Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 19
Affects Version/s: 6
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto
Resolved In Build:
b23
CPU:

x86
OS:

windows_xp

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8303490	17.0.8-oracle	Sean Coffey	P4	Resolved	Fixed	b01
JDK-8292747	17.0.5	Christoph Langer	P4	Resolved	Fixed	b04
JDK-8303520	11.0.20-oracle	Sean Coffey	P4	Resolved	Fixed	b01
JDK-8293440	11.0.18	Christoph Langer	P4	Resolved	Fixed	b01

A DESCRIPTION OF THE REQUEST :
Only 2 keystore types are available with the SunMSCAPI provider (Windows-MY / Windows-ROOT)..
None of this 2 types allows to retrieve the local computer certificates, only the user ertificates can be seen.

JUSTIFICATION :
There is no way to access the local computer certificates using java.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Either define a new store type like Windows-LOCALCOMPUTER,
or also list the computer local certificates when using the Windows-MY store type.
ACTUAL -
Listing the certificates using the Windows-MY keystore only retrieves the user cerficiates, excluding the local computer certificates.

---------- BEGIN SOURCE ----------
// first make sure to have a computer certificate installed in the windows local computer keystore
// use the certificate managament console if necessary (MMC), select the certificates component, then select computer account instead of user account
// then this code will list the certificates found by the SunMSCAPI provider

try {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null) ;
Enumeration<String> en = ks.aliases() ;

while (en.hasMoreElements()) {
String aliasKey = (String)en.nextElement() ;
X509Certificate c = (X509Certificate)ks.getCertificate(aliasKey) ;
System.out.println("---> alias : " + aliasKey) ;
System.out.println(" Certificat subjectDN : " + c.getSubjectDN() ) ;
System.out.println(" Certificat issuerDN : " + c.getIssuerDN() ) ;
}

} catch (Exception e) {
e.printStackTrace();
}

---------- END SOURCE ----------

backported by

JDK-8292747 It is not possible to read local computer certificates with the SunMSCAPI provider

Resolved

JDK-8293440 It is not possible to read local computer certificates with the SunMSCAPI provider

Resolved

JDK-8303490 It is not possible to read local computer certificates with the SunMSCAPI provider

Resolved

JDK-8303520 It is not possible to read local computer certificates with the SunMSCAPI provider

Resolved

csr for

JDK-8284850 It is not possible to read local computer certificates with the SunMSCAPI provider

Closed

relates to

JDK-8026953 Add support for MS Cryptography next generation (CNG)

Closed

JDK-8313367 SunMSCAPI cannot read Local Computer certs w/o Windows elevation

Open

links to

Commit openjdk/jdk11u-dev/f75b74d1

Commit openjdk/jdk17u-dev/e3c178d6

Commit openjdk/jdk/5e5500cb

Review openjdk/jdk11u-dev/1348

Review openjdk/jdk17u-dev/630

Review openjdk/jdk/8210

Review openjdk/jdk/8211

(2 relates to, 7 links to)

1.	Doc change For JDK-6782021 (The KeyStore row of the SunMSCAPI provider needs to be updated)		Resolved	Raymond Gallardo
2.	Release Note: Windows KeyStore Updated to Include Access to the Local Machine Location		Closed	Unassigned

Assignee:: Mat Carter

Reporter:: Nelson Dcosta (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2008-12-08 02:29

Updated:: 2023-07-28 19:22

Resolved:: 2022-05-16 19:44

Imported:: 15/Sep/12 7:04 AM

Indexed:: 17/Jul/12 4:49 AM

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates