From ea53bab7d77fdf22180209f0a2f3da847d690b06 Mon Sep 17 00:00:00 2001
From: Chris Rankin <chris.rankin@r3.com>
Date: Thu, 25 May 2017 17:18:51 +0100
Subject: [PATCH] Forbid internal classes from being serialised. (#655)

---
 core/src/main/kotlin/net/corda/core/Utils.kt                | 5 ++++-
 node-api/src/main/kotlin/net/corda/nodeapi/RPCStructures.kt | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/src/main/kotlin/net/corda/core/Utils.kt b/core/src/main/kotlin/net/corda/core/Utils.kt
index 89fd25e6e9..0e92a0614c 100644
--- a/core/src/main/kotlin/net/corda/core/Utils.kt
+++ b/core/src/main/kotlin/net/corda/core/Utils.kt
@@ -472,4 +472,7 @@ fun <T> Class<T>.checkNotUnorderedHashMap() {
     if (HashMap::class.java.isAssignableFrom(this) && !LinkedHashMap::class.java.isAssignableFrom(this)) {
         throw NotSerializableException("Map type $this is unstable under iteration. Suggested fix: use LinkedHashMap instead.")
     }
-}
\ No newline at end of file
+}
+
+fun Class<*>.requireExternal(msg: String = "Internal class")
+        = require(!name.startsWith("net.corda.node.") && !name.contains(".internal.")) { "$msg: $name" }
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/RPCStructures.kt b/node-api/src/main/kotlin/net/corda/nodeapi/RPCStructures.kt
index bda75a2bd4..d1c090f2ca 100644
--- a/node-api/src/main/kotlin/net/corda/nodeapi/RPCStructures.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/RPCStructures.kt
@@ -5,6 +5,7 @@ package net.corda.nodeapi
 import com.esotericsoftware.kryo.Registration
 import com.esotericsoftware.kryo.Serializer
 import com.google.common.util.concurrent.ListenableFuture
+import net.corda.core.requireExternal
 import net.corda.core.serialization.*
 import net.corda.core.toFuture
 import net.corda.core.toObservable
@@ -60,6 +61,7 @@ class RPCKryo(observableSerializer: Serializer<Observable<Any>>) : CordaKryo(mak
     }
 
     override fun getRegistration(type: Class<*>): Registration {
+        type.requireExternal("RPC not allowed to deserialise internal classes")
         if (Observable::class.java != type && Observable::class.java.isAssignableFrom(type)) {
             return super.getRegistration(Observable::class.java)
         }