RFR: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints [v2]
Hai-May Chao
hchao at openjdk.java.net
Mon Jan 24 21:21:59 UTC 2022
On Mon, 24 Jan 2022 16:12:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 4908:
>
>> 4906: if (eMessage.contains("denyAfter constraint check failed") &&
>> 4907: e.getReason() == BasicReason.ALGORITHM_CONSTRAINED) {
>> 4908: String separator = "java.security: ";
>
> Did you consider extracting the date from the security property? Ex: `Security.getProperty("jdk.certpath.disabledAlgorithms")`? I think that would be a better solution instead of parsing the exception message, which might change in the future.
Fixed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7039
More information about the security-dev
mailing list