Merge

make/common/shared/Defs-control.gmk

 #
-# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,9 @@ ABS_TEMP_DIR = $(ABS_OUTPUTDIR)/tmp
 dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
 
 # The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=7
+SOURCE_LANGUAGE_VERSION=8
 # The class version we want for this jdk build
-TARGET_CLASS_VERSION=7
+TARGET_CLASS_VERSION=8
 
 # The MESSAGE, WARNING and ERROR files are used to store sanity check and 
 # source check messages, warnings and errors. 

make/common/shared/Defs-java.gmk

@@ -143,12 +143,12 @@ ifeq ($(wildcard $(SHARE_SRC)/classes/javax/crypto/Cipher.java),)
 endif
 
 # Add the source level
-SOURCE_LANGUAGE_VERSION = 7
+SOURCE_LANGUAGE_VERSION = 8
 LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
 JAVACFLAGS  += $(LANGUAGE_VERSION)
 
 # Add the class version we want
-TARGET_CLASS_VERSION = 7
+TARGET_CLASS_VERSION = 8
 CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
 JAVACFLAGS  += $(CLASS_VERSION)
 JAVACFLAGS  += -encoding ascii

make/java/invoke/Makefile

 #
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@ FILES_java = \
 
 # The sources built here use new language syntax to generate
 # method handle calls.  Let's be sure we are using that format.
-LANGUAGE_VERSION = -source 7
-CLASS_VERSION = -target 7
+LANGUAGE_VERSION = -source 8
+CLASS_VERSION = -target 8
 
 include $(BUILDDIR)/common/Classes.gmk

make/sun/javazic/tzdata/VERSION

@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2012c
+tzdata2012i

make/sun/javazic/tzdata/africa

@@ -260,7 +260,7 @@ Rule	Egypt	2006	only	-	Sep	21	23:00s	0	-
 # I received a mail from an airline which says that the daylight
 # saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
 # From Jesper Norgaard Welen (2007-08-15): [The following agree:]
-# http://www.nentjes.info/Bill/bill5.htm 
+# http://www.nentjes.info/Bill/bill5.htm
 # http://www.timeanddate.com/worldclock/city.html?n=53
 # From Steffen Thorsen (2007-09-04): The official information...:
 # http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@@ -314,18 +314,18 @@ Rule	Egypt	2007	only	-	Sep	Thu>=1	23:00s	0	-
 # in September.
 
 # From Steffen Thorsen (2009-08-11):
-# We have been able to confirm the August change with the Egyptian Cabinet 
+# We have been able to confirm the August change with the Egyptian Cabinet
 # Information and Decision Support Center:
 # <a href="http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html">
 # http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
 # </a>
-# 
+#
 # The Middle East News Agency
 # <a href="http://www.mena.org.eg/index.aspx">
 # http://www.mena.org.eg/index.aspx
 # </a>
 # also reports "Egypt starts winter time on August 21"
-# today in article numbered "71, 11/08/2009 12:25 GMT." 
+# today in article numbered "71, 11/08/2009 12:25 GMT."
 # Only the title above is available without a subscription to their service,
 # and can be found by searching for "winter" in their search engine
 # (at least today).
@@ -504,7 +504,7 @@ Zone Africa/Nouakchott	-1:03:48 -	LMT	1912
 # From Steffen Thorsen (2008-06-25):
 # Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
 # basis....
-# It seems that Mauritius observed daylight saving time from 1982-10-10 to 
+# It seems that Mauritius observed daylight saving time from 1982-10-10 to
 # 1983-03-20 as well, but that was not successful....
 # http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
 
@@ -528,12 +528,12 @@ Zone Africa/Nouakchott	-1:03:48 -	LMT	1912
 # than previously announced (2008-11-01 to 2009-03-31).  The new start
 # date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
 # given, but it is probably at either 2 or 3 wall clock time).
-# 
-# A little strange though, since the article says that they moved the date 
-# to align itself with Europe and USA which also change time on that date, 
-# but that means they have not paid attention to what happened in 
-# USA/Canada last year (DST ends first Sunday in November). I also wonder 
-# why that they end on a Friday, instead of aligning with Europe which 
+#
+# A little strange though, since the article says that they moved the date
+# to align itself with Europe and USA which also change time on that date,
+# but that means they have not paid attention to what happened in
+# USA/Canada last year (DST ends first Sunday in November). I also wonder
+# why that they end on a Friday, instead of aligning with Europe which
 # changes two days later.
 
 # From Alex Krivenyshev (2008-07-11):
@@ -592,7 +592,7 @@ Zone Africa/Nouakchott	-1:03:48 -	LMT	1912
 # </a>
 
 # From Arthur David Olson (2009-07-11):
-# The "mauritius-dst-will-not-repeat" wrapup includes this: 
+# The "mauritius-dst-will-not-repeat" wrapup includes this:
 # "The trial ended on March 29, 2009, when the clocks moved back by one hour
 # at 2am (or 02:00) local time..."
 
@@ -686,8 +686,8 @@ Zone	Indian/Mayotte	3:00:56 -	LMT	1911 Jul	# Mamoutzou
 # XXX--guess that it is only Morocco for now; guess only 2008 for now.
 
 # From Steffen Thorsen (2008-08-27):
-# Morocco will change the clocks back on the midnight between August 31 
-# and September 1. They originally planned to observe DST to near the end 
+# Morocco will change the clocks back on the midnight between August 31
+# and September 1. They originally planned to observe DST to near the end
 # of September:
 #
 # One article about it (in French):
@@ -821,6 +821,23 @@ Zone	Indian/Mayotte	3:00:56 -	LMT	1911 Jul	# Mamoutzou
 # "...&agrave; partir du dernier dimance d'avril et non fins mars,
 # comme annonc&eacute; pr&eacute;c&eacute;demment."
 
+# From Milamber Space Network (2012-07-17):
+# The official return to GMT is announced by the Moroccan government:
+# <a href="http://www.mmsp.gov.ma/fr/actualites.aspx?id=288">
+# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
+# </a>
+#
+# Google translation, lightly edited:
+# Back to the standard time of the Kingdom (GMT)
+# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
+# 2012) and in accordance with the order of Mr. President of the
+# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
+# of Public Service and Administration Modernization announces the return
+# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
+# Monday, August 20, 2012.  So the time will be delayed by 60 minutes from
+# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
+# August 20, 2012 from 2:00 am.
+
 # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 
 Rule	Morocco	1939	only	-	Sep	12	 0:00	1:00	S
@@ -848,6 +865,8 @@ Rule	Morocco	2011	only	-	Apr	 3	 0:00	1:00	S
 Rule	Morocco	2011	only	-	Jul	 31	 0	0	-
 Rule	Morocco	2012	max	-	Apr	 lastSun 2:00	1:00	S
 Rule	Morocco	2012	max	-	Sep	 lastSun 3:00	0	-
+Rule	Morocco	2012	only	-	Jul	 20	 3:00	0	-
+Rule	Morocco	2012	only	-	Aug	 20	 2:00	1:00	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Africa/Casablanca	-0:30:20 -	LMT	1913 Oct 26
@@ -876,7 +895,7 @@ Zone	Africa/Maputo	2:10:20 -	LMT	1903 Mar
 # Forecasting Riaan van Zyl explained that the far eastern parts of
 # the country are close to 40 minutes earlier in sunrise than the rest
 # of the country.
-# 
+#
 # From Paul Eggert (2007-03-31):
 # Apparently the Caprivi Strip informally observes Botswana time, but
 # we have no details.  In the meantime people there can use Africa/Gaborone.

make/sun/javazic/tzdata/asia

@@ -124,7 +124,7 @@ Zone	Asia/Kabul	4:36:48 -	LMT	1890
 # From Alexander Krivenyshev (2012-02-10):
 # According to News Armenia, on Feb 9, 2012,
 # http://newsarmenia.ru/society/20120209/42609695.html
-# 
+#
 # The Armenia National Assembly adopted final reading of Amendments to the
 # Law "On procedure of calculation time on the territory of the Republic of
 # Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@@ -204,15 +204,15 @@ Zone	Asia/Bahrain	3:22:20 -	LMT	1920		# Al Manamah
 # </a>
 
 # From A. N. M. Kamrus Saadat (2009-06-15):
-# Finally we've got the official mail regarding DST start time where DST start 
-# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh 
-# Telecommunication Regulatory Commission). 
+# Finally we've got the official mail regarding DST start time where DST start
+# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
+# Telecommunication Regulatory Commission).
 #
 # No DST end date has been announced yet.
 
 # From Alexander Krivenyshev (2009-09-25):
-# Bangladesh won't go back to Standard Time from October 1, 2009, 
-# instead it will continue DST measure till the cabinet makes a fresh decision. 
+# Bangladesh won't go back to Standard Time from October 1, 2009,
+# instead it will continue DST measure till the cabinet makes a fresh decision.
 #
 # Following report by same newspaper-"The Daily Star Friday":
 # "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@@ -226,8 +226,8 @@ Zone	Asia/Bahrain	3:22:20 -	LMT	1920		# Al Manamah
 
 # From Steffen Thorsen (2009-10-13):
 # IANS (Indo-Asian News Service) now reports:
-# Bangladesh has decided that the clock advanced by an hour to make 
-# maximum use of daylight hours as an energy saving measure would 
+# Bangladesh has decided that the clock advanced by an hour to make
+# maximum use of daylight hours as an energy saving measure would
 # "continue for an indefinite period."
 #
 # One of many places where it is published:
@@ -255,7 +255,7 @@ Zone	Asia/Bahrain	3:22:20 -	LMT	1920		# Al Manamah
 
 # From Alexander Krivenyshev (2010-03-22):
 # According to Bangladesh newspaper "The Daily Star,"
-# Cabinet cancels Daylight Saving Time 
+# Cabinet cancels Daylight Saving Time
 # <a href="http://www.thedailystar.net/newDesign/latest_news.php?nid=22817">
 # http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
 # </a>
@@ -383,11 +383,11 @@ Rule	PRC	1987	1991	-	Apr	Sun>=10	0:00	1:00	D
 # observing daylight saving time in 1986.
 #
 # From Thomas S. Mullaney (2008-02-11):
-# I think you're combining two subjects that need to treated 
-# separately: daylight savings (which, you're correct, wasn't 
-# implemented until the 1980s) and the unified time zone centered near 
-# Beijing (which was implemented in 1949). Briefly, there was also a 
-# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was 
+# I think you're combining two subjects that need to treated
+# separately: daylight savings (which, you're correct, wasn't
+# implemented until the 1980s) and the unified time zone centered near
+# Beijing (which was implemented in 1949). Briefly, there was also a
+# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
 # ceased, and the second eventually recognized (again, in the 1980s).
 #
 # From Paul Eggert (2008-06-30):
@@ -524,7 +524,7 @@ Zone	Asia/Kashgar	5:03:56	-	LMT	1928 # or Kashi or Kaxgar
 # as of 2009-10-28:
 # Year        Period
 # 1941        1 Apr to 30 Sep
-# 1942        Whole year 
+# 1942        Whole year
 # 1943        Whole year
 # 1944        Whole year
 # 1945        Whole year
@@ -615,16 +615,16 @@ Zone	Asia/Hong_Kong	7:36:36 -	LMT	1904 Oct 30
 # From Arthur David Olson (2010-04-07):
 # Here's Google's translation of the table at the bottom of the "summert.htm" page:
 # Decade 	                                                    Name                      Start and end date
-# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30 
-# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31 
-# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31 
-# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30 
-# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30 
-# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30 
-# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time 
-# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30 
-# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time 
-# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30 
+# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30
+# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31
+# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31
+# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30
+# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30
+# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30
+# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
+# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30
+# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time
+# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30
 # Republic of China since 69 years (AD 1980)                  Stop Daylight Saving Time
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1193,15 +1193,15 @@ Rule	Zion	2004	only	-	Sep	22	1:00	0	S
 #
 #	ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
 
-# From Paul Eggert (2005-02-22):
+# From Paul Eggert (2012-10-26):
 # I used Ephraim Silverberg's dst-israel.el program
 # <ftp://ftp.cs.huji.ac.il/pub/tz/software/dst-israel.el> (2005-02-20)
 # along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
-# to generate the transitions in this list.
+# to generate the transitions from 2005 through 2012.
 # (I replaced "lastFri" with "Fri>=26" by hand.)
-# The spring transitions below all correspond to the following Rule:
+# The spring transitions all correspond to the following Rule:
 #
-# Rule	Zion	2005	max	-	Mar	Fri>=26	2:00	1:00	D
+# Rule	Zion	2005	2012	-	Mar	Fri>=26	2:00	1:00	D
 #
 # but older zic implementations (e.g., Solaris 8) do not support
 # "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@@ -1218,39 +1218,36 @@ Rule	Zion	2009	only	-	Sep	27	2:00	0	S
 Rule	Zion	2010	only	-	Sep	12	2:00	0	S
 Rule	Zion	2011	only	-	Apr	 1	2:00	1:00	D
 Rule	Zion	2011	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2012	2015	-	Mar	Fri>=26	2:00	1:00	D
+Rule	Zion	2012	only	-	Mar	Fri>=26	2:00	1:00	D
 Rule	Zion	2012	only	-	Sep	23	2:00	0	S
-Rule	Zion	2013	only	-	Sep	 8	2:00	0	S
-Rule	Zion	2014	only	-	Sep	28	2:00	0	S
-Rule	Zion	2015	only	-	Sep	20	2:00	0	S
-Rule	Zion	2016	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2016	only	-	Oct	 9	2:00	0	S
-Rule	Zion	2017	2021	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2017	only	-	Sep	24	2:00	0	S
-Rule	Zion	2018	only	-	Sep	16	2:00	0	S
-Rule	Zion	2019	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2020	only	-	Sep	27	2:00	0	S
-Rule	Zion	2021	only	-	Sep	12	2:00	0	S
-Rule	Zion	2022	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2022	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2023	2032	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2023	only	-	Sep	24	2:00	0	S
-Rule	Zion	2024	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2025	only	-	Sep	28	2:00	0	S
-Rule	Zion	2026	only	-	Sep	20	2:00	0	S
-Rule	Zion	2027	only	-	Oct	10	2:00	0	S
-Rule	Zion	2028	only	-	Sep	24	2:00	0	S
-Rule	Zion	2029	only	-	Sep	16	2:00	0	S
-Rule	Zion	2030	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2031	only	-	Sep	21	2:00	0	S
-Rule	Zion	2032	only	-	Sep	12	2:00	0	S
-Rule	Zion	2033	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2033	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2034	2037	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2034	only	-	Sep	17	2:00	0	S
-Rule	Zion	2035	only	-	Oct	 7	2:00	0	S
-Rule	Zion	2036	only	-	Sep	28	2:00	0	S
-Rule	Zion	2037	only	-	Sep	13	2:00	0	S
+
+# From Ephraim Silverberg (2012-10-18):
+
+# Yesterday, the Interior Ministry Committee, after more than a year
+# past, approved sending the proposed June 2011 changes to the Time
+# Decree Law back to the Knesset for second and third (final) votes
+# before the upcoming elections on Jan. 22, 2013.  Hence, although the
+# changes are not yet law, they are expected to be so before February 2013.
+#
+# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
+# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
+# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
+# later (i.e. at 02:00 the first Monday after October 2).
+# [Rosh Hashana holidays are factored in until 2100.]
+
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	Zion	2013	max	-	Mar	Fri>=23	2:00	1:00	D
+Rule	Zion	2013	2026	-	Oct	Sun>=2	2:00	0	S
+Rule	Zion	2027	only	-	Oct	Mon>=3	2:00	0	S
+Rule	Zion	2028	max	-	Oct	Sun>=2	2:00	0	S
+# The following rules are commented out for now, as they break older
+# versions of zic that support only signed 32-bit timestamps, i.e.,
+# through 2038-01-19 03:14:07 UTC.
+#Rule	Zion	2028	2053	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2054	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2055	2080	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2081	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2082	max	-	Oct	Sun>=2	2:00	0	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Jerusalem	2:20:56 -	LMT	1880
@@ -1385,6 +1382,16 @@ Zone	Asia/Tokyo	9:18:59	-	LMT	1887 Dec 31 15:00u
 # From Arthur David Olson (2009-04-06):
 # We still have Jordan switching to DST on Thursdays in 2000 and 2001.
 
+# From Steffen Thorsen (2012-10-25):
+# Yesterday the government in Jordan announced that they will not
+# switch back to standard time this winter, so the will stay on DST
+# until about the same time next year (at least).
+# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
+#
+# From Paul Eggert (2012-10-25):
+# For now, assume this is just a one-year measure.  If it becomes
+# permanent, we should move Jordan from EET to AST effective tomorrow.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Jordan	1973	only	-	Jun	6	0:00	1:00	S
 Rule	Jordan	1973	1975	-	Oct	1	0:00	0	-
@@ -1413,7 +1420,8 @@ Rule	Jordan	2002	max	-	Mar	lastThu	24:00	1:00	S
 Rule	Jordan	2003	only	-	Oct	24	0:00s	0	-
 Rule	Jordan	2004	only	-	Oct	15	0:00s	0	-
 Rule	Jordan	2005	only	-	Sep	lastFri	0:00s	0	-
-Rule	Jordan	2006	max	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2006	2011	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2013	max	-	Oct	lastFri	0:00s	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Amman	2:23:44 -	LMT	1931
 			2:00	Jordan	EE%sT
@@ -1858,15 +1866,15 @@ Zone	Asia/Muscat	3:54:20 -	LMT	1920
 # shown 8 per cent higher consumption of electricity.
 
 # From Alex Krivenyshev (2008-05-15):
-# 
-# Here is an article that Pakistan plan to introduce Daylight Saving Time 
+#
+# Here is an article that Pakistan plan to introduce Daylight Saving Time
 # on June 1, 2008 for 3 months.
-# 
-# "... The federal cabinet on Wednesday announced a new conservation plan to help 
-# reduce load shedding by approving the closure of commercial centres at 9pm and 
-# moving clocks forward by one hour for the next three months. 
+#
+# "... The federal cabinet on Wednesday announced a new conservation plan to help
+# reduce load shedding by approving the closure of commercial centres at 9pm and
+# moving clocks forward by one hour for the next three months.
 # ...."
-# 
+#
 # <a href="http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html">
 # http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
 # </a>
@@ -1926,7 +1934,7 @@ Zone	Asia/Muscat	3:54:20 -	LMT	1920
 # Government has decided to restore the previous time by moving the
 # clocks backward by one hour from October 1. A formal announcement to
 # this effect will be made after the Prime Minister grants approval in
-# this regard." 
+# this regard."
 # <a href="http://www.thenews.com.pk/updates.asp?id=87168">
 # http://www.thenews.com.pk/updates.asp?id=87168
 # </a>
@@ -2222,7 +2230,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 # <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=306795">
 # http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
 # </a>
-# the clocks were set back one hour at 2010-08-11 00:00:00 local time in 
+# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
 # Gaza and the West Bank.
 # Some more background info:
 # <a href="http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html">
@@ -2261,7 +2269,7 @@ Zone	Asia/Karachi	4:28:12 -	LMT	1907
 # The rules for Egypt are stolen from the `africa' file.
 
 # From Steffen Thorsen (2011-09-30):
-# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30 
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
 # 00:00).
 # So West Bank and Gaza now have the same time again.
 #
@@ -2316,6 +2324,8 @@ Rule Palestine	2010	only	-	Aug	11	0:00	0	-
 
 # From Arthur David Olson (2011-09-20):
 # 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+# From Paul Eggert (2012-10-12):
+# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
@@ -2326,7 +2336,7 @@ Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
 			2:00 Palestine	EE%sT	2011 Apr  2 12:01
 			2:00	1:00	EEST	2011 Aug  1
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 Zone	Asia/Hebron	2:20:23	-	LMT	1900 Oct
@@ -2341,7 +2351,7 @@ Zone	Asia/Hebron	2:20:23	-	LMT	1900 Oct
 			2:00	-	EET	2011 Aug 30
 			2:00	1:00	EEST	2011 Sep 30 3:00
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28 3:00
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 # Paracel Is
@@ -2535,19 +2545,19 @@ Rule	Syria	2007	only	-	Mar	lastFri	0:00	1:00	S
 # having it between Wednesday and Thursday (two workdays in Syria) since the
 # weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
 # it is implemented at midnight of the last workday before weekend...
-# 
+#
 # From Steffen Thorsen (2007-10-27):
 # Jesper Norgaard Welen wrote:
-# 
+#
 # > "Winter local time in Syria will be observed at midnight of Thursday 1
 # > November 2007, and the clock will be put back 1 hour."
-# 
+#
 # I found confirmation on this in this gov.sy-article (Arabic):
 # http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
-# 
+#
 # which using Google's translate tools says:
-# Council of Ministers also approved the commencement of work on 
-# identifying the winter time as of Friday, 2/11/2007 where the 60th 
+# Council of Ministers also approved the commencement of work on
+# identifying the winter time as of Friday, 2/11/2007 where the 60th
 # minute delay at midnight Thursday 1/11/2007.
 Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 
@@ -2613,8 +2623,8 @@ Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 # </a>
 
 # From Steffen Thorsen (2009-10-27):
-# The Syrian Arab News Network on 2009-09-29 reported that Syria will 
-# revert back to winter (standard) time on midnight between Thursday 
+# The Syrian Arab News Network on 2009-09-29 reported that Syria will
+# revert back to winter (standard) time on midnight between Thursday
 # 2009-10-29 and Friday 2009-10-30:
 # <a href="http://www.sana.sy/ara/2/2009/09/29/247012.htm">
 # http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)

make/sun/javazic/tzdata/australasia

@@ -306,9 +306,9 @@ Zone	Indian/Cocos	6:27:40	-	LMT	1900
 # </a>
 
 # From Alexander Krivenyshev (2010-10-24):
-# According to Radio Fiji and Fiji Times online, Fiji will end DST 3 
+# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
 # weeks earlier than expected - on March 6, 2011, not March 27, 2011...
-# Here is confirmation from Government of the Republic of the Fiji Islands, 
+# Here is confirmation from Government of the Republic of the Fiji Islands,
 # Ministry of Information (fiji.gov.fj) web site:
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155">
 # http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@@ -319,15 +319,15 @@ Zone	Indian/Cocos	6:27:40	-	LMT	1900
 # </a>
 
 # From Steffen Thorsen (2011-10-03):
-# Now the dates have been confirmed, and at least our start date 
+# Now the dates have been confirmed, and at least our start date
 # assumption was correct (end date was one week wrong).
 #
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
 # www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
 # </a>
 # which says
-# Members of the public are reminded to change their time to one hour in 
-# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to 
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
 # 2am on February 26 next year.
 
 # From Ken Rylander (2011-10-24)
@@ -344,15 +344,23 @@ Zone	Indian/Cocos	6:27:40	-	LMT	1900
 # The commencement of daylight saving will remain unchanged and start
 # on the  23rd of October, 2011.
 
+# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
+# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
+# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
+# October 2012 and end at 3 am on Sunday 20th January 2013.
+# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
+#
+# From Paul Eggert (2012-08-31):
+# For now, guess a pattern of the penultimate Sundays in October and January.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Fiji	1998	1999	-	Nov	Sun>=1	2:00	1:00	S
 Rule	Fiji	1999	2000	-	Feb	lastSun	3:00	0	-
 Rule	Fiji	2009	only	-	Nov	29	2:00	1:00	S
 Rule	Fiji	2010	only	-	Mar	lastSun	3:00	0	-
-Rule	Fiji	2010	only	-	Oct	24	2:00	1:00	S
+Rule	Fiji	2010	max	-	Oct	Sun>=18	2:00	1:00	S
 Rule	Fiji	2011	only	-	Mar	Sun>=1	3:00	0	-
-Rule	Fiji	2011	only	-	Oct	23	2:00	1:00	S
-Rule	Fiji	2012	only	-	Jan	22	3:00	0	-
+Rule	Fiji	2012	max	-	Jan	Sun>=18	3:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fiji	11:53:40 -	LMT	1915 Oct 26	# Suva
 			12:00	Fiji	FJ%sT	# Fiji Time
@@ -581,7 +589,7 @@ Zone Pacific/Pago_Pago	 12:37:12 -	LMT	1879 Jul  5
 
 # From David Zuelke (2011-05-09):
 # Subject: Samoa to move timezone from east to west of international date line
-# 
+#
 # <a href="http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963">
 # http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
 # </a>
@@ -643,6 +651,23 @@ Zone Pacific/Pago_Pago	 12:37:12 -	LMT	1879 Jul  5
 # Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
 # seasons, there is not yet any indication that this trend will continue on
 # a regular basis. For now, we have explicitly listed the transitions below.
+#
+# From Nicky (2012-09-10):
+# Daylight Saving Time commences on Sunday 30th September 2012 and
+# ends on Sunday 7th of April 2013.
+#
+# Please find link below for more information.
+# http://www.mcil.gov.ws/mcil_publications.html
+#
+# That publication also includes dates for Summer of 2013/4 as well
+# which give the impression of a pattern in selecting dates for the
+# future, so for now, we will guess this will continue.
+
+# Western Samoa
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	WS	2012	max	-	Sep	lastSun	3:00	1	D
+Rule	WS	2012	max	-	Apr	Sun>=1	4:00	0	-
+# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Pacific/Apia	 12:33:04 -	LMT	1879 Jul  5
 			-11:26:56 -	LMT	1911
 			-11:30	-	SAMT	1950		# Samoa Time
@@ -650,8 +675,8 @@ Zone Pacific/Apia	 12:33:04 -	LMT	1879 Jul  5
 			-11:00	1:00	WSDT	2011 Apr 2 4:00
 			-11:00	-	WST	2011 Sep 24 3:00
 			-11:00	1:00	WSDT	2011 Dec 30
-			 13:00	1:00	WSDT	2012 Apr 1 4:00
-			 13:00	-	WST
+			 13:00	1:00	WSDT	2012 Apr Sun>=1 4:00
+			 13:00	WS	WS%sT
 
 # Solomon Is
 # excludes Bougainville, for which see Papua New Guinea
@@ -663,25 +688,25 @@ Zone Pacific/Guadalcanal 10:39:48 -	LMT	1912 Oct	# Honiara
 #
 # From Gwillim Law (2011-12-29)
 # A correspondent informed me that Tokelau, like Samoa, will be skipping
-# December 31 this year, thereby changing its time zone from UTC-10 to
-# UTC+14. When I tried to verify this statement, I found a confirming
-# article in Time magazine online
-# <a href="http://www.time.com/time/world/article/0,8599,2103243,00.html">
-# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
-# </a>
+# December 31 this year ...
 #
-# From Jonathan Leffler (2011-12-29)
-# Information from the BBC to the same effect:
-# <a href="http://www.bbc.co.uk/news/world-asia-16351377">
-# http://www.bbc.co.uk/news/world-asia-16351377
-# </a>
+# From Steffen Thorsen (2012-07-25)
+# ... we double checked by calling hotels and offices based in Tokelau asking
+# about the time there, and they all told a time that agrees with UTC+13....
+# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
+# actually was to UTC-11 back then.
 #
-# Patch supplied by Tim Parenti (2011-12-29)
+# From Paul Eggert (2012-07-25)
+# A Google Books snippet of Appendix to the Journals of the House of
+# Representatives of New Zealand, Session 1948,
+# <http://books.google.com/books?id=ZaVCAQAAIAAJ>, page 65, says Tokelau
+# was "11 hours slow on G.M.T."  Go with Thorsen and assume Shanks & Pottenger
+# are off by an hour starting in 1901.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fakaofo	-11:24:56 -	LMT	1901
-			-10:00	-	TKT 2011 Dec 30	# Tokelau Time
-			14:00	-	TKT
+			-11:00	-	TKT 2011 Dec 30	# Tokelau Time
+			13:00	-	TKT
 
 # Tonga
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1362,22 +1387,22 @@ Zone	Pacific/Wallis	12:15:20 -	LMT	1901
 # See "southeast Australia" above for 2008 and later.
 
 # From Steffen Thorsen (2009-04-28):
-# According to the official press release, South Australia's extended daylight 
-# saving period will continue with the same rules as used during the 2008-2009 
+# According to the official press release, South Australia's extended daylight
+# saving period will continue with the same rules as used during the 2008-2009
 # summer (southern hemisphere).
-# 
+#
 # From
 # <a href="http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf">
 # http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
 # </a>
-# The extended daylight saving period that South Australia has been trialling 
+# The extended daylight saving period that South Australia has been trialling
 # for over the last year is now set to be ongoing.
-# Daylight saving will continue to start on the first Sunday in October each 
+# Daylight saving will continue to start on the first Sunday in October each
 # year and finish on the first Sunday in April the following year.
-# Industrial Relations Minister, Paul Caica, says this provides South Australia 
-# with a consistent half hour time difference with NSW, Victoria, Tasmania and 
+# Industrial Relations Minister, Paul Caica, says this provides South Australia
+# with a consistent half hour time difference with NSW, Victoria, Tasmania and
 # the ACT for all 52 weeks of the year...
-# 
+#
 # We have a wrap-up here:
 # <a href="http://www.timeanddate.com/news/time/south-australia-extends-dst.html">
 # http://www.timeanddate.com/news/time/south-australia-extends-dst.html

make/sun/javazic/tzdata/europe

@@ -597,12 +597,12 @@ Rule	Russia	1996	2010	-	Oct	lastSun	 2:00s	0	-
 # According to Kremlin press service, Russian President Dmitry Medvedev
 # signed a federal law "On calculation of time" on June 9, 2011.
 # According to the law Russia is abolishing daylight saving time.
-# 
-# Medvedev signed a law "On the Calculation of Time" (in russian): 
+#
+# Medvedev signed a law "On the Calculation of Time" (in russian):
 # <a href="http://bmockbe.ru/events/?ID=7583">
 # http://bmockbe.ru/events/?ID=7583
 # </a>
-# 
+#
 # Medvedev signed a law on the calculation of the time (in russian):
 # <a href="http://www.regnum.ru/news/polit/1413906.html">
 # http://www.regnum.ru/news/polit/1413906.html
@@ -1710,7 +1710,7 @@ Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2 0:00s # Valletta
 # From Alexander Krivenyshev (2011-10-26)
 # NO need to divide Moldova into two timezones at this point.
 # As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
-# decision to abolish DST this winter. 
+# decision to abolish DST this winter.
 # Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
 # Tiraspol will go back to winter time on October 30, 2011.
 # News from Moldova (in russian):
@@ -2600,11 +2600,11 @@ Zone	Europe/Zurich	0:34:08 -	LMT	1848 Sep 12
 # http://www.alomaliye.com/bkk_2002_3769.htm
 
 # From G&ouml;kdeniz Karada&#x011f; (2011-03-10):
-# 
+#
 # According to the articles linked below, Turkey will change into summer
 # time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
 # This change is due to a nationwide exam on 27th.
-# 
+#
 # <a href="http://www.worldbulletin.net/?aType=haber&ArticleID=70872">
 # http://www.worldbulletin.net/?aType=haber&ArticleID=70872
 # </a>
@@ -2721,7 +2721,7 @@ Link	Europe/Istanbul	Asia/Istanbul	# Istanbul is in both continents.
 # time this year after all.
 #
 # From Udo Schwedt (2011-10-18):
-# As far as I understand, the recent change to the Ukranian time zone 
+# As far as I understand, the recent change to the Ukranian time zone
 # (Europe/Kiev) to introduce permanent daylight saving time (similar
 # to Russia) was reverted today:
 #

make/sun/javazic/tzdata/leapseconds

@@ -100,8 +100,8 @@ Leap	2012	Jun	30	23:59:60	+	S
 #
 #
 # A positive leap second will be introduced at the end of June 2012.
-# The sequence of dates of the UTC second markers will be:		
-# 		
+# The sequence of dates of the UTC second markers will be:
+#
 #                          2012 June 30,     23h 59m 59s
 #                          2012 June 30,     23h 59m 60s
 #                          2012 July  1,      0h  0m  0s
@@ -118,6 +118,6 @@ Leap	2012	Jun	30	23:59:60	+	S
 #
 #
 # Daniel GAMBIS
-# Head		
+# Head
 # Earth Orientation Center of IERS
 # Observatoire de Paris, France

make/sun/javazic/tzdata/northamerica

@@ -501,7 +501,7 @@ Zone America/Juneau	 15:02:19 -	LMT	1867 Oct 18
 			 -8:00	US	P%sT	1946
 			 -8:00	-	PST	1969
 			 -8:00	US	P%sT	1980 Apr 27 2:00
-			 -9:00	US	Y%sT	1980 Oct 26 2:00	
+			 -9:00	US	Y%sT	1980 Oct 26 2:00
 			 -8:00	US	P%sT	1983 Oct 30 2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
@@ -1866,7 +1866,7 @@ Zone America/Edmonton	-7:33:52 -	LMT	1906 Sep
 # Here is a summary of the three clock change events in Creston's history:
 # 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
 # Exact date unknown
-# 2. Oct 1916: switch to Pacific Standard Time (GMT-8) 
+# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
 # Exact date in October unknown;  Sunday October 1 is a reasonable guess.
 # 3. June 1918: switch to Pacific Daylight Time (GMT-7)
 # Exact date in June unknown; Sunday June 2 is a reasonable guess.
@@ -2696,20 +2696,20 @@ Zone America/Costa_Rica	-5:36:20 -	LMT	1890		# San Jose
 # except that it switches at midnight standard time as usual.
 #
 # From Steffen Thorsen (2007-10-25):
-# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week 
+# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
 # earlier - on the last Sunday of October, just like in 2006.
-# 
+#
 # He supplied these references:
-# 
+#
 # http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
 # http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
-# 
+#
 # From Alex Kryvenishev (2007-10-25):
 # Here is also article from Granma (Cuba):
-# 
+#
 # [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
 # http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
-# 
+#
 # http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
 
 # From Arthur David Olson (2008-03-09):
@@ -2793,7 +2793,7 @@ Zone America/Costa_Rica	-5:36:20 -	LMT	1890		# San Jose
 # </a>
 #
 # From Steffen Thorsen (2011-10-30)
-# Cuba will end DST two weeks later this year. Instead of going back 
+# Cuba will end DST two weeks later this year. Instead of going back
 # tonight, it has been delayed to 2011-11-13 at 01:00.
 #
 # One source (Spanish)
@@ -2805,11 +2805,11 @@ Zone America/Costa_Rica	-5:36:20 -	LMT	1890		# San Jose
 # <a href="http://www.timeanddate.com/news/time/cuba-time-changes-2011.html">
 # http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
 # </a>
-# 
+#
 # From Steffen Thorsen (2012-03-01)
-# According to Radio Reloj, Cuba will start DST on Midnight between March 
+# According to Radio Reloj, Cuba will start DST on Midnight between March
 # 31 and April 1.
-# 
+#
 # Radio Reloj has the following info (Spanish):
 # <a href="http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril">
 # http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@@ -2820,6 +2820,13 @@ Zone America/Costa_Rica	-5:36:20 -	LMT	1890		# San Jose
 # http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
 # </a>
 
+# From Steffen Thorsen (2012-11-03):
+# Radio Reloj and many other sources report that Cuba is changing back
+# to standard time on 2012-11-04:
+# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
+# From Paul Eggert (2012-11-03):
+# For now, assume the future rule is first Sunday in November.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Cuba	1928	only	-	Jun	10	0:00	1:00	D
 Rule	Cuba	1928	only	-	Oct	10	0:00	0	S
@@ -2857,7 +2864,7 @@ Rule	Cuba	2009	2010	-	Mar	Sun>=8	0:00s	1:00	D
 Rule	Cuba	2011	only	-	Mar	Sun>=15	0:00s	1:00	D
 Rule	Cuba	2011	only	-	Nov	13	0:00s	0	S
 Rule	Cuba	2012	only	-	Apr	1	0:00s	1:00	D
-Rule	Cuba	2012	max	-	Oct	lastSun	0:00s	0	S
+Rule	Cuba	2012	max	-	Nov	Sun>=1	0:00s	0	S
 Rule	Cuba	2013	max	-	Mar	Sun>=8	0:00s	1:00	D
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]

make/sun/javazic/tzdata/southamerica

@@ -254,7 +254,7 @@ Rule	Arg	2000	only	-	Mar	3	0:00	0	-
 Rule	Arg	2007	only	-	Dec	30	0:00	1:00	S
 Rule	Arg	2008	2009	-	Mar	Sun>=15	0:00	0	-
 Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
- 
+
 # From Mariano Absatz (2004-05-21):
 # Today it was officially published that the Province of Mendoza is changing
 # its timezone this winter... starting tomorrow night....
@@ -344,9 +344,9 @@ Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
 # confirms what Alex Krivenyshev has earlier sent to the tz
 # emailing list about that San Luis plans to return to standard
 # time much earlier than the rest of the country. It also
-# confirms that upon request the provinces San Juan and Mendoza 
-# refused to follow San Luis in this change. 
-# 
+# confirms that upon request the provinces San Juan and Mendoza
+# refused to follow San Luis in this change.
+#
 # The change is supposed to take place Monday the 21.st at 0:00
 # hours. As far as I understand it if this goes ahead, we need
 # a new timezone for San Luis (although there are also documented
@@ -408,7 +408,7 @@ Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
 # <a href="http://www.lanacion.com.ar/nota.asp?nota_id=1107912">
 # http://www.lanacion.com.ar/nota.asp?nota_id=1107912
 # </a>
-# 
+#
 # The press release says:
 #  (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
 # atrasar una hora sus relojes.
@@ -822,8 +822,8 @@ Zone	America/La_Paz	-4:32:36 -	LMT	1890
 #
 # From Alexander Krivenyshev (2011-10-04):
 # State Bahia will return to Daylight savings time this year after 8 years off.
-# The announcement was made by Governor Jaques Wagner in an interview to a 
-# television station in Salvador. 
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
 
 # In Portuguese:
 # <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
@@ -852,6 +852,15 @@ Zone	America/La_Paz	-4:32:36 -	LMT	1890
 # http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
 # </a>
 
+# From Kelley Cook (2012-10-16):
+# The governor of state of Bahia in Brazil announced on Thursday that
+# due to public pressure, he is reversing the DST policy they implemented
+# last year and will not be going to Summer Time on October 21st....
+# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
+
+# From Rodrigo Severo (2012-10-16):
+# Tocantins state will have DST.
+# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@@ -1071,7 +1080,8 @@ Zone America/Araguaina	-3:12:48 -	LMT	1914
 			-3:00	Brazil	BR%sT	1990 Sep 17
 			-3:00	-	BRT	1995 Sep 14
 			-3:00	Brazil	BR%sT	2003 Sep 24
-			-3:00	-	BRT
+			-3:00	-	BRT	2012 Oct 21
+			-3:00	Brazil	BR%sT
 #
 # Alagoas (AL), Sergipe (SE)
 Zone America/Maceio	-2:22:52 -	LMT	1914
@@ -1090,7 +1100,8 @@ Zone America/Maceio	-2:22:52 -	LMT	1914
 Zone America/Bahia	-2:34:04 -	LMT	1914
 			-3:00	Brazil	BR%sT	2003 Sep 24
 			-3:00	-	BRT	2011 Oct 16
-			-3:00	Brazil	BR%sT
+			-3:00	Brazil	BR%sT	2012 Oct 21
+			-3:00	-	BRT
 #
 # Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
 # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@@ -1182,7 +1193,7 @@ Zone America/Rio_Branco	-4:31:12 -	LMT	1914
 # Due to drought, Chile extends Daylight Time in three weeks.  This
 # is one-time change (Saturday 3/29 at 24:00 for America/Santiago
 # and Saturday 3/29 at 22:00 for Pacific/Easter)
-# The Supreme Decree is located at 
+# The Supreme Decree is located at
 # <a href="http://www.shoa.cl/servicios/supremo316.pdf">
 # http://www.shoa.cl/servicios/supremo316.pdf
 # </a>
@@ -1193,7 +1204,7 @@ Zone America/Rio_Branco	-4:31:12 -	LMT	1914
 
 # From Jose Miguel Garrido (2008-03-05):
 # ...
-# You could see the announces of the change on 
+# You could see the announces of the change on
 # <a href="http://www.shoa.cl/noticias/2008/04hora/hora.htm">
 # http://www.shoa.cl/noticias/2008/04hora/hora.htm
 # </a>.

make/tools/GenerateCharacter/CharacterData01.java.template

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -311,6 +311,8 @@ class CharacterData01 extends CharacterData {
             case 0x011063: retval = 90; break;     // BRAHMI NUMBER NINETY
             case 0x011064: retval = 100; break;    // BRAHMI NUMBER ONE HUNDRED
             case 0x011065: retval = 1000; break;   // BRAHMI NUMBER ONE THOUSAND
+            case 0x012432: retval = 216000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
+            case 0x012433: retval = 432000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
             case 0x01D36C: retval = 40; break;     // COUNTING ROD TENS DIGIT FOUR
             case 0x01D36D: retval = 50; break;     // COUNTING ROD TENS DIGIT FIVE
             case 0x01D36E: retval = 60; break;     // COUNTING ROD TENS DIGIT SIX

make/tools/UnicodeData/PropList.txt

-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 

make/tools/UnicodeData/Scripts.txt

-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
@@ -146,7 +146,7 @@
 208A..208C    ; Common # Sm   [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
 208D          ; Common # Ps       SUBSCRIPT LEFT PARENTHESIS
 208E          ; Common # Pe       SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9    ; Common # Sc  [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA    ; Common # Sc  [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
 2100..2101    ; Common # So   [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
 2102          ; Common # L&       DOUBLE-STRUCK CAPITAL C
 2103..2106    ; Common # So   [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@ FFFC..FFFD    ; Common # So   [2] OBJECT REPLACEMENT CHARACTER..REPLACEMENT CHAR
 E0001         ; Common # Cf       LANGUAGE TAG
 E0020..E007F  ; Common # Cf  [96] TAG SPACE..CANCEL TAG
 
-# Total code points: 6412
+# Total code points: 6413
 
 # ================================================
 
@@ -760,7 +760,7 @@ FB46..FB4F    ; Hebrew # Lo  [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATU
 061E          ; Arabic # Po       ARABIC TRIPLE DOT PUNCTUATION MARK
 0620..063F    ; Arabic # Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
 0641..064A    ; Arabic # Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E    ; Arabic # Mn   [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F    ; Arabic # Mn  [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
 066A..066D    ; Arabic # Po   [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
 066E..066F    ; Arabic # Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
 0671..06D3    ; Arabic # Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@ FE76..FEFC    ; Arabic # Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LA
 1EEAB..1EEBB  ; Arabic # Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
 1EEF0..1EEF1  ; Arabic # Sm   [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
 
-# Total code points: 1234
+# Total code points: 1235
 
 # ================================================
 
@@ -1477,7 +1477,6 @@ A490..A4C6    ; Yi # So  [55] YI RADICAL QOT..YI RADICAL KE
 0300..036F    ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
 0485..0486    ; Inherited # Mn   [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
 064B..0655    ; Inherited # Mn  [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F          ; Inherited # Mn       ARABIC WAVY HAMZA BELOW
 0670          ; Inherited # Mn       ARABIC LETTER SUPERSCRIPT ALEF
 0951..0952    ; Inherited # Mn   [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
 1CD0..1CD2    ; Inherited # Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@ FE20..FE26    ; Inherited # Mn   [7] COMBINING LIGATURE LEFT HALF..COMBINING CON
 1D1AA..1D1AD  ; Inherited # Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
 E0100..E01EF  ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
 
-# Total code points: 524
+# Total code points: 523
 
 # ================================================
 

make/tools/UnicodeData/SpecialCasing.txt

-# SpecialCasing-6.1.0.txt
-# Date: 2011-11-27, 05:10:51 GMT [MD]
+# SpecialCasing-6.2.0.txt
+# Date: 2012-05-23, 20:35:15 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 #

make/tools/UnicodeData/UnicodeData.txt

@@ -7190,6 +7190,7 @@
 20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
 20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
 20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
 20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
 20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
 20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@@ -18703,8 +18704,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
 1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
 12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
 12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
-12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
-12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
+12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
+12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
 12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
 12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
 12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@@ -18739,8 +18740,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
 12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
 12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
 12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
-12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
-12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
+12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
+12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
 12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
 12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
 1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;

make/tools/UnicodeData/VERSION

-6.1.0
+6.2.0

makefiles/GendataTimeZone.gmk

@@ -26,7 +26,7 @@
 GENDATA_TIMEZONE :=
 
 # TODO: read from make/sun/javazic/tzdata/VERSION
-GENDATA_TIMEZONE_VERSION := tzdata2012c
+GENDATA_TIMEZONE_VERSION := tzdata2012i
 
 GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
 GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone

makefiles/Setup.gmk

@@ -45,7 +45,7 @@ $(eval $(call SetupJavaCompiler,GENERATE_JDKBYTECODE,\
      JVM:=$(JAVA),\
      JAVAC:=$(JAVAC_JARS),\
      JAVAH:=$(JAVAH_JARS),\
-     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
+     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
      SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
      SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
 

src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java

 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,12 +55,25 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
     }
 
     static {
-        validTypes = new HashSet<String>(4);
+        validTypes = new HashSet<String>(17);
         validTypes.add("PBEWithMD5AndDES".toUpperCase());
         validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
         validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
         // Proprietary algorithm.
         validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
     }
 
     public static final class PBEWithMD5AndDES
@@ -84,6 +97,27 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
         }
     }
 
+    public static final class PBEWithSHA1AndRC2_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC2_128()  {
+            super("PBEWithSHA1AndRC2_128");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_40()  {
+            super("PBEWithSHA1AndRC4_40");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_128()  {
+            super("PBEWithSHA1AndRC4_128");
+        }
+    }
+
     /*
      * Private proprietary algorithm for supporting JCEKS.
      */
@@ -94,6 +128,75 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
         }
     }
 
+    public static final class PBEWithHmacSHA1AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_128()  {
+            super("PBEWithHmacSHA1AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_128()  {
+            super("PBEWithHmacSHA224AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_128()  {
+            super("PBEWithHmacSHA256AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_128()  {
+            super("PBEWithHmacSHA384AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_128()  {
+            super("PBEWithHmacSHA512AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA1AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_256()  {
+            super("PBEWithHmacSHA1AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_256()  {
+            super("PBEWithHmacSHA224AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_256()  {
+            super("PBEWithHmacSHA256AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_256()  {
+            super("PBEWithHmacSHA384AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_256()  {
+            super("PBEWithHmacSHA512AndAES_256");
+        }
+    }
 
     /**
      * Generates a <code>SecretKey</code> object from the provided key

src/share/classes/com/sun/crypto/provider/PBEParameters.java

 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,9 @@ public final class PBEParameters extends AlgorithmParametersSpi {
     // the iteration count
     private int iCount = 0;
 
+    // the cipher parameter
+    private AlgorithmParameterSpec cipherParam = null;
+
     protected void engineInit(AlgorithmParameterSpec paramSpec)
         throws InvalidParameterSpecException
    {
@@ -66,6 +69,7 @@ public final class PBEParameters extends AlgorithmParametersSpi {
        }
        this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
        this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+       this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
     }
 
     protected void engineInit(byte[] encoded)
@@ -102,7 +106,8 @@ public final class PBEParameters extends AlgorithmParametersSpi {
         throws InvalidParameterSpecException
     {
         if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
+            return paramSpec.cast(
+                new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");

