RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

[MustavData]

On Mon, 4 Mar 2024 23:55:50 GMT, Mat Carter <macarte at openjdk.org> wrote:

>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>> 
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>> 
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> For clarification I've edited the comment in the JBS issue, replacing "feature request" with "enhancement" so that it properly matches the terminology used in JBS.

@macarte :   Thank you for the clarification.  But why do you think this issue should be an Enhancement?  It appears to be a minor scope, high impact defect that would block an application from production deployment.

Omission of a secure environment test for security Enhancement [JDK-6782021](https://bugs.openjdk.org/browse/JDK-6782021) could not have been intentional.  Its underlying requirement, like a lock on a car door, is implicit.  And, even if the fix is broader than the elegant change proposed by @rebarbora-mckvak, a documentation change should be unnecessary.

Given the threat of forgery, security around code signing is not optional.  Windows can be part of a secure platform for activities such as this, but not when applications leave issues like this unresolved.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1981871397