Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-378

xml-security-c cannot initialise on a Windows system with mandatory user profiles

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • C++ 1.7.2
    • C++ 1.7.3
    • C++
    • None
    • Windows with mandatory user profiles (eg: Citrix)

    Description

      Under Windows, XSECPlatformUtils::Initialise() starts by creating a new WinCAPICryptoProvider. This fails at WinCAPICryptoProvider.cpp:127 when trying to create its key store:

      // Try to create
      if (!CryptAcquireContext(&m_provApacheKeyStore,
      s_xsecKeyStoreName,
      provRSAName,
      m_provRSAType,
      dwFlags | CRYPT_NEWKEYSET))

      { throw XSECException(XSECException::InternalError, "WinCAPICryptoProvider() - Error obtaining generating internal key store for PROV_RSA_FULL"); }

      The Windows error is NTE_TEMPORARY_PROFILE.

      http://blogs.msdn.com/b/alejacma/archive/2007/10/23/rsacryptoserviceprovider-fails-when-used-with-mandatory-profiles.aspx explains that the RSA crypto provider does not allow keys to be stored when a mandatory profile is in use.

      Would it be practical to change behaviour in this case so that library initialisation does not fail, and the exception is thrown only if there is an attempt to use the key store?

      Attachments

        Activity

          People

            scantor Scott Cantor
            johne John Elliott
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: