OpenJDK / jdk8u / jdk8u / jdk
changeset 12117:0969c69a27dd
Merge
| author | asaha |
|---|---|
| date | Mon, 19 Sep 2016 09:47:34 -0700 |
| parents | 1cf5785cdd47 4f36303c6317 |
| children | fdcb38fe8b4f |
| files | .hgtags |
| diffstat | 2 files changed, 78 insertions(+), 51 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Thu Sep 08 14:37:15 2016 -0700 +++ b/.hgtags Mon Sep 19 09:47:34 2016 -0700 @@ -630,6 +630,7 @@ 222d3ac3aa1f99f16e31c1c4a10f916ce83ff759 jdk8u102-b31 e3839fe291add6e0ea199457fb31c9312cc5dd77 jdk8u102-b32 275fcb7d4e3e70a37ac70c33d087a805ba182f1e jdk8u102-b33 +d783f00bb04a6fff7ddf1555572c1f3cdfd21e59 jdk8u102-b34 ebc56c2e803597ef409a5296addc986b390d934d jdk8u111-b00 c4f03717831993e4658b8366810ca4682ece952d jdk8u111-b01 de1d09f09e571e38afdf1fb72984ec210e7c19e6 jdk8u111-b02
--- a/src/windows/native/sun/security/mscapi/security.cpp Thu Sep 08 14:37:15 2016 -0700 +++ b/src/windows/native/sun/security/mscapi/security.cpp Mon Sep 19 09:47:34 2016 -0700 @@ -352,38 +352,50 @@ BOOL bHasNoPrivateKey = FALSE; DWORD dwPublicKeyLength = 0; - if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL, - &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE) + // First, probe it silently + if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL, + &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE + && GetLastError() != NTE_SILENT_CONTEXT) { bHasNoPrivateKey = TRUE; - - } else { - // Private key is available - - BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey); - - // Skip certificate if cannot find private key - if (bGetUserKey == FALSE) - { - if (bCallerFreeProv) - ::CryptReleaseContext(hCryptProv, NULL); - - continue; + } + else + { + if (bCallerFreeProv == TRUE) { + ::CryptReleaseContext(hCryptProv, NULL); + bCallerFreeProv = FALSE; } - // Set cipher mode to ECB - DWORD dwCipherMode = CRYPT_MODE_ECB; - ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL); - + // Second, acquire the key normally (not silently) + if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL, + &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE) + { + bHasNoPrivateKey = TRUE; + } + else + { + // Private key is available + BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey); - // If the private key is present in smart card, we may not be able to - // determine the key length by using the private key handle. However, - // since public/private key pairs must have the same length, we could - // determine the key length of the private key by using the public key - // in the certificate. - dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(pCertContext->pCertInfo->SubjectPublicKeyInfo)); + // Skip certificate if cannot find private key + if (bGetUserKey == FALSE) { + if (bCallerFreeProv) + ::CryptReleaseContext(hCryptProv, NULL); + continue; + } + // Set cipher mode to ECB + DWORD dwCipherMode = CRYPT_MODE_ECB; + ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL); + + // If the private key is present in smart card, we may not be able to + // determine the key length by using the private key handle. However, + // since public/private key pairs must have the same length, we could + // determine the key length of the private key by using the public key + // in the certificate. + dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(pCertContext->pCertInfo->SubjectPublicKeyInfo)); + } } PCCERT_CHAIN_CONTEXT pCertChainContext = NULL; @@ -392,8 +404,7 @@ // if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext)) { - - for (unsigned int i=0; i < pCertChainContext->cChain; i++) + for (DWORD i = 0; i < pCertChainContext->cChain; i++) { // Found cert chain PCERT_SIMPLE_CHAIN rgpChain = @@ -443,6 +454,7 @@ // cert collection env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList); } + if (bHasNoPrivateKey) { // Generate certificate chain and store into cert chain @@ -1361,43 +1373,57 @@ HCRYPTPROV hCryptProv = NULL; HCRYPTKEY hKey = NULL; DWORD dwKeySpec; + BOOL bCallerFreeProv = FALSE; + BOOL bRes; __try { if (usePrivateKey == JNI_TRUE) { // Locate the key container for the certificate's private key - if (!(::CryptAcquireCertificatePrivateKey( - (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv, - &dwKeySpec, NULL))) { + + // First, probe it silently + bRes = ::CryptAcquireCertificatePrivateKey( + (PCCERT_CONTEXT) pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, + NULL, &hCryptProv, &dwKeySpec, &bCallerFreeProv); + if (bRes == FALSE && GetLastError() != NTE_SILENT_CONTEXT) + { + ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); + __leave; + } + + if (bCallerFreeProv == TRUE) { + ::CryptReleaseContext(hCryptProv, NULL); + bCallerFreeProv = FALSE; + } + + // Now, do it normally (not silently) + if (::CryptAcquireCertificatePrivateKey( + (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv, + &dwKeySpec, &bCallerFreeProv) == FALSE) + { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; } // Get a handle to the private key - if (!(::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))) { + if (::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey) == FALSE) { ThrowException(env, KEY_EXCEPTION, GetLastError()); __leave; } - - } else { // use public key + } + else // use public key + { + bCallerFreeProv = TRUE; // Acquire a CSP context. - if(::CryptAcquireContext( - &hCryptProv, - "J2SE", - NULL, - PROV_RSA_FULL, - 0) == FALSE) + if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL, + PROV_RSA_FULL, 0) == FALSE) { // If CSP context hasn't been created, create one. // - if (::CryptAcquireContext( - &hCryptProv, - "J2SE", - NULL, - PROV_RSA_FULL, - CRYPT_NEWKEYSET) == FALSE) + if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL, + PROV_RSA_FULL, CRYPT_NEWKEYSET) == FALSE) { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; @@ -1405,10 +1431,10 @@ } // Import the certificate's public key into the key container - if (!(::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING, - &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo), - &hKey))) { - + if (::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING, + &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo), + &hKey) == FALSE) + { ThrowException(env, KEY_EXCEPTION, GetLastError()); __leave; } @@ -1419,7 +1445,7 @@ //-------------------------------------------------------------------- // Clean up. - if (hCryptProv) + if (bCallerFreeProv == TRUE && hCryptProv != NULL) ::CryptReleaseContext(hCryptProv, 0); }