diff --git a/make/common/shared/Defs-control.gmk b/make/common/shared/Defs-control.gmk
index 13858098a463d7dd8e4e939dab5e356c0819f02d..50dd44afe0aeae34a2880826b1c34f9775d9de0c 100644
--- a/make/common/shared/Defs-control.gmk
+++ b/make/common/shared/Defs-control.gmk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,9 @@ ABS_TEMP_DIR = $(ABS_OUTPUTDIR)/tmp
dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
# The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=7
+SOURCE_LANGUAGE_VERSION=8
# The class version we want for this jdk build
-TARGET_CLASS_VERSION=7
+TARGET_CLASS_VERSION=8
# The MESSAGE, WARNING and ERROR files are used to store sanity check and
# source check messages, warnings and errors.
diff --git a/make/common/shared/Defs-java.gmk b/make/common/shared/Defs-java.gmk
index 3dba49289670f4030153f0e6eff0e7ce0f3f88fb..0d755ed97fc01475cf8f75b31d6c603f665c79e3 100644
--- a/make/common/shared/Defs-java.gmk
+++ b/make/common/shared/Defs-java.gmk
@@ -143,12 +143,12 @@ ifeq ($(wildcard $(SHARE_SRC)/classes/javax/crypto/Cipher.java),)
endif
# Add the source level
-SOURCE_LANGUAGE_VERSION = 7
+SOURCE_LANGUAGE_VERSION = 8
LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
JAVACFLAGS += $(LANGUAGE_VERSION)
# Add the class version we want
-TARGET_CLASS_VERSION = 7
+TARGET_CLASS_VERSION = 8
CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
JAVACFLAGS += $(CLASS_VERSION)
JAVACFLAGS += -encoding ascii
diff --git a/make/java/invoke/Makefile b/make/java/invoke/Makefile
index 93b1f46f5d3542e9702d1ecb9371bdcedefb37ad..1bdbd9acc6340af79649c0875a75a0e3b8a07e58 100644
--- a/make/java/invoke/Makefile
+++ b/make/java/invoke/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@ FILES_java = \
# The sources built here use new language syntax to generate
# method handle calls. Let's be sure we are using that format.
-LANGUAGE_VERSION = -source 7
-CLASS_VERSION = -target 7
+LANGUAGE_VERSION = -source 8
+CLASS_VERSION = -target 8
include $(BUILDDIR)/common/Classes.gmk
diff --git a/make/sun/javazic/tzdata/VERSION b/make/sun/javazic/tzdata/VERSION
index 80cedce6711dbc1b509f3e88ecf059b43485dde3..85db871ccf31919828a5cd032b0e01e766eed712 100644
--- a/make/sun/javazic/tzdata/VERSION
+++ b/make/sun/javazic/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2012c
+tzdata2012i
diff --git a/make/sun/javazic/tzdata/africa b/make/sun/javazic/tzdata/africa
index 74c886175c23205f9a2029e2c7c501466a957d10..7db9b3d269d705aa6cba636c6ede09b073da229e 100644
--- a/make/sun/javazic/tzdata/africa
+++ b/make/sun/javazic/tzdata/africa
@@ -260,7 +260,7 @@ Rule Egypt 2006 only - Sep 21 23:00s 0 -
# I received a mail from an airline which says that the daylight
# saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
# From Jesper Norgaard Welen (2007-08-15): [The following agree:]
-# http://www.nentjes.info/Bill/bill5.htm
+# http://www.nentjes.info/Bill/bill5.htm
# http://www.timeanddate.com/worldclock/city.html?n=53
# From Steffen Thorsen (2007-09-04): The official information...:
# http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@@ -314,18 +314,18 @@ Rule Egypt 2007 only - Sep Thu>=1 23:00s 0 -
# in September.
# From Steffen Thorsen (2009-08-11):
-# We have been able to confirm the August change with the Egyptian Cabinet
+# We have been able to confirm the August change with the Egyptian Cabinet
# Information and Decision Support Center:
#
# http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
#
-#
+#
# The Middle East News Agency
#
# http://www.mena.org.eg/index.aspx
#
# also reports "Egypt starts winter time on August 21"
-# today in article numbered "71, 11/08/2009 12:25 GMT."
+# today in article numbered "71, 11/08/2009 12:25 GMT."
# Only the title above is available without a subscription to their service,
# and can be found by searching for "winter" in their search engine
# (at least today).
@@ -504,7 +504,7 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
# From Steffen Thorsen (2008-06-25):
# Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
# basis....
-# It seems that Mauritius observed daylight saving time from 1982-10-10 to
+# It seems that Mauritius observed daylight saving time from 1982-10-10 to
# 1983-03-20 as well, but that was not successful....
# http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
@@ -528,12 +528,12 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
# than previously announced (2008-11-01 to 2009-03-31). The new start
# date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
# given, but it is probably at either 2 or 3 wall clock time).
-#
-# A little strange though, since the article says that they moved the date
-# to align itself with Europe and USA which also change time on that date,
-# but that means they have not paid attention to what happened in
-# USA/Canada last year (DST ends first Sunday in November). I also wonder
-# why that they end on a Friday, instead of aligning with Europe which
+#
+# A little strange though, since the article says that they moved the date
+# to align itself with Europe and USA which also change time on that date,
+# but that means they have not paid attention to what happened in
+# USA/Canada last year (DST ends first Sunday in November). I also wonder
+# why that they end on a Friday, instead of aligning with Europe which
# changes two days later.
# From Alex Krivenyshev (2008-07-11):
@@ -592,7 +592,7 @@ Zone Africa/Nouakchott -1:03:48 - LMT 1912
#
# From Arthur David Olson (2009-07-11):
-# The "mauritius-dst-will-not-repeat" wrapup includes this:
+# The "mauritius-dst-will-not-repeat" wrapup includes this:
# "The trial ended on March 29, 2009, when the clocks moved back by one hour
# at 2am (or 02:00) local time..."
@@ -686,8 +686,8 @@ Zone Indian/Mayotte 3:00:56 - LMT 1911 Jul # Mamoutzou
# XXX--guess that it is only Morocco for now; guess only 2008 for now.
# From Steffen Thorsen (2008-08-27):
-# Morocco will change the clocks back on the midnight between August 31
-# and September 1. They originally planned to observe DST to near the end
+# Morocco will change the clocks back on the midnight between August 31
+# and September 1. They originally planned to observe DST to near the end
# of September:
#
# One article about it (in French):
@@ -821,6 +821,23 @@ Zone Indian/Mayotte 3:00:56 - LMT 1911 Jul # Mamoutzou
# "...à partir du dernier dimance d'avril et non fins mars,
# comme annoncé précédemment."
+# From Milamber Space Network (2012-07-17):
+# The official return to GMT is announced by the Moroccan government:
+#
+# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
+#
+#
+# Google translation, lightly edited:
+# Back to the standard time of the Kingdom (GMT)
+# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
+# 2012) and in accordance with the order of Mr. President of the
+# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
+# of Public Service and Administration Modernization announces the return
+# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
+# Monday, August 20, 2012. So the time will be delayed by 60 minutes from
+# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
+# August 20, 2012 from 2:00 am.
+
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Morocco 1939 only - Sep 12 0:00 1:00 S
@@ -848,6 +865,8 @@ Rule Morocco 2011 only - Apr 3 0:00 1:00 S
Rule Morocco 2011 only - Jul 31 0 0 -
Rule Morocco 2012 max - Apr lastSun 2:00 1:00 S
Rule Morocco 2012 max - Sep lastSun 3:00 0 -
+Rule Morocco 2012 only - Jul 20 3:00 0 -
+Rule Morocco 2012 only - Aug 20 2:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
@@ -876,7 +895,7 @@ Zone Africa/Maputo 2:10:20 - LMT 1903 Mar
# Forecasting Riaan van Zyl explained that the far eastern parts of
# the country are close to 40 minutes earlier in sunrise than the rest
# of the country.
-#
+#
# From Paul Eggert (2007-03-31):
# Apparently the Caprivi Strip informally observes Botswana time, but
# we have no details. In the meantime people there can use Africa/Gaborone.
diff --git a/make/sun/javazic/tzdata/asia b/make/sun/javazic/tzdata/asia
index ccf7945c05e345c6f08e11b8a86975522c6a393f..9ef3ef8df5405dd9bb987386b0136db84edb79c2 100644
--- a/make/sun/javazic/tzdata/asia
+++ b/make/sun/javazic/tzdata/asia
@@ -124,7 +124,7 @@ Zone Asia/Kabul 4:36:48 - LMT 1890
# From Alexander Krivenyshev (2012-02-10):
# According to News Armenia, on Feb 9, 2012,
# http://newsarmenia.ru/society/20120209/42609695.html
-#
+#
# The Armenia National Assembly adopted final reading of Amendments to the
# Law "On procedure of calculation time on the territory of the Republic of
# Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@@ -204,15 +204,15 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
#
# From A. N. M. Kamrus Saadat (2009-06-15):
-# Finally we've got the official mail regarding DST start time where DST start
-# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
-# Telecommunication Regulatory Commission).
+# Finally we've got the official mail regarding DST start time where DST start
+# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
+# Telecommunication Regulatory Commission).
#
# No DST end date has been announced yet.
# From Alexander Krivenyshev (2009-09-25):
-# Bangladesh won't go back to Standard Time from October 1, 2009,
-# instead it will continue DST measure till the cabinet makes a fresh decision.
+# Bangladesh won't go back to Standard Time from October 1, 2009,
+# instead it will continue DST measure till the cabinet makes a fresh decision.
#
# Following report by same newspaper-"The Daily Star Friday":
# "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@@ -226,8 +226,8 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
# From Steffen Thorsen (2009-10-13):
# IANS (Indo-Asian News Service) now reports:
-# Bangladesh has decided that the clock advanced by an hour to make
-# maximum use of daylight hours as an energy saving measure would
+# Bangladesh has decided that the clock advanced by an hour to make
+# maximum use of daylight hours as an energy saving measure would
# "continue for an indefinite period."
#
# One of many places where it is published:
@@ -255,7 +255,7 @@ Zone Asia/Bahrain 3:22:20 - LMT 1920 # Al Manamah
# From Alexander Krivenyshev (2010-03-22):
# According to Bangladesh newspaper "The Daily Star,"
-# Cabinet cancels Daylight Saving Time
+# Cabinet cancels Daylight Saving Time
#
# http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
#
@@ -383,11 +383,11 @@ Rule PRC 1987 1991 - Apr Sun>=10 0:00 1:00 D
# observing daylight saving time in 1986.
#
# From Thomas S. Mullaney (2008-02-11):
-# I think you're combining two subjects that need to treated
-# separately: daylight savings (which, you're correct, wasn't
-# implemented until the 1980s) and the unified time zone centered near
-# Beijing (which was implemented in 1949). Briefly, there was also a
-# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
+# I think you're combining two subjects that need to treated
+# separately: daylight savings (which, you're correct, wasn't
+# implemented until the 1980s) and the unified time zone centered near
+# Beijing (which was implemented in 1949). Briefly, there was also a
+# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
# ceased, and the second eventually recognized (again, in the 1980s).
#
# From Paul Eggert (2008-06-30):
@@ -524,7 +524,7 @@ Zone Asia/Kashgar 5:03:56 - LMT 1928 # or Kashi or Kaxgar
# as of 2009-10-28:
# Year Period
# 1941 1 Apr to 30 Sep
-# 1942 Whole year
+# 1942 Whole year
# 1943 Whole year
# 1944 Whole year
# 1945 Whole year
@@ -615,16 +615,16 @@ Zone Asia/Hong_Kong 7:36:36 - LMT 1904 Oct 30
# From Arthur David Olson (2010-04-07):
# Here's Google's translation of the table at the bottom of the "summert.htm" page:
# Decade Name Start and end date
-# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
-# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
-# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
-# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
-# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
-# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
-# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
-# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
-# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
-# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
+# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
+# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
+# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
+# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
+# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
+# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
+# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
+# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
+# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
+# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
# Republic of China since 69 years (AD 1980) Stop Daylight Saving Time
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -1193,15 +1193,15 @@ Rule Zion 2004 only - Sep 22 1:00 0 S
#
# ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
-# From Paul Eggert (2005-02-22):
+# From Paul Eggert (2012-10-26):
# I used Ephraim Silverberg's dst-israel.el program
# (2005-02-20)
# along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
-# to generate the transitions in this list.
+# to generate the transitions from 2005 through 2012.
# (I replaced "lastFri" with "Fri>=26" by hand.)
-# The spring transitions below all correspond to the following Rule:
+# The spring transitions all correspond to the following Rule:
#
-# Rule Zion 2005 max - Mar Fri>=26 2:00 1:00 D
+# Rule Zion 2005 2012 - Mar Fri>=26 2:00 1:00 D
#
# but older zic implementations (e.g., Solaris 8) do not support
# "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@@ -1218,39 +1218,36 @@ Rule Zion 2009 only - Sep 27 2:00 0 S
Rule Zion 2010 only - Sep 12 2:00 0 S
Rule Zion 2011 only - Apr 1 2:00 1:00 D
Rule Zion 2011 only - Oct 2 2:00 0 S
-Rule Zion 2012 2015 - Mar Fri>=26 2:00 1:00 D
+Rule Zion 2012 only - Mar Fri>=26 2:00 1:00 D
Rule Zion 2012 only - Sep 23 2:00 0 S
-Rule Zion 2013 only - Sep 8 2:00 0 S
-Rule Zion 2014 only - Sep 28 2:00 0 S
-Rule Zion 2015 only - Sep 20 2:00 0 S
-Rule Zion 2016 only - Apr 1 2:00 1:00 D
-Rule Zion 2016 only - Oct 9 2:00 0 S
-Rule Zion 2017 2021 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2017 only - Sep 24 2:00 0 S
-Rule Zion 2018 only - Sep 16 2:00 0 S
-Rule Zion 2019 only - Oct 6 2:00 0 S
-Rule Zion 2020 only - Sep 27 2:00 0 S
-Rule Zion 2021 only - Sep 12 2:00 0 S
-Rule Zion 2022 only - Apr 1 2:00 1:00 D
-Rule Zion 2022 only - Oct 2 2:00 0 S
-Rule Zion 2023 2032 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2023 only - Sep 24 2:00 0 S
-Rule Zion 2024 only - Oct 6 2:00 0 S
-Rule Zion 2025 only - Sep 28 2:00 0 S
-Rule Zion 2026 only - Sep 20 2:00 0 S
-Rule Zion 2027 only - Oct 10 2:00 0 S
-Rule Zion 2028 only - Sep 24 2:00 0 S
-Rule Zion 2029 only - Sep 16 2:00 0 S
-Rule Zion 2030 only - Oct 6 2:00 0 S
-Rule Zion 2031 only - Sep 21 2:00 0 S
-Rule Zion 2032 only - Sep 12 2:00 0 S
-Rule Zion 2033 only - Apr 1 2:00 1:00 D
-Rule Zion 2033 only - Oct 2 2:00 0 S
-Rule Zion 2034 2037 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2034 only - Sep 17 2:00 0 S
-Rule Zion 2035 only - Oct 7 2:00 0 S
-Rule Zion 2036 only - Sep 28 2:00 0 S
-Rule Zion 2037 only - Sep 13 2:00 0 S
+
+# From Ephraim Silverberg (2012-10-18):
+
+# Yesterday, the Interior Ministry Committee, after more than a year
+# past, approved sending the proposed June 2011 changes to the Time
+# Decree Law back to the Knesset for second and third (final) votes
+# before the upcoming elections on Jan. 22, 2013. Hence, although the
+# changes are not yet law, they are expected to be so before February 2013.
