Merge

.hgtags

@@ -42,3 +42,4 @@ a50217eb3ee10b9f9547e0708e5c9625405083ef jdk7-b64
 382a27aa78d3236fa123c60577797a887fe93e09 jdk7-b65
 bd31b30a5b21f20e42965b1633f18a5c7946d398 jdk7-b66
 a952aafd5181af953b0ef3010dbd2fcc28460e8a jdk7-b67
+b23d905cb5d3b382295240d28ab0bfb266b4503c jdk7-b68

THIRD_PARTY_README

@@ -32,7 +32,7 @@ USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 --- end of LICENSE file ---
 %% This notice is provided with respect to ASM, which may be included with this software: 
-Copyright (c) 2000-2005 INRIA, France Telecom
+Copyright (c) 2000-2007 INRIA, France Telecom
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

make/com/sun/crypto/provider/Makefile

 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -45,54 +45,49 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces.  We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development.  The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
-#
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing.  Developers working on JCE in JDK
+# must sign the JCE files before testing.  The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
+# 
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and then the resulting jar files MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries.  The "release" target should be
+# be built and signed, and the resulting jar files MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries.  The "release" target should be
 # used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
-#				    If OpenJDK, installs sunjce_provider.jar.
-#				    If JDK, installs prebuilt
-#				    sunjce_provider.jar.
+#     all/clobber/clean        The usual.
+#                                  If OpenJDK, installs sunjce_provider.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunjce_provider.jar.
 #
-#     jar			Builds/installs sunjce_provider.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunjce_provider.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunjce_provider.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunjce_provider.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunjce_provider.jar (no install)
-#
-#     obfus			Builds/obfuscates/signs sunjce_provider.jar
+#     sign                     Alias for sign-jar
+#         sign-jar             Builds/signs sunjce_provider.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -103,7 +98,7 @@ PRODUCT = sun
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -158,8 +153,8 @@ endif # OPENJDK
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area.  When files are signed in JDK, they will be
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -223,62 +218,15 @@ $(SIGNED_DIR)/sunjce_provider.jar:
 endif
 	$(call sign-file, $(UNSIGNED_DIR)/sunjce_provider.jar)
 
-# =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
-#
-
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/sunjce
-
-CLOSED_DIR = $(BUILDDIR)/closed/com/sun/crypto/provider
-
-obfus: $(OBFUS_DIR)/sunjce_provider.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/sunjce_provider.jar: build-jar $(JCE_MANIFEST_FILE) \
-	    $(OBFUS_DIR)/sunjce.dox
-else
-$(OBFUS_DIR)/sunjce_provider.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/sunjce.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating SunJCE Provider..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv sunjce.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \
-	    -C $(OBFUS_DIR)/build com \
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/sunjce.dox: $(CLOSED_DIR)/obfus/sunjce.dox
-	@$(ECHO) ">>>Creating sunjce.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
 
 # =====================================================
-# Create the Release Engineering files.  Obfuscated builds, etc.
+# Create the Release Engineering files.  Signed builds, etc.
 #
 
-release: $(OBFUS_DIR)/sunjce_provider.jar
+release: $(SIGNED_DIR)/sunjce_provider.jar
 	$(RM) $(JCE_BUILD_DIR)/release/sunjce_provider.jar
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release
-	$(CP) $(OBFUS_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
 	$(release-warning)
 
 endif # OPENJDK
@@ -320,5 +268,5 @@ clobber clean::
 
 .PHONY: build-jar jar install-jar
 ifndef OPENJDK
-.PHONY: sign sign-jar obfus release install-prebuilt
+.PHONY: sign sign-jar release install-prebuilt
 endif

make/java/java/FILES_java.gmk

@@ -77,6 +77,7 @@ JAVA_JAVA_java = \
     java/lang/Compiler.java \
     java/lang/Throwable.java \
         java/lang/Exception.java \
+	    java/lang/ReflectiveOperationException.java \
 	    java/lang/IllegalAccessException.java \
 	    java/lang/InstantiationException.java \
 	    java/lang/ClassNotFoundException.java \

make/javax/crypto/Defs-jce.gmk

 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,7 @@ SIGNING_PASSPHRASE = $(SIGNING_KEY_DIR)/passphrase.txt
 SIGNING_ALIAS      = jce_rsa
 
 #
-# Defines for signing/obfuscating the various jar files.
+# Defines for signing the various jar files.
 #
 
 define presign
@@ -100,19 +100,4 @@ define sign-file
 	$(sign-target)
 endef
 
-#
-# Location for the Obfuscation product.  JDK currently has
-# the requirement that we obfuscate our JCE jars.
-#
-OBFUSCATOR = /security/tools/bin/obfus
-OBFUS_DIR = $(TEMPDIR)/obfus
-
-define preobfus
-    @if [ ! -f $(OBFUSCATOR) ]; then \
-	$(ECHO) "\n$(OBFUSCATOR): Obfuscator *NOT* available..." \
-	    $(README-MAKEFILE_WARNING); \
-	exit 2; \
-    fi
-endef
-
 endif  # !OPENJDK

make/javax/crypto/Makefile

 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,64 +44,65 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces.  We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development.  The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing.  Developers working on JCE in JDK
+# must sign the JCE files before testing.  The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
 #
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and the resulting jar files *MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries.  The "release" target should
-# be used to generate the required files.
+# be built and signed, and the resulting jar files *MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries.  The "release" target should be
+# used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
-#				    If OpenJDK, installs
-#					jce.jar/limited policy files.
-#				    If JDK, installs prebuilt
-#					jce.jar/limited policy files.
-#
-#     jar			Builds/installs jce.jar
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#     all/clobber/clean        The usual.
+#                                  If OpenJDK: builds/installs the
+#                                      jce.jar/limited policy files.
+#                                  If JDK: builds but does not install.
+#                                     During full tops-down builds,
+#                                     prebuilt/presigned jce.jar &
+#                                     limited policy files are copied
+#                                     in by make/java/redist/Makefile.
+#                                     If you are working in this directory
+#                                     and want to install the prebuilts,
+#                                     use the "install-prebuilt" target.
+#
+#     jar                      Builds/installs jce.jar
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds jce.jar (does not sign/install)
+#     build-jar                Builds jce.jar (does not sign/install)
 #
-#     build-policy		Builds policy files (does not sign/install)
+#     build-policy             Builds policy files (does not sign/install)
 #
-#     install-jar		Alias for "jar" above
+#     install-jar              Alias for "jar" above
 #
-#     install-limited		Builds/installs limited policy files
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
-#     install-unlimited		Builds/nstalls unlimited policy files
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#     install-limited          Builds/installs limited policy files
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
+#     install-unlimited        Builds/nstalls unlimited policy files
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar and sign-policy
-#	  sign-jar		Builds/signs jce.jar file (no install)
-#	  sign-policy		Builds/signs policy files (no install)
-#
-#     obfus			Builds/obfuscates/signs jce.jar
+#     sign                     Alias for sign-jar and sign-policy
+#          sign-jar            Builds/signs jce.jar file (no install)
+#          sign-policy         Builds/signs policy files (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -112,7 +113,7 @@ PRODUCT = sun
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -169,8 +170,8 @@ endif # OPENJDK
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area.  When files are signed in JDK, they will be
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -178,7 +179,7 @@ include Defs-jce.gmk
 
 
 # =====================================================
-# Build the unsigned jce.jar file.  Signing/obfuscation comes later.
+# Build the unsigned jce.jar file.  Signing comes later.
 #
 
 JAR_DESTFILE = $(LIBDIR)/jce.jar
@@ -363,69 +364,13 @@ $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar:		\
 
 
 # =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
+# Create the Release Engineering files.  Signed builds,
+# unlimited policy file distribution, etc.
 #
 
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/jce
-
 CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
 
-obfus: $(OBFUS_DIR)/jce.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-else
-#
-# We have to remove the build dependency, otherwise, we'll try to rebuild it
-# which we can't do on a read-only filesystem.
-#
-$(OBFUS_DIR)/jce.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating JCE framework..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv framework.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	@#
-	@# The sun.security.internal classes are currently not obfuscated
-	@# due to an obfus problem. Manually copy them to the build directory
-	@# so that they are included in the jce.jar file.
-	@#
-	$(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@	\
-	    -C $(OBFUS_DIR)/build javax			\
-	    -C $(OBFUS_DIR)/build sun			\
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/framework.dox: $(CLOSED_DIR)/obfus/framework.dox
-	@$(ECHO) ">>>Creating framework.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files.  Obfuscated builds,
-# unlimited policy file distribution, etc.
-#
-
-release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
+release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
          $(CLOSED_DIR)/doc/README.txt
 	$(RM) -r \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy              \
@@ -434,7 +379,7 @@ release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
 	    $(JCE_BUILD_DIR)/release/local_policy.jar                \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
-	$(CP) $(OBFUS_DIR)/jce.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release
 	$(CP) \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar   \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar       \
@@ -530,5 +475,5 @@ clobber clean::
 .PHONY: build-jar jar build-policy unlimited limited install-jar \
 	install-limited install-unlimited
 ifndef OPENJDK
-.PHONY: sign sign-jar sign-policy obfus release install-prebuilt
+.PHONY: sign sign-jar sign-policy release install-prebuilt
 endif

make/sun/net/FILES_java.gmk

@@ -41,6 +41,7 @@ FILES_java = \
 	sun/net/NetProperties.java \
 	sun/net/NetHooks.java \
 	sun/net/util/IPAddressUtil.java \
+	sun/net/util/URLUtil.java \
 	sun/net/dns/ResolverConfiguration.java \
 	sun/net/dns/ResolverConfigurationImpl.java \
 	sun/net/ftp/FtpClient.java \

make/sun/security/Makefile

 #
-# Copyright 1996-2007 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 1996-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -60,7 +60,7 @@ ifeq ($(PLATFORM), windows)
   endif
 endif
 
-SUBDIRS = other action util tools jgss krb5 smartcardio $(PKCS11) \
+SUBDIRS = ec other action util tools jgss krb5 smartcardio $(PKCS11) \
           $(JGSS_WRAPPER) $(MSCAPI)
 
 all build clean clobber::

make/sun/security/ec/FILES_c.gmk

+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Sun designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Sun in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+FILES_c = \
+	ec.c \
+	ec2_163.c \
+	ec2_193.c \
+	ec2_233.c \
+	ec2_aff.c \
+	ec2_mont.c \
+	ecdecode.c \
+	ecl.c \
+	ecl_curve.c \
+	ecl_gf.c \
+	ecl_mult.c \
+	ec_naf.c \
+	ecp_192.c \
+	ecp_224.c \
+	ecp_256.c \
+	ecp_384.c \
+	ecp_521.c \
+	ecp_aff.c \
+	ecp_jac.c \
+	ecp_jm.c \
+	ecp_mont.c \
+	mp_gf2m.c \
+	mpi.c \
+	mplogic.c \
+	mpmontg.c \
+	oid.c \
+	secitem.c
+

