RFR: 8298420: PEM API: Implementation (Preview) [v17]
Anthony Scarpino
ascarpino at openjdk.org
Thu May 15 01:31:27 UTC 2025
On Mon, 12 May 2025 18:49:56 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>>
>> comments on the 11th
>
> src/java.base/share/classes/java/security/PEMRecord.java line 101:
>
>> 99: // including lowercase. The onus is on the caller.
>> 100: if (type != null && (type.startsWith("-") || type.contains("BEGIN") ||
>> 101: type.contains("END") || type.endsWith("-"))) {
>
> How about checking for `startsWith("BEGIN␣")` and `startsWith("END␣")`. Maybe some day there will be a type named "ENDPOINT" or "BACKEND NAME".
Well I can't change the calls to `startsWith()` because there are more likely dashes. It's just a non-fool proof check that someone didn't put the whole header or footer in the String. If there is a conflict, we will have time to address it as it will involve the RFC process.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2089994122
More information about the security-dev
mailing list