changeset 51248:3810c9a2efa1

8177334: Update xmldsig implementation to Apache Santuario 2.1.1 Reviewed-by: mullan
author weijun
date Tue, 19 Jun 2018 08:06:35 +0800
parents 0f93a75b9213
children 9ba6f5dfbe56
files src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/Init.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/XmlAttrStack.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/DocumentSerializer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Serializer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherInput.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipherParameters.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLEncryptionException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/exceptions/AlgorithmAlreadyRegisteredException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/exceptions/Base64DecodingException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/exceptions/XMLSecurityRuntimeException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/exceptions/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/ContentHandlerAlreadyRegisteredException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyInfo.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/KeyUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/DEREncodedKeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoContent.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyInfoReference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyName.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/KeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/MgmtData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/PGPData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/RetrievalMethod.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/SPKIData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/X509Data.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/DSAKeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/RSAKeyValue.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/keyvalues/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509CRL.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Certificate.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509DataContent.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509Digest.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509IssuerSerial.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SKI.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/XMLX509SubjectName.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/content/x509/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/InvalidKeyResolverException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/KeyResolverSpi.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DEREncodedKeyValueResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/DSAKeyValueResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/EncryptedKeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/PrivateKeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RSAKeyValueResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SecretKeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/SingleKeyResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509CertificateResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509DigestResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509IssuerSerialResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SKIResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/X509SubjectNameResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/StorageResolverException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/KeyStoreResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/SingleCertificateResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/config.xml src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_de.properties src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/resource/xmlsecurity_en.properties src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidDigestValueException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/InvalidSignatureValueException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Manifest.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/MissingResourceFailureException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/NodeFilter.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/ObjectContainer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/Reference.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/ReferenceNotInitializedException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperties.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/SignatureProperty.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/SignedInfo.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignature.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInput.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/XMLSignatureInputDebugger.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceNodeSetData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceOctetStreamData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/signature/reference/ReferenceSubTreeData.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/InvalidTransformException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformSpi.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/TransformationException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transforms.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHere.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformBase64Decode.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14N11_WithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusive.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NExclusiveWithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformC14NWithComments.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformEnvelopedSignature.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPath2Filter.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXPointer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/TransformXSLT.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/InclusiveNamespaces.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPath2FilterContainer04.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathContainer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/transforms/params/XPathFilterCHGPContainer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Base64.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Constants.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/DOMNamespaceContext.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/DigesterOutputStream.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementChecker.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/ElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionConstants.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/EncryptionElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/HelperNodeList.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/I18n.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/IgnoreAllErrorHandler.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/JDKXPathAPI.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/RFC2253Parser.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/Signature11ElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/SignatureElementProxy.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/SignerOutputStream.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncBufferedOutputStream.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/UnsyncByteArrayOutputStream.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/WeakObjectPool.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XMLUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFactory.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/XalanXPathAPI.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ClassLoaderUtils.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolver.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverException.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/ResourceResolverSpi.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverAnonymous.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverDirectHTTP.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverFragment.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverLocalFilesystem.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/ResolverXPointer.java src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/implementations/package.html src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/resolver/package.html src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/Logger.java src/java.xml.crypto/share/classes/com/sun/org/slf4j/internal/LoggerFactory.java src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/DigestMethod.java src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/SignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/DigesterOutputStream.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/MacOutputStream.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/SignerOutputStream.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/AbstractDOMSignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheNodeSetData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheOctetStreamData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/BaseStructure.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMBase64Transform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14N11Method.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalXMLC14NMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMCryptoBinary.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMDigestMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMEnvelopedTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMExcC14NMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMHMACSignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfo.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyInfoFactory.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyName.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMManifest.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMPGPData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperties.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureProperty.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignedInfo.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMStructure.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMSubTreeData.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMUtils.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509Data.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMX509IssuerSerial.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLObject.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignature.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathFilter2Transform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXPathTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMXSLTTransform.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/Marshaller.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/Utils.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XMLDSigRI.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XmlWriter.java src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/XmlWriterToTree.java src/java.xml.crypto/share/legal/santuario.md test/jdk/javax/xml/crypto/dsig/GenerationTests.java test/jdk/javax/xml/crypto/dsig/KeySelectors.java
diffstat 262 files changed, 10122 insertions(+), 13681 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/Init.java	Tue Jun 19 08:06:35 2018 +0800
@@ -30,9 +30,7 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm;
@@ -61,9 +59,8 @@
     /** The namespace for CONF file **/
     public static final String CONF_NS = "http://www.xmlsecurity.org/NS/#configuration";
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Init.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(Init.class);
 
     /** Field alreadyInitialized */
     private static boolean alreadyInitialized = false;
@@ -72,7 +69,7 @@
      * Method isInitialized
      * @return true if the library is already initialized.
      */
-    public static synchronized final boolean isInitialized() {
+    public static final synchronized boolean isInitialized() {
         return Init.alreadyInitialized;
     }
 
@@ -87,16 +84,16 @@
 
         InputStream is =
             AccessController.doPrivileged(
-                new PrivilegedAction<InputStream>() {
-                    public InputStream run() {
+                (PrivilegedAction<InputStream>)
+                    () -> {
                         String cfile =
                             System.getProperty("com.sun.org.apache.xml.internal.security.resource.config");
                         if (cfile == null) {
                             return null;
                         }
-                        return getClass().getResourceAsStream(cfile);
+                        return Init.class.getResourceAsStream(cfile);
                     }
-                });
+                );
         if (is == null) {
             dynamicInit();
         } else {
@@ -117,9 +114,8 @@
         //
         I18n.init("en", "US");
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Registering default algorithms");
-        }
+        LOG.debug("Registering default algorithms");
+
         try {
             AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
                 @Override public Void run() throws XMLSecurityException {
@@ -160,10 +156,10 @@
 
                     return null;
                 }
-           });
+            });
         } catch (PrivilegedActionException ex) {
             XMLSecurityException xse = (XMLSecurityException)ex.getException();
-            log.log(java.util.logging.Level.SEVERE, xse.getMessage(), xse);
+            LOG.error(xse.getMessage(), xse);
             xse.printStackTrace();
         }
     }
@@ -174,13 +170,7 @@
     private static void fileInit(InputStream is) {
         try {
             /* read library configuration file */
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-
-            dbf.setNamespaceAware(true);
-            dbf.setValidating(false);
-
-            DocumentBuilder db = dbf.newDocumentBuilder();
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
             Document doc = db.parse(is);
             Node config = doc.getFirstChild();
             for (; config != null; config = config.getNextSibling()) {
@@ -189,7 +179,7 @@
                 }
             }
             if (config == null) {
-                log.log(java.util.logging.Level.SEVERE, "Error in reading configuration file - Configuration element not found");
+                LOG.error("Error in reading configuration file - Configuration element not found");
                 return;
             }
             for (Node el = config.getFirstChild(); el != null; el = el.getNextSibling()) {
@@ -197,11 +187,11 @@
                     continue;
                 }
                 String tag = el.getLocalName();
-                if (tag.equals("ResourceBundles")) {
+                if ("ResourceBundles".equals(tag)) {
                     Element resource = (Element)el;
                     /* configure internationalization */
-                    Attr langAttr = resource.getAttributeNode("defaultLanguageCode");
-                    Attr countryAttr = resource.getAttributeNode("defaultCountryCode");
+                    Attr langAttr = resource.getAttributeNodeNS(null, "defaultLanguageCode");
+                    Attr countryAttr = resource.getAttributeNodeNS(null, "defaultCountryCode");
                     String languageCode =
                         (langAttr == null) ? null : langAttr.getNodeValue();
                     String countryCode =
@@ -209,45 +199,41 @@
                     I18n.init(languageCode, countryCode);
                 }
 
-                if (tag.equals("CanonicalizationMethods")) {
+                if ("CanonicalizationMethods".equals(tag)) {
                     Element[] list =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "CanonicalizationMethod");
 
-                    for (int i = 0; i < list.length; i++) {
-                        String uri = list[i].getAttributeNS(null, "URI");
+                    for (Element element : list) {
+                        String uri = element.getAttributeNS(null, "URI");
                         String javaClass =
-                            list[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         try {
                             Canonicalizer.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Canonicalizer.register(" + uri + ", " + javaClass + ")");
-                            }
+                            LOG.debug("Canonicalizer.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         }
                     }
                 }
 
-                if (tag.equals("TransformAlgorithms")) {
+                if ("TransformAlgorithms".equals(tag)) {
                     Element[] tranElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "TransformAlgorithm");
 
-                    for (int i = 0; i < tranElem.length; i++) {
-                        String uri = tranElem[i].getAttributeNS(null, "URI");
+                    for (Element element : tranElem) {
+                        String uri = element.getAttributeNS(null, "URI");
                         String javaClass =
-                            tranElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         try {
                             Transform.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Transform.register(" + uri + ", " + javaClass + ")");
-                            }
+                            LOG.debug("Transform.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
 
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         } catch (NoClassDefFoundError ex) {
-                            log.log(java.util.logging.Level.WARNING, "Not able to found dependencies for algorithm, I'll keep working.");
+                            LOG.warn("Not able to found dependencies for algorithm, I'll keep working.");
                         }
                     }
                 }
@@ -257,64 +243,54 @@
                     if (algorithmsNode != null) {
                         Element[] algorithms =
                             XMLUtils.selectNodes(algorithmsNode.getFirstChild(), CONF_NS, "Algorithm");
-                        for (int i = 0; i < algorithms.length; i++) {
-                            Element element = algorithms[i];
-                            String id = element.getAttribute("URI");
+                        for (Element element : algorithms) {
+                            String id = element.getAttributeNS(null, "URI");
                             JCEMapper.register(id, new JCEMapper.Algorithm(element));
                         }
                     }
                 }
 
-                if (tag.equals("SignatureAlgorithms")) {
+                if ("SignatureAlgorithms".equals(tag)) {
                     Element[] sigElems =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "SignatureAlgorithm");
 
-                    for (int i = 0; i < sigElems.length; i++) {
-                        String uri = sigElems[i].getAttributeNS(null, "URI");
+                    for (Element sigElem : sigElems) {
+                        String uri = sigElem.getAttributeNS(null, "URI");
                         String javaClass =
-                            sigElems[i].getAttributeNS(null, "JAVACLASS");
+                            sigElem.getAttributeNS(null, "JAVACLASS");
 
                         /** $todo$ handle registering */
 
                         try {
                             SignatureAlgorithm.register(uri, javaClass);
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "SignatureAlgorithm.register(" + uri + ", "
-                                          + javaClass + ")");
-                            }
+                            LOG.debug("SignatureAlgorithm.register({}, {})", uri, javaClass);
                         } catch (ClassNotFoundException e) {
                             Object exArgs[] = { uri, javaClass };
 
-                            log.log(java.util.logging.Level.SEVERE, I18n.translate("algorithm.classDoesNotExist", exArgs));
+                            LOG.error(I18n.translate("algorithm.classDoesNotExist", exArgs));
                         }
                     }
                 }
 
-                if (tag.equals("ResourceResolvers")) {
-                    Element[]resolverElem =
+                if ("ResourceResolvers".equals(tag)) {
+                    Element[] resolverElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
 
-                    for (int i = 0; i < resolverElem.length; i++) {
+                    for (Element element : resolverElem) {
                         String javaClass =
-                            resolverElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         String description =
-                            resolverElem[i].getAttributeNS(null, "DESCRIPTION");
+                            element.getAttributeNS(null, "DESCRIPTION");
 
-                        if ((description != null) && (description.length() > 0)) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass + ": "
-                                          + description);
-                            }
+                        if (description != null && description.length() > 0) {
+                            LOG.debug("Register Resolver: {}: {}", javaClass, description);
                         } else {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass
-                                          + ": For unknown purposes");
-                            }
+                            LOG.debug("Register Resolver: {}: For unknown purposes", javaClass);
                         }
                         try {
                             ResourceResolver.register(javaClass);
                         } catch (Throwable e) {
-                            log.log(java.util.logging.Level.WARNING,
+                            LOG.warn(
                                  "Cannot register:" + javaClass
                                  + " perhaps some needed jars are not installed",
                                  e
@@ -323,26 +299,20 @@
                     }
                 }
 
-                if (tag.equals("KeyResolver")){
+                if ("KeyResolver".equals(tag)){
                     Element[] resolverElem =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "Resolver");
-                    List<String> classNames = new ArrayList<String>(resolverElem.length);
-                    for (int i = 0; i < resolverElem.length; i++) {
+                    List<String> classNames = new ArrayList<>(resolverElem.length);
+                    for (Element element : resolverElem) {
                         String javaClass =
-                            resolverElem[i].getAttributeNS(null, "JAVACLASS");
+                            element.getAttributeNS(null, "JAVACLASS");
                         String description =
-                            resolverElem[i].getAttributeNS(null, "DESCRIPTION");
+                            element.getAttributeNS(null, "DESCRIPTION");
 
-                        if ((description != null) && (description.length() > 0)) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass + ": "
-                                          + description);
-                            }
+                        if (description != null && description.length() > 0) {
+                            LOG.debug("Register Resolver: {}: {}", javaClass, description);
                         } else {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, "Register Resolver: " + javaClass
-                                          + ": For unknown purposes");
-                            }
+                            LOG.debug("Register Resolver: {}: For unknown purposes", javaClass);
                         }
                         classNames.add(javaClass);
                     }
@@ -350,27 +320,22 @@
                 }
 
 
-                if (tag.equals("PrefixMappings")){
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, "Now I try to bind prefixes:");
-                    }
+                if ("PrefixMappings".equals(tag)){
+                    LOG.debug("Now I try to bind prefixes:");
 
                     Element[] nl =
                         XMLUtils.selectNodes(el.getFirstChild(), CONF_NS, "PrefixMapping");
 
-                    for (int i = 0; i < nl.length; i++) {
-                        String namespace = nl[i].getAttributeNS(null, "namespace");
-                        String prefix = nl[i].getAttributeNS(null, "prefix");
-                        if (log.isLoggable(java.util.logging.Level.FINE)) {
-                            log.log(java.util.logging.Level.FINE, "Now I try to bind " + prefix + " to " + namespace);
-                        }
+                    for (Element element : nl) {
+                        String namespace = element.getAttributeNS(null, "namespace");
+                        String prefix = element.getAttributeNS(null, "prefix");
+                        LOG.debug("Now I try to bind {} to {}", prefix, namespace);
                         ElementProxy.setDefaultPrefix(namespace, prefix);
                     }
                 }
             }
         } catch (Exception e) {
-            log.log(java.util.logging.Level.SEVERE, "Bad: ", e);
-            e.printStackTrace();
+            LOG.error("Bad: ", e);
         }
     }
 
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java	Tue Jun 19 08:06:35 2018 +0800
@@ -40,7 +40,6 @@
      */
     public Algorithm(Document doc, String algorithmURI) {
         super(doc);
-
         this.setAlgorithmURI(algorithmURI);
     }
 
@@ -48,11 +47,11 @@
      * Constructor Algorithm
      *
      * @param element
-     * @param BaseURI
+     * @param baseURI
      * @throws XMLSecurityException
      */
-    public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
-        super(element, BaseURI);
+    public Algorithm(Element element, String baseURI) throws XMLSecurityException {
+        super(element, baseURI);
     }
 
     /**
@@ -61,7 +60,7 @@
      * @return The URI of the algorithm
      */
     public String getAlgorithmURI() {
-        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return getLocalAttribute(Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -71,9 +70,7 @@
      */
     protected void setAlgorithmURI(String algorithmURI) {
         if (algorithmURI != null) {
-            this.constructionElement.setAttributeNS(
-                null, Constants._ATT_ALGORITHM, algorithmURI
-            );
+            setLocalAttribute(Constants._ATT_ALGORITHM, algorithmURI);
         }
     }
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/ClassLoaderUtils.java	Tue Jun 19 08:06:35 2018 +0800
@@ -23,211 +23,19 @@
 
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-
-/**
- * This class is extremely useful for loading resources and classes in a fault
- * tolerant manner that works across different applications servers. Do not
- * touch this unless you're a grizzled classloading guru veteran who is going to
- * verify any change on 6 different application servers.
- */
 // NOTE! This is a duplicate of utils.ClassLoaderUtils with public
 // modifiers changed to package-private. Make sure to integrate any future
 // changes to utils.ClassLoaderUtils to this file.
 final class ClassLoaderUtils {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static final java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(ClassLoaderUtils.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
 
     private ClassLoaderUtils() {
     }
 
     /**
-     * Load a given resource. <p/> This method will try to load the resource
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static URL getResource(String resourceName, Class<?> callingClass) {
-        URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url =
-                Thread.currentThread().getContextClassLoader().getResource(
-                    resourceName.substring(1)
-                );
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (url == null) {
-            url = cluClassloader.getResource(resourceName);
-        }
-        if (url == null && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            url = cluClassloader.getResource(resourceName.substring(1));
-        }
-
-        if (url == null) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                url = cl.getResource(resourceName);
-            }
-        }
-
-        if (url == null) {
-            url = callingClass.getResource(resourceName);
-        }
-
-        if ((url == null) && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResource('/' + resourceName, callingClass);
-        }
-
-        return url;
-    }
-
-    /**
-     * Load a given resources. <p/> This method will try to load the resources
-     * using the following methods (in order):
-     * <ul>
-     * <li>From Thread.currentThread().getContextClassLoader()
-     * <li>From ClassLoaderUtil.class.getClassLoader()
-     * <li>callingClass.getClassLoader()
-     * </ul>
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static List<URL> getResources(String resourceName, Class<?> callingClass) {
-        List<URL> ret = new ArrayList<URL>();
-        Enumeration<URL> urls = new Enumeration<URL>() {
-            public boolean hasMoreElements() {
-                return false;
-            }
-            public URL nextElement() {
-                return null;
-            }
-
-        };
-        try {
-            urls = Thread.currentThread().getContextClassLoader().getResources(resourceName);
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            //ignore
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls =
-                    Thread.currentThread().getContextClassLoader().getResources(
-                        resourceName.substring(1)
-                    );
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        ClassLoader cluClassloader = ClassLoaderUtils.class.getClassLoader();
-        if (cluClassloader == null) {
-            cluClassloader = ClassLoader.getSystemClassLoader();
-        }
-        if (!urls.hasMoreElements()) {
-            try {
-                urls = cluClassloader.getResources(resourceName);
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-        if (!urls.hasMoreElements() && resourceName.startsWith("/")) {
-            //certain classloaders need it without the leading /
-            try {
-                urls = cluClassloader.getResources(resourceName.substring(1));
-            } catch (IOException e) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                }
-                // ignore
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            ClassLoader cl = callingClass.getClassLoader();
-
-            if (cl != null) {
-                try {
-                    urls = cl.getResources(resourceName);
-                } catch (IOException e) {
-                    if (log.isLoggable(java.util.logging.Level.FINE)) {
-                        log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-                    }
-                    // ignore
-                }
-            }
-        }
-
-        if (!urls.hasMoreElements()) {
-            URL url = callingClass.getResource(resourceName);
-            if (url != null) {
-                ret.add(url);
-            }
-        }
-        while (urls.hasMoreElements()) {
-            ret.add(urls.nextElement());
-        }
-
-
-        if (ret.isEmpty() && (resourceName != null) && (resourceName.charAt(0) != '/')) {
-            return getResources('/' + resourceName, callingClass);
-        }
-        return ret;
-    }
-
-
-    /**
-     * This is a convenience method to load a resource as a stream. <p/> The
-     * algorithm used to find the resource is given in getResource()
-     *
-     * @param resourceName The name of the resource to load
-     * @param callingClass The Class object of the calling object
-     */
-    static InputStream getResourceAsStream(String resourceName, Class<?> callingClass) {
-        URL url = getResource(resourceName, callingClass);
-
-        try {
-            return (url != null) ? url.openStream() : null;
-        } catch (IOException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
-            return null;
-        }
-    }
-
-    /**
-     * Load a class with a given name. <p/> It will try to load the class in the
+     * Load a class with a given name. <p></p> It will try to load the class in the
      * following order:
      * <ul>
      * <li>From Thread.currentThread().getContextClassLoader()
@@ -249,9 +57,7 @@
                 return cl.loadClass(className);
             }
         } catch (ClassNotFoundException e) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, e.getMessage(), e);
-            }
+            LOG.debug(e.getMessage(), e);
             //ignore
         }
         return loadClass2(className, callingClass);
@@ -271,9 +77,7 @@
                     return callingClass.getClassLoader().loadClass(className);
                 }
             }
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, ex.getMessage(), ex);
-            }
+            LOG.debug(ex.getMessage(), ex);
             throw ex;
         }
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,7 +25,6 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.sun.org.apache.xml.internal.security.encryption.XMLCipher;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 import org.w3c.dom.Element;
@@ -36,14 +35,13 @@
  */
 public class JCEMapper {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(JCEMapper.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(JCEMapper.class);
 
     private static Map<String, Algorithm> algorithmsMap =
         new ConcurrentHashMap<String, Algorithm>();
 
-    private static String providerName = null;
+    private static String providerName;
 
     /**
      * Method register
@@ -62,6 +60,7 @@
      * This method registers the default algorithms.
      */
     public static void registerDefaultAlgorithms() {
+        // Digest algorithms
         algorithmsMap.put(
             MessageDigestAlgorithm.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5,
             new Algorithm("", "MD5", "MessageDigest")
@@ -75,6 +74,10 @@
             new Algorithm("", "SHA-1", "MessageDigest")
         );
         algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA224,
+            new Algorithm("", "SHA-224", "MessageDigest")
+        );
+        algorithmsMap.put(
             MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256,
             new Algorithm("", "SHA-256", "MessageDigest")
         );
@@ -87,136 +90,149 @@
             new Algorithm("", "SHA-512", "MessageDigest")
         );
         algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_WHIRLPOOL,
+            new Algorithm("", "WHIRLPOOL", "MessageDigest")
+        );
+        algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_224,
+            new Algorithm("", "SHA3-224", "MessageDigest")
+        );
+        algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_256,
+            new Algorithm("", "SHA3-256", "MessageDigest")
+        );
+        algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_384,
+            new Algorithm("", "SHA3-384", "MessageDigest")
+        );
+        algorithmsMap.put(
+            MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA3_512,
+            new Algorithm("", "SHA3-512", "MessageDigest")
+        );
+        // Signature algorithms
+        algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_DSA,
-            new Algorithm("", "SHA1withDSA", "Signature")
+            new Algorithm("DSA", "SHA1withDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_DSA_SHA256,
-            new Algorithm("", "SHA256withDSA", "Signature")
+            new Algorithm("DSA", "SHA256withDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5,
-            new Algorithm("", "MD5withRSA", "Signature")
+            new Algorithm("RSA", "MD5withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160,
-            new Algorithm("", "RIPEMD160withRSA", "Signature")
+            new Algorithm("RSA", "RIPEMD160withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
-            new Algorithm("", "SHA1withRSA", "Signature")
+            new Algorithm("RSA", "SHA1withRSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224,
+            new Algorithm("RSA", "SHA224withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256,
-            new Algorithm("", "SHA256withRSA", "Signature")
+            new Algorithm("RSA", "SHA256withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384,
-            new Algorithm("", "SHA384withRSA", "Signature")
+            new Algorithm("RSA", "SHA384withRSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
-            new Algorithm("", "SHA512withRSA", "Signature")
+            new Algorithm("RSA", "SHA512withRSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1,
+            new Algorithm("RSA", "SHA1withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1,
+            new Algorithm("RSA", "SHA224withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1,
+            new Algorithm("RSA", "SHA256withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1,
+            new Algorithm("RSA", "SHA384withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1,
+            new Algorithm("RSA", "SHA512withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1,
+             new Algorithm("RSA", "SHA3-224withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1,
+             new Algorithm("RSA", "SHA3-256withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1,
+             new Algorithm("RSA", "SHA3-384withRSAandMGF1", "Signature")
+        );
+        algorithmsMap.put(
+             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1,
+             new Algorithm("RSA", "SHA3-512withRSAandMGF1", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
-            new Algorithm("", "SHA1withECDSA", "Signature")
+            new Algorithm("EC", "SHA1withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224,
+            new Algorithm("EC", "SHA224withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
-            new Algorithm("", "SHA256withECDSA", "Signature")
+            new Algorithm("EC", "SHA256withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
-            new Algorithm("", "SHA384withECDSA", "Signature")
+            new Algorithm("EC", "SHA384withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
-            new Algorithm("", "SHA512withECDSA", "Signature")
+            new Algorithm("EC", "SHA512withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160,
+            new Algorithm("EC", "RIPEMD160withECDSA", "Signature")
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
-            new Algorithm("", "HmacMD5", "Mac")
+            new Algorithm("", "HmacMD5", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160,
-            new Algorithm("", "HMACRIPEMD160", "Mac")
+            new Algorithm("", "HMACRIPEMD160", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
-            new Algorithm("", "HmacSHA1", "Mac")
+            new Algorithm("", "HmacSHA1", "Mac", 0, 0)
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_MAC_HMAC_SHA224,
+            new Algorithm("", "HmacSHA224", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA256,
-            new Algorithm("", "HmacSHA256", "Mac")
+            new Algorithm("", "HmacSHA256", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA384,
-            new Algorithm("", "HmacSHA384", "Mac")
+            new Algorithm("", "HmacSHA384", "Mac", 0, 0)
         );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA512,
-            new Algorithm("", "HmacSHA512", "Mac")
-        );
-        algorithmsMap.put(
-            XMLCipher.TRIPLEDES,
-            new Algorithm("DESede", "DESede/CBC/ISO10126Padding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256,
-            new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256_GCM,
-            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_v1dot5,
-            new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_OAEP,
-            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.RSA_OAEP_11,
-            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
-        );
-        algorithmsMap.put(
-            XMLCipher.DIFFIE_HELLMAN,
-            new Algorithm("", "", "KeyAgreement")
-        );
-        algorithmsMap.put(
-            XMLCipher.TRIPLEDES_KeyWrap,
-            new Algorithm("DESede", "DESedeWrap", "SymmetricKeyWrap", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_128_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 128)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_192_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 192)
-        );
-        algorithmsMap.put(
-            XMLCipher.AES_256_KeyWrap,
-            new Algorithm("AES", "AESWrap", "SymmetricKeyWrap", 256)
+            new Algorithm("", "HmacSHA512", "Mac", 0, 0)
         );
     }
 
