<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Hmm, interesting...</p>
    So, if the first call succeeded and you release the context and
    re-try. Does the popup window show up for the second call?<br>
    Just curious.<br>
    <br>
    Changes look fine.<br>
    Valerie<br>
    <div class="moz-cite-prefix">On 8/16/2016 1:06 PM, Ivan Gerasimov
      wrote:<br>
    </div>
    <blockquote
      cite="mid:f3c9a092-d151-2864-f40b-2c1b30bd33d0@oracle.com"
      type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      <p>Thank you Valerie for looking into this!<br>
      </p>
      <br>
      <div class="moz-cite-prefix">On 16.08.2016 22:18, Valerie Peng
        wrote:<br>
      </div>
      <blockquote
        cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
        type="cite">
        <meta content="text/html; charset=windows-1252"
          http-equiv="Content-Type">
        <p><br>
        </p>
        <p>I am not familiar with the general behavior of
          CryptAcquireCertificatePrivateKey API.<br>
        </p>
        Would the first CryptAcquireCertificatePrivateKey(.., <span
          class="changed">CRYPT_ACQUIRE_SILENT_FLAG, ...) ever return
          TRUE?<br>
        </span></blockquote>
      <br>
      Yes.  It returns TRUE if the key could be acquired silently, and
      I've seen this happening.<br>
      <br>
      <blockquote
        cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
        type="cite"><span class="changed"> If yes, then do we need to
          release the context and call </span>CryptAcquireCertificatePrivateKey(..)
        again?<br>
        <br>
        I'd expect the overall logic to be something like:<br>
        <blockquote>
          <pre><span class="changed">if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,</span><span class="changed">
        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE) {
    if (</span><span class="changed"><span class="changed">GetLastError() == NTE_SILENT_CONTEXT) {
        </span></span><span class="changed"><span class="changed"><span class="changed">// Try acquiring the key normally (not silently)</span><span class="changed">
        if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,</span>
                <span class="changed">&hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)</span> <span class="changed">{</span></span></span><span class="changed"><span class="changed"><span class="changed"><span class="changed">
            bHasNoPrivateKey = TRUE;
</span></span>        }
    } else {
        </span></span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey = TRUE;
    }
</span></span>}

// Then proceed on different code paths based on </span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey value

</span></span></span></pre>
        </blockquote>
      </blockquote>
      This was the first thing I attempted to do.<br>
      However, some subsequent operations with the key started to fail,
      throwing SignatureException (with the message "Provider could not
      perform the action since the context was acquired as silent.")<br>
      <br>
      That's why I switched to what is in this proposal: Silent probing
      and then re-acquiring the key normally (not silently).<br>
      <br>
      With kind regards,<br>
      Ivan<br>
      <br>
      <blockquote
        cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
        type="cite">
        <blockquote>
          <pre><span class="changed"><span class="changed"><span class="changed">
</span></span></span></pre>
        </blockquote>
        Anything that I missed?<br>
        Valerie<br>
        <br>
        <div class="moz-cite-prefix">On 8/16/2016 6:27 AM, Vincent Ryan
          wrote:<br>
        </div>
        <blockquote
          cite="mid:1A59DF96-4E31-4738-A70F-E499793879BF@oracle.com"
          type="cite">
          <pre wrap="">That fix looks fine. Is there any significant performance impact due to calling CryptAcquireCertificatePrivateKey twice?
Thanks.

</pre>
          <blockquote type="cite">
            <pre wrap="">On 16 Aug 2016, at 13:56, Ivan Gerasimov <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:ivan.gerasimov@oracle.com"><ivan.gerasimov@oracle.com></a> wrote:

A gentle reminder.

Would you please help review at your convenience.

With kind regards,
Ivan


On 09.08.2016 12:27, Ivan Gerasimov wrote:
</pre>
            <blockquote type="cite">
              <pre wrap="">Hello!

In order to reduce the number of popup dialog windows during accessing the smartcard, it is proposed to first do a silent "probe" step.
Only if this probe succeeded, or if it failed due to that SILENT flag, we'll try to re-acquire the key normally (i.e. not silently).

Would you please help review this proposal?

BUGURL: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8153438">https://bugs.openjdk.java.net/browse/JDK-8153438</a>
WEBREV: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/%7Eigerasim/8153438/00/webrev/">http://cr.openjdk.java.net/~igerasim/8153438/00/webrev/</a>

With kind regards,
Ivan


</pre>
            </blockquote>
          </blockquote>
        </blockquote>
        <br>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>