8344366: Remove Security Manager dependencies from javax.net.ssl and sun.security.ssl packages

Reviewed-by: coffeys, ascarpino, hchao

src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java

@@ -227,11 +227,6 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
                 "no default HostnameVerifier specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new SSLPermission("setHostnameVerifier"));
-        }
         defaultHostnameVerifier = v;
     }
 
@@ -306,11 +301,6 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
                 "no default SSLSocketFactory specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkSetFactory();
-        }
         defaultSSLSocketFactory = sf;
     }
 
@@ -353,11 +343,6 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
                 "no SSLSocketFactory specified");
         }
 
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkSetFactory();
-        }
         sslSocketFactory = sf;
     }
 

src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.net.ssl;
 
-import java.security.Security;
 import java.security.*;
 import java.util.Objects;
 
@@ -62,11 +61,8 @@ public class KeyManagerFactory {
      *          {@code ssl.KeyManagerFactory.algorithm} security property, or an
      *          implementation-specific default if no such property exists.
      */
-    @SuppressWarnings("removal")
     public static final String getDefaultAlgorithm() {
-        String type;
+        String type = Security.getProperty("ssl.KeyManagerFactory.algorithm");
-        type = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            Security.getProperty("ssl.KeyManagerFactory.algorithm"));
         if (type == null) {
             type = "SunX509";
         }

src/java.base/share/classes/javax/net/ssl/SSLContext.java

@@ -129,11 +129,6 @@ public class SSLContext {
         if (context == null) {
             throw new NullPointerException();
         }
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new SSLPermission("setDefaultSSLContext"));
-        }
 
         defaultContext = context;
     }

src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java

@@ -33,8 +33,6 @@ import java.io.InputStream;
 import java.security.*;
 import java.util.Locale;
 
-import sun.security.action.GetPropertyAction;
-
 /**
  * <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.
  *
@@ -46,7 +44,7 @@ public abstract class SSLSocketFactory extends SocketFactory {
     static final boolean DEBUG;
 
     static {
-        String s = GetPropertyAction.privilegedGetProperty(
+        String s = System.getProperty(
                 "javax.net.debug", "").toLowerCase(Locale.ENGLISH);
         DEBUG = s.contains("all") || s.contains("ssl");
     }
@@ -86,18 +84,15 @@ public abstract class SSLSocketFactory extends SocketFactory {
         }
     }
 
-    @SuppressWarnings("removal")
     static String getSecurityProperty(final String name) {
-        return AccessController.doPrivileged((PrivilegedAction<String>) () -> {
+        String s = Security.getProperty(name);
-            String s = Security.getProperty(name);
+        if (s != null) {
-            if (s != null) {
+            s = s.trim();
-                s = s.trim();
+            if (s.isEmpty()) {
-                if (s.isEmpty()) {
+                s = null;
-                    s = null;
-                }
             }
-            return s;
+        }
-        });
+        return s;
     }
 
     /**

src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.net.ssl;
 
-import java.security.Security;
 import java.security.*;
 import java.util.Objects;
 
@@ -74,11 +73,8 @@ public class TrustManagerFactory {
      * {@code ssl.TrustManagerFactory.algorithm} security property, or an
      * implementation-specific default if no such property exists.
      */
-    @SuppressWarnings("removal")
     public static final String getDefaultAlgorithm() {
-        String type;
+        String type = Security.getProperty("ssl.TrustManagerFactory.algorithm");
-        type = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            Security.getProperty( "ssl.TrustManagerFactory.algorithm"));
         if (type == null) {
             type = "SunX509";
         }

src/java.base/share/classes/sun/security/action/OpenFileInputStreamAction.java

@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2002, 2004, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.action;
-
-import java.io.*;
-
-import java.security.PrivilegedExceptionAction;
-
-/**
- * A convenience class for opening a FileInputStream as a privileged action.
- *
- * @author Andreas Sterbenz
- */
-public class OpenFileInputStreamAction
-        implements PrivilegedExceptionAction<FileInputStream> {
-
-    private final File file;
-
-    public OpenFileInputStreamAction(File file) {
-        this.file = file;
-    }
-
-    public OpenFileInputStreamAction(String filename) {
-        this.file = new File(filename);
-    }
-
-    public FileInputStream run() throws Exception {
-        return new FileInputStream(file);
-    }
-}

src/java.base/share/classes/sun/security/ssl/AlpnExtension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,8 +28,6 @@ package sun.security.ssl;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.Security;
 import java.util.*;
 import javax.net.ssl.SSLEngine;
@@ -63,10 +61,7 @@ final class AlpnExtension {
     static final Charset alpnCharset;
 
     static {
-        @SuppressWarnings("removal")
+        String alpnCharsetString = Security.getProperty("jdk.tls.alpnCharset");
-        String alpnCharsetString = AccessController.doPrivileged(
-                (PrivilegedAction<String>) ()
-                        -> Security.getProperty("jdk.tls.alpnCharset"));
         if ((alpnCharsetString == null)
                 || (alpnCharsetString.length() == 0)) {
             alpnCharsetString = "ISO_8859_1";

