001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.lang3;
018
019import java.io.ByteArrayInputStream;
020import java.io.ByteArrayOutputStream;
021import java.io.IOException;
022import java.io.InputStream;
023import java.io.ObjectInputStream;
024import java.io.ObjectOutputStream;
025import java.io.ObjectStreamClass;
026import java.io.OutputStream;
027import java.io.Serializable;
028import java.util.HashMap;
029import java.util.Map;
030
031/**
032 * <p>Assists with the serialization process and performs additional functionality based
033 * on serialization.</p>
034 *
035 * <ul>
036 * <li>Deep clone using serialization
037 * <li>Serialize managing finally and IOException
038 * <li>Deserialize managing finally and IOException
039 * </ul>
040 *
041 * <p>This class throws exceptions for invalid {@code null} inputs.
042 * Each method documents its behaviour in more detail.</p>
043 *
044 * <p>#ThreadSafe#</p>
045 * @since 1.0
046 */
047public class SerializationUtils {
048
049    /**
050     * <p>SerializationUtils instances should NOT be constructed in standard programming.
051     * Instead, the class should be used as {@code SerializationUtils.clone(object)}.</p>
052     *
053     * <p>This constructor is public to permit tools that require a JavaBean instance
054     * to operate.</p>
055     * @since 2.0
056     */
057    public SerializationUtils() {
058        super();
059    }
060
061    // Clone
062    //-----------------------------------------------------------------------
063    /**
064     * <p>Deep clone an {@code Object} using serialization.</p>
065     *
066     * <p>This is many times slower than writing clone methods by hand
067     * on all objects in your object graph. However, for complex object
068     * graphs, or for those that don't support deep cloning this can
069     * be a simple alternative implementation. Of course all the objects
070     * must be {@code Serializable}.</p>
071     *
072     * @param <T> the type of the object involved
073     * @param object  the {@code Serializable} object to clone
074     * @return the cloned object
075     * @throws SerializationException (runtime) if the serialization fails
076     */
077    public static <T extends Serializable> T clone(final T object) {
078        if (object == null) {
079            return null;
080        }
081        final byte[] objectData = serialize(object);
082        final ByteArrayInputStream bais = new ByteArrayInputStream(objectData);
083
084        try (ClassLoaderAwareObjectInputStream in = new ClassLoaderAwareObjectInputStream(bais,
085                object.getClass().getClassLoader())) {
086            /*
087             * when we serialize and deserialize an object,
088             * it is reasonable to assume the deserialized object
089             * is of the same type as the original serialized object
090             */
091            @SuppressWarnings("unchecked") // see above
092            final T readObject = (T) in.readObject();
093            return readObject;
094
095        } catch (final ClassNotFoundException ex) {
096            throw new SerializationException("ClassNotFoundException while reading cloned object data", ex);
097        } catch (final IOException ex) {
098            throw new SerializationException("IOException while reading or closing cloned object data", ex);
099        }
100    }
101
102    /**
103     * Performs a serialization roundtrip. Serializes and deserializes the given object, great for testing objects that
104     * implement {@link Serializable}.
105     *
106     * @param <T>
107     *           the type of the object involved
108     * @param msg
109     *            the object to roundtrip
110     * @return the serialized and deserialized object
111     * @since 3.3
112     */
113    @SuppressWarnings("unchecked") // OK, because we serialized a type `T`
114    public static <T extends Serializable> T roundtrip(final T msg) {
115        return (T) deserialize(serialize(msg));
116    }
117
118    // Serialize
119    //-----------------------------------------------------------------------
120    /**
121     * <p>Serializes an {@code Object} to the specified stream.</p>
122     *
123     * <p>The stream will be closed once the object is written.
124     * This avoids the need for a finally clause, and maybe also exception
125     * handling, in the application code.</p>
126     *
127     * <p>The stream passed in is not buffered internally within this method.
128     * This is the responsibility of your application if desired.</p>
129     *
130     * @param obj  the object to serialize to bytes, may be null
131     * @param outputStream  the stream to write to, must not be null
132     * @throws IllegalArgumentException if {@code outputStream} is {@code null}
133     * @throws SerializationException (runtime) if the serialization fails
134     */
135    public static void serialize(final Serializable obj, final OutputStream outputStream) {
136        Validate.isTrue(outputStream != null, "The OutputStream must not be null");
137        try (ObjectOutputStream out = new ObjectOutputStream(outputStream)){
138            out.writeObject(obj);
139        } catch (final IOException ex) {
140            throw new SerializationException(ex);
141        }
142    }
143
144    /**
145     * <p>Serializes an {@code Object} to a byte array for
146     * storage/serialization.</p>
147     *
148     * @param obj  the object to serialize to bytes
149     * @return a byte[] with the converted Serializable
150     * @throws SerializationException (runtime) if the serialization fails
151     */
152    public static byte[] serialize(final Serializable obj) {
153        final ByteArrayOutputStream baos = new ByteArrayOutputStream(512);
154        serialize(obj, baos);
155        return baos.toByteArray();
156    }
157
158    // Deserialize
159    //-----------------------------------------------------------------------
160    /**
161     * <p>
162     * Deserializes an {@code Object} from the specified stream.
