[] encodedKey;

    // the prime modulus
-    private BigInteger p;
+    private final BigInteger p;

    // the base generator
-    private BigInteger g;
+    private final BigInteger g;

    // the private-value length (optional)
    private int l;
@ -313,4 +311,28 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
                        getFormat(),
                        getEncoded());
    }
+
+    /**
+     * Restores the state of this object from the stream.
+     * <p>
+     * JDK 1.5+ objects use <code>KeyRep</code>s instead.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    @java.io.Serial
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        stream.defaultReadObject();
+        if ((key == null) || (key.length == 0)) {
+            throw new InvalidObjectException("key not deserializable");
+        }
+        this.key = key.clone();
+        if ((encodedKey == null) || (encodedKey.length == 0)) {
+            throw new InvalidObjectException(
+                    "encoded key not deserializable");
+        }
+        this.encodedKey = encodedKey.clone();
+    }
 }