<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><br>
    </p>
    <p>I am not familiar with the general behavior of
      CryptAcquireCertificatePrivateKey API.<br>
    </p>
    Would the first CryptAcquireCertificatePrivateKey(.., <span
      class="changed">CRYPT_ACQUIRE_SILENT_FLAG, ...) ever return TRUE?<br>
      If yes, then do we need to release the context and call </span>CryptAcquireCertificatePrivateKey(..)
    again?<br>
    <br>
    I'd expect the overall logic to be something like:<br>
    <blockquote>
      <pre><span class="changed">if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,</span><span class="changed">
        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE) {
    if (</span><span class="changed"><span class="changed">GetLastError() == NTE_SILENT_CONTEXT) {
        </span></span><span class="changed"><span class="changed"><span class="changed">// Try acquiring the key normally (not silently)</span><span class="changed">
        if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,</span>
                <span class="changed">&hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)</span> <span class="changed">{</span></span></span><span class="changed"><span class="changed"><span class="changed"><span class="changed">
            bHasNoPrivateKey = TRUE;
</span></span>        }
    } else {
        </span></span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey = TRUE;
    }
</span></span>}

// Then proceed on different code paths based on </span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey value


</span></span></span></pre>
      <pre><span class="changed"></span>
</pre>
    </blockquote>
    Anything that I missed?<br>
    Valerie<br>
    <br>
    <div class="moz-cite-prefix">On 8/16/2016 6:27 AM, Vincent Ryan
      wrote:<br>
    </div>
    <blockquote
      cite="mid:1A59DF96-4E31-4738-A70F-E499793879BF@oracle.com"
      type="cite">
      <pre wrap="">That fix looks fine. Is there any significant performance impact due to calling CryptAcquireCertificatePrivateKey twice?
Thanks.

</pre>
      <blockquote type="cite">
        <pre wrap="">On 16 Aug 2016, at 13:56, Ivan Gerasimov <a class="moz-txt-link-rfc2396E" href="mailto:ivan.gerasimov@oracle.com"><ivan.gerasimov@oracle.com></a> wrote:

A gentle reminder.

Would you please help review at your convenience.

With kind regards,
Ivan


On 09.08.2016 12:27, Ivan Gerasimov wrote:
</pre>
        <blockquote type="cite">
          <pre wrap="">Hello!

In order to reduce the number of popup dialog windows during accessing the smartcard, it is proposed to first do a silent "probe" step.
Only if this probe succeeded, or if it failed due to that SILENT flag, we'll try to re-acquire the key normally (i.e. not silently).

Would you please help review this proposal?

BUGURL: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8153438">https://bugs.openjdk.java.net/browse/JDK-8153438</a>
WEBREV: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~igerasim/8153438/00/webrev/">http://cr.openjdk.java.net/~igerasim/8153438/00/webrev/</a>

With kind regards,
Ivan


</pre>
        </blockquote>
        <pre wrap="">
</pre>
      </blockquote>
      <pre wrap="">
</pre>
    </blockquote>
    <br>
  </body>
</html>