Merge

2009-11-06 21:32:35 -08:00 · 2009-11-06 21:32:35 -08:00 · b7a372efca
commit b7a372efca
parent 44accdb4b7 31d05a3363
74 changed files with 4404 additions and 601 deletions
--- a/jdk/make/sun/awt/mapfile-vers
+++ b/jdk/make/sun/awt/mapfile-vers
@ -53,7 +53,6 @@ SUNWprivate_1.1 {
 		Java_sun_awt_image_GifImageDecoder_initIDs;
 		Java_sun_awt_image_GifImageDecoder_parseImage;
 		Java_sun_awt_image_ImageRepresentation_initIDs;
-		Java_sun_awt_image_ImageRepresentation_setBytePixels;
 		Java_sun_awt_image_ImageRepresentation_setDiffICM;
 		Java_sun_awt_image_ImageRepresentation_setICMpixels;
 		Java_sun_awt_image_ImagingLib_convolveBI;
--- a/jdk/make/sun/awt/mapfile-vers-linux
+++ b/jdk/make/sun/awt/mapfile-vers-linux
@ -55,7 +55,6 @@ SUNWprivate_1.1 {
 		Java_sun_awt_image_GifImageDecoder_parseImage;
 		Java_sun_awt_image_Image_initIDs;
 		Java_sun_awt_image_ImageRepresentation_initIDs;
-		Java_sun_awt_image_ImageRepresentation_setBytePixels;
 		Java_sun_awt_image_ImageRepresentation_setDiffICM;
 		Java_sun_awt_image_ImageRepresentation_setICMpixels;
 		Java_sun_awt_image_ImagingLib_convolveBI;
--- a/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java
+++ b/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java
@ -62,6 +62,8 @@ import javax.imageio.event.IIOReadWarningListener;

 import java.io.*;
 import java.nio.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.StringTokenizer;
@ -502,12 +504,18 @@ public class BMPImageReader extends ImageReader implements BMPConstants {
            iis.reset();

            try {
-                if (metadata.colorSpace == PROFILE_LINKED)
+                if (metadata.colorSpace == PROFILE_LINKED &&
+                    isLinkedProfileAllowed() &&
+                    !isUncOrDevicePath(profile))
+                {
+                    String path = new String(profile, "windows-1252");
+
                    colorSpace =
-                        new ICC_ColorSpace(ICC_Profile.getInstance(new String(profile)));
-                else
+                        new ICC_ColorSpace(ICC_Profile.getInstance(path));
+                } else {
                    colorSpace =
                        new ICC_ColorSpace(ICC_Profile.getInstance(profile));
+                }
            } catch (Exception e) {
                colorSpace = ColorSpace.getInstance(ColorSpace.CS_sRGB);
            }
@ -1745,4 +1753,69 @@ public class BMPImageReader extends ImageReader implements BMPConstants {
        public void sequenceStarted(ImageReader src, int minIndex) {}
        public void readAborted(ImageReader src) {}
    }
+
+    private static Boolean isLinkedProfileDisabled = null;
+
+    private static boolean isLinkedProfileAllowed() {
+        if (isLinkedProfileDisabled == null) {
+            PrivilegedAction<Boolean> a = new PrivilegedAction<Boolean>() {
+                public Boolean run() {
+                    return Boolean.getBoolean("sun.imageio.plugins.bmp.disableLinkedProfiles");
+                }
+            };
+            isLinkedProfileDisabled = AccessController.doPrivileged(a);
+        }
+        return !isLinkedProfileDisabled;
+    }
+
+    private static Boolean isWindowsPlatform = null;
+
+    /**
+     * Verifies whether the byte array contans a unc path.
+     * Non-UNC path examples:
+     *  c:\path\to\file  - simple notation
+     *  \\?\c:\path\to\file - long notation
+     *
+     * UNC path examples:
+     *  \\server\share - a UNC path in simple notation
+     *  \\?\UNC\server\share - a UNC path in long notation
+     *  \\.\some\device - a path to device.
+     */
+    private static boolean isUncOrDevicePath(byte[] p) {
+        if (isWindowsPlatform == null) {
+            PrivilegedAction<Boolean> a = new PrivilegedAction<Boolean>() {
+                public Boolean run() {
+                    String osname = System.getProperty("os.name");
+                    return (osname != null &&
+                            osname.toLowerCase().startsWith("win"));
+                }
+            };
+            isWindowsPlatform = AccessController.doPrivileged(a);
+        }
+
+        if (!isWindowsPlatform) {
+            /* no need for the check on platforms except windows */
+            return false;
+        }
+
+        /* normalize prefix of the path */
+        if (p[0] == '/') p[0] = '\\';
+        if (p[1] == '/') p[1] = '\\';
+        if (p[3] == '/') p[3] = '\\';
+
+
+        if ((p[0] == '\\') && (p[1] == '\\')) {
+            if ((p[2] == '?') && (p[3] == '\\')) {
+                // long path: whether unc or local
+                return ((p[4] == 'U' || p[4] == 'u') &&
+                        (p[5] == 'N' || p[5] == 'n') &&
+                        (p[6] == 'C' || p[6] == 'c'));
+            } else {
+                // device path or short unc notation
+                return true;
+            }
+        } else {
+            return false;
+        }
+    }
 }
--- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.motif;

+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.border.*;
 import javax.swing.plaf.basic.*;
@ -46,16 +48,23 @@ import javax.swing.plaf.*;
 */
 public class MotifButtonUI extends BasicButtonUI {

-    private final static MotifButtonUI motifButtonUI = new MotifButtonUI();
-
    protected Color selectColor;

    private boolean defaults_initialized = false;

+    private static final Object MOTIF_BUTTON_UI_KEY = new Object();
+
    // ********************************
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        MotifButtonUI motifButtonUI =
+                (MotifButtonUI) appContext.get(MOTIF_BUTTON_UI_KEY);
+        if (motifButtonUI == null) {
+            motifButtonUI = new MotifButtonUI();
+            appContext.put(MOTIF_BUTTON_UI_KEY, motifButtonUI);
+        }
        return motifButtonUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.motif;

+import sun.awt.AppContext;
+
 import javax.swing.*;

 import javax.swing.plaf.*;
@ -45,7 +47,7 @@ import java.awt.*;
 */
 public class MotifCheckBoxUI extends MotifRadioButtonUI {

-    private static final MotifCheckBoxUI motifCheckBoxUI = new MotifCheckBoxUI();
+    private static final Object MOTIF_CHECK_BOX_UI_KEY = new Object();

    private final static String propertyPrefix = "CheckBox" + ".";

@ -56,6 +58,13 @@ public class MotifCheckBoxUI extends MotifRadioButtonUI {
    //         Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        MotifCheckBoxUI motifCheckBoxUI =
+                (MotifCheckBoxUI) appContext.get(MOTIF_CHECK_BOX_UI_KEY);
+        if (motifCheckBoxUI == null) {
+            motifCheckBoxUI = new MotifCheckBoxUI();
+            appContext.put(MOTIF_CHECK_BOX_UI_KEY, motifCheckBoxUI);
+        }
        return motifCheckBoxUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.motif;

+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.plaf.basic.BasicLabelUI;
 import javax.swing.plaf.ComponentUI;
@ -44,9 +46,16 @@ import javax.swing.plaf.ComponentUI;
 */
 public class MotifLabelUI extends BasicLabelUI
 {
-    static MotifLabelUI sharedInstance = new MotifLabelUI();
+    private static final Object MOTIF_LABEL_UI_KEY = new Object();

    public static ComponentUI createUI(JComponent c) {
-        return sharedInstance;
+        AppContext appContext = AppContext.getAppContext();
+        MotifLabelUI motifLabelUI =
+                (MotifLabelUI) appContext.get(MOTIF_LABEL_UI_KEY);
+        if (motifLabelUI == null) {
+            motifLabelUI = new MotifLabelUI();
+            appContext.put(MOTIF_LABEL_UI_KEY, motifLabelUI);
+        }
+        return motifLabelUI;
    }
 }
--- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.motif;

+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.border.*;
 import javax.swing.plaf.basic.BasicRadioButtonUI;
@ -47,7 +49,7 @@ import java.awt.*;
 */
 public class MotifRadioButtonUI extends BasicRadioButtonUI {

-    private static final MotifRadioButtonUI motifRadioButtonUI = new MotifRadioButtonUI();
+    private static final Object MOTIF_RADIO_BUTTON_UI_KEY = new Object();

    protected Color focusColor;

@ -57,6 +59,13 @@ public class MotifRadioButtonUI extends BasicRadioButtonUI {
    //         Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        MotifRadioButtonUI motifRadioButtonUI =
+                (MotifRadioButtonUI) appContext.get(MOTIF_RADIO_BUTTON_UI_KEY);
+        if (motifRadioButtonUI == null) {
+            motifRadioButtonUI = new MotifRadioButtonUI();
+            appContext.put(MOTIF_RADIO_BUTTON_UI_KEY, motifRadioButtonUI);
+        }
        return motifRadioButtonUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.motif;

+import sun.awt.AppContext;
+
 import java.awt.*;
 import java.awt.event.*;

@ -48,7 +50,7 @@ import javax.swing.plaf.basic.*;
 */
 public class MotifToggleButtonUI extends BasicToggleButtonUI
 {
-    private final static MotifToggleButtonUI motifToggleButtonUI = new MotifToggleButtonUI();
+    private static final Object MOTIF_TOGGLE_BUTTON_UI_KEY = new Object();

    protected Color selectColor;

@ -58,6 +60,13 @@ public class MotifToggleButtonUI extends BasicToggleButtonUI
    //         Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        MotifToggleButtonUI motifToggleButtonUI =
+                (MotifToggleButtonUI) appContext.get(MOTIF_TOGGLE_BUTTON_UI_KEY);
+        if (motifToggleButtonUI == null) {
+            motifToggleButtonUI = new MotifToggleButtonUI();
+            appContext.put(MOTIF_TOGGLE_BUTTON_UI_KEY, motifToggleButtonUI);
+        }
        return motifToggleButtonUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java
@ -35,6 +35,7 @@ import java.awt.*;
 import static com.sun.java.swing.plaf.windows.TMSchema.*;
 import static com.sun.java.swing.plaf.windows.TMSchema.Part.*;
 import static com.sun.java.swing.plaf.windows.XPStyle.Skin;
+import sun.awt.AppContext;


 /**
@ -52,8 +53,6 @@ import static com.sun.java.swing.plaf.windows.XPStyle.Skin;
 */
 public class WindowsButtonUI extends BasicButtonUI
 {
-    private final static WindowsButtonUI windowsButtonUI = new WindowsButtonUI();
-
    protected int dashedRectGapX;
    protected int dashedRectGapY;
    protected int dashedRectGapWidth;
@ -63,11 +62,19 @@ public class WindowsButtonUI extends BasicButtonUI

    private boolean defaults_initialized = false;

+    private static final Object WINDOWS_BUTTON_UI_KEY = new Object();

    // ********************************
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        WindowsButtonUI windowsButtonUI =
+                (WindowsButtonUI) appContext.get(WINDOWS_BUTTON_UI_KEY);
+        if (windowsButtonUI == null) {
+            windowsButtonUI = new WindowsButtonUI();
+            appContext.put(WINDOWS_BUTTON_UI_KEY, windowsButtonUI);
+        }
        return windowsButtonUI;
    }

@ -151,7 +158,7 @@ public class WindowsButtonUI extends BasicButtonUI
     * allocating them in each paint call substantially reduced the time
     * it took paint to run.  Obviously, this method can't be re-entered.
     */
-    private static Rectangle viewRect = new Rectangle();
+    private Rectangle viewRect = new Rectangle();

    public void paint(Graphics g, JComponent c) {
        if (XPStyle.getXP() != null) {
--- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.windows;

+import sun.awt.AppContext;
+
 import javax.swing.plaf.basic.*;
 import javax.swing.*;
 import javax.swing.plaf.*;
@ -49,7 +51,7 @@ public class WindowsCheckBoxUI extends WindowsRadioButtonUI
    // of BasicCheckBoxUI because we want to pick up all the
    // painting changes made in MetalRadioButtonUI.

-    private static final WindowsCheckBoxUI windowsCheckBoxUI = new WindowsCheckBoxUI();
+    private static final Object WINDOWS_CHECK_BOX_UI_KEY = new Object();

    private final static String propertyPrefix = "CheckBox" + ".";

@ -59,6 +61,13 @@ public class WindowsCheckBoxUI extends WindowsRadioButtonUI
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        WindowsCheckBoxUI windowsCheckBoxUI =
+                (WindowsCheckBoxUI) appContext.get(WINDOWS_CHECK_BOX_UI_KEY);
+        if (windowsCheckBoxUI == null) {
+            windowsCheckBoxUI = new WindowsCheckBoxUI();
+            appContext.put(WINDOWS_CHECK_BOX_UI_KEY, windowsCheckBoxUI);
+        }
        return windowsCheckBoxUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java
@ -26,6 +26,8 @@
 package com.sun.java.swing.plaf.windows;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import java.awt.Color;
 import java.awt.Graphics;

@ -51,12 +53,19 @@ import javax.swing.plaf.basic.BasicLabelUI;
 */
 public class WindowsLabelUI extends BasicLabelUI {

-    private final static WindowsLabelUI windowsLabelUI = new WindowsLabelUI();
+    private static final Object WINDOWS_LABEL_UI_KEY = new Object();

    // ********************************
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        WindowsLabelUI windowsLabelUI =
+                (WindowsLabelUI) appContext.get(WINDOWS_LABEL_UI_KEY);
+        if (windowsLabelUI == null) {
+            windowsLabelUI = new WindowsLabelUI();
+            appContext.put(WINDOWS_LABEL_UI_KEY, windowsLabelUI);
+        }
        return windowsLabelUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.windows;

+import sun.awt.AppContext;
+
 import javax.swing.plaf.basic.*;
 import javax.swing.*;
 import javax.swing.plaf.*;
@ -44,7 +46,7 @@ import java.awt.*;
 */
 public class WindowsRadioButtonUI extends BasicRadioButtonUI
 {
-    private static final WindowsRadioButtonUI windowsRadioButtonUI = new WindowsRadioButtonUI();
+    private static final Object WINDOWS_RADIO_BUTTON_UI_KEY = new Object();

    protected int dashedRectGapX;
    protected int dashedRectGapY;
@ -59,6 +61,13 @@ public class WindowsRadioButtonUI extends BasicRadioButtonUI
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        WindowsRadioButtonUI windowsRadioButtonUI =
+                (WindowsRadioButtonUI) appContext.get(WINDOWS_RADIO_BUTTON_UI_KEY);
+        if (windowsRadioButtonUI == null) {
+            windowsRadioButtonUI = new WindowsRadioButtonUI();
+            appContext.put(WINDOWS_RADIO_BUTTON_UI_KEY, windowsRadioButtonUI);
+        }
        return windowsRadioButtonUI;
    }

--- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java
+++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java
@ -25,6 +25,8 @@

 package com.sun.java.swing.plaf.windows;

+import sun.awt.AppContext;
+
 import javax.swing.plaf.basic.*;
 import javax.swing.border.*;
 import javax.swing.plaf.*;
@ -49,18 +51,25 @@ import java.beans.PropertyChangeEvent;
 */
 public class WindowsToggleButtonUI extends BasicToggleButtonUI
 {
-    protected static int dashedRectGapX;
-    protected static int dashedRectGapY;
-    protected static int dashedRectGapWidth;
-    protected static int dashedRectGapHeight;
+    protected int dashedRectGapX;
+    protected int dashedRectGapY;
+    protected int dashedRectGapWidth;
+    protected int dashedRectGapHeight;

    protected Color focusColor;

-    private final static WindowsToggleButtonUI windowsToggleButtonUI = new WindowsToggleButtonUI();
+    private static final Object WINDOWS_TOGGLE_BUTTON_UI_KEY = new Object();

    private boolean defaults_initialized = false;

    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        WindowsToggleButtonUI windowsToggleButtonUI =
+                (WindowsToggleButtonUI) appContext.get(WINDOWS_TOGGLE_BUTTON_UI_KEY);
+        if (windowsToggleButtonUI == null) {
+            windowsToggleButtonUI = new WindowsToggleButtonUI();
+            appContext.put(WINDOWS_TOGGLE_BUTTON_UI_KEY, windowsToggleButtonUI);
+        }
        return windowsToggleButtonUI;
    }

--- a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -32,12 +32,8 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.io.InputStream;
 import java.net.Socket;
-import java.util.Vector;
-import java.util.Hashtable;

 import javax.naming.CommunicationException;
-import javax.naming.AuthenticationException;
-import javax.naming.AuthenticationNotSupportedException;
 import javax.naming.ServiceUnavailableException;
 import javax.naming.NamingException;
 import javax.naming.InterruptedNamingException;
@ -47,6 +43,8 @@ import javax.naming.ldap.Control;
 import java.lang.reflect.Method;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.util.Arrays;
+import sun.misc.IOUtils;
 //import javax.net.SocketFactory;

 /**
@ -799,7 +797,6 @@ public final class Connection implements Runnable {
        byte inbuf[];   // Buffer for reading incoming bytes
        int inMsgId;    // Message id of incoming response
        int bytesread;  // Number of bytes in inbuf
-        int bytesleft;  // Number of bytes that need to read for completing resp
        int br;         // Temp; number of bytes read from stream
        int offset;     // Offset of where to store bytes in inbuf
        int seqlen;     // Length of ASN sequence
@ -811,7 +808,7 @@ public final class Connection implements Runnable {
        try {
            while (true) {
                try {
-                    inbuf = new byte[2048];
+                    inbuf = new byte[10];

                    offset = 0;
                    seqlen = 0;
@ -871,19 +868,10 @@ public final class Connection implements Runnable {
                    }

                    // read in seqlen bytes
-                    bytesleft = seqlen;
-                    if ((offset + bytesleft) > inbuf.length) {
-                        byte nbuf[] = new byte[offset + bytesleft];
-                        System.arraycopy(inbuf, 0, nbuf, 0, offset);
-                        inbuf = nbuf;
-                    }
-                    while (bytesleft > 0) {
-                        bytesread = in.read(inbuf, offset, bytesleft);
-                        if (bytesread < 0)
-                            break; // EOF
-                        offset += bytesread;
-                        bytesleft -= bytesread;
-                    }
+                    byte[] left = IOUtils.readFully(in, seqlen, false);
+                    inbuf = Arrays.copyOf(inbuf, offset + left.length);
+                    System.arraycopy(left, 0, inbuf, offset, left.length);
+                    offset += left.length;
 /*
 if (dump > 0) {
 System.err.println("seqlen: " + seqlen);
--- a/jdk/src/share/classes/java/awt/KeyboardFocusManager.java
+++ b/jdk/src/share/classes/java/awt/KeyboardFocusManager.java
@ -53,7 +53,8 @@ import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.WeakHashMap;

-import sun.util.logging.PlatformLogger;
+import java.util.logging.Level;
+import java.util.logging.Logger;

 import sun.awt.AppContext;
 import sun.awt.HeadlessToolkit;
@ -110,7 +111,7 @@ public abstract class KeyboardFocusManager
 {

    // Shared focus engine logger
-    private static final PlatformLogger focusLog = PlatformLogger.getLogger("java.awt.focus.KeyboardFocusManager");
+    private static final Logger focusLog = Logger.getLogger("java.awt.focus.KeyboardFocusManager");

    static {
        /* ensure that the necessary native libraries are loaded */
@ -153,7 +154,7 @@ public abstract class KeyboardFocusManager
     */
    private static native void initIDs();

-    private static final PlatformLogger log = PlatformLogger.getLogger("java.awt.KeyboardFocusManager");
+    private static final Logger log = Logger.getLogger("java.awt.KeyboardFocusManager");

    /**
     * The identifier for the Forward focus traversal keys.
@ -503,8 +504,8 @@ public abstract class KeyboardFocusManager
            if (this == getCurrentKeyboardFocusManager()) {
                return focusOwner;
            } else {
-                if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(Level.FINER)) {
+                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                }
                throw new SecurityException(notPrivileged);
            }
@ -608,9 +609,9 @@ public abstract class KeyboardFocusManager
    }

    void setNativeFocusOwner(Component comp) {
-        if (focusLog.isLoggable(PlatformLogger.FINEST)) {
-            focusLog.finest("Calling peer {0} setCurrentFocusOwner for {1}",
-                            peer, comp);
+        if (focusLog.isLoggable(Level.FINEST)) {
+            focusLog.log(Level.FINEST, "Calling peer {0} setCurrentFocusOwner for {1}",
+                         new Object[] {String.valueOf(peer), String.valueOf(comp)});
        }
        peer.setCurrentFocusOwner(comp);
    }
@ -672,8 +673,8 @@ public abstract class KeyboardFocusManager
            if (this == getCurrentKeyboardFocusManager()) {
                return permanentFocusOwner;
            } else {
-                if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(Level.FINER)) {
+                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                }
                throw new SecurityException(notPrivileged);
            }
@ -780,8 +781,8 @@ public abstract class KeyboardFocusManager
            if (this == getCurrentKeyboardFocusManager()) {
               return focusedWindow;
            } else {
-                if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(Level.FINER)) {
+                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                }
                throw new SecurityException(notPrivileged);
            }
@ -884,8 +885,8 @@ public abstract class KeyboardFocusManager
            if (this == getCurrentKeyboardFocusManager()) {
               return activeWindow;
            } else {
-                if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(Level.FINER)) {
+                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                }
                throw new SecurityException(notPrivileged);
            }
@ -918,8 +919,8 @@ public abstract class KeyboardFocusManager
        Window oldActiveWindow;
        synchronized (KeyboardFocusManager.class) {
            oldActiveWindow = getActiveWindow();
-            if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                focusLog.finer("Setting global active window to " + activeWindow + ", old active " + oldActiveWindow);
+            if (focusLog.isLoggable(Level.FINER)) {
+                focusLog.log(Level.FINER, "Setting global active window to " + activeWindow + ", old active " + oldActiveWindow);
            }

            try {
@ -1214,8 +1215,8 @@ public abstract class KeyboardFocusManager
            if (this == getCurrentKeyboardFocusManager()) {
                return currentFocusCycleRoot;
            } else {
-                if (focusLog.isLoggable(PlatformLogger.FINER)) {
-                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(Level.FINER)) {
+                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                }
                throw new SecurityException(notPrivileged);
            }
@ -2148,9 +2149,9 @@ public abstract class KeyboardFocusManager

        HeavyweightFocusRequest(Component heavyweight, Component descendant,
                                boolean temporary, CausedFocusEvent.Cause cause) {
-            if (log.isLoggable(PlatformLogger.FINE)) {
+            if (log.isLoggable(Level.FINE)) {
                if (heavyweight == null) {
-                    log.fine("Assertion (heavyweight != null) failed");
+                    log.log(Level.FINE, "Assertion (heavyweight != null) failed");
                }
            }

