8254711: Add java.security.Provider.getService JFR Event

8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java

Reviewed-by: mbaesken
Backport-of: bc2af47e1e4e6e96020e03a60ce098ddd17f63ba

src/java.base/share/classes/java/security/Provider.java

@@ -25,6 +25,8 @@
 
 package java.security;
 
+import jdk.internal.event.SecurityProviderServiceEvent;
+
 import java.io.*;
 import java.util.*;
 import static java.util.Locale.ENGLISH;
@@ -1278,19 +1280,28 @@ public Service getService(String type, String algorithm) {
             key = new ServiceKey(type, algorithm, false);
             previousKey = key;
         }
+        Service s = null;
         if (!serviceMap.isEmpty()) {
-            Service s = serviceMap.get(key);
-            if (s != null) {
-                return s;
-            }
+            s = serviceMap.get(key);
         }
-        synchronized (this) {
-            ensureLegacyParsed();
-            if (legacyMap != null && !legacyMap.isEmpty()) {
-                return legacyMap.get(key);
+        if (s == null) {
+            synchronized (this) {
+                ensureLegacyParsed();
+                if (legacyMap != null && !legacyMap.isEmpty()) {
+                    s = legacyMap.get(key);
+                }
             }
         }
-        return null;
+
+        if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
+            var e  = new SecurityProviderServiceEvent();
+            e.provider = getName();
+            e.type = type;
+            e.algorithm = algorithm;
+            e.commit();
+        }
+
+        return s;
     }
 
     // ServiceKey from previous getService() call

src/java.base/share/classes/jdk/internal/event/SecurityProviderServiceEvent.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.event;
+
+/**
+ * Event recording details of Provider.getService(String type, String algorithm) calls
+ */
+
+public final class SecurityProviderServiceEvent extends Event {
+    private final static SecurityProviderServiceEvent EVENT = new SecurityProviderServiceEvent();
+
+    /**
+     * Returns {@code true} if event is enabled, {@code false} otherwise.
+     */
+    public static boolean isTurnedOn() {
+        return EVENT.isEnabled();
+    }
+
+    public String type;
+    public String algorithm;
+    public String provider;
+}

src/jdk.jfr/share/classes/jdk/jfr/events/SecurityProviderServiceEvent.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.jfr.events;
+
+import jdk.jfr.Category;
+import jdk.jfr.Description;
+import jdk.jfr.Label;
+import jdk.jfr.Name;
+import jdk.jfr.internal.MirrorEvent;
+
+@Category({"Java Development Kit", "Security"})
+@Label("Security Provider Instance Request")
+@Name("jdk.SecurityProviderService")
+@Description("Details of Provider.getInstance(String type, String algorithm) calls")
+@MirrorEvent(className = "jdk.internal.event.SecurityProviderServiceEvent")
+public final class SecurityProviderServiceEvent extends AbstractJDKEvent {
+    @Label("Type of Service")
+    public String type;
+
+    @Label("Algorithm Name")
+    public String algorithm;
+
+    @Label("Security Provider")
+    public String provider;
+}

src/jdk.jfr/share/classes/jdk/jfr/internal/instrument/JDKEvents.java

@@ -39,6 +39,7 @@
 import jdk.jfr.events.FileWriteEvent;
 import jdk.jfr.events.DeserializationEvent;
 import jdk.jfr.events.SecurityPropertyModificationEvent;
+import jdk.jfr.events.SecurityProviderServiceEvent;
 import jdk.jfr.events.SocketReadEvent;
 import jdk.jfr.events.SocketWriteEvent;
 import jdk.jfr.events.TLSHandshakeEvent;
@@ -57,6 +58,7 @@ public final class JDKEvents {
     private static final Class<?>[] mirrorEventClasses = {
         DeserializationEvent.class,
         SecurityPropertyModificationEvent.class,
+        SecurityProviderServiceEvent.class,
         TLSHandshakeEvent.class,
         X509CertificateEvent.class,
         X509ValidationEvent.class
@@ -75,6 +77,7 @@ public final class JDKEvents {
         ActiveRecordingEvent.class,
         jdk.internal.event.DeserializationEvent.class,
         jdk.internal.event.SecurityPropertyModificationEvent.class,
+        jdk.internal.event.SecurityProviderServiceEvent.class,
         jdk.internal.event.TLSHandshakeEvent.class,
         jdk.internal.event.X509CertificateEvent.class,
         jdk.internal.event.X509ValidationEvent.class

src/jdk.jfr/share/conf/jfr/default.jfc

@@ -613,6 +613,11 @@
        <setting name="stackTrace">true</setting>
     </event>
 
+    <event name="jdk.SecurityProviderService">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.TLSHandshake">
       <setting name="enabled">false</setting>
       <setting name="stackTrace">true</setting>

src/jdk.jfr/share/conf/jfr/profile.jfc

@@ -613,6 +613,11 @@
        <setting name="stackTrace">true</setting>
     </event>
 
