First iteration of v3

Signed-off-by: Thomas Calmant <thomas.calmant@gmail.com>

Author: tcalmant

README.md

@@ -67,6 +67,18 @@ it, and avoids a mismatch between the referenced object and the transformed one.
 The `v2` implementation provides a new API for the object transformers.
 Please look at the *Usage (V2)* section in this file.
 
+### Object transformers V3
+
+| Implementations | Version  |
+|-----------------|----------|
+| `v3`            | `0.5.0+` |
+
+The `v3` implementation is a full rewrite targeting **Python 3.12+**.
+It uses `dataclasses`, structural pattern matching (`match/case`) and PEP 604
+union types.  Its API is intentionally similar to `v2` but fixes several
+correctness issues and adds stricter safety limits.
+Please look at the *Usage (V3)* and *Migration to V3* sections in this file.
+
 ### Bytes arrays
 
 | Implementations | Version  |
@@ -98,7 +110,8 @@ You can find a sample usage in the *Custom Transformer* section in this file.
 
 ## Requirements
 
-* Python >= 2.7 or Python >= 3.4
+* Python >= 2.7 or Python >= 3.4 for `v1` and `v2`
+* Python >= 3.12 for `v3`
 * `enum34` and `typing` when using Python <= 3.4 (installable with `pip`)
 * Maven 2+ (for building test data of serialized objects.
   You can skip it if you do not plan to run `tests.py`)
@@ -480,3 +493,143 @@ pobj = javaobj.loads("custom_objects.ser", *transformers)
 # it's static. See: https://stackoverflow.com/a/16477421/12621168
 print(pobj.field_data["int_not_in_fields"])
 ```
+
+## Usage (V3 implementation)
+
+> **Requires Python 3.12+.**
+
+The `javaobj.v3` package is a full rewrite of the Java object stream parser.
+It provides the same two entry-points as `v2`:
+
+* `load(fd, *transformers, use_numpy_arrays=False, max_array_size=…, max_depth=500)`:
+  Parses a binary file descriptor opened in `rb` mode and returns the top-level
+  object if the stream contains exactly one, a list of objects if there are
+  several, or `None` for an empty stream.  Pass additional `ObjectTransformer`
+  instances as positional arguments.
+
+* `loads(data, *transformers, …)`:
+  Convenience wrapper around `load()` that accepts `bytes`.
+
+Sample usage:
+
+```python
+import javaobj.v3 as javaobj
+
+with open("obj5.ser", "rb") as fd:
+    pobj = javaobj.load(fd)
+
+# Access fields by name (preferred)
+value = pobj.get_field("myField")
+
+# Or use attribute-style access (issues a warning on ambiguity)
+value = pobj.myField
+```
+
+### New features in V3
+
+| Feature | V1 | V2 | V3 |
+|---|---|---|---|
+| Python 3.12+ (`match/case`, PEP 604) | ✗ | ✗ | ✓ |
+| Fully typed (`dataclasses`, `TypeAlias`) | ✗ | partial | ✓ |
+| `TC_RESET` handling | ✗ | ✗ | ✓ |
+| `TC_EXCEPTION` in object graph | ✗ | ✗ | ✓ |
+| `TC_PROXYCLASSDESC` | ✗ | ✓ | ✓ |
+| Security limits (max depth / array size) | ✗ | ✗ | ✓ |
+| Correct `TYPE_CHAR` numpy dtype (`>u2`) | ✗ | ✗ | ✓ |
+| Typed exception hierarchy | ✗ | ✗ | ✓ |
+| `BlockData.__eq__(bytes)` compatibility | ✓ | ✓ | ✓ |
+
+### Security limits
+
+`v3` adds two optional safety limits that prevent resource exhaustion when
+parsing untrusted streams:
+
+```python
+import javaobj.v3 as javaobj
+
+with open("untrusted.ser", "rb") as fd:
+    pobj = javaobj.load(
+        fd,
+        max_array_size=10 * 1024 * 1024,  # 10 MiB max per array
+        max_depth=100,                      # max object-graph depth
+    )
+```
+
+### Object Transformer V3
+
+The `ObjectTransformer` base class in `v3` has the same three override points
+as in `v2`:
+
+* `create_instance(classdesc)` — return a `JavaInstance` subclass (or `None`
+  to fall back to the next transformer).
+* `load_array(reader, type_code, size)` — called for `TC_ARRAY` records;
+  return the array data (`bytes` or `list`) or `None` to use the default logic.
+* `load_custom_writeObject(parser, reader, class_name)` — called when a
+  class written with `writeObject()` requires fully custom parsing.
+
+The `DefaultObjectTransformer` additionally exposes a public `handles(name)`
