RFR: 8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) [v7]
Anthony Scarpino
ascarpino at openjdk.org
Thu Oct 23 16:25:58 UTC 2025
On Wed, 22 Oct 2025 18:22:28 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - fix non-pbe
>> - doc updates, zeroing, fix unencrypted keypair encoding, exception mods
>
> src/java.base/share/classes/java/security/PEMDecoder.java line 298:
>
>> 296: * @param str a String containing PEM data
>> 297: * @return a {@code DEREncodable}
>> 298: * @throws IllegalArgumentException on error in decoding or no PEM data found
>
> It looks like this method will throw `EOFException` and not `IllegalArgumentException` if there is no PEM data because it calls decode with a `ByteArrayInputStream` so uses that method which throws an `EOFException`.
>
> Same comment for method that takes a `Class` argument.
EOFException is a child of IOException, so the catch covers this.
> src/java.base/share/classes/java/security/PEMEncoder.java line 285:
>
>> 283: * @return a new {@code PEMEncoder} instance configured for encryption
>> 284: * @throws NullPointerException when password is {@code null}
>> 285: * @throws ProviderException if generating the encryption key fails.
>
> This actually throws an `IllegalArgumentException` if the key derivation fails.
Yes, I wrote the javadoc based on a suggestion, then didn't update when the constructor was changed.
> src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 1:
>
>> 1: /*
>
> Some inconsistency in parameter definitions that are the same across different methods. Please check and use consistent wording.
I cleaned up the inconsistencies I found in encrypt, getKey, and getKeyPair.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453138454
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453074907
PR Review Comment: https://git.openjdk.org/jdk/pull/27147#discussion_r2453811060
More information about the security-dev
mailing list