A PEM base64 decoder? (was: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did)
Wang Weijun
weijun.wang at oracle.com
Mon Mar 23 09:47:51 UTC 2015
> Begin forwarded message:
>
> Date: March 23, 2015 at 16:33:18 GMT+8
> From: Florian Weimer <fweimer at redhat.com>
> To: Wang Weijun <weijun.wang at oracle.com>, OpenJDK Dev list <security-dev at openjdk.java.net>
> Subject: Re: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
>
> On 03/17/2015 11:02 AM, Wang Weijun wrote:
>> Hi All
>>
>> Please review the code change at
>>
>> http://cr.openjdk.java.net/~weijun/8074935/webrev.00/
>>
>> In jdk8, we use Base64.getMimeDecoder() to parse PEM-encoded certs and it ignores every character not in the base-64 alphabet. PEM is more restricted and as I know openssl rejects PEM with illegal chars (Ex, "!" as in bug report and test). This fix will also reject them.
>
> Shouldn't you add a Base64.getPemDecoder() with these semantics? I
> think this decoder would be useful in other contexts as well.
Sherman, is that possible?
Thanks
Max
>
> --
> Florian Weimer / Red Hat Product Security
More information about the core-libs-dev
mailing list