Merge

.hgtags

@@ -41,3 +41,5 @@ dfd8506f74c3731bb169ce93c72612d78ee0413b jdk7-b63
 d22867c5f1b295a0a2b3b4bc8999a2676f6e20c3 jdk7-b64
 7d3bf00f3cc4f8125de1842521e7567f37dc84b8 jdk7-b65
 62109d1b9e7310f29ab51ca6f1d71b899c0ce6b0 jdk7-b66
+eb24af1404aec8aa140c4cd4d13d2839b150dd41 jdk7-b67
+bca2225b66d78c4bf4d9801f54cac7715a598650 jdk7-b68

.hgtags-top-repo

@@ -41,3 +41,5 @@ c7ed15ab92ce36a09d264a5e34025884b2d7607f jdk7-b62
 269c1ec4435dfb7b452ae6e3bdde005d55c5c830 jdk7-b64
 e01380cd1de4ce048b87d059d238e5ab5e341947 jdk7-b65
 6bad5e3fe50337d95b1416d744780d65bc570da6 jdk7-b66
+c4523c6f82048f420bf0d57c4cd47976753b7d2c jdk7-b67
+e1b972ff53cd58f825791f8ed9b2deffd16e768c jdk7-b68

corba/.hgtags

@@ -41,3 +41,5 @@ d20e45cd539f20405ff843652069cfd7550c5ab3 jdk7-b63
 047dd27fddb607f8135296b3754131f6e13cb8c7 jdk7-b64
 97fd9b42f5c2d342b90d18f0a2b57e4117e39415 jdk7-b65
 a821e059a961bcb02830280d51f6dd030425c066 jdk7-b66
+a12ea7c7b497b4ba7830550095ef633bd6f43971 jdk7-b67
+5182bcc9c60cac429d1f7988676cec7320752be3 jdk7-b68

corba/make/Makefile

@@ -110,7 +110,7 @@ BOOTSTRAP_TARGET_LEVEL = 5
 ifdef TARGET_CLASS_VERSION
     TARGET_LEVEL = $(TARGET_CLASS_VERSION)
 else
-    TARGET_LEVEL = 6
+    TARGET_LEVEL = 7
 endif
 
 ifndef TARGET_JAVA

corba/make/common/shared/Defs-java.gmk

@@ -107,12 +107,12 @@ endif
 NO_PROPRIETARY_API_WARNINGS = -XDignore.symbol.file=true
 JAVACFLAGS  += $(NO_PROPRIETARY_API_WARNINGS)
 
-# Add the source level (currently all source is 1.5, should this be 1.6?)
+# Add the source level
-LANGUAGE_VERSION = -source 1.5
+LANGUAGE_VERSION = -source 7
 JAVACFLAGS  += $(LANGUAGE_VERSION)
 
-# Add the class version we want (currently this is 5, should it be 6 or even 7?)
+# Add the class version we want
-TARGET_CLASS_VERSION = 5
+TARGET_CLASS_VERSION = 7
 CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
 JAVACFLAGS  += $(CLASS_VERSION)
 JAVACFLAGS  += -encoding ascii

hotspot/.hgtags

@@ -41,3 +41,6 @@ a88386380bdaaa5ab4ffbedf22c57bac5dbec034 jdk7-b62
 ba36394eb84b949b31212bdb32a518a8f92bab5b jdk7-b64
 ba313800759b678979434d6da8ed3bf49eb8bea4 jdk7-b65
 57c71ad0341b8b64ed20f81151eb7f06324f8894 jdk7-b66
+18f526145aea355a9320b724373386fc2170f183 jdk7-b67
+d07e68298d4e17ebf93d8299e43fcc3ded26472a jdk7-b68
+54fd4d9232969ea6cd3d236e5ad276183bb0d423 jdk7-b69

hotspot/make/hotspot_version

@@ -35,7 +35,7 @@ HOTSPOT_VM_COPYRIGHT=Copyright 2009
 
 HS_MAJOR_VER=16
 HS_MINOR_VER=0
-HS_BUILD_NUMBER=07
+HS_BUILD_NUMBER=08
 
 JDK_MAJOR_VER=1
 JDK_MINOR_VER=7

jaxp/.hgtags

@@ -41,3 +41,5 @@ ae449e9c04c1fe651bd30f0f4d4cc24ba794e0c4 jdk7-b63
 a10eec7a1edf536f39b5828d8623054dbc62c2b7 jdk7-b64
 008c662e0ee9a91aebb75e46b97de979083d5c1c jdk7-b65
 22f9d5d5b5fe0f47048f41e6c6e54fee5edad0ec jdk7-b66
+a033af8d824a408d3ac602205ecdefc128749e1e jdk7-b67
+83b2a9331383f9db7a49350d4cb13b7635f6b861 jdk7-b68

jaxp/make/build.properties

@@ -30,8 +30,8 @@
 # one of the standard user build.properties files (see build.xml)
 
 # options for the <javac> tasks used to compile the tools
-javac.source = 5
+javac.source = 7
-javac.target = 5
+javac.target = 7
 javac.debug = true
 javac.no.jdk.warnings = -XDignore.symbol.file=true
 # set the following to -version to verify the versions of javac being used

jaxws/.hgtags

@@ -41,3 +41,5 @@ b8a6e883c0a6708f6d818815040525d472262495 jdk7-b63
 aaa25dfd3de68c6f1a1d3ef8c45fd99f76bca6dd jdk7-b64
 aa22a1be5866a6608ba17a7a443945559409ae0f jdk7-b65
 fa8712c099edd5c9a6b3ed9729353738004d388f jdk7-b66
+faa13cd4d6cdcfb155da5ed23b0da6e0ed0f9ea8 jdk7-b67
+845fa487f0f72a9f232ead8315c0087a477a5a31 jdk7-b68

jaxws/make/build.properties

@@ -30,8 +30,8 @@
 # one of the standard user build.properties files (see build.xml)
 
 # options for the <javac> tasks used to compile the tools
-javac.source = 5
+javac.source = 7
-javac.target = 5
+javac.target = 7
 javac.debug = true
 javac.no.jdk.warnings = -XDignore.symbol.file=true
 # set the following to -version to verify the versions of javac being used

jdk/.hgtags

@@ -41,3 +41,5 @@ f72c0dc047b9b2e797beee68ae0b50decb1f020d jdk7-b61
 a50217eb3ee10b9f9547e0708e5c9625405083ef jdk7-b64
 382a27aa78d3236fa123c60577797a887fe93e09 jdk7-b65
 bd31b30a5b21f20e42965b1633f18a5c7946d398 jdk7-b66
+a952aafd5181af953b0ef3010dbd2fcc28460e8a jdk7-b67
+b23d905cb5d3b382295240d28ab0bfb266b4503c jdk7-b68

jdk/make/com/sun/crypto/provider/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -45,54 +45,49 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
-# files stored in the closed workspace that are not shipped in the
+# the closed workspace that are not shipped in the OpenJDK workspaces.
-# OpenJDK workspaces.  We still build the JDK files here to verify the
+# We still build the JDK files here to verify the files compile, and in
-# files compile, and in preparation for possible signing and
+# preparation for possible signing.  Developers working on JCE in JDK
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
+# must sign the JCE files before testing.  The JCE signing key is kept
-# before testing: obfuscation is optional during development.  The JCE
+# separate from the JDK workspace to prevent its disclosure.
-# signing key is kept separate from the JDK workspace to prevent its
+# 
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
-#
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and then the resulting jar files MUST BE
+# be built and signed, and the resulting jar files MUST BE CHECKED INTO
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
-# not be reflected in the shipped binaries.  The "release" target should be
+# reflected in the shipped binaries.  The "release" target should be
 # used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
+#     all/clobber/clean        The usual.
-#				    If OpenJDK, installs sunjce_provider.jar.
+#                                  If OpenJDK, installs sunjce_provider.jar.
-#				    If JDK, installs prebuilt
+#                                  If JDK, installs prebuilt
-#				    sunjce_provider.jar.
+#                                      sunjce_provider.jar.
 #
-#     jar			Builds/installs sunjce_provider.jar
+#     jar                      Builds/installs sunjce_provider.jar
-#				    If OpenJDK, does not sign.
+#                                  If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunjce_provider.jar
+#     build-jar                Builds sunjce_provider.jar
-#				    (does not sign/install)
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
+#     sign                     Alias for sign-jar
-#	  sign-jar		Builds/signs sunjce_provider.jar (no install)
+#         sign-jar             Builds/signs sunjce_provider.jar (no install)
 #
-#     obfus			Builds/obfuscates/signs sunjce_provider.jar
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     release			Builds all targets in preparation
+#     install-prebuilt         Installs the pre-built jar files
-#				for workspace integration.
-#
-#     install-prebuilt		Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -103,7 +98,7 @@ PRODUCT = sun
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -158,8 +153,8 @@ endif # OPENJDK
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
+# done in the unsigned area.  When files are signed in JDK, they will be
-# they will be placed in the appropriate areas.
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -223,61 +218,15 @@ $(SIGNED_DIR)/sunjce_provider.jar:
 endif
 	$(call sign-file, $(UNSIGNED_DIR)/sunjce_provider.jar)
 
-# =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
-#
-
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/sunjce
-
-CLOSED_DIR = $(BUILDDIR)/closed/com/sun/crypto/provider
-
-obfus: $(OBFUS_DIR)/sunjce_provider.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/sunjce_provider.jar: build-jar $(JCE_MANIFEST_FILE) \
-	    $(OBFUS_DIR)/sunjce.dox
-else
-$(OBFUS_DIR)/sunjce_provider.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/sunjce.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating SunJCE Provider..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv sunjce.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \
-	    -C $(OBFUS_DIR)/build com \
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/sunjce.dox: $(CLOSED_DIR)/obfus/sunjce.dox
-	@$(ECHO) ">>>Creating sunjce.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-TARGET_CLASS_VERSION = 5
-
 
 # =====================================================
-# Create the Release Engineering files.  Obfuscated builds, etc.
+# Create the Release Engineering files.  Signed builds, etc.
 #
 
-release: $(OBFUS_DIR)/sunjce_provider.jar
+release: $(SIGNED_DIR)/sunjce_provider.jar
 	$(RM) $(JCE_BUILD_DIR)/release/sunjce_provider.jar
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release
-	$(CP) $(OBFUS_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
 	$(release-warning)
 
 endif # OPENJDK
@@ -319,5 +268,5 @@ clobber clean::
 
 .PHONY: build-jar jar install-jar
 ifndef OPENJDK
-.PHONY: sign sign-jar obfus release install-prebuilt
+.PHONY: sign sign-jar release install-prebuilt
 endif

jdk/make/common/shared/Defs-control.gmk

@@ -92,9 +92,9 @@ ABS_TEMP_DIR = $(ABS_OUTPUTDIR)/tmp
 dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
 
 # The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=5
+SOURCE_LANGUAGE_VERSION=7
 # The class version we want for this jdk build
-TARGET_CLASS_VERSION=5
+TARGET_CLASS_VERSION=7
 
 # The MESSAGE, WARNING and ERROR files are used to store sanity check and 
 # source check messages, warnings and errors. 

jdk/make/common/shared/Defs-java.gmk

@@ -122,13 +122,13 @@ ifeq ($(JAVAC_WARNINGS_FATAL), true)
   JAVACFLAGS  += -Werror
 endif
 
-# Add the source level (currently all source is 1.5, should this be 1.6?)
+# Add the source level
-SOURCE_LANGUAGE_VERSION = 5
+SOURCE_LANGUAGE_VERSION = 7
 LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
 JAVACFLAGS  += $(LANGUAGE_VERSION)
 
-# Add the class version we want (currently this is 5, should it be 6 or even 7?)
+# Add the class version we want
-TARGET_CLASS_VERSION = 5
+TARGET_CLASS_VERSION = 7
 CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
 JAVACFLAGS  += $(CLASS_VERSION)
 JAVACFLAGS  += -encoding ascii

jdk/make/java/dyn/Makefile

@@ -33,8 +33,8 @@ AUTO_FILES_JAVA_DIRS = java/dyn sun/dyn
 
 # The sources built here use new language syntax to generate
 # method handle calls.  Let's be sure we are using that format.
-#LANGUAGE_VERSION = -source 7
+LANGUAGE_VERSION = -source 7
-#CLASS_VERSION = -target 7
+CLASS_VERSION = -target 7
 
