changeset 8480:105d6ed3d7bd

Merge from main OpenJDK repository
author Greg Lewis <glewis@eyesbeyond.com>
date Sat, 20 Aug 2016 11:59:31 -0700
parents db5cf905ff15 3d030fe77f74
children 1d945c8ecddf
files .hgtags make/com/sun/java/pack/Makefile make/common/Defs-linux.gmk make/common/Release.gmk make/java/security/Makefile make/sun/font/Makefile make/sun/rmi/rmi/Makefile make/sun/security/ec/Makefile make/sun/security/pkcs11/Makefile src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java src/share/classes/sun/security/pkcs/EncodingException.java src/share/classes/sun/security/pkcs/PKCS10.java src/share/classes/sun/security/pkcs/PKCS10Attribute.java src/share/classes/sun/security/pkcs/PKCS10Attributes.java src/share/classes/sun/security/tools/JarSigner.java src/share/classes/sun/security/tools/JarSignerResources.java src/share/classes/sun/security/tools/JarSignerResources_ja.java src/share/classes/sun/security/tools/JarSignerResources_zh_CN.java src/share/classes/sun/security/tools/KeyTool.java src/share/classes/sun/security/tools/TimestampedSigner.java src/share/classes/sun/security/util/BigInt.java src/share/classes/sun/security/util/PathList.java src/share/classes/sun/security/x509/CertAndKeyGen.java test/sun/security/tools/keytool/autotest.sh test/sun/security/tools/keytool/standard.sh test/sun/security/util/BigInt/BigIntEqualsHashCode.java
diffstat 447 files changed, 21857 insertions(+), 18258 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Sun May 01 21:26:40 2016 -0700
+++ b/.hgtags	Sat Aug 20 11:59:31 2016 -0700
@@ -594,3 +594,5 @@
 3a74fee9ba00da3bd3a22492e1b069430a82574d jdk7u95-b00
 0b89eea70cf4952b22dfe10ea8611ddb852d73d6 jdk7u99-b00
 bdcfc4d9ab9f52fbf37db876c08a1846765627c4 jdk7u101-b00
+a7267e8244b9418af15b1103b4d906e8c6a61bc0 jdk7u111-b00
+cc1ed9a351886645eb729144696e41d187564ec2 jdk7u111-b01
--- a/make/com/oracle/security/ucrypto/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/com/oracle/security/ucrypto/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -99,7 +99,6 @@
 
   JAVAC_MAX_WARNINGS=false
   JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
-  JAVAC_WARNINGS_FATAL=true
 
   #
   # C and Java Files
--- a/make/com/sun/crypto/provider/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/com/sun/crypto/provider/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -113,6 +113,8 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS = false
+JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/com/sun/java/pack/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/com/sun/java/pack/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -32,6 +32,7 @@
 LIBRARY = unpack
 PRODUCT = sun
 PGRM = unpack200
+JAVAC_MAX_WARNINGS=true
 include $(BUILDDIR)/common/Defs.gmk
 
 CPLUSPLUSLIBRARY=true
--- a/make/com/sun/security/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/com/sun/security/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
 #
 
 BUILDDIR = ../../..
+SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=false
+SUBDIRS_MAKEFLAGS += JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 SUBDIRS = auth
--- a/make/common/Defs-linux.gmk	Sun May 01 21:26:40 2016 -0700
+++ b/make/common/Defs-linux.gmk	Sat Aug 20 11:59:31 2016 -0700
@@ -36,7 +36,7 @@
 #   CFLAGS        (set $(OTHER_CFLAGS) instead)
 #   CPPFLAGS      (set $(OTHER_CPPFLAGS) instead)
 #   CXXFLAGS      (set $(OTHER_CXXFLAGS) instead)
-#   LDFLAGS       (set $(OTHER_LDFAGS) instead)
+#   LDFLAGS       (set $(OTHER_LDFLAGS) instead)
 #   LDLIBS        (set $(EXTRA_LIBS) instead)
 #   LDLIBS_COMMON (set $(EXTRA_LIBS) instead)
 
@@ -207,6 +207,12 @@
   CFLAGS_REQUIRED       =  $(CFLAGS_REQUIRED_$(ARCH))
   LDFLAGS_COMMON        += $(LDFLAGS_COMMON_$(ARCH))
 endif
+# GCC 6 has more aggressive dead-store elimination which causes the VM to crash
+# It also optimises away null pointer checks which are still needed.
+# We turn both of these optimisations off.
+ifeq ($(shell $(EXPR) $(CC_MAJORVER) \>= 6 ),1)
+ CFLAGS_REQUIRED += -fno-delete-null-pointer-checks -fno-lifetime-dse
+endif
 
 # If this is a --hash-style=gnu system, use --hash-style=both
 #   The gnu .hash section won't work on some Linux systems like SuSE 10.
@@ -273,7 +279,7 @@
 CFLAGS_DBG      = $(DEBUG_FLAG)
 CFLAGS_COMMON += $(CFLAGS_REQUIRED)
 
-CXXFLAGS_COMMON = $(GLOBAL_KPIC) -DCC_NOEX $(GCC_WARNINGS)
+CXXFLAGS_COMMON = -std=gnu++98 $(GLOBAL_KPIC) -DCC_NOEX $(GCC_WARNINGS)
 CXXFLAGS_OPT	= $(CC_OPT)
 CXXFLAGS_DBG	= $(DEBUG_FLAG)
 CXXFLAGS_COMMON += $(CFLAGS_REQUIRED)
--- a/make/common/Release.gmk	Sun May 01 21:26:40 2016 -0700
+++ b/make/common/Release.gmk	Sat Aug 20 11:59:31 2016 -0700
@@ -358,15 +358,15 @@
 	sun/tools/serialver	\
 	sun/tools/tree		\
 	sun/tools/util		\
-	sun/security/tools/JarBASE64Encoder.class \
-	sun/security/tools/JarSigner.class \
-	sun/security/tools/JarSignerParameters.class \
-	sun/security/tools/JarSignerResources.class \
-	sun/security/tools/JarSignerResources_ja.class \
-	sun/security/tools/JarSignerResources_zh_CN.class \
-	sun/security/tools/SignatureFile\$$Block.class \
-	sun/security/tools/SignatureFile.class \
-	sun/security/tools/TimestampedSigner.class \
+	sun/security/tools/jarsigner/JarBASE64Encoder.class \
+	sun/security/tools/jarsigner/Main.class \
+	sun/security/tools/jarsigner/JarSignerParameters.class \
+	sun/security/tools/jarsigner/Resources.class \
+	sun/security/tools/jarsigner/Resources_ja.class \
+	sun/security/tools/jarsigner/Resources_zh_CN.class \
+	sun/security/tools/jarsigner/SignatureFile\$$Block.class \
+	sun/security/tools/jarsigner/SignatureFile.class \
+	sun/security/tools/jarsigner/TimestampedSigner.class \
 	sun/rmi/rmic		\
 	sun/applet		\
 	sun/jvmstat		\
@@ -591,15 +591,15 @@
 	$(ECHO) "sun/tools/serialver/" >> $@
 	$(ECHO) "sun/tools/tree/" >> $@
 	$(ECHO) "sun/tools/util/" >> $@
-	$(ECHO) "sun/security/tools/JarBASE64Encoder.class" >> $@
-	$(ECHO) "sun/security/tools/JarSigner.class" >> $@
-	$(ECHO) "sun/security/tools/JarSignerParameters.class" >> $@
-	$(ECHO) "sun/security/tools/JarSignerResources.class" >> $@
-	$(ECHO) "sun/security/tools/JarSignerResources_ja.class" >> $@
-	$(ECHO) "sun/security/tools/JarSignerResources_zh_CN.class" >> $@
-	$(ECHO) "sun/security/tools/SignatureFile\$$Block.class" >> $@
-	$(ECHO) "sun/security/tools/SignatureFile.class" >> $@
-	$(ECHO) "sun/security/tools/TimestampedSigner.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/JarBASE64Encoder.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/Main.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/JarSignerParameters.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/Resources.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/Resources_ja.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/Resources_zh_CN.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/SignatureFile\$$Block.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/SignatureFile.class" >> $@
+	$(ECHO) "sun/security/tools/jarsigner/TimestampedSigner.class" >> $@
 	$(ECHO) "sun/security/provider/Sun.class" >> $@
 	$(ECHO) "sun/security/rsa/SunRsaSign.class" >> $@
 	$(ECHO) "sun/security/ssl/" >> $@
--- a/make/common/shared/Defs-java.gmk	Sun May 01 21:26:40 2016 -0700
+++ b/make/common/shared/Defs-java.gmk	Sat Aug 20 11:59:31 2016 -0700
@@ -121,12 +121,17 @@
   JAVACFLAGS += -g
 endif
 ifeq ($(JAVAC_MAX_WARNINGS), true)
-  JAVACFLAGS  += -Xlint:all
+  JAVAC_LINT_OPTIONS += -Xlint:all
 endif
 ifeq ($(JAVAC_WARNINGS_FATAL), true)
   JAVACFLAGS  += -Werror
 endif
 
+# TODO: Workaround for CR 7063027. Remove -path eventually.
+JAVAC_LINT_OPTIONS += -Xlint:-path
+
+JAVACFLAGS += $(JAVAC_LINT_OPTIONS)
+
 #
 # Some licensees do not get the Security Source bundles.  We will
 # fall back on the prebuilt jce.jar so that we can do a best
@@ -216,9 +221,7 @@
 # The javac options supplied to the boot javac is limited. This compiler
 #   should only be used to build the 'make/tools' sources, which are not
 #   class files that end up in the classes directory.
-ifeq ($(JAVAC_MAX_WARNINGS), true)
-  BOOT_JAVACFLAGS  += -Xlint:all
-endif
+BOOT_JAVACFLAGS += $(JAVAC_LINT_OPTIONS)
 ifeq ($(JAVAC_WARNINGS_FATAL), true)
   BOOT_JAVACFLAGS  += -Werror
 endif
--- a/make/java/security/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/java/security/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -26,6 +26,8 @@
 BUILDDIR = ../..
 PACKAGE = java.security
 PRODUCT = sun
+JAVAC_MAX_WARNINGS = false
+JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/javax/crypto/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/javax/crypto/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -128,6 +128,7 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS = true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/launchers/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/launchers/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -59,7 +59,7 @@
 $(call make-launcher, extcheck, com.sun.tools.extcheck.Main, , )
 $(call make-launcher, idlj, com.sun.tools.corba.se.idl.toJavaPortable.Compile, , )
 $(call make-launcher, jar, sun.tools.jar.Main, , )
-$(call make-launcher, jarsigner, sun.security.tools.JarSigner, , )
+$(call make-launcher, jarsigner, sun.security.tools.jarsigner.Main, , )
 $(call make-launcher, javac, com.sun.tools.javac.Main, , )
 $(call make-launcher, javadoc, com.sun.tools.javadoc.Main, , )
 $(call make-launcher, javah, com.sun.tools.javah.Main, , )
--- a/make/sun/font/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/font/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -94,13 +94,22 @@
 
 endif # PLATFORM
 
-# Turn off aliasing with GCC for ExtensionSubtables.cpp
-# Turn off strict overflow with GCC for IndicRearrangementProcessor.cpp
+# Turn off aliasing with GCC for ExtensionSubtables.cpp (and others on GCC < 4.3)
+# Turn off strict overflow with GCC for IndicRearrangementProcessor.cpp on GCC >= 4.3
+# Ensure signed integers wrap with GCC for IndicRearrangementProcessor.cpp on GCC < 4.3
 ifneq (,$(findstring $(PLATFORM), bsd linux))
   CXXFLAGS += $(CXXFLAGS_$(@F))
   CXXFLAGS_ExtensionSubtables.o = -fno-strict-aliasing
+ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0"
+  # GCC >= 4.3.  This flag is not known in gcc 4.1.2.
   CXXFLAGS_IndicRearrangementProcessor.o := -fno-strict-overflow
   CXXFLAGS_IndicRearrangementProcessor2.o := -fno-strict-overflow
+else
+  CXXFLAGS_ContextualGlyphSubstProc.o = -fno-strict-aliasing
+  CXXFLAGS_IndicRearrangementProcessor.o := -fwrapv -fno-strict-aliasing
+  CXXFLAGS_IndicRearrangementProcessor2.o := -fwrapv
+  CXXFLAGS_MorphTables2.o = -fno-strict-aliasing
+endif
 endif
 
 #In the non-OpenJDK mode we need to build T2K
--- a/make/sun/javazic/tzdata/VERSION	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/VERSION	Sat Aug 20 11:59:31 2016 -0700
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2016a
+tzdata2016d
--- a/make/sun/javazic/tzdata/asia	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/asia	Sat Aug 20 11:59:31 2016 -0700
@@ -102,13 +102,9 @@
 Rule E-EurAsia	1996	max	-	Oct	lastSun	 0:00	0	-
 Rule RussiaAsia	1981	1984	-	Apr	1	 0:00	1:00	S
 Rule RussiaAsia	1981	1983	-	Oct	1	 0:00	0	-
-Rule RussiaAsia	1984	1991	-	Sep	lastSun	 2:00s	0	-
-Rule RussiaAsia	1985	1991	-	Mar	lastSun	 2:00s	1:00	S
-Rule RussiaAsia	1992	only	-	Mar	lastSat	23:00	1:00	S
-Rule RussiaAsia	1992	only	-	Sep	lastSat	23:00	0	-
-Rule RussiaAsia	1993	max	-	Mar	lastSun	 2:00s	1:00	S
-Rule RussiaAsia	1993	1995	-	Sep	lastSun	 2:00s	0	-
-Rule RussiaAsia	1996	max	-	Oct	lastSun	 2:00s	0	-
+Rule RussiaAsia	1984	1995	-	Sep	lastSun	 2:00s	0	-
+Rule RussiaAsia	1985	2011	-	Mar	lastSun	 2:00s	1:00	S
+Rule RussiaAsia	1996	2011	-	Oct	lastSun	 2:00s	0	-
 
 # Afghanistan
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
@@ -148,17 +144,26 @@
 			3:00	1:00	YERST	1991 Sep 23 # independence
 			3:00 RussiaAsia	AM%sT	1995 Sep 24  2:00s
 			4:00	-	AMT	1997
-			4:00 RussiaAsia	AM%sT	2012 Mar 25  2:00s
+			4:00 RussiaAsia	AM%sT	2012 Feb  9
 			4:00	-	AMT
 
 # Azerbaijan
+
 # From Rustam Aliyev of the Azerbaijan Internet Forum (2005-10-23):
 # According to the resolution of Cabinet of Ministers, 1997
 # From Paul Eggert (2015-09-17): It was Resolution No. 21 (1997-03-17).
 # http://code.az/files/daylight_res.pdf
+
+# From Steffen Thorsen (2016-03-17):
+# ... the Azerbaijani Cabinet of Ministers has cancelled switching to
+# daylight saving time....
+# http://www.azernews.az/azerbaijan/94137.html
+# http://vestnikkavkaza.net/news/Azerbaijani-Cabinet-of-Ministers-cancels-daylight-saving-time.html
+# http://en.apa.az/xeber_azerbaijan_abolishes_daylight_savings_ti_240862.html
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
-Rule	Azer	1997	max	-	Mar	lastSun	 4:00	1:00	S
-Rule	Azer	1997	max	-	Oct	lastSun	 5:00	0	-
+Rule	Azer	1997	2015	-	Mar	lastSun	 4:00	1:00	S
+Rule	Azer	1997	2015	-	Oct	lastSun	 5:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Baku	3:19:24 -	LMT	1924 May  2
 			3:00	-	BAKT	1957 Mar    # Baku Time
@@ -1581,23 +1586,6 @@
 
 # Kazakhstan
 
-# From Paul Eggert (1996-11-22):
-# Andrew Evtichov (1996-04-13) writes that Kazakhstan
-# stayed in sync with Moscow after 1990, and that Aqtobe (formerly Aktyubinsk)
-# and Aqtau (formerly Shevchenko) are the largest cities in their zones.
-# Guess that Aqtau and Aqtobe diverged in 1995, since that's the first time
-# IATA SSIM mentions a third time zone in Kazakhstan.
-
-# From Paul Eggert (2006-03-22):
-# German Iofis, ELSI, Almaty (2001-10-09) reports that Kazakhstan uses
-# RussiaAsia rules, instead of switching at 00:00 as the IATA has it.
-# Go with Shanks & Pottenger, who have them always using RussiaAsia rules.
-# Also go with the following claims of Shanks & Pottenger:
-#
-# - Kazakhstan did not observe DST in 1991.
-# - Qyzylorda switched from +5:00 to +6:00 on 1992-01-19 02:00.
-# - Oral switched from +5:00 to +4:00 in spring 1989.
-
 # From Kazakhstan Embassy's News Bulletin No. 11
 # <http://www.kazsociety.org.uk/news/2005/03/30.htm> (2005-03-21):
 # The Government of Kazakhstan passed a resolution March 15 abolishing
@@ -1614,61 +1602,232 @@
 # everything else....  I guess that would make Kazakhstan time zones
 # de jure UTC+5 and UTC+6 respectively.
 
