RFR: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints [v8]
Hai-May Chao
hchao at openjdk.java.net
Wed Jan 26 17:43:08 UTC 2022
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` class when performing algorithm constraints checks. This change is to enhance `keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` and `checkKey` parameters. For the keyusage in the EE certificate of a certificate chains, set the variant accordingly when calling `CertPathConstraintsParameters` constructor.
Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
Update test as reformatted denyAfterDate not fixed that depends on date in exception msg
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7039/files
- new: https://git.openjdk.java.net/jdk/pull/7039/files/34f7efd8..f7358702
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7039&range=07
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7039&range=06-07
Stats: 13 lines in 2 files changed: 6 ins; 2 del; 5 mod
Patch: https://git.openjdk.java.net/jdk/pull/7039.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7039/head:pull/7039
PR: https://git.openjdk.java.net/jdk/pull/7039
More information about the security-dev
mailing list