From 00042becb5593d15138f7b5317c9d1f8db8108b2 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 15 May 2023 08:54:18 +0200
Subject: chore(utils): optimize type-specific deserialization

---
 .../java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java    | 3 ++-
 .../java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java   | 2 +-
 .../at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java    | 3 +++
 3 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'eaaf_core_utils')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
index 1924e165..ebeeddb4 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java
@@ -54,7 +54,8 @@ public class EaafObjectInputStream extends ObjectInputStream {
         throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
 
       } else if (objectDeep > 0
-          && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName()))) {
+          && !(isValidClassType(clazz) || Object.class.getName().equals(desc.getName())
+              || Object[].class.getName().equals(desc.getName()))) {
         throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
 
       } else {
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
index efb4c9be..49b992f6 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java
@@ -84,7 +84,7 @@ public class EaafSerializationUtils {
    * allow-list.<br>
    * <b>Hint:</b> Do NOT set {@link Object} as allowed class, because any class is
    * an super-type of {@link Object}. This method implementation allows
-   * {@link Object} as explicit type with strict check-mode.
+   * {@link Object} and Object[] as explicit type with strict check-mode.
    * </p>
    *
    * @param bytes            a serialized object
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java
index 98747b41..3535b217 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/utils/EaafSerializationUtilsTest.java
@@ -112,6 +112,9 @@ public class EaafSerializationUtilsTest {
     assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize(
         object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class));
 
+    assertThrows(IllegalArgumentException.class, () -> EaafSerializationUtils.typeSpecificDeserialize(
+        object, Sets.newHashSet(DummyClassA.class, DummyClassB.class), DummyClassC.class));
+
     assertNotNull(EaafSerializationUtils.typeSpecificDeserialize(
         object, Sets.newHashSet(DummyClassA.class, DummyClassB.class,
             Throwable.class, StackTraceElement[].class,
-- 
cgit v1.2.3