On Sun, 27 Apr 2025 18:36:28 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> src/java.base/share/classes/java/security/PEMDecoder.java line 60:
>>
>>> 58: * A specified return class must implement {@link DEREncodable} and be
>>> an
>>> 59: * appropriate JCE object class for the PEM; otherwise an
>>> 60: * {@link IllegalArgumentException} is thrown.
>>
>> Do we need to document somewhere what "appropriate" JCE classes are for each
>> PEM type?
>
> I view this as an advanced feature for experienced users. The list is large
> and algorithm-dependent. For example an EC private key PEM could be
> PrivateKey.class, ECPrivateKey.class, PEMRecord.class,
> PKCS8EncodedKeySpec.class. I don't think it's realistic to list everything.
I see. Maybe at least point out `PEMRecord` is always a valid option? This
gives people a chance to read arbitrary (even invalid) PEMs.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17543#discussion_r2064134853
