-
JEP Task
-
Resolution: Unresolved
-
P4
-
None
PEM is a textual encoding used for storing and transferring security objects, such as asymmetric keys, certificates, and certificate revocation lists (CRLs). New API will allow minimal statements to easily convert PEM to Java type and viceversa.
1 Test Methodology
Testing should be done on PEM syntax, API functionality, Negative cases for API, Interop with BC/OpenSSL, optionally on manipulated PEM which makes it syntactically correct but generates improper Keypair.
2 Test Inventory (optional)
Existing Tests
In addition to modifying existing tests that use KeyPair
and PKCS8EncodedKeySpec
and the first preview tests, it would be best to add new test scenarios.
This is the list of the tests that specifically target the PEM API, so these may need to be updated:
test/jdk/java/security/PEM/PEMEncoderTest.java
test/jdk/java/security/PEM/PEMDecoderTest.java
However, as PEMRecord is renamed to PEM and doesn't change its functionality, it should be automatically covered by the first preview tests after renaming.
New Tests
In order to test PEMEncoder
, the tests involving KeyPair
and PKCS8EncodedKeySpec
could be added to the existing group of tests in test/jdk/java/security/PEM/PEMEncoder.java
. Similar logic to the current tests could be used.
The same should be applied to the PEMDecoder
and test/jdk/java/security/PEM/PEMDecoderTest.java
.
Potentially, test/jdk/javax/crypto/EncryptedPrivateKeyInfo/EncryptKey.java
could be updated as well if there are any direct changes to the Encrypted Private Key API
This approach should also cover encryptKey
in the process, as this is part of the tests mentioned above.
As mentioned in the first preview test plan:
- Convert PEM -> Key and match expected type/algo and any other spec.
- Convert Key -> PEM and use the generated PEM to create self signed certificate, import into keystore etc.
- Convert PEM to Cert/CRL and viceversa
- Is the API Threadsafe?
- Test reused API Instances
- Compatibility with OpenSSL/BC
Negative
- Decode wrong PEM header/footer (private/public/cert/CRL) with wrong combination.
- Any DerEncoded binary in PEM format to Key
- Null/empty/Exception/ for API calls
Interop with OpenSSL/BC
- Refer BC library PEM -> Key and Key -> PEM usage. Test Cross compatibility for keys, certificate and crl.
- Cross compatibility with OpenSSL for keys, certificate and crl.
Deprecated Tests
N/A
- blocks
-
JDK-8360563 JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)
-
- Candidate
-
- duplicates
-
JDK-8364493 Test Plan for PEM Encodings of Cryptographic Objects (Second Preview)
-
- Closed
-
1.
|
100% public API coverage |
|
New | Unassigned | |
2.
|
80% block coverage for Java code |
|
New | Unassigned | |
3.
|
100% specification change coverage |
|
New | Unassigned | |
4.
|
99% test stability |
|
New | Unassigned | |
5.
|
100% option combination coverage |
|
New | Unassigned | |
6.
|
80% line coverage for native code |
|
New | Unassigned | |
7.
|
100% non-trivial method coverage |
|
New | Unassigned |