changeset 11878:f6030acfa5ae jdk8u122-b01

8153438: Avoid repeated "Please insert a smart card" popup windows Reviewed-by: vinnie, valeriep
author igerasim
date Thu, 08 Sep 2016 19:35:01 +0300
parents 4480dfb2d7cb
children 7bdd8c20b8b3 55e76c9181e8
files src/windows/native/sun/security/mscapi/security.cpp
diffstat 1 files changed, 76 insertions(+), 50 deletions(-) [+]
line wrap: on
line diff
--- a/src/windows/native/sun/security/mscapi/security.cpp	Thu Sep 08 14:24:51 2016 +0300
+++ b/src/windows/native/sun/security/mscapi/security.cpp	Thu Sep 08 19:35:01 2016 +0300
@@ -352,38 +352,50 @@
             BOOL bHasNoPrivateKey = FALSE;
             DWORD dwPublicKeyLength = 0;
 
-            if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL,
-                                                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+            // First, probe it silently
+            if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,
+                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE
+                && GetLastError() != NTE_SILENT_CONTEXT)
             {
                 bHasNoPrivateKey = TRUE;
-
-            } else {
-                // Private key is available
-
-                BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
-
-                // Skip certificate if cannot find private key
-                if (bGetUserKey == FALSE)
-                {
-                    if (bCallerFreeProv)
-                        ::CryptReleaseContext(hCryptProv, NULL);
-
-                    continue;
+            }
+            else
+            {
+                if (bCallerFreeProv == TRUE) {
+                    ::CryptReleaseContext(hCryptProv, NULL);
+                    bCallerFreeProv = FALSE;
                 }
 
-                // Set cipher mode to ECB
-                DWORD dwCipherMode = CRYPT_MODE_ECB;
-                ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
+                // Second, acquire the key normally (not silently)
+                if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,
+                        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+                {
+                    bHasNoPrivateKey = TRUE;
+                }
+                else
+                {
+                    // Private key is available
+                    BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
 
+                    // Skip certificate if cannot find private key
+                    if (bGetUserKey == FALSE) {
+                        if (bCallerFreeProv)
+                            ::CryptReleaseContext(hCryptProv, NULL);
+                        continue;
+                    }
 
-                // If the private key is present in smart card, we may not be able to
-                // determine the key length by using the private key handle. However,
-                // since public/private key pairs must have the same length, we could
-                // determine the key length of the private key by using the public key
-                // in the certificate.
-                dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-                        &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                    // Set cipher mode to ECB
+                    DWORD dwCipherMode = CRYPT_MODE_ECB;
+                    ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
 
+                    // If the private key is present in smart card, we may not be able to
+                    // determine the key length by using the private key handle. However,
+                    // since public/private key pairs must have the same length, we could
+                    // determine the key length of the private key by using the public key
+                    // in the certificate.
+                    dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                            &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                }
             }
             PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;
 
@@ -392,8 +404,7 @@
             //
             if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext))
             {
-
-                for (unsigned int i=0; i < pCertChainContext->cChain; i++)
+                for (DWORD i = 0; i < pCertChainContext->cChain; i++)
                 {
                     // Found cert chain
                     PCERT_SIMPLE_CHAIN rgpChain =
@@ -443,6 +454,7 @@
                         // cert collection
                         env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
                     }
+
                     if (bHasNoPrivateKey)
                     {
                         // Generate certificate chain and store into cert chain
@@ -1361,43 +1373,57 @@
     HCRYPTPROV hCryptProv = NULL;
     HCRYPTKEY hKey = NULL;
     DWORD dwKeySpec;
+    BOOL bCallerFreeProv = FALSE;
+    BOOL bRes;
 
     __try
     {
         if (usePrivateKey == JNI_TRUE) {
             // Locate the key container for the certificate's private key
-            if (!(::CryptAcquireCertificatePrivateKey(
-                (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
-                &dwKeySpec, NULL))) {
 
+            // First, probe it silently
+            bRes = ::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, CRYPT_ACQUIRE_SILENT_FLAG,
+                    NULL, &hCryptProv, &dwKeySpec, &bCallerFreeProv);
+
+            if (bRes == FALSE && GetLastError() != NTE_SILENT_CONTEXT)
+            {
+                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
+                __leave;
+            }
+
+            if (bCallerFreeProv == TRUE) {
+                ::CryptReleaseContext(hCryptProv, NULL);
+                bCallerFreeProv = FALSE;
+            }
+
+            // Now, do it normally (not silently)
+            if (::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
+                    &dwKeySpec, &bCallerFreeProv) == FALSE)
+            {
                 ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                 __leave;
             }
 
             // Get a handle to the private key
-            if (!(::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))) {
+            if (::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey) == FALSE) {
                 ThrowException(env, KEY_EXCEPTION, GetLastError());
                 __leave;
             }
-
-        } else { // use public key
+        }
+        else // use public key
+        {
+            bCallerFreeProv = TRUE;
 
             //  Acquire a CSP context.
-            if(::CryptAcquireContext(
-               &hCryptProv,
-               "J2SE",
-               NULL,
-               PROV_RSA_FULL,
-               0) == FALSE)
+            if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                    PROV_RSA_FULL, 0) == FALSE)
             {
                 // If CSP context hasn't been created, create one.
                 //
-                if (::CryptAcquireContext(
-                    &hCryptProv,
-                    "J2SE",
-                    NULL,
-                    PROV_RSA_FULL,
-                    CRYPT_NEWKEYSET) == FALSE)
+                if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                        PROV_RSA_FULL, CRYPT_NEWKEYSET) == FALSE)
                 {
                     ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                     __leave;
@@ -1405,10 +1431,10 @@
             }
 
             // Import the certificate's public key into the key container
-            if (!(::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
-                &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
-                &hKey))) {
-
+            if (::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
+                    &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
+                    &hKey) == FALSE)
+            {
                 ThrowException(env, KEY_EXCEPTION, GetLastError());
                 __leave;
             }
@@ -1419,7 +1445,7 @@
         //--------------------------------------------------------------------
         // Clean up.
 
-        if (hCryptProv)
+        if (bCallerFreeProv == TRUE && hCryptProv != NULL)
             ::CryptReleaseContext(hCryptProv, 0);
     }