src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,6 @@ import java.security.spec.InvalidKeySpecException;
 import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.DHPublicKeySpec;
-import sun.security.action.GetPropertyAction;
 import sun.security.ssl.NamedGroup.NamedGroupSpec;
 import sun.security.ssl.X509Authentication.X509Possession;
 import sun.security.util.KeyUtil;
@@ -261,8 +260,7 @@ final class DHKeyExchange {
         private final boolean exportable;
 
         static {
-            String property = GetPropertyAction.privilegedGetProperty(
+            String property = System.getProperty("jdk.tls.ephemeralDHKeySize");
-                    "jdk.tls.ephemeralDHKeySize");
             if (property == null || property.isEmpty()) {
                 useLegacyEphemeralDHKeys = false;
                 useSmartEphemeralDHKeys = false;

src/java.base/share/classes/sun/security/ssl/NamedGroup.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,6 @@ import javax.crypto.KeyAgreement;
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
 import sun.security.util.CurveDB;
-import sun.security.action.GetPropertyAction;
 
 /**
  * An enum containing all known named groups for use in TLS.
@@ -752,8 +751,7 @@ enum NamedGroup {
             //
             // If the System Property is not defined or the value is empty, the
             // default groups and preferences will be used.
-            String property = GetPropertyAction
+            String property = System.getProperty("jdk.tls.namedGroups");
-                    .privilegedGetProperty("jdk.tls.namedGroups");
             if (property != null && !property.isEmpty()) {
                 // remove double quote marks from beginning/end of the property
                 if (property.length() > 1 && property.charAt(0) == '"' &&

src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -230,13 +230,7 @@ final class PredefinedDHParameterSpecs {
     static final Map<Integer, DHParameterSpec> ffdheParams;
 
     static {
-        @SuppressWarnings("removal")
+        String property = Security.getProperty(PROPERTY_NAME);
-        String property = AccessController.doPrivileged(
-            new PrivilegedAction<String>() {
-                public String run() {
-                    return Security.getProperty(PROPERTY_NAME);
-                }
-            });
 
         if (property != null && !property.isEmpty()) {
             // remove double quote marks from beginning/end of the property

src/java.base/share/classes/sun/security/ssl/SSLCipher.java

@@ -36,13 +36,11 @@ import javax.crypto.ShortBufferException;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import java.nio.ByteBuffer;
-import java.security.AccessController;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedAction;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.spec.AlgorithmParameterSpec;
@@ -380,14 +378,7 @@ enum SSLCipher {
 
     static  {
         final long max = 4611686018427387904L; // 2^62
-        @SuppressWarnings("removal")
+        String prop = Security.getProperty("jdk.tls.keyLimits");
-        String prop = AccessController.doPrivileged(
-                new PrivilegedAction<String>() {
-            @Override
-            public String run() {
-                return Security.getProperty("jdk.tls.keyLimits");
-            }
-        });
 
         if (prop != null) {
             String[] propvalue = prop.split(",");

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java

@@ -25,8 +25,6 @@
 
 package sun.security.ssl;
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.AlgorithmConstraints;
 import java.security.NoSuchAlgorithmException;
 import java.util.*;
@@ -38,8 +36,6 @@ import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
-import sun.security.action.GetIntegerAction;
-import sun.security.action.GetPropertyAction;
 import sun.security.ssl.SSLExtension.ClientExtensions;
 import sun.security.ssl.SSLExtension.ServerExtensions;
 
@@ -78,9 +74,7 @@ final class SSLConfiguration implements Cloneable {
     BiFunction<SSLSocket, List<String>, String> socketAPSelector;
     BiFunction<SSLEngine, List<String>, String> engineAPSelector;
 
-    @SuppressWarnings("removal")
+    HashSet<HandshakeCompletedListener> handshakeListeners;
-    HashMap<HandshakeCompletedListener, AccessControlContext>
-                                handshakeListeners;
 
     boolean                     noSniExtension;
     boolean                     noSniMatcher;
@@ -105,7 +99,7 @@ final class SSLConfiguration implements Cloneable {
             "jdk.tls.acknowledgeCloseNotify", false);
 
     // Set the max size limit for Handshake Message to 2^15
-    static final int maxHandshakeMessageSize = GetIntegerAction.privilegedGetProperty(
+    static final int maxHandshakeMessageSize = Integer.getInteger(
             "jdk.tls.maxHandshakeMessageSize", 32768);
 
     // Limit the certificate chain length accepted from clients
@@ -147,7 +141,7 @@ final class SSLConfiguration implements Cloneable {
          * jdk.tls.maxCertificateChainLength system property works for both
          * server and client modes.
          */
-        Integer maxCertificateChainLength = GetIntegerAction.privilegedGetProperty(
+        Integer maxCertificateChainLength = Integer.getInteger(
                 "jdk.tls.maxCertificateChainLength");
         if (maxCertificateChainLength != null && maxCertificateChainLength >= 0) {
             globalPropSet = true;
@@ -164,7 +158,7 @@ final class SSLConfiguration implements Cloneable {
          *    property is set and its value >= 0, it uses that value.
          *  - Otherwise it is set to a default value of 8.
          */
-        Integer inboundClientLen = GetIntegerAction.privilegedGetProperty(
+        Integer inboundClientLen = Integer.getInteger(
                 "jdk.tls.server.maxInboundCertificateChainLength");
 
