RFR: 8298420: PEM API: Implementation (Preview) [v16]
Weijun Wang
weijun at openjdk.org
Fri May 9 18:00:05 UTC 2025
On Thu, 8 May 2025 20:40:28 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates. It will be integrated into JDK24 as a Preview Feature. Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>>
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>>
>> Thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with three additional commits since the last revision:
>
> - comments
> - toString update
> - non-sealed
> Better X509 KeyPair parsing
src/java.base/share/classes/java/security/PEMRecord.java line 87:
> 85: */
> 86: public PEMRecord(String type, String pem, byte[] leadingData) {
> 87: this.leadingData = (leadingData == null ? null : leadingData.clone());
Not sure we should do the cloning at creation and in the getter. A record is _known_ to be only shallowly immutable and users should be prepared for this, for example, do not pass it to an untrusted method if they want to reuse it. I'd rather change this back to a normal class if you believe array cloning is necessary.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2082235234
More information about the security-dev
mailing list