On 09/10/2019 14:54, Sean Mullan wrote:
...X509CertImpl extends X509Certificate which extends Certificate. Certificate has a writeReplace method.
Another possible follow-on is to add readObject methods, that unconditionally throw, to both X509Certificate and X509CertImpl, since serialized instances of these types should not appear in the stream. That would be a nice addition to the suggestion to make all the fields transient - and improve the readability of the code.
-Chris.