         // Default for jdk.tls.server.maxInboundCertificateChainLength is 8
@@ -186,7 +180,7 @@ final class SSLConfiguration implements Cloneable {
          *    property is set and its value >= 0, it uses that value.
          *  - Otherwise it is set to a default value of 10.
          */
-        Integer inboundServerLen = GetIntegerAction.privilegedGetProperty(
+        Integer inboundServerLen = Integer.getInteger(
             "jdk.tls.client.maxInboundCertificateChainLength");
 
         // Default for jdk.tls.client.maxInboundCertificateChainLength is 10
@@ -203,7 +197,7 @@ final class SSLConfiguration implements Cloneable {
          * client.  The value must be between 0 and 10.  Default is defined by
          * SERVER_NST_DEFAULT.
          */
-        Integer nstServerCount = GetIntegerAction.privilegedGetProperty(
+        Integer nstServerCount = Integer.getInteger(
             "jdk.tls.server.newSessionTicketCount");
         if (nstServerCount == null || nstServerCount < 0 ||
             nstServerCount > 10) {
@@ -384,15 +378,14 @@ final class SSLConfiguration implements Cloneable {
     }
 
     // SSLSocket only
-    @SuppressWarnings("removal")
     void addHandshakeCompletedListener(
             HandshakeCompletedListener listener) {
 
         if (handshakeListeners == null) {
-            handshakeListeners = new HashMap<>(4);
+            handshakeListeners = new HashSet<>(4);
         }
 
-        handshakeListeners.put(listener, AccessController.getContext());
+        handshakeListeners.add(listener);
     }
 
     // SSLSocket only
@@ -403,7 +396,7 @@ final class SSLConfiguration implements Cloneable {
             throw new IllegalArgumentException("no listeners");
         }
 
-        if (handshakeListeners.remove(listener) == null) {
+        if (!handshakeListeners.remove(listener)) {
             throw new IllegalArgumentException("listener not registered");
         }
 
@@ -532,14 +525,14 @@ final class SSLConfiguration implements Cloneable {
     }
 
     @Override
-    @SuppressWarnings({"removal","unchecked", "CloneDeclaresCloneNotSupported"})
+    @SuppressWarnings({"unchecked", "CloneDeclaresCloneNotSupported"})
     public Object clone() {
         // Note that only references to the configurations are copied.
         try {
             SSLConfiguration config = (SSLConfiguration)super.clone();
             if (handshakeListeners != null) {
                 config.handshakeListeners =
-                    (HashMap<HandshakeCompletedListener, AccessControlContext>)
+                    (HashSet<HandshakeCompletedListener>)
                             handshakeListeners.clone();
             }
 
@@ -573,7 +566,7 @@ final class SSLConfiguration implements Cloneable {
      * system property.
      */
     private static String[] getCustomizedSignatureScheme(String propertyName) {
-        String property = GetPropertyAction.privilegedGetProperty(propertyName);
+        String property = System.getProperty(propertyName);
         if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
             SSLLogger.fine(
                     "System property " + propertyName + " is set to '" +

src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@ import java.security.cert.*;
 import java.util.*;
 import java.util.concurrent.locks.ReentrantLock;
 import javax.net.ssl.*;
-import sun.security.action.GetPropertyAction;
 import sun.security.provider.certpath.AlgorithmChecker;
 import sun.security.validator.Validator;
 
@@ -409,7 +408,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
     private static Collection<CipherSuite> getCustomizedCipherSuites(
             String propertyName) {
 
-        String property = GetPropertyAction.privilegedGetProperty(propertyName);
+        String property = System.getProperty(propertyName);
         if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
             SSLLogger.fine(
                     "System property " + propertyName + " is set to '" +
@@ -742,7 +741,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
 
         private static void populate(String propname,
                 ArrayList<ProtocolVersion> arrayList) {
-            String property = GetPropertyAction.privilegedGetProperty(propname);
+            String property = System.getProperty(propname);
             if (property == null) {
                 return;
             }
@@ -957,28 +956,20 @@ public abstract class SSLContextImpl extends SSLContextSpi {
             return tmf.getTrustManagers();
         }
 
-        @SuppressWarnings("removal")
         private static KeyManager[] getKeyManagers() throws Exception {
 
-            final Map<String,String> props = new HashMap<>();
+            Map<String,String> props = new HashMap<>();
-            AccessController.doPrivileged(
+            props.put("keyStore",  System.getProperty(
-                        new PrivilegedExceptionAction<Object>() {
+                        "javax.net.ssl.keyStore", ""));
-                @Override
+            props.put("keyStoreType", System.getProperty(
-                public Object run() {
+                        "javax.net.ssl.keyStoreType",
-                    props.put("keyStore",  System.getProperty(
+                        KeyStore.getDefaultType()));
-                                "javax.net.ssl.keyStore", ""));
+            props.put("keyStoreProvider", System.getProperty(
-                    props.put("keyStoreType", System.getProperty(
+                        "javax.net.ssl.keyStoreProvider", ""));
-                                "javax.net.ssl.keyStoreType",
+            props.put("keyStorePasswd", System.getProperty(
-                                KeyStore.getDefaultType()));
+                        "javax.net.ssl.keyStorePassword", ""));
-                    props.put("keyStoreProvider", System.getProperty(
-                                "javax.net.ssl.keyStoreProvider", ""));
-                    props.put("keyStorePasswd", System.getProperty(
-                                "javax.net.ssl.keyStorePassword", ""));
-                    return null;
-                }
-            });
 
