RFR: 8298420: PEM API: Implementation (Preview) [v9]

Wed Oct 30 21:10:15 UTC 2024

On Mon, 21 Oct 2024 19:52:36 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Hi all,
>> 
>> I need a code review of the PEM API.  Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates.  It will be integrated into JDK24 as a Preview Feature.  Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>> 
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>> 
>> Thanks
>> 
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
> 
>   apparently <p> can't be before a @implNote.. Who know.

Can you please support the read-public-key-from-pkcs8 feature in `NamedKeyFactory::engineGeneratePublic` method? It could be something like

        } else if (keySpec instanceof PKCS8EncodedKeySpec p8spec) {
            try {
                var p8key = new PKCS8Key(p8spec.getEncoded());
                var pubEncoding = p8key.getPubKeyEncoded();
                if (pubEncoding == null) {
                    throw new InvalidKeySpecException(
                            "This PKCS8EncodedKeySpec does not contain a public key");
                }
                return fromX509(p8key.getPubKeyEncoded());
            } catch (InvalidKeyException e) {
                throw new InvalidKeySpecException(e);
            }

BTW, I see in your other `KeyFactory` updates you haven't checked if `getPubKeyEncoded()` returns null. Will it throw NPE instead of IKSE?

-------------

PR Comment: https://git.openjdk.org/jdk/pull/17543#issuecomment-2448351437