Merge

jdk/make/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -243,6 +243,11 @@ SUBDIRS       = tools java javax sun com
 SUBDIRS_tools = launchers
 SUBDIRS_misc  = org sunw jpda mkdemo mksample
 
+# Alternate classes implementation
+ifndef OPENJDK
+  SUBDIRS_misc += altclasses
+endif
+
 include $(BUILDDIR)/common/Subdirs.gmk
 
 all build::

jdk/make/altclasses/Makefile

@@ -0,0 +1,84 @@
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+#
+# Makefile for building alternate runtime classes (not used by default)
+#
+
+BUILDDIR = ..
+
+PRODUCT = altclasses
+
+include $(BUILDDIR)/common/Defs.gmk
+
+# Root of alternate class sources
+
+ALTCLASSES_SRCDIR = $(CLOSED_SRC)/share/altclasses
+
+# Alternate runtime classes
+
+ALTRT_JAR_FILE = $(LIBDIR)/alt-rt.jar
+ALTRT_JAR_SOURCE_FILE = $(TEMPDIR)/alt-rt.jarsrclist
+ALTRT_JAR_SOURCES = $(wildcard $(ALTCLASSES_SRCDIR)/java/*/*.java)
+
+# Use a special file suffix for the file that holds the source list
+
+.SUFFIXES: .jarsrclist
+
+# Build rules
+
+all build: 
+	@if [ -d $(ALTCLASSES_SRCDIR) ] ; then \
+	   $(MAKE) $(ALTRT_JAR_FILE); \
+	fi
+
+# Source list file creation
+
+$(ALTRT_JAR_SOURCE_FILE): $(ALTRT_JAR_SOURCES) FRC
+	$(prep-target)
+	$(ECHO) $(ALTRT_JAR_SOURCES) > $@
+
+clean clobber::
+	$(RM) $(ALTRT_JAR_FILE) $(ALTRT_JAR_SOURCE_FILE) 
+	$(RM) -r $(ALTRT_JAR_SOURCE_FILE).classes
+
+include $(BUILDDIR)/common/Classes.gmk
+
+# Pattern rule to turn a source list file into a jar file
+$(LIBDIR)/%.jar : $(TEMPDIR)/%.jarsrclist
+	$(prep-target)
+	$(RM) -r $(<).classes
+	$(MKDIR) -p $(<).classes
+	$(JAVAC_CMD) -implicit:none -d $(<).classes @$<
+	$(BOOT_JAR_CMD) cf $@ -C $(<).classes . $(BOOT_JAR_JFLAGS)
+
+# Force target
+
+FRC:
+
+# Non file targets
+
+.PHONY: all build clean clobber
+

jdk/make/mkdemo/nio/zipfs/Makefile

@@ -42,3 +42,10 @@ DEMO_DESTDIR    = $(DEMODIR)/nio/$(DEMONAME)
 #
 include $(BUILDDIR)/common/Demo.gmk
 
+#EXTJAR = $(EXTDIR)/$(DEMONAME).jar
+#
+#all : build $(EXTJAR)
+#
+#$(EXTJAR) : $(DEMO_JAR)
+#	$(prep-target)
+#	$(CP) $(DEMO_JAR) $(EXTJAR)

jdk/make/sun/xawt/mapfile-vers

@@ -429,6 +429,7 @@ SUNWprivate_1.1 {
         Java_com_sun_java_swing_plaf_gtk_GTKStyle_nativeGetClassValue;
         Java_com_sun_java_swing_plaf_gtk_GTKStyle_nativeGetPangoFontName;
 
+        Java_sun_awt_X11_GtkFileDialogPeer_initIDs;
         Java_sun_awt_X11_GtkFileDialogPeer_run;
         Java_sun_awt_X11_GtkFileDialogPeer_quit;
 

jdk/src/share/classes/com/sun/java/util/jar/pack/ClassReader.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@ import java.util.*;
 import com.sun.java.util.jar.pack.Package.Class;
 import com.sun.java.util.jar.pack.Package.InnerClass;
 import com.sun.java.util.jar.pack.ConstantPool.*;
-import com.sun.tools.classfile.AttributeException;
 
 /**
  * Reader for a class file that is being incorporated into a package.
@@ -422,7 +421,7 @@ class ClassReader implements Constants {
                         readCode(m.code);
                     } catch (Instruction.FormatException iie) {
                         String message = iie.getMessage() + " in " + h;
-                        throw new ClassReader.ClassFormatException(message);
+                        throw new ClassReader.ClassFormatException(message, iie);
                     }
                 } else {
                     assert(h == cls);
@@ -477,9 +476,13 @@ class ClassReader implements Constants {
         // (Later, ics may be transferred to the pkg.)
     }
 
-    class ClassFormatException extends IOException {
+    static class ClassFormatException extends IOException {
         public ClassFormatException(String message) {
             super(message);
         }
+
+        public ClassFormatException(String message, Throwable cause) {
+            super(message, cause);
+        }
     }
 }

jdk/src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java

@@ -614,10 +614,14 @@ public class PackerImpl  extends TLGlobals implements Pack200.Packer {
         List<InFile> scanJar(JarFile jf) throws IOException {
             // Collect jar entries, preserving order.
             List<InFile> inFiles = new ArrayList<>();
-            for (JarEntry je : Collections.list(jf.entries())) {
+            try {
-                InFile inFile = new InFile(jf, je);
+                for (JarEntry je : Collections.list(jf.entries())) {
-                assert(je.isDirectory() == inFile.name.endsWith("/"));
+                    InFile inFile = new InFile(jf, je);
-                inFiles.add(inFile);
+                    assert(je.isDirectory() == inFile.name.endsWith("/"));
+                    inFiles.add(inFile);
+                }
+            } catch (IllegalStateException ise) {
+                throw new IOException(ise.getLocalizedMessage(), ise);
             }
             return inFiles;
         }

jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java

@@ -92,7 +92,13 @@ public class UnpackerImpl extends TLGlobals implements Pack200.Unpacker {
      * @param out a JarOutputStream.
      * @exception IOException if an error is encountered.
      */
-    public void unpack(InputStream in0, JarOutputStream out) throws IOException {
+    public void unpack(InputStream in, JarOutputStream out) throws IOException {
+        if (in == null) {
+            throw new NullPointerException("null input");
+        }
+        if (out == null) {
+            throw new NullPointerException("null output");
+        }
         assert(Utils.currentInstance.get() == null);
         TimeZone tz = (props.getBoolean(Utils.PACK_DEFAULT_TIMEZONE))
                       ? null
@@ -102,18 +108,18 @@ public class UnpackerImpl extends TLGlobals implements Pack200.Unpacker {
             Utils.currentInstance.set(this);
             if (tz != null) TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
             final int verbose = props.getInteger(Utils.DEBUG_VERBOSE);
-            BufferedInputStream in = new BufferedInputStream(in0);
+            BufferedInputStream in0 = new BufferedInputStream(in);
-            if (Utils.isJarMagic(Utils.readMagic(in))) {
+            if (Utils.isJarMagic(Utils.readMagic(in0))) {
                 if (verbose > 0)
                     Utils.log.info("Copying unpacked JAR file...");
-                Utils.copyJarFile(new JarInputStream(in), out);
+                Utils.copyJarFile(new JarInputStream(in0), out);
             } else if (props.getBoolean(Utils.DEBUG_DISABLE_NATIVE)) {
-                (new DoUnpack()).run(in, out);
+                (new DoUnpack()).run(in0, out);
-                in.close();
+                in0.close();
                 Utils.markJarFile(out);
             } else {
-                (new NativeUnpack(this)).run(in, out);
+                (new NativeUnpack(this)).run(in0, out);
-                in.close();
+                in0.close();
                 Utils.markJarFile(out);
             }
         } finally {
@@ -132,6 +138,12 @@ public class UnpackerImpl extends TLGlobals implements Pack200.Unpacker {
      * @exception IOException if an error is encountered.
      */
     public void unpack(File in, JarOutputStream out) throws IOException {
+        if (in == null) {
+            throw new NullPointerException("null input");
+        }
+        if (out == null) {
+            throw new NullPointerException("null output");
+        }
         // Use the stream-based implementation.
         // %%% Reconsider if native unpacker learns to memory-map the file.
         FileInputStream instr = new FileInputStream(in);

jdk/src/share/classes/com/sun/jmx/remote/internal/ServerNotifForwarder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@ import javax.management.InstanceNotFoundException;
 import javax.management.ListenerNotFoundException;
 import javax.management.MBeanPermission;
 import javax.management.MBeanServer;
+import javax.management.MBeanServerDelegate;
+import javax.management.MBeanServerNotification;
 import javax.management.Notification;
 import javax.management.NotificationBroadcaster;
 import javax.management.NotificationFilter;
@@ -272,6 +274,7 @@ public class ServerNotifForwarder {
             nr = notifBuffer.fetchNotifications(bufferFilter,
                 startSequenceNumber,
                 t, maxNotifications);
+            snoopOnUnregister(nr);
         } catch (InterruptedException ire) {
             nr = new NotificationResult(0L, 0L, new TargetedNotification[0]);
         }
@@ -283,6 +286,34 @@ public class ServerNotifForwarder {
         return nr;
     }
 
+    // The standard RMI connector client will register a listener on the MBeanServerDelegate
+    // in order to be told when MBeans are unregistered.  We snoop on fetched notifications
+    // so that we can know too, and remove the corresponding entry from the listenerMap.
+    // See 6957378.
+    private void snoopOnUnregister(NotificationResult nr) {
+        Set<IdAndFilter> delegateSet = listenerMap.get(MBeanServerDelegate.DELEGATE_NAME);
+        if (delegateSet == null || delegateSet.isEmpty()) {
+            return;
+        }
+        for (TargetedNotification tn : nr.getTargetedNotifications()) {
+            Integer id = tn.getListenerID();
+            for (IdAndFilter idaf : delegateSet) {
+                if (idaf.id == id) {
+                    // This is a notification from the MBeanServerDelegate.
+                    Notification n = tn.getNotification();
+                    if (n instanceof MBeanServerNotification &&
+                            n.getType().equals(MBeanServerNotification.UNREGISTRATION_NOTIFICATION)) {
+                        MBeanServerNotification mbsn = (MBeanServerNotification) n;
+                        ObjectName gone = mbsn.getMBeanName();
+                        synchronized (listenerMap) {
+                            listenerMap.remove(gone);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     public void terminate() {
         if (logger.traceOn()) {
             logger.trace("terminate", "Be called.");
@@ -418,10 +449,12 @@ public class ServerNotifForwarder {
             return this.filter;
         }
 
+        @Override
         public int hashCode() {
             return id.hashCode();
         }
 
+        @Override
         public boolean equals(Object o) {
             return ((o instanceof IdAndFilter) &&
                     ((IdAndFilter) o).getId().equals(getId()));

jdk/src/share/classes/com/sun/rowset/JdbcRowSetResourceBundle.java

@@ -27,7 +27,6 @@ package com.sun.rowset;
 
 import java.io.*;
 import java.util.*;
-import java.lang.*;
 
 /**
  * This class is used to help in localization of resources,
@@ -42,28 +41,28 @@ public class JdbcRowSetResourceBundle implements Serializable {
      * This <code>String</code> variable stores the location
      * of the resource bundle location.
      */
-    static String fileName;
+    private static String fileName;
 
     /**
      * This variable will hold the <code>PropertyResourceBundle</code>
      * of the text to be internationalized.
      */
-    transient PropertyResourceBundle propResBundle;
+    private transient PropertyResourceBundle propResBundle;
 
     /**
      * The constructor initializes to this object
      *
      */
-    static JdbcRowSetResourceBundle jpResBundle;
+    private static volatile JdbcRowSetResourceBundle jpResBundle;
 
     /**
-     * The varible which will represent the properties
+     * The variable which will represent the properties
      * the suffix or extension of the resource bundle.
      **/
     private static final String PROPERTIES = "properties";
 
     /**
-     * The varibale to represent underscore
+     * The variable to represent underscore
      **/
     private static final String UNDERSCORE = "_";
 

jdk/src/share/classes/com/sun/security/auth/NTDomainPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
         if (name == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"name"};
             throw new NullPointerException(form.format(source));
@@ -99,7 +99,7 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTDomainPrincipal: name",
+                        ("NTDomainPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {name};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTNumericCredential.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -70,7 +70,7 @@ public class NTNumericCredential {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTNumericCredential: name",
+                        ("NTNumericCredential.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {Long.toString(impersonationToken)};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTSid.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,7 +73,7 @@ public class NTSid implements Principal, java.io.Serializable {
         if (stringSid == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"stringSid"};
             throw new NullPointerException(form.format(source));
@@ -81,7 +81,7 @@ public class NTSid implements Principal, java.io.Serializable {
         if (stringSid.length() == 0) {
             throw new IllegalArgumentException
                 (sun.security.util.ResourcesMgr.getString
-                        ("Invalid NTSid value",
+                        ("Invalid.NTSid.value",
                         "sun.security.util.AuthResources"));
         }
         sid = new String(stringSid);
@@ -108,7 +108,7 @@ public class NTSid implements Principal, java.io.Serializable {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTSid: name",
+                        ("NTSid.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {sid};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTSidDomainPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -73,7 +73,7 @@ public class NTSidDomainPrincipal extends NTSid {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTSidDomainPrincipal: name",
+                        ("NTSidDomainPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {getName()};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTSidGroupPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,7 +68,7 @@ public class NTSidGroupPrincipal extends NTSid {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTSidGroupPrincipal: name",
+                        ("NTSidGroupPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {getName()};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTSidPrimaryGroupPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -70,7 +70,7 @@ public class NTSidPrimaryGroupPrincipal extends NTSid {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTSidPrimaryGroupPrincipal: name",
+                        ("NTSidPrimaryGroupPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {getName()};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTSidUserPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@ public class NTSidUserPrincipal extends NTSid {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTSidUserPrincipal: name",
+                        ("NTSidUserPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {getName()};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/NTUserPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,7 +64,7 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
         if (name == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"name"};
             throw new NullPointerException(form.format(source));
@@ -93,7 +93,7 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("NTUserPrincipal: name",
+                        ("NTUserPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {name};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/PolicyFile.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -490,9 +490,9 @@ public class PolicyFile extends javax.security.auth.Policy {
             }
         } catch (PolicyParser.ParsingException pe) {
             System.err.println(AUTH_POLICY +
-                                rb.getString(": error parsing ") + policy);
+                                rb.getString(".error.parsing.") + policy);
             System.err.println(AUTH_POLICY +
-                                rb.getString(": ") +
+                                rb.getString("COLON") +
                                 pe.getMessage());
             if (debug != null)
                 pe.printStackTrace();
@@ -635,16 +635,16 @@ public class PolicyFile extends javax.security.auth.Policy {
                 } catch (java.lang.reflect.InvocationTargetException ite) {
                     System.err.println
                         (AUTH_POLICY +
-                        rb.getString(": error adding Permission ") +
+                        rb.getString(".error.adding.Permission.") +
                         pe.permission +
-                        rb.getString(" ") +
+                        rb.getString("SPACE") +
                         ite.getTargetException());
                 } catch (Exception e) {
                     System.err.println
                         (AUTH_POLICY +
-                        rb.getString(": error adding Permission ") +
+                        rb.getString(".error.adding.Permission.") +
                         pe.permission +
-                        rb.getString(" ") +
+                        rb.getString("SPACE") +
                         e);
                 }
             }
@@ -652,9 +652,9 @@ public class PolicyFile extends javax.security.auth.Policy {
         } catch (Exception e) {
             System.err.println
                 (AUTH_POLICY +
-                rb.getString(": error adding Entry ") +
+                rb.getString(".error.adding.Entry.") +
                 ge +
-                rb.getString(" ") +
+                rb.getString("SPACE") +
                 e);
         }
 
@@ -1373,18 +1373,18 @@ public class PolicyFile extends javax.security.auth.Policy {
 
         public String toString(){
             StringBuffer sb = new StringBuffer();
-            sb.append(rb.getString("("));
+            sb.append(rb.getString("LPARAM"));
             sb.append(getCodeSource());
             sb.append("\n");
             for (int j = 0; j < permissions.size(); j++) {
                 Permission p = permissions.elementAt(j);
-                sb.append(rb.getString(" "));
+                sb.append(rb.getString("SPACE"));
-                sb.append(rb.getString(" "));
+                sb.append(rb.getString("SPACE"));
                 sb.append(p);
-                sb.append(rb.getString("\n"));
+                sb.append(rb.getString("NEWLINE"));
             }
-            sb.append(rb.getString(")"));
+            sb.append(rb.getString("RPARAM"));
-            sb.append(rb.getString("\n"));
+            sb.append(rb.getString("NEWLINE"));
             return sb.toString();
         }
 
@@ -1415,7 +1415,7 @@ class PolicyPermissions extends PermissionCollection {
         if (isReadOnly())
             throw new SecurityException
             (PolicyFile.rb.getString
-            ("attempt to add a Permission to a readonly PermissionCollection"));
+            ("attempt.to.add.a.Permission.to.a.readonly.PermissionCollection"));
 
         if (perms == null) {
             if (additionalPerms == null)

jdk/src/share/classes/com/sun/security/auth/PolicyParser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -300,7 +300,7 @@ class PolicyParser {
             keyStoreType = match("quoted string");
         } else {
             throw new ParsingException(st.lineno(),
-                        rb.getString("expected keystore type"));
+                        rb.getString("expected.keystore.type"));
         }
     }
 
@@ -368,8 +368,8 @@ class PolicyParser {
                                 "WILDCARD class but no WILDCARD name");
                     throw new ParsingException
                         (st.lineno(),
-                        rb.getString("can not specify Principal with a ") +
+                        rb.getString("can.not.specify.Principal.with.a.") +
-                        rb.getString("wildcard class without a wildcard name"));
+                        rb.getString("wildcard.class.without.a.wildcard.name"));
                 }
 
                 try {
@@ -389,7 +389,7 @@ class PolicyParser {
             } else {
                 throw new
                  ParsingException(st.lineno(),
-                        rb.getString("expected codeBase or SignedBy"));
+                        rb.getString("expected.codeBase.or.SignedBy"));
             }
         }
 
@@ -397,7 +397,7 @@ class PolicyParser {
         if (principals == null) {
             throw new ParsingException
                 (st.lineno(),
-                rb.getString("only Principal-based grant entries permitted"));
+                rb.getString("only.Principal.based.grant.entries.permitted"));
         }
 
         e.principals = principals;
@@ -416,7 +416,7 @@ class PolicyParser {
             } else {
                 throw new
                     ParsingException(st.lineno(),
-                    rb.getString("expected permission entry"));
+                    rb.getString("expected.permission.entry"));
             }
         }
         match("}");
@@ -522,12 +522,12 @@ class PolicyParser {
         switch (lookahead) {
         case StreamTokenizer.TT_NUMBER:
             throw new ParsingException(st.lineno(), expect,
-                                        rb.getString("number ") +
+                                        rb.getString("number.") +
                                         String.valueOf(st.nval));
         case StreamTokenizer.TT_EOF:
            throw new ParsingException
-                (rb.getString("expected ") + expect +
+                (rb.getString("expected.") + expect +
-                rb.getString(", read end of file"));
+                rb.getString(".read.end.of.file"));
         case StreamTokenizer.TT_WORD:
             if (expect.equalsIgnoreCase(st.sval)) {
                 lookahead = st.nextToken();
@@ -603,11 +603,11 @@ class PolicyParser {
         switch (lookahead) {
         case StreamTokenizer.TT_NUMBER:
             throw new ParsingException(st.lineno(), ";",
-                                       rb.getString("number ") +
+                                       rb.getString("number.") +
                                         String.valueOf(st.nval));
         case StreamTokenizer.TT_EOF:
           throw new ParsingException
-                (rb.getString("expected ';', read end of file"));
+                (rb.getString("expected.read.end.of.file"));
         default:
           lookahead = st.nextToken();
         }
@@ -942,13 +942,13 @@ class PolicyParser {
         }
 
         public ParsingException(int line, String msg) {
-            super(rb.getString("line ") + line + rb.getString(": ") + msg);
+            super(rb.getString("line.") + line + rb.getString("COLON") + msg);
         }
 
         public ParsingException(int line, String expect, String actual) {
-            super(rb.getString("line ") + line + rb.getString(": expected '") +
+            super(rb.getString("line.") + line + rb.getString(".expected.") +
-                expect + rb.getString("', found '") + actual +
+                expect + rb.getString(".found.") + actual +
-                rb.getString("'"));
+                rb.getString("QUOTE"));
         }
     }
 

jdk/src/share/classes/com/sun/security/auth/SolarisNumericGroupPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,7 +89,7 @@ public class SolarisNumericGroupPrincipal implements
      */
     public SolarisNumericGroupPrincipal(String name, boolean primaryGroup) {
         if (name == null)
-            throw new NullPointerException(rb.getString("provided null name"));
+            throw new NullPointerException(rb.getString("provided.null.name"));
 
         this.name = name;
         this.primaryGroup = primaryGroup;
@@ -165,9 +165,9 @@ public class SolarisNumericGroupPrincipal implements
     public String toString() {
         return((primaryGroup ?
             rb.getString
-            ("SolarisNumericGroupPrincipal [Primary Group]: ") + name :
+            ("SolarisNumericGroupPrincipal.Primary.Group.") + name :
             rb.getString
-            ("SolarisNumericGroupPrincipal [Supplementary Group]: ") + name));
+            ("SolarisNumericGroupPrincipal.Supplementary.Group.") + name));
     }
 
     /**

jdk/src/share/classes/com/sun/security/auth/SolarisNumericUserPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@ public class SolarisNumericUserPrincipal implements
      */
     public SolarisNumericUserPrincipal(String name) {
         if (name == null)
-            throw new NullPointerException(rb.getString("provided null name"));
+            throw new NullPointerException(rb.getString("provided.null.name"));
 
         this.name = name;
     }
@@ -134,7 +134,7 @@ public class SolarisNumericUserPrincipal implements
      *          <code>SolarisNumericUserPrincipal</code>.
      */
     public String toString() {
-        return(rb.getString("SolarisNumericUserPrincipal: ") + name);
+        return(rb.getString("SolarisNumericUserPrincipal.") + name);
     }
 
     /**

jdk/src/share/classes/com/sun/security/auth/SolarisPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -76,7 +76,7 @@ public class SolarisPrincipal implements Principal, java.io.Serializable {
      */
     public SolarisPrincipal(String name) {
         if (name == null)
-            throw new NullPointerException(rb.getString("provided null name"));
+            throw new NullPointerException(rb.getString("provided.null.name"));
 
         this.name = name;
     }
@@ -100,7 +100,7 @@ public class SolarisPrincipal implements Principal, java.io.Serializable {
      * @return a string representation of this <code>SolarisPrincipal</code>.
      */
     public String toString() {
-        return(rb.getString("SolarisPrincipal: ") + name);
+        return(rb.getString("SolarisPrincipal.") + name);
     }
 
     /**

jdk/src/share/classes/com/sun/security/auth/SubjectCodeSource.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -395,7 +395,7 @@ class SubjectCodeSource extends CodeSource implements java.io.Serializable {
                                         principals.listIterator();
             while (li.hasNext()) {
                 PolicyParser.PrincipalEntry pppe = li.next();
-                returnMe = returnMe + rb.getString("\n") +
+                returnMe = returnMe + rb.getString("NEWLINE") +
                         pppe.principalClass + " " +
                         pppe.principalName;
             }

jdk/src/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,7 @@ public class UnixNumericGroupPrincipal implements
         if (name == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"name"};
             throw new NullPointerException(form.format(source));
@@ -159,14 +159,14 @@ public class UnixNumericGroupPrincipal implements
         if (primaryGroup) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("UnixNumericGroupPrincipal [Primary Group]: name",
+                        ("UnixNumericGroupPrincipal.Primary.Group.name",
                         "sun.security.util.AuthResources"));
             Object[] source = {name};
             return form.format(source);
         } else {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                    ("UnixNumericGroupPrincipal [Supplementary Group]: name",
+                    ("UnixNumericGroupPrincipal.Supplementary.Group.name",
                     "sun.security.util.AuthResources"));
             Object[] source = {name};
             return form.format(source);

jdk/src/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@ public class UnixNumericUserPrincipal implements
         if (name == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"name"};
             throw new NullPointerException(form.format(source));
@@ -127,7 +127,7 @@ public class UnixNumericUserPrincipal implements
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("UnixNumericUserPrincipal: name",
+                        ("UnixNumericUserPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {name};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/UnixPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,7 +64,7 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
         if (name == null) {
             java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("invalid null input: value",
+                        ("invalid.null.input.value",
                         "sun.security.util.AuthResources"));
             Object[] source = {"name"};
             throw new NullPointerException(form.format(source));
@@ -94,7 +94,7 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
     public String toString() {
         java.text.MessageFormat form = new java.text.MessageFormat
                 (sun.security.util.ResourcesMgr.getString
-                        ("UnixPrincipal: name",
+                        ("UnixPrincipal.name",
                         "sun.security.util.AuthResources"));
         Object[] source = {name};
         return form.format(source);

jdk/src/share/classes/com/sun/security/auth/X500Principal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,7 +87,7 @@ public class X500Principal implements Principal, java.io.Serializable {
      */
     public X500Principal(String name) {
         if (name == null)
-            throw new NullPointerException(rb.getString("provided null name"));
+            throw new NullPointerException(rb.getString("provided.null.name"));
 
         try {
             thisX500Name = new X500Name(name);

jdk/src/share/classes/com/sun/security/auth/login/ConfigFile.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,7 +190,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 } catch (PropertyExpander.ExpandException peee) {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                                ("Unable to properly expand config",
+                                ("Unable.to.properly.expand.config",
                                 "sun.security.util.AuthResources"));
                     Object[] source = {extra_config};
                     throw new IOException(form.format(source));
@@ -206,7 +206,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                     } else {
                         MessageFormat form = new MessageFormat
                             (ResourcesMgr.getString
-                                ("extra_config (No such file or directory)",
+                                ("extra.config.No.such.file.or.directory.",
                                 "sun.security.util.AuthResources"));
                         Object[] source = {extra_config};
                         throw new IOException(form.format(source));
@@ -243,7 +243,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
             } catch (PropertyExpander.ExpandException peee) {
                 MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                                ("Unable to properly expand config",
+                                ("Unable.to.properly.expand.config",
                                 "sun.security.util.AuthResources"));
                 Object[] source = {config_url};
                 throw new IOException(form.format(source));
@@ -286,7 +286,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 debugConfig.println(fnfe.toString());
             }
             throw new IOException(ResourcesMgr.getString
-                    ("Configuration Error:\n\tNo such file or directory",
+                    ("Configuration.Error.No.such.file.or.directory",
                     "sun.security.util.AuthResources"));
         } finally {
             if (isr != null) {
@@ -426,7 +426,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                         AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
             else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tInvalid control flag, flag",
+                        ("Configuration.Error.Invalid.control.flag.flag",
                         "sun.security.util.AuthResources"));
                 Object[] source = {sflag};
                 throw new IOException(form.format(source));
@@ -474,8 +474,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
         // add this configuration entry
         if (newConfig.containsKey(appName)) {
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                ("Configuration Error:\n\t" +
+                ("Configuration.Error.Can.not.specify.multiple.entries.for.appName",
-                        "Can not specify multiple entries for appName",
                 "sun.security.util.AuthResources"));
             Object[] source = {appName};
             throw new IOException(form.format(source));
@@ -491,8 +490,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
         case StreamTokenizer.TT_EOF:
 
             MessageFormat form1 = new MessageFormat(ResourcesMgr.getString
-                ("Configuration Error:\n\texpected [expect], " +
+                ("Configuration.Error.expected.expect.read.end.of.file.",
-                        "read [end of file]",
                 "sun.security.util.AuthResources"));
             Object[] source1 = {expect};
             throw new IOException(form1.format(source1));
@@ -508,8 +506,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 lookahead = nextToken();
             } else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: " +
+                        ("Configuration.Error.Line.line.expected.expect.found.value.",
-                                "expected [expect], found [value]",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), expect, st.sval};
                 throw new IOException(form.format(source));
@@ -522,7 +519,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 lookahead = nextToken();
             } else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: expected [expect]",
+                        ("Configuration.Error.Line.line.expected.expect.",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), expect, st.sval};
                 throw new IOException(form.format(source));
@@ -535,7 +532,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 lookahead = nextToken();
             } else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: expected [expect]",
+                        ("Configuration.Error.Line.line.expected.expect.",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), expect, st.sval};
                 throw new IOException(form.format(source));
@@ -548,7 +545,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 lookahead = nextToken();
             } else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: expected [expect]",
+                        ("Configuration.Error.Line.line.expected.expect.",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), expect, st.sval};
                 throw new IOException(form.format(source));
@@ -561,7 +558,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
                 lookahead = nextToken();
             } else {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: expected [expect]",
+                        ("Configuration.Error.Line.line.expected.expect.",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), expect, st.sval};
                 throw new IOException(form.format(source));
@@ -570,8 +567,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
 
         default:
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: " +
+                        ("Configuration.Error.Line.line.expected.expect.found.value.",
-                                "expected [expect], found [value]",
                         "sun.security.util.AuthResources"));
             Object[] source = {new Integer(linenum), expect, st.sval};
             throw new IOException(form.format(source));
@@ -667,8 +663,7 @@ public class ConfigFile extends javax.security.auth.login.Configuration {
 
             if (s == null || s.length() == 0) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("Configuration Error:\n\tLine line: " +
+                        ("Configuration.Error.Line.line.system.property.value.expanded.to.empty.value",
-                        "system property [value] expanded to empty value",
                         "sun.security.util.AuthResources"));
                 Object[] source = {new Integer(linenum), value};
                 throw new IOException(form.format(source));

jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -686,9 +686,9 @@ public class JndiLoginModule implements LoginModule {
 
         Callback[] callbacks = new Callback[2];
         callbacks[0] = new NameCallback(protocol + " "
-                                            + rb.getString("username: "));
+                                            + rb.getString("username."));
         callbacks[1] = new PasswordCallback(protocol + " " +
-                                                rb.getString("password: "),
+                                                rb.getString("password."),
                                             false);
 
         try {

jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -150,7 +150,7 @@ public class KeyStoreLoginModule implements LoginModule {
     private static final TextOutputCallback bannerCallback =
                 new TextOutputCallback
                         (TextOutputCallback.INFORMATION,
-                        rb.getString("Please enter keystore information"));
+                        rb.getString("Please.enter.keystore.information"));
     private final ConfirmationCallback confirmationCallback =
                 new ConfirmationCallback
                         (ConfirmationCallback.INFORMATION,
@@ -364,10 +364,10 @@ public class KeyStoreLoginModule implements LoginModule {
             NameCallback aliasCallback;
             if (keyStoreAlias == null || keyStoreAlias.length() == 0) {
                 aliasCallback = new NameCallback(
-                                        rb.getString("Keystore alias: "));
+                                        rb.getString("Keystore.alias."));
             } else {
                 aliasCallback =
-                    new NameCallback(rb.getString("Keystore alias: "),
+                    new NameCallback(rb.getString("Keystore.alias."),
                                      keyStoreAlias);
             }
 
@@ -379,11 +379,11 @@ public class KeyStoreLoginModule implements LoginModule {
                 break;
             case NORMAL:
                 keyPassCallback = new PasswordCallback
-                    (rb.getString("Private key password (optional): "), false);
+                    (rb.getString("Private.key.password.optional."), false);
                 // fall thru
             case TOKEN:
                 storePassCallback = new PasswordCallback
-                    (rb.getString("Keystore password: "), false);
+                    (rb.getString("Keystore.password."), false);
                 break;
             }
             prompt(aliasCallback, storePassCallback, keyPassCallback);

jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java

@@ -27,7 +27,6 @@
 package com.sun.security.auth.module;
 
 import java.io.*;
-import java.net.*;
 import java.text.MessageFormat;
 import java.util.*;
 
@@ -38,9 +37,6 @@ import javax.security.auth.login.*;
 import javax.security.auth.spi.*;
 
 import sun.security.krb5.*;
-import sun.security.krb5.Config;
-import sun.security.krb5.RealmException;
-import sun.security.util.AuthResources;
 import sun.security.jgss.krb5.Krb5Util;
 import sun.security.krb5.Credentials;
 import sun.misc.HexDumpEncoder;
@@ -685,32 +681,27 @@ public class Krb5LoginModule implements LoginModule {
                     }
 
                 }
+
+                KrbAsReqBuilder builder;
                 // We can't get the key from the keytab so prompt
                 if (encKeys == null) {
                     promptForPass(getPasswdFromSharedState);
-
+                    builder = new KrbAsReqBuilder(principal, password);
-                    encKeys = EncryptionKey.acquireSecretKeys(
-                        password, principal.getSalt());
-
                     if (isInitiator) {
-                        if (debug)
+                        // XXX Even if isInitiator=false, it might be
-                            System.out.println("Acquire TGT using AS Exchange");
+                        // better to do an AS-REQ so that keys can be
-                        cred = Credentials.acquireTGT(principal,
+                        // updated with PA info
-                                                encKeys, password);
+                        cred = builder.action().getCreds();
-                        // update keys after pre-auth
-                        encKeys = EncryptionKey.acquireSecretKeys(password,
-                                                        principal.getSalt());
                     }
+                    encKeys = builder.getKeys();
                 } else {
+                    builder = new KrbAsReqBuilder(principal, encKeys);
                     if (isInitiator) {
-                        if (debug)
+                        cred = builder.action().getCreds();
-                            System.out.println("Acquire TGT using AS Exchange");
-                        cred = Credentials.acquireTGT(principal,
-                                                encKeys, password);
                     }
                 }
+                builder.destroy();
 
-                // Get the TGT using AS Exchange
                 if (debug) {
                     System.out.println("principal is " + principal);
                     HexDumpEncoder hd = new HexDumpEncoder();
@@ -780,7 +771,7 @@ public class Krb5LoginModule implements LoginModule {
                 Callback[] callbacks = new Callback[1];
                 MessageFormat form = new MessageFormat(
                                        rb.getString(
-                                       "Kerberos username [[defUsername]]: "));
+                                       "Kerberos.username.defUsername."));
                 Object[] source =  {defUsername};
                 callbacks[0] = new NameCallback(form.format(source));
                 callbackHandler.handle(callbacks);
@@ -835,7 +826,7 @@ public class Krb5LoginModule implements LoginModule {
                 String userName = krb5PrincName.toString();
                 MessageFormat form = new MessageFormat(
                                          rb.getString(
-                                         "Kerberos password for [username]: "));
+                                         "Kerberos.password.for.username."));
                 Object[] source = {userName};
                 callbacks[0] = new PasswordCallback(
                                                     form.format(source),

jdk/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -969,8 +969,8 @@ public class LdapLoginModule implements LoginModule {
                 "to acquire authentication information from the user");
 
         Callback[] callbacks = new Callback[2];
-        callbacks[0] = new NameCallback(rb.getString("username: "));
+        callbacks[0] = new NameCallback(rb.getString("username."));
-        callbacks[1] = new PasswordCallback(rb.getString("password: "), false);
+        callbacks[1] = new PasswordCallback(rb.getString("password."), false);
 
         try {
             callbackHandler.handle(callbacks);

jdk/src/share/classes/com/sun/servicetag/SunConnection.java

@@ -51,8 +51,8 @@ import javax.net.ssl.HttpsURLConnection;
  */
 class SunConnection {
 
-    private static String JDK_REGISTRATION_URL = "https://inventory.sun.com/";
+    private static String JDK_REGISTRATION_URL = "https://hs-ws1.oracle.com/";
-    private static String SANDBOX_TESTING_URL = "https://inventory-beta.sun.com/";
+    private static String SANDBOX_TESTING_URL = "https://hs-ws1-tst.oracle.com/";
     private static String REGISTRATION_WEB_PATH = "RegistrationWeb/register";
 
     // System properties for testing

jdk/src/share/classes/com/sun/servicetag/resources/register.html

@@ -64,7 +64,7 @@ a:visited,a:visited code{color:#917E9C}
         </ul>
         <p class="style1">Product registration is FREE, quick and easy!</p>
         <blockquote>
-          <p class="style1">All you need is a Sun Developer Network or other Sun Online account. If you don't already have one, you will be prompted to create one. </p>
+          <p class="style1">All you need is an Oracle.com account. If you don't already have one, you will be prompted to create one. </p>
           <table width="708" border="0" cellspacing="0" cellpadding="3">
             <tr valign="top">
               <td width="126" height="35">
@@ -83,9 +83,9 @@ a:visited,a:visited code{color:#917E9C}
        <td bgcolor="#f1f7df">
        <p class="style3">Oracle Corporation respects your privacy. 
     We will use your personal information for communications 
-    and management of your Sun Online Account, the services 
+    and management of your Oracle.com account, the services 
-    and applications you access using your Sun Online Account, 
+    and applications you access using your Oracle.com account, 
-    and the products and systems you register with your Sun Online Account.</p>
+    and the products and systems you register with your Oracle.com account.</p>
                 <p class="style3">For more information on the data that will be collected as 
           part of the registration process and how it will be managed <br>
           see <a href="http://java.sun.com/javase/registration/JDKRegistrationPrivacy.html">http://java.sun.com/javase/registration/JDKRegistrationPrivacy.html</a>. <br>      

jdk/src/share/classes/com/sun/servicetag/resources/register_ja.html

@@ -59,7 +59,7 @@ a:visited,a:visited code{color:#917E9C}
         </ul>
         <p class="style1">製品登録は無料であり、迅速で簡単です。</p>
         <blockquote>
-          <p class="style1">必要になるのは、Sun 開発者向けネットワークアカウントまたはその他の Sun オンラインアカウントだけです。 まだアカウントがない場合は、アカウントの作成が求められます。 </p>
+          <p class="style1">必要になるのは、Oracle.com アカウントだけです。 まだアカウントがない場合は、アカウントの作成が求められます。 </p>
           <table width="708" border="0" cellspacing="0" cellpadding="3">
             <tr valign="top">
               <td width="126" height="35"><form name="form1" method="post" action="@@REGISTRATION_URL@@" enctype="text/xml">
@@ -75,7 +75,7 @@ a:visited,a:visited code{color:#917E9C}
    <tr>
        <td>&nbsp;</td>
 	<td bgcolor="#f1f7df">
-        <p class="style3">Oracle Corporation は、お客様のプライバシーを尊重します。 お客様の個人情報は、お客様の Sun オンラインアカウント、お客様が Sun オンラインアカウントを使用してアクセスするサービスとアプリケーション、およびお客様が Sun オンラインアカウントで登録する製品とシステムの通信と管理に使用します。</p>
+        <p class="style3">Oracle Corporation は、お客様のプライバシーを尊重します。 お客様の個人情報は、お客様の Oracle.com アカウント、お客様が Oracle.com アカウントを使用してアクセスするサービスとアプリケーション、およびお客様が Oracle.com アカウントで登録する製品とシステムの通信と管理に使用します。</p>
                 <p class="style3">登録の際に収集されるデータや、それらがどのように管理されるかについての詳細は、<br><a href="http://java.sun.com/javase/ja/registration/JDKRegistrationPrivacy.html">http://java.sun.com/javase/ja/registration/JDKRegistrationPrivacy.html</a> を参照してください。 <br> <br> Oracle のプライバシーポリシーについての詳細は、<a href="http://www.oracle.com/html/privacy.html">http://www.oracle.com/html/privacy.html</a> を参照するか、<a class="moz-txt-link-rfc2396E" href="mailto:privacy_ww@oracle.com">お問い合わせフォーム</a>からお問い合わせください。</p></td>
   </tr>
   <tr>

jdk/src/share/classes/com/sun/servicetag/resources/register_zh_CN.html

@@ -60,7 +60,7 @@ a:visited,a:visited code{color:#917E9C}
         </ul>
 <p class="style1">产品注册是免费的，即快速又轻松！</p>
         <blockquote>
-<p class="style1">您需要具有 Sun 开发者网络或其他 Sun 联机帐户。如果您没有，系统将提示您创建一个。 </p>
+<p class="style1">您需要具有 Oracle.com 帐户。如果您没有，系统将提示您创建一个。 </p>
           <table width="708" border="0" cellspacing="0" cellpadding="3">
             <tr valign="top">
               <td width="126" height="35"><form name="form1" method="post" action="@@REGISTRATION_URL@@" enctype="text/xml">
@@ -76,7 +76,7 @@ a:visited,a:visited code{color:#917E9C}
     <tr>
        <td>&nbsp;</td>
 	<td bgcolor="#f1f7df">
-        <p class="style3">Oracle 尊重您的隐私。我们会将您的个人信息用于通信和 Sun 联机帐户的管理、Sun 联机帐户访问的服务和应用程序以及用于使用 Sun 联机帐户注册的产品和系统。</p>
+        <p class="style3">Oracle 尊重您的隐私。我们会将您的个人信息用于通信和 Oracle.com 帐户的管理、Oracle.com 帐户访问的服务和应用程序以及用于使用 Oracle.com 帐户注册的产品和系统。</p>
 <p class="style3">有关注册过程中收集的数据以及这些数据的管理方式的更多信息，<br>请访问 <a href="http://java.sun.com/javase/registration/JDKRegistrationPrivacy.html">http://java.sun.com/javase/registration/JDKRegistrationPrivacy.html</a>。<br> <br>有关 Oracle 隐私政策的更多信息，请访问 <a href="http://www.oracle.com/html/privacy.html">http://www.oracle.com/html/privacy.html</a> 或与 <a class="moz-txt-link-rfc2396E" href="mailto:privacy_ww@oracle.com">privacy_ww@oracle.com</a> 联系。</p></td>
   </tr>
   <tr>

jdk/src/share/classes/java/awt/Component.java

@@ -2154,6 +2154,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      *
      * @param d the dimension specifying the new size
      *          of this component
+     * @throws NullPointerException if {@code d} is {@code null}
      * @see #setSize
      * @see #setBounds
      * @see #invalidate
@@ -2351,6 +2352,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * invalidates the component hierarchy.
      *
      * @param r the new bounding rectangle for this component
+     * @throws NullPointerException if {@code r} is {@code null}
      * @see       #getBounds
      * @see       #setLocation(int, int)
      * @see       #setLocation(Point)
@@ -4545,6 +4547,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * where the point's <i>x</i> and <i>y</i> coordinates are defined
      * to be relative to the coordinate system of this component.
      * @param     p     the point
+     * @throws    NullPointerException if {@code p} is {@code null}
      * @see       #getComponentAt(Point)
      * @since     JDK1.1
      */
@@ -5879,7 +5882,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * @exception ClassCastException if <code>listenerType</code>
      *          doesn't specify a class or interface that implements
      *          <code>java.util.EventListener</code>
-     *
+     * @throws NullPointerException if {@code listenerType} is {@code null}
      * @see #getComponentListeners
      * @see #getFocusListeners
      * @see #getHierarchyListeners
@@ -8038,6 +8041,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * Prints a listing of this component to the specified output
      * stream.
      * @param    out   a print stream
+     * @throws   NullPointerException if {@code out} is {@code null}
      * @since    JDK1.0
      */
     public void list(PrintStream out) {
@@ -8050,6 +8054,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * @param     out      a print stream
      * @param     indent   number of spaces to indent
      * @see       java.io.PrintStream#println(java.lang.Object)
+     * @throws    NullPointerException if {@code out} is {@code null}
      * @since     JDK1.0
      */
     public void list(PrintStream out, int indent) {
@@ -8062,6 +8067,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
     /**
      * Prints a listing to the specified print writer.
      * @param  out  the print writer to print to
+     * @throws NullPointerException if {@code out} is {@code null}
      * @since JDK1.1
      */
     public void list(PrintWriter out) {
@@ -8073,6 +8079,7 @@ public abstract class Component implements ImageObserver, MenuContainer,
      * the specified print writer.
      * @param out the print writer to print to
      * @param indent the number of spaces to indent
+     * @throws NullPointerException if {@code out} is {@code null}
      * @see       java.io.PrintStream#println(java.lang.Object)
      * @since JDK1.1
      */

jdk/src/share/classes/java/awt/Container.java

@@ -1231,6 +1231,7 @@ public class Container extends Component {
      * reflect the changes.
      *
      * @param comp the component to be removed
+     * @throws NullPointerException if {@code comp} is {@code null}
      * @see #add
      * @see #invalidate
      * @see #validate
@@ -2154,6 +2155,7 @@ public class Container extends Component {
      * @exception ClassCastException if <code>listenerType</code>
      *          doesn't specify a class or interface that implements
      *          <code>java.util.EventListener</code>
+     * @exception NullPointerException if {@code listenerType} is {@code null}
      *
      * @see #getContainerListeners
      *
@@ -2705,6 +2707,7 @@ public class Container extends Component {
      * If there is no child component at the requested point and the
      * point is within the bounds of the container the container itself
      * is returned.
+     * @throws NullPointerException if {@code p} is {@code null}
      * @see Component#contains
      * @see #getComponentAt
      * @since 1.2
@@ -2969,6 +2972,7 @@ public class Container extends Component {
      *
      * @param    out      a print stream
      * @param    indent   the number of spaces to indent
+     * @throws   NullPointerException if {@code out} is {@code null}
      * @see      Component#list(java.io.PrintStream, int)
      * @since    JDK1.0
      */
@@ -2995,6 +2999,7 @@ public class Container extends Component {
      *
      * @param    out      a print writer
      * @param    indent   the number of spaces to indent
+     * @throws   NullPointerException if {@code out} is {@code null}
      * @see      Component#list(java.io.PrintWriter, int)
      * @since    JDK1.1
      */

jdk/src/share/classes/java/awt/ScrollPane.java

@@ -377,6 +377,7 @@ public class ScrollPane extends Container implements Accessible {
      * This is a convenience method which interfaces with the Adjustable
      * objects which represent the state of the scrollbars.
      * @param p the Point representing the position to scroll to
+     * @throws NullPointerException if {@code p} is {@code null}
      */
     public void setScrollPosition(Point p) {
         setScrollPosition(p.x, p.y);

jdk/src/share/classes/java/awt/Window.java

@@ -1888,6 +1888,7 @@ public class Window extends Container implements Accessible {
      * @exception ClassCastException if <code>listenerType</code>
      *          doesn't specify a class or interface that implements
      *          <code>java.util.EventListener</code>
+     * @exception NullPointerException if {@code listenerType} is {@code null}
      *
      * @see #getWindowListeners
      * @since 1.3

jdk/src/share/classes/java/io/ByteArrayInputStream.java

@@ -179,11 +179,14 @@ class ByteArrayInputStream extends InputStream {
         } else if (off < 0 || len < 0 || len > b.length - off) {
             throw new IndexOutOfBoundsException();
         }
+
         if (pos >= count) {
             return -1;
         }
-        if (pos + len > count) {
+
-            len = count - pos;
+        int avail = count - pos;
+        if (len > avail) {
+            len = avail;
         }
         if (len <= 0) {
             return 0;
@@ -206,14 +209,13 @@ class ByteArrayInputStream extends InputStream {
      * @return  the actual number of bytes skipped.
      */
     public synchronized long skip(long n) {
-        if (pos + n > count) {
+        long k = count - pos;
-            n = count - pos;
+        if (n < k) {
+            k = n < 0 ? 0 : n;
         }
-        if (n < 0) {
+
-            return 0;
+        pos += k;
-        }
+        return k;
-        pos += n;
-        return n;
     }
 
     /**

jdk/src/share/classes/java/lang/StackTraceElement.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package java.lang;
 
+import java.util.Objects;
+
 /**
  * An element in a stack trace, as returned by {@link
  * Throwable#getStackTrace()}.  Each element represents a single stack frame.
@@ -53,26 +55,21 @@ public final class StackTraceElement implements java.io.Serializable {
      * @param methodName the name of the method containing the execution point
      *        represented by the stack trace element
      * @param fileName the name of the file containing the execution point
-     *         represented by the stack trace element, or <tt>null</tt> if
+     *         represented by the stack trace element, or {@code null} if
      *         this information is unavailable
      * @param lineNumber the line number of the source line containing the
      *         execution point represented by this stack trace element, or
      *         a negative number if this information is unavailable. A value
      *         of -2 indicates that the method containing the execution point
      *         is a native method
-     * @throws NullPointerException if <tt>declaringClass</tt> or
+     * @throws NullPointerException if {@code declaringClass} or
-     *         <tt>methodName</tt> is null
+     *         {@code methodName} is null
      * @since 1.5
      */
     public StackTraceElement(String declaringClass, String methodName,
                              String fileName, int lineNumber) {
-        if (declaringClass == null)
+        this.declaringClass = Objects.nonNull(declaringClass, "Declaring class is null");
-            throw new NullPointerException("Declaring class is null");
+        this.methodName     = Objects.nonNull(methodName, "Method name is null");
-        if (methodName == null)
-            throw new NullPointerException("Method name is null");
-
-        this.declaringClass = declaringClass;
-        this.methodName     = methodName;
         this.fileName       = fileName;
         this.lineNumber     = lineNumber;
     }
@@ -80,13 +77,13 @@ public final class StackTraceElement implements java.io.Serializable {
     /**
      * Returns the name of the source file containing the execution point
      * represented by this stack trace element.  Generally, this corresponds
-     * to the <tt>SourceFile</tt> attribute of the relevant <tt>class</tt>
+     * to the {@code SourceFile} attribute of the relevant {@code class}
      * file (as per <i>The Java Virtual Machine Specification</i>, Section
      * 4.7.7).  In some systems, the name may refer to some source code unit
      * other than a file, such as an entry in source repository.
      *
      * @return the name of the file containing the execution point
-     *         represented by this stack trace element, or <tt>null</tt> if
+     *         represented by this stack trace element, or {@code null} if
      *         this information is unavailable.
      */
     public String getFileName() {
@@ -96,8 +93,8 @@ public final class StackTraceElement implements java.io.Serializable {
     /**
      * Returns the line number of the source line containing the execution
      * point represented by this stack trace element.  Generally, this is
-     * derived from the <tt>LineNumberTable</tt> attribute of the relevant
+     * derived from the {@code LineNumberTable} attribute of the relevant
-     * <tt>class</tt> file (as per <i>The Java Virtual Machine
+     * {@code class} file (as per <i>The Java Virtual Machine
      * Specification</i>, Section 4.7.8).
      *
      * @return the line number of the source line containing the execution
@@ -112,7 +109,7 @@ public final class StackTraceElement implements java.io.Serializable {
      * Returns the fully qualified name of the class containing the
      * execution point represented by this stack trace element.
      *
-     * @return the fully qualified name of the <tt>Class</tt> containing
+     * @return the fully qualified name of the {@code Class} containing
      *         the execution point represented by this stack trace element.
      */
     public String getClassName() {
@@ -123,8 +120,8 @@ public final class StackTraceElement implements java.io.Serializable {
      * Returns the name of the method containing the execution point
      * represented by this stack trace element.  If the execution point is
      * contained in an instance or class initializer, this method will return
-     * the appropriate <i>special method name</i>, <tt>&lt;init&gt;</tt> or
+     * the appropriate <i>special method name</i>, {@code <init>} or
-     * <tt>&lt;clinit&gt;</tt>, as per Section 3.9 of <i>The Java Virtual
+     * {@code <clinit>}, as per Section 3.9 of <i>The Java Virtual
      * Machine Specification</i>.
      *
      * @return the name of the method containing the execution point
@@ -138,7 +135,7 @@ public final class StackTraceElement implements java.io.Serializable {
      * Returns true if the method containing the execution point
      * represented by this stack trace element is a native method.
      *
-     * @return <tt>true</tt> if the method containing the execution point
+     * @return {@code true} if the method containing the execution point
      *         represented by this stack trace element is a native method.
      */
     public boolean isNativeMethod() {
@@ -151,21 +148,21 @@ public final class StackTraceElement implements java.io.Serializable {
      * examples may be regarded as typical:
      * <ul>
      * <li>
-     *   <tt>"MyClass.mash(MyClass.java:9)"</tt> - Here, <tt>"MyClass"</tt>
+     *   {@code "MyClass.mash(MyClass.java:9)"} - Here, {@code "MyClass"}
      *   is the <i>fully-qualified name</i> of the class containing the
      *   execution point represented by this stack trace element,
-     *   <tt>"mash"</tt> is the name of the method containing the execution
+     *   {@code "mash"} is the name of the method containing the execution
-     *   point, <tt>"MyClass.java"</tt> is the source file containing the
+     *   point, {@code "MyClass.java"} is the source file containing the
-     *   execution point, and <tt>"9"</tt> is the line number of the source
+     *   execution point, and {@code "9"} is the line number of the source
      *   line containing the execution point.
      * <li>
-     *   <tt>"MyClass.mash(MyClass.java)"</tt> - As above, but the line
+     *   {@code "MyClass.mash(MyClass.java)"} - As above, but the line
      *   number is unavailable.
      * <li>
-     *   <tt>"MyClass.mash(Unknown Source)"</tt> - As above, but neither
+     *   {@code "MyClass.mash(Unknown Source)"} - As above, but neither
      *   the file name nor the line  number are available.
      * <li>
-     *   <tt>"MyClass.mash(Native Method)"</tt> - As above, but neither
+     *   {@code "MyClass.mash(Native Method)"} - As above, but neither
      *   the file name nor the line  number are available, and the method
      *   containing the execution point is known to be a native method.
      * </ul>
@@ -181,25 +178,21 @@ public final class StackTraceElement implements java.io.Serializable {
 
     /**
      * Returns true if the specified object is another
-     * <tt>StackTraceElement</tt> instance representing the same execution
+     * {@code StackTraceElement} instance representing the same execution
-     * point as this instance.  Two stack trace elements <tt>a</tt> and
+     * point as this instance.  Two stack trace elements {@code a} and
-     * <tt>b</tt> are equal if and only if:
+     * {@code b} are equal if and only if:
      * <pre>
      *     equals(a.getFileName(), b.getFileName()) &&
      *     a.getLineNumber() == b.getLineNumber()) &&
      *     equals(a.getClassName(), b.getClassName()) &&
      *     equals(a.getMethodName(), b.getMethodName())
      * </pre>
-     * where <tt>equals</tt> is defined as:
+     * where {@code equals} has the semantics of {@link
-     * <pre>
+     * java.util.Objects#equals(Object, Object) Objects.equals}.
-     *     static boolean equals(Object a, Object b) {
-     *         return a==b || (a != null && a.equals(b));
-     *     }
-     * </pre>
      *
      * @param  obj the object to be compared with this stack trace element.
      * @return true if the specified object is another
-     *         <tt>StackTraceElement</tt> instance representing the same
+     *         {@code StackTraceElement} instance representing the same
      *         execution point as this instance.
      */
     public boolean equals(Object obj) {
@@ -208,12 +201,10 @@ public final class StackTraceElement implements java.io.Serializable {
         if (!(obj instanceof StackTraceElement))
             return false;
         StackTraceElement e = (StackTraceElement)obj;
-        return e.declaringClass.equals(declaringClass) && e.lineNumber == lineNumber
+        return e.declaringClass.equals(declaringClass) &&
-            && eq(methodName, e.methodName) && eq(fileName, e.fileName);
+            e.lineNumber == lineNumber &&
-    }
+            Objects.equals(methodName, e.methodName) &&
-
+            Objects.equals(fileName, e.fileName);
-    private static boolean eq(Object a, Object b) {
-        return a==b || (a != null && a.equals(b));
     }
 
     /**
@@ -221,7 +212,7 @@ public final class StackTraceElement implements java.io.Serializable {
      */
     public int hashCode() {
         int result = 31*declaringClass.hashCode() + methodName.hashCode();
-        result = 31*result + (fileName == null ?   0 : fileName.hashCode());
+        result = 31*result + Objects.hashCode(fileName);
         result = 31*result + lineNumber;
         return result;
     }

jdk/src/share/classes/java/lang/Thread.java

@@ -229,7 +229,7 @@ class Thread implements Runnable {
      * after setting this thread's interrupt status.
      */
     private volatile Interruptible blocker;
-    private Object blockerLock = new Object();
+    private final Object blockerLock = new Object();
 
     /* Set the blocker field; invoked via sun.misc.SharedSecrets from java.nio code
      */
@@ -688,16 +688,19 @@ class Thread implements Runnable {
             throw new IllegalThreadStateException();
 
         /* Notify the group that this thread is about to be started
-         * so that it can be added to the group's list of threads. */
+         * so that it can be added to the group's list of threads
+         * and the group's unstarted count can be decremented. */
         group.threadStarting(this);
 
-        boolean failed = true;
+        boolean started = false;
         try {
             start0();
-            failed = false;
+            started = true;
         } finally {
             try {
-                group.threadStarted(this, failed);
+                if (!started) {
+                    group.threadStartFailed(this);
+                }
             } catch (Throwable ignore) {
                 /* do nothing. If start0 threw a Throwable then
                   it will be passed up the call stack */
@@ -955,7 +958,7 @@ class Thread implements Runnable {
             Interruptible b = blocker;
             if (b != null) {
                 interrupt0();           // Just to set the interrupt flag
-                b.interrupt();
+                b.interrupt(this);
                 return;
             }
         }

jdk/src/share/classes/java/lang/ThreadGroup.java

@@ -870,9 +870,16 @@ class ThreadGroup implements Thread.UncaughtExceptionHandler {
     /**
      * Notifies the group that the thread {@code t} is about to be
      * started and adds the thread to this thread group.
+     *
+     * The thread is now a fully fledged member of the group, even though
+     * it hasn't been started yet. It will prevent the group from being
+     * destroyed so the unstarted Threads count is decremented.
      */
     void threadStarting(Thread t) {
-        add(t);
+        synchronized (this) {
+            add(t);
+            nUnstartedThreads--;
+        }
     }
 
     /**
@@ -907,12 +914,10 @@ class ThreadGroup implements Thread.UncaughtExceptionHandler {
     }
 
     /**
-     * Notifies the group that the thread {@code t} has completed
+     * Notifies the group that the thread {@code t} has failed
      * an attempt to start.
      *
-     * <p> If the thread has been started successfully
+     * <p> The state of this thread group is rolled back as if the
-     * then the group has its unstarted Threads count decremented.
-     * Otherwise the state of this thread group is rolled back as if the
      * attempt to start the thread has never occurred. The thread is again
      * considered an unstarted member of the thread group, and a subsequent
      * attempt to start the thread is permitted.
@@ -923,16 +928,10 @@ class ThreadGroup implements Thread.UncaughtExceptionHandler {
      * @param  failed
      *         true if the thread could not be started successfully
      */
-    void threadStarted(Thread t, boolean failed) {
+    void threadStartFailed(Thread t) {
         synchronized(this) {
-            if (failed) {
+            remove(t);
-                remove(t);
+            nUnstartedThreads++;
-            } else {
-                if (destroyed) {
-                    return;
-                }
-                nUnstartedThreads--;
-            }
         }
     }
 

jdk/src/share/classes/java/lang/Throwable.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -169,6 +169,36 @@ public class Throwable implements Serializable {
      */
     private String detailMessage;
 
+    /**
+     * A shared value for an empty stack.
+     */
+    private static final StackTraceElement[] EMPTY_STACK = new StackTraceElement[0];
+
+    /*
+     * To allow Throwable objects to be made immutable and safely
+     * reused by the JVM, such as OutOfMemoryErrors, fields of
+     * Throwable that are writable in response to user actions, cause
+     * and suppressedExceptions obey the following protocol:
+     *
+     * 1) The fields are initialized to a non-null sentinel value
+     * which indicates the value has logically not been set.
+     *
+     * 2) Writing a null to the field indicates further writes
+     * are forbidden
+     *
+     * 3) The sentinel value may be replaced with another non-null
+     * value.
+     *
+     * For example, implementations of the HotSpot JVM have
+     * preallocated OutOfMemoryError objects to provide for better
+     * diagnosability of that situation.  These objects are created
+     * without calling the constructor for that class and the fields
+     * in question are initialized to null.  To support this
+     * capability, any new fields added to Throwable that require
+     * being initialized to a non-null value require a coordinated JVM
+     * change.
+     */
+
     /**
      * The throwable that caused this throwable to get thrown, or null if this
      * throwable was not caused by another throwable, or if the causative
@@ -188,32 +218,30 @@ public class Throwable implements Serializable {
      * @since 1.4
      */
     private StackTraceElement[] stackTrace;
-    /*
+
-     * This field is lazily initialized on first use or serialization and
+    // Setting this static field introduces an acceptable
-     * nulled out when fillInStackTrace is called.
+    // initialization dependency on a few java.util classes.
-     */
+    private static final List<Throwable> SUPPRESSED_SENTINEL =
+        Collections.unmodifiableList(new ArrayList<Throwable>(0));
 
     /**
-     * The list of suppressed exceptions, as returned by
+     * The list of suppressed exceptions, as returned by {@link
-     * {@link #getSuppressedExceptions()}.
+     * #getSuppressed()}.  The list is initialized to a zero-element
+     * unmodifiable sentinel list.  When a serialized Throwable is
+     * read in, if the {@code suppressedExceptions} field points to a
+     * zero-element list, the field is reset to the sentinel value.
      *
      * @serial
      * @since 1.7
      */
-    private List<Throwable> suppressedExceptions = null;
+    private List<Throwable> suppressedExceptions = SUPPRESSED_SENTINEL;
-    /*
-     * This field is lazily initialized when the first suppressed
-     * exception is added.
-     *
-     * OutOfMemoryError is preallocated in the VM for better OOM
-     * diagnosability during VM initialization. Constructor can't
-     * be not invoked. If a new field to be added in the future must
-     * be initialized to non-null, it requires a synchronized VM change.
-     */
 
     /** Message for trying to suppress a null exception. */
     private static final String NULL_CAUSE_MESSAGE = "Cannot suppress a null exception.";
 
+    /** Message for trying to suppress oneself. */
+    private static final String SELF_SUPPRESSION_MESSAGE = "Self-suppression not permitted";
+
     /** Caption  for labeling causative exception stack traces */
     private static final String CAUSE_CAPTION = "Caused by: ";
 
@@ -572,7 +600,7 @@ public class Throwable implements Serializable {
                 s.println("\tat " + traceElement);
 
             // Print suppressed exceptions, if any
-            for (Throwable se : getSuppressedExceptions())
+            for (Throwable se : getSuppressed())
                 se.printEnclosedStackTrace(s, trace, SUPPRESSED_CAPTION, "\t", dejaVu);
 
             // Print cause, if any
@@ -613,7 +641,7 @@ public class Throwable implements Serializable {
                 s.println(prefix + "\t... " + framesInCommon + " more");
 
             // Print suppressed exceptions, if any
-            for (Throwable se : getSuppressedExceptions())
+            for (Throwable se : getSuppressed())
                 se.printEnclosedStackTrace(s, trace, SUPPRESSED_CAPTION,
                                            prefix +"\t", dejaVu);
 
@@ -780,25 +808,58 @@ public class Throwable implements Serializable {
      */
     native StackTraceElement getStackTraceElement(int index);
 
+    /**
+     * Read a {@code Throwable} from a stream, enforcing
+     * well-formedness constraints on fields.  Null entries and
+     * self-pointers are not allowed in the list of {@code
+     * suppressedExceptions}.  Null entries are not allowed for stack
+     * trace elements.
+     *
+     * Note that there are no constraints on the value the {@code
+     * cause} field can hold; both {@code null} and {@code this} are
+     * valid values for the field.
+     */
     private void readObject(ObjectInputStream s)
         throws IOException, ClassNotFoundException {
         s.defaultReadObject();     // read in all fields
-        List<Throwable> suppressed = null;
+        if (suppressedExceptions != null) {
-        if (suppressedExceptions != null &&
+            List<Throwable> suppressed = null;
-            !suppressedExceptions.isEmpty()) { // Copy Throwables to new list
+            if (suppressedExceptions.isEmpty()) {
-            suppressed = new ArrayList<Throwable>();
+                // Use the sentinel for a zero-length list
-            for (Throwable t : suppressedExceptions) {
+                suppressed = SUPPRESSED_SENTINEL;
-                if (t == null)
+            } else { // Copy Throwables to new list
-                    throw new NullPointerException(NULL_CAUSE_MESSAGE);
+                suppressed = new ArrayList<Throwable>(1);
-                suppressed.add(t);
+                for (Throwable t : suppressedExceptions) {
+                    // Enforce constraints on suppressed exceptions in
+                    // case of corrupt or malicious stream.
+                    if (t == null)
+                        throw new NullPointerException(NULL_CAUSE_MESSAGE);
+                    if (t == this)
+                        throw new IllegalArgumentException(SELF_SUPPRESSION_MESSAGE);
+                    suppressed.add(t);
+                }
             }
+            suppressedExceptions = suppressed;
+        } // else a null suppressedExceptions field remains null
+
+        if (stackTrace != null) {
+            for (StackTraceElement ste : stackTrace) {
+                if (ste == null)
+                    throw new NullPointerException("null StackTraceElement in serial stream. ");
+            }
+        } else {
+            // A null stackTrace field in the serial form can result from
+            // an exception serialized without that field in older JDK releases.
+            stackTrace = EMPTY_STACK;
         }
-        suppressedExceptions = suppressed;
+
     }
 
+    /**
+     * Write a {@code Throwable} object to a stream.
+     */
     private synchronized void writeObject(ObjectOutputStream s)
-        throws IOException
+        throws IOException {
-    {
         getOurStackTrace();  // Ensure that stackTrace field is initialized.
         s.defaultWriteObject();
     }
@@ -808,6 +869,14 @@ public class Throwable implements Serializable {
      * were suppressed, typically by the {@code try}-with-resources
      * statement, in order to deliver this exception.
      *
+     * If the first exception to be suppressed is {@code null}, that
+     * indicates suppressed exception information will <em>not</em> be
+     * recorded for this exception.  Subsequent calls to this method
+     * will not record any suppressed exceptions.  Otherwise,
+     * attempting to suppress {@code null} after an exception has
+     * already been successfully suppressed results in a {@code
+     * NullPointerException}.
+     *
      * <p>Note that when one exception {@linkplain
      * #initCause(Throwable) causes} another exception, the first
      * exception is usually caught and then the second exception is
@@ -819,20 +888,35 @@ public class Throwable implements Serializable {
      *
      * @param exception the exception to be added to the list of
      *        suppressed exceptions
-     * @throws NullPointerException if {@code exception} is null
      * @throws IllegalArgumentException if {@code exception} is this
      *         throwable; a throwable cannot suppress itself.
+     * @throws NullPointerException if {@code exception} is null and
+     *         an exception has already been suppressed by this exception
      * @since 1.7
      */
-    public synchronized void addSuppressedException(Throwable exception) {
+    public final synchronized void addSuppressed(Throwable exception) {
-        if (exception == null)
-            throw new NullPointerException(NULL_CAUSE_MESSAGE);
         if (exception == this)
-            throw new IllegalArgumentException("Self-suppression not permitted");
+            throw new IllegalArgumentException(SELF_SUPPRESSION_MESSAGE);
 
-        if (suppressedExceptions == null)
+        if (exception == null) {
-            suppressedExceptions = new ArrayList<Throwable>();
+            if (suppressedExceptions == SUPPRESSED_SENTINEL) {
-        suppressedExceptions.add(exception);
+                suppressedExceptions = null; // No suppression information recorded
+                return;
+            } else
+                throw new NullPointerException(NULL_CAUSE_MESSAGE);
+        } else {
+            assert exception != null && exception != this;
+
+            if (suppressedExceptions == null) // Suppressed exceptions not recorded
+                return;
+
+            if (suppressedExceptions == SUPPRESSED_SENTINEL)
+                suppressedExceptions = new ArrayList<Throwable>(1);
+
+            assert suppressedExceptions != SUPPRESSED_SENTINEL;
+
+            suppressedExceptions.add(exception);
+        }
     }
 
     private static final Throwable[] EMPTY_THROWABLE_ARRAY = new Throwable[0];
@@ -842,12 +926,15 @@ public class Throwable implements Serializable {
      * suppressed, typically by the {@code try}-with-resources
      * statement, in order to deliver this exception.
      *
+     * If no exceptions were suppressed, an empty array is returned.
+     *
      * @return an array containing all of the exceptions that were
      *         suppressed to deliver this exception.
      * @since 1.7
      */
-    public synchronized Throwable[] getSuppressedExceptions() {
+    public final synchronized Throwable[] getSuppressed() {
-        if (suppressedExceptions == null)
+        if (suppressedExceptions == SUPPRESSED_SENTINEL ||
+            suppressedExceptions == null)
             return EMPTY_THROWABLE_ARRAY;
         else
             return suppressedExceptions.toArray(EMPTY_THROWABLE_ARRAY);

jdk/src/share/classes/java/nio/channels/spi/AbstractInterruptibleChannel.java

@@ -88,7 +88,7 @@ public abstract class AbstractInterruptibleChannel
     implements Channel, InterruptibleChannel
 {
 
-    private Object closeLock = new Object();
+    private final Object closeLock = new Object();
     private volatile boolean open = true;
 
     /**
@@ -142,7 +142,7 @@ public abstract class AbstractInterruptibleChannel
     // -- Interruption machinery --
 
     private Interruptible interruptor;
-    private volatile boolean interrupted = false;
+    private volatile Thread interrupted;
 
     /**
      * Marks the beginning of an I/O operation that might block indefinitely.
@@ -155,12 +155,12 @@ public abstract class AbstractInterruptibleChannel
     protected final void begin() {
         if (interruptor == null) {
             interruptor = new Interruptible() {
-                    public void interrupt() {
+                    public void interrupt(Thread target) {
                         synchronized (closeLock) {
                             if (!open)
                                 return;
-                            interrupted = true;
                             open = false;
+                            interrupted = target;
                             try {
                                 AbstractInterruptibleChannel.this.implCloseChannel();
                             } catch (IOException x) { }
@@ -168,8 +168,9 @@ public abstract class AbstractInterruptibleChannel
                     }};
         }
         blockedOn(interruptor);
-        if (Thread.currentThread().isInterrupted())
+        Thread me = Thread.currentThread();
-            interruptor.interrupt();
+        if (me.isInterrupted())
+            interruptor.interrupt(me);
     }
 
     /**
@@ -195,12 +196,13 @@ public abstract class AbstractInterruptibleChannel
         throws AsynchronousCloseException
     {
         blockedOn(null);
-        if (completed) {
+        Thread interrupted = this.interrupted;
-            interrupted = false;
+        if (interrupted != null && interrupted == Thread.currentThread()) {
-            return;
+            interrupted = null;
+            throw new ClosedByInterruptException();
         }
-        if (interrupted) throw new ClosedByInterruptException();
+        if (!completed && !open)
-        if (!open) throw new AsynchronousCloseException();
+            throw new AsynchronousCloseException();
     }
 
 

jdk/src/share/classes/java/nio/channels/spi/AbstractSelector.java

@@ -206,13 +206,14 @@ public abstract class AbstractSelector
     protected final void begin() {
         if (interruptor == null) {
             interruptor = new Interruptible() {
-                    public void interrupt() {
+                    public void interrupt(Thread ignore) {
                         AbstractSelector.this.wakeup();
                     }};
         }
         AbstractInterruptibleChannel.blockedOn(interruptor);
-        if (Thread.currentThread().isInterrupted())
+        Thread me = Thread.currentThread();
-            interruptor.interrupt();
+        if (me.isInterrupted())
+            interruptor.interrupt(me);
     }
 
     /**

jdk/src/share/classes/java/util/TreeMap.java

@@ -32,25 +32,26 @@ package java.util;
  * creation time, depending on which constructor is used.
  *
  * <p>This implementation provides guaranteed log(n) time cost for the
- * <tt>containsKey</tt>, <tt>get</tt>, <tt>put</tt> and <tt>remove</tt>
+ * {@code containsKey}, {@code get}, {@code put} and {@code remove}
  * operations.  Algorithms are adaptations of those in Cormen, Leiserson, and
- * Rivest's <I>Introduction to Algorithms</I>.
+ * Rivest's <em>Introduction to Algorithms</em>.
  *
- * <p>Note that the ordering maintained by a sorted map (whether or not an
+ * <p>Note that the ordering maintained by a tree map, like any sorted map, and
- * explicit comparator is provided) must be <i>consistent with equals</i> if
+ * whether or not an explicit comparator is provided, must be <em>consistent
- * this sorted map is to correctly implement the <tt>Map</tt> interface.  (See
+ * with {@code equals}</em> if this sorted map is to correctly implement the
- * <tt>Comparable</tt> or <tt>Comparator</tt> for a precise definition of
+ * {@code Map} interface.  (See {@code Comparable} or {@code Comparator} for a
- * <i>consistent with equals</i>.)  This is so because the <tt>Map</tt>
+ * precise definition of <em>consistent with equals</em>.)  This is so because
- * interface is defined in terms of the equals operation, but a map performs
+ * the {@code Map} interface is defined in terms of the {@code equals}
- * all key comparisons using its <tt>compareTo</tt> (or <tt>compare</tt>)
+ * operation, but a sorted map performs all key comparisons using its {@code
- * method, so two keys that are deemed equal by this method are, from the
+ * compareTo} (or {@code compare}) method, so two keys that are deemed equal by
- * standpoint of the sorted map, equal.  The behavior of a sorted map
+ * this method are, from the standpoint of the sorted map, equal.  The behavior
- * <i>is</i> well-defined even if its ordering is inconsistent with equals; it
+ * of a sorted map <em>is</em> well-defined even if its ordering is
- * just fails to obey the general contract of the <tt>Map</tt> interface.
+ * inconsistent with {@code equals}; it just fails to obey the general contract
+ * of the {@code Map} interface.
  *
  * <p><strong>Note that this implementation is not synchronized.</strong>
  * If multiple threads access a map concurrently, and at least one of the
- * threads modifies the map structurally, it <i>must</i> be synchronized
+ * threads modifies the map structurally, it <em>must</em> be synchronized
  * externally.  (A structural modification is any operation that adds or
  * deletes one or more mappings; merely changing the value associated
  * with an existing key is not a structural modification.)  This is
@@ -62,11 +63,11 @@ package java.util;
  * unsynchronized access to the map: <pre>
  *   SortedMap m = Collections.synchronizedSortedMap(new TreeMap(...));</pre>
  *
- * <p>The iterators returned by the <tt>iterator</tt> method of the collections
+ * <p>The iterators returned by the {@code iterator} method of the collections
  * returned by all of this class's "collection view methods" are
- * <i>fail-fast</i>: if the map is structurally modified at any time after the
+ * <em>fail-fast</em>: if the map is structurally modified at any time after
- * iterator is created, in any way except through the iterator's own
+ * the iterator is created, in any way except through the iterator's own
- * <tt>remove</tt> method, the iterator will throw a {@link
+ * {@code remove} method, the iterator will throw a {@link
  * ConcurrentModificationException}.  Thus, in the face of concurrent
  * modification, the iterator fails quickly and cleanly, rather than risking
  * arbitrary, non-deterministic behavior at an undetermined time in the future.
@@ -74,16 +75,16 @@ package java.util;
  * <p>Note that the fail-fast behavior of an iterator cannot be guaranteed
  * as it is, generally speaking, impossible to make any hard guarantees in the
  * presence of unsynchronized concurrent modification.  Fail-fast iterators
- * throw <tt>ConcurrentModificationException</tt> on a best-effort basis.
+ * throw {@code ConcurrentModificationException} on a best-effort basis.
  * Therefore, it would be wrong to write a program that depended on this
- * exception for its correctness:   <i>the fail-fast behavior of iterators
+ * exception for its correctness:   <em>the fail-fast behavior of iterators
- * should be used only to detect bugs.</i>
+ * should be used only to detect bugs.</em>
  *
- * <p>All <tt>Map.Entry</tt> pairs returned by methods in this class
+ * <p>All {@code Map.Entry} pairs returned by methods in this class
  * and its views represent snapshots of mappings at the time they were
- * produced. They do <em>not</em> support the <tt>Entry.setValue</tt>
+ * produced. They do <strong>not</strong> support the {@code Entry.setValue}
  * method. (Note however that it is possible to change mappings in the
- * associated map using <tt>put</tt>.)
+ * associated map using {@code put}.)
  *
  * <p>This class is a member of the
  * <a href="{@docRoot}/../technotes/guides/collections/index.html">
@@ -130,13 +131,13 @@ public class TreeMap<K,V>
      * Constructs a new, empty tree map, using the natural ordering of its
      * keys.  All keys inserted into the map must implement the {@link
      * Comparable} interface.  Furthermore, all such keys must be
-     * <i>mutually comparable</i>: <tt>k1.compareTo(k2)</tt> must not throw
+     * <em>mutually comparable</em>: {@code k1.compareTo(k2)} must not throw
-     * a <tt>ClassCastException</tt> for any keys <tt>k1</tt> and
+     * a {@code ClassCastException} for any keys {@code k1} and
-     * <tt>k2</tt> in the map.  If the user attempts to put a key into the
+     * {@code k2} in the map.  If the user attempts to put a key into the
      * map that violates this constraint (for example, the user attempts to
      * put a string key into a map whose keys are integers), the
-     * <tt>put(Object key, Object value)</tt> call will throw a
+     * {@code put(Object key, Object value)} call will throw a
-     * <tt>ClassCastException</tt>.
+     * {@code ClassCastException}.
      */
     public TreeMap() {
         comparator = null;
@@ -144,16 +145,16 @@ public class TreeMap<K,V>
 
     /**
      * Constructs a new, empty tree map, ordered according to the given
-     * comparator.  All keys inserted into the map must be <i>mutually
+     * comparator.  All keys inserted into the map must be <em>mutually
-     * comparable</i> by the given comparator: <tt>comparator.compare(k1,
+     * comparable</em> by the given comparator: {@code comparator.compare(k1,
-     * k2)</tt> must not throw a <tt>ClassCastException</tt> for any keys
+     * k2)} must not throw a {@code ClassCastException} for any keys
-     * <tt>k1</tt> and <tt>k2</tt> in the map.  If the user attempts to put
+     * {@code k1} and {@code k2} in the map.  If the user attempts to put
-     * a key into the map that violates this constraint, the <tt>put(Object
+     * a key into the map that violates this constraint, the {@code put(Object
-     * key, Object value)</tt> call will throw a
+     * key, Object value)} call will throw a
-     * <tt>ClassCastException</tt>.
+     * {@code ClassCastException}.
      *
      * @param comparator the comparator that will be used to order this map.
-     *        If <tt>null</tt>, the {@linkplain Comparable natural
+     *        If {@code null}, the {@linkplain Comparable natural
      *        ordering} of the keys will be used.
      */
     public TreeMap(Comparator<? super K> comparator) {
@@ -162,12 +163,12 @@ public class TreeMap<K,V>
 
     /**
      * Constructs a new tree map containing the same mappings as the given
-     * map, ordered according to the <i>natural ordering</i> of its keys.
+     * map, ordered according to the <em>natural ordering</em> of its keys.
      * All keys inserted into the new map must implement the {@link
      * Comparable} interface.  Furthermore, all such keys must be
-     * <i>mutually comparable</i>: <tt>k1.compareTo(k2)</tt> must not throw
+     * <em>mutually comparable</em>: {@code k1.compareTo(k2)} must not throw
-     * a <tt>ClassCastException</tt> for any keys <tt>k1</tt> and
+     * a {@code ClassCastException} for any keys {@code k1} and
-     * <tt>k2</tt> in the map.  This method runs in n*log(n) time.
+     * {@code k2} in the map.  This method runs in n*log(n) time.
      *
      * @param  m the map whose mappings are to be placed in this map
      * @throws ClassCastException if the keys in m are not {@link Comparable},
@@ -210,11 +211,11 @@ public class TreeMap<K,V>
     }
 
     /**
-     * Returns <tt>true</tt> if this map contains a mapping for the specified
+     * Returns {@code true} if this map contains a mapping for the specified
      * key.
      *
      * @param key key whose presence in this map is to be tested
-     * @return <tt>true</tt> if this map contains a mapping for the
+     * @return {@code true} if this map contains a mapping for the
      *         specified key
      * @throws ClassCastException if the specified key cannot be compared
      *         with the keys currently in the map
@@ -227,16 +228,16 @@ public class TreeMap<K,V>
     }
 
     /**
-     * Returns <tt>true</tt> if this map maps one or more keys to the
+     * Returns {@code true} if this map maps one or more keys to the
-     * specified value.  More formally, returns <tt>true</tt> if and only if
+     * specified value.  More formally, returns {@code true} if and only if
-     * this map contains at least one mapping to a value <tt>v</tt> such
+     * this map contains at least one mapping to a value {@code v} such
-     * that <tt>(value==null ? v==null : value.equals(v))</tt>.  This
+     * that {@code (value==null ? v==null : value.equals(v))}.  This
      * operation will probably require time linear in the map size for
      * most implementations.
      *
      * @param value value whose presence in this map is to be tested
-     * @return <tt>true</tt> if a mapping to <tt>value</tt> exists;
+     * @return {@code true} if a mapping to {@code value} exists;
-     *         <tt>false</tt> otherwise
+     *         {@code false} otherwise
      * @since 1.2
      */
     public boolean containsValue(Object value) {
@@ -256,7 +257,7 @@ public class TreeMap<K,V>
      * method returns {@code v}; otherwise it returns {@code null}.
      * (There can be at most one such mapping.)
      *
-     * <p>A return value of {@code null} does not <i>necessarily</i>
+     * <p>A return value of {@code null} does not <em>necessarily</em>
      * indicate that the map contains no mapping for the key; it's also
      * possible that the map explicitly maps the key to {@code null}.
      * The {@link #containsKey containsKey} operation may be used to
@@ -322,10 +323,10 @@ public class TreeMap<K,V>
     }
 
     /**
-     * Returns this map's entry for the given key, or <tt>null</tt> if the map
+     * Returns this map's entry for the given key, or {@code null} if the map
      * does not contain an entry for the key.
      *
-     * @return this map's entry for the given key, or <tt>null</tt> if the map
+     * @return this map's entry for the given key, or {@code null} if the map
      *         does not contain an entry for the key
      * @throws ClassCastException if the specified key cannot be compared
      *         with the keys currently in the map
@@ -381,7 +382,7 @@ public class TreeMap<K,V>
      * Gets the entry corresponding to the specified key; if no such entry
      * exists, returns the entry for the least key greater than the specified
      * key; if no such entry exists (i.e., the greatest key in the Tree is less
-     * than the specified key), returns <tt>null</tt>.
+     * than the specified key), returns {@code null}.
      */
     final Entry<K,V> getCeilingEntry(K key) {
         Entry<K,V> p = root;
@@ -413,7 +414,7 @@ public class TreeMap<K,V>
     /**
      * Gets the entry corresponding to the specified key; if no such entry
      * exists, returns the entry for the greatest key less than the specified
-     * key; if no such entry exists, returns <tt>null</tt>.
+     * key; if no such entry exists, returns {@code null}.
      */
     final Entry<K,V> getFloorEntry(K key) {
         Entry<K,V> p = root;
@@ -447,7 +448,7 @@ public class TreeMap<K,V>
      * Gets the entry for the least key greater than the specified
      * key; if no such entry exists, returns the entry for the least
      * key greater than the specified key; if no such entry exists
-     * returns <tt>null</tt>.
+     * returns {@code null}.
      */
     final Entry<K,V> getHigherEntry(K key) {
         Entry<K,V> p = root;
@@ -478,7 +479,7 @@ public class TreeMap<K,V>
     /**
      * Returns the entry for the greatest key less than the specified key; if
      * no such entry exists (i.e., the least key in the Tree is greater than
-     * the specified key), returns <tt>null</tt>.
+     * the specified key), returns {@code null}.
      */
     final Entry<K,V> getLowerEntry(K key) {
         Entry<K,V> p = root;
@@ -514,10 +515,10 @@ public class TreeMap<K,V>
      * @param key key with which the specified value is to be associated
      * @param value value to be associated with the specified key
      *
-     * @return the previous value associated with <tt>key</tt>, or
+     * @return the previous value associated with {@code key}, or
-     *         <tt>null</tt> if there was no mapping for <tt>key</tt>.
+     *         {@code null} if there was no mapping for {@code key}.
-     *         (A <tt>null</tt> return can also indicate that the map
+     *         (A {@code null} return can also indicate that the map
-     *         previously associated <tt>null</tt> with <tt>key</tt>.)
+     *         previously associated {@code null} with {@code key}.)
      * @throws ClassCastException if the specified key cannot be compared
      *         with the keys currently in the map
      * @throws NullPointerException if the specified key is null
@@ -583,10 +584,10 @@ public class TreeMap<K,V>
      * Removes the mapping for this key from this TreeMap if present.
      *
      * @param  key key for which mapping should be removed
-     * @return the previous value associated with <tt>key</tt>, or
+     * @return the previous value associated with {@code key}, or
-     *         <tt>null</tt> if there was no mapping for <tt>key</tt>.
+     *         {@code null} if there was no mapping for {@code key}.
-     *         (A <tt>null</tt> return can also indicate that the map
+     *         (A {@code null} return can also indicate that the map
-     *         previously associated <tt>null</tt> with <tt>key</tt>.)
+     *         previously associated {@code null} with {@code key}.)
      * @throws ClassCastException if the specified key cannot be compared
      *         with the keys currently in the map
      * @throws NullPointerException if the specified key is null
@@ -614,7 +615,7 @@ public class TreeMap<K,V>
     }
 
     /**
-     * Returns a shallow copy of this <tt>TreeMap</tt> instance. (The keys and
+     * Returns a shallow copy of this {@code TreeMap} instance. (The keys and
      * values themselves are not cloned.)
      *
      * @return a shallow copy of this map
@@ -788,12 +789,12 @@ public class TreeMap<K,V>
      * The set is backed by the map, so changes to the map are
      * reflected in the set, and vice-versa.  If the map is modified
      * while an iteration over the set is in progress (except through
-     * the iterator's own <tt>remove</tt> operation), the results of
+     * the iterator's own {@code remove} operation), the results of
      * the iteration are undefined.  The set supports element removal,
      * which removes the corresponding mapping from the map, via the
-     * <tt>Iterator.remove</tt>, <tt>Set.remove</tt>,
+     * {@code Iterator.remove}, {@code Set.remove},
-     * <tt>removeAll</tt>, <tt>retainAll</tt>, and <tt>clear</tt>
+     * {@code removeAll}, {@code retainAll}, and {@code clear}
-     * operations.  It does not support the <tt>add</tt> or <tt>addAll</tt>
+     * operations.  It does not support the {@code add} or {@code addAll}
      * operations.
      */
     public Set<K> keySet() {
@@ -822,13 +823,13 @@ public class TreeMap<K,V>
      * The collection is backed by the map, so changes to the map are
      * reflected in the collection, and vice-versa.  If the map is
      * modified while an iteration over the collection is in progress
-     * (except through the iterator's own <tt>remove</tt> operation),
+     * (except through the iterator's own {@code remove} operation),
      * the results of the iteration are undefined.  The collection
      * supports element removal, which removes the corresponding
-     * mapping from the map, via the <tt>Iterator.remove</tt>,
+     * mapping from the map, via the {@code Iterator.remove},
-     * <tt>Collection.remove</tt>, <tt>removeAll</tt>,
+     * {@code Collection.remove}, {@code removeAll},
-     * <tt>retainAll</tt> and <tt>clear</tt> operations.  It does not
+     * {@code retainAll} and {@code clear} operations.  It does not
-     * support the <tt>add</tt> or <tt>addAll</tt> operations.
+     * support the {@code add} or {@code addAll} operations.
      */
     public Collection<V> values() {
         Collection<V> vs = values;
@@ -841,14 +842,14 @@ public class TreeMap<K,V>
      * The set is backed by the map, so changes to the map are
      * reflected in the set, and vice-versa.  If the map is modified
      * while an iteration over the set is in progress (except through
-     * the iterator's own <tt>remove</tt> operation, or through the
+     * the iterator's own {@code remove} operation, or through the
-     * <tt>setValue</tt> operation on a map entry returned by the
+     * {@code setValue} operation on a map entry returned by the
      * iterator) the results of the iteration are undefined.  The set
      * supports element removal, which removes the corresponding
-     * mapping from the map, via the <tt>Iterator.remove</tt>,
+     * mapping from the map, via the {@code Iterator.remove},
-     * <tt>Set.remove</tt>, <tt>removeAll</tt>, <tt>retainAll</tt> and
+     * {@code Set.remove}, {@code removeAll}, {@code retainAll} and
-     * <tt>clear</tt> operations.  It does not support the
+     * {@code clear} operations.  It does not support the
-     * <tt>add</tt> or <tt>addAll</tt> operations.
+     * {@code add} or {@code addAll} operations.
      */
     public Set<Map.Entry<K,V>> entrySet() {
         EntrySet es = entrySet;
@@ -868,7 +869,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>fromKey</tt> or <tt>toKey</tt> is
+     * @throws NullPointerException if {@code fromKey} or {@code toKey} is
      *         null and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -883,7 +884,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>toKey</tt> is null
+     * @throws NullPointerException if {@code toKey} is null
      *         and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -897,7 +898,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>fromKey</tt> is null
+     * @throws NullPointerException if {@code fromKey} is null
      *         and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -911,7 +912,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>fromKey</tt> or <tt>toKey</tt> is
+     * @throws NullPointerException if {@code fromKey} or {@code toKey} is
      *         null and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -922,7 +923,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>toKey</tt> is null
+     * @throws NullPointerException if {@code toKey} is null
      *         and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -933,7 +934,7 @@ public class TreeMap<K,V>
 
     /**
      * @throws ClassCastException       {@inheritDoc}
-     * @throws NullPointerException if <tt>fromKey</tt> is null
+     * @throws NullPointerException if {@code fromKey} is null
      *         and this map uses natural ordering, or its comparator
      *         does not permit null keys
      * @throws IllegalArgumentException {@inheritDoc}
@@ -1193,7 +1194,7 @@ public class TreeMap<K,V>
 
     /**
      * Test two values for equality.  Differs from o1.equals(o2) only in
-     * that it copes with <tt>null</tt> o1 properly.
+     * that it copes with {@code null} o1 properly.
      */
     final static boolean valEquals(Object o1, Object o2) {
         return (o1==null ? o2==null : o1.equals(o2));
@@ -1897,7 +1898,7 @@ public class TreeMap<K,V>
 
         /**
          * Make a new cell with given key, value, and parent, and with
-         * <tt>null</tt> child links, and BLACK color.
+         * {@code null} child links, and BLACK color.
          */
         Entry(K key, V value, Entry<K,V> parent) {
             this.key = key;
@@ -2249,10 +2250,10 @@ public class TreeMap<K,V>
     private static final long serialVersionUID = 919286545866124006L;
 
     /**
-     * Save the state of the <tt>TreeMap</tt> instance to a stream (i.e.,
+     * Save the state of the {@code TreeMap} instance to a stream (i.e.,
      * serialize it).
      *
-     * @serialData The <i>size</i> of the TreeMap (the number of key-value
+     * @serialData The <em>size</em> of the TreeMap (the number of key-value
      *             mappings) is emitted (int), followed by the key (Object)
      *             and value (Object) for each key-value mapping represented
      *             by the TreeMap. The key-value mappings are emitted in
@@ -2277,7 +2278,7 @@ public class TreeMap<K,V>
     }
 
     /**
-     * Reconstitute the <tt>TreeMap</tt> instance from a stream (i.e.,
+     * Reconstitute the {@code TreeMap} instance from a stream (i.e.,
      * deserialize it).
      */
     private void readObject(final java.io.ObjectInputStream s)

jdk/src/share/classes/java/util/concurrent/LinkedBlockingDeque.java

@@ -126,10 +126,8 @@ public class LinkedBlockingDeque<E>
          */
         Node<E> next;
 
-        Node(E x, Node<E> p, Node<E> n) {
+        Node(E x) {
             item = x;
-            prev = p;
-            next = n;
         }
     }
 
@@ -199,7 +197,7 @@ public class LinkedBlockingDeque<E>
             for (E e : c) {
                 if (e == null)
                     throw new NullPointerException();
-                if (!linkLast(e))
+                if (!linkLast(new Node<E>(e)))
                     throw new IllegalStateException("Deque full");
             }
         } finally {
@@ -211,38 +209,38 @@ public class LinkedBlockingDeque<E>
     // Basic linking and unlinking operations, called only while holding lock
 
     /**
-     * Links e as first element, or returns false if full.
+     * Links node as first element, or returns false if full.
      */
-    private boolean linkFirst(E e) {
+    private boolean linkFirst(Node<E> node) {
         // assert lock.isHeldByCurrentThread();
         if (count >= capacity)
             return false;
         Node<E> f = first;
-        Node<E> x = new Node<E>(e, null, f);
+        node.next = f;
-        first = x;
+        first = node;
         if (last == null)
-            last = x;
+            last = node;
         else
-            f.prev = x;
+            f.prev = node;
         ++count;
         notEmpty.signal();
         return true;
     }
 
     /**
-     * Links e as last element, or returns false if full.
+     * Links node as last element, or returns false if full.
      */
-    private boolean linkLast(E e) {
+    private boolean linkLast(Node<E> node) {
         // assert lock.isHeldByCurrentThread();
         if (count >= capacity)
             return false;
         Node<E> l = last;
-        Node<E> x = new Node<E>(e, l, null);
+        node.prev = l;
-        last = x;
+        last = node;
         if (first == null)
-            first = x;
+            first = node;
         else
-            l.next = x;
+            l.next = node;
         ++count;
         notEmpty.signal();
         return true;
@@ -339,10 +337,11 @@ public class LinkedBlockingDeque<E>
      */
     public boolean offerFirst(E e) {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         final ReentrantLock lock = this.lock;
         lock.lock();
         try {
-            return linkFirst(e);
+            return linkFirst(node);
         } finally {
             lock.unlock();
         }
@@ -353,10 +352,11 @@ public class LinkedBlockingDeque<E>
      */
     public boolean offerLast(E e) {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         final ReentrantLock lock = this.lock;
         lock.lock();
         try {
-            return linkLast(e);
+            return linkLast(node);
         } finally {
             lock.unlock();
         }
@@ -368,10 +368,11 @@ public class LinkedBlockingDeque<E>
      */
     public void putFirst(E e) throws InterruptedException {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         final ReentrantLock lock = this.lock;
         lock.lock();
         try {
-            while (!linkFirst(e))
+            while (!linkFirst(node))
                 notFull.await();
         } finally {
             lock.unlock();
@@ -384,10 +385,11 @@ public class LinkedBlockingDeque<E>
      */
     public void putLast(E e) throws InterruptedException {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         final ReentrantLock lock = this.lock;
         lock.lock();
         try {
-            while (!linkLast(e))
+            while (!linkLast(node))
                 notFull.await();
         } finally {
             lock.unlock();
@@ -401,11 +403,12 @@ public class LinkedBlockingDeque<E>
     public boolean offerFirst(E e, long timeout, TimeUnit unit)
         throws InterruptedException {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         long nanos = unit.toNanos(timeout);
         final ReentrantLock lock = this.lock;
         lock.lockInterruptibly();
         try {
-            while (!linkFirst(e)) {
+            while (!linkFirst(node)) {
                 if (nanos <= 0)
                     return false;
                 nanos = notFull.awaitNanos(nanos);
@@ -423,11 +426,12 @@ public class LinkedBlockingDeque<E>
     public boolean offerLast(E e, long timeout, TimeUnit unit)
         throws InterruptedException {
         if (e == null) throw new NullPointerException();
+        Node<E> node = new Node<E>(e);
         long nanos = unit.toNanos(timeout);
         final ReentrantLock lock = this.lock;
         lock.lockInterruptibly();
         try {
-            while (!linkLast(e)) {
+            while (!linkLast(node)) {
                 if (nanos <= 0)
                     return false;
                 nanos = notFull.awaitNanos(nanos);
@@ -955,7 +959,20 @@ public class LinkedBlockingDeque<E>
         final ReentrantLock lock = this.lock;
         lock.lock();
         try {
-            return super.toString();
+            Node<E> p = first;
+            if (p == null)
+                return "[]";
+
+            StringBuilder sb = new StringBuilder();
+            sb.append('[');
+            for (;;) {
+                E e = p.item;
+                sb.append(e == this ? "(this Collection)" : e);
+                p = p.next;
+                if (p == null)
+                    return sb.append(']').toString();
+                sb.append(',').append(' ');
+            }
         } finally {
             lock.unlock();
         }
@@ -1053,6 +1070,26 @@ public class LinkedBlockingDeque<E>
             }
         }
 
+        /**
+         * Returns the successor node of the given non-null, but
+         * possibly previously deleted, node.
+         */
+        private Node<E> succ(Node<E> n) {
+            // Chains of deleted nodes ending in null or self-links
+            // are possible if multiple interior nodes are removed.
+            for (;;) {
+                Node<E> s = nextNode(n);
+                if (s == null)
+                    return null;
+                else if (s.item != null)
+                    return s;
+                else if (s == n)
+                    return firstNode();
+                else
+                    n = s;
+            }
+        }
+
         /**
          * Advances next.
          */
@@ -1061,16 +1098,7 @@ public class LinkedBlockingDeque<E>
             lock.lock();
             try {
                 // assert next != null;
-                Node<E> s = nextNode(next);
+                next = succ(next);
-                if (s == next) {
-                    next = firstNode();
-                } else {
-                    // Skip over removed nodes.
-                    // May be necessary if multiple interior Nodes are removed.
-                    while (s != null && s.item == null)
-                        s = nextNode(s);
-                    next = s;
-                }
                 nextItem = (next == null) ? null : next.item;
             } finally {
                 lock.unlock();

jdk/src/share/classes/java/util/jar/JarInputStream.java

@@ -28,6 +28,7 @@ package java.util.jar;
 import java.util.zip.*;
 import java.io.*;
 import sun.security.util.ManifestEntryVerifier;
+import sun.misc.JarIndex;
 