@@ -227,11 +243,7 @@
      * @return the JCE standard name corresponding to the given URI
      */
     public static String translateURItoJCEID(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.jceName;
         }
@@ -244,11 +256,7 @@
      * @return the class name that implements this algorithm
      */
     public static String getAlgorithmClassFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.algorithmClass;
         }
@@ -262,16 +270,21 @@
      * @return The length of the key used in the algorithm
      */
     public static int getKeyLengthFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
-        }
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
         if (algorithm != null) {
             return algorithm.keyLength;
         }
         return 0;
     }
 
+    public static int getIVLengthFromURI(String algorithmURI) {
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+        if (algorithm != null) {
+            return algorithm.ivLength;
+        }
+        return 0;
+    }
+
     /**
      * Method getJCEKeyAlgorithmFromURI
      *
@@ -279,12 +292,38 @@
      * @return The KeyAlgorithm for the given URI.
      */
     public static String getJCEKeyAlgorithmFromURI(String algorithmURI) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Request for URI " + algorithmURI);
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+         if (algorithm != null) {
+             return algorithm.requiredKey;
+         }
+        return null;
+    }
+
+    /**
+     * Method getJCEProviderFromURI
+     *
+     * @param algorithmURI
+     * @return The JCEProvider for the given URI.
+     */
+    public static String getJCEProviderFromURI(String algorithmURI) {
+        Algorithm algorithm = getAlgorithm(algorithmURI);
+        if (algorithm != null) {
+            return algorithm.jceProvider;
         }
-        Algorithm algorithm = algorithmsMap.get(algorithmURI);
-        if (algorithm != null) {
-            return algorithm.requiredKey;
+        return null;
+    }
+
+    /**
+     * Method getAlgorithm
+     *
+     * @param algorithmURI
+     * @return The Algorithm object for the given URI.
+     */
+    private static Algorithm getAlgorithm(String algorithmURI) {
+        LOG.debug("Request for URI {}", algorithmURI);
+
+        if (algorithmURI != null) {
+            return algorithmsMap.get(algorithmURI);
         }
         return null;
     }
@@ -301,7 +340,7 @@
      * Sets the default Provider for obtaining the security algorithms
      * @param provider the default providerId.
      * @throws SecurityException if a security manager is installed and the
-     *    caller does not have permission to set the JCE provider
+     *    caller does not have permission to register the JCE algorithm
      */
     public static void setProviderId(String provider) {
         JavaUtils.checkRegisterPermission();
@@ -317,40 +356,54 @@
         final String jceName;
         final String algorithmClass;
         final int keyLength;
+        final int ivLength;
+        final String jceProvider;
 
         /**
          * Gets data from element
          * @param el
          */
         public Algorithm(Element el) {
-            requiredKey = el.getAttribute("RequiredKey");
-            jceName = el.getAttribute("JCEName");
-            algorithmClass = el.getAttribute("AlgorithmClass");
+            requiredKey = el.getAttributeNS(null, "RequiredKey");
+            jceName = el.getAttributeNS(null, "JCEName");
+            algorithmClass = el.getAttributeNS(null, "AlgorithmClass");
+            jceProvider = el.getAttributeNS(null, "JCEProvider");
             if (el.hasAttribute("KeyLength")) {
-                keyLength = Integer.parseInt(el.getAttribute("KeyLength"));
+                keyLength = Integer.parseInt(el.getAttributeNS(null, "KeyLength"));
             } else {
                 keyLength = 0;
             }
+            if (el.hasAttribute("IVLength")) {
+                ivLength = Integer.parseInt(el.getAttributeNS(null, "IVLength"));
+            } else {
+                ivLength = 0;
+            }
         }
 
         public Algorithm(String requiredKey, String jceName) {
-            this(requiredKey, jceName, null, 0);
+            this(requiredKey, jceName, null, 0, 0);
         }
 
         public Algorithm(String requiredKey, String jceName, String algorithmClass) {
-            this(requiredKey, jceName, algorithmClass, 0);
+            this(requiredKey, jceName, algorithmClass, 0, 0);
         }
 
         public Algorithm(String requiredKey, String jceName, int keyLength) {
-            this(requiredKey, jceName, null, keyLength);
+            this(requiredKey, jceName, null, keyLength, 0);
         }
 
-        public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength) {
+        public Algorithm(String requiredKey, String jceName, String algorithmClass, int keyLength, int ivLength) {
+            this(requiredKey, jceName, algorithmClass, keyLength, ivLength, null);
+        }
+
+        public Algorithm(String requiredKey, String jceName,
+                         String algorithmClass, int keyLength, int ivLength, String jceProvider) {
             this.requiredKey = requiredKey;
             this.jceName = jceName;
             this.algorithmClass = algorithmClass;
             this.keyLength = keyLength;
+            this.ivLength = ivLength;
+            this.jceProvider = jceProvider;
         }
     }
-
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java	Tue Jun 19 08:06:35 2018 +0800
@@ -31,7 +31,7 @@
 import org.w3c.dom.Document;
 
 /**
- * Digest Message wrapper & selector class.
+ * Digest Message wrapper and selector class.
  *
  * <pre>
  * MessageDigestAlgorithm.getInstance()
@@ -44,6 +44,9 @@
         Constants.MoreAlgorithmsSpecNS + "md5";
     /** Digest - Required SHA1*/
     public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
+    /** Message Digest - OPTIONAL SHA224*/
+    public static final String ALGO_ID_DIGEST_SHA224 =
+        Constants.MoreAlgorithmsSpecNS + "sha224";
     /** Message Digest - RECOMMENDED SHA256*/
     public static final String ALGO_ID_DIGEST_SHA256 =
         EncryptionConstants.EncryptionSpecNS + "sha256";
@@ -57,6 +60,18 @@
     public static final String ALGO_ID_DIGEST_RIPEMD160 =
         EncryptionConstants.EncryptionSpecNS + "ripemd160";
 
+    // Newer digest algorithms...all optional
+    public static final String ALGO_ID_DIGEST_WHIRLPOOL =
+        Constants.XML_DSIG_NS_MORE_07_05 + "whirlpool";
+    public static final String ALGO_ID_DIGEST_SHA3_224 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-224";
+    public static final String ALGO_ID_DIGEST_SHA3_256 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-256";
+    public static final String ALGO_ID_DIGEST_SHA3_384 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-384";
+    public static final String ALGO_ID_DIGEST_SHA3_512 =
+        Constants.XML_DSIG_NS_MORE_07_05 + "sha3-512";
+
     /** Field algorithm stores the actual {@link java.security.MessageDigest} */
     private final MessageDigest algorithm;
 
@@ -121,7 +136,7 @@
      *
      * @return the actual {@link java.security.MessageDigest} algorithm object
      */
-    public java.security.MessageDigest getAlgorithm() {
+    public MessageDigest getAlgorithm() {
         return algorithm;
     }
 
@@ -134,7 +149,7 @@
      * @return the result of the {@link java.security.MessageDigest#isEqual} method
      */
     public static boolean isEqual(byte[] digesta, byte[] digestb) {
-        return java.security.MessageDigest.isEqual(digesta, digestb);
+        return MessageDigest.isEqual(digesta, digestb);
     }
 
     /**
@@ -243,12 +258,12 @@
         algorithm.update(buf, offset, len);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseNamespace() {
         return Constants.SignatureSpecNS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public String getBaseLocalName() {
         return Constants._TAG_DIGESTMETHOD;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Tue Jun 19 08:06:35 2018 +0800
@@ -46,13 +46,11 @@
  * Allows selection of digital signature's algorithm, private keys, other
  * security parameters, and algorithm's ID.
  *
- * @author Christian Geuer-Pollmann
  */
 public class SignatureAlgorithm extends Algorithm {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureAlgorithm.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureAlgorithm.class);
 
     /** All available algorithm classes are registered here */
     private static Map<String, Class<? extends SignatureAlgorithmSpi>> algorithmHash =
@@ -75,7 +73,7 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
     }
 
     /**
@@ -93,10 +91,10 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
 
         signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
-        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
+        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(getElement());
     }
 
     /**
@@ -107,7 +105,7 @@
      * @throws XMLSecurityException
      */
     public SignatureAlgorithm(Element element, String baseURI) throws XMLSecurityException {
-        this(element, baseURI, false);
+        this(element, baseURI, true);
     }
 
     /**
@@ -137,7 +135,7 @@
         }
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(getElement());
     }
 
     /**
@@ -148,22 +146,17 @@
         try {
             Class<? extends SignatureAlgorithmSpi> implementingClass =
                 algorithmHash.get(algorithmURI);
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Create URI \"" + algorithmURI + "\" class \""
-                   + implementingClass + "\"");
+            LOG.debug("Create URI \"{}\" class \"{}\"", algorithmURI, implementingClass);
+            if (implementingClass == null) {
+                Object exArgs[] = { algorithmURI };
+                throw new XMLSignatureException("algorithms.NoSuchAlgorithmNoEx", exArgs);
             }
             @SuppressWarnings("deprecation")
-            SignatureAlgorithmSpi result = implementingClass.newInstance();
-            return result;
-        }  catch (IllegalAccessException ex) {
+            SignatureAlgorithmSpi tmp = implementingClass.newInstance();
+            return tmp;
+        }  catch (IllegalAccessException | InstantiationException | NullPointerException ex) {
             Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
-        } catch (InstantiationException ex) {
-            Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
-        } catch (NullPointerException ex) {
-            Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
+            throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
         }
     }
 
@@ -313,14 +306,14 @@
      * @return the URI representation of Transformation algorithm
      */
     public final String getURI() {
-        return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return getLocalAttribute(Constants._ATT_ALGORITHM);
     }
 
     /**
      * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
-     * @param implementingClass <code>implementingClass</code> the implementing class of
+     * @param algorithmURI algorithmURI URI representation of {@code SignatureAlgorithm}.
+     * @param implementingClass {@code implementingClass} the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
@@ -332,9 +325,7 @@
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
         JavaUtils.checkRegisterPermission();
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
-        }
+        LOG.debug("Try to register {} {}", algorithmURI, implementingClass);
 
         // are we already registered?
         Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
@@ -351,15 +342,15 @@
             algorithmHash.put(algorithmURI, clazz);
         } catch (NullPointerException ex) {
             Object exArgs[] = { algorithmURI, ex.getMessage() };
-            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs, ex);
+            throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
         }
     }
 
     /**
-     * Registers implementing class of the Transform algorithm with algorithmURI
+     * Registers implementing class of the SignatureAlgorithm with algorithmURI
      *
-     * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
-     * @param implementingClass <code>implementingClass</code> the implementing class of
+     * @param algorithmURI algorithmURI URI representation of {@code SignatureAlgorithm}.
+     * @param implementingClass {@code implementingClass} the implementing class of
      * {@link SignatureAlgorithmSpi}
      * @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
      * @throws XMLSignatureException
@@ -370,9 +361,7 @@
        throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
            XMLSignatureException {
         JavaUtils.checkRegisterPermission();
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Try to register " + algorithmURI + " " + implementingClass);
-        }
+        LOG.debug("Try to register {} {}", algorithmURI, implementingClass);
 
         // are we already registered?
         Class<? extends SignatureAlgorithmSpi> registeredClass = algorithmHash.get(algorithmURI);
@@ -410,6 +399,9 @@
             SignatureBaseRSA.SignatureRSARIPEMD160.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224, SignatureBaseRSA.SignatureRSASHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureBaseRSA.SignatureRSASHA256.class
         );
         algorithmHash.put(
@@ -419,9 +411,39 @@
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512, SignatureBaseRSA.SignatureRSASHA512.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1, SignatureBaseRSA.SignatureRSASHA1MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1, SignatureBaseRSA.SignatureRSASHA224MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1, SignatureBaseRSA.SignatureRSASHA256MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1, SignatureBaseRSA.SignatureRSASHA384MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1, SignatureBaseRSA.SignatureRSASHA512MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1, SignatureBaseRSA.SignatureRSASHA3_224MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1, SignatureBaseRSA.SignatureRSASHA3_256MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1, SignatureBaseRSA.SignatureRSASHA3_384MGF1.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1, SignatureBaseRSA.SignatureRSASHA3_512MGF1.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224, SignatureECDSA.SignatureECDSASHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
         );
         algorithmHash.put(
@@ -431,12 +453,18 @@
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160, SignatureECDSA.SignatureECDSARIPEMD160.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );
         algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160, IntegrityHmac.IntegrityHmacRIPEMD160.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_MAC_HMAC_SHA224, IntegrityHmac.IntegrityHmacSHA224.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_SHA256, IntegrityHmac.IntegrityHmacSHA256.class
         );
         algorithmHash.put(
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java	Tue Jun 19 08:06:35 2018 +0800
@@ -32,9 +32,9 @@
 public abstract class SignatureAlgorithmSpi {
 
