8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)

[ascarpino]

Hi

Please review the Second Preview for the PEM API. The most significant changes from JEP 470 are:

• Renamed the name of PEMRecord class to PEM.
• Revised the new encryptKey methods of the EncryptedPrivateKeyInfo class to accept DEREncodable objects rather than just PrivateKey objects so that cryptographic objects with public keys, i.e., KeyPair and PKCS8EncodedKeySpec, can also be encrypted.
• Enhanced the PEMEncoder and PEMDecoder classes to support the encryption and decryption of KeyPair and PKCS8EncodedKeySpec objects.

thanks

Tony

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change requires CSR request JDK-8367431 to be approved
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issues

• JDK-8360564: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) (Enhancement - P4)
• JDK-8367431: Implement JEP 524: PEM Encodings of Cryptographic Objects (Second Preview) (CSR)

Reviewers

• Weijun Wang (@wangweij - Reviewer)

Reviewers without OpenJDK IDs

• @koushikthirupattur (no known openjdk.org user name / role)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27147/head:pull/27147
$ git checkout pull/27147

Update a local copy of the PR:
$ git checkout pull/27147
$ git pull https://git.openjdk.org/jdk.git pull/27147/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27147

View PR using the GUI difftool:
$ git pr show -t 27147

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27147.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back ascarpino! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@ascarpino The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[ascarpino]

/csr

[openjdk]

@ascarpino has indicated that a compatibility and specification (CSR) request is needed for this pull request.

@ascarpino please create a CSR request for issue JDK-8360564 with the correct fix version. This pull request cannot be integrated until the CSR request is approved.

[mlbridge]

Webrevs

• 12: Full - Incremental (0d95043c)
• 11: Full - Incremental (e1405c06)
• 10: Full - Incremental (4bf48dda)
• 09: Full - Incremental (e08d0626)
• 08: Full - Incremental (682bfa17)
• 07: Full - Incremental (45f30dd3)
• 06: Full - Incremental (2e9332b9)
• 05: Full - Incremental (3e183c5a)
• 04: Full - Incremental (db913c3c)
• 03: Full - Incremental (e13bff47)
• 02: Full - Incremental (24be35c1)
• 01: Full - Incremental (b2d0defd)
• 00: Full (c493fa08)

[wangweij]

Some comments.

[wangweij]

Is it correct to put the 2 new methods here? Seems not closely related to PEM.

[ascarpino]

They are needed by PEM and EKPI, so this seems like the right place.

[wangweij]

This method is very similar to PKCS8Key::parseKey. Maybe we should combine them.

[ascarpino]

Before the code review, I intentionally split these apart. I didn't like how the code looked and that returning a DEREncodable complicated parseKey(). It made PKCS8Key much more complicated with typecasting and passing in pair.

If I redo PKCS8Key.java, this would be on the list to find a more elegant way to merge them.

[wangweij]

So there are 2 ways to extract public key from PKCS8. Are you going to check whether they match?

Also, can we add a test case for this format?

[ascarpino]

In this method, there is only one path for SEC1v2 requires the version to be 1, PKCS8 requires the version to be 2. The two should not intersect in this method.

It is true that a version 2 OneAsymmetricKey could contain a SEC1v2 private key encoding. At that point a KeyFactory needs to generate both keys to verify. I think that goes beyond what is necessary for what amounts to a "user error" in putting the wrong public and private key pair together.

I would like to explore redoing PKCS8Key.java as it has taken on many more tasks with encoding & decoding different algorithms. But I don't want that to be tied to a JEP, rather a bug or RFE.

[wangweij]

If any of these ifs is false null is returned. Would you rather throw an IAE?

[wangweij]

I see there could be a

parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,

Shall we skip it?

[ascarpino]

This only checks if one is available in the private key material. If there is none, null is fine.

The domain parameters are kept as part of private key SEC1v2 encoding and can be read when generating a private key with a KeyFactory. Translating the encoding could be error-prone, and maybe incompatible.

[wangweij]

Oh, I meant if both [0] and [1] are there you can skip [0] and read [1]. Currently you just check for [1].

[ascarpino]

Oh yes, I didn't add a skip.

[seanjmullan]

Suggest rewording as "... if there was no data preceding the PEM header ..."

Why do you allow null when there is a ctor that does not have a leadingData parameter - is there a reason for this?

[ascarpino]

I thought it was more friendly to specify a constructor when leadingData was known to be not needed. The other constructor is used by PEMDecoder decoding is not known until decoding the stream occurs.

[seanjmullan]

You mean they are recoverable? Otherwise it should probably be an IAE.

[seanjmullan]

It's a little odd this throws a ClassCastException. This seems more like an IllegalArgumentException to me because you are passing in the wrong type.

[ascarpino]

@wangweij pushed for CCE instead of IAE. It is a valid argument, but cannot be cast to that object. I think one can make a case for both exception types, but CCE was a bit stronger.

[seanjmullan]

Put this in a finally block so it gets cleared even if generateEncoding throws an exception. You should also clear the return value of generateEncoding (before you clone it). Although I don't think you need the clone, since generateEncoding returns a new array each time.

[wangweij]

Unfortunately generateEncoding also assigned the result to the internal field encodedKey.

[ascarpino]

@wangweij is correct, generateEncoding() is setting the instance variable encodedKey. A finally-block is likely necessary if an exception happens after privateKeyMaterial is set in generateEncoding()

[seanjmullan]

Ok, that could be fixed by creating another method that just does the encoding (and change generateEncoding to call that), but maybe we can fix that later.

[ascarpino]

There are generic changes to PKCS8Key outside of PEM that I'd like to do, I can look at it then.

[seanjmullan]

This actually throws an IllegalArgumentException if the key derivation fails.

[ascarpino]

Yes, I wrote the javadoc based on a suggestion, then didn't update when the constructor was changed.

[wangweij]

Very minor comments.

[wangweij]

Some tiny comments.

[koushikthirupattur]

LGTM!