On Tue, 19 Mar 2024 15:23:39 GMT, rebarbora-mckvak <d...@openjdk.org> wrote:
>> This fixes the defect described at >> https://bugs.openjdk.org/browse/JDK-8313367 >> >> If the process does not have write permissions, the store is opened as >> read-only (instead of failing). >> >> Please note that permissions to use a certificate in a local machine store >> must be granted - in a management console, select a certificate, right-click >> -> All tasks... -> Manage Private Keys... -> add Full control to user. > > rebarbora-mckvak has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains two commits: > > - 8313367: signHash finds a key in the local machine store > - 8313367: Local Computer store is opened with max. allowed permissions src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 806: > 804: { > 805: // If the key is in a local machine store, we need to > try again with CRYPT_MACHINE flag. > 806: // See > https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/cryptacquirecontext-troubleshooting Since you said "if the key is in a local machine store", do you need to check if this is true before retrying with the `CRYPT_MACHINE_KEYSET` flag? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16687#discussion_r1532753649