@ -2160,12 +2161,12 @@ public abstract class KeyboardFocusManager
        }
        boolean addLightweightRequest(Component descendant,
                                      boolean temporary, CausedFocusEvent.Cause cause) {
-            if (log.isLoggable(PlatformLogger.FINE)) {
+            if (log.isLoggable(Level.FINE)) {
                if (this == HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) {
-                    log.fine("Assertion (this != HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) failed");
+                    log.log(Level.FINE, "Assertion (this != HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) failed");
                }
                if (descendant == null) {
-                    log.fine("Assertion (descendant != null) failed");
+                    log.log(Level.FINE, "Assertion (descendant != null) failed");
                }
            }

@ -2338,12 +2339,12 @@ public abstract class KeyboardFocusManager
        (Component heavyweight, Component descendant, boolean temporary,
         boolean focusedWindowChangeAllowed, long time, CausedFocusEvent.Cause cause)
    {
-        if (log.isLoggable(PlatformLogger.FINE)) {
+        if (log.isLoggable(Level.FINE)) {
            if (heavyweight == null) {
-                log.fine("Assertion (heavyweight != null) failed");
+                log.log(Level.FINE, "Assertion (heavyweight != null) failed");
            }
            if (time == 0) {
-                log.fine("Assertion (time != 0) failed");
+                log.log(Level.FINE, "Assertion (time != 0) failed");
            }
        }

@ -2360,31 +2361,31 @@ public abstract class KeyboardFocusManager
        Component currentFocusOwner = thisManager.getGlobalFocusOwner();
        Component nativeFocusOwner = thisManager.getNativeFocusOwner();
        Window nativeFocusedWindow = thisManager.getNativeFocusedWindow();
-        if (focusLog.isLoggable(PlatformLogger.FINER)) {
-            focusLog.finer("SNFH for {0} in {1}",
-                           descendant, heavyweight);
+        if (focusLog.isLoggable(Level.FINER)) {
+            focusLog.log(Level.FINER, "SNFH for {0} in {1}",
+                         new Object[] {String.valueOf(descendant), String.valueOf(heavyweight)});
        }
-        if (focusLog.isLoggable(PlatformLogger.FINEST)) {
-            focusLog.finest("0. Current focus owner {0}",
-                            currentFocusOwner);
-            focusLog.finest("0. Native focus owner {0}",
-                            nativeFocusOwner);
-            focusLog.finest("0. Native focused window {0}",
-                            nativeFocusedWindow);
+        if (focusLog.isLoggable(Level.FINEST)) {
+            focusLog.log(Level.FINEST, "0. Current focus owner {0}",
+                         String.valueOf(currentFocusOwner));
+            focusLog.log(Level.FINEST, "0. Native focus owner {0}",
+                         String.valueOf(nativeFocusOwner));
+            focusLog.log(Level.FINEST, "0. Native focused window {0}",
+                         String.valueOf(nativeFocusedWindow));
        }
        synchronized (heavyweightRequests) {
            HeavyweightFocusRequest hwFocusRequest = getLastHWRequest();
-            if (focusLog.isLoggable(PlatformLogger.FINEST)) {
-                focusLog.finest("Request {0}", hwFocusRequest);
+            if (focusLog.isLoggable(Level.FINEST)) {
+                focusLog.log(Level.FINEST, "Request {0}", String.valueOf(hwFocusRequest));
            }
            if (hwFocusRequest == null &&
                heavyweight == nativeFocusOwner)
            {
                if (descendant == currentFocusOwner) {
                    // Redundant request.
-                    if (focusLog.isLoggable(PlatformLogger.FINEST))
-                        focusLog.finest("1. SNFH_FAILURE for {0}",
-                                        descendant);
+                    if (focusLog.isLoggable(Level.FINEST))
+                        focusLog.log(Level.FINEST, "1. SNFH_FAILURE for {0}",
+                                     String.valueOf(descendant));
                    return SNFH_FAILURE;
                }

@ -2416,8 +2417,8 @@ public abstract class KeyboardFocusManager
                // SunToolkit.postPriorityEvent(newFocusOwnerEvent);
                SunToolkit.postEvent(descendant.appContext, newFocusOwnerEvent);

-                if (focusLog.isLoggable(PlatformLogger.FINEST))
-                    focusLog.finest("2. SNFH_HANDLED for {0}", descendant);
+                if (focusLog.isLoggable(Level.FINEST))
+                    focusLog.log(Level.FINEST, "2. SNFH_HANDLED for {0}", String.valueOf(descendant));
                return SNFH_SUCCESS_HANDLED;
            } else if (hwFocusRequest != null &&
                       hwFocusRequest.heavyweight == heavyweight) {
@ -2430,7 +2431,7 @@ public abstract class KeyboardFocusManager
                    manager.enqueueKeyEvents(time, descendant);
                }

-                if (focusLog.isLoggable(PlatformLogger.FINEST))
+                if (focusLog.isLoggable(Level.FINEST))
                    focusLog.finest("3. SNFH_HANDLED for lightweight" +
                                    descendant + " in " + heavyweight);
                return SNFH_SUCCESS_HANDLED;
@ -2453,7 +2454,7 @@ public abstract class KeyboardFocusManager
                                             (hwFocusRequest != null)
                                             ? hwFocusRequest.heavyweight
                                             : nativeFocusedWindow)) {
-                        if (focusLog.isLoggable(PlatformLogger.FINEST))
+                        if (focusLog.isLoggable(Level.FINEST))
                            focusLog.finest("4. SNFH_FAILURE for " + descendant);
                        return SNFH_FAILURE;
                    }
@ -2463,7 +2464,7 @@ public abstract class KeyboardFocusManager
                heavyweightRequests.add
                    (new HeavyweightFocusRequest(heavyweight, descendant,
                                                 temporary, cause));
-                if (focusLog.isLoggable(PlatformLogger.FINEST))
+                if (focusLog.isLoggable(Level.FINEST))
                    focusLog.finest("5. SNFH_PROCEED for " + descendant);
                return SNFH_SUCCESS_PROCEED;
            }
@ -2854,13 +2855,14 @@ public abstract class KeyboardFocusManager
        }

        KeyboardFocusManager manager = getCurrentKeyboardFocusManager();
-        if (focusLog.isLoggable(PlatformLogger.FINER)) {
+        if (focusLog.isLoggable(Level.FINER)) {
            if (event instanceof FocusEvent || event instanceof WindowEvent) {
-                focusLog.finer(">>> {0}", event);
+                focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)});
            }
-            if (focusLog.isLoggable(PlatformLogger.FINER) && event instanceof KeyEvent) {
-                focusLog.finer("    focus owner is {0}", manager.getGlobalFocusOwner());
-                focusLog.finer(">>> {0}", event);
+            if (focusLog.isLoggable(Level.FINER) && event instanceof KeyEvent) {
+                focusLog.log(Level.FINER, "    focus owner is {0}",
+                                          new Object[] {String.valueOf(manager.getGlobalFocusOwner())});
+                focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)});
            }
        }

@ -2944,9 +2946,9 @@ public abstract class KeyboardFocusManager
        }
    }
    static void removeLastFocusRequest(Component heavyweight) {
-        if (log.isLoggable(PlatformLogger.FINE)) {
+        if (log.isLoggable(Level.FINE)) {
            if (heavyweight == null) {
-                log.fine("Assertion (heavyweight != null) failed");
+                log.log(Level.FINE, "Assertion (heavyweight != null) failed");
            }
        }

--- a/jdk/src/share/classes/java/awt/color/ICC_Profile.java
+++ b/jdk/src/share/classes/java/awt/color/ICC_Profile.java
@ -865,7 +865,9 @@ public class ICC_Profile implements Serializable {
        case ColorSpace.CS_PYCC:
            synchronized(ICC_Profile.class) {
                if (PYCCprofile == null) {
-                    if (getProfileFile("PYCC.pf") != null) {
+                    if (!sun.jkernel.DownloadManager.isJREComplete() ||
+                        standardProfileExists("PYCC.pf"))
+                    {
                        ProfileDeferralInfo pInfo =
                            new ProfileDeferralInfo("PYCC.pf",
                                                    ColorSpace.TYPE_3CLR, 3,
@ -964,14 +966,14 @@ public class ICC_Profile implements Serializable {
     */
    public static ICC_Profile getInstance(String fileName) throws IOException {
        ICC_Profile thisProfile;
-    FileInputStream fis;
+        FileInputStream fis = null;

-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkRead(fileName);
+
+        File f = getProfileFile(fileName);
+        if (f != null) {
+            fis = new FileInputStream(f);
        }
-
-        if ((fis = openProfile(fileName)) == null) {
+        if (fis == null) {
            throw new IOException("Cannot open file " + fileName);
        }

@ -1083,11 +1085,22 @@ public class ICC_Profile implements Serializable {
    void activateDeferredProfile() throws ProfileDataException {
        byte profileData[];
        FileInputStream fis;
-        String fileName = deferralInfo.filename;
+        final String fileName = deferralInfo.filename;

        profileActivator = null;
        deferralInfo = null;
-        if ((fis = openProfile(fileName)) == null) {
+        PrivilegedAction<FileInputStream> pa = new PrivilegedAction<FileInputStream>() {
+            public FileInputStream run() {
+                File f = getStandardProfileFile(fileName);
+                if (f != null) {
+                    try {
+                        return new FileInputStream(f);
+                    } catch (FileNotFoundException e) {}
+                }
+                return null;
+            }
+        };
+        if ((fis = AccessController.doPrivileged(pa)) == null) {
            throw new ProfileDataException("Cannot open file " + fileName);
        }
        try {
@ -1786,59 +1799,36 @@ public class ICC_Profile implements Serializable {
     * available, such as a profile for sRGB.  Built-in profiles use .pf as
     * the file name extension for profiles, e.g. sRGB.pf.
     */
-    private static FileInputStream openProfile(final String fileName) {
-        return (FileInputStream)java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction() {
-            public Object run() {
-                File f = privilegedGetProfileFile(fileName);
-                if (f != null) {
-                    try {
-                        return new FileInputStream(f);
-                    } catch (FileNotFoundException e) {
-                    }
-                }
-                return null;
-            }
-        });
-    }
-
-    private static File getProfileFile(final String fileName) {
-        return (File)java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction() {
-            public Object run() {
-                return privilegedGetProfileFile(fileName);
-            }
-        });
-    }
-
-    /*
-     * this version is called from doPrivileged in openProfile
-     * or getProfileFile, so the whole method is privileged!
-     */
-
-    private static File privilegedGetProfileFile(String fileName) {
+    private static File getProfileFile(String fileName) {
        String path, dir, fullPath;

        File f = new File(fileName); /* try absolute file name */
-
+        if (f.isAbsolute()) {
+            /* Rest of code has little sense for an absolute pathname,
+               so return here. */
+            return f.isFile() ? f : null;
+        }
        if ((!f.isFile()) &&
                ((path = System.getProperty("java.iccprofile.path")) != null)){
                                    /* try relative to java.iccprofile.path */
                StringTokenizer st =
                    new StringTokenizer(path, File.pathSeparator);
-                while (st.hasMoreTokens() && (!f.isFile())) {
+                while (st.hasMoreTokens() && ((f == null) || (!f.isFile()))) {
                    dir = st.nextToken();
                        fullPath = dir + File.separatorChar + fileName;
                    f = new File(fullPath);
+                    if (!isChildOf(f, dir)) {
+                        f = null;
+                    }
                }
            }

-        if ((!f.isFile()) &&
+        if (((f == null) || (!f.isFile())) &&
                ((path = System.getProperty("java.class.path")) != null)) {
                                    /* try relative to java.class.path */
                StringTokenizer st =
                    new StringTokenizer(path, File.pathSeparator);
-                while (st.hasMoreTokens() && (!f.isFile())) {
+                while (st.hasMoreTokens() && ((f == null) || (!f.isFile()))) {
                    dir = st.nextToken();
                        fullPath = dir + File.separatorChar + fileName;
                    f = new File(fullPath);
@ -1858,13 +1848,69 @@ public class ICC_Profile implements Serializable {
                    }
                }
            }
-
-        if (f.isFile()) {
+        if ((f == null) || (!f.isFile())) {
+            /* try the directory of built-in profiles */
+            f = getStandardProfileFile(fileName);
+        }
+        if (f != null && f.isFile()) {
            return f;
        }
        return null;
    }

+    /**
+     * Returns a file object corresponding to a built-in profile
+     * specified by fileName.
+     * If there is no built-in profile with such name, then the method
+     * returns null.
+     */
+    private static File getStandardProfileFile(String fileName) {
+        String dir = System.getProperty("java.home") +
+            File.separatorChar + "lib" + File.separatorChar + "cmm";
+        String fullPath = dir + File.separatorChar + fileName;
+        File f = new File(fullPath);
+        if (!f.isFile()) {
+            //make sure file was installed in the kernel mode
+            try {
+                //kernel uses platform independent paths =>
+                //   should not use platform separator char
+                sun.jkernel.DownloadManager.downloadFile("lib/cmm/"+fileName);
+            } catch (IOException ioe) {}
+        }
+        return (f.isFile() && isChildOf(f, dir)) ? f : null;
+    }
+
+    /**
+     * Checks whether given file resides inside give directory.
+     */
+    private static boolean isChildOf(File f, String dirName) {
+        try {
+            File dir = new File(dirName);
+            String canonicalDirName = dir.getCanonicalPath();
+            if (!canonicalDirName.endsWith(File.separator)) {
+                canonicalDirName += File.separator;
+            }
+            String canonicalFileName = f.getCanonicalPath();
+            return canonicalFileName.startsWith(canonicalDirName);
+        } catch (IOException e) {
+            /* we do not expect the IOException here, because invocation
+             * of this function is always preceeded by isFile() call.
+             */
+            return false;
+        }
+    }
+
+    /**
+     * Checks whether built-in profile specified by fileName exists.
+     */
+    private static boolean standardProfileExists(final String fileName) {
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+                public Boolean run() {
+                    return getStandardProfileFile(fileName) != null;
+                }
+            });
+    }
+

    /*
     * Serialization support.
--- a/jdk/src/share/classes/java/lang/ClassLoader.java
+++ b/jdk/src/share/classes/java/lang/ClassLoader.java
@ -186,11 +186,6 @@ public abstract class ClassLoader {
        parallelLoaders.add(ClassLoader.class);
    }

-    // If initialization succeed this is set to true and security checks will
-    // succeed.  Otherwise the object is not initialized and the object is
-    // useless.
-    private final boolean initialized;
-
    // The parent class loader for delegation
    // Note: VM hardcoded the offset of this field, thus all new fields
    // must be added *after* it.
@ -232,6 +227,31 @@ public abstract class ClassLoader {
    private final HashMap<String, Package> packages =
        new HashMap<String, Package>();

+    private static Void checkCreateClassLoader() {
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkCreateClassLoader();
+        }
+        return null;
+    }
+
+    private ClassLoader(Void unused, ClassLoader parent) {
+        this.parent = parent;
+        if (parallelLoaders.contains(this.getClass())) {
+            parallelLockMap = new ConcurrentHashMap<String, Object>();
+            package2certs = new ConcurrentHashMap<String, Certificate[]>();
+            domains =
+                Collections.synchronizedSet(new HashSet<ProtectionDomain>());
+            assertionLock = new Object();
+        } else {
+            // no finer-grained lock; lock on the classloader instance
+            parallelLockMap = null;
+            package2certs = new Hashtable<String, Certificate[]>();
+            domains = new HashSet<ProtectionDomain>();
+            assertionLock = this;
+        }
+    }
+
    /**
     * Creates a new class loader using the specified parent class loader for
     * delegation.
@ -252,25 +272,7 @@ public abstract class ClassLoader {
     * @since  1.2
     */
    protected ClassLoader(ClassLoader parent) {
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
-        this.parent = parent;
-        if (parallelLoaders.contains(this.getClass())) {
-            parallelLockMap = new ConcurrentHashMap<String, Object>();
-            package2certs = new ConcurrentHashMap<String, Certificate[]>();
-            domains =
-                Collections.synchronizedSet(new HashSet<ProtectionDomain>());
-            assertionLock = new Object();
-        } else {
-            // no finer-grained lock; lock on the classloader instance
-            parallelLockMap = null;
-            package2certs = new Hashtable<String, Certificate[]>();
-            domains = new HashSet<ProtectionDomain>();
-            assertionLock = this;
-        }
-        initialized = true;
+        this(checkCreateClassLoader(), parent);
    }

    /**
@ -289,25 +291,7 @@ public abstract class ClassLoader {
     *          of a new class loader.
     */
    protected ClassLoader() {
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
-        this.parent = getSystemClassLoader();
-        if (parallelLoaders.contains(this.getClass())) {
-            parallelLockMap = new ConcurrentHashMap<String, Object>();
-            package2certs = new ConcurrentHashMap<String, Certificate[]>();
-            domains =
-                Collections.synchronizedSet(new HashSet<ProtectionDomain>());
-            assertionLock = new Object();
-        } else {
-            // no finer-grained lock; lock on the classloader instance
-            parallelLockMap = null;
-            package2certs = new Hashtable<String, Certificate[]>();
-            domains = new HashSet<ProtectionDomain>();
-            assertionLock = this;
-        }
-        initialized = true;
+        this(checkCreateClassLoader(), getSystemClassLoader());
    }

    // -- Class --
@ -754,7 +738,6 @@ public abstract class ClassLoader {
                                         ProtectionDomain protectionDomain)
        throws ClassFormatError
    {
-        check();
        protectionDomain = preDefineClass(name, protectionDomain);

        Class c = null;
@ -838,8 +821,6 @@ public abstract class ClassLoader {
                                         ProtectionDomain protectionDomain)
        throws ClassFormatError
    {
-        check();
-
        int len = b.remaining();

        // Use byte[] if not a direct ByteBufer:
@ -984,7 +965,6 @@ public abstract class ClassLoader {
     * @see  #defineClass(String, byte[], int, int)
     */
    protected final void resolveClass(Class<?> c) {
-        check();
        resolveClass0(c);
    }

@ -1015,7 +995,6 @@ public abstract class ClassLoader {
    protected final Class<?> findSystemClass(String name)
        throws ClassNotFoundException
    {
-        check();
        ClassLoader system = getSystemClassLoader();
        if (system == null) {
            if (!checkName(name))
@ -1035,7 +1014,6 @@ public abstract class ClassLoader {
     */
    private Class findBootstrapClassOrNull(String name)
    {
-        check();
        if (!checkName(name)) return null;

        return findBootstrapClass(name);
@ -1044,13 +1022,6 @@ public abstract class ClassLoader {
    // return null if not found
    private native Class findBootstrapClass(String name);

-    // Check to make sure the class loader has been initialized.
-    private void check() {
-        if (!initialized) {
-            throw new SecurityException("ClassLoader object not initialized");
-        }
-    }
-
    /**
     * Returns the class with the given <a href="#name">binary name</a> if this
     * loader has been recorded by the Java virtual machine as an initiating
@ -1066,7 +1037,6 @@ public abstract class ClassLoader {
     * @since  1.1
     */
    protected final Class<?> findLoadedClass(String name) {
-        check();
        if (!checkName(name))
            return null;
        return findLoadedClass0(name);
@ -1087,7 +1057,6 @@ public abstract class ClassLoader {
     * @since  1.1
     */
    protected final void setSigners(Class<?> c, Object[] signers) {
-        check();
        c.setSigners(signers);
    }

@ -2205,3 +2174,4 @@ class SystemClassLoaderAction
        return sys;
    }
 }
+
--- a/jdk/src/share/classes/java/security/MessageDigest.java
+++ b/jdk/src/share/classes/java/security/MessageDigest.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1996-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1996-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -414,16 +414,17 @@ public abstract class MessageDigest extends MessageDigestSpi {
     *
     * @return true if the digests are equal, false otherwise.
     */
-    public static boolean isEqual(byte digesta[], byte digestb[]) {
-        if (digesta.length != digestb.length)
+    public static boolean isEqual(byte[] digesta, byte[] digestb) {
+        if (digesta.length != digestb.length) {
            return false;
+        }

+        int result = 0;
+        // time-constant comparison
        for (int i = 0; i < digesta.length; i++) {
-            if (digesta[i] != digestb[i]) {
-                return false;
+            result |= digesta[i] ^ digestb[i];
        }
-        }
-        return true;
+        return result == 0;
    }

    /**
--- a/jdk/src/share/classes/javax/swing/ToolTipManager.java
+++ b/jdk/src/share/classes/javax/swing/ToolTipManager.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -27,10 +27,7 @@
 package javax.swing;

 import java.awt.event.*;
-import java.applet.*;
 import java.awt.*;
-import java.io.Serializable;
-import sun.swing.UIAction;

 /**
 * Manages all the <code>ToolTips</code> in the system.
@ -60,7 +57,7 @@ public class ToolTipManager extends MouseAdapter implements MouseMotionListener
    JComponent insideComponent;
    MouseEvent mouseEvent;
    boolean showImmediately;
-    final static ToolTipManager sharedInstance = new ToolTipManager();
+    private static final Object TOOL_TIP_MANAGER_KEY = new Object();
    transient Popup tipWindow;
    /** The Window tip is being displayed in. This will be non-null if
     * the Window tip is in differs from that of insideComponent's Window.
@ -345,7 +342,13 @@ public class ToolTipManager extends MouseAdapter implements MouseMotionListener
     * @return a shared <code>ToolTipManager</code> object
     */
    public static ToolTipManager sharedInstance() {
-        return sharedInstance;
+        Object value = SwingUtilities.appContextGet(TOOL_TIP_MANAGER_KEY);
+        if (value instanceof ToolTipManager) {
+            return (ToolTipManager) value;
+        }
+        ToolTipManager manager = new ToolTipManager();
+        SwingUtilities.appContextPut(TOOL_TIP_MANAGER_KEY, manager);
+        return manager;
    }

    // add keylistener here to trigger tip for access
--- a/jdk/src/share/classes/javax/swing/UIManager.java
+++ b/jdk/src/share/classes/javax/swing/UIManager.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -197,6 +197,8 @@ public class UIManager implements Serializable
        Vector<LookAndFeel> auxLookAndFeels = null;
        SwingPropertyChangeSupport changeSupport;

+        LookAndFeelInfo[] installedLAFs;
+
        UIDefaults getLookAndFeelDefaults() { return tables[0]; }
        void setLookAndFeelDefaults(UIDefaults x) { tables[0] = x; }

@ -227,18 +229,6 @@ public class UIManager implements Serializable
     */
    private static final Object classLock = new Object();

-
-    /* Cache the last referenced LAFState to improve performance
-     * when accessing it.  The cache is based on last thread rather
-     * than last AppContext because of the cost of looking up the
-     * AppContext each time.  Since most Swing UI work is on the
-     * EventDispatchThread, this hits often enough to justify the
-     * overhead.  (4193032)
-     */
-    private static Thread currentLAFStateThread = null;
-    private static LAFState currentLAFState = null;
-
-
    /**
     * Return the <code>LAFState</code> object, lazily create one if necessary.
     * All access to the <code>LAFState</code> fields is done via this method,
@ -248,13 +238,6 @@ public class UIManager implements Serializable
     * </pre>
     */
    private static LAFState getLAFState() {
-        // First check whether we're running on the same thread as
-        // the last request.
-        Thread thisThread = Thread.currentThread();
-        if (thisThread == currentLAFStateThread) {
-            return currentLAFState;
-        }
-
        LAFState rv = (LAFState)SwingUtilities.appContextGet(
                SwingUtilities2.LAF_STATE_KEY);
        if (rv == null) {
@ -268,10 +251,6 @@ public class UIManager implements Serializable
                }
            }
        }
-
-        currentLAFStateThread = thisThread;
-        currentLAFState = rv;
-
        return rv;
    }

