-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
None
-
11.0.22, 21, 23
-
generic
-
windows
ADDITIONAL SYSTEM INFORMATION :
All Windows versions, all JAVA versions
A DESCRIPTION OF THE PROBLEM :
When accessing certification authorities in the Windows store, only root certificates are available. As the library does not provide access to delegated certification authorities, server certificates issued in this context are not verifiable.
Is this a bug or intentional? If it's deliberate, it doesn't make sense.
The very purpose of accessing the Windows store is to be able to validate a server certificate by checking the entire certification chain.
Translated with DeepL.com (free version)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Implémenter un simple accès au store Windows-ROOT et afficher les certificats récupérés.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Retrieve root certification authorities and delegated certification authorities
ACTUAL -
Recovery of root certification authorities only
---------- BEGIN SOURCE ----------
import java.io.*;
import java.security.KeyStore;
import java.security.Security;
import java.util.Enumeration;
import sun.security.mscapi.SunMSCAPI;
public class test {
public static void main(String[] args) {
try {
Security.addProvider(new SunMSCAPI());
KeyStore keyStore = KeyStore.getInstance("Windows-ROOT");
keyStore.load(null, null);
Enumeration<String> aliases = keyStore.aliases();
// Print Friendly Names, a.k.a. aliases, of each certificate in the keystore
for (int i = 0 ; aliases.hasMoreElements() ; i++) {
System.out.println( aliases.nextElement() );
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The only current way to get around this bug is to comment on the use of the sunMSCAPI library in the java.security file
FREQUENCY : always
All Windows versions, all JAVA versions
A DESCRIPTION OF THE PROBLEM :
When accessing certification authorities in the Windows store, only root certificates are available. As the library does not provide access to delegated certification authorities, server certificates issued in this context are not verifiable.
Is this a bug or intentional? If it's deliberate, it doesn't make sense.
The very purpose of accessing the Windows store is to be able to validate a server certificate by checking the entire certification chain.
Translated with DeepL.com (free version)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Implémenter un simple accès au store Windows-ROOT et afficher les certificats récupérés.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Retrieve root certification authorities and delegated certification authorities
ACTUAL -
Recovery of root certification authorities only
---------- BEGIN SOURCE ----------
import java.io.*;
import java.security.KeyStore;
import java.security.Security;
import java.util.Enumeration;
import sun.security.mscapi.SunMSCAPI;
public class test {
public static void main(String[] args) {
try {
Security.addProvider(new SunMSCAPI());
KeyStore keyStore = KeyStore.getInstance("Windows-ROOT");
keyStore.load(null, null);
Enumeration<String> aliases = keyStore.aliases();
// Print Friendly Names, a.k.a. aliases, of each certificate in the keystore
for (int i = 0 ; aliases.hasMoreElements() ; i++) {
System.out.println( aliases.nextElement() );
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
The only current way to get around this bug is to comment on the use of the sunMSCAPI library in the java.security file
FREQUENCY : always