 # Actually, it will be less disruptive to compile with the same
 # -target option as the rest of the system, and just turn on

jdk/make/javax/crypto/Defs-jce.gmk

@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,7 @@ SIGNING_PASSPHRASE = $(SIGNING_KEY_DIR)/passphrase.txt
 SIGNING_ALIAS      = jce_rsa
 
 #
-# Defines for signing/obfuscating the various jar files.
+# Defines for signing the various jar files.
 #
 
 define presign
@@ -100,19 +100,4 @@ define sign-file
 	$(sign-target)
 endef
 
-#
-# Location for the Obfuscation product.  JDK currently has
-# the requirement that we obfuscate our JCE jars.
-#
-OBFUSCATOR = /security/tools/bin/obfus
-OBFUS_DIR = $(TEMPDIR)/obfus
-
-define preobfus
-    @if [ ! -f $(OBFUSCATOR) ]; then \
-	$(ECHO) "\n$(OBFUSCATOR): Obfuscator *NOT* available..." \
-	    $(README-MAKEFILE_WARNING); \
-	exit 2; \
-    fi
-endef
-
 endif  # !OPENJDK

jdk/make/javax/crypto/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,64 +44,65 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
-# files stored in the closed workspace that are not shipped in the
+# the closed workspace that are not shipped in the OpenJDK workspaces.
-# OpenJDK workspaces.  We still build the JDK files here to verify the
+# We still build the JDK files here to verify the files compile, and in
-# files compile, and in preparation for possible signing and
+# preparation for possible signing.  Developers working on JCE in JDK
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
+# must sign the JCE files before testing.  The JCE signing key is kept
-# before testing: obfuscation is optional during development.  The JCE
+# separate from the JDK workspace to prevent its disclosure.
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
 #
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and the resulting jar files *MUST BE
+# be built and signed, and the resulting jar files *MUST BE CHECKED INTO
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
-# not be reflected in the shipped binaries.  The "release" target should
+# reflected in the shipped binaries.  The "release" target should be
-# be used to generate the required files.
+# used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
+#     all/clobber/clean        The usual.
-#				    If OpenJDK, installs
+#                                  If OpenJDK: builds/installs the
-#					jce.jar/limited policy files.
+#                                      jce.jar/limited policy files.
-#				    If JDK, installs prebuilt
+#                                  If JDK: builds but does not install.
-#					jce.jar/limited policy files.
+#                                     During full tops-down builds,
+#                                     prebuilt/presigned jce.jar &
+#                                     limited policy files are copied
+#                                     in by make/java/redist/Makefile.
+#                                     If you are working in this directory
+#                                     and want to install the prebuilts,
+#                                     use the "install-prebuilt" target.
 #
-#     jar			Builds/installs jce.jar
+#     jar                      Builds/installs jce.jar
-#				    If OpenJDK, does not sign
+#                                  If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#                                  If JDK, tries to sign
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds jce.jar (does not sign/install)
+#     build-jar                Builds jce.jar (does not sign/install)
 #
-#     build-policy		Builds policy files (does not sign/install)
+#     build-policy             Builds policy files (does not sign/install)
 #
-#     install-jar		Alias for "jar" above
+#     install-jar              Alias for "jar" above
 #
-#     install-limited		Builds/installs limited policy files
+#     install-limited          Builds/installs limited policy files
-#				    If OpenJDK, does not sign
+#                                  If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#                                  If JDK, tries to sign
-#     install-unlimited		Builds/nstalls unlimited policy files
+#     install-unlimited        Builds/nstalls unlimited policy files
-#				    If OpenJDK, does not sign
+#                                  If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#                                  If JDK, tries to sign
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar and sign-policy
+#     sign                     Alias for sign-jar and sign-policy
-#	  sign-jar		Builds/signs jce.jar file (no install)
+#          sign-jar            Builds/signs jce.jar file (no install)
-#	  sign-policy		Builds/signs policy files (no install)
+#          sign-policy         Builds/signs policy files (no install)
 #
-#     obfus			Builds/obfuscates/signs jce.jar
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     release			Builds all targets in preparation
+#     install-prebuilt         Installs the pre-built jar files
-#				for workspace integration.
-#
-#     install-prebuilt		Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -112,7 +113,7 @@ PRODUCT = sun
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -169,8 +170,8 @@ endif # OPENJDK
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
+# done in the unsigned area.  When files are signed in JDK, they will be
-# they will be placed in the appropriate areas.
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -178,7 +179,7 @@ include Defs-jce.gmk
 
 
 # =====================================================
-# Build the unsigned jce.jar file.  Signing/obfuscation comes later.
+# Build the unsigned jce.jar file.  Signing comes later.
 #
 
 JAR_DESTFILE = $(LIBDIR)/jce.jar
@@ -363,68 +364,13 @@ $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar:		\
 
 
 # =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
+# Create the Release Engineering files.  Signed builds,
-#
-
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/jce
-
-CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
-
-obfus: $(OBFUS_DIR)/jce.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-else
-#
-# We have to remove the build dependency, otherwise, we'll try to rebuild it
-# which we can't do on a read-only filesystem.
-#
-$(OBFUS_DIR)/jce.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating JCE framework..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv framework.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	@#
-	@# The sun.security.internal classes are currently not obfuscated
-	@# due to an obfus problem. Manually copy them to the build directory
-	@# so that they are included in the jce.jar file.
-	@#
-	$(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@	\
-	    -C $(OBFUS_DIR)/build javax			\
-	    -C $(OBFUS_DIR)/build sun			\
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/framework.dox: $(CLOSED_DIR)/obfus/framework.dox
-	@$(ECHO) ">>>Creating framework.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files.  Obfuscated builds,
 # unlimited policy file distribution, etc.
 #
 
-release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
+CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
+
+release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
          $(CLOSED_DIR)/doc/README.txt
 	$(RM) -r \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy              \
@@ -433,7 +379,7 @@ release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
 	    $(JCE_BUILD_DIR)/release/local_policy.jar                \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
-	$(CP) $(OBFUS_DIR)/jce.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release
 	$(CP) \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar   \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar       \
@@ -529,5 +475,5 @@ clobber clean::
 .PHONY: build-jar jar build-policy unlimited limited install-jar \
 	install-limited install-unlimited
 ifndef OPENJDK
-.PHONY: sign sign-jar sign-policy obfus release install-prebuilt
+.PHONY: sign sign-jar sign-policy release install-prebuilt
 endif

jdk/make/sun/security/mscapi/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
+#     all/clobber/clean        The usual, plus the native libraries.
-#				    If OpenJDK, installs sunmscapi.jar.
+#                                  If OpenJDK, installs sunmscapi.jar.
-#				    If JDK, installs prebuilt
+#                                  If JDK, installs prebuilt
-#				    sunmscapi.jar.
+#                                      sunmscapi.jar.
 #
-#     jar			Builds/installs sunmscapi.jar
+#     jar                      Builds/installs sunmscapi.jar
-#				    If OpenJDK, does not sign.
+#                                  If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunmscapi.jar
+#     build-jar                Builds sunmscapi.jar
-#				    (does not sign/install)
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
+#     sign                     Alias for sign-jar
-#	  sign-jar		Builds/signs sunmscapi.jar (no install)
+#          sign-jar            Builds/signs sunmscapi.jar (no install)
 #
-#     release			Builds all targets in preparation
+#     release                  Builds all targets in preparation
-#				for workspace integration.
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #

jdk/make/sun/security/pkcs11/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
+#     all/clobber/clean        The usual, plus the native libraries.
-#				    If OpenJDK, installs sunpkcs11.jar.
+#                                  If OpenJDK, installs sunpkcs11.jar.
-#				    If JDK, installs prebuilt
+#                                  If JDK, installs prebuilt
-#				    sunpkcs11.jar.
+#                                      sunpkcs11.jar.
 #
-#     jar			Builds/installs sunpkcs11.jar
+#     jar                      Builds/installs sunpkcs11.jar
-#				    If OpenJDK, does not sign.
+#                                  If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunpkcs11.jar
+#     build-jar                Builds sunpkcs11.jar
-#				    (does not sign/install)
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
+#     sign                     Alias for sign-jar
-#	  sign-jar		Builds/signs sunpkcs11.jar (no install)
+#          sign-jar            Builds/signs sunpkcs11.jar (no install)
 #
-#     release			Builds all targets in preparation
+#     release                  Builds all targets in preparation
-#				for workspace integration.
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #

jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@ public final class AESCipher extends CipherSpi {
     /**
      * Creates an instance of AES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE);
     }
 

jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,16 +48,9 @@ public final class AESKeyGenerator extends KeyGeneratorSpi {
     private int keySize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public AESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,12 +65,8 @@ public final class AESWrapCipher extends CipherSpi {
     /**
      * Creates an instance of AES KeyWrap cipher with default
      * mode, i.e. "ECB" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new AESCrypt();
     }
 

jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,6 @@ public final class ARCFOURCipher extends CipherSpi {
 
     // called by the JCE framework
     public ARCFOURCipher() {
-        SunJCE.ensureIntegrity(getClass());
         S = new int[256];
     }
 

jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,12 +60,8 @@ public final class BlowfishCipher extends CipherSpi {
     /**
      * Creates an instance of Blowfish cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public BlowfishCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new BlowfishCrypt(),
                               BlowfishConstants.BLOWFISH_BLOCK_SIZE);
     }

jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class BlowfishKeyGenerator extends KeyGeneratorSpi {
     private int keysize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public BlowfishKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@ public final class DESCipher extends CipherSpi {
     /**
      * Creates an instance of DES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 

jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,17 +42,11 @@ import java.security.spec.InvalidKeySpecException;
 public final class DESKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DESKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
+
     /**
      * Generates a <code>SecretKey</code> object from the provided key
      * specification (key material).

jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class DESKeyGenerator extends KeyGeneratorSpi {
     private SecureRandom random = null;
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,8 @@ public final class DESedeCipher extends CipherSpi {
     /**
      * Creates an instance of DESede cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESedeCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESedeCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 

jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,16 +42,9 @@ import java.security.spec.InvalidKeySpecException;
 public final class DESedeKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DESedeKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,16 +47,9 @@ public final class DESedeKeyGenerator extends KeyGeneratorSpi {
     private int keysize = 168;
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DESedeKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,12 +74,8 @@ public final class DESedeWrapCipher extends CipherSpi {
     /**
      * Creates an instance of CMS DESede KeyWrap cipher with default
      * mode, i.e. "CBC" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity.
      */
     public DESedeWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new CipherBlockChaining(new DESedeCrypt());
     }
 

jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,16 +58,9 @@ extends KeyAgreementSpi {
     private BigInteger y = BigInteger.ZERO;
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DHKeyAgreement() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@ import javax.crypto.spec.DHParameterSpec;
 public final class DHKeyFactory extends KeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public DHKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,7 +241,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA256 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA256() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-256", 64);
         }
         private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
@@ -278,7 +277,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA384 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA384() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-384", 128);
         }
         private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
@@ -315,7 +313,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA512 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA512() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-512", 128);
         }
         private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {

jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@ public final class HmacMD5 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacMD5 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacMD5() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         hmac = new HmacCore(MessageDigest.getInstance("MD5"),
                             MD5_BLOCK_LENGTH);
     }

jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class HmacMD5KeyGenerator extends KeyGeneratorSpi {
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacMD5KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,13 +48,8 @@ public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
-        SunJCE.ensureIntegrity(this.getClass());
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }

jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@ public final class HmacSHA1 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacSHA1() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }

jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class HmacSHA1KeyGenerator extends KeyGeneratorSpi {
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacSHA1KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/JarVerifier.java