src/share/classes/com/sun/crypto/provider/PBES2Core.java

+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.interfaces.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ * These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
+ * Padding is done as described in PKCS #5.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+abstract class PBES2Core extends CipherSpi {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    // the encapsulated cipher
+    private final CipherCore cipher;
+    private final int keyLength; // in bits
+    private final int blkSize; // in bits
+    private final PBKDF2Core kdf;
+    private final String pbeAlgo;
+    private final String cipherAlgo;
+    private int iCount = DEFAULT_COUNT;
+    private byte[] salt = null;
+    private IvParameterSpec ivSpec = null;
+
+    /**
+     * Creates an instance of PBE Scheme 2 according to the selected
+     * password-based key derivation function and encryption scheme.
+     */
+    PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
+        throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+        this.cipherAlgo = cipherAlgo;
+        keyLength = keySize * 8;
+        pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
+
+        if (cipherAlgo.equals("AES")) {
+            blkSize = AESConstants.AES_BLOCK_SIZE;
+            cipher = new CipherCore(new AESCrypt(), blkSize);
+
+            switch(kdfAlgo) {
+            case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+            case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+            case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+            case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+            case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+            default:
+                throw new NoSuchAlgorithmException(
+                    "No Cipher implementation for " + kdfAlgo);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation for " +
+                                               pbeAlgo);
+        }
+        cipher.setMode("CBC");
+        cipher.setPadding("PKCS5Padding");
+    }
+
+    protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+        if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
+            throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
+        }
+    }
+
+    protected void engineSetPadding(String paddingScheme)
+        throws NoSuchPaddingException {
+        if ((paddingScheme != null) &&
+            (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
+            throw new NoSuchPaddingException("Invalid padding scheme: " +
+                                             paddingScheme);
+        }
+    }
+
+    protected int engineGetBlockSize() {
+        return blkSize;
+    }
+
+    protected int engineGetOutputSize(int inputLen) {
+        return cipher.getOutputSize(inputLen);
+    }
+
+    protected byte[] engineGetIV() {
+        return cipher.getIV();
+    }
+
+    protected AlgorithmParameters engineGetParameters() {
+        AlgorithmParameters params = null;
+        if (salt == null) {
+            // generate random salt and use default iteration count
+            salt = new byte[DEFAULT_SALT_LENGTH];
+            SunJCE.RANDOM.nextBytes(salt);
+            iCount = DEFAULT_COUNT;
+        }
+        if (ivSpec == null) {
+            // generate random IV
+            byte[] ivBytes = new byte[blkSize];
+            SunJCE.RANDOM.nextBytes(ivBytes);
+            ivSpec = new IvParameterSpec(ivBytes);
+        }
+        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
+        try {
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        } catch (NoSuchProviderException nspe) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        }
+        try {
+            params.init(pbeSpec);
+        } catch (InvalidParameterSpecException ipse) {
+            // should never happen
+            throw new RuntimeException("PBEParameterSpec not supported");
+        }
+        return params;
+    }
+
+    protected void engineInit(int opmode, Key key, SecureRandom random)
+        throws InvalidKeyException {
+        try {
+            engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+        } catch (InvalidAlgorithmParameterException ie) {
+            InvalidKeyException ike =
+                new InvalidKeyException("requires PBE parameters");
+            ike.initCause(ie);
+            throw ike;
+        }
+    }
+
+    protected void engineInit(int opmode, Key key,
+                              AlgorithmParameterSpec params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+        if ((key == null) ||
+            (key.getEncoded() == null) ||
+            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+            throw new InvalidKeyException("Missing password");
+        }
+
+        // TBD: consolidate the salt, ic and IV parameter checks below
+
+        // Extract salt and iteration count from the key, if present
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+            if (salt != null && salt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+            if (iCount == 0) {
+                iCount = DEFAULT_COUNT;
+            } else if (iCount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+        }
+
+        // Extract salt, iteration count and IV from the params, if present
+        if (params == null) {
+            if (salt == null) {
+                // generate random salt and use default iteration count
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                random.nextBytes(salt);
+                iCount = DEFAULT_COUNT;
+            }
+            if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            }
+        } else {
+            if (!(params instanceof PBEParameterSpec)) {
+                throw new InvalidAlgorithmParameterException
+                    ("Wrong parameter type: PBE expected");
+            }
+            // salt and iteration count from the params take precedence
+            byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+            if (specSalt != null && specSalt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            salt = specSalt;
+            int specICount = ((PBEParameterSpec) params).getIterationCount();
+            if (specICount == 0) {
+                specICount = DEFAULT_COUNT;
+            } else if (specICount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+            iCount = specICount;
+
+            AlgorithmParameterSpec specParams =
+                ((PBEParameterSpec) params).getParameterSpec();
+            if (specParams != null) {
+                if (specParams instanceof IvParameterSpec) {
+                    ivSpec = (IvParameterSpec)specParams;
+                } else {
+                    throw new InvalidAlgorithmParameterException(
+                        "Wrong parameter type: IV expected");
+                }
+            } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            } else {
+                throw new InvalidAlgorithmParameterException(
+                    "Missing parameter type: IV expected");
+            }
+        }
+
+        SecretKeySpec cipherKey = null;
+        byte[] derivedKey = null;
+        byte[] passwdBytes = key.getEncoded();
+        char[] passwdChars = new char[passwdBytes.length];
+
+        for (int i=0; i<passwdChars.length; i++)
+            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+        java.util.Arrays.fill(passwdBytes, (byte)0x00);
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        derivedKey = s.getEncoded();
+        cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
+
+        // initialize the underlying cipher
+        cipher.init(opmode, cipherKey, ivSpec, random);
+    }
+
+    protected void engineInit(int opmode, Key key, AlgorithmParameters params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        AlgorithmParameterSpec pbeSpec = null;
+        if (params != null) {
+            try {
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+            } catch (InvalidParameterSpecException ipse) {
+                throw new InvalidAlgorithmParameterException(
+                    "Wrong parameter type: PBE expected");
+            }
+        }
+        engineInit(opmode, key, pbeSpec, random);
+    }
+
+    protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+        return cipher.update(input, inputOffset, inputLen);
+    }
+
+    protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+                               byte[] output, int outputOffset)
+        throws ShortBufferException {
+        return cipher.update(input, inputOffset, inputLen,
+                             output, outputOffset);
+    }
+
+    protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+        throws IllegalBlockSizeException, BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen);
+    }
+
+    protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+                                byte[] output, int outputOffset)
+        throws ShortBufferException, IllegalBlockSizeException,
+               BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen,
+                              output, outputOffset);
+    }
+
+    protected int engineGetKeySize(Key key) throws InvalidKeyException {
+        return keyLength;
+    }
+
+    protected byte[] engineWrap(Key key)
+        throws IllegalBlockSizeException, InvalidKeyException {
+        return cipher.wrap(key);
+    }
+
+    protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+                               int wrappedKeyType)
+        throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] encodedKey;
+        return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
+                             wrappedKeyType);
+    }
+
+    public static final class HmacSHA1AndAES_128 extends PBES2Core {
+        public HmacSHA1AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_128 extends PBES2Core {
+        public HmacSHA224AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_128 extends PBES2Core {
+        public HmacSHA256AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_128 extends PBES2Core {
+        public HmacSHA384AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_128 extends PBES2Core {
+        public HmacSHA512AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA1AndAES_256 extends PBES2Core {
+        public HmacSHA1AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_256 extends PBES2Core {
+        public HmacSHA224AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_256 extends PBES2Core {
+        public HmacSHA256AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_256 extends PBES2Core {
+        public HmacSHA384AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_256 extends PBES2Core {
+        public HmacSHA512AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 32);
+        }
+    }
+}

src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java

 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ import javax.crypto.spec.*;
 public final class PBEWithMD5AndDESCipher extends CipherSpi {
 
     // the encapsulated DES cipher
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -58,7 +58,7 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        core = new PBECipherCore("DES");
+        core = new PBES1Core("DES");
     }
 
     /**

src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java

 /*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@ import javax.crypto.spec.*;
  */
 public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
 
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -70,7 +70,7 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
         // set the encapsulated cipher to do triple DES
-        core = new PBECipherCore("DESede");
+        core = new PBES1Core("DESede");
     }
 
     /**

src/share/classes/com/sun/crypto/provider/PBKDF2Core.java

+/*
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * This class implements a key factory for PBE keys derived using
+ * PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
+ * pseudo random function (PRF) as defined in PKCS#5 v2.1.
+ *
+ * @author Valerie Peng
+ *
+ */
+abstract class PBKDF2Core extends SecretKeyFactorySpi {
+
+    private final String prfAlgo;
+
+    PBKDF2Core(String prfAlgo) {
+        this.prfAlgo = prfAlgo;
+    }
+
+    /**
+     * Generates a <code>SecretKey</code> object from the provided key
+     * specification (key material).
+     *
+     * @param keySpec the specification (key material) of the secret key
+     *
+     * @return the secret key
+     *
+     * @exception InvalidKeySpecException if the given key specification
+     * is inappropriate for this key factory to produce a public key.
+     */
+    protected SecretKey engineGenerateSecret(KeySpec keySpec)
+        throws InvalidKeySpecException
+    {
+        if (!(keySpec instanceof PBEKeySpec)) {
+            throw new InvalidKeySpecException("Invalid key spec");
+        }
+        PBEKeySpec ks = (PBEKeySpec) keySpec;
+        return new PBKDF2KeyImpl(ks, prfAlgo);
+    }
+
+    /**
+     * Returns a specification (key material) of the given key
+     * in the requested format.
+     *
+     * @param key the key
+     *
+     * @param keySpec the requested format in which the key material shall be
+     * returned
+     *
+     * @return the underlying key specification (key material) in the
+     * requested format
+     *
+     * @exception InvalidKeySpecException if the requested key
+     * specification is inappropriate for the given key, or the
+     * given key cannot be processed (e.g., the given key has an
+     * unrecognized algorithm or format).
+     */
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
+        throws InvalidKeySpecException {
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            // Check if requested key spec is amongst the valid ones
+            if ((keySpecCl != null)
+                && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                return new PBEKeySpec
+                    (pKey.getPassword(), pKey.getSalt(),
+                     pKey.getIterationCount(), pKey.getEncoded().length*8);
+            } else {
+                throw new InvalidKeySpecException("Invalid key spec");
+            }
+        } else {
+            throw new InvalidKeySpecException("Invalid key " +
+                                               "format/algorithm");
+        }
+    }
+
+    /**
+     * Translates a <code>SecretKey</code> object, whose provider may be
+     * unknown or potentially untrusted, into a corresponding
+     * <code>SecretKey</code> object of this key factory.
+     *
+     * @param key the key whose provider is unknown or untrusted
+     *
+     * @return the translated key
+     *
+     * @exception InvalidKeyException if the given key cannot be processed by
+     * this key factory.
+     */
+    protected SecretKey engineTranslateKey(SecretKey key)
+        throws InvalidKeyException {
+        if ((key != null) &&
+            (key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
+            (key.getFormat().equalsIgnoreCase("RAW"))) {
+
+            // Check if key originates from this factory
+            if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
+                return key;
+            }
+            // Check if key implements the PBEKey
+            if (key instanceof javax.crypto.interfaces.PBEKey) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                try {
+                    PBEKeySpec spec =
+                        new PBEKeySpec(pKey.getPassword(),
+                                       pKey.getSalt(),
+                                       pKey.getIterationCount(),
+                                       pKey.getEncoded().length*8);
+                    return new PBKDF2KeyImpl(spec, prfAlgo);
+                } catch (InvalidKeySpecException re) {
+                    InvalidKeyException ike = new InvalidKeyException
+                        ("Invalid key component(s)");
+                    ike.initCause(re);
+                    throw ike;
+                }
+            }
+        }
+        throw new InvalidKeyException("Invalid key format/algorithm");
+    }
+
+    public static final class HmacSHA1 extends PBKDF2Core {
+        public HmacSHA1() {
+            super("HmacSHA1");
+        }
+    }
+
+    public static final class HmacSHA224 extends PBKDF2Core {
+        public HmacSHA224() {
+            super("HmacSHA224");
+        }
+    }
+
+    public static final class HmacSHA256 extends PBKDF2Core {
+        public HmacSHA256() {
+            super("HmacSHA256");
+        }
+    }
+
+    public static final class HmacSHA384 extends PBKDF2Core {
+        public HmacSHA384() {
+            super("HmacSHA384");
+        }
+    }
+
+    public static final class HmacSHA512 extends PBKDF2Core {
+        public HmacSHA512() {
+            super("HmacSHA512");
+        }
+    }
+}

