Record the pits encountered in the deserialization of phpserializer tool class

php In language , It has its own encapsulated serialization and deserialization methods , If we were java Deserialization is required in the project by php Serialized data , We can use PHPSerializer Tool class

pom Introduce dependencies into the file

<!--  Deserialization php Serialized string  -->
<dependency>
    <groupId>org.sction</groupId>
    <artifactId>phprpc</artifactId>
    <version>3.0.2</version>
</dependency>

It's very easy to use , Because most of the serialized data is json, The tool will be de sequenced into AssocArray Class object , So it is written as follows ：

public static AssocArray unSerializePhpStr(String str) throws InvocationTargetException, IllegalAccessException {
        if(StringUtils.isEmpty(str)) {
            return null;
        }
        PHPSerializer p = new PHPSerializer();
        return (AssocArray) p.unserialize(str.getBytes());
}

We deserialize a simple json character string ：a:1:{i:123;s:2:"id"}

String str = "a:1:{i:123;s:2:\"id\"}";
AssocArray object = PhpSerializerUtil.unSerializePhpStr(str);
HashMap hashMap = object.toHashMap();

Deserialization succeeded , We can use toHashMap() take AssocArray Conversion of objects HashMap object

But it's just simple json Deserialization ,php At serialization , Number types are serialized into i type , And in the java Chinese society differentiation int and long type , So if the value is too large , stay java Deserialization will fail in , such as ：

a:2:{i:1;i:1649729539760;s:2:"id";i:2;}

Let's try deserialization

Find a direct error , Let's take a look at the source code ：

Here you can see ,i The type directly maps to Integer, So the length will be limited . Let's take a closer look , Find a d Types can be mapped to Double, Then we will i All changed d try

str.replaceAll("i:","d:");

  Try again

It is found that the direct return is null, Although there was no mistake , But obviously not , Let's look at the source code ：

 i Follow d There should be no problem with the mapping of , The problem is a above , Let's go in and have a look

json yes <k,v> structure , You can see AssoArray Object's key Does not support Double type , So straight back to null, So we can only value Type by i Turn into d,key Can't change , But the string after deserialization is particularly difficult to distinguish key and value, It's hard to write , So simply , Direct will i Type into s（String）, such key and value All support

public static AssocArray unSerializePhpStr(String str) throws InvocationTargetException, IllegalAccessException {
        if(StringUtils.isEmpty(str)) {
            return null;
        }
        // All the integers are converted into strings , Avoid exceeding the length (key Other number types are not supported )
        String numStr = "i:";
        while (str.contains(numStr)) {
            int index = str.indexOf(numStr);
            String str1 = str.substring(0,index);
            String str2 = str.substring(index);
            int index1 = str2.indexOf(";");
            str = String.format("%ss:%d:\"%s\"%s",str1,index1-2,str2.substring(2,index1),str2.substring(index1));
        }
        PHPSerializer p = new PHPSerializer();
        return (AssocArray) p.unserialize(str.getBytes());
    }

  Let's try again ：

The discovery was successful

Be careful ：AssocArray The string type in the object value It's all about byte Array , You need to manually switch to String

Add ：AssocArray Objects are too cumbersome to handle , Add a return json Methods

/**
     *  Will all AssocArray Turn into java
     * @param str
     * @return
     * @throws InvocationTargetException
     * @throws IllegalAccessException
     */
    public static JSONObject unSerializePhpStrBackJson(String str) throws InvocationTargetException, IllegalAccessException {
        AssocArray assocArray = unSerializePhpStr(str);
        return assocArrayToHash(assocArray);
    }

    private static JSONObject assocArrayToHash(AssocArray assocArray) {
        HashMap hashMap = assocArray.toHashMap();
        JSONObject result = new JSONObject();
        for (Object key : hashMap.keySet()) {
            if(hashMap.get(key) instanceof AssocArray) {
                result.put(key.toString(),assocArrayToHash((AssocArray) hashMap.get(key)));
            }else if(hashMap.get(key) instanceof byte[]) {
                result.put(key.toString(),new String((byte[]) hashMap.get(key)));
            }else {
                result.put(key.toString(),hashMap.get(key));
            }
        }
        return result;
    }