@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package com.sun.crypto.provider;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
-    private static final boolean debug = false;
-
-    /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
-     */
-    static boolean verify(final Class c) {
-        return true;
-    }
-}

jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA256KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA256KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA256", 256);
         }
         protected void engineInit(SecureRandom random) {
@@ -131,7 +130,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA384KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA384KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA384", 384);
         }
         protected void engineInit(SecureRandom random) {
@@ -153,7 +151,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA512KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA512KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA512", 512);
         }
         protected void engineInit(SecureRandom random) {
@@ -175,7 +172,6 @@ final class KeyGeneratorCore {
     public static final class RC2KeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public RC2KeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("RC2", 128);
         }
         protected void engineInit(SecureRandom random) {
@@ -201,7 +197,6 @@ final class KeyGeneratorCore {
     public static final class ARCFOURKeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public ARCFOURKeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("ARCFOUR", 128);
         }
         protected void engineInit(SecureRandom random) {

jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
     private static HashSet<String> validTypes;
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Simple constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     private PBEKeyFactory(String keytype) {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         type = keytype;
     }
 

jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,16 +55,9 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         core = new PBECipherCore("DES");
     }
 

jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,23 +61,14 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
      * Creates an instance of this cipher, and initializes its mode (CBC) and
      * padding (PKCS5).
      *
-     * Verify the SunJCE provider in the constructor.
-     *
      * @exception NoSuchAlgorithmException if the required cipher mode (CBC) is
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndTripleDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-
         // set the encapsulated cipher to do triple DES
         core = new PBECipherCore("DESede");
     }

jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,16 +45,9 @@ import javax.crypto.spec.SecretKeySpec;
 public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
+     * Empty constructor
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public PBKDF2HmacSHA1Factory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -370,7 +370,6 @@ final class PKCS12PBECipherCore {
     public static final class PBEWithSHA1AndDESede extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndDESede() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("DESede", 24);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
@@ -446,7 +445,6 @@ final class PKCS12PBECipherCore {
     public static final class PBEWithSHA1AndRC2_40 extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndRC2_40() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("RC2", 5);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)

jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@ public final class RC2Cipher extends CipherSpi {
     private final RC2Crypt embeddedCipher;
 
     public RC2Cipher() {
-        SunJCE.ensureIntegrity(getClass());
         embeddedCipher = new RC2Crypt();
         core = new CipherCore(embeddedCipher, 8);
     }

jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,6 @@ public final class RSACipher extends CipherSpi {
     private String oaepHashAlgorithm = "SHA-1";
 
     public RSACipher() {
-        SunJCE.ensureIntegrity(getClass());
         paddingType = PAD_PKCS1;
     }
 

jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -226,9 +226,6 @@ final class SslMacCore {
 
         static final byte[] md5Pad1 = genPad((byte)0x36, 48);
         static final byte[] md5Pad2 = genPad((byte)0x5c, 48);
-        static {
-            SunJCE.ensureIntegrity(SslMacMD5.class);
-        }
     }
 
     // nested static class for the SslMacMD5 implementation
@@ -262,9 +259,6 @@ final class SslMacCore {
 
         static final byte[] shaPad1 = genPad((byte)0x36, 40);
         static final byte[] shaPad2 = genPad((byte)0x5c, 40);
-        static {
-            SunJCE.ensureIntegrity(SslMacSHA1.class);
-        }
     }
 
 }

jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -93,10 +93,6 @@ public final class SunJCE extends Provider {
 
     static final SecureRandom RANDOM = new SecureRandom();
 
-    // After the SunJCE passed self-integrity checking,
-    // verifiedSelfIntegrity will be set to true.
-    private static boolean verifiedSelfIntegrity = false;
-
     public SunJCE() {
         /* We are the "SunJCE" provider */
         super("SunJCE", 1.7d, info);
@@ -441,21 +437,4 @@ public final class SunJCE extends Provider {
             }
         });
     }
-
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void ensureIntegrity(Class c) {
-        if (verifySelfIntegrity(c) == false) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-    }
-
-    static final boolean verifySelfIntegrity(Class c) {
-        if (verifiedSelfIntegrity) {
-            return true;
-        }
-        return (integrityVerified = JarVerifier.verify(c));
-    }
 }

jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,6 @@ public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
     private int protocolVersion;
 
     public TlsKeyMaterialGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,6 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
     private int protocolVersion;
 
     public TlsMasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@ public final class TlsPrfGenerator extends KeyGeneratorSpi {
     private TlsPrfParameterSpec spec;
 
     public TlsPrfGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,6 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
     private SecureRandom random;
 
     public TlsRsaPremasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

jdk/src/share/classes/com/sun/jndi/ldap/Filter.java

@@ -93,9 +93,7 @@ final class Filter {
 
         int filtOffset[] = new int[1];
 
-        for (filtOffset[0] = filterStart;
+        for (filtOffset[0] = filterStart; filtOffset[0] < filterEnd;) {
-             filtOffset[0] < filterEnd;
-             filtOffset[0]++) {
             switch (filter[filtOffset[0]]) {
             case '(':
                 filtOffset[0]++;
@@ -104,18 +102,21 @@ final class Filter {
                 case '&':
                     encodeComplexFilter(ber, filter,
                         LDAP_FILTER_AND, filtOffset, filterEnd);
+                    // filtOffset[0] has pointed to char after right paren
                     parens--;
                     break;
 
                 case '|':
                     encodeComplexFilter(ber, filter,
                         LDAP_FILTER_OR, filtOffset, filterEnd);
+                    // filtOffset[0] has pointed to char after right paren
                     parens--;
                     break;
 
                 case '!':
                     encodeComplexFilter(ber, filter,
                         LDAP_FILTER_NOT, filtOffset, filterEnd);
+                    // filtOffset[0] has pointed to char after right paren
                     parens--;
                     break;
 
@@ -143,8 +144,8 @@ final class Filter {
 
                     encodeSimpleFilter(ber, filter, filtOffset[0], nextOffset);
 
-                    // points to right parens; for loop will increment beyond parens
+                    // points to the char after right paren.
-                    filtOffset[0] = nextOffset;
+                    filtOffset[0] = nextOffset + 1;
 
                     parens--;
                     break;
@@ -170,9 +171,14 @@ final class Filter {
                 filtOffset[0] = filterEnd; // force break from outer
                 break;
             }
+
+            if (parens < 0) {
+                throw new InvalidSearchFilterException(
+                                                "Unbalanced parenthesis");
+            }
         }
 
-        if (parens > 0) {
+        if (parens != 0) {
             throw new InvalidSearchFilterException("Unbalanced parenthesis");
         }
 

jdk/src/share/classes/java/lang/Character.java

@@ -2784,8 +2784,13 @@ class Character extends Object implements java.io.Serializable, Comparable<Chara
      * @since  1.5
      */
     public static int toCodePoint(char high, char low) {
-        return ((high - MIN_HIGH_SURROGATE) << 10)
+        // Optimized form of:
-            + (low - MIN_LOW_SURROGATE) + MIN_SUPPLEMENTARY_CODE_POINT;
+        // return ((high - MIN_HIGH_SURROGATE) << 10)
+        //         + (low - MIN_LOW_SURROGATE)
+        //         + MIN_SUPPLEMENTARY_CODE_POINT;
+        return ((high << 10) + low) + (MIN_SUPPLEMENTARY_CODE_POINT
+                                       - (MIN_HIGH_SURROGATE << 10)
+                                       - MIN_LOW_SURROGATE);
     }
 
     /**
@@ -3071,9 +3076,10 @@ class Character extends Object implements java.io.Serializable, Comparable<Chara
     }
 
     static void toSurrogates(int codePoint, char[] dst, int index) {
-        int offset = codePoint - MIN_SUPPLEMENTARY_CODE_POINT;
+        // We write elements "backwards" to guarantee all-or-nothing
-        dst[index+1] = (char)((offset & 0x3ff) + MIN_LOW_SURROGATE);
+        dst[index+1] = (char)((codePoint & 0x3ff) + MIN_LOW_SURROGATE);
-        dst[index] = (char)((offset >>> 10) + MIN_HIGH_SURROGATE);
+        dst[index] = (char)((codePoint >>> 10)
+            + (MIN_HIGH_SURROGATE - (MIN_SUPPLEMENTARY_CODE_POINT >>> 10)));
     }
 
     /**

jdk/src/share/classes/java/lang/ClassNotFoundException.java

@@ -50,7 +50,7 @@ package java.lang;
  * @see     java.lang.ClassLoader#loadClass(java.lang.String, boolean)
  * @since   JDK1.0
  */
-public class ClassNotFoundException extends Exception {
+public class ClassNotFoundException extends ReflectiveOperationException {
     /**
      * use serialVersionUID from JDK 1.1.X for interoperability
      */

jdk/src/share/classes/java/lang/Double.java

@@ -529,6 +529,7 @@ public final class Double extends Number implements Comparable<Double> {
      * @param  s   the string to be parsed.
      * @return the {@code double} value represented by the string
      *         argument.
+     * @throws NullPointerException  if the string is null
      * @throws NumberFormatException if the string does not contain
      *         a parsable {@code double}.
      * @see    java.lang.Double#valueOf(String)

jdk/src/share/classes/java/lang/Float.java

@@ -438,12 +438,13 @@ public final class Float extends Number implements Comparable<Float> {
      * represented by the specified {@code String}, as performed
      * by the {@code valueOf} method of class {@code Float}.
      *
-     * @param      s   the string to be parsed.
+     * @param  s the string to be parsed.
      * @return the {@code float} value represented by the string
      *         argument.
-     * @throws  NumberFormatException  if the string does not contain a
+     * @throws NullPointerException  if the string is null
+     * @throws NumberFormatException if the string does not contain a
      *               parsable {@code float}.
-     * @see        java.lang.Float#valueOf(String)
+     * @see    java.lang.Float#valueOf(String)
      * @since 1.2
      */
     public static float parseFloat(String s) throws NumberFormatException {

jdk/src/share/classes/java/lang/IllegalAccessException.java

@@ -56,7 +56,7 @@ package java.lang;
  * @see     java.lang.reflect.Constructor#newInstance(Object[])
  * @since   JDK1.0
  */
-public class IllegalAccessException extends Exception {
+public class IllegalAccessException extends ReflectiveOperationException {
     private static final long serialVersionUID = 6616958222490762034L;
 
     /**

jdk/src/share/classes/java/lang/InstantiationException.java

@@ -43,7 +43,7 @@ package java.lang;
  * @since   JDK1.0
  */
 public
-class InstantiationException extends Exception {
+class InstantiationException extends ReflectiveOperationException {
     private static final long serialVersionUID = -8441929162975509110L;
 
     /**

jdk/src/share/classes/java/lang/NoSuchFieldException.java

@@ -31,7 +31,7 @@ package java.lang;
  * @author  unascribed
  * @since   JDK1.1
  */
-public class NoSuchFieldException extends Exception {
+public class NoSuchFieldException extends ReflectiveOperationException {
     private static final long serialVersionUID = -6143714805279938260L;
 
     /**

jdk/src/share/classes/java/lang/NoSuchMethodException.java

@@ -32,7 +32,7 @@ package java.lang;
  * @since      JDK1.0
  */
 public
-class NoSuchMethodException extends Exception {
+class NoSuchMethodException extends ReflectiveOperationException {
     private static final long serialVersionUID = 5034388446362600923L;
 