src/share/classes/com/sun/crypto/provider/PBMAC1Core.java

+/*
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.util.Arrays;
+import java.nio.ByteBuffer;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This is an implementation of the PBMAC1 algorithms as defined
+ * in PKCS#5 v2.1 standard.
+ */
+abstract class PBMAC1Core extends HmacCore {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    private final String kdfAlgo;
+    private final String hashAlgo;
+    private final PBKDF2Core kdf;
+    private final int blockLength; // in octets
+
+    /**
+     * Creates an instance of PBMAC1 according to the selected
+     * password-based key derivation function.
+     */
+    PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
+        throws NoSuchAlgorithmException {
+
+        super(hashAlgo, blockLength);
+        this.kdfAlgo = kdfAlgo;
+        this.hashAlgo = hashAlgo;
+        this.blockLength = blockLength;
+
+        switch(kdfAlgo) {
+        case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+        case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+        case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+        case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+        case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+        default:
+                throw new NoSuchAlgorithmException(
+                    "No MAC implementation for " + kdfAlgo);
+        }
+    }
+
+    /**
+     * Initializes the HMAC with the given secret key and algorithm parameters.
+     *
+     * @param key the secret key.
+     * @param params the algorithm parameters.
+     *
+     * @exception InvalidKeyException if the given key is inappropriate for
+     * initializing this MAC.
+     * @exception InvalidAlgorithmParameterException if the given algorithm
+     * parameters are inappropriate for this MAC.
+     */
+    protected void engineInit(Key key, AlgorithmParameterSpec params)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        char[] passwdChars;
+        byte[] salt = null;
+        int iCount = 0;
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            javax.crypto.interfaces.PBEKey pbeKey =
+                (javax.crypto.interfaces.PBEKey) key;
+            passwdChars = pbeKey.getPassword();
+            salt = pbeKey.getSalt(); // maybe null if unspecified
+            iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
+        } else if (key instanceof SecretKey) {
+            byte[] passwdBytes = key.getEncoded();
+            if ((passwdBytes == null) ||
+                !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+                throw new InvalidKeyException("Missing password");
+            }
+            passwdChars = new char[passwdBytes.length];
+            for (int i=0; i<passwdChars.length; i++) {
+                passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+            }
+        } else {
+            throw new InvalidKeyException("SecretKey of PBE type required");
+        }
+        if (params == null) {
+            // generate default for salt and iteration count if necessary
+            if (salt == null) {
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                SunJCE.RANDOM.nextBytes(salt);
+            }
+            if (iCount == 0) iCount = DEFAULT_COUNT;
+        } else if (!(params instanceof PBEParameterSpec)) {
+            throw new InvalidAlgorithmParameterException
+                ("PBEParameterSpec type required");
+        } else {
+            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+            // make sure the parameter values are consistent
+            if (salt != null) {
+                if (!Arrays.equals(salt, pbeParams.getSalt())) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Inconsistent value of salt between key and params");
+                }
+            } else {
+                salt = pbeParams.getSalt();
+            }
+            if (iCount != 0) {
+                if (iCount != pbeParams.getIterationCount()) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Different iteration count between key and params");
+                }
+            } else {
+                iCount = pbeParams.getIterationCount();
+            }
+        }
+        // For security purpose, we need to enforce a minimum length
+        // for salt; just require the minimum salt length to be 8-byte
+        // which is what PKCS#5 recommends and openssl does.
+        if (salt.length < 8) {
+            throw new InvalidAlgorithmParameterException
+                ("Salt must be at least 8 bytes long");
+        }
+        if (iCount <= 0) {
+            throw new InvalidAlgorithmParameterException
+                ("IterationCount must be a positive number");
+        }
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blockLength);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        byte[] derivedKey = s.getEncoded();
+        SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
+
+        super.engineInit(cipherKey, null);
+    }
+
+    public static final class HmacSHA1 extends PBMAC1Core {
+        public HmacSHA1() throws NoSuchAlgorithmException {
+            super("HmacSHA1", "SHA1", 64);
+        }
+    }
+
+    public static final class HmacSHA224 extends PBMAC1Core {
+        public HmacSHA224() throws NoSuchAlgorithmException {
+            super("HmacSHA224", "SHA-224", 64);
+        }
+    }
+
+    public static final class HmacSHA256 extends PBMAC1Core {
+        public HmacSHA256() throws NoSuchAlgorithmException {
+            super("HmacSHA256", "SHA-256", 64);
+        }
+    }
+
+    public static final class HmacSHA384 extends PBMAC1Core {
+        public HmacSHA384() throws NoSuchAlgorithmException {
+            super("HmacSHA384", "SHA-384", 128);
+        }
+    }
+
+    public static final class HmacSHA512 extends PBMAC1Core {
+        public HmacSHA512() throws NoSuchAlgorithmException {
+            super("HmacSHA512", "SHA-512", 128);
+        }
+    }
+}

src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java

@@ -35,19 +35,24 @@ import javax.crypto.spec.*;
 
 /**
  * This class implements password-base encryption algorithm with
- * SHA1 digest and the following Ciphers in CBC mode
+ * SHA1 digest and the following Ciphers (in CBC mode, where applicable):
  * - DESede cipher and
- * - RC2 Cipher with 40-bit effective key length
+ * - RC2 Cipher with 40-bit or 128-bit effective key length and
+ * - RC4 Cipher with 40-bit or 128-bit effective key length
  * as defined by PKCS #12 version 1.0 standard.
  *
  * @author Valerie Peng
  * @see javax.crypto.CipherSpi
  */
 final class PKCS12PBECipherCore {
+
+    // TBD: replace CipherCore with a CipherSpi object to simplify maintenance
+
     private CipherCore cipher;
     private int blockSize;
     private int keySize;
     private String algo = null;
+    private String pbeAlgo = null;
     private byte[] salt = null;
     private int iCount = 0;
 
@@ -58,8 +63,16 @@ final class PKCS12PBECipherCore {
     static final int CIPHER_IV = 2;
     static final int MAC_KEY = 3;
 
+    // Uses default hash algorithm (SHA-1)
     static byte[] derive(char[] chars, byte[] salt,
                          int ic, int n, int type) {
+        return derive(chars, salt, ic, n, type, "SHA-1", 64);
+    }
+
+    // Uses supplied hash algorithm
+    static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
+        String hashAlgo, int blockLength) {
+
         // Add in trailing NULL terminator.  Special case:
         // no terminator if password is "\0".
         int length = chars.length*2;
@@ -75,21 +88,23 @@ final class PKCS12PBECipherCore {
             passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
             passwd[j+1] = (byte) (chars[i] & 0xFF);
         }
-        int v = 512 / 8;
-        int u = 160 / 8;
-        int c = roundup(n, u) / u;
-        byte[] D = new byte[v];
-        int s = roundup(salt.length, v);
-        int p = roundup(passwd.length, v);
-        byte[] I = new byte[s + p];
         byte[] key = new byte[n];
 
-        Arrays.fill(D, (byte)type);
-        concat(salt, I, 0, s);
-        concat(passwd, I, s, p);
-
         try {
-            MessageDigest sha = MessageDigest.getInstance("SHA1");
+            MessageDigest sha = MessageDigest.getInstance(hashAlgo);
+
+            int v = blockLength;
+            int u = sha.getDigestLength();
+            int c = roundup(n, u) / u;
+            byte[] D = new byte[v];
+            int s = roundup(salt.length, v);
+            int p = roundup(passwd.length, v);
+            byte[] I = new byte[s + p];
+
+            Arrays.fill(D, (byte)type);
+            concat(salt, I, 0, s);
+            concat(passwd, I, s, p);
+
             byte[] Ai;
             byte[] B = new byte[v];
             byte[] tmp = new byte[v];
@@ -150,23 +165,30 @@ final class PKCS12PBECipherCore {
 
     PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
         throws NoSuchAlgorithmException {
+
         algo = symmCipherAlg;
-        SymmetricCipher symmCipher = null;
-        if (algo.equals("DESede")) {
-            symmCipher = new DESedeCrypt();
-        } else if (algo.equals("RC2")) {
-            symmCipher = new RC2Crypt();
+        if (algo.equals("RC4")) {
+            pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
         } else {
-            throw new NoSuchAlgorithmException("No Cipher implementation " +
+            SymmetricCipher symmCipher = null;
+            if (algo.equals("DESede")) {
+                symmCipher = new DESedeCrypt();
+                pbeAlgo = "PBEWithSHA1AndDESede";
+            } else if (algo.equals("RC2")) {
+                symmCipher = new RC2Crypt();
+                pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
+            } else {
+                throw new NoSuchAlgorithmException("No Cipher implementation " +
                        "for PBEWithSHA1And" + algo);
-        }
-        blockSize = symmCipher.getBlockSize();
-        cipher = new CipherCore(symmCipher, blockSize);
-        cipher.setMode("CBC");
-        try {
-            cipher.setPadding("PKCS5Padding");
-        } catch (NoSuchPaddingException nspe) {
-            // should not happen
+            }
+            blockSize = symmCipher.getBlockSize();
+            cipher = new CipherCore(symmCipher, blockSize);
+            cipher.setMode("CBC");
+            try {
+                cipher.setPadding("PKCS5Padding");
+            } catch (NoSuchPaddingException nspe) {
+                // should not happen
+            }
         }
         keySize = defKeySize;
     }
@@ -210,8 +232,7 @@ final class PKCS12PBECipherCore {
         }
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
-            params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
-                (algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
         } catch (GeneralSecurityException gse) {
             // should never happen
             throw new RuntimeException(
@@ -229,6 +250,13 @@ final class PKCS12PBECipherCore {
     void implInit(int opmode, Key key, AlgorithmParameterSpec params,
                   SecureRandom random) throws InvalidKeyException,
         InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameterSpec params,
+                  SecureRandom random, CipherSpi cipherImpl)
+                      throws InvalidKeyException,
+        InvalidAlgorithmParameterException {
         char[] passwdChars = null;
         salt = null;
         iCount = 0;
@@ -309,17 +337,29 @@ final class PKCS12PBECipherCore {
         byte[] derivedKey = derive(passwdChars, salt, iCount,
                                    keySize, CIPHER_KEY);
         SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
-        byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+
+        if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+            ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
+        } else {
+            byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
                                   CIPHER_IV);
-        IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+            IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
 
-        // initialize the underlying cipher
-        cipher.init(opmode, cipherKey, ivSpec, random);
+            // initialize the underlying cipher
+            cipher.init(opmode, cipherKey, ivSpec, random);
+        }
     }
 
     void implInit(int opmode, Key key, AlgorithmParameters params,
                   SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameters params,
+                  SecureRandom random, CipherSpi cipherImpl)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
         AlgorithmParameterSpec paramSpec = null;
         if (params != null) {
             try {
@@ -329,13 +369,19 @@ final class PKCS12PBECipherCore {
                     "requires PBE parameters");
             }
         }
-        implInit(opmode, key, paramSpec, random);
+        implInit(opmode, key, paramSpec, random, cipherImpl);
     }
 
     void implInit(int opmode, Key key, SecureRandom random)
         throws InvalidKeyException {
+        implInit(opmode, key, random, null);
+    }
+
+    void implInit(int opmode, Key key, SecureRandom random,
+        CipherSpi cipherImpl) throws InvalidKeyException {
         try {
-            implInit(opmode, key, (AlgorithmParameterSpec) null, random);
+            implInit(opmode, key, (AlgorithmParameterSpec) null, random,
+                cipherImpl);
         } catch (InvalidAlgorithmParameterException iape) {
             throw new InvalidKeyException("requires PBE parameters");
         }
@@ -526,4 +572,245 @@ final class PKCS12PBECipherCore {
             return core.implWrap(key);
         }
     }
+
+    public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
+        private final PKCS12PBECipherCore core;
+        public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC2", 16);
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return core.implGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return core.implGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return core.implGetKeySize(key);
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return core.implGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            core.implSetMode(mode);
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            core.implSetPadding(paddingScheme);
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return core.implUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return core.implUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return core.implWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 5;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 16;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
 }

src/share/classes/com/sun/crypto/provider/SunJCE.java

@@ -77,10 +77,14 @@ public final class SunJCE extends Provider {
     "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
     + "Diffie-Hellman, HMAC)";
 
-    private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
+    private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+    private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
     private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+    private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
+    private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
     private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
     private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+    private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
     private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
 
     /* Are we debugging? -- for developers */
@@ -138,14 +142,26 @@ public final class SunJCE extends Provider {
                     put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
                     put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
 
+                    // PBES1
+
                     put("Cipher.PBEWithMD5AndDES",
                         "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
                     put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
                     put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
+
                     put("Cipher.PBEWithMD5AndTripleDES",
                         "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+
+                    put("Cipher.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+
                     put("Cipher.PBEWithSHA1AndRC2_40",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
                         "PBEWithSHA1AndRC2_40");
@@ -153,13 +169,70 @@ public final class SunJCE extends Provider {
                         "PBEWithSHA1AndRC2_40");
                     put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
-                    put("Cipher.PBEWithSHA1AndDESede",
+
+                    put("Cipher.PBEWithSHA1AndRC2_128",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("Cipher.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("Cipher.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    //PBES2
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_256");
 
                     put("Cipher.Blowfish",
                         "com.sun.crypto.provider.BlowfishCipher");
@@ -301,6 +374,7 @@ public final class SunJCE extends Provider {
                         "DiffieHellman");
                     put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
                         "DiffieHellman");
+
                     /*
                      * Algorithm parameter generation engines
                      */
@@ -371,6 +445,64 @@ public final class SunJCE extends Provider {
                     put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("AlgorithmParameters.PBES2",
+                        "com.sun.crypto.provider.PBES2Parameters$General");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
+                        "PBES2");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
+                        "PBES2");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+
                     put("AlgorithmParameters.Blowfish",
                         "com.sun.crypto.provider.BlowfishParameters");
 
@@ -378,6 +510,7 @@ public final class SunJCE extends Provider {
                         "com.sun.crypto.provider.AESParameters");
                     put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
+
                     put("AlgorithmParameters.RC2",
                         "com.sun.crypto.provider.RC2Parameters");
 
