RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation
Mat Carter
macarte at openjdk.org
Wed Mar 13 18:52:13 UTC 2024
On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>
> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>
> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
If its decided that when the store is opened with readonly access that no warning is output then I'll go with the majority (please raise this discussion in the mailing list).
However, before "signing off" I'd like to see the output of manually testing the keystore API when opened in readonly mode using this method.
I believe that with this change we can modify the original jtreg test as the test will be able to enumerate the keystore and load it without an access denied exception
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1995367148
More information about the security-dev
mailing list