<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Valerie!<br>
</p>
<br>
<div class="moz-cite-prefix">On 17.08.2016 1:25, Valerie Peng wrote:<br>
</div>
<blockquote
cite="mid:edac6af3-05a9-6d03-bb34-9bb7ee82b31a@oracle.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Hmm, interesting...</p>
So, if the first call succeeded and you release the context and
re-try. Does the popup window show up for the second call?<br>
Just curious.<br>
<br>
</blockquote>
I assume that CryptAcquireCertificatePrivateKey() only displays the
UI when necessary, so if the context could be acquired silently
(i.e. the result is TRUE), it will be possible to acquire it with no
UI and without explicit SILENT flag.<br>
<br>
With kind regards,<br>
Ivan<br>
<br>
<blockquote
cite="mid:edac6af3-05a9-6d03-bb34-9bb7ee82b31a@oracle.com"
type="cite"> Changes look fine.<br>
Valerie<br>
<div class="moz-cite-prefix">On 8/16/2016 1:06 PM, Ivan Gerasimov
wrote:<br>
</div>
<blockquote
cite="mid:f3c9a092-d151-2864-f40b-2c1b30bd33d0@oracle.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Thank you Valerie for looking into this!<br>
</p>
<br>
<div class="moz-cite-prefix">On 16.08.2016 22:18, Valerie Peng
wrote:<br>
</div>
<blockquote
cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><br>
</p>
<p>I am not familiar with the general behavior of
CryptAcquireCertificatePrivateKey API.<br>
</p>
Would the first CryptAcquireCertificatePrivateKey(.., <span
class="changed">CRYPT_ACQUIRE_SILENT_FLAG, ...) ever return
TRUE?<br>
</span></blockquote>
<br>
Yes. It returns TRUE if the key could be acquired silently, and
I've seen this happening.<br>
<br>
<blockquote
cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
type="cite"><span class="changed"> If yes, then do we need to
release the context and call </span>CryptAcquireCertificatePrivateKey(..)
again?<br>
<br>
I'd expect the overall logic to be something like:<br>
<blockquote>
<pre><span class="changed">if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,</span><span class="changed">
&hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE) {
if (</span><span class="changed"><span class="changed">GetLastError() == NTE_SILENT_CONTEXT) {
</span></span><span class="changed"><span class="changed"><span class="changed">// Try acquiring the key normally (not silently)</span><span class="changed">
if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,</span>
<span class="changed">&hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)</span> <span class="changed">{</span></span></span><span class="changed"><span class="changed"><span class="changed"><span class="changed">
bHasNoPrivateKey = TRUE;
</span></span> }
} else {
</span></span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey = TRUE;
}
</span></span>}
// Then proceed on different code paths based on </span><span class="changed"><span class="changed"><span class="changed">bHasNoPrivateKey value
</span></span></span></pre>
</blockquote>
</blockquote>
This was the first thing I attempted to do.<br>
However, some subsequent operations with the key started to
fail, throwing SignatureException (with the message "Provider
could not perform the action since the context was acquired as
silent.")<br>
<br>
That's why I switched to what is in this proposal: Silent
probing and then re-acquiring the key normally (not silently).<br>
<br>
With kind regards,<br>
Ivan<br>
<br>
<blockquote
cite="mid:24339fa6-9f25-0863-6fff-3eca3d97e65b@oracle.com"
type="cite">
<blockquote>
<pre><span class="changed"><span class="changed"><span class="changed">
</span></span></span></pre>
</blockquote>
Anything that I missed?<br>
Valerie<br>
<br>
<div class="moz-cite-prefix">On 8/16/2016 6:27 AM, Vincent
Ryan wrote:<br>
</div>
<blockquote
cite="mid:1A59DF96-4E31-4738-A70F-E499793879BF@oracle.com"
type="cite">
<pre wrap="">That fix looks fine. Is there any significant performance impact due to calling CryptAcquireCertificatePrivateKey twice?
Thanks.
</pre>
<blockquote type="cite">
<pre wrap="">On 16 Aug 2016, at 13:56, Ivan Gerasimov <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:ivan.gerasimov@oracle.com"><ivan.gerasimov@oracle.com></a> wrote:
A gentle reminder.
Would you please help review at your convenience.
With kind regards,
Ivan
On 09.08.2016 12:27, Ivan Gerasimov wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello!
In order to reduce the number of popup dialog windows during accessing the smartcard, it is proposed to first do a silent "probe" step.
Only if this probe succeeded, or if it failed due to that SILENT flag, we'll try to re-acquire the key normally (i.e. not silently).
Would you please help review this proposal?
BUGURL: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8153438">https://bugs.openjdk.java.net/browse/JDK-8153438</a>
WEBREV: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/%7Eigerasim/8153438/00/webrev/">http://cr.openjdk.java.net/~igerasim/8153438/00/webrev/</a>
With kind regards,
Ivan
</pre>
</blockquote>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>