-            final String defaultKeyStore = props.get("keyStore");
+            String defaultKeyStore = props.get("keyStore");
             String defaultKeyStoreType = props.get("keyStoreType");
             String defaultKeyStoreProvider = props.get("keyStoreProvider");
             if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
@@ -1001,13 +992,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
             try {
                 if (!defaultKeyStore.isEmpty() &&
                         !NONE.equals(defaultKeyStore)) {
-                    fs = AccessController.doPrivileged(
+                    fs = new FileInputStream(defaultKeyStore);
-                            new PrivilegedExceptionAction<FileInputStream>() {
-                        @Override
-                        public FileInputStream run() throws Exception {
-                            return new FileInputStream(defaultKeyStore);
-                        }
-                    });
                 }
 
                 String defaultKeyStorePassword = props.get("keyStorePasswd");

src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,6 @@ package sun.security.ssl;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.ReadOnlyBufferException;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.locks.ReentrantLock;
@@ -1202,17 +1199,25 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
                 }
 
                 try {
-                    @SuppressWarnings("removal")
+                    while (!hc.delegatedActions.isEmpty()) {
-                    var dummy = AccessController.doPrivileged(
+                        Map.Entry<Byte, ByteBuffer> me =
-                            new DelegatedAction(hc), engine.conContext.acc);
+                            hc.delegatedActions.poll();
-                } catch (PrivilegedActionException pae) {
+                        if (me != null) {
+                            try {
+                                hc.dispatch(me.getKey(), me.getValue());
+                            } catch (Exception e) {
+                                throw hc.conContext.fatal(Alert.INTERNAL_ERROR,
+                                        "Unhandled exception", e);
+                            }
+                        }
+                    }
+                } catch (SSLException se) {
                     // Get the handshake context again in case the
                     // handshaking has completed.
-                    Exception reportedException = pae.getException();
 
                     // Report to both the TransportContext...
                     if (engine.conContext.delegatedThrown == null) {
-                        engine.conContext.delegatedThrown = reportedException;
+                        engine.conContext.delegatedThrown = se;
                     }
 
                     // ...and the HandshakeContext in case condition
@@ -1220,11 +1225,10 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
                     // around.
                     hc = engine.conContext.handshakeContext;
                     if (hc != null) {
-                        hc.delegatedThrown = reportedException;
+                        hc.delegatedThrown = se;
                     } else if (engine.conContext.closeReason != null) {
                         // Update the reason in case there was a previous.
-                        engine.conContext.closeReason =
+                        engine.conContext.closeReason = getTaskThrown(se);
-                                getTaskThrown(reportedException);
                     }
                 } catch (RuntimeException rte) {
                     // Get the handshake context again in case the
@@ -1257,30 +1261,5 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
                 engine.engineLock.unlock();
             }
         }
-
-        private static class DelegatedAction
-                implements PrivilegedExceptionAction<Void> {
-            final HandshakeContext context;
-            DelegatedAction(HandshakeContext context) {
-                this.context = context;
-            }
-
-            @Override
-            public Void run() throws Exception {
-                while (!context.delegatedActions.isEmpty()) {
-                    Map.Entry<Byte, ByteBuffer> me =
-                            context.delegatedActions.poll();
-                    if (me != null) {
-                        try {
-                            context.dispatch(me.getKey(), me.getValue());
-                        } catch (Exception e) {
-                            throw context.conContext.fatal(Alert.INTERNAL_ERROR,
-                                    "Unhandled exception", e);
-                        }
-                    }
-                }
-                return null;
-            }
-        }
     }
 }

src/java.base/share/classes/sun/security/ssl/SSLExtension.java

@@ -30,7 +30,6 @@ import java.nio.ByteBuffer;
 import java.text.MessageFormat;
 import java.util.*;
 
-import sun.security.action.GetPropertyAction;
 import sun.security.ssl.SSLHandshake.HandshakeMessage;
 import sun.security.util.HexDumpEncoder;
 
@@ -820,7 +819,7 @@ enum SSLExtension implements SSLStringizer {
     // Get disabled extensions, which could be customized with System Properties.
     private static Collection<String> getDisabledExtensions(
                 String propertyName) {
-        String property = GetPropertyAction.privilegedGetProperty(propertyName);
+        String property = System.getProperty(propertyName);
         if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
             SSLLogger.fine(
                     "System property " + propertyName + " is set to '" +

src/java.base/share/classes/sun/security/ssl/SSLLogger.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,6 @@ import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
 
-import sun.security.action.GetPropertyAction;
 import sun.security.util.HexDumpEncoder;
 import sun.security.util.Debug;
 import sun.security.x509.*;
@@ -64,7 +63,7 @@ public final class SSLLogger {
     public static final boolean isOn;
 
     static {
-        String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
+        String p = System.getProperty("javax.net.debug");
         if (p != null) {
             if (p.isEmpty()) {
                 property = "";

