On Mon, 24 Jan 2022 21:21:58 GMT, Hai-May Chao <hc...@openjdk.org> wrote:

>> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` 
>> class when performing algorithm constraints checks. This change is to 
>> enhance `keytool` to make use of the new methods 
>> `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` 
>> and `checkKey` parameters. For the keyusage in the EE certificate of a 
>> certificate chains, set the variant accordingly when calling 
>> `CertPathConstraintsParameters` constructor.
>
> Hai-May Chao has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Update to get denyAfter and init caks

Changed to use the previous fix, and modified test case to check for the 
expected date string.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7039

Reply via email to