+# From Stepan Golosunov (2016-03-27) ([*] means see later comments below):
+# Review of the linked documents from http://adilet.zan.kz/
+# produced the following data for post-1991 Kazakhstan:
+#
+# 0. Act of the Cabinet of Ministers of the USSR
+# from 1991-02-04 No. 20
+# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102010545
+# removed the extra hour ("decree time") on the territory of the USSR
+# starting with the last Sunday of March 1991.
+# It also allowed (but not mandated) Kazakh SSR, Kirghiz SSR, Tajik SSR,
+# Turkmen SSR and Uzbek SSR to not have "summer" time.
+#
+# The 1992-01-13 act also refers to the act of the Cabinet of Ministers
+# of the Kazakh SSR from 1991-03-20 No. 170 "About the act of the Cabinet
+# of Ministers of the USSR from 1991-02-04 No. 20" but I didn't found its
+# text.
+#
+# According to Izvestia newspaper No. 68 (23334) from 1991-03-20
+# (page 6; available at http://libinfo.org/newsr/newsr2574.djvu via
+# http://libinfo.org/index.php?id=58564) on 1991-03-31 at 2:00 during
+# transition to "summer" time:
+# Republic of Georgia, Latvian SSR, Lithuanian SSR, SSR Moldova,
+# Estonian SSR; Komi ASSR; Kaliningrad oblast; Nenets autonomous okrug
+# were to move clocks 1 hour forward.
+# Kazakh SSR (excluding Uralsk oblast); Republic of Kyrgyzstan, Tajik
+# SSR; Andijan, Jizzakh, Namangan, Sirdarya, Tashkent, Fergana oblasts
+# of the Uzbek SSR were to move clocks 1 hour backwards.
+# Other territories were to not move clocks.
+# When the "summer" time would end on 1991-09-29, clocks were to be
+# moved 1 hour backwards on the territory of the USSR excluding
+# Kazakhstan, Kirghizia, Uzbekistan, Turkmenia, Tajikistan.
+#
+# Apparently there were last minute changes. Apparently Kazakh act No. 170
+# was one of such changes.
+#
+# https://ru.wikipedia.org/wiki/Декретное время
+# claims that Sovetskaya Rossiya newspaper on 1991-03-29 published that
+# Nenets autonomous okrug, Komi and Kazakhstan (excluding Uralsk oblast)
+# were to not move clocks and Uralsk oblast was to move clocks
+# forward; on 1991-09-29 Kazakhstan was to move clocks backwards.
+# (Probably there were changes even after that publication. There is an
+# article claiming that Kaliningrad oblast decided on 1991-03-29 to not
+# move clocks.)
+#
+# This implies that on 1991-03-31 Asia/Oral remained on +04/+05 while
+# the rest of Kazakhstan switched from +06/+07 to +05/06 or from +05/06
+# to +04/+05. It's unclear how Kzyl-Orda oblast moved into the fifth
+# time belt. (By switching from +04/+05 to +05/+06 on 1991-09-29?) ...
+#
+# 1. Act of the Cabinet of Ministers of the Republic of Kazakhstan
+# from 1992-01-13 No. 28
+# http://adilet.zan.kz/rus/docs/P920000028_
+# (text includes modification from the 1996 act)
+# introduced new rules for calculation of time, mirroring Russian
+# 1992-01-08 act.  It specified that time would be calculated
+# according to time belts plus extra hour ("decree time"), moved clocks
+# on the whole territory of Kazakhstan 1 hour forward on 1992-01-19 at
+# 2:00, specified DST rules.  It acknowledged that Kazakhstan was
+# located in the fourth and the fifth time belts and specified the
+# border between them to be located east of Kustanay and Aktyubinsk
+# oblasts (notably including Turgai and Kzyl-Orda oblasts into the fifth
+# time belt).
+#
+# This means switch on 1992-01-19 at 2:00 from +04/+05 to +05/+06 for
+# Asia/Aqtau, Asia/Aqtobe, Asia/Oral, Atyrau and Kustanay oblasts; from
+# +05/+06 to +06/+07 for Asia/Almaty and Asia/Qyzylorda (and Arkalyk) [*]....
+#
+# 2. Act of the Cabinet of Ministers of the Republic of Kazakhstan
+# from 1992-03-27 No. 284
+# http://adilet.zan.kz/rus/docs/P920000284_
+# cancels extra hour ("decree time") for Uralsk and Kzyl-Orda oblasts
+# since the last Sunday of March 1992, while keeping them in the fourth
+# and the fifth time belts respectively.
+#
+# 3. Order of the Prime Minister of the Republic of Kazakhstan
+# from 1994-09-23 No. 384
+# http://adilet.zan.kz/rus/docs/R940000384_
+# cancels the extra hour ("decree time") on the territory of Mangystau
+# oblast since the last Sunday of September 1994 (saying that time on
+# the territory would correspond to the third time belt as a
+# result)....
+#
+# 4. Act of the Government of the Republic of Kazakhstan
+# from 1996-05-08 No. 575
+# http://adilet.zan.kz/rus/docs/P960000575_
+# amends the 1992-01-13 act to end summer time in October instead
+# of September, mirroring identical Russian change from 1996-04-23 act.
+#
+# 5. Act of the Government of the Republic of Kazakhstan
+# from 1999-03-26 No. 305
+# http://adilet.zan.kz/rus/docs/P990000305_
+# cancels the extra hour ("decree time") for Atyrau oblast since the
+# last Sunday of March 1999 while retaining the oblast in the fourth
+# time belt.
+#
+# This means change from +05/+06 to +04/+05.
+#
+# There is no zone for Atyrau currently (listed under Asia/Aqtau in
+# zone1970.tab).[*]
+#
+# 6. Act of the Government of the Republic of Kazakhstan
+# from 2000-11-23 No. 1749
+# http://adilet.zan.kz/rus/archive/docs/P000001749_/23.11.2000
+# replaces the previous five documents.
+#
+# The only changes I noticed are in definition of the border between the
+# fourth and the fifth time belts.  They account for changes in spelling
+# and administrative division (splitting of Turgai oblast in 1997
+# probably changed time in territories incorporated into Kostanay oblast
+# (including Arkalyk) from +06/+07 to +05/+06) and move Kyzylorda oblast
+# from being in the fifth time belt and not using decree time into the
+# fourth time belt (no change in practice).[*]
+#
+# 7. Act of the Government of the Republic of Kazakhstan
+# from 2003-12-29 No. 1342
+# http://adilet.zan.kz/rus/docs/P030001342_
+# modified the 2000-11-23 act.  No relevant changes, apparently.
+#
+# 8. Act of the Government of the Republic of Kazakhstan
+# from 2004-07-20 No. 775
+# http://adilet.zan.kz/rus/archive/docs/P040000775_/20.07.2004
+# modified the 2000-11-23 act to move Kostanay and Kyzylorda oblasts into
+# the fifth time belt and add Aktobe oblast to the list of regions not
+# using extra hour ("decree time"), leaving Kazakhstan with only 2 time
+# zones (+04/+05 and +06/+07).  The changes were to be implemented
+# during DST transitions in 2004 and 2005 but the acts got radically
+# amended before implementation happened.
+#
+# 9. Act of the Government of the Republic of Kazakhstan
+# from 2004-09-15 No. 1059
+# http://adilet.zan.kz/rus/docs/P040001059_
+# modified the 2000-11-23 act to remove exceptions from the "decree time"
+# (leaving Kazakhstan in +05/+06 and +06/+07 zones), amended the
+# 2004-07-20 act to implement changes for Atyrau, West Kazakhstan,
+# Kostanay, Kyzylorda and Mangystau oblasts by not moving clocks
+# during the 2014 transition to "winter" time.
+#
+# This means transition from +04/+05 to +05/+06 for Atyrau oblast (no
+# zone currently), Asia/Oral, Asia/Aqtau and transition from +05/+06 to
+# +06/+07 for Kostanay oblast (Kostanay and Arkalyk, no zones currently)
+# and Asia/Qyzylorda on 2004-10-31 at 3:00....[*]
+#
+# 10. Act of the Government of the Republic of Kazakhstan
+# from 2005-03-15 No. 231
+# http://adilet.zan.kz/rus/docs/P050000231_
+# removes DST provisions from the 2000-11-23 act, removes most of the
+# (already implemented) provisions from the 2004-07-20 and 2004-09-15
+# acts, comes into effect 10 days after official publication.
+# The only practical effect seems to be the abolition of the summer
+# time.
+#
+# Unamended version of the act of the Government of the Russian Federation
+# No. 23 from 1992-01-08 [See 'europe' file for details].
+# Kazakh 1992-01-13 act appears to provide the same rules and 1992-03-27
+# act was to be enacted on the last Sunday of March 1992.
+
+# From Paul Eggert (2016-04-15):
+# The tables below should reflect Stepan Golosunov's remarks above,
+# except for the items marked "[*]" which I haven't gotten to yet.
+# It looks like we will need new zones Asia/Atyrau and Asia/Qostanay
+# to handle changes from 1992 through 2004 that we did not previously
+# know about.
+
 #
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 #
 # Almaty (formerly Alma-Ata), representing most locations in Kazakhstan
+# This includes KZ-AKM, KZ-ALA, KZ-ALM, KZ-AST, KZ-BAY, KZ-VOS, KZ-ZHA,
+# KZ-KAR, KZ-SEV, KZ-PAV, and KZ-YUZ.
 Zone	Asia/Almaty	5:07:48 -	LMT	1924 May  2 # or Alma-Ata
-			5:00	-	ALMT	1930 Jun 21 # Alma-Ata Time
-			6:00 RussiaAsia ALM%sT	1991
-			6:00	-	ALMT	1992
-			6:00 RussiaAsia	ALM%sT	2005 Mar 15
-			6:00	-	ALMT
-# Qyzylorda (aka Kyzylorda, Kizilorda, Kzyl-Orda, etc.)
+			5:00	-	+05	1930 Jun 21
+			6:00 RussiaAsia +06/+07	1991 Mar 31  2:00s
+			5:00 RussiaAsia	+05/+06	1992 Jan 19  2:00s
+			6:00 RussiaAsia	+06/+07	2004 Oct 31  2:00s
+			6:00	-	+06
+# Qyzylorda (aka Kyzylorda, Kizilorda, Kzyl-Orda, etc.) (KZ-KZY)
 Zone	Asia/Qyzylorda	4:21:52 -	LMT	1924 May  2
-			4:00	-	KIZT	1930 Jun 21 # Kizilorda Time
-			5:00	-	KIZT	1981 Apr  1
-			5:00	1:00	KIZST	1981 Oct  1
-			6:00	-	KIZT	1982 Apr  1
-			5:00 RussiaAsia	KIZ%sT	1991
-			5:00	-	KIZT	1991 Dec 16 # independence
-			5:00	-	QYZT	1992 Jan 19  2:00
-			6:00 RussiaAsia	QYZ%sT	2005 Mar 15
-			6:00	-	QYZT
-# Aqtobe (aka Aktobe, formerly Aktyubinsk)
+			4:00	-	+04	1930 Jun 21
+			5:00	-	+05	1981 Apr  1
+			5:00	1:00	+06	1981 Oct  1
+			6:00	-	+06	1982 Apr  1
+			5:00 RussiaAsia	+05/+06	1991 Mar 31  2:00s
+			4:00 RussiaAsia	+04/+05	1991 Sep 29  2:00s
+			5:00 RussiaAsia	+05/+06	1992 Jan 19  2:00s
+			6:00 RussiaAsia	+06/+07	1992 Mar 29  2:00s
+			5:00 RussiaAsia	+05/+06	2004 Oct 31  2:00s
+			6:00	-	+06
+# Aqtobe (aka Aktobe, formerly Aktyubinsk) (KZ-AKT)
 Zone	Asia/Aqtobe	3:48:40	-	LMT	1924 May  2
-			4:00	-	AKTT	1930 Jun 21 # Aktyubinsk Time
-			5:00	-	AKTT	1981 Apr  1
-			5:00	1:00	AKTST	1981 Oct  1
-			6:00	-	AKTT	1982 Apr  1
-			5:00 RussiaAsia	AKT%sT	1991
-			5:00	-	AKTT	1991 Dec 16 # independence
-			5:00 RussiaAsia	AQT%sT	2005 Mar 15 # Aqtobe Time
-			5:00	-	AQTT
-# Mangghystau
+			4:00	-	+04	1930 Jun 21
+			5:00	-	+05	1981 Apr  1
+			5:00	1:00	+06	1981 Oct  1
+			6:00	-	+06	1982 Apr  1
+			5:00 RussiaAsia	+05/+06	1991 Mar 31  2:00s
+			4:00 RussiaAsia	+04/+05	1992 Jan 19  2:00s
+			5:00 RussiaAsia	+05/+06	2004 Oct 31  2:00s
+			5:00	-	+05
+# Qostanay (KZ-KUS)
+
+# Mangghystau (KZ-MAN)
 # Aqtau was not founded until 1963, but it represents an inhabited region,
 # so include time stamps before 1963.
 Zone	Asia/Aqtau	3:21:04	-	LMT	1924 May  2
-			4:00	-	FORT	1930 Jun 21 # Fort Shevchenko T
-			5:00	-	FORT	1963
-			5:00	-	SHET	1981 Oct  1 # Shevchenko Time
-			6:00	-	SHET	1982 Apr  1
-			5:00 RussiaAsia	SHE%sT	1991
-			5:00	-	SHET	1991 Dec 16 # independence
-			5:00 RussiaAsia	AQT%sT	1995 Mar lastSun  2:00 # Aqtau Time
-			4:00 RussiaAsia	AQT%sT	2005 Mar 15
-			5:00	-	AQTT
-# West Kazakhstan
+			4:00	-	+04	1930 Jun 21
+			5:00	-	+05	1963
+			5:00	-	+05	1981 Oct  1
+			6:00	-	+06	1982 Apr  1
+			5:00 RussiaAsia	+05/+06	1991 Mar 31  2:00s
+			4:00 RussiaAsia	+04/+05	1992 Jan 19  2:00s
+			5:00 RussiaAsia	+05/+06	1994 Sep 25  2:00s
+			4:00 RussiaAsia	+04/+05	2004 Oct 31  2:00s
+			5:00	-	+05
+
+# West Kazakhstan (KZ-ZAP)
+# From Paul Eggert (2016-03-18):
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
 Zone	Asia/Oral	3:25:24	-	LMT	1924 May  2 # or Ural'sk
-			4:00	-	URAT	1930 Jun 21 # Ural'sk time
-			5:00	-	URAT	1981 Apr  1
-			5:00	1:00	URAST	1981 Oct  1
-			6:00	-	URAT	1982 Apr  1
-			5:00 RussiaAsia	URA%sT	1989 Mar 26  2:00
-			4:00 RussiaAsia	URA%sT	1991
-			4:00	-	URAT	1991 Dec 16 # independence
-			4:00 RussiaAsia	ORA%sT	2005 Mar 15 # Oral Time
-			5:00	-	ORAT
+			4:00	-	+04	1930 Jun 21
+			5:00	-	+05	1981 Apr  1
+			5:00	1:00	+06	1981 Oct  1
+			6:00	-	+06	1982 Apr  1
+			5:00 RussiaAsia	+05/+06	1989 Mar 26  2:00s
+			4:00 RussiaAsia	+04/+05	1992 Jan 19  2:00s
+			5:00 RussiaAsia	+05/+06	1992 Mar 29  2:00s
+			4:00 RussiaAsia	+04/+05	2004 Oct 31  2:00s
+			5:00	-	+05
 
