RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
Weijun Wang
weijun at openjdk.java.net
Tue Apr 12 22:13:08 UTC 2022
On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter <duke at openjdk.java.net> wrote:
> On Windows you can now access the local machine keystores using the strings "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the application requires admin privileges.
>
> "Windows-MY" and "Windows-ROOT" remain unchanged, however given these original keystore strings mapped to the current user, I added "Windows-MY-CURRENTUSER" and "Windows-ROOT-CURRENTUSER" so that a developer can explicitly specify the current user location. These two new strings simply map to the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Thanks a lot for the quick contribution! I'll definitely be happy to sponsor it.
Since new keystore types are created, this needs a CSR. Go to https://bugs.openjdk.java.net/browse/JDK-6782021, click "More" and at the end there is a "Create CSR". Basically you talk about what these new keystores are and why they are useful. The scope is JDK and I assume the compatibility risk is low. There is no spec change but you can suggest new entries in the "JDK Providers Documentation" (https://docs.oracle.com/en/java/javase/18/security/oracle-providers.html#GUID-4F1737D6-1569-4340-B140-678C70E63CD5). You can also add a label like `noreg-other` to the bug and add a comment explaining what manual tests can be added, how to run it, and what the expected output is.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8211
More information about the security-dev
mailing list