 /**
  * The <code>JarInputStream</code> class is used to read the contents of
@@ -47,7 +48,8 @@ class JarInputStream extends ZipInputStream {
     private JarEntry first;
     private JarVerifier jv;
     private ManifestEntryVerifier mev;
-
+    private final boolean doVerify;
+    private boolean tryManifest;
 
     /**
      * Creates a new <code>JarInputStream</code> and reads the optional
@@ -72,25 +74,33 @@ class JarInputStream extends ZipInputStream {
      */
     public JarInputStream(InputStream in, boolean verify) throws IOException {
         super(in);
-        JarEntry e = (JarEntry)super.getNextEntry();
+        this.doVerify = verify;
 
+        // This implementation assumes the META-INF/MANIFEST.MF entry
+        // should be either the first or the second entry (when preceded
+        // by the dir META-INF/). It skips the META-INF/ and then
+        // "consumes" the MANIFEST.MF to initialize the Manifest object.
+        JarEntry e = (JarEntry)super.getNextEntry();
         if (e != null && e.getName().equalsIgnoreCase("META-INF/"))
             e = (JarEntry)super.getNextEntry();
+        first = checkManifest(e);
+    }
 
+    private JarEntry checkManifest(JarEntry e)
+        throws IOException
+    {
         if (e != null && JarFile.MANIFEST_NAME.equalsIgnoreCase(e.getName())) {
             man = new Manifest();
             byte bytes[] = getBytes(new BufferedInputStream(this));
             man.read(new ByteArrayInputStream(bytes));
-            //man.read(new BufferedInputStream(this));
             closeEntry();
-            if (verify) {
+            if (doVerify) {
                 jv = new JarVerifier(bytes);
                 mev = new ManifestEntryVerifier(man);
             }
-            first = getNextJarEntry();
+            return (JarEntry)super.getNextEntry();
-        } else {
-            first = e;
         }
+        return e;
     }
 
     private byte[] getBytes(InputStream is)
@@ -98,10 +108,7 @@ class JarInputStream extends ZipInputStream {
     {
         byte[] buffer = new byte[8192];
         ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
-
         int n;
-
-        baos.reset();
         while ((n = is.read(buffer, 0, buffer.length)) != -1) {
             baos.write(buffer, 0, n);
         }
@@ -133,8 +140,14 @@ class JarInputStream extends ZipInputStream {
         JarEntry e;
         if (first == null) {
             e = (JarEntry)super.getNextEntry();
+            if (tryManifest) {
+                e = checkManifest(e);
+                tryManifest = false;
+            }
         } else {
             e = first;
+            if (first.getName().equalsIgnoreCase(JarIndex.INDEX_NAME))
+                tryManifest = true;
             first = null;
         }
         if (jv != null && e != null) {

jdk/src/share/classes/java/util/jar/Pack200.java

@@ -30,9 +30,6 @@ import java.io.OutputStream;
 import java.io.File;
 import java.io.IOException;
 import java.beans.PropertyChangeListener;
-import java.beans.PropertyChangeEvent;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 
 
@@ -225,6 +222,10 @@ public abstract class Pack200 {
      *    If the input JAR-files contains a 1.6 class file, then the pack file
      * version will be set to 1.6.
      * <p>
+     * Note: Unless otherwise noted, passing a <tt>null</tt> argument to a
+     * constructor or method in this class will cause a {@link NullPointerException}
+     * to be thrown.
+     * <p>
      * @since 1.5
      */
     public interface Packer {
@@ -599,6 +600,10 @@ public abstract class Pack200 {
      * "<tt>PACK200</tt>" as a zip file comment.
      * This allows a deployer to detect if a JAR archive was packed and unpacked.
      * <p>
+     * Note: Unless otherwise noted, passing a <tt>null</tt> argument to a
+     * constructor or method in this class will cause a {@link NullPointerException}
+     * to be thrown.
+     * <p>
      * This version of the unpacker is compatible with all previous versions.
      * @since 1.5
      */

jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -291,7 +291,24 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
             if (tracing)
                 logger.trace("connect",idstr + " getting connection...");
             Object credentials = usemap.get(CREDENTIALS);
-            connection = getConnection(stub, credentials, checkStub);
+
+            try {
+                connection = getConnection(stub, credentials, checkStub);
+            } catch (java.rmi.RemoteException re) {
+                if (jmxServiceURL != null) {
+                    final String pro = jmxServiceURL.getProtocol();
+                    final String path = jmxServiceURL.getURLPath();
+
+                    if ("rmi".equals(pro) &&
+                        path.startsWith("/jndi/iiop:")) {
+                        MalformedURLException mfe = new MalformedURLException(
+                              "Protocol is rmi but JNDI scheme is iiop: " + jmxServiceURL);
+                        mfe.initCause(re);
+                        throw mfe;
+                    }
+                }
+                throw re;
+            }
 
             // Always use one of:
             //   ClassLoader provided in Map at connect time,

jdk/src/share/classes/javax/security/auth/Policy.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -237,7 +237,7 @@ public abstract class Policy {
                     } catch (Exception e) {
                         throw new SecurityException
                                 (sun.security.util.ResourcesMgr.getString
-                                ("unable to instantiate Subject-based policy"));
+                                ("unable.to.instantiate.Subject.based.policy"));
                     }
                 }
             }

jdk/src/share/classes/javax/security/auth/PrivateCredentialPermission.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -172,7 +172,7 @@ public final class PrivateCredentialPermission extends Permission {
 
         if (!"read".equalsIgnoreCase(actions))
             throw new IllegalArgumentException
-                (ResourcesMgr.getString("actions can only be 'read'"));
+                (ResourcesMgr.getString("actions.can.only.be.read."));
         init(name);
     }
 
@@ -344,12 +344,11 @@ public final class PrivateCredentialPermission extends Permission {
 
         if (tokenizer.hasMoreTokens() == false) {
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                ("permission name [name] syntax invalid: "));
+                ("permission.name.name.syntax.invalid."));
             Object[] source = {name};
             throw new IllegalArgumentException
                 (form.format(source) + ResourcesMgr.getString
-                        ("Credential Class not followed by a " +
+                        ("Credential.Class.not.followed.by.a.Principal.Class.and.Name"));
-                        "Principal Class and Name"));
         }
 
         while (tokenizer.hasMoreTokens()) {
@@ -364,11 +363,11 @@ public final class PrivateCredentialPermission extends Permission {
 
             if (tokenizer.hasMoreTokens() == false) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("permission name [name] syntax invalid: "));
+                        ("permission.name.name.syntax.invalid."));
                 Object[] source = {name};
                 throw new IllegalArgumentException
                         (form.format(source) + ResourcesMgr.getString
-                        ("Principal Class not followed by a Principal Name"));
+                        ("Principal.Class.not.followed.by.a.Principal.Name"));
             }
 
             // skip delimiter
@@ -379,11 +378,11 @@ public final class PrivateCredentialPermission extends Permission {
 
             if (!principalName.startsWith("\"")) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("permission name [name] syntax invalid: "));
+                        ("permission.name.name.syntax.invalid."));
                 Object[] source = {name};
                 throw new IllegalArgumentException
                         (form.format(source) + ResourcesMgr.getString
-                        ("Principal Name must be surrounded by quotes"));
+                        ("Principal.Name.must.be.surrounded.by.quotes"));
             }
 
             if (!principalName.endsWith("\"")) {
@@ -401,11 +400,11 @@ public final class PrivateCredentialPermission extends Permission {
                 if (!principalName.endsWith("\"")) {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                        ("permission name [name] syntax invalid: "));
+                        ("permission.name.name.syntax.invalid."));
                     Object[] source = {name};
                     throw new IllegalArgumentException
                         (form.format(source) + ResourcesMgr.getString
-                                ("Principal Name missing end quote"));
+                                ("Principal.Name.missing.end.quote"));
                 }
             }
 
@@ -418,9 +417,7 @@ public final class PrivateCredentialPermission extends Permission {
             if (principalClass.equals("*") &&
                 !principalName.equals("*")) {
                     throw new IllegalArgumentException(ResourcesMgr.getString
-                        ("PrivateCredentialPermission Principal Class " +
+                        ("PrivateCredentialPermission.Principal.Class.can.not.be.a.wildcard.value.if.Principal.Name.is.not.a.wildcard.value"));
-                        "can not be a wildcard (*) value if Principal Name " +
-                        "is not a wildcard (*) value"));
             }
 
             if (testing)
@@ -556,8 +553,7 @@ public final class PrivateCredentialPermission extends Permission {
 
         public String toString() {
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                ("CredOwner:\n\tPrincipal Class = class\n\t" +
+                ("CredOwner.Principal.Class.class.Principal.Name.name"));
-                        "Principal Name = name"));
             Object[] source = {principalClass, principalName};
             return (form.format(source));
         }

jdk/src/share/classes/javax/security/auth/Subject.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -204,7 +204,7 @@ public final class Subject implements java.io.Serializable {
             pubCredentials == null ||
             privCredentials == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null input(s)"));
+                (ResourcesMgr.getString("invalid.null.input.s."));
 
         this.principals = Collections.synchronizedSet(new SecureSet<Principal>
                                 (this, PRINCIPAL_SET, principals));
@@ -289,7 +289,7 @@ public final class Subject implements java.io.Serializable {
 
         if (acc == null) {
             throw new NullPointerException(ResourcesMgr.getString
-                ("invalid null AccessControlContext provided"));
+                ("invalid.null.AccessControlContext.provided"));
         }
 
         // return the Subject from the DomainCombiner of the provided context
@@ -346,7 +346,7 @@ public final class Subject implements java.io.Serializable {
         }
         if (action == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null action provided"));
+                (ResourcesMgr.getString("invalid.null.action.provided"));
 
         // set up the new Subject-based AccessControlContext
         // for doPrivileged
@@ -406,7 +406,7 @@ public final class Subject implements java.io.Serializable {
 
         if (action == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null action provided"));
+                (ResourcesMgr.getString("invalid.null.action.provided"));
 
         // set up the new Subject-based AccessControlContext for doPrivileged
         final AccessControlContext currentAcc = AccessController.getContext();
@@ -460,7 +460,7 @@ public final class Subject implements java.io.Serializable {
 
         if (action == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null action provided"));
+                (ResourcesMgr.getString("invalid.null.action.provided"));
 
         // set up the new Subject-based AccessControlContext
         // for doPrivileged
@@ -524,7 +524,7 @@ public final class Subject implements java.io.Serializable {
 
         if (action == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null action provided"));
+                (ResourcesMgr.getString("invalid.null.action.provided"));
 
         // set up the new Subject-based AccessControlContext for doPrivileged
         final AccessControlContext callerAcc =
@@ -603,7 +603,7 @@ public final class Subject implements java.io.Serializable {
 
         if (c == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null Class provided"));
+                (ResourcesMgr.getString("invalid.null.Class.provided"));
 
         // always return an empty Set instead of null
         // so LoginModules can add to the Set if necessary
@@ -697,7 +697,7 @@ public final class Subject implements java.io.Serializable {
 
         if (c == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null Class provided"));
+                (ResourcesMgr.getString("invalid.null.Class.provided"));
 
         // always return an empty Set instead of null
         // so LoginModules can add to the Set if necessary
@@ -742,7 +742,7 @@ public final class Subject implements java.io.Serializable {
 
         if (c == null)
             throw new NullPointerException
-                (ResourcesMgr.getString("invalid null Class provided"));
+                (ResourcesMgr.getString("invalid.null.Class.provided"));
 
         // always return an empty Set instead of null
         // so LoginModules can add to the Set if necessary
@@ -832,15 +832,15 @@ public final class Subject implements java.io.Serializable {
      */
     String toString(boolean includePrivateCredentials) {
 
-        String s = ResourcesMgr.getString("Subject:\n");
+        String s = ResourcesMgr.getString("Subject.");
         String suffix = "";
 
         synchronized(principals) {
             Iterator<Principal> pI = principals.iterator();
             while (pI.hasNext()) {
                 Principal p = pI.next();
-                suffix = suffix + ResourcesMgr.getString("\tPrincipal: ") +
+                suffix = suffix + ResourcesMgr.getString(".Principal.") +
-                        p.toString() + ResourcesMgr.getString("\n");
+                        p.toString() + ResourcesMgr.getString("NEWLINE");
             }
         }
 
@@ -849,8 +849,8 @@ public final class Subject implements java.io.Serializable {
             while (pI.hasNext()) {
                 Object o = pI.next();
                 suffix = suffix +
-                        ResourcesMgr.getString("\tPublic Credential: ") +
+                        ResourcesMgr.getString(".Public.Credential.") +
-                        o.toString() + ResourcesMgr.getString("\n");
+                        o.toString() + ResourcesMgr.getString("NEWLINE");
             }
         }
 
@@ -861,12 +861,12 @@ public final class Subject implements java.io.Serializable {
                     try {
                         Object o = pI.next();
                         suffix += ResourcesMgr.getString
-                                        ("\tPrivate Credential: ") +
+                                        (".Private.Credential.") +
                                         o.toString() +
-                                        ResourcesMgr.getString("\n");
+                                        ResourcesMgr.getString("NEWLINE");
                     } catch (SecurityException se) {
                         suffix += ResourcesMgr.getString
-                                ("\tPrivate Credential inaccessible\n");
+                                (".Private.Credential.inaccessible.");
                         break;
                     }
                 }
@@ -1036,7 +1036,7 @@ public final class Subject implements java.io.Serializable {
 
                     if (subject.isReadOnly()) {
                         throw new IllegalStateException(ResourcesMgr.getString
-                                ("Subject is read-only"));
+                                ("Subject.is.read.only"));
                     }
 
                     java.lang.SecurityManager sm = System.getSecurityManager();
@@ -1062,7 +1062,7 @@ public final class Subject implements java.io.Serializable {
 
             if (subject.isReadOnly()) {
                 throw new IllegalStateException
-                        (ResourcesMgr.getString("Subject is read-only"));
+                        (ResourcesMgr.getString("Subject.is.read.only"));
             }
 
             java.lang.SecurityManager sm = System.getSecurityManager();
@@ -1084,9 +1084,7 @@ public final class Subject implements java.io.Serializable {
             case Subject.PRINCIPAL_SET:
                 if (!(o instanceof Principal)) {
                     throw new SecurityException(ResourcesMgr.getString
-                        ("attempting to add an object which is not an " +
+                        ("attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set"));
-                        "instance of java.security.Principal to a " +
-                        "Subject's Principal Set"));
                 }
                 break;
             default:
@@ -1389,8 +1387,7 @@ public final class Subject implements java.io.Serializable {
 
             if (!o.getClass().isAssignableFrom(c)) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("attempting to add an object which is not an " +
+                        ("attempting.to.add.an.object.which.is.not.an.instance.of.class"));
-                        "instance of class"));
                 Object[] source = {c.toString()};
                 throw new SecurityException(form.format(source));
             }

jdk/src/share/classes/javax/security/auth/login/AppConfigurationEntry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -167,7 +167,7 @@ public class AppConfigurationEntry {
          */
         public String toString() {
             return (sun.security.util.ResourcesMgr.getString
-                ("LoginModuleControlFlag: ") + controlFlag);
+                ("LoginModuleControlFlag.") + controlFlag);
         }
     }
 }

jdk/src/share/classes/javax/security/auth/login/LoginContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -244,7 +244,7 @@ public class LoginContext {
 
         if (name == null)
             throw new LoginException
-                (ResourcesMgr.getString("Invalid null input: name"));
+                (ResourcesMgr.getString("Invalid.null.input.name"));
 
         // get the Configuration
         if (config == null) {
@@ -268,7 +268,7 @@ public class LoginContext {
             entries = config.getAppConfigurationEntry(OTHER);
             if (entries == null) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("No LoginModules configured for name"));
+                        ("No.LoginModules.configured.for.name"));
                 Object[] source = {name};
                 throw new LoginException(form.format(source));
             }
@@ -382,7 +382,7 @@ public class LoginContext {
         init(name);
         if (subject == null)
             throw new LoginException
-                (ResourcesMgr.getString("invalid null Subject provided"));
+                (ResourcesMgr.getString("invalid.null.Subject.provided"));
         this.subject = subject;
         subjectProvided = true;
         loadDefaultCallbackHandler();
@@ -418,7 +418,7 @@ public class LoginContext {
         init(name);
         if (callbackHandler == null)
             throw new LoginException(ResourcesMgr.getString
-                                ("invalid null CallbackHandler provided"));
+                                ("invalid.null.CallbackHandler.provided"));
         this.callbackHandler = new SecureCallbackHandler
                                 (java.security.AccessController.getContext(),
                                 callbackHandler);
@@ -459,7 +459,7 @@ public class LoginContext {
         this(name, subject);
         if (callbackHandler == null)
             throw new LoginException(ResourcesMgr.getString
-                                ("invalid null CallbackHandler provided"));
+                                ("invalid.null.CallbackHandler.provided"));
         this.callbackHandler = new SecureCallbackHandler
                                 (java.security.AccessController.getContext(),
                                 callbackHandler);
@@ -633,7 +633,7 @@ public class LoginContext {
     public void logout() throws LoginException {
         if (subject == null) {
             throw new LoginException(ResourcesMgr.getString
-                ("null subject - logout called before login"));
+                ("null.subject.logout.called.before.login"));
         }
 
         if (configProvided) {
@@ -811,21 +811,20 @@ public class LoginContext {
 
             } catch (NoSuchMethodException nsme) {
                 MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                        ("unable to instantiate LoginModule, module, because " +
+                        ("unable.to.instantiate.LoginModule.module.because.it.does.not.provide.a.no.argument.constructor"));
-                        "it does not provide a no-argument constructor"));
                 Object[] source = {moduleStack[i].entry.getLoginModuleName()};
                 throwException(null, new LoginException(form.format(source)));
             } catch (InstantiationException ie) {
                 throwException(null, new LoginException(ResourcesMgr.getString
-                        ("unable to instantiate LoginModule: ") +
+                        ("unable.to.instantiate.LoginModule.") +
                         ie.getMessage()));
             } catch (ClassNotFoundException cnfe) {
                 throwException(null, new LoginException(ResourcesMgr.getString
-                        ("unable to find LoginModule class: ") +
+                        ("unable.to.find.LoginModule.class.") +
                         cnfe.getMessage()));
             } catch (IllegalAccessException iae) {
                 throwException(null, new LoginException(ResourcesMgr.getString
-                        ("unable to access LoginModule: ") +
+                        ("unable.to.access.LoginModule.") +
                         iae.getMessage()));
             } catch (InvocationTargetException ite) {
 
@@ -934,7 +933,7 @@ public class LoginContext {
         } else if (success == false) {
             // no module succeeded -- all modules were IGNORED
             throwException(new LoginException
-                (ResourcesMgr.getString("Login Failure: all modules ignored")),
+                (ResourcesMgr.getString("Login.Failure.all.modules.ignored")),
                 null);
         } else {
             // success

jdk/src/share/classes/javax/security/auth/x500/X500Principal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -155,12 +155,12 @@ public final class X500Principal implements Principal, java.io.Serializable {
         if (name == null) {
             throw new NullPointerException
                 (sun.security.util.ResourcesMgr.getString
-                ("provided null name"));
+                ("provided.null.name"));
         }
         if (keywordMap == null) {
             throw new NullPointerException
                 (sun.security.util.ResourcesMgr.getString
-                ("provided null keyword map"));
+                ("provided.null.keyword.map"));
         }
 
         try {
@@ -391,7 +391,7 @@ public final class X500Principal implements Principal, java.io.Serializable {
         if (oidMap == null) {
             throw new NullPointerException
                 (sun.security.util.ResourcesMgr.getString
-                ("provided null OID map"));
+                ("provided.null.OID.map"));
         }
         if (format != null) {
             if (format.equalsIgnoreCase(RFC1779)) {

jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java

@@ -197,12 +197,6 @@ import javax.naming.*;
  */
 public class SyncFactory {
 
-    /*
-     * The variable that represents the singleton instance
-     * of the <code>SyncFactory</code> class.
-     */
-    private static SyncFactory syncFactory = null;
-
     /**
      * Creates a new <code>SyncFactory</code> object, which is the singleton
      * instance.
@@ -252,7 +246,7 @@ public class SyncFactory {
     /**
      * The <code>Logger</code> object to be used by the <code>SyncFactory</code>.
      */
-    private static Logger rsLogger;
+    private static volatile Logger rsLogger;
     /**
      *
      */
@@ -315,27 +309,12 @@ public class SyncFactory {
      * @return the <code>SyncFactory</code> instance
      */
     public static SyncFactory getSyncFactory() {
-
+        /*
-        // This method uses the Singleton Design Pattern
+         * Using Initialization on Demand Holder idiom as
-        // with Double-Checked Locking Pattern for
+         * Effective Java 2nd Edition,ITEM 71, indicates it is more performant
-        // 1. Creating single instance of the SyncFactory
+         * than the Double-Check Locking idiom.
-        // 2. Make the class thread safe, so that at one time
+         */
-        //    only one thread enters the synchronized block
+        return SyncFactoryHolder.factory;
-        //    to instantiate.
-
-        // if syncFactory object is already there
-        // don't go into synchronized block and return
-        // that object.
-        // else go into synchronized block
-
-        if (syncFactory == null) {
-            synchronized (SyncFactory.class) {
-                if (syncFactory == null) {
-                    syncFactory = new SyncFactory();
-                } //end if
-            } //end synchronized block
-        } //end if
-        return syncFactory;
     }
 
     /**
@@ -435,11 +414,7 @@ public class SyncFactory {
             }
         }
     }
-    /**
+
-     * The internal boolean switch that indicates whether a JNDI
-     * context has been established or not.
-     */
-    private static boolean jndiCtxEstablished = false;
     /**
      * The internal debug switch.
      */
@@ -621,6 +596,7 @@ public class SyncFactory {
      * @param logger A Logger object instance
      * @throws java.lang.SecurityException if a security manager exists and its
      *   {@code checkPermission} method denies calling {@code setLogger}
+     * @throws NullPointerException if the logger is null
      * @see SecurityManager#checkPermission
      */
     public static void setLogger(Logger logger) {
@@ -629,6 +605,10 @@ public class SyncFactory {
         if (sec != null) {
             sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
         }
+
+        if(logger == null){
+            throw new NullPointerException("You must provide a Logger");
+        }
         rsLogger = logger;
     }
 
@@ -654,6 +634,7 @@ public class SyncFactory {
      *   {@code checkPermission} method denies calling {@code setLogger}
      * @throws java.util.logging.LoggingPermission if a security manager exists and its
      *   {@code checkPermission} method denies calling {@code setLevel}
+     * @throws NullPointerException if the logger is null
      * @see SecurityManager#checkPermission
      * @see LoggingPermission
      */
@@ -663,8 +644,12 @@ public class SyncFactory {
         if (sec != null) {
             sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
         }
+
+        if(logger == null){
+            throw new NullPointerException("You must provide a Logger");
+        }
+        logger.setLevel(level);
         rsLogger = logger;
-        rsLogger.setLevel(level);
     }
 
     /**
@@ -674,11 +659,14 @@ public class SyncFactory {
      * @throws SyncFactoryException if no logging object has been set.
      */
     public static Logger getLogger() throws SyncFactoryException {
+
+        Logger result = rsLogger;
         // only one logger per session
-        if (rsLogger == null) {
+        if (result == null) {
             throw new SyncFactoryException("(SyncFactory) : No logger has been set");
         }
-        return rsLogger;
+
+        return result;
     }
 
     /**
@@ -699,7 +687,7 @@ public class SyncFactory {
      *  {@code checkPermission} method denies calling {@code setJNDIContext}
      * @see SecurityManager#checkPermission
      */
-    public static void setJNDIContext(javax.naming.Context ctx)
+    public static synchronized void setJNDIContext(javax.naming.Context ctx)
             throws SyncFactoryException {
         SecurityManager sec = System.getSecurityManager();
         if (sec != null) {
@@ -709,17 +697,16 @@ public class SyncFactory {
             throw new SyncFactoryException("Invalid JNDI context supplied");
         }
         ic = ctx;
-        jndiCtxEstablished = true;
     }
 
     /**
-     * Controls JNDI context intialization.
+     * Controls JNDI context initialization.
      *
      * @throws SyncFactoryException if an error occurs parsing the JNDI context
      */
-    private static void initJNDIContext() throws SyncFactoryException {
+    private static synchronized void initJNDIContext() throws SyncFactoryException {
 
-        if (jndiCtxEstablished && (ic != null) && (lazyJNDICtxRefresh == false)) {
+        if ((ic != null) && (lazyJNDICtxRefresh == false)) {
             try {
                 parseProperties(parseJNDIContext());
                 lazyJNDICtxRefresh = true; // touch JNDI namespace once.
@@ -793,6 +780,13 @@ public class SyncFactory {
             enumerateBindings(bindings, properties);
         }
     }
+
+    /**
+     * Lazy initialization Holder class used by {@code getSyncFactory}
+     */
+    private static class SyncFactoryHolder {
+        static final SyncFactory factory = new SyncFactory();
+    }
 }
 
 /**

jdk/src/share/classes/sun/awt/UngrabEvent.java

@@ -40,8 +40,10 @@ import java.awt.Component;
  * <p>To listen for this event, install AWTEventListener with {@value sun.awt.SunToolkit#GRAB_EVENT_MASK}
  */
 public class UngrabEvent extends AWTEvent {
+    private final static int UNGRAB_EVENT_ID = 1998;
+
     public UngrabEvent(Component source) {
-        super(source, 0xffff);
+        super(source, UNGRAB_EVENT_ID);
     }
 
     public String toString() {

jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java

@@ -460,6 +460,16 @@ public class FileChannelImpl
                 } finally {
                     unmap(dbb);
                 }
+            } catch (ClosedByInterruptException e) {
+                // target closed by interrupt as ClosedByInterruptException needs
+                // to be thrown after closing this channel.
+                assert !target.isOpen();
+                try {
+                    close();
+                } catch (IOException ignore) {
+                    // nothing we can do
+                }
+                throw e;
             } catch (IOException ioe) {
                 // Only throw exception if no bytes have been written
                 if (remaining == count)

jdk/src/share/classes/sun/nio/ch/Interruptible.java

@@ -23,14 +23,14 @@
  * questions.
  */
 
-/*
+/**
+ * An object that interrupts a thread blocked in an I/O operation.
  */
 
 package sun.nio.ch;
 
-
 public interface Interruptible {
 
-    public void interrupt();
+    public void interrupt(Thread t);
 
 }

jdk/src/share/classes/sun/security/krb5/Config.java

@@ -111,7 +111,7 @@ public class Config {
     public static synchronized void refresh() throws KrbException {
         singleton = new Config();
         KeyTab.refresh();
-        KrbKdcReq.initStatic();
+        KdcComm.initStatic();
     }
 
 

jdk/src/share/classes/sun/security/krb5/Credentials.java

@@ -347,94 +347,6 @@ public class Credentials {
         }
     }
 
-    /**
-     * Returns a TGT for the given client principal via an AS-Exchange.
-     * This method causes pre-authentication data to be sent in the
-     * AS-REQ.
-     *
-     * @param princ the client principal. This value cannot be null.
-     * @param secretKey the secret key of the client principal.This value
-     * cannot be null.
-     * @returns the TGT credentials
-     */
-    public static Credentials acquireTGT(PrincipalName princ,
-                                         EncryptionKey[] secretKeys,
-                                         char[] password)
-        throws KrbException, IOException {
-
-        if (princ == null)
-            throw new IllegalArgumentException(
-                        "Cannot have null principal to do AS-Exchange");
-
-        if (secretKeys == null)
-            throw new IllegalArgumentException(
-                        "Cannot have null secretKey to do AS-Exchange");
-
-        KrbAsRep asRep = null;
-        try {
-            asRep = sendASRequest(princ, secretKeys, null);
-        } catch (KrbException ke) {
-            if ((ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED) ||
-                (ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
-                // process pre-auth info
-                if (DEBUG) {
-                    System.out.println("AcquireTGT: PREAUTH FAILED/REQUIRED," +
-                                " re-send AS-REQ");
-                }
-
-                KRBError error = ke.getError();
-                // update salt in PrincipalName
-                String newSalt = error.getSalt();
-                if (newSalt != null && newSalt.length() > 0) {
-                    princ.setSalt(newSalt);
-                }
-
-                // refresh keys
-                if (password != null) {
-                    secretKeys = EncryptionKey.acquireSecretKeys(password,
-                                princ.getSalt(), true,
-                                error.getEType(), error.getParams());
-                }
-                asRep = sendASRequest(princ, secretKeys, ke.getError());
-            } else {
-                throw ke;
-            }
-        }
-        return asRep.getCreds();
-    }
-
-    /**
-     * Sends the AS-REQ
-     */
-    private static KrbAsRep sendASRequest(PrincipalName princ,
-        EncryptionKey[] secretKeys, KRBError error)
-        throws KrbException, IOException {
-
-        // %%%
-        KrbAsReq asReq = null;
-        if (error == null) {
-            asReq = new KrbAsReq(princ, secretKeys);
-        } else {
-            asReq = new KrbAsReq(princ, secretKeys, true,
-                        error.getEType(), error.getSalt(), error.getParams());
-        }
-
-        String kdc = null;
-        KrbAsRep asRep  = null;
-        try {
-            kdc = asReq.send();
-            asRep =  asReq.getReply(secretKeys);
-        } catch (KrbException ke) {
-                if (ke.returnCode() == Krb5.KRB_ERR_RESPONSE_TOO_BIG) {
-                    asReq.send(princ.getRealmString(), kdc, true);
-                    asRep =  asReq.getReply(secretKeys);
-                } else {
-                    throw ke;
-                }
-        }
-        return asRep;
-    }
-
     /**
      * Acquires default credentials.
      * <br>The possible locations for default credentials cache is searched in
@@ -529,29 +441,6 @@ public class Credentials {
         return CredentialsUtil.acquireServiceCreds(service, ccreds);
     }
 
-
-    /*
-     * This method does the real job to request the service credential.
-     */
-
-    private static Credentials serviceCreds(ServiceName service,
-                                            Credentials ccreds)
-        throws KrbException, IOException {
-        return new KrbTgsReq(
-                new KDCOptions(),
-                ccreds,
-                service,
-                null, // KerberosTime from
-                null, // KerberosTime till
-                null, // KerberosTime rtime
-                null, // int[] eTypes
-                null, // HostAddresses addresses
-                null, // AuthorizationData
-                null, // Ticket[] additionalTickets
-                null  // EncryptionKey subSessionKey
-                ).sendAndGetCreds();
-    }
-
     public CredentialsCache getCache() {
         return cache;
     }

jdk/src/share/classes/sun/security/krb5/EncryptionKey.java

@@ -156,6 +156,22 @@ public class EncryptionKey
         return ktab.readServiceKeys(princ);
     }
 
+    /**
+     * Obtains a key for a given etype with salt and optional s2kparams
+     * @param password NOT null
+     * @param salt NOT null
+     * @param etype
+     * @param s2kparams can be NULL
+     */
+    public static EncryptionKey acquireSecretKey(char[] password,
+            String salt, int etype, byte[] s2kparams)
+            throws KrbException {
+
+        return new EncryptionKey(
+                        stringToKey(password, salt, s2kparams, etype),
+                        etype, null);
+    }
+
     /**
      * Generate a list of keys using the given principal and password.
      * Construct a key for each configured etype.
@@ -169,19 +185,8 @@ public class EncryptionKey
      * as the default in that case. If default_tkt_enctypes was set in
      * the libdefaults of krb5.conf, then use that sequence.
      */
-         // Used in Krb5LoginModule
     public static EncryptionKey[] acquireSecretKeys(char[] password,
-        String salt) throws KrbException {
+            String salt) throws KrbException {
-        return (acquireSecretKeys(password, salt, false, 0, null));
-    }
-
-    /**
-     * Generates a list of keys using the given principal, password,
-     * and the pre-authentication values.
-     */
-    public static EncryptionKey[] acquireSecretKeys(char[] password,
-        String salt, boolean pa_exists, int pa_etype, byte[] pa_s2kparams)
-        throws KrbException {
 
         int[] etypes = EType.getDefaults("default_tkt_enctypes");
         if (etypes == null) {
@@ -191,10 +196,8 @@ public class EncryptionKey
         EncryptionKey[] encKeys = new EncryptionKey[etypes.length];
         for (int i = 0; i < etypes.length; i++) {
             if (EType.isSupported(etypes[i])) {
-                byte[] s2kparams = (pa_exists && etypes[i] == pa_etype)
-                        ? pa_s2kparams : null;
                 encKeys[i] = new EncryptionKey(
-                        stringToKey(password, salt, s2kparams, etypes[i]),
+                        stringToKey(password, salt, null, etypes[i]),
                         etypes[i], null);
             } else {
                 if (DEBUG) {

jdk/src/share/classes/sun/security/krb5/KdcComm.java

@@ -31,13 +31,11 @@
 
 package sun.security.krb5;
 
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.Security;
 import java.util.Locale;
 import sun.security.krb5.internal.Krb5;
-import sun.security.krb5.internal.UDPClient;
+import sun.security.krb5.internal.NetClient;
-import sun.security.krb5.internal.TCPClient;
 import java.io.IOException;
 import java.net.SocketTimeoutException;
 import java.util.StringTokenizer;
@@ -48,8 +46,13 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 import java.util.HashSet;
+import sun.security.krb5.internal.KRBError;
 
-public abstract class KrbKdcReq {
+/**
+ * KDC-REQ/KDC-REP communication. No more base class for KrbAsReq and
+ * KrbTgsReq. This class is now communication only.
+ */
+public final class KdcComm {
 
     // The following settings can be configured in [libdefaults]
     // section of krb5.conf, which are global for all realms. Each of
@@ -161,20 +164,23 @@ public abstract class KrbKdcReq {
         KdcAccessibility.reset();
     }
 
-    protected byte[] obuf;
-    protected byte[] ibuf;
-
     /**
-     * Sends the provided data to the KDC of the specified realm.
+     * The instance fields
-     * Returns the response from the KDC.
-     * Default realm/KDC is used if realm is null.
-     * @param realm the realm of the KDC where data is to be sent.
-     * @returns the kdc to which the AS request was sent to
-     * @exception InterruptedIOException if timeout expires
-     * @exception KrbException
      */
+    private String realm;
 
-    public String send(String realm)
+    public KdcComm(String realm) throws KrbException {
+        if (realm == null) {
+           realm = Config.getInstance().getDefaultRealm();
+            if (realm == null) {
+                throw new KrbException(Krb5.KRB_ERR_GENERIC,
+                                       "Cannot find default realm");
+            }
+        }
+        this.realm = realm;
+    }
+
+    public byte[] send(byte[] obuf)
         throws IOException, KrbException {
         int udpPrefLimit = getRealmSpecificValue(
                 realm, "udp_preference_limit", defaultUdpPrefLimit);
@@ -182,10 +188,10 @@ public abstract class KrbKdcReq {
         boolean useTCP = (udpPrefLimit > 0 &&
              (obuf != null && obuf.length > udpPrefLimit));
 
-        return (send(realm, useTCP));
+        return send(obuf, useTCP);
     }
 
-    public String send(String realm, boolean useTCP)
+    private byte[] send(byte[] obuf, boolean useTCP)
         throws IOException, KrbException {
 
         if (obuf == null)
@@ -206,10 +212,21 @@ public abstract class KrbKdcReq {
             throw new KrbException("Cannot get kdc for realm " + realm);
         }
         String tempKdc = null; // may include the port number also
+        byte[] ibuf = null;
         for (String tmp: KdcAccessibility.list(kdcList)) {
             tempKdc = tmp;
             try {
-                send(realm,tempKdc,useTCP);
+                ibuf = send(obuf,tempKdc,useTCP);
+                KRBError ke = null;
+                try {
+                    ke = new KRBError(ibuf);
+                } catch (Exception e) {
+                    // OK
+                }
+                if (ke != null && ke.getErrorCode() ==
+                        Krb5.KRB_ERR_RESPONSE_TOO_BIG) {
+                    ibuf = send(obuf, tempKdc, true);
+                }
                 KdcAccessibility.removeBad(tempKdc);
                 break;
             } catch (Exception e) {
@@ -229,16 +246,16 @@ public abstract class KrbKdcReq {
                 throw (KrbException) savedException;
             }
         }
-        return tempKdc;
+        return ibuf;
     }
 
     // send the AS Request to the specified KDC
 
-    public void send(String realm, String tempKdc, boolean useTCP)
+    private byte[] send(byte[] obuf, String tempKdc, boolean useTCP)
         throws IOException, KrbException {
 
         if (obuf == null)
-            return;
+            return null;
 
         int port = Krb5.KDC_INET_DEFAULT_PORT;
         int retries = getRealmSpecificValue(
@@ -303,11 +320,12 @@ public abstract class KrbKdcReq {
         KdcCommunication kdcCommunication =
             new KdcCommunication(kdc, port, useTCP, timeout, retries, obuf);
         try {
-            ibuf = AccessController.doPrivileged(kdcCommunication);
+            byte[] ibuf = AccessController.doPrivileged(kdcCommunication);
             if (DEBUG) {
                 System.out.println(">>> KrbKdcReq send: #bytes read="
                         + (ibuf != null ? ibuf.length : 0));
             }
+            return ibuf;
         } catch (PrivilegedActionException e) {
             Exception wrappedException = e.getException();
             if (wrappedException instanceof IOException) {
@@ -316,10 +334,6 @@ public abstract class KrbKdcReq {
                 throw (KrbException) wrappedException;
             }
         }
-        if (DEBUG) {
-            System.out.println(">>> KrbKdcReq send: #bytes read="
-                               + (ibuf != null ? ibuf.length : 0));
-        }
     }
 
     private static class KdcCommunication
@@ -349,12 +363,16 @@ public abstract class KrbKdcReq {
 
             byte[] ibuf = null;
 
-            if (useTCP) {
+            for (int i=1; i <= retries; i++) {
-                TCPClient kdcClient = new TCPClient(kdc, port);
+                String proto = useTCP?"TCP":"UDP";
+                NetClient kdcClient = NetClient.getInstance(
+                        proto, kdc, port, timeout);
                 if (DEBUG) {
                     System.out.println(">>> KDCCommunication: kdc=" + kdc
-                           + " TCP:"
+                           + " " + proto + ":"
-                           +  port
+                           +  port +  ", timeout="
+                           + timeout
+                           + ",Attempt =" + i
                            + ", #bytes=" + obuf.length);
                 }
                 try {
@@ -366,51 +384,19 @@ public abstract class KrbKdcReq {
                      * And get a response.
                      */
                     ibuf = kdcClient.receive();
+                    break;
+                } catch (SocketTimeoutException se) {
+                    if (DEBUG) {
+                        System.out.println ("SocketTimeOutException with " +
+                                            "attempt: " + i);
+                    }
+                    if (i == retries) {
+                        ibuf = null;
+                        throw se;
+                    }
                 } finally {
                     kdcClient.close();
                 }
-
-            } else {
-                // For each KDC we try defaultKdcRetryLimit times to
-                // get the response
-                for (int i=1; i <= retries; i++) {
-                    UDPClient kdcClient = new UDPClient(kdc, port, timeout);
-
-                    if (DEBUG) {
-                        System.out.println(">>> KDCCommunication: kdc=" + kdc
-                               + (useTCP ? " TCP:":" UDP:")
-                               +  port +  ", timeout="
-                               + timeout
-                               + ",Attempt =" + i
-                               + ", #bytes=" + obuf.length);
-                    }
-                    try {
-                        /*
-                         * Send the data to the kdc.
-                         */
-
-                        kdcClient.send(obuf);
-
-                        /*
-                         * And get a response.
-                         */
-                        try {
-                            ibuf = kdcClient.receive();
-                            break;
-                        } catch (SocketTimeoutException se) {
-                            if (DEBUG) {
-                                System.out.println ("SocketTimeOutException with " +
-                                                    "attempt: " + i);
-                            }
-                            if (i == retries) {
-                                ibuf = null;
-                                throw se;
-                            }
-                        }
-                    } finally {
-                        kdcClient.close();
-                    }
-                }
             }
             return ibuf;
         }

jdk/src/share/classes/sun/security/krb5/KrbAsRep.java

@@ -36,25 +36,24 @@ import sun.security.krb5.internal.crypto.KeyUsage;
 import sun.security.krb5.internal.crypto.EType;
 import sun.security.util.*;
 import java.io.IOException;
+import java.util.Objects;
 
 /**
  * This class encapsulates a AS-REP message that the KDC sends to the
  * client.
  */
-public class KrbAsRep extends KrbKdcRep {
+class KrbAsRep extends KrbKdcRep {
 
-    private ASRep rep;
+    private ASRep rep;  // The AS-REP message
-    private Credentials creds;
+    private Credentials creds;  // The Credentials provide by the AS-REP
+                                // message, created by initiator after calling
+                                // the decrypt() method
 
     private boolean DEBUG = Krb5.DEBUG;
 
-    KrbAsRep(byte[] ibuf, EncryptionKey[] keys, KrbAsReq asReq) throws
+    KrbAsRep(byte[] ibuf) throws
-    KrbException, Asn1Exception, IOException {
+            KrbException, Asn1Exception, IOException {
-        if (keys == null)
-            throw new KrbException(Krb5.API_INVALID_ARG);
         DerValue encoding = new DerValue(ibuf);
-        ASReq req = asReq.getMessage();
-        ASRep rep = null;
         try {
             rep = new ASRep(encoding);
         } catch (Asn1Exception e) {
@@ -83,25 +82,77 @@ public class KrbAsRep extends KrbKdcRep {
             ke.initCause(e);
             throw ke;
         }
+    }
 
+    // KrbAsReqBuilder need to read back the PA for key generation
+    PAData[] getPA() {
+        return rep.pAData;
+    }
+
+    /**
+     * Called by KrbAsReqBuilder to resolve a AS-REP message using keys.
+     * @param keys user provided keys, not null
+     * @param asReq the original AS-REQ sent, used to validate AS-REP
+     */
+    void decryptUsingKeys(EncryptionKey[] keys, KrbAsReq asReq)
+            throws KrbException, Asn1Exception, IOException {
+        EncryptionKey dkey = null;
         int encPartKeyType = rep.encPart.getEType();
-        EncryptionKey dkey = EncryptionKey.findKey(encPartKeyType, keys);
+        Integer encPartKvno = rep.encPart.kvno;
-
+        try {
+            dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno, keys);
+        } catch (KrbException ke) {
+            if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
+                // Fallback to no kvno. In some cases, keytab is generated
+                // not by sysadmin but Java's ktab command
+                dkey = EncryptionKey.findKey(encPartKeyType, keys);
+            }
+        }
         if (dkey == null) {
             throw new KrbException(Krb5.API_INVALID_ARG,
-                "Cannot find key of appropriate type to decrypt AS REP - " +
+                "Cannot find key for type/kvno to decrypt AS REP - " +
-                EType.toString(encPartKeyType));
+                EType.toString(encPartKeyType) + "/" + encPartKvno);
         }
+        decrypt(dkey, asReq);
+    }
 
+    /**
+     * Called by KrbAsReqBuilder to resolve a AS-REP message using a password.
+     * @param password user provided password. not null
+     * @param asReq the original AS-REQ sent, used to validate AS-REP
+     * @param cname the user principal name, used to provide salt
+     */
+    void decryptUsingPassword(char[] password,
+            KrbAsReq asReq, PrincipalName cname)
+            throws KrbException, Asn1Exception, IOException {
+        int encPartKeyType = rep.encPart.getEType();
+        PAData.SaltAndParams snp =
+                PAData.getSaltAndParams(encPartKeyType, rep.pAData);
+        EncryptionKey dkey = null;
+        dkey = EncryptionKey.acquireSecretKey(password,
+                snp.salt == null ? cname.getSalt() : snp.salt,
+                encPartKeyType,
+                snp.params);
+        decrypt(dkey, asReq);
+    }
+
+    /**
+     * Decrypts encrypted content inside AS-REP. Called by initiator.
+     * @param dkey the decryption key to use
+     * @param asReq the original AS-REQ sent, used to validate AS-REP
+     */
+    private void decrypt(EncryptionKey dkey, KrbAsReq asReq)
+            throws KrbException, Asn1Exception, IOException {
         byte[] enc_as_rep_bytes = rep.encPart.decrypt(dkey,
             KeyUsage.KU_ENC_AS_REP_PART);
         byte[] enc_as_rep_part = rep.encPart.reset(enc_as_rep_bytes);
 
-        encoding = new DerValue(enc_as_rep_part);
+        DerValue encoding = new DerValue(enc_as_rep_part);
         EncASRepPart enc_part = new EncASRepPart(encoding);
         rep.ticket.sname.setRealm(rep.ticket.realm);
         rep.encKDCRepPart = enc_part;
 
+        ASReq req = asReq.getMessage();
         check(req, rep);
 
         creds = new Credentials(
@@ -119,17 +170,13 @@ public class KrbAsRep extends KrbKdcRep {
             System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
                                req.reqBody.cname.getNameString());
         }
-
-        this.rep = rep;
-        this.creds = creds;
     }
 
-    public Credentials getCreds() {
+    Credentials getCreds() {
-        return creds;
+        return Objects.nonNull(creds, "Creds not available yet.");
     }
 
-    // made public for Kinit
+    sun.security.krb5.internal.ccache.Credentials getCCreds() {
-    public sun.security.krb5.internal.ccache.Credentials setCredentials() {
         return new sun.security.krb5.internal.ccache.Credentials(rep);
     }
 }

jdk/src/share/classes/sun/security/krb5/KrbAsReq.java

@@ -32,290 +32,38 @@
 package sun.security.krb5;
 
 import sun.security.krb5.internal.*;
-import sun.security.krb5.internal.crypto.EType;
 import sun.security.krb5.internal.crypto.Nonce;
 import sun.security.krb5.internal.crypto.KeyUsage;
-import sun.security.util.*;
 import java.io.IOException;
-import java.io.ByteArrayInputStream;
-import java.net.UnknownHostException;
-import java.util.StringTokenizer;
 
 /**
  * This class encapsulates the KRB-AS-REQ message that the client
  * sends to the KDC.
  */
-public class KrbAsReq extends KrbKdcReq {
+public class KrbAsReq {
-    private PrincipalName princName;
     private ASReq asReqMessg;
 
     private boolean DEBUG = Krb5.DEBUG;
-    private static KDCOptions defaultKDCOptions = new KDCOptions();
-
-    // pre-auth info
-    private boolean PA_ENC_TIMESTAMP_REQUIRED = false;
-    private boolean pa_exists = false;
-    private int pa_etype = 0;
-    private String pa_salt = null;
-    private byte[] pa_s2kparams = null;
-
-    // default is address-less tickets
-    private boolean KDC_EMPTY_ADDRESSES_ALLOWED = true;
 
     /**
-     * Creates a KRB-AS-REQ to send to the default KDC
+     * Constructs an AS-REQ message.
-     * @throws KrbException
-     * @throws IOException
      */
-     // Called by Credentials
+                                                // Can be null? has default?
-    KrbAsReq(PrincipalName principal, EncryptionKey[] keys)
+    public KrbAsReq(EncryptionKey pakey,        // ok
-        throws KrbException, IOException {
+                      KDCOptions options,       // ok, new KDCOptions()
-        this(keys, // for pre-authentication
+                      PrincipalName cname,      // NO and must have realm
-             false, 0, null, null, // pre-auth values
+                      PrincipalName sname,      // ok, krgtgt@CREALM
-             defaultKDCOptions,
+                      KerberosTime from,        // ok
-             principal,
+                      KerberosTime till,        // ok, will use
-             null, // PrincipalName sname
+                      KerberosTime rtime,       // ok
-             null, // KerberosTime from
+                      int[] eTypes,             // NO
-             null, // KerberosTime till
+                      HostAddresses addresses   // ok
-             null, // KerberosTime rtime
+                      )
-             null, // int[] eTypes
+            throws KrbException, IOException {
-             null, // HostAddresses addresses
-             null); // Ticket[] additionalTickets
-    }
 