+#
+# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
+# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
+# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
+# later (i.e. at 02:00 the first Monday after October 2).
+# [Rosh Hashana holidays are factored in until 2100.]
+
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Zion 2013 max - Mar Fri>=23 2:00 1:00 D
+Rule Zion 2013 2026 - Oct Sun>=2 2:00 0 S
+Rule Zion 2027 only - Oct Mon>=3 2:00 0 S
+Rule Zion 2028 max - Oct Sun>=2 2:00 0 S
+# The following rules are commented out for now, as they break older
+# versions of zic that support only signed 32-bit timestamps, i.e.,
+# through 2038-01-19 03:14:07 UTC.
+#Rule Zion 2028 2053 - Oct Sun>=2 2:00 0 S
+#Rule Zion 2054 only - Oct Mon>=3 2:00 0 S
+#Rule Zion 2055 2080 - Oct Sun>=2 2:00 0 S
+#Rule Zion 2081 only - Oct Mon>=3 2:00 0 S
+#Rule Zion 2082 max - Oct Sun>=2 2:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Jerusalem 2:20:56 - LMT 1880
@@ -1385,6 +1382,16 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u
# From Arthur David Olson (2009-04-06):
# We still have Jordan switching to DST on Thursdays in 2000 and 2001.
+# From Steffen Thorsen (2012-10-25):
+# Yesterday the government in Jordan announced that they will not
+# switch back to standard time this winter, so the will stay on DST
+# until about the same time next year (at least).
+# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
+#
+# From Paul Eggert (2012-10-25):
+# For now, assume this is just a one-year measure. If it becomes
+# permanent, we should move Jordan from EET to AST effective tomorrow.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Jordan 1973 only - Jun 6 0:00 1:00 S
Rule Jordan 1973 1975 - Oct 1 0:00 0 -
@@ -1413,7 +1420,8 @@ Rule Jordan 2002 max - Mar lastThu 24:00 1:00 S
Rule Jordan 2003 only - Oct 24 0:00s 0 -
Rule Jordan 2004 only - Oct 15 0:00s 0 -
Rule Jordan 2005 only - Sep lastFri 0:00s 0 -
-Rule Jordan 2006 max - Oct lastFri 0:00s 0 -
+Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 -
+Rule Jordan 2013 max - Oct lastFri 0:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Amman 2:23:44 - LMT 1931
2:00 Jordan EE%sT
@@ -1858,15 +1866,15 @@ Zone Asia/Muscat 3:54:20 - LMT 1920
# shown 8 per cent higher consumption of electricity.
# From Alex Krivenyshev (2008-05-15):
-#
-# Here is an article that Pakistan plan to introduce Daylight Saving Time
+#
+# Here is an article that Pakistan plan to introduce Daylight Saving Time
# on June 1, 2008 for 3 months.
-#
-# "... The federal cabinet on Wednesday announced a new conservation plan to help
-# reduce load shedding by approving the closure of commercial centres at 9pm and
-# moving clocks forward by one hour for the next three months.
+#
+# "... The federal cabinet on Wednesday announced a new conservation plan to help
+# reduce load shedding by approving the closure of commercial centres at 9pm and
+# moving clocks forward by one hour for the next three months.
# ...."
-#
+#
#
# http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
#
@@ -1926,7 +1934,7 @@ Zone Asia/Muscat 3:54:20 - LMT 1920
# Government has decided to restore the previous time by moving the
# clocks backward by one hour from October 1. A formal announcement to
# this effect will be made after the Prime Minister grants approval in
-# this regard."
+# this regard."
#
# http://www.thenews.com.pk/updates.asp?id=87168
#
@@ -2222,7 +2230,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
#
# http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
#
-# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
+# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
# Gaza and the West Bank.
# Some more background info:
#
@@ -2261,7 +2269,7 @@ Zone Asia/Karachi 4:28:12 - LMT 1907
# The rules for Egypt are stolen from the `africa' file.
# From Steffen Thorsen (2011-09-30):
-# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
# 00:00).
# So West Bank and Gaza now have the same time again.
#
@@ -2316,6 +2324,8 @@ Rule Palestine 2010 only - Aug 11 0:00 0 -
# From Arthur David Olson (2011-09-20):
# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+# From Paul Eggert (2012-10-12):
+# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
@@ -2326,7 +2336,7 @@ Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
2:00 Palestine EE%sT 2011 Apr 2 12:01
2:00 1:00 EEST 2011 Aug 1
2:00 - EET 2012 Mar 30
- 2:00 1:00 EEST 2012 Sep 28
+ 2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
@@ -2341,7 +2351,7 @@ Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
2:00 - EET 2011 Aug 30
2:00 1:00 EEST 2011 Sep 30 3:00
2:00 - EET 2012 Mar 30
- 2:00 1:00 EEST 2012 Sep 28 3:00
+ 2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
# Paracel Is
@@ -2535,19 +2545,19 @@ Rule Syria 2007 only - Mar lastFri 0:00 1:00 S
# having it between Wednesday and Thursday (two workdays in Syria) since the
# weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
# it is implemented at midnight of the last workday before weekend...
-#
+#
# From Steffen Thorsen (2007-10-27):
# Jesper Norgaard Welen wrote:
-#
+#
# > "Winter local time in Syria will be observed at midnight of Thursday 1
# > November 2007, and the clock will be put back 1 hour."
-#
+#
# I found confirmation on this in this gov.sy-article (Arabic):
# http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
-#
+#
# which using Google's translate tools says:
-# Council of Ministers also approved the commencement of work on
-# identifying the winter time as of Friday, 2/11/2007 where the 60th
+# Council of Ministers also approved the commencement of work on
+# identifying the winter time as of Friday, 2/11/2007 where the 60th
# minute delay at midnight Thursday 1/11/2007.
Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
@@ -2613,8 +2623,8 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
#
# From Steffen Thorsen (2009-10-27):
-# The Syrian Arab News Network on 2009-09-29 reported that Syria will
-# revert back to winter (standard) time on midnight between Thursday
+# The Syrian Arab News Network on 2009-09-29 reported that Syria will
+# revert back to winter (standard) time on midnight between Thursday
# 2009-10-29 and Friday 2009-10-30:
#
# http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)
diff --git a/make/sun/javazic/tzdata/australasia b/make/sun/javazic/tzdata/australasia
index 3a63e2dd13310fc7472cce7de1a6a500f3d20925..7f83448f3fba17ddce19294fd94741f567290672 100644
--- a/make/sun/javazic/tzdata/australasia
+++ b/make/sun/javazic/tzdata/australasia
@@ -306,9 +306,9 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
#
# From Alexander Krivenyshev (2010-10-24):
-# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
+# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
# weeks earlier than expected - on March 6, 2011, not March 27, 2011...
-# Here is confirmation from Government of the Republic of the Fiji Islands,
+# Here is confirmation from Government of the Republic of the Fiji Islands,
# Ministry of Information (fiji.gov.fj) web site:
#
# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@@ -319,15 +319,15 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
#
# From Steffen Thorsen (2011-10-03):
-# Now the dates have been confirmed, and at least our start date
+# Now the dates have been confirmed, and at least our start date
# assumption was correct (end date was one week wrong).
#
#
# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
#
# which says
-# Members of the public are reminded to change their time to one hour in
-# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
# 2am on February 26 next year.
# From Ken Rylander (2011-10-24)
@@ -344,15 +344,23 @@ Zone Indian/Cocos 6:27:40 - LMT 1900
# The commencement of daylight saving will remain unchanged and start
# on the 23rd of October, 2011.
+# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
+# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
+# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
+# October 2012 and end at 3 am on Sunday 20th January 2013.
+# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
+#
+# From Paul Eggert (2012-08-31):
+# For now, guess a pattern of the penultimate Sundays in October and January.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
Rule Fiji 2009 only - Nov 29 2:00 1:00 S
Rule Fiji 2010 only - Mar lastSun 3:00 0 -
-Rule Fiji 2010 only - Oct 24 2:00 1:00 S
+Rule Fiji 2010 max - Oct Sun>=18 2:00 1:00 S
Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
-Rule Fiji 2011 only - Oct 23 2:00 1:00 S
-Rule Fiji 2012 only - Jan 22 3:00 0 -
+Rule Fiji 2012 max - Jan Sun>=18 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
12:00 Fiji FJ%sT # Fiji Time
@@ -581,7 +589,7 @@ Zone Pacific/Pago_Pago 12:37:12 - LMT 1879 Jul 5
# From David Zuelke (2011-05-09):
# Subject: Samoa to move timezone from east to west of international date line
-#
+#
#
# http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
#
@@ -643,6 +651,23 @@ Zone Pacific/Pago_Pago 12:37:12 - LMT 1879 Jul 5
# Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
# seasons, there is not yet any indication that this trend will continue on
# a regular basis. For now, we have explicitly listed the transitions below.
+#
+# From Nicky (2012-09-10):
+# Daylight Saving Time commences on Sunday 30th September 2012 and
+# ends on Sunday 7th of April 2013.
+#
+# Please find link below for more information.
+# http://www.mcil.gov.ws/mcil_publications.html
+#
+# That publication also includes dates for Summer of 2013/4 as well
+# which give the impression of a pattern in selecting dates for the
+# future, so for now, we will guess this will continue.
+
+# Western Samoa
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule WS 2012 max - Sep lastSun 3:00 1 D
+Rule WS 2012 max - Apr Sun>=1 4:00 0 -
+# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5
-11:26:56 - LMT 1911
-11:30 - SAMT 1950 # Samoa Time
@@ -650,8 +675,8 @@ Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5
-11:00 1:00 WSDT 2011 Apr 2 4:00
-11:00 - WST 2011 Sep 24 3:00
-11:00 1:00 WSDT 2011 Dec 30
- 13:00 1:00 WSDT 2012 Apr 1 4:00
- 13:00 - WST
+ 13:00 1:00 WSDT 2012 Apr Sun>=1 4:00
+ 13:00 WS WS%sT
# Solomon Is
# excludes Bougainville, for which see Papua New Guinea
@@ -663,25 +688,25 @@ Zone Pacific/Guadalcanal 10:39:48 - LMT 1912 Oct # Honiara
#
# From Gwillim Law (2011-12-29)
# A correspondent informed me that Tokelau, like Samoa, will be skipping
-# December 31 this year, thereby changing its time zone from UTC-10 to
-# UTC+14. When I tried to verify this statement, I found a confirming
-# article in Time magazine online
-#
-# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
-#
+# December 31 this year ...
#
-# From Jonathan Leffler (2011-12-29)
-# Information from the BBC to the same effect:
-#
-# http://www.bbc.co.uk/news/world-asia-16351377
-#
+# From Steffen Thorsen (2012-07-25)
+# ... we double checked by calling hotels and offices based in Tokelau asking
+# about the time there, and they all told a time that agrees with UTC+13....
+# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
+# actually was to UTC-11 back then.
#
-# Patch supplied by Tim Parenti (2011-12-29)
+# From Paul Eggert (2012-07-25)
+# A Google Books snippet of Appendix to the Journals of the House of
+# Representatives of New Zealand, Session 1948,
+# , page 65, says Tokelau
+# was "11 hours slow on G.M.T." Go with Thorsen and assume Shanks & Pottenger
+# are off by an hour starting in 1901.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fakaofo -11:24:56 - LMT 1901
- -10:00 - TKT 2011 Dec 30 # Tokelau Time
- 14:00 - TKT
+ -11:00 - TKT 2011 Dec 30 # Tokelau Time
+ 13:00 - TKT
# Tonga
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -1362,22 +1387,22 @@ Zone Pacific/Wallis 12:15:20 - LMT 1901
# See "southeast Australia" above for 2008 and later.
# From Steffen Thorsen (2009-04-28):
-# According to the official press release, South Australia's extended daylight
-# saving period will continue with the same rules as used during the 2008-2009
+# According to the official press release, South Australia's extended daylight
+# saving period will continue with the same rules as used during the 2008-2009
# summer (southern hemisphere).
-#
+#
# From
#
# http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
#
-# The extended daylight saving period that South Australia has been trialling
+# The extended daylight saving period that South Australia has been trialling
# for over the last year is now set to be ongoing.
-# Daylight saving will continue to start on the first Sunday in October each
+# Daylight saving will continue to start on the first Sunday in October each
# year and finish on the first Sunday in April the following year.
-# Industrial Relations Minister, Paul Caica, says this provides South Australia
-# with a consistent half hour time difference with NSW, Victoria, Tasmania and
+# Industrial Relations Minister, Paul Caica, says this provides South Australia
+# with a consistent half hour time difference with NSW, Victoria, Tasmania and
# the ACT for all 52 weeks of the year...
-#
+#
# We have a wrap-up here:
#
# http://www.timeanddate.com/news/time/south-australia-extends-dst.html
diff --git a/make/sun/javazic/tzdata/europe b/make/sun/javazic/tzdata/europe
index 55714aa9a4c205898712891f6e54356881b2f16b..9a0d0b9db9493129aa61582d8e9a22be92609510 100644
--- a/make/sun/javazic/tzdata/europe
+++ b/make/sun/javazic/tzdata/europe
@@ -597,12 +597,12 @@ Rule Russia 1996 2010 - Oct lastSun 2:00s 0 -
# According to Kremlin press service, Russian President Dmitry Medvedev
# signed a federal law "On calculation of time" on June 9, 2011.
# According to the law Russia is abolishing daylight saving time.
-#
-# Medvedev signed a law "On the Calculation of Time" (in russian):
+#
+# Medvedev signed a law "On the Calculation of Time" (in russian):
#
# http://bmockbe.ru/events/?ID=7583
#
-#
+#
# Medvedev signed a law on the calculation of the time (in russian):
#
# http://www.regnum.ru/news/polit/1413906.html
@@ -1710,7 +1710,7 @@ Zone Europe/Malta 0:58:04 - LMT 1893 Nov 2 0:00s # Valletta
# From Alexander Krivenyshev (2011-10-26)
# NO need to divide Moldova into two timezones at this point.
# As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
-# decision to abolish DST this winter.
+# decision to abolish DST this winter.
# Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
# Tiraspol will go back to winter time on October 30, 2011.
# News from Moldova (in russian):
@@ -2600,11 +2600,11 @@ Zone Europe/Zurich 0:34:08 - LMT 1848 Sep 12
# http://www.alomaliye.com/bkk_2002_3769.htm
# From Gökdeniz Karadağ (2011-03-10):
-#
+#
# According to the articles linked below, Turkey will change into summer
# time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
# This change is due to a nationwide exam on 27th.
-#
+#
#
# http://www.worldbulletin.net/?aType=haber&ArticleID=70872
#
@@ -2721,7 +2721,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents.
# time this year after all.
#
# From Udo Schwedt (2011-10-18):
-# As far as I understand, the recent change to the Ukranian time zone
+# As far as I understand, the recent change to the Ukranian time zone
# (Europe/Kiev) to introduce permanent daylight saving time (similar
# to Russia) was reverted today:
#
diff --git a/make/sun/javazic/tzdata/leapseconds b/make/sun/javazic/tzdata/leapseconds
index f8902f7486d739d5bcd6721a9db4247f9b2e8a91..ab6720ded58c9f2e86155bbc458e14830dbb4cf7 100644
--- a/make/sun/javazic/tzdata/leapseconds
+++ b/make/sun/javazic/tzdata/leapseconds
@@ -100,8 +100,8 @@ Leap 2012 Jun 30 23:59:60 + S
#
#
# A positive leap second will be introduced at the end of June 2012.
-# The sequence of dates of the UTC second markers will be:
-#
+# The sequence of dates of the UTC second markers will be:
+#
# 2012 June 30, 23h 59m 59s
# 2012 June 30, 23h 59m 60s
# 2012 July 1, 0h 0m 0s
@@ -118,6 +118,6 @@ Leap 2012 Jun 30 23:59:60 + S
#
#
# Daniel GAMBIS
-# Head
+# Head
# Earth Orientation Center of IERS
# Observatoire de Paris, France
diff --git a/make/sun/javazic/tzdata/northamerica b/make/sun/javazic/tzdata/northamerica
index 2b94d0588f187be85e45df8df898997c9449498a..c3033267404018c90b67dc390137aaac4a82ffe2 100644
--- a/make/sun/javazic/tzdata/northamerica
+++ b/make/sun/javazic/tzdata/northamerica
@@ -501,7 +501,7 @@ Zone America/Juneau 15:02:19 - LMT 1867 Oct 18
-8:00 US P%sT 1946
-8:00 - PST 1969
-8:00 US P%sT 1980 Apr 27 2:00
- -9:00 US Y%sT 1980 Oct 26 2:00
+ -9:00 US Y%sT 1980 Oct 26 2:00
-8:00 US P%sT 1983 Oct 30 2:00
-9:00 US Y%sT 1983 Nov 30
-9:00 US AK%sT
@@ -1866,7 +1866,7 @@ Zone America/Edmonton -7:33:52 - LMT 1906 Sep
# Here is a summary of the three clock change events in Creston's history:
# 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
# Exact date unknown
-# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
+# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
# Exact date in October unknown; Sunday October 1 is a reasonable guess.
# 3. June 1918: switch to Pacific Daylight Time (GMT-7)
# Exact date in June unknown; Sunday June 2 is a reasonable guess.
@@ -2696,20 +2696,20 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# except that it switches at midnight standard time as usual.
#
# From Steffen Thorsen (2007-10-25):
-# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
+# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
# earlier - on the last Sunday of October, just like in 2006.
-#
+#
# He supplied these references:
-#
+#
# http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
# http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
-#
+#
# From Alex Kryvenishev (2007-10-25):
# Here is also article from Granma (Cuba):
-#
+#
# [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
# http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
-#
+#
# http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
# From Arthur David Olson (2008-03-09):
@@ -2793,7 +2793,7 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
#
#
# From Steffen Thorsen (2011-10-30)
-# Cuba will end DST two weeks later this year. Instead of going back
+# Cuba will end DST two weeks later this year. Instead of going back
# tonight, it has been delayed to 2011-11-13 at 01:00.
#
# One source (Spanish)
@@ -2805,11 +2805,11 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
#
# http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
#
-#
+#
# From Steffen Thorsen (2012-03-01)
-# According to Radio Reloj, Cuba will start DST on Midnight between March
+# According to Radio Reloj, Cuba will start DST on Midnight between March
# 31 and April 1.
-#
+#
# Radio Reloj has the following info (Spanish):
#
# http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@@ -2820,6 +2820,13 @@ Zone America/Costa_Rica -5:36:20 - LMT 1890 # San Jose
# http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
#
+# From Steffen Thorsen (2012-11-03):
+# Radio Reloj and many other sources report that Cuba is changing back
+# to standard time on 2012-11-04:
+# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
+# From Paul Eggert (2012-11-03):
+# For now, assume the future rule is first Sunday in November.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Cuba 1928 only - Jun 10 0:00 1:00 D
Rule Cuba 1928 only - Oct 10 0:00 0 S
@@ -2857,7 +2864,7 @@ Rule Cuba 2009 2010 - Mar Sun>=8 0:00s 1:00 D
Rule Cuba 2011 only - Mar Sun>=15 0:00s 1:00 D
Rule Cuba 2011 only - Nov 13 0:00s 0 S
Rule Cuba 2012 only - Apr 1 0:00s 1:00 D
-Rule Cuba 2012 max - Oct lastSun 0:00s 0 S
+Rule Cuba 2012 max - Nov Sun>=1 0:00s 0 S
Rule Cuba 2013 max - Mar Sun>=8 0:00s 1:00 D
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/make/sun/javazic/tzdata/southamerica b/make/sun/javazic/tzdata/southamerica
index dd746f3cbebc6c05924ab75129eaff9d552bd1fa..0d6797eab6b9c684c8131eba99daa358e08e51ad 100644
--- a/make/sun/javazic/tzdata/southamerica
+++ b/make/sun/javazic/tzdata/southamerica
@@ -254,7 +254,7 @@ Rule Arg 2000 only - Mar 3 0:00 0 -
Rule Arg 2007 only - Dec 30 0:00 1:00 S
Rule Arg 2008 2009 - Mar Sun>=15 0:00 0 -
Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
-
+
# From Mariano Absatz (2004-05-21):
# Today it was officially published that the Province of Mendoza is changing
# its timezone this winter... starting tomorrow night....
@@ -344,9 +344,9 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
# confirms what Alex Krivenyshev has earlier sent to the tz
# emailing list about that San Luis plans to return to standard
# time much earlier than the rest of the country. It also
-# confirms that upon request the provinces San Juan and Mendoza
-# refused to follow San Luis in this change.
-#
+# confirms that upon request the provinces San Juan and Mendoza
+# refused to follow San Luis in this change.
+#
# The change is supposed to take place Monday the 21.st at 0:00
# hours. As far as I understand it if this goes ahead, we need
# a new timezone for San Luis (although there are also documented
@@ -408,7 +408,7 @@ Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
#
# http://www.lanacion.com.ar/nota.asp?nota_id=1107912
#
-#
+#
# The press release says:
# (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
# atrasar una hora sus relojes.
@@ -822,8 +822,8 @@ Zone America/La_Paz -4:32:36 - LMT 1890
#
# From Alexander Krivenyshev (2011-10-04):
# State Bahia will return to Daylight savings time this year after 8 years off.
-# The announcement was made by Governor Jaques Wagner in an interview to a
-# television station in Salvador.
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
# In Portuguese:
#
@@ -852,6 +852,15 @@ Zone America/La_Paz -4:32:36 - LMT 1890
# http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
#
+# From Kelley Cook (2012-10-16):
+# The governor of state of Bahia in Brazil announced on Thursday that
+# due to public pressure, he is reversing the DST policy they implemented
+# last year and will not be going to Summer Time on October 21st....
+# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
+
+# From Rodrigo Severo (2012-10-16):
+# Tocantins state will have DST.
+# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
# Decree 20,466 (1931-10-01)
@@ -1071,7 +1080,8 @@ Zone America/Araguaina -3:12:48 - LMT 1914
-3:00 Brazil BR%sT 1990 Sep 17
-3:00 - BRT 1995 Sep 14
-3:00 Brazil BR%sT 2003 Sep 24
- -3:00 - BRT
+ -3:00 - BRT 2012 Oct 21
+ -3:00 Brazil BR%sT
#
# Alagoas (AL), Sergipe (SE)
Zone America/Maceio -2:22:52 - LMT 1914
@@ -1090,7 +1100,8 @@ Zone America/Maceio -2:22:52 - LMT 1914
Zone America/Bahia -2:34:04 - LMT 1914
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT 2011 Oct 16
- -3:00 Brazil BR%sT
+ -3:00 Brazil BR%sT 2012 Oct 21
+ -3:00 - BRT
#
# Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
# Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@@ -1182,7 +1193,7 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914
# Due to drought, Chile extends Daylight Time in three weeks. This
# is one-time change (Saturday 3/29 at 24:00 for America/Santiago
# and Saturday 3/29 at 22:00 for Pacific/Easter)
-# The Supreme Decree is located at
+# The Supreme Decree is located at
#
# http://www.shoa.cl/servicios/supremo316.pdf
#
@@ -1193,7 +1204,7 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914
# From Jose Miguel Garrido (2008-03-05):
# ...
-# You could see the announces of the change on
+# You could see the announces of the change on
#
# http://www.shoa.cl/noticias/2008/04hora/hora.htm
# .
diff --git a/make/tools/GenerateCharacter/CharacterData01.java.template b/make/tools/GenerateCharacter/CharacterData01.java.template
index a1d2822955b31f4a82516ebb7c92e99e38254a80..44bd980ab02d305fbfea734d2db5c9d81854a1b9 100644
--- a/make/tools/GenerateCharacter/CharacterData01.java.template
+++ b/make/tools/GenerateCharacter/CharacterData01.java.template
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -311,6 +311,8 @@ class CharacterData01 extends CharacterData {
case 0x011063: retval = 90; break; // BRAHMI NUMBER NINETY
case 0x011064: retval = 100; break; // BRAHMI NUMBER ONE HUNDRED
case 0x011065: retval = 1000; break; // BRAHMI NUMBER ONE THOUSAND
+ case 0x012432: retval = 216000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
+ case 0x012433: retval = 432000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
case 0x01D36C: retval = 40; break; // COUNTING ROD TENS DIGIT FOUR
case 0x01D36D: retval = 50; break; // COUNTING ROD TENS DIGIT FIVE
case 0x01D36E: retval = 60; break; // COUNTING ROD TENS DIGIT SIX
diff --git a/make/tools/UnicodeData/PropList.txt b/make/tools/UnicodeData/PropList.txt
index f9dcb2ae74a7f678a28a49fd77e62f5aef157b8c..9ce7eec97137176e6a2986816134306a0baa7cb7 100644
--- a/make/tools/UnicodeData/PropList.txt
+++ b/make/tools/UnicodeData/PropList.txt
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
diff --git a/make/tools/UnicodeData/Scripts.txt b/make/tools/UnicodeData/Scripts.txt
index 2516f889d661edb6fe19220a63e1db70e32f8987..1a8e7229cc6cd0fa28b8cd543e41649929ba1b02 100644
--- a/make/tools/UnicodeData/Scripts.txt
+++ b/make/tools/UnicodeData/Scripts.txt
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
@@ -146,7 +146,7 @@
208A..208C ; Common # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
208D ; Common # Ps SUBSCRIPT LEFT PARENTHESIS
208E ; Common # Pe SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9 ; Common # Sc [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA ; Common # Sc [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
2100..2101 ; Common # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
2102 ; Common # L& DOUBLE-STRUCK CAPITAL C
2103..2106 ; Common # So [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@ FFFC..FFFD ; Common # So [2] OBJECT REPLACEMENT CHARACTER..REPLACEMENT CHAR
E0001 ; Common # Cf LANGUAGE TAG
E0020..E007F ; Common # Cf [96] TAG SPACE..CANCEL TAG
-# Total code points: 6412
+# Total code points: 6413
# ================================================
@@ -760,7 +760,7 @@ FB46..FB4F ; Hebrew # Lo [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATU
061E ; Arabic # Po ARABIC TRIPLE DOT PUNCTUATION MARK
0620..063F ; Arabic # Lo [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
0641..064A ; Arabic # Lo [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E ; Arabic # Mn [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F ; Arabic # Mn [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
066A..066D ; Arabic # Po [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
066E..066F ; Arabic # Lo [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
0671..06D3 ; Arabic # Lo [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@ FE76..FEFC ; Arabic # Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LA
1EEAB..1EEBB ; Arabic # Lo [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
1EEF0..1EEF1 ; Arabic # Sm [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
-# Total code points: 1234
+# Total code points: 1235
# ================================================
@@ -1477,7 +1477,6 @@ A490..A4C6 ; Yi # So [55] YI RADICAL QOT..YI RADICAL KE
0300..036F ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
0485..0486 ; Inherited # Mn [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
064B..0655 ; Inherited # Mn [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F ; Inherited # Mn ARABIC WAVY HAMZA BELOW
0670 ; Inherited # Mn ARABIC LETTER SUPERSCRIPT ALEF
0951..0952 ; Inherited # Mn [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
1CD0..1CD2 ; Inherited # Mn [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@ FE20..FE26 ; Inherited # Mn [7] COMBINING LIGATURE LEFT HALF..COMBINING CON
1D1AA..1D1AD ; Inherited # Mn [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
E0100..E01EF ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
-# Total code points: 524
+# Total code points: 523
# ================================================
diff --git a/make/tools/UnicodeData/SpecialCasing.txt b/make/tools/UnicodeData/SpecialCasing.txt
index d650b6d9dcd24012fe0526fa3a2b220618c905f1..994043f01bf28923b4690969f1a6debf0e328720 100644
--- a/make/tools/UnicodeData/SpecialCasing.txt
+++ b/make/tools/UnicodeData/SpecialCasing.txt
@@ -1,8 +1,8 @@
-# SpecialCasing-6.1.0.txt
-# Date: 2011-11-27, 05:10:51 GMT [MD]
+# SpecialCasing-6.2.0.txt
+# Date: 2012-05-23, 20:35:15 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
#
diff --git a/make/tools/UnicodeData/UnicodeData.txt b/make/tools/UnicodeData/UnicodeData.txt
index 9f204050c6bb2e587cb1c3154372b8131f9e2f28..086379eb4f34526f18ac207c7b640d60b5c66416 100644
--- a/make/tools/UnicodeData/UnicodeData.txt
+++ b/make/tools/UnicodeData/UnicodeData.txt
@@ -7190,6 +7190,7 @@
20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@@ -18703,8 +18704,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
-12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
-12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
+12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
+12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@@ -18739,8 +18740,8 @@ FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
-12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
-12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
+12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
+12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;
diff --git a/make/tools/UnicodeData/VERSION b/make/tools/UnicodeData/VERSION
index dfda3e0b4f011bb0ab65e8585ae0ba122cf8f120..6abaeb2f90723ba328101fc117a1f19e93407e47 100644
--- a/make/tools/UnicodeData/VERSION
+++ b/make/tools/UnicodeData/VERSION
@@ -1 +1 @@
-6.1.0
+6.2.0
diff --git a/makefiles/GendataTimeZone.gmk b/makefiles/GendataTimeZone.gmk
index 37520ceb377f91768331c3bfddc0d98671bb2999..dcca735b8f564690c28b5e0722de70a00752c99a 100644
--- a/makefiles/GendataTimeZone.gmk
+++ b/makefiles/GendataTimeZone.gmk
@@ -26,7 +26,7 @@
GENDATA_TIMEZONE :=
# TODO: read from make/sun/javazic/tzdata/VERSION
-GENDATA_TIMEZONE_VERSION := tzdata2012c
+GENDATA_TIMEZONE_VERSION := tzdata2012i
GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone
diff --git a/makefiles/Setup.gmk b/makefiles/Setup.gmk
index ebcf816b7c27b655c7a30e607197c521adf82fad..5ca687f5a1d7fa723865eec71d1c969d51f3c3fd 100644
--- a/makefiles/Setup.gmk
+++ b/makefiles/Setup.gmk
@@ -45,7 +45,7 @@ $(eval $(call SetupJavaCompiler,GENERATE_JDKBYTECODE,\
JVM:=$(JAVA),\
JAVAC:=$(JAVAC_JARS),\
JAVAH:=$(JAVAH_JARS),\
- FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
+ FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
diff --git a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
index b246916fde404ea6debbb8f24e4364d4d7635e65..26dd0867c951d4f06ab371321adf7bf02fab7f83 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,12 +55,25 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
static {
- validTypes = new HashSet(4);
+ validTypes = new HashSet(17);
validTypes.add("PBEWithMD5AndDES".toUpperCase());
validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
// Proprietary algorithm.
validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
+ validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
}
public static final class PBEWithMD5AndDES
@@ -84,6 +97,27 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
+ public static final class PBEWithSHA1AndRC2_128
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC2_128() {
+ super("PBEWithSHA1AndRC2_128");
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_40
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC4_40() {
+ super("PBEWithSHA1AndRC4_40");
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_128
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC4_128() {
+ super("PBEWithSHA1AndRC4_128");
+ }
+ }
+
/*
* Private proprietary algorithm for supporting JCEKS.
*/
@@ -94,6 +128,75 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
}
}
+ public static final class PBEWithHmacSHA1AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA1AndAES_128() {
+ super("PBEWithHmacSHA1AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA224AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA224AndAES_128() {
+ super("PBEWithHmacSHA224AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA256AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA256AndAES_128() {
+ super("PBEWithHmacSHA256AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA384AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA384AndAES_128() {
+ super("PBEWithHmacSHA384AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA512AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA512AndAES_128() {
+ super("PBEWithHmacSHA512AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA1AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA1AndAES_256() {
+ super("PBEWithHmacSHA1AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA224AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA224AndAES_256() {
+ super("PBEWithHmacSHA224AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA256AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA256AndAES_256() {
+ super("PBEWithHmacSHA256AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA384AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA384AndAES_256() {
+ super("PBEWithHmacSHA384AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA512AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA512AndAES_256() {
+ super("PBEWithHmacSHA512AndAES_256");
+ }
+ }
/**
* Generates a SecretKey object from the provided key
diff --git a/src/share/classes/com/sun/crypto/provider/PBEParameters.java b/src/share/classes/com/sun/crypto/provider/PBEParameters.java
index 114303fa8d3b1a1c336e0aa551268aa44a51038f..4d17f77ab13fa94572234e80b504a624acc5f76c 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,9 @@ public final class PBEParameters extends AlgorithmParametersSpi {
// the iteration count
private int iCount = 0;
+ // the cipher parameter
+ private AlgorithmParameterSpec cipherParam = null;
+
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
{
@@ -66,6 +69,7 @@ public final class PBEParameters extends AlgorithmParametersSpi {
}
this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+ this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
}
protected void engineInit(byte[] encoded)
@@ -102,7 +106,8 @@ public final class PBEParameters extends AlgorithmParametersSpi {
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
- return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
+ return paramSpec.cast(
+ new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
diff --git a/src/share/classes/com/sun/crypto/provider/PBES1Core.java b/src/share/classes/com/sun/crypto/provider/PBES1Core.java
new file mode 100644
index 0000000000000000000000000000000000000000..1e206a2dd661637b38861da65f6b9b81f1bdaf4d
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBES1Core.java
@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+final class PBES1Core {
+
+ // the encapsulated DES cipher
+ private CipherCore cipher;
+ private MessageDigest md;
+ private int blkSize;
+ private String algo = null;
+ private byte[] salt = null;
+ private int iCount = 10;
+
+ /**
+ * Creates an instance of PBE Cipher using the specified CipherSpi
+ * instance.
+ *
+ */
+ PBES1Core(String cipherAlg) throws NoSuchAlgorithmException,
+ NoSuchPaddingException {
+ algo = cipherAlg;
+ if (algo.equals("DES")) {
+ cipher = new CipherCore(new DESCrypt(),
+ DESConstants.DES_BLOCK_SIZE);
+ } else if (algo.equals("DESede")) {
+
+ cipher = new CipherCore(new DESedeCrypt(),
+ DESConstants.DES_BLOCK_SIZE);
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation " +
+ "for PBEWithMD5And" + algo);
+ }
+ cipher.setMode("CBC");
+ cipher.setPadding("PKCS5Padding");
+ // get instance of MD5
+ md = MessageDigest.getInstance("MD5");
+ }
+
+ /**
+ * Sets the mode of this cipher. This algorithm can only be run in CBC
+ * mode.
+ *
+ * @param mode the cipher mode
+ *
+ * @exception NoSuchAlgorithmException if the requested cipher mode is
+ * invalid
+ */
+ void setMode(String mode) throws NoSuchAlgorithmException {
+ cipher.setMode(mode);
+ }
+
+ /**
+ * Sets the padding mechanism of this cipher. This algorithm only uses
+ * PKCS #5 padding.
+ *
+ * @param padding the padding mechanism
+ *
+ * @exception NoSuchPaddingException if the requested padding mechanism
+ * is invalid
+ */
+ void setPadding(String paddingScheme) throws NoSuchPaddingException {
+ cipher.setPadding(paddingScheme);
+ }
+
+ /**
+ * Returns the block size (in bytes).
+ *
+ * @return the block size (in bytes)
+ */
+ int getBlockSize() {
+ return DESConstants.DES_BLOCK_SIZE;
+ }
+
+ /**
+ * Returns the length in bytes that an output buffer would need to be in
+ * order to hold the result of the next update or
+ * doFinal operation, given the input length
+ * inputLen (in bytes).
+ *
+ *
This call takes into account any unprocessed (buffered) data from a
+ * previous update call, and padding.
+ *
+ *
The actual output length of the next update or
+ * doFinal call may be smaller than the length returned by
+ * this method.
+ *
+ * @param inputLen the input length (in bytes)
+ *
+ * @return the required output buffer size (in bytes)
+ *
+ */
+ int getOutputSize(int inputLen) {
+ return cipher.getOutputSize(inputLen);
+ }
+
+ /**
+ * Returns the initialization vector (IV) in a new buffer.
+ *
+ *
This is useful in the case where a random IV has been created
+ * (see init),
+ * or in the context of password-based encryption or
+ * decryption, where the IV is derived from a user-supplied password.
+ *
+ * @return the initialization vector in a new buffer, or null if the
+ * underlying algorithm does not use an IV, or if the IV has not yet
+ * been set.
+ */
+ byte[] getIV() {
+ return cipher.getIV();
+ }
+
+ /**
+ * Returns the parameters used with this cipher.
+ *
+ *
The returned parameters may be the same that were used to initialize
+ * this cipher, or may contain the default set of parameters or a set of
+ * randomly generated parameters used by the underlying cipher
+ * implementation (provided that the underlying cipher implementation
+ * uses a default set of parameters or creates new parameters if it needs
+ * parameters but was not initialized with any).
+ *
+ * @return the parameters used with this cipher, or null if this cipher
+ * does not use any parameters.
+ */
+ AlgorithmParameters getParameters() {
+ AlgorithmParameters params = null;
+ if (salt == null) {
+ salt = new byte[8];
+ SunJCE.RANDOM.nextBytes(salt);
+ }
+ PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
+ try {
+ params = AlgorithmParameters.getInstance("PBEWithMD5And" +
+ (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+ } catch (NoSuchAlgorithmException nsae) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ } catch (NoSuchProviderException nspe) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ }
+ try {
+ params.init(pbeSpec);
+ } catch (InvalidParameterSpecException ipse) {
+ // should never happen
+ throw new RuntimeException("PBEParameterSpec not supported");
+ }
+ return params;
+ }
+
+ /**
+ * Initializes this cipher with a key, a set of
+ * algorithm parameters, and a source of randomness.
+ * The cipher is initialized for one of the following four operations:
+ * encryption, decryption, key wrapping or key unwrapping, depending on
+ * the value of opmode.
+ *
+ *
If this cipher (including its underlying feedback or padding scheme)
+ * requires any random bytes, it will get them from random.
+ *
+ * @param opmode the operation mode of this cipher (this is one of
+ * the following:
+ * ENCRYPT_MODE, DECRYPT_MODE),
+ * WRAP_MODE or UNWRAP_MODE)
+ * @param key the encryption key
+ * @param params the algorithm parameters
+ * @param random the source of randomness
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * initializing this cipher
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this cipher
+ */
+ void init(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ if (((opmode == Cipher.DECRYPT_MODE) ||
+ (opmode == Cipher.UNWRAP_MODE)) && (params == null)) {
+ throw new InvalidAlgorithmParameterException("Parameters "
+ + "missing");
+ }
+ if ((key == null) ||
+ (key.getEncoded() == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+
+ if (params == null) {
+ // create random salt and use default iteration count
+ salt = new byte[8];
+ random.nextBytes(salt);
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ salt = ((PBEParameterSpec) params).getSalt();
+ // salt must be 8 bytes long (by definition)
+ if (salt.length != 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be 8 bytes long");
+ }
+ iCount = ((PBEParameterSpec) params).getIterationCount();
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+ }
+
+ byte[] derivedKey = deriveCipherKey(key);
+ // use all but the last 8 bytes as the key value
+ SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
+ derivedKey.length-8, algo);
+ // use the last 8 bytes as the IV
+ IvParameterSpec ivSpec = new IvParameterSpec(derivedKey,
+ derivedKey.length-8,
+ 8);
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
+ }
+
+ private byte[] deriveCipherKey(Key key) {
+
+ byte[] result = null;
+ byte[] passwdBytes = key.getEncoded();
+
+ if (algo.equals("DES")) {
+ // P || S (password concatenated with salt)
+ byte[] concat = new byte[passwdBytes.length + salt.length];
+ System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
+ java.util.Arrays.fill(passwdBytes, (byte)0x00);
+ System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
+
+ // digest P || S with c iterations
+ byte[] toBeHashed = concat;
+ for (int i = 0; i < iCount; i++) {
+ md.update(toBeHashed);
+ toBeHashed = md.digest(); // this resets the digest
+ }
+ java.util.Arrays.fill(concat, (byte)0x00);
+ result = toBeHashed;
+ } else if (algo.equals("DESede")) {
+ // if the 2 salt halves are the same, invert one of them
+ int i;
+ for (i=0; i<4; i++) {
+ if (salt[i] != salt[i+4])
+ break;
+ }
+ if (i==4) { // same, invert 1st half
+ for (i=0; i<2; i++) {
+ byte tmp = salt[i];
+ salt[i] = salt[3-i];
+ salt[3-1] = tmp;
+ }
+ }
+
+ // Now digest each half (concatenated with password). For each
+ // half, go through the loop as many times as specified by the
+ // iteration count parameter (inner for loop).
+ // Concatenate the output from each digest round with the
+ // password, and use the result as the input to the next digest
+ // operation.