@@ -393,6 +526,7 @@ public final class SunJCE extends Provider {
                     put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
                         "DiffieHellman");
                     put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+
                     /*
                      * Secret-key factories
                      */
@@ -441,13 +575,90 @@ public final class SunJCE extends Provider {
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_256");
+
+                    // PBKDF2
+
                     put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                        "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
                     put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
 
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA224",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA256",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA384",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA512",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
                     /*
                      * MAC
                      */
@@ -475,6 +686,19 @@ public final class SunJCE extends Provider {
                     put("Mac.HmacPBESHA1",
                         "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
+                    // PBMAC1
+
+                    put("Mac.PBEWithHmacSHA1",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
+                    put("Mac.PBEWithHmacSHA224",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
+                    put("Mac.PBEWithHmacSHA256",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
+                    put("Mac.PBEWithHmacSHA384",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
+                    put("Mac.PBEWithHmacSHA512",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
+
                     put("Mac.SslMacMD5",
                         "com.sun.crypto.provider.SslMacCore$SslMacMD5");
                     put("Mac.SslMacSHA1",
@@ -487,6 +711,10 @@ public final class SunJCE extends Provider {
                     put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
                     put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
                     put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
 

src/share/classes/com/sun/java/util/jar/pack/Constants.java

@@ -59,6 +59,9 @@ class Constants {
     public final static Package.Version JAVA7_MAX_CLASS_VERSION =
             Package.Version.of(51, 00);
 
+    public final static Package.Version JAVA8_MAX_CLASS_VERSION =
+            Package.Version.of(52, 00);
+
     public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
 
     public final static Package.Version JAVA5_PACKAGE_VERSION =
@@ -72,7 +75,7 @@ class Constants {
 
     // upper limit, should point to the latest class version
     public final static Package.Version JAVA_MAX_CLASS_VERSION =
-            JAVA7_MAX_CLASS_VERSION;
+            JAVA8_MAX_CLASS_VERSION;
 
     // upper limit should point to the latest package version, for version info!.
     public final static Package.Version MAX_PACKAGE_VERSION =

src/share/classes/com/sun/naming/internal/ResourceManager.java

@@ -542,14 +542,26 @@ public final class ResourceManager {
             try {
                 NamingEnumeration<InputStream> resources =
                     helper.getResources(cl, APP_RESOURCE_FILE_NAME);
-                while (resources.hasMore()) {
-                    Properties props = new Properties();
-                    props.load(resources.next());
-
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                try {
+                    while (resources.hasMore()) {
+                        Properties props = new Properties();
+                        InputStream istream = resources.next();
+                        try {
+                            props.load(istream);
+                        } finally {
+                            istream.close();
+                        }
+
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    }
+                } finally {
+                    while (resources.hasMore()) {
+                        InputStream istream = (InputStream)resources.next();
+                        istream.close();
                     }
                 }
 
@@ -557,13 +569,17 @@ public final class ResourceManager {
                 InputStream istream =
                     helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
                 if (istream != null) {
-                    Properties props = new Properties();
-                    props.load(istream);
-
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                    try {
+                        Properties props = new Properties();
+                        props.load(istream);
+
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    } finally {
+                        istream.close();
                     }
                 }
 

src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java

+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSCredential interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
+ * @since 1.8
+ */
+public interface ExtendedGSSCredential extends GSSCredential {
+    /**
+     * Impersonates a principal. In Kerberos, this can be implemented
+     * using the Microsoft S4U2self extension.
+     * <p>
+     * A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
+     * impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
+     * will be  thrown if the impersonation method is not available to this
+     * credential object.
+     * @param name the name of the principal to impersonate
+     * @return a credential for that principal
+     * @throws GSSException  containing the following
+     * major error codes:
+     *   {@link GSSException#NO_CRED GSSException.NO_CRED}
+     *   {@link GSSException#FAILURE GSSException.FAILURE}
+     */
+    public GSSCredential impersonate(GSSName name) throws GSSException;
+}

src/share/classes/java/lang/Character.java

@@ -40,7 +40,7 @@ import java.util.Locale;
  * a character's category (lowercase letter, digit, etc.) and for converting
  * characters from uppercase to lowercase and vice versa.
  * <p>
- * Character information is based on the Unicode Standard, version 6.1.0.
+ * Character information is based on the Unicode Standard, version 6.2.0.
  * <p>
  * The methods and data of class {@code Character} are defined by
  * the information in the <i>UnicodeData</i> file that is part of the
@@ -3758,8 +3758,7 @@ class Character implements java.io.Serializable, Comparable<Character> {
             0x0640,   // 0640..0640; COMMON
             0x0641,   // 0641..064A; ARABIC
             0x064B,   // 064B..0655; INHERITED
-            0x0656,   // 0656..065E; ARABIC
-            0x065F,   // 065F..065F; INHERITED
+            0x0656,   // 0656..065F; ARABIC
             0x0660,   // 0660..0669; COMMON
             0x066A,   // 066A..066F; ARABIC
             0x0670,   // 0670..0670; INHERITED
@@ -4081,7 +4080,6 @@ class Character implements java.io.Serializable, Comparable<Character> {
             ARABIC,
             INHERITED,
             ARABIC,
-            INHERITED,
             COMMON,
             ARABIC,
             INHERITED,

src/share/classes/java/lang/Math.java

@@ -742,6 +742,7 @@ public final class Math {
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int addExact(int x, int y) {
         int r = x + y;
@@ -760,6 +761,7 @@ public final class Math {
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long addExact(long x, long y) {
         long r = x + y;
@@ -778,6 +780,7 @@ public final class Math {
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int subtractExact(int x, int y) {
         int r = x - y;
@@ -797,6 +800,7 @@ public final class Math {
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long subtractExact(long x, long y) {
         long r = x - y;
@@ -816,6 +820,7 @@ public final class Math {
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int multiplyExact(int x, int y) {
         long r = (long)x * (long)y;
@@ -833,6 +838,7 @@ public final class Math {
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long multiplyExact(long x, long y) {
         long r = x * y;
@@ -857,6 +863,7 @@ public final class Math {
      * @param value the long value
      * @return the argument as an int
      * @throws ArithmeticException if the {@code argument} overflows an int
+     * @since 1.8
      */
     public static int toIntExact(long value) {
         if ((int)value != value) {
@@ -865,6 +872,159 @@ public final class Math {
         return (int)value;
     }
 
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results of
+     *       {@code floorDiv} and the {@code /} operator are the same.  <br>
+     *       For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.</li>
+     *   <li>If the signs of the arguments are different,  the quotient is negative and
+     *       {@code floorDiv} returns the integer less than or equal to the quotient
+     *       and the {@code /} operator returns the integer closest to zero.<br>
+     *       For example, {@code floorDiv(-4, 3) == -2},
+     *       whereas {@code (-4 / 3) == -1}.
+     *   </li>
+     * </ul>
+     * <p>
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(int, int)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        int r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <p>
+     * For examples, see {@link #floorDiv(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(long, long)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        long r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * The difference in values between {@code floorMod} and
+     * the {@code %} operator is due to the difference between
+     * {@code floorDiv} that returns the integer less than or equal to the quotient
+     * and the {@code /} operator that returns the integer closest to zero.
+     * <p>
+     * Examples:
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results
+     *       of {@code floorMod} and the {@code %} operator are the same.  <br>
+     *       <ul>
+     *       <li>{@code floorMod(4, 3) == 1}; &nbsp; and {@code (4 % 3) == 1}</li>
+     *       </ul>
+     *   <li>If the signs of the arguments are different, the results differ from the {@code %} operator.<br>
+     *      <ul>
+     *      <li>{@code floorMod(+4, -3) == -2}; &nbsp; and {@code (+4 % -3) == +1} </li>
+     *      <li>{@code floorMod(-4, +3) == +2}; &nbsp; and {@code (-4 % +3) == -1} </li>
+     *      <li>{@code floorMod(-4, -3) == -1}; &nbsp; and {@code (-4 % -3) == -1 } </li>
+     *      </ul>
+     *   </li>
+     * </ul>
+     * <p>
+     * If the signs of arguments are unknown and a positive modulus
+     * is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        int r = x - floorDiv(x, y) * y;
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * For examples, see {@link #floorMod(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return x - floorDiv(x, y) * y;
+    }
+
     /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.

src/share/classes/java/lang/StrictMath.java

@@ -365,7 +365,7 @@ public final class StrictMath {
      * @param a the value to be floored or ceiled
      * @param negativeBoundary result for values in (-1, 0)
      * @param positiveBoundary result for values in (0, 1)
-     * @param sign the sign of the result
+     * @param increment value to add when the argument is non-integral
      */
     private static double floorOrCeil(double a,
                                       double negativeBoundary,
@@ -702,7 +702,7 @@ public final class StrictMath {
      * <p>This method is properly synchronized to allow correct use by
      * more than one thread. However, if many threads need to generate
      * pseudorandom numbers at a great rate, it may reduce contention
-     * for each thread to have its own pseudorandom number generator.
+     * for each thread to have its own pseudorandom-number generator.
      *
      * @return  a pseudorandom {@code double} greater than or equal
      * to {@code 0.0} and less than {@code 1.0}.
@@ -745,7 +745,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -760,7 +760,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -775,7 +775,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -790,7 +790,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -805,7 +805,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return the value of the {@code long} argument;
+     * Returns the value of the {@code long} argument;
      * throwing an exception if the value overflows an {@code int}.
      *
      * @param value the long value
@@ -818,6 +818,107 @@ public final class StrictMath {
         return Math.toIntExact(value);
     }
 
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(int, int)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(long, long)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(int, int)
+     * @see StrictMath#floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        return Math.floorMod(x , y);
+    }
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(long, long)
+     * @see StrictMath#floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return Math.floorMod(x, y);
+    }
+
     /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.
@@ -1543,7 +1644,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return {@code d} &times;
+     * Returns {@code d} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the double value set.  See the Java
@@ -1577,7 +1678,7 @@ public final class StrictMath {
     }
 
     /**
-     * Return {@code f} &times;
+     * Returns {@code f} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the float value set.  See the Java

src/share/classes/java/lang/annotation/ElementType.java

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@ public enum ElementType {
     /** Method declaration */
     METHOD,
 
-    /** Parameter declaration */
+    /** Formal parameter declaration */
     PARAMETER,
 
     /** Constructor declaration */
@@ -59,5 +59,19 @@ public enum ElementType {
     ANNOTATION_TYPE,
 
     /** Package declaration */
-    PACKAGE
+    PACKAGE,
+
+    /**
+     * Type parameter declaration
+     *
+     * @since 1.8
+     */
+    TYPE_PARAMETER,
+
+    /**
+     * Use of a type
+     *
+     * @since 1.8
+     */
+    TYPE_USE
 }

src/share/classes/java/security/cert/CertPathBuilder.java

@@ -315,12 +315,14 @@ public class CertPathBuilder {
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathBuilderSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8

src/share/classes/java/security/cert/CertPathValidator.java

@@ -327,12 +327,14 @@ public class CertPathValidator {
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathValidatorSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8

src/share/classes/java/security/cert/PKIXRevocationChecker.java

@@ -63,8 +63,8 @@ import java.util.Set;
  * and then the {@code PKIXParameters} is passed along with the {@code CertPath}
  * to be validated to the {@link CertPathValidator#validate validate} method
  * of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
- * this manner, do not enable the default revocation checking mechanism (by
- * calling {@link PKIXParameters#setRevocationEnabled}.
+ * this manner, it will be used to check revocation irrespective of the setting
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
  *
  * <p>Note that when a {@code PKIXRevocationChecker} is added to
  * {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@@ -88,7 +88,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     private URI ocspResponder;
     private X509Certificate ocspResponderCert;
     private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
-    private Map<X509Certificate, byte[]> ocspStapled = Collections.emptyMap();
+    private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
     private Set<Option> options = Collections.emptySet();
 
     protected PKIXRevocationChecker() {}
@@ -169,40 +169,40 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     }
 
