8344366: Remove Security Manager dependencies from javax.net.ssl and …

…sun.security.ssl packages

Reviewed-by: coffeys, ascarpino, hchao

src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java

@@ -227,11 +227,6 @@ public static void setDefaultHostnameVerifier(HostnameVerifier v) {
                 "no default HostnameVerifier specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new SSLPermission("setHostnameVerifier"));
-        }
         defaultHostnameVerifier = v;
     }
 
@@ -306,11 +301,6 @@ public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) {
                 "no default SSLSocketFactory specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkSetFactory();
-        }
         defaultSSLSocketFactory = sf;
     }
 
@@ -353,11 +343,6 @@ public void setSSLSocketFactory(SSLSocketFactory sf) {
                 "no SSLSocketFactory specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkSetFactory();
-        }
         sslSocketFactory = sf;
     }
 

src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.net.ssl;
 
-import java.security.Security;
 import java.security.*;
 import java.util.Objects;
 
@@ -62,11 +61,8 @@ public class KeyManagerFactory {
      *          {@code ssl.KeyManagerFactory.algorithm} security property, or an
      *          implementation-specific default if no such property exists.
      */
-    @SuppressWarnings("removal")
     public static final String getDefaultAlgorithm() {
-        String type;
-        type = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            Security.getProperty("ssl.KeyManagerFactory.algorithm"));
+        String type = Security.getProperty("ssl.KeyManagerFactory.algorithm");
         if (type == null) {
             type = "SunX509";
         }

src/java.base/share/classes/javax/net/ssl/SSLContext.java

@@ -129,11 +129,6 @@ public static void setDefault(SSLContext context) {
         if (context == null) {
             throw new NullPointerException();
         }
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new SSLPermission("setDefaultSSLContext"));
-        }
 
         defaultContext = context;
     }

src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java

@@ -33,8 +33,6 @@
 import java.security.*;
 import java.util.Locale;
 
-import sun.security.action.GetPropertyAction;
-
 /**
  * <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.
  *
@@ -46,7 +44,7 @@ public abstract class SSLSocketFactory extends SocketFactory {
     static final boolean DEBUG;
 
     static {
-        String s = GetPropertyAction.privilegedGetProperty(
+        String s = System.getProperty(
                 "javax.net.debug", "").toLowerCase(Locale.ENGLISH);
         DEBUG = s.contains("all") || s.contains("ssl");
     }
@@ -86,18 +84,15 @@ public static SocketFactory getDefault() {
         }
     }
 
-    @SuppressWarnings("removal")
     static String getSecurityProperty(final String name) {
-        return AccessController.doPrivileged((PrivilegedAction<String>) () -> {
-            String s = Security.getProperty(name);
-            if (s != null) {
-                s = s.trim();
-                if (s.isEmpty()) {
-                    s = null;
-                }
+        String s = Security.getProperty(name);
+        if (s != null) {
+            s = s.trim();
+            if (s.isEmpty()) {
+                s = null;
             }
-            return s;
-        });
+        }
+        return s;
     }
 
     /**

src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.net.ssl;
 
-import java.security.Security;
 import java.security.*;
 import java.util.Objects;
 
@@ -74,11 +73,8 @@ public class TrustManagerFactory {
      * {@code ssl.TrustManagerFactory.algorithm} security property, or an
      * implementation-specific default if no such property exists.
      */
-    @SuppressWarnings("removal")
     public static final String getDefaultAlgorithm() {
-        String type;
-        type = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            Security.getProperty( "ssl.TrustManagerFactory.algorithm"));
+        String type = Security.getProperty("ssl.TrustManagerFactory.algorithm");
         if (type == null) {
             type = "SunX509";
         }

src/java.base/share/classes/sun/security/ssl/AlpnExtension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,8 +28,6 @@
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.Security;
 import java.util.*;
 import javax.net.ssl.SSLEngine;
@@ -63,10 +61,7 @@ final class AlpnExtension {
     static final Charset alpnCharset;
 
     static {
-        @SuppressWarnings("removal")
-        String alpnCharsetString = AccessController.doPrivileged(
-                (PrivilegedAction<String>) ()
-                        -> Security.getProperty("jdk.tls.alpnCharset"));
+        String alpnCharsetString = Security.getProperty("jdk.tls.alpnCharset");
         if ((alpnCharsetString == null)
                 || (alpnCharsetString.length() == 0)) {
             alpnCharsetString = "ISO_8859_1";

src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,6 @@
 import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.DHPublicKeySpec;
-import sun.security.action.GetPropertyAction;
 import sun.security.ssl.NamedGroup.NamedGroupSpec;
 import sun.security.ssl.X509Authentication.X509Possession;
 import sun.security.util.KeyUtil;
@@ -261,8 +260,7 @@ public PrivateKey getPrivateKey() {
         private final boolean exportable;
 
         static {
-            String property = GetPropertyAction.privilegedGetProperty(
-                    "jdk.tls.ephemeralDHKeySize");
+            String property = System.getProperty("jdk.tls.ephemeralDHKeySize");
             if (property == null || property.isEmpty()) {
                 useLegacyEphemeralDHKeys = false;
                 useSmartEphemeralDHKeys = false;

src/java.base/share/classes/sun/security/ssl/NamedGroup.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,6 @@
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
 import sun.security.util.CurveDB;
-import sun.security.action.GetPropertyAction;
 
 /**
  * An enum containing all known named groups for use in TLS.
@@ -752,8 +751,7 @@ static final class SupportedGroups {
             //
             // If the System Property is not defined or the value is empty, the
             // default groups and preferences will be used.
-            String property = GetPropertyAction
-                    .privilegedGetProperty("jdk.tls.namedGroups");
+            String property = System.getProperty("jdk.tls.namedGroups");
             if (property != null && !property.isEmpty()) {
                 // remove double quote marks from beginning/end of the property
                 if (property.length() > 1 && property.charAt(0) == '"' &&

src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -230,13 +230,7 @@ final class PredefinedDHParameterSpecs {
     static final Map<Integer, DHParameterSpec> ffdheParams;
 
     static {
-        @SuppressWarnings("removal")
-        String property = AccessController.doPrivileged(
-            new PrivilegedAction<String>() {
-                public String run() {
-                    return Security.getProperty(PROPERTY_NAME);
-                }
-            });
+        String property = Security.getProperty(PROPERTY_NAME);
 
         if (property != null && !property.isEmpty()) {
             // remove double quote marks from beginning/end of the property

src/java.base/share/classes/sun/security/ssl/SSLCipher.java

@@ -36,13 +36,11 @@
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import java.nio.ByteBuffer;
-import java.security.AccessController;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedAction;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.spec.AlgorithmParameterSpec;
@@ -380,14 +378,7 @@ enum SSLCipher {
 
     static  {
         final long max = 4611686018427387904L; // 2^62
-        @SuppressWarnings("removal")
-        String prop = AccessController.doPrivileged(
-                new PrivilegedAction<String>() {
-            @Override
-            public String run() {
-                return Security.getProperty("jdk.tls.keyLimits");
-            }
-        });
+        String prop = Security.getProperty("jdk.tls.keyLimits");
 
         if (prop != null) {
             String[] propvalue = prop.split(",");