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java

@@ -36,8 +36,6 @@ import java.util.concurrent.ConcurrentHashMap;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 
-import sun.security.action.GetIntegerAction;
-import sun.security.action.GetPropertyAction;
 import sun.security.util.Cache;
 
 
@@ -324,10 +322,10 @@ final class SSLSessionContextImpl implements SSLSessionContext {
 
             // Property for Session Cache state
             if (server) {
-                st = GetPropertyAction.privilegedGetProperty(
+                st = System.getProperty(
                         "jdk.tls.server.enableSessionTicketExtension", "true");
             } else {
-                st = GetPropertyAction.privilegedGetProperty(
+                st = System.getProperty(
                         "jdk.tls.client.enableSessionTicketExtension", "true");
             }
 
@@ -337,7 +335,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
 
             // Property for Session Ticket Timeout.  The value can be changed
             // by SSLSessionContext.setSessionTimeout(int)
-            String s = GetPropertyAction.privilegedGetProperty(
+            String s = System.getProperty(
                     "jdk.tls.server.sessionTicketTimeout");
             if (s != null) {
                 try {
@@ -364,7 +362,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
                 }
             }
 
-            int defaultCacheLimit = GetIntegerAction.privilegedGetProperty(
+            int defaultCacheLimit = Integer.getInteger(
                     "javax.net.ssl.sessionCacheSize", DEFAULT_MAX_CACHE_SIZE);
 
             if (defaultCacheLimit >= 0) {

src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

@@ -49,7 +49,6 @@ import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLPermission;
 import javax.net.ssl.SSLSessionBindingEvent;
 import javax.net.ssl.SSLSessionBindingListener;
 import javax.net.ssl.SSLSessionContext;
@@ -913,24 +912,8 @@ final class SSLSessionImpl extends ExtendedSSLSession {
      * are currently valid in this process.  For client sessions,
      * this returns null.
      */
-    @SuppressWarnings("removal")
     @Override
     public SSLSessionContext getSessionContext() {
-        /*
-         * An interim security policy until we can do something
-         * more specific in 1.2. Only allow trusted code (code which
-         * can set system properties) to get an
-         * SSLSessionContext. This is to limit the ability of code to
-         * look up specific sessions or enumerate over them. Otherwise,
-         * code can only get session objects from successful SSL
-         * connections which implies that they must have had permission
-         * to make the network connection in the first place.
-         */
-        SecurityManager sm;
-        if ((sm = System.getSecurityManager()) != null) {
-            sm.checkPermission(new SSLPermission("getSSLSessionContext"));
-        }
-
         return context;
     }
 
@@ -1236,10 +1219,9 @@ final class SSLSessionImpl extends ExtendedSSLSession {
 
     /*
      * Table of application-specific session data indexed by an application
-     * key and the calling security context. This is important since
+     * key.
-     * sessions can be shared across different protection domains.
      */
-    private final ConcurrentHashMap<SecureKey, Object> boundValues;
+    private final ConcurrentHashMap<String, Object> boundValues;
 
     /**
      * Assigns a session value.  Session change events are given if
@@ -1251,8 +1233,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
             throw new IllegalArgumentException("arguments can not be null");
         }
 
-        SecureKey secureKey = new SecureKey(key);
+        Object oldValue = boundValues.put(key, value);
-        Object oldValue = boundValues.put(secureKey, value);
 
         if (oldValue instanceof SSLSessionBindingListener) {
             SSLSessionBindingEvent e;
@@ -1280,8 +1261,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
             throw new IllegalArgumentException("argument can not be null");
         }
 
-        SecureKey secureKey = new SecureKey(key);
+        return boundValues.get(key);
-        return boundValues.get(secureKey);
     }
 
 
@@ -1295,8 +1275,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
             throw new IllegalArgumentException("argument can not be null");
         }
 
-        SecureKey secureKey = new SecureKey(key);
+        Object value = boundValues.remove(key);
-        Object value = boundValues.remove(secureKey);
 
         if (value instanceof SSLSessionBindingListener) {
             SSLSessionBindingEvent e;
@@ -1315,15 +1294,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
      */
     @Override
     public String[] getValueNames() {
-        ArrayList<Object> v = new ArrayList<>();
+        return boundValues.keySet().toArray(new String[0]);
-        Object securityCtx = SecureKey.getCurrentSecurityContext();
-        for (SecureKey key : boundValues.keySet()) {
-            if (securityCtx.equals(key.getSecurityContext())) {
-                v.add(key.getAppKey());
-            }
-        }
-
-        return v.toArray(new String[0]);
     }
 
