RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v4]

[Weijun Wang]

On Thu, 25 Sep 2025 23:03:11 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Hi
>> 
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API.  The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>> 
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>> 
>> thanks
>> 
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
> 
>   missed some decoder comments

One test comment.

test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeyPair.java line 103:

> 101:             "PublicKey didn't match with decoded.");
> 102:         Asserts.assertEqualsByteArray(kps.origPubEncoding, actualPubEncoding,
> 103:             "PublicKey didn't match with decoded.");

There is no need to always compare public key encoding twice. You can compare `kpOrig.getPublic()` and `mlkemKP.getPubic()` once after line 72.

Then you can just compare `mlkemKP` and `kp` and there is no need to invent a new `KeyPairs` type.

I would more like to see this test and `GetKey` merged, probably also covering `getKeySpec`.

-------------

PR Review: https://git.openjdk.org/jdk/pull/27147#pullrequestreview-3296464508
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2400109232