": .Default
"Windows-ROOT": .Default.AuthRoot, .GroupPolicy, .Enterprise, .SmartCard
Please let me know if there are any existing efforts to bring this
functionality to Java, or references to prior decisions on this subject
Thanks in advance
Mat Carter
[1]
https://docs.microsoft.
like to
introduce/discuss: this is to allow developers to access the key stores with
read only permissions, thus allowing enumeration and reading without requiring
administrative permissions be granted to the application (thus increasing
security)
Thanks in advance
Mat
Sent from Outlook
From
ess any
of the Keystores? like “Windows-ROOT/ADdressbook”?
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: security-dev im Auftrag von Mat
Carter
Gesendet: Dienstag, April 5, 2022 5:22 PM
An: Wei-Jun Wang
Cc: security-dev@openjdk.java.net
Betreff: Re: Propo
happy for me to make the changes then please ack here and
re-assign the issue to me
[1] https://bugs.openjdk.java.net/browse/JDK-6782021
Thanks
Mat
Sent from Outlook<http://aka.ms/weboutlook>
From: Wei-Jun Wang
Sent: Monday, April 11, 2022 11:45 AM
To:
On Windows you can now access the local machine keystores using the strings
"Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the application
requires admin privileges.
"Windows-MY" and "Windows-ROOT" remain unchanged, however given these original
keystore strings mapped to the cu
On Tue, 12 Apr 2022 16:55:28 GMT, Mat Carter wrote:
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter has r
On Windows you can now access the local machine keystores using the strings
"Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the application
requires admin privileges.
"Windows-MY" and "Windows-ROOT" remain unchanged, however given these original
keystore strings mapped to the cu
Weijun
Here's a PR [1] if you would like to review and consider sponsoring
[1] https://github.com/openjdk/jdk/pull/8211
Cheers
Mat
Sent from Outlook<http://aka.ms/weboutlook>
From: Wei-Jun Wang
Sent: Monday, April 11, 2022 3:33 PM
To: Mat Carter
On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter wrote:
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows
On Wed, 27 Apr 2022 02:33:24 GMT, Bernd wrote:
>> src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 419:
>>
>>> 417: __leave;
>>> 418: }
>>> 419: if ((pszCertStoreLocation =
>>> env->GetStringUTFChars(jCertStoreLocation, NULL))
>>
>> Would it be ea
On Wed, 27 Apr 2022 19:33:10 GMT, Weijun Wang wrote:
>> src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 487:
>>
>>> 485: // Check if private key available - client authentication
>>> certificate
>>> 486: // must have private key available.
>>> 487:
On Wed, 27 Apr 2022 19:33:37 GMT, Mat Carter wrote:
>> And also, is there a ReleaseString missing?
>
> Thanks for the feedback, I'm going to incorporate that into the PR
> And also, is there a ReleaseString missing?
Yes an error when I "patched" my repo, but based
On Wed, 27 Apr 2022 21:41:30 GMT, Mat Carter wrote:
>> Same question. Does a new type name automagically add support for CNG?
>
> Correct, it does enable access to certificates and keys that require next
> (second) generation cryptographic providers, that were previously
> i
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter has
On Wed, 27 Apr 2022 21:47:15 GMT, Mat Carter wrote:
>> Thanks for the feedback, I'm going to incorporate that into the PR
>
>> And also, is there a ReleaseString missing?
>
> Yes an error when I "patched" my repo, but based on the feedback there will
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
On Wed, 4 May 2022 03:18:43 GMT, Weijun Wang wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace string parameter with int and supporting constants
>
> Also, please remove trailing
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
On Wed, 4 May 2022 03:10:10 GMT, Weijun Wang wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace string parameter with int and supporting constants
>
> src/jdk.crypto.mscapi/windo
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter has
On Thu, 5 May 2022 14:32:14 GMT, Weijun Wang wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Removed whitespace and simply passing ints between java and C++
>
> I'd like to con
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter ha
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter has u
On Tue, 10 May 2022 13:07:02 GMT, Weijun Wang wrote:
>> @wangweij - regarding the two tests for localmachine, these will throw a
>> KeyStore exception "Access denied" if the test is not run as admin, is there
>> anyway in the test to make that a requirement? If so we could split into
>> two t
On Tue, 10 May 2022 22:01:16 GMT, Weijun Wang wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add test from wangweij
>
> test/jdk/sun/security/mscapi/AllTypes.java line 60:
>
>
the original two strings, i.e. no duplication of code paths etc
>
> No new tests added, keystore functionality and API remains unchanged, the
> local machine keystore types would require the tests to run in admin mode
>
> Tested on windows, passes tier1 and tier2 tests
Mat Carter has updat
On Tue, 10 May 2022 23:17:54 GMT, Mat Carter wrote:
>> test/jdk/sun/security/mscapi/AllTypes.java line 60:
>>
>>> 58: return true;
>>> 59: } catch (IOException ioe) {
>>> 60: if
>>> (ioe.getMessage().trim().e
On Tue, 10 May 2022 18:55:50 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
On Mon, 16 May 2022 16:59:02 GMT, Weijun Wang wrote:
>> @christophbrejla - my goal is to backport to latest (18 or 19), 17 and 11
>
> @macarte I think Sean's comment on your CSR about the scope is correct. The
> "algorithm" name should be at the JDK level so user knows what to write in
> their
On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter wrote:
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows
31 matches
Mail list logo