     /**
@@ -1522,49 +1493,3 @@ final class SSLSessionImpl extends ExtendedSSLSession {
         return "Session(" + creationTime + "|" + getCipherSuite() + ")";
     }
 }
-
-/**
- * This "struct" class serves as a Hash Key that combines an
- * application-specific key and a security context.
- */
-class SecureKey {
-    private static final Object     nullObject = new Object();
-    private final Object            appKey;
-    private final Object            securityCtx;
-
-    static Object getCurrentSecurityContext() {
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        Object context = null;
-
-        if (sm != null)
-            context = sm.getSecurityContext();
-        if (context == null)
-            context = nullObject;
-        return context;
-    }
-
-    SecureKey(Object key) {
-        this.appKey = key;
-        this.securityCtx = getCurrentSecurityContext();
-    }
-
-    Object getAppKey() {
-        return appKey;
-    }
-
-    Object getSecurityContext() {
-        return securityCtx;
-    }
-
-    @Override
-    public int hashCode() {
-        return appKey.hashCode() ^ securityCtx.hashCode();
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        return o instanceof SecureKey && ((SecureKey)o).appKey.equals(appKey)
-                        && ((SecureKey)o).securityCtx.equals(securityCtx);
-    }
-}

src/java.base/share/classes/sun/security/ssl/ServerHandshakeContext.java

@@ -27,9 +27,7 @@ package sun.security.ssl;
 
 import java.io.IOException;
 import java.security.AlgorithmConstraints;
-import java.security.AccessController;
 import sun.security.util.LegacyAlgorithmConstraints;
-import sun.security.action.GetLongAction;
 
 class ServerHandshakeContext extends HandshakeContext {
     // To prevent the TLS renegotiation issues, by setting system property
@@ -61,10 +59,9 @@ class ServerHandshakeContext extends HandshakeContext {
     ServerHandshakeContext(SSLContextImpl sslContext,
             TransportContext conContext) throws IOException {
         super(sslContext, conContext);
-        @SuppressWarnings("removal")
+        long respTimeOut = Long.getLong(
-        long respTimeOut = AccessController.doPrivileged(
+                    "jdk.tls.stapling.responseTimeout",
-                    new GetLongAction("jdk.tls.stapling.responseTimeout",
+                    DEFAULT_STATUS_RESP_DELAY);
-                        DEFAULT_STATUS_RESP_DELAY));
         statusRespTimeout = respTimeOut >= 0 ? respTimeOut :
                 DEFAULT_STATUS_RESP_DELAY;
         handshakeConsumers.put(

src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,6 @@ import javax.net.ssl.SSLSessionContext;
 import static sun.security.ssl.SSLExtension.CH_SESSION_TICKET;
 import static sun.security.ssl.SSLExtension.SH_SESSION_TICKET;
 
-import sun.security.action.GetPropertyAction;
 import sun.security.ssl.SSLExtension.ExtensionConsumer;
 import sun.security.ssl.SSLExtension.SSLExtensionSpec;
 import sun.security.ssl.SSLHandshake.HandshakeMessage;
@@ -78,8 +77,7 @@ final class SessionTicketExtension {
     private static final int KEYLEN = 256;
 
     static {
-        String s = GetPropertyAction.privilegedGetProperty(
+        String s = System.getProperty("jdk.tls.server.statelessKeyTimeout");
-                "jdk.tls.server.statelessKeyTimeout");
         if (s != null) {
             int kt;
             try {

src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java

@@ -27,14 +27,10 @@ package sun.security.ssl;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.security.AccessController;
 import java.security.cert.Extension;
 import java.security.cert.X509Certificate;
 import java.util.*;
 import java.util.concurrent.*;
-import sun.security.action.GetBooleanAction;
-import sun.security.action.GetIntegerAction;
-import sun.security.action.GetPropertyAction;
 import sun.security.provider.certpath.CertId;
 import sun.security.provider.certpath.OCSP;
 import sun.security.provider.certpath.OCSPResponse;
@@ -63,20 +59,17 @@ final class StatusResponseManager {
      * Create a StatusResponseManager with default parameters.
      */
     StatusResponseManager() {
-        @SuppressWarnings("removal")
+        int cap = Integer.getInteger(
-        int cap = AccessController.doPrivileged(
+                "jdk.tls.stapling.cacheSize",
-                new GetIntegerAction("jdk.tls.stapling.cacheSize",
+                DEFAULT_CACHE_SIZE);
-                    DEFAULT_CACHE_SIZE));
         cacheCapacity = cap > 0 ? cap : 0;
 
-        @SuppressWarnings("removal")
+        int life = Integer.getInteger(
-        int life = AccessController.doPrivileged(
+                "jdk.tls.stapling.cacheLifetime",
-                new GetIntegerAction("jdk.tls.stapling.cacheLifetime",
+                DEFAULT_CACHE_LIFETIME);
-                    DEFAULT_CACHE_LIFETIME));
         cacheLifetime = life > 0 ? life : 0;
 
-        String uriStr = GetPropertyAction
+        String uriStr = System.getProperty("jdk.tls.stapling.responderURI");
-                .privilegedGetProperty("jdk.tls.stapling.responderURI");
         URI tmpURI;
         try {
             tmpURI = ((uriStr != null && !uriStr.isEmpty()) ?
@@ -86,10 +79,9 @@ final class StatusResponseManager {
         }
         defaultResponder = tmpURI;
 