163     * </p>
164     *
165     * <p>
166     * The stream will be closed once the object is written. This avoids the need for a finally clause, and maybe also
167     * exception handling, in the application code.
168     * </p>
169     *
170     * <p>
171     * The stream passed in is not buffered internally within this method. This is the responsibility of your
172     * application if desired.
173     * </p>
174     *
175     * <p>
176     * If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site.
177     * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException.
178     * Note that in both cases, the ClassCastException is in the call site, not in this method.
179     * </p>
180     *
181     * @param <T>  the object type to be deserialized
182     * @param inputStream
183     *            the serialized object input stream, must not be null
184     * @return the deserialized object
185     * @throws IllegalArgumentException
186     *             if {@code inputStream} is {@code null}
187     * @throws SerializationException
188     *             (runtime) if the serialization fails
189     */
190    public static <T> T deserialize(final InputStream inputStream) {
191        Validate.isTrue(inputStream != null, "The InputStream must not be null");
192        try (ObjectInputStream in = new ObjectInputStream(inputStream)) {
193            @SuppressWarnings("unchecked")
194            final T obj = (T) in.readObject();
195            return obj;
196        } catch (final ClassNotFoundException | IOException ex) {
197            throw new SerializationException(ex);
198        }
199    }
200
201    /**
202     * <p>
203     * Deserializes a single {@code Object} from an array of bytes.
204     * </p>
205     *
206     * <p>
207     * If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site.
208     * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException.
209     * Note that in both cases, the ClassCastException is in the call site, not in this method.
210     * </p>
211     *
212     * @param <T>  the object type to be deserialized
213     * @param objectData
214     *            the serialized object, must not be null
215     * @return the deserialized object
216     * @throws IllegalArgumentException
217     *             if {@code objectData} is {@code null}
218     * @throws SerializationException
219     *             (runtime) if the serialization fails
220     */
221    public static <T> T deserialize(final byte[] objectData) {
222        Validate.isTrue(objectData != null, "The byte[] must not be null");
223        return deserialize(new ByteArrayInputStream(objectData));
224    }
225
226    /**
227     * <p>Custom specialization of the standard JDK {@link java.io.ObjectInputStream}
228     * that uses a custom  <code>ClassLoader</code> to resolve a class.
229     * If the specified <code>ClassLoader</code> is not able to resolve the class,
230     * the context classloader of the current thread will be used.
231     * This way, the standard deserialization work also in web-application
232     * containers and application servers, no matter in which of the
233     * <code>ClassLoader</code> the particular class that encapsulates
234     * serialization/deserialization lives. </p>
235     *
236     * <p>For more in-depth information about the problem for which this
237     * class here is a workaround, see the JIRA issue LANG-626. </p>
238     */
239     static class ClassLoaderAwareObjectInputStream extends ObjectInputStream {
240        private static final Map<String, Class<?>> primitiveTypes =
241                new HashMap<>();
242
243        static {
244            primitiveTypes.put("byte", byte.class);
245            primitiveTypes.put("short", short.class);
246            primitiveTypes.put("int", int.class);
247            primitiveTypes.put("long", long.class);
248            primitiveTypes.put("float", float.class);
249            primitiveTypes.put("double", double.class);
250            primitiveTypes.put("boolean", boolean.class);
251            primitiveTypes.put("char", char.class);
252            primitiveTypes.put("void", void.class);
253        }
254
255        private final ClassLoader classLoader;
256
257        /**
258         * Constructor.
259         * @param in The <code>InputStream</code>.
260         * @param classLoader classloader to use
261         * @throws IOException if an I/O error occurs while reading stream header.
262         * @see java.io.ObjectInputStream
263         */
264        ClassLoaderAwareObjectInputStream(final InputStream in, final ClassLoader classLoader) throws IOException {
265            super(in);
266            this.classLoader = classLoader;
267        }
268
269        /**
270         * Overridden version that uses the parameterized <code>ClassLoader</code> or the <code>ClassLoader</code>
271         * of the current <code>Thread</code> to resolve the class.
272         * @param desc An instance of class <code>ObjectStreamClass</code>.
273         * @return A <code>Class</code> object corresponding to <code>desc</code>.
274         * @throws IOException Any of the usual Input/Output exceptions.
275         * @throws ClassNotFoundException If class of a serialized object cannot be found.
276         */
277        @Override
278        protected Class<?> resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException {
279            final String name = desc.getName();
280            try {
281                return Class.forName(name, false, classLoader);
282            } catch (final ClassNotFoundException ex) {
283                try {
284                    return Class.forName(name, false, Thread.currentThread().getContextClassLoader());
285                } catch (final ClassNotFoundException cnfe) {
286                    final Class<?> cls = primitiveTypes.get(name);
287                    if (cls != null) {
288                        return cls;
289                    }
290                    throw cnfe;
291                }
292            }
293        }
294
295    }
296
297}