     /**

jdk/src/share/classes/java/lang/ReflectiveOperationException.java

@@ -0,0 +1,91 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package java.lang;
+
+/**
+ * Common superclass of exceptions thrown by reflective operations in
+ * core reflection.
+ *
+ * @see LinkageError
+ * @since 1.7
+ */
+public class ReflectiveOperationException extends Exception {
+    static final long serialVersionUID = 123456789L;
+
+    /**
+     * Constructs a new exception with {@code null} as its detail
+     * message.  The cause is not initialized, and may subsequently be
+     * initialized by a call to {@link #initCause}.
+     */
+    public ReflectiveOperationException() {
+        super();
+    }
+
+    /**
+     * Constructs a new exception with the specified detail message.
+     * The cause is not initialized, and may subsequently be
+     * initialized by a call to {@link #initCause}.
+     *
+     * @param   message   the detail message. The detail message is saved for
+     *          later retrieval by the {@link #getMessage()} method.
+     */
+    public ReflectiveOperationException(String message) {
+        super(message);
+    }
+
+    /**
+     * Constructs a new exception with the specified detail message
+     * and cause.
+     *
+     * <p>Note that the detail message associated with
+     * {@code cause} is <em>not</em> automatically incorporated in
+     * this exception's detail message.
+     *
+     * @param  message the detail message (which is saved for later retrieval
+     *         by the {@link #getMessage()} method).
+     * @param  cause the cause (which is saved for later retrieval by the
+     *         {@link #getCause()} method).  (A {@code null} value is
+     *         permitted, and indicates that the cause is nonexistent or
+     *         unknown.)
+     */
+    public ReflectiveOperationException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Constructs a new exception with the specified cause and a detail
+     * message of {@code (cause==null ? null : cause.toString())} (which
+     * typically contains the class and detail message of {@code cause}).
+     *
+     * @param  cause the cause (which is saved for later retrieval by the
+     *         {@link #getCause()} method).  (A {@code null} value is
+     *         permitted, and indicates that the cause is nonexistent or
+     *         unknown.)
+     */
+    public ReflectiveOperationException(Throwable cause) {
+        super(cause);
+    }
+}

jdk/src/share/classes/java/lang/reflect/InvocationTargetException.java

@@ -39,7 +39,7 @@ package java.lang.reflect;
  * @see Method
  * @see Constructor
  */
-public class InvocationTargetException extends Exception {
+public class InvocationTargetException extends ReflectiveOperationException {
     /**
      * Use serialVersionUID from JDK 1.1.X for interoperability
      */

jdk/src/share/classes/java/security/cert/CertPathHelperImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@ class CertPathHelperImpl extends CertPathHelper {
     /**
      * Initialize the helper framework. This method must be called from
      * the static initializer of each class that is the target of one of
-     * the methods in this class. This ensures that the helper if initialized
+     * the methods in this class. This ensures that the helper is initialized
      * prior to a tunneled call from the Sun provider.
      */
     synchronized static void initialize() {
@@ -59,4 +59,8 @@ class CertPathHelperImpl extends CertPathHelper {
             Set<GeneralNameInterface> names) {
         sel.setPathToNamesInternal(names);
     }
+
+    protected void implSetDateAndTime(X509CRLSelector sel, Date date, long skew) {
+        sel.setDateAndTime(date, skew);
+    }
 }

jdk/src/share/classes/java/security/cert/X509CRLSelector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,6 +72,10 @@ import sun.security.x509.X500Name;
  */
 public class X509CRLSelector implements CRLSelector {
 
+    static {
+        CertPathHelperImpl.initialize();
+    }
+
     private static final Debug debug = Debug.getInstance("certpath");
     private HashSet<Object> issuerNames;
     private HashSet<X500Principal> issuerX500Principals;
@@ -79,6 +83,7 @@ public class X509CRLSelector implements CRLSelector {
     private BigInteger maxCRL;
     private Date dateAndTime;
     private X509Certificate certChecking;
+    private long skew = 0;
 
     /**
      * Creates an <code>X509CRLSelector</code>. Initially, no criteria are set
@@ -417,7 +422,18 @@ public class X509CRLSelector implements CRLSelector {
         if (dateAndTime == null)
             this.dateAndTime = null;
         else
-            this.dateAndTime = (Date) dateAndTime.clone();
+            this.dateAndTime = new Date(dateAndTime.getTime());
+        this.skew = 0;
+    }
+
+    /**
+     * Sets the dateAndTime criterion and allows for the specified clock skew
+     * (in milliseconds) when checking against the validity period of the CRL.
+     */
+    void setDateAndTime(Date dateAndTime, long skew) {
+        this.dateAndTime =
+            (dateAndTime == null ? null : new Date(dateAndTime.getTime()));
+        this.skew = skew;
     }
 
     /**
@@ -657,8 +673,14 @@ public class X509CRLSelector implements CRLSelector {
                 }
                 return false;
             }
-            if (crlThisUpdate.after(dateAndTime)
+            Date nowPlusSkew = dateAndTime;
-                  || nextUpdate.before(dateAndTime)) {
+            Date nowMinusSkew = dateAndTime;
+            if (skew > 0) {
+                nowPlusSkew = new Date(dateAndTime.getTime() + skew);
+                nowMinusSkew = new Date(dateAndTime.getTime() - skew);
+            }
+            if (nowMinusSkew.after(nextUpdate)
+                || nowPlusSkew.before(crlThisUpdate)) {
                 if (debug != null) {
                     debug.println("X509CRLSelector.match: update out of range");
                 }

jdk/src/share/classes/java/util/logging/LogManager.java

@@ -338,7 +338,7 @@ public class LogManager {
     // already been created with the given name it is returned.
     // Otherwise a new logger instance is created and registered
     // in the LogManager global namespace.
-    synchronized Logger demandLogger(String name) {
+    Logger demandLogger(String name) {
         Logger result = getLogger(name);
         if (result == null) {
             result = new Logger(name, null);

jdk/src/share/classes/javax/crypto/JarVerifier.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,7 @@ package javax.crypto;
 import java.io.*;
 import java.net.*;
 import java.security.*;
-import java.util.*;
 import java.util.jar.*;
-import javax.crypto.CryptoPolicyParser.ParsingException;
 
 /**
  * This class verifies JAR files (and any supporting JAR files), and
@@ -134,17 +132,6 @@ final class JarVerifier {
         }
     }
 
-    /**
-     * Verify that the provided JarEntry was indeed signed by the
-     * framework signing certificate.
-     *
-     * @param je the URL of the jar entry to be checked.
-     * @throws Exception if the jar entry was not signed by
-     *          the proper certificate
-     */
-    static void verifyFrameworkSigned(URL je) throws Exception {
-    }
-
     /**
      * Verify that the provided certs include the
      * framework signing certificate.

jdk/src/share/classes/javax/crypto/JceSecurity.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.crypto;
 
-import java.lang.ref.*;
 import java.util.*;
 import java.util.jar.*;
 import java.io.*;
@@ -256,11 +255,6 @@ final class JceSecurity {
                                 ("Cannot locate policy or framework files!");
         }
 
-        // Enforce the signer restraint, i.e. signer of JCE framework
-        // jar should also be the signer of the two jurisdiction policy
-        // jar files.
-        JarVerifier.verifyFrameworkSigned(jceCipherURL);
-
         // Read jurisdiction policies.
         CryptoPermissions defaultExport = new CryptoPermissions();
         CryptoPermissions exemptExport = new CryptoPermissions();

jdk/src/share/classes/javax/swing/JFileChooser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -739,6 +739,11 @@ public class JFileChooser extends JComponent implements Accessible {
 
         dialog.show();
         firePropertyChange("JFileChooserDialogIsClosingProperty", dialog, null);
+
+        // Remove all components from dialog. The MetalFileChooserUI.installUI() method (and other LAFs)
+        // registers AWT listener for dialogs and produces memory leaks. It happens when
+        // installUI invoked after the showDialog method.
+        dialog.getContentPane().removeAll();
         dialog.dispose();
         dialog = null;
         return returnValue;

jdk/src/share/classes/javax/swing/JInternalFrame.java

@@ -26,13 +26,10 @@
 package javax.swing;
 
 import java.awt.*;
-import java.awt.event.*;
 
 import java.beans.PropertyVetoException;
 import java.beans.PropertyChangeEvent;
-import java.util.EventListener;
 
-import javax.swing.border.Border;
 import javax.swing.event.InternalFrameEvent;
 import javax.swing.event.InternalFrameListener;
 import javax.swing.plaf.*;
@@ -40,7 +37,6 @@ import javax.swing.plaf.*;
 import javax.accessibility.*;
 
 import java.io.ObjectOutputStream;
-import java.io.ObjectInputStream;
 import java.io.IOException;
 import java.lang.StringBuilder;
 import java.beans.PropertyChangeListener;
@@ -1459,19 +1455,22 @@ public class JInternalFrame extends JComponent implements
             SwingUtilities2.compositeRequestFocus(getDesktopIcon());
         }
         else {
-            // FocusPropertyChangeListener will eventually update
+            Component component = KeyboardFocusManager.getCurrentKeyboardFocusManager().getPermanentFocusOwner();
-            // lastFocusOwner. As focus requests are asynchronous
+            if ((component == null) || !SwingUtilities.isDescendingFrom(component, this)) {
-            // lastFocusOwner may be accessed before it has been correctly
+                // FocusPropertyChangeListener will eventually update
-            // updated. To avoid any problems, lastFocusOwner is immediately
+                // lastFocusOwner. As focus requests are asynchronous
-            // set, assuming the request will succeed.
+                // lastFocusOwner may be accessed before it has been correctly
-            lastFocusOwner = getMostRecentFocusOwner();
+                // updated. To avoid any problems, lastFocusOwner is immediately
-            if (lastFocusOwner == null) {
+                // set, assuming the request will succeed.
-                // Make sure focus is restored somewhere, so that
+                setLastFocusOwner(getMostRecentFocusOwner());
-                // we don't leave a focused component in another frame while
+                if (lastFocusOwner == null) {
-                // this frame is selected.
+                    // Make sure focus is restored somewhere, so that
-                lastFocusOwner = getContentPane();
+                    // we don't leave a focused component in another frame while
+                    // this frame is selected.
+                    setLastFocusOwner(getContentPane());
+                }
+                lastFocusOwner.requestFocus();
             }
-            lastFocusOwner.requestFocus();
         }
     }
 

jdk/src/share/classes/javax/swing/plaf/basic/BasicDesktopIconUI.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,9 +32,6 @@ import javax.swing.event.*;
 import javax.swing.border.*;
 import javax.swing.plaf.*;
 import java.beans.*;
-import java.util.EventListener;
-import java.io.Serializable;
-
 
 /**
  * Basic L&F for a minimized window on a desktop.
@@ -47,7 +44,6 @@ public class BasicDesktopIconUI extends DesktopIconUI {
 
     protected JInternalFrame.JDesktopIcon desktopIcon;
     protected JInternalFrame frame;
-    private DesktopIconMover desktopIconMover;
 
     /**
      * The title pane component used in the desktop icon.
@@ -128,21 +124,12 @@ public class BasicDesktopIconUI extends DesktopIconUI {
         mouseInputListener = createMouseInputListener();
         desktopIcon.addMouseMotionListener(mouseInputListener);
         desktopIcon.addMouseListener(mouseInputListener);
-         getDesktopIconMover().installListeners();
     }
 
     protected void uninstallListeners() {
         desktopIcon.removeMouseMotionListener(mouseInputListener);
         desktopIcon.removeMouseListener(mouseInputListener);
         mouseInputListener = null;
-         getDesktopIconMover().uninstallListeners();
-    }
-
-    private DesktopIconMover getDesktopIconMover() {
-        if (desktopIconMover == null) {
-            desktopIconMover = new DesktopIconMover(desktopIcon);
-        }
-        return desktopIconMover;
     }
 
     protected void installDefaults() {

jdk/src/share/classes/javax/swing/plaf/basic/BasicDirectoryModel.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -232,6 +232,10 @@ public class BasicDirectoryModel extends AbstractListModel implements PropertyCh
         public void run0() {
             FileSystemView fileSystem = filechooser.getFileSystemView();
 
+            if (isInterrupted()) {
+                return;
+            }
+
             File[] list = fileSystem.getFiles(currentDirectory, filechooser.isFileHidingEnabled());
 
             if (isInterrupted()) {
@@ -268,8 +272,8 @@ public class BasicDirectoryModel extends AbstractListModel implements PropertyCh
 
             // To avoid loads of synchronizations with Invoker and improve performance we
             // execute the whole block on the COM thread
-            DoChangeContents doChangeContents = ShellFolder.getInvoker().invoke(new Callable<DoChangeContents>() {
+            DoChangeContents doChangeContents = ShellFolder.invoke(new Callable<DoChangeContents>() {
-                public DoChangeContents call() throws Exception {
+                public DoChangeContents call() {
                     int newSize = newFileCache.size();
                     int oldSize = fileCache.size();
 

jdk/src/share/classes/javax/swing/plaf/basic/BasicInternalFrameUI.java

@@ -27,16 +27,10 @@ package javax.swing.plaf.basic;
 
 import java.awt.*;
 import java.awt.event.*;
-import java.awt.peer.LightweightPeer;
-
 import javax.swing.*;
-import javax.swing.border.*;
 import javax.swing.plaf.*;
 import javax.swing.event.*;
-
 import java.beans.*;
-import java.io.Serializable;
-
 import sun.swing.DefaultLookup;
 import sun.swing.UIAction;
 
@@ -55,6 +49,7 @@ public class BasicInternalFrameUI extends InternalFrameUI
     protected MouseInputAdapter          borderListener;
     protected PropertyChangeListener     propertyChangeListener;
     protected LayoutManager              internalFrameLayout;
+    protected ComponentListener          componentListener;
     protected MouseInputListener         glassPaneDispatcher;
     private InternalFrameListener        internalFrameListener;
 
