8254711: Add java.security.Provider.getService JFR Event

Reviewed-by: mullan, valeriep, jpai

src/java.base/share/classes/java/security/Provider.java

@@ -25,6 +25,8 @@
 
 package java.security;
 
+import jdk.internal.event.SecurityProviderServiceEvent;
+
 import java.io.*;
 import java.util.*;
 import static java.util.Locale.ENGLISH;
@@ -1281,18 +1283,22 @@ public abstract class Provider extends Properties {
         }
 
         Service s = serviceMap.get(key);
-        if (s != null) {
+        if (s == null) {
-            return s;
+            s = legacyMap.get(key);
+            if (s != null && !s.isValid()) {
+                legacyMap.remove(key, s);
+            }
         }
 
-        s = legacyMap.get(key);
+        if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
-        if (s != null && !s.isValid()) {
+            var e  = new SecurityProviderServiceEvent();
-            legacyMap.remove(key, s);
+            e.provider = getName();
-        } else {
+            e.type = type;
-            return s;
+            e.algorithm = algorithm;
+            e.commit();
         }
 
-        return null;
+        return s;
     }
 
     // ServiceKey from previous getService() call

src/java.base/share/classes/jdk/internal/event/SecurityProviderServiceEvent.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.event;
+
+/**
+ * Event recording details of Provider.getService(String type, String algorithm) calls
+ */
+
+public final class SecurityProviderServiceEvent extends Event {
+    private final static SecurityProviderServiceEvent EVENT = new SecurityProviderServiceEvent();
+
+    /**
+     * Returns {@code true} if event is enabled, {@code false} otherwise.
+     */
+    public static boolean isTurnedOn() {
+        return EVENT.isEnabled();
+    }
+
+    public String type;
+    public String algorithm;
+    public String provider;
+}

src/jdk.jfr/share/classes/jdk/jfr/events/SecurityProviderServiceEvent.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.jfr.events;
+
+import jdk.jfr.Category;
+import jdk.jfr.Description;
+import jdk.jfr.Label;
+import jdk.jfr.Name;
+import jdk.jfr.internal.MirrorEvent;
+
+@Category({"Java Development Kit", "Security"})
+@Label("Security Provider Instance Request")
+@Name("jdk.SecurityProviderService")
+@Description("Details of Provider.getInstance(String type, String algorithm) calls")
+@MirrorEvent(className = "jdk.internal.event.SecurityProviderServiceEvent")
+public final class SecurityProviderServiceEvent extends AbstractJDKEvent {
+    @Label("Type of Service")
+    public String type;
+
+    @Label("Algorithm Name")
+    public String algorithm;
+
+    @Label("Security Provider")
+    public String provider;
+}

src/jdk.jfr/share/classes/jdk/jfr/internal/instrument/JDKEvents.java

@@ -27,7 +27,6 @@ package jdk.jfr.internal.instrument;
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
 
 import jdk.jfr.Event;
 import jdk.jfr.events.ActiveRecordingEvent;
@@ -47,6 +46,7 @@ import jdk.jfr.events.FileWriteEvent;
 import jdk.jfr.events.DeserializationEvent;
 import jdk.jfr.events.ProcessStartEvent;
 import jdk.jfr.events.SecurityPropertyModificationEvent;
+import jdk.jfr.events.SecurityProviderServiceEvent;
 import jdk.jfr.events.SocketReadEvent;
 import jdk.jfr.events.SocketWriteEvent;
 import jdk.jfr.events.TLSHandshakeEvent;
@@ -72,6 +72,7 @@ public final class JDKEvents {
         DeserializationEvent.class,
         ProcessStartEvent.class,
         SecurityPropertyModificationEvent.class,
+        SecurityProviderServiceEvent.class,
         ThreadSleepEvent.class,
         TLSHandshakeEvent.class,
         VirtualThreadStartEvent.class,
@@ -96,6 +97,7 @@ public final class JDKEvents {
         jdk.internal.event.DeserializationEvent.class,
         jdk.internal.event.ProcessStartEvent.class,
         jdk.internal.event.SecurityPropertyModificationEvent.class,
+        jdk.internal.event.SecurityProviderServiceEvent.class,
         jdk.internal.event.ThreadSleepEvent.class,
         jdk.internal.event.TLSHandshakeEvent.class,
         jdk.internal.event.VirtualThreadStartEvent.class,

src/jdk.jfr/share/conf/jfr/default.jfc

@@ -714,6 +714,11 @@
        <setting name="stackTrace">true</setting>
     </event>
 
+    <event name="jdk.SecurityProviderService">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.TLSHandshake">
       <setting name="enabled">false</setting>
       <setting name="stackTrace">true</setting>

src/jdk.jfr/share/conf/jfr/profile.jfc

@@ -714,6 +714,11 @@
        <setting name="stackTrace">true</setting>
     </event>
 