-        respOverride = GetBooleanAction
+        respOverride = Boolean.getBoolean("jdk.tls.stapling.responderOverride");
-                .privilegedGetProperty("jdk.tls.stapling.responderOverride");
+        ignoreExtensions = Boolean.getBoolean
-        ignoreExtensions = GetBooleanAction
+                ("jdk.tls.stapling.ignoreExtensions");
-                .privilegedGetProperty("jdk.tls.stapling.ignoreExtensions");
 
         threadMgr = new ScheduledThreadPoolExecutor(DEFAULT_CORE_THREADS,
                 r -> {

src/java.base/share/classes/sun/security/ssl/SunJSSE.java

@@ -25,7 +25,7 @@
 
 package sun.security.ssl;
 
-import java.security.*;
+import java.security.Provider;
 import java.util.*;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
@@ -46,20 +46,12 @@ public class SunJSSE extends java.security.Provider {
         registerAlgorithms();
     }
 
-    @SuppressWarnings("removal")
-    private void registerAlgorithms() {
-        AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-            doRegister();
-            return null;
-        });
-    }
-
     private void ps(String type, String algo, String cn,
             List<String> a, HashMap<String, String> attrs) {
         putService(new Provider.Service(this, type, algo, cn, a, attrs));
     }
 
-    private void doRegister() {
+    private void registerAlgorithms() {
         ps("Signature", "MD5andSHA1withRSA",
             "sun.security.ssl.RSASignature", null, null);
 

src/java.base/share/classes/sun/security/ssl/TransportContext.java

@@ -27,9 +27,6 @@ package sun.security.ssl;
 
 import java.io.IOException;
 import java.net.SocketException;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -49,8 +46,6 @@ final class TransportContext implements ConnectionContext {
 
     // registered plaintext consumers
     final Map<Byte, SSLConsumer>    consumers;
-    @SuppressWarnings("removal")
-    final AccessControlContext      acc;
 
     final SSLContextImpl            sslContext;
     final SSLConfiguration          sslConfig;
@@ -134,7 +129,6 @@ final class TransportContext implements ConnectionContext {
                 inputRecord, outputRecord, false);
     }
 
-    @SuppressWarnings("removal")
     private TransportContext(SSLContextImpl sslContext, SSLTransport transport,
             SSLConfiguration sslConfig, InputRecord inputRecord,
             OutputRecord outputRecord, boolean isUnsureMode) {
@@ -154,7 +148,6 @@ final class TransportContext implements ConnectionContext {
         this.clientVerifyData = emptyByteArray;
         this.serverVerifyData = emptyByteArray;
 
-        this.acc = AccessController.getContext();
         this.consumers = new HashMap<>();
 
         if (inputRecord instanceof DTLSInputRecord dtlsInputRecord) {
@@ -677,34 +670,22 @@ final class TransportContext implements ConnectionContext {
     // A separate thread is allocated to deliver handshake completion
     // events.
     private static class NotifyHandshake implements Runnable {
-        @SuppressWarnings("removal")
+        private final Set<HandshakeCompletedListener>
-        private final Set<Map.Entry<HandshakeCompletedListener,
+                                       targets;         // who gets notified
-                AccessControlContext>> targets;         // who gets notified
         private final HandshakeCompletedEvent event;    // the notification
 
         NotifyHandshake(
-                @SuppressWarnings("removal")
+                Set<HandshakeCompletedListener> listeners,
-                Map<HandshakeCompletedListener,AccessControlContext> listeners,
                 HandshakeCompletedEvent event) {
-            this.targets = new HashSet<>(listeners.entrySet());     // clone
+            this.targets = new HashSet<>(listeners);     // clone
             this.event = event;
         }
 
-        @SuppressWarnings("removal")
         @Override
         public void run() {
             // Don't need to synchronize, as it only runs in one thread.
-            for (Map.Entry<HandshakeCompletedListener,
+            for (HandshakeCompletedListener listener : targets) {
-                    AccessControlContext> entry : targets) {
+                listener.handshakeCompleted(event);
-                final HandshakeCompletedListener listener = entry.getKey();
-                AccessControlContext acc = entry.getValue();
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                    @Override
-                    public Void run() {
-                        listener.handshakeCompleted(event);
-                        return null;
-                    }
-                }, acc);
             }
         }
     }

src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,11 +27,10 @@ package sun.security.ssl;
 
 import java.io.*;
 import java.lang.ref.WeakReference;
-import java.security.*;
+import java.security.KeyStore;
 import java.security.cert.*;
 import java.util.*;
 import java.util.concurrent.locks.ReentrantLock;
-import sun.security.action.*;
 import sun.security.util.FilePaths;
 import sun.security.validator.TrustStoreUtil;
 
@@ -75,7 +74,7 @@ final class TrustStoreManager {
     private static final class TrustStoreDescriptor {
         private static final String fileSep = File.separator;
         private static final String defaultStorePath =
-                GetPropertyAction.privilegedGetProperty("java.home") +
+                System.getProperty("java.home") +
                 fileSep + "lib" + fileSep + "security";
         private static final String defaultStore = FilePaths.cacerts();
         private static final String jsseDefaultStore =
@@ -122,57 +121,50 @@ final class TrustStoreManager {
          * Create an instance of TrustStoreDescriptor for the default
          * trusted KeyStore.
          */
-        @SuppressWarnings({"removal","Convert2Lambda"})
+        @SuppressWarnings("Convert2Lambda")
         static TrustStoreDescriptor createInstance() {
-             return AccessController.doPrivileged(
+            // Get the system properties for trust store.
-                    new PrivilegedAction<TrustStoreDescriptor>() {
+            String storePropName = System.getProperty(
+                    "javax.net.ssl.trustStore", jsseDefaultStore);
+            String storePropType = System.getProperty(
+                    "javax.net.ssl.trustStoreType",
+                    KeyStore.getDefaultType());
+            String storePropProvider = System.getProperty(
+                    "javax.net.ssl.trustStoreProvider", "");
+            String storePropPassword = System.getProperty(
+                    "javax.net.ssl.trustStorePassword", "");
 
