RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider [v3]

Tue May 10 13:11:56 UTC 2022

On Thu, 5 May 2022 16:36:04 GMT, Mat Carter <duke at openjdk.java.net> wrote:

>> I'd like to contribute a test. Please modify it as much as you like. You can put it inside `test/jdk/sun/security/mscapi/`.
>> 
>> /*
>>  * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
>>  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>  *
>>  * This code is free software; you can redistribute it and/or modify it
>>  * under the terms of the GNU General Public License version 2 only, as
>>  * published by the Free Software Foundation.
>>  *
>>  * This code is distributed in the hope that it will be useful, but WITHOUT
>>  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>>  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
>>  * version 2 for more details (a copy is included in the LICENSE file that
>>  * accompanied this code).
>>  *
>>  * You should have received a copy of the GNU General Public License version
>>  * 2 along with this work; if not, write to the Free Software Foundation,
>>  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>  *
>>  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
>>  * or visit www.oracle.com if you need additional information or have any
>>  * questions.
>>  */
>> 
>> import jdk.test.lib.Asserts;
>> import jdk.test.lib.SecurityTools;
>> 
>> import java.security.KeyStore;
>> import java.util.Collections;
>> import java.util.List;
>> import java.util.Locale;
>> 
>> /*
>>  * @test
>>  * @bug 6782021
>>  * @requires os.family == "windows"
>>  * @library /test/lib
>>  * @summary More keystore types
>>  */
>> public class AllTypes {
>>     public static void main(String[] args) throws Exception {
>>         var nm = test("windows-my");
>>         var nr = test("windows-root");
>>         var nmu = test("windows-my-currentuser");
>>         var nru = test("windows-root-currentuser");
>>         var nmm = test("windows-my-localmachine");
>>         var nrm = test("windows-root-localmachine");
>>         Asserts.assertEQ(nm, nmu);
>>         Asserts.assertEQ(nr, nru);
>>     }
>> 
>>     private static List<String> test(String type) throws Exception {
>>         var stdType = "Windows-" + type.substring(8).toUpperCase(Locale.ROOT);
>>         SecurityTools.keytool("-storetype " + type + " -list")
>>                 .shouldHaveExitValue(0)
>>                 .shouldContain("Keystore provider: SunMSCAPI")
>>                 .shouldContain("Keystore type: " + stdType);
>>         KeyStore ks = KeyStore.getInstance(type);
>>         ks.load(null, null);
>>         var content = Collections.list(ks.aliases());
>>         Collections.sort(content);
>>         return content;
>>     }
>> }
>
> @wangweij - regarding the two tests for localmachine, these will throw a KeyStore exception "Access denied" if the test is not run as admin, is there anyway in the test to make that a requirement?  If so we could split into two tests, one in admin that does all and one in non-admin that does the currentuser tests

@macarte You need to finalize your CSR soon if you want to include this change into JDK 19. RDP1 is 2022/06/09, and all enhancements require approval after that.

BTW, is it possible to detect whether you have admin privilege inside the test? There is a `NTSystem` class inside Java which can find out user info. Maybe the `getGroupIDs()` method will tell you if you are an admin?

We can enhance the test before RC.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8211