@@ -66,9 +61,9 @@ public class BasicInternalFrameUI extends InternalFrameUI
     protected BasicInternalFrameTitlePane titlePane; // access needs this
 
     private static DesktopManager sharedDesktopManager;
+    private boolean componentListenerAdded = false;
 
     private Rectangle parentBounds;
-    private DesktopIconMover desktopIconMover;
 
     private boolean dragging = false;
     private boolean resizing = false;
@@ -209,17 +204,14 @@ public class BasicInternalFrameUI extends InternalFrameUI
             frame.getGlassPane().addMouseListener(glassPaneDispatcher);
             frame.getGlassPane().addMouseMotionListener(glassPaneDispatcher);
         }
+        componentListener =  createComponentListener();
         if (frame.getParent() != null) {
           parentBounds = frame.getParent().getBounds();
         }
-        getDesktopIconMover().installListeners();
+        if ((frame.getParent() != null) && !componentListenerAdded) {
-    }
+            frame.getParent().addComponentListener(componentListener);
-
+            componentListenerAdded = true;
-    private DesktopIconMover getDesktopIconMover() {
-        if (desktopIconMover == null) {
-            desktopIconMover = new DesktopIconMover(frame);
         }
-        return desktopIconMover;
     }
 
     // Provide a FocusListener to listen for a WINDOW_LOST_FOCUS event,
@@ -290,7 +282,11 @@ public class BasicInternalFrameUI extends InternalFrameUI
      * @since 1.3
      */
     protected void uninstallListeners() {
-      getDesktopIconMover().uninstallListeners();
+        if ((frame.getParent() != null) && componentListenerAdded) {
+            frame.getParent().removeComponentListener(componentListener);
+            componentListenerAdded = false;
+        }
+        componentListener = null;
       if (glassPaneDispatcher != null) {
           frame.getGlassPane().removeMouseListener(glassPaneDispatcher);
           frame.getGlassPane().removeMouseMotionListener(glassPaneDispatcher);
@@ -1228,6 +1224,15 @@ public class BasicInternalFrameUI extends InternalFrameUI
                 }
             }
 
+            // Relocate the icon base on the new parent bounds.
+            if (icon != null) {
+                Rectangle iconBounds = icon.getBounds();
+                int y = iconBounds.y +
+                        (parentNewBounds.height - parentBounds.height);
+                icon.setBounds(iconBounds.x, y,
+                        iconBounds.width, iconBounds.height);
+            }
+
             // Update the new parent bounds for next resize.
             if (!parentBounds.equals(parentNewBounds)) {
                 parentBounds = parentNewBounds;
@@ -1399,6 +1404,9 @@ public class BasicInternalFrameUI extends InternalFrameUI
                     // Cancel a resize in progress if the internal frame
                     // gets a setClosed(true) or dispose().
                     cancelResize();
+                    if ((frame.getParent() != null) && componentListenerAdded) {
+                        frame.getParent().removeComponentListener(componentListener);
+                    }
                     closeFrame(f);
                 }
             } else if (JInternalFrame.IS_MAXIMUM_PROPERTY == prop) {
@@ -1431,6 +1439,10 @@ public class BasicInternalFrameUI extends InternalFrameUI
                 } else {
                     parentBounds = null;
                 }
+                if ((frame.getParent() != null) && !componentListenerAdded) {
+                    f.getParent().addComponentListener(componentListener);
+                    componentListenerAdded = true;
+                }
             } else if (JInternalFrame.TITLE_PROPERTY == prop ||
                     prop == "closable" || prop == "iconable" ||
                     prop == "maximizable") {

jdk/src/share/classes/javax/swing/plaf/basic/BasicScrollPaneUI.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,17 +37,12 @@ import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeEvent;
 
 import java.awt.Component;
-import java.awt.Container;
-import java.awt.LayoutManager;
 import java.awt.Rectangle;
 import java.awt.Dimension;
 import java.awt.Point;
 import java.awt.Insets;
 import java.awt.Graphics;
 import java.awt.event.*;
-import java.io.Serializable;
-import java.awt.Toolkit;
-import java.awt.ComponentOrientation;
 
 /**
  * A default L&F implementation of ScrollPaneUI.
@@ -63,6 +58,7 @@ public class BasicScrollPaneUI
     protected ChangeListener viewportChangeListener;
     protected PropertyChangeListener spPropertyChangeListener;
     private MouseWheelListener mouseScrollListener;
+    private int oldExtent = Integer.MIN_VALUE;
 
     /**
      * PropertyChangeListener installed on the vertical scrollbar.
@@ -327,9 +323,13 @@ public class BasicScrollPaneUI
                             * leave it until someone claims.
                             */
                             value = Math.max(0, Math.min(max - extent, max - extent - viewPosition.x));
+                            if (oldExtent > extent) {
+                                value -= oldExtent - extent;
+                            }
                         }
                     }
                 }
+                oldExtent = extent;
                 hsb.setValues(value, extent, 0, max);
             }
 
@@ -1020,7 +1020,7 @@ public class BasicScrollPaneUI
 
             if (viewport != null) {
                 if (e.getSource() == viewport) {
-                    viewportStateChanged(e);
+                    syncScrollPaneWithViewport();
                 }
                 else {
                     JScrollBar hsb = scrollpane.getHorizontalScrollBar();
@@ -1077,11 +1077,6 @@ public class BasicScrollPaneUI
             viewport.setViewPosition(p);
         }
 
-        private void viewportStateChanged(ChangeEvent e) {
-            syncScrollPaneWithViewport();
-        }
-
-
         //
         // PropertyChangeListener: This is installed on both the JScrollPane
         // and the horizontal/vertical scrollbars.

jdk/src/share/classes/javax/swing/plaf/basic/DesktopIconMover.java

@@ -1,168 +0,0 @@
-/*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package javax.swing.plaf.basic;
-
-import javax.swing.*;
-import java.awt.*;
-import java.awt.event.*;
-import java.beans.*;
-
-/**
- * DesktopIconMover is intended to move desktop icon
- * when parent window is resized.
- */
-class DesktopIconMover implements ComponentListener, PropertyChangeListener {
-    private Component parent;
-    private JInternalFrame frame; // if not null, DesktopIconMover(frame)
-                                  // constructor was used
-    private JInternalFrame.JDesktopIcon icon;
-    private Rectangle parentBounds;
-    private boolean componentListenerAdded = false;
-
-    public DesktopIconMover(JInternalFrame frame) {
-        if (frame == null) {
-            throw new NullPointerException("Frame cannot be null");
-        }
-        this.frame = frame;
-        this.icon = frame.getDesktopIcon();
-        if (icon == null) {
-            throw new NullPointerException(
-                    "frame.getDesktopIcon() cannot be null");
-        }
-        this.parent = frame.getParent();
-        if (this.parent != null) {
-            parentBounds = this.parent.getBounds();
-        }
-    }
-
-    public DesktopIconMover(JInternalFrame.JDesktopIcon icon) {
-        if (icon == null) {
-            throw new NullPointerException("Icon cannot be null");
-        }
-        this.icon = icon;
-        this.parent = icon.getParent();
-        if (this.parent != null) {
-            parentBounds = this.parent.getBounds();
-        }
-    }
-
-    public void installListeners() {
-        if (frame != null) {
-            frame.addPropertyChangeListener(this);
-        } else {
-            icon.addPropertyChangeListener(this);
-        }
-        addComponentListener();
-    }
-
-    public void uninstallListeners() {
-        if (frame != null) {
-            frame.removePropertyChangeListener(this);
-        } else {
-            icon.removePropertyChangeListener(this);
-        }
-        removeComponentListener();
-    }
-
-    public void propertyChange(PropertyChangeEvent evt) {
-        String propName = evt.getPropertyName();
-        if ("ancestor".equals(propName)) {
-            Component newAncestor = (Component) evt.getNewValue();
-
-            // Remove component listener if parent is changing
-            Component probablyNewParent = getCurrentParent();
-            if ((probablyNewParent != null) &&
-                    (!probablyNewParent.equals(parent))) {
-                removeComponentListener();
-                parent = probablyNewParent;
-            }
-
-            if (newAncestor == null) {
-                removeComponentListener();
-            } else {
-                addComponentListener();
-            }
-
-            // Update parentBounds
-            if (parent != null) {
-                parentBounds = parent.getBounds();
-            } else {
-                parentBounds = null;
-            }
-        } else if (JInternalFrame.IS_CLOSED_PROPERTY.equals(propName)) {
-            removeComponentListener();
-        }
-    }
-
-    private void addComponentListener() {
-        if (!componentListenerAdded && (parent != null)) {
-            parent.addComponentListener(this);
-            componentListenerAdded = true;
-        }
-    }
-
-    private void removeComponentListener() {
-        if ((parent != null) && componentListenerAdded) {
-            parent.removeComponentListener(this);
-            componentListenerAdded = false;
-        }
-    }
-
-    private Component getCurrentParent() {
-        if (frame != null) {
-            return frame.getParent();
-        } else {
-            return icon.getParent();
-        }
-    }
-
-    public void componentResized(ComponentEvent e) {
-        if ((parent == null) || (parentBounds == null)) {
-            return;
-        }
-
-        Rectangle parentNewBounds = parent.getBounds();
-        if ((parentNewBounds == null) || parentNewBounds.equals(parentBounds)) {
-            return;
-        }
-
-        // Move desktop icon only in up-down direction
-        int newIconY = icon.getLocation().y +
-                (parentNewBounds.height - parentBounds.height);
-        icon.setLocation(icon.getLocation().x, newIconY);
-
-        parentBounds = parentNewBounds;
-    }
-
-    public void componentMoved(ComponentEvent e) {
-    }
-
-    public void componentShown(ComponentEvent e) {
-    }
-
-    public void componentHidden(ComponentEvent e) {
-    }
-}

jdk/src/share/classes/javax/swing/plaf/nimbus/AbstractRegionPainter.java

@@ -227,10 +227,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      *
      * @param x an encoded x value (0...1, or 1...2, or 2...3)
      * @return the decoded x value
+     * @throws IllegalArgumentException
+     *      if {@code x < 0} or {@code x > 3}
      */
     protected final float decodeX(float x) {
-        if (ctx.canvasSize == null) return x;
-
         if (x >= 0 && x <= 1) {
             return x * leftWidth;
         } else if (x > 1 && x < 2) {
@@ -238,7 +238,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (x >= 2 && x <= 3) {
             return ((x-2) * rightWidth) + leftWidth + centerWidth;
         } else {
-            throw new AssertionError("Invalid x");
+            throw new IllegalArgumentException("Invalid x");
         }
     }
 
@@ -248,10 +248,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      *
      * @param y an encoded y value (0...1, or 1...2, or 2...3)
      * @return the decoded y value
+     * @throws IllegalArgumentException
+     *      if {@code y < 0} or {@code y > 3}
      */
     protected final float decodeY(float y) {
-        if (ctx.canvasSize == null) return y;
-
         if (y >= 0 && y <= 1) {
             return y * topHeight;
         } else if (y > 1 && y < 2) {
@@ -259,7 +259,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (y >= 2 && y <= 3) {
             return ((y-2) * bottomHeight) + topHeight + centerHeight;
         } else {
-            throw new AssertionError("Invalid y");
+            throw new IllegalArgumentException("Invalid y");
         }
     }
 
@@ -271,10 +271,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param x an encoded x value of the bezier control point (0...1, or 1...2, or 2...3)
      * @param dx the offset distance to the anchor from the control point x
      * @return the decoded x location of the control point
+     * @throws IllegalArgumentException
+     *      if {@code x < 0} or {@code x > 3}
      */
     protected final float decodeAnchorX(float x, float dx) {
-        if (ctx.canvasSize == null) return x + dx;
-
         if (x >= 0 && x <= 1) {
             return decodeX(x) + (dx * leftScale);
         } else if (x > 1 && x < 2) {
@@ -282,7 +282,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (x >= 2 && x <= 3) {
             return decodeX(x) + (dx * rightScale);
         } else {
-            throw new AssertionError("Invalid x");
+            throw new IllegalArgumentException("Invalid x");
         }
     }
 
