RFR: 8298420: PEM API: Implementation (Preview)

Anthony Scarpino ascarpino at openjdk.org
Thu Jul 25 03:42:03 UTC 2024 

On Fri, 10 May 2024 23:51:36 GMT, ExE Boss <duke at openjdk.org> wrote:

>> Hi all,
>> 
>> I need a code review of the PEM API.  Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates.  It will be integrated into JDK24 as a Preview Feature.  Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>> 
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>> 
>> Thanks
>> 
>> Tony
>
> src/java.base/share/classes/sun/security/util/Pem.java line 93:
> 
>> 91: 
>> 92:     public static final byte[] LINESEPARATOR = "\r\n"
>> 93:         .getBytes(StandardCharsets.UTF_8);
> 
> These arrays should probably be marked as [`@Stable`]:
> Suggestion:
> 
>     /**
>      * Public Key PEM header & footer
>      */
>     public static final @Stable byte[] PUBHEADER = "-----BEGIN PUBLIC KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] PUBFOOTER = "-----END PUBLIC KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     /**
>      * Private Key PEM header & footer
>      */
>     public static final @Stable byte[] PKCS8HEADER = "-----BEGIN PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] PKCS8FOOTER = "-----END PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     /**
>      * Encrypted Private Key PEM header & footer
>      */
>     public static final @Stable byte[] PKCS8ENCHEADER = "-----BEGIN ENCRYPTED PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] PKCS8ENCFOOTER = "-----END ENCRYPTED PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     /**
>      * Certificate PEM header & footer
>      */
>     public static final @Stable byte[] CERTHEADER = "-----BEGIN CERTIFICATE-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] CERTFOOTER = "-----END CERTIFICATE-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     /**
>      * CRL PEM header & footer
>      */
>     public static final @Stable byte[] CRLHEADER = "-----BEGIN CRL-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] CRLFOOTER = "-----END CRL-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     /**
>      * PKCS#1/slleay/OpenSSL RSA PEM header & footer
>      */
>     public static final @Stable byte[] PKCS1HEADER = "-----BEGIN RSA PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
>     public static final @Stable byte[] PKCS1FOOTER = "-----END RSA PRIVATE KEY-----"
>         .getBytes(StandardCharsets.UTF_8);
> 
>     public static final @Stable byte[] LINESEPARATOR = "\r\n"
>         .getBytes(StandardCharsets.UTF_8);
> 
> 
> [`@Stable`]: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/vm/annotation/Stable.java

I have not seen `@Stable` before. I will have to evaluate this suggestion further

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r1688737679

More information about the security-dev mailing list