-    /**
+        if (options == null) {
-     * Creates a KRB-AS-REQ to send to the default KDC
+            options = new KDCOptions();
-     * with pre-authentication values
-     */
-    KrbAsReq(PrincipalName principal, EncryptionKey[] keys,
-        boolean pa_exists, int etype, String salt, byte[] s2kparams)
-        throws KrbException, IOException {
-        this(keys, // for pre-authentication
-             pa_exists, etype, salt, s2kparams, // pre-auth values
-             defaultKDCOptions,
-             principal,
-             null, // PrincipalName sname
-             null, // KerberosTime from
-             null, // KerberosTime till
-             null, // KerberosTime rtime
-             null, // int[] eTypes
-             null, // HostAddresses addresses
-             null); // Ticket[] additionalTickets
-    }
-
-     private static int[] getETypesFromKeys(EncryptionKey[] keys) {
-         int[] types = new int[keys.length];
-         for (int i = 0; i < keys.length; i++) {
-             types[i] = keys[i].getEType();
-         }
-         return types;
-     }
-
-    // update with pre-auth info
-    public void updatePA(int etype, String salt, byte[] params, PrincipalName name) {
-        // set the pre-auth values
-        pa_exists = true;
-        pa_etype = etype;
-        pa_salt = salt;
-        pa_s2kparams = params;
-
-        // update salt in PrincipalName
-        if (salt != null && salt.length() > 0) {
-            name.setSalt(salt);
-            if (DEBUG) {
-                System.out.println("Updated salt from pre-auth = " + name.getSalt());
-            }
         }
-        PA_ENC_TIMESTAMP_REQUIRED = true;
-    }
-
-     // Used by Kinit
-    public KrbAsReq(
-                    char[] password,
-                    KDCOptions options,
-                    PrincipalName cname,
-                    PrincipalName sname,
-                    KerberosTime from,
-                    KerberosTime till,
-                    KerberosTime rtime,
-                    int[] eTypes,
-                    HostAddresses addresses,
-                    Ticket[] additionalTickets)
-        throws KrbException, IOException {
-        this(password,
-             false, 0, null, null, // pre-auth values
-             options,
-             cname,
-             sname, // PrincipalName sname
-             from,  // KerberosTime from
-             till,  // KerberosTime till
-             rtime, // KerberosTime rtime
-             eTypes, // int[] eTypes
-             addresses, // HostAddresses addresses
-             additionalTickets); // Ticket[] additionalTickets
-    }
-
-     // Used by Kinit
-    public KrbAsReq(
-                    char[] password,
-                    boolean pa_exists,
-                    int etype,
-                    String salt,
-                    byte[] s2kparams,
-                    KDCOptions options,
-                    PrincipalName cname,
-                    PrincipalName sname,
-                    KerberosTime from,
-                    KerberosTime till,
-                    KerberosTime rtime,
-                    int[] eTypes,
-                    HostAddresses addresses,
-                    Ticket[] additionalTickets)
-        throws KrbException, IOException {
-
-        EncryptionKey[] keys = null;
-
-        // update with preauth info
-        if (pa_exists) {
-            updatePA(etype, salt, s2kparams, cname);
-        }
-
-        if (password != null) {
-            keys = EncryptionKey.acquireSecretKeys(password, cname.getSalt(), pa_exists,
-                                                        pa_etype, pa_s2kparams);
-        }
-        if (DEBUG) {
-            System.out.println(">>>KrbAsReq salt is " + cname.getSalt());
-        }
-
-        try {
-            init(
-                 keys,
-                 options,
-                 cname,
-                 sname,
-                 from,
-                 till,
-                 rtime,
-                 eTypes,
-                 addresses,
-                 additionalTickets);
-        }
-        finally {
-            /*
-             * Its ok to destroy the key here because we created it and are
-             * now done with it.
-             */
-             if (keys != null) {
-                 for (int i = 0; i < keys.length; i++) {
-                     keys[i].destroy();
-                 }
-             }
-        }
-    }
-
-     // Used in Kinit
-    public KrbAsReq(
-                    EncryptionKey[] keys,
-                    KDCOptions options,
-                    PrincipalName cname,
-                    PrincipalName sname,
-                    KerberosTime from,
-                    KerberosTime till,
-                    KerberosTime rtime,
-                    int[] eTypes,
-                    HostAddresses addresses,
-                    Ticket[] additionalTickets)
-        throws KrbException, IOException {
-        this(keys,
-             false, 0, null, null, // pre-auth values
-             options,
-             cname,
-             sname, // PrincipalName sname
-             from,  // KerberosTime from
-             till,  // KerberosTime till
-             rtime, // KerberosTime rtime
-             eTypes, // int[] eTypes
-             addresses, // HostAddresses addresses
-             additionalTickets); // Ticket[] additionalTickets
-    }
-
-    // Used by Kinit
-    public KrbAsReq(
-                    EncryptionKey[] keys,
-                    boolean pa_exists,
-                    int etype,
-                    String salt,
-                    byte[] s2kparams,
-                    KDCOptions options,
-                    PrincipalName cname,
-                    PrincipalName sname,
-                    KerberosTime from,
-                    KerberosTime till,
-                    KerberosTime rtime,
-                    int[] eTypes,
-                    HostAddresses addresses,
-                    Ticket[] additionalTickets)
-        throws KrbException, IOException {
-
-        // update with preauth info
-        if (pa_exists) {
-            // update pre-auth info
-            updatePA(etype, salt, s2kparams, cname);
-
-            if (DEBUG) {
-                System.out.println(">>>KrbAsReq salt is " + cname.getSalt());
-            }
-        }
-
-        init(
-             keys,
-             options,
-             cname,
-             sname,
-             from,
-             till,
-             rtime,
-             eTypes,
-             addresses,
-             additionalTickets);
-    }
-
-     /*
-    private KrbAsReq(KDCOptions options,
-             PrincipalName cname,
-             PrincipalName sname,
-             KerberosTime from,
-             KerberosTime till,
-             KerberosTime rtime,
-             int[] eTypes,
-             HostAddresses addresses,
-             Ticket[] additionalTickets)
-        throws KrbException, IOException {
-        init(null,
-             options,
-             cname,
-             sname,
-             from,
-             till,
-             rtime,
-             eTypes,
-             addresses,
-             additionalTickets);
-    }
-*/
-
-    private void init(EncryptionKey[] keys,
-                      KDCOptions options,
-                      PrincipalName cname,
-                      PrincipalName sname,
-                      KerberosTime from,
-                      KerberosTime till,
-                      KerberosTime rtime,
-                      int[] eTypes,
-                      HostAddresses addresses,
-                      Ticket[] additionalTickets )
-        throws KrbException, IOException {
 
         // check if they are valid arguments. The optional fields should be
         // consistent with settings in KDCOptions. Mar 17 2000
@@ -341,189 +89,66 @@ public class KrbAsReq extends KrbKdcReq {
             if (rtime != null)  rtime = null;
         }
 
-        princName = cname;
-        int[] tktETypes = EType.getDefaults("default_tkt_enctypes", keys);
         PAData[] paData = null;
-        if (PA_ENC_TIMESTAMP_REQUIRED) {
+        if (pakey != null) {
-            EncryptionKey key = null;
-            if (pa_etype != EncryptedData.ETYPE_NULL) {
-                if (DEBUG) {
-                    System.out.println("Pre-Authenticaton: find key for etype = " + pa_etype);
-                }
-                key = EncryptionKey.findKey(pa_etype, keys);
-            } else {
-                if (tktETypes.length > 0) {
-                    key = EncryptionKey.findKey(tktETypes[0], keys);
-                }
-            }
-            if (DEBUG) {
-                System.out.println("AS-REQ: Add PA_ENC_TIMESTAMP now");
-            }
             PAEncTSEnc ts = new PAEncTSEnc();
             byte[] temp = ts.asn1Encode();
-            if (key != null) {
+            EncryptedData encTs = new EncryptedData(pakey, temp,
-                // Use first key in list
+                KeyUsage.KU_PA_ENC_TS);
-                EncryptedData encTs = new EncryptedData(key, temp,
+            paData = new PAData[1];
-                    KeyUsage.KU_PA_ENC_TS);
+            paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
-                paData = new PAData[1];
+                                    encTs.asn1Encode());
-                paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
+        }
-                                        encTs.asn1Encode());
+
-            }
+        if (cname.getRealm() == null) {
+            throw new RealmException(Krb5.REALM_NULL,
+                                     "default realm not specified ");
         }
 
         if (DEBUG) {
-            System.out.println(">>> KrbAsReq calling createMessage");
+            System.out.println(">>> KrbAsReq creating message");
-        }
-
-        if (eTypes == null) {
-            eTypes = tktETypes;
         }
 
         // check to use addresses in tickets
-        if (Config.getInstance().useAddresses()) {
+        if (addresses == null && Config.getInstance().useAddresses()) {
-            KDC_EMPTY_ADDRESSES_ALLOWED = false;
-        }
-        // get the local InetAddress if required
-        if (addresses == null && !KDC_EMPTY_ADDRESSES_ALLOWED) {
             addresses = HostAddresses.getLocalAddresses();
         }
 
-        asReqMessg = createMessage(
-                                   paData,
-                                   options,
-                                   cname,
-                                   cname.getRealm(),
-                                   sname,
-                                   from,
-                                   till,
-                                   rtime,
-                                   eTypes,
-                                   addresses,
-                                   additionalTickets);
-        obuf = asReqMessg.asn1Encode();
-    }
-
-    /**
-     * Returns an AS-REP message corresponding to the AS-REQ that
-     * was sent.
-     * @param password The password that will be used to derive the
-     * secret key that will decrypt the AS-REP from  the KDC.
-     * @exception KrbException if an error occurs while reading the data.
-     * @exception IOException if an I/O error occurs while reading encoded data.
-     */
-    public KrbAsRep getReply(char[] password)
-        throws KrbException, IOException {
-
-        if (password == null)
-            throw new KrbException(Krb5.API_INVALID_ARG);
-        KrbAsRep temp = null;
-        EncryptionKey[] keys = null;
-        try {
-            keys = EncryptionKey.acquireSecretKeys(password,
-                princName.getSalt(), pa_exists, pa_etype, pa_s2kparams);
-            temp = getReply(keys);
-        } finally {
-            /*
-             * Its ok to destroy the key here because we created it and are
-             * now done with it.
-             */
-             if (keys != null) {
-                for (int i = 0; i < keys.length; i++) {
-                    keys[i].destroy();
-                }
-             }
-        }
-        return temp;
-    }
-
-    /**
-     * Sends an AS request to the realm of the client.
-     * returns the KDC hostname that the request was sent to
-     */
-
-    public String send()
-        throws IOException, KrbException
-    {
-        String realmStr = null;
-        if (princName != null)
-            realmStr = princName.getRealmString();
-
-        return (send(realmStr));
-    }
-
-    /**
-     * Returns an AS-REP message corresponding to the AS-REQ that
-     * was sent.
-     * @param keys The secret keys that will decrypt the AS-REP from
-     * the KDC; key selected depends on etype used to encrypt data.
-     * @exception KrbException if an error occurs while reading the data.
-     * @exception IOException if an I/O error occurs while reading encoded
-     * data.
-     *
-     */
-    public KrbAsRep getReply(EncryptionKey[] keys)
-        throws KrbException,IOException {
-        return new KrbAsRep(ibuf, keys, this);
-    }
-
-    private ASReq createMessage(
-                        PAData[] paData,
-                        KDCOptions kdc_options,
-                        PrincipalName cname,
-                        Realm crealm,
-                        PrincipalName sname,
-                        KerberosTime from,
-                        KerberosTime till,
-                        KerberosTime rtime,
-                        int[] eTypes,
-                        HostAddresses addresses,
-                        Ticket[] additionalTickets
-                        ) throws Asn1Exception, KrbApErrException,
-                        RealmException, UnknownHostException, IOException {
-
-        if (DEBUG) {
-            System.out.println(">>> KrbAsReq in createMessage");
-        }
-
-        PrincipalName req_sname = null;
         if (sname == null) {
-            if (crealm == null) {
+            sname = new PrincipalName("krbtgt" +
-                throw new RealmException(Krb5.REALM_NULL,
+                                      PrincipalName.NAME_COMPONENT_SEPARATOR +
-                                         "default realm not specified ");
+                                      cname.getRealmAsString(),
-            }
+                            PrincipalName.KRB_NT_SRV_INST);
-            req_sname = new PrincipalName(
-                                          "krbtgt" +
-                                          PrincipalName.NAME_COMPONENT_SEPARATOR +
-                                          crealm.toString(),
-                                          PrincipalName.KRB_NT_SRV_INST);
-        } else
-            req_sname = sname;
-
-        KerberosTime req_till = null;
-        if (till == null) {
-            req_till = new KerberosTime();
-        } else {
-            req_till = till;
         }
 
-        KDCReqBody kdc_req_body = new KDCReqBody(kdc_options,
+        if (till == null) {
+            till = new KerberosTime(0); // Choose KDC maximum allowed
+        }
+
+        // enc-authorization-data and additional-tickets never in AS-REQ
+        KDCReqBody kdc_req_body = new KDCReqBody(options,
                                                  cname,
-                                                 crealm,
+                                                 cname.getRealm(),
-                                                 req_sname,
+                                                 sname,
                                                  from,
-                                                 req_till,
+                                                 till,
                                                  rtime,
                                                  Nonce.value(),
                                                  eTypes,
                                                  addresses,
                                                  null,
-                                                 additionalTickets);
+                                                 null);
 
-        return new ASReq(
+        asReqMessg = new ASReq(
                          paData,
                          kdc_req_body);
     }
 
+    byte[] encoding() throws IOException, Asn1Exception {
+        return asReqMessg.asn1Encode();
+    }
+
+    // Used by KrbAsRep to validate AS-REP
     ASReq getMessage() {
         return asReqMessg;
     }

jdk/src/share/classes/sun/security/krb5/KrbAsReqBuilder.java

@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.krb5;
+
+import java.io.IOException;
+import java.util.Arrays;
+import sun.security.krb5.internal.HostAddresses;
+import sun.security.krb5.internal.KDCOptions;
+import sun.security.krb5.internal.KRBError;
+import sun.security.krb5.internal.KerberosTime;
+import sun.security.krb5.internal.Krb5;
+import sun.security.krb5.internal.PAData;
+import sun.security.krb5.internal.crypto.EType;
+
+/**
+ * A manager class for AS-REQ communications.
+ *
+ * This class does:
+ * 1. Gather information to create AS-REQ
+ * 2. Create and send AS-REQ
+ * 3. Receive AS-REP and KRB-ERROR (-KRB_ERR_RESPONSE_TOO_BIG) and parse them
+ * 4. Emit credentials and secret keys (for JAAS storeKey=true)
+ *
+ * This class does not:
+ * 1. Deal with real communications (KdcComm does it, and TGS-REQ)
+ *    a. Name of KDCs for a realm
+ *    b. Server availability, timeout, UDP or TCP
+ *    d. KRB_ERR_RESPONSE_TOO_BIG
+ *
+ * With this class:
+ * 1. KrbAsReq has only one constructor
+ * 2. Krb5LoginModule and Kinit call a single builder
+ * 3. Better handling of sensitive info
+ *
+ * @since 1.7
+ */
+
+public final class KrbAsReqBuilder {
+
+    // Common data for AS-REQ fields
+    private KDCOptions options;
+    private PrincipalName cname;
+    private PrincipalName sname;
+    private KerberosTime from;
+    private KerberosTime till;
+    private KerberosTime rtime;
+    private HostAddresses addresses;
+
+    // Secret source: can't be changed once assigned, only one (of the two
+    // sources) can be set and should be non-null
+    private EncryptionKey[] keys;
+    private char[] password;
+
+    // Used to create a ENC-TIMESTAMP in the 2nd AS-REQ
+    private EncryptionKey pakey;
+    private PAData[] paList;        // PA-DATA from both KRB-ERROR and AS-REP.
+                                    // Used by getKeys() only.
+                                    // Only AS-REP should be enough per RFC,
+                                    // combined in case etypes are different.
+
+    // The generated and received:
+    int[] eTypes;
+    private KrbAsReq req;
+    private KrbAsRep rep;
+
+    private static enum State {
+        INIT,       // Initialized, can still add more initialization info
+        REQ_OK,     // AS-REQ performed
+        DESTROYED,  // Destroyed, not usable anymore
+    }
+    private State state;
+
+    // Called by other constructors
+    private KrbAsReqBuilder(PrincipalName cname)
+            throws KrbException {
+        if (cname.getRealm() == null) {
+            cname.setRealm(Config.getInstance().getDefaultRealm());
+        }
+        this.cname = cname;
+        state = State.INIT;
+    }
+
+    /**
+     * Creates a builder to be used by {@code cname} with existing keys.
+     *
+     * @param cname the client of the AS-REQ. Must not be null. Might have no
+     * realm, where default realm will be used. This realm will be the target
+     * realm for AS-REQ. I believe a client should only get initial TGT from
+     * its own realm.
+     * @param keys must not be null. if empty, might be quite useless.
+     * This argument will neither be modified nor stored by the method.
+     * @throws KrbException
+     */
+    public KrbAsReqBuilder(PrincipalName cname, EncryptionKey[] keys)
+            throws KrbException {
+        this(cname);
+        this.keys = new EncryptionKey[keys.length];
+        for (int i=0; i<keys.length; i++) {
+            this.keys[i] = (EncryptionKey)keys[i].clone();
+        }
+        eTypes = EType.getDefaults("default_tkt_enctypes", keys);
+    }
+
+    /**
+     * Creates a builder to be used by {@code cname} with a known password.
+     *
+     * @param cname the client of the AS-REQ. Must not be null. Might have no
+     * realm, where default realm will be used. This realm will be the target
+     * realm for AS-REQ. I believe a client should only get initial TGT from
+     * its own realm.
+     * @param pass must not be null. This argument will neither be modified
+     * nor stored by the method.
+     * @throws KrbException
+     */
+    public KrbAsReqBuilder(PrincipalName cname, char[] pass)
+            throws KrbException {
+        this(cname);
+        this.password = pass.clone();
+        eTypes = EType.getDefaults("default_tkt_enctypes");
+    }
+
+    /**
+     * Retrieves an array of secret keys for the client. This is useful if
+     * the client supplies password but need keys to act as an acceptor
+     * (in JAAS words, isInitiator=true and storeKey=true)
+     * @return original keys if initiated with keys, or generated keys if
+     * password. In latter case, PA-DATA from server might be used to
+     * generate keys. All "default_tkt_enctypes" keys will be generated,
+     * Never null.
+     * @throws KrbException
+     */
+    public EncryptionKey[] getKeys() throws KrbException {
+        checkState(State.REQ_OK, "Cannot get keys");
+        if (keys != null) {
+            EncryptionKey[] result = new EncryptionKey[keys.length];
+            for (int i=0; i<keys.length; i++) {
+                result[i] = (EncryptionKey)keys[i].clone();
+            }
+            return result;
+        } else {
+            EncryptionKey[] result = new EncryptionKey[eTypes.length];
+
+            /*
+             * Returns an array of keys. Before KrbAsReqBuilder, all etypes
+             * use the same salt which is either the default one or a new salt
+             * coming from PA-DATA. After KrbAsReqBuilder, each etype uses its
+             * own new salt from PA-DATA. For an etype with no PA-DATA new salt
+             * at all, what salt should it use?
+             *
+             * Commonly, the stored keys are only to be used by an acceptor to
+             * decrypt service ticket in AP-REQ. Most impls only allow keys
+             * from a keytab on acceptor, but unfortunately (?) Java supports
+             * acceptor using password. In this case, if the service ticket is
+             * encrypted using an etype which we don't have PA-DATA new salt,
+             * using the default salt is normally wrong (say, case-insensitive
+             * user name). Instead, we would use the new salt of another etype.
+             */
+
+            String salt = null;     // the saved new salt
+            for (int i=0; i<eTypes.length; i++) {
+                PAData.SaltAndParams snp =
+                        PAData.getSaltAndParams(eTypes[i], paList);
+                // First round, only calculate those with new salt
+                if (snp.salt != null) {
+                    salt = snp.salt;
+                    result[i] = EncryptionKey.acquireSecretKey(password,
+                            snp.salt,
+                            eTypes[i],
+                            snp.params);
+                }
+            }
+            if (salt == null) salt = cname.getSalt();
+            for (int i=0; i<eTypes.length; i++) {
+                // Second round, calculate those with no new salt
+                if (result[i] == null) {
+                    PAData.SaltAndParams snp =
+                            PAData.getSaltAndParams(eTypes[i], paList);
+                    result[i] = EncryptionKey.acquireSecretKey(password,
+                            salt,
+                            eTypes[i],
+                            snp.params);
+                }
+            }
+            return result;
+        }
+    }
+
+    /**
+     * Sets or clears options. If cleared, default options will be used
+     * at creation time.
+     * @param options
+     */
+    public void setOptions(KDCOptions options) {
+        checkState(State.INIT, "Cannot specify options");
+        this.options = options;
+    }
+
+    /**
+     * Sets or clears target. If cleared, KrbAsReq might choose krbtgt
+     * for cname realm
+     * @param sname
+     */
+    public void setTarget(PrincipalName sname) {
+        checkState(State.INIT, "Cannot specify target");
+        this.sname = sname;
+    }
+
+    /**
+     * Adds or clears addresses. KrbAsReq might add some if empty
+     * field not allowed
+     * @param addresses
+     */
+    public void setAddresses(HostAddresses addresses) {
+        checkState(State.INIT, "Cannot specify addresses");
+        this.addresses = addresses;
+    }
+
+    /**
+     * Build a KrbAsReq object from all info fed above. Normally this method
+     * will be called twice: initial AS-REQ and second with pakey
+     * @return the KrbAsReq object
+     * @throws KrbException
+     * @throws IOException
+     */
+    private KrbAsReq build() throws KrbException, IOException {
+        return new KrbAsReq(pakey,
+            options,
+            cname,
+            sname,
+            from,
+            till,
+            rtime,
+            eTypes,
+            addresses);
+    }
+
+    /**
+     * Parses AS-REP, decrypts enc-part, retrieves ticket and session key
+     * @throws KrbException
+     * @throws Asn1Exception
+     * @throws IOException
+     */
+    private KrbAsReqBuilder resolve() throws KrbException, Asn1Exception, IOException {
+        if (keys != null) {
+            rep.decryptUsingKeys(keys, req);
+        } else {
+            rep.decryptUsingPassword(password, req, cname);
+        }
+        if (rep.getPA() != null) {
+            if (paList == null || paList.length == 0) {
+                paList = rep.getPA();
+            } else {
+                int extraLen = rep.getPA().length;
+                if (extraLen > 0) {
+                    int oldLen = paList.length;
+                    paList = Arrays.copyOf(paList, paList.length + extraLen);
+                    System.arraycopy(rep.getPA(), 0, paList, oldLen, extraLen);
+                }
+            }
+        }
+        return this;
+    }
+
+    /**
+     * Communication until AS-REP or non preauth-related KRB-ERROR received
+     * @throws KrbException
+     * @throws IOException
+     */
+    private KrbAsReqBuilder send() throws KrbException, IOException {
+        boolean preAuthFailedOnce = false;
+        KdcComm comm = new KdcComm(cname.getRealmAsString());
+        while (true) {
+            try {
+                req = build();
+                rep = new KrbAsRep(comm.send(req.encoding()));
+                return this;
+            } catch (KrbException ke) {
+                if (!preAuthFailedOnce && (
+                        ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED ||
+                        ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
+                    if (Krb5.DEBUG) {
+                        System.out.println("KrbAsReqBuilder: " +
+                                "PREAUTH FAILED/REQ, re-send AS-REQ");
+                    }
+                    preAuthFailedOnce = true;
+                    KRBError kerr = ke.getError();
+                    if (password == null) {
+                        pakey = EncryptionKey.findKey(kerr.getEType(), keys);
+                    } else {
+                        PAData.SaltAndParams snp = PAData.getSaltAndParams(
+                                kerr.getEType(), kerr.getPA());
+                        if (kerr.getEType() == 0) {
+                            // Possible if PA-PW-SALT is in KRB-ERROR. RFC
+                            // does not recommend this
+                            pakey = EncryptionKey.acquireSecretKey(password,
+                                    snp.salt == null ? cname.getSalt() : snp.salt,
+                                    eTypes[0],
+                                    null);
+                        } else {
+                            pakey = EncryptionKey.acquireSecretKey(password,
+                                    snp.salt == null ? cname.getSalt() : snp.salt,
+                                    kerr.getEType(),
+                                    snp.params);
+                        }
+                    }
+                    paList = kerr.getPA();  // Update current paList
+                } else {
+                    throw ke;
+                }
+            }
+        }
+    }
+
+    /**
+     * Performs AS-REQ send and AS-REP receive.
+     * Maybe a state is needed here, to divide prepare process and getCreds.
+     * @throws KrbException
+     * @throws Asn1Exception
+     * @throws IOException
+     */
+    public KrbAsReqBuilder action()
+            throws KrbException, Asn1Exception, IOException {
+        checkState(State.INIT, "Cannot call action");
+        state = State.REQ_OK;
+        return send().resolve();
+    }
+
+    /**
+     * Gets Credentials object after action
+     */
+    public Credentials getCreds() {
+        checkState(State.REQ_OK, "Cannot retrieve creds");
+        return rep.getCreds();
+    }
+
+    /**
+     * Gets another type of Credentials after action
+     */
+    public sun.security.krb5.internal.ccache.Credentials getCCreds() {
+        checkState(State.REQ_OK, "Cannot retrieve CCreds");
+        return rep.getCCreds();
+    }
+
+    /**
+     * Destroys the object and clears keys and password info.
+     */
+    public void destroy() {
+        state = State.DESTROYED;
+        if (keys != null) {
+            for (EncryptionKey k: keys) {
+                k.destroy();
+            }
+            keys = null;
+        }
+        if (password != null) {
+            Arrays.fill(password, (char)0);
+            password = null;
+        }
+    }
+
+    /**
+     * Checks if the current state is the specified one.
+     * @param st the expected state
+     * @param msg error message if state is not correct
+     * @throws IllegalStateException if state is not correct
+     */
+    private void checkState(State st, String msg) {
+        if (state != st) {
+            throw new IllegalStateException(msg + " at " + st + " state");
+        }
+    }
+}

jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,20 +31,16 @@
 
 package sun.security.krb5;
 
-import sun.security.util.*;
-import sun.security.krb5.EncryptionKey;
 import sun.security.krb5.internal.*;
 import sun.security.krb5.internal.crypto.*;
 import java.io.IOException;
 import java.net.UnknownHostException;
-import java.util.StringTokenizer;
-import java.io.InterruptedIOException;
 
 /**
  * This class encapsulates a Kerberos TGS-REQ that is sent from the
  * client to the KDC.
  */
-public class KrbTgsReq extends KrbKdcReq {
+public class KrbTgsReq {
 
     private PrincipalName princName;
     private PrincipalName servName;
@@ -56,7 +52,8 @@ public class KrbTgsReq extends KrbKdcReq {
 
     private static final boolean DEBUG = Krb5.DEBUG;
 
-    private int defaultTimeout = 30*1000; // 30 seconds
+    private byte[] obuf;
+    private byte[] ibuf;
 
      // Used in CredentialsUtil
     public KrbTgsReq(Credentials asCreds,
@@ -182,11 +179,12 @@ public class KrbTgsReq extends KrbKdcReq {
      * @throws KrbException
      * @throws IOException
      */
-    public String send() throws IOException, KrbException {
+    public void send() throws IOException, KrbException {
         String realmStr = null;
         if (servName != null)
             realmStr = servName.getRealmString();
-        return (send(realmStr));
+        KdcComm comm = new KdcComm(realmStr);
+        ibuf = comm.send(obuf);
     }
 
     public KrbTgsRep getReply()
@@ -201,18 +199,8 @@ public class KrbTgsReq extends KrbKdcReq {
     public Credentials sendAndGetCreds() throws IOException, KrbException {
         KrbTgsRep tgs_rep = null;
         String kdc = null;
-        try {
+        send();
-            kdc = send();
+        tgs_rep = getReply();
-            tgs_rep = getReply();
-        } catch (KrbException ke) {
-            if (ke.returnCode() == Krb5.KRB_ERR_RESPONSE_TOO_BIG) {
-                // set useTCP and retry
-                send(servName.getRealmString(), kdc, true);
-                tgs_rep = getReply();
-            } else {
-                throw ke;
-            }
-        }
         return tgs_rep.getCreds();
     }
 
@@ -240,7 +228,7 @@ public class KrbTgsReq extends KrbKdcReq {
                UnknownHostException, KrbCryptoException {
         KerberosTime req_till = null;
         if (till == null) {
-            req_till = new KerberosTime();
+            req_till = new KerberosTime(0);
         } else {
             req_till = till;
         }

jdk/src/share/classes/sun/security/krb5/PrincipalName.java

@@ -511,10 +511,6 @@ public class PrincipalName
         return salt;
     }
 
-    public void setSalt(String salt) {
-        this.salt = salt;
-    }
-
     public String toString() {
         StringBuffer str = new StringBuffer();
         for (int i = 0; i < nameStrings.length; i++) {

jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java

@@ -32,7 +32,6 @@ package sun.security.krb5.internal;
 
 import sun.security.krb5.*;
 import sun.security.util.*;
-import java.util.Vector;
 import java.io.IOException;
 import java.math.BigInteger;
 
@@ -69,7 +68,7 @@ public class KDCRep {
     public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding
     private int pvno;
     private int msgType;
-    private PAData[] pAData = null; //optional
+    public PAData[] pAData = null; //optional
     private boolean DEBUG = Krb5.DEBUG;
 
     public KDCRep(

jdk/src/share/classes/sun/security/krb5/internal/KRBError.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,9 @@ import sun.security.util.*;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.math.BigInteger;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import sun.security.krb5.internal.util.KerberosString;
 /**
  * Implements the ASN.1 KRBError type.
@@ -96,10 +98,8 @@ public class KRBError implements java.io.Serializable {
     private byte[] eData; //optional
     private Checksum eCksum; //optional
 
-    // pre-auth info
+    private PAData[] pa;    // PA-DATA in eData
-    private int etype = 0;
+    private int pa_eType;   // The 1st etype appeared in salt-related PAData
-    private String salt = null;
-    private byte[] s2kparams = null;
 
     private static boolean DEBUG = Krb5.DEBUG;
 
@@ -260,10 +260,12 @@ public class KRBError implements java.io.Serializable {
     private void parsePAData(byte[] data)
             throws IOException, Asn1Exception {
         DerValue derPA = new DerValue(data);
+        List<PAData> paList = new ArrayList<PAData>();
         while (derPA.data.available() > 0) {
             // read the PA-DATA
             DerValue tmp = derPA.data.getDerValue();
             PAData pa_data = new PAData(tmp);
+            paList.add(pa_data);
             int pa_type = pa_data.getType();
             byte[] pa_value = pa_data.getValue();
             if (DEBUG) {
@@ -280,24 +282,13 @@ public class KRBError implements java.io.Serializable {
                 case Krb5.PA_ETYPE_INFO:
                     if (pa_value != null) {
                         DerValue der = new DerValue(pa_value);
-                        DerValue value = der.data.getDerValue();
-                        ETypeInfo info = new ETypeInfo(value);
-                        etype = info.getEType();
-                        salt = info.getSalt();
-                        if (DEBUG) {
-                            System.out.println("\t PA-ETYPE-INFO etype = " + etype);
-                            System.out.println("\t PA-ETYPE-INFO salt = " + salt);
-                        }
                         while (der.data.available() > 0) {
-                            value = der.data.getDerValue();
+                            DerValue value = der.data.getDerValue();
-                            info = new ETypeInfo(value);
+                            ETypeInfo info = new ETypeInfo(value);
+                            if (pa_eType == 0) pa_eType = info.getEType();
                             if (DEBUG) {
-                                etype = info.getEType();
+                                System.out.println("\t PA-ETYPE-INFO etype = " + info.getEType());
-                                System.out.println("\t salt for " + etype
+                                System.out.println("\t PA-ETYPE-INFO salt = " + info.getSalt());
-                                        + " is " + info.getSalt());
-                            }
-                            if (salt == null || salt.isEmpty()) {
-                                salt = info.getSalt();
                             }
                         }
                     }
@@ -305,25 +296,13 @@ public class KRBError implements java.io.Serializable {
                 case Krb5.PA_ETYPE_INFO2:
                     if (pa_value != null) {
                         DerValue der = new DerValue(pa_value);
-                        DerValue value = der.data.getDerValue();
-                        ETypeInfo2 info2 = new ETypeInfo2(value);
-                        etype = info2.getEType();
-                        salt = info2.getSalt();
-                        s2kparams = info2.getParams();
-                        if (DEBUG) {
-                            System.out.println("\t PA-ETYPE-INFO2 etype = " + etype);
-                            System.out.println("\t PA-ETYPE-INFO salt = " + salt);
-                        }
                         while (der.data.available() > 0) {
-                            value = der.data.getDerValue();
+                            DerValue value = der.data.getDerValue();
-                            info2 = new ETypeInfo2(value);
+                            ETypeInfo2 info2 = new ETypeInfo2(value);
+                            if (pa_eType == 0) pa_eType = info2.getEType();
                             if (DEBUG) {
-                                etype = info2.getEType();
+                                System.out.println("\t PA-ETYPE-INFO2 etype = " + info2.getEType());
-                                System.out.println("\t salt for " + etype
+                                System.out.println("\t PA-ETYPE-INFO2 salt = " + info2.getSalt());
-                                        + " is " + info2.getSalt());
-                            }
-                            if (salt == null || salt.isEmpty()) {
-                                salt = info2.getSalt();
                             }
                         }
                     }
@@ -333,6 +312,7 @@ public class KRBError implements java.io.Serializable {
                     break;
             }
         }
+        pa = paList.toArray(new PAData[paList.size()]);
     }
 
     public final KerberosTime getServerTime() {
@@ -356,18 +336,12 @@ public class KRBError implements java.io.Serializable {
     }
 
     // access pre-auth info
+    public final PAData[] getPA() {
+        return pa;
+    }
+
     public final int getEType() {
-        return etype;
+        return pa_eType;
-    }
-
-    // access pre-auth info
-    public final String getSalt() {
-        return salt;
-    }
-
-    // access pre-auth info
-    public final byte[] getParams() {
-        return ((s2kparams == null) ? null : s2kparams.clone());
     }
 
     public final String getErrorString() {

jdk/src/share/classes/sun/security/krb5/internal/KerberosTime.java

@@ -77,11 +77,6 @@ public class KerberosTime implements Cloneable {
     public static final boolean NOW = true;
     public static final boolean UNADJUSTED_NOW = false;
 
-    //defaults to zero instead of now; use setNow() for current time
-    public KerberosTime() {
-        kerberosTime = 0;
-    }
-
     public KerberosTime(long time) {
         kerberosTime = time;
     }

jdk/src/share/classes/sun/security/krb5/internal/NetClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,18 +34,38 @@ package sun.security.krb5.internal;
 import java.io.*;
 import java.net.*;
 
-public class TCPClient {
+public abstract class NetClient {
+    public static NetClient getInstance(String protocol, String hostname, int port,
+            int timeout) throws IOException {
+        if (protocol.equals("TCP")) {
+            return new TCPClient(hostname, port, timeout);
+        } else {
+            return new UDPClient(hostname, port, timeout);
+        }
+    }
+
+    abstract public void send(byte[] data) throws IOException;
+
+    abstract public byte[] receive() throws IOException;
+
+    abstract public void close() throws IOException;
+}
+
+class TCPClient extends NetClient {
 
     private Socket tcpSocket;
     private BufferedOutputStream out;
     private BufferedInputStream in;
 
-    public TCPClient(String hostname, int port) throws IOException {
+    TCPClient(String hostname, int port, int timeout)
+            throws IOException {
         tcpSocket = new Socket(hostname, port);
         out = new BufferedOutputStream(tcpSocket.getOutputStream());
         in = new BufferedInputStream(tcpSocket.getInputStream());
+        tcpSocket.setSoTimeout(timeout);
     }
 
+    @Override
     public void send(byte[] data) throws IOException {
         byte[] lenField = new byte[4];
         intToNetworkByteOrder(data.length, lenField, 0, 4);
@@ -55,6 +75,7 @@ public class TCPClient {
         out.flush();
     }
 
+    @Override
     public byte[] receive() throws IOException {
         byte[] lenField = new byte[4];
         int count = readFully(lenField, 4);
@@ -94,6 +115,7 @@ public class TCPClient {
         }
     }
 
+    @Override
     public void close() throws IOException {
         tcpSocket.close();
     }
@@ -120,7 +142,7 @@ public class TCPClient {
     /**
      * Returns the integer represented by 4 bytes in network byte order.
      */
-    private static final int networkByteOrderToInt(byte[] buf, int start,
+    private static int networkByteOrderToInt(byte[] buf, int start,
         int count) {
         if (count > 4) {
             throw new IllegalArgumentException(
@@ -140,7 +162,7 @@ public class TCPClient {
      * Encodes an integer into 4 bytes in network byte order in the buffer
      * supplied.
      */
-    private static final void intToNetworkByteOrder(int num, byte[] buf,
+    private static void intToNetworkByteOrder(int num, byte[] buf,
         int start, int count) {
         if (count > 4) {
             throw new IllegalArgumentException(
@@ -153,3 +175,47 @@ public class TCPClient {
         }
     }
 }
+
+class UDPClient extends NetClient {
+    InetAddress iaddr;
+    int iport;
+    int bufSize = 65507;
+    DatagramSocket dgSocket;
+    DatagramPacket dgPacketIn;
+
+    UDPClient(String hostname, int port, int timeout)
+        throws UnknownHostException, SocketException {
+        iaddr = InetAddress.getByName(hostname);
+        iport = port;
+        dgSocket = new DatagramSocket();
+        dgSocket.setSoTimeout(timeout);
+    }
+
+    @Override
+    public void send(byte[] data) throws IOException {
+        DatagramPacket dgPacketOut = new DatagramPacket(data, data.length,
+                                                        iaddr, iport);
+        dgSocket.send(dgPacketOut);
+    }
+
+    @Override
+    public byte[] receive() throws IOException {
+        byte ibuf[] = new byte[bufSize];
+        dgPacketIn = new DatagramPacket(ibuf, ibuf.length);
+        try {
+            dgSocket.receive(dgPacketIn);
+        }
+        catch (SocketException e) {
+            dgSocket.receive(dgPacketIn);
+        }
+        byte[] data = new byte[dgPacketIn.getLength()];
+        System.arraycopy(dgPacketIn.getData(), 0, data, 0,
+                         dgPacketIn.getLength());
+        return data;
+    }
+
+    @Override
+    public void close() {
+        dgSocket.close();
+    }
+}

jdk/src/share/classes/sun/security/krb5/internal/PAData.java

@@ -30,9 +30,11 @@
 
 package sun.security.krb5.internal;
 
+import sun.security.krb5.KrbException;
 import sun.security.util.*;
 import sun.security.krb5.Asn1Exception;
 import java.io.IOException;
+import sun.security.krb5.internal.util.KerberosString;
 
 /**
  * Implements the ASN.1 PA-DATA type.
@@ -135,4 +137,75 @@ public class PAData {
     public byte[] getValue() {
         return ((pADataValue == null) ? null : pADataValue.clone());
     }
+
+    /**
+     * A place to store a pair of salt and s2kparams.
+     * An empty salt is changed to null, to be interopable
+     * with Windows 2000 server.
+     */
+    public static class SaltAndParams {
+        public final String salt;
+        public final byte[] params;
+        public SaltAndParams(String s, byte[] p) {
+            if (s != null && s.isEmpty()) s = null;
+            this.salt = s;
+            this.params = p;
+        }
+    }
+
+    /**
+     * Fetches salt and s2kparams value for eType in a series of PA-DATAs.
+     * The preference order is PA-ETYPE-INFO2 > PA-ETYPE-INFO > PA-PW-SALT.
+     * If multiple PA-DATA for the same etype appears, use the last one.
+     * (This is useful when PA-DATAs from KRB-ERROR and AS-REP are combined).
+     * @return salt and s2kparams. never null, its field might be null.
+     */
+    public static SaltAndParams getSaltAndParams(int eType, PAData[] pas)
+            throws Asn1Exception, KrbException {
+
+        if (pas == null || pas.length == 0) {
+            return new SaltAndParams(null, null);
+        }
+
+        String paPwSalt = null;
+        ETypeInfo2 info2 = null;
+        ETypeInfo info = null;
+
+        for (PAData p: pas) {
+            if (p.getValue() != null) {
+                try {
+                    switch (p.getType()) {
+                        case Krb5.PA_PW_SALT:
+                            paPwSalt = new String(p.getValue(),
+                                    KerberosString.MSNAME?"UTF8":"8859_1");
+                            break;
+                        case Krb5.PA_ETYPE_INFO:
+                            DerValue der = new DerValue(p.getValue());
+                            while (der.data.available() > 0) {
+                                DerValue value = der.data.getDerValue();
+                                ETypeInfo tmp = new ETypeInfo(value);
+                                if (tmp.getEType() == eType) info = tmp;
+                            }
+                            break;
+                        case Krb5.PA_ETYPE_INFO2:
+                            der = new DerValue(p.getValue());
+                            while (der.data.available() > 0) {
+                                DerValue value = der.data.getDerValue();
+                                ETypeInfo2 tmp = new ETypeInfo2(value);
+                                if (tmp.getEType() == eType) info2 = tmp;
+                            }
+                            break;
+                    }
+                } catch (IOException ioe) {
+                    // Ignored
+                }
+            }
+        }
+        if (info2 != null) {
+            return new SaltAndParams(info2.getSalt(), info2.getParams());
+        } else if (info != null) {
+            return new SaltAndParams(info.getSalt(), null);
+        }
+        return new SaltAndParams(paPwSalt, null);
+    }
 }

jdk/src/share/classes/sun/security/krb5/internal/UDPClient.java

@@ -1,99 +0,0 @@
-/*
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- *
- *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
- *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
- */
-
-package sun.security.krb5.internal;
-
-import java.io.*;
-import java.net.*;
-
-public class UDPClient {
-    InetAddress iaddr;
-    int iport;
-    int bufSize = 65507;
-    DatagramSocket dgSocket;
-    DatagramPacket dgPacketIn;
-
-    public UDPClient(InetAddress newIAddr, int port)
-        throws SocketException {
-        iaddr = newIAddr;
-        iport = port;
-        dgSocket = new DatagramSocket();
-    }
-
-    public UDPClient(String hostname, int port)
-        throws UnknownHostException, SocketException {
-        iaddr = InetAddress.getByName(hostname);
-        iport = port;
-        dgSocket = new DatagramSocket();
-    }
-
-    public UDPClient(String hostname, int port, int timeout)
-        throws UnknownHostException, SocketException {
-        iaddr = InetAddress.getByName(hostname);
-        iport = port;
-        dgSocket = new DatagramSocket();
-        dgSocket.setSoTimeout(timeout);
-    }
-
-    public void setBufSize(int newBufSize) {
-        bufSize = newBufSize;
-    }
-
-    public InetAddress getInetAddress() {
-        if (dgPacketIn != null)
-            return dgPacketIn.getAddress();
-        return null;
-    }
-
-    public void send(byte[] data) throws IOException {
-        DatagramPacket dgPacketOut = new DatagramPacket(data, data.length,
-                                                        iaddr, iport);
-        dgSocket.send(dgPacketOut);
-    }
-
-    public byte[] receive() throws IOException {
-        byte ibuf[] = new byte[bufSize];
-        dgPacketIn = new DatagramPacket(ibuf, ibuf.length);
-        try {
-            dgSocket.receive(dgPacketIn);
-        }
-        catch (SocketException e) {
-            dgSocket.receive(dgPacketIn);
-        }
-        byte[] data = new byte[dgPacketIn.getLength()];
-        System.arraycopy(dgPacketIn.getData(), 0, data, 0,
-                         dgPacketIn.getLength());
-        return data;
-    }
-
-    public void close() {
-        dgSocket.close();
-    }
-}

jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java

@@ -1123,7 +1123,7 @@ public final class SunPKCS11 extends AuthProvider {
 
             java.text.MessageFormat form = new java.text.MessageFormat
                         (ResourcesMgr.getString
-                        ("PKCS11 Token [providerName] Password: "));
+                        ("PKCS11.Token.providerName.Password."));
             Object[] source = { getName() };
 
             PasswordCallback pcall = new PasswordCallback(form.format(source),

jdk/src/share/classes/sun/security/provider/PolicyFile.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -653,7 +653,7 @@ public class PolicyFile extends java.security.Policy {
             }
         } catch (PolicyParser.ParsingException pe) {
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                (POLICY + ": error parsing policy:\n\tmessage"));
+                (POLICY + ".error.parsing.policy.message"));
             Object[] source = {policy, pe.getLocalizedMessage()};
             System.err.println(form.format(source));
             if (debug != null)
@@ -895,7 +895,7 @@ public class PolicyFile extends java.security.Policy {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
                          (POLICY +
-                          ": error adding Permission, perm:\n\tmessage"));
+                          ".error.adding.Permission.perm.message"));
                     Object[] source = {pe.permission,
                                        ite.getTargetException().toString()};
                     System.err.println(form.format(source));
@@ -903,7 +903,7 @@ public class PolicyFile extends java.security.Policy {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
                          (POLICY +
-                          ": error adding Permission, perm:\n\tmessage"));
+                          ".error.adding.Permission.perm.message"));
                     Object[] source = {pe.permission,
                                        e.toString()};
                     System.err.println(form.format(source));
@@ -915,7 +915,7 @@ public class PolicyFile extends java.security.Policy {
         } catch (Exception e) {
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
                                          (POLICY
-                                         + ": error adding Entry:\n\tmessage"));
+                                         + ".error.adding.Entry.message"));
             Object[] source = {e.toString()};
             System.err.println(form.format(source));
         }
@@ -1950,7 +1950,7 @@ public class PolicyFile extends java.security.Policy {
                 if (colonIndex == -1) {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                        ("alias name not provided (pe.name)"));
+                        ("alias.name.not.provided.pe.name."));
                     Object[] source = {pe.name};
                     throw new Exception(form.format(source));
                 }
@@ -1958,7 +1958,7 @@ public class PolicyFile extends java.security.Policy {
                 if ((suffix = getDN(suffix, keystore)) == null) {
                     MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                        ("unable to perform substitution on alias, suffix"));
+                        ("unable.to.perform.substitution.on.alias.suffix"));
                     Object[] source = {value.substring(colonIndex+1)};
                     throw new Exception(form.format(source));
                 }
@@ -1968,7 +1968,7 @@ public class PolicyFile extends java.security.Policy {
             } else {
                 MessageFormat form = new MessageFormat
                         (ResourcesMgr.getString
-                        ("substitution value, prefix, unsupported"));
+                        ("substitution.value.prefix.unsupported"));
                 Object[] source = {prefix};
                 throw new Exception(form.format(source));
             }
@@ -2127,18 +2127,18 @@ public class PolicyFile extends java.security.Policy {
 
         @Override public String toString(){
             StringBuilder sb = new StringBuilder();
-            sb.append(ResourcesMgr.getString("("));
+            sb.append(ResourcesMgr.getString("LPARAM"));
             sb.append(getCodeSource());
             sb.append("\n");
             for (int j = 0; j < permissions.size(); j++) {
                 Permission p = permissions.get(j);
-                sb.append(ResourcesMgr.getString(" "));
+                sb.append(ResourcesMgr.getString("SPACE"));
-                sb.append(ResourcesMgr.getString(" "));
+                sb.append(ResourcesMgr.getString("SPACE"));
                 sb.append(p);
-                sb.append(ResourcesMgr.getString("\n"));
+                sb.append(ResourcesMgr.getString("NEWLINE"));
             }
-            sb.append(ResourcesMgr.getString(")"));
+            sb.append(ResourcesMgr.getString("RPARAM"));
-            sb.append(ResourcesMgr.getString("\n"));
+            sb.append(ResourcesMgr.getString("NEWLINE"));
             return sb.toString();
         }
     }
@@ -2195,7 +2195,7 @@ public class PolicyFile extends java.security.Policy {
             super(type);
             if (type == null) {
                 throw new NullPointerException
-                    (ResourcesMgr.getString("type can't be null"));
+                    (ResourcesMgr.getString("type.can.t.be.null"));
             }
             this.type = type;
             this.name = name;

jdk/src/share/classes/sun/security/provider/PolicyParser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -219,8 +219,7 @@ public class PolicyParser {
 
         if (keyStoreUrlString == null && storePassURL != null) {
             throw new ParsingException(ResourcesMgr.getString
-                ("keystorePasswordURL can not be specified without also " +
+                ("keystorePasswordURL.can.not.be.specified.without.also.specifying.keystore"));
-                "specifying keystore"));
         }
     }
 
@@ -357,7 +356,7 @@ public class PolicyParser {
             keyStoreType = match("quoted string");
         } else {
             throw new ParsingException(st.lineno(),
-                        ResourcesMgr.getString("expected keystore type"));
+                        ResourcesMgr.getString("expected.keystore.type"));
         }
 
         // parse keystore provider
@@ -370,7 +369,7 @@ public class PolicyParser {
             keyStoreProvider = match("quoted string");
         } else {
             throw new ParsingException(st.lineno(),
-                        ResourcesMgr.getString("expected keystore provider"));
+                        ResourcesMgr.getString("expected.keystore.provider"));
         }
     }
 
@@ -421,7 +420,7 @@ public class PolicyParser {
                     throw new ParsingException(
                             st.lineno(),
                             ResourcesMgr.getString
-                                ("multiple Codebase expressions"));
+                                ("multiple.Codebase.expressions"));
                 e.codeBase = match("quoted string");
                 peekAndMatch(",");
             } else if (peekAndMatch("SignedBy")) {
@@ -429,7 +428,7 @@ public class PolicyParser {
                     throw new ParsingException(
                             st.lineno(),
                             ResourcesMgr.getString(
-                                "multiple SignedBy expressions"));
+                                "multiple.SignedBy.expressions"));
                 e.signedBy = match("quoted string");
 
                 // verify syntax of the aliases
@@ -448,7 +447,7 @@ public class PolicyParser {
                     throw new ParsingException(
                             st.lineno(),
                             ResourcesMgr.getString(
-                                "SignedBy has empty alias"));
+                                "SignedBy.has.empty.alias"));
 
                 peekAndMatch(",");
             } else if (peekAndMatch("Principal")) {
@@ -491,8 +490,7 @@ public class PolicyParser {
                         throw new ParsingException
                                 (st.lineno(),
                                  ResourcesMgr.getString
-                                    ("can not specify Principal with a " +
+                                    ("can.not.specify.Principal.with.a.wildcard.class.without.a.wildcard.name"));
-                                     "wildcard class without a wildcard name"));
                     }
                 }
 
@@ -529,8 +527,7 @@ public class PolicyParser {
             } else {
                 throw new ParsingException(st.lineno(),
                                   ResourcesMgr.getString(
-                                      "expected codeBase or SignedBy or " +
+                                      "expected.codeBase.or.SignedBy.or.Principal"));
-                                      "Principal"));
             }
         }
 
@@ -554,7 +551,7 @@ public class PolicyParser {
                 throw new
                     ParsingException(st.lineno(),
                                      ResourcesMgr.getString(
-                                        "expected permission entry"));
+                                        "expected.permission.entry"));
             }
         }
         match("}");
@@ -727,12 +724,12 @@ public class PolicyParser {
         switch (lookahead) {
         case StreamTokenizer.TT_NUMBER:
             throw new ParsingException(st.lineno(), expect,
-                                       ResourcesMgr.getString("number ") +
+                                       ResourcesMgr.getString("number.") +
                                        String.valueOf(st.nval));
         case StreamTokenizer.TT_EOF:
             MessageFormat form = new MessageFormat(
                     ResourcesMgr.getString
-                            ("expected [expect], read [end of file]"));
+                            ("expected.expect.read.end.of.file."));
             Object[] source = {expect};
             throw new ParsingException(form.format(source));
         case StreamTokenizer.TT_WORD:
@@ -809,11 +806,11 @@ public class PolicyParser {
             switch (lookahead) {
             case StreamTokenizer.TT_NUMBER:
                 throw new ParsingException(st.lineno(), ";",
-                                          ResourcesMgr.getString("number ") +
+                                          ResourcesMgr.getString("number.") +
                                           String.valueOf(st.nval));
             case StreamTokenizer.TT_EOF:
                 throw new ParsingException(ResourcesMgr.getString
-                        ("expected [;], read [end of file]"));
+                        ("expected.read.end.of.file."));
             default:
                 lookahead = st.nextToken();
             }
@@ -973,7 +970,7 @@ public class PolicyParser {
         public PrincipalEntry(String principalClass, String principalName) {
             if (principalClass == null || principalName == null)
                 throw new NullPointerException(ResourcesMgr.getString(
-                                  "null principalClass or principalName"));
+                                  "null.principalClass.or.principalName"));
             this.principalClass = principalClass;
             this.principalName = principalName;
         }
@@ -1199,7 +1196,7 @@ public class PolicyParser {
         public ParsingException(int line, String msg) {
             super("line " + line + ": " + msg);
             MessageFormat form = new MessageFormat
-                (ResourcesMgr.getString("line number: msg"));
+                (ResourcesMgr.getString("line.number.msg"));
             Object[] source = {new Integer(line), msg};
             i18nMessage = form.format(source);
         }
@@ -1208,7 +1205,7 @@ public class PolicyParser {
             super("line " + line + ": expected [" + expect +
                 "], found [" + actual + "]");
             MessageFormat form = new MessageFormat(ResourcesMgr.getString
-                ("line number: expected [expect], found [actual]"));
+                ("line.number.expected.expect.found.actual."));
             Object[] source = {new Integer(line), expect, actual};
             i18nMessage = form.format(source);
         }

jdk/src/share/classes/sun/security/tools/JarSigner.java

@@ -205,7 +205,7 @@ public class JarSigner {
 
                     if (!(obj instanceof Provider)) {
                         MessageFormat form = new MessageFormat(rb.getString
-                            ("provName not a provider"));
+                            ("provName.not.a.provider"));
                         Object[] source = {provName};
                         throw new Exception(form.format(source));
                     }
@@ -218,7 +218,7 @@ public class JarSigner {
                     loadKeyStore(keystore, false);
                 } catch (Exception e) {
                     if ((keystore != null) || (storepass != null)) {
-                        System.out.println(rb.getString("jarsigner error: ") +
+                        System.out.println(rb.getString("jarsigner.error.") +
                                         e.getMessage());
                         System.exit(1);
                     }
@@ -264,7 +264,7 @@ public class JarSigner {
                 signJar(jarfile, alias, args);
             }
         } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner error: ") + e);
+            System.out.println(rb.getString("jarsigner.error.") + e);
             if (debug) {
                 e.printStackTrace();
             }
@@ -420,7 +420,7 @@ public class JarSigner {
                     }
                 } else {
                     System.err.println(
-                            rb.getString("Illegal option: ") + flags);
+                            rb.getString("Illegal.option.") + flags);
                     usage();
                 }
             }
@@ -430,15 +430,15 @@ public class JarSigner {
         if (verbose == null) showcerts = false;
 
         if (jarfile == null) {
-            System.err.println(rb.getString("Please specify jarfile name"));
+            System.err.println(rb.getString("Please.specify.jarfile.name"));
             usage();
         }
         if (!verify && alias == null) {
-            System.err.println(rb.getString("Please specify alias name"));
+            System.err.println(rb.getString("Please.specify.alias.name"));
             usage();
         }
         if (!verify && ckaliases.size() > 1) {
-            System.err.println(rb.getString("Only one alias can be specified"));
+            System.err.println(rb.getString("Only.one.alias.can.be.specified"));
             usage();
         }
 
@@ -471,30 +471,27 @@ public class JarSigner {
 
         if (token && !nullStream) {
             System.err.println(MessageFormat.format(rb.getString
-                ("-keystore must be NONE if -storetype is {0}"), storetype));
+                (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype));
             usage();
         }
 
         if (token && keypass != null) {
             System.err.println(MessageFormat.format(rb.getString
-                ("-keypass can not be specified " +
+                (".keypass.can.not.be.specified.if.storetype.is.{0}"), storetype));
-                "if -storetype is {0}"), storetype));
             usage();
         }
 
         if (protectedPath) {
             if (storepass != null || keypass != null) {
                 System.err.println(rb.getString
-                        ("If -protected is specified, " +
+                        ("If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified"));
-                        "then -storepass and -keypass must not be specified"));
                 usage();
             }
         }
         if (KeyStoreUtil.isWindowsKeyStore(storetype)) {
             if (storepass != null || keypass != null) {
                 System.err.println(rb.getString
-                        ("If keystore is not password protected, " +
+                        ("If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified"));
-                        "then -storepass and -keypass must not be specified"));
                 usage();
             }
         }
@@ -508,94 +505,94 @@ public class JarSigner {
     }
 
     static void usageNoArg() {
-        System.out.println(rb.getString("Option lacks argument"));
+        System.out.println(rb.getString("Option.lacks.argument"));
         usage();
     }
 
     static void usage() {
         System.out.println();
-        System.out.println(rb.getString("Please type jarsigner -help for usage"));
+        System.out.println(rb.getString("Please.type.jarsigner.help.for.usage"));
         System.exit(1);
     }
 
     static void fullusage() {
         System.out.println(rb.getString
-                ("Usage: jarsigner [options] jar-file alias"));
+                ("Usage.jarsigner.options.jar.file.alias"));
         System.out.println(rb.getString
-                ("       jarsigner -verify [options] jar-file [alias...]"));
+                (".jarsigner.verify.options.jar.file.alias."));
         System.out.println();
         System.out.println(rb.getString
-                ("[-keystore <url>]           keystore location"));
+                (".keystore.url.keystore.location"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-storepass <password>]     password for keystore integrity"));
+                (".storepass.password.password.for.keystore.integrity"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-storetype <type>]         keystore type"));
+                (".storetype.type.keystore.type"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-keypass <password>]       password for private key (if different)"));
+                (".keypass.password.password.for.private.key.if.different."));
         System.out.println();
         System.out.println(rb.getString
-                ("[-certchain <file>]         name of alternative certchain file"));
+                (".certchain.file.name.of.alternative.certchain.file"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-sigfile <file>]           name of .SF/.DSA file"));
+                (".sigfile.file.name.of.SF.DSA.file"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-signedjar <file>]         name of signed JAR file"));
+                (".signedjar.file.name.of.signed.JAR.file"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-digestalg <algorithm>]    name of digest algorithm"));
+                (".digestalg.algorithm.name.of.digest.algorithm"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-sigalg <algorithm>]       name of signature algorithm"));
+                (".sigalg.algorithm.name.of.signature.algorithm"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-crl[:auto| <file>]        include CRL in signed jar"));
+                (".crl.auto.file.include.CRL.in.signed.jar"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-verify]                   verify a signed JAR file"));
+                (".verify.verify.a.signed.JAR.file"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-verbose[:suboptions]]     verbose output when signing/verifying."));
+                (".verbose.suboptions.verbose.output.when.signing.verifying."));
         System.out.println(rb.getString
-                ("                            suboptions can be all, grouped or summary"));
+                (".suboptions.can.be.all.grouped.or.summary"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-certs]                    display certificates when verbose and verifying"));
+                (".certs.display.certificates.when.verbose.and.verifying"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-tsa <url>]                location of the Timestamping Authority"));
+                (".tsa.url.location.of.the.Timestamping.Authority"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-tsacert <alias>]          public key certificate for Timestamping Authority"));
+                (".tsacert.alias.public.key.certificate.for.Timestamping.Authority"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-altsigner <class>]        class name of an alternative signing mechanism"));
+                (".altsigner.class.class.name.of.an.alternative.signing.mechanism"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-altsignerpath <pathlist>] location of an alternative signing mechanism"));
+                (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-internalsf]               include the .SF file inside the signature block"));
+                (".internalsf.include.the.SF.file.inside.the.signature.block"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-sectionsonly]             don't compute hash of entire manifest"));
+                (".sectionsonly.don.t.compute.hash.of.entire.manifest"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-protected]                keystore has protected authentication path"));
+                (".protected.keystore.has.protected.authentication.path"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-providerName <name>]      provider name"));
+                (".providerName.name.provider.name"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-providerClass <class>     name of cryptographic service provider's"));
+                (".providerClass.class.name.of.cryptographic.service.provider.s"));
         System.out.println(rb.getString
-                ("  [-providerArg <arg>]] ... master class file and constructor argument"));
+                (".providerArg.arg.master.class.file.and.constructor.argument"));
         System.out.println();
         System.out.println(rb.getString
-                ("[-strict]                   treat warnings as errors"));
+                (".strict.treat.warnings.as.errors"));
         System.out.println();
 
         System.exit(0);
@@ -644,7 +641,7 @@ public class JarSigner {
                 Enumeration<JarEntry> e = entriesVec.elements();
 
                 long now = System.currentTimeMillis();
-                String tab = rb.getString("      ");
+                String tab = rb.getString("6SPACE");
 
                 while (e.hasMoreElements()) {
                     JarEntry je = e.nextElement();
@@ -672,12 +669,12 @@ public class JarSigner {
                              (man.getAttributes("./"+name) != null) ||
                              (man.getAttributes("/"+name) != null));
                         sb.append(
-                          (isSigned ? rb.getString("s") : rb.getString(" ")) +
+                          (isSigned ? rb.getString("s") : rb.getString("SPACE")) +
-                          (inManifest ? rb.getString("m") : rb.getString(" ")) +
+                          (inManifest ? rb.getString("m") : rb.getString("SPACE")) +
-                          (inStore ? rb.getString("k") : rb.getString(" ")) +
+                          (inStore ? rb.getString("k") : rb.getString("SPACE")) +
-                          (inScope ? rb.getString("i") : rb.getString(" ")) +
+                          (inScope ? rb.getString("i") : rb.getString("SPACE")) +
                           ((inStoreOrScope & NOT_ALIAS) != 0 ?"X":" ") +
-                          rb.getString(" "));
+                          rb.getString("SPACE"));
                         sb.append("|");
                     }
 
@@ -701,7 +698,7 @@ public class JarSigner {
                                         if (crl instanceof X509CRLImpl) {
                                             sb.append(tab).append("[");
                                             sb.append(String.format(
-                                                    rb.getString("with a CRL including %d entries"),
+                                                    rb.getString("with.a.CRL.including.d.entries"),
                                                     ((X509CRLImpl)crl).getRevokedCertificates().size()))
                                                 .append("]\n");
                                         }
@@ -714,10 +711,10 @@ public class JarSigner {
                         // to be consistent with old behavior.
                         if (signatureRelated(name)) {
                             sb.append("\n" + tab + rb.getString(
-                                    "(Signature related entries)") + "\n\n");
+                                    ".Signature.related.entries.") + "\n\n");
                         } else {
                             sb.append("\n" + tab + rb.getString(
-                                    "(Unsigned entries)") + "\n\n");
+                                    ".Unsigned.entries.") + "\n\n");
                         }
                     }
 
@@ -773,7 +770,7 @@ public class JarSigner {
                             if (files.size() > 1) {
                                 System.out.println(files.get(0) + " " +
                                         String.format(rb.getString(
-                                        "(and %d more)"), files.size()-1));
+                                        ".and.d.more."), files.size()-1));
                             } else {
                                 System.out.println(files.get(0));
                             }
@@ -783,89 +780,89 @@ public class JarSigner {
                 }
                 System.out.println();
                 System.out.println(rb.getString(
-                    "  s = signature was verified "));
+                    ".s.signature.was.verified."));
                 System.out.println(rb.getString(
-                    "  m = entry is listed in manifest"));
+                    ".m.entry.is.listed.in.manifest"));
                 System.out.println(rb.getString(
-                    "  k = at least one certificate was found in keystore"));
+                    ".k.at.least.one.certificate.was.found.in.keystore"));
                 System.out.println(rb.getString(
-                    "  i = at least one certificate was found in identity scope"));
+                    ".i.at.least.one.certificate.was.found.in.identity.scope"));
                 if (ckaliases.size() > 0) {
-                    System.out.println((
+                    System.out.println(rb.getString(
-                        "  X = not signed by specified alias(es)"));
+                        ".X.not.signed.by.specified.alias.es."));
                 }
                 System.out.println();
             }
             if (man == null)
-                System.out.println(rb.getString("no manifest."));
+                System.out.println(rb.getString("no.manifest."));
 
             if (!anySigned) {
                 System.out.println(rb.getString(
-                      "jar is unsigned. (signatures missing or not parsable)"));
+                      "jar.is.unsigned.signatures.missing.or.not.parsable."));
             } else {
-                System.out.println(rb.getString("jar verified."));
+                System.out.println(rb.getString("jar.verified."));
                 if (hasUnsignedEntry || hasExpiredCert || hasExpiringCert ||
                     badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
                     notYetValidCert || chainNotValidated ||
                     aliasNotInStore || notSignedByAlias) {
 
                     System.out.println();
-                    System.out.println(rb.getString("Warning: "));
+                    System.out.println(rb.getString("Warning."));
                     if (badKeyUsage) {
                         System.out.println(
-                            rb.getString("This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."));
+                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
                     }
 
                     if (badExtendedKeyUsage) {
                         System.out.println(
-                            rb.getString("This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."));
+                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
                     }
 
                     if (badNetscapeCertType) {
                         System.out.println(
-                            rb.getString("This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."));
+                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
                     }
 
                     if (hasUnsignedEntry) {
                         System.out.println(rb.getString(
-                            "This jar contains unsigned entries which have not been integrity-checked. "));
+                            "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
                     }
                     if (hasExpiredCert) {
                         System.out.println(rb.getString(
-                            "This jar contains entries whose signer certificate has expired. "));
+                            "This.jar.contains.entries.whose.signer.certificate.has.expired."));
                     }
                     if (hasExpiringCert) {
                         System.out.println(rb.getString(
-                            "This jar contains entries whose signer certificate will expire within six months. "));
+                            "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
                     }
                     if (notYetValidCert) {
                         System.out.println(rb.getString(
-                            "This jar contains entries whose signer certificate is not yet valid. "));
+                            "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
                     }
 
                     if (chainNotValidated) {
                         System.out.println(
-                                rb.getString("This jar contains entries whose certificate chain is not validated."));
+                                rb.getString("This.jar.contains.entries.whose.certificate.chain.is.not.validated."));
                     }
 
                     if (notSignedByAlias) {
                         System.out.println(
-                                rb.getString("This jar contains signed entries which is not signed by the specified alias(es)."));
+                                rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
                     }
 
                     if (aliasNotInStore) {
-                        System.out.println(rb.getString("This jar contains signed entries that's not signed by alias in this keystore."));
+                        System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
                     }
                     if (! (verbose != null && showcerts)) {
                         System.out.println();
                         System.out.println(rb.getString(
-                            "Re-run with the -verbose and -certs options for more details."));
+                            "Re.run.with.the.verbose.and.certs.options.for.more.details."));
                     }
                 }
             }
             return;
         } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner: ") + e);
+            System.out.println(rb.getString("jarsigner.") + e);
             if (debug) {
                 e.printStackTrace();
             }
@@ -895,13 +892,13 @@ public class JarSigner {
         long now) {
 
         StringBuilder certStr = new StringBuilder();
-        String space = rb.getString(" ");
+        String space = rb.getString("SPACE");
         X509Certificate x509Cert = null;
 
         if (c instanceof X509Certificate) {
             x509Cert = (X509Certificate) c;
             certStr.append(tab).append(x509Cert.getType())
-                .append(rb.getString(", "))
+                .append(rb.getString("COMMA"))
                 .append(x509Cert.getSubjectDN().getName());
         } else {
             certStr.append(tab).append(c.getType());
@@ -927,7 +924,7 @@ public class JarSigner {
 
                     if (expiringTimeForm == null) {
                         expiringTimeForm = new MessageFormat(
-                            rb.getString("certificate will expire on"));
+                            rb.getString("certificate.will.expire.on"));
                     }
                     Object[] source = { notAfter };
                     certStr.append(expiringTimeForm.format(source));
@@ -935,7 +932,7 @@ public class JarSigner {
                 } else {
                     if (validityTimeForm == null) {
                         validityTimeForm = new MessageFormat(
-                            rb.getString("certificate is valid from"));
+                            rb.getString("certificate.is.valid.from"));
                     }
                     Object[] source = { x509Cert.getNotBefore(), notAfter };
                     certStr.append(validityTimeForm.format(source));
@@ -945,7 +942,7 @@ public class JarSigner {
 
                 if (expiredTimeForm == null) {
                     expiredTimeForm = new MessageFormat(
-                        rb.getString("certificate expired on"));
+                        rb.getString("certificate.expired.on"));
                 }
                 Object[] source = { notAfter };
                 certStr.append(expiredTimeForm.format(source));
@@ -955,7 +952,7 @@ public class JarSigner {
 
                 if (notYetTimeForm == null) {
                     notYetTimeForm = new MessageFormat(
-                        rb.getString("certificate is not valid until"));
+                        rb.getString("certificate.is.not.valid.until"));
                 }
                 Object[] source = { x509Cert.getNotBefore() };
                 certStr.append(notYetTimeForm.format(source));
@@ -979,7 +976,7 @@ public class JarSigner {
                 }
                 certStr.append("\n").append(tab)
                         .append(MessageFormat.format(rb.getString(
-                        "[{0} extension does not support code signing]"), x));
+                        ".{0}.extension.does.not.support.code.signing."), x));
             }
         }
         return certStr.toString();
@@ -991,7 +988,7 @@ public class JarSigner {
 
         if (signTimeForm == null) {
             signTimeForm =
-                new MessageFormat(rb.getString("entry was signed on"));
+                new MessageFormat(rb.getString("entry.was.signed.on"));
         }
         Object[] source = { timestamp.getTimestamp() };
 
@@ -1093,7 +1090,7 @@ public class JarSigner {
                 } else {
                  throw new
                    RuntimeException(rb.getString
-                        ("signature filename must consist of the following characters: A-Z, 0-9, _ or -"));
+                        ("signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or."));
                 }
             }
             tmpSigFile.append(c);
@@ -1112,14 +1109,14 @@ public class JarSigner {
         try {
             zipFile = new ZipFile(jarName);
         } catch (IOException ioe) {
-            error(rb.getString("unable to open jar file: ")+jarName, ioe);
+            error(rb.getString("unable.to.open.jar.file.")+jarName, ioe);
         }
 
         FileOutputStream fos = null;
         try {
             fos = new FileOutputStream(signedJarFile);
         } catch (IOException ioe) {
-            error(rb.getString("unable to create: ")+tmpJarName, ioe);
+            error(rb.getString("unable.to.create.")+tmpJarName, ioe);
         }
 
         PrintStream ps = new PrintStream(fos);
@@ -1263,10 +1260,10 @@ public class JarSigner {
             }
             if (verbose != null) {
                 if (mfCreated) {
-                    System.out.println(rb.getString("   adding: ") +
+                    System.out.println(rb.getString(".adding.") +
                                         mfFile.getName());
                 } else if (mfModified) {
-                    System.out.println(rb.getString(" updating: ") +
+                    System.out.println(rb.getString(".updating.") +
                                         mfFile.getName());
                 }
             }
@@ -1291,10 +1288,10 @@ public class JarSigner {
                         zipFile);
             } catch (SocketTimeoutException e) {
                 // Provide a helpful message when TSA is beyond a firewall
-                error(rb.getString("unable to sign jar: ") +
+                error(rb.getString("unable.to.sign.jar.") +
-                rb.getString("no response from the Timestamping Authority. ") +
+                rb.getString("no.response.from.the.Timestamping.Authority.") +
-                rb.getString("When connecting from behind a firewall then an HTTP proxy may need to be specified. ") +
+                rb.getString("When.connecting.from.behind.a.firewall.then.an.HTTP.proxy.may.need.to.be.specified.") +
-                rb.getString("Supply the following options to jarsigner: ") +
+                rb.getString("Supply.the.following.options.to.jarsigner.") +
                 "\n  -J-Dhttp.proxyHost=<hostname> " +
                 "\n  -J-Dhttp.proxyPort=<portnumber> ", e);
             }
@@ -1314,10 +1311,10 @@ public class JarSigner {
             sf.write(zos);
             if (verbose != null) {
                 if (zipFile.getEntry(sfFilename) != null) {
-                    System.out.println(rb.getString(" updating: ") +
+                    System.out.println(rb.getString(".updating.") +
                                 sfFilename);
                 } else {
-                    System.out.println(rb.getString("   adding: ") +
+                    System.out.println(rb.getString(".adding.") +
                                 sfFilename);
                 }
             }
@@ -1325,24 +1322,24 @@ public class JarSigner {
             if (verbose != null) {
                 if (tsaUrl != null || tsaCert != null) {
                     System.out.println(
-                        rb.getString("requesting a signature timestamp"));
+                        rb.getString("requesting.a.signature.timestamp"));
                 }
                 if (tsaUrl != null) {
-                    System.out.println(rb.getString("TSA location: ") + tsaUrl);
+                    System.out.println(rb.getString("TSA.location.") + tsaUrl);
                 }
                 if (tsaCert != null) {
                     String certUrl =
                         TimestampedSigner.getTimestampingUrl(tsaCert);
                     if (certUrl != null) {
-                        System.out.println(rb.getString("TSA location: ") +
+                        System.out.println(rb.getString("TSA.location.") +
                             certUrl);
                     }
-                    System.out.println(rb.getString("TSA certificate: ") +
+                    System.out.println(rb.getString("TSA.certificate.") +
                         printCert("", tsaCert, false, 0));
                 }
                 if (signingMechanism != null) {
                     System.out.println(
-                        rb.getString("using an alternative signing mechanism"));
+                        rb.getString("using.an.alternative.signing.mechanism"));
                 }
             }
 
@@ -1351,10 +1348,10 @@ public class JarSigner {
             block.write(zos);
             if (verbose != null) {
                 if (zipFile.getEntry(bkFilename) != null) {
-                    System.out.println(rb.getString(" updating: ") +
+                    System.out.println(rb.getString(".updating.") +
                         bkFilename);
                 } else {
-                    System.out.println(rb.getString("   adding: ") +
+                    System.out.println(rb.getString(".adding.") +
                         bkFilename);
                 }
             }
@@ -1378,17 +1375,17 @@ public class JarSigner {
                 if (!ze.getName().startsWith(META_INF)) {
                     if (verbose != null) {
                         if (manifest.getAttributes(ze.getName()) != null)
-                          System.out.println(rb.getString("  signing: ") +
+                          System.out.println(rb.getString(".signing.") +
                                 ze.getName());
                         else
-                          System.out.println(rb.getString("   adding: ") +
+                          System.out.println(rb.getString(".adding.") +
                                 ze.getName());
                     }
                     writeEntry(zipFile, zos, ze);
                 }
             }
         } catch(IOException ioe) {
-            error(rb.getString("unable to sign jar: ")+ioe, ioe);
+            error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
         } finally {
             // close the resouces
             if (zipFile != null) {
@@ -1416,13 +1413,13 @@ public class JarSigner {
                             origJar.delete();
                         } else {
                             MessageFormat form = new MessageFormat(rb.getString
-                        ("attempt to rename signedJarFile to jarFile failed"));
+                        ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
                             Object[] source = {signedJarFile, jarFile};
                             error(form.format(source));
                         }
                     } else {
                         MessageFormat form = new MessageFormat(rb.getString
-                            ("attempt to rename jarFile to origJar failed"));
+                            ("attempt.to.rename.jarFile.to.origJar.failed"));
                         Object[] source = {jarFile, origJar};
                         error(form.format(source));
                     }
@@ -1434,43 +1431,43 @@ public class JarSigner {
                     || badNetscapeCertType || chainNotValidated) {
                 System.out.println();
 
-                System.out.println(rb.getString("Warning: "));
+                System.out.println(rb.getString("Warning."));
                 if (badKeyUsage) {
                     System.out.println(
-                        rb.getString("The signer certificate's KeyUsage extension doesn't allow code signing."));
+                        rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
                 }
 
                 if (badExtendedKeyUsage) {
                     System.out.println(
-                        rb.getString("The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."));
+                        rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
                 }
 
                 if (badNetscapeCertType) {
                     System.out.println(
-                        rb.getString("The signer certificate's NetscapeCertType extension doesn't allow code signing."));
+                        rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
                 }
 
                 if (hasExpiredCert) {
                     System.out.println(
-                        rb.getString("The signer certificate has expired."));
+                        rb.getString("The.signer.certificate.has.expired."));
                 } else if (hasExpiringCert) {
                     System.out.println(
-                        rb.getString("The signer certificate will expire within six months."));
+                        rb.getString("The.signer.certificate.will.expire.within.six.months."));
                 } else if (notYetValidCert) {
                     System.out.println(
-                        rb.getString("The signer certificate is not yet valid."));
+                        rb.getString("The.signer.certificate.is.not.yet.valid."));
                 }
 
                 if (chainNotValidated) {
                     System.out.println(
-                            rb.getString("The signer's certificate chain is not validated."));
+                            rb.getString("The.signer.s.certificate.chain.is.not.validated."));
                 }
             }
 
         // no IOException thrown in the above try clause, so disable
         // the catch clause.
         // } catch(IOException ioe) {
-        //     error(rb.getString("unable to sign jar: ")+ioe, ioe);
+        //     error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
         // }
     }
 
@@ -1557,7 +1554,7 @@ public class JarSigner {
             validator.validate(cp, pkixParameters);
         } catch (Exception e) {
             chainNotValidated = true;
-            s.append(tab + rb.getString("[CertPath not validated: ") +
+            s.append(tab + rb.getString(".CertPath.not.validated.") +
                     e.getLocalizedMessage() + "]\n");   // TODO
         }
         String result = s.toString();
@@ -1624,10 +1621,10 @@ public class JarSigner {
             if (token && storepass == null && !protectedPath
                     && !KeyStoreUtil.isWindowsKeyStore(storetype)) {
                 storepass = getPass
-                        (rb.getString("Enter Passphrase for keystore: "));
+                        (rb.getString("Enter.Passphrase.for.keystore."));
             } else if (!token && storepass == null && prompt) {
                 storepass = getPass
-                        (rb.getString("Enter Passphrase for keystore: "));
+                        (rb.getString("Enter.Passphrase.for.keystore."));
             }
 
             if (nullStream) {
@@ -1694,20 +1691,20 @@ public class JarSigner {
                 // Only if tas is empty
             }
         } catch (IOException ioe) {
-            throw new RuntimeException(rb.getString("keystore load: ") +
+            throw new RuntimeException(rb.getString("keystore.load.") +
                                         ioe.getMessage());
         } catch (java.security.cert.CertificateException ce) {
-            throw new RuntimeException(rb.getString("certificate exception: ") +
+            throw new RuntimeException(rb.getString("certificate.exception.") +
                                         ce.getMessage());
         } catch (NoSuchProviderException pe) {
-            throw new RuntimeException(rb.getString("keystore load: ") +
+            throw new RuntimeException(rb.getString("keystore.load.") +
                                         pe.getMessage());
         } catch (NoSuchAlgorithmException nsae) {
-            throw new RuntimeException(rb.getString("keystore load: ") +
+            throw new RuntimeException(rb.getString("keystore.load.") +
                                         nsae.getMessage());
         } catch (KeyStoreException kse) {
             throw new RuntimeException
-                (rb.getString("unable to instantiate keystore class: ") +
+                (rb.getString("unable.to.instantiate.keystore.class.") +
                 kse.getMessage());
         }
     }
@@ -1723,7 +1720,7 @@ public class JarSigner {
         }
         if (cs == null || (!(cs instanceof X509Certificate))) {
             MessageFormat form = new MessageFormat(rb.getString
-                ("Certificate not found for: alias.  alias must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."));
+                ("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the"));
             Object[] source = {alias, alias};
             error(form.format(source));
         }
@@ -1816,9 +1813,9 @@ public class JarSigner {
                             generateCertificates(new FileInputStream(altCertChain)).
                             toArray(new Certificate[0]);
                 } catch (CertificateException ex) {
-                    error(rb.getString("Cannot restore certchain from file specified"));
+                    error(rb.getString("Cannot.restore.certchain.from.file.specified"));
                 } catch (FileNotFoundException ex) {
-                    error(rb.getString("File specified by -certchain does not exist"));
+                    error(rb.getString("File.specified.by.certchain.does.not.exist"));
                 }
             } else {
                 try {
@@ -1830,12 +1827,10 @@ public class JarSigner {
             if (cs == null || cs.length == 0) {
                 if (altCertChain != null) {
                     error(rb.getString
-                            ("Certificate chain not found in the file specified."));
+                            ("Certificate.chain.not.found.in.the.file.specified."));
                 } else {
                     MessageFormat form = new MessageFormat(rb.getString
-                        ("Certificate chain not found for: alias.  alias must" +
+                        ("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and"));
-                        " reference a valid KeyStore key entry containing a" +
-                        " private key and corresponding public key certificate chain."));
                     Object[] source = {alias, alias};
                     error(form.format(source));
                 }
@@ -1845,7 +1840,7 @@ public class JarSigner {
             for (int i=0; i<cs.length; i++) {
                 if (!(cs[i] instanceof X509Certificate)) {
                     error(rb.getString
-                        ("found non-X.509 certificate in signer's chain"));
+                        ("found.non.X.509.certificate.in.signer.s.chain"));
                 }
                 certChain[i] = (X509Certificate)cs[i];
             }
@@ -1872,7 +1867,7 @@ public class JarSigner {
                 } else if (keypass == null) {
                     // Did not work out, so prompt user for key password
                     MessageFormat form = new MessageFormat(rb.getString
-                        ("Enter key password for alias: "));
+                        ("Enter.key.password.for.alias."));
                     Object[] source = {alias};
                     keypass = getPass(form.format(source));
                     key = store.getKey(alias, keypass);
@@ -1881,14 +1876,14 @@ public class JarSigner {
         } catch (NoSuchAlgorithmException e) {
             error(e.getMessage());
         } catch (UnrecoverableKeyException e) {
-            error(rb.getString("unable to recover key from keystore"));
+            error(rb.getString("unable.to.recover.key.from.keystore"));
         } catch (KeyStoreException kse) {
             // this never happens, because keystore has been loaded
         }
 
         if (!(key instanceof PrivateKey)) {
             MessageFormat form = new MessageFormat(rb.getString
-                ("key associated with alias not a private key"));
+                ("key.associated.with.alias.not.a.private.key"));
             Object[] source = {alias};
             error(form.format(source));
         } else {
@@ -1898,14 +1893,14 @@ public class JarSigner {
 
     void error(String message)
     {
-        System.out.println(rb.getString("jarsigner: ")+message);
+        System.out.println(rb.getString("jarsigner.")+message);
         System.exit(1);
     }
 
 
     void error(String message, Exception e)
     {
-        System.out.println(rb.getString("jarsigner: ")+message);
+        System.out.println(rb.getString("jarsigner.")+message);
         if (debug) {
             e.printStackTrace();
         }
@@ -1920,12 +1915,12 @@ public class JarSigner {
             char[] pass = Password.readPassword(System.in);
 
             if (pass == null) {
-                error(rb.getString("you must enter key password"));
+                error(rb.getString("you.must.enter.key.password"));
             } else {
                 return pass;
             }
         } catch (IOException ioe) {
-            error(rb.getString("unable to read password: ")+ioe.getMessage());
+            error(rb.getString("unable.to.read.password.")+ioe.getMessage());
         }
         // this shouldn't happen
         return null;
@@ -2113,7 +2108,7 @@ public class JarSigner {
         Object signer = signerClass.newInstance();
         if (!(signer instanceof ContentSigner)) {
             MessageFormat form = new MessageFormat(
-                rb.getString("signerClass is not a signing mechanism"));
+                rb.getString("signerClass.is.not.a.signing.mechanism"));
             Object[] source = {signerClass.getName()};
             throw new IllegalArgumentException(form.format(source));
         }

jdk/src/share/classes/sun/security/tools/JarSignerResources.java

@@ -35,201 +35,201 @@ public class JarSignerResources extends java.util.ListResourceBundle {
     private static final Object[][] contents = {
 
         // shared (from jarsigner)
-        {" ", " "},
+        {"SPACE", " "},
-        {"  ", "  "},
+        {"2SPACE", "  "},
-        {"      ", "      "},
+        {"6SPACE", "      "},
-        {", ", ", "},
+        {"COMMA", ", "},
 
-        {"provName not a provider", "{0} not a provider"},
+        {"provName.not.a.provider", "{0} not a provider"},
-        {"signerClass is not a signing mechanism", "{0} is not a signing mechanism"},
+        {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"},
-        {"jarsigner error: ", "jarsigner error: "},
+        {"jarsigner.error.", "jarsigner error: "},
-        {"Illegal option: ", "Illegal option: "},
+        {"Illegal.option.", "Illegal option: "},
-        {"-keystore must be NONE if -storetype is {0}",
+        {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-keystore must be NONE if -storetype is {0}"},
-        {"-keypass can not be specified if -storetype is {0}",
+        {".keypass.can.not.be.specified.if.storetype.is.{0}",
                 "-keypass can not be specified if -storetype is {0}"},
-        {"If -protected is specified, then -storepass and -keypass must not be specified",
+        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
                 "If -protected is specified, then -storepass and -keypass must not be specified"},
-        {"If keystore is not password protected, then -storepass and -keypass must not be specified",
+        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
                  "If keystore is not password protected, then -storepass and -keypass must not be specified"},
-        {"Usage: jarsigner [options] jar-file alias",
+        {"Usage.jarsigner.options.jar.file.alias",
                 "Usage: jarsigner [options] jar-file alias"},
-        {"       jarsigner -verify [options] jar-file [alias...]",
+        {".jarsigner.verify.options.jar.file.alias.",
                 "       jarsigner -verify [options] jar-file [alias...]"},
-        {"[-keystore <url>]           keystore location",
+        {".keystore.url.keystore.location",
                 "[-keystore <url>]           keystore location"},
-        {"[-storepass <password>]     password for keystore integrity",
+        {".storepass.password.password.for.keystore.integrity",
             "[-storepass <password>]     password for keystore integrity"},
-        {"[-storetype <type>]         keystore type",
+        {".storetype.type.keystore.type",
                 "[-storetype <type>]         keystore type"},
-        {"[-keypass <password>]       password for private key (if different)",
+        {".keypass.password.password.for.private.key.if.different.",
                 "[-keypass <password>]       password for private key (if different)"},
-        {"[-certchain <file>]         name of alternative certchain file",
+        {".certchain.file.name.of.alternative.certchain.file",
                 "[-certchain <file>]         name of alternative certchain file"},
-        {"[-sigfile <file>]           name of .SF/.DSA file",
+        {".sigfile.file.name.of.SF.DSA.file",
                 "[-sigfile <file>]           name of .SF/.DSA file"},
-        {"[-signedjar <file>]         name of signed JAR file",
+        {".signedjar.file.name.of.signed.JAR.file",
                 "[-signedjar <file>]         name of signed JAR file"},
-        {"[-digestalg <algorithm>]    name of digest algorithm",
+        {".digestalg.algorithm.name.of.digest.algorithm",
                 "[-digestalg <algorithm>]    name of digest algorithm"},
-        {"[-sigalg <algorithm>]       name of signature algorithm",
+        {".sigalg.algorithm.name.of.signature.algorithm",
                 "[-sigalg <algorithm>]       name of signature algorithm"},
-        {"[-crl[:auto| <file>]        include CRL in signed jar",
+        {".crl.auto.file.include.CRL.in.signed.jar",
                 "[-crl[:auto| <file>]        include CRL in signed jar"},
-        {"[-verify]                   verify a signed JAR file",
+        {".verify.verify.a.signed.JAR.file",
                 "[-verify]                   verify a signed JAR file"},
-        {"[-verbose[:suboptions]]     verbose output when signing/verifying.",
+        {".verbose.suboptions.verbose.output.when.signing.verifying.",
                 "[-verbose[:suboptions]]     verbose output when signing/verifying."},
-        {"                            suboptions can be all, grouped or summary",
+        {".suboptions.can.be.all.grouped.or.summary",
                 "                            suboptions can be all, grouped or summary"},
-        {"[-certs]                    display certificates when verbose and verifying",
+        {".certs.display.certificates.when.verbose.and.verifying",
                 "[-certs]                    display certificates when verbose and verifying"},
-        {"[-tsa <url>]                location of the Timestamping Authority",
+        {".tsa.url.location.of.the.Timestamping.Authority",
                 "[-tsa <url>]                location of the Timestamping Authority"},
-        {"[-tsacert <alias>]          public key certificate for Timestamping Authority",
+        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
                 "[-tsacert <alias>]          public key certificate for Timestamping Authority"},
-        {"[-altsigner <class>]        class name of an alternative signing mechanism",
+        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
                 "[-altsigner <class>]        class name of an alternative signing mechanism"},
-        {"[-altsignerpath <pathlist>] location of an alternative signing mechanism",
+        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
                 "[-altsignerpath <pathlist>] location of an alternative signing mechanism"},
-        {"[-internalsf]               include the .SF file inside the signature block",
+        {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               include the .SF file inside the signature block"},
-        {"[-sectionsonly]             don't compute hash of entire manifest",
+        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
                 "[-sectionsonly]             don't compute hash of entire manifest"},
-        {"[-protected]                keystore has protected authentication path",
+        {".protected.keystore.has.protected.authentication.path",
                 "[-protected]                keystore has protected authentication path"},
-        {"[-providerName <name>]      provider name",
+        {".providerName.name.provider.name",
                 "[-providerName <name>]      provider name"},
-        {"[-providerClass <class>     name of cryptographic service provider's",
+        {".providerClass.class.name.of.cryptographic.service.provider.s",
                 "[-providerClass <class>     name of cryptographic service provider's"},
-        {"  [-providerArg <arg>]] ... master class file and constructor argument",
+        {".providerArg.arg.master.class.file.and.constructor.argument",
                 "  [-providerArg <arg>]] ... master class file and constructor argument"},
-        {"[-strict]                   treat warnings as errors",
+        {".strict.treat.warnings.as.errors",
                 "[-strict]                   treat warnings as errors"},
-        {"Option lacks argument", "Option lacks argument"},
+        {"Option.lacks.argument", "Option lacks argument"},
-        {"Please type jarsigner -help for usage", "Please type jarsigner -help for usage"},
+        {"Please.type.jarsigner.help.for.usage", "Please type jarsigner -help for usage"},
-        {"Please specify jarfile name", "Please specify jarfile name"},
+        {"Please.specify.jarfile.name", "Please specify jarfile name"},
-        {"Please specify alias name", "Please specify alias name"},
+        {"Please.specify.alias.name", "Please specify alias name"},
-        {"Only one alias can be specified", "Only one alias can be specified"},
+        {"Only.one.alias.can.be.specified", "Only one alias can be specified"},
-        {"This jar contains signed entries which is not signed by the specified alias(es).",
+        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
                  "This jar contains signed entries which is not signed by the specified alias(es)."},
-        {"This jar contains signed entries that's not signed by alias in this keystore.",
+        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
                   "This jar contains signed entries that's not signed by alias in this keystore."},
         {"s", "s"},
         {"m", "m"},
         {"k", "k"},
         {"i", "i"},
-        {"(and %d more)", "(and %d more)"},
+        {".and.d.more.", "(and %d more)"},
-        {"  s = signature was verified ",
+        {".s.signature.was.verified.",
                 "  s = signature was verified "},
-        {"  m = entry is listed in manifest",
+        {".m.entry.is.listed.in.manifest",
                 "  m = entry is listed in manifest"},
-        {"  k = at least one certificate was found in keystore",
+        {".k.at.least.one.certificate.was.found.in.keystore",
                 "  k = at least one certificate was found in keystore"},
-        {"  i = at least one certificate was found in identity scope",
+        {".i.at.least.one.certificate.was.found.in.identity.scope",
                 "  i = at least one certificate was found in identity scope"},
-        {"  X = not signed by specified alias(es)",
+        {".X.not.signed.by.specified.alias.es.",
                 "  X = not signed by specified alias(es)"},
-        {"no manifest.", "no manifest."},
+        {"no.manifest.", "no manifest."},
-        {"(Signature related entries)","(Signature related entries)"},
+        {".Signature.related.entries.","(Signature related entries)"},
-        {"(Unsigned entries)", "(Unsigned entries)"},
+        {".Unsigned.entries.", "(Unsigned entries)"},
-        {"jar is unsigned. (signatures missing or not parsable)",
+        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
                 "jar is unsigned. (signatures missing or not parsable)"},
-        {"jar verified.", "jar verified."},
+        {"jar.verified.", "jar verified."},
-        {"jarsigner: ", "jarsigner: "},
+        {"jarsigner.", "jarsigner: "},
-        {"signature filename must consist of the following characters: A-Z, 0-9, _ or -",
+        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
                 "signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
-        {"unable to open jar file: ", "unable to open jar file: "},
+        {"unable.to.open.jar.file.", "unable to open jar file: "},
-        {"unable to create: ", "unable to create: "},
+        {"unable.to.create.", "unable to create: "},
-        {"   adding: ", "   adding: "},
+        {".adding.", "   adding: "},
-        {" updating: ", " updating: "},
+        {".updating.", " updating: "},
-        {"  signing: ", "  signing: "},
+        {".signing.", "  signing: "},
-        {"attempt to rename signedJarFile to jarFile failed",
+        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
                 "attempt to rename {0} to {1} failed"},
-        {"attempt to rename jarFile to origJar failed",
+        {"attempt.to.rename.jarFile.to.origJar.failed",
                 "attempt to rename {0} to {1} failed"},
-        {"unable to sign jar: ", "unable to sign jar: "},
+        {"unable.to.sign.jar.", "unable to sign jar: "},
-        {"Enter Passphrase for keystore: ", "Enter Passphrase for keystore: "},
+        {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "},
-        {"keystore load: ", "keystore load: "},
+        {"keystore.load.", "keystore load: "},
-        {"certificate exception: ", "certificate exception: "},
+        {"certificate.exception.", "certificate exception: "},
-        {"unable to instantiate keystore class: ",
+        {"unable.to.instantiate.keystore.class.",
                 "unable to instantiate keystore class: "},
-        {"Certificate chain not found for: alias.  alias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.",
+        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
                 "Certificate chain not found for: {0}.  {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."},
-        {"File specified by -certchain does not exist",
+        {"File.specified.by.certchain.does.not.exist",
                 "File specified by -certchain does not exist"},
-        {"Cannot restore certchain from file specified",
+        {"Cannot.restore.certchain.from.file.specified",
                 "Cannot restore certchain from file specified"},
-        {"Certificate chain not found in the file specified.",
+        {"Certificate.chain.not.found.in.the.file.specified.",
                 "Certificate chain not found in the file specified."},
-        {"found non-X.509 certificate in signer's chain",
+        {"found.non.X.509.certificate.in.signer.s.chain",
                 "found non-X.509 certificate in signer's chain"},
-        {"incomplete certificate chain", "incomplete certificate chain"},
+        {"incomplete.certificate.chain", "incomplete certificate chain"},
-        {"Enter key password for alias: ", "Enter key password for {0}: "},
+        {"Enter.key.password.for.alias.", "Enter key password for {0}: "},
-        {"unable to recover key from keystore",
+        {"unable.to.recover.key.from.keystore",
                 "unable to recover key from keystore"},
-        {"key associated with alias not a private key",
+        {"key.associated.with.alias.not.a.private.key",
                 "key associated with {0} not a private key"},
-        {"you must enter key password", "you must enter key password"},
+        {"you.must.enter.key.password", "you must enter key password"},
-        {"unable to read password: ", "unable to read password: "},
+        {"unable.to.read.password.", "unable to read password: "},
-        {"certificate is valid from", "certificate is valid from {0} to {1}"},
+        {"certificate.is.valid.from", "certificate is valid from {0} to {1}"},
-        {"certificate expired on", "certificate expired on {0}"},
+        {"certificate.expired.on", "certificate expired on {0}"},
-        {"certificate is not valid until",
+        {"certificate.is.not.valid.until",
                 "certificate is not valid until {0}"},
-        {"certificate will expire on", "certificate will expire on {0}"},
+        {"certificate.will.expire.on", "certificate will expire on {0}"},
-        {"[CertPath not validated: ", "[CertPath not validated: "},
+        {".CertPath.not.validated.", "[CertPath not validated: "},
-        {"requesting a signature timestamp",
+        {"requesting.a.signature.timestamp",
                 "requesting a signature timestamp"},
-        {"TSA location: ", "TSA location: "},
+        {"TSA.location.", "TSA location: "},
-        {"TSA certificate: ", "TSA certificate: "},
+        {"TSA.certificate.", "TSA certificate: "},
-        {"no response from the Timestamping Authority. ",
+        {"no.response.from.the.Timestamping.Authority.",
                 "no response from the Timestamping Authority. "},
-        {"When connecting from behind a firewall then an HTTP proxy may need to be specified. ",
+        {"When.connecting.from.behind.a.firewall.then.an.HTTP.proxy.may.need.to.be.specified.",
                 "When connecting from behind a firewall then an HTTP proxy may need to be specified. "},
-        {"Supply the following options to jarsigner: ",
+        {"Supply.the.following.options.to.jarsigner.",
                 "Supply the following options to jarsigner: "},
-        {"Certificate not found for: alias.  alias must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority.",
+        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
                 "Certificate not found for: {0}.  {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."},
-        {"using an alternative signing mechanism",
+        {"using.an.alternative.signing.mechanism",
                 "using an alternative signing mechanism"},
-        {"entry was signed on", "entry was signed on {0}"},
+        {"entry.was.signed.on", "entry was signed on {0}"},
-        {"with a CRL including %d entries", "with a CRL including %d entries"},
+        {"with.a.CRL.including.d.entries", "with a CRL including %d entries"},
-        {"Warning: ", "Warning: "},
+        {"Warning.", "Warning: "},
-        {"This jar contains unsigned entries which have not been integrity-checked. ",
+        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
                 "This jar contains unsigned entries which have not been integrity-checked. "},
-        {"This jar contains entries whose signer certificate has expired. ",
+        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
                 "This jar contains entries whose signer certificate has expired. "},
-        {"This jar contains entries whose signer certificate will expire within six months. ",
+        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
                 "This jar contains entries whose signer certificate will expire within six months. "},
-        {"This jar contains entries whose signer certificate is not yet valid. ",
+        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
                 "This jar contains entries whose signer certificate is not yet valid. "},
-        {"Re-run with the -verbose option for more details.",
+        {"Re.run.with.the.verbose.option.for.more.details.",
                 "Re-run with the -verbose option for more details."},
-        {"Re-run with the -verbose and -certs options for more details.",
+        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
                 "Re-run with the -verbose and -certs options for more details."},
-        {"The signer certificate has expired.",
+        {"The.signer.certificate.has.expired.",
                 "The signer certificate has expired."},
-        {"The signer certificate will expire within six months.",
+        {"The.signer.certificate.will.expire.within.six.months.",
                 "The signer certificate will expire within six months."},
-        {"The signer certificate is not yet valid.",
+        {"The.signer.certificate.is.not.yet.valid.",
                 "The signer certificate is not yet valid."},
-        {"The signer certificate's KeyUsage extension doesn't allow code signing.",
+        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
                  "The signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"The signer certificate's ExtendedKeyUsage extension doesn't allow code signing.",
+        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
                  "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"The signer certificate's NetscapeCertType extension doesn't allow code signing.",
+        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
                  "The signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {"This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.",
+        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
                  "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.",
+        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
                  "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.",
+        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
                  "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {"[{0} extension does not support code signing]",
+        {".{0}.extension.does.not.support.code.signing.",
                  "[{0} extension does not support code signing]"},
-        {"The signer's certificate chain is not validated.",
+        {"The.signer.s.certificate.chain.is.not.validated.",
                 "The signer's certificate chain is not validated."},
-        {"This jar contains entries whose certificate chain is not validated.",
+        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
                  "This jar contains entries whose certificate chain is not validated."},
     };
 

jdk/src/share/classes/sun/security/tools/policytool/PolicyTool.java

@@ -228,9 +228,7 @@ public class PolicyTool {
                     if (pubKey == null) {
                         newWarning = true;
                         MessageFormat form = new MessageFormat(rb.getString
-                            ("Warning: A public key for alias " +
+                            ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                            "'signers[i]' does not exist.  " +
-                            "Make sure a KeyStore is properly configured."));
                         Object[] source = {signers[i]};
                         warnings.addElement(form.format(source));
                     }
@@ -248,7 +246,7 @@ public class PolicyTool {
                 } catch (ClassNotFoundException fnfe) {
                     newWarning = true;
                     MessageFormat form = new MessageFormat(rb.getString
-                                ("Warning: Class not found: class"));
+                                ("Warning.Class.not.found.class"));
                     Object[] source = {pe.getPrincipalClass()};
                     warnings.addElement(form.format(source));
                 }
@@ -264,13 +262,13 @@ public class PolicyTool {
                 } catch (ClassNotFoundException fnfe) {
                     newWarning = true;
                     MessageFormat form = new MessageFormat(rb.getString
-                                ("Warning: Class not found: class"));
+                                ("Warning.Class.not.found.class"));
                     Object[] source = {pe.permission};
                     warnings.addElement(form.format(source));
                 } catch (InvocationTargetException ite) {
                     newWarning = true;
                     MessageFormat form = new MessageFormat(rb.getString
-                        ("Warning: Invalid argument(s) for constructor: arg"));
+                        ("Warning.Invalid.argument.s.for.constructor.arg"));
                     Object[] source = {pe.permission};
                     warnings.addElement(form.format(source));
                 }
@@ -285,9 +283,7 @@ public class PolicyTool {
                         if (pubKey == null) {
                             newWarning = true;
                             MessageFormat form = new MessageFormat(rb.getString
-                                ("Warning: A public key for alias " +
+                                ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                                "'signers[i]' does not exist.  " +
-                               "Make sure a KeyStore is properly configured."));
                             Object[] source = {signers[i]};
                             warnings.addElement(form.format(source));
                         }
@@ -615,7 +611,7 @@ public class PolicyTool {
                 Thread.currentThread().getContextClassLoader());
         if (!PRIN.isAssignableFrom(pc)) {
             MessageFormat form = new MessageFormat(rb.getString
-                        ("Illegal Principal Type: type"));
+                        ("Illegal.Principal.Type.type"));
             Object[] source = {type};
             throw new InstantiationException(form.format(source));
         }
@@ -691,7 +687,7 @@ public class PolicyTool {
                 policyFileName = args[n];
             } else {
                 MessageFormat form = new MessageFormat(rb.getString
-                                ("Illegal option: option"));
+                                ("Illegal.option.option"));
                 Object[] source = { flags };
                 System.err.println(form.format(source));
                 usage();
@@ -700,10 +696,10 @@ public class PolicyTool {
     }
 
     static void usage() {
-        System.out.println(rb.getString("Usage: policytool [options]"));
+        System.out.println(rb.getString("Usage.policytool.options."));
         System.out.println();
         System.out.println(rb.getString
-                ("  [-file <file>]    policy file location"));
+                (".file.file.policy.file.location"));
         System.out.println();
 
