On Mon, 24 Jan 2022 21:21:58 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` >> class when performing algorithm constraints checks. This change is to >> enhance `keytool` to make use of the new methods >> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` >> and `checkKey` parameters. For the keyusage in the EE certificate of a >> certificate chains, set the variant accordingly when calling >> `CertPathConstraintsParameters` constructor. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Update to get denyAfter and init caks Changed to use the previous fix, and modified test case to check for the expected date string. ------------- PR: https://git.openjdk.java.net/jdk/pull/7039