Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public static Object deserialize ( byte [] buffer ) throws IOException, ClassNotFoundException {
- Object obj = null;
- try ( ByteArrayInputStream byte_array = new ByteArrayInputStream ( buffer ) ) {
- try ( ObjectInputStream obj_stream = new ObjectInputStream ( byte_array ) ) {
- obj = obj_stream.readObject ( );
- }
- }
- return ( obj );
- }
- java.io.ObjectInputStream.resolveClass ( );
- class SecureObjectInputStream extends ObjectInputStream {
- public Set whitelist;
- public WhitelistedObjectInputStream(InputStream default_stream ) throws IOException {
- super( sefault_stream );
- }
- whitelist = new HashSet <String> ( Arrays.asList ( new String[] { "class_1","class_2", ... } ) );
- @Override
- protected Class <?> resolveClass ( ObjectStreamClass obj_class ) throws IOException, ClassNotFoundException {
- if ( !whitelist.contains ( obj_class.getName ( ) ) )
- throw new InvalidClassException ( "Unexpected serialized class", obj_class.getName ( ) );
- return ( super.resolveClass ( obj_class ) );
- }
- }
- private static Object deserialize ( byte[] buffer ) throws IOException, ClassNotFoundException {
- Object obj = null;
- try ( ByteArrayInputStream byte_array = new ByteArrayInputStream ( buffer ) ) {
- try ( SecureObjectInputStream obj_stream = new WhitelistedObjectInputStream ( byte_array, whitelist ) ) {
- obj = obj_stream.readObject ( );
- }
- }
- return ( obj );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement