RFR: 8344366: Remove Security Manager dependencies from javax.net.ssl and sun.security.ssl packages

[Sean Coffey]

On Thu, 21 Nov 2024 18:29:24 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Now that JEP 486 has been integrated, the `javax.net.ssl` and `sun.security.ssl` package implementation dependencies on `System.getSecurityManager`, `AccessController.doPrivileged` and `AccessControlContext` can be removed.
> 
> Most of the changes are straightforward: removal of code calling `System.getSecurityManager()` and unwrapping of code inside `AccessController.doPrivileged`. However, two changes involved slightly more complicated work:
> 
> 1. `sun.security.ssl.SSLConfiguration` no longer needs to capture the access control context of `javax.net.ssl.HandshakeCompletedListener` objects, which means it can store the listeners in a `HashSet` instead of a `HashMap`.
> 2. `sun.security.ssl.SSLSessionImpl` (which implements `javax.net.ssl.SSLSession`) does not need to store attributes based on access control contexts anymore, which means it can store the keys as Strings instead of one that combines the key and the access control context.
> 3. `sun.security.ssl.TransportContext` does not need to capture the access control context anymore.

src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java line 380:

> 378:             if (!"NONE".equals(descriptor.storeName)) {
> 379:                 try (FileInputStream fis =
> 380:                         new FileInputStream(descriptor.storeFile)) {

wonder if `OpenFileInputStreamAction` could be removed from the codebase ? No other usage detected.. with the exception of test/jdk/sun/security/action/Generify.java which is just a sanity test and could be edited.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22301#discussion_r1853873465