@ -431,7 +410,10 @@ public class UIManager implements Serializable
     */
    public static LookAndFeelInfo[] getInstalledLookAndFeels() {
        maybeInitialize();
-        LookAndFeelInfo[] ilafs = installedLAFs;
+        LookAndFeelInfo[] ilafs = getLAFState().installedLAFs;
+        if (ilafs == null) {
+            ilafs = installedLAFs;
+        }
        LookAndFeelInfo[] rv = new LookAndFeelInfo[ilafs.length];
        System.arraycopy(ilafs, 0, rv, 0, ilafs.length);
        return rv;
@ -453,9 +435,10 @@ public class UIManager implements Serializable
    public static void setInstalledLookAndFeels(LookAndFeelInfo[] infos)
        throws SecurityException
    {
+        maybeInitialize();
        LookAndFeelInfo[] newInfos = new LookAndFeelInfo[infos.length];
        System.arraycopy(infos, 0, newInfos, 0, infos.length);
-        installedLAFs = newInfos;
+        getLAFState().installedLAFs = newInfos;
    }


@ -1307,10 +1290,11 @@ public class UIManager implements Serializable
            }
        }

-        installedLAFs = new LookAndFeelInfo[ilafs.size()];
+        LookAndFeelInfo[] installedLAFs = new LookAndFeelInfo[ilafs.size()];
        for(int i = 0; i < ilafs.size(); i++) {
            installedLAFs[i] = ilafs.elementAt(i);
        }
+        getLAFState().installedLAFs = installedLAFs;
    }


--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java
@ -26,6 +26,8 @@
 package javax.swing.plaf.basic;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import java.awt.*;
 import java.awt.event.*;
 import java.io.Serializable;
@ -44,9 +46,6 @@ import javax.swing.text.View;
 * @author Jeff Dinkins
 */
 public class BasicButtonUI extends ButtonUI{
-    // Shared UI object
-    private final static BasicButtonUI buttonUI = new BasicButtonUI();
-
    // Visual constants
    // NOTE: This is not used or set any where. Were we allowed to remove
    // fields, this would be removed.
@ -61,10 +60,19 @@ public class BasicButtonUI extends ButtonUI{

    private final static String propertyPrefix = "Button" + ".";

+    private static final Object BASIC_BUTTON_UI_KEY = new Object();
+
    // ********************************
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        BasicButtonUI buttonUI =
+                (BasicButtonUI) appContext.get(BASIC_BUTTON_UI_KEY);
+        if (buttonUI == null) {
+            buttonUI = new BasicButtonUI();
+            appContext.put(BASIC_BUTTON_UI_KEY, buttonUI);
+        }
        return buttonUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java
@ -25,6 +25,8 @@

 package javax.swing.plaf.basic;

+import sun.awt.AppContext;
+
 import javax.swing.*;

 import java.awt.*;
@ -49,7 +51,7 @@ import java.io.Serializable;
 */
 public class BasicCheckBoxUI extends BasicRadioButtonUI {

-    private final static BasicCheckBoxUI checkboxUI = new BasicCheckBoxUI();
+    private static final Object BASIC_CHECK_BOX_UI_KEY = new Object();

    private final static String propertyPrefix = "CheckBox" + ".";

@ -57,6 +59,13 @@ public class BasicCheckBoxUI extends BasicRadioButtonUI {
    //            Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        BasicCheckBoxUI checkboxUI =
+                (BasicCheckBoxUI) appContext.get(BASIC_CHECK_BOX_UI_KEY);
+        if (checkboxUI == null) {
+            checkboxUI = new BasicCheckBoxUI();
+            appContext.put(BASIC_CHECK_BOX_UI_KEY, checkboxUI);
+        }
        return checkboxUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java
@ -28,6 +28,8 @@ package javax.swing.plaf.basic;
 import sun.swing.SwingUtilities2;
 import sun.swing.DefaultLookup;
 import sun.swing.UIAction;
+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.plaf.*;
 import javax.swing.text.View;
@ -63,7 +65,7 @@ public class BasicLabelUI extends LabelUI implements  PropertyChangeListener
    * name in defaults table under the key "LabelUI".
    */
    protected static BasicLabelUI labelUI = new BasicLabelUI();
-    private final static BasicLabelUI SAFE_BASIC_LABEL_UI = new BasicLabelUI();
+    private static final Object BASIC_LABEL_UI_KEY = new Object();

    private Rectangle paintIconR = new Rectangle();
    private Rectangle paintTextR = new Rectangle();
@ -394,10 +396,16 @@ public class BasicLabelUI extends LabelUI implements  PropertyChangeListener

    public static ComponentUI createUI(JComponent c) {
        if (System.getSecurityManager() != null) {
-            return SAFE_BASIC_LABEL_UI;
-        } else {
-            return labelUI;
+            AppContext appContext = AppContext.getAppContext();
+            BasicLabelUI safeBasicLabelUI =
+                    (BasicLabelUI) appContext.get(BASIC_LABEL_UI_KEY);
+            if (safeBasicLabelUI == null) {
+                safeBasicLabelUI = new BasicLabelUI();
+                appContext.put(BASIC_LABEL_UI_KEY, safeBasicLabelUI);
            }
+            return safeBasicLabelUI;
+        }
+        return labelUI;
    }

    public void propertyChange(PropertyChangeEvent e) {
--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java
@ -32,6 +32,7 @@ import javax.swing.border.*;
 import javax.swing.plaf.*;
 import javax.swing.text.View;
 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;


 /**
@ -41,7 +42,7 @@ import sun.swing.SwingUtilities2;
 */
 public class BasicRadioButtonUI extends BasicToggleButtonUI
 {
-    private final static BasicRadioButtonUI radioButtonUI = new BasicRadioButtonUI();
+    private static final Object BASIC_RADIO_BUTTON_UI_KEY = new Object();

    protected Icon icon;

@ -53,6 +54,13 @@ public class BasicRadioButtonUI extends BasicToggleButtonUI
    //        Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        BasicRadioButtonUI radioButtonUI =
+                (BasicRadioButtonUI) appContext.get(BASIC_RADIO_BUTTON_UI_KEY);
+        if (radioButtonUI == null) {
+            radioButtonUI = new BasicRadioButtonUI();
+            appContext.put(BASIC_RADIO_BUTTON_UI_KEY, radioButtonUI);
+        }
        return radioButtonUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -31,14 +31,12 @@ import sun.swing.DefaultLookup;
 import sun.swing.UIAction;
 import javax.swing.*;
 import javax.swing.border.Border;
-import javax.swing.event.*;
 import java.awt.*;
 import java.awt.event.*;
 import java.awt.peer.ComponentPeer;
 import java.awt.peer.LightweightPeer;
 import java.beans.*;
 import java.util.*;
-import javax.swing.plaf.ActionMapUIResource;
 import javax.swing.plaf.SplitPaneUI;
 import javax.swing.plaf.ComponentUI;
 import javax.swing.plaf.UIResource;
@ -106,13 +104,13 @@ public class BasicSplitPaneUI extends SplitPaneUI
     * Keys to use for forward focus traversal when the JComponent is
     * managing focus.
     */
-    private static Set<KeyStroke> managingFocusForwardTraversalKeys;
+    private Set<KeyStroke> managingFocusForwardTraversalKeys;

    /**
     * Keys to use for backward focus traversal when the JComponent is
     * managing focus.
     */
-    private static Set<KeyStroke> managingFocusBackwardTraversalKeys;
+    private Set<KeyStroke> managingFocusBackwardTraversalKeys;


    /**
@ -675,7 +673,7 @@ public class BasicSplitPaneUI extends SplitPaneUI
     * @return increment via keyboard methods.
     */
    int getKeyboardMoveIncrement() {
-        return KEYBOARD_DIVIDER_MOVE_OFFSET;
+        return 3;
    }

    /**
--- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java
@ -25,6 +25,8 @@

 package javax.swing.plaf.basic;

+import sun.awt.AppContext;
+
 import java.awt.*;
 import java.awt.event.*;

@ -43,7 +45,7 @@ import javax.swing.text.View;
 */
 public class BasicToggleButtonUI extends BasicButtonUI {

-    private final static BasicToggleButtonUI toggleButtonUI = new BasicToggleButtonUI();
+    private static final Object BASIC_TOGGLE_BUTTON_UI_KEY = new Object();

    private final static String propertyPrefix = "ToggleButton" + ".";

@ -51,6 +53,13 @@ public class BasicToggleButtonUI extends BasicButtonUI {
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        BasicToggleButtonUI toggleButtonUI =
+                (BasicToggleButtonUI) appContext.get(BASIC_TOGGLE_BUTTON_UI_KEY);
+        if (toggleButtonUI == null) {
+            toggleButtonUI = new BasicToggleButtonUI();
+            appContext.put(BASIC_TOGGLE_BUTTON_UI_KEY, toggleButtonUI);
+        }
        return toggleButtonUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,8 +28,9 @@ package javax.swing.plaf.metal;
 import java.awt.*;
 import java.awt.image.*;
 import javax.swing.*;
-import java.io.*;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
+import sun.awt.AppContext;

 /**
 * Implements the bumps used throughout the Metal Look and Feel.
@ -49,19 +50,9 @@ class MetalBumps implements Icon {
    protected Color shadowColor;
    protected Color backColor;

-    protected static Vector<BumpBuffer> buffers = new Vector<BumpBuffer>();
+    private static final Object METAL_BUMPS = new Object();
    protected BumpBuffer buffer;

-    public MetalBumps( Dimension bumpArea ) {
-        this( bumpArea.width, bumpArea.height );
-    }
-
-    public MetalBumps( int width, int height ) {
-        this(width, height, MetalLookAndFeel.getPrimaryControlHighlight(),
-             MetalLookAndFeel.getPrimaryControlDarkShadow(),
-             MetalLookAndFeel.getPrimaryControlShadow());
-    }
-
    /**
     * Creates MetalBumps of the specified size with the specified colors.
     * If <code>newBackColor</code> is null, the background will be
@ -73,26 +64,22 @@ class MetalBumps implements Icon {
        setBumpColors( newTopColor, newShadowColor, newBackColor );
    }

-    private BumpBuffer getBuffer(GraphicsConfiguration gc, Color aTopColor,
-                                 Color aShadowColor, Color aBackColor) {
-        if (buffer != null && buffer.hasSameConfiguration(
-                              gc, aTopColor, aShadowColor, aBackColor)) {
+    private static BumpBuffer createBuffer(GraphicsConfiguration gc,
+                                           Color topColor, Color shadowColor, Color backColor) {
+        AppContext context = AppContext.getAppContext();
+        List<BumpBuffer> buffers = (List<BumpBuffer>) context.get(METAL_BUMPS);
+        if (buffers == null) {
+            buffers = new ArrayList<BumpBuffer>();
+            context.put(METAL_BUMPS, buffers);
+        }
+        for (BumpBuffer buffer : buffers) {
+            if (buffer.hasSameConfiguration(gc, topColor, shadowColor, backColor)) {
                return buffer;
            }
-        BumpBuffer result = null;
-
-        for (BumpBuffer aBuffer : buffers) {
-            if ( aBuffer.hasSameConfiguration(gc, aTopColor, aShadowColor,
-                                              aBackColor)) {
-                result = aBuffer;
-                break;
        }
-        }
-        if (result == null) {
-            result = new BumpBuffer(gc, topColor, shadowColor, backColor);
-            buffers.addElement(result);
-        }
-        return result;
+        BumpBuffer buffer = new BumpBuffer(gc, topColor, shadowColor, backColor);
+        buffers.add(buffer);
+        return buffer;
    }

    public void setBumpArea( Dimension bumpArea ) {
@ -119,10 +106,12 @@ class MetalBumps implements Icon {
        GraphicsConfiguration gc = (g instanceof Graphics2D) ?
                ((Graphics2D) g).getDeviceConfiguration() : null;

-        buffer = getBuffer(gc, topColor, shadowColor, backColor);
+        if ((buffer == null) || !buffer.hasSameConfiguration(gc, topColor, shadowColor, backColor)) {
+            buffer = createBuffer(gc, topColor, shadowColor, backColor);
+        }

-        int bufferWidth = buffer.getImageSize().width;
-        int bufferHeight = buffer.getImageSize().height;
+        int bufferWidth = BumpBuffer.IMAGE_SIZE;
+        int bufferHeight = BumpBuffer.IMAGE_SIZE;
        int iconWidth = getIconWidth();
        int iconHeight = getIconHeight();
        int x2 = x + iconWidth;
@ -155,7 +144,6 @@ class MetalBumps implements Icon {
 class BumpBuffer {

    static final int IMAGE_SIZE = 64;
-    static Dimension imageSize = new Dimension( IMAGE_SIZE, IMAGE_SIZE );

    transient Image image;
    Color topColor;
@ -197,10 +185,6 @@ class BumpBuffer {
        return image;
    }

-    public Dimension getImageSize() {
-        return imageSize;
-    }
-
    /**
     * Paints the bumps into the current image.
     */
--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java
@ -26,6 +26,8 @@
 package javax.swing.plaf.metal;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.border.*;
 import javax.swing.plaf.basic.*;
@ -49,19 +51,25 @@ import javax.swing.plaf.*;
 * @author Tom Santos
 */
 public class MetalButtonUI extends BasicButtonUI {
-
-    private final static MetalButtonUI metalButtonUI = new MetalButtonUI();
-
    // NOTE: These are not really needed, but at this point we can't pull
    // them. Their values are updated purely for historical reasons.
    protected Color focusColor;
    protected Color selectColor;
    protected Color disabledTextColor;

+    private static final Object METAL_BUTTON_UI_KEY = new Object();
+
    // ********************************
    //          Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        MetalButtonUI metalButtonUI =
+                (MetalButtonUI) appContext.get(METAL_BUTTON_UI_KEY);
+        if (metalButtonUI == null) {
+            metalButtonUI = new MetalButtonUI();
+            appContext.put(METAL_BUTTON_UI_KEY, metalButtonUI);
+        }
        return metalButtonUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java
@ -25,6 +25,8 @@

 package javax.swing.plaf.metal;

+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.plaf.basic.BasicCheckBoxUI;

@ -55,7 +57,7 @@ public class MetalCheckBoxUI extends MetalRadioButtonUI {
    // of BasicCheckBoxUI because we want to pick up all the
    // painting changes made in MetalRadioButtonUI.

-    private final static MetalCheckBoxUI checkboxUI = new MetalCheckBoxUI();
+    private static final Object METAL_CHECK_BOX_UI_KEY = new Object();

    private final static String propertyPrefix = "CheckBox" + ".";

@ -65,6 +67,13 @@ public class MetalCheckBoxUI extends MetalRadioButtonUI {
    //         Create PlAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        MetalCheckBoxUI checkboxUI =
+                (MetalCheckBoxUI) appContext.get(METAL_CHECK_BOX_UI_KEY);
+        if (checkboxUI == null) {
+            checkboxUI = new MetalCheckBoxUI();
+            appContext.put(METAL_CHECK_BOX_UI_KEY, checkboxUI);
+        }
        return checkboxUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -31,10 +31,8 @@ import javax.swing.*;
 import javax.swing.event.*;
 import javax.swing.border.*;
 import javax.swing.plaf.basic.*;
-import java.util.EventListener;
 import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeEvent;
-import java.beans.PropertyVetoException;
 import javax.swing.plaf.*;

 /**
@ -51,7 +49,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI {
  private static final Border handyEmptyBorder = new EmptyBorder(0,0,0,0);

  protected static String IS_PALETTE   = "JInternalFrame.isPalette";
-
+  private static String IS_PALETTE_KEY = "JInternalFrame.isPalette";
  private static String FRAME_TYPE     = "JInternalFrame.frameType";
  private static String NORMAL_FRAME   = "normal";
  private static String PALETTE_FRAME  = "palette";
@ -68,7 +66,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI {
  public void installUI(JComponent c) {
    super.installUI(c);

-    Object paletteProp = c.getClientProperty( IS_PALETTE );
+    Object paletteProp = c.getClientProperty(IS_PALETTE_KEY);
    if ( paletteProp != null ) {
        setPalette( ((Boolean)paletteProp).booleanValue() );
    }
@ -187,7 +185,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI {
                  ui.setFrameType( (String) e.getNewValue() );
              }
          }
-          else if ( name.equals( IS_PALETTE ) )
+          else if ( name.equals(IS_PALETTE_KEY) )
          {
              if ( e.getNewValue() != null )
              {
--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java
@ -26,6 +26,8 @@
 package javax.swing.plaf.metal;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import javax.swing.*;
 import javax.swing.plaf.*;
 import javax.swing.plaf.basic.*;
@ -51,15 +53,21 @@ public class MetalLabelUI extends BasicLabelUI
    * name in defaults table under the key "LabelUI".
    */
    protected static MetalLabelUI metalLabelUI = new MetalLabelUI();
-    private final static MetalLabelUI SAFE_METAL_LABEL_UI = new MetalLabelUI();

+    private static final Object METAL_LABEL_UI_KEY = new Object();

    public static ComponentUI createUI(JComponent c) {
        if (System.getSecurityManager() != null) {
-            return SAFE_METAL_LABEL_UI;
-        } else {
-            return metalLabelUI;
+            AppContext appContext = AppContext.getAppContext();
+            MetalLabelUI safeMetalLabelUI =
+                    (MetalLabelUI) appContext.get(METAL_LABEL_UI_KEY);
+            if (safeMetalLabelUI == null) {
+                safeMetalLabelUI = new MetalLabelUI();
+                appContext.put(METAL_LABEL_UI_KEY, safeMetalLabelUI);
            }
+            return safeMetalLabelUI;
+        }
+        return metalLabelUI;
    }

    /**
--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java
@ -26,6 +26,8 @@
 package javax.swing.plaf.metal;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import java.awt.*;
 import java.awt.event.*;
 import javax.swing.*;
@ -53,7 +55,7 @@ import javax.swing.text.View;
 */
 public class MetalRadioButtonUI extends BasicRadioButtonUI {

-    private static final MetalRadioButtonUI metalRadioButtonUI = new MetalRadioButtonUI();
+    private static final Object METAL_RADIO_BUTTON_UI_KEY = new Object();

    protected Color focusColor;
    protected Color selectColor;
@ -65,6 +67,13 @@ public class MetalRadioButtonUI extends BasicRadioButtonUI {
    //        Create PlAF
    // ********************************
    public static ComponentUI createUI(JComponent c) {
+        AppContext appContext = AppContext.getAppContext();
+        MetalRadioButtonUI metalRadioButtonUI =
+                (MetalRadioButtonUI) appContext.get(METAL_RADIO_BUTTON_UI_KEY);
+        if (metalRadioButtonUI == null) {
+            metalRadioButtonUI = new MetalRadioButtonUI();
+            appContext.put(METAL_RADIO_BUTTON_UI_KEY, metalRadioButtonUI);
+        }
        return metalRadioButtonUI;
    }

--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -54,12 +54,13 @@ public class MetalSliderUI extends BasicSliderUI {

    protected final int TICK_BUFFER = 4;
    protected boolean filledSlider = false;
-    // NOTE: these next three variables are currently unused.
+    // NOTE: these next five variables are currently unused.
    protected static Color thumbColor;
    protected static Color highlightColor;
    protected static Color darkShadowColor;
    protected static int trackWidth;
    protected static int tickLength;
+    private int safeLength;

   /**
    * A default horizontal thumb <code>Icon</code>. This field might not be
@ -107,7 +108,7 @@ public class MetalSliderUI extends BasicSliderUI {

    public void installUI( JComponent c ) {
        trackWidth = ((Integer)UIManager.get( "Slider.trackWidth" )).intValue();
-        tickLength = ((Integer)UIManager.get( "Slider.majorTickLength" )).intValue();
+        tickLength = safeLength = ((Integer)UIManager.get( "Slider.majorTickLength" )).intValue();
        horizThumbIcon = SAFE_HORIZ_THUMB_ICON =
                UIManager.getIcon( "Slider.horizontalThumbIcon" );
        vertThumbIcon = SAFE_VERT_THUMB_ICON =
@ -477,8 +478,8 @@ public class MetalSliderUI extends BasicSliderUI {
     * determine the tick area rectangle.
     */
    public int getTickLength() {
-        return slider.getOrientation() == JSlider.HORIZONTAL ? tickLength + TICK_BUFFER + 1 :
-        tickLength + TICK_BUFFER + 3;
+        return slider.getOrientation() == JSlider.HORIZONTAL ? safeLength + TICK_BUFFER + 1 :
+        safeLength + TICK_BUFFER + 3;
    }

    /**
@ -523,22 +524,22 @@ public class MetalSliderUI extends BasicSliderUI {

    protected void paintMinorTickForHorizSlider( Graphics g, Rectangle tickBounds, int x ) {
        g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() );
-        g.drawLine( x, TICK_BUFFER, x, TICK_BUFFER + (tickLength / 2) );
+        g.drawLine( x, TICK_BUFFER, x, TICK_BUFFER + (safeLength / 2) );
    }

    protected void paintMajorTickForHorizSlider( Graphics g, Rectangle tickBounds, int x ) {
        g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() );
-        g.drawLine( x, TICK_BUFFER , x, TICK_BUFFER + (tickLength - 1) );
+        g.drawLine( x, TICK_BUFFER , x, TICK_BUFFER + (safeLength - 1) );
    }

    protected void paintMinorTickForVertSlider( Graphics g, Rectangle tickBounds, int y ) {
        g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() );

        if (MetalUtils.isLeftToRight(slider)) {
-            g.drawLine( TICK_BUFFER, y, TICK_BUFFER + (tickLength / 2), y );
+            g.drawLine( TICK_BUFFER, y, TICK_BUFFER + (safeLength / 2), y );
        }
        else {
-            g.drawLine( 0, y, tickLength/2, y );
+            g.drawLine( 0, y, safeLength/2, y );
        }
    }

@ -546,10 +547,10 @@ public class MetalSliderUI extends BasicSliderUI {
        g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() );

        if (MetalUtils.isLeftToRight(slider)) {
-            g.drawLine( TICK_BUFFER, y, TICK_BUFFER + tickLength, y );
+            g.drawLine( TICK_BUFFER, y, TICK_BUFFER + safeLength, y );
        }
        else {
-            g.drawLine( 0, y, tickLength, y );
+            g.drawLine( 0, y, safeLength, y );
        }
    }
 }
--- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java
+++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java
@ -26,6 +26,8 @@
 package javax.swing.plaf.metal;

 import sun.swing.SwingUtilities2;
+import sun.awt.AppContext;
+
 import java.awt.*;
 import java.awt.event.*;
 import java.lang.ref.*;
@ -55,7 +57,7 @@ import java.io.Serializable;
 */
 public class MetalToggleButtonUI extends BasicToggleButtonUI {