+method that returns `True` when the transformer knows how to load the given
+Java class name.
+
+### Using NumPy arrays (V3)
+
+```python
+import javaobj.v3 as javaobj
+
+with open("arrays.ser", "rb") as fd:
+    pobj = javaobj.load(fd, use_numpy_arrays=True)
+```
+
+When `use_numpy_arrays=True`, a `NumpyArrayTransformer` is appended to the
+transformer list and primitive arrays are returned as `numpy.ndarray`.
+
+---
+
+## Migration to V3
+
+### From V1 to V3
+
+| V1 | V3 |
+|---|---|
+| `import javaobj` | `import javaobj.v3 as javaobj` |
+| `pobj.classdesc.name` | `pobj.classdesc.name` (unchanged) |
+| `pobj.myField` (direct attribute) | `pobj.get_field("myField")` (preferred) or `pobj.myField` |
+| `pobj._data` on arrays | `pobj.data` (public) |
+| `javaobj.JavaObjectUnmarshaller` | removed — use `javaobj.v3.parser.JavaStreamParser` |
+| `javaobj.JavaObjectMarshaller` | marshalling not available in `v3` |
+| Exceptions: bare `Exception` | Typed: `ParseError`, `UnexpectedOpcodeError`, … |
+
+Shallow conversion helper (best-effort, for gradual migration):
+
+```python
+from javaobj.v3._compat import v1_to_v3
+v3_obj = v1_to_v3(v1_obj)
+```
+
+### From V2 to V3
+
+| V2 | V3 |
+|---|---|
+| `import javaobj.v2 as javaobj` | `import javaobj.v3 as javaobj` |
+| `javaobj.load(fd)` | `javaobj.load(fd)` (same signature) |
+| `javaobj.loads(data)` | `javaobj.loads(data)` (same signature) |
+| `pobj.classdesc.name` | `pobj.classdesc.name` (unchanged) |
+| `pobj.field_data[cd][field]` | `pobj.field_data[cd][field]` (unchanged) |
+| `pobj.get_field("name")` | `pobj.get_field("name")` (unchanged) |
+| `pobj.__getattr__` ambiguity silent | warns when field exists in multiple classes |
+| `transformer._type_mapper` (private) | `transformer.handles(name)` (public) |
+| `JavaArray.data` (`tuple` of ints for bytes) | `JavaArray.data` (`bytes` for `TYPE_BYTE`) |
+| `BlockData` compared with `bytes` | `BlockData.__eq__(bytes)` still works |
+| `use_numpy_arrays=True` (v2 option) | `use_numpy_arrays=True` (same) |
+| No depth/size limits | `max_depth=500`, `max_array_size=100 MiB` |
+| No typed exceptions | `ParseError`, `SecurityError`, … |
+
+Shallow conversion helper (best-effort, for gradual migration):
+
+```python
+from javaobj.v3._compat import v2_to_v3
+v3_obj = v2_to_v3(v2_obj)
+```
+
+> **Note:** `v3` requires **Python 3.12+** and does **not** support marshalling
+> (writing).  If you need to write Java object streams, use `v1`.

javaobj/v3/__init__.py

@@ -0,0 +1,195 @@
+#!/usr/bin/env python3
+"""
+Rewritten version of the un-marshalling process of javaobj (v3)
+
+This package targets Python 3.12+ and provides fully typed parsing of the
+Java Object Serialization stream format, in read-only mode.
+
+:authors: Thomas Calmant
+:license: Apache License 2.0
+:version: 0.5.0
+:status: Alpha
+
+..
+
+    Copyright 2026 Thomas Calmant
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+"""
+
+# Standard library
+from io import BytesIO
+from typing import IO, Any
+
+# Javaobj
+from ..utils import java_data_fd
+
+# Also expose the beans sub-module so that ``javaobj.v3.beans.JavaInstance``
+# works out of the box (same pattern as v2).
+from . import beans  # noqa: F401
+from .beans import (
+    BlockData,
+    ClassDataType,
+    ClassDescType,
+    ExceptionState,
+    FieldType,
+    JavaArray,
+    JavaClass,
+    JavaClassDesc,
+    JavaEnum,
+    JavaField,
+    JavaInstance,
+    JavaString,
+    ParsedContent,
+)
+from .exceptions import (
+    JavaObjError,
+    ParseError,
+    SecurityError,
+    UnexpectedOpcodeError,
+    UnsupportedFeatureError,
+)
+from .parser import JavaStreamParser
+from .reader import DataReader
+from .transformers import (
+    DefaultObjectTransformer,
+    NumpyArrayTransformer,
+    ObjectTransformer,
+)
+
+__all__ = [
+    # Entry points
+    "load",
+    "loads",
+    # Transformer API
+    "ObjectTransformer",
+    "DefaultObjectTransformer",
+    "NumpyArrayTransformer",
+    # Bean types
