On Tue, 25 Jan 2022 22:40:36 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Revert to get denyAfter from exception and reload caks > > src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java > line 759: > >> 757: "denyAfter constraint check failed: " + >> algorithm + >> 758: " used with Constraint date: " + >> 759: denyAfterDate + " (in java.security: " + >> denyAfterString + > > An application could override what was in the `java.security` file by setting > the property directly, so saying `java.security` is not totally precise. > However, it seems you don't actually need to add this extra info to the > exception messsage. Could we just use the `denyAfterDate` (after "used with > Constraint date: ") and reformat it into YYYY-MM-DD format if necessary? Done. Removed the extra info (YYYY-MM-DD form) from the exception message that was set in `DisabledAlgorithmConstraints` class, and re-formated the `denyAfterDate` into YYYY-MM-DD format in keytool. ------------- PR: https://git.openjdk.java.net/jdk/pull/7039