-    private static final MetalToggleButtonUI metalToggleButtonUI = new MetalToggleButtonUI();
+    private static final Object METAL_TOGGLE_BUTTON_UI_KEY = new Object();

    protected Color focusColor;
    protected Color selectColor;
@ -67,6 +69,13 @@ public class MetalToggleButtonUI extends BasicToggleButtonUI {
    //        Create PLAF
    // ********************************
    public static ComponentUI createUI(JComponent b) {
+        AppContext appContext = AppContext.getAppContext();
+        MetalToggleButtonUI metalToggleButtonUI =
+                (MetalToggleButtonUI) appContext.get(METAL_TOGGLE_BUTTON_UI_KEY);
+        if (metalToggleButtonUI == null) {
+            metalToggleButtonUI = new MetalToggleButtonUI();
+            appContext.put(METAL_TOGGLE_BUTTON_UI_KEY, metalToggleButtonUI);
+        }
        return metalToggleButtonUI;
    }

--- a/jdk/src/share/classes/sun/applet/AppletClassLoader.java
+++ b/jdk/src/share/classes/sun/applet/AppletClassLoader.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1995-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -51,6 +51,7 @@ import java.security.Permission;
 import java.security.PermissionCollection;
 import sun.awt.AppContext;
 import sun.awt.SunToolkit;
+import sun.misc.IOUtils;
 import sun.net.www.ParseUtil;
 import sun.security.util.SecurityConstants;

@ -331,36 +332,7 @@ public class AppletClassLoader extends URLClassLoader {

        byte[] b;
        try {
-            if (len != -1) {
-                // Read exactly len bytes from the input stream
-                b = new byte[len];
-                while (len > 0) {
-                    int n = in.read(b, b.length - len, len);
-                    if (n == -1) {
-                        throw new IOException("unexpected EOF");
-                    }
-                    len -= n;
-                }
-            } else {
-                // Read until end of stream is reached - use 8K buffer
-                // to speed up performance [stanleyh]
-                b = new byte[8192];
-                int total = 0;
-                while ((len = in.read(b, total, b.length - total)) != -1) {
-                    total += len;
-                    if (total >= b.length) {
-                        byte[] tmp = new byte[total * 2];
-                        System.arraycopy(b, 0, tmp, 0, total);
-                        b = tmp;
-                    }
-                }
-                // Trim array to correct size, if necessary
-                if (total != b.length) {
-                    byte[] tmp = new byte[total];
-                    System.arraycopy(b, 0, tmp, 0, total);
-                    b = tmp;
-                }
-            }
+            b = IOUtils.readFully(in, len, true);
        } finally {
            in.close();
        }
--- a/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java
+++ b/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java
@ -336,10 +336,6 @@ public class ImageRepresentation extends ImageWatched implements ImageConsumer
    public native void setICMpixels(int x, int y, int w, int h, int[] lut,
                                    byte[] pix, int off, int scansize,
                                    IntegerComponentRaster ict);
-
-    public native void setBytePixels(int x, int y, int w, int h, byte[] pix,
-                                     int off, int scansize,
-                                     ByteComponentRaster bct, int chanOff);
    public native int setDiffICM(int x, int y, int w, int h, int[] lut,
                                 int transPix, int numLut, IndexColorModel icm,
                                 byte[] pix, int off, int scansize,
@ -450,7 +446,6 @@ public class ImageRepresentation extends ImageWatched implements ImageConsumer
                     (biRaster instanceof ByteComponentRaster) &&
                     (biRaster.getNumDataElements() == 1)){
                ByteComponentRaster bt = (ByteComponentRaster) biRaster;
-                if (w*h > 200) {
                if (off == 0 && scansize == w) {
                    bt.putByteData(x, y, w, h, pix);
                }
@ -464,15 +459,6 @@ public class ImageRepresentation extends ImageWatched implements ImageConsumer
                    }
                }
            }
-                else {
-                    // Only is faster if #pixels
-                    // Note that setBytePixels modifies the raster directly
-                    // so we must mark it as changed afterwards
-                    setBytePixels(x, y, w, h, pix, off, scansize, bt,
-                                  bt.getDataOffset(0));
-                    bt.markDirty();
-                }
-            }
            else {
                for (int yoff=y; yoff < y+h; yoff++, lineOff += scansize) {
                    poff = lineOff;
--- a/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java
+++ b/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java
@ -26,9 +26,9 @@
 package sun.dyn.anon;

 import java.io.IOException;
-import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import sun.misc.IOUtils;

 /**
 * Anonymous class loader.  Will load any valid classfile, producing
@ -285,13 +285,6 @@ public class AnonymousClassLoader {
        if (contentLength < 0)
            throw new IOException("invalid content length "+contentLength);

-        byte[] classFile = new byte[contentLength];
-        InputStream tcs = connection.getInputStream();
-        for (int fill = 0, nr; fill < classFile.length; fill += nr) {
-            nr = tcs.read(classFile, fill, classFile.length - fill);
-            if (nr < 0)
-                throw new IOException("premature end of file");
-        }
-        return classFile;
+        return IOUtils.readFully(connection.getInputStream(), contentLength, true);
    }
 }
--- a/jdk/src/share/classes/sun/misc/IOUtils.java
+++ b/jdk/src/share/classes/sun/misc/IOUtils.java
@ -0,0 +1,80 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * IOUtils: A collection of IO-related public static methods.
+ */
+
+package sun.misc;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+
+public class IOUtils {
+
+    /**
+     * Read up to <code>length</code> of bytes from <code>in</code>
+     * until EOF is detected.
+     * @param in input stream, must not be null
+     * @param length number of bytes to read, -1 or Integer.MAX_VALUE means
+     *        read as much as possible
+     * @param readAll if true, an EOFException will be thrown if not enough
+     *        bytes are read. Ignored when length is -1 or Integer.MAX_VALUE
+     * @return bytes read
+     * @throws IOException Any IO error or a premature EOF is detected
+     */
+    public static byte[] readFully(InputStream is, int length, boolean readAll)
+            throws IOException {
+        byte[] output = {};
+        if (length == -1) length = Integer.MAX_VALUE;
+        int pos = 0;
+        while (pos < length) {
+            int bytesToRead;
+            if (pos >= output.length) { // Only expand when there's no room
+                bytesToRead = Math.min(length - pos, output.length + 1024);
+                if (output.length < pos + bytesToRead) {
+                    output = Arrays.copyOf(output, pos + bytesToRead);
+                }
+            } else {
+                bytesToRead = output.length - pos;
+            }
+            int cc = is.read(output, pos, bytesToRead);
+            if (cc < 0) {
+                if (readAll && length != Integer.MAX_VALUE) {
+                    throw new EOFException("Detect premature EOF");
+                } else {
+                    if (output.length != pos) {
+                        output = Arrays.copyOf(output, pos);
+                    }
+                    break;
+                }
+            }
+            pos += cc;
+        }
+        return output;
+    }
+}
--- a/jdk/src/share/classes/sun/misc/Resource.java
+++ b/jdk/src/share/classes/sun/misc/Resource.java
@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -25,14 +25,15 @@

 package sun.misc;

+import java.io.EOFException;
 import java.net.URL;
 import java.io.IOException;
 import java.io.InterruptedIOException;
 import java.io.InputStream;
 import java.security.CodeSigner;
 import java.util.jar.Manifest;
-import java.util.jar.Attributes;
 import java.nio.ByteBuffer;
+import java.util.Arrays;
 import sun.nio.ByteBuffered;

 /**
@ -105,49 +106,37 @@ public abstract class Resource {
        }

        try {
-            if (len != -1) {
-                // Read exactly len bytes from the input stream
-                b = new byte[len];
-                while (len > 0) {
-                    int n = 0;
-                    try {
-                        n = in.read(b, b.length - len, len);
-                    } catch (InterruptedIOException iioe) {
-                        Thread.interrupted();
-                        isInterrupted = true;
-                    }
-                    if (n == -1) {
-                        throw new IOException("unexpected EOF");
-                    }
-                    len -= n;
+            b = new byte[0];
+            if (len == -1) len = Integer.MAX_VALUE;
+            int pos = 0;
+            while (pos < len) {
+                int bytesToRead;
+                if (pos >= b.length) { // Only expand when there's no room
+                    bytesToRead = Math.min(len - pos, b.length + 1024);
+                    if (b.length < pos + bytesToRead) {
+                        b = Arrays.copyOf(b, pos + bytesToRead);
                    }
                } else {
-                // Read until end of stream is reached
-                b = new byte[1024];
-                int total = 0;
-                for (;;) {
-                    len = 0;
+                    bytesToRead = b.length - pos;
+                }
+                int cc = 0;
                try {
-                        len = in.read(b, total, b.length - total);
-                        if (len == -1)
-                            break;
+                    cc = in.read(b, pos, bytesToRead);
                } catch (InterruptedIOException iioe) {
                    Thread.interrupted();
                    isInterrupted = true;
                }
-                    total += len;
-                    if (total >= b.length) {
-                        byte[] tmp = new byte[total * 2];
-                        System.arraycopy(b, 0, tmp, 0, total);
-                        b = tmp;
+                if (cc < 0) {
+                    if (len != Integer.MAX_VALUE) {
+                        throw new EOFException("Detect premature EOF");
+                    } else {
+                        if (b.length != pos) {
+                            b = Arrays.copyOf(b, pos);
+                        }
+                        break;
                    }
                }
-                // Trim array to correct size, if necessary
-                if (total != b.length) {
-                    byte[] tmp = new byte[total];
-                    System.arraycopy(b, 0, tmp, 0, total);
-                    b = tmp;
-                }
+                pos += cc;
            }
        } finally {
            try {
--- a/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java
+++ b/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -44,6 +44,7 @@ import java.lang.reflect.Modifier;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
+import sun.misc.IOUtils;
 import sun.net.www.ParseUtil;
 import sun.security.util.SecurityConstants;

@ -373,34 +374,7 @@ public final class MethodUtil extends SecureClassLoader {

        byte[] b;
        try {
-            if (len != -1) {
-                // Read exactly len bytes from the input stream
-                b = new byte[len];
-                while (len > 0) {
-                    int n = in.read(b, b.length - len, len);
-                    if (n == -1) {
-                        throw new IOException("unexpected EOF");
-                    }
-                    len -= n;
-                }
-            } else {
-                b = new byte[8192];
-                int total = 0;
-                while ((len = in.read(b, total, b.length - total)) != -1) {
-                    total += len;
-                    if (total >= b.length) {
-                        byte[] tmp = new byte[total * 2];
-                        System.arraycopy(b, 0, tmp, 0, total);
-                        b = tmp;
-                    }
-                }
-                // Trim array to correct size, if necessary
-                if (total != b.length) {
-                    byte[] tmp = new byte[total];
-                    System.arraycopy(b, 0, tmp, 0, total);
-                    b = tmp;
-                }
-            }
+            b = IOUtils.readFully(in, len, true);
        } finally {
            in.close();
        }
--- a/jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
@ -0,0 +1,119 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.security.provider.certpath;
+
+import java.util.Set;
+import java.util.Collection;
+import java.util.Locale;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXCertPathChecker;
+
+import sun.security.x509.AlgorithmId;
+
+/**
+ * AlgorithmChecker is a <code>PKIXCertPathChecker</code> that checks that
+ * the signature algorithm of the specified certificate is not disabled.
+ *
+ * @author      Xuelei Fan
+ */
+final public class AlgorithmChecker extends PKIXCertPathChecker {
+
+    // the disabled algorithms
+    private static final String[] disabledAlgorithms = new String[] {"md2"};
+
+    // singleton instance
+    static final AlgorithmChecker INSTANCE = new AlgorithmChecker();
+
+    /**
+     * Default Constructor
+     */
+    private AlgorithmChecker() {
+        // do nothing
+    }
+
+    /**
+     * Return a AlgorithmChecker instance.
+     */
+    static AlgorithmChecker getInstance() {
+        return INSTANCE;
+    }
+
+    /**
+     * Initializes the internal state of the checker from parameters
+     * specified in the constructor.
+     */
+    public void init(boolean forward) throws CertPathValidatorException {
+        // do nothing
+    }
+
+    public boolean isForwardCheckingSupported() {
+        return false;
+    }
+
+    public Set<String> getSupportedExtensions() {
+        return null;
+    }
+
+    /**
+     * Checks the signature algorithm of the specified certificate.
+     */
+    public void check(Certificate cert, Collection<String> unresolvedCritExts)
+            throws CertPathValidatorException {
+        check(cert);
+    }
+
+    public static void check(Certificate cert)
+            throws CertPathValidatorException {
+        X509Certificate xcert = (X509Certificate)cert;
+        check(xcert.getSigAlgName());
+    }
+
+    static void check(AlgorithmId aid) throws CertPathValidatorException {
+        check(aid.getName());
+    }
+
+    static void check(X509CRL crl) throws CertPathValidatorException {
+        check(crl.getSigAlgName());
+    }
+
+    private static void check(String algName)
+            throws CertPathValidatorException {
+
+        String lowerCaseAlgName = algName.toLowerCase(Locale.ENGLISH);
+
+        for (String disabled : disabledAlgorithms) {
+            // checking the signature algorithm name
+            if (lowerCaseAlgName.indexOf(disabled) != -1) {
+                throw new CertPathValidatorException(
+                    "algorithm check failed: " + algName + " is disabled");
+            }
+        }
+    }
+
+}
--- a/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
@ -289,6 +289,16 @@ class DistributionPointFetcher {
        X500Name certIssuer = (X500Name) certImpl.getIssuerDN();
        X500Name crlIssuer = (X500Name) crlImpl.getIssuerDN();

+        // check the crl signature algorithm
+        try {
+            AlgorithmChecker.check(crl);
+        } catch (CertPathValidatorException cpve) {
+            if (debug != null) {
+                debug.println("CRL signature algorithm check failed: " + cpve);
+            }
+            return false;
+        }
+
        // if crlIssuer is set, verify that it matches the issuer of the
        // CRL and the CRL contains an IDP extension with the indirectCRL
        // boolean asserted. Otherwise, verify that the CRL issuer matches the
--- a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
@ -718,6 +718,11 @@ class ForwardBuilder extends Builder {

        /* we don't perform any validation of the trusted cert */
        if (!isTrustedCert) {
+            /*
+             * check that the signature algorithm is not disabled.
+             */
+            AlgorithmChecker.check(cert);
+
            /*
             * Check CRITICAL private extensions for user checkers that
             * support forward checking (forwardCheckers) and remove
--- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
@ -275,6 +275,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
        int certPathLen = certList.size();

        basicChecker = new BasicChecker(anchor, testDate, sigProvider, false);
+        AlgorithmChecker algorithmChecker= AlgorithmChecker.getInstance();
        KeyChecker keyChecker = new KeyChecker(certPathLen,
            pkixParam.getTargetCertConstraints());
        ConstraintsChecker constraintsChecker =
@ -291,6 +292,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi {
        ArrayList<PKIXCertPathChecker> certPathCheckers =
            new ArrayList<PKIXCertPathChecker>();
        // add standard checkers that we will be using
+        certPathCheckers.add(algorithmChecker);
        certPathCheckers.add(keyChecker);
        certPathCheckers.add(constraintsChecker);
        certPathCheckers.add(policyChecker);
--- a/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -347,6 +347,9 @@ class ReverseBuilder extends Builder {
            return;
        }

+        /* check that the signature algorithm is not disabled. */
+        AlgorithmChecker.check(cert);
+
        /*
         * check for looping - abort a loop if
         * ((we encounter the same certificate twice) AND
--- a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java
+++ b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java
@ -34,6 +34,7 @@ import java.util.Iterator;
 import java.util.Set;
 import java.util.Arrays;

+import sun.misc.IOUtils;
 import sun.security.pkcs.*;

 /**
@ -142,25 +143,7 @@ public class HttpTimestamper implements Timestamper {

            int total = 0;
            int contentLength = connection.getContentLength();
-            if (contentLength != -1) {
-                replyBuffer = new byte[contentLength];
-            } else {
-                replyBuffer = new byte[2048];
-                contentLength = Integer.MAX_VALUE;
-            }
-
-            while (total < contentLength) {
-                int count = input.read(replyBuffer, total,
-                                        replyBuffer.length - total);
-                if (count < 0)
-                    break;
-
-                total += count;
-                if (total >= replyBuffer.length && total < contentLength) {
-                    replyBuffer = Arrays.copyOf(replyBuffer, total * 2);
-                }
-            }
-            replyBuffer = Arrays.copyOf(replyBuffer, total);
+            replyBuffer = IOUtils.readFully(input, contentLength, false);

            if (DEBUG) {
                System.out.println("received timestamp response (length=" +
--- a/jdk/src/share/classes/sun/security/util/DerValue.java
+++ b/jdk/src/share/classes/sun/security/util/DerValue.java
@ -28,6 +28,7 @@ package sun.security.util;
 import java.io.*;
 import java.math.BigInteger;
 import java.util.Date;
+import sun.misc.IOUtils;

 /**
 * Represents a single DER-encoded value.  DER encoding rules are a subset
@ -382,12 +383,8 @@ public class DerValue {
        if (fullyBuffered && in.available() != length)
            throw new IOException("extra data given to DerValue constructor");

-        byte[] bytes = new byte[length];
+        byte[] bytes = IOUtils.readFully(in, length, true);

-        // n.b. readFully not needed in normal fullyBuffered case
-        DataInputStream dis = new DataInputStream(in);
-
-        dis.readFully(bytes);
        buffer = new DerInputBuffer(bytes);
        return new DerInputStream(buffer);
    }
--- a/jdk/src/share/classes/sun/security/validator/SimpleValidator.java
+++ b/jdk/src/share/classes/sun/security/validator/SimpleValidator.java
@ -40,6 +40,8 @@ import sun.security.util.DerInputStream;
 import sun.security.util.DerOutputStream;
 import sun.security.util.ObjectIdentifier;

+import sun.security.provider.certpath.AlgorithmChecker;
+
 /**
 * A simple validator implementation. It is based on code from the JSSE
 * X509TrustManagerImpl. This implementation is designed for compatibility with
@ -134,6 +136,13 @@ public final class SimpleValidator extends Validator {
            X509Certificate issuerCert = chain[i + 1];
            X509Certificate cert = chain[i];

+            // check certificate algorithm
+            try {
+                AlgorithmChecker.check(cert);
+            } catch (CertPathValidatorException cpve) {
+                throw new ValidatorException
+                        (ValidatorException.T_ALGORITHM_DISABLED, cert, cpve);
+            }

            // no validity check for code signing certs
            if ((variant.equals(VAR_CODE_SIGNING) == false)
--- a/jdk/src/share/classes/sun/security/validator/ValidatorException.java
+++ b/jdk/src/share/classes/sun/security/validator/ValidatorException.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2003 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -55,6 +55,9 @@ public class ValidatorException extends CertificateException {
    public final static Object T_NAME_CHAINING =
        "Certificate chaining error";

+    public final static Object T_ALGORITHM_DISABLED =
+        "Certificate signature algorithm disabled";
+
    private Object type;
    private X509Certificate cert;

--- a/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java
+++ b/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -472,6 +472,18 @@ public class ZoneInfoFile {

    private static Map<String, ZoneInfo> zoneInfoObjects = null;

+    private static final String ziDir;
+    static {
+        String zi = (String) AccessController.doPrivileged(
+                         new sun.security.action.GetPropertyAction("java.home"))
+                    + File.separator + "lib" + File.separator + "zi";
+        try {
+            zi = new File(zi).getCanonicalPath();
+        } catch (Exception e) {
+        }
+        ziDir = zi;
+    }
+
    /**
     * Converts the given time zone ID to a platform dependent path
     * name. For example, "America/Los_Angeles" is converted to
@ -576,20 +588,7 @@ public class ZoneInfoFile {
            return null;
        }

-        int index;
-        for (index = 0; index < JAVAZI_LABEL.length; index++) {
-            if (buf[index] != JAVAZI_LABEL[index]) {
-                System.err.println("ZoneInfo: wrong magic number: " + id);
-                return null;
-            }
-        }
-
-        if (buf[index++] > JAVAZI_VERSION) {
-            System.err.println("ZoneInfo: incompatible version ("
-                               + buf[index - 1] + "): " + id);
-            return null;
-        }
-
+        int index = 0;
        int filesize = buf.length;
        int rawOffset = 0;
        int dstSavings = 0;
@ -600,6 +599,18 @@ public class ZoneInfoFile {
        int[] simpleTimeZoneParams = null;

        try {
+            for (index = 0; index < JAVAZI_LABEL.length; index++) {
+                if (buf[index] != JAVAZI_LABEL[index]) {
+                    System.err.println("ZoneInfo: wrong magic number: " + id);
+                    return null;
+                }
+            }
+            if (buf[index++] > JAVAZI_VERSION) {
+                System.err.println("ZoneInfo: incompatible version ("
+                                   + buf[index - 1] + "): " + id);
+                return null;
+            }
+
            while (index < filesize) {
                byte tag = buf[index++];
                int  len = ((buf[index++] & 0xFF) << 8) + (buf[index++] & 0xFF);
@ -1017,30 +1028,33 @@ public class ZoneInfoFile {
     * Reads the specified file under &lt;java.home&gt;/lib/zi into a buffer.
     * @return the buffer, or null if any I/O error occurred.
     */
-    private static byte[] readZoneInfoFile(String fileName) {
+    private static byte[] readZoneInfoFile(final String fileName) {
        byte[] buffer = null;

        try {
-            String homeDir = AccessController.doPrivileged(
-                new sun.security.action.GetPropertyAction("java.home"));
-            final String fname = homeDir + File.separator + "lib" + File.separator
-                                 + "zi" + File.separator + fileName;
            buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() {
                public Object run() throws IOException {
-                    File file = new File(fname);
-                    if (!file.canRead()) {
+                    File file = new File(ziDir, fileName);
+                    if (!file.exists() || !file.isFile()) {
                        return null;
                    }
+                    file = file.getCanonicalFile();
+                    String path = file.getCanonicalPath();
+                    byte[] buf = null;
+                    if (path != null && path.startsWith(ziDir)) {
                        int filesize = (int)file.length();
-                    byte[] buf = new byte[filesize];
-
+                        if (filesize > 0) {
                            FileInputStream fis = new FileInputStream(file);
-
+                            buf = new byte[filesize];
+                            try {
                                if (fis.read(buf) != filesize) {
-                        fis.close();
-                        throw new IOException("read error on " + fname);
+                                    throw new IOException("read error on " + fileName);
                                }
+                            } finally {
                                fis.close();
+                            }
+                        }
+                    }
                    return buf;
                }
            });
--- a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c
+++ b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c
@ -142,84 +142,6 @@ Java_sun_awt_image_ImageRepresentation_setICMpixels(JNIEnv *env, jclass cls,