 # Kyrgyzstan (Kirgizstan)
 # Transitions through 1991 are from Shanks & Pottenger.
@@ -2419,6 +2578,16 @@
 # http://www.timeanddate.com/time/change/gaza-strip/gaza
 # http://www.timeanddate.com/time/change/west-bank/hebron
 
+# From Hannah Kreitem (2016-03-09):
+# http://www.palestinecabinet.gov.ps/WebSite/ar/ViewDetails?ID=31728
+# [Google translation]: "The Council also decided to start daylight
+# saving in Palestine as of one o'clock on Saturday morning,
+# 2016-03-26, to provide the clock 60 minutes ahead."
+#
+# From Paul Eggert (2016-03-12):
+# Predict spring transitions on March's last Saturday at 01:00 from now on.
+# Leave fall predictions alone for now.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule EgyptAsia	1957	only	-	May	10	0:00	1:00	S
 Rule EgyptAsia	1957	1958	-	Oct	 1	0:00	0	-
@@ -2447,7 +2616,8 @@
 Rule Palestine	2012	only	-	Sep	21	1:00	0	-
 Rule Palestine	2013	only	-	Sep	Fri>=21	0:00	0	-
 Rule Palestine	2014	max	-	Oct	Fri>=21	0:00	0	-
-Rule Palestine	2015	max	-	Mar	lastFri	24:00	1:00	S
+Rule Palestine	2015	only	-	Mar	lastFri	24:00	1:00	S
+Rule Palestine	2016	max	-	Mar	lastSat	1:00	1:00	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
--- a/make/sun/javazic/tzdata/australasia	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/australasia	Sat Aug 20 11:59:31 2016 -0700
@@ -83,6 +83,14 @@
 # Hamilton is the largest, but there is also a Hamilton in Victoria,
 # so use Lindeman.
 #
+# From J William Piggott (2016-02-20):
+# There is no location named Holiday Islands in Queensland Australia; holiday
+# islands is a colloquial term used globally.  Hayman and Lindeman are at the
+# north and south extremes of the Whitsunday Islands archipelago, and
+# Hamilton is in between; it is reasonable to believe that this time zone
+# applies to all of the Whitsundays.
+# http://www.australia.gov.au/about-australia/australian-story/austn-islands
+#
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	AQ	1971	only	-	Oct	lastSun	2:00s	1:00	D
 Rule	AQ	1972	only	-	Feb	lastSun	2:00s	0	S
--- a/make/sun/javazic/tzdata/europe	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/europe	Sat Aug 20 11:59:31 2016 -0700
@@ -623,16 +623,40 @@
 Rule	Russia	1981	1983	-	Oct	 1	 0:00	0	-
 # Act No. 967 of the Council of Ministers of the USSR (1984-09-13), repeated in
 # Act No. 227 of the Council of Ministers of the USSR (1989-03-14):
-Rule	Russia	1984	1991	-	Sep	lastSun	 2:00s	0	-
-Rule	Russia	1985	1991	-	Mar	lastSun	 2:00s	1:00	S
+Rule	Russia	1984	1995	-	Sep	lastSun	 2:00s	0	-
+Rule	Russia	1985	2010	-	Mar	lastSun	 2:00s	1:00	S
 #
-Rule	Russia	1992	only	-	Mar	lastSat	 23:00	1:00	S
-Rule	Russia	1992	only	-	Sep	lastSat	 23:00	0	-
-Rule	Russia	1993	2010	-	Mar	lastSun	 2:00s	1:00	S
-Rule	Russia	1993	1995	-	Sep	lastSun	 2:00s	0	-
 Rule	Russia	1996	2010	-	Oct	lastSun	 2:00s	0	-
 # As described below, Russia's 2014 change affects Zone data, not Rule data.
 
+# From Stepan Golosunov (2016-03-07):
+# Wikipedia and other sources refer to the Act of the Council of
+# Ministers of the USSR from 1988-01-04 No. 5 and the Act of the
+# Council of Ministers of the USSR from 1989-03-14 No. 227.
+#
+# I did not find full texts of these acts.  For the 1989 one we have
+# title at http://base.garant.ru/70754136/ :
+# "About change in calculation of time on the territories of
+# Lithuanian SSR, Latvian SSR and Estonian SSR, Astrakhan,
+# Kaliningrad, Kirov, Kuybyshev, Ulyanovsk and Uralsk oblasts".
+# And http://astrozet.net/files/Zones/DOC/RU/1980-925.txt appears to
+# contain quotes from both acts: Since last Sunday of March 1988 rules
+# of the second time belt are installed in Volgograd and Saratov
+# oblasts.  Since last Sunday of March 1989:
+# a) Lithuanian SSR, Latvian SSR, Estonian SSR, Kaliningrad oblast:
+# second time belt rules without extra hour (Moscow-1);
+# b) Astrakhan, Kirov, Kuybyshev, Ulyanovsk oblasts: second time belt
+# rules (Moscow time)
+# c) Uralsk oblast: third time belt rules (Moscow+1).
+
+# From Stepan Golosunov (2016-03-27):
+# Unamended version of the act of the
+# Government of the Russian Federation No. 23 from 08.01.1992
+# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102014034&rdk=0
+# says that every year clocks were to be moved forward on last Sunday
+# of March at 2 hours and moved backwards on last Sunday of September
+# at 3 hours.  It was amended in 1996 to replace September with October.
+
 # From Alexander Krivenyshev (2011-06-14):
 # According to Kremlin press service, Russian President Dmitry Medvedev
 # signed a federal law "On calculation of time" on June 9, 2011.
@@ -1028,6 +1052,12 @@
 # startkart.no says Thule does not observe DST, but this is clearly an error,
 # so go with Shanks & Pottenger for Thule transitions until this year.
 # For 2007 on assume Thule will stay in sync with US DST rules.
+
+# From J William Piggott (2016-02-20):
+# "Greenland north of the community of Scoresbysund" is officially named
+# "National Park" by Executive Order:
+# http://naalakkersuisut.gl/~/media/Nanoq/Files/Attached%20Files/Engelske-tekster/Legislation/Executive%20Order%20National%20Park.rtf
+# It is their only National Park.
 #
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Thule	1991	1992	-	Mar	lastSun	2:00	1:00	D
@@ -1053,6 +1083,10 @@
 			-4:00	Thule	A%sT
 
 # Estonia
+#
+# From Paul Eggert (2016-03-18):
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+#
 # From Peter Ilieve (1994-10-15):
 # A relative in Tallinn confirms the accuracy of the data for 1989 onwards
 # [through 1994] and gives the legal authority for it,
@@ -1646,6 +1680,9 @@
 
 # Lithuania
 
+# From Paul Eggert (2016-03-18):
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+
 # From Paul Eggert (1996-11-22):
 # IATA SSIM (1992/1996) says Lithuania uses W-Eur rules, but since it is
 # known to be wrong about Estonia and Latvia, assume it's wrong here too.
@@ -1685,8 +1722,8 @@
 			1:00	-	CET	1940 Aug  3
 			3:00	-	MSK	1941 Jun 24
 			1:00	C-Eur	CE%sT	1944 Aug
-			3:00	Russia	MSK/MSD	1991 Mar 31  2:00s
-			2:00	1:00	EEST	1991 Sep 29  2:00s
+			3:00	Russia	MSK/MSD	1989 Mar 26  2:00s
+			2:00	Russia	EE%sT	1991 Sep 29  2:00s
 			2:00	C-Eur	EE%sT	1998
 			2:00	-	EET	1998 Mar 29  1:00u
 			1:00	EU	CE%sT	1999 Oct 31  1:00u
@@ -1751,6 +1788,16 @@
 
 # Moldova
 
+# From Stepan Golosunov (2016-03-07):
+# the act of the government of the Republic of Moldova Nr. 132 from 1990-05-04
+# http://lex.justice.md/viewdoc.php?action=view&view=doc&id=298782&lang=2
+# ... says that since 1990-05-06 on the territory of the Moldavian SSR
+# time would be calculated as the standard time of the second time belt
+# plus one hour of the "summer" time. To implement that clocks would be
+# adjusted one hour backwards at 1990-05-06 2:00. After that "summer"
+# time would be cancelled last Sunday of September at 3:00 and
+# reintroduced last Sunday of March at 2:00.
+
 # From Paul Eggert (2006-03-22):
 # A previous version of this database followed Shanks & Pottenger, who write
 # that Tiraspol switched to Moscow time on 1992-01-19 at 02:00.
@@ -1809,9 +1856,7 @@
 			2:00	Romania	EE%sT	1940 Aug 15
 			2:00	1:00	EEST	1941 Jul 17
 			1:00	C-Eur	CE%sT	1944 Aug 24
-			3:00	Russia	MSK/MSD	1990
-			3:00	-	MSK	1990 May 6
-			2:00	-	EET	1991
+			3:00	Russia	MSK/MSD	1990 May  6  2:00
 			2:00	Russia	EE%sT	1992
 			2:00	E-Eur	EE%sT	1997
 # See Romania commentary for the guessed 1997 transition to EU rules.
@@ -2289,16 +2334,32 @@
 # Europe/Kaliningrad covers...
 # 39	RU-KGD	Kaliningrad Oblast
 
+# From Paul Eggert (2016-03-18):
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+
+# From Stepan Golosunov (2016-03-07):
+# http://www.rgo.ru/ru/kaliningradskoe-oblastnoe-otdelenie/ob-otdelenii/publikacii/kak-nam-zhilos-bez-letnego-vremeni
+# confirms that the 1989 change to Moscow-1 was implemented.
+# (The article, though, is misattributed to 1990 while saying that
+# summer->winter transition would be done on the 24 of September. But
+# 1990-09-24 was Monday, while 1989-09-24 was Sunday as expected.)
+# ...
+# http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091
+# says that Kaliningrad switched to Moscow-1 on 1989-03-26, avoided
+# at the last moment switch to Moscow-1 on 1991-03-31, switched to
+# Moscow on 1991-11-03, switched to Moscow-1 on 1992-01-19.
+
 Zone Europe/Kaliningrad	 1:22:00 -	LMT	1893 Apr
 			 1:00	C-Eur	CE%sT	1945
 			 2:00	Poland	CE%sT	1946
-			 3:00	Russia	MSK/MSD	1991 Mar 31  2:00s
+			 3:00	Russia	MSK/MSD	1989 Mar 26  2:00s
 			 2:00	Russia	EE%sT	2011 Mar 27  2:00s
 			 3:00	-	FET	2014 Oct 26  2:00s
 			 2:00	-	EET
 
 
-# From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
+# From Paul Eggert (2016-02-21), per Tim Parenti (2014-07-03) and
+# Oscar van Vlijmen (2001-08-25):
 # Europe/Moscow covers...
 # 01	RU-AD	Adygea, Republic of
 # 05	RU-DA	Dagestan, Republic of
@@ -2341,12 +2402,92 @@
 # 68	RU-TAM	Tambov Oblast
 # 69	RU-TVE	Tver Oblast
 # 71	RU-TUL	Tula Oblast
-# 73	RU-ULY	Ulyanovsk Oblast
 # 76	RU-YAR	Yaroslavl Oblast
 # 77	RU-MOW	Moscow
 # 78	RU-SPE	Saint Petersburg
 # 83	RU-NEN	Nenets Autonomous Okrug
 
