opensearch-project · reta · Oct 29, 2025 · Oct 29, 2025
@@ -8,52 +8,39 @@
 
 package org.opensearch.tools.cli.fips.truststore;
 
+import org.opensearch.cli.SuppressForbidden;
 import org.opensearch.test.OpenSearchTestCase;
-import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.rules.TemporaryFolder;
 
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Writer;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
-import java.util.Comparator;
 import java.util.function.Consumer;
-import java.util.stream.Stream;
 
 import picocli.CommandLine;
 
 public class CreateFipsTrustStoreTests extends OpenSearchTestCase {
+    @ClassRule
+    public static TemporaryFolder tempFolder = new TemporaryFolder();
 
     private static final Path JAVA_HOME = Path.of(System.getProperty("java.home"));
-    private static Path sharedTempDir;
+    private static Path confDir;
 
     private CommandLine.Model.CommandSpec spec;
 
     @BeforeClass
+    @SuppressForbidden(reason = "the java.io.File is exposed by TemporaryFolder")
     public static void setUpClass() throws IOException {
-        sharedTempDir = Files.createTempDirectory(Path.of(System.getProperty("java.io.tmpdir")), "fips-test-");
-        Path confDir = sharedTempDir.resolve("config");
+        confDir = tempFolder.newFolder().toPath().resolve("config");
         Files.createDirectories(confDir);
     }
 
-    @AfterClass
-    public static void tearDownClass() throws IOException {
-        if (sharedTempDir != null && Files.exists(sharedTempDir)) {
-            try (Stream<Path> walk = Files.walk(sharedTempDir)) {
-                walk.sorted(Comparator.reverseOrder()).forEach(path -> {
-                    try {
-                        Files.delete(path);
-                    } catch (Exception e) {
-                        // Ignore
-                    }
-                });
-            }
-        }
-    }
-
     @Before
     public void setUp() throws Exception {
         super.setUp();
@@ -67,7 +54,6 @@ class DummyCommand {}
         spec = commandLine.getCommandSpec();
 
         // Clean up any existing truststore file from previous tests
-        Path confDir = sharedTempDir.resolve("config");
         Path trustStorePath = confDir.resolve("opensearch-fips-truststore.bcfks");
         if (Files.exists(trustStorePath)) {
             Files.delete(trustStorePath);
@@ -150,10 +136,9 @@ public void testConvertToBCFKS() throws Exception {
         CommonOptions options = new CommonOptions();
         options.force = false;
         String password = "testPassword123";
-        Path confPath = sharedTempDir.resolve("config");
 
         // when
-        Path result = CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confPath);
+        Path result = CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confDir);
 
         // then
         assertNotNull(result);
@@ -181,16 +166,15 @@ public void testConvertToBCFKSFileExistsWithoutForce() throws Exception {
         String password = "testPassword123";
 
         // Create file first to simulate existing truststore
-        Path confPath = sharedTempDir.resolve("config");
-        Path trustStorePath = confPath.resolve("opensearch-fips-truststore.bcfks");
+        Path trustStorePath = confDir.resolve("opensearch-fips-truststore.bcfks");
         Files.createFile(trustStorePath);
 
         assertTrue("Test setup: file should exist", Files.exists(trustStorePath));
 
         // when/then
         RuntimeException exception = expectThrows(
             RuntimeException.class,
-            () -> CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confPath)
+            () -> CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confDir)
         );
         assertEquals("Operation cancelled. Trust store file already exists.", exception.getMessage());
     }
@@ -207,14 +191,13 @@ public void testConvertToBCFKSFileExistsWithForce() throws Exception {
         String password = "testPassword123";
 
         // Create file first
-        Path confPath = sharedTempDir.resolve("config");
-        Path trustStorePath = confPath.resolve("opensearch-fips-truststore.bcfks");
+        Path trustStorePath = confDir.resolve("opensearch-fips-truststore.bcfks");
         Files.createFile(trustStorePath);
 
         assertTrue(Files.exists(trustStorePath));
 
         // when
-        Path result = CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confPath);
+        Path result = CreateFipsTrustStore.convertToBCFKS(spec, sourceKeyStore, options, password, confDir);
 
         // then
         assertNotNull(result);

@@ -13,6 +13,8 @@
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.rules.TemporaryFolder;
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
@@ -24,32 +26,24 @@
 import picocli.CommandLine;
 
 public abstract class FipsTrustStoreCommandTestCase extends OpenSearchTestCase {
+    @ClassRule
+    public static TemporaryFolder tempFolder = new TemporaryFolder();
 
     protected StringWriter outputCapture;
     protected StringWriter errorCapture;
     protected CommandLine commandLine;
     protected static Path sharedTempDir;
 
     @BeforeClass
+    @SuppressForbidden(reason = "the java.io.File is exposed by TemporaryFolder")
     static void setUpClass() throws Exception {
-        sharedTempDir = Files.createTempDirectory(Path.of(System.getProperty("java.io.tmpdir")), "system-command-test-");
+        sharedTempDir = tempFolder.newFolder().toPath();
         setProperties();
     }
 
     @AfterClass
     static void tearDownClass() throws Exception {
         clearProperties();
-        if (sharedTempDir != null && Files.exists(sharedTempDir)) {
-            try (var walk = Files.walk(sharedTempDir)) {
-                walk.sorted(java.util.Comparator.reverseOrder()).forEach(path -> {
-                    try {
-                        Files.delete(path);
-                    } catch (Exception e) {
-                        // Ignore
-                    }
-                });
-            }
-        }
     }
 
