8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

[satyenme]

Backporting JDK-8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation. With the current code, the enhancement developed to allow keystore access provider SunMSCAPI to access the Windows Local Computer keystore, JDK-6782021, works as expected only if processes are run as elevated. When run with non-elevated access, the SunMSCAPI provider fails to access a read only private key from the Local Computer certificate store. Adjusts code so if the process does not have write permissions, the store is opened as read-only (instead of failing). Ran GHA Sanity Checks, local Tier 1 and 2, and modified test directly (although not on a Windows machine). Patch is clean.

---

Progress

• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8313367 needs maintainer approval

Issue

• JDK-8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation (Bug - P3 - Approved)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/1860/head:pull/1860
$ git checkout pull/1860

Update a local copy of the PR:
$ git checkout pull/1860
$ git pull https://git.openjdk.org/jdk21u-dev.git pull/1860/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1860

View PR using the GUI difftool:
$ git pr show -t 1860

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/1860.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back ssubramaniam! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@satyenme This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 28 new commits pushed to the master branch:

• 1f68db7: 8314166: Update googletest to v1.14.0
• 293f811: 8358310: ZGC: riscv, ppc ZPlatformAddressOffsetBits may return a too large value
• 1bcffac: 8333326: Linux Alpine build fails after 8302744
• ... and 25 more: https://git.openjdk.org/jdk21u-dev/compare/c7409c79614a0693694e979065205bd847a5bee9...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[openjdk]

⚠️ @satyenme This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

[mlbridge]

Webrevs

• 00: Full (9ce19dd7)

[satyenme]

/approval request for backport of JDK-8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation

Motivation: Without this backport, unless run with elevated permissions, the SunMSCAPI keystore access provider will fail with a access denied RuntimeException on Windows. With this backport if the process does not have write permissions, the store is opened as read-only (instead of failing). This change has been backported by Oracle to 21, 17, and 11.

Risk: Low. Ran GHA Sanity Checks, local Tier 1 and 2, and new test directly (though not on a Windows machine). Patch is clean. Change has been present in tip since November, 2024.

[openjdk]

@satyenme
8313367: The approval request has been created successfully.

[satyenme]

/integrate

[openjdk]

Going to push as commit 96866ce.
Since your change was applied there have been 30 commits pushed to the master branch:

• e1b6aa2: 8342782: AWTEventMulticaster throws StackOverflowError using AquaButtonUI
• f0521e4: 8353655: Clean up and open source KeyEvent related tests (Part 1)
• 1f68db7: 8314166: Update googletest to v1.14.0
• ... and 27 more: https://git.openjdk.org/jdk21u-dev/compare/c7409c79614a0693694e979065205bd847a5bee9...master

Your commit was automatically rebased without conflicts.

[openjdk]

@satyenme Pushed as commit 96866ce.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.