@@ -294,10 +294,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param y an encoded y value of the bezier control point (0...1, or 1...2, or 2...3)
      * @param dy the offset distance to the anchor from the control point y
      * @return the decoded y position of the control point
+     * @throws IllegalArgumentException
+     *      if {@code y < 0} or {@code y > 3}
      */
     protected final float decodeAnchorY(float y, float dy) {
-        if (ctx.canvasSize == null) return y + dy;
-
         if (y >= 0 && y <= 1) {
             return decodeY(y) + (dy * topScale);
         } else if (y > 1 && y < 2) {
@@ -305,7 +305,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (y >= 2 && y <= 3) {
             return decodeY(y) + (dy * bottomScale);
         } else {
-            throw new AssertionError("Invalid y");
+            throw new IllegalArgumentException("Invalid y");
         }
     }
 
@@ -363,6 +363,15 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param midpoints
      * @param colors
      * @return a valid LinearGradientPaint. This method never returns null.
+     * @throws NullPointerException
+     *      if {@code midpoints} array is null,
+     *      or {@code colors} array is null,
+     * @throws IllegalArgumentException
+     *      if start and end points are the same points,
+     *      or {@code midpoints.length != colors.length},
+     *      or {@code colors} is less than 2 in size,
+     *      or a {@code midpoints} value is less than 0.0 or greater than 1.0,
+     *      or the {@code midpoints} are not provided in strictly increasing order
      */
     protected final LinearGradientPaint decodeGradient(float x1, float y1, float x2, float y2, float[] midpoints, Color[] colors) {
         if (x1 == x2 && y1 == y2) {
@@ -384,6 +393,15 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param midpoints
      * @param colors
      * @return a valid RadialGradientPaint. This method never returns null.
+     * @throws NullPointerException
+     *      if {@code midpoints} array is null,
+     *      or {@code colors} array is null
+     * @throws IllegalArgumentException
+     *      if {@code r} is non-positive,
+     *      or {@code midpoints.length != colors.length},
+     *      or {@code colors} is less than 2 in size,
+     *      or a {@code midpoints} value is less than 0.0 or greater than 1.0,
+     *      or the {@code midpoints} are not provided in strictly increasing order
      */
     protected final RadialGradientPaint decodeRadialGradient(float x, float y, float r, float[] midpoints, Color[] colors) {
         if (r == 0f) {
@@ -537,10 +555,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
             this.maxVerticalScaleFactor = maxV;
 
             if (canvasSize != null) {
-                a = insets.left;
+                a = stretchingInsets.left;
-                b = canvasSize.width - insets.right;
+                b = canvasSize.width - stretchingInsets.right;
-                c = insets.top;
+                c = stretchingInsets.top;
-                d = canvasSize.height - insets.bottom;
+                d = canvasSize.height - stretchingInsets.bottom;
                 this.canvasSize = canvasSize;
                 this.inverted = inverted;
                 if (inverted) {

jdk/src/share/classes/javax/swing/plaf/nimbus/NimbusIcon.java

@@ -84,6 +84,8 @@ class NimbusIcon extends SynthIcon {
                         translatex = 1;
                     }
                 }
+            } else if (c instanceof JMenu) {
+                flip = ! c.getComponentOrientation().isLeftToRight();
             }
             if (g instanceof Graphics2D){
                 Graphics2D gfx = (Graphics2D)g;

jdk/src/share/classes/javax/swing/text/GlyphView.java

@@ -719,8 +719,9 @@ public class GlyphView extends View implements TabableView, Cloneable {
             checkPainter();
             int p0 = getStartOffset();
             int p1 = painter.getBoundedPosition(this, p0, pos, len);
-            return ((p1 > p0) && (getBreakSpot(p0, p1) != BreakIterator.DONE)) ?
+            return p1 == p0 ? View.BadBreakWeight :
-                    View.ExcellentBreakWeight : View.BadBreakWeight;
+                   getBreakSpot(p0, p1) != BreakIterator.DONE ?
+                            View.ExcellentBreakWeight : View.GoodBreakWeight;
         }
         return super.getBreakWeight(axis, pos, len);
     }

jdk/src/share/classes/javax/swing/text/ParagraphView.java

@@ -174,23 +174,6 @@ public class ParagraphView extends FlowView implements TabExpander {
         return layoutPool.getView(index);
     }
 
-    /**
-     * Adjusts the given row if possible to fit within the
-     * layout span.  By default this will try to find the
-     * highest break weight possible nearest the end of
-     * the row.  If a forced break is encountered, the
-     * break will be positioned there.
-     * <p>
-     * This is meant for internal usage, and should not be used directly.
-     *
-     * @param r the row to adjust to the current layout
-     *          span
-     * @param desiredSpan the current layout span >= 0
-     * @param x the location r starts at
-     */
-    protected void adjustRow(Row r, int desiredSpan, int x) {
-    }
-
     /**
      * Returns the next visual position for the cursor, in
      * either the east or west direction.

jdk/src/share/classes/sun/awt/shell/ShellFolder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -289,8 +289,8 @@ public abstract class ShellFolder extends File {
 
         // To avoid loads of synchronizations with Invoker and improve performance we
         // synchronize the whole code of the sort method once
-        getInvoker().invoke(new Callable<Void>() {
+        invoke(new Callable<Void>() {
-            public Void call() throws Exception {
+            public Void call() {
                 // Check that we can use the ShellFolder.sortChildren() method:
                 //   1. All files have the same non-null parent
                 //   2. All files is ShellFolders
@@ -330,8 +330,8 @@ public abstract class ShellFolder extends File {
     public void sortChildren(final List<? extends File> files) {
         // To avoid loads of synchronizations with Invoker and improve performance we
         // synchronize the whole code of the sort method once
-        getInvoker().invoke(new Callable<Void>() {
+        invoke(new Callable<Void>() {
-            public Void call() throws Exception {
+            public Void call() {
                 Collections.sort(files, FILE_COMPARATOR);
 
                 return null;
@@ -501,18 +501,62 @@ public abstract class ShellFolder extends File {
         return invoker;
     }
 
+    /**
+     * Invokes the {@code task} which doesn't throw checked exceptions
+     * from its {@code call} method. If invokation is interrupted then Thread.currentThread().isInterrupted() will
+     * be set and result will be {@code null}
+     */
+    public static <T> T invoke(Callable<T> task) {
+        try {
+            return invoke(task, RuntimeException.class);
+        } catch (InterruptedException e) {
+            return null;
+        }
+    }
+
+    /**
+     * Invokes the {@code task} which throws checked exceptions from its {@code call} method.
+     * If invokation is interrupted then Thread.currentThread().isInterrupted() will
+     * be set and InterruptedException will be thrown as well.
+     */
+    public static <T, E extends Throwable> T invoke(Callable<T> task, Class<E> exceptionClass)
+            throws InterruptedException, E {
+        try {
+            return getInvoker().invoke(task);
+        } catch (Exception e) {
+            if (e instanceof RuntimeException) {
+                // Rethrow unchecked exceptions
+                throw (RuntimeException) e;
+            }
+
+            if (e instanceof InterruptedException) {
+                // Set isInterrupted flag for current thread
+                Thread.currentThread().interrupt();
+
+                // Rethrow InterruptedException
+                throw (InterruptedException) e;
+            }
+
+            if (exceptionClass.isInstance(e)) {
+                throw exceptionClass.cast(e);
+            }
+
+            throw new RuntimeException("Unexpected error", e);
+        }
+    }
+
     /**
      * Interface allowing to invoke tasks in different environments on different platforms.
      */
     public static interface Invoker {
         /**
-         * Invokes a callable task. If the {@code task} throws a checked exception,
+         * Invokes a callable task.
-         * it will be wrapped into a {@link RuntimeException}
          *
          * @param task a task to invoke
+         * @throws Exception {@code InterruptedException} or an exception that was thrown from the {@code task}
          * @return the result of {@code task}'s invokation
          */
-        <T> T invoke(Callable<T> task);
+        <T> T invoke(Callable<T> task) throws Exception;
     }
 
     /**

jdk/src/share/classes/sun/awt/shell/ShellFolderManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -108,12 +108,8 @@ class ShellFolderManager {
     }
 
     private static class DirectInvoker implements ShellFolder.Invoker {
-        public <T> T invoke(Callable<T> task) {
+        public <T> T invoke(Callable<T> task) throws Exception {
-            try {
+            return task.call();
-                return task.call();
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
         }
     }
 }

jdk/src/share/classes/sun/nio/cs/Surrogate.java

@@ -30,7 +30,6 @@ import java.nio.charset.CoderResult;
 import java.nio.charset.MalformedInputException;
 import java.nio.charset.UnmappableCharacterException;
 
-
 /**
  * Utility class for dealing with surrogates.
  *
@@ -41,19 +40,15 @@ public class Surrogate {
 
     private Surrogate() { }
 
-    // UTF-16 surrogate-character ranges
+    // TODO: Deprecate/remove the following redundant definitions
-    //
+    public static final char MIN_HIGH = Character.MIN_HIGH_SURROGATE;
-    public static final char MIN_HIGH = '\uD800';
+    public static final char MAX_HIGH = Character.MAX_HIGH_SURROGATE;
-    public static final char MAX_HIGH = '\uDBFF';
+    public static final char MIN_LOW  = Character.MIN_LOW_SURROGATE;
-    public static final char MIN_LOW  = '\uDC00';
+    public static final char MAX_LOW  = Character.MAX_LOW_SURROGATE;
-    public static final char MAX_LOW  = '\uDFFF';
+    public static final char MIN      = Character.MIN_SURROGATE;
-    public static final char MIN = MIN_HIGH;
+    public static final char MAX      = Character.MAX_SURROGATE;
-    public static final char MAX = MAX_LOW;
+    public static final int UCS4_MIN  = Character.MIN_SUPPLEMENTARY_CODE_POINT;
-
+    public static final int UCS4_MAX  = Character.MAX_CODE_POINT;
-    // Range of UCS-4 values that need surrogates in UTF-16
-    //
-    public static final int UCS4_MIN = 0x10000;
-    public static final int UCS4_MAX = (1 << 20) + UCS4_MIN - 1;
 
     /**
      * Tells whether or not the given UTF-16 value is a high surrogate.
@@ -76,36 +71,46 @@ public class Surrogate {
         return (MIN <= c) && (c <= MAX);
     }
 
+    /**
+     * Tells whether or not the given UCS-4 character is in the Basic
+     * Multilingual Plane, and can be represented using a single char.
+     */
+    public static boolean isBMP(int uc) {
+        return (int) (char) uc == uc;
+    }
+
     /**
      * Tells whether or not the given UCS-4 character must be represented as a
      * surrogate pair in UTF-16.
      */
     public static boolean neededFor(int uc) {
-        return (uc >= UCS4_MIN) && (uc <= UCS4_MAX);
+        return Character.isSupplementaryCodePoint(uc);
     }
 
     /**
      * Returns the high UTF-16 surrogate for the given UCS-4 character.
      */
     public static char high(int uc) {
-        assert neededFor(uc);
+        assert Character.isSupplementaryCodePoint(uc);
-        return (char)(0xd800 | (((uc - UCS4_MIN) >> 10) & 0x3ff));
+        return (char)((uc >> 10)
+                      + (Character.MIN_HIGH_SURROGATE
+                         - (Character.MIN_SUPPLEMENTARY_CODE_POINT >> 10)));
     }
 
     /**
      * Returns the low UTF-16 surrogate for the given UCS-4 character.
      */
     public static char low(int uc) {
-        assert neededFor(uc);
+        assert Character.isSupplementaryCodePoint(uc);
-        return (char)(0xdc00 | ((uc - UCS4_MIN) & 0x3ff));
+        return (char)((uc & 0x3ff) + Character.MIN_LOW_SURROGATE);
     }
 
     /**
      * Converts the given surrogate pair into a 32-bit UCS-4 character.
      */
     public static int toUCS4(char c, char d) {
-        assert isHigh(c) && isLow(d);
+        assert Character.isHighSurrogate(c) && Character.isLowSurrogate(d);
-        return (((c & 0x3ff) << 10) | (d & 0x3ff)) + 0x10000;
+        return Character.toCodePoint(c, d);
     }
 
