RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider [v3]

Mat Carter duke at openjdk.java.net
Thu May 5 16:39:18 UTC 2022 

On Thu, 5 May 2022 14:32:14 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Mat Carter has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Removed whitespace and simply passing ints between java and C++
>
> I'd like to contribute a test. Please modify it as much as you like. You can put it inside `test/jdk/sun/security/mscapi/`.
> 
> /*
>  * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
>  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>  *
>  * This code is free software; you can redistribute it and/or modify it
>  * under the terms of the GNU General Public License version 2 only, as
>  * published by the Free Software Foundation.
>  *
>  * This code is distributed in the hope that it will be useful, but WITHOUT
>  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
>  * version 2 for more details (a copy is included in the LICENSE file that
>  * accompanied this code).
>  *
>  * You should have received a copy of the GNU General Public License version
>  * 2 along with this work; if not, write to the Free Software Foundation,
>  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>  *
>  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
>  * or visit www.oracle.com if you need additional information or have any
>  * questions.
>  */
> 
> import jdk.test.lib.Asserts;
> import jdk.test.lib.SecurityTools;
> 
> import java.security.KeyStore;
> import java.util.Collections;
> import java.util.List;
> import java.util.Locale;
> 
> /*
>  * @test
>  * @bug 6782021
>  * @requires os.family == "windows"
>  * @library /test/lib
>  * @summary More keystore types
>  */
> public class AllTypes {
>     public static void main(String[] args) throws Exception {
>         var nm = test("windows-my");
>         var nr = test("windows-root");
>         var nmu = test("windows-my-currentuser");
>         var nru = test("windows-root-currentuser");
>         var nmm = test("windows-my-localmachine");
>         var nrm = test("windows-root-localmachine");
>         Asserts.assertEQ(nm, nmu);
>         Asserts.assertEQ(nr, nru);
>     }
> 
>     private static List<String> test(String type) throws Exception {
>         var stdType = "Windows-" + type.substring(8).toUpperCase(Locale.ROOT);
>         SecurityTools.keytool("-storetype " + type + " -list")
>                 .shouldHaveExitValue(0)
>                 .shouldContain("Keystore provider: SunMSCAPI")
>                 .shouldContain("Keystore type: " + stdType);
>         KeyStore ks = KeyStore.getInstance(type);
>         ks.load(null, null);
>         var content = Collections.list(ks.aliases());
>         Collections.sort(content);
>         return content;
>     }
> }

@wangweij - regarding the two tests for localmachine, these will throw a KeyStore exception "Access denied" if the test is not run as admin, is there anyway in the test to make that a requirement?  If so we could split into two tests, one in admin that does all and one in non-admin that does the currentuser tests

-------------

PR: https://git.openjdk.java.net/jdk/pull/8211

More information about the security-dev mailing list