         System.exit(1);
@@ -903,23 +899,23 @@ class ToolWindow extends Frame {
     public static final String SAVE_POLICY_FILE         =
                         PolicyTool.rb.getString("Save");
     public static final String SAVE_AS_POLICY_FILE      =
-                        PolicyTool.rb.getString("Save As");
+                        PolicyTool.rb.getString("Save.As");
     public static final String VIEW_WARNINGS            =
-                        PolicyTool.rb.getString("View Warning Log");
+                        PolicyTool.rb.getString("View.Warning.Log");
     public static final String QUIT                     =
                         PolicyTool.rb.getString("Exit");
     public static final String ADD_POLICY_ENTRY         =
-                        PolicyTool.rb.getString("Add Policy Entry");
+                        PolicyTool.rb.getString("Add.Policy.Entry");
     public static final String EDIT_POLICY_ENTRY        =
-                        PolicyTool.rb.getString("Edit Policy Entry");
+                        PolicyTool.rb.getString("Edit.Policy.Entry");
     public static final String REMOVE_POLICY_ENTRY      =
-                        PolicyTool.rb.getString("Remove Policy Entry");
+                        PolicyTool.rb.getString("Remove.Policy.Entry");
     public static final String EDIT_KEYSTORE            =
                         PolicyTool.rb.getString("Edit");
     public static final String ADD_PUBKEY_ALIAS         =
-                        PolicyTool.rb.getString("Add Public Key Alias");
+                        PolicyTool.rb.getString("Add.Public.Key.Alias");
     public static final String REMOVE_PUBKEY_ALIAS      =
-                        PolicyTool.rb.getString("Remove Public Key Alias");
+                        PolicyTool.rb.getString("Remove.Public.Key.Alias");
 
     /* gridbag index for components in the main window (MW) */
     public static final int MW_FILENAME_LABEL           = 0;
@@ -968,13 +964,13 @@ class ToolWindow extends Frame {
 
 
         // policy entry listing
-        Label label = new Label(PolicyTool.rb.getString("Policy File:"));
+        Label label = new Label(PolicyTool.rb.getString("Policy.File."));
         addNewComponent(this, label, MW_FILENAME_LABEL,
                         0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                         TOP_BOTTOM_PADDING);
         TextField tf = new TextField(50);
         tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Policy File:"));
+                PolicyTool.rb.getString("Policy.File."));
         tf.setEditable(false);
         addNewComponent(this, tf, MW_FILENAME_TEXTFIELD,
                         1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
@@ -1056,7 +1052,7 @@ class ToolWindow extends Frame {
 
             // display the error
             MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                ("Could not open policy file: policyFile: e.toString()"));
+                ("Could.not.open.policy.file.policyFile.e.toString."));
             Object[] source = {policyFile, e.toString()};
             displayErrorDialog(null, form.format(source));
         }
@@ -1133,7 +1129,7 @@ class ToolWindow extends Frame {
      */
     void displayToolWindow(String args[]) {
 
-        setTitle(PolicyTool.rb.getString("Policy Tool"));
+        setTitle(PolicyTool.rb.getString("Policy.Tool"));
         setResizable(true);
         addWindowListener(new ToolWindowListener(this));
         setBounds(135, 80, 500, 500);
@@ -1146,9 +1142,7 @@ class ToolWindow extends Frame {
 
         if (tool.newWarning == true) {
             displayStatusDialog(this, PolicyTool.rb.getString
-                ("Errors have occurred while opening the " +
+                ("Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information."));
-                "policy configuration.  View the Warning Log " +
-                "for more information."));
         }
     }
 
@@ -1231,7 +1225,7 @@ class ToolWindow extends Frame {
         ta.setEditable(false);
         for (int i = 0; i < tool.warnings.size(); i++) {
             ta.append(tool.warnings.elementAt(i));
-            ta.append(PolicyTool.rb.getString("\n"));
+            ta.append(PolicyTool.rb.getString("NEWLINE"));
         }
         addNewComponent(wd, ta, 0,
                         0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
@@ -1332,22 +1326,22 @@ class ToolDialog extends Dialog {
     /* popup menus */
     public static final String PERM             =
         PolicyTool.rb.getString
-        ("Permission:                                                       ");
+        ("Permission.");
 
     public static final String PRIN_TYPE        =
-        PolicyTool.rb.getString("Principal Type:");
+        PolicyTool.rb.getString("Principal.Type.");
     public static final String PRIN_NAME        =
-        PolicyTool.rb.getString("Principal Name:");
+        PolicyTool.rb.getString("Principal.Name.");
 
     /* more popu menus */
     public static final String PERM_NAME        =
         PolicyTool.rb.getString
-        ("Target Name:                                                    ");
+        ("Target.Name.");
 
     /* and more popup menus */
     public static final String PERM_ACTIONS             =
       PolicyTool.rb.getString
-      ("Actions:                                                             ");
+      ("Actions.");
 
     /* gridbag index for display OverWriteFile (OW) components */
     public static final int OW_LABEL                    = 0;
@@ -1540,7 +1534,7 @@ class ToolDialog extends Dialog {
 
         // ask the user if they want to over write the existing file
         MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                ("OK to overwrite existing file filename?"));
+                ("OK.to.overwrite.existing.file.filename."));
         Object[] source = {filename};
         Label label = new Label(form.format(source));
         tw.addNewComponent(this, label, OW_LABEL,
@@ -1584,12 +1578,12 @@ class ToolDialog extends Dialog {
         PolicyEntry entries[] = null;
         TaggedList prinList = new TaggedList(3, false);
         prinList.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Principal List"));
+                PolicyTool.rb.getString("Principal.List"));
         prinList.addActionListener
                 (new EditPrinButtonListener(tool, tw, this, edit));
         TaggedList permList = new TaggedList(10, false);
         permList.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Permission List"));
+                PolicyTool.rb.getString("Permission.List"));
         permList.addActionListener
                 (new EditPermButtonListener(tool, tw, this, edit));
 
@@ -1627,7 +1621,7 @@ class ToolDialog extends Dialog {
         }
 
         // codebase label and textfield
-        Label label = new Label(PolicyTool.rb.getString("CodeBase:"));
+        Label label = new Label(PolicyTool.rb.getString("CodeBase."));
         tw.addNewComponent(this, label, PE_CODEBASE_LABEL,
                 0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
         TextField tf;
@@ -1635,19 +1629,19 @@ class ToolDialog extends Dialog {
                 new TextField(entries[listIndex].getGrantEntry().codeBase, 60) :
                 new TextField(60));
         tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Code Base"));
+                PolicyTool.rb.getString("Code.Base"));
         tw.addNewComponent(this, tf, PE_CODEBASE_TEXTFIELD,
                 1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
 
         // signedby label and textfield
-        label = new Label(PolicyTool.rb.getString("SignedBy:"));
+        label = new Label(PolicyTool.rb.getString("SignedBy."));
         tw.addNewComponent(this, label, PE_SIGNEDBY_LABEL,
                            0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
         tf = (edit ?
                 new TextField(entries[listIndex].getGrantEntry().signedBy, 60) :
                 new TextField(60));
         tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Signed By:"));
+                PolicyTool.rb.getString("Signed.By."));
         tw.addNewComponent(this, tf, PE_SIGNEDBY_TEXTFIELD,
                            1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
 
@@ -1655,19 +1649,19 @@ class ToolDialog extends Dialog {
         Panel panel = new Panel();
         panel.setLayout(new GridBagLayout());
 
-        Button button = new Button(PolicyTool.rb.getString("Add Principal"));
+        Button button = new Button(PolicyTool.rb.getString("Add.Principal"));
         button.addActionListener
                 (new AddPrinButtonListener(tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_ADD_PRIN_BUTTON,
                 0, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
 
-        button = new Button(PolicyTool.rb.getString("Edit Principal"));
+        button = new Button(PolicyTool.rb.getString("Edit.Principal"));
         button.addActionListener(new EditPrinButtonListener
                                                 (tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_EDIT_PRIN_BUTTON,
                 1, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
 
-        button = new Button(PolicyTool.rb.getString("Remove Principal"));
+        button = new Button(PolicyTool.rb.getString("Remove.Principal"));
         button.addActionListener(new RemovePrinButtonListener
                                         (tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_REMOVE_PRIN_BUTTON,
@@ -1677,7 +1671,7 @@ class ToolDialog extends Dialog {
                 1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.HORIZONTAL);
 
         // principal label and list
-        label = new Label(PolicyTool.rb.getString("Principals:"));
+        label = new Label(PolicyTool.rb.getString("Principals."));
         tw.addNewComponent(this, label, PE_PRIN_LABEL,
                            0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.BOTTOM_PADDING);
@@ -1689,20 +1683,20 @@ class ToolDialog extends Dialog {
         panel = new Panel();
         panel.setLayout(new GridBagLayout());
 
-        button = new Button(PolicyTool.rb.getString("  Add Permission"));
+        button = new Button(PolicyTool.rb.getString(".Add.Permission"));
         button.addActionListener(new AddPermButtonListener
                                                 (tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_ADD_PERM_BUTTON,
                 0, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
 
-        button = new Button(PolicyTool.rb.getString("  Edit Permission"));
+        button = new Button(PolicyTool.rb.getString(".Edit.Permission"));
         button.addActionListener(new EditPermButtonListener
                                                 (tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_EDIT_PERM_BUTTON,
                 1, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
 
 
-        button = new Button(PolicyTool.rb.getString("Remove Permission"));
+        button = new Button(PolicyTool.rb.getString("Remove.Permission"));
         button.addActionListener(new RemovePermButtonListener
                                         (tool, tw, this, edit));
         tw.addNewComponent(panel, button, PE_REMOVE_PERM_BUTTON,
@@ -1808,7 +1802,7 @@ class ToolDialog extends Dialog {
 
             // KeyStore label and textfield
             Label label = new Label
-                        (PolicyTool.rb.getString("KeyStore URL:"));
+                        (PolicyTool.rb.getString("KeyStore.URL."));
             tw.addNewComponent(this, label, KSD_NAME_LABEL,
                                0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
@@ -1816,45 +1810,45 @@ class ToolDialog extends Dialog {
 
             // URL to U R L, so that accessibility reader will pronounce well
             tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("KeyStore U R L:"));
+                PolicyTool.rb.getString("KeyStore.U.R.L."));
             tw.addNewComponent(this, tf, KSD_NAME_TEXTFIELD,
                                1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
 
             // KeyStore type and textfield
-            label = new Label(PolicyTool.rb.getString("KeyStore Type:"));
+            label = new Label(PolicyTool.rb.getString("KeyStore.Type."));
             tw.addNewComponent(this, label, KSD_TYPE_LABEL,
                                0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
             tf = new TextField(tool.getKeyStoreType(), 30);
             tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("KeyStore Type:"));
+                PolicyTool.rb.getString("KeyStore.Type."));
             tw.addNewComponent(this, tf, KSD_TYPE_TEXTFIELD,
                                1, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
 
             // KeyStore provider and textfield
             label = new Label(PolicyTool.rb.getString
-                                ("KeyStore Provider:"));
+                                ("KeyStore.Provider."));
             tw.addNewComponent(this, label, KSD_PROVIDER_LABEL,
                                0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
             tf = new TextField(tool.getKeyStoreProvider(), 30);
             tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("KeyStore Provider:"));
+                PolicyTool.rb.getString("KeyStore.Provider."));
             tw.addNewComponent(this, tf, KSD_PROVIDER_TEXTFIELD,
                                1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
 
             // KeyStore password URL and textfield
             label = new Label(PolicyTool.rb.getString
-                                ("KeyStore Password URL:"));
+                                ("KeyStore.Password.URL."));
             tw.addNewComponent(this, label, KSD_PWD_URL_LABEL,
                                0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
             tf = new TextField(tool.getKeyStorePwdURL(), 30);
             tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("KeyStore Password U R L:"));
+                PolicyTool.rb.getString("KeyStore.Password.U.R.L."));
             tw.addNewComponent(this, tf, KSD_PWD_URL_TEXTFIELD,
                                1, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.BOTTOM_PADDING);
@@ -1909,8 +1903,8 @@ class ToolDialog extends Dialog {
 
         // description label
         Label label = (edit ?
-                new Label(PolicyTool.rb.getString("  Edit Principal:")) :
+                new Label(PolicyTool.rb.getString(".Edit.Principal.")) :
-                new Label(PolicyTool.rb.getString("  Add New Principal:")));
+                new Label(PolicyTool.rb.getString(".Add.New.Principal.")));
         tw.addNewComponent(newTD, label, PRD_DESC_LABEL,
                            0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.TOP_BOTTOM_PADDING);
@@ -2016,8 +2010,8 @@ class ToolDialog extends Dialog {
 
         // description label
         Label label = (edit ?
-                new Label(PolicyTool.rb.getString("  Edit Permission:")) :
+                new Label(PolicyTool.rb.getString(".Edit.Permission.")) :
-                new Label(PolicyTool.rb.getString("  Add New Permission:")));
+                new Label(PolicyTool.rb.getString(".Add.New.Permission.")));
         tw.addNewComponent(newTD, label, PD_DESC_LABEL,
                            0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.TOP_BOTTOM_PADDING);
@@ -2084,13 +2078,13 @@ class ToolDialog extends Dialog {
                            tw.LR_PADDING);
 
         // signedby label and textfield
-        label = new Label(PolicyTool.rb.getString("Signed By:"));
+        label = new Label(PolicyTool.rb.getString("Signed.By."));
         tw.addNewComponent(newTD, label, PD_SIGNEDBY_LABEL,
                            0, 4, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.LR_PADDING);
         tf = (edit ? new TextField(editMe.signedBy, 40) : new TextField(40));
         tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.rb.getString("Signed By:"));
+                PolicyTool.rb.getString("Signed.By."));
         tw.addNewComponent(newTD, tf, PD_SIGNEDBY_TEXTFIELD,
                            1, 4, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.LR_PADDING);
@@ -2135,12 +2129,10 @@ class ToolDialog extends Dialog {
         if ((pclass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS)) &&
             (!pname.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME))) {
             throw new Exception
-                        (PolicyTool.rb.getString("Cannot Specify Principal " +
+                        (PolicyTool.rb.getString("Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name"));
-                        "with a Wildcard Class without a Wildcard Name"));
         } else if (pname.equals("")) {
             throw new Exception
-                        (PolicyTool.rb.getString("Cannot Specify Principal " +
+                        (PolicyTool.rb.getString("Cannot.Specify.Principal.without.a.Name"));
-                        "without a Name"));
         } else if (pclass.equals("")) {
             // make this consistent with what PolicyParser does
             // when it sees an empty principal class
@@ -2188,7 +2180,7 @@ class ToolDialog extends Dialog {
         if (permission.equals("") ||
             (!permission.equals(ALL_PERM_CLASS) && name == null)) {
             throw new InvalidParameterException(PolicyTool.rb.getString
-                ("Permission and Target Name must have a value"));
+                ("Permission.and.Target.Name.must.have.a.value"));
         }
 
         // When the permission is FilePermission, we need to check the name
@@ -2205,12 +2197,7 @@ class ToolDialog extends Dialog {
             char result = tw.displayYesNoDialog(this,
                     PolicyTool.rb.getString("Warning"),
                     PolicyTool.rb.getString(
-                        "Warning: File name may include escaped backslash characters. " +
+                        "Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes"),
-                        "It is not necessary to escape backslash characters " +
-                        "(the tool escapes characters as necessary when writing " +
-                        "the policy contents to the persistent store).\n\n" +
-                        "Click on Retain to retain the entered name, or click on " +
-                        "Edit to edit the name."),
                     PolicyTool.rb.getString("Retain"),
                     PolicyTool.rb.getString("Edit")
                     );
@@ -2244,9 +2231,7 @@ class ToolDialog extends Dialog {
                     if (pubKey == null) {
                         MessageFormat form = new MessageFormat
                             (PolicyTool.rb.getString
-                            ("Warning: A public key for alias " +
+                            ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                            "'signers[i]' does not exist.  " +
-                            "Make sure a KeyStore is properly configured."));
                         Object[] source = {signers[i]};
                         tool.warnings.addElement(form.format(source));
                         tw.displayStatusDialog(this, form.format(source));
@@ -2276,7 +2261,7 @@ class ToolDialog extends Dialog {
 
         // ask the user do they really want to do this?
         Label label = new Label
-                (PolicyTool.rb.getString("Remove this Policy Entry?"));
+                (PolicyTool.rb.getString("Remove.this.Policy.Entry."));
         tw.addNewComponent(this, label, CRPE_LABEL1,
                            0, 0, 2, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                            tw.BOTTOM_PADDING);
@@ -2340,7 +2325,7 @@ class ToolDialog extends Dialog {
 
         // pop up a dialog box for the user to enter a filename.
         FileDialog fd = new FileDialog
-                (tw, PolicyTool.rb.getString("Save As"), FileDialog.SAVE);
+                (tw, PolicyTool.rb.getString("Save.As"), FileDialog.SAVE);
         fd.addWindowListener(new WindowAdapter() {
             public void windowClosing(WindowEvent e) {
                 e.getWindow().setVisible(false);
@@ -2362,7 +2347,7 @@ class ToolDialog extends Dialog {
         if (saveAsFile.exists()) {
             // display a dialog box for the user to enter policy info
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Overwrite File"), tool, tw, true);
+                (PolicyTool.rb.getString("Overwrite.File"), tool, tw, true);
             td.displayOverWriteFileDialog(filename, nextEvent);
         } else {
             try {
@@ -2371,7 +2356,7 @@ class ToolDialog extends Dialog {
 
                 // display status
                 MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                        ("Policy successfully written to filename"));
+                        ("Policy.successfully.written.to.filename"));
                 Object[] source = {filename};
                 tw.displayStatusDialog(null, form.format(source));
 
@@ -2388,7 +2373,7 @@ class ToolDialog extends Dialog {
             } catch (FileNotFoundException fnfe) {
                 if (filename == null || filename.equals("")) {
                     tw.displayErrorDialog(null, new FileNotFoundException
-                                (PolicyTool.rb.getString("null filename")));
+                                (PolicyTool.rb.getString("null.filename")));
                 } else {
                     tw.displayErrorDialog(null, fnfe);
                 }
@@ -2411,7 +2396,7 @@ class ToolDialog extends Dialog {
             setLayout(new GridBagLayout());
 
             Label label = new Label
-                (PolicyTool.rb.getString("Save changes?"));
+                (PolicyTool.rb.getString("Save.changes."));
             tw.addNewComponent(this, label, USC_LABEL,
                                0, 0, 3, 1, 0.0, 0.0, GridBagConstraints.BOTH,
                                tw.L_TOP_BOTTOM_PADDING);
@@ -2535,9 +2520,7 @@ class ToolDialog extends Dialog {
                 // inform user of warnings
                 if (tool.newWarning == true) {
                     tw.displayStatusDialog(null, PolicyTool.rb.getString
-                        ("Errors have occurred while opening the " +
+                        ("Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information."));
-                        "policy configuration.  View the Warning Log " +
-                        "for more information."));
                 }
 
             } catch (Exception e) {
@@ -2556,7 +2539,7 @@ class ToolDialog extends Dialog {
 
                 // display the error
                 MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                    ("Could not open policy file: policyFile: e.toString()"));
+                    ("Could.not.open.policy.file.policyFile.e.toString."));
                 Object[] source = {policyFile, e.toString()};
                 tw.displayErrorDialog(null, form.format(source));
             }
@@ -2708,7 +2691,7 @@ class PolicyListListener implements ActionListener {
 
         // display the permission list for a policy entry
         ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Policy Entry"), tool, tw, true);
+                (PolicyTool.rb.getString("Policy.Entry"), tool, tw, true);
         td.displayPolicyEntryDialog(true);
     }
 }
@@ -2732,7 +2715,7 @@ class FileMenuListener implements ActionListener {
 
             // ask user if they want to save changes
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Save Changes"), tool, tw, true);
+                (PolicyTool.rb.getString("Save.Changes"), tool, tw, true);
             td.displayUserSave(td.QUIT);
 
             // the above method will perform the QUIT as long as the
@@ -2743,7 +2726,7 @@ class FileMenuListener implements ActionListener {
 
             // ask user if they want to save changes
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Save Changes"), tool, tw, true);
+                (PolicyTool.rb.getString("Save.Changes"), tool, tw, true);
             td.displayUserSave(td.NEW);
 
             // the above method will perform the NEW as long as the
@@ -2754,7 +2737,7 @@ class FileMenuListener implements ActionListener {
 
             // ask user if they want to save changes
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Save Changes"), tool, tw, true);
+                (PolicyTool.rb.getString("Save.Changes"), tool, tw, true);
             td.displayUserSave(td.OPEN);
 
             // the above method will perform the OPEN as long as the
@@ -2771,7 +2754,7 @@ class FileMenuListener implements ActionListener {
             if (filename == null || filename.length() == 0) {
                 // user wants to SAVE AS
                 ToolDialog td = new ToolDialog
-                        (PolicyTool.rb.getString("Save As"), tool, tw, true);
+                        (PolicyTool.rb.getString("Save.As"), tool, tw, true);
                 td.displaySaveAsDialog(td.NOACTION);
             } else {
                 try {
@@ -2781,13 +2764,13 @@ class FileMenuListener implements ActionListener {
                     // display status
                     MessageFormat form = new MessageFormat
                         (PolicyTool.rb.getString
-                        ("Policy successfully written to filename"));
+                        ("Policy.successfully.written.to.filename"));
                     Object[] source = {filename};
                     tw.displayStatusDialog(null, form.format(source));
                 } catch (FileNotFoundException fnfe) {
                     if (filename == null || filename.equals("")) {
                         tw.displayErrorDialog(null, new FileNotFoundException
-                                (PolicyTool.rb.getString("null filename")));
+                                (PolicyTool.rb.getString("null.filename")));
                     } else {
                         tw.displayErrorDialog(null, fnfe);
                     }
@@ -2800,7 +2783,7 @@ class FileMenuListener implements ActionListener {
 
             // user wants to SAVE AS
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Save As"), tool, tw, true);
+                (PolicyTool.rb.getString("Save.As"), tool, tw, true);
             td.displaySaveAsDialog(td.NOACTION);
 
         } else if (PolicyTool.collator.compare(e.getActionCommand(),
@@ -2830,7 +2813,7 @@ class MainWindowListener implements ActionListener {
 
             // display a dialog box for the user to enter policy info
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Policy Entry"), tool, tw, true);
+                (PolicyTool.rb.getString("Policy.Entry"), tool, tw, true);
             td.displayPolicyEntryDialog(false);
 
         } else if (PolicyTool.collator.compare(e.getActionCommand(),
@@ -2841,13 +2824,13 @@ class MainWindowListener implements ActionListener {
             int index = list.getSelectedIndex();
             if (index < 0) {
                 tw.displayErrorDialog(null, new Exception
-                        (PolicyTool.rb.getString("No Policy Entry selected")));
+                        (PolicyTool.rb.getString("No.Policy.Entry.selected")));
                 return;
             }
 
             // ask the user if they really want to remove the policy entry
             ToolDialog td = new ToolDialog(PolicyTool.rb.getString
-                ("Remove Policy Entry"), tool, tw, true);
+                ("Remove.Policy.Entry"), tool, tw, true);
             td.displayConfirmRemovePolicyEntry();
 
         } else if (PolicyTool.collator.compare(e.getActionCommand(),
@@ -2858,13 +2841,13 @@ class MainWindowListener implements ActionListener {
             int index = list.getSelectedIndex();
             if (index < 0) {
                 tw.displayErrorDialog(null, new Exception
-                        (PolicyTool.rb.getString("No Policy Entry selected")));
+                        (PolicyTool.rb.getString("No.Policy.Entry.selected")));
                 return;
             }
 
             // display the permission list for a policy entry
             ToolDialog td = new ToolDialog
-                (PolicyTool.rb.getString("Policy Entry"), tool, tw, true);
+                (PolicyTool.rb.getString("Policy.Entry"), tool, tw, true);
             td.displayPolicyEntryDialog(true);
 
         } else if (PolicyTool.collator.compare(e.getActionCommand(),
@@ -2906,7 +2889,7 @@ class OverWriteFileOKButtonListener implements ActionListener {
             // display status
             MessageFormat form = new MessageFormat
                 (PolicyTool.rb.getString
-                ("Policy successfully written to filename"));
+                ("Policy.successfully.written.to.filename"));
             Object[] source = {filename};
             tw.displayStatusDialog(null, form.format(source));
 
@@ -2925,7 +2908,7 @@ class OverWriteFileOKButtonListener implements ActionListener {
         } catch (FileNotFoundException fnfe) {
             if (filename == null || filename.equals("")) {
                 tw.displayErrorDialog(null, new FileNotFoundException
-                                (PolicyTool.rb.getString("null filename")));
+                                (PolicyTool.rb.getString("null.filename")));
             } else {
                 tw.displayErrorDialog(null, fnfe);
             }
@@ -2977,9 +2960,7 @@ class AddEntryDoneButtonListener implements ActionListener {
                     if (pubKey == null) {
                         MessageFormat form = new MessageFormat
                             (PolicyTool.rb.getString
-                            ("Warning: A public key for alias " +
+                            ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                            "'signers[i]' does not exist.  " +
-                            "Make sure a KeyStore is properly configured."));
                         Object[] source = {signers[i]};
                         tool.warnings.addElement(form.format(source));
                         tw.displayStatusDialog(td, form.format(source));
@@ -3047,7 +3028,7 @@ class ChangeKeyStoreOKButtonListener implements ActionListener {
             tool.modified = true;
         } catch (Exception ex) {
             MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                ("Unable to open KeyStore: ex.toString()"));
+                ("Unable.to.open.KeyStore.ex.toString."));
             Object[] source = {ex.toString()};
             tw.displayErrorDialog(td, form.format(source));
             return;
@@ -3143,7 +3124,7 @@ class NewPolicyPrinOKButtonListener implements ActionListener {
                 } catch (ClassNotFoundException cnfe) {
                     MessageFormat form = new MessageFormat
                                 (PolicyTool.rb.getString
-                                ("Warning: Class not found: class"));
+                                ("Warning.Class.not.found.class"));
                     Object[] source = {pppe.getPrincipalClass()};
                     tool.warnings.addElement(form.format(source));
                     tw.displayStatusDialog(infoDialog, form.format(source));
@@ -3204,7 +3185,7 @@ class NewPolicyPermOKButtonListener implements ActionListener {
                 tool.verifyPermission(pppe.permission, pppe.name, pppe.action);
             } catch (ClassNotFoundException cnfe) {
                 MessageFormat form = new MessageFormat(PolicyTool.rb.getString
-                                ("Warning: Class not found: class"));
+                                ("Warning.Class.not.found.class"));
                 Object[] source = {pppe.permission};
                 tool.warnings.addElement(form.format(source));
                 tw.displayStatusDialog(infoDialog, form.format(source));
@@ -3259,7 +3240,7 @@ class RemovePrinButtonListener implements ActionListener {
 
         if (prinIndex < 0) {
             tw.displayErrorDialog(td, new Exception
-                (PolicyTool.rb.getString("No principal selected")));
+                (PolicyTool.rb.getString("No.principal.selected")));
             return;
         }
         // remove the principal from the display
@@ -3293,7 +3274,7 @@ class RemovePermButtonListener implements ActionListener {
 
         if (permIndex < 0) {
             tw.displayErrorDialog(td, new Exception
-                (PolicyTool.rb.getString("No permission selected")));
+                (PolicyTool.rb.getString("No.permission.selected")));
             return;
         }
         // remove the permission from the display
@@ -3334,7 +3315,7 @@ class EditPrinButtonListener implements ActionListener {
 
         if (prinIndex < 0) {
             tw.displayErrorDialog(td, new Exception
-                (PolicyTool.rb.getString("No principal selected")));
+                (PolicyTool.rb.getString("No.principal.selected")));
             return;
         }
         td.displayPrincipalDialog(editPolicyEntry, true);
@@ -3373,7 +3354,7 @@ class EditPermButtonListener implements ActionListener {
 
         if (permIndex < 0) {
             tw.displayErrorDialog(td, new Exception
-                (PolicyTool.rb.getString("No permission selected")));
+                (PolicyTool.rb.getString("No.permission.selected")));
             return;
         }
         td.displayPermissionDialog(editPolicyEntry, true);
@@ -3668,7 +3649,7 @@ class UserSaveYesButtonListener implements ActionListener {
                 // display status
                 MessageFormat form = new MessageFormat
                         (PolicyTool.rb.getString
-                        ("Policy successfully written to filename"));
+                        ("Policy.successfully.written.to.filename"));
                 Object[] source = {filename};
                 tw.displayStatusDialog(null, form.format(source));
 
@@ -3900,7 +3881,7 @@ class AuthPerm extends Perm {
                 "getLoginConfiguration",
                 "setLoginConfiguration",
                 "createLoginConfiguration.<" +
-                        PolicyTool.rb.getString("configuration type") + ">",
+                        PolicyTool.rb.getString("configuration.type") + ">",
                 "refreshLoginConfiguration"
                 },
         null);
@@ -4117,7 +4098,7 @@ class RuntimePerm extends Perm {
                 "setSecurityManager",
                 "createSecurityManager",
                 "getenv.<" +
-                    PolicyTool.rb.getString("environment variable name") + ">",
+                    PolicyTool.rb.getString("environment.variable.name") + ">",
                 "exitVM",
                 "shutdownHooks",
                 "setFactory",
@@ -4129,11 +4110,11 @@ class RuntimePerm extends Perm {
                 "readFileDescriptor",
                 "writeFileDescriptor",
                 "loadLibrary.<" +
-                    PolicyTool.rb.getString("library name") + ">",
+                    PolicyTool.rb.getString("library.name") + ">",
                 "accessClassInPackage.<" +
-                    PolicyTool.rb.getString("package name")+">",
+                    PolicyTool.rb.getString("package.name")+">",
                 "defineClassInPackage.<" +
-                    PolicyTool.rb.getString("package name")+">",
+                    PolicyTool.rb.getString("package.name")+">",
                 "accessDeclaredMembers",
                 "queuePrintJob",
                 "getStackTrace",
@@ -4156,15 +4137,15 @@ class SecurityPerm extends Perm {
                 "getPolicy",
                 "setPolicy",
                 "createPolicy.<" +
-                    PolicyTool.rb.getString("policy type") + ">",
+                    PolicyTool.rb.getString("policy.type") + ">",
                 "getProperty.<" +
-                    PolicyTool.rb.getString("property name") + ">",
+                    PolicyTool.rb.getString("property.name") + ">",
                 "setProperty.<" +
-                    PolicyTool.rb.getString("property name") + ">",
+                    PolicyTool.rb.getString("property.name") + ">",
                 "insertProvider.<" +
-                    PolicyTool.rb.getString("provider name") + ">",
+                    PolicyTool.rb.getString("provider.name") + ">",
                 "removeProvider.<" +
-                    PolicyTool.rb.getString("provider name") + ">",
+                    PolicyTool.rb.getString("provider.name") + ">",
                 //"setSystemScope",
                 //"setIdentityPublicKey",
                 //"setIdentityInfo",
@@ -4172,11 +4153,11 @@ class SecurityPerm extends Perm {
                 //"removeIdentityCertificate",
                 //"printIdentity",
                 "clearProviderProperties.<" +
-                    PolicyTool.rb.getString("provider name") + ">",
+                    PolicyTool.rb.getString("provider.name") + ">",
                 "putProviderProperty.<" +
-                    PolicyTool.rb.getString("provider name") + ">",
+                    PolicyTool.rb.getString("provider.name") + ">",
                 "removeProviderProperty.<" +
-                    PolicyTool.rb.getString("provider name") + ">",
+                    PolicyTool.rb.getString("provider.name") + ">",
                 //"getSignerPrivateKey",
                 //"setSignerKeyPair"
                 },

jdk/src/share/classes/sun/security/util/AuthResources.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,103 +40,103 @@ public class AuthResources extends java.util.ListResourceBundle {
     private static final Object[][] contents = {
 
         // NT principals
-        {"invalid null input: value", "invalid null input: {0}"},
+        {"invalid.null.input.value", "invalid null input: {0}"},
-        {"NTDomainPrincipal: name", "NTDomainPrincipal: {0}"},
+        {"NTDomainPrincipal.name", "NTDomainPrincipal: {0}"},
-        {"NTNumericCredential: name", "NTNumericCredential: {0}"},
+        {"NTNumericCredential.name", "NTNumericCredential: {0}"},
-        {"Invalid NTSid value", "Invalid NTSid value"},
+        {"Invalid.NTSid.value", "Invalid NTSid value"},
-        {"NTSid: name", "NTSid: {0}"},
+        {"NTSid.name", "NTSid: {0}"},
-        {"NTSidDomainPrincipal: name", "NTSidDomainPrincipal: {0}"},
+        {"NTSidDomainPrincipal.name", "NTSidDomainPrincipal: {0}"},
-        {"NTSidGroupPrincipal: name", "NTSidGroupPrincipal: {0}"},
+        {"NTSidGroupPrincipal.name", "NTSidGroupPrincipal: {0}"},
-        {"NTSidPrimaryGroupPrincipal: name", "NTSidPrimaryGroupPrincipal: {0}"},
+        {"NTSidPrimaryGroupPrincipal.name", "NTSidPrimaryGroupPrincipal: {0}"},
-        {"NTSidUserPrincipal: name", "NTSidUserPrincipal: {0}"},
+        {"NTSidUserPrincipal.name", "NTSidUserPrincipal: {0}"},
-        {"NTUserPrincipal: name", "NTUserPrincipal: {0}"},
+        {"NTUserPrincipal.name", "NTUserPrincipal: {0}"},
 
         // UnixPrincipals
-        {"UnixNumericGroupPrincipal [Primary Group]: name",
+        {"UnixNumericGroupPrincipal.Primary.Group.name",
                 "UnixNumericGroupPrincipal [Primary Group]: {0}"},
-        {"UnixNumericGroupPrincipal [Supplementary Group]: name",
+        {"UnixNumericGroupPrincipal.Supplementary.Group.name",
                 "UnixNumericGroupPrincipal [Supplementary Group]: {0}"},
-        {"UnixNumericUserPrincipal: name", "UnixNumericUserPrincipal: {0}"},
+        {"UnixNumericUserPrincipal.name", "UnixNumericUserPrincipal: {0}"},
-        {"UnixPrincipal: name", "UnixPrincipal: {0}"},
+        {"UnixPrincipal.name", "UnixPrincipal: {0}"},
 
         // com.sun.security.auth.login.ConfigFile
-        {"Unable to properly expand config", "Unable to properly expand {0}"},
+        {"Unable.to.properly.expand.config", "Unable to properly expand {0}"},
-        {"extra_config (No such file or directory)",
+        {"extra.config.No.such.file.or.directory.",
                 "{0} (No such file or directory)"},
-        {"Configuration Error:\n\tNo such file or directory",
+        {"Configuration.Error.No.such.file.or.directory",
                 "Configuration Error:\n\tNo such file or directory"},
-        {"Configuration Error:\n\tInvalid control flag, flag",
+        {"Configuration.Error.Invalid.control.flag.flag",
                 "Configuration Error:\n\tInvalid control flag, {0}"},
-        {"Configuration Error:\n\tCan not specify multiple entries for appName",
+        {"Configuration.Error.Can.not.specify.multiple.entries.for.appName",
             "Configuration Error:\n\tCan not specify multiple entries for {0}"},
-        {"Configuration Error:\n\texpected [expect], read [end of file]",
+        {"Configuration.Error.expected.expect.read.end.of.file.",
                 "Configuration Error:\n\texpected [{0}], read [end of file]"},
-        {"Configuration Error:\n\tLine line: expected [expect], found [value]",
+        {"Configuration.Error.Line.line.expected.expect.found.value.",
             "Configuration Error:\n\tLine {0}: expected [{1}], found [{2}]"},
-        {"Configuration Error:\n\tLine line: expected [expect]",
+        {"Configuration.Error.Line.line.expected.expect.",
             "Configuration Error:\n\tLine {0}: expected [{1}]"},
-        {"Configuration Error:\n\tLine line: system property [value] expanded to empty value",
+        {"Configuration.Error.Line.line.system.property.value.expanded.to.empty.value",
             "Configuration Error:\n\tLine {0}: system property [{1}] expanded to empty value"},
 
         // com.sun.security.auth.module.JndiLoginModule
-        {"username: ","username: "},
+        {"username.","username: "},
-        {"password: ","password: "},
+        {"password.","password: "},
 
         // com.sun.security.auth.module.KeyStoreLoginModule
-        {"Please enter keystore information",
+        {"Please.enter.keystore.information",
                 "Please enter keystore information"},
-        {"Keystore alias: ","Keystore alias: "},
+        {"Keystore.alias.","Keystore alias: "},
-        {"Keystore password: ","Keystore password: "},
+        {"Keystore.password.","Keystore password: "},
-        {"Private key password (optional): ",
+        {"Private.key.password.optional.",
             "Private key password (optional): "},
 
         // com.sun.security.auth.module.Krb5LoginModule
-        {"Kerberos username [[defUsername]]: ",
+        {"Kerberos.username.defUsername.",
                 "Kerberos username [{0}]: "},
-        {"Kerberos password for [username]: ",
+        {"Kerberos.password.for.username.",
                 "Kerberos password for {0}: "},
 
         /***    EVERYTHING BELOW IS DEPRECATED  ***/
 
         // com.sun.security.auth.PolicyFile
-        {": error parsing ", ": error parsing "},
+        {".error.parsing.", ": error parsing "},
-        {": ", ": "},
+        {"COLON", ": "},
-        {": error adding Permission ", ": error adding Permission "},
+        {".error.adding.Permission.", ": error adding Permission "},
-        {" ", " "},
+        {"SPACE", " "},
-        {": error adding Entry ", ": error adding Entry "},
+        {".error.adding.Entry.", ": error adding Entry "},
-        {"(", "("},
+        {"LPARAM", "("},
-        {")", ")"},
+        {"RPARAM", ")"},
-        {"attempt to add a Permission to a readonly PermissionCollection",
+        {"attempt.to.add.a.Permission.to.a.readonly.PermissionCollection",
             "attempt to add a Permission to a readonly PermissionCollection"},
 
         // com.sun.security.auth.PolicyParser
-        {"expected keystore type", "expected keystore type"},
+        {"expected.keystore.type", "expected keystore type"},
-        {"can not specify Principal with a ",
+        {"can.not.specify.Principal.with.a.",
                 "can not specify Principal with a "},
-        {"wildcard class without a wildcard name",
+        {"wildcard.class.without.a.wildcard.name",
                 "wildcard class without a wildcard name"},
-        {"expected codeBase or SignedBy", "expected codeBase or SignedBy"},
+        {"expected.codeBase.or.SignedBy", "expected codeBase or SignedBy"},
-        {"only Principal-based grant entries permitted",
+        {"only.Principal.based.grant.entries.permitted",
                 "only Principal-based grant entries permitted"},
-        {"expected permission entry", "expected permission entry"},
+        {"expected.permission.entry", "expected permission entry"},
-        {"number ", "number "},
+        {"number.", "number "},
-        {"expected ", "expected "},
+        {"expected.", "expected "},
-        {", read end of file", ", read end of file"},
+        {".read.end.of.file", ", read end of file"},
-        {"expected ';', read end of file", "expected ';', read end of file"},
+        {"expected.read.end.of.file", "expected ';', read end of file"},
-        {"line ", "line "},
+        {"line.", "line "},
-        {": expected '", ": expected '"},
+        {".expected.", ": expected '"},
-        {"', found '", "', found '"},
+        {".found.", "', found '"},
-        {"'", "'"},
+        {"QUOTE", "'"},
 
         // SolarisPrincipals
-        {"SolarisNumericGroupPrincipal [Primary Group]: ",
+        {"SolarisNumericGroupPrincipal.Primary.Group.",
                 "SolarisNumericGroupPrincipal [Primary Group]: "},
-        {"SolarisNumericGroupPrincipal [Supplementary Group]: ",
+        {"SolarisNumericGroupPrincipal.Supplementary.Group.",
                 "SolarisNumericGroupPrincipal [Supplementary Group]: "},
-        {"SolarisNumericUserPrincipal: ",
+        {"SolarisNumericUserPrincipal.",
                 "SolarisNumericUserPrincipal: "},
-        {"SolarisPrincipal: ", "SolarisPrincipal: "},
+        {"SolarisPrincipal.", "SolarisPrincipal: "},
-        {"provided null name", "provided null name"}
+        {"provided.null.name", "provided null name"}
 
     };
 

jdk/src/share/classes/sun/security/util/Resources.java

@@ -35,434 +35,428 @@ public class Resources extends java.util.ListResourceBundle {
     private static final Object[][] contents = {
 
         // shared (from jarsigner)
-        {" ", " "},
+        {"SPACE", " "},
-        {"  ", "  "},
+        {"2SPACE", "  "},
-        {"      ", "      "},
+        {"6SPACE", "      "},
-        {", ", ", "},
+        {"COMMA", ", "},
         // shared (from keytool)
-        {"\n", "\n"},
+        {"NEWLINE", "\n"},
-        {"*******************************************",
+        {"STAR",
                 "*******************************************"},
-        {"*******************************************\n\n",
+        {"STARNN",
                 "*******************************************\n\n"},
 
