On Tue, 29 Oct 2024 19:50:46 GMT, rebarbora-mckvak <[email protected]> wrote:
>> This fixes the defect described at >> https://bugs.openjdk.org/browse/JDK-8313367 >> >> If the process does not have write permissions, the store is opened as >> read-only (instead of failing). >> >> Please note that permissions to use a certificate in a local machine store >> must be granted - in a management console, select a certificate, right-click >> -> All tasks... -> Manage Private Keys... -> add Full control to user. > > rebarbora-mckvak has updated the pull request incrementally with one > additional commit since the last revision: > > 8313367: getting PP_KEYSET_TYPE parameter fixed The new issue is actually related to pull request #8211. It adds `CKeyStore.storeLocation` which switches between `LOCALMACHINE` and `CURRENTUSER`. `CKeyStore.engineGetKey` passes that info to the native method `loadKeysOrCertificateChains`. However, it is not passed to `storeCertificate`/`removeCertificate` so those methods always use `CertOpenSystemStore` which always opens current user's store. ------------- PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-4062827225