     /**
-     * Returns the URI representation of <code>Transformation algorithm</code>
+     * Returns the URI representation of {@code Transformation algorithm}
      *
-     * @return the URI representation of <code>Transformation algorithm</code>
+     * @return the URI representation of {@code Transformation algorithm}
      */
     protected abstract String engineGetURI();
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/ECDSAUtils.java	Tue Jun 19 08:06:35 2018 +0800
@@ -0,0 +1,918 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.algorithms.implementations;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.*;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+public final class ECDSAUtils {
+
+    private ECDSAUtils() {
+        // complete
+    }
+
+    /**
+     * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+     * <p></p>
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
+     * pairs; the XML Signature requires the core BigInteger values.
+     *
+     * @param asn1Bytes
+     * @return the decode bytes
+     * @throws IOException
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     */
+    public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
+
+        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+        int offset;
+        if (asn1Bytes[1] > 0) {
+            offset = 2;
+        } else if (asn1Bytes[1] == (byte) 0x81) {
+            offset = 3;
+        } else {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+
+        byte rLength = asn1Bytes[offset + 1];
+        int i;
+
+        for (i = rLength; i > 0 && asn1Bytes[offset + 2 + rLength - i] == 0; i--); //NOPMD
+
+        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
+        int j;
+
+        for (j = sLength; j > 0 && asn1Bytes[offset + 2 + rLength + 2 + sLength - j] == 0; j--); //NOPMD
+
+        int rawLen = Math.max(i, j);
+
+        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
+                || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
+                || asn1Bytes[offset] != 2
+                || asn1Bytes[offset + 2 + rLength] != 2) {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+        byte xmldsigBytes[] = new byte[2 * rawLen];
+
+        System.arraycopy(asn1Bytes, offset + 2 + rLength - i, xmldsigBytes, rawLen - i, i);
+        System.arraycopy(asn1Bytes, offset + 2 + rLength + 2 + sLength - j, xmldsigBytes,
+                2 * rawLen - j, j);
+
+        return xmldsigBytes;
+    }
+
+    /**
+     * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
+     * <p></p>
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
+     * pairs; the XML Signature requires the core BigInteger values.
+     *
+     * @param xmldsigBytes
+     * @return the encoded ASN.1 bytes
+     * @throws IOException
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     */
+    public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
+
+        int rawLen = xmldsigBytes.length / 2;
+
+        int i;
+
+        for (i = rawLen; i > 0 && xmldsigBytes[rawLen - i] == 0; i--); //NOPMD
+
+        int j = i;
+
+        if (xmldsigBytes[rawLen - i] < 0) {
+            j += 1;
+        }
+
+        int k;
+
+        for (k = rawLen; k > 0 && xmldsigBytes[2 * rawLen - k] == 0; k--); //NOPMD
+
+        int l = k;
+
+        if (xmldsigBytes[2 * rawLen - k] < 0) {
+            l += 1;
+        }
+
+        int len = 2 + j + 2 + l;
+        if (len > 255) {
+            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+        }
+        int offset;
+        byte asn1Bytes[];
+        if (len < 128) {
+            asn1Bytes = new byte[2 + 2 + j + 2 + l];
+            offset = 1;
+        } else {
+            asn1Bytes = new byte[3 + 2 + j + 2 + l];
+            asn1Bytes[1] = (byte) 0x81;
+            offset = 2;
+        }
+        asn1Bytes[0] = 48;
+        asn1Bytes[offset++] = (byte) len;
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) j;
+
+        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, offset + j - i, i);
+
+        offset += j;
+
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) l;
+
+        System.arraycopy(xmldsigBytes, 2 * rawLen - k, asn1Bytes, offset + l - k, k);
+
+        return asn1Bytes;
+    }
+
+    private static final List<ECCurveDefinition> ecCurveDefinitions = new ArrayList<>();
+
+    static {
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp112r1",
+                        "1.3.132.0.6",
+                        "db7c2abf62e35e668076bead208b",
+                        "db7c2abf62e35e668076bead2088",
+                        "659ef8ba043916eede8911702b22",
+                        "09487239995a5ee76b55f9c2f098",
+                        "a89ce5af8724c0a23e0e0ff77500",
+                        "db7c2abf62e35e7628dfac6561c5",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp112r2",
+                        "1.3.132.0.7",
+                        "db7c2abf62e35e668076bead208b",
+                        "6127c24c05f38a0aaaf65c0ef02c",
+                        "51def1815db5ed74fcc34c85d709",
+                        "4ba30ab5e892b4e1649dd0928643",
+                        "adcd46f5882e3747def36e956e97",
+                        "36df0aafd8b8d7597ca10520d04b",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp128r1",
+                        "1.3.132.0.28",
+                        "fffffffdffffffffffffffffffffffff",
+                        "fffffffdfffffffffffffffffffffffc",
+                        "e87579c11079f43dd824993c2cee5ed3",
+                        "161ff7528b899b2d0c28607ca52c5b86",
+                        "cf5ac8395bafeb13c02da292dded7a83",
+                        "fffffffe0000000075a30d1b9038a115",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp128r2",
+                        "1.3.132.0.29",
+                        "fffffffdffffffffffffffffffffffff",
+                        "d6031998d1b3bbfebf59cc9bbff9aee1",
+                        "5eeefca380d02919dc2c6558bb6d8a5d",
+                        "7b6aa5d85e572983e6fb32a7cdebc140",
+                        "27b6916a894d3aee7106fe805fc34b44",
+                        "3fffffff7fffffffbe0024720613b5a3",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160k1",
+                        "1.3.132.0.9",
+                        "fffffffffffffffffffffffffffffffeffffac73",
+                        "0000000000000000000000000000000000000000",
+                        "0000000000000000000000000000000000000007",
+                        "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
+                        "938cf935318fdced6bc28286531733c3f03c4fee",
+                        "0100000000000000000001b8fa16dfab9aca16b6b3",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160r1",
+                        "1.3.132.0.8",
+                        "ffffffffffffffffffffffffffffffff7fffffff",
+                        "ffffffffffffffffffffffffffffffff7ffffffc",
+                        "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
+                        "4a96b5688ef573284664698968c38bb913cbfc82",
+                        "23a628553168947d59dcc912042351377ac5fb32",
+                        "0100000000000000000001f4c8f927aed3ca752257",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp160r2",
+                        "1.3.132.0.30",
+                        "fffffffffffffffffffffffffffffffeffffac73",
+                        "fffffffffffffffffffffffffffffffeffffac70",
+                        "b4e134d3fb59eb8bab57274904664d5af50388ba",
+                        "52dcb034293a117e1f4ff11b30f7199d3144ce6d",
+                        "feaffef2e331f296e071fa0df9982cfea7d43f2e",
+                        "0100000000000000000000351ee786a818f3a1a16b",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp192k1",
+                        "1.3.132.0.31",
+                        "fffffffffffffffffffffffffffffffffffffffeffffee37",
+                        "000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000003",
+                        "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
+                        "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+                        "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp192r1 [NIST P-192, X9.62 prime192v1]",
+                        "1.2.840.10045.3.1.1",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
+                        "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+                        "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+                        "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp224k1",
+                        "1.3.132.0.32",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d",
+                        "00000000000000000000000000000000000000000000000000000000",
+                        "00000000000000000000000000000000000000000000000000000005",
+                        "a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c",
+                        "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+                        "010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp224r1 [NIST P-224]",
+                        "1.3.132.0.33",
+                        "ffffffffffffffffffffffffffffffff000000000000000000000001",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
+                        "b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
+                        "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+                        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+                        "ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp256k1",
+                        "1.3.132.0.10",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
+                        "0000000000000000000000000000000000000000000000000000000000000000",
+                        "0000000000000000000000000000000000000000000000000000000000000007",
+                        "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+                        "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+                        "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp256r1 [NIST P-256, X9.62 prime256v1]",
+                        "1.2.840.10045.3.1.7",
+                        "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+                        "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+                        "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+                        "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+                        "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+                        "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp384r1 [NIST P-384]",
+                        "1.3.132.0.34",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+                        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
+                        "b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
+                        "aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
+                        "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",
+                        "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "secp521r1 [NIST P-521]",
+                        "1.3.132.0.35",
+                        "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+                        "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+                        "0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+                        "00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+                        "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+                        "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime192v2",
+                        "1.2.840.10045.3.1.2",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953",
+                        "eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a",
+                        "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+                        "fffffffffffffffffffffffe5fb1a724dc80418648d8dd31",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime192v3",
+                        "1.2.840.10045.3.1.3",
+                        "fffffffffffffffffffffffffffffffeffffffffffffffff",
+                        "fffffffffffffffffffffffffffffffefffffffffffffffc",
+                        "22123dc2395a05caa7423daeccc94760a7d462256bd56916",
+                        "7d29778100c65a1da1783716588dce2b8b4aee8e228f1896",
+                        "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+                        "ffffffffffffffffffffffff7a62d031c83f4294f640ec13",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v1",
+                        "1.2.840.10045.3.1.4",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
+                        "0ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf",
+                        "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
+                        "7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v2",
+                        "1.2.840.10045.3.1.5",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c",
+                        "38af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7",
+                        "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
+                        "7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 prime239v3",
+                        "1.2.840.10045.3.1.6",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007fffffffffff",
+                        "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
+                        "255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e",
+                        "6768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a",
+                        "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
+                        "7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551",
+                        1)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect113r1",
+                        "1.3.132.0.4",
+                        "020000000000000000000000000201",
+                        "003088250ca6e7c7fe649ce85820f7",
+                        "00e8bee4d3e2260744188be0e9c723",
+                        "009d73616f35f4ab1407d73562c10f",
+                        "00a52830277958ee84d1315ed31886",
+                        "0100000000000000d9ccec8a39e56f",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect113r2",
+                        "1.3.132.0.5",
+                        "020000000000000000000000000201",
+                        "00689918dbec7e5a0dd6dfc0aa55c7",
+                        "0095e9a9ec9b297bd4bf36e059184f",
+                        "01a57a6a7b26ca5ef52fcdb8164797",
+                        "00b3adc94ed1fe674c06e695baba1d",
+                        "010000000000000108789b2496af93",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect131r1",
+                        "1.3.132.0.22",
+                        "080000000000000000000000000000010d",
+                        "07a11b09a76b562144418ff3ff8c2570b8",
+                        "0217c05610884b63b9c6c7291678f9d341",
+                        "0081baf91fdf9833c40f9c181343638399",
+                        "078c6e7ea38c001f73c8134b1b4ef9e150",
+                        "0400000000000000023123953a9464b54d",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect131r2",
+                        "1.3.132.0.23",
+                        "080000000000000000000000000000010d",
+                        "03e5a88919d7cafcbf415f07c2176573b2",
+                        "04b8266a46c55657ac734ce38f018f2192",
+                        "0356dcd8f2f95031ad652d23951bb366a8",
+                        "0648f06d867940a5366d9e265de9eb240f",
+                        "0400000000000000016954a233049ba98f",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163k1 [NIST K-163]",
+                        "1.3.132.0.1",
+                        "0800000000000000000000000000000000000000c9",
+                        "000000000000000000000000000000000000000001",
+                        "000000000000000000000000000000000000000001",
+                        "02fe13c0537bbc11acaa07d793de4e6d5e5c94eee8",
+                        "0289070fb05d38ff58321f2e800536d538ccdaa3d9",
+                        "04000000000000000000020108a2e0cc0d99f8a5ef",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163r1",
+                        "1.3.132.0.2",
+                        "0800000000000000000000000000000000000000c9",
+                        "07b6882caaefa84f9554ff8428bd88e246d2782ae2",
+                        "0713612dcddcb40aab946bda29ca91f73af958afd9",
+                        "0369979697ab43897789566789567f787a7876a654",
+                        "00435edb42efafb2989d51fefce3c80988f41ff883",
+                        "03ffffffffffffffffffff48aab689c29ca710279b",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect163r2 [NIST B-163]",
+                        "1.3.132.0.15",
+                        "0800000000000000000000000000000000000000c9",
+                        "000000000000000000000000000000000000000001",
+                        "020a601907b8c953ca1481eb10512f78744a3205fd",
+                        "03f0eba16286a2d57ea0991168d4994637e8343e36",
+                        "00d51fbc6c71a0094fa2cdd545b11c5c0c797324f1",
+                        "040000000000000000000292fe77e70c12a4234c33",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect193r1",
+                        "1.3.132.0.24",
+                        "02000000000000000000000000000000000000000000008001",
+                        "0017858feb7a98975169e171f77b4087de098ac8a911df7b01",
+                        "00fdfb49bfe6c3a89facadaa7a1e5bbc7cc1c2e5d831478814",
+                        "01f481bc5f0ff84a74ad6cdf6fdef4bf6179625372d8c0c5e1",
+                        "0025e399f2903712ccf3ea9e3a1ad17fb0b3201b6af7ce1b05",
+                        "01000000000000000000000000c7f34a778f443acc920eba49",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect193r2",
+                        "1.3.132.0.25",
+                        "02000000000000000000000000000000000000000000008001",
+                        "0163f35a5137c2ce3ea6ed8667190b0bc43ecd69977702709b",
+                        "00c9bb9e8927d4d64c377e2ab2856a5b16e3efb7f61d4316ae",
+                        "00d9b67d192e0367c803f39e1a7e82ca14a651350aae617e8f",
+                        "01ce94335607c304ac29e7defbd9ca01f596f927224cdecf6c",
+                        "010000000000000000000000015aab561b005413ccd4ee99d5",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect233k1 [NIST K-233]",
+                        "1.3.132.0.26",
+                        "020000000000000000000000000000000000000004000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "017232ba853a7e731af129f22ff4149563a419c26bf50a4c9d6eefad6126",
+                        "01db537dece819b7f70f555a67c427a8cd9bf18aeb9b56e0c11056fae6a3",
+                        "008000000000000000000000000000069d5bb915bcd46efb1ad5f173abdf",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect233r1 [NIST B-233]",
+                        "1.3.132.0.27",
+                        "020000000000000000000000000000000000000004000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "0066647ede6c332c7f8c0923bb58213b333b20e9ce4281fe115f7d8f90ad",
+                        "00fac9dfcbac8313bb2139f1bb755fef65bc391f8b36f8f8eb7371fd558b",
+                        "01006a08a41903350678e58528bebf8a0beff867a7ca36716f7e01f81052",
+                        "01000000000000000000000000000013e974e72f8a6922031d2603cfe0d7",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect239k1",
+                        "1.3.132.0.3",
+                        "800000000000000000004000000000000000000000000000000000000001",
+                        "000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000001",
+                        "29a0b6a887a983e9730988a68727a8b2d126c44cc2cc7b2a6555193035dc",
+                        "76310804f12e549bdb011c103089e73510acb275fc312a5dc6b76553f0ca",
+                        "2000000000000000000000000000005a79fec67cb6e91f1c1da800e478a5",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect283k1 [NIST K-283]",
+                        "1.3.132.0.16",
+                        "0800000000000000000000000000000000000000000000000000000000000000000010a1",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0503213f78ca44883f1a3b8162f188e553cd265f23c1567a16876913b0c2ac2458492836",
+                        "01ccda380f1c9e318d90f95d07e5426fe87e45c0e8184698e45962364e34116177dd2259",
+                        "01ffffffffffffffffffffffffffffffffffe9ae2ed07577265dff7f94451e061e163c61",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect283r1 [NIST B-283]",
+                        "1.3.132.0.17",
+                        "0800000000000000000000000000000000000000000000000000000000000000000010a1",
+                        "000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "027b680ac8b8596da5a4af8a19a0303fca97fd7645309fa2a581485af6263e313b79a2f5",
+                        "05f939258db7dd90e1934f8c70b0dfec2eed25b8557eac9c80e2e198f8cdbecd86b12053",
+                        "03676854fe24141cb98fe6d4b20d02b4516ff702350eddb0826779c813f0df45be8112f4",
+                        "03ffffffffffffffffffffffffffffffffffef90399660fc938a90165b042a7cefadb307",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect409k1 [NIST K-409]",
+                        "1.3.132.0.36",
+                        "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0060f05f658f49c1ad3ab1890f7184210efd0987e307c84c27accfb8f9f67cc2c460189eb5aaaa62ee222eb1b35540cfe9023746",
+                        "01e369050b7c4e42acba1dacbf04299c3460782f918ea427e6325165e9ea10e3da5f6c42e9c55215aa9ca27a5863ec48d8e0286b",
+                        "007ffffffffffffffffffffffffffffffffffffffffffffffffffe5f83b2d4ea20400ec4557d5ed3e3e7ca5b4b5c83b8e01e5fcf",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect409r1 [NIST B-409]",
+                        "1.3.132.0.37",
+                        "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+                        "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "0021a5c2c8ee9feb5c4b9a753b7b476b7fd6422ef1f3dd674761fa99d6ac27c8a9a197b272822f6cd57a55aa4f50ae317b13545f",
+                        "015d4860d088ddb3496b0c6064756260441cde4af1771d4db01ffe5b34e59703dc255a868a1180515603aeab60794e54bb7996a7",
+                        "0061b1cfab6be5f32bbfa78324ed106a7636b9c5a7bd198d0158aa4f5488d08f38514f1fdf4b4f40d2181b3681c364ba0273c706",
+                        "010000000000000000000000000000000000000000000000000001e2aad6a612f33307be5fa47c3c9e052f838164cd37d9a21173",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect571k1 [NIST K-571]",
+                        "1.3.132.0.38",
+                        "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "026eb7a859923fbc82189631f8103fe4ac9ca2970012d5d46024804801841ca44370958493b205e647da304db4ceb08cbbd1ba39494776fb988b47174dca88c7e2945283a01c8972",
+                        "0349dc807f4fbf374f4aeade3bca95314dd58cec9f307a54ffc61efc006d8a2c9d4979c0ac44aea74fbebbb9f772aedcb620b01a7ba7af1b320430c8591984f601cd4c143ef1c7a3",
+                        "020000000000000000000000000000000000000000000000000000000000000000000000131850e1f19a63e4b391a8db917f4138b630d84be5d639381e91deb45cfe778f637c1001",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "sect571r1 [NIST B-571]",
+                        "1.3.132.0.39",
+                        "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+                        "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+                        "02f40e7e2221f295de297117b7f3d62f5c6a97ffcb8ceff1cd6ba8ce4a9a18ad84ffabbd8efa59332be7ad6756a66e294afd185a78ff12aa520e4de739baca0c7ffeff7f2955727a",
+                        "0303001d34b856296c16c0d40d3cd7750a93d1d2955fa80aa5f40fc8db7b2abdbde53950f4c0d293cdd711a35b67fb1499ae60038614f1394abfa3b4c850d927e1e7769c8eec2d19",
+                        "037bf27342da639b6dccfffeb73d69d78c6c27a6009cbbca1980f8533921e8a684423e43bab08a576291af8f461bb2a8b3531d2f0485c19b16e2f1516e23dd3c1a4827af1b8ac15b",
+                        "03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe661ce18ff55987308059b186823851ec7dd9ca1161de93d5174d66e8382e9bb2fe84e47",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v1",
+                        "1.2.840.10045.3.0.5",
+                        "800000000000000000000000000000000000000000000201",
+                        "2866537b676752636a68f56554e12640276b649ef7526267",
+                        "2e45ef571f00786f67b0081b9495a3d95462f5de0aa185ec",
+                        "36b3daf8a23206f9c4f299d7b21a9c369137f2c84ae1aa0d",
+                        "765be73433b3f95e332932e70ea245ca2418ea0ef98018fb",
+                        "40000000000000000000000004a20e90c39067c893bbb9a5",
+                        2)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v2",
+                        "1.2.840.10045.3.0.6",
+                        "800000000000000000000000000000000000000000000201",
+                        "401028774d7777c7b7666d1366ea432071274f89ff01e718",
+                        "0620048d28bcbd03b6249c99182b7c8cd19700c362c46a01",
+                        "3809b2b7cc1b28cc5a87926aad83fd28789e81e2c9e3bf10",
+                        "17434386626d14f3dbf01760d9213a3e1cf37aec437d668a",
+                        "20000000000000000000000050508cb89f652824e06b8173",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb191v3",
+                        "1.2.840.10045.3.0.7",
+                        "800000000000000000000000000000000000000000000201",
+                        "6c01074756099122221056911c77d77e77a777e7e7e77fcb",
+                        "71fe1af926cf847989efef8db459f66394d90f32ad3f15e8",
+                        "375d4ce24fde434489de8746e71786015009e66e38a926dd",
+                        "545a39176196575d985999366e6ad34ce0a77cd7127b06be",
+                        "155555555555555555555555610c0b196812bfb6288a3ea3",
+                        6)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v1",
+                        "1.2.840.10045.3.0.11",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "32010857077c5431123a46b808906756f543423e8d27877578125778ac76",
+                        "790408f2eedaf392b012edefb3392f30f4327c0ca3f31fc383c422aa8c16",
+                        "57927098fa932e7c0a96d3fd5b706ef7e5f5c156e16b7e7c86038552e91d",
+                        "61d8ee5077c33fecf6f1a16b268de469c3c7744ea9a971649fc7a9616305",
+                        "2000000000000000000000000000000f4d42ffe1492a4993f1cad666e447",
+                        4)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v2",
+                        "1.2.840.10045.3.0.12",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "4230017757a767fae42398569b746325d45313af0766266479b75654e65f",
+                        "5037ea654196cff0cd82b2c14a2fcf2e3ff8775285b545722f03eacdb74b",
+                        "28f9d04e900069c8dc47a08534fe76d2b900b7d7ef31f5709f200c4ca205",
+                        "5667334c45aff3b5a03bad9dd75e2c71a99362567d5453f7fa6e227ec833",
+                        "1555555555555555555555555555553c6f2885259c31e3fcdf154624522d",
+                        6)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb239v3",
+                        "1.2.840.10045.3.0.13",
+                        "800000000000000000000000000000000000000000000000001000000001",
+                        "01238774666a67766d6676f778e676b66999176666e687666d8766c66a9f",
+                        "6a941977ba9f6a435199acfc51067ed587f519c5ecb541b8e44111de1d40",
+                        "70f6e9d04d289c4e89913ce3530bfde903977d42b146d539bf1bde4e9c92",
+                        "2e5a0eaf6e5e1305b9004dce5c0ed7fe59a35608f33837c816d80b79f461",
+                        "0cccccccccccccccccccccccccccccac4912d2d9df903ef9888b8a0e4cff",
+                        0xA)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb359v1",
+                        "1.2.840.10045.3.0.18",
+                        "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+                        "5667676a654b20754f356ea92017d946567c46675556f19556a04616b567d223a5e05656fb549016a96656a557",
+                        "2472e2d0197c49363f1fe7f5b6db075d52b6947d135d8ca445805d39bc345626089687742b6329e70680231988",
+                        "3c258ef3047767e7ede0f1fdaa79daee3841366a132e163aced4ed2401df9c6bdcde98e8e707c07a2239b1b097",
+                        "53d7e08529547048121e9c95f3791dd804963948f34fae7bf44ea82365dc7868fe57e4ae2de211305a407104bd",
+                        "01af286bca1af286bca1af286bca1af286bca1af286bc9fb8f6b85c556892c20a7eb964fe7719e74f490758d3b",
+                        0x4C)
+        );
+
+        ecCurveDefinitions.add(
+                new ECCurveDefinition(
+                        "X9.62 c2tnb431r1",
+                        "1.2.840.10045.3.0.20",
+                        "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+                        "1a827ef00dd6fc0e234caf046c6a5d8a85395b236cc4ad2cf32a0cadbdc9ddf620b0eb9906d0957f6c6feacd615468df104de296cd8f",
+                        "10d9b4a3d9047d8b154359abfb1b7f5485b04ceb868237ddc9deda982a679a5a919b626d4e50a8dd731b107a9962381fb5d807bf2618",
+                        "120fc05d3c67a99de161d2f4092622feca701be4f50f4758714e8a87bbf2a658ef8c21e7c5efe965361f6c2999c0c247b0dbd70ce6b7",
+                        "20d0af8903a96f8d5fa2c255745d3c451b302c9346d9b7e485e7bce41f6b591f3e8f6addcbb0bc4c2f947a7de1a89b625d6a598b3760",
+                        "0340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91",
+                        0x2760)
+        );
+    }
+
+    public static String getOIDFromPublicKey(ECPublicKey ecPublicKey) {
+        ECParameterSpec ecParameterSpec = ecPublicKey.getParams();
+        BigInteger order = ecParameterSpec.getOrder();
+        BigInteger affineX = ecParameterSpec.getGenerator().getAffineX();
+        BigInteger affineY = ecParameterSpec.getGenerator().getAffineY();
+        BigInteger a = ecParameterSpec.getCurve().getA();
+        BigInteger b = ecParameterSpec.getCurve().getB();
+        int h = ecParameterSpec.getCofactor();
+        ECField ecField = ecParameterSpec.getCurve().getField();
+        BigInteger field;
+        if (ecField instanceof ECFieldFp) {
+            ECFieldFp ecFieldFp = (ECFieldFp) ecField;
+            field = ecFieldFp.getP();
+        } else {
+            ECFieldF2m ecFieldF2m = (ECFieldF2m) ecField;
+            field = ecFieldF2m.getReductionPolynomial();
+        }
+
+        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
+        while (ecCurveDefinitionIterator.hasNext()) {
+            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+            String oid = ecCurveDefinition.equals(field, a, b, affineX, affineY, order, h);
+            if (oid != null) {
+                return oid;
+            }
+        }
+        return null;
+    }
+
+    public static ECCurveDefinition getECCurveDefinition(String oid) {
+        Iterator<ECCurveDefinition> ecCurveDefinitionIterator = ecCurveDefinitions.iterator();
+        while (ecCurveDefinitionIterator.hasNext()) {
+            ECCurveDefinition ecCurveDefinition = ecCurveDefinitionIterator.next();
+            if (ecCurveDefinition.getOid().equals(oid)) {
+                return ecCurveDefinition;
+            }
+        }
+        return null;
+    }
+
+    public static class ECCurveDefinition {
+
+        private final String name;
+        private final String oid;
+        private final String field;
+        private final String a;
+        private final String b;
+        private final String x;
+        private final String y;
+        private final String n;
+        private final int h;
+
+        public ECCurveDefinition(String name, String oid, String field, String a, String b, String x, String y, String n, int h) {
+            this.name = name;
+            this.oid = oid;
+            this.field = field;
+            this.a = a;
+            this.b = b;
+            this.x = x;
+            this.y = y;
+            this.n = n;
+            this.h = h;
+        }
+
+        /**
+         * returns the ec oid if parameter are equal to this definition
+         */
+        public String equals(BigInteger field, BigInteger a, BigInteger b, BigInteger x, BigInteger y, BigInteger n, int h) {
+            if (this.field.equals(field.toString(16))
+                    && this.a.equals(a.toString(16))
+                    && this.b.equals(b.toString(16))
+                    && this.x.equals(x.toString(16))
+                    && this.y.equals(y.toString(16))
+                    && this.n.equals(n.toString(16))
+                    && this.h == h) {
+                return this.oid;
+            }
+            return null;
+        }
+
+        public String getName() {
+            return name;
+        }
+
+        public String getOid() {
+            return oid;
+        }
+
+        public String getField() {
+            return field;
+        }
+
+        public String getA() {
+            return a;
+        }
+
+        public String getB() {
+            return b;
+        }
+
+        public String getX() {
+            return x;
+        }
+
+        public String getY() {
+            return y;
+        }
+
+        public String getN() {
+            return n;
+        }
+
+        public int getH() {
+            return h;
+        }
+    }
+
+    public static byte[] encodePoint(ECPoint ecPoint, EllipticCurve ellipticCurve) {
+        int size = (ellipticCurve.getField().getFieldSize() + 7) / 8;
+        byte affineXBytes[] = stripLeadingZeros(ecPoint.getAffineX().toByteArray());
+        byte affineYBytes[] = stripLeadingZeros(ecPoint.getAffineY().toByteArray());
+        byte encodedBytes[] = new byte[size * 2 + 1];
+        encodedBytes[0] = 0x04; //uncompressed
+        System.arraycopy(affineXBytes, 0, encodedBytes, size - affineXBytes.length + 1, affineXBytes.length);
+        System.arraycopy(affineYBytes, 0, encodedBytes, encodedBytes.length - affineYBytes.length, affineYBytes.length);
+        return encodedBytes;
+    }
+
+    public static ECPoint decodePoint(byte[] encodedBytes, EllipticCurve elliptiCcurve) {
+        if (encodedBytes[0] != 0x04) {
+            throw new IllegalArgumentException("Only uncompressed format is supported");
+        }
+
+        int size = (elliptiCcurve.getField().getFieldSize() + 7) / 8;
+        byte affineXBytes[] = new byte[size];
+        byte affineYBytes[] = new byte[size];
+        System.arraycopy(encodedBytes, 1, affineXBytes, 0, size);
+        System.arraycopy(encodedBytes, size + 1, affineYBytes, 0, size);
+        return new ECPoint(new BigInteger(1, affineXBytes), new BigInteger(1, affineYBytes));
+    }
+
+    public static byte[] stripLeadingZeros(byte[] bytes) {
+        int i;
+        for (i = 0; i < bytes.length - 1; i++) {
+            if (bytes[i] != 0) {
+                break;
+            }
+        }
+
+        if (i == 0) {
+            return bytes;
+        } else {
+            byte stripped[] = new byte[bytes.length - i];
+            System.arraycopy(bytes, i, stripped, 0, stripped.length);
+            return stripped;
+        }
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Tue Jun 19 08:06:35 2018 +0800
@@ -44,21 +44,20 @@
 
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(IntegrityHmac.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(IntegrityHmac.class);
 
     /** Field macAlgorithm */
-    private Mac macAlgorithm = null;
+    private Mac macAlgorithm;
 
     /** Field HMACOutputLength */
-    private int HMACOutputLength = 0;
+    private int HMACOutputLength;
     private boolean HMACOutputLengthSet = false;
 
     /**
      * Method engineGetURI
      *
-     *@inheritDoc
+     *{@inheritDoc}
      */
     public abstract String engineGetURI();
 
@@ -74,9 +73,7 @@
      */
     public IntegrityHmac() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
-        }
+        LOG.debug("Created IntegrityHmacSHA1 using {}", algorithmID);
 
         try {
             this.macAlgorithm = Mac.getInstance(algorithmID);
@@ -96,7 +93,7 @@
      * @throws XMLSignatureException
      */
     protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
-        throw new XMLSignatureException("empty");
+        throw new XMLSignatureException("empty", new Object[]{"Incorrect method call"});
     }
 
     public void reset() {
@@ -116,9 +113,7 @@
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                }
+                LOG.debug("HMACOutputLength must not be less than {}", getDigestLength());
                 Object[] exArgs = { String.valueOf(getDigestLength()) };
                 throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
@@ -126,7 +121,7 @@
                 return MessageDigestAlgorithm.isEqual(completeResult, signature);
             }
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -139,7 +134,10 @@
      */
     protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
         if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
+            String supplied = null;
+            if (secretKey != null) {
+                supplied = secretKey.getClass().getName();
+            }
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -156,12 +154,10 @@
                 this.macAlgorithm = Mac.getInstance(macAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous Mac
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Mac: {}", e);
                 this.macAlgorithm = mac;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -175,16 +171,14 @@
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                }
+                LOG.debug("HMACOutputLength must not be less than {}", getDigestLength());
                 Object[] exArgs = { String.valueOf(getDigestLength()) };
                 throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
                 return this.macAlgorithm.doFinal();
             }
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -195,19 +189,7 @@
      * @throws XMLSignatureException
      */
     protected void engineInitSign(Key secretKey) throws XMLSignatureException {
-        if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
-            String needed = SecretKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.macAlgorithm.init(secretKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
+        engineInitSign(secretKey, (AlgorithmParameterSpec)null);
     }
 
     /**
@@ -221,7 +203,10 @@
         Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
         if (!(secretKey instanceof SecretKey)) {
-            String supplied = secretKey.getClass().getName();
+            String supplied = null;
+            if (secretKey != null) {
+                supplied = secretKey.getClass().getName();
+            }
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -229,11 +214,15 @@
         }
 
         try {
-            this.macAlgorithm.init(secretKey, algorithmParameterSpec);
+            if (algorithmParameterSpec == null) {
+                this.macAlgorithm.init(secretKey);
+            } else {
+                this.macAlgorithm.init(secretKey, algorithmParameterSpec);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -260,7 +249,7 @@
         try {
             this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -275,7 +264,7 @@
         try {
             this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
@@ -292,13 +281,13 @@
         try {
             this.macAlgorithm.update(buf, offset, len);
         } catch (IllegalStateException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
      * Method engineGetJCEAlgorithmString
-     * @inheritDoc
+     * {@inheritDoc}
      *
      */
     protected String engineGetJCEAlgorithmString() {
@@ -308,7 +297,7 @@
     /**
      * Method engineGetJCEAlgorithmString
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEProviderName() {
         return this.macAlgorithm.getProvider().getName();
@@ -360,7 +349,7 @@
             Element HMElem =
                 XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_HMACOUTPUTLENGTH);
             Text HMText =
-                doc.createTextNode(Integer.valueOf(this.HMACOutputLength).toString());
+                doc.createTextNode("" + this.HMACOutputLength);
 
             HMElem.appendChild(HMText);
             XMLUtils.addReturnToElement(element);
@@ -385,7 +374,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -398,6 +387,34 @@
     }
 
     /**
+     * Class IntegrityHmacSHA224
+     */
+    public static class IntegrityHmacSHA224 extends IntegrityHmac {
+
+        /**
+         * Constructor IntegrityHmacSHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /**
+         * Method engineGetURI
+         *
+         * {@inheritDoc}
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA224;
+        }
+
+        int getDigestLength() {
+            return 224;
+        }
+    }
+
+    /**
      * Class IntegrityHmacSHA256
      */
     public static class IntegrityHmacSHA256 extends IntegrityHmac {
@@ -414,7 +431,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
@@ -441,7 +458,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -469,7 +486,7 @@
 
         /**
          * Method engineGetURI
-         * @inheritDoc
+         * {@inheritDoc}
          *
          */
         public String engineGetURI() {
@@ -498,7 +515,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
@@ -526,7 +543,7 @@
         /**
          * Method engineGetURI
          *
-         * @inheritDoc
+         * {@inheritDoc}
          */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java	Tue Jun 19 08:06:35 2018 +0800
@@ -40,15 +40,14 @@
 
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureBaseRSA.class);
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /**
      * Constructor SignatureRSA
@@ -58,15 +57,13 @@
     public SignatureBaseRSA() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureRSA using {}", algorithmID);
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
                 this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -79,29 +76,32 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             return this.signatureAlgorithm.verify(signature);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -119,29 +119,30 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             return this.signatureAlgorithm.sign();
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -149,73 +150,65 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
+        engineInitSign(privateKey, (SecureRandom)null);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
         throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(
         Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
@@ -236,13 +229,33 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
         }
     }
 
     /**
+     * Class SignatureRSASHA224
+     */
+    public static class SignatureRSASHA224 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224;
+        }
+    }
+
+    /**
      * Class SignatureRSASHA256
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
@@ -256,7 +269,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256;
         }
@@ -276,7 +289,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384;
         }
@@ -296,7 +309,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512;
         }
@@ -316,7 +329,7 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_RSA_RIPEMD160;
         }
@@ -336,9 +349,189 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5;
         }
     }
+
+    /**
+     * Class SignatureRSASHA1MGF1
+     */
+    public static class SignatureRSASHA1MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA1MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA1MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA224MGF1
+     */
+    public static class SignatureRSASHA224MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA224MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA224MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA224_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA256MGF1
+     */
+    public static class SignatureRSASHA256MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA256MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA256MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA384MGF1
+     */
+    public static class SignatureRSASHA384MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA384MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA384MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA384_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA512MGF1
+     */
+    public static class SignatureRSASHA512MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA512MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA512MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSA3_SHA224MGF1
+     */
+    public static class SignatureRSASHA3_224MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA3_224MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA3_224MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_224_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSA3_SHA256MGF1
+     */
+    public static class SignatureRSASHA3_256MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA3_256MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA3_256MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_256_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSA3_SHA384MGF1
+     */
+    public static class SignatureRSASHA3_384MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA3_384MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA3_384MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_384_MGF1;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA3_512MGF1
+     */
+    public static class SignatureRSASHA3_512MGF1 extends SignatureBaseRSA {
+
+        /**
+         * Constructor SignatureRSASHA3_512MGF1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureRSASHA3_512MGF1() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA3_512_MGF1;
+        }
+    }
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Tue Jun 19 08:06:35 2018 +0800
@@ -33,22 +33,24 @@
 import java.security.SignatureException;
 import java.security.interfaces.DSAKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
+import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
 
