8372661: Add a null-safe static factory method to "jdk.test.lib.net.SimpleSSLContext"

Backport-of: 95ef1c5dbc468f6ff0a93050fe53d4936c5ab100

Author: GoeLin

test/lib/jdk/test/lib/net/SimpleSSLContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,69 +23,100 @@
 
 package jdk.test.lib.net;
 
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.*;
 import java.io.*;
 import java.security.*;
-import java.security.cert.*;
-import java.util.function.Supplier;
 import javax.net.ssl.*;
 
 /**
- * Creates a simple usable SSLContext for SSLSocketFactory
- * or a HttpsServer using either a given keystore or a default
- * one in the test tree.
- *
- * Using this class with a security manager requires the following
- * permissions to be granted:
- *
- * permission "java.util.PropertyPermission" "test.src.path", "read";
- * permission java.io.FilePermission "/path/to/test/lib/jdk/test/lib/testkeys", "read";
- * The exact path above depends on the location of the test.
+ * Utility for creating a simple usable {@link SSLContext} for testing purposes.
  */
-public class SimpleSSLContext {
+public final class SimpleSSLContext {
+
+    private static final String DEFAULT_PROTOCOL = "TLS";
+
+    private static final String DEFAULT_KEY_STORE_FILE_REL_PATH = "jdk/test/lib/net/testkeys";
 
-    SSLContext ssl;
+    private final SSLContext ssl;
+
+    // Made `public` for backward compatibility
+    public SimpleSSLContext() throws IOException {
+        this.ssl = findSSLContext(DEFAULT_KEY_STORE_FILE_REL_PATH, DEFAULT_PROTOCOL);
+    }
+
+    // Kept for backward compatibility
+    public SimpleSSLContext(String keyStoreFileRelPath) throws IOException {
+        this.ssl = findSSLContext(Objects.requireNonNull(keyStoreFileRelPath), DEFAULT_PROTOCOL);
+    }
 
     /**
-     * loads default keystore from SimpleSSLContext
-     * source directory
+     * {@return a new {@link SSLContext} instance by searching for a key store
+     * file path, and loading the first found one}
+     *
+     * @throws RuntimeException if no key store file can be found or the found
+     * one cannot be loaded
      */
-    public SimpleSSLContext() throws IOException {
-        this(() -> "TLS");
+    public static SSLContext findSSLContext() throws IOException {
+        return findSSLContext(DEFAULT_PROTOCOL);
+    }
+
+    /**
+     * {@return a new {@link SSLContext} instance by searching for a key store
+     * file path, and loading the first found one}
+     *
+     * @param protocol an {@link SSLContext} protocol
+     *
+     * @throws NullPointerException if {@code protocol} is null
+     * @throws RuntimeException if no key store file can be found or the found
+     * one cannot be loaded
+     */
+    public static SSLContext findSSLContext(String protocol) throws IOException {
+        Objects.requireNonNull(protocol);
+        return findSSLContext(DEFAULT_KEY_STORE_FILE_REL_PATH, protocol);
     }
 
