8285263: Minor cleanup could be done in java.security

Reviewed-by: weijun

src/java.base/share/classes/java/security/AlgorithmConstraints.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,12 +61,12 @@ public interface AlgorithmConstraints {
      *     parameters
      *
      * @return true if the algorithm is permitted and can be used for all
-     *     of the specified cryptographic primitives
+     *     the specified cryptographic primitives
      *
      * @throws IllegalArgumentException if primitives or algorithm is null
      *     or empty
      */
-    public boolean permits(Set<CryptoPrimitive> primitives,
+    boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters);
 
     /**
@@ -78,13 +78,13 @@ public interface AlgorithmConstraints {
      * @param primitives a set of cryptographic primitives
      * @param key the key
      *
-     * @return true if the key can be used for all of the specified
+     * @return true if the key can be used for all the specified
      *     cryptographic primitives
      *
      * @throws IllegalArgumentException if primitives is null or empty,
      *     or the key is null
      */
-    public boolean permits(Set<CryptoPrimitive> primitives, Key key);
+    boolean permits(Set<CryptoPrimitive> primitives, Key key);
 
     /**
      * Determines whether an algorithm and the corresponding key are granted
@@ -96,13 +96,13 @@ public interface AlgorithmConstraints {
      * @param parameters the algorithm parameters, or null if no additional
      *     parameters
      *
-     * @return true if the key and the algorithm can be used for all of the
+     * @return true if the key and the algorithm can be used for all the
      *     specified cryptographic primitives
      *
      * @throws IllegalArgumentException if primitives or algorithm is null
      *     or empty, or the key is null
      */
-    public boolean permits(Set<CryptoPrimitive> primitives,
+    boolean permits(Set<CryptoPrimitive> primitives,
                 String algorithm, Key key, AlgorithmParameters parameters);
 
 }

src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -99,13 +99,13 @@ import sun.security.jca.JCAUtil;
 public class AlgorithmParameterGenerator {
 
     // The provider
-    private Provider provider;
+    private final Provider provider;
 
     // The provider implementation (delegate)
-    private AlgorithmParameterGeneratorSpi paramGenSpi;
+    private final AlgorithmParameterGeneratorSpi paramGenSpi;
 
     // The algorithm
-    private String algorithm;
+    private final String algorithm;
 
     /**
      * Creates an AlgorithmParameterGenerator object.
@@ -150,7 +150,7 @@ public class AlgorithmParameterGenerator {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the algorithm this

src/java.base/share/classes/java/security/AlgorithmParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -75,13 +75,13 @@ import java.util.Objects;
 public class AlgorithmParameters {
 
     // The provider
-    private Provider provider;
+    private final Provider provider;
 
     // The provider implementation (delegate)
-    private AlgorithmParametersSpi paramSpi;
+    private final AlgorithmParametersSpi paramSpi;
 
     // The algorithm
-    private String algorithm;
+    private final String algorithm;
 
     // Has this object been initialized?
     private boolean initialized = false;
@@ -131,7 +131,7 @@ public class AlgorithmParameters {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the algorithm requested.
@@ -342,7 +342,7 @@ public class AlgorithmParameters {
      * parameters should be returned in an instance of the
      * {@code DSAParameterSpec} class.
      *
-     * @param <T> the type of the parameter specification to be returrned
+     * @param <T> the type of the parameter specification to be returned
      * @param paramSpec the specification class in which
      * the parameters should be returned.
      *
@@ -356,7 +356,7 @@ public class AlgorithmParameters {
         T getParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException
     {
-        if (this.initialized == false) {
+        if (!this.initialized) {
             throw new InvalidParameterSpecException("not initialized");
         }
         return paramSpi.engineGetParameterSpec(paramSpec);
@@ -374,7 +374,7 @@ public class AlgorithmParameters {
      */
     public final byte[] getEncoded() throws IOException
     {
-        if (this.initialized == false) {
+        if (!this.initialized) {
             throw new IOException("not initialized");
         }
         return paramSpi.engineGetEncoded();
@@ -396,7 +396,7 @@ public class AlgorithmParameters {
      */
     public final byte[] getEncoded(String format) throws IOException
     {
-        if (this.initialized == false) {
+        if (!this.initialized) {
             throw new IOException("not initialized");
         }
         return paramSpi.engineGetEncoded(format);
@@ -409,7 +409,7 @@ public class AlgorithmParameters {
      * parameter object has not been initialized.
      */
     public final String toString() {
-        if (this.initialized == false) {
+        if (!this.initialized) {
             return null;
         }
         return paramSpi.engineToString();

src/java.base/share/classes/java/security/AllPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,10 @@
 
 package java.security;
 
-import java.security.*;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
 import sun.security.util.SecurityConstants;
 
+import java.util.Enumeration;
+
 /**
  * The AllPermission is a permission that implies all other permissions.
  * <p>

src/java.base/share/classes/java/security/BasicPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import java.util.concurrent.ConcurrentHashMap;
  * <P>
  * The name for a BasicPermission is the name of the given permission
  * (for example, "exit",
- * "setFactory", "print.queueJob", etc). The naming
+ * "setFactory", "print.queueJob", etc.). The naming
  * convention follows the  hierarchical property naming convention.
  * An asterisk may appear by itself, or if immediately preceded by a "."
  * may appear at the end of the name, to signify a wildcard match.

src/java.base/share/classes/java/security/CodeSigner.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,14 +46,14 @@ public final class CodeSigner implements Serializable {
      *
      * @serial
      */
-    private CertPath signerCertPath;
+    private final CertPath signerCertPath;
 
     /**
      * The signature timestamp.
      *
      * @serial
      */
-    private Timestamp timestamp;
+    private final Timestamp timestamp;
 
     /*
      * Hash code for this code signer.
@@ -126,7 +126,7 @@ public final class CodeSigner implements Serializable {
      * @return true if the objects are considered equal, false otherwise.
      */
     public boolean equals(Object obj) {
-        if (obj == null || (!(obj instanceof CodeSigner that))) {
+        if ((!(obj instanceof CodeSigner that))) {
             return false;
         }
 
@@ -139,8 +139,7 @@ public final class CodeSigner implements Serializable {
                 return false;
             }
         } else {
-            if (thatTimestamp == null ||
+            if ((!timestamp.equals(thatTimestamp))) {
-                (! timestamp.equals(thatTimestamp))) {
                 return false;
             }
         }

src/java.base/share/classes/java/security/CodeSource.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@ public class CodeSource implements java.io.Serializable {
 
     /**
      * A String form of the URL for use as a key in HashMaps/Sets. The String
-     * form should be behave in the same manner as the URL when compared for
+     * form should behave in the same manner as the URL when compared for
      * equality in a HashMap/Set, except that no nameservice lookup is done
      * on the hostname (only string comparison), and the fragment is not
      * considered.
@@ -211,7 +211,7 @@ public class CodeSource implements java.io.Serializable {
                     signers[i].getSignerCertPath().getCertificates());
             }
             certs = certChains.toArray(
-                        new java.security.cert.Certificate[certChains.size()]);
+                    new java.security.cert.Certificate[0]);
             return certs.clone();
 
         } else {
@@ -330,7 +330,7 @@ public class CodeSource implements java.io.Serializable {
      *
      * @param that the CodeSource to check against.
      * @param strict if true then a strict equality match is performed.
-     *               Otherwise a subset match is performed.
+     *               Otherwise, a subset match is performed.
      */
     boolean matchCerts(CodeSource that, boolean strict)
     {
@@ -461,9 +461,7 @@ public class CodeSource implements java.io.Serializable {
                 if (that.sp == null) {
                     that.sp = new SocketPermission(thatHost, "resolve");
                 }
-                if (!this.sp.implies(that.sp)) {
+                return this.sp.implies(that.sp);
-                    return false;
-                }
             }
         }
         // everything matches
@@ -570,7 +568,7 @@ public class CodeSource implements java.io.Serializable {
             // we know of 3 different cert types: X.509, PGP, SDSI, which
             // could all be present in the stream at the same time
             cfs = new Hashtable<>(3);
-            certList = new ArrayList<>(size > 20 ? 20 : size);
+            certList = new ArrayList<>(Math.min(size, 20));
         } else if (size < 0) {
             throw new IOException("size cannot be negative");
         }
@@ -665,7 +663,7 @@ public class CodeSource implements java.io.Serializable {
             if (signers.isEmpty()) {
                 return null;
             } else {
-                return signers.toArray(new CodeSigner[signers.size()]);
+                return signers.toArray(new CodeSigner[0]);
             }
 
         } catch (CertificateException e) {

src/java.base/share/classes/java/security/DigestInputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,9 @@
 
 package java.security;
 
-import java.io.IOException;
-import java.io.EOFException;
-import java.io.InputStream;
 import java.io.FilterInputStream;
-import java.io.PrintStream;
+import java.io.IOException;
-import java.io.ByteArrayInputStream;
+import java.io.InputStream;
 
 /**
  * A transparent stream that updates the associated message digest using

src/java.base/share/classes/java/security/DigestOutputStream.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,9 @@
 
 package java.security;
 
-import java.io.IOException;
-import java.io.EOFException;
-import java.io.OutputStream;
 import java.io.FilterOutputStream;
-import java.io.PrintStream;
+import java.io.IOException;
-import java.io.ByteArrayOutputStream;
+import java.io.OutputStream;
 
 /**
  * A transparent stream that updates the associated message digest using

src/java.base/share/classes/java/security/DomainLoadStoreParameter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,7 @@ import static java.security.KeyStore.*;
  * and {@code property} is a key/value pairing. The key and value are
  * separated by an 'equals' symbol and the value is enclosed in double
  * quotes. A property value may be either a printable string or a binary
- * string of colon-separated pairs of hexadecimal digits. Multi-valued
+ * string of colon-separated pairs of hexadecimal digits. Multivalued
  * properties are represented as a comma-separated list of values,
  * enclosed in square brackets.
  * See {@link Arrays#toString(java.lang.Object[])}.

src/java.base/share/classes/java/security/DrbgParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
 
 package java.security;
 
+import java.util.Arrays;
 import java.util.Locale;
 import java.util.Objects;
 
@@ -403,7 +404,7 @@ public class DrbgParameters {
         @Override
         public String toString() {
             // I don't care what personalizationString looks like
-            return strength + "," + capability + "," + personalizationString;
+            return strength + "," + capability + "," + Arrays.toString(personalizationString);
         }
     }
 

src/java.base/share/classes/java/security/Guard.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ package java.security;
  * <p>This interface contains a single method, {@code checkGuard},
  * with a single {@code object} argument. {@code checkGuard} is
  * invoked (by the GuardedObject {@code getObject} method)
- * to determine whether or not to allow access to the object.
+ * to determine whether to allow access to the object.
  *
  * @see GuardedObject
  *
@@ -44,7 +44,7 @@ package java.security;
 public interface Guard {
 
     /**
-     * Determines whether or not to allow access to the guarded object
+     * Determines whether to allow access to the guarded object
      * {@code object}. Returns silently if access is allowed.
      * Otherwise, throws a SecurityException.
      *

src/java.base/share/classes/java/security/GuardedObject.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,13 +58,13 @@ public class GuardedObject implements java.io.Serializable {
      * The object we are guarding.
      */
     @SuppressWarnings("serial") // Not statically typed as Serializable
-    private Object object;
+    private final Object object;
 
     /**
      * The guard object.
      */
     @SuppressWarnings("serial") // Not statically typed as Serializable
-    private Guard guard;
+    private final Guard guard;
 
     /**
      * Constructs a GuardedObject using the specified object and guard.

src/java.base/share/classes/java/security/InvalidKeyException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@ package java.security;
 
 /**
  * This is the exception for invalid Keys (invalid encoding, wrong
- * length, uninitialized, etc).
+ * length, uninitialized, etc.).
  *
  * @author Benjamin Renaud
  * @since 1.1

src/java.base/share/classes/java/security/Key.java

@@ -113,7 +113,7 @@ public interface Key extends java.io.Serializable {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 6603384152749567654L;
+   long serialVersionUID = 6603384152749567654L;
 