+ byte[] kBytes = null;
+ IvParameterSpec iv = null;
+ byte[] toBeHashed = null;
+ result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
+ DESConstants.DES_BLOCK_SIZE];
+ for (i = 0; i < 2; i++) {
+ toBeHashed = new byte[salt.length/2];
+ System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0,
+ toBeHashed.length);
+ for (int j=0; j < iCount; j++) {
+ md.update(toBeHashed);
+ md.update(passwdBytes);
+ toBeHashed = md.digest(); // this resets the digest
+ }
+ System.arraycopy(toBeHashed, 0, result, i*16,
+ toBeHashed.length);
+ }
+ }
+ return result;
+ }
+
+ void init(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ PBEParameterSpec pbeSpec = null;
+ if (params != null) {
+ try {
+ pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+ } catch (InvalidParameterSpecException ipse) {
+ throw new InvalidAlgorithmParameterException("Wrong parameter "
+ + "type: PBE "
+ + "expected");
+ }
+ }
+ init(opmode, key, pbeSpec, random);
+ }
+
+ /**
+ * Continues a multiple-part encryption or decryption operation
+ * (depending on how this cipher was initialized), processing another data
+ * part.
+ *
+ *
The first inputLen bytes in the input
+ * buffer, starting at inputOffset, are processed, and the
+ * result is stored in a new buffer.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in input where the input
+ * starts
+ * @param inputLen the input length
+ *
+ * @return the new buffer with the result
+ *
+ */
+ byte[] update(byte[] input, int inputOffset, int inputLen) {
+ return cipher.update(input, inputOffset, inputLen);
+ }
+
+ /**
+ * Continues a multiple-part encryption or decryption operation
+ * (depending on how this cipher was initialized), processing another data
+ * part.
+ *
+ *
The first inputLen bytes in the input
+ * buffer, starting at inputOffset, are processed, and the
+ * result is stored in the output buffer, starting at
+ * outputOffset.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in input where the input
+ * starts
+ * @param inputLen the input length
+ * @param output the buffer for the result
+ * @param outputOffset the offset in output where the result
+ * is stored
+ *
+ * @return the number of bytes stored in output
+ *
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result
+ */
+ int update(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException {
+ return cipher.update(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ /**
+ * Encrypts or decrypts data in a single-part operation,
+ * or finishes a multiple-part operation.
+ * The data is encrypted or decrypted, depending on how this cipher was
+ * initialized.
+ *
+ *
The first inputLen bytes in the input
+ * buffer, starting at inputOffset, and any input bytes that
+ * may have been buffered during a previous update operation,
+ * are processed, with padding (if requested) being applied.
+ * The result is stored in a new buffer.
+ *
+ *
The cipher is reset to its initial state (uninitialized) after this
+ * call.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in input where the input
+ * starts
+ * @param inputLen the input length
+ *
+ * @return the new buffer with the result
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block cipher,
+ * no padding has been requested (only in encryption mode), and the total
+ * input length of the data processed by this cipher is not a multiple of
+ * block size
+ * @exception BadPaddingException if decrypting and padding is choosen,
+ * but the last input data does not have proper padding bytes.
+ */
+ byte[] doFinal(byte[] input, int inputOffset, int inputLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen);
+ }
+
+ /**
+ * Encrypts or decrypts data in a single-part operation,
+ * or finishes a multiple-part operation.
+ * The data is encrypted or decrypted, depending on how this cipher was
+ * initialized.
+ *
+ *
The first inputLen bytes in the input
+ * buffer, starting at inputOffset, and any input bytes that
+ * may have been buffered during a previous update operation,
+ * are processed, with padding (if requested) being applied.
+ * The result is stored in the output buffer, starting at
+ * outputOffset.
+ *
+ *
The cipher is reset to its initial state (uninitialized) after this
+ * call.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in input where the input
+ * starts
+ * @param inputLen the input length
+ * @param output the buffer for the result
+ * @param outputOffset the offset in output where the result
+ * is stored
+ *
+ * @return the number of bytes stored in output
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block cipher,
+ * no padding has been requested (only in encryption mode), and the total
+ * input length of the data processed by this cipher is not a multiple of
+ * block size
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result
+ * @exception BadPaddingException if decrypting and padding is choosen,
+ * but the last input data does not have proper padding bytes.
+ */
+ int doFinal(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ /**
+ * Wrap a key.
+ *
+ * @param key the key to be wrapped.
+ *
+ * @return the wrapped key.
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block
+ * cipher, no padding has been requested, and the length of the
+ * encoding of the key to be wrapped is not a
+ * multiple of the block size.
+ *
+ * @exception InvalidKeyException if it is impossible or unsafe to
+ * wrap the key with this cipher (e.g., a hardware protected key is
+ * being passed to a software only cipher).
+ */
+ byte[] wrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ byte[] result = null;
+
+ try {
+ byte[] encodedKey = key.getEncoded();
+ if ((encodedKey == null) || (encodedKey.length == 0)) {
+ throw new InvalidKeyException("Cannot get an encoding of " +
+ "the key to be wrapped");
+ }
+
+ result = doFinal(encodedKey, 0, encodedKey.length);
+ } catch (BadPaddingException e) {
+ // Should never happen
+ }
+
+ return result;
+ }
+
+ /**
+ * Unwrap a previously wrapped key.
+ *
+ * @param wrappedKey the key to be unwrapped.
+ *
+ * @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
+ *
+ * @param wrappedKeyType the type of the wrapped key.
+ * This is one of Cipher.SECRET_KEY,
+ * Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
+ *
+ * @return the unwrapped key.
+ *
+ * @exception NoSuchAlgorithmException if no installed providers
+ * can create keys of type wrappedKeyType for the
+ * wrappedKeyAlgorithm.
+ *
+ * @exception InvalidKeyException if wrappedKey does not
+ * represent a wrapped key of type wrappedKeyType for
+ * the wrappedKeyAlgorithm.
+ */
+ Key unwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ byte[] encodedKey;
+ try {
+ encodedKey = doFinal(wrappedKey, 0, wrappedKey.length);
+ } catch (BadPaddingException ePadding) {
+ throw new InvalidKeyException("The wrapped key is not padded " +
+ "correctly");
+ } catch (IllegalBlockSizeException eBlockSize) {
+ throw new InvalidKeyException("The wrapped key does not have " +
+ "the correct length");
+ }
+ return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBES2Core.java b/src/share/classes/com/sun/crypto/provider/PBES2Core.java
new file mode 100644
index 0000000000000000000000000000000000000000..4e5eb8e6dd18a14938b3c45c0f1293b8c437bdd0
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBES2Core.java
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.interfaces.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ * These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
+ * Padding is done as described in PKCS #5.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+abstract class PBES2Core extends CipherSpi {
+
+ private static final int DEFAULT_SALT_LENGTH = 20;
+ private static final int DEFAULT_COUNT = 4096;
+
+ // the encapsulated cipher
+ private final CipherCore cipher;
+ private final int keyLength; // in bits
+ private final int blkSize; // in bits
+ private final PBKDF2Core kdf;
+ private final String pbeAlgo;
+ private final String cipherAlgo;
+ private int iCount = DEFAULT_COUNT;
+ private byte[] salt = null;
+ private IvParameterSpec ivSpec = null;
+
+ /**
+ * Creates an instance of PBE Scheme 2 according to the selected
+ * password-based key derivation function and encryption scheme.
+ */
+ PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+ this.cipherAlgo = cipherAlgo;
+ keyLength = keySize * 8;
+ pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
+
+ if (cipherAlgo.equals("AES")) {
+ blkSize = AESConstants.AES_BLOCK_SIZE;
+ cipher = new CipherCore(new AESCrypt(), blkSize);
+
+ switch(kdfAlgo) {
+ case "HmacSHA1":
+ kdf = new PBKDF2Core.HmacSHA1();
+ break;
+ case "HmacSHA224":
+ kdf = new PBKDF2Core.HmacSHA224();
+ break;
+ case "HmacSHA256":
+ kdf = new PBKDF2Core.HmacSHA256();
+ break;
+ case "HmacSHA384":
+ kdf = new PBKDF2Core.HmacSHA384();
+ break;
+ case "HmacSHA512":
+ kdf = new PBKDF2Core.HmacSHA512();
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No Cipher implementation for " + kdfAlgo);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation for " +
+ pbeAlgo);
+ }
+ cipher.setMode("CBC");
+ cipher.setPadding("PKCS5Padding");
+ }
+
+ protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+ if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
+ throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
+ }
+ }
+
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if ((paddingScheme != null) &&
+ (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
+ throw new NoSuchPaddingException("Invalid padding scheme: " +
+ paddingScheme);
+ }
+ }
+
+ protected int engineGetBlockSize() {
+ return blkSize;
+ }
+
+ protected int engineGetOutputSize(int inputLen) {
+ return cipher.getOutputSize(inputLen);
+ }
+
+ protected byte[] engineGetIV() {
+ return cipher.getIV();
+ }
+
+ protected AlgorithmParameters engineGetParameters() {
+ AlgorithmParameters params = null;
+ if (salt == null) {
+ // generate random salt and use default iteration count
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ SunJCE.RANDOM.nextBytes(salt);
+ iCount = DEFAULT_COUNT;
+ }
+ if (ivSpec == null) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ SunJCE.RANDOM.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ }
+ PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
+ try {
+ params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+ } catch (NoSuchAlgorithmException nsae) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ } catch (NoSuchProviderException nspe) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ }
+ try {
+ params.init(pbeSpec);
+ } catch (InvalidParameterSpecException ipse) {
+ // should never happen
+ throw new RuntimeException("PBEParameterSpec not supported");
+ }
+ return params;
+ }
+
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ try {
+ engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+ } catch (InvalidAlgorithmParameterException ie) {
+ InvalidKeyException ike =
+ new InvalidKeyException("requires PBE parameters");
+ ike.initCause(ie);
+ throw ike;
+ }
+ }
+
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+ if ((key == null) ||
+ (key.getEncoded() == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+
+ // TBD: consolidate the salt, ic and IV parameter checks below
+
+ // Extract salt and iteration count from the key, if present
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+ if (salt != null && salt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+ if (iCount == 0) {
+ iCount = DEFAULT_COUNT;
+ } else if (iCount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
+ }
+
+ // Extract salt, iteration count and IV from the params, if present
+ if (params == null) {
+ if (salt == null) {
+ // generate random salt and use default iteration count
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ random.nextBytes(salt);
+ iCount = DEFAULT_COUNT;
+ }
+ if ((opmode == Cipher.ENCRYPT_MODE) ||
+ (opmode == Cipher.WRAP_MODE)) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ }
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ // salt and iteration count from the params take precedence
+ byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+ if (specSalt != null && specSalt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ salt = specSalt;
+ int specICount = ((PBEParameterSpec) params).getIterationCount();
+ if (specICount == 0) {
+ specICount = DEFAULT_COUNT;
+ } else if (specICount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
+ iCount = specICount;
+
+ AlgorithmParameterSpec specParams =
+ ((PBEParameterSpec) params).getParameterSpec();
+ if (specParams != null) {
+ if (specParams instanceof IvParameterSpec) {
+ ivSpec = (IvParameterSpec)specParams;
+ } else {
+ throw new InvalidAlgorithmParameterException(
+ "Wrong parameter type: IV expected");
+ }
+ } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+ (opmode == Cipher.WRAP_MODE)) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ } else {
+ throw new InvalidAlgorithmParameterException(
+ "Missing parameter type: IV expected");
+ }
+ }
+
+ SecretKeySpec cipherKey = null;
+ byte[] derivedKey = null;
+ byte[] passwdBytes = key.getEncoded();
+ char[] passwdChars = new char[passwdBytes.length];
+
+ for (int i=0; i
+ * -- PBES2
+ *
+ * PBES2Algorithms ALGORITHM-IDENTIFIER ::=
+ * { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
+ *
+ * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+ *
+ * PBES2-params ::= SEQUENCE {
+ * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+ * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
+ *
+ * PBES2-KDFs ALGORITHM-IDENTIFIER ::=
+ * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * -- PBKDF2
+ *
+ * PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+ * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+ *
+ * id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+ *
+ * PBKDF2-params ::= SEQUENCE {
+ * salt CHOICE {
+ * specified OCTET STRING,
+ * otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+ * },
+ * iterationCount INTEGER (1..MAX),
+ * keyLength INTEGER (1..MAX) OPTIONAL,
+ * prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+ * }
+ *
+ * PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+ * {NULL IDENTIFIED BY id-hmacWithSHA1} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA224} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA256} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA384} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA512}, ... }
+ *
+ * algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+ * {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+ *
+ * id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ *
+ */
+
+abstract class PBES2Parameters extends AlgorithmParametersSpi {
+
+ private static final int pkcs5PBKDF2[] =
+ {1, 2, 840, 113549, 1, 5, 12};
+ private static final int pkcs5PBES2[] =
+ {1, 2, 840, 113549, 1, 5, 13};
+ private static final int hmacWithSHA1[] =
+ {1, 2, 840, 113549, 2, 7};
+ private static final int hmacWithSHA224[] =
+ {1, 2, 840, 113549, 2, 8};
+ private static final int hmacWithSHA256[] =
+ {1, 2, 840, 113549, 2, 9};
+ private static final int hmacWithSHA384[] =
+ {1, 2, 840, 113549, 2, 10};
+ private static final int hmacWithSHA512[] =
+ {1, 2, 840, 113549, 2, 11};
+ private static final int aes128CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 2};
+ private static final int aes192CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 22};
+ private static final int aes256CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 42};
+
+ private static ObjectIdentifier pkcs5PBKDF2_OID;
+ private static ObjectIdentifier pkcs5PBES2_OID;
+ private static ObjectIdentifier hmacWithSHA1_OID;
+ private static ObjectIdentifier hmacWithSHA224_OID;
+ private static ObjectIdentifier hmacWithSHA256_OID;
+ private static ObjectIdentifier hmacWithSHA384_OID;
+ private static ObjectIdentifier hmacWithSHA512_OID;
+ private static ObjectIdentifier aes128CBC_OID;
+ private static ObjectIdentifier aes192CBC_OID;
+ private static ObjectIdentifier aes256CBC_OID;
+
+ static {
+ try {
+ pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
+ pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
+ hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
+ hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
+ hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
+ hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
+ hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
+ aes128CBC_OID = new ObjectIdentifier(aes128CBC);
+ aes192CBC_OID = new ObjectIdentifier(aes192CBC);
+ aes256CBC_OID = new ObjectIdentifier(aes256CBC);
+ } catch (IOException ioe) {
+ // should not happen
+ }
+ }
+
+ // the PBES2 algorithm name
+ private String pbes2AlgorithmName = null;
+
+ // the salt
+ private byte[] salt = null;
+
+ // the iteration count
+ private int iCount = 0;
+
+ // the cipher parameter
+ private AlgorithmParameterSpec cipherParam = null;
+
+ // the key derivation function (default is HmacSHA1)
+ private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+
+ // the encryption function
+ private ObjectIdentifier cipherAlgo_OID = null;
+
+ // the cipher keysize (in bits)
+ private int keysize = -1;
+
+ PBES2Parameters() {
+ // KDF, encryption & keysize values are set later, in engineInit(byte[])
+ }
+
+ PBES2Parameters(String pbes2AlgorithmName) throws NoSuchAlgorithmException {
+ int and;
+ String kdfAlgo = null;
+ String cipherAlgo = null;
+
+ // Extract the KDF and encryption algorithm names
+ this.pbes2AlgorithmName = pbes2AlgorithmName;
+ if (pbes2AlgorithmName.startsWith("PBEWith") &&
+ (and = pbes2AlgorithmName.indexOf("And", 7 + 1)) > 0) {
+ kdfAlgo = pbes2AlgorithmName.substring(7, and);
+ cipherAlgo = pbes2AlgorithmName.substring(and + 3);
+
+ // Check for keysize
+ int underscore;
+ if ((underscore = cipherAlgo.indexOf('_')) > 0) {
+ int slash;
+ if ((slash = cipherAlgo.indexOf('/', underscore + 1)) > 0) {
+ keysize =
+ Integer.parseInt(cipherAlgo.substring(underscore + 1,
+ slash));
+ } else {
+ keysize =
+ Integer.parseInt(cipherAlgo.substring(underscore + 1));
+ }
+ cipherAlgo = cipherAlgo.substring(0, underscore);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No crypto implementation for " +
+ pbes2AlgorithmName);
+ }
+
+ switch (kdfAlgo) {
+ case "HmacSHA1":
+ kdfAlgo_OID = hmacWithSHA1_OID;
+ break;
+ case "HmacSHA224":
+ kdfAlgo_OID = hmacWithSHA224_OID;
+ break;
+ case "HmacSHA256":
+ kdfAlgo_OID = hmacWithSHA256_OID;
+ break;
+ case "HmacSHA384":
+ kdfAlgo_OID = hmacWithSHA384_OID;
+ break;
+ case "HmacSHA512":
+ kdfAlgo_OID = hmacWithSHA512_OID;
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No crypto implementation for " + kdfAlgo);
+ }
+
+ if (cipherAlgo.equals("AES")) {
+ this.keysize = keysize;
+ switch (keysize) {
+ case 128:
+ cipherAlgo_OID = aes128CBC_OID;
+ break;
+ case 256:
+ cipherAlgo_OID = aes256CBC_OID;
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No Cipher implementation for " + keysize + "-bit " +
+ cipherAlgo);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation for " +
+ cipherAlgo);
+ }
+ }
+
+ protected void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (!(paramSpec instanceof PBEParameterSpec)) {
+ throw new InvalidParameterSpecException
+ ("Inappropriate parameter specification");
+ }
+ this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
+ this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+ this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
+ }
+
+ protected void engineInit(byte[] encoded)
+ throws IOException
+ {
+ String kdfAlgo = null;
+ String cipherAlgo = null;
+
+ DerValue pBES2Algorithms = new DerValue(encoded);
+ if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for PBES2");
+ }
+ if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+
+ DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
+ if (pBES2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
+
+ if (pBES2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ cipherAlgo = parseES(pBES2_params.data.getDerValue());
+
+ pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+ .append(kdfAlgo).append("And").append(cipherAlgo).toString();
+ }
+
+ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
+ String kdfAlgo = null;
+
+ if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for PBKDF2");
+ }
+ if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
+ if (pBKDF2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ DerValue specified = pBKDF2_params.data.getDerValue();
+ // the 'specified' ASN.1 CHOICE for 'salt' is supported
+ if (specified.tag == DerValue.tag_OctetString) {
+ salt = specified.getOctetString();
+ } else {
+ // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 OCTET STRING tag");
+ }
+ iCount = pBKDF2_params.data.getInteger();
+ DerValue keyLength = pBKDF2_params.data.getDerValue();
+ if (keyLength.tag == DerValue.tag_Integer) {
+ keysize = keyLength.getInteger() * 8; // keysize (in bits)
+ }
+ if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+ DerValue prf = pBKDF2_params.data.getDerValue();
+ kdfAlgo_OID = prf.data.getOID();
+ if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA1";
+ } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA224";
+ } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA256";
+ } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA384";
+ } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA512";
+ } else {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for a HmacSHA key "
+ + "derivation function");
+ }
+ if (prf.data.available() != 0) {
+ // parameter is 'NULL' for all HmacSHA KDFs
+ DerValue parameter = prf.data.getDerValue();
+ if (parameter.tag != DerValue.tag_Null) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 NULL tag");
+ }
+ }
+ }
+
+ return kdfAlgo;
+ }
+
+ private String parseES(DerValue encryptionScheme) throws IOException {
+ String cipherAlgo = null;
+
+ cipherAlgo_OID = encryptionScheme.data.getOID();
+ if (aes128CBC_OID.equals(cipherAlgo_OID)) {
+ cipherAlgo = "AES_128";
+ // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+ cipherParam =
+ new IvParameterSpec(encryptionScheme.data.getOctetString());
+ keysize = 128;
+ } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
+ cipherAlgo = "AES_256";
+ // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+ cipherParam =
+ new IvParameterSpec(encryptionScheme.data.getOctetString());
+ keysize = 256;
+ } else {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for AES cipher");
+ }
+
+ return cipherAlgo;
+ }
+
+ protected void engineInit(byte[] encoded, String decodingMethod)
+ throws IOException
+ {
+ engineInit(encoded);
+ }
+
+ protected
+ T engineGetParameterSpec(Class paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
+ return paramSpec.cast(
+ new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
+ } else {
+ throw new InvalidParameterSpecException
+ ("Inappropriate parameter specification");
+ }
+ }
+
+ protected byte[] engineGetEncoded() throws IOException {
+ DerOutputStream out = new DerOutputStream();
+ DerOutputStream pBES2Algorithms = new DerOutputStream();
+ pBES2Algorithms.putOID(pkcs5PBES2_OID);
+
+ DerOutputStream pBES2_params = new DerOutputStream();
+
+ DerOutputStream keyDerivationFunc = new DerOutputStream();
+ keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
+
+ DerOutputStream pBKDF2_params = new DerOutputStream();
+ pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
+ pBKDF2_params.putInteger(iCount);
+ pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+
+ DerOutputStream prf = new DerOutputStream();
+ // algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
+ prf.putOID(kdfAlgo_OID);
+ // parameters is 'NULL'
+ prf.putNull();
+ pBKDF2_params.write(DerValue.tag_Sequence, prf);
+
+ keyDerivationFunc.write(DerValue.tag_Sequence, pBKDF2_params);
+ pBES2_params.write(DerValue.tag_Sequence, keyDerivationFunc);
+
+ DerOutputStream encryptionScheme = new DerOutputStream();
+ // algorithm is id-aes128-CBC or id-aes256-CBC
+ encryptionScheme.putOID(cipherAlgo_OID);
+ // parameters is 'AES-IV ::= OCTET STRING (SIZE(16))'
+ if (cipherParam != null && cipherParam instanceof IvParameterSpec) {
+ encryptionScheme.putOctetString(
+ ((IvParameterSpec)cipherParam).getIV());
+ } else {
+ throw new IOException("Wrong parameter type: IV expected");
+ }
+ pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
+
+ pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
+ out.write(DerValue.tag_Sequence, pBES2Algorithms);
+
+ return out.toByteArray();
+ }
+
+ protected byte[] engineGetEncoded(String encodingMethod)
+ throws IOException
+ {
+ return engineGetEncoded();
+ }
+
+ /*
+ * Returns a formatted string describing the parameters.
+ *
+ * The algorithn name pattern is: "PBEWithAnd"
+ * where is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
+ * or HmacSHA512, and is AES with a keysize suffix.
+ */
+ protected String engineToString() {
+ return pbes2AlgorithmName;
+ }
+
+ public static final class General extends PBES2Parameters {
+ public General() throws NoSuchAlgorithmException {
+ super();
+ }
+ }
+
+ public static final class HmacSHA1AndAES_128 extends PBES2Parameters {
+ public HmacSHA1AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA1AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA224AndAES_128 extends PBES2Parameters {
+ public HmacSHA224AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA224AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA256AndAES_128 extends PBES2Parameters {
+ public HmacSHA256AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA256AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA384AndAES_128 extends PBES2Parameters {
+ public HmacSHA384AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA384AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA512AndAES_128 extends PBES2Parameters {
+ public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA512AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
+ public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA1AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA224AndAES_256 extends PBES2Parameters {
+ public HmacSHA224AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA224AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA256AndAES_256 extends PBES2Parameters {
+ public HmacSHA256AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA256AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA384AndAES_256 extends PBES2Parameters {
+ public HmacSHA384AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA384AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA512AndAES_256 extends PBES2Parameters {
+ public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA512AndAES_256");
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
index 66ed95ba7a6b84c90d494e9d4ab85d46dd42e736..d448f277dcbfd689bca90b3c9b96272383fe70be 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ import javax.crypto.spec.*;
public final class PBEWithMD5AndDESCipher extends CipherSpi {
// the encapsulated DES cipher
- private PBECipherCore core;
+ private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -58,7 +58,7 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
*/
public PBEWithMD5AndDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException {
- core = new PBECipherCore("DES");
+ core = new PBES1Core("DES");
}
/**
diff --git a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
index 44279842cf0ef3d0fb02ff77441b72ab4a081ebd..d6216a81fb98b2cbc218c9bb4dd92796a3dfed04 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@ import javax.crypto.spec.*;
*/
public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
- private PBECipherCore core;
+ private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -70,7 +70,7 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
throws NoSuchAlgorithmException, NoSuchPaddingException
{
// set the encapsulated cipher to do triple DES
- core = new PBECipherCore("DESede");
+ core = new PBES1Core("DESede");
}
/**
diff --git a/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java b/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java
new file mode 100644
index 0000000000000000000000000000000000000000..c8e86082fbd9d3e733a24a0a6ad3daf62a49c8ec
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * This class implements a key factory for PBE keys derived using
+ * PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
+ * pseudo random function (PRF) as defined in PKCS#5 v2.1.
+ *
+ * @author Valerie Peng
+ *
+ */
+abstract class PBKDF2Core extends SecretKeyFactorySpi {
+
+ private final String prfAlgo;
+
+ PBKDF2Core(String prfAlgo) {
+ this.prfAlgo = prfAlgo;
+ }
+
+ /**
+ * Generates a SecretKey object from the provided key
+ * specification (key material).
+ *
+ * @param keySpec the specification (key material) of the secret key
+ *
+ * @return the secret key
+ *
+ * @exception InvalidKeySpecException if the given key specification
+ * is inappropriate for this key factory to produce a public key.
+ */
+ protected SecretKey engineGenerateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ if (!(keySpec instanceof PBEKeySpec)) {
+ throw new InvalidKeySpecException("Invalid key spec");
+ }
+ PBEKeySpec ks = (PBEKeySpec) keySpec;
+ return new PBKDF2KeyImpl(ks, prfAlgo);
+ }
+
+ /**
+ * Returns a specification (key material) of the given key
+ * in the requested format.
+ *
+ * @param key the key
+ *
+ * @param keySpec the requested format in which the key material shall be
+ * returned
+ *
+ * @return the underlying key specification (key material) in the
+ * requested format
+ *
+ * @exception InvalidKeySpecException if the requested key
+ * specification is inappropriate for the given key, or the
+ * given key cannot be processed (e.g., the given key has an
+ * unrecognized algorithm or format).
+ */
+ protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl)
+ throws InvalidKeySpecException {
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ // Check if requested key spec is amongst the valid ones
+ if ((keySpecCl != null)
+ && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
+ javax.crypto.interfaces.PBEKey pKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ return new PBEKeySpec
+ (pKey.getPassword(), pKey.getSalt(),
+ pKey.getIterationCount(), pKey.getEncoded().length*8);
+ } else {
+ throw new InvalidKeySpecException("Invalid key spec");
+ }
+ } else {
+ throw new InvalidKeySpecException("Invalid key " +
+ "format/algorithm");
+ }
+ }
+
+ /**
+ * Translates a SecretKey object, whose provider may be
+ * unknown or potentially untrusted, into a corresponding
+ * SecretKey object of this key factory.
+ *
+ * @param key the key whose provider is unknown or untrusted
+ *
+ * @return the translated key
+ *
+ * @exception InvalidKeyException if the given key cannot be processed by
+ * this key factory.
+ */
+ protected SecretKey engineTranslateKey(SecretKey key)
+ throws InvalidKeyException {
+ if ((key != null) &&
+ (key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
+ (key.getFormat().equalsIgnoreCase("RAW"))) {
+
+ // Check if key originates from this factory
+ if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
+ return key;
+ }
+ // Check if key implements the PBEKey
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ javax.crypto.interfaces.PBEKey pKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ try {
+ PBEKeySpec spec =
+ new PBEKeySpec(pKey.getPassword(),
+ pKey.getSalt(),
+ pKey.getIterationCount(),
+ pKey.getEncoded().length*8);
+ return new PBKDF2KeyImpl(spec, prfAlgo);
+ } catch (InvalidKeySpecException re) {
+ InvalidKeyException ike = new InvalidKeyException
+ ("Invalid key component(s)");
+ ike.initCause(re);
+ throw ike;
+ }
+ }
+ }
+ throw new InvalidKeyException("Invalid key format/algorithm");
+ }
+
+ public static final class HmacSHA1 extends PBKDF2Core {
+ public HmacSHA1() {
+ super("HmacSHA1");
+ }
+ }
+
+ public static final class HmacSHA224 extends PBKDF2Core {
+ public HmacSHA224() {
+ super("HmacSHA224");
+ }
+ }
+
+ public static final class HmacSHA256 extends PBKDF2Core {
+ public HmacSHA256() {
+ super("HmacSHA256");
+ }
+ }
+
+ public static final class HmacSHA384 extends PBKDF2Core {
+ public HmacSHA384() {
+ super("HmacSHA384");
+ }
+ }
+
+ public static final class HmacSHA512 extends PBKDF2Core {
+ public HmacSHA512() {
+ super("HmacSHA512");
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java b/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
new file mode 100644
index 0000000000000000000000000000000000000000..fef4eda8a8b935170ad1c865e5282deff7761b03
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.util.Arrays;
+import java.nio.ByteBuffer;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This is an implementation of the PBMAC1 algorithms as defined
+ * in PKCS#5 v2.1 standard.
