RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

[Weijun Wang]

On Wed, 13 Mar 2024 16:57:17 GMT, Mat Carter <macarte at openjdk.org> wrote:

>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>> 
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>> 
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> I welcome your contribution and feel that it will be a worthwhile improvement; and I'm happy to give feedback (and have done already), but as an author I'm not able to sponsor this change.
> 
> The original enhancement has gone through a review process and has not had any security related bugs raised against it.  The scenario this change targets is a valid one, but is not a security vulnerability as the original enhancement does not circumvent security.  The choice to deploy to a less-secure environment to use the feature is a user choice.
> 
> While the change in this PR is trivial, it is still classed as an enhancement as it's not addressing a bug; ie. the original change functions as expected.  That you have identified a scenario and supplied a patch is much appreciated; however the change will need to go through review as it changes functionality; again we'll need to consider informing the user as the change could lead to unexpected deployment issues (it may also require documentation changes [CSR]).

@macarte If you find the change ok, you can also add yourself as a reviewer even if the OpenJDK bot might not count you as a *R*eviewer.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1995257115