     /**
      * Returns the standard algorithm name for this key. For
@@ -126,7 +126,7 @@ public interface Key extends java.io.Serializable {
      *
      * @return the name of the algorithm associated with this key.
      */
-    public String getAlgorithm();
+    String getAlgorithm();
 
     /**
      * Returns the name of the primary encoding format of this key,
@@ -145,7 +145,7 @@ public interface Key extends java.io.Serializable {
      *
      * @return the primary encoding format of the key.
      */
-    public String getFormat();
+    String getFormat();
 
     /**
      * Returns the key in its primary encoding format, or null
@@ -154,5 +154,5 @@ public interface Key extends java.io.Serializable {
      * @return the encoded key, or null if the key does not support
      * encoding.
      */
-    public byte[] getEncoded();
+    byte[] getEncoded();
 }

src/java.base/share/classes/java/security/KeyFactory.java

@@ -41,7 +41,7 @@ import sun.security.jca.GetInstance.Instance;
  * (transparent representations of the underlying key material), and vice
  * versa.
  *
- * <P> Key factories are bi-directional. That is, they allow you to build an
+ * <P> Key factories are bidirectional. That is, they allow you to build an
  * opaque key object from a given key specification (key material), or to
  * retrieve the underlying key material of a key object in a suitable format.
  *
@@ -158,7 +158,7 @@ public class KeyFactory {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the requested key algorithm.

src/java.base/share/classes/java/security/KeyFactorySpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import java.security.spec.InvalidKeySpecException;
  * (transparent representations of the underlying key material), and vice
  * versa.
  *
- * <P> Key factories are bi-directional. That is, they allow you to build an
+ * <P> Key factories are bidirectional. That is, they allow you to build an
  * opaque key object from a given key specification (key material), or to
  * retrieve the underlying key material of a key object in a suitable format.
  *

src/java.base/share/classes/java/security/KeyPair.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 
 package java.security;
 
-import java.util.*;
-
 /**
  * This class is a simple holder for a key pair (a public key and a
  * private key). It does not enforce any security, and, when initialized,
@@ -45,10 +43,10 @@ public final class KeyPair implements java.io.Serializable {
     private static final long serialVersionUID = -7565189502268009837L;
 
     /** The private key. */
-    private PrivateKey privateKey;
+    private final PrivateKey privateKey;
 
     /** The public key. */
-    private PublicKey publicKey;
+    private final PublicKey publicKey;
 
     /**
      * Constructs a key pair from the given public key and private key.

src/java.base/share/classes/java/security/KeyPairGenerator.java

@@ -207,7 +207,7 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the standard string name of the algorithm.
@@ -232,7 +232,7 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
         List<Service> list =
                 GetInstance.getServices("KeyPairGenerator", algorithm);
         Iterator<Service> t = list.iterator();
-        if (t.hasNext() == false) {
+        if (!t.hasNext()) {
             throw new NoSuchAlgorithmException
                 (algorithm + " KeyPairGenerator not available");
         }

src/java.base/share/classes/java/security/KeyRep.java

@@ -25,15 +25,13 @@
 
 package java.security;
 
-import java.io.*;
+import javax.crypto.spec.SecretKeySpec;
-import java.util.Locale;
+import java.io.NotSerializableException;
-
+import java.io.ObjectStreamException;
+import java.io.Serializable;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
-import java.security.spec.InvalidKeySpecException;
+import java.util.Locale;
-
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.SecretKeySpec;
 
 /**
  * Standardized representation for serialized Key objects.
@@ -65,7 +63,7 @@ public class KeyRep implements Serializable {
      *
      * @since 1.5
      */
-    public static enum Type {
+    public enum Type {
 
         /** Type for secret keys. */
         SECRET,
@@ -87,28 +85,28 @@ public class KeyRep implements Serializable {
      *
      * @serial
      */
-    private Type type;
+    private final Type type;
 
     /**
      * The Key algorithm
      *
      * @serial
      */
-    private String algorithm;
+    private final String algorithm;
 
     /**
      * The Key encoding format
      *
      * @serial
      */
-    private String format;
+    private final String format;
 
     /**
      * The encoded Key bytes
      *
      * @serial
      */
-    private byte[] encoded;
+    private final byte[] encoded;
 
     /**
      * Construct the alternate Key class.

src/java.base/share/classes/java/security/KeyStore.java

@@ -79,7 +79,7 @@ import sun.security.util.Debug;
  * itself. For example, the entity may authenticate itself using different
  * certificate authorities, or using different public key algorithms.
  *
- * <p> Whether aliases are case sensitive is implementation dependent. In order
+ * <p> Whether aliases are case-sensitive is implementation dependent. In order
  * to avoid problems, it is recommended not to use aliases in a KeyStore that
  * only differ in case.
  *
@@ -211,13 +211,13 @@ public class KeyStore {
     private static final String KEYSTORE_TYPE = "keystore.type";
 
     // The keystore type
-    private String type;
+    private final String type;
 
     // The provider
-    private Provider provider;
+    private final Provider provider;
 
     // The provider implementation
-    private KeyStoreSpi keyStoreSpi;
+    private final KeyStoreSpi keyStoreSpi;
 
     // Has this keystore been initialized (loaded)?
     private boolean initialized;
@@ -231,13 +231,13 @@ public class KeyStore {
      *
      * @since 1.5
      */
-    public static interface LoadStoreParameter {
+    public interface LoadStoreParameter {
         /**
          * Gets the parameter used to protect keystore data.
          *
          * @return the parameter used to protect keystore data, or null
          */
-        public ProtectionParameter getProtectionParameter();
+        ProtectionParameter getProtectionParameter();
     }
 
     /**
@@ -252,7 +252,7 @@ public class KeyStore {
      *
      * @since 1.5
      */
-    public static interface ProtectionParameter { }
+    public interface ProtectionParameter { }
 
     /**
      * A password-based implementation of {@code ProtectionParameter}.
@@ -420,7 +420,7 @@ public class KeyStore {
      *
      * @since 1.5
      */
-    public static interface Entry {
+    public interface Entry {
 
         /**
          * Retrieves the attributes associated with an entry.
@@ -432,8 +432,8 @@ public class KeyStore {
          *
          * @since 1.8
          */
-        public default Set<Attribute> getAttributes() {
+        default Set<Attribute> getAttributes() {
-            return Collections.<Attribute>emptySet();
+            return Collections.emptySet();
         }
 
         /**
@@ -442,21 +442,21 @@ public class KeyStore {
          *
          * @since 1.8
          */
-        public interface Attribute {
+        interface Attribute {
             /**
              * Returns the attribute's name.
              *
              * @return the attribute name
              */
-            public String getName();
+            String getName();
 
             /**
              * Returns the attribute's value.
-             * Multi-valued attributes encode their values as a single string.
+             * Multivalued attributes encode their values as a single string.
              *
              * @return the attribute value
              */
-            public String getValue();
+            String getValue();
         }
     }
 
@@ -497,7 +497,7 @@ public class KeyStore {
          *      in the end entity {@code Certificate} (at index 0)
          */
         public PrivateKeyEntry(PrivateKey privateKey, Certificate[] chain) {
-            this(privateKey, chain, Collections.<Attribute>emptySet());
+            this(privateKey, chain, Collections.emptySet());
         }
 
         /**
@@ -660,7 +660,7 @@ public class KeyStore {
                 throw new NullPointerException("invalid null input");
             }
             this.sKey = secretKey;
-            this.attributes = Collections.<Attribute>emptySet();
+            this.attributes = Collections.emptySet();
         }
 
         /**
@@ -743,7 +743,7 @@ public class KeyStore {
                 throw new NullPointerException("invalid null input");
             }
             this.cert = trustedCert;
-            this.attributes = Collections.<Attribute>emptySet();
+            this.attributes = Collections.emptySet();
         }
 
         /**
@@ -842,7 +842,7 @@ public class KeyStore {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param type the type of keystore.
@@ -988,11 +988,8 @@ public class KeyStore {
      */
     public static final String getDefaultType() {
         @SuppressWarnings("removal")
-        String kstype = AccessController.doPrivileged(new PrivilegedAction<>() {
+        String kstype = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            public String run() {
+            Security.getProperty(KEYSTORE_TYPE));
-                return Security.getProperty(KEYSTORE_TYPE);
-            }
-        });
         if (kstype == null) {
             kstype = "jks";
         }
@@ -1776,7 +1773,7 @@ public class KeyStore {
             throw new NullPointerException();
         }
 
-        if (file.isFile() == false) {
+        if (!file.isFile()) {
             throw new IllegalArgumentException(
                 "File does not exist or it does not refer to a normal file: " +
                     file);
@@ -1917,7 +1914,7 @@ public class KeyStore {
             if ((keyStore == null) || (protectionParameter == null)) {
                 throw new NullPointerException();
             }
-            if (keyStore.initialized == false) {
+            if (!keyStore.initialized) {
                 throw new IllegalArgumentException("KeyStore not initialized");
             }
             return new Builder() {
@@ -1933,7 +1930,7 @@ public class KeyStore {
                     if (alias == null) {
                         throw new NullPointerException();
                     }
-                    if (getCalled == false) {
+                    if (!getCalled) {
                         throw new IllegalStateException
                             ("getKeyStore() must be called first");
                     }
@@ -2055,7 +2052,7 @@ public class KeyStore {
             private final String type;
             private final Provider provider;
             private final File file;
-            private ProtectionParameter protection;
+            private final ProtectionParameter protection;
             private ProtectionParameter keyProtection;
             @SuppressWarnings("removal")
             private final AccessControlContext context;
@@ -2109,7 +2106,7 @@ public class KeyStore {
                     }
                     public KeyStore run0() throws Exception {
                         KeyStore ks;
-                        char[] password = null;
+                        char[] password;
 
                         // Acquire keystore password
                         if (protection instanceof PasswordProtection) {
@@ -2213,7 +2210,7 @@ public class KeyStore {
                 private IOException oldException;
 
                 private final PrivilegedExceptionAction<KeyStore> action
-                        = new PrivilegedExceptionAction<KeyStore>() {
+                        = new PrivilegedExceptionAction<>() {
 
                     public KeyStore run() throws Exception {
                         KeyStore ks;
@@ -2273,7 +2270,7 @@ public class KeyStore {
                     if (alias == null) {
                         throw new NullPointerException();
                     }
-                    if (getCalled == false) {
+                    if (!getCalled) {
                         throw new IllegalStateException
                             ("getKeyStore() must be called first");
                     }

src/java.base/share/classes/java/security/KeyStoreSpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -380,7 +380,7 @@ public abstract class KeyStoreSpi {
      * <p>
      * If {@code KeyStore.LoadStoreParameter} is {@code null} then
      * the password parameter will also be {@code null}.
-     * Otherwise the {@code KeyStore.ProtectionParameter} of
+     * Otherwise, the {@code KeyStore.ProtectionParameter} of
      * {@code KeyStore.LoadStoreParameter} must be either a
      * {@code KeyStore.PasswordProtection} or a
      * {@code KeyStore.CallbackHandlerProtection} that supports
@@ -415,7 +415,7 @@ public abstract class KeyStoreSpi {
                 CertificateException {
 
         if (param == null) {
-            engineLoad((InputStream)null, (char[])null);
+            engineLoad(null, (char[])null);
             return;
         }
 
@@ -444,7 +444,6 @@ public abstract class KeyStoreSpi {
                 + " be PasswordProtection or CallbackHandlerProtection");
         }
         engineLoad(stream, password);
-        return;
     }
 
     /**
@@ -610,8 +609,7 @@ public abstract class KeyStoreSpi {
                 engineSetKeyEntry
                     (alias,
                     ((KeyStore.SecretKeyEntry)entry).getSecretKey(),
-                    pProtect.getPassword(),
+                    pProtect.getPassword(), null);
-                    (Certificate[])null);
                 return;
             }
         }

src/java.base/share/classes/java/security/MessageDigest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
     private static final boolean skipDebug =
         Debug.isOn("engine=") && !Debug.isOn("messagedigest");
 