+ */
+abstract class PBMAC1Core extends HmacCore {
+
+ private static final int DEFAULT_SALT_LENGTH = 20;
+ private static final int DEFAULT_COUNT = 4096;
+
+ private final String kdfAlgo;
+ private final String hashAlgo;
+ private final PBKDF2Core kdf;
+ private final int blockLength; // in octets
+
+ /**
+ * Creates an instance of PBMAC1 according to the selected
+ * password-based key derivation function.
+ */
+ PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
+ throws NoSuchAlgorithmException {
+
+ super(hashAlgo, blockLength);
+ this.kdfAlgo = kdfAlgo;
+ this.hashAlgo = hashAlgo;
+ this.blockLength = blockLength;
+
+ switch(kdfAlgo) {
+ case "HmacSHA1":
+ kdf = new PBKDF2Core.HmacSHA1();
+ break;
+ case "HmacSHA224":
+ kdf = new PBKDF2Core.HmacSHA224();
+ break;
+ case "HmacSHA256":
+ kdf = new PBKDF2Core.HmacSHA256();
+ break;
+ case "HmacSHA384":
+ kdf = new PBKDF2Core.HmacSHA384();
+ break;
+ case "HmacSHA512":
+ kdf = new PBKDF2Core.HmacSHA512();
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No MAC implementation for " + kdfAlgo);
+ }
+ }
+
+ /**
+ * Initializes the HMAC with the given secret key and algorithm parameters.
+ *
+ * @param key the secret key.
+ * @param params the algorithm parameters.
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * initializing this MAC.
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this MAC.
+ */
+ protected void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ char[] passwdChars;
+ byte[] salt = null;
+ int iCount = 0;
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ javax.crypto.interfaces.PBEKey pbeKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ passwdChars = pbeKey.getPassword();
+ salt = pbeKey.getSalt(); // maybe null if unspecified
+ iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
+ } else if (key instanceof SecretKey) {
+ byte[] passwdBytes = key.getEncoded();
+ if ((passwdBytes == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+ passwdChars = new char[passwdBytes.length];
+ for (int i=0; i>> 8) & 0xFF);
passwd[j+1] = (byte) (chars[i] & 0xFF);
}
- int v = 512 / 8;
- int u = 160 / 8;
- int c = roundup(n, u) / u;
- byte[] D = new byte[v];
- int s = roundup(salt.length, v);
- int p = roundup(passwd.length, v);
- byte[] I = new byte[s + p];
byte[] key = new byte[n];
- Arrays.fill(D, (byte)type);
- concat(salt, I, 0, s);
- concat(passwd, I, s, p);
-
try {
- MessageDigest sha = MessageDigest.getInstance("SHA1");
+ MessageDigest sha = MessageDigest.getInstance(hashAlgo);
+
+ int v = blockLength;
+ int u = sha.getDigestLength();
+ int c = roundup(n, u) / u;
+ byte[] D = new byte[v];
+ int s = roundup(salt.length, v);
+ int p = roundup(passwd.length, v);
+ byte[] I = new byte[s + p];
+
+ Arrays.fill(D, (byte)type);
+ concat(salt, I, 0, s);
+ concat(passwd, I, s, p);
+
byte[] Ai;
byte[] B = new byte[v];
byte[] tmp = new byte[v];
@@ -150,23 +165,30 @@ final class PKCS12PBECipherCore {
PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
throws NoSuchAlgorithmException {
+
algo = symmCipherAlg;
- SymmetricCipher symmCipher = null;
- if (algo.equals("DESede")) {
- symmCipher = new DESedeCrypt();
- } else if (algo.equals("RC2")) {
- symmCipher = new RC2Crypt();
+ if (algo.equals("RC4")) {
+ pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
} else {
- throw new NoSuchAlgorithmException("No Cipher implementation " +
+ SymmetricCipher symmCipher = null;
+ if (algo.equals("DESede")) {
+ symmCipher = new DESedeCrypt();
+ pbeAlgo = "PBEWithSHA1AndDESede";
+ } else if (algo.equals("RC2")) {
+ symmCipher = new RC2Crypt();
+ pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation " +
"for PBEWithSHA1And" + algo);
- }
- blockSize = symmCipher.getBlockSize();
- cipher = new CipherCore(symmCipher, blockSize);
- cipher.setMode("CBC");
- try {
- cipher.setPadding("PKCS5Padding");
- } catch (NoSuchPaddingException nspe) {
- // should not happen
+ }
+ blockSize = symmCipher.getBlockSize();
+ cipher = new CipherCore(symmCipher, blockSize);
+ cipher.setMode("CBC");
+ try {
+ cipher.setPadding("PKCS5Padding");
+ } catch (NoSuchPaddingException nspe) {
+ // should not happen
+ }
}
keySize = defKeySize;
}
@@ -210,8 +232,7 @@ final class PKCS12PBECipherCore {
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
try {
- params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
- (algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
+ params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (GeneralSecurityException gse) {
// should never happen
throw new RuntimeException(
@@ -229,6 +250,13 @@ final class PKCS12PBECipherCore {
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
+ implInit(opmode, key, params, random, null);
+ }
+
+ void implInit(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random, CipherSpi cipherImpl)
+ throws InvalidKeyException,
+ InvalidAlgorithmParameterException {
char[] passwdChars = null;
salt = null;
iCount = 0;
@@ -309,17 +337,29 @@ final class PKCS12PBECipherCore {
byte[] derivedKey = derive(passwdChars, salt, iCount,
keySize, CIPHER_KEY);
SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
- byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+
+ if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+ ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
+ } else {
+ byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
CIPHER_IV);
- IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+ IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
- // initialize the underlying cipher
- cipher.init(opmode, cipherKey, ivSpec, random);
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
+ }
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
+ implInit(opmode, key, params, random, null);
+ }
+
+ void implInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random, CipherSpi cipherImpl)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
try {
@@ -329,13 +369,19 @@ final class PKCS12PBECipherCore {
"requires PBE parameters");
}
}
- implInit(opmode, key, paramSpec, random);
+ implInit(opmode, key, paramSpec, random, cipherImpl);
}
void implInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
+ implInit(opmode, key, random, null);
+ }
+
+ void implInit(int opmode, Key key, SecureRandom random,
+ CipherSpi cipherImpl) throws InvalidKeyException {
try {
- implInit(opmode, key, (AlgorithmParameterSpec) null, random);
+ implInit(opmode, key, (AlgorithmParameterSpec) null, random,
+ cipherImpl);
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeyException("requires PBE parameters");
}
@@ -526,4 +572,245 @@ final class PKCS12PBECipherCore {
return core.implWrap(key);
}
}
+
+ public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
+ private final PKCS12PBECipherCore core;
+ public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC2", 16);
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return core.implDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return core.implDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return core.implGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return core.implGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return core.implGetKeySize(key);
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return core.implGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ core.implSetMode(mode);
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ core.implSetPadding(paddingScheme);
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return core.implUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return core.implUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return core.implWrap(key);
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
+ private static final int RC4_KEYSIZE = 5;
+ private final PKCS12PBECipherCore core;
+ private final ARCFOURCipher cipher;
+
+ public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+ cipher = new ARCFOURCipher();
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return cipher.engineGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return cipher.engineGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return RC4_KEYSIZE;
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return cipher.engineGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random, cipher);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ if (mode.equalsIgnoreCase("ECB") == false) {
+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+ }
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+ throw new NoSuchPaddingException("Padding must be NoPadding");
+ }
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return cipher.engineUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return cipher.engineWrap(key);
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
+ private static final int RC4_KEYSIZE = 16;
+ private final PKCS12PBECipherCore core;
+ private final ARCFOURCipher cipher;
+
+ public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+ cipher = new ARCFOURCipher();
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return cipher.engineGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return cipher.engineGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return RC4_KEYSIZE;
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return cipher.engineGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random, cipher);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ if (mode.equalsIgnoreCase("ECB") == false) {
+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+ }
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+ throw new NoSuchPaddingException("Padding must be NoPadding");
+ }
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return cipher.engineUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return cipher.engineWrap(key);
+ }
+ }
}
diff --git a/src/share/classes/com/sun/crypto/provider/SunJCE.java b/src/share/classes/com/sun/crypto/provider/SunJCE.java
index 925343e51f037def42f5294e8fa585b19861b503..3edac42c6badc2931a3f6d0a1acc96671ccc0f98 100644
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -77,10 +77,14 @@ public final class SunJCE extends Provider {
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
- private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
+ private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+ private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+ private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
+ private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+ private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
/* Are we debugging? -- for developers */
@@ -138,14 +142,26 @@ public final class SunJCE extends Provider {
put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+ // PBES1
+
put("Cipher.PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher");
put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
+
put("Cipher.PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+
+ put("Cipher.PBEWithSHA1AndDESede",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndDESede");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+ "PBEWithSHA1AndDESede");
+ put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+ "PBEWithSHA1AndDESede");
+
put("Cipher.PBEWithSHA1AndRC2_40",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndRC2_40");
@@ -153,13 +169,70 @@ public final class SunJCE extends Provider {
"PBEWithSHA1AndRC2_40");
put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
- put("Cipher.PBEWithSHA1AndDESede",
+
+ put("Cipher.PBEWithSHA1AndRC2_128",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
- put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
- "PBEWithSHA1AndDESede");
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("Cipher.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("Cipher.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ //PBES2
+
+ put("Cipher.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA224AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA256AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA384AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA512AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA224AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA256AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA384AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA512AndAES_256");
put("Cipher.Blowfish",
"com.sun.crypto.provider.BlowfishCipher");
@@ -301,6 +374,7 @@ public final class SunJCE extends Provider {
"DiffieHellman");
put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
"DiffieHellman");
+
/*
* Algorithm parameter generation engines
*/
@@ -371,6 +445,64 @@ public final class SunJCE extends Provider {
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
+ put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ put("AlgorithmParameters.PBES2",
+ "com.sun.crypto.provider.PBES2Parameters$General");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
+ "PBES2");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
+ "PBES2");
+
+ put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+
put("AlgorithmParameters.Blowfish",
"com.sun.crypto.provider.BlowfishParameters");
@@ -378,6 +510,7 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.AESParameters");
put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+
put("AlgorithmParameters.RC2",
"com.sun.crypto.provider.RC2Parameters");
@@ -393,6 +526,7 @@ public final class SunJCE extends Provider {
put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
"DiffieHellman");
put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+
/*
* Secret-key factories
*/
@@ -441,13 +575,90 @@ public final class SunJCE extends Provider {
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
+ put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
+ );
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
+ );
+
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
+ );
+
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA1AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA224AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA256AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA384AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA512AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA1AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA224AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA256AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA384AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA512AndAES_256");
+
+ // PBKDF2
+
put("SecretKeyFactory.PBKDF2WithHmacSHA1",
- "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA224",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA256",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA384",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA512",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
/*
* MAC
*/
@@ -475,6 +686,19 @@ public final class SunJCE extends Provider {
put("Mac.HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBESHA1");
+ // PBMAC1
+
+ put("Mac.PBEWithHmacSHA1",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
+ put("Mac.PBEWithHmacSHA224",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
+ put("Mac.PBEWithHmacSHA256",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
+ put("Mac.PBEWithHmacSHA384",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
+ put("Mac.PBEWithHmacSHA512",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
+
put("Mac.SslMacMD5",
"com.sun.crypto.provider.SslMacCore$SslMacMD5");
put("Mac.SslMacSHA1",
@@ -487,6 +711,10 @@ public final class SunJCE extends Provider {
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
diff --git a/src/share/classes/com/sun/java/util/jar/pack/Constants.java b/src/share/classes/com/sun/java/util/jar/pack/Constants.java
index c4c3a8f3abb0f701dfaa344c01bd90c8475fdc21..b5c1d124ef6321cf8567268916faac001039f76a 100644
--- a/src/share/classes/com/sun/java/util/jar/pack/Constants.java
+++ b/src/share/classes/com/sun/java/util/jar/pack/Constants.java
@@ -59,6 +59,9 @@ class Constants {
public final static Package.Version JAVA7_MAX_CLASS_VERSION =
Package.Version.of(51, 00);
+ public final static Package.Version JAVA8_MAX_CLASS_VERSION =
+ Package.Version.of(52, 00);
+
public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
public final static Package.Version JAVA5_PACKAGE_VERSION =
@@ -72,7 +75,7 @@ class Constants {
// upper limit, should point to the latest class version
public final static Package.Version JAVA_MAX_CLASS_VERSION =
- JAVA7_MAX_CLASS_VERSION;
+ JAVA8_MAX_CLASS_VERSION;
// upper limit should point to the latest package version, for version info!.
public final static Package.Version MAX_PACKAGE_VERSION =
diff --git a/src/share/classes/com/sun/naming/internal/ResourceManager.java b/src/share/classes/com/sun/naming/internal/ResourceManager.java
index de0c1108304526173076181779db48f73c15183a..7443fbcf71a6ae507ccf719ef9f4b18ac1700e3f 100644
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java
+++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java
@@ -542,14 +542,26 @@ public final class ResourceManager {
try {
NamingEnumeration resources =
helper.getResources(cl, APP_RESOURCE_FILE_NAME);
- while (resources.hasMore()) {
- Properties props = new Properties();
- props.load(resources.next());
-
- if (result == null) {
- result = props;
- } else {
- mergeTables(result, props);
+ try {
+ while (resources.hasMore()) {
+ Properties props = new Properties();
+ InputStream istream = resources.next();
+ try {
+ props.load(istream);
+ } finally {
+ istream.close();
+ }
+
+ if (result == null) {
+ result = props;
+ } else {
+ mergeTables(result, props);
+ }
+ }
+ } finally {
+ while (resources.hasMore()) {
+ InputStream istream = (InputStream)resources.next();
+ istream.close();
}
}
@@ -557,13 +569,17 @@ public final class ResourceManager {
InputStream istream =
helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
if (istream != null) {
- Properties props = new Properties();
- props.load(istream);
-
- if (result == null) {
- result = props;
- } else {
- mergeTables(result, props);
+ try {
+ Properties props = new Properties();
+ props.load(istream);
+
+ if (result == null) {
+ result = props;
+ } else {
+ mergeTables(result, props);
+ }
+ } finally {
+ istream.close();
}
}
diff --git a/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java b/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java
new file mode 100644
index 0000000000000000000000000000000000000000..8f09482a7d0521c01b5d6d12dfadfac670e2dd88
--- /dev/null
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSCredential interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
+ * @since 1.8
+ */
+public interface ExtendedGSSCredential extends GSSCredential {
+ /**
+ * Impersonates a principal. In Kerberos, this can be implemented
+ * using the Microsoft S4U2self extension.