+    <event name="jdk.SecurityProviderService">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.TLSHandshake">
       <setting name="enabled">false</setting>
       <setting name="stackTrace">true</setting>

test/jdk/jdk/jfr/event/metadata/TestDefaultConfigurations.java

@@ -172,6 +172,7 @@ public class TestDefaultConfigurations {
         insertSetting(doc, EventNames.JavaExceptionThrow, "threshold", "0 ns");
         insertSetting(doc, EventNames.JavaErrorThrow, "threshold", "0 ns");
         insertSetting(doc, EventNames.SecurityProperty, "threshold", "0 ns");
+        insertSetting(doc, EventNames.SecurityProviderService, "threshold", "0 ns");
         insertSetting(doc, EventNames.TLSHandshake, "threshold", "0 ns");
         insertSetting(doc, EventNames.X509Certificate, "threshold", "0 ns");
         insertSetting(doc, EventNames.X509Validation, "threshold", "0 ns");

test/jdk/jdk/jfr/event/security/TestSecurityProviderServiceEvent.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.jfr.event.security;
+
+import java.security.*;
+import java.security.cert.CertPathBuilder;
+import java.util.Collections;
+import java.util.List;
+import java.util.function.*;
+
+import jdk.jfr.Recording;
+import jdk.jfr.consumer.RecordedEvent;
+import jdk.test.lib.Asserts;
+import jdk.test.lib.jfr.Events;
+import jdk.test.lib.jfr.EventNames;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+
+/*
+ * @test
+ * @bug 8254711
+ * @summary Add JFR events for security crypto algorithms
+ * @key jfr
+ * @requires vm.hasJFR
+ * @library /test/lib
+ * @modules jdk.jfr/jdk.jfr.events
+ * @run main/othervm jdk.jfr.event.security.TestSecurityProviderServiceEvent
+ */
+public class TestSecurityProviderServiceEvent {
+
+    public static void main(String[] args) throws Exception {
+        testAlg(cipherFunc, "AES", "SunJCE",
+                "SunEC", "Cipher", 1, Collections.emptyList());
+        testAlg(signatureFunc, "SHA256withRSA", "SunRsaSign",
+                "SunEC", "Signature", 2, List.of("MessageDigest"));
+        testAlg(messageDigestFunc, "SHA-512", "SUN",
+                "SunEC", "MessageDigest", 1, Collections.emptyList());
+        testAlg(keystoreFunc, "PKCS12", "SUN",
+                "SunEC", "KeyStore", 1, Collections.emptyList());
+        testAlg(certPathBuilderFunc, "PKIX", "SUN",
+                "SunEC", "CertPathBuilder", 2, List.of("CertificateFactory"));
+    }
+
+    private static void testAlg(BiFunction<String, String, Provider> bif, String alg,
+                String workingProv, String brokenProv, String algType,
+                                int expected, List<String> other) throws Exception {
+        // bootstrap security Provider services
+        Provider p =  bif.apply(alg, workingProv);
+
+        try (Recording recording = new Recording()) {
+            recording.enable(EventNames.SecurityProviderService);
+            recording.start();
+            p = bif.apply(alg, workingProv);
+            bif.apply(alg, brokenProv);
+            recording.stop();
+            List<RecordedEvent> events = Events.fromRecording(recording);
+            Asserts.assertEquals(events.size(), expected, "Incorrect number of events");
+            assertEvent(events, algType, alg, p.getName(), other);
+        }
+    }
+
+    private static BiFunction<String, String, Provider> cipherFunc = (s1, p1 ) -> {
+        Cipher c;
+        try {
+            c = Cipher.getInstance(s1, p1);
+            return c.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> signatureFunc = (s1, p1 ) -> {
+        Signature s;
+        try {
+            s = Signature.getInstance(s1, p1);
+            return s.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> messageDigestFunc = (s1, p1 ) -> {
+        MessageDigest md;
+        try {
+            md = MessageDigest.getInstance(s1, p1);
+            return md.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> keystoreFunc = (s1, p1 ) -> {
+        KeyStore ks;
+        try {
+            ks = KeyStore.getInstance(s1, p1);
+            return ks.getProvider();
+        } catch (NoSuchProviderException | KeyStoreException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> certPathBuilderFunc = (s1, p1 ) -> {
+        CertPathBuilder cps;
+        try {
+            cps = CertPathBuilder.getInstance(s1, p1);
+            return cps.getProvider();
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static void assertEvent(List<RecordedEvent> events, String type,
+            String alg, String workingProv, List<String> other) {
+        boolean secondaryEventOK = other.isEmpty() ? true : false;
+        for (RecordedEvent e : events) {
+            if (other.contains(e.getValue("type"))) {
+                // secondary operation in service stack while constructing this request
+                secondaryEventOK = true;
+                continue;
+            }
+            Events.assertField(e, "provider").equal(workingProv);
+            Events.assertField(e, "type").equal(type);
+            Events.assertField(e, "algorithm").equal(alg);
+        }
+        if (!secondaryEventOK) {
+            throw new RuntimeException("Secondary events missing");
+        }
+
+    }
+}

test/lib/jdk/test/lib/jfr/EventNames.java

@@ -193,6 +193,7 @@ public class EventNames {
     public final static String X509Certificate = PREFIX + "X509Certificate";
     public final static String X509Validation = PREFIX + "X509Validation";
     public final static String SecurityProperty = PREFIX + "SecurityPropertyModification";
+    public final static String SecurityProviderService = PREFIX + "SecurityProviderService";
     public final static String DirectBufferStatistics = PREFIX + "DirectBufferStatistics";
     public final static String Deserialization = PREFIX + "Deserialization";
     public static final String VirtualThreadStart = PREFIX + "VirtualThreadStart";