-    private String algorithm;
+    private final String algorithm;
 
     // The state of this digest
     private static final int INITIAL = 0;
@@ -156,7 +156,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the algorithm requested.
@@ -302,10 +302,8 @@ public abstract class MessageDigest extends MessageDigestSpi {
             md.provider = (Provider)objs[1];
             return md;
         } else {
-            MessageDigest delegate =
+            return Delegate.of((MessageDigestSpi)objs[0], algorithm,
-                    Delegate.of((MessageDigestSpi)objs[0], algorithm,
+                (Provider)objs[1]);
-                    (Provider)objs[1]);
-            return delegate;
         }
     }
 

src/java.base/share/classes/java/security/MessageDigestSpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,7 @@ public abstract class MessageDigestSpi {
      * @since 1.5
      */
     protected void engineUpdate(ByteBuffer input) {
-        if (input.hasRemaining() == false) {
+        if (!input.hasRemaining()) {
             return;
         }
         if (input.hasArray()) {

src/java.base/share/classes/java/security/PKCS12Attribute.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,7 @@ public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
      * A string value is represented as the string itself.
      * A binary value is represented as a string of colon-separated
      * pairs of hexadecimal digits.
-     * Multi-valued attributes are represented as a comma-separated
+     * Multivalued attributes are represented as a comma-separated
      * list of values, enclosed in square brackets. See
      * {@link Arrays#toString(java.lang.Object[])}.
      * <p>
@@ -162,7 +162,7 @@ public final class PKCS12Attribute implements KeyStore.Entry.Attribute {
      *      returned as a binary string of colon-separated pairs of
      *      hexadecimal digits.
      * </ul>
-     * Multi-valued attributes are represented as a comma-separated
+     * Multivalued attributes are represented as a comma-separated
      * list of values, enclosed in square brackets. See
      * {@link Arrays#toString(java.lang.Object[])}.
      *

src/java.base/share/classes/java/security/Permission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -71,7 +71,7 @@ public abstract class Permission implements Guard, java.io.Serializable {
     /**
      * The permission name.
      */
-    private String name;
+    private final String name;
 
     /**
      * Constructs a permission with the specified name.
@@ -116,7 +116,7 @@ public abstract class Permission implements Guard, java.io.Serializable {
      * only ones that can impose semantics on a Permission object.
      *
      * <p>The {@code implies} method is used by the AccessController to determine
-     * whether or not a requested permission is implied by another permission that
+     * whether a requested permission is implied by another permission that
      * is known to be valid in the current execution context.
      *
      * @param permission the permission to check against.
@@ -207,7 +207,7 @@ public abstract class Permission implements Guard, java.io.Serializable {
      * If null is returned,
      * then the caller of this method is free to store permissions of this
      * type in any PermissionCollection they choose (one that uses a Hashtable,
-     * one that uses a Vector, etc).
+     * one that uses a Vector, etc.).
      *
      * @return a new PermissionCollection object for this type of Permission, or
      * null if one is not defined.

src/java.base/share/classes/java/security/PermissionCollection.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,7 @@ import java.util.stream.StreamSupport;
  * If null is returned, then the caller of {@code newPermissionCollection}
  * is free to store permissions of the
  * given type in any PermissionCollection they choose
- * (one that uses a Hashtable, one that uses a Vector, etc).
+ * (one that uses a Hashtable, one that uses a Vector, etc.).
  *
  * <p>The PermissionCollection returned by the
  * {@code Permission.newPermissionCollection}

src/java.base/share/classes/java/security/Permissions.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -432,7 +432,7 @@ implements Serializable
 final class PermissionsEnumerator implements Enumeration<Permission> {
 
     // all the perms
-    private Iterator<PermissionCollection> perms;
+    private final Iterator<PermissionCollection> perms;
     // the current set
     private Enumeration<Permission> permset;
 

src/java.base/share/classes/java/security/Principal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,28 +49,28 @@ public interface Principal {
      * @return true if the principal passed in is the same as that
      * encapsulated by this principal, and false otherwise.
      */
-    public boolean equals(Object another);
+    boolean equals(Object another);
 
     /**
      * Returns a string representation of this principal.
      *
      * @return a string representation of this principal.
      */
-    public String toString();
+    String toString();
 
     /**
      * Returns a hashcode for this principal.
      *
      * @return a hashcode for this principal.
      */
-    public int hashCode();
+    int hashCode();
 
     /**
      * Returns the name of this principal.
      *
      * @return the name of this principal.
      */
-    public String getName();
+    String getName();
 
     /**
      * Returns true if the specified subject is implied by this principal.
@@ -88,7 +88,7 @@ public interface Principal {
      *              implied by this principal, or false otherwise.
      * @since 1.8
      */
-    public default boolean implies(Subject subject) {
+    default boolean implies(Subject subject) {
         if (subject == null)
             return false;
         return subject.getPrincipals().contains(this);

src/java.base/share/classes/java/security/PrivateKey.java

@@ -70,5 +70,5 @@ public interface PrivateKey extends Key, javax.security.auth.Destroyable {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 6034044314589513430L;
+    long serialVersionUID = 6034044314589513430L;
 }

src/java.base/share/classes/java/security/ProtectionDomain.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -134,13 +134,13 @@ public class ProtectionDomain {
     }
 
     /* CodeSource */
-    private CodeSource codesource ;
+    private final CodeSource codesource ;
 
     /* ClassLoader the protection domain was consed from */
-    private ClassLoader classloader;
+    private final ClassLoader classloader;
 
     /* Principals running-as within this protection domain */
-    private Principal[] principals;
+    private final Principal[] principals;
 
     /* the rights this protection domain is granted */
     private PermissionCollection permissions;
@@ -371,7 +371,7 @@ public class ProtectionDomain {
             Policy policy = Policy.getPolicyNoCheck();
             if (policy instanceof PolicyFile) {
                 // The PolicyFile implementation supports compatibility
-                // inside and it also covers the static permissions.
+                // inside, and it also covers the static permissions.
                 return policy.implies(this, perm);
             } else {
                 if (policy.implies(this, perm)) {
@@ -447,7 +447,7 @@ public class ProtectionDomain {
      *
      * . SecurityManager is not null,
      *          debug is not null,
-     *          SecurityManager impelmentation is in bootclasspath,
+     *          SecurityManager implementation is in bootclasspath,
      *          Policy implementation is in bootclasspath
      *          (the bootclasspath restrictions avoid recursion)
      *
@@ -463,22 +463,18 @@ public class ProtectionDomain {
             return true;
         } else {
             if (DebugHolder.debug != null) {
-                if (sm.getClass().getClassLoader() == null &&
+                return sm.getClass().getClassLoader() == null &&
-                    Policy.getPolicyNoCheck().getClass().getClassLoader()
+                        Policy.getPolicyNoCheck().getClass().getClassLoader()
-                                                                == null) {
+                                == null;
-                    return true;
-                }
             } else {
                 try {
                     sm.checkPermission(SecurityConstants.GET_POLICY_PERMISSION);
                     return true;
                 } catch (SecurityException se) {
-                    // fall thru and return false
+                    return false;
                 }
             }
         }
-
-        return false;
     }
 
     private PermissionCollection mergePermissions() {
@@ -488,12 +484,8 @@ public class ProtectionDomain {
         @SuppressWarnings("removal")
         PermissionCollection perms =
             java.security.AccessController.doPrivileged
-            (new java.security.PrivilegedAction<>() {
+            ((PrivilegedAction<PermissionCollection>) () ->
-                    public PermissionCollection run() {
+                Policy.getPolicyNoCheck().getPermissions(ProtectionDomain.this));
-                        Policy p = Policy.getPolicyNoCheck();
-                        return p.getPermissions(ProtectionDomain.this);
-                    }
-                });
 
         Permissions mergedPerms = new Permissions();
         int swag = 32;

src/java.base/share/classes/java/security/Provider.java

@@ -119,14 +119,14 @@ public abstract class Provider extends Properties {
      *
      * @serial
      */
-    private String name;
+    private final String name;
 
     /**
      * A description of the provider and its services.
      *
      * @serial
      */
-    private String info;
+    private final String info;
 
     /**
      * The provider version number.
@@ -192,7 +192,7 @@ public abstract class Provider extends Properties {
         this.info = info;
         this.serviceMap = new ConcurrentHashMap<>();
         this.legacyMap = new ConcurrentHashMap<>();
-        this.prngAlgos = new LinkedHashSet<String>(6);
+        this.prngAlgos = new LinkedHashSet<>(6);
         putId();
         initialized = true;
     }
@@ -232,7 +232,7 @@ public abstract class Provider extends Properties {
         this.info = info;
         this.serviceMap = new ConcurrentHashMap<>();
         this.legacyMap = new ConcurrentHashMap<>();
-        this.prngAlgos = new LinkedHashSet<String>(6);
+        this.prngAlgos = new LinkedHashSet<>(6);
         putId();
         initialized = true;
     }
@@ -386,7 +386,7 @@ public abstract class Provider extends Properties {
     }
 
     /**
-     * Copies all of the mappings from the specified Map to this provider.
+     * Copies all the mappings from the specified Map to this provider.
      * These mappings will replace any properties that this provider had
      * for any of the keys currently in the specified Map.
      *
@@ -883,14 +883,14 @@ public abstract class Provider extends Properties {
         }
         this.serviceMap = new ConcurrentHashMap<>();
         this.legacyMap = new ConcurrentHashMap<>();
-        this.prngAlgos = new LinkedHashSet<String>(6);
+        this.prngAlgos = new LinkedHashSet<>(6);
         implClear();
         initialized = true;
         putAll(copy);
     }
 
     // returns false if no update necessary, i.e. key isn't String or
-    // is String but it's provider-related (name/version/info/className)
+    // is String, but it's provider-related (name/version/info/className)
     private static boolean checkLegacy(Object key) {
         if (key instanceof String && ((String)key).startsWith("Provider.")) {
             // ignore provider related updates
@@ -901,7 +901,7 @@ public abstract class Provider extends Properties {
     }
 
     /**
-     * Copies all of the mappings from the specified Map to this provider.
+     * Copies all the mappings from the specified Map to this provider.
      * Internal method to be called AFTER the security check has been
      * performed.
      */
@@ -1093,6 +1093,9 @@ public abstract class Provider extends Properties {
                 && this.type.equals(other.type)
                 && this.algorithm.equals(other.algorithm);
         }
+
+        // Don't change '==' to equals.
+        // This method tests for equality of pointers.
         boolean matches(String type, String algorithm) {
             return (this.type == type) && (this.originalAlgorithm == algorithm);
         }
@@ -1119,8 +1122,8 @@ public abstract class Provider extends Properties {
     private static final String ALIAS_PREFIX_LOWER = "alg.alias.";
     private static final int ALIAS_LENGTH = ALIAS_PREFIX.length();
 
-    private static enum OPType {
+    private enum OPType {
-        ADD, REMOVE;
+        ADD, REMOVE
     }
 
     private void parseLegacy(String name, String value, OPType opType) {
@@ -1254,7 +1257,7 @@ public abstract class Provider extends Properties {
      *
      * @param type the type of {@link Service service} requested
      * (for example, {@code MessageDigest})
-     * @param algorithm the case insensitive algorithm name (or alternate
+     * @param algorithm the case-insensitive algorithm name (or alternate
      * alias) of the service requested (for example, {@code SHA-1})
      *
      * @return the service describing this Provider's matching service
@@ -1268,7 +1271,7 @@ public abstract class Provider extends Properties {
         checkInitialized();
         // avoid allocating a new ServiceKey object if possible
         ServiceKey key = previousKey;
-        if (key.matches(type, algorithm) == false) {
+        if (!key.matches(type, algorithm)) {
             key = new ServiceKey(type, algorithm, false);
             previousKey = key;
         }
@@ -1325,7 +1328,7 @@ public abstract class Provider extends Properties {
 
     /**
      * Add a service. If a service of the same type with the same algorithm
-     * name exists and it was added using {@link #putService putService()},
+     * name exists, and it was added using {@link #putService putService()},
      * it is replaced by the new service.
      * This method also places information about this service
      * in the provider's Hashtable values in the format described in the
@@ -1506,7 +1509,7 @@ public abstract class Provider extends Properties {
         checkAndUpdateSecureRandom(type, algorithm, false);
     }
 
-    // Wrapped String that behaves in a case insensitive way for equals/hashCode
+    // Wrapped String that behaves in a case-insensitive way for equals/hashCode
     private static class UString {
         final String string;
         final String lowerString;
@@ -1665,7 +1668,7 @@ public abstract class Provider extends Properties {
         // flag indicating whether this service has its attributes for
         // supportedKeyFormats or supportedKeyClasses set
         // if null, the values have not been initialized
-        // if TRUE, at least one of supportedFormats/Classes is non null
+        // if TRUE, at least one of supportedFormats/Classes is non-null
         private volatile Boolean hasKeyAttributes;
 
         // supported encoding formats
@@ -1687,8 +1690,8 @@ public abstract class Provider extends Properties {
             this.type = type;
             this.algorithm = algorithm;
             engineDescription = knownEngines.get(type);
-            aliases = Collections.<String>emptyList();
+            aliases = Collections.emptyList();
-            attributes = Collections.<UString,String>emptyMap();
+            attributes = Collections.emptyMap();
         }
 
         private boolean isValid() {
@@ -1754,12 +1757,12 @@ public abstract class Provider extends Properties {
             this.algorithm = algorithm;
             this.className = className;
             if (aliases == null) {
-                this.aliases = Collections.<String>emptyList();
+                this.aliases = Collections.emptyList();
             } else {
                 this.aliases = new ArrayList<>(aliases);
             }
             if (attributes == null) {
-                this.attributes = Collections.<UString,String>emptyMap();
+                this.attributes = Collections.emptyMap();
             } else {
                 this.attributes = new HashMap<>();
                 for (Map.Entry<String,String> entry : attributes.entrySet()) {
@@ -1806,7 +1809,7 @@ public abstract class Provider extends Properties {
         }
 
         // internal only
-        private final List<String> getAliases() {
+        private List<String> getAliases() {
             return aliases;
         }
 
@@ -1855,7 +1858,7 @@ public abstract class Provider extends Properties {
          */
         public Object newInstance(Object constructorParameter)
                 throws NoSuchAlgorithmException {
-            if (registered == false) {
+            if (!registered) {
                 if (provider.getService(type, algorithm) != this) {
                     throw new NoSuchAlgorithmException
                         ("Service not registered with Provider "
@@ -1882,7 +1885,7 @@ public abstract class Provider extends Properties {
                                 + " engines");
                         } else {
                             Class<?> argClass = constructorParameter.getClass();
-                            if (ctrParamClz.isAssignableFrom(argClass) == false) {
+                            if (!ctrParamClz.isAssignableFrom(argClass)) {
                                 throw new InvalidParameterException
                                     ("constructorParameter must be instanceof "
                                     + cap.constructorParameterClassName.replace('$', '.')
@@ -2054,10 +2057,7 @@ public abstract class Provider extends Properties {
             if (supportsKeyFormat(key)) {
                 return true;
             }
-            if (supportsKeyClass(key)) {
+            return supportsKeyClass(key);
-                return true;
-            }
-            return false;
         }
 
         /**
@@ -2088,9 +2088,8 @@ public abstract class Provider extends Properties {
                             }
                             supportedClasses = classList.toArray(CLASS0);
                         }
-                        boolean bool = (supportedFormats != null)
+                        b = (supportedFormats != null)
                             || (supportedClasses != null);
-                        b = Boolean.valueOf(bool);
                         hasKeyAttributes = b;
                     }
                 }

src/java.base/share/classes/java/security/PublicKey.java

@@ -56,5 +56,5 @@ public interface PublicKey extends Key {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 7187392471159151072L;
+    long serialVersionUID = 7187392471159151072L;
 }

src/java.base/share/classes/java/security/SecureClassLoader.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,11 @@
 
 package java.security;
 
+import sun.security.util.Debug;
+
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.function.Function;
-
-import sun.security.util.Debug;
 
 /**
  * This class extends ClassLoader with additional support for defining
@@ -219,28 +218,20 @@ public class SecureClassLoader extends ClassLoader {
         // that no nameservice lookup is done on the hostname (String comparison
         // only), and the fragment is not considered.
         CodeSourceKey key = new CodeSourceKey(cs);
-        return pdcache.computeIfAbsent(key, new Function<>() {
+        return pdcache.computeIfAbsent(key, unused -> {
-            @Override
+            PermissionCollection perms
-            public ProtectionDomain apply(CodeSourceKey key /* not used */) {
+                    = SecureClassLoader.this.getPermissions(cs);
-                PermissionCollection perms
+            ProtectionDomain pd = new ProtectionDomain(
-                        = SecureClassLoader.this.getPermissions(cs);
+                    cs, perms, SecureClassLoader.this, null);
-                ProtectionDomain pd = new ProtectionDomain(
+            if (DebugHolder.debug != null) {
-                        cs, perms, SecureClassLoader.this, null);
+                DebugHolder.debug.println(" getPermissions " + pd);
-                if (DebugHolder.debug != null) {
+                DebugHolder.debug.println("");
-                    DebugHolder.debug.println(" getPermissions " + pd);
-                    DebugHolder.debug.println("");
-                }
-                return pd;
             }
+            return pd;
         });
     }
 
-    private static class CodeSourceKey {
+    private record CodeSourceKey(CodeSource cs) {
-        private final CodeSource cs;
-
-        CodeSourceKey(CodeSource cs) {
-            this.cs = cs;
-        }
 
         @Override
         public int hashCode() {

src/java.base/share/classes/java/security/SecureRandom.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,18 +25,18 @@
 
 package java.security;
 
-import java.math.BigInteger;
-import java.util.*;
-import java.util.random.RandomGenerator;
-import java.util.regex.*;
-import java.security.Provider.Service;
-
 import jdk.internal.util.random.RandomSupport.RandomGeneratorProperties;
-import sun.security.jca.*;
+import sun.security.jca.GetInstance;
 import sun.security.jca.GetInstance.Instance;
+import sun.security.jca.Providers;
 import sun.security.provider.SunEntries;
 import sun.security.util.Debug;
 
+import java.security.Provider.Service;
+import java.util.Objects;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 /**
  * This class provides a cryptographically strong random number
  * generator (RNG).
@@ -47,7 +47,7 @@ import sun.security.util.Debug;
  * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
  * section 4.9.1.
  * Additionally, {@code SecureRandom} must produce non-deterministic output.
- * Therefore any seed material passed to a {@code SecureRandom} object must be
+ * Therefore, any seed material passed to a {@code SecureRandom} object must be
  * unpredictable, and all {@code SecureRandom} output sequences must be
  * cryptographically strong, as described in
  * <a href="https://tools.ietf.org/html/rfc4086">
@@ -204,7 +204,7 @@ public class SecureRandom extends java.util.Random {
      * A new {@code SecureRandom} object encapsulating the
      * {@code SecureRandomSpi} implementation from the first
      * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned.
-     * If none of the Providers support a RNG algorithm,
+     * If none of the Providers support an RNG algorithm,
      * then an implementation-specific default is returned.
      *
      * <p> Note that the list of registered providers may be retrieved via
@@ -245,7 +245,7 @@ public class SecureRandom extends java.util.Random {
      * A new {@code SecureRandom} object encapsulating the
      * {@code SecureRandomSpi} implementation from the first
      * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned.
-     * If none of the Providers support a RNG algorithm,
+     * If none of the Providers support an RNG algorithm,
      * then an implementation-specific default is returned.
      *
      * <p> Note that the list of registered providers may be retrieved via
@@ -284,7 +284,7 @@ public class SecureRandom extends java.util.Random {
                 }
             }
         }
-        // per javadoc, if none of the Providers support a RNG algorithm,
+        // per javadoc, if none of the Providers support an RNG algorithm,
         // then an implementation-specific default is returned.
         if (prngService == null) {
             prngAlgorithm = "SHA1PRNG";
@@ -360,7 +360,7 @@ public class SecureRandom extends java.util.Random {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the RNG algorithm.
@@ -497,7 +497,7 @@ public class SecureRandom extends java.util.Random {
      * The JDK Reference Implementation additionally uses the
      * {@code jdk.security.provider.preferred} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the RNG algorithm.
@@ -796,7 +796,7 @@ public class SecureRandom extends java.util.Random {
      * Generates an integer containing the user-specified number of
      * pseudo-random bits (right justified, with leading zeros).  This
      * method overrides a {@code java.util.Random} method, and serves
-     * to provide a source of random bits to all of the methods inherited
+     * to provide a source of random bits to all the methods inherited
      * from that class (for example, {@code nextInt},
      * {@code nextLong}, and {@code nextFloat}).
      *
@@ -900,9 +900,9 @@ public class SecureRandom extends java.util.Random {
          *     4 - ,nextEntry (optional)
          *     5 - nextEntry (optional)
          */
-        private static Pattern pattern =
+        private static final Pattern pattern =
             Pattern.compile(
-                "\\s*([\\S&&[^:,]]*)(\\:([\\S&&[^,]]*))?\\s*(\\,(.*))?");
+                "\\s*([\\S&&[^:,]]*)(:([\\S&&[^,]]*))?\\s*(,(.*))?");
     }
 
     /**
@@ -935,13 +935,8 @@ public class SecureRandom extends java.util.Random {
 
         @SuppressWarnings("removal")
         String property = AccessController.doPrivileged(
-            new PrivilegedAction<>() {
+                (PrivilegedAction<String>) () -> Security.getProperty(
-                @Override
+                    "securerandom.strongAlgorithms"));
-                public String run() {
-                    return Security.getProperty(
-                        "securerandom.strongAlgorithms");
-                }
-            });
 
         if (property == null || property.isEmpty()) {
             throw new NoSuchAlgorithmException(

src/java.base/share/classes/java/security/SecureRandomSpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,7 +50,7 @@ package java.security;
  * <p>
  * Otherwise, if the {@code SecureRandomSpi(SecureRandomParameters)}
  * constructor is not overridden in an implementation, the
- * {@link #SecureRandomSpi()} constructor must be overridden and it will be
+ * {@link #SecureRandomSpi()} constructor must be overridden, and it will be
  * called if an object is instantiated with one of {@code SecureRandom}'s
  * {@code getInstance} methods <em>without</em> a
  * {@code SecureRandomParameters} argument. Calling one of

src/java.base/share/classes/java/security/Security.java

@@ -72,11 +72,9 @@ public final class Security {
         // (the FileInputStream call and the File.exists call,
         // the securityPropFile call, etc)
         @SuppressWarnings("removal")
-        var dummy = AccessController.doPrivileged(new PrivilegedAction<>() {
+        var dummy = AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
-            public Void run() {
+            initialize();
-                initialize();
+            return null;
-                return null;
-            }
         });
     }
 
@@ -229,12 +227,11 @@ public final class Security {
      * properties file.
      */
     private static ProviderProperty getProviderProperty(String key) {
-        ProviderProperty entry = null;
 
         List<Provider> providers = Providers.getProviderList().providers();
         for (int i = 0; i < providers.size(); i++) {
 
-            String matchKey = null;
+            String matchKey;
             Provider prov = providers.get(i);
             String prop = prov.getProperty(key);
 
@@ -242,7 +239,7 @@ public final class Security {
                 // Is there a match if we do a case-insensitive property name
                 // comparison? Let's try ...
                 for (Enumeration<Object> e = prov.keys();
-                                e.hasMoreElements() && prop == null; ) {
+                                e.hasMoreElements(); ) {
                     matchKey = (String)e.nextElement();
                     if (key.equalsIgnoreCase(matchKey)) {
                         prop = prov.getProperty(matchKey);
@@ -259,7 +256,7 @@ public final class Security {
             }
         }
 
