A PEM base64 decoder? (was: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did)

Wang Weijun Mon, 23 Mar 2015 02:49:16 -0700


> Begin forwarded message:
> 
> Date: March 23, 2015 at 16:33:18 GMT+8
> From: Florian Weimer <[email protected]>
> To: Wang Weijun <[email protected]>, OpenJDK Dev list 
> <[email protected]>
> Subject: Re: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 
> 1421 correctness, as jdk7 did
> 
> On 03/17/2015 11:02 AM, Wang Weijun wrote:
>> Hi All
>> 
>> Please review the code change at
>> 
>>   http://cr.openjdk.java.net/~weijun/8074935/webrev.00/
>> 
>> In jdk8, we use Base64.getMimeDecoder() to parse PEM-encoded certs and it 
>> ignores every character not in the base-64 alphabet. PEM is more restricted 
>> and as I know openssl rejects PEM with illegal chars (Ex, "!" as in bug 
>> report and test). This fix will also reject them.
> 
> Shouldn't you add a Base64.getPemDecoder() with these semantics?  I
> think this decoder would be useful in other contexts as well.


Sherman, is that possible?

Thanks
Max

> 
> -- 
> Florian Weimer / Red Hat Product Security

A PEM base64 decoder? (was: RFR 8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did)

Reply via email to