+    <event name="jdk.SecurityProviderService">
+       <setting name="enabled">false</setting>
+       <setting name="stackTrace">true</setting>
+    </event>
+
     <event name="jdk.TLSHandshake">
       <setting name="enabled">false</setting>
       <setting name="stackTrace">true</setting>

test/jdk/jdk/jfr/event/metadata/TestDefaultConfigurations.java

@@ -174,6 +174,7 @@ private static Document createDocument(String content) throws ParserConfiguratio
         insertSetting(doc, EventNames.JavaExceptionThrow, "threshold", "0 ns");
         insertSetting(doc, EventNames.JavaErrorThrow, "threshold", "0 ns");
         insertSetting(doc, EventNames.SecurityProperty, "threshold", "0 ns");
+        insertSetting(doc, EventNames.SecurityProviderService, "threshold", "0 ns");
         insertSetting(doc, EventNames.TLSHandshake, "threshold", "0 ns");
         insertSetting(doc, EventNames.X509Certificate, "threshold", "0 ns");
         insertSetting(doc, EventNames.X509Validation, "threshold", "0 ns");

test/jdk/jdk/jfr/event/runtime/TestActiveSettingEvent.java

@@ -206,6 +206,7 @@ private static void testSettingConfiguration(String configurationName) throws Ex
         settingValues.put(EventNames.X509Certificate + "#threshold", "0 ns");
         settingValues.put(EventNames.X509Validation + "#threshold", "0 ns");
         settingValues.put(EventNames.Deserialization + "#threshold", "0 ns");
+        settingValues.put(EventNames.SecurityProviderService + "#threshold", "0 ns");
 
         try (Recording recording = new Recording(c)) {
             Map<Long, EventType> eventTypes = new HashMap<>();

test/jdk/jdk/jfr/event/security/TestSecurityProviderServiceEvent.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.jfr.event.security;
+
+import java.security.*;
+import java.security.cert.CertPathBuilder;
+import java.util.Collections;
+import java.util.List;
+import java.util.function.*;
+
+import jdk.jfr.Recording;
+import jdk.jfr.consumer.RecordedEvent;
+import jdk.test.lib.Asserts;
+import jdk.test.lib.jfr.Events;
+import jdk.test.lib.jfr.EventNames;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+
+/*
+ * @test
+ * @bug 8254711
+ * @summary Add JFR events for security crypto algorithms
+ * @key jfr
+ * @requires vm.hasJFR
+ * @library /test/lib
+ * @modules jdk.jfr/jdk.jfr.events
+ * @run main/othervm jdk.jfr.event.security.TestSecurityProviderServiceEvent
+ */
+public class TestSecurityProviderServiceEvent {
+
+    public static void main(String[] args) throws Exception {
+        testAlg(cipherFunc, "AES", "SunJCE",
+                "SunEC", "Cipher", 1, Collections.emptyList());
+        testAlg(signatureFunc, "SHA256withRSA", "SunRsaSign",
+                "SunEC", "Signature", 2, List.of("MessageDigest"));
+        testAlg(messageDigestFunc, "SHA-512", "SUN",
+                "SunEC", "MessageDigest", 1, Collections.emptyList());
+        testAlg(keystoreFunc, "PKCS12", "SUN",
+                "SunEC", "KeyStore", 1, Collections.emptyList());
+        testAlg(certPathBuilderFunc, "PKIX", "SUN",
+                "SunEC", "CertPathBuilder", 2, List.of("CertificateFactory"));
+    }
+
+    private static void testAlg(BiFunction<String, String, Provider> bif, String alg,
+                String workingProv, String brokenProv, String algType,
+                                int expected, List<String> other) throws Exception {
+        // bootstrap security Provider services
+        Provider p =  bif.apply(alg, workingProv);
+
+        try (Recording recording = new Recording()) {
+            recording.enable(EventNames.SecurityProviderService);
+            recording.start();
+            p = bif.apply(alg, workingProv);
+            bif.apply(alg, brokenProv);
+            recording.stop();
+            List<RecordedEvent> events = Events.fromRecording(recording);
+            Asserts.assertEquals(events.size(), expected, "Incorrect number of events");
+            assertEvent(events, algType, alg, p.getName(), other);
+        }
+    }
+
+    private static BiFunction<String, String, Provider> cipherFunc = (s1, p1 ) -> {
+        Cipher c;
+        try {
+            c = Cipher.getInstance(s1, p1);
+            return c.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> signatureFunc = (s1, p1 ) -> {
+        Signature s;
+        try {
+            s = Signature.getInstance(s1, p1);
+            return s.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> messageDigestFunc = (s1, p1 ) -> {
+        MessageDigest md;
+        try {
+            md = MessageDigest.getInstance(s1, p1);
+            return md.getProvider();
+        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> keystoreFunc = (s1, p1 ) -> {
+        KeyStore ks;
+        try {
+            ks = KeyStore.getInstance(s1, p1);
+            return ks.getProvider();
+        } catch (NoSuchProviderException | KeyStoreException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static BiFunction<String, String, Provider> certPathBuilderFunc = (s1, p1 ) -> {
+        CertPathBuilder cps;
+        try {
+            cps = CertPathBuilder.getInstance(s1, p1);
+            return cps.getProvider();
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // expected
+        }
+        return null;
+    };
+
+    private static void assertEvent(List<RecordedEvent> events, String type,
+            String alg, String workingProv, List<String> other) {
+        boolean secondaryEventOK = other.isEmpty() ? true : false;
+        for (RecordedEvent e : events) {
+            if (other.contains(e.getValue("type"))) {
+                // secondary operation in service stack while constructing this request
+                secondaryEventOK = true;
+                continue;
+            }
+            Events.assertField(e, "provider").equal(workingProv);
+            Events.assertField(e, "type").equal(type);
+            Events.assertField(e, "algorithm").equal(alg);
+        }
+        if (!secondaryEventOK) {
+            throw new RuntimeException("Secondary events missing");
+        }
+
+    }
+}

test/lib/jdk/test/lib/jfr/EventNames.java

@@ -175,6 +175,7 @@ public class EventNames {
     public final static String X509Certificate = PREFIX + "X509Certificate";
     public final static String X509Validation = PREFIX + "X509Validation";
     public final static String SecurityProperty = PREFIX + "SecurityPropertyModification";
+    public final static String SecurityProviderService = PREFIX + "SecurityProviderService";
     public final static String Deserialization = PREFIX + "Deserialization";
 
     // Flight Recorder