+# From Stepan Golosunov (2016-03-07):
+# 11. Regions-violators, 1981-1982.
+# Wikipedia refers to
+# http://maps.monetonos.ru/maps/raznoe/Old_Maps/Old_Maps/Articles/022/3_1981.html
+# http://besp.narod.ru/nauka_1981_3.htm
+#
+# The second link provides two articles scanned from the Nauka i Zhizn
+# magazine No. 3, 1981 and a scan of the short article attributed to
+# the Trud newspaper from February 1982.  The first link provides the
+# same Nauka i Zhizn articles converted to the text form (but misses
+# time belt changes map).
+#
+# The second Nauka i Zhizn article says that in addition to
+# introduction of summer time on 1981-04-01 there are some time belt
+# border changes on 1981-10-01, mostly affecting Nenets Autonomous
+# Okrug, Krasnoyarsk Krai, Yakutia, Magadan Oblast and Chukotka
+# according to the provided map (colored one).  In addition to that
+# "time violators" (regions which were not using rules of the time
+# belts in which they were located) would not be moving off the DST on
+# 1981-10-01 to restore the decree time usage.  (Komi ASSR was
+# supposed to repeat that move in October 1982 to account for the 2
+# hour difference.)  Map depicting "time violators" before 1981-10-01
+# is also provided.
+#
+# The article from Trud says that 1981-10-01 changes caused problems
+# and some territories would be moved to pre-1981-10-01 time by not
+# moving to summer time on 1982-04-01.  Namely: Dagestan,
+# Kabardino-Balkar, Kalmyk, Komi, Mari, Mordovian, North Ossetian,
+# Tatar, Chechen-Ingush and Chuvash ASSR, Krasnodar and Stavropol
+# krais, Arkhangelsk, Vladimir, Vologda, Voronezh, Gorky, Ivanovo,
+# Kostroma, Lipetsk, Penza, Rostov, Ryazan, Tambov, Tyumen and
+# Yaroslavl oblasts, Nenets and Evenk autonomous okrugs, Khatangsky
+# district of Taymyr Autonomous Okrug.  As a result Evenk Autonomous
+# Okrug and Khatangsky district of Taymyr Autonomous Okrug would end
+# up on Moscow+4, Tyumen Oblast on Moscow+2 and the rest on Moscow
+# time.
+#
+# http://astrozet.net/files/Zones/DOC/RU/1980-925.txt
+# attributes the 1982 changes to the Act of the Council of Ministers
+# of the USSR No. 126 from 18.02.1982.  1980-925.txt also adds
+# Udmurtia to the list of affected territories and lists Khatangsky
+# district separately from Taymyr Autonomous Okurg.  Probably erroneously.
+#
+# The affected territories are currently listed under Europe/Moscow,
+# Asia/Yekaterinburg and Asia/Krasnoyarsk.
+#
+# 12. Udmurtia
+# The fact that Udmurtia is depicted as a violator in the Nauka i
+# Zhizn article hints at Izhevsk being on different time from
+# Kuybyshev before 1981-10-01. Udmurtia is not mentioned in the 1989 act.
+# http://astrozet.net/files/Zones/DOC/RU/1980-925.txt
+# implies Udmurtia was on Moscow time after 1982-04-01.
+# Wikipedia implies Udmurtia being on Moscow+1 until 1991.
+#
+# ...
+#
+# All Russian zones are supposed to have by default a -1 change at
+# 1991-03-31 2:00 (cancellation of the decree time in the USSR) and a +1
+# change at 1992-01-19 2:00 (restoration of the decree time in Russia).
+#
+# There were some exceptions, though.
+# Wikipedia says newspapers listed Astrakhan, Saratov, Kirov, Volgograd,
+# Izhevsk, Grozny, Kazan and Samara as such exceptions for the 1992
+# change. (Different newspapers providing different lists. And some
+# lists found in the internet are quite wild.)
+#
+# And apparently some exceptions were reverted in the last moment.
+# http://www.kaliningradka.ru/site_pc/cherez/index.php?ELEMENT_ID=40091
+# says that Kaliningrad decided not to be an exception 2 days before the
+# 1991-03-31 switch and one person at
+# http://izhevsk.ru/forum_light_message/50/682597-m8369040.html
+# says he remembers that Samara opted out of the 1992-01-19 exception
+# 2 days before the switch.
+#
+#
+# From Paul Eggert (2016-03-18):
+# Given the above, we appear to be missing some Zone entries for the
+# chaotic early 1980s in Russia.  It's not clear what these entries
+# should be.  For now, sweep this under the rug and just document the
+# time in Moscow.
+
 # From Vladimir Karpinsky (2014-07-08):
 # LMT in Moscow (before Jul 3, 1916) is 2:30:17, that was defined by Moscow
 # Observatory (coordinates: 55 deg. 45'29.70", 37 deg. 34'05.30")....
@@ -2420,47 +2561,102 @@
 			 3:00	-	MSK
 
 
-# From Tim Parenti (2014-07-03):
-# Europe/Volgograd covers...
+# From Paul Eggert (2016-03-18):
+# Europe/Astrakhan covers:
 # 30	RU-AST	Astrakhan Oblast
+#
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+
+# From Alexander Krivenyshev (2016-01-12):
+# On February 10, 2016 Astrakhan Oblast got approval by the Federation
+# Council to change its time zone to UTC+4 (from current UTC+3 Moscow time)....
+# This Federal Law shall enter into force on 27 March 2016 at 02:00.
+# From Matt Johnson (2016-03-09):
+# http://publication.pravo.gov.ru/Document/View/0001201602150056
+
+Zone Europe/Astrakhan	 3:12:12 -	LMT	1924 May
+			 3:00	-	+03	1930 Jun 21
+			 4:00	Russia	+04/+05	1989 Mar 26  2:00s
+			 3:00	Russia	+03/+04	1991 Mar 31  2:00s
+			 4:00	-	+04	1992 Mar 29  2:00s
+			 3:00	Russia	+03/+04	2011 Mar 27  2:00s
+			 4:00	-	+04	2014 Oct 26  2:00s
+			 3:00	-	+03	2016 Mar 27  2:00s
+			 4:00	-	+04
+
+# From Paul Eggert (2016-03-18):
+# Europe/Volgograd covers:
 # 34	RU-VGG	Volgograd Oblast
-# 43	RU-KIR	Kirov Oblast
 # 64	RU-SAR	Saratov Oblast
-
-# From Paul Eggert (2006-05-09):
-# Shanks & Pottenger say Kirov is still at +0400 but Wikipedia says +0300.
-# Perhaps it switched after the others?  But we have no data.
+# The 1988 transition is from USSR act No. 5 (1988-01-04).
 
 Zone Europe/Volgograd	 2:57:40 -	LMT	1920 Jan  3
 			 3:00	-	TSAT	1925 Apr  6 # Tsaritsyn Time
 			 3:00	-	STAT	1930 Jun 21 # Stalingrad Time
 			 4:00	-	STAT	1961 Nov 11
-			 4:00	Russia	VOL%sT	1989 Mar 26  2:00s # Volgograd T
+			 4:00	Russia	VOL%sT	1988 Mar 27  2:00s # Volgograd T
 			 3:00	Russia	VOL%sT	1991 Mar 31  2:00s
 			 4:00	-	VOLT	1992 Mar 29  2:00s
 			 3:00	Russia	MSK/MSD	2011 Mar 27  2:00s
 			 4:00	-	MSK	2014 Oct 26  2:00s
 			 3:00	-	MSK
 
+# From Paul Eggert (2016-03-18):
+# Europe/Kirov covers:
+# 43	RU-KIR	Kirov Oblast
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+#
+Zone Europe/Kirov	 3:18:48 -	LMT	1919 Jul  1  2:00
+			 3:00	-	+03	1930 Jun 21
+			 4:00	Russia	+04/+05	1989 Mar 26  2:00s
+			 3:00	Russia	+03/+04	1991 Mar 31  2:00s
+			 4:00	-	+04	1992 Mar 29  2:00s
+			 3:00	Russia	+03/+04	2011 Mar 27  2:00s
+			 4:00	-	+04	2014 Oct 26  2:00s
+			 3:00	-	+03
 
 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
 # Europe/Samara covers...
 # 18	RU-UD	Udmurt Republic
 # 63	RU-SAM	Samara Oblast
 
+# From Paul Eggert (2016-03-18):
 # Byalokoz 1919 says Samara was 3:20:20.
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
 
 Zone Europe/Samara	 3:20:20 -	LMT	1919 Jul  1  2:00
-			 3:00	-	SAMT	1930 Jun 21
+			 3:00	-	SAMT	1930 Jun 21 # Samara Time
 			 4:00	-	SAMT	1935 Jan 27
 			 4:00	Russia	KUY%sT	1989 Mar 26  2:00s # Kuybyshev
 			 3:00	Russia	MSK/MSD	1991 Mar 31  2:00s
 			 2:00	Russia	EE%sT	1991 Sep 29  2:00s
-			 3:00	-	KUYT	1991 Oct 20  3:00
-			 4:00	Russia	SAM%sT	2010 Mar 28  2:00s # Samara Time
+			 3:00	-	SAMT	1991 Oct 20  3:00
+			 4:00	Russia	SAM%sT	2010 Mar 28  2:00s
 			 3:00	Russia	SAM%sT	2011 Mar 27  2:00s
 			 4:00	-	SAMT
 
+# From Paul Eggert (2016-03-18):
+# Europe/Ulyanovsk covers:
+# 73	RU-ULY	Ulyanovsk Oblast
+
+# The 1989 transition is from USSR act No. 227 (1989-03-14).
+
+# From Alexander Krivenyshev (2016-02-17):
+# Ulyanovsk ... on their way to change time zones by March 27, 2016 at 2am.
+# Ulyanovsk Oblast ... from MSK to MSK+1 (UTC+3 to UTC+4) ...
+# 920582-6 ... 02/17/2016 The State Duma passed the bill in the first reading.
+# From Matt Johnson (2016-03-09):
+# http://publication.pravo.gov.ru/Document/View/0001201603090051
+
+Zone Europe/Ulyanovsk	 3:13:36 -	LMT	1919 Jul  1  2:00
+			 3:00	-	+03	1930 Jun 21
+			 4:00	Russia	+04/+05	1989 Mar 26  2:00s
+			 3:00	Russia	+03/+04	1991 Mar 31  2:00s
+			 2:00	Russia	+02/+03	1992 Jan 19  2:00s
+			 3:00	Russia	+03/+04	2011 Mar 27  2:00s
+			 4:00	-	+04	2014 Oct 26  2:00s
+			 3:00	-	+03	2016 Mar 27  2:00s
+			 4:00	-	+04
 