     /**
-     * Sets the stapled OCSP responses. These responses are used to determine
+     * Sets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @param responses a map of stapled OCSP responses. Each key is an
+     * @param responses a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is performed to protect against subsequent modification.
      */
-    public void setOCSPStapledResponses(Map<X509Certificate, byte[]> responses)
+    public void setOCSPResponses(Map<X509Certificate, byte[]> responses)
     {
         if (responses == null) {
-            this.ocspStapled = Collections.<X509Certificate, byte[]>emptyMap();
+            this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
         } else {
             Map<X509Certificate, byte[]> copy = new HashMap<>(responses.size());
             for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
                 copy.put(e.getKey(), e.getValue().clone());
             }
-            this.ocspStapled = copy;
+            this.ocspResponses = copy;
         }
     }
 
     /**
-     * Gets the stapled OCSP responses. These responses are used to determine
+     * Gets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @return a map of stapled OCSP responses. Each key is an
+     * @return a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is returned to protect against subsequent modification.
      *        Returns an empty map if no responses have been specified.
      */
-    public Map<X509Certificate, byte[]> getOCSPStapledResponses() {
-        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspStapled.size());
-        for (Map.Entry<X509Certificate, byte[]> e : ocspStapled.entrySet()) {
+    public Map<X509Certificate, byte[]> getOCSPResponses() {
+        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
+        for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
             copy.put(e.getKey(), e.getValue().clone());
         }
         return copy;
@@ -234,10 +234,10 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
     public Object clone() {
         PKIXRevocationChecker copy = (PKIXRevocationChecker)super.clone();
         copy.ocspExtensions = new ArrayList<>(ocspExtensions);
-        copy.ocspStapled = new HashMap<>(ocspStapled);
-        // deep-copy the encoded stapled responses, since they are mutable
+        copy.ocspResponses = new HashMap<>(ocspResponses);
+        // deep-copy the encoded responses, since they are mutable
         for (Map.Entry<X509Certificate, byte[]> entry :
-                 copy.ocspStapled.entrySet())
+                 copy.ocspResponses.entrySet())
         {
             byte[] encoded = entry.getValue();
             entry.setValue(encoded.clone());

src/share/classes/javax/crypto/spec/PBEParameterSpec.java

 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
 
     private byte[] salt;
     private int iterationCount;
+    private AlgorithmParameterSpec paramSpec = null;
 
     /**
      * Constructs a parameter set for password-based encryption as defined in
@@ -56,6 +57,25 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
         this.iterationCount = iterationCount;
     }
 
+    /**
+     * Constructs a parameter set for password-based encryption as defined in
+     * the PKCS #5 standard.
+     *
+     * @param salt the salt. The contents of <code>salt</code> are copied
+     * to protect against subsequent modification.
+     * @param iterationCount the iteration count.
+     * @param paramSpec the cipher algorithm parameter specification.
+     * @exception NullPointerException if <code>salt</code> is null.
+     *
+     * @since 1.8
+     */
+    public PBEParameterSpec(byte[] salt, int iterationCount,
+            AlgorithmParameterSpec paramSpec) {
+        this.salt = salt.clone();
+        this.iterationCount = iterationCount;
+        this.paramSpec = paramSpec;
+    }
+
     /**
      * Returns the salt.
      *
@@ -74,4 +94,15 @@ public class PBEParameterSpec implements AlgorithmParameterSpec {
     public int getIterationCount() {
         return this.iterationCount;
     }
+
+    /**
+     * Returns the cipher algorithm parameter specification.
+     *
+     * @return the parameter specification, or null if none was set.
+     *
+     * @since 1.8
+     */
+    public AlgorithmParameterSpec getParameterSpec() {
+        return this.paramSpec;
+    }
 }

src/share/classes/javax/sql/rowset/serial/SerialArray.java

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@ import java.sql.*;
 import java.io.*;
 import java.util.Map;
 import java.net.URL;
-
+import java.util.Arrays;
 
 /**
  * A serialized version of an <code>Array</code>
@@ -524,6 +524,97 @@ public class SerialArray implements Array, Serializable, Cloneable {
         throw new UnsupportedOperationException();
     }
 
+    /**
+     * Compares this SerialArray to the specified object.  The result is {@code
+     * true} if and only if the argument is not {@code null} and is a {@code
+     * SerialArray} object whose elements are identical to this object's elements
+     *
+     * @param  obj The object to compare this {@code SerialArray} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialArray}
+     *          equivalent to this SerialArray, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+
+        if (obj instanceof SerialArray) {
+            SerialArray sa = (SerialArray)obj;
+            return baseType == sa.baseType &&
+                    baseTypeName.equals(sa.baseTypeName) &&
+                    Arrays.equals(elements, sa.elements);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialArray. The hash code for a
+     * {@code SerialArray} object is computed using the hash codes
+     * of the elements of the  {@code SerialArray} object
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return (((31 + Arrays.hashCode(elements)) * 31 + len)  * 31 +
+                baseType) * 31 + baseTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialArray}. The copy will contain a
+     * reference to a clone of the underlying objects array, not a reference
+     * to the original underlying object array of this {@code SerialArray} object.
+     *
+     * @return  a clone of this SerialArray
+     */
+    public Object clone() {
+        try {
+            SerialArray sa = (SerialArray) super.clone();
+            sa.elements = Arrays.copyOf(elements, len);
+            return sa;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialArray} from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+       ObjectInputStream.GetField fields = s.readFields();
+       Object[] tmp = (Object[])fields.get("elements", null);
+       if (tmp == null)
+           throw new InvalidObjectException("elements is null and should not be!");
+       elements = tmp.clone();
+       len = fields.get("len", 0);
+       if(elements.length != len)
+           throw new InvalidObjectException("elements is not the expected size");
+
+       baseType = fields.get("baseType", 0);
+       baseTypeName = (String)fields.get("baseTypeName", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialArray}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("elements", elements);
+        fields.put("len", len);
+        fields.put("baseType", baseType);
+        fields.put("baseTypeName", baseTypeName);
+        s.writeFields();
+    }
+
     /**
      * The identifier that assists in the serialization of this <code>SerialArray</code>
      * object.

src/share/classes/javax/sql/rowset/serial/SerialDatalink.java

 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -100,10 +100,64 @@ public class SerialDatalink implements Serializable, Cloneable {
         return aURL;
     }
 
+    /**
+     * Compares this {@code SerialDatalink} to the specified object.
+     * The result is {@code true} if and only if the argument is not
+     * {@code null} and is a {@code SerialDatalink} object whose URL is
+     * identical to this object's URL
+     *
+     * @param  obj The object to compare this {@code SerialDatalink} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialDatalink}
+     *          equivalent to this SerialDatalink, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SerialDatalink) {
+            SerialDatalink sdl = (SerialDatalink) obj;
+            return url.equals(sdl.url);
+        }
+        return false;
+    }
 
     /**
-         * The identifier that assists in the serialization of this <code>SerialDatalink</code>
-     * object.
+     * Returns a hash code for this {@code SerialDatalink}. The hash code for a
+     * {@code SerialDatalink} object is taken as the hash code of
+     * the {@code URL} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + url.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialDatalink}.
+     *
+     * @return  a clone of this SerialDatalink
+     */
+    public Object clone() {
+        try {
+            SerialDatalink sdl = (SerialDatalink) super.clone();
+            return sdl;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
+
+    /**
+     * readObject and writeObject are called to restore the state
+     * of the {@code SerialDatalink}
+     * from a stream. Note: we leverage the default Serialized form
+     */
+
+    /**
+     * The identifier that assists in the serialization of this
+     *  {@code SerialDatalink} object.
      */
     static final long serialVersionUID = 2826907821828733626L;
 }

src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java

 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@ package javax.sql.rowset.serial;
 
 import java.io.*;
 import java.lang.reflect.*;
+import java.util.Arrays;
+import java.util.Vector;
 import javax.sql.rowset.RowSetWarning;
 
 /**
@@ -49,7 +51,7 @@ public class SerialJavaObject implements Serializable, Cloneable {
     /**
      * Placeholder for object to be serialized.
      */
-    private final Object obj;
+    private Object obj;
 
 
    /**
@@ -82,18 +84,9 @@ public class SerialJavaObject implements Serializable, Cloneable {
         // any of these are static, this should invalidate
         // the action of attempting to persist these fields
         // in a serialized form
-
-        boolean anyStaticFields = false;
         fields = c.getFields();
 
-        for (int i = 0; i < fields.length; i++ ) {
-            if ( fields[i].getModifiers() == Modifier.STATIC ) {
-                anyStaticFields = true;
-            }
-        }
-
-
-        if (anyStaticFields) {
+        if (hasStaticFields(fields)) {
             throw new SerialException("Located static fields in " +
                 "object instance. Cannot serialize");
         }
@@ -132,7 +125,7 @@ public class SerialJavaObject implements Serializable, Cloneable {
     }
 
     /**
-         * The identifier that assists in the serialization of this
+     * The identifier that assists in the serialization of this
      * <code>SerialJavaObject</code> object.
      */
     static final long serialVersionUID = -1465795139032831023L;
@@ -142,15 +135,117 @@ public class SerialJavaObject implements Serializable, Cloneable {
      * object. When there are multiple warnings, each warning is chained to the
      * previous warning.
      */
-    java.util.Vector<RowSetWarning> chain;
+    Vector<RowSetWarning> chain;
+
+    /**
+     * Compares this SerialJavaObject to the specified object.
+     * The result is {@code true} if and only if the argument
+     * is not {@code null} and is a {@code SerialJavaObject}
+     * object that is identical to this object
+     *
+     * @param  o The object to compare this {@code SerialJavaObject} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialJavaObject}
+     *          equivalent to this SerialJavaObject, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o instanceof SerialJavaObject) {
+            SerialJavaObject sjo = (SerialJavaObject) o;
+            return obj.equals(sjo.obj);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialJavaObject. The hash code for a
+     * {@code SerialJavaObject} object is taken as the hash code of
+     * the {@code Object} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + obj.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialJavaObject}.
+     *
+     * @return  a clone of this SerialJavaObject
+     */
+
+    public Object clone() {
+        try {
+            SerialJavaObject sjo = (SerialJavaObject) super.clone();
+            sjo.fields = Arrays.copyOf(fields, fields.length);
+            if (chain != null)
+                sjo.chain = new Vector<>(chain);
+            return sjo;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
 
     /**
      * Registers the given warning.
      */
     private void setWarning(RowSetWarning e) {
         if (chain == null) {
-            chain = new java.util.Vector<>();
+            chain = new Vector<>();
         }
         chain.add(e);
     }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialJavaObject}
+     * from a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectInputStream.GetField fields1 = s.readFields();
+        @SuppressWarnings("unchecked")
+        Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
+        if (tmp != null)
+            chain = new Vector<>(tmp);
+
+        obj = fields1.get("obj", null);
+        if (obj != null) {
+            fields = obj.getClass().getFields();
+            if(hasStaticFields(fields))
+                throw new IOException("Located static fields in " +
+                "object instance. Cannot serialize");
+        } else {
+            throw new IOException("Object cannot be null!");
+        }
+
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialJavaObject}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException {
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("obj", obj);
+        fields.put("chain", chain);
+        s.writeFields();
+    }
+
+    /*
+     * Check to see if there are any Static Fields in this object
+     */
+    private static boolean hasStaticFields(Field[] fields) {
+        for (Field field : fields) {
+            if ( field.getModifiers() == Modifier.STATIC) {
+                return true;
+            }
+        }
+        return false;
+    }
 }

src/share/classes/sun/security/jgss/GSSCaller.java

@@ -31,10 +31,19 @@ package sun.security.jgss;
  * different callers.
  */
 public class GSSCaller {
-    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller();
-    public static final GSSCaller CALLER_INITIATE = new GSSCaller();
-    public static final GSSCaller CALLER_ACCEPT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller();
+    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
+    public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
+    public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
+    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
+    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
+
+    private String name;
+    GSSCaller(String s) {
+        name = s;
+    }
+    @Override
+    public String toString() {
+        return "GSSCaller{" + name + '}';
+    }
 }
 

src/share/classes/sun/security/jgss/HttpCaller.java

@@ -35,6 +35,7 @@ public class HttpCaller extends GSSCaller {
     final private HttpCallerInfo hci;
 
     public HttpCaller(HttpCallerInfo hci) {
+        super("HTTP_CLIENT");
         this.hci = hci;
     }
 

src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java

@@ -96,4 +96,13 @@ public interface GSSCredentialSpi {
      * @exception GSSException may be thrown
      */
     public Oid getMechanism();
+
+    /**
+     * Impersonates another client.
+     *
+     * @param name the client to impersonate
+     * @return the new credential
+     * @exception GSSException may be thrown
+     */
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
 }