     /**
@@ -178,14 +183,14 @@ public class Surrogate {
          *           object
          */
         public int parse(char c, CharBuffer in) {
-            if (Surrogate.isHigh(c)) {
+            if (Character.isHighSurrogate(c)) {
                 if (!in.hasRemaining()) {
                     error = CoderResult.UNDERFLOW;
                     return -1;
                 }
                 char d = in.get();
-                if (Surrogate.isLow(d)) {
+                if (Character.isLowSurrogate(d)) {
-                    character = toUCS4(c, d);
+                    character = Character.toCodePoint(c, d);
                     isPair = true;
                     error = null;
                     return character;
@@ -193,7 +198,7 @@ public class Surrogate {
                 error = CoderResult.malformedForLength(1);
                 return -1;
             }
-            if (Surrogate.isLow(c)) {
+            if (Character.isLowSurrogate(c)) {
                 error = CoderResult.malformedForLength(1);
                 return -1;
             }
@@ -220,14 +225,14 @@ public class Surrogate {
          */
         public int parse(char c, char[] ia, int ip, int il) {
             assert (ia[ip] == c);
-            if (Surrogate.isHigh(c)) {
+            if (Character.isHighSurrogate(c)) {
                 if (il - ip < 2) {
                     error = CoderResult.UNDERFLOW;
                     return -1;
                 }
                 char d = ia[ip + 1];
-                if (Surrogate.isLow(d)) {
+                if (Character.isLowSurrogate(d)) {
-                    character = toUCS4(c, d);
+                    character = Character.toCodePoint(c, d);
                     isPair = true;
                     error = null;
                     return character;
@@ -235,7 +240,7 @@ public class Surrogate {
                 error = CoderResult.malformedForLength(1);
                 return -1;
             }
-            if (Surrogate.isLow(c)) {
+            if (Character.isLowSurrogate(c)) {
                 error = CoderResult.malformedForLength(1);
                 return -1;
             }
@@ -282,7 +287,7 @@ public class Surrogate {
          *           error() will return a descriptive result object
          */
         public int generate(int uc, int len, CharBuffer dst) {
-            if (uc <= 0xffff) {
+            if (Surrogate.isBMP(uc)) {
                 if (Surrogate.is(uc)) {
                     error = CoderResult.malformedForLength(len);
                     return -1;
@@ -294,12 +299,7 @@ public class Surrogate {
                 dst.put((char)uc);
                 error = null;
                 return 1;
-            }
+            } else if (Character.isSupplementaryCodePoint(uc)) {
-            if (uc < Surrogate.UCS4_MIN) {
-                error = CoderResult.malformedForLength(len);
-                return -1;
-            }
-            if (uc <= Surrogate.UCS4_MAX) {
                 if (dst.remaining() < 2) {
                     error = CoderResult.OVERFLOW;
                     return -1;
@@ -308,9 +308,10 @@ public class Surrogate {
                 dst.put(Surrogate.low(uc));
                 error = null;
                 return 2;
+            } else {
+                error = CoderResult.unmappableForLength(len);
+                return -1;
             }
-            error = CoderResult.unmappableForLength(len);
-            return -1;
         }
 
         /**
@@ -330,7 +331,7 @@ public class Surrogate {
          *           error() will return a descriptive result object
          */
         public int generate(int uc, int len, char[] da, int dp, int dl) {
-            if (uc <= 0xffff) {
+            if (Surrogate.isBMP(uc)) {
                 if (Surrogate.is(uc)) {
                     error = CoderResult.malformedForLength(len);
                     return -1;
@@ -342,12 +343,7 @@ public class Surrogate {
                 da[dp] = (char)uc;
                 error = null;
                 return 1;
-            }
+            } else if (Character.isSupplementaryCodePoint(uc)) {
-            if (uc < Surrogate.UCS4_MIN) {
-                error = CoderResult.malformedForLength(len);
-                return -1;
-            }
-            if (uc <= Surrogate.UCS4_MAX) {
                 if (dl - dp < 2) {
                     error = CoderResult.OVERFLOW;
                     return -1;
@@ -356,11 +352,11 @@ public class Surrogate {
                 da[dp + 1] = Surrogate.low(uc);
                 error = null;
                 return 2;
+            } else {
+                error = CoderResult.unmappableForLength(len);
+                return -1;
             }
-            error = CoderResult.unmappableForLength(len);
-            return -1;
         }
-
     }
 
 }

jdk/src/share/classes/sun/security/krb5/Config.java

@@ -70,7 +70,12 @@ public class Config {
     private static final int BASE16_1 = 16;
     private static final int BASE16_2 = 16 * 16;
     private static final int BASE16_3 = 16 * 16 * 16;
-    private String defaultRealm;   // default kdc realm.
+
+    /**
+     * Specified by system properties. Must be both null or non-null.
+     */
+    private final String defaultRealm;
+    private final String defaultKDC;
 
     // used for native interface
     private static native String getWindowsDirectory(boolean isSystem);
@@ -81,9 +86,8 @@ public class Config {
      * singleton) is returned.
      *
      * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
+     * instance. Possible causes would be either of java.security.krb5.realm or
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
+     * java.security.krb5.kdc not specified, error reading configuration file.
-     * not specified, error reading configuration file.
      */
     public static synchronized Config getInstance() throws KrbException {
         if (singleton == null) {
@@ -98,9 +102,8 @@ public class Config {
      * the java.security.krb5.* system properties again.
      *
      * @exception KrbException if error occurs when constructing a Config
-     * instance. Possible causes would be configuration file not
+     * instance. Possible causes would be either of java.security.krb5.realm or
-     * found, either of java.security.krb5.realm or java.security.krb5.kdc
+     * java.security.krb5.kdc not specified, error reading configuration file.
-     * not specified, error reading configuration file.
      */
 
     public static synchronized void refresh() throws KrbException {
@@ -114,56 +117,37 @@ public class Config {
      */
     private Config() throws KrbException {
         /*
-         * If these two system properties are being specified by the user,
+         * If either one system property is specified, we throw exception.
-         * we ignore configuration file. If either one system property is
-         * specified, we throw exception. If neither of them are specified,
-         * we load the information from configuration file.
          */
-        String kdchost =
+        String tmp =
             java.security.AccessController.doPrivileged(
                 new sun.security.action.GetPropertyAction
                     ("java.security.krb5.kdc"));
+        if (tmp != null) {
+            // The user can specify a list of kdc hosts separated by ":"
+            defaultKDC = tmp.replace(':', ' ');
+        } else {
+            defaultKDC = null;
+        }
         defaultRealm =
             java.security.AccessController.doPrivileged(
                 new sun.security.action.GetPropertyAction
                     ("java.security.krb5.realm"));
-        if ((kdchost == null && defaultRealm != null) ||
+        if ((defaultKDC == null && defaultRealm != null) ||
-            (defaultRealm == null && kdchost != null)) {
+            (defaultRealm == null && defaultKDC != null)) {
             throw new KrbException
                 ("System property java.security.krb5.kdc and " +
                  "java.security.krb5.realm both must be set or " +
                  "neither must be set.");
         }
 
-        // Read the Kerberos configuration file
+        // Always read the Kerberos configuration file
         try {
             Vector<String> configFile;
             configFile = loadConfigFile();
             stanzaTable = parseStanzaTable(configFile);
         } catch (IOException ioe) {
-            // No krb5.conf, no problem. We'll use DNS etc.
+            // No krb5.conf, no problem. We'll use DNS or system property etc.
-        }
-
-        if (kdchost != null) {
-            /*
-             * If configuration information is only specified by
-             * properties java.security.krb5.kdc and
-             * java.security.krb5.realm, we put both in the hashtable
-             * under [libdefaults].
-             */
-            if (stanzaTable == null) {
-                stanzaTable = new Hashtable<String,Object> ();
-            }
-            Hashtable<String,String> kdcs =
-                    (Hashtable<String,String>)stanzaTable.get("libdefaults");
-            if (kdcs == null) {
-                kdcs = new Hashtable<String,String> ();
-                stanzaTable.put("libdefaults", kdcs);
-            }
-            kdcs.put("default_realm", defaultRealm);
-            // The user can specify a list of kdc hosts separated by ":"
-            kdchost = kdchost.replace(':', ' ');
-            kdcs.put("kdc", kdchost);
         }
     }
 
@@ -295,19 +279,6 @@ public class Config {
         String result = null;
         Hashtable subTable;
 
-        /*
-         * In the situation when kdc is specified by
-         * java.security.krb5.kdc, we get the kdc from [libdefaults] in
-         * hashtable.
-         */
-        if (name.equalsIgnoreCase("kdc") &&
-            (section.equalsIgnoreCase(getDefault("default_realm", "libdefaults"))) &&
-            (java.security.AccessController.doPrivileged(
-                new sun.security.action.
-                GetPropertyAction("java.security.krb5.kdc")) != null)) {
-            result = getDefault("kdc", "libdefaults");
-            return result;
-        }
         if (stanzaTable != null) {
             for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
                 stanzaName = (String)e.nextElement();
@@ -1035,13 +1006,13 @@ public class Config {
     /**
      * Resets the default kdc realm.
      * We do not need to synchronize these methods since assignments are atomic
+     *
+     * This method was useless. Kept here in case some class still calls it.
      */
     public void resetDefaultRealm(String realm) {
-        defaultRealm = realm;
         if (DEBUG) {
-            System.out.println(">>> Config reset default kdc " + defaultRealm);
+            System.out.println(">>> Config try resetting default kdc " + realm);
         }
-
     }
 
     /**
@@ -1098,6 +1069,9 @@ public class Config {
      * @return the default realm, always non null
      */
     public String getDefaultRealm() throws KrbException {
+        if (defaultRealm != null) {
+            return defaultRealm;
+        }
         Exception cause = null;
         String realm = getDefault("default_realm", "libdefaults");
         if ((realm == null) && useDNS_Realm()) {
@@ -1142,6 +1116,9 @@ public class Config {
         if (realm == null) {
             realm = getDefaultRealm();
         }
+        if (realm.equalsIgnoreCase(defaultRealm)) {
+            return defaultKDC;
+        }
         Exception cause = null;
         String kdcs = getDefault("kdc", realm);
         if ((kdcs == null) && useDNS_KDC()) {
@@ -1171,6 +1148,9 @@ public class Config {
             });
         }
         if (kdcs == null) {
+            if (defaultKDC != null) {
+                return defaultKDC;
+            }
             KrbException ke = new KrbException("Cannot locate KDC");
             if (cause != null) {
                 ke.initCause(cause);

jdk/src/share/classes/sun/security/krb5/KrbApReq.java

@@ -294,8 +294,6 @@ public class KrbApReq {
         apReqMessg.ticket.sname.setRealm(apReqMessg.ticket.realm);
         enc_ticketPart.cname.setRealm(enc_ticketPart.crealm);
 
-        Config.getInstance().resetDefaultRealm(apReqMessg.ticket.realm.toString());
-
         if (!authenticator.cname.equals(enc_ticketPart.cname))
             throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
 

jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright 2000-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Portions Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -403,11 +403,11 @@ public class KeyTab implements KeyTabConstants {
     /**
      * Retrieves the key table entry with the specified service name.
      * @param service the service which may have an entry in the key table.
+     * @param keyType the etype to match, returns the 1st one if -1 provided
      * @return -1 if the entry is not found, else return the entry index
      * in the list.
      */
     private int retrieveEntry(PrincipalName service, int keyType) {
-        int found = -1;
         KeyTabEntry e;
         if (entries != null) {
             for (int i = 0; i < entries.size(); i++) {
@@ -418,7 +418,7 @@ public class KeyTab implements KeyTabConstants {
                 }
             }
         }
-        return found;
+        return -1;
     }
 
     /**
@@ -476,12 +476,29 @@ public class KeyTab implements KeyTabConstants {
     /**
      * Removes an entry from the key table.
      * @param service the service <code>PrincipalName</code>.
+     * @param etype the etype to match, first one if -1 provided
+     * @return 1 if removed successfully, 0 otherwise
      */
-    public void deleteEntry(PrincipalName service) {
+    public int deleteEntry(PrincipalName service, int etype) {
-        int result = retrieveEntry(service, -1);
+        int result = retrieveEntry(service, etype);
         if (result != -1) {
             entries.removeElementAt(result);
+            return 1;
         }
+        return 0;
+    }
+
+    /**
+     * Removes an entry from the key table.
+     * @param service the service <code>PrincipalName</code>.
+     * @return number of entries removed
+     */
+    public int deleteEntry(PrincipalName service) {
+        int count = 0;
+        while (deleteEntry(service, -1) > 0) {
+            count++;
+        }
+        return count;
     }
 