 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
 # Asia/Yekaterinburg covers...
@@ -2494,8 +2690,6 @@
 
 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2001-08-25):
 # Asia/Omsk covers...
-# 04	RU-AL	Altai Republic
-# 22	RU-ALT	Altai Krai
 # 55	RU-OMS	Omsk Oblast
 
 # Byalokoz 1919 says Omsk was 4:53:30.
@@ -2508,14 +2702,49 @@
 			 7:00	-	OMST	2014 Oct 26  2:00s
 			 6:00	-	OMST
 
-
-# From Tim Parenti (2014-07-03):
-# Asia/Novosibirsk covers...
+# From Paul Eggert (2016-02-22):
+# Asia/Barnaul covers:
+# 04	RU-AL	Altai Republic
+# 22	RU-ALT	Altai Krai
+
+# Data before 1991 are from Shanks & Pottenger.
+
+# From Stepan Golosunov (2016-03-07):
+# Letter of Bank of Russia from 1995-05-25
+# http://www.bestpravo.ru/rossijskoje/lj-akty/y3a.htm
+# suggests that Altai Republic transitioned to Moscow+3 on
+# 1995-05-28.
+#
+# http://regnum.ru/news/society/1957270.html
+# has some historical data for Altai Krai:
+# before 1957: west part on UTC+6, east on UTC+7
+# after 1957: UTC+7
+# since 1995: UTC+6
+# http://barnaul.rusplt.ru/index/pochemu_altajskij_kraj_okazalsja_v_neprivychnom_chasovom_pojase-17648.html
+# confirms that and provides more details including 1995-05-28 transition date.
+
+# From Alexander Krivenyshev (2016-02-17):
+# Altai Krai and Altai Republic on their way to change time zones
+# by March 27, 2016 at 2am....
+# Altai Republic / Gorno-Altaysk MSK+3 to MSK+4 (UTC+6 to UTC+7) ...
+# Altai Krai / Barnaul MSK+3 to MSK+4 (UTC+6 to UTC+7)
+# From Matt Johnson (2016-03-09):
+# http://publication.pravo.gov.ru/Document/View/0001201603090043
+# http://publication.pravo.gov.ru/Document/View/0001201603090038
+
+Zone Asia/Barnaul	 5:35:00 -	LMT	1919 Dec 10
+			 6:00	-	+06	1930 Jun 21
+			 7:00	Russia	+07/+08	1991 Mar 31  2:00s
+			 6:00	Russia	+06/+07	1992 Jan 19  2:00s
+			 7:00	Russia	+07/+08	1995 May 28
+			 6:00	Russia	+06/+07	2011 Mar 27  2:00s
+			 7:00	-	+07	2014 Oct 26  2:00s
+			 6:00	-	+06	2016 Mar 27  2:00s
+			 7:00	-	+07
+
+# From Paul Eggert (2016-03-18):
+# Asia/Novosibirsk covers:
 # 54	RU-NVS	Novosibirsk Oblast
-# 70	RU-TOM	Tomsk Oblast
-
-# From Paul Eggert (2006-08-19): I'm guessing about Tomsk here; it's
-# not clear when it switched from +7 to +6.
 
 Zone Asia/Novosibirsk	 5:31:40 -	LMT	1919 Dec 14  6:00
 			 6:00	-	NOVT	1930 Jun 21 # Novosibirsk Time
@@ -2526,6 +2755,55 @@
 			 7:00	-	NOVT	2014 Oct 26  2:00s
 			 6:00	-	NOVT
 
+# From Paul Eggert (2016-03-18):
+# Asia/Tomsk covers:
+# 70	RU-TOM	Tomsk Oblast
+
+# From Stepan Golosunov (2016-03-24):
+# Byalokoz listed Tomsk at 5:39:51.
+
+# From Stanislaw A. Kuzikowski (1994-06-29):
+# Tomsk is still 4 hours ahead of Moscow.
+
+# From Stepan Golosunov (2016-03-19):
+# http://pravo.gov.ru/proxy/ips/?docbody=&nd=102075743
+# (fifth time belt being UTC+5+1(decree time)
+# / UTC+5+1(decree time)+1(summer time)) ...
+# Note that time belts (numbered from 2 (Moscow) to 12 according to their
+# GMT/UTC offset and having too many exceptions like regions formally
+# belonging to one belt but using time from another) were replaced
+# with time zones in 2011 with different numberings (there was a
+# 2-hour gap between second and third zones in 2011-2014).
+
+# From Stepan Golosunov (2016-04-12):
+# http://asozd2.duma.gov.ru/main.nsf/(SpravkaNew)?OpenAgent&RN=1006865-6
+# This bill was approved in the first reading today.  It moves Tomsk oblast
+# from UTC+6 to UTC+7 and is supposed to come into effect on 2016-05-29 at
+# 2:00.  The bill needs to be approved in the second and the third readings by
+# the State Duma, approved by the Federation Council, signed by the President
+# and published to become a law.  Minor changes in the text are to be expected
+# before the second reading (references need to be updated to account for the
+# recent changes).
+#
+# Judging by the ultra-short one-day amendments period, recent similar laws,
+# the State Duma schedule and the Federation Council schedule
+# http://www.duma.gov.ru/legislative/planning/day-shedule/por_vesna_2016/
+# http://council.gov.ru/activity/meetings/schedule/63303
+# I speculate that the final text of the bill will be proposed tomorrow, the
+# bill will be approved in the second and the third readings on Friday,
+# approved by the Federation Council on 2016-04-20, signed by the President and
+# published as a law around 2016-04-26.
+
+Zone	Asia/Tomsk	 5:39:51 -	LMT	1919 Dec 22
+			 6:00	-	+06	1930 Jun 21
+			 7:00	Russia	+07/+08	1991 Mar 31  2:00s
+			 6:00	Russia	+06/+07	1992 Jan 19  2:00s
+			 7:00	Russia	+07/+08	2002 May  1  3:00
+			 6:00	Russia	+06/+07	2011 Mar 27  2:00s
+			 7:00	-	+07	2014 Oct 26  2:00s
+			 6:00	-	+06	2016 May 29  2:00s
+			 7:00	-	+07
+
 
 # From Tim Parenti (2014-07-03):
 # Asia/Novokuznetsk covers...
@@ -2549,9 +2827,6 @@
 #
 # Thus, when Russia will switch to DST on the night of March 28, 2010
 # Kemerovo region (Kemerovo oblast') will not change the clock.
-#
-# As a result, Kemerovo oblast' will be in the same time zone as
-# Novosibirsk, Omsk, Tomsk, Barnaul and Altai Republic.
 
 # From Tim Parenti (2014-07-02), per Alexander Krivenyshev (2014-07-02):
 # The Kemerovo region will remain at UTC+7 through the 2014-10-26 change, thus
@@ -2620,7 +2895,7 @@
 # [The] time zone in the Trans-Baikal Territory (Zabaykalsky Krai) -
 # Asia/Chita [is changing] from UTC+8 to UTC+9.  Effective date will
 # be March 27, 2016 at 2:00am....
-# http://publication.pravo.gov.ru/Document/View/000120151230010
+# http://publication.pravo.gov.ru/Document/View/0001201512300107
 
 Zone Asia/Chita	 7:33:52 -	LMT	1919 Dec 15
 			 8:00	-	YAKT	1930 Jun 21 # Yakutsk Time
@@ -2731,6 +3006,11 @@
 # ...with the exception of:
 # 65-11	****	Severo-Kurilsky District (North Kuril Islands)
 
+# From Matt Johnson (2016-02-22):
+# Asia/Sakhalin is moving (in entirety) from UTC+10 to UTC+11 ...
+# (2016-03-09):
+# http://publication.pravo.gov.ru/Document/View/0001201603090044
+
 # The Zone name should be Asia/Yuzhno-Sakhalinsk, but that's too long.
 Zone Asia/Sakhalin	 9:30:48 -	LMT	1905 Aug 23
 			 9:00	-	JCST	1937 Oct  1
@@ -2740,7 +3020,8 @@
 			11:00	Russia	SAK%sT	1997 Mar lastSun  2:00s
 			10:00	Russia	SAK%sT	2011 Mar 27  2:00s
 			11:00	-	SAKT	2014 Oct 26  2:00s
-			10:00	-	SAKT
+			10:00	-	SAKT	2016 Mar 27  2:00s
+			11:00	-	SAKT
 
 
 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
@@ -2754,13 +3035,22 @@
 # until now by Asia/Magadan, will instead move to UTC+11.  These regions will
 # need their own zone.
 
+# From Alexander Krivenyshev (2016-03-27):
+# ... draft bill 948300-6 to change its time zone from UTC+10 to UTC+11 ...
+# will take ... effect ... on April 24, 2016 at 2 o'clock
+#
+# From Matt Johnson (2016-04-05):
+# ... signed by the President today ...
+# http://publication.pravo.gov.ru/Document/View/0001201604050038
+
 Zone Asia/Magadan	10:03:12 -	LMT	1924 May  2
 			10:00	-	MAGT	1930 Jun 21 # Magadan Time
 			11:00	Russia	MAG%sT	1991 Mar 31  2:00s
 			10:00	Russia	MAG%sT	1992 Jan 19  2:00s
 			11:00	Russia	MAG%sT	2011 Mar 27  2:00s
 			12:00	-	MAGT	2014 Oct 26  2:00s
-			10:00	-	MAGT
+			10:00	-	MAGT	2016 Apr 24  2:00s
+			11:00	-	MAGT
 
 
 # From Tim Parenti (2014-07-06):
--- a/make/sun/javazic/tzdata/iso3166.tab	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/iso3166.tab	Sat Aug 20 11:59:31 2016 -0700
@@ -75,7 +75,7 @@
 BM	Bermuda
 BN	Brunei
 BO	Bolivia
-BQ	Caribbean Netherlands
+BQ	Caribbean NL
 BR	Brazil
 BS	Bahamas
 BT	Bhutan
@@ -186,7 +186,7 @@
 MC	Monaco
 MD	Moldova
 ME	Montenegro
-MF	St Martin (French part)
+MF	St Martin (French)
 MG	Madagascar
 MH	Marshall Islands
 MK	Macedonia
@@ -256,7 +256,7 @@
 SS	South Sudan
 ST	Sao Tome & Principe
 SV	El Salvador
-SX	St Maarten (Dutch part)
+SX	St Maarten (Dutch)
 SY	Syria
 SZ	Swaziland
 TC	Turks & Caicos Is
--- a/make/sun/javazic/tzdata/leapseconds	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/leapseconds	Sat Aug 20 11:59:31 2016 -0700
@@ -29,6 +29,7 @@
 # leap-seconds.list file available from most NIST time servers.
 # If the URL <ftp://time.nist.gov/pub/leap-seconds.list> does not work,
 # you should be able to pick up leap-seconds.list from a secondary NIST server.
+# See <http://tf.nist.gov/tf-cgi/servers.cgi> for a list of secondary servers.
 # For more about leap-seconds.list, please see
 # The NTP Timescale and Leap Seconds
 # http://www.eecis.udel.edu/~mills/leap.html
@@ -79,5 +80,5 @@
 Leap	2012	Jun	30	23:59:60	+	S
 Leap	2015	Jun	30	23:59:60	+	S
 