+    /**
+     * {@return a new {@link SSLContext} instance by searching for a key store
+     * file path, and loading the first found one}
+     *
+     * @param keyStoreFileRelPath a key store file path to be concatenated with
+     *                            the search path(s) obtained from the
+     *                            {@code test.src.path} system property
+     * @param protocol an {@link SSLContext} protocol
+     *
+     * @throws NullPointerException if {@code keyStoreFileRelPath} or {@code protocol} is null
+     * @throws RuntimeException if no key store file can be found or the found
+     * one cannot be loaded
+     */
     @SuppressWarnings("removal")
-    private SimpleSSLContext(Supplier<String> protocols) throws IOException {
+    public static SSLContext findSSLContext(String keyStoreFileRelPath, String protocol) throws IOException {
+        Objects.requireNonNull(keyStoreFileRelPath);
+        Objects.requireNonNull(protocol);
+
         try {
-            final String proto = protocols.get();
-            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
-                @Override
-                public Void run() throws Exception {
-                    String paths = System.getProperty("test.src.path");
-                    StringTokenizer st = new StringTokenizer(paths, File.pathSeparator);
-                    boolean securityExceptions = false;
-                    while (st.hasMoreTokens()) {
-                        String path = st.nextToken();
-                        try {
-                            File f = new File(path, "jdk/test/lib/net/testkeys");
-                            if (f.exists()) {
-                                try (FileInputStream fis = new FileInputStream(f)) {
-                                    init(fis, proto);
-                                    return null;
-                                }
-                            }
-                        } catch (SecurityException e) {
-                            // catch and ignore because permission only required
-                            // for one entry on path (at most)
-                            securityExceptions = true;
+            SSLContext res = (SSLContext) AccessController.doPrivileged((PrivilegedExceptionAction) () -> {
+                String sourcePaths = System.getProperty("test.src.path");
+                boolean securityExceptions = false;
+                for (var sourcePath : Collections.list(new StringTokenizer(sourcePaths, File.pathSeparator))) {
+                    try {
+                        var keyStoreFileAbsPath = Path.of((String) sourcePath, keyStoreFileRelPath);
+                        if (Files.exists(keyStoreFileAbsPath)) {
+                            return loadSSLContext(keyStoreFileAbsPath, protocol);
                         }
+                    } catch (SecurityException e) {
+                        // catch and ignore because permission only required
+                        // for one entry on path (at most)
+                        securityExceptions = true;
                     }
-                    if (securityExceptions) {
-                        System.err.println("SecurityExceptions thrown on loading testkeys");
-                    }
-                    return null;
                 }
+                if (securityExceptions) {
+                    System.err.println("SecurityExceptions thrown on loading testkeys");
+                }
+                return null;
             });
+            if (res != null) return res;
         } catch (PrivilegedActionException pae) {
             Throwable t = pae.getCause() != null ? pae.getCause() : pae;
             if (t instanceof IOException)
@@ -96,49 +127,58 @@ public Void run() throws Exception {
                 throw (Error)t;
             throw new RuntimeException(t);
         }
+        throw new RuntimeException(
+                "Could not find any key store at source path(s) using key store file relative path '%s'".formatted(
+                        keyStoreFileRelPath));
     }
 
     /**
-     * loads default keystore from given directory
+     * {@return a new {@link SSLContext} loaded from the provided key store file
+     * path using the given protocol}
+     *
+     * @param keyStoreFilePath a {@link KeyStore} file path
+     * @param protocol an {@link SSLContext} protocol
+     *
+     * @throws RuntimeException if loading fails
      */
-    public SimpleSSLContext(String dir) throws IOException {
-        String file = dir + "/testkeys";
-        try (FileInputStream fis = new FileInputStream(file)) {
-            init(fis, "TLS");
-        }
-    }
-
-    private void init(InputStream i, String protocol) throws IOException {
-        try {
+    private static SSLContext loadSSLContext(Path keyStoreFilePath, String protocol) {
+        try (var storeStream = Files.newInputStream(keyStoreFilePath)) {
             char[] passphrase = "passphrase".toCharArray();
             KeyStore ks = KeyStore.getInstance("PKCS12");
-            ks.load(i, passphrase);
+            ks.load(storeStream, passphrase);
 
             KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
             kmf.init(ks, passphrase);
 
             TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
             tmf.init(ks);
 
-            ssl = SSLContext.getInstance(protocol);
-            ssl.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-        } catch (KeyManagementException | KeyStoreException |
-                UnrecoverableKeyException | CertificateException |
-                NoSuchAlgorithmException e) {
-            throw new RuntimeException(e.getMessage());
+            var sslContext = SSLContext.getInstance(protocol);
+            sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+            return sslContext;
+        } catch (SecurityException e) {
+            throw e;
+        } catch (Exception e) {
+            var message = "Failed loading 'SSLContext' from key store at location '%s' for protocol '%s'".formatted(
+                    keyStoreFilePath, protocol);
+            throw new RuntimeException(message, e);
         }
     }
 
+    // Kept for backward compatibility
     public static SSLContext getContext(String protocol) throws IOException {
-        if(protocol == null || protocol.isEmpty()) {
-            return new SimpleSSLContext().get();
-        }
-        else {
-            return new SimpleSSLContext(() -> protocol).get();
+        try {
+            return protocol == null || protocol.isEmpty()
+                    ? findSSLContext()
+                    : findSSLContext(protocol);
+        } catch (RuntimeException re) {
+            throw new IOException(re);
         }
     }
 
+    // Kept for backward compatibility
     public SSLContext get() {
         return ssl;
     }
+
 }