RFR: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints [v4]
Hai-May Chao
hchao at openjdk.java.net
Tue Jan 25 20:51:19 UTC 2022
On Mon, 24 Jan 2022 21:21:58 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` class when performing algorithm constraints checks. This change is to enhance `keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` and `checkKey` parameters. For the keyusage in the EE certificate of a certificate chains, set the variant accordingly when calling `CertPathConstraintsParameters` constructor.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Update to get denyAfter and init caks
Changed to use the previous fix, and modified test case to check for the expected date string.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7039
More information about the security-dev
mailing list