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
+    public static final String URI = Constants.SignatureSpecNS + "dsa-sha1";
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureDSA.class);
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /** size of Q */
     private int size;
@@ -56,7 +58,7 @@
     /**
      * Method engineGetURI
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetURI() {
         return XMLSignature.ALGO_ID_SIGNATURE_DSA;
@@ -69,9 +71,7 @@
      */
     public SignatureDSA() throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(engineGetURI());
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureDSA using {}", algorithmID);
 
         String provider = JCEMapper.getProviderId();
         try {
@@ -91,25 +91,25 @@
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected boolean engineVerify(byte[] signature)
         throws XMLSignatureException {
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Called DSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
             }
 
             byte[] jcebytes = JavaUtils.convertDsaXMLDSIGtoASN1(signature,
@@ -117,18 +117,21 @@
 
             return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -146,18 +149,16 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
         size = ((DSAKey)publicKey).getParams().getQ().bitLength();
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
@@ -165,19 +166,22 @@
 
             return JavaUtils.convertDsaASN1toXMLDSIG(jcebytes, size/8);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -185,70 +189,61 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
         size = ((DSAKey)privateKey).getParams().getQ().bitLength();
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
-        size = ((DSAKey)privateKey).getParams().getQ().bitLength();
+        engineInitSign(privateKey, (SecureRandom)null);
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
     /**
      * Method engineGetJCEAlgorithmString
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
@@ -257,7 +252,7 @@
     /**
      * Method engineGetJCEProviderName
      *
-     * @inheritDoc
+     * {@inheritDoc}
      */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java	Tue Jun 19 08:06:35 2018 +0800
@@ -33,34 +33,31 @@
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Base64;
 
 import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
-import com.sun.org.apache.xml.internal.security.utils.Base64;
 
 /**
  *
- * @author $Author: raul $
- * @author Alex Dupre
  */
 public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
-    /** {@link org.apache.commons.logging} logging facility */
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(SignatureECDSA.class);
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature signatureAlgorithm = null;
+    private Signature signatureAlgorithm;
 
     /**
      * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
      *
-     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs; the XML Signature requires the core BigInteger values.
      *
      * @param asn1Bytes
@@ -71,51 +68,13 @@
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
     public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-
-        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-        int offset;
-        if (asn1Bytes[1] > 0) {
-            offset = 2;
-        } else if (asn1Bytes[1] == (byte) 0x81) {
-            offset = 3;
-        } else {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-
-        byte rLength = asn1Bytes[offset + 1];
-        int i;
-
-        for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
-
-        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
-        int j;
-
-        for (j = sLength;
-            (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
-
-        int rawLen = Math.max(i, j);
-
-        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
-            || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
-            || asn1Bytes[offset] != 2
-            || asn1Bytes[offset + 2 + rLength] != 2) {
-            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-        }
-        byte xmldsigBytes[] = new byte[2*rawLen];
-
-        System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, i);
-        System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
-                         2*rawLen - j, j);
-
-        return xmldsigBytes;
+        return ECDSAUtils.convertASN1toXMLDSIG(asn1Bytes);
     }
 
     /**
      * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
      *
-     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r, s) value
      * pairs; the XML Signature requires the core BigInteger values.
      *
      * @param xmldsigBytes
@@ -126,58 +85,7 @@
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
     public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-
-        int rawLen = xmldsigBytes.length/2;
-
-        int i;
-
-        for (i = rawLen; (i > 0) && (xmldsigBytes[rawLen - i] == 0); i--);
-
-        int j = i;
-
-        if (xmldsigBytes[rawLen - i] < 0) {
-            j += 1;
-        }
-
-        int k;
-
-        for (k = rawLen; (k > 0) && (xmldsigBytes[2*rawLen - k] == 0); k--);
-
-        int l = k;
-
-        if (xmldsigBytes[2*rawLen - k] < 0) {
-            l += 1;
-        }
-
-        int len = 2 + j + 2 + l;
-        if (len > 255) {
-            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
-        }
-        int offset;
-        byte asn1Bytes[];
-        if (len < 128) {
-            asn1Bytes = new byte[2 + 2 + j + 2 + l];
-            offset = 1;
-        } else {
-            asn1Bytes = new byte[3 + 2 + j + 2 + l];
-            asn1Bytes[1] = (byte) 0x81;
-            offset = 2;
-        }
-        asn1Bytes[0] = 48;
-        asn1Bytes[offset++] = (byte) len;
-        asn1Bytes[offset++] = 2;
-        asn1Bytes[offset++] = (byte) j;
-
-        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
-
-        offset += j;
-
-        asn1Bytes[offset++] = 2;
-        asn1Bytes[offset++] = (byte) l;
-
-        System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
-
-        return asn1Bytes;
+        return ECDSAUtils.convertXMLDSIGtoASN1(xmldsigBytes);
     }
 
     /**
@@ -189,15 +97,13 @@
 
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
-        }
+        LOG.debug("Created SignatureECDSA using {}", algorithmID);
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
                 this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -210,38 +116,41 @@
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
         try {
             this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
             byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
 
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Called ECDSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
             }
 
             return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
 
         if (!(publicKey instanceof PublicKey)) {
-            String supplied = publicKey.getClass().getName();
+            String supplied = null;
+            if (publicKey != null) {
+                supplied = publicKey.getClass().getName();
+            }
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -259,33 +168,34 @@
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
-                if (log.isLoggable(java.util.logging.Level.FINE)) {
-                    log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
-                }
+                LOG.debug("Exception when reinstantiating Signature: {}", e);
                 this.signatureAlgorithm = sig;
             }
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
             byte jcebytes[] = this.signatureAlgorithm.sign();
 
             return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         } catch (IOException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
         if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
+            String supplied = null;
+            if (privateKey != null) {
+                supplied = privateKey.getClass().getName();
+            }
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
@@ -293,73 +203,65 @@
         }
 
         try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            if (secureRandom == null) {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+            } else {
+                this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
+            }
         } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-        if (!(privateKey instanceof PrivateKey)) {
-            String supplied = privateKey.getClass().getName();
-            String needed = PrivateKey.class.getName();
-            Object exArgs[] = { supplied, needed };
-
-            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-        }
-
-        try {
-            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
-        } catch (InvalidKeyException ex) {
-            throw new XMLSignatureException("empty", ex);
-        }
+        engineInitSign(privateKey, (SecureRandom)null);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
             this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
-            throw new XMLSignatureException("empty", ex);
+            throw new XMLSignatureException(ex);
         }
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEAlgorithmString() {
         return this.signatureAlgorithm.getAlgorithm();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected String engineGetJCEProviderName() {
         return this.signatureAlgorithm.getProvider().getName();
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
         throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     protected void engineInitSign(
         Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
     ) throws XMLSignatureException {
@@ -367,13 +269,12 @@
     }
 
     /**
-     * Class SignatureRSASHA1
+     * Class SignatureECDSASHA1
      *
-     * @author $Author: marcx $
      */
     public static class SignatureECDSASHA1 extends SignatureECDSA {
         /**
-         * Constructor SignatureRSASHA1
+         * Constructor SignatureECDSASHA1
          *
          * @throws XMLSignatureException
          */
@@ -381,21 +282,40 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
         }
     }
 
     /**
-     * Class SignatureRSASHA256
+     * Class SignatureECDSASHA224
+     */
+    public static class SignatureECDSASHA224 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSASHA224
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA224() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA224;
+        }
+    }
+
+    /**
+     * Class SignatureECDSASHA256
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA256 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA256
+         * Constructor SignatureECDSASHA256
          *
          * @throws XMLSignatureException
          */
@@ -403,21 +323,20 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
         }
     }
 
     /**
-     * Class SignatureRSASHA384
+     * Class SignatureECDSASHA384
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA384 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA384
+         * Constructor SignatureECDSASHA384
          *
          * @throws XMLSignatureException
          */
@@ -425,21 +344,20 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
         }
     }
 
     /**
-     * Class SignatureRSASHA512
+     * Class SignatureECDSASHA512
      *
-     * @author Alex Dupre
      */
     public static class SignatureECDSASHA512 extends SignatureECDSA {
 
         /**
-         * Constructor SignatureRSASHA512
+         * Constructor SignatureECDSASHA512
          *
          * @throws XMLSignatureException
          */
@@ -447,10 +365,30 @@
             super();
         }
 
-        /** @inheritDoc */
+        /** {@inheritDoc} */
         public String engineGetURI() {
             return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
         }
     }
 
+    /**
+     * Class SignatureECDSARIPEMD160
+     */
+    public static class SignatureECDSARIPEMD160 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureECDSARIPEMD160
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSARIPEMD160() throws XMLSignatureException {
+            super();
+        }
+
+        /** {@inheritDoc} */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160;
+        }
+    }
+
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/package.html	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-implementations of {@link com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi}.
-</P></BODY> </HTML>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/package.html	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-algorithm factories.
-</P></BODY></HTML>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java	Tue Jun 19 08:06:35 2018 +0800
@@ -27,7 +27,6 @@
 /**
  * Class CanonicalizationException
  *
- * @author Christian Geuer-Pollmann
  */
 public class CanonicalizationException extends XMLSecurityException {
 
@@ -44,6 +43,10 @@
         super();
     }
 
+    public CanonicalizationException(Exception ex) {
+        super(ex);
+    }
+
     /**
      * Constructor CanonicalizationException
      *
@@ -66,23 +69,33 @@
     /**
      * Constructor CanonicalizationException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public CanonicalizationException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public CanonicalizationException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor CanonicalizationException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public CanonicalizationException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public CanonicalizationException(String msgID, Object exArgs[], Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,13 +25,12 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_OmitComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer11_WithComments;
@@ -42,6 +41,7 @@
 import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
 import com.sun.org.apache.xml.internal.security.utils.JavaUtils;
+import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -49,12 +49,11 @@
 
 /**
  *
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer {
 
     /** The output encoding of canonicalized data */
-    public static final String ENCODING = "UTF8";
+    public static final String ENCODING = StandardCharsets.UTF_8.name();
 
     /**
      * XPath Expression for selecting every node and continuous comments joined
@@ -103,6 +102,7 @@
         new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
 
     private final CanonicalizerSpi canonicalizerSpi;
+    private boolean secureValidation;
 
     /**
      * Constructor Canonicalizer
@@ -122,7 +122,7 @@
         } catch (Exception e) {
             Object exArgs[] = { algorithmURI };
             throw new InvalidCanonicalizerException(
-                "signature.Canonicalizer.UnknownCanonicalizer", exArgs, e
+                e, "signature.Canonicalizer.UnknownCanonicalizer", exArgs
             );
         }
     }
@@ -162,7 +162,8 @@
         }
 
         canonicalizerHash.put(
-            algorithmURI, (Class<? extends CanonicalizerSpi>)Class.forName(implementingClass)
+            algorithmURI, (Class<? extends CanonicalizerSpi>)
+            ClassLoaderUtils.loadClass(implementingClass, Canonicalizer.class)
         );
     }
 
@@ -244,7 +245,7 @@
     /**
      * This method tries to canonicalize the given bytes. It's possible to even
      * canonicalize non-wellformed sequences if they are well-formed after being
-     * wrapped with a <CODE>&gt;a&lt;...&gt;/a&lt;</CODE>.
+     * wrapped with a {@code &gt;a&lt;...&gt;/a&lt;}.
      *
      * @param inputBytes
      * @return the result of the canonicalization.
@@ -256,47 +257,43 @@
     public byte[] canonicalize(byte[] inputBytes)
         throws javax.xml.parsers.ParserConfigurationException,
         java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
-        InputStream bais = new ByteArrayInputStream(inputBytes);
-        InputSource in = new InputSource(bais);
-        DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
-        dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        Document document = null;
+        try (InputStream bais = new ByteArrayInputStream(inputBytes)) {
+            InputSource in = new InputSource(bais);
 
-        dfactory.setNamespaceAware(true);
+            // needs to validate for ID attribute normalization
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(true, secureValidation);
 
-        // needs to validate for ID attribute normalization
-        dfactory.setValidating(true);
+            /*
+             * for some of the test vectors from the specification,
+             * there has to be a validating parser for ID attributes, default
+             * attribute values, NMTOKENS, etc.
+             * Unfortunately, the test vectors do use different DTDs or
+             * even no DTD. So Xerces 1.3.1 fires many warnings about using
+             * ErrorHandlers.
+             *
+             * Text from the spec:
+             *
+             * The input octet stream MUST contain a well-formed XML document,
+             * but the input need not be validated. However, the attribute
+             * value normalization and entity reference resolution MUST be
+             * performed in accordance with the behaviors of a validating
+             * XML processor. As well, nodes for default attributes (declared
+             * in the ATTLIST with an AttValue but not specified) are created
+             * in each element. Thus, the declarations in the document type
+             * declaration are used to help create the canonical form, even
+             * though the document type declaration is not retained in the
+             * canonical form.
+             */
+            db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
 
-        DocumentBuilder db = dfactory.newDocumentBuilder();
-
-        /*
-         * for some of the test vectors from the specification,
-         * there has to be a validating parser for ID attributes, default
-         * attribute values, NMTOKENS, etc.
-         * Unfortunately, the test vectors do use different DTDs or
-         * even no DTD. So Xerces 1.3.1 fires many warnings about using
-         * ErrorHandlers.
-         *
-         * Text from the spec:
-         *
-         * The input octet stream MUST contain a well-formed XML document,
-         * but the input need not be validated. However, the attribute
-         * value normalization and entity reference resolution MUST be
-         * performed in accordance with the behaviors of a validating
-         * XML processor. As well, nodes for default attributes (declared
-         * in the ATTLIST with an AttValue but not specified) are created
-         * in each element. Thus, the declarations in the document type
-         * declaration are used to help create the canonical form, even
-         * though the document type declaration is not retained in the
-         * canonical form.
-         */
-        db.setErrorHandler(new com.sun.org.apache.xml.internal.security.utils.IgnoreAllErrorHandler());
-
-        Document document = db.parse(in);
+            document = db.parse(in);
+        }
         return this.canonicalizeSubtree(document);
     }
 
     /**
-     * Canonicalizes the subtree rooted by <CODE>node</CODE>.
+     * Canonicalizes the subtree rooted by {@code node}.
      *
      * @param node The node to canonicalize
      * @return the result of the c14n.
@@ -304,11 +301,12 @@
      * @throws CanonicalizationException
      */
     public byte[] canonicalizeSubtree(Node node) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeSubTree(node);
     }
 
     /**
-     * Canonicalizes the subtree rooted by <CODE>node</CODE>.
+     * Canonicalizes the subtree rooted by {@code node}.
      *
      * @param node
      * @param inclusiveNamespaces
@@ -317,11 +315,26 @@
      */
     public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces);
     }
 
     /**
-     * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
+     * Canonicalizes the subtree rooted by {@code node}.
+     *
+     * @param node
+     * @param inclusiveNamespaces
+     * @return the result of the c14n.
+     * @throws CanonicalizationException
+     */
+    public byte[] canonicalizeSubtree(Node node, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
+        return canonicalizerSpi.engineCanonicalizeSubTree(node, inclusiveNamespaces, propagateDefaultNamespace);
+    }
+
+    /**
+     * Canonicalizes an XPath node set. The {@code xpathNodeSet} is treated
      * as a list of XPath nodes, not as a list of subtrees.
      *
      * @param xpathNodeSet
@@ -330,11 +343,12 @@
      */
     public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
     }
 
     /**
-     * Canonicalizes an XPath node set. The <CODE>xpathNodeSet</CODE> is treated
+     * Canonicalizes an XPath node set. The {@code xpathNodeSet} is treated
      * as a list of XPath nodes, not as a list of subtrees.
      *
      * @param xpathNodeSet
@@ -345,6 +359,7 @@
     public byte[] canonicalizeXPathNodeSet(
         NodeList xpathNodeSet, String inclusiveNamespaces
     ) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return
             canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
     }
@@ -358,6 +373,7 @@
      */
     public byte[] canonicalizeXPathNodeSet(Set<Node> xpathNodeSet)
         throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet);
     }
 
@@ -372,6 +388,7 @@
     public byte[] canonicalizeXPathNodeSet(
         Set<Node> xpathNodeSet, String inclusiveNamespaces
     ) throws CanonicalizationException {
+        canonicalizerSpi.secureValidation = secureValidation;
         return
             canonicalizerSpi.engineCanonicalizeXPathNodeSet(xpathNodeSet, inclusiveNamespaces);
     }
@@ -401,4 +418,12 @@
         canonicalizerSpi.reset = false;
     }
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java	Tue Jun 19 08:06:35 2018 +0800
@@ -26,9 +26,7 @@
 import java.io.OutputStream;
 import java.util.Set;
 
-import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
@@ -39,12 +37,12 @@
 /**
  * Base class which all Canonicalization algorithms extend.
  *
- * @author Christian Geuer-Pollmann
  */
 public abstract class CanonicalizerSpi {
 
     /** Reset the writer after a c14n */
     protected boolean reset = false;
+    protected boolean secureValidation;
 
     /**
      * Method canonicalize
@@ -61,17 +59,14 @@
         throws javax.xml.parsers.ParserConfigurationException, java.io.IOException,
         org.xml.sax.SAXException, CanonicalizationException {
 
-        java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
-        InputSource in = new InputSource(bais);
-        DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
-        dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        Document document = null;
+        try (java.io.InputStream bais = new ByteArrayInputStream(inputBytes)) {
+            InputSource in = new InputSource(bais);
 
-        // needs to validate for ID attribute normalization
-        dfactory.setNamespaceAware(true);
+            DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
 
-        DocumentBuilder db = dfactory.newDocumentBuilder();
-
-        Document document = db.parse(in);
+            document = db.parse(in);
+        }
         return this.engineCanonicalizeSubTree(document);
     }
 
@@ -160,10 +155,31 @@
         throws CanonicalizationException;
 
     /**
+     * C14n a node tree.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @param propagateDefaultNamespace If true the default namespace will be propagated to the c14n-ized root element
+     * @return the c14n bytes
+     * @throws CanonicalizationException
+     */
+    public abstract byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException;
+
+    /**
      * Sets the writer where the canonicalization ends. ByteArrayOutputStream if
      * none is set.
      * @param os
      */
     public abstract void setWriter(OutputStream os);
 
+    public boolean isSecureValidation() {
+        return secureValidation;
+    }
+
+    public void setSecureValidation(boolean secureValidation) {
+        this.secureValidation = secureValidation;
+    }
+
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/ClassLoaderUtils.java	Tue Jun 19 08:06:35 2018 +0800
@@ -0,0 +1,84 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.sun.org.apache.xml.internal.security.c14n;
+
+// NOTE! This is a duplicate of utils.ClassLoaderUtils with public
+// modifiers changed to package-private. Make sure to integrate any future
+// changes to utils.ClassLoaderUtils to this file.
+final class ClassLoaderUtils {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(ClassLoaderUtils.class);
+
+    private ClassLoaderUtils() {
+    }
+
+    /**
+     * Load a class with a given name. <p></p> It will try to load the class in the
+     * following order:
+     * <ul>
+     * <li>From Thread.currentThread().getContextClassLoader()
+     * <li>Using the basic Class.forName()
+     * <li>From ClassLoaderUtil.class.getClassLoader()
+     * <li>From the callingClass.getClassLoader()
+     * </ul>
+     *
+     * @param className The name of the class to load
+     * @param callingClass The Class object of the calling object
+     * @throws ClassNotFoundException If the class cannot be found anywhere.
+     */
+    static Class<?> loadClass(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            ClassLoader cl = Thread.currentThread().getContextClassLoader();
+
+            if (cl != null) {
+                return cl.loadClass(className);
+            }
+        } catch (ClassNotFoundException e) {
+            LOG.debug(e.getMessage(), e);
+            //ignore
+        }
+        return loadClass2(className, callingClass);
+    }
+
+    private static Class<?> loadClass2(String className, Class<?> callingClass)
+        throws ClassNotFoundException {
+        try {
+            return Class.forName(className);
+        } catch (ClassNotFoundException ex) {
+            try {
+                if (ClassLoaderUtils.class.getClassLoader() != null) {
+                    return ClassLoaderUtils.class.getClassLoader().loadClass(className);
+                }
+            } catch (ClassNotFoundException exc) {
+                if (callingClass != null && callingClass.getClassLoader() != null) {
+                    return callingClass.getClassLoader().loadClass(className);
+                }
+            }
+            LOG.debug(ex.getMessage(), ex);
+            throw ex;
+        }
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java	Tue Jun 19 08:06:35 2018 +0800
@@ -61,23 +61,33 @@
     /**
      * Constructor InvalidCanonicalizerException
      *
+     * @param originalException
      * @param msgID
-     * @param originalException
      */
+    public InvalidCanonicalizerException(Exception originalException, String msgID) {
+        super(originalException, msgID);
+    }
+
+    @Deprecated
     public InvalidCanonicalizerException(String msgID, Exception originalException) {
-        super(msgID, originalException);
+        this(originalException, msgID);
     }
 
     /**
      * Constructor InvalidCanonicalizerException
      *
+     * @param originalException
      * @param msgID
      * @param exArgs
-     * @param originalException
      */
     public InvalidCanonicalizerException(
-        String msgID, Object exArgs[], Exception originalException
+        Exception originalException, String msgID, Object exArgs[]
     ) {
-        super(msgID, exArgs, originalException);
+        super(originalException, msgID, exArgs);
+    }
+
+    @Deprecated
+    public InvalidCanonicalizerException(String msgID, Object[] exArgs, Exception originalException) {
+        this(originalException, msgID, exArgs);
     }
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java	Tue Jun 19 08:06:35 2018 +0800
@@ -41,7 +41,6 @@
  *   key (an empty namespace URI is lexicographically least).
  * </UL>
  *
- * @author Christian Geuer-Pollmann
  */
 public class AttrCompare implements Comparator<Attr>, Serializable {
 
@@ -117,6 +116,6 @@
             return a;
         }
 
-        return (attr0.getLocalName()).compareTo(attr1.getLocalName());
+        return attr0.getLocalName().compareTo(attr1.getLocalName());
     }
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java	Tue Jun 19 08:06:35 2018 +0800
@@ -31,9 +31,8 @@
 /**
  * Temporary swapped static functions from the normalizer Section
  *
- * @author Christian Geuer-Pollmann
  */
-public class C14nHelper {
+public final class C14nHelper {
 
     /**
      * Constructor C14nHelper
@@ -100,7 +99,7 @@
         }
 
         String nodeAttrName = attr.getNodeName();
-        boolean definesDefaultNS = nodeAttrName.equals("xmlns");
+        boolean definesDefaultNS = "xmlns".equals(nodeAttrName);
         boolean definesNonDefaultNS = nodeAttrName.startsWith("xmlns:");
 
         if ((definesDefaultNS || definesNonDefaultNS) && namespaceIsRelative(attr)) {
@@ -145,7 +144,8 @@
         if (ctxNode != null) {
             NamedNodeMap attributes = ctxNode.getAttributes();
 
