RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v6]
Sean Mullan
mullan at openjdk.org
Tue Oct 14 18:22:34 UTC 2025
On Mon, 13 Oct 2025 17:22:25 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi
>>
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the PEM API. The most significant changes from [JEP 470](https://openjdk.org/jeps/470) are:
>>
>> - Renamed the name of `PEMRecord` class to `PEM`.
>> - Revised the new `encryptKey` methods of the `EncryptedPrivateKeyInfo` class to accept `DEREncodable` objects rather than just `PrivateKey` objects so that cryptographic objects with public keys, i.e., `KeyPair` and `PKCS8EncodedKeySpec`, can also be encrypted.
>> - Enhanced the `PEMEncoder` and `PEMDecoder` classes to support the encryption and decryption of `KeyPair` and `PKCS8EncodedKeySpec` objects.
>>
>> thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>
> updates
src/java.base/share/classes/java/security/PEM.java line 46:
> 44: * handle the text content directly, use the decoding methods
> 45: * {@link PEMDecoder#decode(String, Class)} or
> 46: * {@link PEMDecoder#decode(InputStream, Class)} with {@code PEM.class} as a
s/a/an/
src/java.base/share/classes/java/security/PEM.java line 66:
> 64: * <p> {@code leadingData} is {@code null} if there is no data preceding the PEM
> 65: * header during decoding. {@code leadingData} can be useful for reading
> 66: * metadata that accompanies the PEM data. This value was not defensively
s/was not/is not/
src/java.base/share/classes/java/security/PEM.java line 94:
> 92: * @param type the PEM type identifier
> 93: * @param content the Base64-encoded data, excluding the PEM header and
> 94: * footer
indent one more space?
src/java.base/share/classes/java/security/PEM.java line 96:
> 94: * footer
> 95: * @param leadingData any non-PEM data read during the decoding process
> 96: * before the PEM header. This value may be {@code null}
Missing period after null.
src/java.base/share/classes/java/security/PEM.java line 98:
> 96: * before the PEM header. This value may be {@code null}
> 97: * @throws IllegalArgumentException if {@code type} is incorrectly
> 98: * formatted
suggest indenting the second line of the throws javadoc to `IllegalArgumentException`. Same comment on other lines.
src/java.base/share/classes/java/security/PEM.java line 111:
> 109: type.startsWith("END ")) {
> 110: throw new IllegalArgumentException("PEM syntax labels found. " +
> 111: "Only the PEM type identifier is allowed");
Missing period after "allowed".
src/java.base/share/classes/java/security/PEM.java line 121:
> 119: * @param type the PEM type identifier
> 120: * @param content the Base64-encoded data, excluding the PEM header and
> 121: * footer
indent one more space?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430010324
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430026453
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430042789
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430035970
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430046763
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430039670
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2430043305
More information about the security-dev
mailing list