RFR: 8298420: PEM API: Implementation (Preview)
ExE Boss
duke at openjdk.org
Thu Jul 25 03:42:03 UTC 2024
On Wed, 24 Jan 2024 00:01:06 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi all,
>
> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates. It will be integrated into JDK24 as a Preview Feature. Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>
> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>
> Thanks
>
> Tony
src/java.base/share/classes/java/security/PEMDecoder.java line 82:
> 80:
> 81: // Singleton instance for PEMDecoder
> 82: final private static PEMDecoder PEM_DECODER = new PEMDecoder(null, null);
Suggestion:
public final class PEMDecoder {
private final Provider factory;
private final char[] password;
// Singleton instance for PEMDecoder
private static final PEMDecoder PEM_DECODER = new PEMDecoder(null, null);
src/java.base/share/classes/java/security/PEMEncoder.java line 76:
> 74:
> 75: // Singleton instance of PEMEncoder
> 76: final private static PEMEncoder PEM_ENCODER = new PEMEncoder(null);
Suggestion:
public final class PEMEncoder {
// Singleton instance of PEMEncoder
private final static PEMEncoder PEM_ENCODER = new PEMEncoder(null);
src/java.base/share/classes/sun/security/util/Pem.java line 93:
> 91:
> 92: public static final byte[] LINESEPARATOR = "\r\n"
> 93: .getBytes(StandardCharsets.UTF_8);
These arrays should probably be marked as [`@Stable`]:
Suggestion:
/**
* Public Key PEM header & footer
*/
public static final @Stable byte[] PUBHEADER = "-----BEGIN PUBLIC KEY-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] PUBFOOTER = "-----END PUBLIC KEY-----"
.getBytes(StandardCharsets.UTF_8);
/**
* Private Key PEM header & footer
*/
public static final @Stable byte[] PKCS8HEADER = "-----BEGIN PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] PKCS8FOOTER = "-----END PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
/**
* Encrypted Private Key PEM header & footer
*/
public static final @Stable byte[] PKCS8ENCHEADER = "-----BEGIN ENCRYPTED PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] PKCS8ENCFOOTER = "-----END ENCRYPTED PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
/**
* Certificate PEM header & footer
*/
public static final @Stable byte[] CERTHEADER = "-----BEGIN CERTIFICATE-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] CERTFOOTER = "-----END CERTIFICATE-----"
.getBytes(StandardCharsets.UTF_8);
/**
* CRL PEM header & footer
*/
public static final @Stable byte[] CRLHEADER = "-----BEGIN CRL-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] CRLFOOTER = "-----END CRL-----"
.getBytes(StandardCharsets.UTF_8);
/**
* PKCS#1/slleay/OpenSSL RSA PEM header & footer
*/
public static final @Stable byte[] PKCS1HEADER = "-----BEGIN RSA PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] PKCS1FOOTER = "-----END RSA PRIVATE KEY-----"
.getBytes(StandardCharsets.UTF_8);
public static final @Stable byte[] LINESEPARATOR = "\r\n"
.getBytes(StandardCharsets.UTF_8);
[`@Stable`]: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/vm/annotation/Stable.java
src/java.base/share/classes/sun/security/util/Pem.java line 121:
> 119: * characters in the base-64 alphabet and whitespaces.
> 120: * @return the decoded bytes
> 121: * @throws java.io.IOException if input is invalid
Suggestion:
* @throws IllegalArgumentException if input is invalid
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1597305365
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1597305962
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1597304717
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1597304989
More information about the security-dev
mailing list