On Wed, 27 Apr 2022 02:26:48 GMT, Bernd <d...@openjdk.java.net> wrote:
>> On Windows you can now access the local machine keystores using the strings >> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the >> application requires admin privileges. >> >> "Windows-MY" and "Windows-ROOT" remain unchanged, however given these >> original keystore strings mapped to the current user, I added >> "Windows-MY-CURRENTUSER" and "Windows-ROOT-CURRENTUSER" so that a developer >> can explicitly specify the current user location. These two new strings >> simply map to the original two strings, i.e. no duplication of code paths etc >> >> No new tests added, keystore functionality and API remains unchanged, the >> local machine keystore types would require the tests to run in admin mode >> >> Tested on windows, passes tier1 and tier2 tests > > src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 487: > >> 485: // Check if private key available - client authentication >> certificate >> 486: // must have private key available. >> 487: HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL; > > It is not quite clear from the CSR, was this a bug (previous JDK-8026953 > incomplete) or is that only a type cleanup and using ncrypt keys worked > before? (In that Case does it need to be mentioned in csr?) Same question. Does a new type name automagically add support for CNG? ------------- PR: https://git.openjdk.java.net/jdk/pull/8211