-                @Override
+            String temporaryName = "";
-                public TrustStoreDescriptor run() {
+            File temporaryFile = null;
-                    // Get the system properties for trust store.
+            long temporaryTime = 0L;
-                    String storePropName = System.getProperty(
+            if (!"NONE".equals(storePropName)) {
-                            "javax.net.ssl.trustStore", jsseDefaultStore);
+                String[] fileNames =
-                    String storePropType = System.getProperty(
+                        new String[] {storePropName, defaultStore};
-                            "javax.net.ssl.trustStoreType",
+                for (String fileName : fileNames) {
-                            KeyStore.getDefaultType());
+                    File f = new File(fileName);
-                    String storePropProvider = System.getProperty(
+                    if (f.isFile() && f.canRead()) {
-                            "javax.net.ssl.trustStoreProvider", "");
+                        temporaryName = fileName;
-                    String storePropPassword = System.getProperty(
+                        temporaryFile = f;
-                            "javax.net.ssl.trustStorePassword", "");
+                        temporaryTime = f.lastModified();
 
-                    String temporaryName = "";
+                        break;
-                    File temporaryFile = null;
-                    long temporaryTime = 0L;
-                    if (!"NONE".equals(storePropName)) {
-                        String[] fileNames =
-                                new String[] {storePropName, defaultStore};
-                        for (String fileName : fileNames) {
-                            File f = new File(fileName);
-                            if (f.isFile() && f.canRead()) {
-                                temporaryName = fileName;
-                                temporaryFile = f;
-                                temporaryTime = f.lastModified();
-
-                                break;
-                            }
-
-                            // Not break, the file is inaccessible.
-                            if (SSLLogger.isOn &&
-                                    SSLLogger.isOn("trustmanager")) {
-                                SSLLogger.fine(
-                                        "Inaccessible trust store: " +
-                                        fileName);
-                            }
-                        }
-                    } else {
-                        temporaryName = storePropName;
                     }
 
-                    return new TrustStoreDescriptor(
+                    // Not break, the file is inaccessible.
-                            temporaryName, storePropType, storePropProvider,
+                    if (SSLLogger.isOn &&
-                            storePropPassword, temporaryFile, temporaryTime);
+                            SSLLogger.isOn("trustmanager")) {
+                        SSLLogger.fine(
+                                "Inaccessible trust store: " +
+                                fileName);
+                    }
                 }
-            });
+            } else {
+                temporaryName = storePropName;
+            }
+
+            return new TrustStoreDescriptor(
+                    temporaryName, storePropType, storePropProvider,
+                    storePropPassword, temporaryFile, temporaryTime);
         }
 
         @Override
@@ -384,8 +376,8 @@ final class TrustStoreManager {
             }
 
             if (!"NONE".equals(descriptor.storeName)) {
-                try (@SuppressWarnings("removal") FileInputStream fis = AccessController.doPrivileged(
+                try (FileInputStream fis =
-                        new OpenFileInputStreamAction(descriptor.storeFile))) {
+                        new FileInputStream(descriptor.storeFile)) {
                     ks.load(fis, password);
                 } catch (FileNotFoundException fnfe) {
                     // No file available, no KeyStore available.

src/java.base/share/classes/sun/security/ssl/Utilities.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@ import java.util.*;
 import java.util.regex.Pattern;
 import javax.net.ssl.*;
 import sun.net.util.IPAddressUtil;
-import sun.security.action.GetPropertyAction;
 
 /**
  * A utility class to share the static methods.
@@ -128,12 +127,10 @@ final class Utilities {
 
     /**
      * Return the value of the boolean System property propName.
-     *
-     * Note use of privileged action. Do NOT make accessible to applications.
      */
     static boolean getBooleanProperty(String propName, boolean defaultValue) {
         // if set, require value of either true or false
-        String b = GetPropertyAction.privilegedGetProperty(propName);
+        String b = System.getProperty(propName);
         if (b == null) {
             return defaultValue;
         } else if (b.equalsIgnoreCase("false")) {

test/jdk/sun/security/action/Generify.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
  * @modules java.base/sun.security.action
  */
 
-import java.io.*;
 import java.security.*;
 import sun.security.action.*;
 
@@ -74,14 +73,5 @@ public class Generify {
         } else {
             throw new SecurityException("property test failed");
         }
-
-        File f = new File(System.getProperty("test.src", "."), "Generify.java");
-        FileInputStream fis = AccessController.doPrivileged
-                        (new OpenFileInputStreamAction(f));
-        if (fis != null) {
-            System.out.println("file test passed");
-        } else {
-            throw new SecurityException("file test failed");
-        }
     }
 }