diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java index 5eebf98acc3..e13eec42905 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java @@ -56,14 +56,8 @@ extends KeyAgreementSpi { private static class AllowKDF { - private static final boolean VALUE = getValue(); - - @SuppressWarnings("removal") - private static boolean getValue() { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF")); - } + private static final boolean VALUE = + Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF"); } /** diff --git a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java index ab8f2d7097b..3a8f19fa2fb 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -30,14 +30,12 @@ import sun.security.util.IOUtils; import java.io.*; import java.util.*; -import java.security.AccessController; import java.security.DigestInputStream; import java.security.DigestOutputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Key; import java.security.PrivateKey; -import java.security.PrivilegedAction; import java.security.KeyStoreSpi; import java.security.KeyStoreException; import java.security.UnrecoverableKeyException; @@ -835,15 +833,9 @@ public final class JceKeyStore extends KeyStoreSpi { // read the sealed key try { ois = new ObjectInputStream(dis); - final ObjectInputStream ois2 = ois; // Set a deserialization checker - @SuppressWarnings("removal") - var dummy = AccessController.doPrivileged( - (PrivilegedAction)() -> { - ois2.setObjectInputFilter( - new DeserializationChecker(fullLength)); - return null; - }); + ois.setObjectInputFilter( + new DeserializationChecker(fullLength)); entry.sealedKey = (SealedObject)ois.readObject(); entry.maxLength = fullLength; // NOTE: don't close ois here since we are still diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java b/src/java.base/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java index 01330678083..b5f5bc89f23 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -73,18 +73,13 @@ final class SealedObjectForKeyProtector extends SealedObject { return params; } - @SuppressWarnings("removal") final Key getKey(Cipher c, int maxLength) throws IOException, ClassNotFoundException, IllegalBlockSizeException, BadPaddingException { try (ObjectInputStream ois = SharedSecrets.getJavaxCryptoSealedObjectAccess() .getExtObjectInputStream(this, c)) { - AccessController.doPrivileged( - (PrivilegedAction) () -> { - ois.setObjectInputFilter(new DeserializationChecker(maxLength)); - return null; - }); + ois.setObjectInputFilter(new DeserializationChecker(maxLength)); try { @SuppressWarnings("unchecked") Key t = (Key) ois.readObject(); @@ -113,16 +108,8 @@ final class SealedObjectForKeyProtector extends SealedObject { private static final ObjectInputFilter OWN_FILTER; static { - @SuppressWarnings("removal") - String prop = AccessController.doPrivileged( - (PrivilegedAction) () -> { - String tmp = System.getProperty(KEY_SERIAL_FILTER); - if (tmp != null) { - return tmp; - } else { - return Security.getProperty(KEY_SERIAL_FILTER); - } - }); + String prop = System.getProperty( + KEY_SERIAL_FILTER, Security.getProperty(KEY_SERIAL_FILTER)); OWN_FILTER = prop == null ? null : ObjectInputFilter.Config.createFilter(prop); diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java index c0766077ba9..6e3efe8c285 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -25,10 +25,8 @@ package com.sun.crypto.provider; -import java.security.AccessController; import java.security.Provider; import java.security.SecureRandom; -import java.security.PrivilegedAction; import java.util.HashMap; import java.util.List; import static sun.security.util.SecurityConstants.PROVIDER_VER; @@ -121,24 +119,12 @@ public final class SunJCE extends Provider { attrs)); } - @SuppressWarnings("removal") public SunJCE() { /* We are the "SunJCE" provider */ super("SunJCE", PROVIDER_VER, info); - // if there is no security manager installed, put directly into - // the provider - if (System.getSecurityManager() == null) { - putEntries(); - } else { - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Void run() { - putEntries(); - return null; - } - }); - } + putEntries(); + if (instance == null) { instance = this; } diff --git a/src/java.base/share/classes/javax/crypto/JceSecurity.java.template b/src/java.base/share/classes/javax/crypto/JceSecurity.java.template index cd5069d89dd..8b64b452b11 100644 --- a/src/java.base/share/classes/javax/crypto/JceSecurity.java.template +++ b/src/java.base/share/classes/javax/crypto/JceSecurity.java.template @@ -76,7 +76,6 @@ import sun.security.util.Debug; * @since 1.4 */ -@SuppressWarnings("removal") final class JceSecurity { private static final Debug debug = Debug.getInstance("jca"); @@ -109,15 +108,7 @@ final class JceSecurity { static { try { - AccessController.doPrivileged( - new PrivilegedExceptionAction<> () { - @Override - public Void run() throws Exception { - setupJurisdictionPolicies(); - return null; - } - } - ); + setupJurisdictionPolicies(); isRestricted = defaultPolicy.implies( CryptoAllPermission.INSTANCE) ? false : true; @@ -285,20 +276,14 @@ final class JceSecurity { synchronized (codeBaseCacheRef) { URL url = codeBaseCacheRef.get(clazz); if (url == null) { - url = AccessController.doPrivileged( - new PrivilegedAction<>() { - @Override - public URL run() { - ProtectionDomain pd = clazz.getProtectionDomain(); - if (pd != null) { - CodeSource cs = pd.getCodeSource(); - if (cs != null) { - return cs.getLocation(); - } - } - return NULL_URL; - } - }); + url = NULL_URL; + ProtectionDomain pd = clazz.getProtectionDomain(); + if (pd != null) { + CodeSource cs = pd.getCodeSource(); + if (cs != null) { + url = cs.getLocation(); + } + } codeBaseCacheRef.put(clazz, url); } return (url == NULL_URL) ? null : url; diff --git a/src/java.base/share/classes/javax/crypto/JceSecurityManager.java b/src/java.base/share/classes/javax/crypto/JceSecurityManager.java index b178c8bfb02..6e4d39bb88f 100644 --- a/src/java.base/share/classes/javax/crypto/JceSecurityManager.java +++ b/src/java.base/share/classes/javax/crypto/JceSecurityManager.java @@ -65,18 +65,10 @@ final class JceSecurityManager { exemptPolicy = JceSecurity.getExemptPolicy(); allPerm = CryptoAllPermission.INSTANCE; - PrivilegedAction paSM = JceSecurityManager::new; - @SuppressWarnings("removal") - JceSecurityManager dummySecurityManager = - AccessController.doPrivileged(paSM); - INSTANCE = dummySecurityManager; + INSTANCE = new JceSecurityManager(); - PrivilegedAction paWalker = - () -> StackWalker.getInstance(Set.of(Option.DROP_METHOD_INFO, Option.RETAIN_CLASS_REFERENCE)); - @SuppressWarnings("removal") - StackWalker dummyWalker = AccessController.doPrivileged(paWalker); - - WALKER = dummyWalker; + WALKER = StackWalker.getInstance( + Set.of(Option.DROP_METHOD_INFO, Option.RETAIN_CLASS_REFERENCE)); } private JceSecurityManager() { diff --git a/src/java.base/share/classes/javax/crypto/ProviderVerifier.java b/src/java.base/share/classes/javax/crypto/ProviderVerifier.java index cbfd02c32f4..37d16dff568 100644 --- a/src/java.base/share/classes/javax/crypto/ProviderVerifier.java +++ b/src/java.base/share/classes/javax/crypto/ProviderVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -100,20 +100,12 @@ final class ProviderVerifier { // Get a link to the Jarfile to search. try { - @SuppressWarnings("removal") - var tmp = AccessController.doPrivileged( - (PrivilegedExceptionAction) () -> { - JarURLConnection conn = - (JarURLConnection) url.openConnection(); - // You could do some caching here as - // an optimization. - conn.setUseCaches(false); - return conn.getJarFile(); - }); - jf = tmp; - } catch (java.security.PrivilegedActionException pae) { - throw new SecurityException("Cannot load " + url, - pae.getCause()); + JarURLConnection conn = (JarURLConnection) url.openConnection(); + // You could do some caching here as an optimization. + conn.setUseCaches(false); + jf = conn.getJarFile(); + } catch (IOException ioe) { + throw new SecurityException("Cannot load " + url, ioe); } if (jf != null) {