make/sun/security/ec/Makefile

+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Sun designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Sun in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+#
+# Makefile for building sunec.jar and sunecc native library.
+#
+# This file was derived from make/com/sun/crypto/provider/Makefile.
+#
+
+#
+# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Sun JDK builds
+# respectively.)
+#
+# JCE builds are very different between OpenJDK and JDK.  The OpenJDK JCE
+# jar files do not require signing, but those for JDK do.  If an unsigned
+# jar file is installed into JDK, things will break when the crypto
+# routines are called.
+#
+# This Makefile does the "real" build of the JCE files.  For OpenJDK,
+# the jar files built here are installed directly into the OpenJDK.
+#
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing.  Developers working on JCE in JDK
+# must sign the JCE files before testing.  The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
+#
+# SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
+# be built, signed, and then the resulting jar files MUST BE CHECKED
+# INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT
+# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries.  The "release" target should be
+# used to generate the required files.
+#
+# There are a number of targets to help both JDK/OpenJDK developers.
+#
+# Main Targets (JDK/OPENJDK):
+#
+#     all/clobber/clean		The usual, plus the native libraries.
+#				    If OpenJDK, installs sunec.jar.
+#				    If JDK, installs prebuilt
+#				    sunec.jar.
+#
+#     jar			Builds/installs sunec.jar
+#				    If OpenJDK, does not sign.
+#				    If JDK, tries to sign.
+#
+# Other lesser-used Targets (JDK/OPENJDK):
+#
+#     build-jar			Builds sunec.jar
+#				    (does not sign/install)
+#
+#     install-jar		Alias for "jar" above.
+#
+# Other targets (JDK only):
+#
+#     sign			Alias for sign-jar
+#	  sign-jar		Builds/signs sunec.jar (no install)
+#
+#     release			Builds all targets in preparation
+#				for workspace integration.
+#
+#     install-prebuilt		Installs the pre-built jar files
+#
+# This makefile was written to support parallel target execution.
+#
+
+BUILDDIR = ../../..
+PACKAGE = sun.security.ec
+PRODUCT = sun
+
+#
+# The following is for when we need to do postprocessing
+# (signing) against a read-only build.  If the OUTPUTDIR
+# isn't writable, the build currently crashes out.
+#
+ifndef OPENJDK
+  ifdef ALT_JCE_BUILD_DIR
+    # =====================================================
+    # Where to place the output, in case we're building from a read-only
+    # build area.  (e.g. a release engineering build.)
+    JCE_BUILD_DIR=${ALT_JCE_BUILD_DIR}
+    IGNORE_WRITABLE_OUTPUTDIR_TEST=true
+  else
+    JCE_BUILD_DIR=${TEMPDIR}
+  endif
+endif
+
+include $(BUILDDIR)/common/Defs.gmk
+
+#
+# Location for the newly built classfiles.
+#
+CLASSDESTDIR = $(TEMPDIR)/classes
+
+#
+# Java files
+#
+AUTO_FILES_JAVA_DIRS = $(PKGDIR)
+
+include $(BUILDDIR)/common/Classes.gmk
+
+#
+# Some licensees do not get the native ECC sources, but we still need to
+# be able to build "all" for them.  Check here to see if the sources are
+# available.  If not, then skip them.
+#
+
+NATIVE_ECC_AVAILABLE := $(shell \
+    if [ -d $(SHARE_SRC)/native/$(PKGDIR) ] ; then \
+	$(ECHO) true; \
+    else \
+	$(ECHO) false; \
+    fi)
+
+ifeq ($(NATIVE_ECC_AVAILABLE), true)
+
+  LIBRARY = sunecc
+
+  #
+  # Java files that define native methods
+  #
+  FILES_export = \
+      $(PKGDIR)/ECDHKeyAgreement.java \
+      $(PKGDIR)/ECDSASignature.java \
+      $(PKGDIR)/ECKeyPairGenerator.java
+
+  JAVAHFLAGS += -classpath $(CLASSDESTDIR)
+
+  #
+  # C and C++ files
+  #
+  include FILES_c.gmk
+
+  FILES_cpp = ECC_JNI.cpp
+
+  CPLUSPLUSLIBRARY=true
+
+  FILES_m = mapfile-vers
+
+  #
+  # Find native code
+  #
+  vpath %.cpp $(SHARE_SRC)/native/$(PKGDIR)
+
+  vpath %.c $(SHARE_SRC)/native/$(PKGDIR)
+
+  #
+  # Find include files
+  #
+  OTHER_INCLUDES += -I$(SHARE_SRC)/native/$(PKGDIR)
+
+  #
+  # Compiler flags
+  #
+  OTHER_CFLAGS += -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B
+
+  #
+  # Libraries to link
+  #
+  ifeq ($(PLATFORM), windows)
+    OTHER_LDLIBS += $(JVMLIB)
+  else
+    OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX)
+  endif
+
+  include $(BUILDDIR)/common/Mapfile-vers.gmk
+
+  include $(BUILDDIR)/common/Library.gmk
+
+endif # NATIVE_ECC_AVAILABLE
+
+#
+# We use a variety of subdirectories in the $(TEMPDIR) depending on what
+# part of the build we're doing.  Both OPENJDK/JDK builds are initially
+# done in the unsigned area.  When files are signed in JDK,
+# they will be placed in the appropriate area.
+#
+UNSIGNED_DIR = $(TEMPDIR)/unsigned
+
+include $(BUILDDIR)/javax/crypto/Defs-jce.gmk
+
+#
+# Rules
+#
+
+ifdef OPENJDK
+all: build-jar install-jar
+else
+all: build-jar install-prebuilt
+	$(build-warning)
+endif
+
+
+# =====================================================
+# Build the unsigned sunec.jar file.
+#
+
+JAR_DESTFILE = $(EXTDIR)/sunec.jar
+
+#
+# Since the -C option to jar is used below, each directory entry must be
+# preceded with the appropriate directory to "cd" into.
+#
+JAR_DIRS = $(patsubst %, -C $(CLASSDESTDIR) %, $(AUTO_FILES_JAVA_DIRS))
+
+build-jar: $(UNSIGNED_DIR)/sunec.jar
+
+#
+# Build sunec.jar.
+#
+$(UNSIGNED_DIR)/sunec.jar: build
+	$(prep-target)
+	$(BOOT_JAR_CMD) cf $@ $(JAR_DIRS) \
+	    $(BOOT_JAR_JFLAGS)
+	@$(java-vm-cleanup)
+
+
+ifndef OPENJDK
+# =====================================================
+# Sign the provider jar file.  Not needed for OpenJDK.
+#
+
+SIGNED_DIR = $(JCE_BUILD_DIR)/signed
+
+sign: sign-jar
+
+sign-jar: $(SIGNED_DIR)/sunec.jar
+
+ifndef ALT_JCE_BUILD_DIR
+$(SIGNED_DIR)/sunec.jar: $(UNSIGNED_DIR)/sunec.jar
+else
+#
+# We have to remove the build dependency, otherwise, we'll try to rebuild it
+# which we can't do on a read-only filesystem.
+#
+$(SIGNED_DIR)/sunec.jar:
+	@if [ ! -r $(UNSIGNED_DIR)/sunec.jar ] ; then \
+	    $(ECHO) "Couldn't find $(UNSIGNED_DIR)/sunec.jar"; \
+	    exit 1; \
+	fi
+endif
+	$(call sign-file, $(UNSIGNED_DIR)/sunec.jar)
+
+
+# =====================================================
+# Create the Release Engineering files.  Signed builds, etc.
+#
+
+release: $(SIGNED_DIR)/sunec.jar
+	$(RM) $(JCE_BUILD_DIR)/release/sunec.jar
+	$(MKDIR) -p $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/sunec.jar $(JCE_BUILD_DIR)/release
+	$(release-warning)
+
+endif # OPENJDK
+
+
+# =====================================================
+# Install routines.
+#
+
+#
+# Install sunec.jar, depending on which type is requested.
+#
+install-jar jar: $(JAR_DESTFILE)
+ifndef OPENJDK
+	$(release-warning)
+endif
+
+ifdef OPENJDK
+$(JAR_DESTFILE): $(UNSIGNED_DIR)/sunec.jar
+else
+$(JAR_DESTFILE): $(SIGNED_DIR)/sunec.jar
+endif
+	$(install-file)
+
+ifndef OPENJDK
+install-prebuilt:
+	@$(ECHO) "\n>>>Installing prebuilt SunEC provider..."
+	$(RM) $(JAR_DESTFILE)
+	$(CP) $(PREBUILT_DIR)/ec/sunec.jar $(JAR_DESTFILE)
+endif
+
+
+# =====================================================
+# Support routines.
+#
+
+clobber clean::
+	$(RM) -r $(JAR_DESTFILE) $(TEMPDIR) $(JCE_BUILD_DIR)
+
+.PHONY: build-jar jar install-jar
+ifndef OPENJDK
+.PHONY: sign sign-jar release install-prebuilt
+endif

make/sun/security/ec/mapfile-vers

+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Sun designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Sun in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# Define public interface.
+
+SUNWprivate_1.1 {
+        global:
+                Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair;
+                Java_sun_security_ec_ECKeyPairGenerator_getEncodedBytes;
+		Java_sun_security_ec_ECDSASignature_signDigest;
+		Java_sun_security_ec_ECDSASignature_verifySignedDigest;
+		Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
+        local:
+                *;
+};

make/sun/security/mscapi/Makefile

 #
-# Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
-#				    If OpenJDK, installs sunmscapi.jar.
-#				    If JDK, installs prebuilt
-#				    sunmscapi.jar.
+#     all/clobber/clean        The usual, plus the native libraries.
+#                                  If OpenJDK, installs sunmscapi.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunmscapi.jar.
 #
-#     jar			Builds/installs sunmscapi.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunmscapi.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunmscapi.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunmscapi.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunmscapi.jar (no install)
+#     sign                     Alias for sign-jar
+#          sign-jar            Builds/signs sunmscapi.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #

make/sun/security/other/Makefile

 #
-# Copyright 1996-2007 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 1996-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,6 @@ include $(BUILDDIR)/common/Defs.gmk
 #
 AUTO_FILES_JAVA_DIRS = \
     sun/security/acl \
-    sun/security/ec \
     sun/security/jca \
     sun/security/pkcs \
     sun/security/pkcs12 \

make/sun/security/pkcs11/Makefile

 #
-# Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
-#				    If OpenJDK, installs sunpkcs11.jar.
-#				    If JDK, installs prebuilt
-#				    sunpkcs11.jar.
+#     all/clobber/clean        The usual, plus the native libraries.
+#                                  If OpenJDK, installs sunpkcs11.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunpkcs11.jar.
 #
-#     jar			Builds/installs sunpkcs11.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunpkcs11.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunpkcs11.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunpkcs11.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunpkcs11.jar (no install)
+#     sign                     Alias for sign-jar
+#          sign-jar            Builds/signs sunpkcs11.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #

src/share/classes/com/sun/crypto/provider/AESCipher.java

 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@ public final class AESCipher extends CipherSpi {
     /**
      * Creates an instance of AES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE);
     }
 

src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java

 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,16 +48,9 @@ public final class AESKeyGenerator extends KeyGeneratorSpi {
     private int keySize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor.
      */
     public AESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/AESWrapCipher.java

 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,12 +65,8 @@ public final class AESWrapCipher extends CipherSpi {
     /**
      * Creates an instance of AES KeyWrap cipher with default
      * mode, i.e. "ECB" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new AESCrypt();
     }
 

src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,6 @@ public final class ARCFOURCipher extends CipherSpi {
 
     // called by the JCE framework
     public ARCFOURCipher() {
-        SunJCE.ensureIntegrity(getClass());
         S = new int[256];
     }
 

src/share/classes/com/sun/crypto/provider/BlowfishCipher.java

 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,12 +60,8 @@ public final class BlowfishCipher extends CipherSpi {
     /**
      * Creates an instance of Blowfish cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public BlowfishCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new BlowfishCrypt(),
                               BlowfishConstants.BLOWFISH_BLOCK_SIZE);
     }

src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java

 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class BlowfishKeyGenerator extends KeyGeneratorSpi {
     private int keysize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public BlowfishKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/DESCipher.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@ public final class DESCipher extends CipherSpi {
     /**
      * Creates an instance of DES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 

src/share/classes/com/sun/crypto/provider/DESKeyFactory.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,17 +42,11 @@ import java.security.spec.InvalidKeySpecException;
 public final class DESKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
+
     /**
      * Generates a <code>SecretKey</code> object from the provided key
      * specification (key material).

src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class DESKeyGenerator extends KeyGeneratorSpi {
     private SecureRandom random = null;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/DESedeCipher.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,8 @@ public final class DESedeCipher extends CipherSpi {
     /**
      * Creates an instance of DESede cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESedeCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESedeCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 

src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,16 +42,9 @@ import java.security.spec.InvalidKeySpecException;
 public final class DESedeKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESedeKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,16 +47,9 @@ public final class DESedeKeyGenerator extends KeyGeneratorSpi {
     private int keysize = 168;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESedeKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java

 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,12 +74,8 @@ public final class DESedeWrapCipher extends CipherSpi {
     /**
      * Creates an instance of CMS DESede KeyWrap cipher with default
      * mode, i.e. "CBC" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity.
      */
     public DESedeWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new CipherBlockChaining(new DESedeCrypt());
     }
 

src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,16 +58,9 @@ extends KeyAgreementSpi {
     private BigInteger y = BigInteger.ZERO;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DHKeyAgreement() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/DHKeyFactory.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@ import javax.crypto.spec.DHParameterSpec;
 public final class DHKeyFactory extends KeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DHKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/HmacCore.java

 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,7 +241,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA256 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA256() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-256", 64);
         }
         private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
@@ -278,7 +277,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA384 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA384() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-384", 128);
         }
         private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
@@ -315,7 +313,6 @@ final class HmacCore implements Cloneable {
     public static final class HmacSHA512 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA512() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-512", 128);
         }
         private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {

src/share/classes/com/sun/crypto/provider/HmacMD5.java

 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@ public final class HmacMD5 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacMD5 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacMD5() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         hmac = new HmacCore(MessageDigest.getInstance("MD5"),
                             MD5_BLOCK_LENGTH);
     }

src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java

 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class HmacMD5KeyGenerator extends KeyGeneratorSpi {
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public HmacMD5KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,13 +48,8 @@ public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
-        SunJCE.ensureIntegrity(this.getClass());
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }

src/share/classes/com/sun/crypto/provider/HmacSHA1.java

 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@ public final class HmacSHA1 extends MacSpi implements Cloneable {
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacSHA1() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }

src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java

 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@ public final class HmacSHA1KeyGenerator extends KeyGeneratorSpi {
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public HmacSHA1KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA256KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA256KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA256", 256);
         }
         protected void engineInit(SecureRandom random) {
@@ -131,7 +130,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA384KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA384KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA384", 384);
         }
         protected void engineInit(SecureRandom random) {
@@ -153,7 +151,6 @@ final class KeyGeneratorCore {
     public static final class HmacSHA512KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA512KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA512", 512);
         }
         protected void engineInit(SecureRandom random) {
@@ -175,7 +172,6 @@ final class KeyGeneratorCore {
     public static final class RC2KeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public RC2KeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("RC2", 128);
         }
         protected void engineInit(SecureRandom random) {
@@ -201,7 +197,6 @@ final class KeyGeneratorCore {
     public static final class ARCFOURKeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public ARCFOURKeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("ARCFOUR", 128);
         }
         protected void engineInit(SecureRandom random) {

src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
     private static HashSet<String> validTypes;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Simple constructor
      */
     private PBEKeyFactory(String keytype) {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         type = keytype;
     }
 

src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,16 +55,9 @@ public final class PBEWithMD5AndDESCipher extends CipherSpi {
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         core = new PBECipherCore("DES");
     }
 

src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java

 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,23 +61,14 @@ public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
      * Creates an instance of this cipher, and initializes its mode (CBC) and
      * padding (PKCS5).
      *
-     * Verify the SunJCE provider in the constructor.
-     *
      * @exception NoSuchAlgorithmException if the required cipher mode (CBC) is
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndTripleDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-
         // set the encapsulated cipher to do triple DES
         core = new PBECipherCore("DESede");
     }

src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,16 +45,9 @@ import javax.crypto.spec.SecretKeySpec;
 public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public PBKDF2HmacSHA1Factory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**

src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -370,7 +370,6 @@ final class PKCS12PBECipherCore {
     public static final class PBEWithSHA1AndDESede extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndDESede() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("DESede", 24);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
@@ -446,7 +445,6 @@ final class PKCS12PBECipherCore {
     public static final class PBEWithSHA1AndRC2_40 extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndRC2_40() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("RC2", 5);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)

src/share/classes/com/sun/crypto/provider/RC2Cipher.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@ public final class RC2Cipher extends CipherSpi {
     private final RC2Crypt embeddedCipher;
 
     public RC2Cipher() {
-        SunJCE.ensureIntegrity(getClass());
         embeddedCipher = new RC2Crypt();
         core = new CipherCore(embeddedCipher, 8);
     }

src/share/classes/com/sun/crypto/provider/RSACipher.java

 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,6 @@ public final class RSACipher extends CipherSpi {
     private String oaepHashAlgorithm = "SHA-1";
 
     public RSACipher() {
-        SunJCE.ensureIntegrity(getClass());
         paddingType = PAD_PKCS1;
     }
 

src/share/classes/com/sun/crypto/provider/SslMacCore.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -226,9 +226,6 @@ final class SslMacCore {
 
         static final byte[] md5Pad1 = genPad((byte)0x36, 48);
         static final byte[] md5Pad2 = genPad((byte)0x5c, 48);
-        static {
-            SunJCE.ensureIntegrity(SslMacMD5.class);
-        }
     }
 
