RFR: 8298420: PEM API: Implementation (Preview) [v12]

Magnus Ihse Bursie ihse at openjdk.org
Wed Feb 26 14:18:14 UTC 2025 

On Thu, 12 Dec 2024 19:59:05 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Hi all,
>> 
>> I need a code review of the PEM API.  Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates.  It will be integrated into JDK24 as a Preview Feature.  Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>> 
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>> 
>> Thanks
>> 
>> Tony
>
> Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 58 commits:
> 
>  - Merge branch 'pem-merge' into pem
>  - merge
>  - Merge in PEMRecord as part of the API.
>  - Merge branch 'pem-record' into pem-merge
>    
>    # Conflicts:
>    #	src/java.base/share/classes/java/security/PEMDecoder.java
>    #	src/java.base/share/classes/java/security/PEMRecord.java
>    #	src/java.base/share/classes/sun/security/util/Pem.java
>    #	test/jdk/java/security/PEM/PEMData.java
>    #	test/jdk/java/security/PEM/PEMDecoderTest.java
>    #	test/jdk/java/security/PEM/PEMEncoderTest.java
>  - Merge branch 'master' into pem-record
>    
>    # Conflicts:
>    #	src/java.base/share/classes/jdk/internal/javac/PreviewFeature.java
>  - test fixes & cleanup
>  - Implement stream decoding
>    fix StringBuffer/Builder
>    X509C* changes
>  - Reorg tests data
>    minor fixes
>  - merge from pem branch
>  - Merge branch 'pem' into pem-record
>    
>    # Conflicts:
>    #	src/java.base/share/classes/java/security/PEMEncoder.java
>    #	src/java.base/share/classes/sun/security/provider/X509Factory.java
>    #	src/java.base/share/classes/sun/security/util/Pem.java
>    #	test/jdk/java/security/PEM/PEMDecoderTest.java
>    #	test/jdk/java/security/PEM/PEMEncoderTest.java
>  - ... and 48 more: https://git.openjdk.org/jdk/compare/22845a77...cc952c0b

Sorry if I'm just jumping into this without having all the context, but maybe it would be a good idea to update the `GenerateCacerts` build tool to use this new API? That would mean free testing during build, and a chance to "dogfood" the API.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/17543#issuecomment-2685152219

More information about the security-dev mailing list