 }

-JNIEXPORT void JNICALL
-Java_sun_awt_image_ImageRepresentation_setBytePixels(JNIEnv *env, jclass cls,
-                                                     jint x, jint y, jint w,
-                                                     jint h, jbyteArray jpix,
-                                                     jint off, jint scansize,
-                                                     jobject jbct,
-                                                     jint chanOffs)
-{
-    int sStride;
-    int pixelStride;
-    jobject jdata;
-    unsigned char *srcData;
-    unsigned char *dstData;
-    unsigned char *dataP;
-    unsigned char *pixP;
-    int i;
-    int j;
-
-
-    if (JNU_IsNull(env, jpix)) {
-        JNU_ThrowNullPointerException(env, "NullPointerException");
-        return;
-    }
-
-    sStride = (*env)->GetIntField(env, jbct, g_BCRscanstrID);
-    pixelStride = (*env)->GetIntField(env, jbct, g_BCRpixstrID);
-    jdata = (*env)->GetObjectField(env, jbct, g_BCRdataID);
-
-    srcData = (unsigned char *) (*env)->GetPrimitiveArrayCritical(env, jpix,
-                                                                  NULL);
-    if (srcData == NULL) {
-        /* out of memory error already thrown */
-        return;
-    }
-
-    dstData = (unsigned char *) (*env)->GetPrimitiveArrayCritical(env, jdata,
-                                                                  NULL);
-    if (dstData == NULL) {
-        /* out of memory error already thrown */
-        (*env)->ReleasePrimitiveArrayCritical(env, jpix, srcData, JNI_ABORT);
-        return;
-    }
-
-    dataP = dstData + chanOffs + y*sStride + x*pixelStride;
-    pixP  = srcData + off;
-    if (pixelStride == 1) {
-        if (sStride == scansize && scansize == w) {
-            memcpy(dataP, pixP, w*h);
-        }
-        else {
-            for (i=0; i < h; i++) {
-                memcpy(dataP, pixP, w);
-                dataP += sStride;
-                pixP  += scansize;
-            }
-        }
-    }
-    else {
-        unsigned char *ydataP = dataP;
-        unsigned char *ypixP  = pixP;
-
-        for (i=0; i < h; i++) {
-            dataP = ydataP;
-            pixP = ypixP;
-            for (j=0; j < w; j++) {
-                *dataP = *pixP++;
-                dataP += pixelStride;
-            }
-            ydataP += sStride;
-            ypixP  += scansize;
-        }
-    }
-
-    (*env)->ReleasePrimitiveArrayCritical(env, jpix, srcData, JNI_ABORT);
-    (*env)->ReleasePrimitiveArrayCritical(env, jdata, dstData, JNI_ABORT);
-
-}
-
 JNIEXPORT jint JNICALL
 Java_sun_awt_image_ImageRepresentation_setDiffICM(JNIEnv *env, jclass cls,
                                                  jint x, jint y, jint w,
@ -266,6 +188,13 @@ Java_sun_awt_image_ImageRepresentation_setDiffICM(JNIEnv *env, jclass cls,
    jnewlut = (*env)->GetObjectField(env, jicm, g_ICMrgbID);
    mapSize = (*env)->GetIntField(env, jicm, g_ICMmapSizeID);

+    if (numLut < 0 || numLut > 256 || mapSize < 0 || mapSize > 256) {
+        /* Ether old or new ICM has a palette that exceeds capacity
+           of byte data type, so we have to convert the image data
+           to default representation.
+        */
+        return 0;
+    }
    srcLUT = (unsigned int *) (*env)->GetPrimitiveArrayCritical(env, jlut,
                                                                NULL);
    if (srcLUT == NULL) {
--- a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
+++ b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
@ -676,6 +676,10 @@ static int setQTables(JNIEnv *env,
 #ifdef DEBUG_IIO_JPEG
    printf("in setQTables, qlen = %d, write is %d\n", qlen, write);
 #endif
+    if (qlen > NUM_QUANT_TBLS) {
+        /* Ignore extra qunterization tables. */
+        qlen = NUM_QUANT_TBLS;
+    }
    for (i = 0; i < qlen; i++) {
        table = (*env)->GetObjectArrayElement(env, qtables, i);
        qdata = (*env)->GetObjectField(env, table, JPEGQTable_tableID);
@ -727,6 +731,11 @@ static void setHuffTable(JNIEnv *env,
    hlensBody = (*env)->GetShortArrayElements(env,
                                              huffLens,
                                              NULL);
+    if (hlensLen > 16) {
+        /* Ignore extra elements of bits array. Only 16 elements can be
+           stored. 0-th element is not used. (see jpeglib.h, line 107)  */
+        hlensLen = 16;
+    }
    for (i = 1; i <= hlensLen; i++) {
        huff_ptr->bits[i] = (UINT8)hlensBody[i-1];
    }
@ -743,6 +752,11 @@ static void setHuffTable(JNIEnv *env,
                                              huffValues,
                                              NULL);

+    if (hvalsLen > 256) {
+        /* Ignore extra elements of hufval array. Only 256 elements
+           can be stored. (see jpeglib.h, line 109)                  */
+        hlensLen = 256;
+    }
    for (i = 0; i < hvalsLen; i++) {
        huff_ptr->huffval[i] = (UINT8)hvalsBody[i];
    }
@ -763,6 +777,11 @@ static int setHTables(JNIEnv *env,
    j_compress_ptr comp;
    j_decompress_ptr decomp;
    jsize hlen = (*env)->GetArrayLength(env, DCHuffmanTables);
+
+    if (hlen > NUM_HUFF_TBLS) {
+        /* Ignore extra DC huffman tables. */
+        hlen = NUM_HUFF_TBLS;
+    }
    for (i = 0; i < hlen; i++) {
        if (cinfo->is_decompressor) {
            decomp = (j_decompress_ptr) cinfo;
@ -784,6 +803,10 @@ static int setHTables(JNIEnv *env,
        huff_ptr->sent_table = !write;
    }
    hlen = (*env)->GetArrayLength(env, ACHuffmanTables);
+    if (hlen > NUM_HUFF_TBLS) {
+        /* Ignore extra AC huffman tables. */
+        hlen = NUM_HUFF_TBLS;
+    }
    for (i = 0; i < hlen; i++) {
        if (cinfo->is_decompressor) {
            decomp = (j_decompress_ptr) cinfo;
@ -1833,6 +1856,13 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
        return JNI_FALSE;
    }

+    if (stepX > cinfo->image_width) {
+        stepX = cinfo->image_width;
+    }
+    if (stepY > cinfo->image_height) {
+        stepY = cinfo->image_height;
+    }
+
    /*
     * First get the source bands array and copy it to our local array
     * so we don't have to worry about pinning and unpinning it again.
--- a/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java
+++ b/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java
@ -134,7 +134,7 @@ public class X11GraphicsDevice
                makeConfigurations();
            }
        }
-        return configs;
+        return configs.clone();
    }

    private void makeConfigurations() {
--- a/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java
+++ b/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java
@ -165,7 +165,7 @@ public class Win32GraphicsDevice extends GraphicsDevice implements
                if (defaultConfig != null) {
                    configs = new GraphicsConfiguration[1];
                    configs[0] = defaultConfig;
-                    return configs;
+                    return configs.clone();
                }
            }

@ -196,7 +196,7 @@ public class Win32GraphicsDevice extends GraphicsDevice implements
            configs = new GraphicsConfiguration[v.size()];
            v.copyInto(configs);
        }
-        return configs;
+        return configs.clone();
    }

    /**
--- a/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java
+++ b/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java
@ -429,7 +429,7 @@ public class D3DGraphicsDevice extends Win32GraphicsDevice {
                if (defaultConfig != null) {
                    configs = new GraphicsConfiguration[1];
                    configs[0] = defaultConfig;
-                    return configs;
+                    return configs.clone();
                }
            }
        }
--- a/jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java
+++ b/jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java
@ -0,0 +1,118 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug     6822057
+ *
+ * @summary Test verifies that list of supported graphics configurations
+ *          can not be changed via modification of elements of an array
+ *          returned by getConfiguration() method.
+ *
+ * @run     main CloneConfigsTest
+ * @run     main/othervm -Dsun.java2d.opengl=True CloneConfigsTest
+ * @run     main/othervm -Dsun.java2d.d3d=true CloneConfigsTest
+ * @run     main/othervm -Dsun.java2d.noddraw=true CloneConfigsTest
+ */
+
+import java.awt.GraphicsConfiguration;
+import java.awt.GraphicsDevice;
+import java.awt.GraphicsEnvironment;
+import java.awt.Rectangle;
+import java.awt.geom.AffineTransform;
+import java.awt.image.BufferedImage;
+import java.awt.image.ColorModel;
+
+public class CloneConfigsTest {
+
+    public static void main(String[] args) {
+        GraphicsEnvironment env =
+                GraphicsEnvironment.getLocalGraphicsEnvironment();
+
+        GraphicsDevice[] devices = env.getScreenDevices();
+
+        GraphicsConfiguration c = new TestConfig();
+
+        for (GraphicsDevice gd : devices) {
+            System.out.println("Device: " + gd);
+
+            GraphicsConfiguration[] configs = gd.getConfigurations();
+
+            for (int i = 0; i < configs.length; i++) {
+                GraphicsConfiguration gc  = configs[i];
+                System.out.println("\tConfig: " + gc);
+
+                configs[i] = c;
+            }
+
+            // verify whether array of configs was modified
+            configs = gd.getConfigurations();
+            for (GraphicsConfiguration gc : configs) {
+                if (gc == c) {
+                    throw new RuntimeException("Test failed.");
+                }
+            }
+            System.out.println("Test passed.");
+        }
+    }
+
+    private static class TestConfig extends GraphicsConfiguration {
+
+        @Override
+        public GraphicsDevice getDevice() {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public BufferedImage createCompatibleImage(int width, int height) {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public ColorModel getColorModel() {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public ColorModel getColorModel(int transparency) {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public AffineTransform getDefaultTransform() {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public AffineTransform getNormalizingTransform() {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+        @Override
+        public Rectangle getBounds() {
+            throw new UnsupportedOperationException("Not supported yet.");
+        }
+
+    }
+
+}
--- a/jdk/test/java/lang/ClassLoader/UninitializedParent.java
+++ b/jdk/test/java/lang/ClassLoader/UninitializedParent.java
@ -0,0 +1,68 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6636650
+ * @summary Uninitialized class loaders should not be a parent of other
+ *          class loaders.
+ */
+
+
+import java.net.*;
+
+public class UninitializedParent {
+    private static ClassLoader loader;
+    public static void main(String[] args) throws Exception {
+        System.setSecurityManager(new SecurityManager());
+
+        // Create an uninitialized class loader
+        try {
+            new ClassLoader(null) {
+                @Override
+                protected void finalize() {
+                    loader = this;
+                }
+            };
+        } catch (SecurityException exc) {
+            // Expected
+        }
+        System.gc();
+        System.runFinalization();
+
+        // if 'loader' isn't null, need to ensure that it can't be used as
+        // parent
+        if (loader != null) {
+            try {
+                // Create a class loader with 'loader' being the parent
+                URLClassLoader child = URLClassLoader.newInstance
+                    (new URL[0], loader);
+                throw new RuntimeException("Test Failed!");
+            } catch (SecurityException se) {
+                System.out.println("Test Passed: Exception thrown");
+            }
+        } else {
+            System.out.println("Test Passed: Loader is null");
+        }
+    }
+}
--- a/jdk/test/javax/swing/Security/6657138/ComponentTest.java
+++ b/jdk/test/javax/swing/Security/6657138/ComponentTest.java
@ -0,0 +1,76 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657138
+ * @summary Verifies that buttons and labels work well after the fix for 6657138
+ * @author Alexander Potochkin
+ */
+
+import sun.awt.SunToolkit;
+
+import javax.swing.*;
+import java.awt.*;
+
+public class ComponentTest extends JFrame {
+    private static JFrame frame;
+
+    public ComponentTest() {
+        setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+        setLayout(new FlowLayout());
+        add(new JButton("JButton"));
+        add(new JToggleButton("JToggleButton"));
+        add(new JCheckBox("JCheckBox"));
+        add(new JRadioButton("JRadioButton"));
+        add(new JLabel("JLabel"));
+        pack();
+        setLocationRelativeTo(null);
+    }
+
+
+    public static void main(String[] args) throws Exception {
+        SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit();
+        SwingUtilities.invokeAndWait(new Runnable() {
+            public void run() {
+                frame = new ComponentTest();
+                frame.setVisible(true);
+            }
+        });
+        toolkit.realSync();
+        UIManager.LookAndFeelInfo[] lafs = UIManager.getInstalledLookAndFeels();
+        for (final UIManager.LookAndFeelInfo laf : lafs) {
+            SwingUtilities.invokeAndWait(new Runnable() {
+                public void run() {
+                    try {
+                        UIManager.setLookAndFeel(laf.getClassName());
+                    } catch (Exception e) {
+                        new RuntimeException(e);
+                    }
+                    SwingUtilities.updateComponentTreeUI(frame);
+                }
+            });
+            toolkit.realSync();
+        }
+    }
+}
--- a/jdk/test/javax/swing/Security/6657138/bug6657138.java
+++ b/jdk/test/javax/swing/Security/6657138/bug6657138.java
@ -0,0 +1,103 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657138
+ * @summary Verifies that buttons and labels don't share their ui's across appContexts
+ * @author Alexander Potochkin
+ */
+
+import sun.awt.SunToolkit;
+
+import javax.swing.*;
+import javax.swing.plaf.ButtonUI;
+import javax.swing.plaf.ComponentUI;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+public class bug6657138 implements Runnable {
+
+    private static Map<JComponent, Map<String, ComponentUI>> componentMap =
+            Collections.synchronizedMap(
+            new HashMap<JComponent, Map<String, ComponentUI>>());
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        try {
+            testUIMap();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static void testUIMap() throws Exception {
+        UIManager.LookAndFeelInfo[] lafs = UIManager.getInstalledLookAndFeels();
+        Set<JComponent> components = componentMap.keySet();
+        for (JComponent c : components) {
+            Map<String, ComponentUI> uiMap = componentMap.get(c);
+
+            for (UIManager.LookAndFeelInfo laf : lafs) {
+                if ("Nimbus".equals(laf.getName())) {
+                    // for some unclear reasons
+                    // Nimbus ui delegate for a button is null
+                    // when this method is called from the new AppContext
+                    continue;
+                }
+                String className = laf.getClassName();
+                UIManager.setLookAndFeel(className);
+                ComponentUI ui = UIManager.getUI(c);
+                if (ui == null) {
+                    throw new RuntimeException("UI is null for " + c);
+                }
+                if (ui == uiMap.get(laf.getName())) {
+                    throw new RuntimeException(
+                            "Two AppContexts share the same UI delegate! \n" +
+                                    c + "\n" + ui);
+                }
+                uiMap.put(laf.getName(), ui);
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        componentMap.put(new JButton("JButton"),
+                new HashMap<String, ComponentUI>());
+        componentMap.put(new JToggleButton("JToggleButton"),
+                new HashMap<String, ComponentUI>());
+        componentMap.put(new JRadioButton("JRadioButton"),
+                new HashMap<String, ComponentUI>());
+        componentMap.put(new JCheckBox("JCheckBox"),
+                new HashMap<String, ComponentUI>());
+        componentMap.put(new JCheckBox("JLabel"),
+                new HashMap<String, ComponentUI>());
+        testUIMap();
+        ThreadGroup group = new ThreadGroup("6657138");
+        Thread thread = new Thread(group, new bug6657138());
+        thread.start();
+        thread.join();
+    }
+}
+
--- a/jdk/test/javax/swing/ToolTipManager/Test6657026.java
+++ b/jdk/test/javax/swing/ToolTipManager/Test6657026.java
@ -0,0 +1,74 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared ToolTipManager in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+import javax.swing.ToolTipManager;
+
+public class Test6657026 implements Runnable {
+
+    private static final int DISMISS = 4000;
+    private static final int INITIAL = 750;
+    private static final int RESHOW = 500;
+
+    public static void main(String[] args) throws InterruptedException {
+        ToolTipManager manager = ToolTipManager.sharedInstance();
+        if (DISMISS != manager.getDismissDelay()) {
+            throw new Error("unexpected dismiss delay");
+        }
+        if (INITIAL != manager.getInitialDelay()) {
+            throw new Error("unexpected initial delay");
+        }
+        if (RESHOW != manager.getReshowDelay()) {
+            throw new Error("unexpected reshow delay");
+        }
+        manager.setDismissDelay(DISMISS + 1);
+        manager.setInitialDelay(INITIAL + 1);
+        manager.setReshowDelay(RESHOW + 1);
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        ToolTipManager manager = ToolTipManager.sharedInstance();
+        if (DISMISS != manager.getDismissDelay()) {
+            throw new Error("shared dismiss delay");
+        }
+        if (INITIAL != manager.getInitialDelay()) {
+            throw new Error("shared initial delay");
+        }
+        if (RESHOW != manager.getReshowDelay()) {
+            throw new Error("shared reshow delay");
+        }
+    }
+}
--- a/jdk/test/javax/swing/UIManager/Test6657026.java
+++ b/jdk/test/javax/swing/UIManager/Test6657026.java
@ -0,0 +1,59 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared UIManager in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+
+import javax.swing.UIManager;
+import javax.swing.UIManager.LookAndFeelInfo;
+
+public class Test6657026 implements Runnable {
+
+    public static void main(String[] args) throws Exception {
+        if (UIManager.getInstalledLookAndFeels().length == 0) {
+            throw new Error("unexpected amount of look&feels");
+        }
+        UIManager.setInstalledLookAndFeels(new LookAndFeelInfo[0]);
+        if (UIManager.getInstalledLookAndFeels().length != 0) {
+            throw new Error("unexpected amount of look&feels");
+        }
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        if (UIManager.getInstalledLookAndFeels().length == 0) {
+            throw new Error("shared look&feels");
+        }
+    }
+}
--- a/jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java
+++ b/jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java
@ -0,0 +1,82 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared BasicSplitPaneUI in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+
+import java.awt.event.ActionEvent;
+import java.util.Set;
+import javax.swing.JSplitPane;
+import javax.swing.plaf.basic.BasicSplitPaneUI;
+
+public class Test6657026 extends BasicSplitPaneUI implements Runnable {
+
+    public static void main(String[] args) throws InterruptedException {
+        if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()){
+            throw new Error("unexpected traversal keys");
+        }
+        new JSplitPane() {
+            public void setFocusTraversalKeys(int id, Set keystrokes) {
+                keystrokes.clear();
+                super.setFocusTraversalKeys(id, keystrokes);
+            }
+        };
+        if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()) {
+            throw new Error("shared traversal keys");
+        }
+        KEYBOARD_DIVIDER_MOVE_OFFSET = -KEYBOARD_DIVIDER_MOVE_OFFSET;
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()) {
+            throw new Error("shared traversal keys");
+        }
+        JSplitPane pane = new JSplitPane();
+        pane.setUI(this);
+
+        createFocusListener().focusGained(null); // allows actions
+        test(pane, "positiveIncrement", 3);
+        test(pane, "negativeIncrement", 0);
+    }
+
+    private static void test(JSplitPane pane, String action, int expected) {
+        ActionEvent event = new ActionEvent(pane, expected, action);
+        pane.getActionMap().get(action).actionPerformed(event);
+        int actual = pane.getDividerLocation();
+        if (actual != expected) {
+            throw new Error(actual + ", but expected " + expected);
+        }
+    }
+}
--- a/jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java
+++ b/jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java
@ -0,0 +1,91 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests constancy of borders
+ * @author Sergey Malenkov
+ */
+
+import java.awt.Insets;
+import javax.swing.border.Border;
+import javax.swing.plaf.metal.MetalBorders.ButtonBorder;
+import javax.swing.plaf.metal.MetalBorders.MenuBarBorder;
+import javax.swing.plaf.metal.MetalBorders.MenuItemBorder;
+import javax.swing.plaf.metal.MetalBorders.PopupMenuBorder;
+
+public class Test6657026 {
+
+    private static final Insets NEGATIVE = new Insets(Integer.MIN_VALUE,
+                                                      Integer.MIN_VALUE,
+                                                      Integer.MIN_VALUE,
+                                                      Integer.MIN_VALUE);
+
+    public static void main(String[] args) {
+        new ButtonBorder() {{borderInsets = NEGATIVE;}};
+        new MenuBarBorder() {{borderInsets = NEGATIVE;}};
+        new MenuItemBorder() {{borderInsets = NEGATIVE;}};
+        new PopupMenuBorder() {{borderInsets = NEGATIVE;}};
+
+        test(create("ButtonBorder"));
+        test(create("MenuBarBorder"));
+        test(create("MenuItemBorder"));
+        test(create("PopupMenuBorder"));
+
+        test(create("Flush3DBorder"));
+        test(create("InternalFrameBorder"));
+        // NOT USED: test(create("FrameBorder"));
+        // NOT USED: test(create("DialogBorder"));
+        test(create("PaletteBorder"));
+        test(create("OptionDialogBorder"));
+        test(create("ScrollPaneBorder"));
+    }
+
+    private static Border create(String name) {
+        try {
+            name = "javax.swing.plaf.metal.MetalBorders$" + name;
+            return (Border) Class.forName(name).newInstance();
+        }
+        catch (Exception exception) {
+            throw new Error("unexpected exception", exception);
+        }
+    }
+
+    private static void test(Border border) {
+        Insets actual = border.getBorderInsets(null);
+        if (NEGATIVE.equals(actual)) {
+            throw new Error("unexpected insets in " + border.getClass());
+        }
+        Insets expected = (Insets) actual.clone();
+        // modify
+        actual.top++;
+        actual.left++;
+        actual.right++;
+        actual.bottom++;
+        // validate
+        if (!expected.equals(border.getBorderInsets(null))) {
+            throw new Error("shared insets in " + border.getClass());
+        }
+    }
+}
--- a/jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java
+++ b/jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java
@ -0,0 +1,238 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared MetalBumps in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+
+import java.awt.Color;
+import java.awt.Component;
+import java.awt.Font;
+import java.awt.FontMetrics;
+import java.awt.Graphics;
+import java.awt.Image;
+import java.awt.Rectangle;
+import java.awt.Shape;
+import java.awt.image.BufferedImage;
+import java.awt.image.ImageObserver;
+import java.text.AttributedCharacterIterator;
+import javax.swing.Icon;
+import javax.swing.plaf.metal.MetalBorders.ToolBarBorder;
+
+public class Test6657026 extends ToolBarBorder implements Runnable {
+
+    public static void main(String[] args) throws Exception {
+        new Test6657026().test();
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        test();
+    }
+
+    private void test() {
+        MyGraphics mg = new MyGraphics();
+        Icon icon = bumps;
+        icon.paintIcon(mg.component, mg, 0, 0);
+        if (mg.image != null) {
+            boolean failed = true;
+            int value = mg.image.getRGB(0, 0);
+            for (int x = 0; x < mg.image.getWidth(); x++) {
+                for (int y = 0; y < mg.image.getHeight(); y++) {
+                    int current = mg.image.getRGB(x, y);
+                    if (current != value) {
+                        mg.image.setRGB(x, y, value);
+                        failed = false;
+                    }
+
+                }
+            }
+            if (failed) {
+                throw new Error("shared metal bumps");
+            }
+        }
+    }
+
+    private static class MyGraphics extends Graphics {
+
+        private final Component component = new Component() {};
+        private BufferedImage image;
+
+        public Graphics create() {
+            return null;  // TODO: check
+        }
+
+        public void translate(int x, int y) {
+            // TODO: check
+        }
+
+        public Color getColor() {
+            return null;  // TODO: check
+        }
+
+        public void setColor(Color color) {
+            // TODO: check
+        }
+
+        public void setPaintMode() {
+            // TODO: check
+        }
+
+        public void setXORMode(Color c1) {
+            // TODO: check
+        }
+
+        public Font getFont() {
+            return null;  // TODO: check
+        }
+
+        public void setFont(Font font) {
+            // TODO: check
+        }
+
+        public FontMetrics getFontMetrics(Font font) {
+            return null;  // TODO: check
+        }
+
+        public Rectangle getClipBounds() {
+            return null;  // TODO: check
+        }
+
+        public void clipRect(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public void setClip(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public Shape getClip() {
+            return null;  // TODO: check
+        }
+
+        public void setClip(Shape clip) {
+            // TODO: check
+        }
+
+        public void copyArea(int x, int y, int width, int height, int dx, int dy) {
+            // TODO: check
+        }
+
+        public void drawLine(int x1, int y1, int x2, int y2) {
+            // TODO: check
+        }
+
+        public void fillRect(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public void clearRect(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public void drawRoundRect(int x, int y, int width, int height, int arcWidth, int arcHeight) {
+            // TODO: check
+        }
+
+        public void fillRoundRect(int x, int y, int width, int height, int arcWidth, int arcHeight) {
+            // TODO: check
+        }
+
+        public void drawOval(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public void fillOval(int x, int y, int width, int height) {
+            // TODO: check
+        }
+
+        public void drawArc(int x, int y, int width, int height, int startAngle, int arcAngle) {
+            // TODO: check
+        }
+
+        public void fillArc(int x, int y, int width, int height, int startAngle, int arcAngle) {
+            // TODO: check
+        }
+
+        public void drawPolyline(int[] xPoints, int[] yPoints, int nPoints) {
+            // TODO: check
+        }
+
+        public void drawPolygon(int[] xPoints, int[] yPoints, int nPoints) {
+            // TODO: check
+        }
+
+        public void fillPolygon(int[] xPoints, int[] yPoints, int nPoints) {
+            // TODO: check
+        }
+
+        public void drawString(String str, int x, int y) {
+            // TODO: check
+        }
+
+        public void drawString(AttributedCharacterIterator iterator, int x, int y) {
+            // TODO: check
+        }
+
+        public boolean drawImage(Image img, int x, int y, ImageObserver observer) {
+            return false;  // TODO: check
+        }
+
+        public boolean drawImage(Image img, int x, int y, int width, int height, ImageObserver observer) {
+            return false;  // TODO: check
+        }
+
+        public boolean drawImage(Image img, int x, int y, Color bgcolor, ImageObserver observer) {
+            return false;  // TODO: check
+        }
+
+        public boolean drawImage(Image img, int x, int y, int width, int height, Color bgcolor, ImageObserver observer) {
+            return false;  // TODO: check
+        }
+
+        public boolean drawImage(Image img, int dx1, int dy1, int dx2, int dy2, int sx1, int sy1, int sx2, int sy2, ImageObserver observer) {
+            if (img instanceof BufferedImage) {
+                this.image = (BufferedImage) img;
+            }
+            return false;  // TODO: check
+        }
+
+        public boolean drawImage(Image img, int dx1, int dy1, int dx2, int dy2, int sx1, int sy1, int sx2, int sy2, Color bgcolor, ImageObserver observer) {
+            return false;  // TODO: check
+        }
+
+        public void dispose() {
+            // TODO: check
+        }
+    }
+}
--- a/jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java
+++ b/jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java
@ -0,0 +1,60 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared MetalInternalFrameUI in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+
+import javax.swing.JInternalFrame;
+import javax.swing.JPanel;
+import javax.swing.UIManager;
+import javax.swing.plaf.metal.MetalInternalFrameUI;
+import javax.swing.plaf.metal.MetalLookAndFeel;
+
+public class Test6657026 extends MetalInternalFrameUI implements Runnable {
+
+    public static void main(String[] args) throws Exception {
+        UIManager.setLookAndFeel(new MetalLookAndFeel());
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+
+        new JInternalFrame().setContentPane(new JPanel());
+    }
+
+    public Test6657026() {
+        super(null);
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        IS_PALETTE = JInternalFrame.CONTENT_PANE_PROPERTY;
+    }
+}
--- a/jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java
+++ b/jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java
@ -0,0 +1,67 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6657026
+ * @summary Tests shared MetalSliderUI in different application contexts
+ * @author Sergey Malenkov
+ */
+
+import sun.awt.SunToolkit;
+
+import javax.swing.JSlider;
+import javax.swing.UIManager;
+import javax.swing.plaf.metal.MetalLookAndFeel;
+import javax.swing.plaf.metal.MetalSliderUI;
+
+public class Test6657026 extends MetalSliderUI implements Runnable {
+
+    public static void main(String[] args) throws Exception {
+        UIManager.setLookAndFeel(new MetalLookAndFeel());
+        JSlider slider = new JSlider();
+        test(slider);
+
+        ThreadGroup group = new ThreadGroup("$$$");
+        Thread thread = new Thread(group, new Test6657026());
+        thread.start();
+        thread.join();
+
+        test(slider);
+    }
+
+    public void run() {
+        SunToolkit.createNewAppContext();
+        JSlider slider = new JSlider();
+        test(slider);
+        tickLength = -10000;
+    }
+
+    private static void test(JSlider slider) {
+        MetalSliderUI ui = (MetalSliderUI) slider.getUI();
+        int actual = ui.getTickLength();
+        if (actual != 11) {
+            throw new Error(actual + ", but expected 11");
+        }
+    }
+}
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java
@ -0,0 +1,442 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ *
+ * @bug 6861062
+ * @summary Disable MD2 support
+ *
+ * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_1024 0 true
+ * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_512  0 true
+ * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_1024 1 true
+ * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_512  1 true
+ * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_1024  1 true
+ * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_512  1 true
+ * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_1024  1 false
+ * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_512  1 false
+ * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_1024  2 true
+ * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_512  2 true
+ * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_1024  2 true
+ * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_512  2 true
+ * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_1024  2 false
+ * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_512  2 false
+ *
+ * @author Xuelei Fan
+ */
+
+import java.io.*;
+import java.net.SocketException;
+import java.util.*;
+import java.security.Security;
+import java.security.cert.*;
+import sun.security.util.DerInputStream;
+
+public class CPBuilder {
+
+    // SHA1withRSA 1024
+    static String trustAnchor_SHA1withRSA_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+        "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" +
+        "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" +
+        "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" +
+        "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" +
+        "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
+        "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" +
+        "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" +
+        "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" +
+        "tas=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512
+    static String trustAnchor_SHA1withRSA_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
+        "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" +
+        "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
+        "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" +
+        "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
+        "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" +
+        "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" +
+        "U5r+8B9nzx+j2Zh3kw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String intermediate_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" +
+        "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" +
+        "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" +
+        "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String intermediate_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" +
+        "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" +
+        "w6Dd\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String intermediate_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" +
+        "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" +
+        "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String intermediate_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" +
+        "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 1024
+    static String intermediate_MD2withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" +
+        "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" +
+        "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" +
+        "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 512
+    static String intermediate_MD2withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" +
+        "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" +
+        "KQdp\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String endentiry_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
+        "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" +
+        "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" +
+        "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String endentiry_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
+        "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" +
+        "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String endentiry_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
+        "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
+        "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" +
+        "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" +
+        "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" +
+        "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String endentiry_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
+        "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
+        "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" +
+        "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" +
+        "TMU6m7N0\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 1024
+    static String endentiry_MD2withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
+        "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" +
+        "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" +
+        "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 512
+    static String endentiry_MD2withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
+        "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" +
+        "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" +
+        "-----END CERTIFICATE-----";
+
+    static HashMap<String, String> certmap = new HashMap<String, String>();
+    static {
+        certmap.put("trustAnchor_SHA1withRSA_1024",
+                                    trustAnchor_SHA1withRSA_1024);
+        certmap.put("trustAnchor_SHA1withRSA_512",
+                                    trustAnchor_SHA1withRSA_512);
+        certmap.put("intermediate_SHA1withRSA_1024_1024",
+                                    intermediate_SHA1withRSA_1024_1024);
+        certmap.put("intermediate_SHA1withRSA_1024_512",
+                                    intermediate_SHA1withRSA_1024_512);
+        certmap.put("intermediate_SHA1withRSA_512_1024",
+                                    intermediate_SHA1withRSA_512_1024);
+        certmap.put("intermediate_SHA1withRSA_512_512",
+                                    intermediate_SHA1withRSA_512_512);
+        certmap.put("intermediate_MD2withRSA_1024_1024",
+                                    intermediate_MD2withRSA_1024_1024);
+        certmap.put("intermediate_MD2withRSA_1024_512",
+                                    intermediate_MD2withRSA_1024_512);
+        certmap.put("endentiry_SHA1withRSA_1024_1024",
+                                    endentiry_SHA1withRSA_1024_1024);
+        certmap.put("endentiry_SHA1withRSA_1024_512",
+                                    endentiry_SHA1withRSA_1024_512);
+        certmap.put("endentiry_SHA1withRSA_512_1024",
+                                    endentiry_SHA1withRSA_512_1024);
+        certmap.put("endentiry_SHA1withRSA_512_512",
+                                    endentiry_SHA1withRSA_512_512);
+        certmap.put("endentiry_MD2withRSA_1024_1024",
+                                    endentiry_MD2withRSA_1024_1024);
+        certmap.put("endentiry_MD2withRSA_1024_512",
+                                    endentiry_MD2withRSA_1024_512);
+    }
+
+    private static Set<TrustAnchor> generateTrustAnchors()
+            throws CertificateException {
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+
+        ByteArrayInputStream is =
+            new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
+        Certificate cert = cf.generateCertificate(is);
+        TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
+        cert = cf.generateCertificate(is);
+        anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        return anchors;
+    }
+
+    private static CertStore generateCertificateStore() throws Exception {
+        Collection entries = new HashSet();
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        for (String key : certmap.keySet()) {
+            String certStr = certmap.get(key);
+            ByteArrayInputStream is =
+                        new ByteArrayInputStream(certStr.getBytes());;
+            Certificate cert = cf.generateCertificate(is);
+            entries.add(cert);
+        }
+
+        return CertStore.getInstance("Collection",
+                            new CollectionCertStoreParameters(entries));
+    }
+
+    private static X509CertSelector generateSelector(String name)
+                throws Exception {
+        X509CertSelector selector = new X509CertSelector();
+
+        String certStr = certmap.get(name);
+        if (certStr == null) {
+            return null;
+        }
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
+        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+
+        selector.setCertificate(target);
+
+        return selector;
+    }
+
+    private static boolean match(String name, Certificate cert)
+                throws Exception {
+        X509CertSelector selector = new X509CertSelector();
+
+        String certStr = certmap.get(name);
+        if (certStr == null) {
+            return false;
+        }
+
+        // generate certificate from certificate string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes());
+        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+
+        return target.equals(cert);
+    }
+
+    public static void main(String args[]) throws Exception {
+
+        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
+
+        X509CertSelector selector = generateSelector(args[0]);
+        if (selector == null) {
+            // no target certificate, ignore it
+            return;
+        }
+
+        Set<TrustAnchor> anchors = generateTrustAnchors();
+        CertStore certs = generateCertificateStore();
+
+        PKIXBuilderParameters params =
+                new PKIXBuilderParameters(anchors, selector);
+        params.addCertStore(certs);
+        params.setRevocationEnabled(false);
+        params.setDate(new Date(109, 9, 1));   // 2009-09-01
+
+        boolean success = Boolean.valueOf(args[2]);
+        try {
+            PKIXCertPathBuilderResult result =
+                        (PKIXCertPathBuilderResult)builder.build(params);
+            if (!success) {
+                throw new Exception("expected algorithm disabled exception");
+            }
+
+            int length = Integer.parseInt(args[1]);
+            List<? extends Certificate> path =
+                                    result.getCertPath().getCertificates();
+            if (length != path.size()) {
+                throw new Exception("unexpected certification path length");
+            }
+
+            if (!path.isEmpty()) {    // the target is not a trust anchor
+                if (!match(args[0], path.get(0))) {
+                    throw new Exception("unexpected certificate");
+                }
+            }
+        } catch (CertPathBuilderException cpbe) {
+            if (success) {
+                throw new Exception("unexpected exception");
+            } else {
+                System.out.println("Get the expected exception " + cpbe);
+            }
+        }
+    }
+
+}
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java
@ -0,0 +1,363 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ *
+ * @bug 6861062
+ * @summary Disable MD2 support
+ *
+ * @author Xuelei Fan
+ */
+
+import java.io.*;
+import java.net.SocketException;
+import java.util.*;
+import java.security.Security;
+import java.security.cert.*;
+
+public class CPValidatorEndEntity {
+
+    // SHA1withRSA 1024
+    static String trustAnchor_SHA1withRSA_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+        "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" +
+        "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" +
+        "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" +
+        "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" +
+        "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
+        "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" +
+        "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" +
+        "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" +
+        "tas=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512
+    static String trustAnchor_SHA1withRSA_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
+        "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" +
+        "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
+        "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" +
+        "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
+        "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" +
+        "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" +
+        "U5r+8B9nzx+j2Zh3kw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String intermediate_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" +
+        "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" +
+        "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" +
+        "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String intermediate_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" +
+        "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" +
+        "w6Dd\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String intermediate_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" +
+        "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" +
+        "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String intermediate_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" +
+        "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 1024
+    static String intermediate_MD2withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" +
+        "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" +
+        "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" +
+        "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 512
+    static String intermediate_MD2withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" +
+        "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" +
+        "KQdp\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String endentiry_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
+        "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" +
+        "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" +
+        "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String endentiry_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
+        "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" +
+        "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String endentiry_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
+        "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
+        "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" +
+        "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" +
+        "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" +
+        "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String endentiry_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" +
+        "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" +
+        "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" +
+        "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" +
+        "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" +
+        "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" +
+        "TMU6m7N0\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 1024
+    static String endentiry_MD2withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" +
+        "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" +
+        "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" +
+        "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 512
+    static String endentiry_MD2withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" +
+        "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" +
+        "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" +
+        "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" +
+        "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" +
+        "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" +
+        "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" +
+        "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" +
+        "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" +
+        "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" +
+        "-----END CERTIFICATE-----";
+
+    private static CertPath generateCertificatePath(String castr,
+            String eestr) throws CertificateException {
+        // generate certificate from cert strings
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        ByteArrayInputStream is;
+
+        is = new ByteArrayInputStream(castr.getBytes());
+        Certificate cacert = cf.generateCertificate(is);
+
+        is = new ByteArrayInputStream(eestr.getBytes());
+        Certificate eecert = cf.generateCertificate(is);
+
+        // generate certification path
+        List<Certificate> list = Arrays.asList(new Certificate[] {
+                        eecert, cacert});
+
+        return cf.generateCertPath(list);
+    }
+
+    private static Set<TrustAnchor> generateTrustAnchors()
+            throws CertificateException {
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+
+        ByteArrayInputStream is =
+            new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
+        Certificate cert = cf.generateCertificate(is);
+        TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
+        cert = cf.generateCertificate(is);
+        anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        return anchors;
+    }
+
+    public static void main(String args[]) throws Exception {
+        try {
+            validate(endentiry_SHA1withRSA_1024_1024,
+                                    intermediate_SHA1withRSA_1024_1024);
+            validate(endentiry_SHA1withRSA_1024_512,
+                                    intermediate_SHA1withRSA_512_1024);
+            validate(endentiry_SHA1withRSA_512_1024,
+                                    intermediate_SHA1withRSA_1024_1024);
+            validate(endentiry_SHA1withRSA_512_512,
+                                    intermediate_SHA1withRSA_512_1024);
+        } catch (CertPathValidatorException cpve) {
+            throw new Exception(
+                "unexpect exception, it is valid cert", cpve);
+        }
+
+        try {
+            validate(endentiry_MD2withRSA_1024_1024,
+                                    intermediate_SHA1withRSA_1024_1024);
+            throw new Exception("expected algorithm disabled exception");
+        } catch (CertPathValidatorException cpve) {
+            System.out.println("Get the expected exception " + cpve);
+        }
+
+        try {
+            validate(endentiry_MD2withRSA_1024_512,
+                                    intermediate_SHA1withRSA_512_1024);
+            throw new Exception("expected algorithm disabled exception");
+        } catch (CertPathValidatorException cpve) {
+            System.out.println("Get the expected exception " + cpve);
+        }
+    }
+
+    private static void validate(String eecert, String cacert)
+            throws CertPathValidatorException, Exception {
+
+        CertPath path = generateCertificatePath(cacert, eecert);
+        Set<TrustAnchor> anchors = generateTrustAnchors();
+
+        PKIXParameters params = new PKIXParameters(anchors);
+
+        // disable certificate revocation checking
+        params.setRevocationEnabled(false);
+
+        // set the validation time
+        params.setDate(new Date(109, 9, 1));   // 2009-09-01
+
+        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+
+        validator.validate(path, params);
+    }
+
+}
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java
@ -0,0 +1,256 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ *
+ * @bug 6861062
+ * @summary Disable MD2 support
+ *
+ * @author Xuelei Fan
+ */
+
+import java.io.*;
+import java.net.SocketException;
+import java.util.*;
+import java.security.Security;
+import java.security.cert.*;
+
+public class CPValidatorIntermediate {
+
+    // SHA1withRSA 1024
+    static String trustAnchor_SHA1withRSA_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+        "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" +
+        "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" +
+        "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" +
+        "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" +
+        "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
+        "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" +
+        "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" +
+        "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" +
+        "tas=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512
+    static String trustAnchor_SHA1withRSA_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
+        "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" +
+        "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
+        "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" +
+        "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
+        "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" +
+        "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" +
+        "U5r+8B9nzx+j2Zh3kw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 1024
+    static String intermediate_SHA1withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" +
+        "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" +
+        "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" +
+        "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 1024 signed with RSA 512
+    static String intermediate_SHA1withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" +
+        "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" +
+        "w6Dd\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 1024
+    static String intermediate_SHA1withRSA_512_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" +
+        "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" +
+        "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512 signed with RSA 512
+    static String intermediate_SHA1withRSA_512_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" +
+        "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" +
+        "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" +
+        "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" +
+        "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" +
+        "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" +
+        "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 1024
+    static String intermediate_MD2withRSA_1024_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" +
+        "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" +
+        "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" +
+        "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 1024 signed with RSA 512
+    static String intermediate_MD2withRSA_1024_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" +
+        "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" +
+        "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" +
+        "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" +
+        "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" +
+        "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" +
+        "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" +
+        "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" +
+        "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" +
+        "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" +
+        "KQdp\n" +
+        "-----END CERTIFICATE-----";
+
+    private static CertPath generateCertificatePath(String certStr)
+            throws CertificateException {
+        // generate certificate from cert strings
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        ByteArrayInputStream is;
+
+        is = new ByteArrayInputStream(certStr.getBytes());
+        Certificate cert = cf.generateCertificate(is);
+
+        // generate certification path
+        List<Certificate> list = Arrays.asList(new Certificate[] {cert});
+
+        return cf.generateCertPath(list);
+    }
+
+    private static Set<TrustAnchor> generateTrustAnchors()
+            throws CertificateException {
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        HashSet<TrustAnchor> anchors = new HashSet<TrustAnchor>();
+
+        ByteArrayInputStream is =
+            new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes());
+        Certificate cert = cf.generateCertificate(is);
+        TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes());
+        cert = cf.generateCertificate(is);
+        anchor = new TrustAnchor((X509Certificate)cert, null);
+        anchors.add(anchor);
+
+        return anchors;
+    }
+
+    public static void main(String args[]) throws Exception {
+        try {
+            validate(intermediate_SHA1withRSA_1024_1024);
+            validate(intermediate_SHA1withRSA_1024_512);
+            validate(intermediate_SHA1withRSA_512_1024);
+            validate(intermediate_SHA1withRSA_512_512);
+        } catch (CertPathValidatorException cpve) {
+            throw new Exception(
+                "unexpect exception, it is valid cert", cpve);
+        }
+
+        try {
+            validate(intermediate_MD2withRSA_1024_1024);
+            throw new Exception("expected algorithm disabled exception");
+        } catch (CertPathValidatorException cpve) {
+            System.out.println("Get the expected exception " + cpve);
+        }
+
+        try {
+            validate(intermediate_MD2withRSA_1024_512);
+            throw new Exception("expected algorithm disabled exception");
+        } catch (CertPathValidatorException cpve) {
+            System.out.println("Get the expected exception " + cpve);
+        }
+    }
+
+    private static void validate(String intermediate)
+            throws CertPathValidatorException, Exception {
+
+        CertPath path = generateCertificatePath(intermediate);
+        Set<TrustAnchor> anchors = generateTrustAnchors();
+
+        PKIXParameters params = new PKIXParameters(anchors);
+
+        // disable certificate revocation checking
+        params.setRevocationEnabled(false);
+
+        // set the validation time
+        params.setDate(new Date(109, 9, 1));   // 2009-09-01
+
+        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+
+        validator.validate(path, params);
+    }
+
+}
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java
@ -0,0 +1,169 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ *
+ * @bug 6861062
+ * @summary Disable MD2 support
+ *
+ * @author Xuelei Fan
+ */
+
+import java.io.*;
+import java.net.SocketException;
+import java.util.*;
+import java.security.Security;
+import java.security.cert.*;
+
+public class CPValidatorTrustAnchor {
+
+    static String selfSignedCertStr = null;
+
+    // SHA1withRSA 1024
+    static String trustAnchor_SHA1withRSA_1024 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" +
+        "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" +
+        "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" +
+        "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" +
+        "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" +
+        "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" +
+        "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" +
+        "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" +
+        "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" +
+        "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" +
+        "tas=\n" +
+        "-----END CERTIFICATE-----";
+
+    // SHA1withRSA 512
+    static String trustAnchor_SHA1withRSA_512 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" +
+        "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" +
+        "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" +
+        "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" +
+        "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" +
+        "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" +
+        "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" +
+        "U5r+8B9nzx+j2Zh3kw==\n" +
+        "-----END CERTIFICATE-----";
+
+    // MD2withRSA 2048
+    static String trustAnchor_MD2withRSA_2048 =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "MIIDQzCCAiugAwIBAgIBADANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" +
+        "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDdaFw0zMDA3MTcwMTExNDda\n" +
+        "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIIBIjANBgkqhkiG9w0B\n" +
+        "AQEFAAOCAQ8AMIIBCgKCAQEArF5pINc5s+aUlmdYlxtAQ3V4TXFnP/XOYHxjfLuX\n" +
+        "eKO/kh78LMvbDisTPQ2yo9YEawwwbUU40xcuzgi0axXgKveHXYdUmTr0hEapq3rv\n" +
+        "g/q2EbOjyXvq4qK2RDoVCN8R3wXiytnY2OFALTx6zc2tW4imJ20svdNVtWhv2syj\n" +
+        "ZTmmRXAeFUbD4qKWAFij0I6pnSgVssvWzeyJUNemym+oiYyaSd7n5j1RNAqUKioo\n" +
+        "K/T0FOOiuPGMqottgx5YRHa6yapCP5QVWRQ+WBIYJY3Wyq7N+Es20LT6761Pk3to\n" +
+        "EFCzM7+zqT/c+pC079HOKXz+m2us+HKp5BKWNnbvgaYPOQIDAQABo4GJMIGGMB0G\n" +
+        "A1UdDgQWBBSrSukJf+mO5LTRasAGD9RRs7SASTBHBgNVHSMEQDA+gBSrSukJf+mO\n" +
+        "5LTRasAGD9RRs7SASaEjpCEwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1w\n" +
+        "bGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEC\n" +
+        "BQADggEBAHvsv+DqMJeIW/D+ltkhw37OdMzkMPp4E6Hbp03O3GZ5LfNGczHCb2uL\n" +
+        "sr5T7e/jaBFn6QfmqbOAYAHJSNq2bNNtTbatnHBLuVx13cfxmwk89Cg/tFeoUdcf\n" +
+        "m5hzurB6Ub6SsYMOxZHUYp/KxM9x9a7llC1bK3SKXwd4rVDlXh8DOBvdQNr5Q3yq\n" +
+        "JjY86bSXO14VzNxL/1rqHiszQdPyR/28SBsQVYSi0Zeyc4Yy1ui/cXu1+PWYw3YZ\n" +
+        "QUPHTnkVdPGwRiUqeZIcps+q+ePlQQmDu5qiLD6d8gsyGyY/RvCHWKO5Y9DuX9hs\n" +
+        "he/AhCWQx+TQYGLu0liQqLkGZydyRnA=\n" +
+        "-----END CERTIFICATE-----";
+
+    private static CertPath generateCertificatePath()
+            throws CertificateException {
+        // generate certificate from cert strings
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        ByteArrayInputStream is;
+
+        is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
+        Certificate selfSignedCert = cf.generateCertificate(is);
+
+        // generate certification path
+        List<Certificate> list = Arrays.asList(new Certificate[] {
+                        selfSignedCert});
+
+        return cf.generateCertPath(list);
+    }
+
+    private static Set<TrustAnchor> generateTrustAnchors()
+            throws CertificateException {
+        // generate certificate from cert string
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        ByteArrayInputStream is =
+                    new ByteArrayInputStream(selfSignedCertStr.getBytes());
+        Certificate selfSignedCert = cf.generateCertificate(is);
+
+        // generate a trust anchor
+        TrustAnchor anchor =
+            new TrustAnchor((X509Certificate)selfSignedCert, null);
+
+        return Collections.singleton(anchor);
+    }
+
+    public static void main(String args[]) throws Exception {
+        try {
+            validate(trustAnchor_SHA1withRSA_1024);
+            validate(trustAnchor_SHA1withRSA_512);
+        } catch (CertPathValidatorException cpve) {
+            throw new Exception(
+                "unexpect exception, it is valid cert", cpve);
+        }
+
+        try {
+            validate(trustAnchor_MD2withRSA_2048);
+            throw new Exception("expected algorithm disabled exception");
+        } catch (CertPathValidatorException cpve) {
+            System.out.println("Get the expected exception " + cpve);
+        }
+    }
+
+    private static void validate(String trustAnchor)
+            throws CertPathValidatorException, Exception {
+        selfSignedCertStr = trustAnchor;
+
+        CertPath path = generateCertificatePath();
+        Set<TrustAnchor> anchors = generateTrustAnchors();
+
+        PKIXParameters params = new PKIXParameters(anchors);
+
+        // disable certificate revocation checking
+        params.setRevocationEnabled(false);
+
+        // set the validation time
+        params.setDate(new Date(109, 9, 1));   // 2009-09-01
+
+        CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+
+        validator.validate(path, params);
+    }
+
+}
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README
@ -0,0 +1,640 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+                  Certificates and CRLs
+
+Here lists the Certificates, which was generated by generate.sh, used in the
+test cases.
+
+The generate.sh depends on openssl, and it should be run under ksh. The
+script will create many directories and files, please run it in a
+directory outside of JDK workspace.
+
+1. root certifiate and key (SHA1withRSA 1024, root_cert_sha1_1024.pem)
+-----BEGIN CERTIFICATE-----
+MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa
+MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH
+E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd
+rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID
+AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME
+QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO
+BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw
+DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z
+Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+
+UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc
+tas=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,DF5249E009A0FD79
+
+rc316yLipp/vH0i6rhEbEwZpZ+HfKIXnnp/bIIZv2+4lyGUDWrxN0Hk0TcSgWEKm
+dRGI2fsyWjTgaiHwwmusofXPAjB3s0I2rUUAHXk8/sEuiLLTICx2UAL8k6R33CSQ
+NKR8t+TluBW3Us71vibWauuMHa5860KiiLWdhkQVLin7m/JBGLtz0zQ0/lZ8CgEm
+p7eDupPi8FBClCyVewdpmKjgI2KPI4fVIZLMzLeGcWLaOQPN1ERcFWQ1CS/qjfMb
+F4rtpZ+AzCqP75XPhitT2CnZgaVDxHBtAZQVPuKONMdijKphjqiT/Sd86Gx6OEVE
+EwwmQya2Q/5aCuH96S00mj00oeIZ7ZtUcVQcch+saJy4vpuxK8pFcEDKmgsvL9+8
+Hho9RUXVUKRH67uA1NjQSK5+syEIj5sJCDcxOda4QGXeIq9ygaZswxF3nfvffrsa
+S6IVBXrx0G+Ascu29SHoI+zi3feQszQJIzijHoTTq6FacLHUWzfVuaYa47uaj5qa
+VYsMVCzi1eX486o7YKPKWiclNczQN86v5n9+c9uggXY12wSOmnf6BB1Ds+oL8JlU
+IZa67lAyg6G9joAb9rTXN2EE5OTArcFuImK8GHse/3wkIPMglBNnfwpvjC1U+vQm
+F7iXp+OxnZ5d9sBcrTBEZ9BDlTVlpiZI7EeS1oC8x6DDTdbJR/40Y3wJIDMI9q9T
+O5EnyXqbmQziO0Tgal43w6mMTUnhG34kqovwxy03mAOZb3yz/RgWlez9wQmPseiI
+2p2fQIjCPbGFNJt3rdyXOW/BRCii0970HEZeov/TVV/A0vUVajNAjA==
+-----END RSA PRIVATE KEY-----
+
+2. root certifiate and key (SHA1withRSA 512, root_cert_sha1_512.pem)
+-----BEGIN CERTIFICATE-----
+MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa
+MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv
+7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU
+g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ
+5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G
+A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b
+FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia
+U5r+8B9nzx+j2Zh3kw==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B8BDE38F08C6BB76
+
+eJzx2oZE0UXxWpzssSWtKBOCbm3ZXR6iBKX8iKoDUB5SzzmKr+XzxI7kyv92y0pe
+rNTuuCWpBsLdlz7h8Ipn4pBDYswGU5F9MQOEgIYx60OvGhZODHGRzJ05FXTeCmmu
+LLp6lGW4SWALcd8g/gJUn1/vp7f1VzQ7RwXWBn4/b34RRYtwr3E6nl4Hc2tEI1in
+OL+lCdAAyxjGK7KYFHJQK+1E8tYNrer3cejQDcNysGx4o0H123vfp3NtJ6U7LXyi
+D21y3zmPueJos8LluJiLRsONcrcI3mIfpPBsO+Yl2EJtzS9V6Aaq/YdPkwPHH6Y5
+lazGMPXq/nffb12fWLL7m5aFb3FNLwWi/qwEynWCEv7Vl/6kLk+aHhjTnYkLvLNH
+9maQFn6j0S3wqogRfW9BDbfC3fRHP6+8YjEEmQ0RTfE=
+-----END RSA PRIVATE KEY-----
+
+3. root certifiate and key (MD2withRSA 2048, root_cert_md2_2048.pem)
+-----BEGIN CERTIFICATE-----
+MIIDQzCCAiugAwIBAgIBADANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDdaFw0zMDA3MTcwMTExNDda
+MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEArF5pINc5s+aUlmdYlxtAQ3V4TXFnP/XOYHxjfLuX
+eKO/kh78LMvbDisTPQ2yo9YEawwwbUU40xcuzgi0axXgKveHXYdUmTr0hEapq3rv
+g/q2EbOjyXvq4qK2RDoVCN8R3wXiytnY2OFALTx6zc2tW4imJ20svdNVtWhv2syj
+ZTmmRXAeFUbD4qKWAFij0I6pnSgVssvWzeyJUNemym+oiYyaSd7n5j1RNAqUKioo
+K/T0FOOiuPGMqottgx5YRHa6yapCP5QVWRQ+WBIYJY3Wyq7N+Es20LT6761Pk3to
+EFCzM7+zqT/c+pC079HOKXz+m2us+HKp5BKWNnbvgaYPOQIDAQABo4GJMIGGMB0G
+A1UdDgQWBBSrSukJf+mO5LTRasAGD9RRs7SASTBHBgNVHSMEQDA+gBSrSukJf+mO
+5LTRasAGD9RRs7SASaEjpCEwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1w
+bGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEC
+BQADggEBAHvsv+DqMJeIW/D+ltkhw37OdMzkMPp4E6Hbp03O3GZ5LfNGczHCb2uL
+sr5T7e/jaBFn6QfmqbOAYAHJSNq2bNNtTbatnHBLuVx13cfxmwk89Cg/tFeoUdcf
+m5hzurB6Ub6SsYMOxZHUYp/KxM9x9a7llC1bK3SKXwd4rVDlXh8DOBvdQNr5Q3yq
+JjY86bSXO14VzNxL/1rqHiszQdPyR/28SBsQVYSi0Zeyc4Yy1ui/cXu1+PWYw3YZ
+QUPHTnkVdPGwRiUqeZIcps+q+ePlQQmDu5qiLD6d8gsyGyY/RvCHWKO5Y9DuX9hs
+he/AhCWQx+TQYGLu0liQqLkGZydyRnA=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3910D329AD49ECFC
+
+6K0OU3Xrl2H6kz7x7EHXkM0/Wd6jXBBwWsaroUIGnbIMmljJXPfgcuDUu6f5Imk1
+ndoU0GWjxa1QNjteAQQtFoLDP8rienLs0b969OcAxB0EOffQFkEfsfXdyEIgdwkD
+ETczwDIyd8Wj62ClydJES3jKB9Nc9kMIlsoZ+h24TyJeeRsHAtMrz+mlOHsUWDQ5
+FyYZelnx+fQ5maD3bura7xLiNl8CvgWz0wt2Wt4djdMGhQ3OWd0/GWweP+2xnL6n
+5tDJ5On50+Z5T8Jhx62yg+wQiBKAYnYw6OX3skJwWknuAvYz3Z3e12DHFx6w5EAU
+K7lg7fHMqHNirUkJOlYzgJ21ybV4uQmFRNQJwI9h6GVfdZWPEU+Ni42AlNgNYskF
+K19dONNNt0Gwkcm2VOYzwYGDyaQW2YIGDk1fbZdVSu/h/lyOC/RmorGWroAbYsyB
+/GUIilcLtQHPGI8XuojTS2/UWcKactpceN3UOnQkus3/smViEqqB/NQ/lcozgs0o
+7ZG6H6to7w1yb5VR2d7B2bS7MNJt1AsOB5ydAMYIccdHDTI7CfRK6axQ70O/JPnJ
+WLY2e41ig2uAWk/3fRb8L6d3keVcN7y4WnkXPbHhulqtxQo78iSQQAf7tDMBxWKx
+C5LQW3CxLkHKp6g22SDxl2LjJyu5nDbtIh3Pq+BCoA25uqXC4rPoWwV7EWYv8Z+Y
+E6dS98SEa+cDhpllvGzbTKgcP1VqtQbb9VT92UT1mFrklqRuQIxROeCe4wjp5TKo
+D2losUDdzpqBHkBNo2I8qZkgybeCvWEq73my2+JG1AAIFFB1kzfBNaBDGiGSuUuS
+5peV8156aaLg5pxdieoRJ3Y7eaWN1wH5CnRnafoB+lxSUsQO1a7y2LbpedrKjs+2
+AryPHQw7HLd8IQevmvd7BhJLdvlt+kXzWID/pUsSAYvI7aP4daQJuAt/kwmU27Gd
+wqhV8Tjbb84vFGmqGHtb2YbKfUrsPUNOLBF+U4SDAgBhEyhINQZyRDcqqoywO5Dr
+sV46nTEfwAgt88KFt2CEhiyvoJbtCj1iMJeAzuljwF4z4RzB1i3TK0MaJYID2rxB
+E1vK9EZIssk/NeImN2YCbuqOhU58jtOwYh3ruS+mZQm1APvJF9N4tCCVQsjWC6zY
+4eqs7T6VDFH4AaT7b3J3rTsEpWIDUfagetZs5kR9SiWJC7dU7r53gGg4avVyIIHD
+MYCS+auD9/nmVf4iYstVgJFMUJXC2EUOLi0r8KmDkCILl/K3X/W7QwFTnC07gLh
+/9HjWFJ0R6cyODzvE8NGPMeuJGUT2F+mA1vaAC/PBGz+61AF0BjWTZ7x2sH+tSPP
+/GVEaCgyzrKRX5XX+7DulTcmFj1JNfMmtbDaJa9WnwOI4qszBGrAcYeYTHXR6Yov
+Ux/P6RStfa+UwSjo8i3nfdgLk+RXCpN0srMjSmiQx8d5R/kISqXKDtQfS5M6gsoh
+ROz+6zZP8Gh8yakr1p4C6JUSiLDYP5qXzxr8bp+oxvpY7anEDAqx21HyExEAu+gy
+IrNl75FWqV8BbKxoFfe9LqyDaryXXA8oy6F+4BT/zRrxp+dym9pbd+OZR423BIij
+-----END RSA PRIVATE KEY-----
+
+4. subca certificate and key (SHA1withRSA 1024, root_cert_sha1_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8
+BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg
+bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82
+AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl
+UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw
+HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw
+AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN
+P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb
+Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y
+e4q7TSwe6QevGOZaL5N/iy2XGEs=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0480E76FD259323B
+
+npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e
+LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ
+yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO
+5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl
+FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k
+W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT
+4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e
+Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR
+UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS
+mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc
+eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h
+6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e
+GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ==
+-----END RSA PRIVATE KEY-----
+
+
+5. subca certificate and key (SHA1withRSA 1024, root_cert_sha1_512.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8
+BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg
+bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82
+AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl
+UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw
+HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw
+AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze
+WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm
+w6Dd
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0480E76FD259323B
+
+npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e
+LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ
+yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO
+5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl
+FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k
+W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT
+4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e
+Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR
+UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS
+mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc
+eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h
+6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e
+GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ==
+-----END RSA PRIVATE KEY-----
+
+
+6. subca certificate and key (SHA1withRSA 512, root_cert_sha1_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV
+lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA
+AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw
+PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD
+VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G
+CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY
+h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG
+LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A94F7EA4C89CA33
+
+tfKdAZVSrpeS/hU4+mGYcGGx3nNqrE+CzDAfLadVuXz5ju5p9oFhLTZj99wK+uHn
+prrWmDNOdYKRBJn7h40WV6zi4lR3JgnuYNxH8fxO3PI+HQ9IuvdoTyqUeXTP4Zj1
+BCnr1k1D2WGDXvnh+saq9qRpMKThjK/OF0YmDa07PI5NOBdMA3EmkNYfwib2GfBV
+el4FVkfnPQkLGahTh3SC62TzPlnsAgirCeua7ZLPqN3fkZkYbXZd9op2D31n7cBP
+zztg0ah8WF4gPOd/BBZeR9XDog5qm/wzyBj0F6ClHRPjpGYhAm2Vw66xOBlGFYI9
+lVmFQzrPcDNlFTybzhl5C6Qy4cPQh+QErDWxljVI52oYYmY/KRmUGGL7hEG8ZGOn
+EUgFrEJyAY7w4wpBC5n9SotwyPXhwKQ1uCBq+1zElPw=
+-----END RSA PRIVATE KEY-----
+
+7. subca certificate and key (SHA1withRSA 512, root_cert_sha1_512.pem signed)
+-----BEGIN CERTIFICATE-----
+MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV
+lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA
+AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw
+PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD
+VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G
+CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx
+O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0A94F7EA4C89CA33
+
+tfKdAZVSrpeS/hU4+mGYcGGx3nNqrE+CzDAfLadVuXz5ju5p9oFhLTZj99wK+uHn
+prrWmDNOdYKRBJn7h40WV6zi4lR3JgnuYNxH8fxO3PI+HQ9IuvdoTyqUeXTP4Zj1
+BCnr1k1D2WGDXvnh+saq9qRpMKThjK/OF0YmDa07PI5NOBdMA3EmkNYfwib2GfBV
+el4FVkfnPQkLGahTh3SC62TzPlnsAgirCeua7ZLPqN3fkZkYbXZd9op2D31n7cBP
+zztg0ah8WF4gPOd/BBZeR9XDog5qm/wzyBj0F6ClHRPjpGYhAm2Vw66xOBlGFYI9
+lVmFQzrPcDNlFTybzhl5C6Qy4cPQh+QErDWxljVI52oYYmY/KRmUGGL7hEG8ZGOn
+EUgFrEJyAY7w4wpBC5n9SotwyPXhwKQ1uCBq+1zElPw=
+-----END RSA PRIVATE KEY-----
+
+8. subca certificate and key (MD2withRSA 1024, root_cert_sha1_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8
+BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg
+bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82
+AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl
+UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw
+HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw
+AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc
+Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB
+E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd
+m8omKDKeCgcw5dR4ITQYvyxe1as=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0480E76FD259323B
+
+npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e
+LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ
+yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO
+5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl
+FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k
+W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT
+4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e
+Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR
+UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS
+mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc
+eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h
+6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e
+GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ==
+-----END RSA PRIVATE KEY-----
+
+
+9. subca certificate and key (MD2withRSA 1024, root_cert_sha1_512.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8
+BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg
+bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82
+AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl
+UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw
+HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw
+AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy
+0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx
+KQdp
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0480E76FD259323B
+
+npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e
+LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ
+yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO
+5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl
+FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k
+W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT
+4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e
+Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR
+UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS
+mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc
+eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h
+6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e
+GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ==
+-----END RSA PRIVATE KEY-----
+
+
+a. end entity certificate and key
+            (SHA1withRSA 1024, subca_cert_sha1_1024_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt
+vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v
+z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6
+c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07
+OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG
+9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me
+dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC
+J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D
+
+042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp
+Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z
+8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD
+NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI
+pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd
+XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese
+ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo
+HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq
+4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp
+CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw
+DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd
+Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD
+eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw==
+-----END RSA PRIVATE KEY-----
+
+b. end entity certificate and key
+            (SHA1withRSA 1024, subca_cert_sha1_512_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt
+vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v
+z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6
+c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07
+OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG
+9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG
+1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D
+
+042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp
+Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z
+8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD
+NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI
+pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd
+XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese
+ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo
+HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq
+4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp
+CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw
+DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd
+Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD
+eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw==
+-----END RSA PRIVATE KEY-----
+
+c. end entity certificate and key
+            (SHA1withRSA 512, subca_cert_sha1_1024_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo
+uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE
+AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU
+31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu
+B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb
+NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG
+dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,153918982D82A26E
+
+5w5MNd16M1draSfIFAuWNfP3869l9y8vMI1kOcxqsxjeG6YfgKUyu6PEYlj1R7d1
+/+UwVs9RGm3V7AwV4G1Qpnd+jaMLpgPVMP12sHPnslBE4SQe9bAZ+X5i2/5uesHv
+bF7OBMqsYW8+Kgsy1Ac0pBx/8yoFYdD3KYFnIP20kV2Xxy4PtQQ6tHJ33dGslTNU
+qrcJsyUyYj6wORlb7huuP5Ua8f28Xs/KvnNJG0094kC1WHi3Raf4AoD/rvraVtCQ
+5jrK9se8D6su+S3SEW0YndxivbNx3xJu2O72e7lS6yb5ht3U7xNSSWTffIlW1okI
+zjscK0iv9S+x452mLIFUgkmriVJLFfjTMRCbhS1J6q9FXLDdre/2O18FO2TvwRIE
+6Bwt2utfOAGccRHLsdgcXkv+ngCTCkuCnmh2XZWqmvA=
+-----END RSA PRIVATE KEY-----
+
+d. end entity certificate and key
+            (SHA1withRSA 512, subca_cert_sha1_512_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo
+uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE
+AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU
+N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0
+z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/
+TMU6m7N0
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,153918982D82A26E
+
+5w5MNd16M1draSfIFAuWNfP3869l9y8vMI1kOcxqsxjeG6YfgKUyu6PEYlj1R7d1
+/+UwVs9RGm3V7AwV4G1Qpnd+jaMLpgPVMP12sHPnslBE4SQe9bAZ+X5i2/5uesHv
+bF7OBMqsYW8+Kgsy1Ac0pBx/8yoFYdD3KYFnIP20kV2Xxy4PtQQ6tHJ33dGslTNU
+qrcJsyUyYj6wORlb7huuP5Ua8f28Xs/KvnNJG0094kC1WHi3Raf4AoD/rvraVtCQ
+5jrK9se8D6su+S3SEW0YndxivbNx3xJu2O72e7lS6yb5ht3U7xNSSWTffIlW1okI
+zjscK0iv9S+x452mLIFUgkmriVJLFfjTMRCbhS1J6q9FXLDdre/2O18FO2TvwRIE
+6Bwt2utfOAGccRHLsdgcXkv+ngCTCkuCnmh2XZWqmvA=
+-----END RSA PRIVATE KEY-----
+
+e. end entity certificate and key
+            (MD2withRSA 1024, subca_cert_sha1_1024_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt
+vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v
+z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6
+c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07
+OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG
+9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc
+aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb
+Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D
+
+042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp
+Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z
+8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD
+NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI
+pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd
+XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese
+ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo
+HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq
+4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp
+CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw
+DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd
+Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD
+eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw==
+-----END RSA PRIVATE KEY-----
+
+f. end entity certificate and key
+            (MD2withRSA 1024, subca_cert_sha1_512_1024.pem signed)
+-----BEGIN CERTIFICATE-----
+MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx
+NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt
+cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt
+vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v
+z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6
+c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07
+OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG
+9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG
+iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D
+
+042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp
+Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z
+8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD
+NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI
+pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd
+XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese
+ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo
+HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq
+4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp
+CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw
+DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd
+Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD
+eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw==
+-----END RSA PRIVATE KEY-----
+
+h. root CRL issuer
+-----BEGIN CERTIFICATE-----
+MIICKzCCAZSgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDgxNjMwNTdaFw0yOTA0MjUxNjMwNTda
+MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCy6RoQ6nMdeGJ6ijfjqDu3tDmeGLgnvfBcUKvcsvz9Ji3m
+oGnTzECo1oLV+A4/TJxOlak+ZiQ5KVyvfMcXLJeT6dRpXQZ+uc6TT3SkBq94VFzX
+qkk08z42JNdk1s5uyW8nRfg7+xntajQVrysoPYNDhu21cPnjDkRiBsIdS7+75QID
+AQABo3cwdTAdBgNVHQ4EFgQUGcJU6xWo66kI1QBvlfTQKxxmx9IwRwYDVR0jBEAw
+PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD
+VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQBx
+uKL59VInPdCi+8JL4B+S5YjlPL4ZOBHTjS0JlNxtjbGZdfs+3E9PUAdqhMJO4vq7
+XD+hGtgZtwSqGaSUYAtpLdoCr7vvPkcrxYTG2Ak+UiTbZhmJeSswKgFaCmjjdMCy
+y64UP2DQfn6Zi0wCfeao0m9s3zRLuJpgaQGiSHTQKA==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,41E4237825CE0148
+
+9nbfd7dsaS+fkFYrU1+wTcevjdRLF/j9DUVQh/2bsFlVEYgeL8A+XpvpbXHYBd7H
+oBreofDNseibHe4EgISGPK8RymjYutQqPpbHwXd25jlUuUapvvuCj8V6qnhgpqEo
+zXL1Nd2c6KZgdySosyWy8JfIBZJ3kwiSkXVwzs8R4bAGrg1VS80GuszvCv8Fzjoc
+LuesX6fViE9yFzLsyOvn/W12DKhTXwiXTQYLUupM8zI9Kpozbea52ZIPMJ9HEiaY
+JgwNj05w33VxTe/tq3R9vS2Ee6aM4odi6CQEheLsUAnyE0BTsITKzwwTI25WTv25
+W+gwSF3V49a34MojTdlORq5iH0b3rYl7OMdk+99elJSkyQIbVwwOCFrKuSXYXvV7
+s9iMPFUbi+bZ3oP6zM5kVUcH6KyVeYfkuLf2+k1vPlav8/W5v+WfnvUNOBx76Ira
+BzVPYmm2V+YFiFL1hugm5Wv+yyx8QcfgXbvhNHoIEj7hh6Ac48FhtqEcBHjuT/gy
+7atJJUdOH6hhmD34hkHGnhcDE15ZOczxTLRC9450h5HKsZ0FILRlCBZLmiedycs2
+zqhUpR4jzDG9jKrlDU4ErfMgPLjveZc3/VT3bc+TYfuC8szCaQ5XX1JVcabZ+HQw
+pwmA1ONZDVsFzwbJy9+5bgXX+wLD5kaez8EHNDS5PgqgL0UdrWjdRi6e1RwlTDEw
+g/d7TZm/iQeL1iUIfkPA1f0ByYIiyd3XQqiQ/Mf1C16lQkhTHDwofFJdL8otT2Ha
+dk6fa7lBOnrpbRKUdpJpYfyqHg80BYNPu6BacVXlYqtJtkFK04qHbA==
+-----END RSA PRIVATE KEY-----
+
+i. CRL issued by root CRL issuer
+-----BEGIN X509 CRL-----
+MIH2MGECAQEwDQYJKoZIhvcNAQEFBQAwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoT
+B0V4YW1wbGUXDTA5MDgwODE2MzU1MFoXDTI4MTAwNzE2MzU1MFqgDjAMMAoGA1Ud
+FAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBAJCd7e25MruuWJP/KmenGC6CR22pQuG+
+XhRaAtpHkNRls8+TfBxm2PtRrXCAcDb68kNLdwvlAlCUwmL6HOx4VB3r+8QRUlDa
+T48wVp1ojGU2b2XbPtXiYZBXW6hBsFHGDJM/IAGJPE2PbVYGlBc23A9V9WyPyThi
+9XXG1iOTIJ6u
+-----END X509 CRL-----
+
+j. subca CRL issuer
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaagAwIBAgIBCzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDgxNjMwNThaFw0yOTA0MjUxNjMwNTha
+MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz
+cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8KICP0bdOZVlR9gZu7TgD
+znXgSMER1IQtompgr1mWeZjX4LmRck3/ogHoxwC4RbNPKI3KIihcVdFHw2jgvE0M
+mpf2lI50tmhnLitM8P0/q8xUU/KncipADo4hkM5TbpjPeGUBTGLKzGrq7yyT9Uli
+Z74rrp1mS59TxcEI2YQMIQIDAQABo3cwdTAdBgNVHQ4EFgQUDGgpD4L8V3aBJPLx
+C7diZ0M0wWMwRwYDVR0jBEAwPoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8x
+CzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjAN
+BgkqhkiG9w0BAQQFAAOBgQCcXqRge5UuW0duf/XnUWP4hrm4Q9EHJaiHZDYxI+WW
+Ca3OXdsrpgGi+RSgeMtQzlZ7YAwyYVV91U4BnX6s/97Vp5xbR3wr8Qbx67inM8Lp
+Tuo+e0nyTxwlwi9cSyy5MfJ8jfzaD+n8akhV+sx0Mmiv77YlrShP24lod55gJHKC
+vQ==
+-----END CERTIFICATE-----
+
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,16EC4E2C0855BD5C
+
+dJHcUsnACMhfESAalWrWrfARnUgGhpp3vupjePUiBJ86YmKaNNr6GAwDukg3EJvs
+tboO1QQziLSf9pP7gw82Vp5YctEkk7vJVvCcq3QkZAsjNUHf3m3ne2qg8HngufzY
+IS/C3EtKuMr3oqa7P8wvMcsBs1G1ga/YqCWoKzowXhybaYPe20fwUNRtgqgdS5Gy
+bAzQB9R+Ua2tCaXb3CBYnrczsYFPhjuULr4qbWgHVBWhnkS3OIz71WqcCoXmvD3s
+bsjoZRCJUM6Zavyzs0kVGZogiPdr+KUyzjNNsnxle5cEET6nqkYR16UT/Fvemz9Q
+szh/y0gCi1nZb6cw5e9BJyF1GlobzxWyMwwY9L4vZNaBNaVRun+6dRWy0svaPuEy
+fV/9Y0/la9scyA5yNHz8xud3Njhj2ghyG5Nqbs3N/pPXRVdh7WNFBnc+L/SIBhhB
+/Ha9+OZdqyuMf3G+I1+WVADQr8xQP8/yLEvybZYtssjnuCmQSLPDDQFnp2Z3spax
+AT+T4dRimMjf0mZK/NlRJU9PWqMHzsJGBY1A903oAiiHiRFD10z8vyPBigSDF2W
+ct6a8WI1prKho6HbMqeIlSPk+HkdCGZedNNbvRlKl4Y56IsHGAhb3wvQ+94049P9
+wu5thK69jNb7ie3YEefAZTb5kD0h+oB8BILOJ5B29C04JdDe6P6hjGKD7x3nRhHM
+nyCUMB/fhYpoXdDhz8CeJ77hFt2zFZRstlDctQsDqLkC0AdvlOFsEFqGM4AkBGcV
+f6Y+ykNQB3vEWPZsWqVXHB2vQvk00R55tgu+R5JJ45NLG2TqyOp/4A==
+-----END RSA PRIVATE KEY-----
+
+k. CRL issued by subca CRL issuer
+-----BEGIN X509 CRL-----
+MIIBLTCBlwIBATANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMRcNMDkwODA4MTYzNTUxWhcNMjgx
+MDA3MTYzNTUxWjAiMCACAQIXDTA5MDgwODE2MzU1MFowDDAKBgNVHRUEAwoBBKAO
+MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQECBQADgYEAbIs7ws4/M24NYrIO0XY6
+UVxni0ZoQa+1R7NwU6unr4jFEVD+W/b+JEMfm0RUmpSa7HrUYsw+NycD3m5CD6VJ
+U4iuGGeJvHdrYJiPIYkEiFQnhAGOj8oS/nWtPvDKbuBMZI9atKkypby9At8h9URq
+1g/KSIM3rd1PYADdcPsok4I=
+-----END X509 CRL-----
+
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh
@ -0,0 +1,255 @@
+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Sun designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Sun in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+#!/bin/ksh
+#
+# needs ksh to run the script.
+set -e
+
+OPENSSL=openssl
+
+# generate a self-signed root certificate
+if [ ! -f root/finished ]; then
+    if [ ! -d root ]; then
+        mkdir root
+    fi
+
+    # SHA1withRSA 1024
+    ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key_1024.pem \
+        -out root/root_cert_sha1_1024.pem -subj "/C=US/O=Example" \
+        -config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    # SHA1withRSA 512
+    ${OPENSSL} req -x509 -newkey rsa:512 -keyout root/root_key_512.pem \
+        -out root/root_cert_sha1_512.pem -subj "/C=US/O=Example" \
+        -config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    # MD2withRSA 2048
+    ${OPENSSL} req -x509 -newkey rsa:2048 -keyout root/root_key_2048.pem \
+        -out root/root_cert_md2_2048.pem -subj "/C=US/O=Example" \
+        -config openssl.cnf -reqexts cert_issuer -days 7650 -md2 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    openssl req -newkey rsa:1024 -keyout root/root_crlissuer_key.pem \
+        -out root/root_crlissuer_req.pem -subj "/C=US/O=Example" -days 7650 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    openssl x509 -req -in root/root_crlissuer_req.pem -extfile openssl.cnf \
+        -extensions crl_issuer -CA root/root_cert_sha1_1024.pem \
+        -CAkey root/root_key_1024.pem -out root/root_crlissuer_cert.pem \
+        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
+        -passin pass:passphrase
+
+    touch root/finished
+fi
+
+
+# generate subca cert issuer
+if [ ! -f subca/finished ]; then
+    if [ ! -d subca ]; then
+        mkdir subca
+    fi
+
+    # RSA 1024
+    ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key_1024.pem \
+        -out subca/subca_req_1024.pem -subj "/C=US/O=Example/OU=Class-1" \
+        -days 7650 -passin pass:passphrase -passout pass:passphrase
+
+    # RSA 512
+    ${OPENSSL} req -newkey rsa:512 -keyout subca/subca_key_512.pem \
+        -out subca/subca_req_512.pem -subj "/C=US/O=Example/OU=Class-1" \
+        -days 7650 -passin pass:passphrase -passout pass:passphrase
+
+    # SHA1withRSA 1024 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
+        -CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_1024_1024.pem \
+        -CAcreateserial -sha1 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 1024 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_512.pem \
+        -CAkey root/root_key_512.pem -out subca/subca_cert_sha1_1024_512.pem \
+        -CAcreateserial -sha1 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 512 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
+        -CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_512_1024.pem \
+        -CAcreateserial -sha1 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 512 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_512.pem \
+        -CAkey root/root_key_512.pem -out subca/subca_cert_sha1_512_512.pem \
+        -CAcreateserial -sha1 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    # MD2withRSA 1024 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
+        -CAkey root/root_key_1024.pem -out subca/subca_cert_md2_1024_1024.pem \
+        -CAcreateserial -md2 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    # MD2withRSA 1024 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
+        -extensions cert_issuer -CA root/root_cert_sha1_512.pem \
+        -CAkey root/root_key_512.pem -out subca/subca_cert_md2_1024_512.pem \
+        -CAcreateserial -md2 \
+        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
+
+    openssl req -newkey rsa:1024 -keyout subca/subca_crlissuer_key.pem \
+        -out subca/subca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-1" \
+        -days 7650 -passin pass:passphrase -passout pass:passphrase
+
+    openssl x509 -req -in subca/subca_crlissuer_req.pem -extfile openssl.cnf \
+        -extensions crl_issuer -CA root/root_cert_sha1_1024.pem \
+        -CAkey root/root_key_1024.pem -out subca/subca_crlissuer_cert.pem \
+        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
+        -passin pass:passphrase
+
+    touch subca/finished
+fi
+
+
+# generate certifiacte for Alice
+if [ ! -f subca/alice/finished ]; then
+    if [ ! -d subca/alice ]; then
+        mkdir -p subca/alice
+    fi
+
+    # RSA 1024
+    ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key_1024.pem \
+        -out subca/alice/alice_req_1024.pem \
+        -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    # RSA 512
+    ${OPENSSL} req -newkey rsa:512 -keyout subca/alice/alice_key_512.pem \
+        -out subca/alice/alice_req_512.pem \
+        -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
+        -passin pass:passphrase -passout pass:passphrase
+
+    # SHA1withRSA 1024 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_1024_1024.pem \
+        -CAkey subca/subca_key_1024.pem \
+        -out subca/alice/alice_cert_sha1_1024_1024.pem -CAcreateserial -sha1 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 1024 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_512_1024.pem \
+        -CAkey subca/subca_key_512.pem \
+        -out subca/alice/alice_cert_sha1_1024_512.pem -CAcreateserial -sha1 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 512 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_1024_1024.pem \
+        -CAkey subca/subca_key_1024.pem \
+        -out subca/alice/alice_cert_sha1_512_1024.pem -CAcreateserial -sha1 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    # SHA1withRSA 512 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_512_1024.pem \
+        -CAkey subca/subca_key_512.pem \
+        -out subca/alice/alice_cert_sha1_512_512.pem -CAcreateserial -sha1 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    # MD2withRSA 1024 signed with RSA 1024
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_1024_1024.pem \
+        -CAkey subca/subca_key_1024.pem \
+        -out subca/alice/alice_cert_md2_1024_1024.pem -CAcreateserial -md2 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    # MD2withRSA 1024 signed with RSA 512
+    ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
+        -extfile openssl.cnf -extensions ee_of_subca \
+        -CA subca/subca_cert_sha1_512_1024.pem \
+        -CAkey subca/subca_key_512.pem \
+        -out subca/alice/alice_cert_md2_1024_512.pem -CAcreateserial -md2 \
+        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
+
+    touch subca/alice/finished
+fi
+
+if [ ! -f root/revoked ]; then
+    if [ ! -d root ]; then
+        mkdir root
+    fi
+
+    if [ ! -f root/index.txt ]; then
+        touch root/index.txt
+        echo 00 > root/crlnumber
+    fi
+
+    openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 -md sha1 \
+        -crl_reason superseded -keyfile root/root_crlissuer_key.pem \
+        -cert root/root_crlissuer_cert.pem -out root/top_crl.pem \
+        -passin pass:passphrase
+
+    touch root/revoked
+fi
+
+if [ ! -f subca/revoked ]; then
+    if [ ! -d subca ]; then
+        mkdir subca
+    fi
+
+    if [ ! -f subca/index.txt ]; then
+        touch subca/index.txt
+        echo 00 > subca/crlnumber
+    fi
+
+    # revoke alice's SHA1withRSA 1024 signed with RSA 1024
+    openssl ca -revoke subca/alice/alice_cert_sha1_1024_1024.pem \
+        -config openssl.cnf \
+        -name ca_subca -crl_reason superseded \
+        -keyfile subca/subca_crlissuer_key.pem \
+        -cert subca/subca_crlissuer_cert.pem -passin pass:passphrase
+
+    openssl ca -gencrl -config openssl.cnf \
+        -name ca_subca -crldays 7000 -md md2 \
+        -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \
+        -cert subca/subca_crlissuer_cert.pem \
+        -out subca/subca_crl.pem \
+        -passin pass:passphrase
+
+    touch subca/revoked
+fi
--- a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf
+++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf
@ -0,0 +1,206 @@
+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Sun designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Sun in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+#
+# OpenSSL configuration file.
+#
+
+HOME                = .
+RANDFILE            = $ENV::HOME/.rnd
+
+[ ca ]
+default_ca          = CA_default
+
+[ CA_default ]
+dir                 = ./top
+certs               = $dir/certs
+crl_dir             = $dir/crl
+database            = $dir/index.txt
+unique_subject      = no
+new_certs_dir       = $dir/newcerts
+certificate         = $dir/cacert.pem
+serial              = $dir/serial
+crlnumber           = $dir/crlnumber
+crl                 = $dir/crl.pem
+private_key         = $dir/private/cakey.pem
+RANDFILE            = $dir/private/.rand
+x509_extensions     = v3_ca
+
+name_opt            = ca_default
+cert_opt            = ca_default
+
+default_days        = 7650
+default_crl_days    = 30
+default_md          = sha1
+preserve            = no
+
+policy              = policy_anything
+
+[ ca_top ]
+dir                 = ./root
+certs               = $dir/certs
+crl_dir             = $dir/crl
+database            = $dir/index.txt
+unique_subject      = no
+new_certs_dir       = $dir/newcerts
+certificate         = $dir/cacert.pem
+serial              = $dir/serial
+crlnumber           = $dir/crlnumber
+crl                 = $dir/crl.pem
+private_key         = $dir/private/cakey.pem
+RANDFILE            = $dir/private/.rand
+
+x509_extensions     = v3_ca
+
+name_opt            = ca_default
+cert_opt            = ca_default
+
+default_days        = 7650
+default_crl_days    = 30
+default_md          = sha1
+preserve            = no
+
+policy              = policy_anything
+
+[ ca_subca ]
+dir                 = ./subca
+certs               = $dir/certs
+crl_dir             = $dir/crl
+database            = $dir/index.txt
+unique_subject      = no
+new_certs_dir       = $dir/newcerts
+
+certificate         = $dir/cacert.pem
+serial              = $dir/serial
+crlnumber           = $dir/crlnumber
+crl                 = $dir/crl.pem
+private_key         = $dir/private/cakey.pem
+RANDFILE            = $dir/private/.rand
+
+x509_extensions     = usr_cert
+
+name_opt            = ca_default
+cert_opt            = ca_default
+
+default_days        = 7650
+default_crl_days    = 30
+default_md          = sha1
+preserve            = no
+
+policy              = policy_anything
+
+[ policy_match ]
+countryName         = match
+stateOrProvinceName = match
+organizationName    = match
+organizationalUnitName  = optional
+commonName          = supplied
+emailAddress        = optional
+
+[ policy_anything ]
+countryName         = optional
+stateOrProvinceName = optional
+localityName        = optional
+organizationName    = optional
+organizationalUnitName  = optional
+commonName          = supplied
+emailAddress        = optional
+
+[ req ]
+default_bits        = 1024
+default_keyfile     = privkey.pem
+distinguished_name  = req_distinguished_name
+attributes          = req_attributes
+x509_extensions     = v3_ca
+
+string_mask = nombstr
+
+[ req_distinguished_name ]
+countryName         = Country Name (2 letter code)
+countryName_default = NO
+countryName_min     = 2
+countryName_max     = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default  = A-State
+
+localityName        = Locality Name (eg, city)
+
+0.organizationName  = Organization Name (eg, company)
+0.organizationName_default   = Internet Widgits Pty Ltd
+
+organizationalUnitName       = Organizational Unit Name (eg, section)
+
+commonName              = Common Name (eg, YOUR name)
+commonName_max          = 64
+
+emailAddress            = Email Address
+emailAddress_max        = 64
+
+[ req_attributes ]
+challengePassword       = A challenge password
+challengePassword_min   = 4
+challengePassword_max   = 20
+unstructuredName        = An optional company name
+
+
+[ usr_cert ]
+keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
+
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
+
+[ v3_req ]
+basicConstraints        = CA:FALSE
+keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName          = email:example@openjdk.net, RID:1.2.3.4:true
+
+[ v3_ca ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+basicConstraints        = critical,CA:true
+keyUsage                = keyCertSign
+
+[ cert_issuer ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+basicConstraints        = critical,CA:true
+keyUsage                = keyCertSign
+
+
+[ crl_issuer ]
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid:always,issuer:always
+keyUsage                = cRLSign
+
+
+[ crl_ext ]
+authorityKeyIdentifier  = keyid:always,issuer:always
+
+[ ee_of_subca ]
+keyUsage    = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
+
+subjectKeyIdentifier    = hash
+authorityKeyIdentifier  = keyid,issuer
--- a/jdk/test/sun/security/util/DerValue/BadValue.java
+++ b/jdk/test/sun/security/util/DerValue/BadValue.java
@ -0,0 +1,119 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6864911
+ * @summary ASN.1/DER input stream parser needs more work
+ */
+
+import java.io.*;
+import sun.security.util.*;
+import sun.misc.IOUtils;
+
+public class BadValue {
+
+    public static void main(String[] args) throws Exception {
+
+        // Test IOUtils.readFully
+
+        // We have 4 bytes
+        InputStream in = new ByteArrayInputStream(new byte[10]);
+        byte[] bs = IOUtils.readFully(in, 4, true);
+        if (bs.length != 4 || in.available() != 6) {
+            throw new Exception("First read error");
+        }
+        // But only 6 left
+        bs = IOUtils.readFully(in, 10, false);
+        if (bs.length != 6 || in.available() != 0) {
+            throw new Exception("Second read error");
+        }
+        // MAX read as much as it can
+        in = new ByteArrayInputStream(new byte[10]);
+        bs = IOUtils.readFully(in, Integer.MAX_VALUE, true);
+        if (bs.length != 10 || in.available() != 0) {
+            throw new Exception("Second read error");
+        }
+        // MAX ignore readAll
+        in = new ByteArrayInputStream(new byte[10]);
+        bs = IOUtils.readFully(in, Integer.MAX_VALUE, false);
+        if (bs.length != 10 || in.available() != 0) {
+            throw new Exception("Second read error");
+        }
+        // 20>10, readAll means failure
+        in = new ByteArrayInputStream(new byte[10]);
+        try {
+            bs = IOUtils.readFully(in, 20, true);
+            throw new Exception("Third read error");
+        } catch (EOFException e) {
+            // OK
+        }
+        int bignum = 10 * 1024 * 1024;
+        bs = IOUtils.readFully(new SuperSlowStream(bignum), -1, true);
+        if (bs.length != bignum) {
+            throw new Exception("Fourth read error");
+        }
+
+        // Test DerValue
+        byte[] input = {0x04, (byte)0x84, 0x40, 0x00, 0x42, 0x46, 0x4b};
+        try {
+            new DerValue(new ByteArrayInputStream(input));
+        } catch (IOException ioe) {
+            // This is OK
+        }
+    }
+}
+
+/**
+ * An InputStream contains a given number of bytes, but only returns one byte
+ * per read.
+ */
+class SuperSlowStream extends InputStream {
+    private int p;
+    /**
+     * @param Initial capacity
+     */
+    public SuperSlowStream(int capacity) {
+        p = capacity;
+    }
+    @Override
+    public int read() throws IOException {
+        if (p > 0) {
+            p--;
+            return 0;
+        } else {
+            return -1;
+        }
+    }
+    @Override
+    public int read(byte b[], int off, int len) throws IOException {
+        if (len == 0) return 0;
+        if (p > 0) {
+            p--;
+            b[off] = 0;
+            return 1;
+        } else {
+            return -1;
+        }
+    }
+}