     // nested static class for the SslMacMD5 implementation
@@ -262,9 +259,6 @@ final class SslMacCore {
 
         static final byte[] shaPad1 = genPad((byte)0x36, 40);
         static final byte[] shaPad2 = genPad((byte)0x5c, 40);
-        static {
-            SunJCE.ensureIntegrity(SslMacSHA1.class);
-        }
     }
 
 }

src/share/classes/com/sun/crypto/provider/SunJCE.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -93,10 +93,6 @@ public final class SunJCE extends Provider {
 
     static final SecureRandom RANDOM = new SecureRandom();
 
-    // After the SunJCE passed self-integrity checking,
-    // verifiedSelfIntegrity will be set to true.
-    private static boolean verifiedSelfIntegrity = false;
-
     public SunJCE() {
         /* We are the "SunJCE" provider */
         super("SunJCE", 1.7d, info);
@@ -441,21 +437,4 @@ public final class SunJCE extends Provider {
             }
         });
     }
-
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void ensureIntegrity(Class c) {
-        if (verifySelfIntegrity(c) == false) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-    }
-
-    static final boolean verifySelfIntegrity(Class c) {
-        if (verifiedSelfIntegrity) {
-            return true;
-        }
-        return (integrityVerified = JarVerifier.verify(c));
-    }
 }

src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,6 @@ public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
     private int protocolVersion;
 
     public TlsKeyMaterialGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,6 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
     private int protocolVersion;
 
     public TlsMasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@ public final class TlsPrfGenerator extends KeyGeneratorSpi {
     private TlsPrfParameterSpec spec;
 
     public TlsPrfGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java

 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,6 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
     private SecureRandom random;
 
     public TlsRsaPremasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {

src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReaderSpi.java

@@ -51,7 +51,7 @@ public class BMPImageReaderSpi extends ImageReaderSpi {
               entensions,
               mimeType,
               "com.sun.imageio.plugins.bmp.BMPImageReader",
-              STANDARD_INPUT_TYPE,
+              new Class[] { ImageInputStream.class },
               writerSpiNames,
               false,
               null, null, null, null,

src/share/classes/com/sun/imageio/plugins/bmp/BMPImageWriterSpi.java

@@ -32,6 +32,7 @@ import java.awt.image.SinglePixelPackedSampleModel;
 import javax.imageio.spi.ImageWriterSpi;
 import javax.imageio.spi.ServiceRegistry;
 import javax.imageio.spi.IIORegistry;
+import javax.imageio.stream.ImageOutputStream;
 import javax.imageio.ImageWriter;
 import javax.imageio.ImageTypeSpecifier;
 import javax.imageio.IIOException;
@@ -55,7 +56,7 @@ public class BMPImageWriterSpi extends ImageWriterSpi {
               entensions,
               mimeType,
               "com.sun.imageio.plugins.bmp.BMPImageWriter",
-              STANDARD_OUTPUT_TYPE,
+              new Class[] { ImageOutputStream.class },
               readerSpiNames,
               false,
               null, null, null, null,

src/share/classes/com/sun/imageio/plugins/gif/GIFImageReaderSpi.java

@@ -60,7 +60,7 @@ public class GIFImageReaderSpi extends ImageReaderSpi {
               suffixes,
               MIMETypes,
               readerClassName,
-              STANDARD_INPUT_TYPE,
+              new Class[] { ImageInputStream.class },
               writerSpiNames,
               true,
               GIFStreamMetadata.nativeMetadataFormatName,

src/share/classes/com/sun/imageio/plugins/gif/GIFImageWriterSpi.java

@@ -31,6 +31,7 @@ import java.util.Locale;
 import javax.imageio.ImageTypeSpecifier;
 import javax.imageio.ImageWriter;
 import javax.imageio.spi.ImageWriterSpi;
+import javax.imageio.stream.ImageOutputStream;
 import com.sun.imageio.plugins.common.PaletteBuilder;
 
 public class GIFImageWriterSpi extends ImageWriterSpi {
@@ -59,7 +60,7 @@ public class GIFImageWriterSpi extends ImageWriterSpi {
               suffixes,
               MIMETypes,
               writerClassName,
-              STANDARD_OUTPUT_TYPE,
+              new Class[] { ImageOutputStream.class },
               readerSpiNames,
               true,
               GIFWritableStreamMetadata.NATIVE_FORMAT_NAME,

src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReaderSpi.java

@@ -46,7 +46,7 @@ public class JPEGImageReaderSpi extends ImageReaderSpi {
               JPEG.suffixes,
               JPEG.MIMETypes,
               "com.sun.imageio.plugins.jpeg.JPEGImageReader",
-              STANDARD_INPUT_TYPE,
+              new Class[] { ImageInputStream.class },
               writerSpiNames,
               true,
               JPEG.nativeStreamMetadataFormatName,

src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriterSpi.java

@@ -28,6 +28,7 @@ package com.sun.imageio.plugins.jpeg;
 import javax.imageio.spi.ImageWriterSpi;
 import javax.imageio.spi.ServiceRegistry;
 import javax.imageio.spi.IIORegistry;
+import javax.imageio.stream.ImageOutputStream;
 import javax.imageio.ImageWriter;
 import javax.imageio.ImageTypeSpecifier;
 import javax.imageio.IIOException;
@@ -49,7 +50,7 @@ public class JPEGImageWriterSpi extends ImageWriterSpi {
               JPEG.suffixes,
               JPEG.MIMETypes,
               "com.sun.imageio.plugins.jpeg.JPEGImageWriter",
-              STANDARD_OUTPUT_TYPE,
+              new Class[] { ImageOutputStream.class },
               readerSpiNames,
               true,
               JPEG.nativeStreamMetadataFormatName,

src/share/classes/com/sun/imageio/plugins/png/PNGImageReaderSpi.java

@@ -60,7 +60,7 @@ public class PNGImageReaderSpi extends ImageReaderSpi {
               suffixes,
               MIMETypes,
               readerClassName,
-              STANDARD_INPUT_TYPE,
+              new Class[] { ImageInputStream.class },
               writerSpiNames,
               false,
               null, null,

src/share/classes/com/sun/imageio/plugins/png/PNGImageWriterSpi.java

@@ -34,6 +34,7 @@ import javax.imageio.ImageTypeSpecifier;
 import javax.imageio.metadata.IIOMetadataFormat;
 import javax.imageio.metadata.IIOMetadataFormatImpl;
 import javax.imageio.spi.ImageWriterSpi;
+import javax.imageio.stream.ImageOutputStream;
 
 public class PNGImageWriterSpi extends ImageWriterSpi {
 
@@ -61,7 +62,7 @@ public class PNGImageWriterSpi extends ImageWriterSpi {
                 suffixes,
                 MIMETypes,
                 writerClassName,
-                STANDARD_OUTPUT_TYPE,
+                new Class[] { ImageOutputStream.class },
                 readerSpiNames,
                 false,
                 null, null,

src/share/classes/com/sun/imageio/plugins/wbmp/WBMPImageReaderSpi.java

@@ -55,7 +55,7 @@ public class WBMPImageReaderSpi extends ImageReaderSpi {
               entensions,
               mimeType,
               "com.sun.imageio.plugins.wbmp.WBMPImageReader",
-              STANDARD_INPUT_TYPE,
+              new Class[] { ImageInputStream.class },
               writerSpiNames,
               true,
               null, null, null, null,

src/share/classes/com/sun/imageio/plugins/wbmp/WBMPImageWriterSpi.java

@@ -28,6 +28,7 @@ package com.sun.imageio.plugins.wbmp;
 import javax.imageio.spi.ImageWriterSpi;
 import javax.imageio.spi.ServiceRegistry;
 import javax.imageio.spi.IIORegistry;
+import javax.imageio.stream.ImageOutputStream;
 import javax.imageio.ImageWriter;
 import javax.imageio.ImageTypeSpecifier;
 import javax.imageio.IIOException;
@@ -54,7 +55,7 @@ public class WBMPImageWriterSpi extends ImageWriterSpi {
               entensions,
               mimeType,
               "com.sun.imageio.plugins.wbmp.WBMPImageWriter",
-              STANDARD_OUTPUT_TYPE,
+              new Class[] { ImageOutputStream.class },
               readerSpiNames,
               true,
               null, null, null, null,

src/share/classes/com/sun/imageio/stream/StreamCloser.java

@@ -43,35 +43,35 @@ import javax.imageio.stream.ImageInputStream;
  */
 public class StreamCloser {
 
-    private static WeakHashMap<ImageInputStream, Object> toCloseQueue;
+    private static WeakHashMap<CloseAction, Object> toCloseQueue;
     private static Thread streamCloser;
 
-    public static void addToQueue(ImageInputStream iis) {
+    public static void addToQueue(CloseAction ca) {
         synchronized (StreamCloser.class) {
             if (toCloseQueue == null) {
                 toCloseQueue =
-                    new WeakHashMap<ImageInputStream, Object>();
+                    new WeakHashMap<CloseAction, Object>();
             }
 
-            toCloseQueue.put(iis, null);
+            toCloseQueue.put(ca, null);
 
             if (streamCloser == null) {
                 final Runnable streamCloserRunnable = new Runnable() {
                     public void run() {
                         if (toCloseQueue != null) {
                             synchronized (StreamCloser.class) {
-                                Set<ImageInputStream> set =
+                                Set<CloseAction> set =
                                     toCloseQueue.keySet();
                                 // Make a copy of the set in order to avoid
                                 // concurrent modification (the is.close()
                                 // will in turn call removeFromQueue())
-                                ImageInputStream[] streams =
-                                    new ImageInputStream[set.size()];
-                                streams = set.toArray(streams);
-                                for (ImageInputStream is : streams) {
-                                    if (is != null) {
+                                CloseAction[] actions =
+                                    new CloseAction[set.size()];
+                                actions = set.toArray(actions);
+                                for (CloseAction ca : actions) {
+                                    if (ca != null) {
                                         try {
-                                            is.close();
+                                            ca.performAction();
                                         } catch (IOException e) {
                                         }
                                     }
@@ -106,10 +106,28 @@ public class StreamCloser {
         }
     }
 
-    public static void removeFromQueue(ImageInputStream iis) {
+    public static void removeFromQueue(CloseAction ca) {
         synchronized (StreamCloser.class) {
             if (toCloseQueue != null) {
-                toCloseQueue.remove(iis);
+                toCloseQueue.remove(ca);
+            }
+        }
+    }
+
+    public static CloseAction createCloseAction(ImageInputStream iis) {
+        return new CloseAction(iis);
+    }
+
+    public static final class CloseAction {
+        private ImageInputStream iis;
+
+        private CloseAction(ImageInputStream iis) {
+            this.iis = iis;
+        }
+
+        public void performAction() throws IOException {
+            if (iis != null) {
+                iis.close();
             }
         }
     }

src/share/classes/com/sun/jndi/dns/DnsContext.java

 /*
- * Copyright 2000-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -922,7 +922,7 @@ public class DnsContext extends ComponentDirContext {
 
     //---------- Debugging
 
-    public static boolean debug = false;
+    private static final boolean debug = false;
 
     private static final void dprint(String msg) {
         if (debug) {
@@ -972,14 +972,11 @@ class NameClassPairEnumeration implements NamingEnumeration {
     }
 
