Clean up AccessController with Exception disambiguation (#5815)

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Author: cwperks

src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java

@@ -29,16 +29,7 @@ public class SamlFilesystemMetadataResolver extends FilesystemMetadataResolver {
 
     @Override
     protected byte[] fetchMetadata() throws ResolverException {
-        try {
-            return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata);
-        } catch (Exception e) {
-
-            if (e instanceof ResolverException) {
-                throw (ResolverException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata);
     }
 
     private static File getMetadataFile(String filePath, Settings settings, Path configPath) {

src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java

@@ -37,15 +37,7 @@ public class SamlHTTPMetadataResolver extends HTTPMetadataResolver {
 
     @Override
     protected byte[] fetchMetadata() throws ResolverException {
-        try {
-            return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata);
-        } catch (Exception e) {
-            if (e instanceof ResolverException) {
-                throw (ResolverException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata);
     }
 
     private static SettingsBasedSSLConfiguratorV4.SSLConfig getSSLConfig(Settings settings, Path configPath) throws Exception {

src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java

@@ -66,14 +66,8 @@ public static List<LdapEntry> search(
 
                 return entries;
             });
-        } catch (Exception e) {
-            if (e instanceof LdapException) {
-                throw (LdapException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
+        } catch (InvalidNameException e) {
+            throw new RuntimeException(e);
         }
     }
 

src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java

@@ -87,17 +87,7 @@ public LDAPAuthenticationBackend2(final Settings settings, final Path configPath
 
     @Override
     public User authenticate(AuthenticationContext context) throws OpenSearchSecurityException {
-        try {
-            return AccessController.doPrivilegedChecked(() -> authenticate0(context));
-        } catch (Exception e) {
-            if (e instanceof OpenSearchSecurityException) {
-                throw (OpenSearchSecurityException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(() -> authenticate0(context));
     }
 
     private User authenticate0(AuthenticationContext context) throws OpenSearchSecurityException {
@@ -217,19 +207,7 @@ public Optional<User> impersonate(User user) {
     }
 
     private void authenticateByLdapServer(final Connection connection, final String dn, byte[] password) throws LdapException {
-        try {
-            AccessController.doPrivilegedChecked(
-                () -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password)))
-            );
-        } catch (Exception e) {
-            if (e instanceof LdapException) {
-                throw (LdapException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        AccessController.doPrivilegedChecked(() -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password))));
     }
 
     private void authenticateByLdapServerWithSeparateConnection(final String dn, byte[] password) throws LdapException {

src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java

@@ -120,17 +120,7 @@ private static List<Map.Entry<String, Settings>> convertOldStyleSettingsToNewSty
 
     @Override
     public User addRoles(final User user, AuthenticationContext context) throws OpenSearchSecurityException {
-        try {
-            return AccessController.doPrivilegedChecked(() -> addRoles0(user, context));
-        } catch (Exception e) {
-            if (e instanceof OpenSearchSecurityException) {
-                throw (OpenSearchSecurityException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(() -> addRoles0(user, context));
     }
 
     private User addRoles0(final User user, AuthenticationContext context) throws OpenSearchSecurityException {

src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java

@@ -27,12 +27,7 @@ static ClassLoader getClassLoader() {
         }
 
         if (classLoader == null) {
-
-            try {
-                return AccessController.doPrivilegedChecked(() -> new Java9CL());
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
+            return AccessController.doPrivilegedChecked(() -> new Java9CL());
         }
 
         return classLoader;

src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java

@@ -78,17 +78,7 @@ public JndiProviderConfig getProviderConfig() {
 
         @Override
         public ProviderConnection create() throws LdapException {
-            try {
-                return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig()));
-            } catch (Exception e) {
-                if (e instanceof LdapException) {
-                    throw (LdapException) e;
-                } else if (e instanceof RuntimeException) {
-                    throw (RuntimeException) e;
-                } else {
-                    throw new RuntimeException(e);
-                }
-            }
+            return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig()));
         }
 