+    "JavaInstance",
+    "JavaArray",
+    "JavaString",
+    "JavaEnum",
+    "JavaClass",
+    "JavaClassDesc",
+    "JavaField",
+    "BlockData",
+    "ExceptionState",
+    "FieldType",
+    "ClassDataType",
+    "ClassDescType",
+    "ParsedContent",
+    # Parser
+    "JavaStreamParser",
+    "DataReader",
+    # Exceptions
+    "JavaObjError",
+    "ParseError",
+    "UnexpectedOpcodeError",
+    "UnsupportedFeatureError",
+    "SecurityError",
+]
+
+# ------------------------------------------------------------------------------
+
+# Module version
+__version_info__ = (0, 5, 0)
+__version__ = ".".join(str(x) for x in __version_info__)
+
+# Documentation strings format
+__docformat__ = "restructuredtext en"
+
+# ------------------------------------------------------------------------------
+# Public API
+# ------------------------------------------------------------------------------
+
+
+def load(
+    file_object: IO[bytes],
+    *transformers: ObjectTransformer,
+    use_numpy_arrays: bool = False,
+    max_array_size: int = DataReader.DEFAULT_MAX_ARRAY_SIZE,
+    max_depth: int = DataReader.DEFAULT_MAX_DEPTH,
+) -> Any:
+    """
+    Deserializes Java object(s) from a binary file-like object.
+
+    The stream is automatically decompressed if it is GZip-compressed.
+
+    :param file_object: A readable binary stream containing a Java serialized
+                        object stream (magic ``0xACED 0x0005``).
+    :param transformers: Zero or more custom :class:`ObjectTransformer`
+                         instances.  A :class:`DefaultObjectTransformer` is
+                         always added unless one is already present.
+    :param use_numpy_arrays: When ``True`` and *numpy* is installed, primitive
+                             arrays are loaded as ``numpy.ndarray`` objects.
+    :param max_array_size: Maximum bytes for a single array allocation.
+    :param max_depth: Maximum object-graph recursion depth.
+    :return: The parsed object if the stream contains exactly one top-level
+             object, or a list of objects if there are several.
+             Returns ``None`` for an empty stream.
+    :raises ParseError: If the stream is malformed.
+    :raises SecurityError: If a safety limit is exceeded.
+    :raises UnsupportedFeatureError: If an unsupported protocol feature is
+                                     encountered.
+    """
+    # Auto-decompress GZip streams
+    fd = java_data_fd(file_object)
+
+    # Build transformer list, ensuring DefaultObjectTransformer is present
+    all_transformers: list[ObjectTransformer] = list(transformers)
+    if not any(isinstance(t, DefaultObjectTransformer) for t in all_transformers):
+        all_transformers.append(DefaultObjectTransformer())
+
+    if use_numpy_arrays:
+        all_transformers.append(NumpyArrayTransformer())
+
+    parser = JavaStreamParser(
+        fd,
+        all_transformers,
+        max_array_size=max_array_size,
+        max_depth=max_depth,
+    )
+    contents = parser.run()
+
+    if not contents:
+        return None
+    if len(contents) == 1:
+        return contents[0]
+    return contents
+
+
+def loads(
+    data: bytes,
+    *transformers: ObjectTransformer,
+    use_numpy_arrays: bool = False,
+    max_array_size: int = DataReader.DEFAULT_MAX_ARRAY_SIZE,
+    max_depth: int = DataReader.DEFAULT_MAX_DEPTH,
+) -> Any:
+    """
+    Deserializes Java object(s) from a :class:`bytes` object.
+
+    :param data: Raw bytes of a Java serialized stream.
+    :param transformers: Optional custom transformers (see :func:`load`).
+    :param use_numpy_arrays: See :func:`load`.
+    :param max_array_size: See :func:`load`.
+    :param max_depth: See :func:`load`.
+    :return: Parsed object or list of objects (see :func:`load`).
+    """
+    return load(
+        BytesIO(data),
+        *transformers,
+        use_numpy_arrays=use_numpy_arrays,
+        max_array_size=max_array_size,
+        max_depth=max_depth,
+    )