     /*
-     * ctx will be closed when no longer needed by the enumeration.
+     * ctx will be set to null when no longer needed by the enumeration.
      */
-    public void close () {
+    public void close() {
         nodes = null;
-        if (ctx != null) {
-            ctx.close();
-            ctx = null;
-        }
+        ctx = null;
     }
 
     public boolean hasMore() {

src/share/classes/com/sun/media/sound/JDK13Services.java

 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,15 @@ import javax.sound.midi.spi.MidiFileWriter;
 import javax.sound.midi.spi.SoundbankReader;
 import javax.sound.midi.spi.MidiDeviceProvider;
 
+import javax.sound.midi.Receiver;
+import javax.sound.midi.Sequencer;
+import javax.sound.midi.Synthesizer;
+import javax.sound.midi.Transmitter;
+import javax.sound.sampled.Clip;
+import javax.sound.sampled.Port;
+import javax.sound.sampled.SourceDataLine;
+import javax.sound.sampled.TargetDataLine;
+
 
 /**
  * JDK13Services uses the Service class in JDK 1.3
@@ -186,6 +195,16 @@ public class JDK13Services {
         If the property is not set, null is returned.
      */
     private static synchronized String getDefaultProvider(Class typeClass) {
+        if (!SourceDataLine.class.equals(typeClass)
+                && !TargetDataLine.class.equals(typeClass)
+                && !Clip.class.equals(typeClass)
+                && !Port.class.equals(typeClass)
+                && !Receiver.class.equals(typeClass)
+                && !Transmitter.class.equals(typeClass)
+                && !Synthesizer.class.equals(typeClass)
+                && !Sequencer.class.equals(typeClass)) {
+            return null;
+        }
         String value;
         String propertyName = typeClass.getName();
         value = JSSecurityManager.getProperty(propertyName);

src/share/classes/com/sun/media/sound/JSSecurityManager.java

 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -283,28 +283,37 @@ class JSSecurityManager {
 
 
     static List getProviders(final Class providerClass) {
-        PrivilegedAction action = new PrivilegedAction() {
-                public Object run() {
-                    List p = new ArrayList();
-                    Iterator ps = Service.providers(providerClass);
-                    while (ps.hasNext()) {
-                        try {
-                            Object provider = ps.next();
-                            if (providerClass.isInstance(provider)) {
-                                // $$mp 2003-08-22
-                                // Always adding at the beginning reverses the
-                                // order of the providers. So we no longer have
-                                // to do this in AudioSystem and MidiSystem.
-                                p.add(0, provider);
-                            }
-                        } catch (Throwable t) {
-                            //$$fb 2002-11-07: do not fail on SPI not found
-                            if (Printer.err) t.printStackTrace();
-                        }                                                                  }
-                    return p;
+        List p = new ArrayList();
+        // Service.providers(Class) just creates "lazy" iterator instance,
+        // so it doesn't require do be called from privileged section
+        final Iterator ps = Service.providers(providerClass);
+
+        // the iterator's hasNext() method looks through classpath for
+        // the provider class names, so it requires read permissions
+        PrivilegedAction<Boolean> hasNextAction = new PrivilegedAction<Boolean>() {
+            public Boolean run() {
+                return ps.hasNext();
+            }
+        };
+
+        while (AccessController.doPrivileged(hasNextAction)) {
+            try {
+                // the iterator's next() method creates instances of the
+                // providers and it should be called in the current security
+                // context
+                Object provider = ps.next();
+                if (providerClass.isInstance(provider)) {
+                    // $$mp 2003-08-22
+                    // Always adding at the beginning reverses the
+                    // order of the providers. So we no longer have
+                    // to do this in AudioSystem and MidiSystem.
+                    p.add(0, provider);
                 }
-            };
-        List providers = (List) AccessController.doPrivileged(action);
-        return providers;
+            } catch (Throwable t) {
+                //$$fb 2002-11-07: do not fail on SPI not found
+                if (Printer.err) t.printStackTrace();
+            }
+        }
+        return p;
     }
 }

src/share/classes/com/sun/media/sound/StandardMidiFileWriter.java

 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -82,7 +82,7 @@ public class StandardMidiFileWriter extends MidiFileWriter {
     /**
      * MIDI parser types
      */
-    public static final int types[] = {
+    private static final int types[] = {
         MIDI_TYPE_0,
         MIDI_TYPE_1
     };

src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java

@@ -60,8 +60,14 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
     */
    public abstract String engineGetURI();
 
+   /**
+    * Returns the output length of the hash/digest.
+    */
+   abstract int getDigestLength();
+
    /** Field _macAlgorithm */
    private Mac _macAlgorithm = null;
+   private boolean _HMACOutputLengthSet = false;
 
    /** Field _HMACOutputLength */
    int _HMACOutputLength = 0;
@@ -100,7 +106,9 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    }
 
    public void reset() {
-           _HMACOutputLength=0;
+       _HMACOutputLength=0;
+       _HMACOutputLengthSet = false;
+       _macAlgorithm.reset();
    }
 
    /**
@@ -115,14 +123,16 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
            throws XMLSignatureException {
 
       try {
-         byte[] completeResult = this._macAlgorithm.doFinal();
-
-         if ((this._HMACOutputLength == 0) || (this._HMACOutputLength >= 160)) {
+         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
+                log.log(java.util.logging.Level.FINE,
+                    "HMACOutputLength must not be less than " + getDigestLength());
+            }
+            throw new XMLSignatureException("errorMessages.XMLSignatureException");
+         } else {
+            byte[] completeResult = this._macAlgorithm.doFinal();
             return MessageDigestAlgorithm.isEqual(completeResult, signature);
          }
-         byte[] stripped = IntegrityHmac.reduceBitLength(completeResult,
-                                 this._HMACOutputLength);
-         return MessageDigestAlgorithm.isEqual(stripped, signature);
       } catch (IllegalStateException ex) {
          throw new XMLSignatureException("empty", ex);
       }
@@ -176,14 +186,15 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
    protected byte[] engineSign() throws XMLSignatureException {
 
       try {
-         byte[] completeResult = this._macAlgorithm.doFinal();
-
-         if ((this._HMACOutputLength == 0) || (this._HMACOutputLength >= 160)) {
-            return completeResult;
+         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
+                log.log(java.util.logging.Level.FINE,
+                    "HMACOutputLength must not be less than " + getDigestLength());
+            }
+            throw new XMLSignatureException("errorMessages.XMLSignatureException");
+         } else {
+            return this._macAlgorithm.doFinal();
          }
-          return IntegrityHmac.reduceBitLength(completeResult,
-                                                 this._HMACOutputLength);
-
       } catch (IllegalStateException ex) {
          throw new XMLSignatureException("empty", ex);
       }
@@ -361,6 +372,7 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
     */
    protected void engineSetHMACOutputLength(int HMACOutputLength) {
       this._HMACOutputLength = HMACOutputLength;
+      this._HMACOutputLengthSet = true;
    }
 
    /**
@@ -376,12 +388,13 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
          throw new IllegalArgumentException("element null");
       }
 
-             Text hmaclength =XMLUtils.selectDsNodeText(element.getFirstChild(),
-                    Constants._TAG_HMACOUTPUTLENGTH,0);
+      Text hmaclength =XMLUtils.selectDsNodeText(element.getFirstChild(),
+         Constants._TAG_HMACOUTPUTLENGTH,0);
 
-            if (hmaclength != null) {
-               this._HMACOutputLength = Integer.parseInt(hmaclength.getData());
-            }
+      if (hmaclength != null) {
+         this._HMACOutputLength = Integer.parseInt(hmaclength.getData());
+         this._HMACOutputLengthSet = true;
+      }
 
    }
 
@@ -390,14 +403,13 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
     *
     * @param element
     */
-   public void engineAddContextToElement(Element element)
-           {
+   public void engineAddContextToElement(Element element) {
 
       if (element == null) {
          throw new IllegalArgumentException("null element");
       }
 
-      if (this._HMACOutputLength != 0) {
+      if (this._HMACOutputLengthSet) {
          Document doc = element.getOwnerDocument();
          Element HMElem = XMLUtils.createElementInSignatureSpace(doc,
                              Constants._TAG_HMACOUTPUTLENGTH);
@@ -436,6 +448,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
       }
+
+      int getDigestLength() {
+          return 160;
+      }
    }
 
    /**
@@ -463,6 +479,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
       }
+
+      int getDigestLength() {
+          return 256;
+      }
    }
 
    /**
@@ -490,6 +510,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_SHA384;
       }
+
+      int getDigestLength() {
+          return 384;
+      }
    }
 
    /**
@@ -517,6 +541,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_SHA512;
       }
+
+      int getDigestLength() {
+          return 512;
+      }
    }
 
    /**
@@ -544,6 +572,10 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
       }
+
+      int getDigestLength() {
+          return 160;
+      }
    }
 
    /**
@@ -571,5 +603,9 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
       public String engineGetURI() {
          return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
       }
+
+      int getDigestLength() {
+          return 128;
+      }
    }
 }

src/share/classes/com/sun/crypto/provider/JarVerifier.java → src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java

 /*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,50 +23,46 @@
  * have any questions.
  */
 
-package com.sun.crypto.provider;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
+package com.sun.security.jgss;
 
 /**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
+ * Kerberos 5 AuthorizationData entry.
  */
-final class JarVerifier {
+final public class AuthorizationDataEntry {
 
-    private static final boolean debug = false;
+    private final int type;
+    private final byte[] data;
 
     /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
+     * Create an AuthorizationDataEntry object.
+     * @param type the ad-type
+     * @param data the ad-data, a copy of the data will be saved
+     * inside the object.
      */
-    static boolean verify(final Class c) {
-        return true;
+    public AuthorizationDataEntry(int type, byte[] data) {
+        this.type = type;
+        this.data = data.clone();
+    }
+
+    /**
+     * Get the ad-type field.
+     * @return ad-type
+     */
+    public int getType() {
+        return type;
+    }
+
+    /**
+     * Get a copy of the ad-data field.
+     * @return ad-data
+     */
+    public byte[] getData() {
+        return data.clone();
+    }
+
+    public String toString() {
+        return "AuthorizationDataEntry: type="+type+", data=" +
+                data.length + " bytes:\n" +
+                new sun.misc.HexDumpEncoder().encode(data);
     }
 }

src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java

+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSContext interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSContext},
+ * such as querying context-specific attributes.
+ */
+public interface ExtendedGSSContext extends GSSContext {
+    /**
+     * Return the mechanism-specific attribute associated with {@code type}.
+     * <br><br>
+     * For each supported attribute type, the type for the output are
+     * defined below.
+     * <ol>
+     * <li>{@code KRB5_GET_TKT_FLAGS}:
+     * the returned object is a boolean array for the service ticket flags,
+     * which is long enough to contain all true bits. This means if
+     * the user wants to get the <em>n</em>'th bit but the length of the
+     * returned array is less than <em>n</em>, it is regarded as false.
+     * <li>{@code KRB5_GET_SESSION_KEY}:
+     * the returned object is an instance of {@link java.security.Key},
+     * which has the following properties:
+     *    <ul>
+     *    <li>Algorithm: enctype as a string, where
+     *        enctype is defined in RFC 3961, section 8.
+     *    <li>Format: "RAW"
+     *    <li>Encoded form: the raw key bytes, not in any ASN.1 encoding
+     *    </ul>
+     * <li>{@code KRB5_GET_AUTHZ_DATA}:
+     * the returned object is an array of
+     * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the
+     * optional field is missing in the service ticket.
+     * <li>{@code KRB5_GET_AUTHTIME}:
+     * the returned object is a String object in the standard KerberosTime
+     * format defined in RFC 4120 5.2.3
+     * </ol>
+     *
+     * If there is a security manager, an {@link InquireSecContextPermission}
+     * with the name {@code type.mech} must be granted. Otherwise, this could
+     * result in a {@link SecurityException}.<p>
+     *
+     * Example:
+     * <pre>
+     *      GSSContext ctxt = m.createContext(...)
+     *      // Establishing the context
+     *      if (ctxt instanceof ExtendedGSSContext) {
+     *          ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
+     *          try {
+     *              Key key = (key)ex.inquireSecContext(
+     *                      InquireType.KRB5_GET_SESSION_KEY);
+     *              // read key info
+     *          } catch (GSSException gsse) {
+     *              // deal with exception
+     *          }
+     *      }
+     * </pre>
+     * @param type the type of the attribute requested
+     * @return the attribute, see the method documentation for details.
+     * @throws GSSException containing  the following
+     * major error codes:
+     *   {@link GSSException#BAD_MECH GSSException.BAD_MECH} if the mechanism
+     *   does not support this method,
+     *   {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE} if the
+     *   type specified is not supported,
+     *   {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT} if the
+     *   security context is invalid,
+     *   {@link GSSException#FAILURE GSSException.FAILURE} for other
+     *   unspecified failures.
+     * @throws SecurityException if a security manager exists and a proper
+     *   {@link InquireSecContextPermission} is not granted.
+     * @see InquireSecContextPermission
+     */
+    public Object inquireSecContext(InquireType type)
+            throws GSSException;
+}

src/windows/classes/sun/security/mscapi/JarVerifier.java → src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java

 /*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,51 +23,32 @@
  * have any questions.
  */
 
+package com.sun.security.jgss;
 
-package sun.security.mscapi;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
+import java.security.BasicPermission;
 
 /**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
+ * This class is used to protect various attributes of an established
+ * GSS security context that can be accessed using the
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ * method.
  *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
+ * <p>The target name is the {@link InquireType} allowed.
  */
-final class JarVerifier {
-
-    private static final boolean debug = false;
+public final class InquireSecContextPermission extends BasicPermission {
 