-            for (int i = 0; i < attributes.getLength(); i++) {
+            int length = attributes.getLength();
+            for (int i = 0; i < length; i++) {
                 C14nHelper.assertNotRelativeNS((Attr) attributes.item(i));
             }
         } else {
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/package.html	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-helper classes for canonicalization.
-</P></BODY> </HTML>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,687 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.c14n.implementations;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
-import javax.xml.parsers.ParserConfigurationException;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
-import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
-import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
-import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
-
-/**
- * Implements <A HREF="http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/">
- * Canonical XML Version 1.1</A>, a W3C Proposed Recommendation from 29
- * January 2008.
- *
- * @author Sean Mullan
- * @author Raul Benito
- */
-public abstract class Canonicalizer11 extends CanonicalizerBase {
-
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
-    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(Canonicalizer11.class.getName());
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
-    private boolean firstCall = true;
-
-    private static class XmlAttrStack {
-        static class XmlsStackElement {
-            int level;
-            boolean rendered = false;
-            List<Attr> nodes = new ArrayList<Attr>();
-        };
-
-        int currentLevel = 0;
-        int lastlevel = 0;
-        XmlsStackElement cur;
-        List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
-        void push(int level) {
-            currentLevel = level;
-            if (currentLevel == -1) {
-                return;
-            }
-            cur = null;
-            while (lastlevel >= currentLevel) {
-                levels.remove(levels.size() - 1);
-                int newSize = levels.size();
-                if (newSize == 0) {
-                    lastlevel = 0;
-                    return;
-                }
-                lastlevel = (levels.get(newSize - 1)).level;
-            }
-        }
-
-        void addXmlnsAttr(Attr n) {
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                levels.add(cur);
-                lastlevel = currentLevel;
-            }
-            cur.nodes.add(n);
-        }
-
-        void getXmlnsAttr(Collection<Attr> col) {
-            int size = levels.size() - 1;
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                lastlevel = currentLevel;
-                levels.add(cur);
-            }
-            boolean parentRendered = false;
-            XmlsStackElement e = null;
-            if (size == -1) {
-                parentRendered = true;
-            } else {
-                e = levels.get(size);
-                if (e.rendered && e.level + 1 == currentLevel) {
-                    parentRendered = true;
-                }
-            }
-            if (parentRendered) {
-                col.addAll(cur.nodes);
-                cur.rendered = true;
-                return;
-            }
-
-            Map<String, Attr> loa = new HashMap<String, Attr>();
-            List<Attr> baseAttrs = new ArrayList<Attr>();
-            boolean successiveOmitted = true;
-            for (; size >= 0; size--) {
-                e = levels.get(size);
-                if (e.rendered) {
-                    successiveOmitted = false;
-                }
-                Iterator<Attr> it = e.nodes.iterator();
-                while (it.hasNext() && successiveOmitted) {
-                    Attr n = it.next();
-                    if (n.getLocalName().equals("base") && !e.rendered) {
-                        baseAttrs.add(n);
-                    } else if (!loa.containsKey(n.getName())) {
-                        loa.put(n.getName(), n);
-                    }
-                }
-            }
-            if (!baseAttrs.isEmpty()) {
-                Iterator<Attr> it = col.iterator();
-                String base = null;
-                Attr baseAttr = null;
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (n.getLocalName().equals("base")) {
-                        base = n.getValue();
-                        baseAttr = n;
-                        break;
-                    }
-                }
-                it = baseAttrs.iterator();
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (base == null) {
-                        base = n.getValue();
-                        baseAttr = n;
-                    } else {
-                        try {
-                            base = joinURI(n.getValue(), base);
-                        } catch (URISyntaxException ue) {
-                            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                                log.log(java.util.logging.Level.FINE, ue.getMessage(), ue);
-                            }
-                        }
-                    }
-                }
-                if (base != null && base.length() != 0) {
-                    baseAttr.setValue(base);
-                    col.add(baseAttr);
-                }
-            }
-
-            cur.rendered = true;
-            col.addAll(loa.values());
-        }
-    };
-
-    private XmlAttrStack xmlattrStack = new XmlAttrStack();
-
-    /**
-     * Constructor Canonicalizer11
-     *
-     * @param includeComments
-     */
-    public Canonicalizer11(boolean includeComments) {
-        super(includeComments);
-    }
-
-    /**
-     * Always throws a CanonicalizationException because this is inclusive c14n.
-     *
-     * @param xpathNodeSet
-     * @param inclusiveNamespaces
-     * @return none it always fails
-     * @throws CanonicalizationException always
-     */
-    public byte[] engineCanonicalizeXPathNodeSet(
-        Set<Node> xpathNodeSet, String inclusiveNamespaces
-    ) throws CanonicalizationException {
-        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
-    }
-
-    /**
-     * Always throws a CanonicalizationException because this is inclusive c14n.
-     *
-     * @param rootNode
-     * @param inclusiveNamespaces
-     * @return none it always fails
-     * @throws CanonicalizationException
-     */
-    public byte[] engineCanonicalizeSubTree(
-        Node rootNode, String inclusiveNamespaces
-    ) throws CanonicalizationException {
-        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
-    }
-
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
-     * whereas it takes into account that subtree-c14n is -- well --
-     * subtree-based.
-     * So if the element in question isRoot of c14n, it's parent is not in the
-     * node set, as well as all other ancestors.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
-    @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        if (!element.hasAttributes() && !firstCall) {
-            return null;
-        }
-        // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
-            NamedNodeMap attrs = element.getAttributes();
-            int attrsLength = attrs.getLength();
-
-            for (int i = 0; i < attrsLength; i++) {
-                Attr attribute = (Attr) attrs.item(i);
-                String NUri = attribute.getNamespaceURI();
-                String NName = attribute.getLocalName();
-                String NValue = attribute.getValue();
-
-                if (!XMLNS_URI.equals(NUri)) {
-                    // It's not a namespace attr node. Add to the result and continue.
-                    result.add(attribute);
-                } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NValue))) {
-                    // The default mapping for xml must not be output.
-                    Node n = ns.addMappingAndRender(NName, NValue, attribute);
-
-                    if (n != null) {
-                        // Render the ns definition
-                        result.add((Attr)n);
-                        if (C14nHelper.namespaceIsRelative(attribute)) {
-                            Object exArgs[] = {element.getTagName(), NName, attribute.getNodeValue()};
-                            throw new CanonicalizationException(
-                                "c14n.Canonicalizer.RelativeNamespace", exArgs
-                            );
-                        }
-                    }
-                }
-            }
-        }
-
-        if (firstCall) {
-            // It is the first node of the subtree
-            // Obtain all the namespaces defined in the parents, and added to the output.
-            ns.getUnrenderedNodes(result);
-            // output the attributes in the xml namespace.
-            xmlattrStack.getXmlnsAttr(result);
-            firstCall = false;
-        }
-
-        return result.iterator();
-    }
-
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     * <br>
-     * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
-     * DOM which has been prepared using
-     * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
-     * org.w3c.dom.Document)}.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
-    @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        // result will contain the attrs which have to be output
-        xmlattrStack.push(ns.getLevel());
-        boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
-            NamedNodeMap attrs = element.getAttributes();
-            int attrsLength = attrs.getLength();
-
-            for (int i = 0; i < attrsLength; i++) {
-                Attr attribute = (Attr) attrs.item(i);
-                String NUri = attribute.getNamespaceURI();
-                String NName = attribute.getLocalName();
-                String NValue = attribute.getValue();
-
-                if (!XMLNS_URI.equals(NUri)) {
-                    //A non namespace definition node.
-                    if (XML_LANG_URI.equals(NUri)) {
-                        if (NName.equals("id")) {
-                            if (isRealVisible) {
-                                // treat xml:id like any other attribute
-                                // (emit it, but don't inherit it)
-                                result.add(attribute);
-                            }
-                        } else {
-                            xmlattrStack.addXmlnsAttr(attribute);
-                        }
-                    } else if (isRealVisible) {
-                        //The node is visible add the attribute to the list of output attributes.
-                        result.add(attribute);
-                    }
-                } else if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
-                    /* except omit namespace node with local name xml, which defines
-                     * the xml prefix, if its string value is
-                     * http://www.w3.org/XML/1998/namespace.
-                     */
-                    // add the prefix binding to the ns symb table.
-                    if (isVisible(attribute))  {
-                        if (isRealVisible || !ns.removeMappingIfRender(NName)) {
-                            // The xpath select this node output it if needed.
-                            Node n = ns.addMappingAndRender(NName, NValue, attribute);
-                            if (n != null) {
-                                result.add((Attr)n);
-                                if (C14nHelper.namespaceIsRelative(attribute)) {
-                                    Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
-                                    throw new CanonicalizationException(
-                                        "c14n.Canonicalizer.RelativeNamespace", exArgs
-                                    );
-                                }
-                            }
-                        }
-                    } else {
-                        if (isRealVisible && !XMLNS.equals(NName)) {
-                            ns.removeMapping(NName);
-                        } else {
-                            ns.addMapping(NName, NValue, attribute);
-                        }
-                    }
-                }
-            }
-        }
-
-        if (isRealVisible) {
-            //The element is visible, handle the xmlns definition
-            Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
-            Node n = null;
-            if (xmlns == null) {
-                //No xmlns def just get the already defined.
-                n = ns.getMapping(XMLNS);
-            } else if (!isVisible(xmlns)) {
-                //There is a definition but the xmlns is not selected by the xpath.
-                //then xmlns=""
-                n = ns.addMappingAndRender(
-                        XMLNS, "", getNullNode(xmlns.getOwnerDocument()));
-            }
-            //output the xmlns def if needed.
-            if (n != null) {
-                result.add((Attr)n);
-            }
-            //Float all xml:* attributes of the unselected parent elements to this one.
-            xmlattrStack.getXmlnsAttr(result);
-            ns.getUnrenderedNodes(result);
-        }
-
-        return result.iterator();
-    }
-
-    protected void circumventBugIfNeeded(XMLSignatureInput input)
-        throws CanonicalizationException, ParserConfigurationException,
-        IOException, SAXException {
-        if (!input.isNeedsToBeExpanded()) {
-            return;
-        }
-        Document doc = null;
-        if (input.getSubNode() != null) {
-            doc = XMLUtils.getOwnerDocument(input.getSubNode());
-        } else {
-            doc = XMLUtils.getOwnerDocument(input.getNodeSet());
-        }
-        XMLUtils.circumventBug2650(doc);
-    }
-
-    protected void handleParent(Element e, NameSpaceSymbTable ns) {
-        if (!e.hasAttributes() && e.getNamespaceURI() == null) {
-            return;
-        }
-        xmlattrStack.push(-1);
-        NamedNodeMap attrs = e.getAttributes();
-        int attrsLength = attrs.getLength();
-        for (int i = 0; i < attrsLength; i++) {
-            Attr attribute = (Attr) attrs.item(i);
-            String NName = attribute.getLocalName();
-            String NValue = attribute.getNodeValue();
-
-            if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
-                if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
-                    ns.addMapping(NName, NValue, attribute);
-                }
-            } else if (!"id".equals(NName) && XML_LANG_URI.equals(attribute.getNamespaceURI())) {
-                xmlattrStack.addXmlnsAttr(attribute);
-            }
-        }
-        if (e.getNamespaceURI() != null) {
-            String NName = e.getPrefix();
-            String NValue = e.getNamespaceURI();
-            String Name;
-            if (NName == null || NName.equals("")) {
-                NName = "xmlns";
-                Name = "xmlns";
-            } else {
-                Name = "xmlns:" + NName;
-            }
-            Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
-            n.setValue(NValue);
-            ns.addMapping(NName, NValue, n);
-        }
-    }
-
-    private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
-        String bscheme = null;
-        String bauthority = null;
-        String bpath = "";
-        String bquery = null;
-
-        // pre-parse the baseURI
-        if (baseURI != null) {
-            if (baseURI.endsWith("..")) {
-                baseURI = baseURI + "/";
-            }
-            URI base = new URI(baseURI);
-            bscheme = base.getScheme();
-            bauthority = base.getAuthority();
-            bpath = base.getPath();
-            bquery = base.getQuery();
-        }
-
-        URI r = new URI(relativeURI);
-        String rscheme = r.getScheme();
-        String rauthority = r.getAuthority();
-        String rpath = r.getPath();
-        String rquery = r.getQuery();
-
-        String tscheme, tauthority, tpath, tquery;
-        if (rscheme != null && rscheme.equals(bscheme)) {
-            rscheme = null;
-        }
-        if (rscheme != null) {
-            tscheme = rscheme;
-            tauthority = rauthority;
-            tpath = removeDotSegments(rpath);
-            tquery = rquery;
-        } else {
-            if (rauthority != null) {
-                tauthority = rauthority;
-                tpath = removeDotSegments(rpath);
-                tquery = rquery;
-            } else {
-                if (rpath.length() == 0) {
-                    tpath = bpath;
-                    if (rquery != null) {
-                        tquery = rquery;
-                    } else {
-                        tquery = bquery;
-                    }
-                } else {
-                    if (rpath.startsWith("/")) {
-                        tpath = removeDotSegments(rpath);
-                    } else {
-                        if (bauthority != null && bpath.length() == 0) {
-                            tpath = "/" + rpath;
-                        } else {
-                            int last = bpath.lastIndexOf('/');
-                            if (last == -1) {
-                                tpath = rpath;
-                            } else {
-                                tpath = bpath.substring(0, last+1) + rpath;
-                            }
-                        }
-                        tpath = removeDotSegments(tpath);
-                    }
-                    tquery = rquery;
-                }
-                tauthority = bauthority;
-            }
-            tscheme = bscheme;
-        }
-        return new URI(tscheme, tauthority, tpath, tquery, null).toString();
-    }
-
-    private static String removeDotSegments(String path) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, "STEP   OUTPUT BUFFER\t\tINPUT BUFFER");
-        }
-
-        // 1. The input buffer is initialized with the now-appended path
-        // components then replace occurrences of "//" in the input buffer
-        // with "/" until no more occurrences of "//" are in the input buffer.
-        String input = path;
-        while (input.indexOf("//") > -1) {
-            input = input.replaceAll("//", "/");
-        }
-
-        // Initialize the output buffer with the empty string.
-        StringBuilder output = new StringBuilder();
-
-        // If the input buffer starts with a root slash "/" then move this
-        // character to the output buffer.
-        if (input.charAt(0) == '/') {
-            output.append("/");
-            input = input.substring(1);
-        }
-
-        printStep("1 ", output.toString(), input);
-
-        // While the input buffer is not empty, loop as follows
-        while (input.length() != 0) {
-            // 2A. If the input buffer begins with a prefix of "./",
-            // then remove that prefix from the input buffer
-            // else if the input buffer begins with a prefix of "../", then
-            // if also the output does not contain the root slash "/" only,
-            // then move this prefix to the end of the output buffer else
-            // remove that prefix
-            if (input.startsWith("./")) {
-                input = input.substring(2);
-                printStep("2A", output.toString(), input);
-            } else if (input.startsWith("../")) {
-                input = input.substring(3);
-                if (!output.toString().equals("/")) {
-                    output.append("../");
-                }
-                printStep("2A", output.toString(), input);
-                // 2B. if the input buffer begins with a prefix of "/./" or "/.",
-                // where "." is a complete path segment, then replace that prefix
-                // with "/" in the input buffer; otherwise,
-            } else if (input.startsWith("/./")) {
-                input = input.substring(2);
-                printStep("2B", output.toString(), input);
-            } else if (input.equals("/.")) {
-                // FIXME: what is complete path segment?
-                input = input.replaceFirst("/.", "/");
-                printStep("2B", output.toString(), input);
-                // 2C. if the input buffer begins with a prefix of "/../" or "/..",
-                // where ".." is a complete path segment, then replace that prefix
-                // with "/" in the input buffer and if also the output buffer is
-                // empty, last segment in the output buffer equals "../" or "..",
-                // where ".." is a complete path segment, then append ".." or "/.."
-                // for the latter case respectively to the output buffer else
-                // remove the last segment and its preceding "/" (if any) from the
-                // output buffer and if hereby the first character in the output
-                // buffer was removed and it was not the root slash then delete a
-                // leading slash from the input buffer; otherwise,
-            } else if (input.startsWith("/../")) {
-                input = input.substring(3);
-                if (output.length() == 0) {
-                    output.append("/");
-                } else if (output.toString().endsWith("../")) {
-                    output.append("..");
-                } else if (output.toString().endsWith("..")) {
-                    output.append("/..");
-                } else {
-                    int index = output.lastIndexOf("/");
-                    if (index == -1) {
-                        output = new StringBuilder();
-                        if (input.charAt(0) == '/') {
-                            input = input.substring(1);
-                        }
-                    } else {
-                        output = output.delete(index, output.length());
-                    }
-                }
-                printStep("2C", output.toString(), input);
-            } else if (input.equals("/..")) {
-                // FIXME: what is complete path segment?
-                input = input.replaceFirst("/..", "/");
-                if (output.length() == 0) {
-                    output.append("/");
-                } else if (output.toString().endsWith("../")) {
-                    output.append("..");
-                } else if (output.toString().endsWith("..")) {
-                    output.append("/..");
-                } else {
-                    int index = output.lastIndexOf("/");
-                    if (index == -1) {
-                        output = new StringBuilder();
-                        if (input.charAt(0) == '/') {
-                            input = input.substring(1);
-                        }
-                    } else {
-                        output = output.delete(index, output.length());
-                    }
-                }
-                printStep("2C", output.toString(), input);
-                // 2D. if the input buffer consists only of ".", then remove
-                // that from the input buffer else if the input buffer consists
-                // only of ".." and if the output buffer does not contain only
-                // the root slash "/", then move the ".." to the output buffer
-                // else delte it.; otherwise,
-            } else if (input.equals(".")) {
-                input = "";
-                printStep("2D", output.toString(), input);
-            } else if (input.equals("..")) {
-                if (!output.toString().equals("/")) {
-                    output.append("..");
-                }
-                input = "";
-                printStep("2D", output.toString(), input);
-                // 2E. move the first path segment (if any) in the input buffer
-                // to the end of the output buffer, including the initial "/"
-                // character (if any) and any subsequent characters up to, but not
-                // including, the next "/" character or the end of the input buffer.
-            } else {
-                int end = -1;
-                int begin = input.indexOf('/');
-                if (begin == 0) {
-                    end = input.indexOf('/', 1);
-                } else {
-                    end = begin;
-                    begin = 0;
-                }
-                String segment;
-                if (end == -1) {
-                    segment = input.substring(begin);
-                    input = "";
-                } else {
-                    segment = input.substring(begin, end);
-                    input = input.substring(end);
-                }
-                output.append(segment);
-                printStep("2E", output.toString(), input);
-            }
-        }
-
-        // 3. Finally, if the only or last segment of the output buffer is
-        // "..", where ".." is a complete path segment not followed by a slash
-        // then append a slash "/". The output buffer is returned as the result
-        // of remove_dot_segments
-        if (output.toString().endsWith("..")) {
-            output.append("/");
-            printStep("3 ", output.toString(), input);
-        }
-
-        return output.toString();
-    }
-
-    private static void printStep(String step, String output, String input) {
-        if (log.isLoggable(java.util.logging.Level.FINE)) {
-            log.log(java.util.logging.Level.FINE, " " + step + ":   " + output);
-            if (output.length() == 0) {
-                log.log(java.util.logging.Level.FINE, "\t\t\t\t" + input);
-            } else {
-                log.log(java.util.logging.Level.FINE, "\t\t\t" + input);
-            }
-        }
-    }
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,12 +25,11 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Sean Mullan
  */
-public class Canonicalizer11_OmitComments extends Canonicalizer11 {
+public class Canonicalizer11_OmitComments extends Canonicalizer20010315 {
 
     public Canonicalizer11_OmitComments() {
-        super(false);
+        super(false, true);
     }
 
     public final String engineGetURI() {
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,12 +25,11 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Sean Mullan
  */
-public class Canonicalizer11_WithComments extends Canonicalizer11 {
+public class Canonicalizer11_WithComments extends Canonicalizer20010315 {
 
     public Canonicalizer11_WithComments() {
-        super(true);
+        super(true, true);
     }
 
     public final String engineGetURI() {
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315.java	Tue Jun 19 08:06:35 2018 +0800
@@ -23,11 +23,7 @@
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
+import java.io.OutputStream;
 import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
@@ -38,9 +34,9 @@
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
@@ -51,97 +47,13 @@
  * Implements <A HREF="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">Canonical
  * XML Version 1.0</A>, a W3C Recommendation from 15 March 2001.
  *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
  */
 public abstract class Canonicalizer20010315 extends CanonicalizerBase {
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
 
     private boolean firstCall = true;
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
-    private static class XmlAttrStack {
-        static class XmlsStackElement {
-            int level;
-            boolean rendered = false;
-            List<Attr> nodes = new ArrayList<Attr>();
-        };
-
-        int currentLevel = 0;
-        int lastlevel = 0;
-        XmlsStackElement cur;
-        List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
-
-        void push(int level) {
-            currentLevel = level;
-            if (currentLevel == -1) {
-                return;
-            }
-            cur = null;
-            while (lastlevel >= currentLevel) {
-                levels.remove(levels.size() - 1);
-                int newSize = levels.size();
-                if (newSize == 0) {
-                    lastlevel = 0;
-                    return;
-                }
-                lastlevel = (levels.get(newSize - 1)).level;
-            }
-        }
-
-        void addXmlnsAttr(Attr n) {
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                levels.add(cur);
-                lastlevel = currentLevel;
-            }
-            cur.nodes.add(n);
-        }
-
-        void getXmlnsAttr(Collection<Attr> col) {
-            int size = levels.size() - 1;
-            if (cur == null) {
-                cur = new XmlsStackElement();
-                cur.level = currentLevel;
-                lastlevel = currentLevel;
-                levels.add(cur);
-            }
-            boolean parentRendered = false;
-            XmlsStackElement e = null;
-            if (size == -1) {
-                parentRendered = true;
-            } else {
-                e = levels.get(size);
-                if (e.rendered && e.level + 1 == currentLevel) {
-                    parentRendered = true;
-                }
-            }
-            if (parentRendered) {
-                col.addAll(cur.nodes);
-                cur.rendered = true;
-                return;
-            }
-
-            Map<String, Attr> loa = new HashMap<String, Attr>();
-            for (; size >= 0; size--) {
-                e = levels.get(size);
-                Iterator<Attr> it = e.nodes.iterator();
-                while (it.hasNext()) {
-                    Attr n = it.next();
-                    if (!loa.containsKey(n.getName())) {
-                        loa.put(n.getName(), n);
-                    }
-                }
-            }
-
-            cur.rendered = true;
-            col.addAll(loa.values());
-        }
-
-    }
-
-    private XmlAttrStack xmlattrStack = new XmlAttrStack();
+    private final XmlAttrStack xmlattrStack;
+    private final boolean c14n11;
 
     /**
      * Constructor Canonicalizer20010315
@@ -149,9 +61,22 @@
      * @param includeComments
      */
     public Canonicalizer20010315(boolean includeComments) {
+        this(includeComments, false);
+    }
+
+    /**
+     * Constructor Canonicalizer20010315
+     *
+     * @param includeComments
+     * @param c14n11 Whether this is a Canonical XML 1.1 implementation or not
+     */
+    public Canonicalizer20010315(boolean includeComments, boolean c14n11) {
         super(includeComments);
+        xmlattrStack = new XmlAttrStack(c14n11);
+        this.c14n11 = c14n11;
     }
 
+
     /**
      * Always throws a CanonicalizationException because this is inclusive c14n.
      *
@@ -183,28 +108,44 @@
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Always throws a CanonicalizationException because this is inclusive c14n.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @return none it always fails
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+
+        /** $todo$ well, should we throw UnsupportedOperationException ? */
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
+    }
+
+    /**
+     * Output the Attr[]s for the given element.
      * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
+     * The code of this method is a copy of {@link #outputAttributes(Element,
+     * NameSpaceSymbTable, Map<String, byte[]>)},
      * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
      * So if the element in question isRoot of c14n, it's parent is not in the
      * node set, as well as all other ancestors.
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         if (!element.hasAttributes() && !firstCall) {
-            return null;
+            return;
         }
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
@@ -246,11 +187,15 @@
             firstCall = false;
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Output the Attr[]s for the given element.
      * <br>
      * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a DOM which has
      * been prepared using {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
@@ -258,17 +203,17 @@
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
         xmlattrStack.push(ns.getLevel());
         boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
@@ -283,7 +228,15 @@
                 if (!XMLNS_URI.equals(NUri)) {
                     //A non namespace definition node.
                     if (XML_LANG_URI.equals(NUri)) {
-                        xmlattrStack.addXmlnsAttr(attribute);
+                        if (c14n11 && "id".equals(NName)) {
+                            if (isRealVisible) {
+                                // treat xml:id like any other attribute
+                                // (emit it, but don't inherit it)
+                                result.add(attribute);
+                            }
+                        } else {
+                            xmlattrStack.addXmlnsAttr(attribute);
+                        }
                     } else if (isRealVisible) {
                         //The node is visible add the attribute to the list of output attributes.
                         result.add(attribute);
@@ -339,7 +292,11 @@
             ns.getUnrenderedNodes(result);
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     protected void circumventBugIfNeeded(XMLSignatureInput input)
@@ -369,11 +326,12 @@
             String NName = attribute.getLocalName();
             String NValue = attribute.getNodeValue();
 
-            if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
-                if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
+            if (XMLNS_URI.equals(attribute.getNamespaceURI())) {
+                if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
                     ns.addMapping(NName, NValue, attribute);
                 }
-            } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())) {
+            } else if (XML_LANG_URI.equals(attribute.getNamespaceURI())
+                && (!c14n11 || c14n11 && !"id".equals(NName))) {
                 xmlattrStack.addXmlnsAttr(attribute);
             }
         }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315Excl.java	Tue Jun 19 08:06:35 2018 +0800
@@ -23,7 +23,8 @@
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
 import java.io.IOException;
-import java.util.Iterator;
+import java.io.OutputStream;
+import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -33,9 +34,9 @@
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces;
-import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
@@ -45,31 +46,25 @@
 /**
  * Implements &quot; <A
  * HREF="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">Exclusive XML
- * Canonicalization, Version 1.0 </A>&quot; <BR />
+ * Canonicalization, Version 1.0 </A>&quot; <p></p>
  * Credits: During restructuring of the Canonicalizer framework, Ren??
  * Kollmorgen from Software AG submitted an implementation of ExclC14n which
  * fitted into the old architecture and which based heavily on my old (and slow)
  * implementation of "Canonical XML". A big "thank you" to Ren?? for this.
- * <BR />
+ * <p></p>
  * <i>THIS </i> implementation is a complete rewrite of the algorithm.
  *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
- * @version $Revision: 1147448 $
- * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ Exclusive#">
- *          XML Canonicalization, Version 1.0</a>
+ * @see <a href="http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/">
+ *          Exclusive XML Canonicalization, Version 1.0</a>
  */
 public abstract class Canonicalizer20010315Excl extends CanonicalizerBase {
 
-    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
-    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
-
     /**
-      * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
-      * the inclusive namespaces.
-      */
+     * This Set contains the names (Strings like "xmlns" or "xmlns:foo") of
+     * the inclusive namespaces.
+     */
     private SortedSet<String> inclusiveNSSet;
-
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
+    private boolean propagateDefaultNamespace = false;
 
     /**
      * Constructor Canonicalizer20010315Excl
@@ -82,7 +77,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     * @inheritDoc
+     * {@inheritDoc}
      * @param rootNode
      *
      * @throws CanonicalizationException
@@ -94,7 +89,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     *  @inheritDoc
+     *  {@inheritDoc}
      * @param rootNode
      * @param inclusiveNamespaces
      *
@@ -108,6 +103,22 @@
 
