jdk Udiff src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java

src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java

@@ -528,11 +528,12 @@
                 if (next(cp)) {
                     return;
                 }
                 throw new CertPathValidatorException(
                         "Algorithm constraints check failed on certificate " +
-                                "anchor limits",
+                                "anchor limits. " + algorithm + " used with " +
+                                cp.getCertificate().getSubjectX500Principal(),
                         null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
             }
         }
     }

@@ -609,12 +610,12 @@
              if (!denyAfterDate.after(currentDate)) {
                  if (next(cp)) {
                      return;
                  }
                  throw new CertPathValidatorException(
-                         "denyAfter constraint check failed.  " +
-                                 "Constraint date: " +
+                         "denyAfter constraint check failed: " + algorithm +
+                                 " used with Constraint date: " +
                                  dateFormat.format(denyAfterDate) + "; "
                                  + errmsg + dateFormat.format(currentDate),
                          null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
              }
          }

@@ -642,10 +643,11 @@
     private static class KeySizeConstraint extends Constraint {
 
         private int minSize;            // the minimal available key size
         private int maxSize;            // the maximal available key size
         private int prohibitedSize = -1;    // unavailable key sizes
+        private int size;
 
         public KeySizeConstraint(String algo, Operator operator, int length) {
             algorithm = algo;
             switch (operator) {
                 case EQ:      // an unavailable key size

@@ -693,11 +695,13 @@
                 if (nextConstraint != null) {
                     nextConstraint.permits(cp);
                     return;
                 }
                 throw new CertPathValidatorException(
-                        "Algorithm constraints check failed on keysize limits",
+                        "Algorithm constraints check failed on keysize limits."
+                                + algorithm + " " + size + "bit used with " +
+                                cp.getCertificate().getSubjectX500Principal(),
                         null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
             }
         }

@@ -720,11 +724,11 @@
             // Verify this constraint is for this public key algorithm
             if (algorithm.compareToIgnoreCase(key.getAlgorithm()) != 0) {
                 return true;
             }
 
-            int size = KeyUtil.getKeySize(key);
+            size = KeyUtil.getKeySize(key);
             if (size == 0) {
                 return false;    // we don't allow any key of size 0.
             } else if (size > 0) {
                 return !((size < minSize) || (size > maxSize) ||
                     (prohibitedSize == size));

< prev index next >