A PEM base64 decoder?
Xueming Shen
xueming.shen at oracle.com
Mon Mar 23 20:26:56 UTC 2015
On 03/23/2015 02:47 AM, Wang Weijun wrote:
>
>> Begin forwarded message:
>>
>> Date: March 23, 2015 at 16:33:18 GMT+8
>> From: Florian Weimer<fweimer at redhat.com>
>> To: Wang Weijun<weijun.wang at oracle.com>, OpenJDK Dev list<security-dev at openjdk.java.net>
>> Subject: Re: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
>>
>> On 03/17/2015 11:02 AM, Wang Weijun wrote:
>>> Hi All
>>>
>>> Please review the code change at
>>>
>>> http://cr.openjdk.java.net/~weijun/8074935/webrev.00/
>>>
>>> In jdk8, we use Base64.getMimeDecoder() to parse PEM-encoded certs and it ignores every character not in the base-64 alphabet. PEM is more restricted and as I know openssl rejects PEM with illegal chars (Ex, "!" as in bug report and test). This fix will also reject them.
>> Shouldn't you add a Base64.getPemDecoder() with these semantics? I
>> think this decoder would be useful in other contexts as well.
> Sherman, is that possible?
>
While it is possible personally I will be a little hesitated to add the support for a
"deprecated" rfc into the "new" Base64 class. Any evidence that PEM is still
heavily used in other contexts?
-Sherman
More information about the core-libs-dev
mailing list