     /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
+     * Constructs a new {@code InquireSecContextPermission} object with
+     * the specified name. The name is the symbolic name of the
+     * {@link InquireType} allowed.
      *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
+     * @param name the {@link InquireType} allowed by this
+     * permission. "*" means all {@link InquireType}s are allowed.
      *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
+     * @throws NullPointerException if <code>name</code> is <code>null</code>.
+     * @throws IllegalArgumentException if <code>name</code> is empty.
      */
-    static boolean verify(final Class c) {
-        return true;
+    public InquireSecContextPermission(String name) {
+        super(name);
     }
 }

src/share/classes/com/sun/security/jgss/InquireType.java

+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+/**
+ * Attribute types that can be specified as an argument of
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ */
+public enum InquireType {
+    /**
+     * Attribute type for retrieving the session key of an
+     * established Kerberos 5 security context.
+     */
+    KRB5_GET_SESSION_KEY,
+    /**
+     * Attribute type for retrieving the service ticket flags of an
+     * established Kerberos 5 security context.
+     */
+    KRB5_GET_TKT_FLAGS,
+    /**
+     * Attribute type for retrieving the authorization data in the
+     * service ticket of an established Kerberos 5 security context.
+     * Only supported on the acceptor side.
+     */
+    KRB5_GET_AUTHZ_DATA,
+    /**
+     * Attribute type for retrieving the authtime in the service ticket
+     * of an established Kerberos 5 security context.
+     */
+    KRB5_GET_AUTHTIME
+}

src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java

 /*
- * Copyright 2000-2003 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,10 +48,6 @@ import sun.misc.HexDumpEncoder;
  * @author Rosanna Lee
  */
 public abstract class AbstractSaslImpl {
-    /**
-     * Logger for debug messages
-     */
-    protected static Logger logger;  // set in initLogger(); lazily loads logger
 
     protected boolean completed = false;
     protected boolean privacy = false;
@@ -68,7 +64,6 @@ public abstract class AbstractSaslImpl {
     protected String myClassName;
 
     protected AbstractSaslImpl(Map props, String className) throws SaslException {
-        initLogger();
         myClassName = className;
 
         // Parse properties  to set desired context options
@@ -325,19 +320,15 @@ public abstract class AbstractSaslImpl {
         }
     }
 
-    /**
-     * Sets logger field.
-     */
-    private static synchronized void initLogger() {
-        if (logger == null) {
-            logger = Logger.getLogger(SASL_LOGGER_NAME);
-        }
-    }
-
     // ---------------- Constants  -----------------
     private static final String SASL_LOGGER_NAME = "javax.security.sasl";
     protected static final String MAX_SEND_BUF = "javax.security.sasl.sendmaxbuffer";
 
+    /**
+     * Logger for debug messages
+     */
+    protected static final Logger logger = Logger.getLogger(SASL_LOGGER_NAME);
+
     // default 0 (no protection); 1 (integrity only)
     protected static final byte NO_PROTECTION = (byte)1;
     protected static final byte INTEGRITY_ONLY_PROTECTION = (byte)2;

src/share/classes/java/awt/Cursor.java

@@ -118,8 +118,18 @@ public class Cursor implements java.io.Serializable {
      */
     public static final int     MOVE_CURSOR                     = 13;
 
+    /**
+      * @deprecated As of JDK version 1.7, the {@link #getPredefinedCursor()}
+      * method should be used instead.
+      */
+    @Deprecated
     protected static Cursor predefined[] = new Cursor[14];
 
+    /**
+     * This field is a private replacement for 'predefined' array.
+     */
+    private final static Cursor[] predefinedPrivate = new Cursor[14];
+
     /* Localization names and default values */
     static final String[][] cursorProperties = {
         { "AWT.DefaultCursor", "Default Cursor" },
@@ -253,10 +263,15 @@ public class Cursor implements java.io.Serializable {
         if (type < Cursor.DEFAULT_CURSOR || type > Cursor.MOVE_CURSOR) {
             throw new IllegalArgumentException("illegal cursor type");
         }
+        Cursor c = predefinedPrivate[type];
+        if (c == null) {
+            predefinedPrivate[type] = c = new Cursor(type);
+        }
+        // fill 'predefined' array for backwards compatibility.
         if (predefined[type] == null) {
-            predefined[type] = new Cursor(type);
+            predefined[type] = c;
         }
-        return predefined[type];
+        return c;
     }
 
     /**

src/share/classes/java/awt/Window.java

@@ -3743,16 +3743,58 @@ public class Window extends Container implements Accessible {
 
     // ****************** END OF MIXING CODE ********************************
 
-    // This method gets the window location/size as reported by the native
-    // system since the locally cached values may represent outdated data.
-    // NOTE: this method is invoked on the toolkit thread, and therefore
-    // is not supposed to become public/user-overridable.
+    /**
+     * Limit the given double value with the given range.
+     */
+    private static double limit(double value, double min, double max) {
+        value = Math.max(value, min);
+        value = Math.min(value, max);
+        return value;
+    }
+
+    /**
+     * Calculate the position of the security warning.
+     *
+     * This method gets the window location/size as reported by the native
+     * system since the locally cached values may represent outdated data.
+     *
+     * The method is used from the native code, or via AWTAccessor.
+     *
+     * NOTE: this method is invoked on the toolkit thread, and therefore is not
+     * supposed to become public/user-overridable.
+     */
     private Point2D calculateSecurityWarningPosition(double x, double y,
             double w, double h)
     {
-        return new Point2D.Double(
-                x + w * securityWarningAlignmentX + securityWarningPointX,
-                y + h * securityWarningAlignmentY + securityWarningPointY);
+        // The position according to the spec of SecurityWarning.setPosition()
+        double wx = x + w * securityWarningAlignmentX + securityWarningPointX;
+        double wy = y + h * securityWarningAlignmentY + securityWarningPointY;
+
+        // First, make sure the warning is not too far from the window bounds
+        wx = Window.limit(wx,
+                x - securityWarningWidth - 2,
+                x + w + 2);
+        wy = Window.limit(wy,
+                y - securityWarningHeight - 2,
+                y + h + 2);
+
+        // Now make sure the warning window is visible on the screen
+        GraphicsConfiguration graphicsConfig =
+            getGraphicsConfiguration_NoClientCode();
+        Rectangle screenBounds = graphicsConfig.getBounds();
+        Insets screenInsets =
+            Toolkit.getDefaultToolkit().getScreenInsets(graphicsConfig);
+
+        wx = Window.limit(wx,
+                screenBounds.x + screenInsets.left,
+                screenBounds.x + screenBounds.width - screenInsets.right
+                - securityWarningWidth);
+        wy = Window.limit(wy,
+                screenBounds.y + screenInsets.top,
+                screenBounds.y + screenBounds.height - screenInsets.bottom
+                - securityWarningHeight);
+
+        return new Point2D.Double(wx, wy);
     }
 
     static {

src/share/classes/java/beans/Introspector.java

@@ -114,8 +114,8 @@ public class Introspector {
     // Static Caches to speed up introspection.
     private static Map declaredMethodCache =
         Collections.synchronizedMap(new WeakHashMap());
-    private static Map beanInfoCache =
-        Collections.synchronizedMap(new WeakHashMap());
+
+    private static final Object BEANINFO_CACHE = new Object();
 
     private Class beanClass;
     private BeanInfo explicitBeanInfo;
@@ -174,10 +174,18 @@ public class Introspector {
         if (!ReflectUtil.isPackageAccessible(beanClass)) {
             return (new Introspector(beanClass, null, USE_ALL_BEANINFO)).getBeanInfo();
         }
-        BeanInfo bi = (BeanInfo)beanInfoCache.get(beanClass);
+        Map<Class<?>, BeanInfo> map;
+        synchronized (BEANINFO_CACHE) {
+            map = (Map<Class<?>, BeanInfo>) AppContext.getAppContext().get(BEANINFO_CACHE);
+            if (map == null) {
+                map = Collections.synchronizedMap(new WeakHashMap<Class<?>, BeanInfo>());
+                AppContext.getAppContext().put(BEANINFO_CACHE, map);
+            }
+        }
+        BeanInfo bi = map.get(beanClass);
         if (bi == null) {
             bi = (new Introspector(beanClass, null, USE_ALL_BEANINFO)).getBeanInfo();
-            beanInfoCache.put(beanClass, bi);
+            map.put(beanClass, bi);
         }
         return bi;
     }
@@ -351,7 +359,10 @@ public class Introspector {
      */
 
     public static void flushCaches() {
-        beanInfoCache.clear();
+        Map map = (Map) AppContext.getAppContext().get(BEANINFO_CACHE);
+        if (map != null) {
+            map.clear();
+        }
         declaredMethodCache.clear();
     }
 
@@ -374,7 +385,10 @@ public class Introspector {
         if (clz == null) {
             throw new NullPointerException();
         }
-        beanInfoCache.remove(clz);
+        Map map = (Map) AppContext.getAppContext().get(BEANINFO_CACHE);
+        if (map != null) {
+            map.remove(clz);
+        }
         declaredMethodCache.remove(clz);
     }
 

src/share/classes/java/beans/MetaData.java

@@ -335,31 +335,6 @@ abstract class java_util_Collections extends PersistenceDelegate {
         return (oldC.size() == newC.size()) && oldC.containsAll(newC);
     }
 
-    static Object getPrivateField(final Object instance, final String name) {
-        return AccessController.doPrivileged(
-                new PrivilegedAction() {
-                    public Object run() {
-                        Class type = instance.getClass();
-                        while ( true ) {
-                            try {
-                                Field field = type.getDeclaredField(name);
-                                field.setAccessible(true);
-                                return field.get( instance );
-                            }
-                            catch (NoSuchFieldException exception) {
-                                type = type.getSuperclass();
-                                if (type == null) {
-                                    throw new IllegalStateException("Could not find field " + name, exception);
-                                }
-                            }
-                            catch (Exception exception) {
-                                throw new IllegalStateException("Could not get value " + type.getName() + '.' + name, exception);
-                            }
-                        }
-                    }
-                } );
-    }
-
     static final class EmptyList_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
             return new Expression(oldInstance, Collections.class, "emptyList", null);
@@ -500,7 +475,7 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedCollection_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object type = getPrivateField(oldInstance, "type");
+            Object type = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedCollection.type");
             List list = new ArrayList((Collection) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedCollection", new Object[]{list, type});
         }
@@ -508,7 +483,7 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedList_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object type = getPrivateField(oldInstance, "type");
+            Object type = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedCollection.type");
             List list = new LinkedList((Collection) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedList", new Object[]{list, type});
         }
@@ -516,7 +491,7 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedRandomAccessList_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object type = getPrivateField(oldInstance, "type");
+            Object type = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedCollection.type");
             List list = new ArrayList((Collection) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedList", new Object[]{list, type});
         }
@@ -524,7 +499,7 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedSet_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object type = getPrivateField(oldInstance, "type");
+            Object type = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedCollection.type");
             Set set = new HashSet((Set) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedSet", new Object[]{set, type});
         }
@@ -532,7 +507,7 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedSortedSet_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object type = getPrivateField(oldInstance, "type");
+            Object type = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedCollection.type");
             SortedSet set = new TreeSet((SortedSet) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedSortedSet", new Object[]{set, type});
         }
@@ -540,8 +515,8 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedMap_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object keyType = getPrivateField(oldInstance, "keyType");
-            Object valueType = getPrivateField(oldInstance, "valueType");
+            Object keyType   = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedMap.keyType");
+            Object valueType = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedMap.valueType");
             Map map = new HashMap((Map) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedMap", new Object[]{map, keyType, valueType});
         }
@@ -549,8 +524,8 @@ abstract class java_util_Collections extends PersistenceDelegate {
 
     static final class CheckedSortedMap_PersistenceDelegate extends java_util_Collections {
         protected Expression instantiate(Object oldInstance, Encoder out) {
-            Object keyType = getPrivateField(oldInstance, "keyType");
-            Object valueType = getPrivateField(oldInstance, "valueType");
+            Object keyType   = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedMap.keyType");
+            Object valueType = MetaData.getPrivateFieldValue(oldInstance, "java.util.Collections$CheckedMap.valueType");
             SortedMap map = new TreeMap((SortedMap) oldInstance);
             return new Expression(oldInstance, Collections.class, "checkedSortedMap", new Object[]{map, keyType, valueType});
         }
@@ -572,7 +547,7 @@ class java_util_EnumMap_PersistenceDelegate extends PersistenceDelegate {
     }
 
     private static Object getType(Object instance) {
-        return java_util_Collections.getPrivateField(instance, "keyType");
+        return MetaData.getPrivateFieldValue(instance, "java.util.EnumMap.keyType");
     }
 }
 
@@ -591,7 +566,7 @@ class java_util_EnumSet_PersistenceDelegate extends PersistenceDelegate {
     }
 
     private static Object getType(Object instance) {
-        return java_util_Collections.getPrivateField(instance, "elementType");
+        return MetaData.getPrivateFieldValue(instance, "java.util.EnumSet.elementType");
     }
 }
 
@@ -1282,7 +1257,7 @@ class javax_swing_Box_PersistenceDelegate extends DefaultPersistenceDelegate {
 
     private Integer getAxis(Object object) {
         Box box = (Box) object;
-        return (Integer) java_util_Collections.getPrivateField(box.getLayout(), "axis");
+        return (Integer) MetaData.getPrivateFieldValue(box.getLayout(), "javax.swing.BoxLayout.axis");
     }
 }
 
@@ -1365,6 +1340,7 @@ final class sun_swing_PrintColorUIResource_PersistenceDelegate extends Persisten
 }
 
 class MetaData {
+    private static final Map<String,Field> fields = Collections.synchronizedMap(new WeakHashMap<String, Field>());
     private static Hashtable internalPersistenceDelegates = new Hashtable();
 
     private static PersistenceDelegate nullPersistenceDelegate = new NullPersistenceDelegate();
@@ -1503,4 +1479,35 @@ class MetaData {
             return null;
         }
     }
+
+    static Object getPrivateFieldValue(Object instance, String name) {
+        Field field = fields.get(name);
+        if (field == null) {
+            int index = name.lastIndexOf('.');
+            final String className = name.substring(0, index);
+            final String fieldName = name.substring(1 + index);
+            field = AccessController.doPrivileged(new PrivilegedAction<Field>() {
+                public Field run() {
+                    try {
+                        Field field = Class.forName(className).getDeclaredField(fieldName);
+                        field.setAccessible(true);
+                        return field;
+                    }
+                    catch (ClassNotFoundException exception) {
+                        throw new IllegalStateException("Could not find class", exception);
+                    }
+                    catch (NoSuchFieldException exception) {
+                        throw new IllegalStateException("Could not find field", exception);
+                    }
+                }
+            });
+            fields.put(name, field);
+        }
+        try {
+            return field.get(instance);
+        }
+        catch (IllegalAccessException exception) {
+            throw new IllegalStateException("Could not get value of the field", exception);
+        }
+    }
 }

src/share/classes/java/net/Socket.java

@@ -114,9 +114,14 @@ class Socket implements java.io.Closeable {
      * @since   1.5
      */
     public Socket(Proxy proxy) {
-        if (proxy != null && proxy.type() == Proxy.Type.SOCKS) {
+        // Create a copy of Proxy as a security measure
+        if (proxy == null) {
+            throw new IllegalArgumentException("Invalid Proxy");
+        }
+        Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : sun.net.ApplicationProxy.create(proxy);
+        if (p.type() == Proxy.Type.SOCKS) {
             SecurityManager security = System.getSecurityManager();
-            InetSocketAddress epoint = (InetSocketAddress) proxy.address();
+            InetSocketAddress epoint = (InetSocketAddress) p.address();
             if (security != null) {
                 if (epoint.isUnresolved())
                     security.checkConnect(epoint.getHostName(),
@@ -125,10 +130,10 @@ class Socket implements java.io.Closeable {
                     security.checkConnect(epoint.getAddress().getHostAddress(),
                                           epoint.getPort());
             }
-            impl = new SocksSocketImpl(proxy);
+            impl = new SocksSocketImpl(p);
             impl.setSocket(this);
         } else {
-            if (proxy == Proxy.NO_PROXY) {
+            if (p == Proxy.NO_PROXY) {
                 if (factory == null) {
                     impl = new PlainSocketImpl();
                     impl.setSocket(this);

src/share/classes/java/net/SocksSocketImpl.java

@@ -46,6 +46,9 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
     private Socket cmdsock = null;
     private InputStream cmdIn = null;
     private OutputStream cmdOut = null;
+    /* true if the Proxy has been set programatically */
+    private boolean applicationSetProxy;  /* false */
+
 
     SocksSocketImpl() {
         // Nothing needed
@@ -237,8 +240,7 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
         out.write((endpoint.getPort() >> 8) & 0xff);
         out.write((endpoint.getPort() >> 0) & 0xff);
         out.write(endpoint.getAddress().getAddress());
-        String userName = java.security.AccessController.doPrivileged(
-               new sun.security.action.GetPropertyAction("user.name"));
+        String userName = getUserName();
         try {
             out.write(userName.getBytes("ISO-8859-1"));
         } catch (java.io.UnsupportedEncodingException uee) {
@@ -554,8 +556,7 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
         out.write((super.getLocalPort() >> 8) & 0xff);
         out.write((super.getLocalPort() >> 0) & 0xff);
         out.write(addr1);
-        String userName = java.security.AccessController.doPrivileged(
-               new sun.security.action.GetPropertyAction("user.name"));
+        String userName = getUserName();
         try {
             out.write(userName.getBytes("ISO-8859-1"));
         } catch (java.io.UnsupportedEncodingException uee) {
@@ -1022,4 +1023,16 @@ class SocksSocketImpl extends PlainSocketImpl implements SocksConsts {
         super.close();
     }
 
+    private String getUserName() {
+        String userName = "";
+        if (applicationSetProxy) {
+            try {
+                userName = System.getProperty("user.name");
+            } catch (SecurityException se) { /* swallow Exception */ }
+        } else {
+            userName = java.security.AccessController.doPrivileged(
+                new sun.security.action.GetPropertyAction("user.name"));
+        }
+        return userName;
+    }
 }

src/share/classes/java/net/URL.java

@@ -1004,16 +1004,18 @@ public final class URL implements java.io.Serializable {
             throw new IllegalArgumentException("proxy can not be null");
         }
 
+        // Create a copy of Proxy as a security measure
+        Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : sun.net.ApplicationProxy.create(proxy);
         SecurityManager sm = System.getSecurityManager();
-        if (proxy.type() != Proxy.Type.DIRECT && sm != null) {
-            InetSocketAddress epoint = (InetSocketAddress) proxy.address();
+        if (p.type() != Proxy.Type.DIRECT && sm != null) {
+            InetSocketAddress epoint = (InetSocketAddress) p.address();
             if (epoint.isUnresolved())
                 sm.checkConnect(epoint.getHostName(), epoint.getPort());
             else
                 sm.checkConnect(epoint.getAddress().getHostAddress(),
                                 epoint.getPort());
         }
-        return handler.openConnection(this, proxy);
+        return handler.openConnection(this, p);
     }
 
     /**

src/share/classes/java/nio/file/SimpleFileVisitor.java

@@ -47,6 +47,14 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
     protected SimpleFileVisitor() {
     }
 
+    /**
+     * Throws NullPointerException if obj is null.
+     */
+    private static void checkNotNull(Object obj) {
+        if (obj == null)
+            throw new NullPointerException();
+    }
+
     /**
      * Invoked for a directory before entries in the directory are visited.
      *
@@ -55,6 +63,7 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
      */
     @Override
     public FileVisitResult preVisitDirectory(T dir) {
+        checkNotNull(dir);
         return FileVisitResult.CONTINUE;
     }
 
@@ -70,6 +79,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
      */
     @Override
     public FileVisitResult preVisitDirectoryFailed(T dir, IOException exc) {
+        checkNotNull(dir);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -81,6 +92,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
      */
     @Override
     public FileVisitResult visitFile(T file, BasicFileAttributes attrs) {
+        checkNotNull(file);
+        checkNotNull(attrs);
         return FileVisitResult.CONTINUE;
     }
 
@@ -96,6 +109,8 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
      */
     @Override
     public FileVisitResult visitFileFailed(T file, IOException exc) {
+        checkNotNull(file);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -114,6 +129,7 @@ public class SimpleFileVisitor<T> implements FileVisitor<T> {
      */
     @Override
     public FileVisitResult postVisitDirectory(T dir, IOException exc) {
+        checkNotNull(dir);
         if (exc != null)
             throw new IOError(exc);
         return FileVisitResult.CONTINUE;

src/share/classes/java/nio/file/attribute/AclFileAttributeView.java

@@ -75,7 +75,7 @@ import java.io.IOException;
  *         .lookupPrincipalByName("joe");
  *
  *     // get view
- *     AclFileAttributeView view = file.newFileAttributeView(AclFileAttributeView.class);
+ *     AclFileAttributeView view = file.getFileAttributeView(AclFileAttributeView.class);
  *
  *     // create ACE to give "joe" read access
  *     AclEntry entry = AclEntry.newBuilder()

src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java

@@ -61,7 +61,7 @@ import java.io.IOException;
  * Suppose we need to print out the owner and access permissions of a file:
  * <pre>
  *     FileRef file = ...
- *     PosixFileAttributes attrs = file.newFileAttributeView(PosixFileAttributeView.class)
+ *     PosixFileAttributes attrs = file.getFileAttributeView(PosixFileAttributeView.class)
  *         .readAttributes();
  *     System.out.format("%s %s%n",
  *         attrs.owner().getName(),

src/share/classes/javax/accessibility/AccessibleResourceBundle.java

@@ -44,15 +44,11 @@ public class AccessibleResourceBundle extends ListResourceBundle {
      * localized display strings.
      */
     public Object[][] getContents() {
-        return contents;
-    }
+        // The table holding the mapping between the programmatic keys
+        // and the display strings for the en_US locale.
+        return new Object[][] {
 
-    /**
-     * The table holding the mapping between the programmatic keys
-     * and the display strings for the en_US locale.
-     */
-    static final Object[][] contents = {
-    // LOCALIZE THIS
+        // LOCALIZE THIS
         // Role names
 //        { "application","application" },
 //        { "border","border" },
@@ -151,5 +147,6 @@ public class AccessibleResourceBundle extends ListResourceBundle {
         { "vertical","vertical" },
         { "horizontal","horizontal" }
     // END OF MATERIAL TO LOCALIZE
-    };
+        };
+    }
 }

src/share/classes/javax/crypto/JarVerifier.java

 /*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,7 @@ package javax.crypto;
 import java.io.*;
 import java.net.*;
 import java.security.*;
-import java.util.*;
 import java.util.jar.*;
-import javax.crypto.CryptoPolicyParser.ParsingException;
 
 /**
  * This class verifies JAR files (and any supporting JAR files), and
@@ -134,17 +132,6 @@ final class JarVerifier {
         }
     }
 
-    /**
-     * Verify that the provided JarEntry was indeed signed by the
-     * framework signing certificate.
-     *
-     * @param je the URL of the jar entry to be checked.
-     * @throws Exception if the jar entry was not signed by
-     *          the proper certificate
-     */
-    static void verifyFrameworkSigned(URL je) throws Exception {
-    }
-
     /**
      * Verify that the provided certs include the
      * framework signing certificate.

src/share/classes/javax/crypto/JceSecurity.java

 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.crypto;
 
-import java.lang.ref.*;
 import java.util.*;
 import java.util.jar.*;
 import java.io.*;
@@ -256,11 +255,6 @@ final class JceSecurity {
                                 ("Cannot locate policy or framework files!");
         }
 
-        // Enforce the signer restraint, i.e. signer of JCE framework
-        // jar should also be the signer of the two jurisdiction policy
-        // jar files.
-        JarVerifier.verifyFrameworkSigned(jceCipherURL);
-
         // Read jurisdiction policies.
         CryptoPermissions defaultExport = new CryptoPermissions();
         CryptoPermissions exemptExport = new CryptoPermissions();

src/share/classes/javax/imageio/plugins/bmp/BMPImageWriteParam.java

@@ -78,7 +78,7 @@ public class BMPImageWriteParam extends ImageWriteParam {
         super(locale);
 
         // Set compression types ("BI_RGB" denotes uncompressed).
-        compressionTypes = BMPConstants.compressionTypeNames;
+        compressionTypes = BMPConstants.compressionTypeNames.clone();
 
         // Set compression flag.
         canWriteCompressed = true;

src/share/classes/javax/imageio/spi/ImageReaderSpi.java

@@ -77,7 +77,10 @@ public abstract class ImageReaderSpi extends ImageReaderWriterSpi {
      * A single-element array, initially containing
      * <code>ImageInputStream.class</code>, to be returned from
      * <code>getInputTypes</code>.
+     * @deprecated Instead of using this field, directly create
+     * the equivalent array <code>{ ImageInputStream.class }<code>.
      */
+    @Deprecated
     public static final Class[] STANDARD_INPUT_TYPE =
         { ImageInputStream.class };
 
@@ -227,7 +230,11 @@ public abstract class ImageReaderSpi extends ImageReaderWriterSpi {
             throw new IllegalArgumentException
                 ("inputTypes.length == 0!");
         }
-        this.inputTypes = (Class[])inputTypes.clone();
+
+        this.inputTypes = (inputTypes == STANDARD_INPUT_TYPE) ?
+            new Class<?>[] { ImageInputStream.class } :
+            inputTypes.clone();
+
         // If length == 0, leave it null
         if (writerSpiNames != null && writerSpiNames.length > 0) {
             this.writerSpiNames = (String[])writerSpiNames.clone();

src/share/classes/javax/imageio/spi/ImageWriterSpi.java

@@ -77,9 +77,12 @@ public abstract class ImageWriterSpi extends ImageReaderWriterSpi {
 
     /**
      * A single-element array, initially containing
-     * <code>ImageInputStream.class</code>, to be returned from
-     * <code>getInputTypes</code>.
+     * <code>ImageOutputStream.class</code>, to be returned from
+     * <code>getOutputTypes</code>.
+     * @deprecated Instead of using this field, directly create
+     * the equivalent array <code>{ ImageOutputStream.class }<code>.
      */
+    @Deprecated
     public static final Class[] STANDARD_OUTPUT_TYPE =
         { ImageOutputStream.class };
 
