All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.obs.services.internal.utils.SecureObjectInputStream Maven / Gradle / Ivy

/**
 * Copyright 2019 Huawei Technologies Co.,Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License.  You may obtain a copy of the
 * License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.obs.services.internal.utils;

import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

public final class SecureObjectInputStream extends ObjectInputStream {

    public static final List ALLOWED_CLASS_NAMES = Collections.unmodifiableList(
            Arrays.asList("java.util.ArrayList", "com.obs.services.model.PartEtag", "java.lang.Integer",
                    "java.lang.Number", "java.util.Date",
                    "com.obs.services.internal.DownloadResumableClient$TmpFileStatus",
                    "com.obs.services.internal.UploadResumableClient$UploadCheckPoint",
                    "com.obs.services.internal.UploadResumableClient$FileStatus",
                    "com.obs.services.internal.UploadResumableClient$UploadPart",
                    "com.obs.services.internal.DownloadResumableClient$DownloadCheckPoint",
                    "com.obs.services.internal.DownloadResumableClient$DownloadPart",
                    "com.obs.services.internal.DownloadResumableClient$ObjectStatus",
                    "com.obs.services.internal.utils.CRC64",
                    "java.util.concurrent.ConcurrentHashMap",
                    "[Ljava.util.concurrent.ConcurrentHashMap$Segment;",
                    "java.util.concurrent.ConcurrentHashMap$Segment",
                    "java.util.concurrent.locks.ReentrantLock",
                    "java.util.concurrent.locks.ReentrantLock$NonfairSync",
                    "java.util.concurrent.locks.ReentrantLock$Sync",
                    "java.util.concurrent.locks.AbstractQueuedSynchronizer",
                    "java.util.concurrent.locks.AbstractOwnableSynchronizer"));

    public SecureObjectInputStream() throws IOException, SecurityException {
        super();
    }

    public SecureObjectInputStream(InputStream in) throws IOException {
        super(in);
    }

    protected Class resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
        String name = desc.getName();
        // 白名单校验
        if (!ALLOWED_CLASS_NAMES.contains(name)) {
            throw new ClassNotFoundException(name + "not find");
        }
        return super.resolveClass(desc);
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy