Update according to code review

taoliult · taoliult · commit c1a78b7dd2d6 · 2025-11-17T11:09:46.000-05:00
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -107,8 +107,8 @@ public final class RestrictedSecurity {
 
         userEnabledFIPS = Boolean.getBoolean("semeru.fips");
         allowSetProperties = Boolean.getBoolean("semeru.fips.allowsetproperties");
-        suppressSunsetWarning = Boolean.getBoolean("semeru.restrictedsecurity.suppresssunsetwarning");
-        ignoreSunsetExpiration = Boolean.getBoolean("semeru.restrictedsecurity.ignoresunsetexpiration");
+        suppressSunsetWarning = getBooleanPropertyTreatEmptyAsTrue("semeru.restrictedsecurity.suppresssunsetwarning");
+        ignoreSunsetExpiration = getBooleanPropertyTreatEmptyAsTrue("semeru.restrictedsecurity.ignoresunsetexpiration");
 
         if (userEnabledFIPS) {
             if (isFIPSSupported) {
@@ -140,6 +140,19 @@ private RestrictedSecurity() {
         super();
     }
 
+    private static boolean getBooleanPropertyTreatEmptyAsTrue(String name) {
+        String systemProp = System.getProperty(name);
+        if (systemProp == null) {
+            return false;
+        }
+        if (systemProp.isEmpty()) {
+            // If set without a value (e.g., "-Dsemeru.restrictedsecurity.suppresssunsetwarning"),
+            // treat it as true and suppress the warning.
+            return true;
+        }
+        return Boolean.parseBoolean(systemProp);
+    }
+
     private static boolean isJarVerifierInStackTrace() {
         java.util.function.Predicate<Class<?>> isJarVerifier =
                 clazz -> "java.util.jar.JarVerifier".equals(clazz.getName())
diff --git a/closed/test/jdk/openj9/internal/security/TestPolicySunset.java b/closed/test/jdk/openj9/internal/security/TestPolicySunset.java
@@ -76,27 +76,32 @@ private static Stream<Arguments> patternMatches_expectedExitValue0() {
                 // 1 - expired; supress=false; ignore=true
                 Arguments.of("Test-Profile-PolicySunset-Expired",
                         propertyFile,
-                        "false", "true",
+                        "=false", "=true",
                         "WARNING: java will start with the requested restricted security profile but uncertified cryptography may be active"),
                 // 2 - expired; supress=true; ignore=true, no warning
                 Arguments.of("Test-Profile-PolicySunset-Expired",
                         propertyFile,
-                        "true", "true",
+                        "=true", "=true",
                         ""),
                 // 3 - expire soon (<=6 months); supress=false
                 Arguments.of("Test-Profile-PolicySunset-ExpireSoon",
                         updatedPropertyFile,
-                        "false", "false",
+                        "=false", "=false",
                         "The restricted security profile RestrictedSecurity.Test-Profile-PolicySunset-ExpireSoon will expire"),
                 // 4 - expire soon (<=6 months); supress=true, no warning
                 Arguments.of("Test-Profile-PolicySunset-ExpireSoon",
                         updatedPropertyFile,
-                        "true", "false",
+                        "=true", "=false",
                         ""),
                 // 5 - not expire (>6 months); no warning
                 Arguments.of("Test-Profile-PolicySunset-NotExpire",
                         propertyFile,
-                        "false", "false",
+                        "=false", "=false",
+                        ""),
+                // 6 - expired; property treat empty as true, no warning
+                Arguments.of("Test-Profile-PolicySunset-Expired",
+                        propertyFile,
+                        "", "" ,
                         ""));
     }
 
@@ -107,12 +112,12 @@ private static Stream<Arguments> patternMatches_expectedExitValue1() {
                 // 1 - expired; supress=false; ignore=false
                 Arguments.of("Test-Profile-PolicySunset-Expired",
                         propertyFile,
-                        "false", "false",
-                        "Use the -Dsemeru.restrictedsecurity.ignoresunsetexpiration to allow java to start while possibly using uncertified cryptography"),
+                        "=false", "=false",
+                        "Use -Dsemeru.restrictedsecurity.ignoresunsetexpiration to allow java to start while possibly using uncertified cryptography"),
                 // 2 - expired; supress=true; ignore=false, no warning
                 Arguments.of("Test-Profile-PolicySunset-Expired",
                         propertyFile,
-                        "true", "false",
+                        "=true", "=false",
                         ""));
     }
 
@@ -123,8 +128,8 @@ public void shouldContain_expectedExitValue0(String customprofile, String securi
                 "-Dsemeru.fips=true",
                 "-Dsemeru.customprofile=" + customprofile,
                 "-Djava.security.properties=" + securityPropertyFile,
-                "-Dsemeru.restrictedsecurity.suppresssunsetwarning=" + suppresssunsetwarning,
-                "-Dsemeru.restrictedsecurity.ignoresunsetexpiration=" + ignoresunsetexpiration,
+                "-Dsemeru.restrictedsecurity.suppresssunsetwarning" + suppresssunsetwarning,
+                "-Dsemeru.restrictedsecurity.ignoresunsetexpiration" + ignoresunsetexpiration,
                 "TestPolicySunset"
         );
         outputAnalyzer.reportDiagnosticSummary();
@@ -138,8 +143,8 @@ public void shouldContain_expectedExitValue1(String customprofile, String securi
                 "-Dsemeru.fips=true",
                 "-Dsemeru.customprofile=" + customprofile,
                 "-Djava.security.properties=" + securityPropertyFile,
-                "-Dsemeru.restrictedsecurity.suppresssunsetwarning=" + suppresssunsetwarning,
-                "-Dsemeru.restrictedsecurity.ignoresunsetexpiration=" + ignoresunsetexpiration,
+                "-Dsemeru.restrictedsecurity.suppresssunsetwarning" + suppresssunsetwarning,
+                "-Dsemeru.restrictedsecurity.ignoresunsetexpiration" + ignoresunsetexpiration,
                 "TestPolicySunset"
         );
         outputAnalyzer.reportDiagnosticSummary();
diff --git a/closed/test/jdk/openj9/internal/security/TestProperties.java b/closed/test/jdk/openj9/internal/security/TestProperties.java
@@ -119,7 +119,7 @@ private static Stream<Arguments> patternMatches_expectedExitValue1() {
                 // 15 - Test property - policy sunset.
                 Arguments.of("Test-Profile-PolicySunset.Base",
                         System.getProperty("test.src") + "/property-java.security",
-                        "Use the -Dsemeru.restrictedsecurity.ignoresunsetexpiration to allow java to start while possibly using uncertified cryptography"),
+                        "Use -Dsemeru.restrictedsecurity.ignoresunsetexpiration to allow java to start while possibly using uncertified cryptography"),
                 // 16 - Test property - policy sunset format.
                 Arguments.of("Test-Profile-PolicySunsetFormat.Base",
                         System.getProperty("test.src") + "/property-java.security",
