SerializationWhitelist已激活,但SerialFilter仍拒绝

时间:2018-08-22 23:20:05

标签: corda

我正在实现公证人,并且遇到net.corda.core.SerialFilter引起的问题。尽管实现了白名单,UniquenessProvider中的简单测试仍显示了反序列化错误

我的课程SerializableCommitContainer

import com.sun.istack.Nullable;
import net.corda.core.contracts.TimeWindow;
import net.corda.core.contracts.StateRef;
import net.corda.core.crypto.SecureHash;
import net.corda.core.flows.NotarisationRequestSignature;
import net.corda.core.identity.Party;

import java.io.Serializable;
import java.util.List;

public class SerializableCommitContainer implements Serializable {
    private byte[] inputStates;
    private byte[] txID;
    private byte[] callerIdentity;
    private byte[] requestSignature;
    private byte[] timewindow;

    public SerializableCommitContainer(byte[] inputStates, byte[] txID, byte[] callerIdentity,
                                       byte[] requestSignature, @Nullable byte[] timewindow) {
        this.inputStates = inputStates;
        this.txID = txID;
        this.callerIdentity = callerIdentity;
        this.requestSignature = requestSignature;
        this.timewindow = timewindow;
    }

    public SerializableCommitContainer(List<StateRef> inputStates, SecureHash txID, Party callerIdentity,
                                       NotarisationRequestSignature requestSignature,
                                       @Nullable TimeWindow timeWindow){
        this.inputStates = CustomUniquenessProvider.serialize((Serializable)inputStates);
        this.txID = CustomUniquenessProvider.serialize(txID);
        this.callerIdentity = CustomUniquenessProvider.serialize(callerIdentity);
        this.requestSignature = CustomUniquenessProvider.serialize(requestSignature);
        this.timewindow = CustomUniquenessProvider.serialize(timeWindow);


    }

    public byte[] getInputStates() {
        return inputStates;
    } 

}

我已经实现了net.corda.core.serialization.SerializationWhitelist

class Whitelist : SerializationWhitelist {
    override val whitelist:List<Class<*>> =
            listOf(SerializableCommitContainer::class.java)
}

我的公证实施

import net.corda.core.flows.FlowSession
import net.corda.core.internal.notary.NotaryServiceFlow
import net.corda.core.internal.notary.TrustedAuthorityNotaryService
import net.corda.core.node.ServiceHub
import net.corda.node.services.transactions.NonValidatingNotaryFlow

import java.security.PublicKey

class CustomNotary(override val services: ServiceHub, override val notaryIdentityKey: PublicKey) : TrustedAuthorityNotaryService() {
    override val uniquenessProvider: CustomUniquenessProvider = CustomUniquenessProvider()

    override fun createServiceFlow(otherPartySession: FlowSession): NotaryServiceFlow = NonValidatingNotaryFlow(otherPartySession, this)

    override fun start() {
    }

    override fun stop() {
    }
}

我的UniquenessProvider

import net.corda.core.contracts.StateRef;
import net.corda.core.contracts.TimeWindow;
import net.corda.core.crypto.SecureHash;
import net.corda.core.flows.NotarisationRequestSignature;
import net.corda.core.identity.Party;
import net.corda.core.internal.notary.UniquenessProvider;

import java.io.Serializable;
import java.util.List;

public class CustomUniquenessProvider implements UniquenessProvider {
    private static final Serializable notaryIdentity = "notaryIdentity";

    public CustomUniquenessProvider(){

    }

    @Override
    public void commit(List<StateRef> states, SecureHash txId, Party callerIdentity, NotarisationRequestSignature requestSignature, TimeWindow timeWindow) {
        SerializableCommitContainer nextCommit = new SerializableCommitContainer(states, txId, callerIdentity, requestSignature, timeWindow);
        byte[] serial = serialize(nextCommit);
        Serializable deserial = deserialize(serial);
        if(deserial == null){
            System.out.println("CC DESERIALIZATION FAILED\n");
        }
    }
    public static byte[] serialize(final Serializable serializable)
    {
        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
        ObjectOutputStream stream;
        try {
          stream = new ObjectOutputStream(bytes);
          stream.writeObject(serializable);
          stream.close();
          byte[] ba = bytes.toByteArray();
          bytes.close();
          return ba;
        } catch (IOException e) {
          return null;
        }
     }
     public static Serializable deserialize(final byte[] byteArray){
        try {
        ois = new ObjectInputStream(bais);
        Serializable sp = (Serializable)stream.readObject();
        stream.close();
        return sp;
     } catch (Throwable e) {
     return null;
     }
}

1 个答案:

答案 0 :(得分:0)

从Corda 3.2开始,在Corda节点上禁用了Java序列化。您需要使用Corda的内置序列化引擎。

您应该首先以来自Corda代码库的示例为基础的公证,例如PersistentUniquenessProvider