RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider

[Weijun Wang]

On Wed, 27 Apr 2022 02:26:48 GMT, Bernd <duke at openjdk.java.net> wrote:

>> On Windows you can now access the local machine keystores using the strings "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the application requires admin privileges.
>> 
>> "Windows-MY" and "Windows-ROOT" remain unchanged, however given these original keystore strings mapped to the current user, I added "Windows-MY-CURRENTUSER" and "Windows-ROOT-CURRENTUSER" so that a developer can explicitly specify the current user location. These two new strings simply map to the original two strings, i.e. no duplication of code paths etc
>> 
>> No new tests added, keystore functionality and API remains unchanged, the local machine keystore types would require the tests to run in admin mode
>> 
>> Tested on windows, passes tier1 and tier2 tests
>
> src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 487:
> 
>> 485:             // Check if private key available - client authentication certificate
>> 486:             // must have private key available.
>> 487:             HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL;
> 
> It is not quite clear from the CSR, was this a bug (previous JDK-8026953 incomplete) or is that only a type cleanup and using ncrypt keys worked before? (In that Case does it need to be mentioned in csr?)

Same question. Does a new type name automagically add support for CNG?

-------------

PR: https://git.openjdk.java.net/jdk/pull/8211