On Fri, 1 May 2026 17:14:01 GMT, Anthony Scarpino <[email protected]> wrote:
>> Please review the finalized PEM API at https://openjdk.org/jeps/8376991. The >> most significant changes from the second preview, JEP 524 >> (https://openjdk.org/jeps/524), include: >> >> - The `PEM` class is now an ordinary class rather than a record. It adds >> Binary-encoded content constructors and data is defensively copied. >> - The `DEREncodable` interface is renamed to `BinaryEncodable` to more >> accurately reflect the binary data stored in PEM text. >> - In `EncryptedPrivateKeyInfo`, the `encrypt` methods now accept >> `BinaryEncodable`, and the `getKey()` and `getKeyPair()` methods no longer >> include a `Provider` parameter. >> - A new `CryptoException` class indicates failures in cryptographic >> processing at runtime. >> >> thanks >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Anthony Scarpino has updated the pull request incrementally with one > additional commit since the last revision: > > withFactoriesOf src/java.base/share/classes/java/security/BinaryEncodable.java line 37: > 35: * This interface is implemented by security API classes that contain > 36: * binary-encodable cryptographic material. > 37: * Add a `<p>` here. src/java.base/share/classes/java/security/PEMDecoder.java line 71: > 69: * > 70: * <p> For {@code PublicKey} and {@code PrivateKey} types, > algorithm-specific > 71: * subclasses are returned if supported, such as {@code ECPublicKey} or Is this always true? src/java.base/share/classes/java/security/PEMDecoder.java line 113: > 111: * for decryption, an {@link EncryptedPrivateKeyInfo} is returned. > 112: * A {@code PEMDecoder} configured for decryption can also decode > unencrypted PEM. > 113: * Add a `<p>` here. src/java.base/share/classes/java/security/PEMDecoder.java line 136: > 134: * @implNote This implementation decodes non-encrypted RSA PRIVATE KEY > as {@code PrivateKey}, > 135: * X509 CERTIFICATE and X.509 CERTIFICATE as {@code X509Certificate}, > and CRL as > 136: * {@code X509CRL}. Other implementations may recognize additional PEM > types. I am not sure what "additional PEM types" mean here. We certainly cannot decode to other types because `BinaryEncodable` is sealed. If you mean decode to `PEM`, that's already described above ("no corresponding class") and it does not belong to an `@implNote`. This also appears in `PEMEncoder`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174500872 PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174505808 PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174515151 PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174528122