-        return entry;
+        return null;
     }
 
     /**
@@ -271,7 +268,7 @@ public final class Security {
             // Is there a match if we do a case-insensitive property name
             // comparison? Let's try ...
             for (Enumeration<Object> e = provider.keys();
-                                e.hasMoreElements() && prop == null; ) {
+                                e.hasMoreElements(); ) {
                 String matchKey = (String)e.nextElement();
                 if (key.equalsIgnoreCase(matchKey)) {
                     prop = provider.getProperty(matchKey);
@@ -534,8 +531,8 @@ public final class Security {
      * @since 1.3
      */
     public static Provider[] getProviders(String filter) {
-        String key = null;
+        String key;
-        String value = null;
+        String value;
         int index = filter.indexOf(':');
 
         if (index == -1) {
@@ -631,17 +628,11 @@ public final class Security {
                 firstSearch = false;
             }
 
-            if ((newCandidates != null) && !newCandidates.isEmpty()) {
+            if (!newCandidates.isEmpty()) {
                 // For each provider in the candidates set, if it
                 // isn't in the newCandidate set, we should remove
                 // it from the candidate set.
-                for (Iterator<Provider> cansIte = candidates.iterator();
+                candidates.removeIf(prov -> !newCandidates.contains(prov));
-                     cansIte.hasNext(); ) {
-                    Provider prov = cansIte.next();
-                    if (!newCandidates.contains(prov)) {
-                        cansIte.remove();
-                    }
-                }
             } else {
                 candidates = null;
                 break;
@@ -735,7 +726,7 @@ public final class Security {
      * {@code checkPermission}  method is called with a
      * {@code java.security.SecurityPermission("getProperty."+key)}
      * permission to see if it's ok to retrieve the specified
-     * security property value..
+     * security property value.
      *
      * @param key the key of the property being retrieved.
      *
@@ -858,7 +849,7 @@ public final class Security {
 
         // The first component is the service name.
         // The second is the algorithm name.
-        // If the third isn't null, that is the attrinute name.
+        // If the third isn't null, that is the attribute name.
         String serviceName = filterComponents[0];
         String algName = filterComponents[1];
         String attrName = filterComponents[2];
@@ -953,10 +944,7 @@ public final class Security {
         if (attribute.equalsIgnoreCase("KeySize"))
             return true;
 
-        if (attribute.equalsIgnoreCase("ImplementedIn"))
+        return attribute.equalsIgnoreCase("ImplementedIn");
-            return true;
-
-        return false;
     }
 
     /*
@@ -971,11 +959,7 @@ public final class Security {
         if (attribute.equalsIgnoreCase("KeySize")) {
             int requestedSize = Integer.parseInt(value);
             int maxSize = Integer.parseInt(prop);
-            if (requestedSize <= maxSize) {
+            return requestedSize <= maxSize;
-                return true;
-            } else {
-                return false;
-            }
         }
 
         // For Type, prop is the type of the implementation
@@ -997,7 +981,7 @@ public final class Security {
         }
 
         String serviceName = filterKey.substring(0, algIndex);
-        String algName = null;
+        String algName;
         String attrName = null;
 
         if (filterValue.isEmpty()) {
@@ -1005,7 +989,7 @@ public final class Security {
             // should be in the format of <crypto_service>.<algorithm_or_type>.
             algName = filterKey.substring(algIndex + 1).trim();
             if (algName.isEmpty()) {
-                // There must be a algorithm or type name.
+                // There must be an algorithm or type name.
                 throw new InvalidParameterException("Invalid filter");
             }
         } else {

src/java.base/share/classes/java/security/SecurityPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,18 +25,13 @@
 
 package java.security;
 
-import java.security.*;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
-
 /**
  * This class is for security permissions. A {@code SecurityPermission}
  * contains a name (also referred to as a "target name") but no actions list;
  * you either have the named permission or you don't.
  * <p>
  * The target name is the name of a security configuration parameter
- * (see below). Currently the {@code SecurityPermission} object is used to
+ * (see below). Currently, the {@code SecurityPermission} object is used to
  * guard access to the {@link AccessControlContext}, {@link Policy},
  * {@link Provider}, {@link Security}, {@link Signer}, and {@link Identity}
  * objects.

src/java.base/share/classes/java/security/Signature.java

@@ -235,7 +235,7 @@ public abstract class Signature extends SignatureSpi {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the standard name of the algorithm requested.
@@ -264,7 +264,7 @@ public abstract class Signature extends SignatureSpi {
             list = GetInstance.getServices("Signature", algorithm);
         }
         Iterator<Service> t = list.iterator();
-        if (t.hasNext() == false) {
+        if (!t.hasNext()) {
             throw new NoSuchAlgorithmException
                 (algorithm + " Signature not available");
         }
@@ -305,18 +305,17 @@ public abstract class Signature extends SignatureSpi {
 
     static {
         signatureInfo = new ConcurrentHashMap<>();
-        Boolean TRUE = Boolean.TRUE;
         // pre-initialize with values for our SignatureSpi implementations
-        signatureInfo.put("sun.security.provider.DSA$RawDSA", TRUE);
+        signatureInfo.put("sun.security.provider.DSA$RawDSA", true);
-        signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", TRUE);
+        signatureInfo.put("sun.security.provider.DSA$SHA1withDSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$MD2withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$MD5withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$SHA1withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
+        signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", true);
-        signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE);
+        signatureInfo.put("sun.security.rsa.RSAPSSSignature", true);
-        signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
+        signatureInfo.put("sun.security.pkcs11.P11Signature", true);
     }
 
     private static boolean isSpi(Service s) {
@@ -334,7 +333,7 @@ public abstract class Signature extends SignatureSpi {
                 // instance of SignatureSpi but not Signature
                 boolean r = (instance instanceof SignatureSpi)
                                 && (!(instance instanceof Signature));
-                if ((debug != null) && (r == false)) {
+                if ((debug != null) && (!r)) {
                     debug.println("Not a SignatureSpi " + className);
                     debug.println("Delayed provider selection may not be "
                         + "available for algorithm " + s.getAlgorithm());
@@ -551,7 +550,7 @@ public abstract class Signature extends SignatureSpi {
                 && critSet.contains(KnownOIDs.KeyUsage.value())) {
                 boolean[] keyUsageInfo = xcert.getKeyUsage();
                 // keyUsageInfo[0] is for digitalSignature.
-                if ((keyUsageInfo != null) && (keyUsageInfo[0] == false))
+                if ((keyUsageInfo != null) && (!keyUsageInfo[0]))
                     throw new InvalidKeyException("Wrong key usage");
             }
         }
@@ -962,7 +961,7 @@ public abstract class Signature extends SignatureSpi {
      * which it is possible to set the various parameters of this object.
      * A parameter may be any settable parameter for the algorithm, such as
      * a parameter size, or a source of random bits for signature generation
-     * (if appropriate), or an indication of whether or not to perform
+     * (if appropriate), or an indication of whether to perform
      * a specific but optional computation. A uniform algorithm-specific
      * naming scheme for each parameter is desirable but left unspecified
      * at this time.
@@ -1033,7 +1032,7 @@ public abstract class Signature extends SignatureSpi {
      * get the various parameters of this object. A parameter may be any
      * settable parameter for the algorithm, such as a parameter size, or
      * a source of random bits for signature generation (if appropriate),
-     * or an indication of whether or not to perform a specific but optional
+     * or an indication of whether to perform a specific but optional
      * computation. A uniform algorithm-specific naming scheme for each
      * parameter is desirable but left unspecified at this time.
      *
@@ -1218,7 +1217,7 @@ public abstract class Signature extends SignatureSpi {
                     } else {
                         s = serviceIterator.next();
                     }
-                    if (isSpi(s) == false) {
+                    if (!isSpi(s)) {
                         continue;
                     }
                     try {
@@ -1260,11 +1259,11 @@ public abstract class Signature extends SignatureSpi {
                         s = serviceIterator.next();
                     }
                     // if provider says it does not support this key, ignore it
-                    if (key != null && s.supportsParameter(key) == false) {
+                    if (key != null && !s.supportsParameter(key)) {
                         continue;
                     }
                     // if instance is not a SignatureSpi, ignore it
-                    if (isSpi(s) == false) {
+                    if (!isSpi(s)) {
                         continue;
                     }
                     try {

src/java.base/share/classes/java/security/SignatureSpi.java

@@ -25,13 +25,10 @@
 
 package java.security;
 
-import java.security.spec.AlgorithmParameterSpec;
+import sun.security.jca.JCAUtil;
-import java.util.*;
-import java.io.*;
 
 import java.nio.ByteBuffer;
-
+import java.security.spec.AlgorithmParameterSpec;
-import sun.security.jca.JCAUtil;
 
 /**
  * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
@@ -203,7 +200,7 @@ public abstract class SignatureSpi {
      * @since 1.5
      */
     protected void engineUpdate(ByteBuffer input) {
-        if (input.hasRemaining() == false) {
+        if (!input.hasRemaining()) {
             return;
         }
         try {
@@ -348,7 +345,7 @@ public abstract class SignatureSpi {
      * which it is possible to set the various parameters of this object.
      * A parameter may be any settable parameter for the algorithm, such as
      * a parameter size, or a source of random bits for signature generation
-     * (if appropriate), or an indication of whether or not to perform
+     * (if appropriate), or an indication of whether to perform
      * a specific but optional computation. A uniform algorithm-specific
      * naming scheme for each parameter is desirable but left unspecified
      * at this time.
@@ -417,7 +414,7 @@ public abstract class SignatureSpi {
      * is possible to get the various parameters of this object. A parameter
      * may be any settable parameter for the algorithm, such as a parameter
      * size, or  a source of random bits for signature generation (if
-     * appropriate), or an indication of whether or not to perform a
+     * appropriate), or an indication of whether to perform a
      * specific but optional computation. A uniform algorithm-specific
      * naming scheme for each parameter is desirable but left unspecified
      * at this time.

src/java.base/share/classes/java/security/Timestamp.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,11 @@
 
 package java.security;
 
-import java.io.*;
+import java.io.IOException;
-import java.security.cert.Certificate;
+import java.io.ObjectInputStream;
+import java.io.Serializable;
 import java.security.cert.CertPath;
-import java.security.cert.X509Extension;
+import java.security.cert.Certificate;
 import java.util.Date;
 import java.util.List;
 
@@ -59,7 +60,7 @@ public final class Timestamp implements Serializable {
      *
      * @serial
      */
-    private CertPath signerCertPath;
+    private final CertPath signerCertPath;
 
     /*
      * Hash code for this timestamp.

src/java.base/share/classes/java/security/URIParameter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@ package java.security;
 public class URIParameter implements
         Policy.Parameters, javax.security.auth.login.Configuration.Parameters {
 
-    private java.net.URI uri;
+    private final java.net.URI uri;
 
     /**
      * Constructs a URIParameter with the URI pointing to

src/java.base/share/classes/java/security/UnresolvedPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,21 +120,21 @@ implements java.io.Serializable
      *
      * @serial
      */
-    private String type;
+    private final String type;
 
     /**
      * The permission name.
      *
      * @serial
      */
-    private String name;
+    private final String name;
 
     /**
      * The actions of the permission.
      *
      * @serial
      */
-    private String actions;
+    private final String actions;
 
     private transient java.security.cert.Certificate[] certs;
 
@@ -261,11 +261,11 @@ implements java.io.Serializable
                     try {
                         Constructor<?> c = pc.getConstructor(PARAMS1);
                         return (Permission) c.newInstance(
-                              new Object[] { name});
+                              new Object[] {null});
                     } catch (NoSuchMethodException ne1) {
                         Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
-                              new Object[] { name, actions });
+                              new Object[] {null, null});
                     }
                 }
             } else {
@@ -277,7 +277,7 @@ implements java.io.Serializable
                     } catch (NoSuchMethodException ne) {
                         Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
-                              new Object[] { name, actions });
+                              new Object[] { name, null});
                     }
                 } else {
                     Constructor<?> c = pc.getConstructor(PARAMS2);
@@ -363,10 +363,10 @@ implements java.io.Serializable
         }
 
         // check certs
-        if ((this.certs == null && that.certs != null) ||
+        if (this.certs == null && that.certs != null ||
-            (this.certs != null && that.certs == null) ||
+            this.certs != null && that.certs == null ||
-            (this.certs != null && that.certs != null &&
+            this.certs != null &&
-                this.certs.length != that.certs.length)) {
+               this.certs.length != that.certs.length) {
             return false;
         }
 
@@ -576,7 +576,7 @@ implements java.io.Serializable
             // we know of 3 different cert types: X.509, PGP, SDSI, which
             // could all be present in the stream at the same time
             cfs = new Hashtable<>(3);
-            certList = new ArrayList<>(size > 20 ? 20 : size);
+            certList = new ArrayList<>(Math.min(size, 20));
         } else if (size < 0) {
             throw new IOException("size cannot be negative");
         }

src/java.base/share/classes/java/security/cert/CRL.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@ package java.security.cert;
  * This class is an abstraction of certificate revocation lists (CRLs) that
  * have different formats but important common uses. For example, all CRLs
  * share the functionality of listing revoked certificates, and can be queried
- * on whether or not they list a given certificate.
+ * on whether they list a given certificate.
  * <p>
  * Specialized CRL types can be defined by subclassing off of this abstract
  * class.
@@ -46,7 +46,7 @@ package java.security.cert;
 public abstract class CRL {
 
     // the CRL type
-    private String type;
+    private final String type;
 
     /**
      * Creates a CRL of the specified type.

src/java.base/share/classes/java/security/cert/CertPath.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -302,9 +302,9 @@ public abstract class CertPath implements Serializable {
         private static final long serialVersionUID = 3015633072427920915L;
 
         /** The type of {@code Certificate}s in the {@code CertPath}. */
-        private String type;
+        private final String type;
         /** The encoded form of the {@code CertPath}. */
-        private byte[] data;
+        private final byte[] data;
 
         /**
          * Creates a {@code CertPathRep} with the specified

src/java.base/share/classes/java/security/cert/CertPathBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,7 +147,7 @@ public class CertPathBuilder {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the requested {@code CertPathBuilder}
@@ -319,11 +319,8 @@ public class CertPathBuilder {
     public static final String getDefaultType() {
         @SuppressWarnings("removal")
         String cpbtype =
-            AccessController.doPrivileged(new PrivilegedAction<>() {
+            AccessController.doPrivileged((PrivilegedAction<String>) () ->
-                public String run() {
+                    Security.getProperty(CPB_TYPE));
-                    return Security.getProperty(CPB_TYPE);
-                }
-            });
         return (cpbtype == null) ? "PKIX" : cpbtype;
     }
 

src/java.base/share/classes/java/security/cert/CertPathValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -148,7 +148,7 @@ public class CertPathValidator {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param algorithm the name of the requested {@code CertPathValidator}
@@ -331,11 +331,8 @@ public class CertPathValidator {
     public static final String getDefaultType() {
         @SuppressWarnings("removal")
         String cpvtype =
-            AccessController.doPrivileged(new PrivilegedAction<>() {
+            AccessController.doPrivileged((PrivilegedAction<String>) () ->
-                public String run() {
+                    Security.getProperty(CPV_TYPE));
-                    return Security.getProperty(CPV_TYPE);
-                }
-            });
         return (cpvtype == null) ? "PKIX" : cpvtype;
     }
 

src/java.base/share/classes/java/security/cert/CertPathValidatorException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,7 +74,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
      * @serial the {@code CertPath} that was being validated when
      * the exception was thrown
      */
-    private CertPath certPath;
+    private final CertPath certPath;
 
     /**
      * @serial the reason the validation failed
@@ -257,7 +257,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
      *
      * @since 1.7
      */
-    public static interface Reason extends java.io.Serializable { }
+    public interface Reason extends java.io.Serializable { }
 
 
     /**
@@ -266,7 +266,7 @@ public class CertPathValidatorException extends GeneralSecurityException {
      *
      * @since 1.7
      */
-    public static enum BasicReason implements Reason {
+    public enum BasicReason implements Reason {
         /**
          * Unspecified reason.
          */

src/java.base/share/classes/java/security/cert/CertStore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -99,9 +99,9 @@ public class CertStore {
      * </pre>
      */
     private static final String CERTSTORE_TYPE = "certstore.type";
-    private CertStoreSpi storeSpi;
+    private final CertStoreSpi storeSpi;
-    private Provider provider;
+    private final Provider provider;
-    private String type;
+    private final String type;
     private CertStoreParameters params;
 
     /**
@@ -207,7 +207,7 @@ public class CertStore {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param type the name of the requested {@code CertStore} type.
@@ -427,13 +427,10 @@ public class CertStore {
      * {@literal "LDAP"} if no such property exists.
      */
     @SuppressWarnings("removal")
-    public static final String getDefaultType() {
+    public static String getDefaultType() {
         String cstype;
-        cstype = AccessController.doPrivileged(new PrivilegedAction<>() {
+        cstype = AccessController.doPrivileged((PrivilegedAction<String>) () ->
-            public String run() {
+                Security.getProperty(CERTSTORE_TYPE));
-                return Security.getProperty(CERTSTORE_TYPE);
-            }
-        });
         if (cstype == null) {
             cstype = "LDAP";
         }

src/java.base/share/classes/java/security/cert/Certificate.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -245,10 +245,10 @@ public abstract class Certificate implements java.io.Serializable {
         private static final long serialVersionUID = -8563758940495660020L;
 
         /** The standard name of the certificate type. */
-        private String type;
+        private final String type;
 
         /** The certificate data. */
-        private byte[] data;
+        private final byte[] data;
 
         /**
          * Construct the alternate {@code Certificate} class with the

src/java.base/share/classes/java/security/cert/CertificateFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -125,13 +125,13 @@ import sun.security.jca.GetInstance.Instance;
 public class CertificateFactory {
 
     // The certificate type
-    private String type;
+    private final String type;
 
     // The provider
-    private Provider provider;
+    private final Provider provider;
 
     // The provider implementation
-    private CertificateFactorySpi certFacSpi;
+    private final CertificateFactorySpi certFacSpi;
 
     /**
      * Creates a CertificateFactory object of the given type, and encapsulates
@@ -167,7 +167,7 @@ public class CertificateFactory {
      * {@code jdk.security.provider.preferred}
      * {@link Security#getProperty(String) Security} property to determine
      * the preferred provider order for the specified algorithm. This
-     * may be different than the order of providers returned by
+     * may be different from the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param type the name of the requested certificate type.

src/java.base/share/classes/java/security/cert/CertificateFactorySpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,6 @@ import java.io.InputStream;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
-import java.security.Provider;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 
 /**
  * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)

src/java.base/share/classes/java/security/cert/CertificateRevokedException.java

@@ -187,8 +187,8 @@ public class CertificateRevokedException extends CertificateException {
     /**
      * Serialize this {@code CertificateRevokedException} instance.
      *
-     * @serialData the size of the extensions map (int), followed by all of
+     * @serialData the size of the extensions map (int), followed by all the
-     * the extensions in the map, in no particular order. For each extension,
+     * extensions in the map, in no particular order. For each extension,
      * the following data is emitted: the OID String (Object), the criticality
      * flag (boolean), the length of the encoded extension value byte array
      * (int), and the encoded extension value bytes.
@@ -245,7 +245,7 @@ public class CertificateRevokedException extends CertificateException {
         } else if (size < 0) {
             throw new IOException("size cannot be negative");
         } else {
-            extensions = HashMap.newHashMap(size > 20 ? 20 : size);
+            extensions = HashMap.newHashMap(Math.min(size, 20));
         }
 
         // Read in the extensions and put the mappings in the extensions map

src/java.base/share/classes/java/security/cert/CollectionCertStoreParameters.java

@@ -25,7 +25,6 @@
 
 package java.security.cert;
 
-import java.io.Serializable;
 import java.util.Collection;
 import java.util.Collections;
 
@@ -55,7 +54,7 @@ import java.util.Collections;
 public class CollectionCertStoreParameters
     implements CertStoreParameters {
 
-    private Collection<?> coll;
+    private final Collection<?> coll;
 
     /**
      * Creates an instance of {@code CollectionCertStoreParameters}
@@ -132,10 +131,8 @@ public class CollectionCertStoreParameters
      * @return a formatted string describing the parameters
      */
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        return "CollectionCertStoreParameters: [\n" +
-        sb.append("CollectionCertStoreParameters: [\n");
+                "  collection: " + coll + "\n" +
-        sb.append("  collection: " + coll + "\n");
+                "]";
-        sb.append("]");
-        return sb.toString();
     }
 }

src/java.base/share/classes/java/security/cert/Extension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@ package java.security.cert;
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.io.Serializable;
 
 /**
  * This interface represents an X.509 extension.

src/java.base/share/classes/java/security/cert/LDAPCertStoreParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,7 @@ package java.security.cert;
  * algorithm. However, if you are retrieving certificates or CRLs from
  * an ldap URI as specified by RFC 5280, use the
  * {@link java.security.cert.URICertStoreParameters URICertStoreParameters}
- * instead as the URI may contain additional information such as the
+ * instead, as the URI may contain additional information such as the
  * distinguished name that will help the LDAP CertStore find the specific
  * certificates and CRLs.
  * <p>
@@ -56,12 +56,12 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
     /**
      * the port number of the LDAP server
      */
-    private int port;
+    private final int port;
 
     /**
      * the DNS name of the LDAP server
      */
-    private String serverName;
+    private final String serverName;
 
     /**
      * Creates an instance of {@code LDAPCertStoreParameters} with the
@@ -143,12 +143,10 @@ public class LDAPCertStoreParameters implements CertStoreParameters {
      * @return a formatted string describing the parameters
      */
     public String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append("LDAPCertStoreParameters: [\n");
 
-        sb.append("  serverName: " + serverName + "\n");
+        return "LDAPCertStoreParameters: [\n" +
-        sb.append("  port: " + port + "\n");
+                "  serverName: " + serverName + "\n" +
-        sb.append("]");
+                "  port: " + port + "\n" +
-        return sb.toString();
+                "]";
     }
 }

src/java.base/share/classes/java/security/cert/PKIXBuilderParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -189,11 +189,9 @@ public class PKIXBuilderParameters extends PKIXParameters {
      * @return a formatted string describing the parameters
      */
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        return "[\n" +
-        sb.append("[\n");
+                super.toString() +
-        sb.append(super.toString());
+                "  Maximum Path Length: " + maxPathLength + "\n" +
-        sb.append("  Maximum Path Length: " + maxPathLength + "\n");
+                "]\n";
-        sb.append("]\n");
-        return sb.toString();
     }
 }

src/java.base/share/classes/java/security/cert/PKIXCertPathBuilderResult.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,7 +59,7 @@ import java.security.PublicKey;
 public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
     implements CertPathBuilderResult {
 
-    private CertPath certPath;
+    private final CertPath certPath;
 
     /**
      * Creates an instance of {@code PKIXCertPathBuilderResult}
@@ -107,13 +107,11 @@ public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
      *         {@code PKIXCertPathBuilderResult}
      */
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        return "PKIXCertPathBuilderResult: [\n" +
-        sb.append("PKIXCertPathBuilderResult: [\n");
+                "  Certification Path: " + certPath + "\n" +
-        sb.append("  Certification Path: " + certPath + "\n");
+                "  Trust Anchor: " + getTrustAnchor() + "\n" +
-        sb.append("  Trust Anchor: " + getTrustAnchor() + "\n");
+                "  Policy Tree: " + getPolicyTree() + "\n" +
-        sb.append("  Policy Tree: " + getPolicyTree() + "\n");
+                "  Subject Public Key: " + getPublicKey() + "\n" +
-        sb.append("  Subject Public Key: " + getPublicKey() + "\n");
+                "]";
-        sb.append("]");
-        return sb.toString();
     }
 }

src/java.base/share/classes/java/security/cert/PKIXCertPathChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -173,7 +173,7 @@ public abstract class PKIXCertPathChecker
      */
     @Override
     public void check(Certificate cert) throws CertPathValidatorException {
-        check(cert, java.util.Collections.<String>emptySet());
+        check(cert, java.util.Collections.emptySet());
     }
 
