RFR: 8298420: Implement JEP 470: PEM Encodings of Cryptographic Objects (Preview) [v22]

Wed May 28 17:42:16 UTC 2025

On Thu, 22 May 2025 12:02:28 GMT, Krushna948 <duke at openjdk.org> wrote:

>> Anthony Scarpino has updated the pull request incrementally with three additional commits since the last revision:
>> 
>>  - comments
>>  - comments
>>  - fix EKS error after JEP 513
>
> src/java.base/share/classes/java/security/PEMDecoder.java line 90:
> 
>> 88:  * decoded into a {@code PEMRecord} by specifying {@code PEMRecord.class}.
>> 89:  * If the Class parameter doesn't match the PEM content, an
>> 90:  * {@code IllegalArgumentException} will be thrown.
> 
> Looks a Typo, it supposed to be ClassCastException?

Thanks.. I can follow up on this with post integration.

> src/java.base/share/classes/java/security/PEMDecoder.java line 485:
> 
>> 483:      * Any errors using the {@code Provider} will occur during decoding.
>> 484:      *
>> 485:      * <p>If {@code provider} is {@code null}, a new instance is returned with
> 
> May this needs to be updated as below @throws NullPointerException if {@code provider} is null

yes, this could use some clarification post-integration

> src/java.base/share/classes/java/security/PEMRecord.java line 56:
> 
>> 54:  * @param type the type identifier in the PEM header without PEM syntax labels.
>> 55:  *           For a public key, {@code type} would be "PUBLIC KEY".
>> 56:  * @param pem any data between the PEM header and footer.
> 
> Here 'pem' - any data between the PEM header and footer.
> But the constructor description below for both the constructors 
> "pem the Base64-encoded data encapsulated by the PEM header and  footer"
> 
> Observation
> If I pass the data between PEM header and  footer, the PEMRecord created successfully.
> If I include Header and Footer
> For eg  as pem string,
> 
> "-----BEGIN PUBLIC KEY-----\n" +
>             "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGRGrflwdiorIrC02pmr0jAKXI\n" +
>             "qxbBHxMUslLg8bjJiJCbanW7g7j7fR3RwGVU0cWh8rsQ/y4U7Yy0gBAsWCrr/TDS\n" +
>             "Xf3RWiZbQiQo6brZFiFZ5WgWgTpuzxDKpzLjyXCe17FXgbgEYscRPB/Rff6q2OS4\n" +
>             "H6stY3fHctzmU1HmUQIDAQAB\n" +
>             "-----END PUBLIC KEY-----";
> 
> PEMRecord creation throws java.lang.IllegalArgumentException: Illegal footer: 
> 
> Looks some inconsistency in documentation/ behavior

The code requires a end of line character.  Perhaps the documentation can be clarified later

> src/java.base/share/classes/java/security/PEMRecord.java line 111:
> 
>> 109:      * {@code null}.
>> 110:      */
>> 111:     public PEMRecord(String type, String pem) {
> 
> Observed that PEMRecord.pem returns a string with out Header and footer and removing all the new line characters from input, do we need to specify that the result string filters out the new line characters?

The class level javadoc  specifies what the `type` should contain only the type identifier like "PUBLIC KEY".  We also say there is no validation on the values entered.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2112388261
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2112390001
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2112390527
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2112398916