@@ -228,7 +231,11 @@ public abstract class ImageWriterSpi extends ImageReaderWriterSpi {
             throw new IllegalArgumentException
                 ("outputTypes.length == 0!");
         }
-        this.outputTypes = (Class[])outputTypes.clone();
+
+        this.outputTypes = (outputTypes == STANDARD_OUTPUT_TYPE) ?
+            new Class<?>[] { ImageOutputStream.class } :
+            outputTypes.clone();
+
         // If length == 0, leave it null
         if (readerSpiNames != null && readerSpiNames.length > 0) {
             this.readerSpiNames = (String[])readerSpiNames.clone();

src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java

@@ -62,6 +62,10 @@ public class FileCacheImageInputStream extends ImageInputStreamImpl {
     /** The DisposerRecord that closes the underlying cache. */
     private final DisposerRecord disposerRecord;
 
+    /** The CloseAction that closes the stream in
+     *  the StreamCloser's shutdown hook                     */
+    private final StreamCloser.CloseAction closeAction;
+
     /**
      * Constructs a <code>FileCacheImageInputStream</code> that will read
      * from a given <code>InputStream</code>.
@@ -96,7 +100,9 @@ public class FileCacheImageInputStream extends ImageInputStreamImpl {
         this.cacheFile =
             File.createTempFile("imageio", ".tmp", cacheDir);
         this.cache = new RandomAccessFile(cacheFile, "rw");
-        StreamCloser.addToQueue(this);
+
+        this.closeAction = StreamCloser.createCloseAction(this);
+        StreamCloser.addToQueue(closeAction);
 
         disposerRecord = new StreamDisposerRecord(cacheFile, cache);
         if (getClass() == FileCacheImageInputStream.class) {
@@ -242,7 +248,7 @@ public class FileCacheImageInputStream extends ImageInputStreamImpl {
         stream = null;
         cache = null;
         cacheFile = null;
-        StreamCloser.removeFromQueue(this);
+        StreamCloser.removeFromQueue(closeAction);
     }
 
     /**

src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java

@@ -48,6 +48,10 @@ public class FileCacheImageOutputStream extends ImageOutputStreamImpl {
     // Pos after last (rightmost) byte written
     private long maxStreamPos = 0L;
 
+    /** The CloseAction that closes the stream in
+     *  the StreamCloser's shutdown hook                     */
+    private final StreamCloser.CloseAction closeAction;
+
     /**
      * Constructs a <code>FileCacheImageOutputStream</code> that will write
      * to a given <code>outputStream</code>.
@@ -82,7 +86,9 @@ public class FileCacheImageOutputStream extends ImageOutputStreamImpl {
         this.cacheFile =
             File.createTempFile("imageio", ".tmp", cacheDir);
         this.cache = new RandomAccessFile(cacheFile, "rw");
-        StreamCloser.addToQueue(this);
+
+        this.closeAction = StreamCloser.createCloseAction(this);
+        StreamCloser.addToQueue(closeAction);
     }
 
     public int read() throws IOException {
@@ -227,7 +233,7 @@ public class FileCacheImageOutputStream extends ImageOutputStreamImpl {
         cacheFile = null;
         stream.flush();
         stream = null;
-        StreamCloser.removeFromQueue(this);
+        StreamCloser.removeFromQueue(closeAction);
     }
 
     public void flushBefore(long pos) throws IOException {

src/share/classes/javax/management/openmbean/OpenMBeanAttributeInfoSupport.java

@@ -690,7 +690,7 @@ public class OpenMBeanAttributeInfoSupport
     private static <T> T convertFromString(String s, OpenType<T> openType) {
         Class<T> c;
         try {
-            c = cast(Class.forName(openType.getClassName()));
+            c = cast(Class.forName(openType.safeGetClassName()));
         } catch (ClassNotFoundException e) {
             throw new NoClassDefFoundError(e.toString());  // can't happen
         }
@@ -711,7 +711,7 @@ public class OpenMBeanAttributeInfoSupport
             } catch (Exception e) {
                 final String msg =
                     "Could not convert \"" + s + "\" using method: " + valueOf;
-                throw new IllegalArgumentException(msg);
+                throw new IllegalArgumentException(msg, e);
             }
         }
 
@@ -728,7 +728,7 @@ public class OpenMBeanAttributeInfoSupport
             } catch (Exception e) {
                 final String msg =
                     "Could not convert \"" + s + "\" using constructor: " + con;
-                throw new IllegalArgumentException(msg);
+                throw new IllegalArgumentException(msg, e);
             }
         }
 
@@ -757,7 +757,7 @@ public class OpenMBeanAttributeInfoSupport
             stringArrayClass =
                 Class.forName(squareBrackets + "Ljava.lang.String;");
             targetArrayClass =
-                Class.forName(squareBrackets + "L" + baseType.getClassName() +
+                Class.forName(squareBrackets + "L" + baseType.safeGetClassName() +
                               ";");
         } catch (ClassNotFoundException e) {
             throw new NoClassDefFoundError(e.toString());  // can't happen

src/share/classes/javax/management/openmbean/OpenType.java

@@ -304,7 +304,12 @@ public abstract class OpenType<T> implements Serializable {
      * @return the class name.
      */
     public String getClassName() {
+        return className;
+    }
 
+    // A version of getClassName() that can only be called from within this
+    // package and that cannot be overridden.
+    String safeGetClassName() {
         return className;
     }
 

src/share/classes/javax/swing/JFileChooser.java

 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -739,6 +739,11 @@ public class JFileChooser extends JComponent implements Accessible {
 
         dialog.show();
         firePropertyChange("JFileChooserDialogIsClosingProperty", dialog, null);
+
+        // Remove all components from dialog. The MetalFileChooserUI.installUI() method (and other LAFs)
+        // registers AWT listener for dialogs and produces memory leaks. It happens when
+        // installUI invoked after the showDialog method.
+        dialog.getContentPane().removeAll();
         dialog.dispose();
         dialog = null;
         return returnValue;

src/share/classes/javax/swing/JInternalFrame.java

@@ -26,13 +26,10 @@
 package javax.swing;
 
 import java.awt.*;
-import java.awt.event.*;
 
 import java.beans.PropertyVetoException;
 import java.beans.PropertyChangeEvent;
-import java.util.EventListener;
 
-import javax.swing.border.Border;
 import javax.swing.event.InternalFrameEvent;
 import javax.swing.event.InternalFrameListener;
 import javax.swing.plaf.*;
@@ -40,7 +37,6 @@ import javax.swing.plaf.*;
 import javax.accessibility.*;
 
 import java.io.ObjectOutputStream;
-import java.io.ObjectInputStream;
 import java.io.IOException;
 import java.lang.StringBuilder;
 import java.beans.PropertyChangeListener;
@@ -1459,19 +1455,22 @@ public class JInternalFrame extends JComponent implements
             SwingUtilities2.compositeRequestFocus(getDesktopIcon());
         }
         else {
-            // FocusPropertyChangeListener will eventually update
-            // lastFocusOwner. As focus requests are asynchronous
-            // lastFocusOwner may be accessed before it has been correctly
-            // updated. To avoid any problems, lastFocusOwner is immediately
-            // set, assuming the request will succeed.
-            lastFocusOwner = getMostRecentFocusOwner();
-            if (lastFocusOwner == null) {
-                // Make sure focus is restored somewhere, so that
-                // we don't leave a focused component in another frame while
-                // this frame is selected.
-                lastFocusOwner = getContentPane();
+            Component component = KeyboardFocusManager.getCurrentKeyboardFocusManager().getPermanentFocusOwner();
+            if ((component == null) || !SwingUtilities.isDescendingFrom(component, this)) {
+                // FocusPropertyChangeListener will eventually update
+                // lastFocusOwner. As focus requests are asynchronous
+                // lastFocusOwner may be accessed before it has been correctly
+                // updated. To avoid any problems, lastFocusOwner is immediately
+                // set, assuming the request will succeed.
+                setLastFocusOwner(getMostRecentFocusOwner());
+                if (lastFocusOwner == null) {
+                    // Make sure focus is restored somewhere, so that
+                    // we don't leave a focused component in another frame while
+                    // this frame is selected.
+                    setLastFocusOwner(getContentPane());
+                }
+                lastFocusOwner.requestFocus();
             }
-            lastFocusOwner.requestFocus();
         }
     }
 

src/share/classes/javax/swing/plaf/basic/BasicDesktopIconUI.java

 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,9 +32,6 @@ import javax.swing.event.*;
 import javax.swing.border.*;
 import javax.swing.plaf.*;
 import java.beans.*;
-import java.util.EventListener;
-import java.io.Serializable;
-
 
 /**
  * Basic L&F for a minimized window on a desktop.
@@ -47,7 +44,6 @@ public class BasicDesktopIconUI extends DesktopIconUI {
 
     protected JInternalFrame.JDesktopIcon desktopIcon;
     protected JInternalFrame frame;
-    private DesktopIconMover desktopIconMover;
 
     /**
      * The title pane component used in the desktop icon.
@@ -128,21 +124,12 @@ public class BasicDesktopIconUI extends DesktopIconUI {
         mouseInputListener = createMouseInputListener();
         desktopIcon.addMouseMotionListener(mouseInputListener);
         desktopIcon.addMouseListener(mouseInputListener);
-         getDesktopIconMover().installListeners();
     }
 
     protected void uninstallListeners() {
         desktopIcon.removeMouseMotionListener(mouseInputListener);
         desktopIcon.removeMouseListener(mouseInputListener);
         mouseInputListener = null;
-         getDesktopIconMover().uninstallListeners();
-    }
-
-    private DesktopIconMover getDesktopIconMover() {
-        if (desktopIconMover == null) {
-            desktopIconMover = new DesktopIconMover(desktopIcon);
-        }
-        return desktopIconMover;
     }
 
     protected void installDefaults() {

src/share/classes/javax/swing/plaf/basic/BasicDirectoryModel.java

 /*
- * Copyright 1998-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -232,6 +232,10 @@ public class BasicDirectoryModel extends AbstractListModel implements PropertyCh
         public void run0() {
             FileSystemView fileSystem = filechooser.getFileSystemView();
 
+            if (isInterrupted()) {
+                return;
+            }
+
             File[] list = fileSystem.getFiles(currentDirectory, filechooser.isFileHidingEnabled());
 
             if (isInterrupted()) {
@@ -268,8 +272,8 @@ public class BasicDirectoryModel extends AbstractListModel implements PropertyCh
 
             // To avoid loads of synchronizations with Invoker and improve performance we
             // execute the whole block on the COM thread
-            DoChangeContents doChangeContents = ShellFolder.getInvoker().invoke(new Callable<DoChangeContents>() {
-                public DoChangeContents call() throws Exception {
+            DoChangeContents doChangeContents = ShellFolder.invoke(new Callable<DoChangeContents>() {
+                public DoChangeContents call() {
                     int newSize = newFileCache.size();
                     int oldSize = fileCache.size();
 

src/share/classes/javax/swing/plaf/basic/BasicInternalFrameUI.java

@@ -27,16 +27,10 @@ package javax.swing.plaf.basic;
 
 import java.awt.*;
 import java.awt.event.*;
-import java.awt.peer.LightweightPeer;
-
 import javax.swing.*;
-import javax.swing.border.*;
 import javax.swing.plaf.*;
 import javax.swing.event.*;
-
 import java.beans.*;
-import java.io.Serializable;
-
 import sun.swing.DefaultLookup;
 import sun.swing.UIAction;
 
@@ -55,6 +49,7 @@ public class BasicInternalFrameUI extends InternalFrameUI
     protected MouseInputAdapter          borderListener;
     protected PropertyChangeListener     propertyChangeListener;
     protected LayoutManager              internalFrameLayout;
+    protected ComponentListener          componentListener;
     protected MouseInputListener         glassPaneDispatcher;
     private InternalFrameListener        internalFrameListener;
 
@@ -66,9 +61,9 @@ public class BasicInternalFrameUI extends InternalFrameUI
     protected BasicInternalFrameTitlePane titlePane; // access needs this
 
     private static DesktopManager sharedDesktopManager;
+    private boolean componentListenerAdded = false;
 
     private Rectangle parentBounds;
-    private DesktopIconMover desktopIconMover;
 
     private boolean dragging = false;
     private boolean resizing = false;
@@ -209,17 +204,14 @@ public class BasicInternalFrameUI extends InternalFrameUI
             frame.getGlassPane().addMouseListener(glassPaneDispatcher);
             frame.getGlassPane().addMouseMotionListener(glassPaneDispatcher);
         }
+        componentListener =  createComponentListener();
         if (frame.getParent() != null) {
           parentBounds = frame.getParent().getBounds();
         }
-        getDesktopIconMover().installListeners();
-    }
-
-    private DesktopIconMover getDesktopIconMover() {
-        if (desktopIconMover == null) {
-            desktopIconMover = new DesktopIconMover(frame);
+        if ((frame.getParent() != null) && !componentListenerAdded) {
+            frame.getParent().addComponentListener(componentListener);
+            componentListenerAdded = true;
         }
-        return desktopIconMover;
     }
 
     // Provide a FocusListener to listen for a WINDOW_LOST_FOCUS event,
@@ -290,7 +282,11 @@ public class BasicInternalFrameUI extends InternalFrameUI
      * @since 1.3
      */
     protected void uninstallListeners() {
-      getDesktopIconMover().uninstallListeners();
+        if ((frame.getParent() != null) && componentListenerAdded) {
+            frame.getParent().removeComponentListener(componentListener);
+            componentListenerAdded = false;
+        }
+        componentListener = null;
       if (glassPaneDispatcher != null) {
           frame.getGlassPane().removeMouseListener(glassPaneDispatcher);
           frame.getGlassPane().removeMouseMotionListener(glassPaneDispatcher);
@@ -1228,6 +1224,15 @@ public class BasicInternalFrameUI extends InternalFrameUI
                 }
             }
 