     /**

src/java.base/share/classes/java/security/cert/PKIXCertPathValidatorResult.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,9 @@ import java.security.PublicKey;
  */
 public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
 
-    private TrustAnchor trustAnchor;
+    private final TrustAnchor trustAnchor;
-    private PolicyNode policyTree;
+    private final PolicyNode policyTree;
-    private PublicKey subjectPublicKey;
+    private final PublicKey subjectPublicKey;
 
     /**
      * Creates an instance of {@code PKIXCertPathValidatorResult}
@@ -148,12 +148,10 @@ public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
      *         {@code PKIXCertPathValidatorResult}
      */
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        return "PKIXCertPathValidatorResult: [\n" +
-        sb.append("PKIXCertPathValidatorResult: [\n");
+                "  Trust Anchor: " + trustAnchor + "\n" +
-        sb.append("  Trust Anchor: " + trustAnchor + "\n");
+                "  Policy Tree: " + policyTree + "\n" +
-        sb.append("  Policy Tree: " + policyTree + "\n");
+                "  Subject Public Key: " + subjectPublicKey + "\n" +
-        sb.append("  Subject Public Key: " + subjectPublicKey + "\n");
+                "]";
-        sb.append("]");
-        return sb.toString();
     }
 }

src/java.base/share/classes/java/security/cert/PKIXRevocationChecker.java

@@ -25,14 +25,7 @@
 package java.security.cert;
 
 import java.net.URI;
-import java.util.ArrayList;
+import java.util.*;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
 
 /**
  * A {@code PKIXCertPathChecker} for checking the revocation status of
@@ -100,7 +93,7 @@ import java.util.Set;
 public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     private URI ocspResponder;
     private X509Certificate ocspResponderCert;
-    private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
+    private List<Extension> ocspExtensions = Collections.emptyList();
     private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
     private Set<Option> options = Collections.emptySet();
 
@@ -170,7 +163,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     public void setOcspExtensions(List<Extension> extensions)
     {
         this.ocspExtensions = (extensions == null)
-                              ? Collections.<Extension>emptyList()
+                              ? Collections.emptyList()
                               : new ArrayList<>(extensions);
     }
 
@@ -196,7 +189,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     public void setOcspResponses(Map<X509Certificate, byte[]> responses)
     {
         if (responses == null) {
-            this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
+            this.ocspResponses = Collections.emptyMap();
         } else {
             Map<X509Certificate, byte[]> copy = HashMap.newHashMap(responses.size());
             for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
@@ -232,7 +225,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
      */
     public void setOptions(Set<Option> options) {
         this.options = (options == null)
-                       ? Collections.<Option>emptySet()
+                       ? Collections.emptySet()
                        : new HashSet<>(options);
     }
 

src/java.base/share/classes/java/security/cert/PolicyQualifierInfo.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,7 @@ import sun.security.util.DerValue;
  *
  * <p>Note that the PKIX certification path validation algorithm specifies
  * that any policy qualifier in a certificate policies extension that is
- * marked critical must be processed and validated. Otherwise the
+ * marked critical must be processed and validated. Otherwise, the
  * certification path must be rejected. If the
  * {@code policyQualifiersRejected} flag is set to false, it is up to
  * the application to validate all policy qualifiers in this manner in order
@@ -84,9 +84,9 @@ import sun.security.util.DerValue;
  */
 public class PolicyQualifierInfo {
 
-    private byte [] mEncoded;
+    private final byte [] mEncoded;
-    private String mId;
+    private final String mId;
-    private byte [] mData;
+    private final byte [] mData;
     private String pqiString;
 
     /**
@@ -161,13 +161,11 @@ public class PolicyQualifierInfo {
         if (pqiString != null)
             return pqiString;
         HexDumpEncoder enc = new HexDumpEncoder();
-        StringBuilder sb = new StringBuilder();
+        pqiString = "PolicyQualifierInfo: [\n" +
-        sb.append("PolicyQualifierInfo: [\n");
+                "  qualifierID: " + mId + "\n" +
-        sb.append("  qualifierID: " + mId + "\n");
+                "  qualifier: " +
-        sb.append("  qualifier: " +
+                (mData == null ? "null" : enc.encodeBuffer(mData)) + "\n" +
-            (mData == null ? "null" : enc.encodeBuffer(mData)) + "\n");
+                "]";
-        sb.append("]");
-        pqiString = sb.toString();
         return pqiString;
     }
 }

src/java.base/share/classes/java/security/cert/URICertStoreParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@ public final class URICertStoreParameters implements CertStoreParameters {
     private final URI uri;
 
     /*
-     * Hash code for this parameters.
+     * Hash code for this parameters object.
      */
     private int myhash = -1;
 
@@ -103,7 +103,7 @@ public final class URICertStoreParameters implements CertStoreParameters {
      * Returns a hash code value for this parameters object.
      * The hash code is generated using the URI supplied at construction.
      *
-     * @return a hash code value for this parameters.
+     * @return a hash code value for this parameters object.
      */
     @Override
     public int hashCode() {
@@ -118,7 +118,7 @@ public final class URICertStoreParameters implements CertStoreParameters {
      * Two URICertStoreParameters are considered equal if the URIs used
      * to construct them are equal.
      *
-     * @param p the object to test for equality with this parameters.
+     * @param p the object to test for equality with this parameters object.
      *
      * @return true if the specified object is equal to this parameters object.
      */

src/java.base/share/classes/java/security/cert/X509CRL.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,18 +25,15 @@
 
 package java.security.cert;
 
-import java.security.*;
+import sun.security.util.SignatureUtil;
-import java.security.spec.*;
+import sun.security.x509.X509CRLImpl;
 
 import javax.security.auth.x500.X500Principal;
-
 import java.math.BigInteger;
+import java.security.*;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.Set;
-import java.util.Arrays;
-
-import sun.security.x509.X509CRLImpl;
-import sun.security.util.SignatureUtil;
 
 /**
  * <p>
@@ -257,7 +254,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
         byte[] tbsCRL = getTBSCertList();
         sig.update(tbsCRL, 0, tbsCRL.length);
 
-        if (sig.verify(getSignature()) == false) {
+        if (!sig.verify(getSignature())) {
             throw new SignatureException("Signature does not match.");
         }
     }
@@ -390,7 +387,7 @@ public abstract class X509CRL extends CRL implements X509Extension {
     public X509CRLEntry getRevokedCertificate(X509Certificate certificate) {
         X500Principal certIssuer = certificate.getIssuerX500Principal();
         X500Principal crlIssuer = getIssuerX500Principal();
-        if (certIssuer.equals(crlIssuer) == false) {
+        if (!certIssuer.equals(crlIssuer)) {
             return null;
         }
         return getRevokedCertificate(certificate.getSerialNumber());

src/java.base/share/classes/java/security/cert/X509Certificate.java

@@ -25,16 +25,15 @@
 
 package java.security.cert;
 
+import sun.security.util.SignatureUtil;
+import sun.security.x509.X509CertImpl;
+
+import javax.security.auth.x500.X500Principal;
 import java.math.BigInteger;
 import java.security.*;
-import java.security.spec.*;
 import java.util.Collection;
 import java.util.Date;
 import java.util.List;
-import javax.security.auth.x500.X500Principal;
-
-import sun.security.x509.X509CertImpl;
-import sun.security.util.SignatureUtil;
 
 /**
  * <p>
@@ -708,7 +707,7 @@ implements X509Extension {
         byte[] tbsCert = getTBSCertificate();
         sig.update(tbsCert, 0, tbsCert.length);
 
-        if (sig.verify(getSignature()) == false) {
+        if (!sig.verify(getSignature())) {
             throw new SignatureException("Signature does not match.");
         }
     }

src/java.base/share/classes/java/security/cert/X509Extension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -76,7 +76,7 @@ public interface X509Extension {
      * @return {@code true} if a critical extension is found that is
      * not supported, otherwise {@code false}.
      */
-    public boolean hasUnsupportedCriticalExtension();
+    boolean hasUnsupportedCriticalExtension();
 
     /**
      * Gets a Set of the OID strings for the extension(s) marked
@@ -105,7 +105,7 @@ public interface X509Extension {
      * If there are no extensions present at all, then this method returns
      * null.
      */
-    public Set<String> getCriticalExtensionOIDs();
+    Set<String> getCriticalExtensionOIDs();
 
     /**
      * Gets a Set of the OID strings for the extension(s) marked
@@ -142,7 +142,7 @@ public interface X509Extension {
      * If there are no extensions present at all, then this method returns
      * null.
      */
-    public Set<String> getNonCriticalExtensionOIDs();
+    Set<String> getNonCriticalExtensionOIDs();
 
     /**
      * Gets the DER-encoded OCTET string for the extension value
@@ -188,5 +188,5 @@ public interface X509Extension {
      * @return the DER-encoded octet string of the extension value or
      * null if it is not present.
      */
-    public byte[] getExtensionValue(String oid);
+    byte[] getExtensionValue(String oid);
 }

src/java.base/share/classes/java/security/interfaces/DSAKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,5 +47,5 @@ public interface DSAKey {
      *
      * @see DSAParams
      */
-    public DSAParams getParams();
+    DSAParams getParams();
 }

src/java.base/share/classes/java/security/interfaces/DSAKeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,8 +88,7 @@ public interface DSAKeyPairGenerator {
      * @throws    InvalidParameterException if the {@code params}
      * value is invalid, null, or unsupported.
      */
-   public void initialize(DSAParams params, SecureRandom random)
+   void initialize(DSAParams params, SecureRandom random);
-   throws InvalidParameterException;
 
     /**
      * Initializes the key pair generator for a given modulus length
@@ -109,13 +108,12 @@ public interface DSAKeyPairGenerator {
      * @param random the random bit source to use to generate key bits;
      * can be null.
      *
-     * @param genParams whether or not to generate new parameters for
+     * @param genParams whether to generate new parameters for
      * the modulus length requested.
      *
      * @throws    InvalidParameterException if {@code modlen} is
      * invalid, or unsupported, or if {@code genParams} is false and there
      * are no precomputed parameters for the requested modulus length.
      */
-    public void initialize(int modlen, boolean genParams, SecureRandom random)
+    void initialize(int modlen, boolean genParams, SecureRandom random);
-    throws InvalidParameterException;
 }

src/java.base/share/classes/java/security/interfaces/DSAParams.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,19 +47,19 @@ public interface DSAParams {
      *
      * @return the prime, {@code p}.
      */
-    public BigInteger getP();
+    BigInteger getP();
 
     /**
      * Returns the subprime, {@code q}.
      *
      * @return the subprime, {@code q}.
      */
-    public BigInteger getQ();
+    BigInteger getQ();
 
     /**
      * Returns the base, {@code g}.
      *
      * @return the base, {@code g}.
      */
-    public BigInteger getG();
+    BigInteger getG();
 }

src/java.base/share/classes/java/security/interfaces/DSAPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,12 +54,12 @@ public interface DSAPrivateKey extends DSAKey, java.security.PrivateKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 7776497482533790279L;
+   long serialVersionUID = 7776497482533790279L;
 
     /**
      * Returns the value of the private key, {@code x}.
      *
      * @return the value of the private key, {@code x}.
      */
-    public BigInteger getX();
+    BigInteger getX();
 }

src/java.base/share/classes/java/security/interfaces/DSAPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,12 +54,12 @@ public interface DSAPublicKey extends DSAKey, java.security.PublicKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 1234526332779022332L;
+   long serialVersionUID = 1234526332779022332L;
 
     /**
      * Returns the value of the public key, {@code y}.
      *
      * @return the value of the public key, {@code y}.
      */
-    public BigInteger getY();
+    BigInteger getY();
 }

src/java.base/share/classes/java/security/interfaces/ECPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,7 @@ public interface ECPrivateKey extends PrivateKey, ECKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = -7896394956925609184L;
+   long serialVersionUID = -7896394956925609184L;
 
     /**
      * Returns the private value S.

src/java.base/share/classes/java/security/interfaces/ECPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,7 @@ public interface ECPublicKey extends PublicKey, ECKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = -3314988629879632826L;
+   long serialVersionUID = -3314988629879632826L;
 
