RFR: 8365288: PEMDecoder should throw ClassCastException [v3]

Anthony Scarpino ascarpino at openjdk.org
Mon Aug 25 19:46:40 UTC 2025


On Mon, 25 Aug 2025 19:36:35 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   update test bugid
>
> src/java.base/share/classes/java/security/PEMDecoder.java line 440:
> 
>> 438:                         .getKeySpec(key, X509EncodedKeySpec.class);
>> 439:                 } else {
>> 440:                     throw new IllegalArgumentException("Invalid KeySpec.");
> 
> Should this also be CCE?

I would say no.  This checks that `tClass` is a valid class to cast to.  That should be an IAE because it's a input value.  The CCE happens when the KeyFactory rejected a valid class argument.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26734#discussion_r2298971716


More information about the security-dev mailing list