`keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` class when performing algorithm constraints checks. This change is to enhance `keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` and `checkKey` parameters. For the keyusage in the EE certificate of a certificate chains, set the variant accordingly when calling `CertPathConstraintsParameters` constructor.
------------- Commit messages: - 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints Changes: https://git.openjdk.java.net/jdk/pull/7039/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7039&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8273236 Stats: 399 lines in 3 files changed: 346 ins; 0 del; 53 mod Patch: https://git.openjdk.java.net/jdk/pull/7039.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7039/head:pull/7039 PR: https://git.openjdk.java.net/jdk/pull/7039