     /**
      * Returns the public point W.

src/java.base/share/classes/java/security/interfaces/RSAKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,7 @@ public interface RSAKey {
      *
      * @return the modulus
      */
-    public BigInteger getModulus();
+    BigInteger getModulus();
 
     /**
      * Returns the parameters associated with this key.

src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,49 +57,49 @@ public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 618058533534628008L;
+    long serialVersionUID = 618058533534628008L;
 
     /**
      * Returns the public exponent.
      *
      * @return the public exponent.
      */
-    public BigInteger getPublicExponent();
+    BigInteger getPublicExponent();
 
     /**
      * Returns the primeP.
      *
      * @return the primeP.
      */
-    public BigInteger getPrimeP();
+    BigInteger getPrimeP();
 
     /**
      * Returns the primeQ.
      *
      * @return the primeQ.
      */
-    public BigInteger getPrimeQ();
+    BigInteger getPrimeQ();
 
     /**
      * Returns the primeExponentP.
      *
      * @return the primeExponentP.
      */
-    public BigInteger getPrimeExponentP();
+    BigInteger getPrimeExponentP();
 
     /**
      * Returns the primeExponentQ.
      *
      * @return the primeExponentQ.
      */
-    public BigInteger getPrimeExponentQ();
+    BigInteger getPrimeExponentQ();
 
     /**
      * Returns the crtCoefficient.
      *
      * @return the crtCoefficient.
      */
-    public BigInteger getCrtCoefficient();
+    BigInteger getCrtCoefficient();
 
     /**
      * Returns the otherPrimeInfo or null if there are only
@@ -107,5 +107,5 @@ public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey {
      *
      * @return the otherPrimeInfo.
      */
-    public RSAOtherPrimeInfo[] getOtherPrimeInfo();
+    RSAOtherPrimeInfo[] getOtherPrimeInfo();
 }

src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,47 +52,47 @@ public interface RSAPrivateCrtKey extends RSAPrivateKey {
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = -5682214253527700368L;
+    long serialVersionUID = -5682214253527700368L;
 
     /**
      * Returns the public exponent.
      *
      * @return the public exponent
      */
-    public BigInteger getPublicExponent();
+    BigInteger getPublicExponent();
 
     /**
      * Returns the primeP.
      *
      * @return the primeP
      */
-    public BigInteger getPrimeP();
+    BigInteger getPrimeP();
 
     /**
      * Returns the primeQ.
      *
      * @return the primeQ
      */
-    public BigInteger getPrimeQ();
+    BigInteger getPrimeQ();
 
     /**
      * Returns the primeExponentP.
      *
      * @return the primeExponentP
      */
-    public BigInteger getPrimeExponentP();
+    BigInteger getPrimeExponentP();
 
     /**
      * Returns the primeExponentQ.
      *
      * @return the primeExponentQ
      */
-    public BigInteger getPrimeExponentQ();
+    BigInteger getPrimeExponentQ();
 
     /**
      * Returns the crtCoefficient.
      *
      * @return the crtCoefficient
      */
-    public BigInteger getCrtCoefficient();
+    BigInteger getCrtCoefficient();
 }

src/java.base/share/classes/java/security/interfaces/RSAPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,12 +51,12 @@ public interface RSAPrivateKey extends java.security.PrivateKey, RSAKey
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = 5187144804936595022L;
+    long serialVersionUID = 5187144804936595022L;
 
     /**
      * Returns the private exponent.
      *
      * @return the private exponent
      */
-    public BigInteger getPrivateExponent();
+    BigInteger getPrivateExponent();
 }

src/java.base/share/classes/java/security/interfaces/RSAPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,12 +48,12 @@ public interface RSAPublicKey extends java.security.PublicKey, RSAKey
     @Deprecated
     @SuppressWarnings("serial")
     @java.io.Serial
-    static final long serialVersionUID = -8727434096241101194L;
+    long serialVersionUID = -8727434096241101194L;
 
     /**
      * Returns the public exponent.
      *
      * @return the public exponent
      */
-    public BigInteger getPublicExponent();
+    BigInteger getPublicExponent();
 }

src/java.base/share/classes/java/security/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,7 @@
  * provider-based.  The class itself defines a programming interface
  * to which applications may write.  The implementations themselves may
  * then be written by independent third-party vendors and plugged
- * in seamlessly as needed.  Therefore application developers may
+ * in seamlessly as needed.  Therefore, application developers may
  * take advantage of any number of provider-based implementations
  * without having to add or rewrite code.
  *

src/java.base/share/classes/java/security/spec/DSAPrivateKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,10 +44,10 @@ import java.math.BigInteger;
 
 public class DSAPrivateKeySpec implements KeySpec {
 
-    private BigInteger x;
+    private final BigInteger x;
-    private BigInteger p;
+    private final BigInteger p;
-    private BigInteger q;
+    private final BigInteger q;
-    private BigInteger g;
+    private final BigInteger g;
 
     /**
      * Creates a new DSAPrivateKeySpec with the specified parameter values.

src/java.base/share/classes/java/security/spec/DSAPublicKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,10 +44,10 @@ import java.math.BigInteger;
 
 public class DSAPublicKeySpec implements KeySpec {
 
-    private BigInteger y;
+    private final BigInteger y;
-    private BigInteger p;
+    private final BigInteger p;
-    private BigInteger q;
+    private final BigInteger q;
-    private BigInteger g;
+    private final BigInteger g;
 
     /**
      * Creates a new DSAPublicKeySpec with the specified parameter values.

src/java.base/share/classes/java/security/spec/ECField.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,9 +24,6 @@
  */
 package java.security.spec;
 
-import java.math.BigInteger;
-import java.util.Arrays;
-
 /**
  * This interface represents an elliptic curve (EC) finite field.
  * All specialized EC fields must implements this interface.

src/java.base/share/classes/java/security/spec/ECFieldF2m.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,8 @@ import java.util.Arrays;
  */
 public class ECFieldF2m implements ECField {
 
-    private int m;
+    private final int m;
-    private int[] ks;
+    private final int[] ks;
     private BigInteger rp;
 
     /**

src/java.base/share/classes/java/security/spec/ECFieldFp.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 package java.security.spec;
 
 import java.math.BigInteger;
-import java.util.Arrays;
 
 /**
  * This immutable class defines an elliptic curve (EC) prime
@@ -39,7 +38,7 @@ import java.util.Arrays;
  */
 public class ECFieldFp implements ECField {
 
-    private BigInteger p;
+    private final BigInteger p;
 
     /**
      * Creates an elliptic curve prime finite field
@@ -63,7 +62,7 @@ public class ECFieldFp implements ECField {
      */
     public int getFieldSize() {
         return p.bitLength();
-    };
+    }
 
     /**
      * Returns the prime {@code p} of this prime finite field.

src/java.base/share/classes/java/security/spec/ECPrivateKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,8 @@ import java.math.BigInteger;
  */
 public class ECPrivateKeySpec implements KeySpec {
 
-    private BigInteger s;
+    private final BigInteger s;
-    private ECParameterSpec params;
+    private final ECParameterSpec params;
 
     /**
      * Creates a new ECPrivateKeySpec with the specified

src/java.base/share/classes/java/security/spec/ECPublicKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,8 +38,8 @@ package java.security.spec;
  */
 public class ECPublicKeySpec implements KeySpec {
 
-    private ECPoint w;
+    private final ECPoint w;
-    private ECParameterSpec params;
+    private final ECParameterSpec params;
 
     /**
      * Creates a new ECPublicKeySpec with the specified

src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@ public class EdDSAParameterSpec implements AlgorithmParameterSpec {
      * Construct an {@code EdDSAParameterSpec} by specifying whether the prehash mode
      * is used. No context is provided so this constructor specifies a mode
      * in which the context is null. Note that this mode may be different
-     * than the mode in which an empty array is used as the context.
+     * from the mode in which an empty array is used as the context.
      *
      * @param prehash whether the prehash mode is specified.
      */

src/java.base/share/classes/java/security/spec/EllipticCurve.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package java.security.spec;
 
 import java.math.BigInteger;
-import java.util.Arrays;
 
 /**
  * This immutable class holds the necessary values needed to represent

src/java.base/share/classes/java/security/spec/EncodedKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package java.security.spec;
 
-import jdk.internal.access.JavaSecuritySpecAccess;
 import jdk.internal.access.SharedSecrets;
 
 import java.util.Arrays;
@@ -47,20 +46,15 @@ import java.util.Arrays;
 
 public abstract class EncodedKeySpec implements KeySpec {
 
-    private byte[] encodedKey;
+    private final byte[] encodedKey;
     private String algorithmName;
 
     static {
         SharedSecrets.setJavaSecuritySpecAccess(
-                new JavaSecuritySpecAccess() {
+                EncodedKeySpec::clear);
-                    @Override
-                    public void clearEncodedKeySpec(EncodedKeySpec keySpec) {
-                        keySpec.clear();
-                    }
-                });
     }
 
-                    /**
+    /**
      * Creates a new {@code EncodedKeySpec} with the given encoded key.
      *
      * @param encodedKey the encoded key. The contents of the

src/java.base/share/classes/java/security/spec/NamedParameterSpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@ public class NamedParameterSpec implements AlgorithmParameterSpec {
     public static final NamedParameterSpec ED448
         = new NamedParameterSpec("Ed448");
 
-    private String name;
+    private final String name;
 
     /**
      * Creates a parameter specification using a standard (or predefined)

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java

@@ -225,12 +225,10 @@ public class PSSParameterSpec implements AlgorithmParameterSpec {
 
     @Override
     public String toString() {
-        StringBuilder sb = new StringBuilder("PSSParameterSpec[");
+        return "PSSParameterSpec[" + "hashAlgorithm=" + mdName + ", " +
-        sb.append("hashAlgorithm=" + mdName + ", ")
+                "maskGenAlgorithm=" + mgfSpec + ", " +
-                .append("maskGenAlgorithm=" + mgfSpec + ", ")
+                "saltLength=" + saltLen + ", " +
-                .append("saltLength=" + saltLen + ", ")
+                "trailerField=" + trailerField +
-                .append("trailerField=" + trailerField)
+                ']';
-                .append(']');
-        return sb.toString();
     }
 }

src/java.base/share/classes/java/security/spec/RSAKeyGenParameterSpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package java.security.spec;
 
 import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
 
 /**
  * This class specifies the set of parameters used to generate an RSA
@@ -41,9 +40,9 @@ import java.security.spec.AlgorithmParameterSpec;
 
 public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec {
 
-    private int keysize;
+    private final int keysize;
-    private BigInteger publicExponent;
+    private final BigInteger publicExponent;
-    private AlgorithmParameterSpec keyParams;
+    private final AlgorithmParameterSpec keyParams;
 
     /**
      * The public-exponent value F0 = 3.

src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,7 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec {
     *                        specified if there are only two prime factors
     *                        (p and q)
     * @throws NullPointerException     if any of the specified parameters
-    *         with the exception of {@code otherPrimeInfo} is null
+    *         except {@code otherPrimeInfo} is null
     * @throws IllegalArgumentException if an empty, i.e. 0-length,
     *         {@code otherPrimeInfo} is specified
     */
@@ -118,7 +118,7 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec {
     *                         (p and q)
     * @param keyParams        the parameters associated with key
     * @throws NullPointerException     if any of the specified parameters
-    *         with the exception of {@code otherPrimeInfo} and {@code keyParams}
+    *         except {@code otherPrimeInfo} and {@code keyParams}
     *         is null
     * @throws IllegalArgumentException if an empty, i.e. 0-length,
     *         {@code otherPrimeInfo} is specified

src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,9 +53,9 @@ import java.math.BigInteger;
 
 public class RSAOtherPrimeInfo {
 
-    private BigInteger prime;
+    private final BigInteger prime;
-    private BigInteger primeExponent;
+    private final BigInteger primeExponent;
-    private BigInteger crtCoefficient;
+    private final BigInteger crtCoefficient;
 
 
    /**