8209416: Refactoring GetPropertyAction calls in security libs

Reviewed-by: xuelei, rriggs

src/java.base/share/classes/sun/security/action/GetBooleanAction.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package sun.security.action;
 
+import java.security.AccessController;
+
 /**
  * A convenience class for retrieving the boolean value of a system property
  * as a privileged action.
@@ -69,4 +71,25 @@ public class GetBooleanAction
     public Boolean run() {
         return Boolean.getBoolean(theProp);
     }
+
+    /**
+     * Convenience method to get a property without going through doPrivileged
+     * if no security manager is present. This is unsafe for inclusion in a
+     * public API but allowable here since this class is now encapsulated.
+     *
+     * Note that this method performs a privileged action using caller-provided
+     * inputs. The caller of this method should take care to ensure that the
+     * inputs are not tainted and the returned property is not made accessible
+     * to untrusted code if it contains sensitive information.
+     *
+     * @param theProp the name of the system property.
+     */
+    public static boolean privilegedGetProperty(String theProp) {
+        if (System.getSecurityManager() == null) {
+            return Boolean.getBoolean(theProp);
+        } else {
+            return AccessController.doPrivileged(
+                    new GetBooleanAction(theProp));
+        }
+    }
 }

src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,9 @@
 
 package sun.security.internal.spec;
 
+import sun.security.action.GetBooleanAction;
+
 import java.security.spec.AlgorithmParameterSpec;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 /**
  * Parameters for SSL/TLS RSA premaster secret.
@@ -51,25 +51,11 @@ public class TlsRsaPremasterSecretParameterSpec
      * requested in its client hello version). However, we (and other
      * implementations) used to send the active negotiated version. The
      * system property below allows to toggle the behavior.
-     */
-    private static final String PROP_NAME =
-                                "com.sun.net.ssl.rsaPreMasterSecretFix";
-
-    /*
      * Default is "false" (old behavior) for compatibility reasons in
      * SSLv3/TLSv1.  Later protocols (TLSv1.1+) do not use this property.
      */
-    private static final boolean rsaPreMasterSecretFix =
-            AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-                public Boolean run() {
-                    String value = System.getProperty(PROP_NAME);
-                    if (value != null && value.equalsIgnoreCase("true")) {
-                        return Boolean.TRUE;
-                    }
-
-                    return Boolean.FALSE;
-                }
-            });
+    private static final boolean rsaPreMasterSecretFix = GetBooleanAction
+            .privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");
 
     private final int clientVersion;
     private final int serverVersion;

src/java.base/share/classes/sun/security/provider/certpath/Builder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,8 +63,8 @@ public abstract class Builder {
      * Authority Information Access extension shall be enabled. Currently
      * disabled by default for compatibility reasons.
      */
-    static final boolean USE_AIA = AccessController.doPrivileged
-        (new GetBooleanAction("com.sun.security.enableAIAcaIssuers"));
+    static final boolean USE_AIA = GetBooleanAction
+            .privilegedGetProperty("com.sun.security.enableAIAcaIssuers");
 
     /**
      * Initialize the builder with the input parameters.

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java

@@ -31,6 +31,8 @@ import java.util.Enumeration;
 import java.util.Locale;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
+
+import sun.security.action.GetPropertyAction;
 import sun.security.util.Cache;
 
 
@@ -196,15 +198,9 @@ final class SSLSessionContextImpl implements SSLSessionContext {
     private static int getDefaultCacheLimit() {
         int defaultCacheLimit = 0;
         try {
-            String s = java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<String>() {
-                    @Override
-                    public String run() {
-                        return System.getProperty(
-                            "javax.net.ssl.sessionCacheSize");
-                    }
-                });
-                defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
+            String s = GetPropertyAction
+                    .privilegedGetProperty("javax.net.ssl.sessionCacheSize");
+            defaultCacheLimit = (s != null) ? Integer.parseInt(s) : 0;
         } catch (Exception e) {
             // swallow the exception
         }

src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java

@@ -96,10 +96,10 @@ final class StatusResponseManager {
         }
         defaultResponder = tmpURI;
 
-        respOverride = AccessController.doPrivileged(
-                new GetBooleanAction("jdk.tls.stapling.responderOverride"));
-        ignoreExtensions = AccessController.doPrivileged(
-                new GetBooleanAction("jdk.tls.stapling.ignoreExtensions"));
+        respOverride = GetBooleanAction
+                .privilegedGetProperty("jdk.tls.stapling.responderOverride");
+        ignoreExtensions = GetBooleanAction
+                .privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
 
         threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
                 new ThreadFactory() {

src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java

@@ -482,8 +482,8 @@ final class SupportedGroupsExtension {
             //
             // If the System Property is not defined or the value is empty, the
             // default groups and preferences will be used.
-            String property = AccessController.doPrivileged(
-                        new GetPropertyAction("jdk.tls.namedGroups"));
+            String property = GetPropertyAction
+                    .privilegedGetProperty("jdk.tls.namedGroups");
             if (property != null && property.length() != 0) {
                 // remove double quote marks from beginning/end of the property
                 if (property.length() > 1 && property.charAt(0) == '"' &&

src/java.base/share/classes/sun/security/validator/PKIXValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,8 @@ public final class PKIXValidator extends Validator {
      * manager. Typically, this will only work if the PKIX implementation
      * supports CRL distribution points as we do not manually setup CertStores.
      */
-    private static final boolean checkTLSRevocation =
-        AccessController.doPrivileged
-            (new GetBooleanAction("com.sun.net.ssl.checkRevocation"));
+    private static final boolean checkTLSRevocation = GetBooleanAction
+            .privilegedGetProperty("com.sun.net.ssl.checkRevocation");
 
     private final Set<X509Certificate> trustedCerts;
     private final PKIXBuilderParameters parameterTemplate;

src/java.base/share/classes/sun/security/x509/AVA.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,9 +64,8 @@ public class AVA implements DerEncoder {
     // See CR 6391482: if enabled this flag preserves the old but incorrect
     // PrintableString encoding for DomainComponent. It may need to be set to
     // avoid breaking preexisting certificates generated with sun.security APIs.
-    private static final boolean PRESERVE_OLD_DC_ENCODING =
-        AccessController.doPrivileged(new GetBooleanAction
-            ("com.sun.security.preserveOldDCEncoding"));
+    private static final boolean PRESERVE_OLD_DC_ENCODING = GetBooleanAction
+            .privilegedGetProperty("com.sun.security.preserveOldDCEncoding");
 
     /**
      * DEFAULT format allows both RFC1779 and RFC2253 syntax and