     /**
      * Method engineCanonicalizeSubTree
+     *  {@inheritDoc}
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @param propagateDefaultNamespace If true the default namespace will be propagated to the c14n-ized root element
+     *
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace
+    ) throws CanonicalizationException {
+        this.propagateDefaultNamespace = propagateDefaultNamespace;
+        return engineCanonicalizeSubTree(rootNode, inclusiveNamespaces, null);
+    }
+
+    /**
+     * Method engineCanonicalizeSubTree
      * @param rootNode
      * @param inclusiveNamespaces
      * @param excl A element to exclude from the c14n process.
@@ -137,7 +148,7 @@
 
     /**
      * Method engineCanonicalizeXPathNodeSet
-     * @inheritDoc
+     * {@inheritDoc}
      * @param xpathNodeSet
      * @param inclusiveNamespaces
      * @throws CanonicalizationException
@@ -150,11 +161,11 @@
     }
 
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         // The prefix visibly utilized (in the attribute or in the name) in
         // the element
@@ -193,6 +204,13 @@
                 }
             }
         }
+        if (propagateDefaultNamespace && ns.getLevel() == 1 &&
+                inclusiveNSSet.contains(XMLNS) &&
+                ns.getMappingWithoutRendered(XMLNS) == null) {
+                ns.removeMapping(XMLNS);
+                ns.addMapping(
+                    XMLNS, "", getNullNode(element.getOwnerDocument()));
+        }
         String prefix = null;
         if (element.getNamespaceURI() != null
             && !(element.getPrefix() == null || element.getPrefix().length() == 0)) {
@@ -209,20 +227,22 @@
             }
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     /**
-     * @inheritDoc
-     * @param element
-     * @throws CanonicalizationException
+     * {@inheritDoc}
      */
     @Override
-    protected final Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
         // result will contain the attrs which have to be output
-        final SortedSet<Attr> result = this.result;
-        result.clear();
+        SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
         // The prefix visibly utilized (in the attribute or in the name) in
         // the element
@@ -312,7 +332,11 @@
             }
         }
 
-        return result.iterator();
+        OutputStream writer = getWriter();
+        //we output all Attrs which are available
+        for (Attr attr : result) {
+            outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+        }
     }
 
     protected void circumventBugIfNeeded(XMLSignatureInput input)
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclOmitComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -33,12 +33,12 @@
         super(false);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return false;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315ExclWithComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -37,12 +37,12 @@
         super(true);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315OmitComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,7 +25,6 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer20010315OmitComments extends Canonicalizer20010315 {
 
@@ -37,12 +36,12 @@
         super(false);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return false;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer20010315WithComments.java	Tue Jun 19 08:06:35 2018 +0800
@@ -25,7 +25,6 @@
 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
 
 /**
- * @author Christian Geuer-Pollmann
  */
 public class Canonicalizer20010315WithComments extends Canonicalizer20010315 {
 
@@ -36,12 +35,12 @@
         super(true);
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java	Tue Jun 19 08:06:35 2018 +0800
@@ -46,8 +46,9 @@
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Comment;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Document;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.ProcessingInstruction;
@@ -55,12 +56,14 @@
 
 /**
  * Abstract base class for canonicalization algorithms.
- *
- * @author Christian Geuer-Pollmann <geuerp@apache.org>
+ * Please note that these implementations are NOT thread safe - please see the following JIRA for more information:
+ * https://issues.apache.org/jira/browse/SANTUARIO-463
  */
 public abstract class CanonicalizerBase extends CanonicalizerSpi {
     public static final String XML = "xml";
     public static final String XMLNS = "xmlns";
+    public static final String XMLNS_URI = Constants.NamespaceSpecNS;
+    public static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
 
     protected static final AttrCompare COMPARE = new AttrCompare();
 
@@ -96,9 +99,9 @@
     private Node excludeNode;
     private OutputStream writer = new ByteArrayOutputStream();
 
-    /**
-     * The null xmlns definition.
-     */
+   /**
+    * The null xmlns definition.
+    */
     private Attr nullNode;
 
     /**
@@ -112,7 +115,7 @@
 
     /**
      * Method engineCanonicalizeSubTree
-     * @inheritDoc
+     * {@inheritDoc}
      * @param rootNode
      * @throws CanonicalizationException
      */
@@ -123,7 +126,7 @@
 
     /**
      * Method engineCanonicalizeXPathNodeSet
-     * @inheritDoc
+     * {@inheritDoc}
      * @param xpathNodeSet
      * @throws CanonicalizationException
      */
@@ -161,14 +164,12 @@
                 }
             }
             return null;
-        } catch (CanonicalizationException ex) {
-            throw new CanonicalizationException("empty", ex);
         } catch (ParserConfigurationException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (SAXException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -179,6 +180,10 @@
         this.writer = writer;
     }
 
+    protected OutputStream getWriter() {
+        return writer;
+    }
+
     /**
      * Canonicalizes a Subtree node.
      *
@@ -224,9 +229,9 @@
             return null;
 
         } catch (UnsupportedEncodingException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -243,7 +248,7 @@
     protected final void canonicalizeSubTree(
         Node currentNode, NameSpaceSymbTable ns, Node endnode, int documentLevel
     ) throws CanonicalizationException, IOException {
-        if (isVisibleInt(currentNode) == -1) {
+        if (currentNode == null || isVisibleInt(currentNode) == -1) {
             return;
         }
         Node sibling = null;
@@ -251,7 +256,7 @@
         final OutputStream writer = this.writer;
         final Node excludeNode = this.excludeNode;
         final boolean includeComments = this.includeComments;
-        Map<String, byte[]> cache = new HashMap<String, byte[]>();
+        Map<String, byte[]> cache = new HashMap<>();
         do {
             switch (currentNode.getNodeType()) {
 
@@ -259,7 +264,8 @@
             case Node.NOTATION_NODE :
             case Node.ATTRIBUTE_NODE :
                 // illegal node type during traversal
-                throw new CanonicalizationException("empty");
+                throw new CanonicalizationException("empty",
+                                                    new Object[]{"illegal node type during traversal"});
 
             case Node.DOCUMENT_FRAGMENT_NODE :
             case Node.DOCUMENT_NODE :
@@ -294,14 +300,8 @@
                 String name = currentElement.getTagName();
                 UtfHelpper.writeByte(name, writer, cache);
 
-                Iterator<Attr> attrs = this.handleAttributesSubtree(currentElement, ns);
-                if (attrs != null) {
-                    //we output all Attrs which are available
-                    while (attrs.hasNext()) {
-                        Attr attr = attrs.next();
-                        outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
-                    }
-                }
+                outputAttributesSubtree(currentElement, ns, cache);
+
                 writer.write('>');
                 sibling = currentNode.getFirstChild();
                 if (sibling == null) {
@@ -373,9 +373,9 @@
             }
             return null;
         } catch (UnsupportedEncodingException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         } catch (IOException ex) {
-            throw new CanonicalizationException("empty", ex);
+            throw new CanonicalizationException(ex);
         }
     }
 
@@ -403,9 +403,8 @@
         }
         Node sibling = null;
         Node parentNode = null;
-        OutputStream writer = this.writer;
         int documentLevel = NODE_BEFORE_DOCUMENT_ELEMENT;
-        Map<String, byte[]> cache = new HashMap<String, byte[]>();
+        Map<String, byte[]> cache = new HashMap<>();
         do {
             switch (currentNode.getNodeType()) {
 
@@ -413,7 +412,8 @@
             case Node.NOTATION_NODE :
             case Node.ATTRIBUTE_NODE :
                 // illegal node type during traversal
-                throw new CanonicalizationException("empty");
+                throw new CanonicalizationException("empty",
+                                                    new Object[]{"illegal node type during traversal"});
 
             case Node.DOCUMENT_FRAGMENT_NODE :
             case Node.DOCUMENT_NODE :
@@ -422,7 +422,7 @@
                 break;
 
             case Node.COMMENT_NODE :
-                if (this.includeComments && (isVisibleDO(currentNode, ns.getLevel()) == 1)) {
+                if (this.includeComments && isVisibleDO(currentNode, ns.getLevel()) == 1) {
                     outputCommentToWriter((Comment) currentNode, writer, documentLevel);
                 }
                 break;
@@ -438,8 +438,8 @@
                 if (isVisible(currentNode)) {
                     outputTextToWriter(currentNode.getNodeValue(), writer);
                     for (Node nextSibling = currentNode.getNextSibling();
-                        (nextSibling != null) && ((nextSibling.getNodeType() == Node.TEXT_NODE)
-                            || (nextSibling.getNodeType() == Node.CDATA_SECTION_NODE));
+                        nextSibling != null && (nextSibling.getNodeType() == Node.TEXT_NODE
+                            || nextSibling.getNodeType() == Node.CDATA_SECTION_NODE);
                         nextSibling = nextSibling.getNextSibling()) {
                         outputTextToWriter(nextSibling.getNodeValue(), writer);
                         currentNode = nextSibling;
@@ -458,7 +458,7 @@
                     sibling = currentNode.getNextSibling();
                     break;
                 }
-                currentNodeIsVisible = (i == 1);
+                currentNodeIsVisible = i == 1;
                 if (currentNodeIsVisible) {
                     ns.outputNodePush();
                     writer.write('<');
@@ -468,14 +468,8 @@
                     ns.push();
                 }
 
-                Iterator<Attr> attrs = handleAttributes(currentElement,ns);
-                if (attrs != null) {
-                    //we output all Attrs which are available
-                    while (attrs.hasNext()) {
-                        Attr attr = attrs.next();
-                        outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
-                    }
-                }
+                outputAttributes(currentElement, ns, cache);
+
                 if (currentNodeIsVisible) {
                     writer.write('>');
                 }
@@ -535,13 +529,13 @@
         if (nodeFilter != null) {
             Iterator<NodeFilter> it = nodeFilter.iterator();
             while (it.hasNext()) {
-                int i = (it.next()).isNodeIncludeDO(currentNode, level);
+                int i = it.next().isNodeIncludeDO(currentNode, level);
                 if (i != 1) {
                     return i;
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return 0;
         }
         return 1;
@@ -551,13 +545,13 @@
         if (nodeFilter != null) {
             Iterator<NodeFilter> it = nodeFilter.iterator();
             while (it.hasNext()) {
-                int i = (it.next()).isNodeInclude(currentNode);
+                int i = it.next().isNodeInclude(currentNode);
                 if (i != 1) {
                     return i;
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return 0;
         }
         return 1;
@@ -572,7 +566,7 @@
                 }
             }
         }
-        if ((this.xpathNodeSet != null) && !this.xpathNodeSet.contains(currentNode)) {
+        if (this.xpathNodeSet != null && !this.xpathNodeSet.contains(currentNode)) {
             return false;
         }
         return true;
@@ -621,7 +615,7 @@
             return;
         }
         //Obtain all the parents of the element
-        List<Element> parents = new ArrayList<Element>();
+        List<Element> parents = new ArrayList<>();
         Node parent = n1;
         while (parent != null && Node.ELEMENT_NODE == parent.getNodeType()) {
             parents.add((Element)parent);
@@ -634,35 +628,34 @@
             handleParent(ele, ns);
         }
         parents.clear();
-        Attr nsprefix;
-        if (((nsprefix = ns.getMappingWithoutRendered(XMLNS)) != null)
-                && "".equals(nsprefix.getValue())) {
+        Attr nsprefix = ns.getMappingWithoutRendered(XMLNS);
+        if (nsprefix != null && "".equals(nsprefix.getValue())) {
             ns.addMappingAndRender(
                     XMLNS, "", getNullNode(nsprefix.getOwnerDocument()));
         }
     }
 
     /**
-     * Obtain the attributes to output for this node in XPathNodeSet c14n.
+     * Output the attributes for this node in XPathNodeSet c14n.
      *
      * @param element
      * @param ns
-     * @return the attributes nodes to output.
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
-    abstract Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException;
+    abstract void outputAttributes(Element element, NameSpaceSymbTable ns, Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException;
 
     /**
-     * Obtain the attributes to output for this node in a Subtree c14n.
+     * Output the attributes for this node in a Subtree c14n.
      *
      * @param element
      * @param ns
-     * @return the attributes nodes to output.
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
-    abstract Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException;
+    abstract void outputAttributesSubtree(Element element, NameSpaceSymbTable ns, Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException;
 
     abstract void circumventBugIfNeeded(XMLSignatureInput input)
         throws CanonicalizationException, ParserConfigurationException, IOException, SAXException;
@@ -672,13 +665,13 @@
      *
      * The string value of the node is modified by replacing
      * <UL>
-     * <LI>all ampersands (&) with <CODE>&amp;amp;</CODE></LI>
-     * <LI>all open angle brackets (<) with <CODE>&amp;lt;</CODE></LI>
-     * <LI>all quotation mark characters with <CODE>&amp;quot;</CODE></LI>
-     * <LI>and the whitespace characters <CODE>#x9</CODE>, #xA, and #xD, with character
+     * <LI>all ampersands with {@code &amp;amp;}</LI>
+     * <LI>all open angle brackets with {@code &amp;lt;}</LI>
+     * <LI>all quotation mark characters with {@code &amp;quot;}</LI>
+     * <LI>and the whitespace characters {@code #x9}, #xA, and #xD, with character
      * references. The character references are written in uppercase
-     * hexadecimal with no leading zeroes (for example, <CODE>#xD</CODE> is represented
-     * by the character reference <CODE>&amp;#xD;</CODE>)</LI>
+     * hexadecimal with no leading zeroes (for example, {@code #xD} is represented
+     * by the character reference {@code &amp;#xD;})</LI>
      * </UL>
      *
      * @param name
@@ -697,7 +690,8 @@
         final int length = value.length();
         int i = 0;
         while (i < length) {
-            char c = value.charAt(i++);
+            int c = value.codePointAt(i);
+            i += Character.charCount(c);
 
             switch (c) {
 
@@ -729,7 +723,7 @@
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
                 continue;
             }
@@ -757,15 +751,16 @@
         final String target = currentPI.getTarget();
         int length = target.length();
 
-        for (int i = 0; i < length; i++) {
-            char c = target.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = target.codePointAt(i);
+            i += Character.charCount(c);
             if (c == 0x0D) {
                 writer.write(XD.clone());
             } else {
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -777,12 +772,13 @@
         if (length > 0) {
             writer.write(' ');
 
-            for (int i = 0; i < length; i++) {
-                char c = data.charAt(i);
+            for (int i = 0; i < length; ) {
+                int c = data.codePointAt(i);
+                i += Character.charCount(c);
                 if (c == 0x0D) {
                     writer.write(XD.clone());
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -811,15 +807,16 @@
         final String data = currentComment.getData();
         final int length = data.length();
 
-        for (int i = 0; i < length; i++) {
-            char c = data.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = data.codePointAt(i);
+            i += Character.charCount(c);
             if (c == 0x0D) {
                 writer.write(XD.clone());
             } else {
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
             }
         }
@@ -842,8 +839,9 @@
     ) throws IOException {
         final int length = text.length();
         byte[] toWrite;
-        for (int i = 0; i < length; i++) {
-            char c = text.charAt(i);
+        for (int i = 0; i < length; ) {
+            int c = text.codePointAt(i);
+            i += Character.charCount(c);
 
             switch (c) {
 
@@ -867,7 +865,7 @@
                 if (c < 0x80) {
                     writer.write(c);
                 } else {
-                    UtfHelpper.writeCharToUtf8(c, writer);
+                    UtfHelpper.writeCodePointToUtf8(c, writer);
                 }
                 continue;
             }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerPhysical.java	Tue Jun 19 08:06:35 2018 +0800
@@ -24,7 +24,7 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Iterator;
+import java.util.Map;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -36,6 +36,7 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Comment;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
@@ -54,8 +55,6 @@
  */
 public class CanonicalizerPhysical extends CanonicalizerBase {
 
-    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-
     /**
      * Constructor Canonicalizer20010315
      */
@@ -94,31 +93,43 @@
     }
 
     /**
-     * Returns the Attr[]s to be output for the given element.
+     * Always throws a CanonicalizationException.
+     *
+     * @param rootNode
+     * @param inclusiveNamespaces
+     * @return none it always fails
+     * @throws CanonicalizationException
+     */
+    public byte[] engineCanonicalizeSubTree(
+            Node rootNode, String inclusiveNamespaces, boolean propagateDefaultNamespace)
+            throws CanonicalizationException {
+
+        /** $todo$ well, should we throw UnsupportedOperationException ? */
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
+    }
+
+    /**
+     * Output the Attr[]s for the given element.
      * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
+     * The code of this method is a copy of {@link #outputAttributes(Element,
+     * NameSpaceSymbTable, Map<String, byte[]>)},
      * whereas it takes into account that subtree-c14n is -- well -- subtree-based.
      * So if the element in question isRoot of c14n, it's parent is not in the
      * node set, as well as all other ancestors.
      *
      * @param element
      * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
+     * @param cache
+     * @throws CanonicalizationException, DOMException, IOException
      */
     @Override
-    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        if (!element.hasAttributes()) {
-            return null;
-        }
+    protected void outputAttributesSubtree(Element element, NameSpaceSymbTable ns,
+                                           Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
+        if (element.hasAttributes()) {
+            // result will contain all the attrs declared directly on that element
+            SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
-        // result will contain all the attrs declared directly on that element
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-
-        if (element.hasAttributes()) {
             NamedNodeMap attrs = element.getAttributes();
             int attrsLength = attrs.getLength();
 
@@ -126,22 +137,19 @@
                 Attr attribute = (Attr) attrs.item(i);
                 result.add(attribute);
             }
+
+            OutputStream writer = getWriter();
+            //we output all Attrs which are available
+            for (Attr attr : result) {
+                outputAttrToWriter(attr.getNodeName(), attr.getNodeValue(), writer, cache);
+            }
         }
-
-        return result.iterator();
     }
 
-    /**
-     * Returns the Attr[]s to be output for the given element.
-     *
-     * @param element
-     * @param ns
-     * @return the Attr[]s to be output
-     * @throws CanonicalizationException
-     */
     @Override
-    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
+    protected void outputAttributes(Element element, NameSpaceSymbTable ns,
+                                    Map<String, byte[]> cache)
+        throws CanonicalizationException, DOMException, IOException {
 
         /** $todo$ well, should we throw UnsupportedOperationException ? */
         throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
@@ -157,12 +165,12 @@
         // nothing to do
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final String engineGetURI() {
         return Canonicalizer.ALGO_ID_C14N_PHYSICAL;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public final boolean engineGetIncludeComments() {
         return true;
     }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/NameSpaceSymbTable.java	Tue Jun 19 08:06:35 2018 +0800
@@ -35,7 +35,6 @@
  * A stack based Symbol Table.
  *<br>For speed reasons all the symbols are introduced in the same map,
  * and at the same time in a list so it can be removed when the frame is pop back.
- * @author Raul Benito
  */
 public class NameSpaceSymbTable {
 
@@ -59,7 +58,7 @@
      * Default constractor
      **/
     public NameSpaceSymbTable() {
-        level = new ArrayList<SymbMap>();
+        level = new ArrayList<>();
         //Insert the default binding for xmlns.
         symb = (SymbMap) initialMap.clone();
     }
@@ -74,7 +73,7 @@
         while (it.hasNext()) {
             NameSpaceSymbEntry n = it.next();
             //put them rendered?
-            if ((!n.rendered) && (n.n != null)) {
+            if (!n.rendered && n.n != null) {
                 n = (NameSpaceSymbEntry) n.clone();
                 needsClone();
                 symb.put(n.prefix, n);
@@ -123,7 +122,7 @@
             if (size == 0) {
                 cloned = false;
             } else {
-                cloned = (level.get(size - 1) != symb);
+                cloned = level.get(size - 1) != symb;
             }
         } else {
             cloned = false;
@@ -191,7 +190,7 @@
      **/
     public boolean addMapping(String prefix, String uri, Attr n) {
         NameSpaceSymbEntry ob = symb.get(prefix);
-        if ((ob != null) && uri.equals(ob.uri)) {
+        if (ob != null && uri.equals(ob.uri)) {
             //If we have it previously defined. Don't keep working.
             return false;
         }
@@ -203,7 +202,7 @@
             //We have a previous definition store it for the pop.
             //Check if a previous definition(not the inmidiatly one) has been rendered.
             ne.lastrendered = ob.lastrendered;
-            if ((ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
+            if (ob.lastrendered != null && ob.lastrendered.equals(uri)) {
                 //Yes it is. Mark as rendered.
                 ne.rendered = true;
             }
@@ -222,7 +221,7 @@
     public Node addMappingAndRender(String prefix, String uri, Attr n) {
         NameSpaceSymbEntry ob = symb.get(prefix);
 
-        if ((ob != null) && uri.equals(ob.uri)) {
+        if (ob != null && uri.equals(ob.uri)) {
             if (!ob.rendered) {
                 ob = (NameSpaceSymbEntry) ob.clone();
                 needsClone();
@@ -234,11 +233,11 @@
             return null;
         }
 
-        NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri,n,true,prefix);
+        NameSpaceSymbEntry ne = new NameSpaceSymbEntry(uri, n, true, prefix);
         ne.lastrendered = uri;
         needsClone();
         symb.put(prefix, ne);
-        if ((ob != null) && (ob.lastrendered != null) && (ob.lastrendered.equals(uri))) {
+        if (ob != null && ob.lastrendered != null && ob.lastrendered.equals(uri)) {
             ne.rendered = true;
             return null;
         }
@@ -304,7 +303,7 @@
         this.prefix = prefix;
     }
 
-    /** @inheritDoc */
+    /** {@inheritDoc} */
     public Object clone() {
         try {
             return super.clone();
@@ -312,7 +311,7 @@
             return null;
         }
     }
-};
+}
 
 class SymbMap implements Cloneable {
     int free = 23;
@@ -329,7 +328,7 @@
         Object oldKey = keys[index];
         keys[index] = key;
         entries[index] = value;
-        if ((oldKey == null || !oldKey.equals(key)) && (--free == 0)) {
+        if ((oldKey == null || !oldKey.equals(key)) && --free == 0) {
             free = entries.length;
             int newCapacity = free << 2;
             rehash(newCapacity);
@@ -337,9 +336,9 @@
     }
 
     List<NameSpaceSymbEntry> entrySet() {
-        List<NameSpaceSymbEntry> a = new ArrayList<NameSpaceSymbEntry>();
+        List<NameSpaceSymbEntry> a = new ArrayList<>();
         for (int i = 0;i < entries.length;i++) {
-            if ((entries[i] != null) && !("".equals(entries[i].uri))) {
+            if (entries[i] != null && !"".equals(entries[i].uri)) {
                 a.add(entries[i]);
             }
         }
@@ -353,21 +352,21 @@
         int index = (obj.hashCode() & 0x7fffffff) % length;
         Object cur = set[index];
 
-        if (cur == null || (cur.equals(obj))) {
+        if (cur == null || cur.equals(obj)) {
             return index;
         }
         length--;
         do {
             index = index == length ? 0 : ++index;
             cur = set[index];
-        } while (cur != null && (!cur.equals(obj)));
+        } while (cur != null && !cur.equals(obj));
         return index;
     }
 
     /**
      * rehashes the map to the new capacity.
      *
-     * @param newCapacity an <code>int</code> value
+     * @param newCapacity an {@code int} value
      */
     protected void rehash(int newCapacity) {
         int oldCapacity = keys.length;
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java	Mon Jun 18 15:24:48 2018 -0700
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/UtfHelpper.java	Tue Jun 19 08:06:35 2018 +0800
@@ -24,11 +24,27 @@
 
 import java.io.IOException;
 import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Map;
 
-public class UtfHelpper {
+public final class UtfHelpper {
 
-    static final void writeByte(
+    /**
+     * Revert to the old behavior (version 2 or before), i.e. surrogate pairs characters becomes
+     * '??' in output. Set system property com.sun.org.apache.xml.internal.security.c14n.oldUtf8=true if you want
+     * to verify signatures generated by version 2 or before that contains 32 bit chars in the
+     * XML document.
+     */
+    private static final boolean OLD_UTF8 =
+        AccessController.doPrivileged((PrivilegedAction<Boolean>)
+            () -> Boolean.getBoolean("com.sun.org.apache.xml.internal.security.c14n.oldUtf8"));
+
+    private UtfHelpper() {
+        // complete
+    }
+
+    public static void writeByte(
         final String str,
         final OutputStream out,
         Map<String, byte[]> cache
@@ -42,12 +58,73 @@
         out.write(result);
     }
 
