RFR: 8298420: PEM API: Implementation (Preview) [v16]
Weijun Wang
weijun at openjdk.org
Fri May 9 18:19:06 UTC 2025
On Thu, 8 May 2025 20:40:28 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi all,
>>
>> I need a code review of the PEM API. Privacy-Enhanced Mail (PEM) is a format for encoding and decoding cryptographic keys and certificates. It will be integrated into JDK24 as a Preview Feature. Preview features does not permanently define the API and it is subject to change in future releases until it is finalized.
>>
>> Details about this change can be seen at [PEM API JEP](https://bugs.openjdk.org/browse/JDK-8300911).
>>
>> Thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with three additional commits since the last revision:
>
> - comments
> - toString update
> - non-sealed
> Better X509 KeyPair parsing
src/java.base/share/classes/java/security/PEMDecoder.java line 407:
> 405: * the default provider configuration.
> 406: *
> 407: * @param provider the factory provider.
This is a little awkward because the argument of `withFactory` is a provider. Shall we rename it?
Also, can we add some more description on how this method is used? For example, suppose a provider named `P1` extends `ECPublicKey` to `P1ECPublicKey`, then users should call `withFactory(p1).decode(pem, P1ECPublicKey.class)`. I assume we are not ready to do some kind of "delayed provider selection" trick to make it possible with the "original" decoder.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2082254448
More information about the security-dev
mailing list