Merge

bb011391 · asaha · 64d3d43a · d4e92a89 · bb011391 · bb011391
隐藏空白更改
内联并排

Showing with 78 addition and 51 deletion

.hgtags .hgtags +1 -0

src/windows/native/sun/security/mscapi/security.cpp src/windows/native/sun/security/mscapi/security.cpp +77 -51

未找到文件。
--- a/.hgtags
+++ b/.hgtags
@@ -630,6 +630,7 @@ e915a408ebf7ba05b36d1b714e166a1d9e5c7edd jdk8u102-b11
 222d3ac3aa1f99f16e31c1c4a10f916ce83ff759 jdk8u102-b31
 e3839fe291add6e0ea199457fb31c9312cc5dd77 jdk8u102-b32
 275fcb7d4e3e70a37ac70c33d087a805ba182f1e jdk8u102-b33
+d783f00bb04a6fff7ddf1555572c1f3cdfd21e59 jdk8u102-b34
 ebc56c2e803597ef409a5296addc986b390d934d jdk8u111-b00
 c4f03717831993e4658b8366810ca4682ece952d jdk8u111-b01
 de1d09f09e571e38afdf1fb72984ec210e7c19e6 jdk8u111-b02

--- a/src/windows/native/sun/security/mscapi/security.cpp
+++ b/src/windows/native/sun/security/mscapi/security.cpp
@@ -352,38 +352,50 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
            BOOL bHasNoPrivateKey = FALSE;
            DWORD dwPublicKeyLength = 0;
-            if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL,
+            // First, probe it silently
-                                                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+            if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,
+                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE
+                && GetLastError() != NTE_SILENT_CONTEXT)
            {
                bHasNoPrivateKey = TRUE;
+            }
+            else
+            {
+                if (bCallerFreeProv == TRUE) {
+                    ::CryptReleaseContext(hCryptProv, NULL);
+                    bCallerFreeProv = FALSE;
+                }
-            } else {
+                // Second, acquire the key normally (not silently)
-                // Private key is available
+                if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,
+                        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
-                BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
-                // Skip certificate if cannot find private key
-                if (bGetUserKey == FALSE)
                {
-                    if (bCallerFreeProv)
+                    bHasNoPrivateKey = TRUE;
-                        ::CryptReleaseContext(hCryptProv, NULL);
-                    continue;
                }
+                else
+                {
+                    // Private key is available
+                    BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
+                    // Skip certificate if cannot find private key
+                    if (bGetUserKey == FALSE) {
+                        if (bCallerFreeProv)
+                            ::CryptReleaseContext(hCryptProv, NULL);
+                        continue;
+                    }
-                // Set cipher mode to ECB
+                    // Set cipher mode to ECB
-                DWORD dwCipherMode = CRYPT_MODE_ECB;
+                    DWORD dwCipherMode = CRYPT_MODE_ECB;
-                ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
+                    ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
+                    // If the private key is present in smart card, we may not be able to
-                // If the private key is present in smart card, we may not be able to
+                    // determine the key length by using the private key handle. However,
-                // determine the key length by using the private key handle. However,
+                    // since public/private key pairs must have the same length, we could
-                // since public/private key pairs must have the same length, we could
+                    // determine the key length of the private key by using the public key
-                // determine the key length of the private key by using the public key
+                    // in the certificate.
-                // in the certificate.
+                    dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-                dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                            &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
-                        &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                }
            }
            PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;
@@ -392,8 +404,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
            //
            if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext))
            {
+                for (DWORD i = 0; i < pCertChainContext->cChain; i++)
-                for (unsigned int i=0; i < pCertChainContext->cChain; i++)
                {
                    // Found cert chain
                    PCERT_SIMPLE_CHAIN rgpChain =
@@ -443,6 +454,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
                        // cert collection
                        env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
                    }
                    if (bHasNoPrivateKey)
                    {
                        // Generate certificate chain and store into cert chain
@@ -1361,43 +1373,57 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
    HCRYPTPROV hCryptProv = NULL;
    HCRYPTKEY hKey = NULL;
    DWORD dwKeySpec;
+    BOOL bCallerFreeProv = FALSE;
+    BOOL bRes;
    __try
    {
        if (usePrivateKey == JNI_TRUE) {
            // Locate the key container for the certificate's private key
-            if (!(::CryptAcquireCertificatePrivateKey(
-                (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
-                &dwKeySpec, NULL))) {
+            // First, probe it silently
+            bRes = ::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, CRYPT_ACQUIRE_SILENT_FLAG,
+                    NULL, &hCryptProv, &dwKeySpec, &bCallerFreeProv);
+            if (bRes == FALSE && GetLastError() != NTE_SILENT_CONTEXT)
+            {
+                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
+                __leave;
+            }
+            if (bCallerFreeProv == TRUE) {
+                ::CryptReleaseContext(hCryptProv, NULL);
+                bCallerFreeProv = FALSE;
+            }
+            // Now, do it normally (not silently)
+            if (::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
+                    &dwKeySpec, &bCallerFreeProv) == FALSE)
+            {
                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                __leave;
            }
            // Get a handle to the private key
-            if (!(::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))) {
+            if (::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey) == FALSE) {
                ThrowException(env, KEY_EXCEPTION, GetLastError());
                __leave;
            }
+        }
-        } else { // use public key
+        else // use public key
+        {
+            bCallerFreeProv = TRUE;
            //  Acquire a CSP context.
-            if(::CryptAcquireContext(
+            if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
-               &hCryptProv,
+                    PROV_RSA_FULL, 0) == FALSE)
-               "J2SE",
-               NULL,
-               PROV_RSA_FULL,
-               0) == FALSE)
            {
                // If CSP context hasn't been created, create one.
                //
-                if (::CryptAcquireContext(
+                if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
-                    &hCryptProv,
+                        PROV_RSA_FULL, CRYPT_NEWKEYSET) == FALSE)
-                    "J2SE",
-                    NULL,
-                    PROV_RSA_FULL,
-                    CRYPT_NEWKEYSET) == FALSE)
                {
                    ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                    __leave;
@@ -1405,10 +1431,10 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
            }
            // Import the certificate's public key into the key container
-            if (!(::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
+            if (::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
-                &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
+                    &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
-                &hKey))) {
+                    &hKey) == FALSE)
+            {
                ThrowException(env, KEY_EXCEPTION, GetLastError());
                __leave;
            }
@@ -1419,7 +1445,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
        //--------------------------------------------------------------------
        // Clean up.
-        if (hCryptProv)
+        if (bCallerFreeProv == TRUE && hCryptProv != NULL)
            ::CryptReleaseContext(hCryptProv, 0);
    }