rename SecurityProviderManager#excludeSunJCE to SecurityProviderManager#removeNonCompliantFipsProviders

Signed-off-by: Igonin <[email protected]>
Co-authored-by: Benny Goerzig <[email protected]>
Co-authored-by: Karsten Schnitter <[email protected]>
Co-authored-by: Kai Sternad <[email protected]>

Author: 4 people

server/src/main/java/org/opensearch/bootstrap/Bootstrap.java

@@ -199,7 +199,7 @@ private void setup(boolean addShutdownHook, Environment environment) throws Boot
         var cryptoStandard = System.getenv("OPENSEARCH_CRYPTO_STANDARD");
         if ("FIPS-140-3".equals(cryptoStandard) || "true".equalsIgnoreCase(System.getProperty("org.bouncycastle.fips.approved_only"))) {
             LogManager.getLogger(Bootstrap.class).info("running in FIPS-140-3 mode");
-            SecurityProviderManager.excludeSunJCE();
+            SecurityProviderManager.removeNonCompliantFipsProviders();
         }
 
         // initialize probes before the security manager is installed

server/src/main/java/org/opensearch/bootstrap/SecurityProviderManager.java

@@ -23,7 +23,7 @@ private SecurityProviderManager() {}
      * Removes the SunJCE provider from the list of installed security providers. This method is intended to be used when running
      * in a FIPS JVM and when the security file specifies additional configuration, instead of a complete replacement.
      */
-    public static void excludeSunJCE() {
+    public static void removeNonCompliantFipsProviders() {
         Security.removeProvider(SUN_JCE);
     }
 

server/src/test/java/org/opensearch/bootstrap/SecurityProviderManagerTests.java

@@ -46,7 +46,7 @@ public void setUp() throws Exception {
     // restore the same state as before running the tests.
     public static void removeSunJCE() {
         if (inFipsJvm()) {
-            SecurityProviderManager.excludeSunJCE();
+            SecurityProviderManager.removeNonCompliantFipsProviders();
         }
     }
 
@@ -57,7 +57,7 @@ public void testCipherRC4() throws Exception {
         assertEquals(SUN_JCE, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         expectThrows(NoSuchAlgorithmException.class, () -> Cipher.getInstance(RC_4));
@@ -70,7 +70,7 @@ public void testCipherAES() throws Exception {
         assertEquals(TOP_PRIO_CIPHER_PROVIDER, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         if (inFipsJvm()) {
@@ -89,7 +89,7 @@ public void testCipher3Des() throws Exception {
         assertEquals(TOP_PRIO_CIPHER_PROVIDER, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         if (inFipsJvm()) {
@@ -108,7 +108,7 @@ public void testCipherDes() throws Exception {
         assertEquals(SUN_JCE, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         expectThrows(NoSuchAlgorithmException.class, () -> Cipher.getInstance(DES));
@@ -121,7 +121,7 @@ public void testCipherPBE() throws Exception {
         assertEquals(SUN_JCE, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         expectThrows(NoSuchAlgorithmException.class, () -> Cipher.getInstance(PBE));
@@ -134,15 +134,15 @@ public void testCipherBlowfish() throws Exception {
         assertEquals(SUN_JCE, cipher.getProvider().getName());
 
         // when
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
 
         // then
         expectThrows(NoSuchAlgorithmException.class, () -> Cipher.getInstance(BLOWFISH));
     }
 
     public void testGetPosition() {
         assertTrue(SUN_JCE + " is installed", SecurityProviderManager.getPosition(SUN_JCE) > 0);
-        SecurityProviderManager.excludeSunJCE();
+        SecurityProviderManager.removeNonCompliantFipsProviders();
         assertTrue(SUN_JCE + " is uninstalled", SecurityProviderManager.getPosition(SUN_JCE) < 0);
     }
 

test/framework/src/main/java/org/opensearch/bootstrap/BootstrapForTesting.java

@@ -73,7 +73,6 @@
 import java.util.Optional;
 import java.util.Properties;
 import java.util.Set;
-import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 import static com.carrotsearch.randomizedtesting.RandomizedTest.systemPropertyAsBoolean;
@@ -138,7 +137,7 @@ public class BootstrapForTesting {
         // Log ifconfig output before SecurityManager is installed
         IfConfig.logIfNecessary();
         if (FipsMode.CHECK.isFipsEnabled()) {
-            SecurityProviderManager.excludeSunJCE();
+            SecurityProviderManager.removeNonCompliantFipsProviders();
         }
 
         // install security manager if requested
@@ -223,8 +222,6 @@ public boolean implies(ProtectionDomain domain, Permission permission) {
         }
     }
 
-    static Supplier<Integer> sunJceInsertFunction;
-
     /** Add the codebase url of the given classname to the codebases map, if the class exists. */
     private static void addClassCodebase(Map<String, URL> codebases, String name, String classname) {
         try {