-    static final void writeCharToUtf8(final char c, final OutputStream out) throws IOException {
+    public static void writeCodePointToUtf8(final int c, final OutputStream out) throws IOException {
+        if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+            // valid code point: c >= 0x0000 && c <= 0x10FFFF
+            out.write(0x3f);
+            return;
+        }
+        if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+            // version 2 or before output 2 question mark characters for 32 bit chars
+            out.write(0x3f);
+            out.write(0x3f);
+            return;
+        }
+
+        if (c < 0x80) {
+            // 0x00000000 - 0x0000007F
+            // 0xxxxxxx
+            out.write(c);
+            return;
+        }
+        byte extraByte = 0;
+        if (c < 0x800) {
+            // 0x00000080 - 0x000007FF
+            // 110xxxxx 10xxxxxx
+            extraByte = 1;
+        } else if (c < 0x10000) {
+            // 0x00000800 - 0x0000FFFF
+            // 1110xxxx 10xxxxxx 10xxxxxx
+            extraByte = 2;
+        } else if (c < 0x200000) {
+            // 0x00010000 - 0x001FFFFF
+            // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+            extraByte = 3;
+        } else if (c < 0x4000000) {
+            // 0x00200000 - 0x03FFFFFF
+            // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+            // already outside valid Character range, just for completeness
+            extraByte = 4;
+        } else if (c <= 0x7FFFFFFF) {
+            // 0x04000000 - 0x7FFFFFFF
+            // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+            // already outside valid Character range, just for completeness
+            extraByte = 5;
+        } else {
+            // 0x80000000 - 0xFFFFFFFF
+            // case not possible as java has no unsigned int
+            out.write(0x3f);
+            return;
+        }
+
+        byte write;
+        int shift = 6 * extraByte;
+        write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+        out.write(write);
+        for (int i = extraByte - 1; i >= 0; i--) {
+            shift -= 6;
+            write = (byte)(0x80 | ((c >>> shift) & 0x3F));
+            out.write(write);
+        }
+    }
+
+    @Deprecated
+    public static void writeCharToUtf8(final char c, final OutputStream out) throws IOException {
         if (c < 0x80) {
             out.write(c);
             return;
         }
-        if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
+        if (c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
             //No Surrogates in sun java
             out.write(0x3f);
             return;
@@ -59,7 +136,7 @@
             ch = (char)(c>>>12);
             write = 0xE0;
             if (ch > 0) {
-                write |= (ch & 0x0F);
+                write |= ch & 0x0F;
             }
             out.write(write);
             write = 0x80;
@@ -70,104 +147,149 @@
         }
         ch = (char)(c>>>6);
         if (ch > 0) {
-            write |= (ch & bias);
+            write |= ch & bias;
         }
         out.write(write);
         out.write(0x80 | ((c) & 0x3F));
 
     }
 
-    static final void writeStringToUtf8(
-        final String str,
-        final OutputStream out
-    ) throws IOException{
+    public static void writeStringToUtf8(
+        final String str, final OutputStream out
+    ) throws IOException {
         final int length = str.length();
         int i = 0;
-        char c;
+        int c;
         while (i < length) {
-            c = str.charAt(i++);
+            c = str.codePointAt(i);
+            i += Character.charCount(c);
+            if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+                // valid code point: c >= 0x0000 && c <= 0x10FFFF
+                out.write(0x3f);
+                continue;
+            }
+            if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+                // version 2 or before output 2 question mark characters for 32 bit chars
+                out.write(0x3f);
+                out.write(0x3f);
+                continue;
+            }
             if (c < 0x80)  {
                 out.write(c);
                 continue;
             }
-            if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
-                //No Surrogates in sun java
+            byte extraByte = 0;
+            if (c < 0x800) {
+                // 0x00000080 - 0x000007FF
+                // 110xxxxx 10xxxxxx
+                extraByte = 1;
+            } else if (c < 0x10000) {
+                // 0x00000800 - 0x0000FFFF
+                // 1110xxxx 10xxxxxx 10xxxxxx
+                extraByte = 2;
+            } else if (c < 0x200000) {
+                // 0x00010000 - 0x001FFFFF
+                // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+                extraByte = 3;
+            } else if (c < 0x4000000) {
+                // 0x00200000 - 0x03FFFFFF
+                // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 4;
+            } else if (c <= 0x7FFFFFFF) {
+                // 0x04000000 - 0x7FFFFFFF
+                // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 5;
+            } else {
+                // 0x80000000 - 0xFFFFFFFF
+                // case not possible as java has no unsigned int
                 out.write(0x3f);
                 continue;
             }
-            char ch;
-            int bias;
-            int write;
-            if (c > 0x07FF) {
-                ch = (char)(c>>>12);
-                write = 0xE0;
-                if (ch > 0) {
-                    write |= (ch & 0x0F);
-                }
+            byte write;
+            int shift = 6 * extraByte;
+            write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+            out.write(write);
+            for (int j = extraByte - 1; j >= 0; j--) {
+                shift -= 6;
+                write = (byte)(0x80 | ((c >>> shift) & 0x3F));
                 out.write(write);
-                write = 0x80;
-                bias = 0x3F;
-            } else {
-                write = 0xC0;
-                bias = 0x1F;
             }
-            ch = (char)(c>>>6);
-            if (ch > 0) {
-                write |= (ch & bias);
-            }
-            out.write(write);
-            out.write(0x80 | ((c) & 0x3F));
 