     /**

jdk/src/share/classes/sun/security/pkcs11/JarVerifier.java

@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.pkcs11;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
-    private static final boolean debug = false;
-
-    /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
-     */
-    static boolean verify(final Class c) {
-        return true;
-    }
-}

jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -390,24 +390,6 @@ public final class SunPKCS11 extends AuthProvider {
         return sb.toString();
     }
 
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void verifySelfIntegrity(Class c) {
-        if (integrityVerified) {
-            return;
-        }
-        doVerifySelfIntegrity(c);
-    }
-
-    private static synchronized void doVerifySelfIntegrity(Class c) {
-        integrityVerified = JarVerifier.verify(c);
-        if (integrityVerified == false) {
-            throw new ProviderException
-                ("The SunPKCS11 provider may have been tampered with.");
-        }
-    }
-
     public boolean equals(Object obj) {
         return this == obj;
     }
@@ -923,7 +905,6 @@ public final class SunPKCS11 extends AuthProvider {
             if (type == MD) {
                 return new P11Digest(token, algorithm, mechanism);
             } else if (type == CIP) {
-                verifySelfIntegrity(getClass());
                 if (algorithm.startsWith("RSA")) {
                     return new P11RSACipher(token, algorithm, mechanism);
                 } else {
@@ -932,12 +913,10 @@ public final class SunPKCS11 extends AuthProvider {
             } else if (type == SIG) {
                 return new P11Signature(token, algorithm, mechanism);
             } else if (type == MAC) {
-                verifySelfIntegrity(getClass());
                 return new P11Mac(token, algorithm, mechanism);
             } else if (type == KPG) {
                 return new P11KeyPairGenerator(token, algorithm, mechanism);
             } else if (type == KA) {
-                verifySelfIntegrity(getClass());
                 if (algorithm.equals("ECDH")) {
                     return new P11ECDHKeyAgreement(token, algorithm, mechanism);
                 } else {
@@ -946,11 +925,8 @@ public final class SunPKCS11 extends AuthProvider {
             } else if (type == KF) {
                 return token.getKeyFactory(algorithm);
             } else if (type == SKF) {
-                verifySelfIntegrity(getClass());
                 return new P11SecretKeyFactory(token, algorithm);
             } else if (type == KG) {
-                verifySelfIntegrity(getClass());
-
                 // reference equality
                 if (algorithm == "SunTlsRsaPremasterSecret") {
                     return new P11TlsRsaPremasterSecretGenerator(

jdk/src/share/classes/sun/security/provider/certpath/CertPathHelper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,11 @@
 
 package sun.security.provider.certpath;
 
+import java.util.Date;
 import java.util.Set;
 
 import java.security.cert.X509CertSelector;
+import java.security.cert.X509CRLSelector;
 
 import sun.security.x509.GeneralNameInterface;
 
@@ -55,8 +57,14 @@ public abstract class CertPathHelper {
     protected abstract void implSetPathToNames(X509CertSelector sel,
             Set<GeneralNameInterface> names);
 
+    protected abstract void implSetDateAndTime(X509CRLSelector sel, Date date, long skew);
+
     static void setPathToNames(X509CertSelector sel,
             Set<GeneralNameInterface> names) {
         instance.implSetPathToNames(sel, names);
     }
+
+    static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
+        instance.implSetDateAndTime(sel, date, skew);
+    }
 }

jdk/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,6 +81,10 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
     private static final boolean[] ALL_REASONS =
         {true, true, true, true, true, true, true, true, true};
 
+    // Maximum clock skew in milliseconds (15 minutes) allowed when checking
+    // validity of CRLs
+    private static final long MAX_CLOCK_SKEW = 900000;
+
     /**
      * Creates a <code>CrlRevocationChecker</code>.
      *
@@ -281,7 +285,7 @@ class CrlRevocationChecker extends PKIXCertPathChecker {
         try {
             X509CRLSelector sel = new X509CRLSelector();
             sel.setCertificateChecking(currCert);
-            sel.setDateAndTime(mCurrentTime);
+            CertPathHelper.setDateAndTime(sel, mCurrentTime, MAX_CLOCK_SKEW);
 
             for (CertStore mStore : mStores) {
                 for (java.security.cert.CRL crl : mStore.getCRLs(sel)) {

jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java

@@ -149,9 +149,9 @@ class OCSPResponse {
 
     private SingleResponse singleResponse;
 
-    // Maximum clock skew in milliseconds (10 minutes) allowed when checking
+    // Maximum clock skew in milliseconds (15 minutes) allowed when checking
     // validity of OCSP responses
-    private static final long MAX_CLOCK_SKEW = 600000;
+    private static final long MAX_CLOCK_SKEW = 900000;
 
     // an array of all of the CRLReasons (used in SingleResponse)
     private static CRLReason[] values = CRLReason.values();

jdk/src/share/classes/sun/security/tools/JarSigner.java

@@ -136,7 +136,7 @@ public class JarSigner {
     char[] keypass; // private key password
     String sigfile; // name of .SF file
     String sigalg; // name of signature algorithm
-    String digestalg = "SHA1"; // name of digest algorithm
+    String digestalg = "SHA-256"; // name of digest algorithm
     String signedjar; // output filename
     String tsaUrl; // location of the Timestamping Authority
     String tsaAlias; // alias for the Timestamping Authority's certificate
@@ -2205,7 +2205,7 @@ class SignatureFile {
                 if (keyAlgorithm.equalsIgnoreCase("DSA"))
                     digestAlgorithm = "SHA1";
                 else if (keyAlgorithm.equalsIgnoreCase("RSA"))
-                    digestAlgorithm = "SHA1";
+                    digestAlgorithm = "SHA256";
                 else {
                     throw new RuntimeException("private key is not a DSA or "
                                                + "RSA key");

jdk/src/share/classes/sun/security/tools/KeyTool.java

@@ -1052,7 +1052,7 @@ public final class KeyTool {
         X509CertImpl signerCertImpl = new X509CertImpl(encoded);
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
-        X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
+        X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
                                            CertificateSubjectName.DN_NAME);
 
         Date firstDate = getStartDate(startDate);
@@ -1068,7 +1068,7 @@ public final class KeyTool {
         Signature signature = Signature.getInstance(sigAlgName);
         signature.initSign(privateKey);
 
-        X500Signer signer = new X500Signer(signature, owner);
+        X500Signer signer = new X500Signer(signature, issuer);
 
         X509CertInfo info = new X509CertInfo();
         info.set(X509CertInfo.VALIDITY, interval);
@@ -1102,7 +1102,8 @@ public final class KeyTool {
         PKCS10 req = new PKCS10(rawReq);
 
         info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
-        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(req.getSubjectName()));
+        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+                dname==null?req.getSubjectName():new X500Name(dname)));
         CertificateExtensions reqex = null;
         Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
         while (attrs.hasNext()) {
@@ -1160,8 +1161,9 @@ public final class KeyTool {
 
         Signature signature = Signature.getInstance(sigAlgName);
         signature.initSign(privKey);
-        X500Name subject =
+        X500Name subject = dname == null?
-            new X500Name(((X509Certificate)cert).getSubjectDN().toString());
+                new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
+                new X500Name(dname);
         X500Signer signer = new X500Signer(signature, subject);
 
         // Sign the request and base-64 encode it
@@ -1316,7 +1318,7 @@ public final class KeyTool {
         if ("DSA".equalsIgnoreCase(keyAlgName)) {
             return "SHA1WithDSA";
         } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
-            return "SHA1WithRSA";
+            return "SHA256WithRSA";
         } else if ("EC".equalsIgnoreCase(keyAlgName)) {
             return "SHA1withECDSA";
         } else {
@@ -1334,6 +1336,8 @@ public final class KeyTool {
         if (keysize == -1) {
             if ("EC".equalsIgnoreCase(keyAlgName)) {
                 keysize = 256;
+            } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
+                keysize = 2048;
             } else {
                 keysize = 1024;
             }
@@ -2497,6 +2501,7 @@ public final class KeyTool {
                         cert.getNotAfter().toString(),
                         getCertFingerPrint("MD5", cert),
                         getCertFingerPrint("SHA1", cert),
+                        getCertFingerPrint("SHA-256", cert),
                         cert.getSigAlgName(),
                         cert.getVersion()
                         };
@@ -3428,7 +3433,7 @@ public final class KeyTool {
 
                 int colonpos = name.indexOf(':');
                 if (colonpos >= 0) {
-                    if (name.substring(colonpos+1).equalsIgnoreCase("critical")) {
+                    if (oneOf(name.substring(colonpos+1), "critical") == 0) {
                         isCritical = true;
                     }
                     name = name.substring(0, colonpos);
@@ -3688,6 +3693,8 @@ public final class KeyTool {
                 ("-certreq     [-v] [-protected]"));
         System.err.println(rb.getString
                 ("\t     [-alias <alias>] [-sigalg <sigalg>]"));
+        System.err.println(rb.getString
+                ("\t     [-dname <dname>]"));
         System.err.println(rb.getString
                 ("\t     [-file <csr_file>] [-keypass <keypass>]"));
         System.err.println(rb.getString
@@ -3770,6 +3777,8 @@ public final class KeyTool {
                 ("\t     [-infile <infile>] [-outfile <outfile>]"));
         System.err.println(rb.getString
                 ("\t     [-alias <alias>]"));
+        System.err.println(rb.getString
+                ("\t     [-dname <dname>]"));
         System.err.println(rb.getString
                 ("\t     [-sigalg <sigalg>]"));
         System.err.println(rb.getString

jdk/src/share/classes/sun/security/util/Resources.java

@@ -215,7 +215,7 @@ public class Resources extends java.util.ListResourceBundle {
         {"\t(RETURN if same as for <otherAlias>)",
                 "\t(RETURN if same as for <{0}>)"},
         {"*PATTERN* printX509Cert",
-                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5:  {5}\n\t SHA1: {6}\n\t Signature algorithm name: {7}\n\t Version: {8}"},
+                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5:  {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"},
         {"What is your first and last name?",
                 "What is your first and last name?"},
         {"What is the name of your organizational unit?",
@@ -301,6 +301,7 @@ public class Resources extends java.util.ListResourceBundle {
                 "-certreq     [-v] [-protected]"},
         {"\t     [-alias <alias>] [-sigalg <sigalg>]",
                 "\t     [-alias <alias>] [-sigalg <sigalg>]"},
+        {"\t     [-dname <dname>]", "\t     [-dname <dname>]"},
         {"\t     [-file <csr_file>] [-keypass <keypass>]",
                 "\t     [-file <csr_file>] [-keypass <keypass>]"},
         {"\t     [-keystore <keystore>] [-storepass <storepass>]",

jdk/src/share/classes/sun/swing/FilePane.java

@@ -1,6 +1,5 @@
-
 /*
- * Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -905,8 +904,8 @@ public class FilePane extends JPanel implements PropertyChangeListener {
 
         @Override
         public void sort() {
-            ShellFolder.getInvoker().invoke(new Callable<Void>() {
+            ShellFolder.invoke(new Callable<Void>() {
-                public Void call() throws Exception {
+                public Void call() {
                     DetailsTableRowSorter.super.sort();
                     return null;
                 }

jdk/src/share/classes/sun/swing/MenuItemLayoutHelper.java

@@ -718,10 +718,10 @@ public class MenuItemLayoutHelper {
     }
 
     private void alignRect(Rectangle rect, int alignment, int origWidth) {
-        if (alignment != SwingUtilities.LEFT) {
+        if (alignment == SwingConstants.RIGHT) {
             rect.x = rect.x + rect.width - origWidth;
-            rect.width = origWidth;
         }
+        rect.width = origWidth;
     }
 
     protected void layoutIconAndTextInLabelRect(LayoutResult lr) {

jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c

@@ -337,7 +337,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotList
     CK_ULONG ckTokenNumber;
     CK_SLOT_ID_PTR ckpSlotList;
     CK_BBOOL ckTokenPresent;
-    jlongArray jSlotList;
+    jlongArray jSlotList = NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
@@ -637,7 +637,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetMechanismList
     CK_SLOT_ID ckSlotID;
     CK_ULONG ckMechanismNumber;
     CK_MECHANISM_TYPE_PTR ckpMechanismList;
-    jlongArray jMechanismList;
+    jlongArray jMechanismList = NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);