+            // Relocate the icon base on the new parent bounds.
+            if (icon != null) {
+                Rectangle iconBounds = icon.getBounds();
+                int y = iconBounds.y +
+                        (parentNewBounds.height - parentBounds.height);
+                icon.setBounds(iconBounds.x, y,
+                        iconBounds.width, iconBounds.height);
+            }
+
             // Update the new parent bounds for next resize.
             if (!parentBounds.equals(parentNewBounds)) {
                 parentBounds = parentNewBounds;
@@ -1399,6 +1404,9 @@ public class BasicInternalFrameUI extends InternalFrameUI
                     // Cancel a resize in progress if the internal frame
                     // gets a setClosed(true) or dispose().
                     cancelResize();
+                    if ((frame.getParent() != null) && componentListenerAdded) {
+                        frame.getParent().removeComponentListener(componentListener);
+                    }
                     closeFrame(f);
                 }
             } else if (JInternalFrame.IS_MAXIMUM_PROPERTY == prop) {
@@ -1431,6 +1439,10 @@ public class BasicInternalFrameUI extends InternalFrameUI
                 } else {
                     parentBounds = null;
                 }
+                if ((frame.getParent() != null) && !componentListenerAdded) {
+                    f.getParent().addComponentListener(componentListener);
+                    componentListenerAdded = true;
+                }
             } else if (JInternalFrame.TITLE_PROPERTY == prop ||
                     prop == "closable" || prop == "iconable" ||
                     prop == "maximizable") {

src/share/classes/javax/swing/plaf/basic/BasicScrollPaneUI.java

 /*
- * Copyright 1997-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,17 +37,12 @@ import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeEvent;
 
 import java.awt.Component;
-import java.awt.Container;
-import java.awt.LayoutManager;
 import java.awt.Rectangle;
 import java.awt.Dimension;
 import java.awt.Point;
 import java.awt.Insets;
 import java.awt.Graphics;
 import java.awt.event.*;
-import java.io.Serializable;
-import java.awt.Toolkit;
-import java.awt.ComponentOrientation;
 
 /**
  * A default L&F implementation of ScrollPaneUI.
@@ -63,6 +58,7 @@ public class BasicScrollPaneUI
     protected ChangeListener viewportChangeListener;
     protected PropertyChangeListener spPropertyChangeListener;
     private MouseWheelListener mouseScrollListener;
+    private int oldExtent = Integer.MIN_VALUE;
 
     /**
      * PropertyChangeListener installed on the vertical scrollbar.
@@ -327,9 +323,13 @@ public class BasicScrollPaneUI
                             * leave it until someone claims.
                             */
                             value = Math.max(0, Math.min(max - extent, max - extent - viewPosition.x));
+                            if (oldExtent > extent) {
+                                value -= oldExtent - extent;
+                            }
                         }
                     }
                 }
+                oldExtent = extent;
                 hsb.setValues(value, extent, 0, max);
             }
 
@@ -1020,7 +1020,7 @@ public class BasicScrollPaneUI
 
             if (viewport != null) {
                 if (e.getSource() == viewport) {
-                    viewportStateChanged(e);
+                    syncScrollPaneWithViewport();
                 }
                 else {
                     JScrollBar hsb = scrollpane.getHorizontalScrollBar();
@@ -1077,11 +1077,6 @@ public class BasicScrollPaneUI
             viewport.setViewPosition(p);
         }
 
-        private void viewportStateChanged(ChangeEvent e) {
-            syncScrollPaneWithViewport();
-        }
-
-
         //
         // PropertyChangeListener: This is installed on both the JScrollPane
         // and the horizontal/vertical scrollbars.

src/share/classes/javax/swing/plaf/basic/DesktopIconMover.java

-/*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package javax.swing.plaf.basic;
-
-import javax.swing.*;
-import java.awt.*;
-import java.awt.event.*;
-import java.beans.*;
-
-/**
- * DesktopIconMover is intended to move desktop icon
- * when parent window is resized.
- */
-class DesktopIconMover implements ComponentListener, PropertyChangeListener {
-    private Component parent;
-    private JInternalFrame frame; // if not null, DesktopIconMover(frame)
-                                  // constructor was used
-    private JInternalFrame.JDesktopIcon icon;
-    private Rectangle parentBounds;
-    private boolean componentListenerAdded = false;
-
-    public DesktopIconMover(JInternalFrame frame) {
-        if (frame == null) {
-            throw new NullPointerException("Frame cannot be null");
-        }
-        this.frame = frame;
-        this.icon = frame.getDesktopIcon();
-        if (icon == null) {
-            throw new NullPointerException(
-                    "frame.getDesktopIcon() cannot be null");
-        }
-        this.parent = frame.getParent();
-        if (this.parent != null) {
-            parentBounds = this.parent.getBounds();
-        }
-    }
-
-    public DesktopIconMover(JInternalFrame.JDesktopIcon icon) {
-        if (icon == null) {
-            throw new NullPointerException("Icon cannot be null");
-        }
-        this.icon = icon;
-        this.parent = icon.getParent();
-        if (this.parent != null) {
-            parentBounds = this.parent.getBounds();
-        }
-    }
-
-    public void installListeners() {
-        if (frame != null) {
-            frame.addPropertyChangeListener(this);
-        } else {
-            icon.addPropertyChangeListener(this);
-        }
-        addComponentListener();
-    }
-
-    public void uninstallListeners() {
-        if (frame != null) {
-            frame.removePropertyChangeListener(this);
-        } else {
-            icon.removePropertyChangeListener(this);
-        }
-        removeComponentListener();
-    }
-
-    public void propertyChange(PropertyChangeEvent evt) {
-        String propName = evt.getPropertyName();
-        if ("ancestor".equals(propName)) {
-            Component newAncestor = (Component) evt.getNewValue();
-
-            // Remove component listener if parent is changing
-            Component probablyNewParent = getCurrentParent();
-            if ((probablyNewParent != null) &&
-                    (!probablyNewParent.equals(parent))) {
-                removeComponentListener();
-                parent = probablyNewParent;
-            }
-
-            if (newAncestor == null) {
-                removeComponentListener();
-            } else {
-                addComponentListener();
-            }
-
-            // Update parentBounds
-            if (parent != null) {
-                parentBounds = parent.getBounds();
-            } else {
-                parentBounds = null;
-            }
-        } else if (JInternalFrame.IS_CLOSED_PROPERTY.equals(propName)) {
-            removeComponentListener();
-        }
-    }
-
-    private void addComponentListener() {
-        if (!componentListenerAdded && (parent != null)) {
-            parent.addComponentListener(this);
-            componentListenerAdded = true;
-        }
-    }
-
-    private void removeComponentListener() {
-        if ((parent != null) && componentListenerAdded) {
-            parent.removeComponentListener(this);
-            componentListenerAdded = false;
-        }
-    }
-
-    private Component getCurrentParent() {
-        if (frame != null) {
-            return frame.getParent();
-        } else {
-            return icon.getParent();
-        }
-    }
-
-    public void componentResized(ComponentEvent e) {
-        if ((parent == null) || (parentBounds == null)) {
-            return;
-        }
-
-        Rectangle parentNewBounds = parent.getBounds();
-        if ((parentNewBounds == null) || parentNewBounds.equals(parentBounds)) {
-            return;
-        }
-
-        // Move desktop icon only in up-down direction
-        int newIconY = icon.getLocation().y +
-                (parentNewBounds.height - parentBounds.height);
-        icon.setLocation(icon.getLocation().x, newIconY);
-
-        parentBounds = parentNewBounds;
-    }
-
-    public void componentMoved(ComponentEvent e) {
-    }
-
-    public void componentShown(ComponentEvent e) {
-    }
-
-    public void componentHidden(ComponentEvent e) {
-    }
-}

src/share/classes/javax/swing/plaf/nimbus/AbstractRegionPainter.java

@@ -227,10 +227,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      *
      * @param x an encoded x value (0...1, or 1...2, or 2...3)
      * @return the decoded x value
+     * @throws IllegalArgumentException
+     *      if {@code x < 0} or {@code x > 3}
      */
     protected final float decodeX(float x) {
-        if (ctx.canvasSize == null) return x;
-
         if (x >= 0 && x <= 1) {
             return x * leftWidth;
         } else if (x > 1 && x < 2) {
@@ -238,7 +238,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (x >= 2 && x <= 3) {
             return ((x-2) * rightWidth) + leftWidth + centerWidth;
         } else {
-            throw new AssertionError("Invalid x");
+            throw new IllegalArgumentException("Invalid x");
         }
     }
 
@@ -248,10 +248,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      *
      * @param y an encoded y value (0...1, or 1...2, or 2...3)
      * @return the decoded y value
+     * @throws IllegalArgumentException
+     *      if {@code y < 0} or {@code y > 3}
      */
     protected final float decodeY(float y) {
-        if (ctx.canvasSize == null) return y;
-
         if (y >= 0 && y <= 1) {
             return y * topHeight;
         } else if (y > 1 && y < 2) {
@@ -259,7 +259,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (y >= 2 && y <= 3) {
             return ((y-2) * bottomHeight) + topHeight + centerHeight;
         } else {
-            throw new AssertionError("Invalid y");
+            throw new IllegalArgumentException("Invalid y");
         }
     }
 
@@ -271,10 +271,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param x an encoded x value of the bezier control point (0...1, or 1...2, or 2...3)
      * @param dx the offset distance to the anchor from the control point x
      * @return the decoded x location of the control point
+     * @throws IllegalArgumentException
+     *      if {@code x < 0} or {@code x > 3}
      */
     protected final float decodeAnchorX(float x, float dx) {
-        if (ctx.canvasSize == null) return x + dx;
-
         if (x >= 0 && x <= 1) {
             return decodeX(x) + (dx * leftScale);
         } else if (x > 1 && x < 2) {
@@ -282,7 +282,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (x >= 2 && x <= 3) {
             return decodeX(x) + (dx * rightScale);
         } else {
-            throw new AssertionError("Invalid x");
+            throw new IllegalArgumentException("Invalid x");
         }
     }
 
@@ -294,10 +294,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param y an encoded y value of the bezier control point (0...1, or 1...2, or 2...3)
      * @param dy the offset distance to the anchor from the control point y
      * @return the decoded y position of the control point
+     * @throws IllegalArgumentException
+     *      if {@code y < 0} or {@code y > 3}
      */
     protected final float decodeAnchorY(float y, float dy) {
-        if (ctx.canvasSize == null) return y + dy;
-
         if (y >= 0 && y <= 1) {
             return decodeY(y) + (dy * topScale);
         } else if (y > 1 && y < 2) {
@@ -305,7 +305,7 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
         } else if (y >= 2 && y <= 3) {
             return decodeY(y) + (dy * bottomScale);
         } else {
-            throw new AssertionError("Invalid y");
+            throw new IllegalArgumentException("Invalid y");
         }
     }
 
@@ -363,6 +363,15 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param midpoints
      * @param colors
      * @return a valid LinearGradientPaint. This method never returns null.
+     * @throws NullPointerException
+     *      if {@code midpoints} array is null,
+     *      or {@code colors} array is null,
+     * @throws IllegalArgumentException
+     *      if start and end points are the same points,
+     *      or {@code midpoints.length != colors.length},
+     *      or {@code colors} is less than 2 in size,
+     *      or a {@code midpoints} value is less than 0.0 or greater than 1.0,
+     *      or the {@code midpoints} are not provided in strictly increasing order
      */
     protected final LinearGradientPaint decodeGradient(float x1, float y1, float x2, float y2, float[] midpoints, Color[] colors) {
         if (x1 == x2 && y1 == y2) {
@@ -384,6 +393,15 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
      * @param midpoints
      * @param colors
      * @return a valid RadialGradientPaint. This method never returns null.
+     * @throws NullPointerException
+     *      if {@code midpoints} array is null,
+     *      or {@code colors} array is null
+     * @throws IllegalArgumentException
+     *      if {@code r} is non-positive,
+     *      or {@code midpoints.length != colors.length},
+     *      or {@code colors} is less than 2 in size,
+     *      or a {@code midpoints} value is less than 0.0 or greater than 1.0,
+     *      or the {@code midpoints} are not provided in strictly increasing order
      */
     protected final RadialGradientPaint decodeRadialGradient(float x, float y, float r, float[] midpoints, Color[] colors) {
         if (r == 0f) {
@@ -537,10 +555,10 @@ public abstract class AbstractRegionPainter implements Painter<JComponent> {
             this.maxVerticalScaleFactor = maxV;
 
             if (canvasSize != null) {
-                a = insets.left;
-                b = canvasSize.width - insets.right;
-                c = insets.top;
-                d = canvasSize.height - insets.bottom;
+                a = stretchingInsets.left;
+                b = canvasSize.width - stretchingInsets.right;
+                c = stretchingInsets.top;
+                d = canvasSize.height - stretchingInsets.bottom;
                 this.canvasSize = canvasSize;
                 this.inverted = inverted;
                 if (inverted) {

src/share/classes/javax/swing/plaf/nimbus/NimbusIcon.java

@@ -84,6 +84,8 @@ class NimbusIcon extends SynthIcon {
                         translatex = 1;
                     }
                 }
+            } else if (c instanceof JMenu) {
+                flip = ! c.getComponentOrientation().isLeftToRight();
             }
             if (g instanceof Graphics2D){
                 Graphics2D gfx = (Graphics2D)g;