     }
@@ -103,30 +93,20 @@ public PrivilegedProviderConnection(ProviderConnection delegate, JndiProviderCon
         }
 
         public Response<Void> bind(BindRequest request) throws LdapException {
-            try {
-                return AccessController.doPrivilegedChecked(() -> {
-                    if (jndiProviderConfig.getClassLoader() != null) {
-                        ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();
-
-                        try {
-                            Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader());
-                            return delegate.bind(request);
-                        } finally {
-                            Thread.currentThread().setContextClassLoader(originalClassLoader);
-                        }
-                    } else {
+            return AccessController.doPrivilegedChecked(() -> {
+                if (jndiProviderConfig.getClassLoader() != null) {
+                    ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();
+
+                    try {
+                        Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader());
                         return delegate.bind(request);
+                    } finally {
+                        Thread.currentThread().setContextClassLoader(originalClassLoader);
                     }
-                });
-            } catch (Exception e) {
-                if (e instanceof LdapException) {
-                    throw (LdapException) e;
-                } else if (e instanceof RuntimeException) {
-                    throw (RuntimeException) e;
                 } else {
-                    throw new RuntimeException(e);
+                    return delegate.bind(request);
                 }
-            }
+            });
         }
 
         public Response<Void> add(AddRequest request) throws LdapException {

src/main/java/org/opensearch/security/dlic/rest/support/Utils.java

@@ -20,7 +20,6 @@
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
-import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -149,34 +148,12 @@ public static JsonNode convertJsonToJackson(ToXContent jsonContent, boolean omit
     }
 
     public static byte[] jsonMapToByteArray(Map<String, Object> jsonAsMap) throws IOException {
-
-        try {
-            return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap));
-        } catch (final Exception e) {
-            if (e instanceof JsonProcessingException) {
-                throw (JsonProcessingException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap));
     }
 
     public static Map<String, Object> byteArrayToMutableJsonMap(byte[] jsonBytes) throws IOException {
-
-        try {
-            return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference<Map<String, Object>>() {
-            }));
-        } catch (final Exception e) {
-            if (e instanceof IOException) {
-                throw (IOException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
-            } else {
-                throw new RuntimeException(e);
-            }
-        }
+        return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference<Map<String, Object>>() {
+        }));
     }
 
     /**

src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java

@@ -870,24 +870,15 @@ private SslContext buildSSLServerContext(
         final SslProvider sslProvider,
         final ClientAuth authMode
     ) throws SSLException {
+        final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
+            () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode)
+        );
 
-        try {
-            final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
-                () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode)
-            );
-
-            if (_trustedCerts != null && _trustedCerts.length > 0) {
-                _sslContextBuilder.trustManager(_trustedCerts);
-            }
-
-            return buildSSLContext0(_sslContextBuilder);
-        } catch (final Exception e) {
-            if (e.getCause() instanceof SSLException) {
-                throw (SSLException) e.getCause();
-            } else {
-                throw new RuntimeException(e);
-            }
+        if (_trustedCerts != null && _trustedCerts.length > 0) {
+            _sslContextBuilder.trustManager(_trustedCerts);
         }
+
+        return buildSSLContext0(_sslContextBuilder);
     }
 
     private SslContext buildSSLServerContext(
@@ -899,23 +890,15 @@ private SslContext buildSSLServerContext(
         final SslProvider sslProvider,
         final ClientAuth authMode
     ) throws SSLException {
-        try {
-            final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
-                () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode)
-            );
-
-            if (_trustedCerts != null) {
-                _sslContextBuilder.trustManager(_trustedCerts);
-            }
+        final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked(
+            () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode)
+        );
 
-            return buildSSLContext0(_sslContextBuilder);
-        } catch (final Exception e) {
-            if (e.getCause() instanceof SSLException) {
-                throw (SSLException) e.getCause();
-            } else {
-                throw new RuntimeException(e);
-            }
+        if (_trustedCerts != null) {
+            _sslContextBuilder.trustManager(_trustedCerts);
         }
+
+        return buildSSLContext0(_sslContextBuilder);
     }
 
     private SslContextBuilder configureSSLServerContextBuilder(

src/main/java/org/opensearch/security/ssl/SslConfiguration.java

@@ -19,6 +19,7 @@
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
 import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManagerFactory;
 import javax.security.auth.x500.X500Principal;
 
@@ -117,7 +118,7 @@ SslContext buildServerSslContext(final boolean validateCertificates) {
                     .trustManager(trustStoreConfiguration.createTrustManagerFactory(validateCertificates, issuerDns))
                     .build();
             });
-        } catch (Exception e) {
+        } catch (SSLException e) {
             throw new OpenSearchException("Failed to build server SSL context", e);
         }
     }