-#	Updated through IERS Bulletin C50
-#	File expires on:  28 June 2016
+#	Updated through IERS Bulletin C51
+#	File expires on:  28 December 2016
--- a/make/sun/javazic/tzdata/northamerica	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/northamerica	Sat Aug 20 11:59:31 2016 -0700
@@ -2498,13 +2498,22 @@
 			-6:00	-	CST	1981 Dec 23
 			-5:00	-	EST	1982 Dec  2
 			-6:00	Mexico	C%sT
-# Coahuila, Durango, Nuevo León, Tamaulipas (near US border)
+# Coahuila, Nuevo León, Tamaulipas (near US border)
+# This includes the following municipalities:
+#   in Coahuila: Ocampo, Acuña, Zaragoza, Jiménez, Piedras Negras, Nava,
+#     Guerrero, Hidalgo.
+#   in Nuevo León: Anáhuac, Los Aldama.
+#   in Tamaulipas: Nuevo Laredo, Guerrero, Mier, Miguel Alemán, Camargo,
+#     Gustavo Díaz Ordaz, Reynosa, Río Bravo, Valle Hermoso, Matamoros.
+# See: Inicia mañana Horario de Verano en zona fronteriza, El Universal,
+# 2016-03-12
+# http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza
 Zone America/Matamoros	-6:40:00 -	LMT	1921 Dec 31 23:20:00
 			-6:00	-	CST	1988
 			-6:00	US	C%sT	1989
 			-6:00	Mexico	C%sT	2010
 			-6:00	US	C%sT
-# Coahuila, Durango, Nuevo León, Tamaulipas (away from US border)
+# Durango; Coahuila, Nuevo León, Tamaulipas (away from US border)
 Zone America/Monterrey	-6:41:16 -	LMT	1921 Dec 31 23:18:44
 			-6:00	-	CST	1988
 			-6:00	US	C%sT	1989
@@ -2520,6 +2529,9 @@
 			-6:00	-	CST	2002 Feb 20
 			-6:00	Mexico	C%sT
 # Chihuahua (near US border)
+# This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe,
+# Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides.
+# (See the 2016-03-12 El Universal source mentioned above.)
 Zone America/Ojinaga	-6:57:40 -	LMT	1922 Jan  1  0:02:20
 			-7:00	-	MST	1927 Jun 10 23:00
 			-6:00	-	CST	1930 Nov 15
@@ -2607,7 +2619,7 @@
 			-7:00	Mexico	M%sT	2010 Apr  4  2:00
 			-6:00	Mexico	C%sT
 
-# Baja California (near US border)
+# Baja California
 Zone America/Tijuana	-7:48:04 -	LMT	1922 Jan  1  0:11:56
 			-7:00	-	MST	1924
 			-8:00	-	PST	1927 Jun 10 23:00
@@ -3083,6 +3095,13 @@
 # http://radiovision2000haiti.net/public/haiti-avis-changement-dheure-dimanche/
 # http://www.canalplushaiti.net/?p=6714
 
+# From Steffen Thorsen (2016-03-12):
+# Jean Antoine, editor of www.haiti-reference.com informed us that Haiti
+# are not going on DST this year.  Several other resources confirm this: ...
+# http://www.radiotelevisioncaraibes.com/presse/heure_d_t_pas_de_changement_d_heure_pr_vu_pour_cet_ann_e.html
+# http://www.vantbefinfo.com/changement-dheure-pas-pour-haiti/
+# http://news.anmwe.com/haiti-lheure-nationale-ne-sera-ni-avancee-ni-reculee-cette-annee/
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Haiti	1983	only	-	May	8	0:00	1:00	D
 Rule	Haiti	1984	1987	-	Apr	lastSun	0:00	1:00	D
@@ -3093,8 +3112,8 @@
 Rule	Haiti	1988	1997	-	Oct	lastSun	1:00s	0	S
 Rule	Haiti	2005	2006	-	Apr	Sun>=1	0:00	1:00	D
 Rule	Haiti	2005	2006	-	Oct	lastSun	0:00	0	S
-Rule	Haiti	2012	max	-	Mar	Sun>=8	2:00	1:00	D
-Rule	Haiti	2012	max	-	Nov	Sun>=1	2:00	0	S
+Rule	Haiti	2012	2015	-	Mar	Sun>=8	2:00	1:00	D
+Rule	Haiti	2012	2015	-	Nov	Sun>=1	2:00	0	S
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone America/Port-au-Prince -4:49:20 -	LMT	1890
 			-4:49	-	PPMT	1917 Jan 24 12:00 # P-a-P MT
--- a/make/sun/javazic/tzdata/southamerica	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/southamerica	Sat Aug 20 11:59:31 2016 -0700
@@ -1244,6 +1244,20 @@
 # From Paul Eggert (2015-03-03):
 # For now, assume that the extension will persist indefinitely.
 
+# From Juan Correa (2016-03-18):
+# The decree regarding DST has been published in today's Official Gazette:
+# http://www.diariooficial.interior.gob.cl/versiones-anteriores/do/20160318/
+# http://www.leychile.cl/Navegar?idNorma=1088502
+# It does consider the second Saturday of May and August as the dates
+# for the transition; and it lists DST dates until 2019, but I think
+# this scheme will stick.
+#
+# From Paul Eggert (2016-03-18):
+# For now, assume the pattern holds for the indefinite future.
+# The decree says transitions occur at 24:00; in practice this appears
+# to mean 24:00 mainland time, not 24:00 local time, so that Easter
+# Island is always two hours behind the mainland.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Chile	1927	1931	-	Sep	 1	0:00	1:00	S
 Rule	Chile	1928	1932	-	Apr	 1	0:00	0	-
@@ -1275,8 +1289,10 @@
 Rule	Chile	2010	only	-	Apr	Sun>=1	3:00u	0	-
 Rule	Chile	2011	only	-	May	Sun>=2	3:00u	0	-
 Rule	Chile	2011	only	-	Aug	Sun>=16	4:00u	1:00	S
-Rule	Chile	2012	2015	-	Apr	Sun>=23	3:00u	0	-
+Rule	Chile	2012	2014	-	Apr	Sun>=23	3:00u	0	-
 Rule	Chile	2012	2014	-	Sep	Sun>=2	4:00u	1:00	S
+Rule	Chile	2016	max	-	May	Sun>=9	3:00u	0	-
+Rule	Chile	2016	max	-	Aug	Sun>=9	4:00u	1:00	S
 # IATA SSIM anomalies: (1992-02) says 1992-03-14;
 # (1996-09) says 1998-03-08.  Ignore these.
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
@@ -1293,13 +1309,11 @@
 			-4:00	1:00	CLST	1946 Sep  1 # central Chile
 			-4:00	-	CLT	1947 Apr  1
 			-5:00	-	CLT	1947 May 21 23:00
-			-4:00	Chile	CL%sT	2015 Apr 26  3:00u
-			-3:00	-	CLT
+			-4:00	Chile	CL%sT
 Zone Pacific/Easter	-7:17:28 -	LMT	1890
 			-7:17:28 -	EMT	1932 Sep    # Easter Mean Time
 			-7:00	Chile	EAS%sT	1982 Mar 14 3:00u # Easter Time
-			-6:00	Chile	EAS%sT	2015 Apr 26 3:00u
-			-5:00	-	EAST
+			-6:00	Chile	EAS%sT
 #
 # Salas y Gómez Island is uninhabited.
 # Other Chilean locations, including Juan Fernández Is, Desventuradas Is,
@@ -1321,8 +1335,7 @@
 Zone Antarctica/Palmer	0	-	zzz	1965
 			-4:00	Arg	AR%sT	1969 Oct  5
 			-3:00	Arg	AR%sT	1982 May
-			-4:00	Chile	CL%sT	2015 Apr 26 3:00u
-			-3:00	-	CLT
+			-4:00	Chile	CL%sT
 
 # Colombia
 
@@ -1765,9 +1778,25 @@
 # resolution publication)
 # http://www.globovision.com/news.php?nid=72208
 