         // keytool: Help part
-        {" [OPTION]...", " [OPTION]..."},
+        {".OPTION.", " [OPTION]..."},
-        {"Options:", "Options:"},
+        {"Options.", "Options:"},
-        {"Use \"keytool -help\" for all available commands",
+        {"Use.keytool.help.for.all.available.commands",
                  "Use \"keytool -help\" for all available commands"},
-        {"Key and Certificate Management Tool",
+        {"Key.and.Certificate.Management.Tool",
                  "Key and Certificate Management Tool"},
-        {"Commands:", "Commands:"},
+        {"Commands.", "Commands:"},
-        {"Use \"keytool -command_name -help\" for usage of command_name",
+        {"Use.keytool.command.name.help.for.usage.of.command.name",
                 "Use \"keytool -command_name -help\" for usage of command_name"},
         // keytool: help: commands
-        {"Generates a certificate request",
+        {"Generates.a.certificate.request",
                 "Generates a certificate request"}, //-certreq
-        {"Changes an entry's alias",
+        {"Changes.an.entry.s.alias",
                 "Changes an entry's alias"}, //-changealias
-        {"Deletes an entry",
+        {"Deletes.an.entry",
                 "Deletes an entry"}, //-delete
-        {"Exports certificate",
+        {"Exports.certificate",
                 "Exports certificate"}, //-exportcert
-        {"Generates a key pair",
+        {"Generates.a.key.pair",
                 "Generates a key pair"}, //-genkeypair
-        {"Generates a secret key",
+        {"Generates.a.secret.key",
                 "Generates a secret key"}, //-genseckey
-        {"Generates certificate from a certificate request",
+        {"Generates.certificate.from.a.certificate.request",
                 "Generates certificate from a certificate request"}, //-gencert
-        {"Generates CRL", "Generates CRL"}, //-gencrl
+        {"Generates.CRL", "Generates CRL"}, //-gencrl
-        {"Imports entries from a JDK 1.1.x-style identity database",
+        {"Imports.entries.from.a.JDK.1.1.x.style.identity.database",
                 "Imports entries from a JDK 1.1.x-style identity database"}, //-identitydb
-        {"Imports a certificate or a certificate chain",
+        {"Imports.a.certificate.or.a.certificate.chain",
                 "Imports a certificate or a certificate chain"}, //-importcert
-        {"Imports one or all entries from another keystore",
+        {"Imports.one.or.all.entries.from.another.keystore",
                 "Imports one or all entries from another keystore"}, //-importkeystore
-        {"Clones a key entry",
+        {"Clones.a.key.entry",
                 "Clones a key entry"}, //-keyclone
-        {"Changes the key password of an entry",
+        {"Changes.the.key.password.of.an.entry",
                 "Changes the key password of an entry"}, //-keypasswd
-        {"Lists entries in a keystore",
+        {"Lists.entries.in.a.keystore",
                 "Lists entries in a keystore"}, //-list
-        {"Prints the content of a certificate",
+        {"Prints.the.content.of.a.certificate",
                 "Prints the content of a certificate"}, //-printcert
-        {"Prints the content of a certificate request",
+        {"Prints.the.content.of.a.certificate.request",
                 "Prints the content of a certificate request"}, //-printcertreq
-        {"Prints the content of a CRL file",
+        {"Prints.the.content.of.a.CRL.file",
                 "Prints the content of a CRL file"}, //-printcrl
-        {"Generates a self-signed certificate",
+        {"Generates.a.self.signed.certificate",
                 "Generates a self-signed certificate"}, //-selfcert
-        {"Changes the store password of a keystore",
+        {"Changes.the.store.password.of.a.keystore",
                 "Changes the store password of a keystore"}, //-storepasswd
         // keytool: help: options
-        {"alias name of the entry to process",
+        {"alias.name.of.the.entry.to.process",
                 "alias name of the entry to process"}, //-alias
-        {"destination alias",
+        {"destination.alias",
                 "destination alias"}, //-destalias
-        {"destination key password",
+        {"destination.key.password",
                 "destination key password"}, //-destkeypass
-        {"destination keystore name",
+        {"destination.keystore.name",
                 "destination keystore name"}, //-destkeystore
-        {"destination keystore password protected",
+        {"destination.keystore.password.protected",
                 "destination keystore password protected"}, //-destprotected
-        {"destination keystore provider name",
+        {"destination.keystore.provider.name",
                 "destination keystore provider name"}, //-destprovidername
-        {"destination keystore password",
+        {"destination.keystore.password",
                 "destination keystore password"}, //-deststorepass
-        {"destination keystore type",
+        {"destination.keystore.type",
                 "destination keystore type"}, //-deststoretype
-        {"distinguished name",
+        {"distinguished.name",
                 "distinguished name"}, //-dname
-        {"X.509 extension",
+        {"X.509.extension",
                 "X.509 extension"}, //-ext
-        {"output file name",
+        {"output.file.name",
                 "output file name"}, //-file and -outfile
-        {"input file name",
+        {"input.file.name",
                 "input file name"}, //-file and -infile
-        {"key algorithm name",
+        {"key.algorithm.name",
                 "key algorithm name"}, //-keyalg
-        {"key password",
+        {"key.password",
                 "key password"}, //-keypass
-        {"key bit size",
+        {"key.bit.size",
                 "key bit size"}, //-keysize
-        {"keystore name",
+        {"keystore.name",
                 "keystore name"}, //-keystore
-        {"new password",
+        {"new.password",
                 "new password"}, //-new
-        {"do not prompt",
+        {"do.not.prompt",
                 "do not prompt"}, //-noprompt
-        {"password through protected mechanism",
+        {"password.through.protected.mechanism",
                 "password through protected mechanism"}, //-protected
-        {"provider argument",
+        {"provider.argument",
                 "provider argument"}, //-providerarg
-        {"provider class name",
+        {"provider.class.name",
                 "provider class name"}, //-providerclass
-        {"provider name",
+        {"provider.name",
                 "provider name"}, //-providername
-        {"provider classpath",
+        {"provider.classpath",
                 "provider classpath"}, //-providerpath
-        {"output in RFC style",
+        {"output.in.RFC.style",
                 "output in RFC style"}, //-rfc
-        {"signature algorithm name",
+        {"signature.algorithm.name",
                 "signature algorithm name"}, //-sigalg
-        {"source alias",
+        {"source.alias",
                 "source alias"}, //-srcalias
-        {"source key password",
+        {"source.key.password",
                 "source key password"}, //-srckeypass
-        {"source keystore name",
+        {"source.keystore.name",
                 "source keystore name"}, //-srckeystore
-        {"source keystore password protected",
+        {"source.keystore.password.protected",
                 "source keystore password protected"}, //-srcprotected
-        {"source keystore provider name",
+        {"source.keystore.provider.name",
                 "source keystore provider name"}, //-srcprovidername
-        {"source keystore password",
+        {"source.keystore.password",
                 "source keystore password"}, //-srcstorepass
-        {"source keystore type",
+        {"source.keystore.type",
                 "source keystore type"}, //-srcstoretype
-        {"SSL server host and port",
+        {"SSL.server.host.and.port",
                 "SSL server host and port"}, //-sslserver
-        {"signed jar file",
+        {"signed.jar.file",
                 "signed jar file"}, //=jarfile
-        {"certificate validity start date/time",
+        {"certificate.validity.start.date.time",
                 "certificate validity start date/time"}, //-startdate
-        {"keystore password",
+        {"keystore.password",
                 "keystore password"}, //-storepass
-        {"keystore type",
+        {"keystore.type",
                 "keystore type"}, //-storetype
-        {"trust certificates from cacerts",
+        {"trust.certificates.from.cacerts",
                 "trust certificates from cacerts"}, //-trustcacerts
-        {"verbose output",
+        {"verbose.output",
                 "verbose output"}, //-v
-        {"validity number of days",
+        {"validity.number.of.days",
                 "validity number of days"}, //-validity
-        {"Serial ID of cert to revoke",
+        {"Serial.ID.of.cert.to.revoke",
                  "Serial ID of cert to revoke"}, //-id
         // keytool: Running part
-        {"keytool error: ", "keytool error: "},
+        {"keytool.error.", "keytool error: "},
-        {"Illegal option:  ", "Illegal option:  "},
+        {"Illegal.option.", "Illegal option:  "},
-        {"Illegal value: ", "Illegal value: "},
+        {"Illegal.value.", "Illegal value: "},
-        {"Unknown password type: ", "Unknown password type: "},
+        {"Unknown.password.type.", "Unknown password type: "},
-        {"Cannot find environment variable: ",
+        {"Cannot.find.environment.variable.",
                 "Cannot find environment variable: "},
-        {"Cannot find file: ", "Cannot find file: "},
+        {"Cannot.find.file.", "Cannot find file: "},
-        {"Command option <flag> needs an argument.", "Command option {0} needs an argument."},
+        {"Command.option.flag.needs.an.argument.", "Command option {0} needs an argument."},
-        {"Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified <command> value.",
+        {"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value.",
                 "Warning:  Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified {0} value."},
-        {"-keystore must be NONE if -storetype is {0}",
+        {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-keystore must be NONE if -storetype is {0}"},
-        {"Too many retries, program terminated",
+        {"Too.many.retries.program.terminated",
                  "Too many retries, program terminated"},
-        {"-storepasswd and -keypasswd commands not supported if -storetype is {0}",
+        {".storepasswd.and.keypasswd.commands.not.supported.if.storetype.is.{0}",
                 "-storepasswd and -keypasswd commands not supported if -storetype is {0}"},
-        {"-keypasswd commands not supported if -storetype is PKCS12",
+        {".keypasswd.commands.not.supported.if.storetype.is.PKCS12",
                 "-keypasswd commands not supported if -storetype is PKCS12"},
-        {"-keypass and -new can not be specified if -storetype is {0}",
+        {".keypass.and.new.can.not.be.specified.if.storetype.is.{0}",
                 "-keypass and -new can not be specified if -storetype is {0}"},
-        {"if -protected is specified, then -storepass, -keypass, and -new must not be specified",
+        {"if.protected.is.specified.then.storepass.keypass.and.new.must.not.be.specified",
                 "if -protected is specified, then -storepass, -keypass, and -new must not be specified"},
-        {"if -srcprotected is specified, then -srcstorepass and -srckeypass must not be specified",
+        {"if.srcprotected.is.specified.then.srcstorepass.and.srckeypass.must.not.be.specified",
                 "if -srcprotected is specified, then -srcstorepass and -srckeypass must not be specified"},
-        {"if keystore is not password protected, then -storepass, -keypass, and -new must not be specified",
+        {"if.keystore.is.not.password.protected.then.storepass.keypass.and.new.must.not.be.specified",
                 "if keystore is not password protected, then -storepass, -keypass, and -new must not be specified"},
-        {"if source keystore is not password protected, then -srcstorepass and -srckeypass must not be specified",
+        {"if.source.keystore.is.not.password.protected.then.srcstorepass.and.srckeypass.must.not.be.specified",
                 "if source keystore is not password protected, then -srcstorepass and -srckeypass must not be specified"},
-        {"Illegal startdate value", "Illegal startdate value"},
+        {"Illegal.startdate.value", "Illegal startdate value"},
-        {"Validity must be greater than zero",
+        {"Validity.must.be.greater.than.zero",
                 "Validity must be greater than zero"},
-        {"provName not a provider", "{0} not a provider"},
+        {"provName.not.a.provider", "{0} not a provider"},
-        {"Usage error: no command provided", "Usage error: no command provided"},
+        {"Usage.error.no.command.provided", "Usage error: no command provided"},
-        {"Source keystore file exists, but is empty: ", "Source keystore file exists, but is empty: "},
+        {"Source.keystore.file.exists.but.is.empty.", "Source keystore file exists, but is empty: "},
-        {"Please specify -srckeystore", "Please specify -srckeystore"},
+        {"Please.specify.srckeystore", "Please specify -srckeystore"},
-        {"Must not specify both -v and -rfc with 'list' command",
+        {"Must.not.specify.both.v.and.rfc.with.list.command",
                 "Must not specify both -v and -rfc with 'list' command"},
-        {"Key password must be at least 6 characters",
+        {"Key.password.must.be.at.least.6.characters",
                 "Key password must be at least 6 characters"},
-        {"New password must be at least 6 characters",
+        {"New.password.must.be.at.least.6.characters",
                 "New password must be at least 6 characters"},
-        {"Keystore file exists, but is empty: ",
+        {"Keystore.file.exists.but.is.empty.",
                 "Keystore file exists, but is empty: "},
-        {"Keystore file does not exist: ",
+        {"Keystore.file.does.not.exist.",
                 "Keystore file does not exist: "},
-        {"Must specify destination alias", "Must specify destination alias"},
+        {"Must.specify.destination.alias", "Must specify destination alias"},
-        {"Must specify alias", "Must specify alias"},
+        {"Must.specify.alias", "Must specify alias"},
-        {"Keystore password must be at least 6 characters",
+        {"Keystore.password.must.be.at.least.6.characters",
                 "Keystore password must be at least 6 characters"},
-        {"Enter keystore password:  ", "Enter keystore password:  "},
+        {"Enter.keystore.password.", "Enter keystore password:  "},
-        {"Enter source keystore password:  ", "Enter source keystore password:  "},
+        {"Enter.source.keystore.password.", "Enter source keystore password:  "},
-        {"Enter destination keystore password:  ", "Enter destination keystore password:  "},
+        {"Enter.destination.keystore.password.", "Enter destination keystore password:  "},
-        {"Keystore password is too short - must be at least 6 characters",
+        {"Keystore.password.is.too.short.must.be.at.least.6.characters",
          "Keystore password is too short - must be at least 6 characters"},
-        {"Unknown Entry Type", "Unknown Entry Type"},
+        {"Unknown.Entry.Type", "Unknown Entry Type"},
-        {"Too many failures. Alias not changed", "Too many failures. Alias not changed"},
+        {"Too.many.failures.Alias.not.changed", "Too many failures. Alias not changed"},
-        {"Entry for alias <alias> successfully imported.",
+        {"Entry.for.alias.alias.successfully.imported.",
                  "Entry for alias {0} successfully imported."},
-        {"Entry for alias <alias> not imported.", "Entry for alias {0} not imported."},
+        {"Entry.for.alias.alias.not.imported.", "Entry for alias {0} not imported."},
-        {"Problem importing entry for alias <alias>: <exception>.\nEntry for alias <alias> not imported.",
+        {"Problem.importing.entry.for.alias.alias.exception.Entry.for.alias.alias.not.imported.",
                  "Problem importing entry for alias {0}: {1}.\nEntry for alias {0} not imported."},
-        {"Import command completed:  <ok> entries successfully imported, <fail> entries failed or cancelled",
+        {"Import.command.completed.ok.entries.successfully.imported.fail.entries.failed.or.cancelled",
                  "Import command completed:  {0} entries successfully imported, {1} entries failed or cancelled"},
-        {"Warning: Overwriting existing alias <alias> in destination keystore",
+        {"Warning.Overwriting.existing.alias.alias.in.destination.keystore",
                  "Warning: Overwriting existing alias {0} in destination keystore"},
-        {"Existing entry alias <alias> exists, overwrite? [no]:  ",
+        {"Existing.entry.alias.alias.exists.overwrite.no.",
                  "Existing entry alias {0} exists, overwrite? [no]:  "},
-        {"Too many failures - try later", "Too many failures - try later"},
+        {"Too.many.failures.try.later", "Too many failures - try later"},
-        {"Certification request stored in file <filename>",
+        {"Certification.request.stored.in.file.filename.",
                 "Certification request stored in file <{0}>"},
-        {"Submit this to your CA", "Submit this to your CA"},
+        {"Submit.this.to.your.CA", "Submit this to your CA"},
-        {"if alias not specified, destalias, srckeypass, and destkeypass must not be specified",
+        {"if.alias.not.specified.destalias.srckeypass.and.destkeypass.must.not.be.specified",
             "if alias not specified, destalias, srckeypass, and destkeypass must not be specified"},
-        {"Certificate stored in file <filename>",
+        {"Certificate.stored.in.file.filename.",
                 "Certificate stored in file <{0}>"},
-        {"Certificate reply was installed in keystore",
+        {"Certificate.reply.was.installed.in.keystore",
                 "Certificate reply was installed in keystore"},
-        {"Certificate reply was not installed in keystore",
+        {"Certificate.reply.was.not.installed.in.keystore",
                 "Certificate reply was not installed in keystore"},
-        {"Certificate was added to keystore",
+        {"Certificate.was.added.to.keystore",
                 "Certificate was added to keystore"},
-        {"Certificate was not added to keystore",
+        {"Certificate.was.not.added.to.keystore",
                 "Certificate was not added to keystore"},
-        {"[Storing ksfname]", "[Storing {0}]"},
+        {".Storing.ksfname.", "[Storing {0}]"},
-        {"alias has no public key (certificate)",
+        {"alias.has.no.public.key.certificate.",
                 "{0} has no public key (certificate)"},
-        {"Cannot derive signature algorithm",
+        {"Cannot.derive.signature.algorithm",
                 "Cannot derive signature algorithm"},
-        {"Alias <alias> does not exist",
+        {"Alias.alias.does.not.exist",
                 "Alias <{0}> does not exist"},
-        {"Alias <alias> has no certificate",
+        {"Alias.alias.has.no.certificate",
                 "Alias <{0}> has no certificate"},
-        {"Key pair not generated, alias <alias> already exists",
+        {"Key.pair.not.generated.alias.alias.already.exists",
                 "Key pair not generated, alias <{0}> already exists"},
-        {"Generating keysize bit keyAlgName key pair and self-signed certificate (sigAlgName) with a validity of validality days\n\tfor: x500Name",
+        {"Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for",
                 "Generating {0} bit {1} key pair and self-signed certificate ({2}) with a validity of {3} days\n\tfor: {4}"},
-        {"Enter key password for <alias>", "Enter key password for <{0}>"},
+        {"Enter.key.password.for.alias.", "Enter key password for <{0}>"},
-        {"\t(RETURN if same as keystore password):  ",
+        {".RETURN.if.same.as.keystore.password.",
                 "\t(RETURN if same as keystore password):  "},
-        {"Key password is too short - must be at least 6 characters",
+        {"Key.password.is.too.short.must.be.at.least.6.characters",
                 "Key password is too short - must be at least 6 characters"},
-        {"Too many failures - key not added to keystore",
+        {"Too.many.failures.key.not.added.to.keystore",
                 "Too many failures - key not added to keystore"},
-        {"Destination alias <dest> already exists",
+        {"Destination.alias.dest.already.exists",
                 "Destination alias <{0}> already exists"},
-        {"Password is too short - must be at least 6 characters",
+        {"Password.is.too.short.must.be.at.least.6.characters",
                 "Password is too short - must be at least 6 characters"},
-        {"Too many failures. Key entry not cloned",
+        {"Too.many.failures.Key.entry.not.cloned",
                 "Too many failures. Key entry not cloned"},
-        {"key password for <alias>", "key password for <{0}>"},
+        {"key.password.for.alias.", "key password for <{0}>"},
-        {"Keystore entry for <id.getName()> already exists",
+        {"Keystore.entry.for.id.getName.already.exists",
                 "Keystore entry for <{0}> already exists"},
-        {"Creating keystore entry for <id.getName()> ...",
+        {"Creating.keystore.entry.for.id.getName.",
                 "Creating keystore entry for <{0}> ..."},
-        {"No entries from identity database added",
+        {"No.entries.from.identity.database.added",
                 "No entries from identity database added"},
-        {"Alias name: alias", "Alias name: {0}"},
+        {"Alias.name.alias", "Alias name: {0}"},
-        {"Creation date: keyStore.getCreationDate(alias)",
+        {"Creation.date.keyStore.getCreationDate.alias.",
                 "Creation date: {0,date}"},
-        {"alias, keyStore.getCreationDate(alias), ",
+        {"alias.keyStore.getCreationDate.alias.",
                 "{0}, {1,date}, "},
-        {"alias, ", "{0}, "},
+        {"alias.", "{0}, "},
-        {"Entry type: <type>", "Entry type: {0}"},
+        {"Entry.type.type.", "Entry type: {0}"},
-        {"Certificate chain length: ", "Certificate chain length: "},
+        {"Certificate.chain.length.", "Certificate chain length: "},
-        {"Certificate[(i + 1)]:", "Certificate[{0,number,integer}]:"},
+        {"Certificate.i.1.", "Certificate[{0,number,integer}]:"},
-        {"Certificate fingerprint (SHA1): ", "Certificate fingerprint (SHA1): "},
+        {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "},
-        {"Entry type: trustedCertEntry\n", "Entry type: trustedCertEntry\n"},
+        {"Entry.type.trustedCertEntry.", "Entry type: trustedCertEntry\n"},
-        {"trustedCertEntry,", "trustedCertEntry,"},
+        {"trustedCertEntry.", "trustedCertEntry,"},
-        {"Keystore type: ", "Keystore type: "},
+        {"Keystore.type.", "Keystore type: "},
-        {"Keystore provider: ", "Keystore provider: "},
+        {"Keystore.provider.", "Keystore provider: "},
-        {"Your keystore contains keyStore.size() entry",
+        {"Your.keystore.contains.keyStore.size.entry",
                 "Your keystore contains {0,number,integer} entry"},
-        {"Your keystore contains keyStore.size() entries",
+        {"Your.keystore.contains.keyStore.size.entries",
                 "Your keystore contains {0,number,integer} entries"},
-        {"Failed to parse input", "Failed to parse input"},
+        {"Failed.to.parse.input", "Failed to parse input"},
-        {"Empty input", "Empty input"},
+        {"Empty.input", "Empty input"},
-        {"Not X.509 certificate", "Not X.509 certificate"},
+        {"Not.X.509.certificate", "Not X.509 certificate"},
-        {"alias has no public key", "{0} has no public key"},
+        {"alias.has.no.public.key", "{0} has no public key"},
-        {"alias has no X.509 certificate", "{0} has no X.509 certificate"},
+        {"alias.has.no.X.509.certificate", "{0} has no X.509 certificate"},
-        {"New certificate (self-signed):", "New certificate (self-signed):"},
+        {"New.certificate.self.signed.", "New certificate (self-signed):"},
-        {"Reply has no certificates", "Reply has no certificates"},
+        {"Reply.has.no.certificates", "Reply has no certificates"},
-        {"Certificate not imported, alias <alias> already exists",
+        {"Certificate.not.imported.alias.alias.already.exists",
                 "Certificate not imported, alias <{0}> already exists"},
-        {"Input not an X.509 certificate", "Input not an X.509 certificate"},
+        {"Input.not.an.X.509.certificate", "Input not an X.509 certificate"},
-        {"Certificate already exists in keystore under alias <trustalias>",
+        {"Certificate.already.exists.in.keystore.under.alias.trustalias.",
                 "Certificate already exists in keystore under alias <{0}>"},
-        {"Do you still want to add it? [no]:  ",
+        {"Do.you.still.want.to.add.it.no.",
                 "Do you still want to add it? [no]:  "},
-        {"Certificate already exists in system-wide CA keystore under alias <trustalias>",
+        {"Certificate.already.exists.in.system.wide.CA.keystore.under.alias.trustalias.",
                 "Certificate already exists in system-wide CA keystore under alias <{0}>"},
-        {"Do you still want to add it to your own keystore? [no]:  ",
+        {"Do.you.still.want.to.add.it.to.your.own.keystore.no.",
                 "Do you still want to add it to your own keystore? [no]:  "},
-        {"Trust this certificate? [no]:  ", "Trust this certificate? [no]:  "},
+        {"Trust.this.certificate.no.", "Trust this certificate? [no]:  "},
         {"YES", "YES"},
-        {"New prompt: ", "New {0}: "},
+        {"New.prompt.", "New {0}: "},
-        {"Passwords must differ", "Passwords must differ"},
+        {"Passwords.must.differ", "Passwords must differ"},
-        {"Re-enter new prompt: ", "Re-enter new {0}: "},
+        {"Re.enter.new.prompt.", "Re-enter new {0}: "},
-        {"Re-enter new password: ", "Re-enter new password: "},
+        {"Re.enter.new.password.", "Re-enter new password: "},
-        {"They don't match. Try again", "They don't match. Try again"},
+        {"They.don.t.match.Try.again", "They don't match. Try again"},
-        {"Enter prompt alias name:  ", "Enter {0} alias name:  "},
+        {"Enter.prompt.alias.name.", "Enter {0} alias name:  "},
-        {"Enter new alias name\t(RETURN to cancel import for this entry):  ",
+        {"Enter.new.alias.name.RETURN.to.cancel.import.for.this.entry.",
                  "Enter new alias name\t(RETURN to cancel import for this entry):  "},
-        {"Enter alias name:  ", "Enter alias name:  "},
+        {"Enter.alias.name.", "Enter alias name:  "},
-        {"\t(RETURN if same as for <otherAlias>)",
+        {".RETURN.if.same.as.for.otherAlias.",
                 "\t(RETURN if same as for <{0}>)"},
-        {"*PATTERN* printX509Cert",
+        {".PATTERN.printX509Cert",
                 "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5:  {5}\n\t SHA1: {6}\n\t SHA256: {7}\n\t Signature algorithm name: {8}\n\t Version: {9}"},
-        {"What is your first and last name?",
+        {"What.is.your.first.and.last.name.",
                 "What is your first and last name?"},
-        {"What is the name of your organizational unit?",
+        {"What.is.the.name.of.your.organizational.unit.",
                 "What is the name of your organizational unit?"},
-        {"What is the name of your organization?",
+        {"What.is.the.name.of.your.organization.",
                 "What is the name of your organization?"},
-        {"What is the name of your City or Locality?",
+        {"What.is.the.name.of.your.City.or.Locality.",
                 "What is the name of your City or Locality?"},
-        {"What is the name of your State or Province?",
+        {"What.is.the.name.of.your.State.or.Province.",
                 "What is the name of your State or Province?"},
-        {"What is the two-letter country code for this unit?",
+        {"What.is.the.two.letter.country.code.for.this.unit.",
                 "What is the two-letter country code for this unit?"},
-        {"Is <name> correct?", "Is {0} correct?"},
+        {"Is.name.correct.", "Is {0} correct?"},
         {"no", "no"},
         {"yes", "yes"},
         {"y", "y"},
-        {"  [defaultValue]:  ", "  [{0}]:  "},
+        {".defaultValue.", "  [{0}]:  "},
-        {"Alias <alias> has no key",
+        {"Alias.alias.has.no.key",
                 "Alias <{0}> has no key"},
-        {"Alias <alias> references an entry type that is not a private key entry.  The -keyclone command only supports cloning of private key entries",
+        {"Alias.alias.references.an.entry.type.that.is.not.a.private.key.entry.The.keyclone.command.only.supports.cloning.of.private.key",
                  "Alias <{0}> references an entry type that is not a private key entry.  The -keyclone command only supports cloning of private key entries"},
 
-        {"*****************  WARNING WARNING WARNING  *****************",
+        {".WARNING.WARNING.WARNING.",
             "*****************  WARNING WARNING WARNING  *****************"},
-        {"Signer #%d:", "Signer #%d:"},
+        {"Signer.d.", "Signer #%d:"},
-        {"Timestamp:", "Timestamp:"},
+        {"Timestamp.", "Timestamp:"},
-        {"Signature:", "Signature:"},
+        {"Signature.", "Signature:"},
-        {"CRLs:", "CRLs:"},
+        {"CRLs.", "CRLs:"},
-        {"Certificate owner: ", "Certificate owner: "},
+        {"Certificate.owner.", "Certificate owner: "},
-        {"Not a signed jar file", "Not a signed jar file"},
+        {"Not.a.signed.jar.file", "Not a signed jar file"},
-        {"No certificate from the SSL server",
+        {"No.certificate.from.the.SSL.server",
                 "No certificate from the SSL server"},
 
         // Translators of the following 5 pairs, ATTENTION:
         // the next 5 string pairs are meant to be combined into 2 paragraphs,
         // 1+3+4 and 2+3+5. make sure your translation also does.
-        {"* The integrity of the information stored in your keystore  *",
+        {".The.integrity.of.the.information.stored.in.your.keystore.",
             "* The integrity of the information stored in your keystore  *"},
-        {"* The integrity of the information stored in the srckeystore*",
+        {".The.integrity.of.the.information.stored.in.the.srckeystore.",
             "* The integrity of the information stored in the srckeystore*"},
-        {"* has NOT been verified!  In order to verify its integrity, *",
+        {".has.NOT.been.verified.In.order.to.verify.its.integrity.",
             "* has NOT been verified!  In order to verify its integrity, *"},
-        {"* you must provide your keystore password.                  *",
+        {".you.must.provide.your.keystore.password.",
             "* you must provide your keystore password.                  *"},
-        {"* you must provide the srckeystore password.                *",
+        {".you.must.provide.the.srckeystore.password.",
             "* you must provide the srckeystore password.                *"},
 
 
-        {"Certificate reply does not contain public key for <alias>",
+        {"Certificate.reply.does.not.contain.public.key.for.alias.",
                 "Certificate reply does not contain public key for <{0}>"},
-        {"Incomplete certificate chain in reply",
+        {"Incomplete.certificate.chain.in.reply",
                 "Incomplete certificate chain in reply"},
-        {"Certificate chain in reply does not verify: ",
+        {"Certificate.chain.in.reply.does.not.verify.",
                 "Certificate chain in reply does not verify: "},
-        {"Top-level certificate in reply:\n",
+        {"Top.level.certificate.in.reply.",
                 "Top-level certificate in reply:\n"},
-        {"... is not trusted. ", "... is not trusted. "},
+        {".is.not.trusted.", "... is not trusted. "},
-        {"Install reply anyway? [no]:  ", "Install reply anyway? [no]:  "},
+        {"Install.reply.anyway.no.", "Install reply anyway? [no]:  "},
         {"NO", "NO"},
-        {"Public keys in reply and keystore don't match",
+        {"Public.keys.in.reply.and.keystore.don.t.match",
                 "Public keys in reply and keystore don't match"},
-        {"Certificate reply and certificate in keystore are identical",
+        {"Certificate.reply.and.certificate.in.keystore.are.identical",
                 "Certificate reply and certificate in keystore are identical"},
-        {"Failed to establish chain from reply",
+        {"Failed.to.establish.chain.from.reply",
                 "Failed to establish chain from reply"},
         {"n", "n"},
-        {"Wrong answer, try again", "Wrong answer, try again"},
+        {"Wrong.answer.try.again", "Wrong answer, try again"},
-        {"Secret key not generated, alias <alias> already exists",
+        {"Secret.key.not.generated.alias.alias.already.exists",
                 "Secret Key not generated, alias <{0}> already exists"},
-        {"Please provide -keysize for secret key generation",
+        {"Please.provide.keysize.for.secret.key.generation",
                 "Please provide -keysize for secret key generation"},
 
-        {"Extensions: ", "Extensions: "},
+        {"Extensions.", "Extensions: "},
-        {"(Empty value)", "(Empty value)"},
+        {".Empty.value.", "(Empty value)"},
-        {"Extension Request:", "Extension Request:"},
+        {"Extension.Request.", "Extension Request:"},
-        {"PKCS #10 Certificate Request (Version 1.0)\n" +
+        {"PKCS.10.Certificate.Request.Version.1.0.Subject.s.Public.Key.s.format.s.key.",
-                "Subject: %s\nPublic Key: %s format %s key\n",
                 "PKCS #10 Certificate Request (Version 1.0)\n" +
                 "Subject: %s\nPublic Key: %s format %s key\n"},
-        {"Unknown keyUsage type: ", "Unknown keyUsage type: "},
+        {"Unknown.keyUsage.type.", "Unknown keyUsage type: "},
-        {"Unknown extendedkeyUsage type: ", "Unknown extendedkeyUsage type: "},
+        {"Unknown.extendedkeyUsage.type.", "Unknown extendedkeyUsage type: "},
-        {"Unknown AccessDescription type: ", "Unknown AccessDescription type: "},
+        {"Unknown.AccessDescription.type.", "Unknown AccessDescription type: "},
-        {"Unrecognized GeneralName type: ", "Unrecognized GeneralName type: "},
+        {"Unrecognized.GeneralName.type.", "Unrecognized GeneralName type: "},
-        {"This extension cannot be marked as critical. ",
+        {"This.extension.cannot.be.marked.as.critical.",
                  "This extension cannot be marked as critical. "},
-        {"Odd number of hex digits found: ", "Odd number of hex digits found: "},
+        {"Odd.number.of.hex.digits.found.", "Odd number of hex digits found: "},
-        {"Unknown extension type: ", "Unknown extension type: "},
+        {"Unknown.extension.type.", "Unknown extension type: "},
-        {"command {0} is ambiguous:", "command {0} is ambiguous:"},
+        {"command.{0}.is.ambiguous.", "command {0} is ambiguous:"},
 
         // policytool
-        {"Warning: A public key for alias 'signers[i]' does not exist.  Make sure a KeyStore is properly configured.",
+        {"Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured.",
                 "Warning: A public key for alias {0} does not exist.  Make sure a KeyStore is properly configured."},
-        {"Warning: Class not found: class", "Warning: Class not found: {0}"},
+        {"Warning.Class.not.found.class", "Warning: Class not found: {0}"},
-        {"Warning: Invalid argument(s) for constructor: arg",
+        {"Warning.Invalid.argument.s.for.constructor.arg",
                 "Warning: Invalid argument(s) for constructor: {0}"},
-        {"Illegal Principal Type: type", "Illegal Principal Type: {0}"},
+        {"Illegal.Principal.Type.type", "Illegal Principal Type: {0}"},
-        {"Illegal option: option", "Illegal option: {0}"},
+        {"Illegal.option.option", "Illegal option: {0}"},
-        {"Usage: policytool [options]", "Usage: policytool [options]"},
+        {"Usage.policytool.options.", "Usage: policytool [options]"},
-        {"  [-file <file>]    policy file location",
+        {".file.file.policy.file.location",
                 "  [-file <file>]    policy file location"},
         {"New", "New"},
         {"Open", "Open"},
         {"Save", "Save"},
-        {"Save As", "Save As"},
+        {"Save.As", "Save As"},
-        {"View Warning Log", "View Warning Log"},
+        {"View.Warning.Log", "View Warning Log"},
         {"Exit", "Exit"},
-        {"Add Policy Entry", "Add Policy Entry"},
+        {"Add.Policy.Entry", "Add Policy Entry"},
-        {"Edit Policy Entry", "Edit Policy Entry"},
+        {"Edit.Policy.Entry", "Edit Policy Entry"},
-        {"Remove Policy Entry", "Remove Policy Entry"},
+        {"Remove.Policy.Entry", "Remove Policy Entry"},
         {"Edit", "Edit"},
         {"Retain", "Retain"},
 
-        {"Warning: File name may include escaped backslash characters. " +
+        {"Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes",
-                        "It is not necessary to escape backslash characters " +
-                        "(the tool escapes characters as necessary when writing " +
-                        "the policy contents to the persistent store).\n\n" +
-                        "Click on Retain to retain the entered name, or click on " +
-                        "Edit to edit the name.",
             "Warning: File name may include escaped backslash characters. " +
                         "It is not necessary to escape backslash characters " +
                         "(the tool escapes characters as necessary when writing " +
@@ -470,203 +464,203 @@ public class Resources extends java.util.ListResourceBundle {
                         "Click on Retain to retain the entered name, or click on " +
                         "Edit to edit the name."},
 
-        {"Add Public Key Alias", "Add Public Key Alias"},
+        {"Add.Public.Key.Alias", "Add Public Key Alias"},
-        {"Remove Public Key Alias", "Remove Public Key Alias"},
+        {"Remove.Public.Key.Alias", "Remove Public Key Alias"},
         {"File", "File"},
         {"KeyStore", "KeyStore"},
-        {"Policy File:", "Policy File:"},
+        {"Policy.File.", "Policy File:"},
-        {"Could not open policy file: policyFile: e.toString()",
+        {"Could.not.open.policy.file.policyFile.e.toString.",
                 "Could not open policy file: {0}: {1}"},
-        {"Policy Tool", "Policy Tool"},
+        {"Policy.Tool", "Policy Tool"},
-        {"Errors have occurred while opening the policy configuration.  View the Warning Log for more information.",
+        {"Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information.",
                 "Errors have occurred while opening the policy configuration.  View the Warning Log for more information."},
         {"Error", "Error"},
         {"OK", "OK"},
         {"Status", "Status"},
         {"Warning", "Warning"},
-        {"Permission:                                                       ",
+        {"Permission.",
                 "Permission:                                                       "},
-        {"Principal Type:", "Principal Type:"},
+        {"Principal.Type.", "Principal Type:"},
-        {"Principal Name:", "Principal Name:"},
+        {"Principal.Name.", "Principal Name:"},
-        {"Target Name:                                                    ",
+        {"Target.Name.",
                 "Target Name:                                                    "},
-        {"Actions:                                                             ",
+        {"Actions.",
                 "Actions:                                                             "},
-        {"OK to overwrite existing file filename?",
+        {"OK.to.overwrite.existing.file.filename.",
                 "OK to overwrite existing file {0}?"},
         {"Cancel", "Cancel"},
-        {"CodeBase:", "CodeBase:"},
+        {"CodeBase.", "CodeBase:"},
-        {"SignedBy:", "SignedBy:"},
+        {"SignedBy.", "SignedBy:"},
-        {"Add Principal", "Add Principal"},
+        {"Add.Principal", "Add Principal"},
-        {"Edit Principal", "Edit Principal"},
+        {"Edit.Principal", "Edit Principal"},
-        {"Remove Principal", "Remove Principal"},
+        {"Remove.Principal", "Remove Principal"},
-        {"Principals:", "Principals:"},
+        {"Principals.", "Principals:"},
-        {"  Add Permission", "  Add Permission"},
+        {".Add.Permission", "  Add Permission"},
-        {"  Edit Permission", "  Edit Permission"},
+        {".Edit.Permission", "  Edit Permission"},
-        {"Remove Permission", "Remove Permission"},
+        {"Remove.Permission", "Remove Permission"},
         {"Done", "Done"},
-        {"KeyStore URL:", "KeyStore URL:"},
+        {"KeyStore.URL.", "KeyStore URL:"},
-        {"KeyStore Type:", "KeyStore Type:"},
+        {"KeyStore.Type.", "KeyStore Type:"},
-        {"KeyStore Provider:", "KeyStore Provider:"},
+        {"KeyStore.Provider.", "KeyStore Provider:"},
-        {"KeyStore Password URL:", "KeyStore Password URL:"},
+        {"KeyStore.Password.URL.", "KeyStore Password URL:"},
         {"Principals", "Principals"},
-        {"  Edit Principal:", "  Edit Principal:"},
+        {".Edit.Principal.", "  Edit Principal:"},
-        {"  Add New Principal:", "  Add New Principal:"},
+        {".Add.New.Principal.", "  Add New Principal:"},
         {"Permissions", "Permissions"},
-        {"  Edit Permission:", "  Edit Permission:"},
+        {".Edit.Permission.", "  Edit Permission:"},
-        {"  Add New Permission:", "  Add New Permission:"},
+        {".Add.New.Permission.", "  Add New Permission:"},
-        {"Signed By:", "Signed By:"},
+        {"Signed.By.", "Signed By:"},
-        {"Cannot Specify Principal with a Wildcard Class without a Wildcard Name",
+        {"Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name",
             "Cannot Specify Principal with a Wildcard Class without a Wildcard Name"},
-        {"Cannot Specify Principal without a Name",
+        {"Cannot.Specify.Principal.without.a.Name",
             "Cannot Specify Principal without a Name"},
-        {"Permission and Target Name must have a value",
+        {"Permission.and.Target.Name.must.have.a.value",
                 "Permission and Target Name must have a value"},
-        {"Remove this Policy Entry?", "Remove this Policy Entry?"},
+        {"Remove.this.Policy.Entry.", "Remove this Policy Entry?"},
-        {"Overwrite File", "Overwrite File"},
+        {"Overwrite.File", "Overwrite File"},
-        {"Policy successfully written to filename",
+        {"Policy.successfully.written.to.filename",
                 "Policy successfully written to {0}"},
-        {"null filename", "null filename"},
+        {"null.filename", "null filename"},
-        {"Save changes?", "Save changes?"},
+        {"Save.changes.", "Save changes?"},
         {"Yes", "Yes"},
         {"No", "No"},
-        {"Policy Entry", "Policy Entry"},
+        {"Policy.Entry", "Policy Entry"},
-        {"Save Changes", "Save Changes"},
+        {"Save.Changes", "Save Changes"},
-        {"No Policy Entry selected", "No Policy Entry selected"},
+        {"No.Policy.Entry.selected", "No Policy Entry selected"},
-        {"Unable to open KeyStore: ex.toString()",
+        {"Unable.to.open.KeyStore.ex.toString.",
                 "Unable to open KeyStore: {0}"},
-        {"No principal selected", "No principal selected"},
+        {"No.principal.selected", "No principal selected"},
-        {"No permission selected", "No permission selected"},
+        {"No.permission.selected", "No permission selected"},
         {"name", "name"},
-        {"configuration type", "configuration type"},
+        {"configuration.type", "configuration type"},
-        {"environment variable name", "environment variable name"},
+        {"environment.variable.name", "environment variable name"},
-        {"library name", "library name"},
+        {"library.name", "library name"},
-        {"package name", "package name"},
+        {"package.name", "package name"},
-        {"policy type", "policy type"},
+        {"policy.type", "policy type"},
-        {"property name", "property name"},
+        {"property.name", "property name"},
-        {"Principal List", "Principal List"},
+        {"Principal.List", "Principal List"},
-        {"Permission List", "Permission List"},
+        {"Permission.List", "Permission List"},
-        {"Code Base", "Code Base"},
+        {"Code.Base", "Code Base"},
-        {"KeyStore U R L:", "KeyStore U R L:"},
+        {"KeyStore.U.R.L.", "KeyStore U R L:"},
-        {"KeyStore Password U R L:", "KeyStore Password U R L:"},
+        {"KeyStore.Password.U.R.L.", "KeyStore Password U R L:"},
 
 
         // javax.security.auth.PrivateCredentialPermission
-        {"invalid null input(s)", "invalid null input(s)"},
+        {"invalid.null.input.s.", "invalid null input(s)"},
-        {"actions can only be 'read'", "actions can only be 'read'"},
+        {"actions.can.only.be.read.", "actions can only be 'read'"},
-        {"permission name [name] syntax invalid: ",
+        {"permission.name.name.syntax.invalid.",
                 "permission name [{0}] syntax invalid: "},
-        {"Credential Class not followed by a Principal Class and Name",
+        {"Credential.Class.not.followed.by.a.Principal.Class.and.Name",
                 "Credential Class not followed by a Principal Class and Name"},
-        {"Principal Class not followed by a Principal Name",
+        {"Principal.Class.not.followed.by.a.Principal.Name",
                 "Principal Class not followed by a Principal Name"},
-        {"Principal Name must be surrounded by quotes",
+        {"Principal.Name.must.be.surrounded.by.quotes",
                 "Principal Name must be surrounded by quotes"},
-        {"Principal Name missing end quote",
+        {"Principal.Name.missing.end.quote",
                 "Principal Name missing end quote"},
-        {"PrivateCredentialPermission Principal Class can not be a wildcard (*) value if Principal Name is not a wildcard (*) value",
+        {"PrivateCredentialPermission.Principal.Class.can.not.be.a.wildcard.value.if.Principal.Name.is.not.a.wildcard.value",
                 "PrivateCredentialPermission Principal Class can not be a wildcard (*) value if Principal Name is not a wildcard (*) value"},
-        {"CredOwner:\n\tPrincipal Class = class\n\tPrincipal Name = name",
+        {"CredOwner.Principal.Class.class.Principal.Name.name",
                 "CredOwner:\n\tPrincipal Class = {0}\n\tPrincipal Name = {1}"},
 
         // javax.security.auth.x500
-        {"provided null name", "provided null name"},
+        {"provided.null.name", "provided null name"},
-        {"provided null keyword map", "provided null keyword map"},
+        {"provided.null.keyword.map", "provided null keyword map"},
-        {"provided null OID map", "provided null OID map"},
+        {"provided.null.OID.map", "provided null OID map"},
 
         // javax.security.auth.Subject
-        {"invalid null AccessControlContext provided",
+        {"invalid.null.AccessControlContext.provided",
                 "invalid null AccessControlContext provided"},
-        {"invalid null action provided", "invalid null action provided"},
+        {"invalid.null.action.provided", "invalid null action provided"},
-        {"invalid null Class provided", "invalid null Class provided"},
+        {"invalid.null.Class.provided", "invalid null Class provided"},
-        {"Subject:\n", "Subject:\n"},
+        {"Subject.", "Subject:\n"},
-        {"\tPrincipal: ", "\tPrincipal: "},
+        {".Principal.", "\tPrincipal: "},
-        {"\tPublic Credential: ", "\tPublic Credential: "},
+        {".Public.Credential.", "\tPublic Credential: "},
-        {"\tPrivate Credentials inaccessible\n",
+        {".Private.Credentials.inaccessible.",
                 "\tPrivate Credentials inaccessible\n"},
-        {"\tPrivate Credential: ", "\tPrivate Credential: "},
+        {".Private.Credential.", "\tPrivate Credential: "},
-        {"\tPrivate Credential inaccessible\n",
+        {".Private.Credential.inaccessible.",
                 "\tPrivate Credential inaccessible\n"},
-        {"Subject is read-only", "Subject is read-only"},
+        {"Subject.is.read.only", "Subject is read-only"},
-        {"attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set",
+        {"attempting.to.add.an.object.which.is.not.an.instance.of.java.security.Principal.to.a.Subject.s.Principal.Set",
                 "attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set"},
-        {"attempting to add an object which is not an instance of class",
+        {"attempting.to.add.an.object.which.is.not.an.instance.of.class",
                 "attempting to add an object which is not an instance of {0}"},
 
         // javax.security.auth.login.AppConfigurationEntry
-        {"LoginModuleControlFlag: ", "LoginModuleControlFlag: "},
+        {"LoginModuleControlFlag.", "LoginModuleControlFlag: "},
 
         // javax.security.auth.login.LoginContext
-        {"Invalid null input: name", "Invalid null input: name"},
+        {"Invalid.null.input.name", "Invalid null input: name"},
-        {"No LoginModules configured for name",
+        {"No.LoginModules.configured.for.name",
          "No LoginModules configured for {0}"},
-        {"invalid null Subject provided", "invalid null Subject provided"},
+        {"invalid.null.Subject.provided", "invalid null Subject provided"},
-        {"invalid null CallbackHandler provided",
+        {"invalid.null.CallbackHandler.provided",
                 "invalid null CallbackHandler provided"},
-        {"null subject - logout called before login",
+        {"null.subject.logout.called.before.login",
                 "null subject - logout called before login"},
-        {"unable to instantiate LoginModule, module, because it does not provide a no-argument constructor",
+        {"unable.to.instantiate.LoginModule.module.because.it.does.not.provide.a.no.argument.constructor",
                 "unable to instantiate LoginModule, {0}, because it does not provide a no-argument constructor"},
-        {"unable to instantiate LoginModule",
+        {"unable.to.instantiate.LoginModule",
                 "unable to instantiate LoginModule"},
-        {"unable to instantiate LoginModule: ",
+        {"unable.to.instantiate.LoginModule.",
                 "unable to instantiate LoginModule: "},
-        {"unable to find LoginModule class: ",
+        {"unable.to.find.LoginModule.class.",
                 "unable to find LoginModule class: "},
-        {"unable to access LoginModule: ",
+        {"unable.to.access.LoginModule.",
                 "unable to access LoginModule: "},
-        {"Login Failure: all modules ignored",
+        {"Login.Failure.all.modules.ignored",
                 "Login Failure: all modules ignored"},
 
         // sun.security.provider.PolicyFile
 
-        {"java.security.policy: error parsing policy:\n\tmessage",
+        {"java.security.policy.error.parsing.policy.message",
                 "java.security.policy: error parsing {0}:\n\t{1}"},
-        {"java.security.policy: error adding Permission, perm:\n\tmessage",
+        {"java.security.policy.error.adding.Permission.perm.message",
                 "java.security.policy: error adding Permission, {0}:\n\t{1}"},
-        {"java.security.policy: error adding Entry:\n\tmessage",
+        {"java.security.policy.error.adding.Entry.message",
                 "java.security.policy: error adding Entry:\n\t{0}"},
-        {"alias name not provided (pe.name)", "alias name not provided ({0})"},
+        {"alias.name.not.provided.pe.name.", "alias name not provided ({0})"},
-        {"unable to perform substitution on alias, suffix",
+        {"unable.to.perform.substitution.on.alias.suffix",
                 "unable to perform substitution on alias, {0}"},
-        {"substitution value, prefix, unsupported",
+        {"substitution.value.prefix.unsupported",
                 "substitution value, {0}, unsupported"},
-        {"(", "("},
+        {"LPARAM", "("},
-        {")", ")"},
+        {"RPARAM", ")"},
-        {"type can't be null","type can't be null"},
+        {"type.can.t.be.null","type can't be null"},
 
         // sun.security.provider.PolicyParser
-        {"keystorePasswordURL can not be specified without also specifying keystore",
+        {"keystorePasswordURL.can.not.be.specified.without.also.specifying.keystore",
                 "keystorePasswordURL can not be specified without also specifying keystore"},
-        {"expected keystore type", "expected keystore type"},
+        {"expected.keystore.type", "expected keystore type"},
-        {"expected keystore provider", "expected keystore provider"},
+        {"expected.keystore.provider", "expected keystore provider"},
-        {"multiple Codebase expressions",
+        {"multiple.Codebase.expressions",
                 "multiple Codebase expressions"},
-        {"multiple SignedBy expressions","multiple SignedBy expressions"},
+        {"multiple.SignedBy.expressions","multiple SignedBy expressions"},
-        {"SignedBy has empty alias","SignedBy has empty alias"},
+        {"SignedBy.has.empty.alias","SignedBy has empty alias"},
-        {"can not specify Principal with a wildcard class without a wildcard name",
+        {"can.not.specify.Principal.with.a.wildcard.class.without.a.wildcard.name",
                 "can not specify Principal with a wildcard class without a wildcard name"},
-        {"expected codeBase or SignedBy or Principal",
+        {"expected.codeBase.or.SignedBy.or.Principal",
                 "expected codeBase or SignedBy or Principal"},
-        {"expected permission entry", "expected permission entry"},
+        {"expected.permission.entry", "expected permission entry"},
-        {"number ", "number "},
+        {"number.", "number "},
-        {"expected [expect], read [end of file]",
+        {"expected.expect.read.end.of.file.",
                 "expected [{0}], read [end of file]"},
-        {"expected [;], read [end of file]",
+        {"expected.read.end.of.file.",
                 "expected [;], read [end of file]"},
-        {"line number: msg", "line {0}: {1}"},
+        {"line.number.msg", "line {0}: {1}"},
-        {"line number: expected [expect], found [actual]",
+        {"line.number.expected.expect.found.actual.",
                 "line {0}: expected [{1}], found [{2}]"},
-        {"null principalClass or principalName",
+        {"null.principalClass.or.principalName",
                 "null principalClass or principalName"},
 
         // sun.security.pkcs11.SunPKCS11
-        {"PKCS11 Token [providerName] Password: ",
+        {"PKCS11.Token.providerName.Password.",
                 "PKCS11 Token [{0}] Password: "},
 
         /* --- DEPRECATED --- */
         // javax.security.auth.Policy
-        {"unable to instantiate Subject-based policy",
+        {"unable.to.instantiate.Subject.based.policy",
                 "unable to instantiate Subject-based policy"}
     };
 

jdk/src/share/demo/nio/zipfs/Demo.java

@@ -75,9 +75,15 @@ public class Demo {
                          // copy an external src file into zipfile
                          // as entry dst
 
+        copyin_attrs,    // <java Demo copyin_attrs zipfile src dst>
+                         // copy an external src file into zipfile
+                         // as entry dst, with attributes (timestamp)
+
         copyout,         // <java Demo copyout zipfile src dst>
                          // copy zipfile entry src" out to file dst
 
+        copyout_attrs,   // <java Demo copyout_attrs zipfile src dst>
+
         zzmove,          // <java Demo zzmove zfsrc zfdst path>
                          // move entry path/dir from zfsrc to zfdst
 
@@ -94,6 +100,9 @@ public class Demo {
         setmtime,        // <java Demo setmtime zipfile "MM/dd/yy-HH:mm:ss" path...>
                          // set the lastModifiedTime of entry path
 
+        setatime,        // <java Demo setatime zipfile "MM/dd/yy-HH:mm:ss" path...>
+        setctime,        // <java Demo setctime zipfile "MM/dd/yy-HH:mm:ss" path...>
+
         lsdir,           // <java Demo lsdir zipfile dir>
                          // list dir's direct child files/dirs
 
@@ -135,12 +144,14 @@ public class Demo {
 
         attrs2,          // <java Demo attrs2 zipfile file [...]>
                          // test different ways to print attrs
+
+        prof,
     }
 
     public static void main(String[] args) throws Throwable {
 
-        Action action = Action.valueOf(args[0]);;
+        Action action = Action.valueOf(args[0]);
-        Map<String, Object> env = env = new HashMap<String, Object>();
+        Map<String, Object> env = env = new HashMap<>();
         if (action == Action.create)
             env.put("createNew", true);
         if (action == Action.tlist || action == Action.twalk)
@@ -185,6 +196,16 @@ public class Demo {
                 dst = fs.getPath(args[3]);
                 src.copyTo(dst);
                 break;
+            case copyin_attrs:
+                src = Paths.get(args[2]);
+                dst = fs.getPath(args[3]);
+                src.copyTo(dst, COPY_ATTRIBUTES);
+                break;
+            case copyout_attrs:
+                src = fs.getPath(args[2]);
+                dst = Paths.get(args[3]);
+                src.copyTo(dst, COPY_ATTRIBUTES);
+                break;
             case zzmove:
                 fs2 = FileSystems.newFileSystem(
                     URI.create("zip" + Paths.get(args[2]).toUri().toString().substring(4)),
@@ -206,6 +227,7 @@ public class Demo {
             case attrs:
                 for (int i = 2; i < args.length; i++) {
                     path = fs.getPath(args[i]);
+                    System.out.println(path);
                     System.out.println(
                         Attributes.readBasicFileAttributes(path).toString());
                 }
@@ -221,6 +243,28 @@ public class Demo {
                         Attributes.readBasicFileAttributes(path).toString());
                 }
                 break;
+            case setctime:
+                df = new SimpleDateFormat("MM/dd/yyyy-HH:mm:ss");
+                newDatetime = df.parse(args[2]);
+                for (int i = 3; i < args.length; i++) {
+                    path = fs.getPath(args[i]);
+                    path.setAttribute("creationTime",
+                                      FileTime.fromMillis(newDatetime.getTime()));
+                    System.out.println(
+                        Attributes.readBasicFileAttributes(path).toString());
+                }
+                break;
+            case setatime:
+                df = new SimpleDateFormat("MM/dd/yyyy-HH:mm:ss");
+                newDatetime = df.parse(args[2]);
+                for (int i = 3; i < args.length; i++) {
+                    path = fs.getPath(args[i]);
+                    path.setAttribute("lastAccessTime",
+                                      FileTime.fromMillis(newDatetime.getTime()));
+                    System.out.println(
+                        Attributes.readBasicFileAttributes(path).toString());
+                }
+                break;
             case attrsspace:
                 path = fs.getPath("/");
                 FileStore fstore = path.getFileStore();
@@ -293,6 +337,7 @@ public class Demo {
             case attrs2:
                 for (int i = 2; i < args.length; i++) {
                     path = fs.getPath(args[i]);
+                    System.out.printf("%n%s%n", path);
                     System.out.println("-------(1)---------");
                     System.out.println(
                         Attributes.readBasicFileAttributes(path).toString());
@@ -308,6 +353,13 @@ public class Demo {
                     }
                 }
                 break;
+            case prof:
+                list(fs.getPath("/"), false);
+                while (true) {
+                    Thread.sleep(10000);
+                    //list(fs.getPath("/"), true);
+                    System.out.println("sleeping...");
+                }
             }
         } catch (Exception x) {
             x.printStackTrace();
@@ -501,10 +553,11 @@ public class Demo {
     }
 
     private static void list(Path path, boolean verbose ) throws IOException {
-        if (verbose)
+        if (!"/".equals(path.toString())) {
-            System.out.println(Attributes.readBasicFileAttributes(path).toString());
+           System.out.printf("  %s%n", path.toString());
-        else
+           if (verbose)
-            System.out.printf("  %s%n", path.toString());
+                System.out.println(Attributes.readBasicFileAttributes(path).toString());
+        }
         if (path.notExists())
             return;
         if (Attributes.readBasicFileAttributes(path).isDirectory()) {

jdk/src/share/demo/nio/zipfs/README.txt

@@ -2,7 +2,7 @@ ZipFileSystem is a file system provider that treats the contents of a zip or
 JAR file as a java.nio.file.FileSystem.
 
