RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v4]

[MustavData]

On Wed, 3 Apr 2024 21:54:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> When UAC is enabled and there is no privilege, I can see that some private key entries (Ex: the one for iis) become trusted certificate entries, which means their private key is not observable. Have you noticed something similar? Are you OK with them shown as trusted certificate entries?

@wangweij , to clarify:

1. Does the IIS example happen to be a self-signed TLS certificate like an [IIS Express Certificate](https://blogs.iis.net/robert_mcmurray/how-to-trust-the-iis-express-self-signed-certificate)?
2. By "trusted certificate", are you referring to a certificate that has been added to a Windows "Trusted Root Certification Authorities / Certificates" keystore location? 

If both answers are "yes", then that is normally an acceptable practice for a dev/build/test (DBT) environment.  Adding a self-signed certificate to that keystore makes it verifiable at runtime.   If that step is not taken, a security policy violation message could halt your tests, or you could encounter message dialogs that interrupt the flow of your tests. 

A self-signed code signing certificate can also become trusted using this technique in a DBT environment.   Code signing tools do not always require, or even utilize, an ability to perform a runtime verification.   But it is certainly useful for testing.  For example, if an application requests elevation, a verification check is performed by the UAC.   On success, the dialog message is green, and on failure it is yellow.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2043689563