+ *
+ * A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
+ * impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
+ * will be thrown if the impersonation method is not available to this
+ * credential object.
+ * @param name the name of the principal to impersonate
+ * @return a credential for that principal
+ * @throws GSSException containing the following
+ * major error codes:
+ * {@link GSSException#NO_CRED GSSException.NO_CRED}
+ * {@link GSSException#FAILURE GSSException.FAILURE}
+ */
+ public GSSCredential impersonate(GSSName name) throws GSSException;
+}
diff --git a/src/share/classes/java/lang/Character.java b/src/share/classes/java/lang/Character.java
index 5d957a97ce23dfab38084595bcc08139086f2f95..53bb738ea02fe76aa933bdc15dd91a86afed3d36 100644
--- a/src/share/classes/java/lang/Character.java
+++ b/src/share/classes/java/lang/Character.java
@@ -40,7 +40,7 @@ import java.util.Locale;
* a character's category (lowercase letter, digit, etc.) and for converting
* characters from uppercase to lowercase and vice versa.
*
- * Character information is based on the Unicode Standard, version 6.1.0.
+ * Character information is based on the Unicode Standard, version 6.2.0.
*
* The methods and data of class {@code Character} are defined by
* the information in the UnicodeData file that is part of the
@@ -3758,8 +3758,7 @@ class Character implements java.io.Serializable, Comparable {
0x0640, // 0640..0640; COMMON
0x0641, // 0641..064A; ARABIC
0x064B, // 064B..0655; INHERITED
- 0x0656, // 0656..065E; ARABIC
- 0x065F, // 065F..065F; INHERITED
+ 0x0656, // 0656..065F; ARABIC
0x0660, // 0660..0669; COMMON
0x066A, // 066A..066F; ARABIC
0x0670, // 0670..0670; INHERITED
@@ -4081,7 +4080,6 @@ class Character implements java.io.Serializable, Comparable {
ARABIC,
INHERITED,
ARABIC,
- INHERITED,
COMMON,
ARABIC,
INHERITED,
diff --git a/src/share/classes/java/lang/Math.java b/src/share/classes/java/lang/Math.java
index 7f4ab4fcaf4b2b1cb281e32e35ee17bd7418f10b..b8cef07b131cf53bb4c5ed36e56237ced6ee6abf 100644
--- a/src/share/classes/java/lang/Math.java
+++ b/src/share/classes/java/lang/Math.java
@@ -742,6 +742,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int addExact(int x, int y) {
int r = x + y;
@@ -760,6 +761,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long addExact(long x, long y) {
long r = x + y;
@@ -778,6 +780,7 @@ public final class Math {
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int subtractExact(int x, int y) {
int r = x - y;
@@ -797,6 +800,7 @@ public final class Math {
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long subtractExact(long x, long y) {
long r = x - y;
@@ -816,6 +820,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int multiplyExact(int x, int y) {
long r = (long)x * (long)y;
@@ -833,6 +838,7 @@ public final class Math {
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long multiplyExact(long x, long y) {
long r = x * y;
@@ -857,6 +863,7 @@ public final class Math {
* @param value the long value
* @return the argument as an int
* @throws ArithmeticException if the {@code argument} overflows an int
+ * @since 1.8
*/
public static int toIntExact(long value) {
if ((int)value != value) {
@@ -865,6 +872,159 @@ public final class Math {
return (int)value;
}
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Integer.MIN_VALUE}.
+ *
+ * Normal integer division operates under the round to zero rounding mode
+ * (truncation). This operation instead acts under the round toward
+ * negative infinity (floor) rounding mode.
+ * The floor rounding mode gives different results than truncation
+ * when the exact result is negative.
+ *
+ *
If the signs of the arguments are the same, the results of
+ * {@code floorDiv} and the {@code /} operator are the same.
+ * For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.
+ *
If the signs of the arguments are different, the quotient is negative and
+ * {@code floorDiv} returns the integer less than or equal to the quotient
+ * and the {@code /} operator returns the integer closest to zero.
+ * For example, {@code floorDiv(-4, 3) == -2},
+ * whereas {@code (-4 / 3) == -1}.
+ *
+ *
+ *
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorMod(int, int)
+ * @see #floor(double)
+ * @since 1.8
+ */
+ public static int floorDiv(int x, int y) {
+ int r = x / y;
+ // if the signs are different and modulo not zero, round down
+ if ((x ^ y) < 0 && (r * y != x)) {
+ r--;
+ }
+ return r;
+ }
+
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Long.MIN_VALUE}.
+ *
+ * Normal integer division operates under the round to zero rounding mode
+ * (truncation). This operation instead acts under the round toward
+ * negative infinity (floor) rounding mode.
+ * The floor rounding mode gives different results than truncation
+ * when the exact result is negative.
+ *
+ * For examples, see {@link #floorDiv(int, int)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorMod(long, long)
+ * @see #floor(double)
+ * @since 1.8
+ */
+ public static long floorDiv(long x, long y) {
+ long r = x / y;
+ // if the signs are different and modulo not zero, round down
+ if ((x ^ y) < 0 && (r * y != x)) {
+ r--;
+ }
+ return r;
+ }
+
+ /**
+ * Returns the floor modulus of the {@code int} arguments.
+ *
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ *
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ *
+ * The difference in values between {@code floorMod} and
+ * the {@code %} operator is due to the difference between
+ * {@code floorDiv} that returns the integer less than or equal to the quotient
+ * and the {@code /} operator that returns the integer closest to zero.
+ *
+ * Examples:
+ *
+ *
If the signs of the arguments are the same, the results
+ * of {@code floorMod} and the {@code %} operator are the same.
+ *
+ * If the signs of arguments are unknown and a positive modulus
+ * is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorDiv(int, int)
+ * @since 1.8
+ */
+ public static int floorMod(int x, int y) {
+ int r = x - floorDiv(x, y) * y;
+ return r;
+ }
+
+ /**
+ * Returns the floor modulus of the {@code long} arguments.
+ *
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ *
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ *
+ * For examples, see {@link #floorMod(int, int)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorDiv(long, long)
+ * @since 1.8
+ */
+ public static long floorMod(long x, long y) {
+ return x - floorDiv(x, y) * y;
+ }
+
/**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.
diff --git a/src/share/classes/java/lang/StrictMath.java b/src/share/classes/java/lang/StrictMath.java
index f5a96b249b271ee16e1fa31bbcaf284f898cd77a..e59c8d0778130185d6c0e27c6d7ca32ff53df896 100644
--- a/src/share/classes/java/lang/StrictMath.java
+++ b/src/share/classes/java/lang/StrictMath.java
@@ -365,7 +365,7 @@ public final class StrictMath {
* @param a the value to be floored or ceiled
* @param negativeBoundary result for values in (-1, 0)
* @param positiveBoundary result for values in (0, 1)
- * @param sign the sign of the result
+ * @param increment value to add when the argument is non-integral
*/
private static double floorOrCeil(double a,
double negativeBoundary,
@@ -702,7 +702,7 @@ public final class StrictMath {
*
This method is properly synchronized to allow correct use by
* more than one thread. However, if many threads need to generate
* pseudorandom numbers at a great rate, it may reduce contention
- * for each thread to have its own pseudorandom number generator.
+ * for each thread to have its own pseudorandom-number generator.
*
* @return a pseudorandom {@code double} greater than or equal
* to {@code 0.0} and less than {@code 1.0}.
@@ -745,7 +745,7 @@ public final class StrictMath {
}
/**
- * Return the difference of the arguments,
+ * Returns the difference of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@@ -760,7 +760,7 @@ public final class StrictMath {
}
/**
- * Return the difference of the arguments,
+ * Returns the difference of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@@ -775,7 +775,7 @@ public final class StrictMath {
}
/**
- * Return the product of the arguments,
+ * Returns the product of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@@ -790,7 +790,7 @@ public final class StrictMath {
}
/**
- * Return the product of the arguments,
+ * Returns the product of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@@ -805,7 +805,7 @@ public final class StrictMath {
}
/**
- * Return the value of the {@code long} argument;
+ * Returns the value of the {@code long} argument;
* throwing an exception if the value overflows an {@code int}.
*
* @param value the long value
@@ -818,6 +818,107 @@ public final class StrictMath {
return Math.toIntExact(value);
}
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Integer.MIN_VALUE}.
+ *
+ * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+ * a comparison to the integer division {@code /} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorDiv(int, int)
+ * @see Math#floor(double)
+ * @since 1.8
+ */
+ public static int floorDiv(int x, int y) {
+ return Math.floorDiv(x, y);
+ }
+
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Long.MIN_VALUE}.
+ *
+ * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+ * a comparison to the integer division {@code /} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorDiv(long, long)
+ * @see Math#floor(double)
+ * @since 1.8
+ */
+ public static long floorDiv(long x, long y) {
+ return Math.floorDiv(x, y);
+ }
+
+ /**
+ * Returns the floor modulus of the {@code int} arguments.
+ *
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ *
+ * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+ * a comparison to the {@code %} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorMod(int, int)
+ * @see StrictMath#floorDiv(int, int)
+ * @since 1.8
+ */
+ public static int floorMod(int x, int y) {
+ return Math.floorMod(x , y);
+ }
+ /**
+ * Returns the floor modulus of the {@code long} arguments.
+ *
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ *
+ * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+ * a comparison to the {@code %} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorMod(long, long)
+ * @see StrictMath#floorDiv(long, long)
+ * @since 1.8
+ */
+ public static long floorMod(long x, long y) {
+ return Math.floorMod(x, y);
+ }
+
/**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.
@@ -1543,7 +1644,7 @@ public final class StrictMath {
}
/**
- * Return {@code d} ×
+ * Returns {@code d} ×
* 2{@code scaleFactor} rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the double value set. See the Java
@@ -1577,7 +1678,7 @@ public final class StrictMath {
}
/**
- * Return {@code f} ×
+ * Returns {@code f} ×
* 2{@code scaleFactor} rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the float value set. See the Java
diff --git a/src/share/classes/java/lang/annotation/ElementType.java b/src/share/classes/java/lang/annotation/ElementType.java
index 917054991ddd5cf4d04fe8bb2f25e88a80eaa5c0..a1125ffe117c89fba93b3e2cc6e37e4f83e15316 100644
--- a/src/share/classes/java/lang/annotation/ElementType.java
+++ b/src/share/classes/java/lang/annotation/ElementType.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@ public enum ElementType {
/** Method declaration */
METHOD,
- /** Parameter declaration */
+ /** Formal parameter declaration */
PARAMETER,
/** Constructor declaration */
@@ -59,5 +59,19 @@ public enum ElementType {
ANNOTATION_TYPE,
/** Package declaration */
- PACKAGE
+ PACKAGE,
+
+ /**
+ * Type parameter declaration
+ *
+ * @since 1.8
+ */
+ TYPE_PARAMETER,
+
+ /**
+ * Use of a type
+ *
+ * @since 1.8
+ */
+ TYPE_USE
}
diff --git a/src/share/classes/java/security/cert/CertPathBuilder.java b/src/share/classes/java/security/cert/CertPathBuilder.java
index 096627d6188de8dfce481aa5c65adf0a17fda490..3d122218c6ebd93729e083c9331680c6885717ec 100644
--- a/src/share/classes/java/security/cert/CertPathBuilder.java
+++ b/src/share/classes/java/security/cert/CertPathBuilder.java
@@ -315,12 +315,14 @@ public class CertPathBuilder {
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathBuilderSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
- * type {@code PKIXRevocationChecker}.
+ * type {@code PKIXRevocationChecker}. Each invocation of this method
+ * returns a new instance of {@code CertPathChecker}.
*
*
The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
+ * @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8
diff --git a/src/share/classes/java/security/cert/CertPathValidator.java b/src/share/classes/java/security/cert/CertPathValidator.java
index 9d912acdabd54ef9d3fc8a1962c31a96ff13c096..67204820bb8937dd04603f13adf92008400218ee 100644
--- a/src/share/classes/java/security/cert/CertPathValidator.java
+++ b/src/share/classes/java/security/cert/CertPathValidator.java
@@ -327,12 +327,14 @@ public class CertPathValidator {
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathValidatorSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
- * type {@code PKIXRevocationChecker}.
+ * type {@code PKIXRevocationChecker}. Each invocation of this method
+ * returns a new instance of {@code CertPathChecker}.
*
*
The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
+ * @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8
diff --git a/src/share/classes/java/security/cert/PKIXRevocationChecker.java b/src/share/classes/java/security/cert/PKIXRevocationChecker.java
index ba85686c5db35776954eb637471f44183d11af31..2446c821df660061a55445ae412fc1cbf0f1631c 100644
--- a/src/share/classes/java/security/cert/PKIXRevocationChecker.java
+++ b/src/share/classes/java/security/cert/PKIXRevocationChecker.java
@@ -63,8 +63,8 @@ import java.util.Set;
* and then the {@code PKIXParameters} is passed along with the {@code CertPath}
* to be validated to the {@link CertPathValidator#validate validate} method
* of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
- * this manner, do not enable the default revocation checking mechanism (by
- * calling {@link PKIXParameters#setRevocationEnabled}.
+ * this manner, it will be used to check revocation irrespective of the setting
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
*
*
Note that when a {@code PKIXRevocationChecker} is added to
* {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@@ -88,7 +88,7 @@ public abstract class PKIXRevocationChecker extends PKIXCertPathChecker {
private URI ocspResponder;
private X509Certificate ocspResponderCert;
private List ocspExtensions = Collections.emptyList();
- private Map ocspStapled = Collections.emptyMap();
+ private Map ocspResponses = Collections.emptyMap();
private Set