Integrated: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
Hai-May Chao
hchao at openjdk.java.net
Wed Jan 26 20:34:45 UTC 2022
On Wed, 12 Jan 2022 02:15:45 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` class when performing algorithm constraints checks. This change is to enhance `keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` and `checkKey` parameters. For the keyusage in the EE certificate of a certificate chains, set the variant accordingly when calling `CertPathConstraintsParameters` constructor.
This pull request has now been integrated.
Changeset: c2ee1b33
Author: Hai-May Chao <hchao at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/c2ee1b33c37e6f2848dc8b3e5417b93b1dac1112
Stats: 432 lines in 3 files changed: 377 ins; 0 del; 55 mod
8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
Reviewed-by: mullan
-------------
PR: https://git.openjdk.java.net/jdk/pull/7039
More information about the security-dev
mailing list