On Fri, 1 May 2026 17:14:01 GMT, Anthony Scarpino <[email protected]> wrote:
>> Please review the finalized PEM API at https://openjdk.org/jeps/8376991. The >> most significant changes from the second preview, JEP 524 >> (https://openjdk.org/jeps/524), include: >> >> - The `PEM` class is now an ordinary class rather than a record. It adds >> Binary-encoded content constructors and data is defensively copied. >> - The `DEREncodable` interface is renamed to `BinaryEncodable` to more >> accurately reflect the binary data stored in PEM text. >> - In `EncryptedPrivateKeyInfo`, the `encrypt` methods now accept >> `BinaryEncodable`, and the `getKey()` and `getKeyPair()` methods no longer >> include a `Provider` parameter. >> - A new `CryptoException` class indicates failures in cryptographic >> processing at runtime. >> >> thanks >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Anthony Scarpino has updated the pull request incrementally with one > additional commit since the last revision: > > withFactoriesOf src/java.base/share/classes/java/security/PEMEncoder.java line 210: > 208: } > 209: case X509EncodedKeySpec x -> buildKey(x.getEncoded(), null); > 210: case PKCS8EncodedKeySpec p -> buildKey(null, p.getEncoded()); Cleanup the result of `p.getEncoded()`. src/java.base/share/classes/java/security/PEMEncoder.java line 366: > 364: throw new IllegalArgumentException("Error while encoding", > e); > 365: } finally { > 366: KeyUtil.clear(encoding, p8KeySpec); Do we always clear `encoding` here? There is a chance it's the input `privateEncoding` argument. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174848740 PR Review Comment: https://git.openjdk.org/jdk/pull/29640#discussion_r3174855574
