8267543: Post JEP 411 refactoring: security

Reviewed-by: mullan
2025-08-28 15:24:43 +02:00 · 2021-06-02 15:47:57 +00:00 · 2021-06-02 15:47:57 +00:00 · 40d23a0c0b
commit 40d23a0c0b
parent 476775808f
19 changed files with 80 additions and 79 deletions
--- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java
+++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java
@ -160,7 +160,7 @@ final class ProviderConfig {
    /**
     * Get the provider object. Loads the provider if it is not already loaded.
     */
-    @SuppressWarnings({"removal","deprecation"})
+    @SuppressWarnings("deprecation")
    Provider getProvider() {
        // volatile variable load
        Provider p = provider;
@ -188,7 +188,8 @@ final class ProviderConfig {
                p = new sun.security.ssl.SunJSSE();
            } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
                // need to use reflection since this class only exists on MacOsx
-                p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
+                @SuppressWarnings("removal")
+                var tmp = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
                    public Provider run() {
                        try {
                            Class<?> c = Class.forName("apple.security.AppleProvider");
@ -208,6 +209,7 @@ final class ProviderConfig {
                        }
                    }
                });
+                p = tmp;
            } else {
                if (isLoading) {
                    // because this method is synchronized, this can only
--- a/src/java.base/share/classes/sun/security/provider/MD4.java
+++ b/src/java.base/share/classes/sun/security/provider/MD4.java
@ -43,7 +43,6 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
 *
 * @author      Andreas Sterbenz
 */
-@SuppressWarnings("removal")
 public final class MD4 extends DigestBase {

    // state of this object
@ -71,7 +70,8 @@ public final class MD4 extends DigestBase {
            @java.io.Serial
            private static final long serialVersionUID = -8850464997518327965L;
        };
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        @SuppressWarnings("removal")
+        var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
            public Void run() {
                md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
                return null;
--- a/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java
@ -81,7 +81,6 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
 * - JavaLoginConfig is the default file-based LoginModule Configuration type.
 */

-@SuppressWarnings("removal")
 public final class SunEntries {

    // the default algo used by SecureRandom class for new SecureRandom() calls
@ -325,10 +324,8 @@ public final class SunEntries {
    static final String URL_DEV_RANDOM = "file:/dev/random";
    static final String URL_DEV_URANDOM = "file:/dev/urandom";

-    private static final String seedSource;
-
-    static {
-        seedSource = AccessController.doPrivileged(
+    @SuppressWarnings("removal")
+    private static final String seedSource = AccessController.doPrivileged(
                new PrivilegedAction<String>() {

            @Override
@ -345,6 +342,7 @@ public final class SunEntries {
            }
        });

+    static {
        DEF_SECURE_RANDOM_ALGO  = (NativePRNG.isAvailable() &&
            (seedSource.equals(URL_DEV_URANDOM) ||
             seedSource.equals(URL_DEV_RANDOM)) ?
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
@ -1195,7 +1195,6 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
            this.engine = engineInstance;
        }

-        @SuppressWarnings("removal")
        @Override
        public void run() {
            engine.engineLock.lock();
@ -1206,7 +1205,8 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
                }

                try {
-                    AccessController.doPrivileged(
+                    @SuppressWarnings("removal")
+                    var dummy = AccessController.doPrivileged(
                            new DelegatedAction(hc), engine.conContext.acc);
                } catch (PrivilegedActionException pae) {
                    // Get the handshake context again in case the
--- a/src/java.base/share/classes/sun/security/util/AnchorCertificates.java
+++ b/src/java.base/share/classes/sun/security/util/AnchorCertificates.java
@ -43,7 +43,6 @@ import sun.security.x509.X509CertImpl;
 * The purpose of this class is to determine the trust anchor certificates is in
 * the cacerts file.  This is used for PKIX CertPath checking.
 */
-@SuppressWarnings("removal")
 public class AnchorCertificates {

    private static final Debug debug = Debug.getInstance("certpath");
@ -52,7 +51,8 @@ public class AnchorCertificates {
    private static Set<X500Principal> certIssuers = Collections.emptySet();

    static  {
-        AccessController.doPrivileged(new PrivilegedAction<>() {
+        @SuppressWarnings("removal")
+        var dummy = AccessController.doPrivileged(new PrivilegedAction<>() {
            @Override
            public Void run() {
                File f = new File(FilePaths.cacerts());
--- a/src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java
+++ b/src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java
@ -55,7 +55,6 @@ public class KeyStoreDelegator extends KeyStoreSpi {
    private KeyStoreSpi keystore; // the delegate
    private boolean compatModeEnabled = true;

-    @SuppressWarnings("removal")
    public KeyStoreDelegator(
        String primaryType,
        Class<? extends KeyStoreSpi> primaryKeyStore,
@ -63,9 +62,10 @@ public class KeyStoreDelegator extends KeyStoreSpi {
        Class<? extends KeyStoreSpi> secondaryKeyStore) {

        // Check whether compatibility mode has been disabled
-        compatModeEnabled = "true".equalsIgnoreCase(
-            AccessController.doPrivileged((PrivilegedAction<String>) () ->
-                Security.getProperty(KEYSTORE_TYPE_COMPAT)));
+        @SuppressWarnings("removal")
+        var prop = AccessController.doPrivileged((PrivilegedAction<String>) () ->
+                        Security.getProperty(KEYSTORE_TYPE_COMPAT));
+        compatModeEnabled = "true".equalsIgnoreCase(prop);

        if (compatModeEnabled) {
            this.primaryType = primaryType;
--- a/src/java.base/share/classes/sun/security/util/UntrustedCertificates.java
+++ b/src/java.base/share/classes/sun/security/util/UntrustedCertificates.java
@ -42,7 +42,6 @@ import sun.security.x509.X509CertImpl;
 * <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined
 * validation check, neither is it used as an alternative to CRL.
 */
-@SuppressWarnings("removal")
 public final class UntrustedCertificates {

    private static final Debug debug = Debug.getInstance("certpath");
@ -52,7 +51,8 @@ public final class UntrustedCertificates {
    private static final String algorithm;

    static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        @SuppressWarnings("removal")
+        var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
            @Override
            public Void run() {
                File f = new File(StaticProperty.javaHome(),