         }
 
     }
 
-    public static final byte[] getStringInUtf8(final String str) {
+    public static byte[] getStringInUtf8(final String str) {
         final int length = str.length();
         boolean expanded = false;
         byte[] result = new byte[length];
         int i = 0;
         int out = 0;
-        char c;
+        int c;
         while (i < length) {
-            c = str.charAt(i++);
+            c = str.codePointAt(i);
+            i += Character.charCount(c);
+            if (!Character.isValidCodePoint(c) || c >= 0xD800 && c <= 0xDBFF || c >= 0xDC00 && c <= 0xDFFF) {
+                // valid code point: c >= 0x0000 && c <= 0x10FFFF
+                result[out++] = (byte)0x3f;
+                continue;
+            }
+            if (OLD_UTF8 && c >= Character.MIN_SUPPLEMENTARY_CODE_POINT) {
+                // version 2 or before output 2 question mark characters for 32 bit chars
+                result[out++] = (byte)0x3f;
+                result[out++] = (byte)0x3f;
+                continue;
+            }
             if (c < 0x80) {
                 result[out++] = (byte)c;
                 continue;
             }
-            if ((c >= 0xD800 && c <= 0xDBFF) || (c >= 0xDC00 && c <= 0xDFFF)) {
-                //No Surrogates in sun java
-                result[out++] = 0x3f;
-                continue;
-            }
             if (!expanded) {
-                byte newResult[] = new byte[3*length];
+                byte newResult[] = new byte[6*length];
                 System.arraycopy(result, 0, newResult, 0, out);
                 result = newResult;
                 expanded = true;
             }
-            char ch;
-            int bias;
+            byte extraByte = 0;
+            if (c < 0x800) {
+                // 0x00000080 - 0x000007FF
+                // 110xxxxx 10xxxxxx
+                extraByte = 1;
+            } else if (c < 0x10000) {
+                // 0x00000800 - 0x0000FFFF
+                // 1110xxxx 10xxxxxx 10xxxxxx
+                extraByte = 2;
+            } else if (c < 0x200000) {
+                // 0x00010000 - 0x001FFFFF
+                // 11110xxx 10xxxxx 10xxxxxx 10xxxxxx
+                extraByte = 3;
+            } else if (c < 0x4000000) {
+                // 0x00200000 - 0x03FFFFFF
+                // 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 4;
+            } else if (c <= 0x7FFFFFFF) {
+                // 0x04000000 - 0x7FFFFFFF
+                // 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+                // already outside valid Character range, just for completeness
+                extraByte = 5;
+            } else {
+                // 0x80000000 - 0xFFFFFFFF
+                // case not possible as java has no unsigned int
+                result[out++] = 0x3f;
+                continue;
+            }
             byte write;
-            if (c > 0x07FF) {
-                ch = (char)(c>>>12);
-                write = (byte)0xE0;
-                if (ch > 0) {
-                    write |= (ch & 0x0F);
-                }
+            int shift = 6 * extraByte;
+            write = (byte)((0xFE << (6 - extraByte)) | (c >>> shift));
+            result[out++] = write;
+            for (int j = extraByte - 1; j >= 0; j--) {
+                shift -= 6;
+                write = (byte)(0x80 | ((c >>> shift) & 0x3F));
                 result[out++] = write;
-                write = (byte)0x80;
-                bias = 0x3F;
-            } else {
-                write = (byte)0xC0;
-                bias = 0x1F;
             }
-            ch = (char)(c>>>6);
-            if (ch > 0) {
-                write |= (ch & bias);
-            }
-            result[out++] = write;
-            result[out++] = (byte)(0x80 | ((c) & 0x3F));
         }
         if (expanded) {
             byte newResult[] = new byte[out];
@@ -176,5 +298,4 @@
         }
         return result;
     }
-
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/XmlAttrStack.java	Tue Jun 19 08:06:35 2018 +0800
@@ -0,0 +1,412 @@
+/*
+ * reserved comment block
+ * DO NOT REMOVE OR ALTER!
+ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.sun.org.apache.xml.internal.security.c14n.implementations;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.w3c.dom.Attr;
+
+/**
+ * An XmlAttrStack that is shared between the Canonical XML 1.0 and 1.1 implementations.
+ */
+class XmlAttrStack {
+
+    private static final com.sun.org.slf4j.internal.Logger LOG =
+        com.sun.org.slf4j.internal.LoggerFactory.getLogger(XmlAttrStack.class);
+
+    static class XmlsStackElement {
+        int level;
+        boolean rendered = false;
+        List<Attr> nodes = new ArrayList<>();
+    }
+
+    private int currentLevel = 0;
+    private int lastlevel = 0;
+    private XmlsStackElement cur;
+    private List<XmlsStackElement> levels = new ArrayList<>();
+    private boolean c14n11;
+
+    public XmlAttrStack(boolean c14n11) {
+        this.c14n11 = c14n11;
+    }
+
+    void push(int level) {
+        currentLevel = level;
+        if (currentLevel == -1) {
+            return;
+        }
+        cur = null;
+        while (lastlevel >= currentLevel) {
+            levels.remove(levels.size() - 1);
+            int newSize = levels.size();
+            if (newSize == 0) {
+                lastlevel = 0;
+                return;
+            }
+            lastlevel = levels.get(newSize - 1).level;
+        }
+    }
+
+    void addXmlnsAttr(Attr n) {
+        if (cur == null) {
+            cur = new XmlsStackElement();
+            cur.level = currentLevel;
+            levels.add(cur);
+            lastlevel = currentLevel;
+        }
+        cur.nodes.add(n);
+    }
+
+    void getXmlnsAttr(Collection<Attr> col) {
+        int size = levels.size() - 1;
+        if (cur == null) {
+            cur = new XmlsStackElement();
+            cur.level = currentLevel;
+            lastlevel = currentLevel;
+            levels.add(cur);
+        }
+        boolean parentRendered = false;
+        XmlsStackElement e = null;
+        if (size == -1) {
+            parentRendered = true;
+        } else {
+            e = levels.get(size);
+            if (e.rendered && e.level + 1 == currentLevel) {
+                parentRendered = true;
+            }
+        }
+        if (parentRendered) {
+            col.addAll(cur.nodes);
+            cur.rendered = true;
+            return;
+        }
+
+        Map<String, Attr> loa = new HashMap<>();
+        if (c14n11) {
+            List<Attr> baseAttrs = new ArrayList<>();
+            boolean successiveOmitted = true;
+            for (; size >= 0; size--) {
+                e = levels.get(size);
+                if (e.rendered) {
+                    successiveOmitted = false;
+                }
+                Iterator<Attr> it = e.nodes.iterator();
+                while (it.hasNext() && successiveOmitted) {
+                    Attr n = it.next();
+                    if (n.getLocalName().equals("base") && !e.rendered) {
+                        baseAttrs.add(n);
+                    } else if (!loa.containsKey(n.getName())) {
+                        loa.put(n.getName(), n);
+                    }
+                }
+            }
+            if (!baseAttrs.isEmpty()) {
+                Iterator<Attr> it = col.iterator();
+                String base = null;
+                Attr baseAttr = null;
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (n.getLocalName().equals("base")) {
+                        base = n.getValue();
+                        baseAttr = n;
+                        break;
+                    }
+                }
+                it = baseAttrs.iterator();
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (base == null) {
+                        base = n.getValue();
+                        baseAttr = n;
+                    } else {
+                        try {
+                            base = joinURI(n.getValue(), base);
+                        } catch (URISyntaxException ue) {
+                            LOG.debug(ue.getMessage(), ue);
+                        }
+                    }
+                }
+                if (base != null && base.length() != 0) {
+                    baseAttr.setValue(base);
+                    col.add(baseAttr);
+                }
+            }
+        } else {
+            for (; size >= 0; size--) {
+                e = levels.get(size);
+                Iterator<Attr> it = e.nodes.iterator();
+                while (it.hasNext()) {
+                    Attr n = it.next();
+                    if (!loa.containsKey(n.getName())) {
+                        loa.put(n.getName(), n);
+                    }
+                }
+            }
+        }
+
+        cur.rendered = true;
+        col.addAll(loa.values());
+    }
+
+    private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
+        String bscheme = null;
+        String bauthority = null;
+        String bpath = "";
+        String bquery = null;
+
+        // pre-parse the baseURI
+        if (baseURI != null) {
+            if (baseURI.endsWith("..")) {
+                baseURI = baseURI + "/";
+            }
+            URI base = new URI(baseURI);
+            bscheme = base.getScheme();
+            bauthority = base.getAuthority();
+            bpath = base.getPath();
+            bquery = base.getQuery();
+        }
+
+        URI r = new URI(relativeURI);
+        String rscheme = r.getScheme();
+        String rauthority = r.getAuthority();
+        String rpath = r.getPath();
+        String rquery = r.getQuery();
+
+        String tscheme, tauthority, tpath, tquery;
+        if (rscheme != null && rscheme.equals(bscheme)) {
+            rscheme = null;
+        }
+        if (rscheme != null) {
+            tscheme = rscheme;
+            tauthority = rauthority;
+            tpath = removeDotSegments(rpath);
+            tquery = rquery;
+        } else {
+            if (rauthority != null) {
+                tauthority = rauthority;
+                tpath = removeDotSegments(rpath);
+                tquery = rquery;
+            } else {
+                if (rpath.length() == 0) {
+                    tpath = bpath;
+                    if (rquery != null) {
+                        tquery = rquery;
+                    } else {
+                        tquery = bquery;
+                    }
+                } else {
+                    if (rpath.startsWith("/")) {
+                        tpath = removeDotSegments(rpath);
+                    } else {
+                        if (bauthority != null && bpath.length() == 0) {
+                            tpath = "/" + rpath;
+                        } else {
+                            int last = bpath.lastIndexOf('/');
+                            if (last == -1) {
+                                tpath = rpath;
+                            } else {
+                                tpath = bpath.substring(0, last+1) + rpath;
+                            }
+                        }
+                        tpath = removeDotSegments(tpath);
+                    }
+                    tquery = rquery;
+                }
+                tauthority = bauthority;
+            }
+            tscheme = bscheme;
+        }
+        return new URI(tscheme, tauthority, tpath, tquery, null).toString();
+    }
+
+    private static String removeDotSegments(String path) {
+        LOG.debug("STEP OUTPUT BUFFER\t\tINPUT BUFFER");
+
+        // 1. The input buffer is initialized with the now-appended path
+        // components then replace occurrences of "//" in the input buffer
+        // with "/" until no more occurrences of "//" are in the input buffer.
+        String input = path;
+        while (input.indexOf("//") > -1) {
+            input = input.replaceAll("//", "/");
+        }
+
+        // Initialize the output buffer with the empty string.
+        StringBuilder output = new StringBuilder();
+
+        // If the input buffer starts with a root slash "/" then move this
+        // character to the output buffer.
+        if (input.charAt(0) == '/') {
+            output.append("/");
+            input = input.substring(1);
+        }
+
+        printStep("1 ", output.toString(), input);
+
+        // While the input buffer is not empty, loop as follows
+        while (input.length() != 0) {
+            // 2A. If the input buffer begins with a prefix of "./",
+            // then remove that prefix from the input buffer
+            // else if the input buffer begins with a prefix of "../", then
+            // if also the output does not contain the root slash "/" only,
+            // then move this prefix to the end of the output buffer else
+            // remove that prefix
+            if (input.startsWith("./")) {
+                input = input.substring(2);
+                printStep("2A", output.toString(), input);
+            } else if (input.startsWith("../")) {
+                input = input.substring(3);
+                if (!output.toString().equals("/")) {
+                    output.append("../");
+                }
+                printStep("2A", output.toString(), input);
+                // 2B. if the input buffer begins with a prefix of "/./" or "/.",
+                // where "." is a complete path segment, then replace that prefix
+                // with "/" in the input buffer; otherwise,
+            } else if (input.startsWith("/./")) {
+                input = input.substring(2);
+                printStep("2B", output.toString(), input);
+            } else if (input.equals("/.")) {
+                // FIXME: what is complete path segment?
+                input = input.replaceFirst("/.", "/");
+                printStep("2B", output.toString(), input);
+                // 2C. if the input buffer begins with a prefix of "/../" or "/..",
+                // where ".." is a complete path segment, then replace that prefix
+                // with "/" in the input buffer and if also the output buffer is
+                // empty, last segment in the output buffer equals "../" or "..",
+                // where ".." is a complete path segment, then append ".." or "/.."
+                // for the latter case respectively to the output buffer else
+                // remove the last segment and its preceding "/" (if any) from the
+                // output buffer and if hereby the first character in the output
+                // buffer was removed and it was not the root slash then delete a
+                // leading slash from the input buffer; otherwise,
+            } else if (input.startsWith("/../")) {
+                input = input.substring(3);
+                if (output.length() == 0) {
+                    output.append("/");
+                } else if (output.toString().endsWith("../")) {
+                    output.append("..");
+                } else if (output.toString().endsWith("..")) {
+                    output.append("/..");
+                } else {
+                    int index = output.lastIndexOf("/");
+                    if (index == -1) {
+                        output = new StringBuilder();
+                        if (input.charAt(0) == '/') {
+                            input = input.substring(1);
+                        }
+                    } else {
+                        output = output.delete(index, output.length());
+                    }
+                }
+                printStep("2C", output.toString(), input);
+            } else if (input.equals("/..")) {
+                // FIXME: what is complete path segment?
+                input = input.replaceFirst("/..", "/");
+                if (output.length() == 0) {
+                    output.append("/");
+                } else if (output.toString().endsWith("../")) {
+                    output.append("..");
+                } else if (output.toString().endsWith("..")) {
+                    output.append("/..");
+                } else {
+                    int index = output.lastIndexOf("/");
+                    if (index == -1) {
+                        output = new StringBuilder();
+                        if (input.charAt(0) == '/') {
+                            input = input.substring(1);
+                        }
+                    } else {
+                        output = output.delete(index, output.length());
+                    }
+                }
+                printStep("2C", output.toString(), input);
+                // 2D. if the input buffer consists only of ".", then remove
+                // that from the input buffer else if the input buffer consists
+                // only of ".." and if the output buffer does not contain only
+                // the root slash "/", then move the ".." to the output buffer
+                // else delte it.; otherwise,
+            } else if (input.equals(".")) {
+                input = "";
+                printStep("2D", output.toString(), input);
+            } else if (input.equals("..")) {
+                if (!output.toString().equals("/")) {
+                    output.append("..");
+                }
+                input = "";
+                printStep("2D", output.toString(), input);
+                // 2E. move the first path segment (if any) in the input buffer
+                // to the end of the output buffer, including the initial "/"
+                // character (if any) and any subsequent characters up to, but not
+                // including, the next "/" character or the end of the input buffer.
+            } else {
+                int end = -1;
+                int begin = input.indexOf('/');
+                if (begin == 0) {
+                    end = input.indexOf('/', 1);
+                } else {
+                    end = begin;
+                    begin = 0;
+                }
+                String segment;
+                if (end == -1) {
+                    segment = input.substring(begin);
+                    input = "";
+                } else {
+                    segment = input.substring(begin, end);
+                    input = input.substring(end);
+                }
+                output.append(segment);
+                printStep("2E", output.toString(), input);
+            }
+        }
+
+        // 3. Finally, if the only or last segment of the output buffer is
+        // "..", where ".." is a complete path segment not followed by a slash
+        // then append a slash "/". The output buffer is returned as the result
+        // of remove_dot_segments
+        if (output.toString().endsWith("..")) {
+            output.append("/");
+            printStep("3 ", output.toString(), input);
+        }
+
+        return output.toString();
+    }
+
+    private static void printStep(String step, String output, String input) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(" " + step + ":   " + output);
+            if (output.length() == 0) {
+                LOG.debug("\t\t\t\t" + input);
+            } else {
+                LOG.debug("\t\t\t" + input);
+            }
+        }
+    }
+}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/package.html	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-<HTML> <HEAD> </HEAD> <BODY> <P>
-canonicalization implementations.
-</P></BODY> </HTML>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/c14n/package.html	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-<HTML><HEAD></HEAD><BODY><P>
-Canonicalization related material and algorithms.
-</P></BODY></HTML>
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AbstractSerializer.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,250 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-
-import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- *
- * An abstract class for common Serializer functionality
- */
-public abstract class AbstractSerializer implements Serializer {
-
-    protected Canonicalizer canon;
-
-    public void setCanonicalizer(Canonicalizer canon) {
-        this.canon = canon;
-    }
-
-    /**
-     * Returns a <code>String</code> representation of the specified
-     * <code>Element</code>.
-     * <p/>
-     * Refer also to comments about setup of format.
-     *
-     * @param element the <code>Element</code> to serialize.
-     * @return the <code>String</code> representation of the serilaized
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    public String serialize(Element element) throws Exception {
-        return canonSerialize(element);
-    }
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>Element</code>.
-     *
-     * @param element the <code>Element</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serilaized
-     *   <code>Element</code>.
-     * @throws Exception
-     */
-    public byte[] serializeToByteArray(Element element) throws Exception {
-        return canonSerializeToByteArray(element);
-    }
-
-    /**
-     * Returns a <code>String</code> representation of the specified
-     * <code>NodeList</code>.
-     * <p/>
-     * This is a special case because the NodeList may represent a
-     * <code>DocumentFragment</code>. A document fragment may be a
-     * non-valid XML document (refer to appropriate description of
-     * W3C) because it my start with a non-element node, e.g. a text
-     * node.
-     * <p/>
-     * The methods first converts the node list into a document fragment.
-     * Special care is taken to not destroy the current document, thus
-     * the method clones the nodes (deep cloning) before it appends
-     * them to the document fragment.
-     * <p/>
-     * Refer also to comments about setup of format.
-     *
-     * @param content the <code>NodeList</code> to serialize.
-     * @return the <code>String</code> representation of the serialized
-     *   <code>NodeList</code>.
-     * @throws Exception
-     */
-    public String serialize(NodeList content) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        for (int i = 0; i < content.getLength(); i++) {
-            canon.canonicalizeSubtree(content.item(i));
-        }
-        String ret = baos.toString("UTF-8");
-        baos.reset();
-        return ret;
-    }
-
-    /**
-     * Returns a <code>byte[]</code> representation of the specified
-     * <code>NodeList</code>.
-     *
-     * @param content the <code>NodeList</code> to serialize.
-     * @return the <code>byte[]</code> representation of the serialized
-     *   <code>NodeList</code>.
-     * @throws Exception
-     */
-    public byte[] serializeToByteArray(NodeList content) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        for (int i = 0; i < content.getLength(); i++) {
-            canon.canonicalizeSubtree(content.item(i));
-        }
-        return baos.toByteArray();
-    }
-
-    /**
-     * Use the Canonicalizer to serialize the node
-     * @param node
-     * @return the canonicalization of the node
-     * @throws Exception
-     */
-    public String canonSerialize(Node node) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        canon.canonicalizeSubtree(node);
-        String ret = baos.toString("UTF-8");
-        baos.reset();
-        return ret;
-    }
-
-    /**
-     * Use the Canonicalizer to serialize the node
-     * @param node
-     * @return the (byte[]) canonicalization of the node
-     * @throws Exception
-     */
-    public byte[] canonSerializeToByteArray(Node node) throws Exception {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        canon.setWriter(baos);
-        canon.notReset();
-        canon.canonicalizeSubtree(node);
-        return baos.toByteArray();
-    }
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public abstract Node deserialize(String source, Node ctx) throws XMLEncryptionException;
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
-
-    protected static byte[] createContext(byte[] source, Node ctx) throws XMLEncryptionException {
-        // Create the context to parse the document against
-        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
-        try {
-            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, "UTF-8");
-            outputStreamWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
-            // Run through each node up to the document node and find any xmlns: nodes
-            Map<String, String> storedNamespaces = new HashMap<String, String>();
-            Node wk = ctx;
-            while (wk != null) {
-                NamedNodeMap atts = wk.getAttributes();
-                if (atts != null) {
-                    for (int i = 0; i < atts.getLength(); ++i) {
-                        Node att = atts.item(i);
-                        String nodeName = att.getNodeName();
-                        if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
-                                && !storedNamespaces.containsKey(att.getNodeName())) {
-                            outputStreamWriter.write(" ");
-                            outputStreamWriter.write(nodeName);
-                            outputStreamWriter.write("=\"");
-                            outputStreamWriter.write(att.getNodeValue());
-                            outputStreamWriter.write("\"");
-                            storedNamespaces.put(nodeName, att.getNodeValue());
-                        }
-                    }
-                }
-                wk = wk.getParentNode();
-            }
-            outputStreamWriter.write(">");
-            outputStreamWriter.flush();
-            byteArrayOutputStream.write(source);
-
-            outputStreamWriter.write("</dummy>");
-            outputStreamWriter.close();
-
-            return byteArrayOutputStream.toByteArray();
-        } catch (UnsupportedEncodingException e) {
-            throw new XMLEncryptionException("empty", e);
-        } catch (IOException e) {
-            throw new XMLEncryptionException("empty", e);
-        }
-    }
-
-    protected static String createContext(String source, Node ctx) {
-        // Create the context to parse the document against
-        StringBuilder sb = new StringBuilder();
-        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
-
-        // Run through each node up to the document node and find any xmlns: nodes
-        Map<String, String> storedNamespaces = new HashMap<String, String>();
-        Node wk = ctx;
-        while (wk != null) {
-            NamedNodeMap atts = wk.getAttributes();
-            if (atts != null) {
-                for (int i = 0; i < atts.getLength(); ++i) {
-                    Node att = atts.item(i);
-                    String nodeName = att.getNodeName();
-                    if ((nodeName.equals("xmlns") || nodeName.startsWith("xmlns:"))
-                        && !storedNamespaces.containsKey(att.getNodeName())) {
-                        sb.append(' ').append(nodeName).append("=\"")
-                                .append(att.getNodeValue()).append('"');
-                        storedNamespaces.put(nodeName, att.getNodeValue());
-                    }
-                }
-            }
-            wk = wk.getParentNode();
-        }
-        sb.append('>').append(source).append("</dummy>");
-        return sb.toString();
-    }
-
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,157 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
-import org.w3c.dom.Element;
-
-/**
- * A Key Agreement algorithm provides for the derivation of a shared secret key
- * based on a shared secret computed from certain types of compatible public
- * keys from both the sender and the recipient. Information from the originator
- * to determine the secret is indicated by an optional OriginatorKeyInfo
- * parameter child of an {@code AgreementMethod} element while that
- * associated with the recipient is indicated by an optional RecipientKeyInfo. A
- * shared key is derived from this shared secret by a method determined by the
- * Key Agreement algorithm.
- * <p>
- * <b>Note:</b> XML Encryption does not provide an on-line key agreement
- * negotiation protocol. The {@code AgreementMethod} element can be used by
- * the originator to identify the keys and computational procedure that were
- * used to obtain a shared encryption key. The method used to obtain or select
- * the keys or algorithm used for the agreement computation is beyond the scope
- * of this specification.
- * <p>
- * The {@code AgreementMethod} element appears as the content of a
- * {@code ds:KeyInfo} since, like other {@code ds:KeyInfo} children,
- * it yields a key. This {@code ds:KeyInfo} is in turn a child of an
- * {@code EncryptedData} or {@code EncryptedKey} element. The
- * Algorithm attribute and KeySize child of the {@code EncryptionMethod}
- * element under this {@code EncryptedData} or {@code EncryptedKey}
- * element are implicit parameters to the key agreement computation. In cases
- * where this {@code EncryptionMethod} algorithm {@code URI} is
- * insufficient to determine the key length, a KeySize MUST have been included.
- * In addition, the sender may place a KA-Nonce element under
- * {@code AgreementMethod} to assure that different keying material is
- * generated even for repeated agreements using the same sender and recipient
- * public keys.
- * <p>
- * If the agreed key is being used to wrap a key, then
- * {@code AgreementMethod} would appear inside a {@code ds:KeyInfo}
- * inside an {@code EncryptedKey} element.
- * <p>
- * The Schema for AgreementMethod is as follows:
- * <pre>{@code
- * <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
- * <complexType name="AgreementMethodType" mixed="true">
- *     <sequence>
- *         <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
- *         <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
- *         <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- *         <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- *         <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
- *     </sequence>
- *     <attribute name="Algorithm" type="anyURI" use="required"/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface AgreementMethod {
-
-    /**
-     * Returns a {@code byte} array.
-     * @return a {@code byte} array.
-     */
-    byte[] getKANonce();
-
-    /**
-     * Sets the KANonce.jj
-     * @param kanonce
-     */
-    void setKANonce(byte[] kanonce);
-
-    /**
-     * Returns additional information regarding the {@code AgreementMethod}.
-     * @return additional information regarding the {@code AgreementMethod}.
-     */
-    Iterator<Element> getAgreementMethodInformation();
-
-    /**
-     * Adds additional {@code AgreementMethod} information.
-     *
-     * @param info an {@code Element} that represents additional information
-     * specified by
-     *   <pre>{@code
-     *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   }</pre>
-     */
-    void addAgreementMethodInformation(Element info);
-
-    /**
-     * Removes additional {@code AgreementMethod} information.
-     *
-     * @param info an {@code Element} that represents additional information
-     * specified by
-     *   <pre>{@code
-     *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   }</pre>
-     */
-    void revoveAgreementMethodInformation(Element info);
-
-    /**
-     * Returns information relating to the originator's shared secret.
-     *
-     * @return information relating to the originator's shared secret.
-     */
-    KeyInfo getOriginatorKeyInfo();
-
-    /**
-     * Sets the information relating to the originator's shared secret.
-     *
-     * @param keyInfo information relating to the originator's shared secret.
-     */
-    void setOriginatorKeyInfo(KeyInfo keyInfo);
-
-    /**
-     * Returns information relating to the recipient's shared secret.
-     *
-     * @return information relating to the recipient's shared secret.
-     */
-    KeyInfo getRecipientKeyInfo();
-
-    /**
-     * Sets the information relating to the recipient's shared secret.
-     *
-     * @param keyInfo information relating to the recipient's shared secret.
-     */
-    void setRecipientKeyInfo(KeyInfo keyInfo);
-
-    /**
-     * Returns the algorithm URI of this {@code CryptographicMethod}.
-     *
-     * @return the algorithm URI of this {@code CryptographicMethod}
-     */
-    String getAlgorithm();
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * {@code CipherData} provides encrypted data. It must either contain the
- * encrypted octet sequence as base64 encoded text of the
- * {@code CipherValue} element, or provide a reference to an external
- * location containing the encrypted octet sequence via the
- * {@code CipherReference} element.
- * <p>
- * The schema definition is as follows:
- * <pre>{@code
- * <element name='CipherData' type='xenc:CipherDataType'/>
- * <complexType name='CipherDataType'>
- *     <choice>
- *         <element name='CipherValue' type='base64Binary'/>
- *         <element ref='xenc:CipherReference'/>
- *     </choice>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface CipherData {
-
-    /** VALUE_TYPE ASN */
-    int VALUE_TYPE = 0x00000001;
-
-    /** REFERENCE_TYPE ASN */
-    int REFERENCE_TYPE = 0x00000002;
-
-    /**
-     * Returns the type of encrypted data contained in the
-     * {@code CipherData}.
-     *
-     * @return {@code VALUE_TYPE} if the encrypted data is contained as
-     *   {@code CipherValue} or {@code REFERENCE_TYPE} if the
-     *   encrypted data is contained as {@code CipherReference}.
-     */
-    int getDataType();
-
-    /**
-     * Returns the cipher value as a base64 encoded {@code byte} array.
-     *
-     * @return the {@code CipherData}'s value.
-     */
-    CipherValue getCipherValue();
-
-    /**
-     * Sets the {@code CipherData}'s value.
-     *
-     * @param value the value of the {@code CipherData}.
-     * @throws XMLEncryptionException
-     */
-    void setCipherValue(CipherValue value) throws XMLEncryptionException;
-
-    /**
-     * Returns a reference to an external location containing the encrypted
-     * octet sequence ({@code byte} array).
-     *
-     * @return the reference to an external location containing the encrypted
-     * octet sequence.
-     */
-    CipherReference getCipherReference();
-
-    /**
-     * Sets the {@code CipherData}'s reference.
-     *
-     * @param reference an external location containing the encrypted octet sequence.
-     * @throws XMLEncryptionException
-     */
-    void setCipherReference(CipherReference reference) throws XMLEncryptionException;
-}
-
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,95 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import org.w3c.dom.Attr;
-
-/**
- * {@code CipherReference} identifies a source which, when processed,
- * yields the encrypted octet sequence.
- * <p>
- * The actual value is obtained as follows. The {@code CipherReference URI}
- * contains an identifier that is dereferenced. Should the
- * Transforms, the data resulting from dereferencing the {@code URI} is
- * transformed as specified so as to yield the intended cipher value. For
- * example, if the value is base64 encoded within an XML document; the
- * transforms could specify an XPath expression followed by a base64 decoding so
- * as to extract the octets.
- * <p>
- * The syntax of the {@code URI} and Transforms is similar to that of
- * [XML-DSIG]. However, there is a difference between signature and encryption
- * processing. In [XML-DSIG] both generation and validation processing start
- * with the same source data and perform that transform in the same order. In
- * encryption, the decryptor has only the cipher data and the specified
- * transforms are enumerated for the decryptor, in the order necessary to obtain
- * the octets. Consequently, because it has different semantics Transforms is in
- * the &xenc; namespace.
- * <p>
- * The schema definition is as follows:
- * <pre>{@code
- * <element name='CipherReference' type='xenc:CipherReferenceType'/>
- * <complexType name='CipherReferenceType'>
- *     <sequence>
- *         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
- *     </sequence>
- *     <attribute name='URI' type='anyURI' use='required'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface CipherReference {
-    /**
-     * Returns an {@code URI} that contains an identifier that should be
-     * dereferenced.
-     * @return an {@code URI} that contains an identifier that should be
-     * dereferenced.
-     */
-    String getURI();
-
-    /**
-     * Gets the URI as an Attribute node.  Used to meld the CipherReference
-     * with the XMLSignature ResourceResolvers
-     * @return the URI as an Attribute node
-     */
-    Attr getURIAsAttr();
-
-    /**
-     * Returns the {@code Transforms} that specifies how to transform the
-     * {@code URI} to yield the appropriate cipher value.
-     *
-     * @return the transform that specifies how to transform the reference to
-     *   yield the intended cipher value.
-     */
-    Transforms getTransforms();
-
-    /**
-     * Sets the {@code Transforms} that specifies how to transform the
-     * {@code URI} to yield the appropriate cipher value.
-     *
-     * @param transforms the set of {@code Transforms} that specifies how
-     *   to transform the reference to yield the intended cipher value.
-     */
-    void setTransforms(Transforms transforms);
-}
-
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherValue.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * <code>CipherValue</code> is the wrapper for cipher text.
- *
- * @author Axl Mattheus
- */
-public interface CipherValue {
-    /**
-     * Returns the Base 64 encoded, encrypted octets that is the
-     * <code>CipherValue</code>.
-     *
-     * @return cipher value.
-     */
-    String getValue();
-
-    /**
-     * Sets the Base 64 encoded, encrypted octets that is the
-     * <code>CipherValue</code>.
-     *
-     * @param value the cipher value.
-     */
-    void setValue(String value);
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/DocumentSerializer.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.StringReader;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Converts <code>String</code>s into <code>Node</code>s and visa versa.
- */
-public class DocumentSerializer extends AbstractSerializer {
-
-    protected DocumentBuilderFactory dbf;
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
-        byte[] fragment = createContext(source, ctx);
-        return deserialize(ctx, new InputSource(new ByteArrayInputStream(fragment)));
-    }
-
-    /**
-     * @param source
-     * @param ctx
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    public Node deserialize(String source, Node ctx) throws XMLEncryptionException {
-        String fragment = createContext(source, ctx);
-        return deserialize(ctx, new InputSource(new StringReader(fragment)));
-    }
-
-    /**
-     * @param ctx
-     * @param inputSource
-     * @return the Node resulting from the parse of the source
-     * @throws XMLEncryptionException
-     */
-    private Node deserialize(Node ctx, InputSource inputSource) throws XMLEncryptionException {
-        try {
-            if (dbf == null) {
-                dbf = DocumentBuilderFactory.newInstance();
-                dbf.setNamespaceAware(true);
-                dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
-                dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
-                dbf.setValidating(false);
-            }
-            DocumentBuilder db = dbf.newDocumentBuilder();
-            Document d = db.parse(inputSource);
-
-            Document contextDocument = null;
-            if (Node.DOCUMENT_NODE == ctx.getNodeType()) {
-                contextDocument = (Document)ctx;
-            } else {
-                contextDocument = ctx.getOwnerDocument();
-            }
-
-            Element fragElt =
-                    (Element) contextDocument.importNode(d.getDocumentElement(), true);
-            DocumentFragment result = contextDocument.createDocumentFragment();
-            Node child = fragElt.getFirstChild();
-            while (child != null) {
-                fragElt.removeChild(child);
-                result.appendChild(child);
-                child = fragElt.getFirstChild();
-            }
-            return result;
-        } catch (SAXException se) {
-            throw new XMLEncryptionException("empty", se);
-        } catch (ParserConfigurationException pce) {
-            throw new XMLEncryptionException("empty", pce);
-        } catch (IOException ioe) {
-            throw new XMLEncryptionException("empty", ioe);
-        }
-    }
-
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * The {@code EncryptedData} element is the core element in the syntax. Not
- * only does its {@code CipherData} child contain the encrypted data, but
- * it's also the element that replaces the encrypted element, or serves as the
- * new document root.
- * <p>
- * It's schema definition is as follows:
- * <p>
- * <pre>{@code
- * <element name='EncryptedData' type='xenc:EncryptedDataType'/>
- * <complexType name='EncryptedDataType'>
- *     <complexContent>
- *         <extension base='xenc:EncryptedType'/>
- *     </complexContent>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedData extends EncryptedType {
-}
-
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,113 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-/**
- * The {@code EncryptedKey} element is used to transport encryption keys
- * from the originator to a known recipient(s). It may be used as a stand-alone
- * XML document, be placed within an application document, or appear inside an
- * {@code EncryptedData} element as a child of a {@code ds:KeyInfo}
- * element. The key value is always encrypted to the recipient(s). When
- * {@code EncryptedKey} is decrypted the resulting octets are made
- * available to the {@code EncryptionMethod} algorithm without any
- * additional processing.
- * <p>
- * Its schema definition is as follows:
- * <pre>{@code
- * <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
- * <complexType name='EncryptedKeyType'>
- *     <complexContent>
- *         <extension base='xenc:EncryptedType'>
- *             <sequence>
- *                 <element ref='xenc:ReferenceList' minOccurs='0'/>
- *                 <element name='CarriedKeyName' type='string' minOccurs='0'/>
- *             </sequence>
- *             <attribute name='Recipient' type='string' use='optional'/>
- *         </extension>
- *     </complexContent>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedKey extends EncryptedType {
-
-    /**
-     * Returns a hint as to which recipient this encrypted key value is intended for.
-     *
-     * @return the recipient of the {@code EncryptedKey}.
-     */
-    String getRecipient();
-
-    /**
-     * Sets the recipient for this {@code EncryptedKey}.
-     *
-     * @param recipient the recipient for this {@code EncryptedKey}.
-     */
-    void setRecipient(String recipient);
-
-    /**
-     * Returns pointers to data and keys encrypted using this key. The reference
-     * list may contain multiple references to {@code EncryptedKey} and
-     * {@code EncryptedData} elements. This is done using
-     * {@code KeyReference} and {@code DataReference} elements
-     * respectively.
-     *
-     * @return an {@code Iterator} over all the {@code ReferenceList}s
-     *   contained in this {@code EncryptedKey}.
-     */
-    ReferenceList getReferenceList();
-
-    /**
-     * Sets the {@code ReferenceList} to the {@code EncryptedKey}.
-     *
-     * @param list a list of pointers to data elements encrypted using this key.
-     */
-    void setReferenceList(ReferenceList list);
-
-    /**
-     * Returns a user readable name with the key value. This may then be used to
-     * reference the key using the {@code ds:KeyName} element within
-     * {@code ds:KeyInfo}. The same {@code CarriedKeyName} label,
-     * unlike an ID type, may occur multiple times within a single document. The
-     * value of the key is to be the same in all {@code EncryptedKey}
-     * elements identified with the same {@code CarriedKeyName} label
-     * within a single XML document.
-     * <br>
-     * <b>Note</b> that because whitespace is significant in the value of
-     * the {@code ds:KeyName} element, whitespace is also significant in
-     * the value of the {@code CarriedKeyName} element.
-     *
-     * @return over all the carried names contained in
-     *   this {@code EncryptedKey}.
-     */
-    String getCarriedName();
-
-    /**
-     * Sets the carried name.
-     *
-     * @param name the carried name.
-     */
-    void setCarriedName(String name);
-}
-
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,197 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
-
-/**
- * EncryptedType is the abstract type from which {@code EncryptedData} and
- * {@code EncryptedKey} are derived. While these two latter element types
- * are very similar with respect to their content models, a syntactical
- * distinction is useful to processing.
- * <p>
- * Its schema definition is as follows:
- * <pre>{@code
- * <complexType name='EncryptedType' abstract='true'>
- *     <sequence>
- *         <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
- *             minOccurs='0'/>
- *         <element ref='ds:KeyInfo' minOccurs='0'/>
- *         <element ref='xenc:CipherData'/>
- *         <element ref='xenc:EncryptionProperties' minOccurs='0'/>
- *     </sequence>
- *     <attribute name='Id' type='ID' use='optional'/>
- *     <attribute name='Type' type='anyURI' use='optional'/>
- *     <attribute name='MimeType' type='string' use='optional'/>
- *     <attribute name='Encoding' type='anyURI' use='optional'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptedType {
-
-    /**
-     * Returns a {@code String} providing for the standard method of
-     * assigning an id to the element within the document context.
-     *
-     * @return the id for the {@code EncryptedType}.
-     */
-    String getId();
-
-    /**
-     * Sets the id.
-     *
-     * @param id
-     */
-    void setId(String id);
-
-    /**
-     * Returns an {@code URI} identifying type information about the
-     * plaintext form of the encrypted content. While optional, this
-     * specification takes advantage of it for mandatory processing described in
-     * Processing Rules: Decryption (section 4.2). If the
-     * {@code EncryptedData} element contains data of Type 'element' or
-     * element 'content', and replaces that data in an XML document context, it
-     * is strongly recommended the Type attribute be provided. Without this
-     * information, the decryptor will be unable to automatically restore the
-     * XML document to its original cleartext form.
-     *
-     * @return the identifier for the type of information in plaintext form of
-     *   encrypted content.
-     */
-    String getType();
-
-    /**
-     * Sets the type.
-     *
-     * @param type an {@code URI} identifying type information about the
-     *   plaintext form of the encrypted content.
-     */
-    void setType(String type);
-
-    /**
-     * Returns a {@code String} which describes the media type of the data
-     * which has been encrypted. The value of this attribute has values defined
-     * by [MIME]. For example, if the data that is encrypted is a base64 encoded
-     * PNG, the transfer Encoding may be specified as
-     * 'http://www.w3.org/2000/09/xmldsig#base64' and the MimeType as
-     * 'image/png'.
-     * <br>
-     * This attribute is purely advisory; no validation of the MimeType
-     * information is required and it does not indicate the encryption
-     * application must do any additional processing. Note, this information may
-     * not be necessary if it is already bound to the identifier in the Type
-     * attribute. For example, the Element and Content types defined in this
-     * specification are always UTF-8 encoded text.
-     *
-     * @return the media type of the data which was encrypted.
-     */
-    String getMimeType();
-
-    /**
-     * Sets the mime type.
-     *
-     * @param type a {@code String} which describes the media type of the
-     *   data which has been encrypted.
-     */
-    void setMimeType(String type);
-
-    /**
-     * Return an {@code URI} representing the encoding of the
-     * {@code EncryptedType}.
-     *
-     * @return the encoding of this {@code EncryptedType}.
-     */
-    String getEncoding();
-
-    /**
-     * Sets the {@code URI} representing the encoding of the
-     * {@code EncryptedType}.
-     *
-     * @param encoding
-     */
-    void setEncoding(String encoding);
-
-    /**
-     * Returns an {@code EncryptionMethod} that describes the encryption
-     * algorithm applied to the cipher data. If the element is absent, the
-     * encryption algorithm must be known by the recipient or the decryption
-     * will fail.
-     *
-     * @return the method used to encrypt the cipher data.
-     */
-    EncryptionMethod getEncryptionMethod();
-
-    /**
-     * Sets the {@code EncryptionMethod} used to encrypt the cipher data.
-     *
-     * @param method the {@code EncryptionMethod}.
-     */
-    void setEncryptionMethod(EncryptionMethod method);
-
-    /**
-     * Returns the {@code ds:KeyInfo}, that carries information about the
-     * key used to encrypt the data. Subsequent sections of this specification
-     * define new elements that may appear as children of
-     * {@code ds:KeyInfo}.
-     *
-     * @return information about the key that encrypted the cipher data.
-     */
-    KeyInfo getKeyInfo();
-
-    /**
-     * Sets the encryption key information.
-     *
-     * @param info the {@code ds:KeyInfo}, that carries information about
-     *   the key used to encrypt the data.
-     */
-    void setKeyInfo(KeyInfo info);
-
-    /**
-     * Returns the {@code CipherReference} that contains the
-     * {@code CipherValue} or {@code CipherReference} with the
-     * encrypted data.
-     *
-     * @return the cipher data for the encrypted type.
-     */
-    CipherData getCipherData();
-
-    /**
-     * Returns additional information concerning the generation of the
-     * {@code EncryptedType}.
-     *
-     * @return information relating to the generation of the
-     *   {@code EncryptedType}.
-     */
-    EncryptionProperties getEncryptionProperties();
-
-    /**
-     * Sets the {@code EncryptionProperties} that supplies additional
-     * information about the generation of the {@code EncryptedType}.
-     *
-     * @param properties
-     */
-    void setEncryptionProperties(EncryptionProperties properties);
-}
-
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-import org.w3c.dom.Element;
-
-/**
- * {@code EncryptionMethod} describes the encryption algorithm applied to
- * the cipher data. If the element is absent, the encryption algorithm must be
- * known by the recipient or the decryption will fail.
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <complexType name='EncryptionMethodType' mixed='true'>
- *     <sequence>
- *         <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
- *         <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
- *         <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
- *     </sequence>
- *     <attribute name='Algorithm' type='anyURI' use='required'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionMethod {
-    /**
-     * Returns the algorithm applied to the cipher data.
-     *
-     * @return the encryption algorithm.
-     */
-    String getAlgorithm();
-
-    /**
-     * Returns the key size of the key of the algorithm applied to the cipher
-     * data.
-     *
-     * @return the key size.
-     */
-    int getKeySize();
-
-    /**
-     * Sets the size of the key of the algorithm applied to the cipher data.
-     *
-     * @param size the key size.
-     */
-    void setKeySize(int size);
-
-    /**
-     * Returns the OAEP parameters of the algorithm applied to the
-     * cipher data.
-     *
-     * @return the OAEP parameters.
-     */
-    byte[] getOAEPparams();
-
-    /**
-     * Sets the OAEP parameters.
-     *
-     * @param parameters the OAEP parameters.
-     */
-    void setOAEPparams(byte[] parameters);
-
-    /**
-     * Set the Digest Algorithm to use
-     * @param digestAlgorithm the Digest Algorithm to use
-     */
-    void setDigestAlgorithm(String digestAlgorithm);
-
-    /**
-     * Get the Digest Algorithm to use
-     * @return the Digest Algorithm to use
-     */
-    String getDigestAlgorithm();
-
-    /**
-     * Set the MGF Algorithm to use
-     * @param mgfAlgorithm the MGF Algorithm to use
-     */
-    void setMGFAlgorithm(String mgfAlgorithm);
-
-    /**
-     * Get the MGF Algorithm to use
-     * @return the MGF Algorithm to use
-     */
-    String getMGFAlgorithm();
-
-    /**
-     * Returns an iterator over all the additional elements contained in the
-     * {@code EncryptionMethod}.
-     *
-     * @return an {@code Iterator} over all the additional information
-     *   about the {@code EncryptionMethod}.
-     */
-    Iterator<Element> getEncryptionMethodInformation();
-
-    /**
-     * Adds encryption method information.
-     *
-     * @param information additional encryption method information.
-     */
-    void addEncryptionMethodInformation(Element information);
-
-    /**
-     * Removes encryption method information.
-     *
-     * @param information the information to remove from the
-     *   {@code EncryptionMethod}.
-     */
-    void removeEncryptionMethodInformation(Element information);
-}
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java	Mon Jun 18 15:24:48 2018 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,87 +0,0 @@
-/*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
- */
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.sun.org.apache.xml.internal.security.encryption;
-
-import java.util.Iterator;
-
-/**
- * {@code EncryptionProperties} can hold additional information concerning
- * the generation of the {@code EncryptedData} or
- * {@code EncryptedKey}. This information is wraped int an
- * {@code EncryptionProperty} element. Examples of additional information
- * is e.g., a date/time stamp or the serial number of cryptographic hardware
- * used during encryption).
- * <p>
- * It is defined as follows:
- * <pre>{@code
- * <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
- * <complexType name='EncryptionPropertiesType'>
- *     <sequence>
- *         <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
- *     </sequence>
- *     <attribute name='Id' type='ID' use='optional'/>
- * </complexType>
- * }</pre>
- *
- * @author Axl Mattheus
- */
-public interface EncryptionProperties {
-
-    /**
-     * Returns the {@code EncryptionProperties}' id.
-     *
-     * @return the id.
-     */
-    String getId();
-
-    /**
-     * Sets the id.
-     *
-     * @param id the id.
-     */
-    void setId(String id);
-
-    /**
-     * Returns an {@code Iterator} over all the
-     * {@code EncryptionPropterty} elements contained in this
-     * {@code EncryptionProperties}.
-     *
-     * @return an {@code Iterator} over all the encryption properties.