8223003: SunMSCAPI keys are not cleaned up

Reviewed-by: igerasim

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -75,9 +75,9 @@ abstract class CKey implements Key, Length {
 
     protected final String algorithm;
 
-    protected CKey(String algorithm, long hCryptProv, long hCryptKey, int keyLength) {
+    protected CKey(String algorithm, NativeHandles handles, int keyLength) {
         this.algorithm = algorithm;
-        this.handles = new NativeHandles(hCryptProv, hCryptKey);
+        this.handles = handles;
         this.keyLength = keyLength;
     }
 

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyPair.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,9 +36,13 @@ class CKeyPair {
 
     private final CPublicKey publicKey;
 
+    /**
+     * This method is called by native codes in security.cpp.
+     */
     CKeyPair(String alg, long hCryptProv, long hCryptKey, int keyLength) {
-        privateKey = CPrivateKey.of(alg, hCryptProv, hCryptKey, keyLength);
-        publicKey = CPublicKey.of(alg, hCryptProv, hCryptKey, keyLength);
+        CKey.NativeHandles handles = new CKey.NativeHandles(hCryptProv, hCryptKey);
+        privateKey = CPrivateKey.of(alg, handles, keyLength);
+        publicKey = CPublicKey.of(alg, handles, keyLength);
     }
 
     public CPrivateKey getPrivate() {

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,12 +37,18 @@ class CPrivateKey extends CKey implements PrivateKey {
 
     private static final long serialVersionUID = 8113152807912338063L;
 
-    private CPrivateKey(String alg, long hCryptProv, long hCryptKey, int keyLength) {
-        super(alg, hCryptProv, hCryptKey, keyLength);
+    private CPrivateKey(String alg, NativeHandles handles, int keyLength) {
+        super(alg, handles, keyLength);
     }
 
-    public static CPrivateKey of(String alg, long hCryptProv, long hCryptKey, int keyLength) {
-        return new CPrivateKey(alg, hCryptProv, hCryptKey, keyLength);
+    // Called by native code inside security.cpp
+    static CPrivateKey of(
+            String alg, long hCryptProv, long hCryptKey, int keyLength) {
+        return of(alg, new NativeHandles(hCryptProv, hCryptKey), keyLength);
+    }
+
+    public static CPrivateKey of(String alg, NativeHandles handles, int keyLength) {
+        return new CPrivateKey(alg, handles, keyLength);
     }
 
     // this key does not support encoding

src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,8 +59,8 @@ public abstract class CPublicKey extends CKey implements PublicKey {
         private ECPoint w = null;
         private static final long serialVersionUID = 12L;
 
-        CECPublicKey(long hCryptProv, int keyLength) {
-            super("EC", hCryptProv, 0, keyLength);
+        CECPublicKey(NativeHandles handles, int keyLength) {
+            super("EC", handles, keyLength);
         }
 
         @Override
@@ -121,8 +121,8 @@ public abstract class CPublicKey extends CKey implements PublicKey {
         private BigInteger exponent = null;
         private static final long serialVersionUID = 12L;
 
-        CRSAPublicKey(long hCryptProv, long hCryptKey, int keyLength) {
-            super("RSA", hCryptProv, hCryptKey, keyLength);
+        CRSAPublicKey(NativeHandles handles, int keyLength) {
+            super("RSA", handles, keyLength);
         }
 
         public String toString() {
@@ -181,21 +181,27 @@ public abstract class CPublicKey extends CKey implements PublicKey {
         private native byte[] getModulus(byte[] keyBlob) throws KeyException;
     }
 
-    public static CPublicKey of(
+    // Called by native code inside security.cpp
+    static CPublicKey of(
             String alg, long hCryptProv, long hCryptKey, int keyLength) {
+        return of(alg, new NativeHandles(hCryptProv, hCryptKey), keyLength);
+    }
+
+    public static CPublicKey of(
+            String alg, NativeHandles handles, int keyLength) {
         switch (alg) {
             case "RSA":
-                return new CRSAPublicKey(hCryptProv, hCryptKey, keyLength);
+                return new CRSAPublicKey(handles, keyLength);
             case "EC":
-                return new CECPublicKey(hCryptProv, keyLength);
+                return new CECPublicKey(handles, keyLength);
             default:
                 throw new AssertionError("Unsupported algorithm: " + alg);
         }
     }
 
     protected CPublicKey(
-            String alg, long hCryptProv, long hCryptKey, int keyLength) {
-        super(alg, hCryptProv, hCryptKey, keyLength);
+            String alg, NativeHandles handles, int keyLength) {
+        super(alg, handles, keyLength);
     }
 
     @Override

src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -692,18 +692,22 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_CKeyStore_loadKeysOrCertificateC
 
 
 /*
- * Class:     sun_security_mscapi_Key
+ * Class:     sun_security_mscapi_CKey
  * Method:    cleanUp
  * Signature: (JJ)V
  */
-JNIEXPORT void JNICALL Java_sun_security_mscapi_Key_cleanUp
+JNIEXPORT void JNICALL Java_sun_security_mscapi_CKey_cleanUp
   (JNIEnv *env, jclass clazz, jlong hCryptProv, jlong hCryptKey)
 {
-    if (hCryptKey != NULL)
-        ::CryptDestroyKey((HCRYPTKEY) hCryptKey); // deprecated
+    if (hCryptKey == NULL && hCryptProv != NULL) {
+        NCryptFreeObject((NCRYPT_HANDLE)hCryptProv);
+    } else {
+        if (hCryptKey != NULL)
+            ::CryptDestroyKey((HCRYPTKEY) hCryptKey); // deprecated
 
-    if (hCryptProv != NULL)
-        ::CryptReleaseContext((HCRYPTPROV) hCryptProv, NULL); // deprecated
+        if (hCryptProv != NULL)
+            ::CryptReleaseContext((HCRYPTPROV) hCryptProv, NULL); // deprecated
+    }
 }
 
 /*

test/jdk/java/security/KeyPairGenerator/FinalizeHalf.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 8163896
+ * @bug 8163896 8223003
  * @summary Finalizing one key of a KeyPair invalidates the other key
  */