 To deploy the provider you must copy zipfs.jar into your extensions
-directory or else add <JDK_HOME>/demo/nio/ZipFileSystem/zipfs.jar
+directory or else add <JDK_HOME>/demo/nio/zipfs/zipfs.jar
 to your class path.
 
 The factory methods defined by the java.nio.file.FileSystems class can be
@@ -10,8 +10,8 @@ used to create a FileSystem, eg:
 
    // use file type detection
    Map<String,?> env = Collections.emptyMap();
-   Path jarfile = Path.get("foo.jar");
+   Path jarfile = Paths.get("foo.jar");
-   FileSystem fs = FileSystems.newFileSystem(jarfile, env);
+   FileSystem fs = FileSystems.newFileSystem(jarfile, env, null);
 
 -or
 

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/JarFileSystemProvider.java

@@ -68,4 +68,21 @@ public class JarFileSystemProvider extends ZipFileSystemProvider
             throw new AssertionError(e); //never thrown
         }
     }
+
+    @Override
+    public Path getPath(URI uri) {
+        FileSystem fs = getFileSystem(uri);
+        String path = uri.getFragment();
+        if (path == null) {
+            String uristr = uri.toString();
+            int off = uristr.indexOf("!/");
+            if (off != -1)
+                path = uristr.substring(off + 2);
+        }
+        if (path != null)
+            return fs.getPath(path);
+        throw new IllegalArgumentException("URI: "
+            + uri
+            + " does not contain path fragment ex. jar:///c:/foo.zip!/BAR");
+    }
 }

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipConstants.java

@@ -31,7 +31,6 @@
 
 package com.sun.nio.zipfs;
 
-import java.nio.ByteBuffer;
 
 /**
  *
@@ -48,6 +47,7 @@ class ZipConstants {
     static final int METHOD_BZIP2      = 12;
     static final int METHOD_LZMA       = 14;
     static final int METHOD_LZ77       = 19;
+    static final int METHOD_AES        = 99;
 
     /*
      * General purpose big flag
@@ -168,7 +168,8 @@ class ZipConstants {
     static final int  EXTID_ZIP64 = 0x0001;      // ZIP64
     static final int  EXTID_NTFS  = 0x000a;      // NTFS
     static final int  EXTID_UNIX  = 0x000d;      // UNIX
-
+    static final int  EXTID_EFS   = 0x0017;      // Strong Encryption
+    static final int  EXTID_EXTT  = 0x5455;      // Info-ZIP Extended Timestamp
 
     /*
      * fields access methods
@@ -226,34 +227,23 @@ class ZipConstants {
     static final long ZIP64_ENDOFF(byte[] b) { return LL(b, 48);}  // central directory offset
     static final long ZIP64_LOCOFF(byte[] b) { return LL(b, 8);}   // zip64 end offset
 
-    //////////////////////////////////////////
+    // central directory header (CEN) fields
-    static final int CH(ByteBuffer b, int pos) {
+    static final long CENSIG(byte[] b, int pos) { return LG(b, pos + 0); }
-       return b.get(pos) & 0xff;
+    static final int  CENVEM(byte[] b, int pos) { return SH(b, pos + 4); }
-    }
+    static final int  CENVER(byte[] b, int pos) { return SH(b, pos + 6); }
-    static final int SH(ByteBuffer b, int pos) {
+    static final int  CENFLG(byte[] b, int pos) { return SH(b, pos + 8); }
-        return b.getShort(pos) & 0xffff;
+    static final int  CENHOW(byte[] b, int pos) { return SH(b, pos + 10);}
-    }
+    static final long CENTIM(byte[] b, int pos) { return LG(b, pos + 12);}
-    static final long LG(ByteBuffer b, int pos) {
+    static final long CENCRC(byte[] b, int pos) { return LG(b, pos + 16);}
-        return b.getInt(pos) & 0xffffffffL;
+    static final long CENSIZ(byte[] b, int pos) { return LG(b, pos + 20);}
-    }
+    static final long CENLEN(byte[] b, int pos) { return LG(b, pos + 24);}
-
+    static final int  CENNAM(byte[] b, int pos) { return SH(b, pos + 28);}
-    // central directory header (END) fields
+    static final int  CENEXT(byte[] b, int pos) { return SH(b, pos + 30);}
-    static final long CENSIG(ByteBuffer b, int pos) { return LG(b, pos + 0); }
+    static final int  CENCOM(byte[] b, int pos) { return SH(b, pos + 32);}
-    static final int  CENVEM(ByteBuffer b, int pos) { return SH(b, pos + 4); }
+    static final int  CENDSK(byte[] b, int pos) { return SH(b, pos + 34);}
-    static final int  CENVER(ByteBuffer b, int pos) { return SH(b, pos + 6); }
+    static final int  CENATT(byte[] b, int pos) { return SH(b, pos + 36);}
-    static final int  CENFLG(ByteBuffer b, int pos) { return SH(b, pos + 8); }
+    static final long CENATX(byte[] b, int pos) { return LG(b, pos + 38);}
-    static final int  CENHOW(ByteBuffer b, int pos) { return SH(b, pos + 10);}
+    static final long CENOFF(byte[] b, int pos) { return LG(b, pos + 42);}
-    static final long CENTIM(ByteBuffer b, int pos) { return LG(b, pos + 12);}
-    static final long CENCRC(ByteBuffer b, int pos) { return LG(b, pos + 16);}
-    static final long CENSIZ(ByteBuffer b, int pos) { return LG(b, pos + 20);}
-    static final long CENLEN(ByteBuffer b, int pos) { return LG(b, pos + 24);}
-    static final int  CENNAM(ByteBuffer b, int pos) { return SH(b, pos + 28);}
-    static final int  CENEXT(ByteBuffer b, int pos) { return SH(b, pos + 30);}
-    static final int  CENCOM(ByteBuffer b, int pos) { return SH(b, pos + 32);}
-    static final int  CENDSK(ByteBuffer b, int pos) { return SH(b, pos + 34);}
-    static final int  CENATT(ByteBuffer b, int pos) { return SH(b, pos + 36);}
-    static final long CENATX(ByteBuffer b, int pos) { return LG(b, pos + 38);}
-    static final long CENOFF(ByteBuffer b, int pos) { return LG(b, pos + 42);}
 
     /* The END header is followed by a variable length comment of size < 64k. */
     static final long END_MAXLEN = 0xFFFF + ENDHDR;

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipDirectoryStream.java

@@ -38,7 +38,6 @@ import java.nio.file.Path;
 import java.util.Iterator;
 import java.util.NoSuchElementException;
 import java.io.IOException;
-import static com.sun.nio.zipfs.ZipUtils.*;
 
 /**
  *
@@ -77,7 +76,7 @@ public class ZipDirectoryStream implements DirectoryStream<Path> {
         } catch (IOException e) {
             throw new IllegalStateException(e);
         }
-        return new Iterator<Path>() {
+        return new Iterator<>() {
             private Path next;
             @Override
             public boolean hasNext() {

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipFileAttributeView.java

@@ -32,7 +32,6 @@
 
 package com.sun.nio.zipfs;
 
-import java.nio.file.ReadOnlyFileSystemException;
 import java.nio.file.attribute.BasicFileAttributeView;
 import java.nio.file.attribute.FileAttributeView;
 import java.nio.file.attribute.FileTime;
@@ -113,6 +112,10 @@ public class ZipFileAttributeView implements BasicFileAttributeView
         try {
             if (AttrID.valueOf(attribute) == AttrID.lastModifiedTime)
                 setTimes ((FileTime)value, null, null);
+            if (AttrID.valueOf(attribute) == AttrID.lastAccessTime)
+                setTimes (null, (FileTime)value, null);
+            if (AttrID.valueOf(attribute) == AttrID.creationTime)
+                setTimes (null, null, (FileTime)value);
             return;
         } catch (IllegalArgumentException x) {}
         throw new UnsupportedOperationException("'" + attribute +

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipFileAttributes.java

@@ -56,7 +56,7 @@ public class ZipFileAttributes implements BasicFileAttributes
     @Override
     public FileTime creationTime() {
         if (e.ctime != -1)
-            return FileTime.fromMillis(dosToJavaTime(e.ctime));
+            return FileTime.fromMillis(e.ctime);
         return null;
     }
 
@@ -78,13 +78,13 @@ public class ZipFileAttributes implements BasicFileAttributes
     @Override
     public FileTime lastAccessTime() {
         if (e.atime != -1)
-            return FileTime.fromMillis(dosToJavaTime(e.atime));
+            return FileTime.fromMillis(e.atime);
         return null;
     }
 
     @Override
     public FileTime lastModifiedTime() {
-        return FileTime.fromMillis(dosToJavaTime(e.mtime));
+        return FileTime.fromMillis(e.mtime);
     }
 
     @Override
@@ -103,10 +103,6 @@ public class ZipFileAttributes implements BasicFileAttributes
     }
 
     ///////// zip entry attributes ///////////
-    public byte[] name() {
-        return Arrays.copyOf(e.name, e.name.length);
-    }
-
     public long compressedSize() {
         return e.csize;
     }
@@ -132,10 +128,13 @@ public class ZipFileAttributes implements BasicFileAttributes
     }
 
     public String toString() {
-        StringBuilder sb = new StringBuilder();
+        StringBuilder sb = new StringBuilder(1024);
         Formatter fm = new Formatter(sb);
-        fm.format("[/%s]%n", new String(e.name));  // TBD encoding
+        if (creationTime() != null)
-        fm.format("    creationTime    : %s%n", creationTime());
+            fm.format("    creationTime    : %tc%n", creationTime().toMillis());
+        else
+            fm.format("    creationTime    : null%n");
+
         if (lastAccessTime() != null)
             fm.format("    lastAccessTime  : %tc%n", lastAccessTime().toMillis());
         else

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipFileSystemProvider.java

@@ -55,6 +55,8 @@ import java.util.Set;
  */
 
 public class ZipFileSystemProvider extends FileSystemProvider {
+
+
     private final Map<Path, ZipFileSystem> filesystems = new HashMap<>();
 
     public ZipFileSystemProvider() {}
@@ -101,10 +103,16 @@ public class ZipFileSystemProvider extends FileSystemProvider {
         throws IOException
     {
         synchronized(filesystems) {
-            if (filesystems.containsKey(path))
+            Path realPath = null;
-                throw new FileSystemAlreadyExistsException();
+            if (path.exists()) {
+                realPath = path.toRealPath(true);
+                if (filesystems.containsKey(realPath))
+                    throw new FileSystemAlreadyExistsException();
+            }
             ZipFileSystem zipfs = new ZipFileSystem(this, path, env);
-            filesystems.put(path, zipfs);
+            if (realPath == null)
+                realPath = path.toRealPath(true);
+            filesystems.put(realPath, zipfs);
             return zipfs;
         }
     }
@@ -137,16 +145,21 @@ public class ZipFileSystemProvider extends FileSystemProvider {
     @Override
     public FileSystem getFileSystem(URI uri) {
         synchronized (filesystems) {
-            ZipFileSystem zipfs = filesystems.get(uriToPath(uri));
+            ZipFileSystem zipfs = null;
+            try {
+                zipfs = filesystems.get(uriToPath(uri).toRealPath(true));
+            } catch (IOException x) {
+                // ignore the ioe from toRealPath(), return FSNFE
+            }
             if (zipfs == null)
                 throw new FileSystemNotFoundException();
             return zipfs;
         }
     }
 
-    void removeFileSystem(Path zfpath) {
+    void removeFileSystem(Path zfpath) throws IOException {
         synchronized (filesystems) {
-            filesystems.remove(zfpath);
+            filesystems.remove(zfpath.toRealPath(true));
         }
     }
 }

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipInfo.java

@@ -31,7 +31,6 @@
 
 package com.sun.nio.zipfs;
 
-import java.io.PrintStream;
 import java.nio.file.Paths;
 import java.util.Collections;
 import java.util.Iterator;
@@ -41,7 +40,7 @@ import static com.sun.nio.zipfs.ZipConstants.*;
 import static com.sun.nio.zipfs.ZipUtils.*;
 
 /**
- * Print the loc and cen tables of the ZIP file
+ * Print all loc and cen headers of the ZIP file
  *
  * @author  Xueming Shen
  */
@@ -49,34 +48,38 @@ import static com.sun.nio.zipfs.ZipUtils.*;
 public class ZipInfo {
 
     public static void main(String[] args) throws Throwable {
-        if (args.length < 2) {
+        if (args.length < 1) {
-            print("Usage: java ZipInfo [cen|loc] zfname");
+            print("Usage: java ZipInfo zfname");
         } else {
             Map<String, ?> env = Collections.emptyMap();
             ZipFileSystem zfs = (ZipFileSystem)(new ZipFileSystemProvider()
-                                    .newFileSystem(Paths.get(args[1]), env));
+                                    .newFileSystem(Paths.get(args[0]), env));
+            byte[] cen = zfs.cen;
+            if (cen == null) {
+                print("zip file is empty%n");
+                return;
+            }
+            int    pos = 0;
+            byte[] buf = new byte[1024];
+            int    no = 1;
+            while (pos + CENHDR < cen.length) {
+                print("----------------#%d--------------------%n", no++);
+                printCEN(cen, pos);
 
-            long pos = 0;
+                // use size CENHDR as the extra bytes to read, just in case the
-
+                // loc.extra is bigger than the cen.extra, try to avoid to read
-            if ("loc".equals(args[0])) {
+                // twice
-                print("[Local File Header]%n");
+                long len = LOCHDR + CENNAM(cen, pos) + CENEXT(cen, pos) + CENHDR;
-                byte[] buf = new byte[1024];
+                if (zfs.readFullyAt(buf, 0, len, locoff(cen, pos)) != len)
-                for (int i = 0; i < zfs.getEntryNames().length; i++) {
+                    zfs.zerror("read loc header failed");
-                    Entry loc = Entry.readLOC(zfs, pos, buf);
+                if (LOCEXT(buf) > CENEXT(cen, pos) + CENHDR) {
-                    print("--------loc[%x]--------%n", pos);
+                    // have to read the second time;
-                    printLOC(loc);
+                    len = LOCHDR + LOCNAM(buf) + LOCEXT(buf);
-                    pos = loc.endPos;
+                    if (zfs.readFullyAt(buf, 0, len, locoff(cen, pos)) != len)
-                }
+                        zfs.zerror("read loc header failed");
-            } if ("cen".equals(args[0])) {
-                int i = 0;
-                Iterator<ZipFileSystem.IndexNode> itr = zfs.inodes.values().iterator();
-                print("[Central Directory Header]%n");
-                while (itr.hasNext()) {
-                    Entry cen = Entry.readCEN(zfs.cen, itr.next().pos);
-                    print("--------cen[%d]--------%n", i);
-                    printCEN(cen);
-                    i++;
                 }
+                printLOC(buf);
+                pos += CENHDR + CENNAM(cen, pos) + CENEXT(cen, pos) + CENCOM(cen, pos);
             }
             zfs.close();
         }
@@ -86,47 +89,135 @@ public class ZipInfo {
         System.out.printf(fmt, objs);
     }
 
-    static void printLOC(Entry loc) {
+    static void printLOC(byte[] loc) {
-        print("  [%x, %x]%n", loc.startPos, loc.endPos);
+        print("%n");
-        print("  Signature   :     %8x%n", LOCSIG);
+        print("[Local File Header]%n");
-        print("  Version     :         %4x    [%d.%d]%n",
+        print("    Signature   :   %#010x%n", LOCSIG(loc));
-                  loc.version, loc. version/10, loc. version%10);
+        if (LOCSIG(loc) != LOCSIG) {
-        print("  Flag        :         %4x%n", loc.flag);
+           print("    Wrong signature!");
-        print("  Method      :         %4x%n", loc. method);
+           return;
-        print("  LastMTime   :     %8x    [%tc]%n",
+        }
-                  loc.mtime, dosToJavaTime(loc.mtime));
+        print("    Version     :       %#6x    [%d.%d]%n",
-        print("  CRC         :     %8x%n", loc.crc);
+                  LOCVER(loc), LOCVER(loc) / 10, LOCVER(loc) % 10);
-        print("  CSize       :     %8x%n", loc.csize);
+        print("    Flag        :       %#6x%n", LOCFLG(loc));
-        print("  Size        :     %8x%n", loc.size);
+        print("    Method      :       %#6x%n", LOCHOW(loc));
-        print("  NameLength  :         %4x    [%s]%n",
+        print("    LastMTime   :   %#10x    [%tc]%n",
-                  loc.nlen, new String(loc.name));
+              LOCTIM(loc), dosToJavaTime(LOCTIM(loc)));
-        print("  ExtraLength :         %4x%n", loc.elen);
+        print("    CRC         :   %#10x%n", LOCCRC(loc));
-        if (loc.hasZip64)
+        print("    CSize       :   %#10x%n", LOCSIZ(loc));
-            print(" *ZIP64*%n");
+        print("    Size        :   %#10x%n", LOCLEN(loc));
+        print("    NameLength  :       %#6x    [%s]%n",
+                  LOCNAM(loc), new String(loc, LOCHDR, LOCNAM(loc)));
+        print("    ExtraLength :       %#6x%n", LOCEXT(loc));
+        if (LOCEXT(loc) != 0)
+            printExtra(loc, LOCHDR + LOCNAM(loc), LOCEXT(loc));
     }
 
-    static void printCEN(Entry cen) {
+    static void printCEN(byte[] cen, int off) {
-        print("  Signature   :     %08x%n", CENSIG);
+        print("[Central Directory Header]%n");
-        print("  VerMadeby   :         %4x    [%d.%d]%n",
+        print("    Signature   :   %#010x%n", CENSIG(cen, off));
-                  cen.versionMade, cen.versionMade/10, cen.versionMade%10);
+        if (CENSIG(cen, off) != CENSIG) {
-        print("  VerExtract  :         %4x    [%d.%d]%n",
+           print("    Wrong signature!");
-                  cen.version, cen.version/10, cen.version%10);
+           return;
-        print("  Flag        :         %4x%n", cen.flag);
+        }
-        print("  Method      :         %4x%n", cen.method);
+        print("    VerMadeby   :       %#6x    [%d, %d.%d]%n",
-        print("  LastMTime   :     %8x    [%tc]%n",
+              CENVEM(cen, off), (CENVEM(cen, off) >> 8),
-                  cen.mtime, dosToJavaTime(cen.mtime));
+              (CENVEM(cen, off) & 0xff) / 10,
-        print("  CRC         :     %8x%n", cen.crc);
+              (CENVEM(cen, off) & 0xff) % 10);
-        print("  CSize       :     %8x%n", cen.csize);
+        print("    VerExtract  :       %#6x    [%d.%d]%n",
-        print("  Size        :     %8x%n", cen.size);
+              CENVER(cen, off), CENVER(cen, off) / 10, CENVER(cen, off) % 10);
-        print("  NameLen     :         %4x    [%s]%n",
+        print("    Flag        :       %#6x%n", CENFLG(cen, off));
-                  cen.nlen, new String(cen.name));
+        print("    Method      :       %#6x%n", CENHOW(cen, off));
-        print("  ExtraLen    :         %4x%n", cen.elen);
+        print("    LastMTime   :   %#10x    [%tc]%n",
-        print("  CommentLen  :         %4x%n", cen.clen);
+              CENTIM(cen, off), dosToJavaTime(CENTIM(cen, off)));
-        print("  DiskStart   :         %4x%n", cen.disk);
+        print("    CRC         :   %#10x%n", CENCRC(cen, off));
-        print("  Attrs       :         %4x%n", cen.attrs);
+        print("    CSize       :   %#10x%n", CENSIZ(cen, off));
-        print("  AttrsEx     :     %8x%n", cen.attrsEx);
+        print("    Size        :   %#10x%n", CENLEN(cen, off));
-        print("  LocOff      :     %8x%n", cen.locoff);
+        print("    NameLen     :       %#6x    [%s]%n",
-        if (cen.hasZip64)
+              CENNAM(cen, off), new String(cen, off + CENHDR, CENNAM(cen, off)));
-            print(" *ZIP64*%n");
+        print("    ExtraLen    :       %#6x%n", CENEXT(cen, off));
+        if (CENEXT(cen, off) != 0)
+            printExtra(cen, off + CENHDR + CENNAM(cen, off), CENEXT(cen, off));
+        print("    CommentLen  :       %#6x%n", CENCOM(cen, off));
+        print("    DiskStart   :       %#6x%n", CENDSK(cen, off));
+        print("    Attrs       :       %#6x%n", CENATT(cen, off));
+        print("    AttrsEx     :   %#10x%n", CENATX(cen, off));
+        print("    LocOff      :   %#10x%n", CENOFF(cen, off));
+
+    }
+
+    static long locoff(byte[] cen, int pos) {
+        long locoff = CENOFF(cen, pos);
+        if (locoff == ZIP64_MINVAL) {    //ZIP64
+            int off = pos + CENHDR + CENNAM(cen, pos);
+            int end = off + CENEXT(cen, pos);
+            while (off + 4 < end) {
+                int tag = SH(cen, off);
+                int sz = SH(cen, off + 2);
+                if (tag != EXTID_ZIP64) {
+                    off += 4 + sz;
+                    continue;
+                }
+                off += 4;
+                if (CENLEN(cen, pos) == ZIP64_MINVAL)
+                    off += 8;
+                if (CENSIZ(cen, pos) == ZIP64_MINVAL)
+                    off += 8;
+                return LL(cen, off);
+            }
+            // should never be here
+        }
+        return locoff;
+    }
+
+    static void printExtra(byte[] extra, int off, int len) {
+        int end = off + len;
+        while (off + 4 < end) {
+            int tag = SH(extra, off);
+            int sz = SH(extra, off + 2);
+            print("        [tag=0x%04x, sz=%d, data= ", tag, sz);
+            if (off + sz > end) {
+                print("    Error: Invalid extra data, beyond extra length");
+                break;
+            }
+            off += 4;
+            for (int i = 0; i < sz; i++)
+                print("%02x ", extra[off + i]);
+            print("]%n");
+            switch (tag) {
+            case EXTID_ZIP64 :
+                print("         ->ZIP64: ");
+                int pos = off;
+                while (pos + 8 <= off + sz) {
+                    print(" *0x%x ", LL(extra, pos));
+                    pos += 8;
+                }
+                print("%n");
+                break;
+            case EXTID_NTFS:
+                print("         ->PKWare NTFS%n");
+                // 4 bytes reserved
+                if (SH(extra, off + 4) !=  0x0001 || SH(extra, off + 6) !=  24)
+                    print("    Error: Invalid NTFS sub-tag or subsz");
+                print("            mtime:%tc%n",
+                      winToJavaTime(LL(extra, off + 8)));
+                print("            atime:%tc%n",
+                      winToJavaTime(LL(extra, off + 16)));
+                print("            ctime:%tc%n",
+                      winToJavaTime(LL(extra, off + 24)));
+                break;
+            case EXTID_EXTT:
+                print("         ->Inof-ZIP Extended Timestamp: flag=%x%n",extra[off]);
+                pos = off + 1 ;
+                while (pos + 4 <= off + sz) {
+                    print("            *%tc%n",
+                          unixToJavaTime(LG(extra, pos)));
+                    pos += 4;
+                }
+                break;
+            default:
+            }
+            off += sz;
+        }
     }
 }

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipPath.java

@@ -32,24 +32,19 @@
 package com.sun.nio.zipfs;
 
 import java.io.File;
-import java.io.FilterInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URI;
-import java.nio.ByteBuffer;
 import java.nio.channels.FileChannel;
 import java.nio.channels.SeekableByteChannel;
 import java.nio.file.*;
 import java.nio.file.DirectoryStream.Filter;
-import java.nio.file.spi.FileSystemProvider;
 import java.nio.file.attribute.BasicFileAttributeView;
 import java.nio.file.attribute.FileAttribute;
 import java.nio.file.attribute.FileAttributeView;
 import java.nio.file.attribute.FileTime;
 import java.util.*;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import static java.nio.file.StandardOpenOption.*;
 import static java.nio.file.StandardCopyOption.*;
 
@@ -599,7 +594,7 @@ public class ZipPath extends Path {
     }
 
     private static final DirectoryStream.Filter<Path> acceptAllFilter =
-        new DirectoryStream.Filter<Path>() {
+        new DirectoryStream.Filter<>() {
             @Override public boolean accept(Path entry) { return true; }
         };
 
@@ -625,7 +620,7 @@ public class ZipPath extends Path {
 
         // create a matcher and return a filter that uses it.
         final PathMatcher matcher = getFileSystem().getPathMatcher("glob:" + glob);
-        DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<Path>() {
+        DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<>() {
             @Override
             public boolean accept(Path entry)  {
                 return matcher.matches(entry.getName());
@@ -758,7 +753,7 @@ public class ZipPath extends Path {
 
     @Override
     public Iterator<Path> iterator() {
-        return new Iterator<Path>() {
+        return new Iterator<>() {
             private int i = 0;
 
             @Override
@@ -803,7 +798,7 @@ public class ZipPath extends Path {
     @Override
     public SeekableByteChannel newByteChannel(OpenOption... options)
             throws IOException {
-        Set<OpenOption> set = new HashSet<OpenOption>(options.length);
+        Set<OpenOption> set = new HashSet<>(options.length);
         Collections.addAll(set, options);
         return newByteChannel(set);
     }
@@ -908,7 +903,7 @@ public class ZipPath extends Path {
             if (opt == REPLACE_EXISTING)
                 replaceExisting = true;
             else if (opt == COPY_ATTRIBUTES)
-                copyAttrs = false;
+                copyAttrs = true;
         }
         // attributes of source file
         ZipFileAttributes zfas = getAttributes();
@@ -951,7 +946,9 @@ public class ZipPath extends Path {
             BasicFileAttributeView view =
                 target.getFileAttributeView(BasicFileAttributeView.class);
             try {
-                view.setTimes(zfas.lastModifiedTime(), null, null);
+                view.setTimes(zfas.lastModifiedTime(),
+                              zfas.lastAccessTime(),
+                              zfas.creationTime());
             } catch (IOException x) {
                 // rollback?
                 try {

jdk/src/share/demo/nio/zipfs/com/sun/nio/zipfs/ZipUtils.java

@@ -36,6 +36,7 @@ import java.io.OutputStream;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.regex.PatternSyntaxException;
+import java.util.concurrent.TimeUnit;
 
 /**
  *
@@ -48,7 +49,7 @@ class ZipUtils {
      * Writes a 16-bit short to the output stream in little-endian byte order.
      */
     public static void writeShort(OutputStream os, int v) throws IOException {
-        os.write((v >>> 0) & 0xff);
+        os.write(v & 0xff);
         os.write((v >>> 8) & 0xff);
     }
 
@@ -56,7 +57,7 @@ class ZipUtils {
      * Writes a 32-bit int to the output stream in little-endian byte order.
      */
     public static void writeInt(OutputStream os, long v) throws IOException {
-        os.write((int)((v >>>  0) & 0xff));
+        os.write((int)(v & 0xff));
         os.write((int)((v >>>  8) & 0xff));
         os.write((int)((v >>> 16) & 0xff));
         os.write((int)((v >>> 24) & 0xff));
@@ -66,7 +67,7 @@ class ZipUtils {
      * Writes a 64-bit int to the output stream in little-endian byte order.
      */
     public static void writeLong(OutputStream os, long v) throws IOException {
-        os.write((int)((v >>>  0) & 0xff));
+        os.write((int)(v & 0xff));
         os.write((int)((v >>>  8) & 0xff));
         os.write((int)((v >>> 16) & 0xff));
         os.write((int)((v >>> 24) & 0xff));
@@ -132,6 +133,27 @@ class ZipUtils {
                d.getSeconds() >> 1;
     }
 
+
+    // used to adjust values between Windows and java epoch
+    private static final long WINDOWS_EPOCH_IN_MICROSECONDS = -11644473600000000L;
+    public static final long winToJavaTime(long wtime) {
+        return TimeUnit.MILLISECONDS.convert(
+               wtime / 10 + WINDOWS_EPOCH_IN_MICROSECONDS, TimeUnit.MICROSECONDS);
+    }
+
+    public static final long javaToWinTime(long time) {
+        return (TimeUnit.MICROSECONDS.convert(time, TimeUnit.MILLISECONDS)
+               - WINDOWS_EPOCH_IN_MICROSECONDS) * 10;
+    }
+
+    public static final long unixToJavaTime(long utime) {
+        return TimeUnit.MILLISECONDS.convert(utime, TimeUnit.SECONDS);
+    }
+
+    public static final long javaToUnixTime(long time) {
+        return TimeUnit.SECONDS.convert(time, TimeUnit.MILLISECONDS);
+    }
+
     private static final String regexMetaChars = ".^$+{[]|()";
     private static final String globMetaChars = "\\*?[{";
     private static boolean isRegexMeta(char c) {

jdk/src/solaris/classes/sun/awt/X11/GtkFileDialogPeer.java

@@ -42,11 +42,19 @@ class GtkFileDialogPeer extends XDialogPeer implements FileDialogPeer {
 
     private FileDialog fd;
 
+    // A pointer to the native GTK FileChooser widget
+    private volatile long widget = 0L;
+
     public GtkFileDialogPeer(FileDialog fd) {
         super((Dialog) fd);
         this.fd = fd;
     }
 
+    private static native void initIDs();
+    static {
+        initIDs();
+    }
+
     private native void run(String title, int mode, String dir, String file,
             FilenameFilter filter, boolean isMultipleMode);
 

jdk/src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java

@@ -1,427 +0,0 @@
-/*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.net.www.protocol.http;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
-import java.net.PasswordAuthentication;
-import java.net.UnknownHostException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.DESKeySpec;
-
-import sun.net.www.HeaderParser;
-
-/**
- * NTLMAuthentication:
- *
- * @author Michael McMahon
- */
-
-/*
- * NTLM authentication is nominally based on the framework defined in RFC2617,
- * but differs from the standard (Basic & Digest) schemes as follows:
- *
- * 1. A complete authentication requires three request/response transactions
- *    as shown below:
- *            REQ ------------------------------->
- *            <---- 401 (signalling NTLM) --------
- *
- *            REQ (with type1 NTLM msg) --------->
- *            <---- 401 (with type 2 NTLM msg) ---
- *
- *            REQ (with type3 NTLM msg) --------->
- *            <---- OK ---------------------------
- *
- * 2. The scope of the authentication is the TCP connection (which must be kept-alive)
- *    after the type2 response is received. This means that NTLM does not work end-to-end
- *    through a proxy, rather between client and proxy, or between client and server (with no proxy)
- */
-
-class NTLMAuthentication extends AuthenticationInfo {
-    private static final long serialVersionUID = -2403849171106437142L;
-
-    private byte[] type1;
-    private byte[] type3;
-
-    private SecretKeyFactory fac;
-    private Cipher cipher;
-    private MessageDigest md4;
-    private String hostname;
-    private static String defaultDomain; /* Domain to use if not specified by user */
-
-    static {
-        defaultDomain = java.security.AccessController.doPrivileged(
-            new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
-                                                      "domain"));
-    };
-
-    static boolean supportsTransparentAuth () {
-        return false;
-    }
-
-    private void init0() {
-        type1 = new byte[256];
-        type3 = new byte[256];
-        System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,1}, 0, type1, 0, 9);
-        type1[12] = (byte) 3;
-        type1[13] = (byte) 0xb2;
-        type1[28] = (byte) 0x20;
-        System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,3}, 0, type3, 0, 9);
-        type3[12] = (byte) 0x18;
-        type3[14] = (byte) 0x18;
-        type3[20] = (byte) 0x18;
-        type3[22] = (byte) 0x18;
-        type3[32] = (byte) 0x40;
-        type3[60] = (byte) 1;
-        type3[61] = (byte) 0x82;
-
-        try {
-            hostname = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<String>() {
-                public String run() {
-                    String localhost;
-                    try {
-                        localhost = InetAddress.getLocalHost().getHostName().toUpperCase();
-                    } catch (UnknownHostException e) {
-                         localhost = "localhost";
-                    }
-                    return localhost;
-                }
-            });
-            int x = hostname.indexOf ('.');
-            if (x != -1) {
-                hostname = hostname.substring (0, x);
-            }
-            fac = SecretKeyFactory.getInstance ("DES");
-            cipher = Cipher.getInstance ("DES/ECB/NoPadding");
-            md4 = sun.security.provider.MD4.getInstance();
-        } catch (NoSuchPaddingException e) {
-            assert false;
-        } catch (NoSuchAlgorithmException e) {
-            assert false;
-        }
-    };
-
-    PasswordAuthentication pw;
-    String username;
-    String ntdomain;
-    String password;
-
-    /**
-     * Create a NTLMAuthentication:
-     * Username may be specified as domain<BACKSLASH>username in the application Authenticator.
-     * If this notation is not used, then the domain will be taken
-     * from a system property: "http.auth.ntlm.domain".
-     */
-    public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) {
-        super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
-                AuthScheme.NTLM,
-                url,
-                "");
-        init (pw);
-    }
-
-    private void init (PasswordAuthentication pw) {
-        this.pw = pw;
-        String s = pw.getUserName();
-        int i = s.indexOf ('\\');
-        if (i == -1) {
-            username = s;
-            ntdomain = defaultDomain;
-        } else {
-            ntdomain = s.substring (0, i).toUpperCase();
-            username = s.substring (i+1);
-        }
-        password = new String (pw.getPassword());
-        init0();
-    }
-
-   /**
-    * Constructor used for proxy entries
-    */
-    public NTLMAuthentication(boolean isProxy, String host, int port,
-                                PasswordAuthentication pw) {
-        super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
-                AuthScheme.NTLM,
-                host,
-                port,
-                "");
-        init (pw);
-    }
-
-    /**
-     * @return true if this authentication supports preemptive authorization
-     */
-    boolean supportsPreemptiveAuthorization() {
-        return false;
-    }
-
-    /**
-     * @return the name of the HTTP header this authentication wants set
-     */
-    String getHeaderName() {
-        if (type == SERVER_AUTHENTICATION) {
-            return "Authorization";
-        } else {
-            return "Proxy-authorization";
-        }
-    }
-
-    /**
-     * Not supported. Must use the setHeaders() method
-     */
-    String getHeaderValue(URL url, String method) {
-        throw new RuntimeException ("getHeaderValue not supported");
-    }
-
-    /**
-     * Check if the header indicates that the current auth. parameters are stale.
-     * If so, then replace the relevant field with the new value
-     * and return true. Otherwise return false.
-     * returning true means the request can be retried with the same userid/password
-     * returning false means we have to go back to the user to ask for a new
-     * username password.
-     */
-    boolean isAuthorizationStale (String header) {
-        return false; /* should not be called for ntlm */
-    }
-
-    /**
-     * Set header(s) on the given connection.
-     * @param conn The connection to apply the header(s) to
-     * @param p A source of header values for this connection, not used because
-     *          HeaderParser converts the fields to lower case, use raw instead
-     * @param raw The raw header field.
-     * @return true if all goes well, false if no headers were set.
-     */
-    synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
-
-        try {
-            String response;
-            if (raw.length() < 6) { /* NTLM<sp> */
-                response = buildType1Msg ();
-            } else {
-                String msg = raw.substring (5); /* skip NTLM<sp> */
-                response = buildType3Msg (msg);
-            }
-            conn.setAuthenticationProperty(getHeaderName(), response);
-            return true;
-        } catch (IOException e) {
-            return false;
-        } catch (GeneralSecurityException e) {
-            return false;
-        }
-    }
-
-    private void copybytes (byte[] dest, int destpos, String src, String enc) {
-        try {
-            byte[] x = src.getBytes(enc);
-            System.arraycopy (x, 0, dest, destpos, x.length);
-        } catch (UnsupportedEncodingException e) {
-            assert false;
-        }
-    }
-
-    private String buildType1Msg () {
-        int dlen = ntdomain.length();
-        type1[16]= (byte) (dlen % 256);
-        type1[17]= (byte) (dlen / 256);
-        type1[18] = type1[16];
-        type1[19] = type1[17];
-
-        int hlen = hostname.length();
-        type1[24]= (byte) (hlen % 256);
-        type1[25]= (byte) (hlen / 256);
-        type1[26] = type1[24];
-        type1[27] = type1[25];
-
-        copybytes (type1, 32, hostname, "ISO8859_1");
-        copybytes (type1, hlen+32, ntdomain, "ISO8859_1");
-        type1[20] = (byte) ((hlen+32) % 256);
-        type1[21] = (byte) ((hlen+32) / 256);
-
-        byte[] msg = new byte [32 + hlen + dlen];
-        System.arraycopy (type1, 0, msg, 0, 32 + hlen + dlen);
-        String result = "NTLM " + (new B64Encoder()).encode (msg);
-        return result;
-    }
-
-
-    /* Convert a 7 byte array to an 8 byte array (for a des key with parity)
-     * input starts at offset off
-     */
-    private byte[] makeDesKey (byte[] input, int off) {
-        int[] in = new int [input.length];
-        for (int i=0; i<in.length; i++ ) {
-            in[i] = input[i]<0 ? input[i]+256: input[i];
-        }
-        byte[] out = new byte[8];
-        out[0] = (byte)in[off+0];
-        out[1] = (byte)(((in[off+0] << 7) & 0xFF) | (in[off+1] >> 1));
-        out[2] = (byte)(((in[off+1] << 6) & 0xFF) | (in[off+2] >> 2));
-        out[3] = (byte)(((in[off+2] << 5) & 0xFF) | (in[off+3] >> 3));
-        out[4] = (byte)(((in[off+3] << 4) & 0xFF) | (in[off+4] >> 4));
-        out[5] = (byte)(((in[off+4] << 3) & 0xFF) | (in[off+5] >> 5));
-        out[6] = (byte)(((in[off+5] << 2) & 0xFF) | (in[off+6] >> 6));
-        out[7] = (byte)((in[off+6] << 1) & 0xFF);
-        return out;
-    }
-
-    private byte[] calcLMHash () throws GeneralSecurityException {
-        byte[] magic = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
-        byte[] pwb = password.toUpperCase ().getBytes();
-        byte[] pwb1 = new byte [14];
-        int len = password.length();
-        if (len > 14)
-            len = 14;
-        System.arraycopy (pwb, 0, pwb1, 0, len); /* Zero padded */
-
-        DESKeySpec dks1 = new DESKeySpec (makeDesKey (pwb1, 0));
-        DESKeySpec dks2 = new DESKeySpec (makeDesKey (pwb1, 7));
-
-        SecretKey key1 = fac.generateSecret (dks1);
-        SecretKey key2 = fac.generateSecret (dks2);
-        cipher.init (Cipher.ENCRYPT_MODE, key1);
-        byte[] out1 = cipher.doFinal (magic, 0, 8);
-        cipher.init (Cipher.ENCRYPT_MODE, key2);
-        byte[] out2 = cipher.doFinal (magic, 0, 8);
-
-        byte[] result = new byte [21];
-        System.arraycopy (out1, 0, result, 0, 8);
-        System.arraycopy (out2, 0, result, 8, 8);
-        return result;
-    }
-
-    private byte[] calcNTHash () throws GeneralSecurityException {
-        byte[] pw = null;
-        try {
-            pw = password.getBytes ("UnicodeLittleUnmarked");
-        } catch (UnsupportedEncodingException e) {
-            assert false;
-        }
-        byte[] out = md4.digest (pw);
-        byte[] result = new byte [21];
-        System.arraycopy (out, 0, result, 0, 16);
-        return result;
-    }
-
-    /* key is a 21 byte array. Split it into 3 7 byte chunks,
-     * Convert each to 8 byte DES keys, encrypt the text arg with
-     * each key and return the three results in a sequential []
-     */
-    private byte[] calcResponse (byte[] key, byte[] text)
-    throws GeneralSecurityException {
-        assert key.length == 21;
-        DESKeySpec dks1 = new DESKeySpec (makeDesKey (key, 0));
-        DESKeySpec dks2 = new DESKeySpec (makeDesKey (key, 7));
-        DESKeySpec dks3 = new DESKeySpec (makeDesKey (key, 14));
-        SecretKey key1 = fac.generateSecret (dks1);
-        SecretKey key2 = fac.generateSecret (dks2);
-        SecretKey key3 = fac.generateSecret (dks3);
-        cipher.init (Cipher.ENCRYPT_MODE, key1);
-        byte[] out1 = cipher.doFinal (text, 0, 8);
-        cipher.init (Cipher.ENCRYPT_MODE, key2);
-        byte[] out2 = cipher.doFinal (text, 0, 8);
-        cipher.init (Cipher.ENCRYPT_MODE, key3);
-        byte[] out3 = cipher.doFinal (text, 0, 8);
-        byte[] result = new byte [24];
-        System.arraycopy (out1, 0, result, 0, 8);
-        System.arraycopy (out2, 0, result, 8, 8);
-        System.arraycopy (out3, 0, result, 16, 8);
-        return result;
-    }
-
-    private String buildType3Msg (String challenge) throws GeneralSecurityException,
-                                                           IOException  {
-        /* First decode the type2 message to get the server nonce */
-        /* nonce is located at type2[24] for 8 bytes */
-
-        byte[] type2 = (new sun.misc.BASE64Decoder()).decodeBuffer (challenge);
-        byte[] nonce = new byte [8];
-        System.arraycopy (type2, 24, nonce, 0, 8);
-
-        int ulen = username.length()*2;
-        type3[36] = type3[38] = (byte) (ulen % 256);
-        type3[37] = type3[39] = (byte) (ulen / 256);
-        int dlen = ntdomain.length()*2;
-        type3[28] = type3[30] = (byte) (dlen % 256);
-        type3[29] = type3[31] = (byte) (dlen / 256);
-        int hlen = hostname.length()*2;
-        type3[44] = type3[46] = (byte) (hlen % 256);
-        type3[45] = type3[47] = (byte) (hlen / 256);
-
-        int l = 64;
-        copybytes (type3, l, ntdomain, "UnicodeLittleUnmarked");
-        type3[32] = (byte) (l % 256);
-        type3[33] = (byte) (l / 256);
-        l += dlen;
-        copybytes (type3, l, username, "UnicodeLittleUnmarked");
-        type3[40] = (byte) (l % 256);
-        type3[41] = (byte) (l / 256);
-        l += ulen;
-        copybytes (type3, l, hostname, "UnicodeLittleUnmarked");
-        type3[48] = (byte) (l % 256);
-        type3[49] = (byte) (l / 256);
-        l += hlen;
-
-        byte[] lmhash = calcLMHash();
-        byte[] lmresponse = calcResponse (lmhash, nonce);
-        byte[] nthash = calcNTHash();
-        byte[] ntresponse = calcResponse (nthash, nonce);
-        System.arraycopy (lmresponse, 0, type3, l, 24);
-        type3[16] = (byte) (l % 256);
-        type3[17] = (byte) (l / 256);
-        l += 24;
-        System.arraycopy (ntresponse, 0, type3, l, 24);
-        type3[24] = (byte) (l % 256);
-        type3[25] = (byte) (l / 256);
-        l += 24;
-        type3[56] = (byte) (l % 256);
-        type3[57] = (byte) (l / 256);
-
-        byte[] msg = new byte [l];
-        System.arraycopy (type3, 0, msg, 0, l);
-        String result = "NTLM " + (new B64Encoder()).encode (msg);
-        return result;
-    }
-
-}
-
-
-class B64Encoder extends sun.misc.BASE64Encoder {
-    /* to force it to to the entire encoding in one line */
-    protected int bytesPerLine () {
-        return 1024;
-    }
-}