RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v4]
Weijun Wang
weijun at openjdk.org
Thu Apr 11 13:06:47 UTC 2024
On Wed, 10 Apr 2024 13:09:37 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> Yes it's self signed one.
>>
>> No it's not added to any other keystore. When I said "TrustedCertificateEntry" it's only because in a Java KeyStore an entry with only a certificate is called a TrustedCertificateEntry.
>>
>> So my concern is that inside Windows-MY-LOCALMACHINE, this entry actually contains a private key. But because of user privilege missing, the private key is not available and it shows as a certificate entry.
>
>> But because of user privilege missing, the private key is not available and it shows as a certificate entry.
>
> You can have applications that need a certificate (public key) only e.g. to verify signatures. This way you can use the same entry by both types of applications.
@rebarbora-mckvak Can you please update [this test](https://github.com/openjdk/jdk/blob/master/test/jdk/sun/security/mscapi/AllTypes.java)? There is no need for the `hasAdminPrivileges` flag now.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2049650028
More information about the security-dev
mailing list