RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation
Weijun Wang
weijun at openjdk.org
Thu Mar 14 15:39:41 UTC 2024
On Thu, 16 Nov 2023 12:06:26 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>
> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>
> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
I finally found a toy Windows 11 Home Edition machine and this code change works. The original `AllTypes.java` test also passed after I removed the `detectIfRunningWithAdminPrivileges` check.
However, I see another problem. After creating the entry as shown in step 2 in the bug report, it is listed as a private key entry in Windows-MY-LOCALMACHINE when user has admin privilege. Otherwise, it's just a trusted cert entry, which means the private key is not visible. Maybe this is expected? Because when I tried the `signtool` utility, it also does not work without admin privilege and says "no certificate were found that met all the given criteria". On the other hand, it signs an EXE successfully with admin privelege.
So we have a problem here. The entry was created as a self-signed cert with a private key but only the cert is visible. Is this still worth doing? Will this confuse users? Is it possible to make it a private key entry even if the key is not usable?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1997743863
More information about the security-dev
mailing list