From 96656d196c466de846576edce4144533b5bc576b Mon Sep 17 00:00:00 2001
From: SEONGILKIM <shiroed1211@naver.com>
Date: Mon, 18 Dec 2023 01:23:23 +0900
Subject: [PATCH] refactor : replace deprecated serialization utils (#163)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* refactor : replace deprecated serialization utils

* 리뷰반영
---
 .../apiserver/common/util/CookieUtil.kt       | 32 ++++++++++++++-----
 ...orizationRequestBasedOnCookieRepository.kt |  3 +-
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/main/kotlin/io/csbroker/apiserver/common/util/CookieUtil.kt b/src/main/kotlin/io/csbroker/apiserver/common/util/CookieUtil.kt
index 86a1d036..5331a3f2 100644
--- a/src/main/kotlin/io/csbroker/apiserver/common/util/CookieUtil.kt
+++ b/src/main/kotlin/io/csbroker/apiserver/common/util/CookieUtil.kt
@@ -4,7 +4,11 @@ import jakarta.servlet.http.Cookie
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-import org.springframework.util.SerializationUtils
+import java.io.ByteArrayInputStream
+import java.io.ByteArrayOutputStream
+import java.io.ObjectInputStream
+import java.io.ObjectOutputStream
+import java.io.Serializable
 import java.util.Base64
 
 fun getCookie(request: HttpServletRequest, name: String) = request.cookies?.let {
@@ -32,13 +36,25 @@ fun deleteCookie(request: HttpServletRequest, response: HttpServletResponse, nam
 
 fun OAuth2AuthorizationRequest.serialize(): String {
     return Base64.getUrlEncoder()
-        .encodeToString(SerializationUtils.serialize(this))
+        .encodeToString(this.toByteArray())
 }
 
-fun <T> deserialize(cookie: Cookie, cls: Class<T>): T {
-    return cls.cast(
-        SerializationUtils.deserialize(
-            Base64.getUrlDecoder().decode(cookie.value),
-        ),
-    )
+inline fun <reified T> Cookie.deserialize(): T {
+    return Base64.getUrlDecoder().decode(this.value).let {
+        ByteArrayInputStream(it).use { byteArrayInputStream ->
+            ObjectInputStream(byteArrayInputStream).use { objectInput ->
+                objectInput.readObject()
+            }
+        }
+    } as? T ?: throw ClassCastException()
+}
+
+private fun Serializable.toByteArray(): ByteArray {
+    return ByteArrayOutputStream().use {
+        ObjectOutputStream(it).use { objectOutputStream ->
+            objectOutputStream.writeObject(this)
+            objectOutputStream.flush()
+            it.toByteArray()
+        }
+    }
 }
diff --git a/src/main/kotlin/io/csbroker/apiserver/repository/common/OAuth2AuthorizationRequestBasedOnCookieRepository.kt b/src/main/kotlin/io/csbroker/apiserver/repository/common/OAuth2AuthorizationRequestBasedOnCookieRepository.kt
index b236f04b..1ecad5b8 100644
--- a/src/main/kotlin/io/csbroker/apiserver/repository/common/OAuth2AuthorizationRequestBasedOnCookieRepository.kt
+++ b/src/main/kotlin/io/csbroker/apiserver/repository/common/OAuth2AuthorizationRequestBasedOnCookieRepository.kt
@@ -18,8 +18,7 @@ private const val COOKIE_EXPIRE_SECONDS = 180L
 class OAuth2AuthorizationRequestBasedOnCookieRepository : AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
     override fun loadAuthorizationRequest(request: HttpServletRequest): OAuth2AuthorizationRequest? {
         val cookie = getCookie(request, OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME) ?: return null
-
-        return deserialize(cookie, OAuth2AuthorizationRequest::class.java)
+        return cookie.deserialize()
     }
 
     override fun saveAuthorizationRequest(