     @SuppressForbidden(reason = "set system properties as part of test setup")

@@ -8,9 +8,10 @@
 
 package org.opensearch.tools.cli.fips.truststore;
 
+import org.opensearch.cli.SuppressForbidden;
 import org.opensearch.test.OpenSearchTestCase;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.rules.TemporaryFolder;
 
 import java.io.ByteArrayInputStream;
 import java.io.PrintWriter;
@@ -27,34 +28,15 @@
 import static org.opensearch.tools.cli.fips.truststore.ConfigureSystemTrustStore.findPKCS11ProviderService;
 
 public class TrustStoreServiceTests extends OpenSearchTestCase {
-
-    private static Path sharedTempDir;
+    @ClassRule
+    public static TemporaryFolder tempFolder = new TemporaryFolder();
 
     private CommandLine.Model.CommandSpec spec;
     private StringWriter outputCapture;
     private Path confPath;
 
-    @BeforeClass
-    public static void setUpClass() throws Exception {
-        sharedTempDir = Files.createTempDirectory(Path.of(System.getProperty("java.io.tmpdir")), "truststore-test-");
-    }
-
-    @AfterClass
-    public static void tearDownClass() throws Exception {
-        if (sharedTempDir != null && Files.exists(sharedTempDir)) {
-            try (var walk = Files.walk(sharedTempDir)) {
-                walk.sorted(java.util.Comparator.reverseOrder()).forEach(path -> {
-                    try {
-                        Files.delete(path);
-                    } catch (Exception e) {
-                        // Ignore
-                    }
-                });
-            }
-        }
-    }
-
     @Override
+    @SuppressForbidden(reason = "the java.io.File is exposed by TemporaryFolder")
     public void setUp() throws Exception {
         super.setUp();
         outputCapture = new StringWriter();
@@ -66,7 +48,7 @@ class TestCommand {}
         commandLine.setOut(new PrintWriter(outputCapture, true));
         spec = commandLine.getCommandSpec();
 
-        confPath = Files.createTempDirectory(sharedTempDir, "conf-");
+        confPath = Files.createTempDirectory(tempFolder.newFolder().toPath(), "conf-");
     }
 
     public void testUseSystemTrustStoreUserCancels() {

@@ -8,24 +8,24 @@
 
 package org.opensearch.bootstrap;
 
+import org.opensearch.cli.SuppressForbidden;
 import org.opensearch.common.util.io.IOUtils;
 import org.opensearch.test.OpenSearchTestCase;
+import org.junit.Rule;
+import org.junit.rules.TemporaryFolder;
 
+import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.attribute.PosixFilePermissions;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 
+@SuppressForbidden(reason = "the java.io.File is exposed by TemporaryFolder")
 public class FipsTrustStoreValidatorTests extends OpenSearchTestCase {
 
-    private Path tempDir;
-
-    @Override
-    public void setUp() throws Exception {
-        super.setUp();
-        tempDir = createTempDir();
-    }
+    @Rule
+    public TemporaryFolder tempDir = new TemporaryFolder();
 
     public void testTrustStoreWithoutConfiguration() throws Exception {
         var exception = expectThrows(IllegalStateException.class, () -> FipsTrustStoreValidator.validate("", "", "", ""));
@@ -60,7 +60,7 @@ public void testValidateAcceptsBCFKSType() throws Exception {
     public void testBCFKSEmptyTrustStoreWarning() throws Exception {
         assumeTrue("Should only run when BCFIPS provider is installed.", inFipsJvm());
 
-        var trustStorePath = tempDir.resolve("empty_trust_store.bcfks");
+        var trustStorePath = tempDir.newFolder().toPath().resolve("empty_trust_store.bcfks");
         var password = "testPassword";
 
         var keyStore = java.security.KeyStore.getInstance("BCFKS", "BCFIPS");
@@ -141,8 +141,8 @@ public void testPKCS11WithMissingProperties() {
         }
     }
 
-    public void testFileDoesNotExist() {
-        var nonExistentPath = tempDir.resolve("non-existent-truststore.p12");
+    public void testFileDoesNotExist() throws IOException {
+        var nonExistentPath = tempDir.newFolder().toPath().resolve("non-existent-truststore.p12");
 
         var exception = expectThrows(
             IllegalStateException.class,
@@ -154,7 +154,7 @@ public void testFileDoesNotExist() {
     }
 
     public void testEmptyTrustStore() throws Exception {
-        var emptyFile = tempDir.resolve("empty-truststore.p12");
+        var emptyFile = tempDir.newFolder().toPath().resolve("empty-truststore.p12");
         Files.createFile(emptyFile);
 
         var exception = expectThrows(
@@ -187,7 +187,7 @@ public void testWithoutReadPermission() throws Exception {
     }
 
     public void testTrustStoreWithInvalidProvider() throws Exception {
-        var trustStorePath = tempDir.resolve("test-truststore.bcfks");
+        var trustStorePath = tempDir.newFolder().toPath().resolve("test-truststore.bcfks");
         var password = "changeit";
         Files.write(trustStorePath, new byte[100]); // Create a dummy file
 
@@ -201,7 +201,7 @@ public void testTrustStoreWithInvalidProvider() throws Exception {
     }
 
     public void testWithWrongProvider() throws Exception {
-        var trustStorePath = tempDir.resolve("test-truststore.bcfks");
+        var trustStorePath = tempDir.newFolder().toPath().resolve("test-truststore.bcfks");
         Files.write(trustStorePath, new byte[100]); // Create a dummy file
 
         var exception = expectThrows(