Java序列化(X509CertificateObject)
我正在尝试使用org.apache.commons.lang3.SerializationUtils对Bouncy CastleJava序列化(X509CertificateObject),java,serialization,apache-commons,bouncycastle,x509,Java,Serialization,Apache Commons,Bouncycastle,X509,我正在尝试使用org.apache.commons.lang3.SerializationUtils对Bouncy CastleX509CertificateObject进行序列化和反序列化。 显然,反序列化对象的类型(sun.security.x509.X509CertImpl)与原始序列化对象(org.bouncycastle.jce.provider.X509CertificateObject)不同。结果铸造失败。 我做错了什么 public static void test(X509Ce
X509CertificateObject
进行序列化和反序列化。
显然,反序列化对象的类型(sun.security.x509.X509CertImpl
)与原始序列化对象(org.bouncycastle.jce.provider.X509CertificateObject
)不同。结果铸造失败。
我做错了什么
public static void test(X509CertificateObject certObj) {
byte[] serializedObj;
Object deSerializedObj;
X509CertificateObject deSerializedCertObj;
X509Certificate deSerializedCert;
System.out.println("certObj type: " + certObj.getClass().getName());
serializedObj = SerializationUtils.serialize(certObj);
deSerializedObj = SerializationUtils.deserialize(serializedObj);
System.out.println("deSerializedObj type: " + deSerializedObj.getClass().getName());
deSerializedCert = (X509Certificate) deSerializedObj;
System.out.println("deSerializedCert type: " + deSerializedCert.getClass().getName());
deSerializedCertObj = (X509CertificateObject) deSerializedObj;
System.out.println("deSerializedCertObj type: " + deSerializedCertObj.getClass().getName());
}
结果:
certObj type: org.bouncycastle.jce.provider.X509CertificateObject
deSerializedObj type: sun.security.x509.X509CertImpl
deSerializedCert type: sun.security.x509.X509CertImpl
最后在
java.lang.ClassCastException: sun.security.x509.X509CertImpl cannot be cast to org.bouncycastle.jce.provider.X509CertificateObject
at Test.test(Test.java:1010)
at Test.main(Test.java:153)
这是因为
X509CertificateObject
的上层类,即X509CertificateObject
,是抽象的和/或是因为X509CertificateObject
没有定义自己的serialVersionUID
?只是转换为java.security.cert.X509Certificate
,所有其他类都应该扩展它。您当然不应该期待或使用sun.
类。我终于找到了一个解决方法。
Java序列化问题似乎是由于BC和Java JCE之间的冲突造成的。
我现在使用的是:
他既不期望也不使用
sun.*
类。他只是在反序列化中得到了一个。为了测试,我在X509Certificate中插入了一个cast。此强制转换成功,但是强制转换对象的类型仍然是sun.security.x509.X509CertImpl。我很困惑这是怎么发生的,进一步解释为什么这是可能的,而对X509CertificateObject的强制转换却失败了。@ThomasLieven所以X509CertImpl扩展了X509Certificate。这里没有什么神秘之处。X509CertificateObject也将扩展它。但是xxxImpl没有扩展xxxObject,反之亦然。我不知道使用X509Certificate没有解决的问题是什么。
import org.apache.commons.codec.binary.StringUtils;
import com.thoughtworks.xstream.XStream;
public static byte[] serializeToXML(Object obj, XStream xStreamConfig)
throws Exception
{
XStream xstream;
String certObjString;
byte[] certObjByte;
if(xStreamConfig == null) {
xstream = new XStream();
} else {
xstream = xStreamConfig;
}
certObjString = xstream.toXML(obj);
certObjByte = StringUtils.getBytesUtf8(certObjString);
return certObjByte;
}
public static Object deserializeFromXML(byte[] objectByteArray, XStream xStreamConfig)
{
String objectString;
Object object;
XStream xstream;
if(xStreamConfig == null) {
xstream = new XStream();
} else {
xstream = xStreamConfig;
}
objectString = StringUtils.newStringUtf8(objectByteArray);
object = xstream.fromXML(objectString);
return object;
}