On Wed, 26 Jan 2022 05:45:58 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java >> line 759: >> >>> 757: "denyAfter constraint check failed: " + >>> algorithm + >>> 758: " used with Constraint date: " + >>> 759: denyAfterDate + " (in java.security: " + >>> denyAfterString + >> >> An application could override what was in the `java.security` file by >> setting the property directly, so saying `java.security` is not totally >> precise. However, it seems you don't actually need to add this extra info to >> the exception messsage. Could we just use the `denyAfterDate` (after "used >> with Constraint date: ") and reformat it into YYYY-MM-DD format if necessary? > > Done. Removed the extra info (YYYY-MM-DD form) from the exception message > that was set in `DisabledAlgorithmConstraints` class, and re-formated the > `denyAfterDate` into YYYY-MM-DD format in keytool. The CertPathValidatorException is: `denyAfter constraint check failed: SHA1 used with Constraint date: Mon Dec 31 16:00:00 PST 2018; params date: Tue Jan 25 19:56:48 PST 2022 used with certificate: CN=CA` So, the reformat of the `denyAfterDate` to YYYY-MM-DD format will be 2018-12-31. ------------- PR: https://git.openjdk.java.net/jdk/pull/7039
