Details
-
Type:
Enhancement
-
Status: Resolved
-
Priority:
P4
-
Resolution: Fixed
-
Affects Version/s: 6
-
Fix Version/s: 19
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Resolved In Build:b23
-
CPU:x86
-
OS:windows_xp
Description
A DESCRIPTION OF THE REQUEST :
Only 2 keystore types are available with the SunMSCAPI provider (Windows-MY / Windows-ROOT)..
None of this 2 types allows to retrieve the local computer certificates, only the user ertificates can be seen.
JUSTIFICATION :
There is no way to access the local computer certificates using java.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Either define a new store type like Windows-LOCALCOMPUTER,
or also list the computer local certificates when using the Windows-MY store type.
ACTUAL -
Listing the certificates using the Windows-MY keystore only retrieves the user cerficiates, excluding the local computer certificates.
---------- BEGIN SOURCE ----------
// first make sure to have a computer certificate installed in the windows local computer keystore
// use the certificate managament console if necessary (MMC), select the certificates component, then select computer account instead of user account
// then this code will list the certificates found by the SunMSCAPI provider
try {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null) ;
Enumeration<String> en = ks.aliases() ;
while (en.hasMoreElements()) {
String aliasKey = (String)en.nextElement() ;
X509Certificate c = (X509Certificate)ks.getCertificate(aliasKey) ;
System.out.println("---> alias : " + aliasKey) ;
System.out.println(" Certificat subjectDN : " + c.getSubjectDN() ) ;
System.out.println(" Certificat issuerDN : " + c.getIssuerDN() ) ;
}
} catch (Exception e) {
e.printStackTrace();
}
---------- END SOURCE ----------
Only 2 keystore types are available with the SunMSCAPI provider (Windows-MY / Windows-ROOT)..
None of this 2 types allows to retrieve the local computer certificates, only the user ertificates can be seen.
JUSTIFICATION :
There is no way to access the local computer certificates using java.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Either define a new store type like Windows-LOCALCOMPUTER,
or also list the computer local certificates when using the Windows-MY store type.
ACTUAL -
Listing the certificates using the Windows-MY keystore only retrieves the user cerficiates, excluding the local computer certificates.
---------- BEGIN SOURCE ----------
// first make sure to have a computer certificate installed in the windows local computer keystore
// use the certificate managament console if necessary (MMC), select the certificates component, then select computer account instead of user account
// then this code will list the certificates found by the SunMSCAPI provider
try {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null) ;
Enumeration<String> en = ks.aliases() ;
while (en.hasMoreElements()) {
String aliasKey = (String)en.nextElement() ;
X509Certificate c = (X509Certificate)ks.getCertificate(aliasKey) ;
System.out.println("---> alias : " + aliasKey) ;
System.out.println(" Certificat subjectDN : " + c.getSubjectDN() ) ;
System.out.println(" Certificat issuerDN : " + c.getIssuerDN() ) ;
}
} catch (Exception e) {
e.printStackTrace();
}
---------- END SOURCE ----------
Attachments
Issue Links
- csr for
-
JDK-8284850 It is not possible to read local computer certificates with the SunMSCAPI provider
-
- Closed
-
- relates to
-
JDK-8026953 Add support for MS Cryptography next generation (CNG)
-
- Closed
-