+# From Alexander Krivenyshev (2016-04-15):
+# https://actualidad.rt.com/actualidad/204758-venezuela-modificar-huso-horario-sequia-elnino
+#
+# From Paul Eggert (2016-04-15):
+# Clocks advance 30 minutes on 2016-05-01 at 02:30. See:
+# Barboza AD. Huso horario en Venezuela volverá a 4 horas menos con
+# respecto al "Greenwich". Panorama 2016-04-15 12:20 -0430.
+# http://www.panorama.com.ve/ciudad/Huso-horario-en-Venezuela-volvera-a-4-horas-menos-con-respecto-al-Greenwich-20160415-0032.html
+#
+# "'Venezuela's new time-zone: hours without light, hours without water,
+# hours of presidential broadcasts, hours of lines," quipped comedian
+# Jean Mary Curro ...". See: Cawthorne A, Kai D. Venezuela scraps
+# half-hour time difference set by Chavez. Reuters 2016-04-15 14:50 -0400
+# http://www.reuters.com/article/us-venezuela-timezone-idUSKCN0XC2BE
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	America/Caracas	-4:27:44 -	LMT	1890
 			-4:27:40 -	CMT	1912 Feb 12 # Caracas Mean Time?
 			-4:30	-	VET	1965 Jan  1  0:00 # Venezuela T.
 			-4:00	-	VET	2007 Dec  9  3:00
-			-4:30	-	VET
+			-4:30	-	VET	2016 May  1  2:30
+			-4:00	-	VET
--- a/make/sun/javazic/tzdata/zone.tab	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/javazic/tzdata/zone.tab	Sat Aug 20 11:59:31 2016 -0700
@@ -53,22 +53,22 @@
 AL	+4120+01950	Europe/Tirane
 AM	+4011+04430	Asia/Yerevan
 AO	-0848+01314	Africa/Luanda
-AQ	-7750+16636	Antarctica/McMurdo	McMurdo, South Pole, Scott (New Zealand time)
-AQ	-6734-06808	Antarctica/Rothera	Rothera Station, Adelaide Island
-AQ	-6448-06406	Antarctica/Palmer	Palmer Station, Anvers Island
-AQ	-6736+06253	Antarctica/Mawson	Mawson Station, Holme Bay
-AQ	-6835+07758	Antarctica/Davis	Davis Station, Vestfold Hills
-AQ	-6617+11031	Antarctica/Casey	Casey Station, Bailey Peninsula
-AQ	-7824+10654	Antarctica/Vostok	Vostok Station, Lake Vostok
-AQ	-6640+14001	Antarctica/DumontDUrville	Dumont-d'Urville Station, Adelie Land
-AQ	-690022+0393524	Antarctica/Syowa	Syowa Station, E Ongul I
-AQ	-720041+0023206	Antarctica/Troll	Troll Station, Queen Maud Land
+AQ	-7750+16636	Antarctica/McMurdo	New Zealand time - McMurdo, South Pole
+AQ	-6617+11031	Antarctica/Casey	Casey
+AQ	-6835+07758	Antarctica/Davis	Davis
+AQ	-6640+14001	Antarctica/DumontDUrville	Dumont-d'Urville
+AQ	-6736+06253	Antarctica/Mawson	Mawson
+AQ	-6448-06406	Antarctica/Palmer	Palmer
+AQ	-6734-06808	Antarctica/Rothera	Rothera
+AQ	-690022+0393524	Antarctica/Syowa	Syowa
+AQ	-720041+0023206	Antarctica/Troll	Troll
+AQ	-7824+10654	Antarctica/Vostok	Vostok
 AR	-3436-05827	America/Argentina/Buenos_Aires	Buenos Aires (BA, CF)
-AR	-3124-06411	America/Argentina/Cordoba	most locations (CB, CC, CN, ER, FM, MN, SE, SF)
-AR	-2447-06525	America/Argentina/Salta	(SA, LP, NQ, RN)
+AR	-3124-06411	America/Argentina/Cordoba	Argentina (most areas: CB, CC, CN, ER, FM, MN, SE, SF)
+AR	-2447-06525	America/Argentina/Salta	Salta (SA, LP, NQ, RN)
 AR	-2411-06518	America/Argentina/Jujuy	Jujuy (JY)
 AR	-2649-06513	America/Argentina/Tucuman	Tucuman (TM)
-AR	-2828-06547	America/Argentina/Catamarca	Catamarca (CT), Chubut (CH)
+AR	-2828-06547	America/Argentina/Catamarca	Catamarca (CT); Chubut (CH)
 AR	-2926-06651	America/Argentina/La_Rioja	La Rioja (LR)
 AR	-3132-06831	America/Argentina/San_Juan	San Juan (SJ)
 AR	-3253-06849	America/Argentina/Mendoza	Mendoza (MZ)
@@ -79,17 +79,17 @@
 AT	+4813+01620	Europe/Vienna
 AU	-3133+15905	Australia/Lord_Howe	Lord Howe Island
 AU	-5430+15857	Antarctica/Macquarie	Macquarie Island
-AU	-4253+14719	Australia/Hobart	Tasmania - most locations
-AU	-3956+14352	Australia/Currie	Tasmania - King Island
+AU	-4253+14719	Australia/Hobart	Tasmania (most areas)
+AU	-3956+14352	Australia/Currie	Tasmania (King Island)
 AU	-3749+14458	Australia/Melbourne	Victoria
-AU	-3352+15113	Australia/Sydney	New South Wales - most locations
-AU	-3157+14127	Australia/Broken_Hill	New South Wales - Yancowinna
-AU	-2728+15302	Australia/Brisbane	Queensland - most locations
-AU	-2016+14900	Australia/Lindeman	Queensland - Holiday Islands
+AU	-3352+15113	Australia/Sydney	New South Wales (most areas)
+AU	-3157+14127	Australia/Broken_Hill	New South Wales (Yancowinna)
+AU	-2728+15302	Australia/Brisbane	Queensland (most areas)
+AU	-2016+14900	Australia/Lindeman	Queensland (Whitsunday Islands)
 AU	-3455+13835	Australia/Adelaide	South Australia
 AU	-1228+13050	Australia/Darwin	Northern Territory
-AU	-3157+11551	Australia/Perth	Western Australia - most locations
-AU	-3143+12852	Australia/Eucla	Western Australia - Eucla area
+AU	-3157+11551	Australia/Perth	Western Australia (most areas)
+AU	-3143+12852	Australia/Eucla	Western Australia (Eucla)
 AW	+1230-06958	America/Aruba
 AX	+6006+01957	Europe/Mariehamn
 AZ	+4023+04951	Asia/Baku
@@ -108,63 +108,63 @@
 BO	-1630-06809	America/La_Paz
 BQ	+120903-0681636	America/Kralendijk
 BR	-0351-03225	America/Noronha	Atlantic islands
-BR	-0127-04829	America/Belem	Amapa, E Para
-BR	-0343-03830	America/Fortaleza	NE Brazil (MA, PI, CE, RN, PB)
+BR	-0127-04829	America/Belem	Para (east); Amapa
+BR	-0343-03830	America/Fortaleza	Brazil (northeast: MA, PI, CE, RN, PB)
 BR	-0803-03454	America/Recife	Pernambuco
 BR	-0712-04812	America/Araguaina	Tocantins
 BR	-0940-03543	America/Maceio	Alagoas, Sergipe
 BR	-1259-03831	America/Bahia	Bahia
-BR	-2332-04637	America/Sao_Paulo	S & SE Brazil (GO, DF, MG, ES, RJ, SP, PR, SC, RS)
+BR	-2332-04637	America/Sao_Paulo	Brazil (southeast: GO, DF, MG, ES, RJ, SP, PR, SC, RS)
 BR	-2027-05437	America/Campo_Grande	Mato Grosso do Sul
 BR	-1535-05605	America/Cuiaba	Mato Grosso
-BR	-0226-05452	America/Santarem	W Para
+BR	-0226-05452	America/Santarem	Para (west)
 BR	-0846-06354	America/Porto_Velho	Rondonia
 BR	+0249-06040	America/Boa_Vista	Roraima
-BR	-0308-06001	America/Manaus	E Amazonas
-BR	-0640-06952	America/Eirunepe	W Amazonas
+BR	-0308-06001	America/Manaus	Amazonas (east)
+BR	-0640-06952	America/Eirunepe	Amazonas (west)
 BR	-0958-06748	America/Rio_Branco	Acre
 BS	+2505-07721	America/Nassau
 BT	+2728+08939	Asia/Thimphu
 BW	-2439+02555	Africa/Gaborone
 BY	+5354+02734	Europe/Minsk
 BZ	+1730-08812	America/Belize
-CA	+4734-05243	America/St_Johns	Newfoundland Time, including SE Labrador
-CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (peninsula), PEI
-CA	+4612-05957	America/Glace_Bay	Atlantic Time - Nova Scotia (Cape Breton)
-CA	+4606-06447	America/Moncton	Atlantic Time - New Brunswick
-CA	+5320-06025	America/Goose_Bay	Atlantic Time - Labrador - most locations
-CA	+5125-05707	America/Blanc-Sablon	Atlantic Standard Time - Quebec - Lower North Shore
-CA	+4339-07923	America/Toronto	Eastern Time - Ontario & Quebec - most locations
-CA	+4901-08816	America/Nipigon	Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973
-CA	+4823-08915	America/Thunder_Bay	Eastern Time - Thunder Bay, Ontario
-CA	+6344-06828	America/Iqaluit	Eastern Time - east Nunavut - most locations
-CA	+6608-06544	America/Pangnirtung	Eastern Time - Pangnirtung, Nunavut
-CA	+744144-0944945	America/Resolute	Central Time - Resolute, Nunavut
-CA	+484531-0913718	America/Atikokan	Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut
-CA	+624900-0920459	America/Rankin_Inlet	Central Time - central Nunavut
-CA	+4953-09709	America/Winnipeg	Central Time - Manitoba & west Ontario
-CA	+4843-09434	America/Rainy_River	Central Time - Rainy River & Fort Frances, Ontario
-CA	+5024-10439	America/Regina	Central Standard Time - Saskatchewan - most locations
-CA	+5017-10750	America/Swift_Current	Central Standard Time - Saskatchewan - midwest
-CA	+5333-11328	America/Edmonton	Mountain Time - Alberta, east British Columbia & west Saskatchewan
-CA	+690650-1050310	America/Cambridge_Bay	Mountain Time - west Nunavut
-CA	+6227-11421	America/Yellowknife	Mountain Time - central Northwest Territories
-CA	+682059-1334300	America/Inuvik	Mountain Time - west Northwest Territories
-CA	+4906-11631	America/Creston	Mountain Standard Time - Creston, British Columbia
-CA	+5946-12014	America/Dawson_Creek	Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia
-CA	+5848-12242	America/Fort_Nelson	Mountain Standard Time - Fort Nelson, British Columbia
-CA	+4916-12307	America/Vancouver	Pacific Time - west British Columbia
-CA	+6043-13503	America/Whitehorse	Pacific Time - south Yukon
-CA	+6404-13925	America/Dawson	Pacific Time - north Yukon
+CA	+4734-05243	America/St_Johns	Newfoundland; Labrador (southeast)
+CA	+4439-06336	America/Halifax	Atlantic - NS (most areas); PE
+CA	+4612-05957	America/Glace_Bay	Atlantic - NS (Cape Breton)
+CA	+4606-06447	America/Moncton	Atlantic - New Brunswick
+CA	+5320-06025	America/Goose_Bay	Atlantic - Labrador (most areas)
+CA	+5125-05707	America/Blanc-Sablon	AST - QC (Lower North Shore)
+CA	+4339-07923	America/Toronto	Eastern - ON, QC (most areas)
+CA	+4901-08816	America/Nipigon	Eastern - ON, QC (no DST 1967-73)
+CA	+4823-08915	America/Thunder_Bay	Eastern - ON (Thunder Bay)
+CA	+6344-06828	America/Iqaluit	Eastern - NU (most east areas)
+CA	+6608-06544	America/Pangnirtung	Eastern - NU (Pangnirtung)
+CA	+484531-0913718	America/Atikokan	EST - ON (Atikokan); NU (Coral H)
+CA	+4953-09709	America/Winnipeg	Central - ON (west); Manitoba
+CA	+4843-09434	America/Rainy_River	Central - ON (Rainy R, Ft Frances)
+CA	+744144-0944945	America/Resolute	Central - NU (Resolute)
+CA	+624900-0920459	America/Rankin_Inlet	Central - NU (central)
+CA	+5024-10439	America/Regina	CST - SK (most areas)
+CA	+5017-10750	America/Swift_Current	CST - SK (midwest)
+CA	+5333-11328	America/Edmonton	Mountain - AB; BC (E); SK (W)
+CA	+690650-1050310	America/Cambridge_Bay	Mountain - NU (west)
+CA	+6227-11421	America/Yellowknife	Mountain - NT (central)
+CA	+682059-1334300	America/Inuvik	Mountain - NT (west)
+CA	+4906-11631	America/Creston	MST - BC (Creston)
+CA	+5946-12014	America/Dawson_Creek	MST - BC (Dawson Cr, Ft St John)
+CA	+5848-12242	America/Fort_Nelson	MST - BC (Ft Nelson)
+CA	+4916-12307	America/Vancouver	Pacific - BC (most areas)
+CA	+6043-13503	America/Whitehorse	Pacific - Yukon (south)
+CA	+6404-13925	America/Dawson	Pacific - Yukon (north)
 CC	-1210+09655	Indian/Cocos
-CD	-0418+01518	Africa/Kinshasa	west Dem. Rep. of Congo
-CD	-1140+02728	Africa/Lubumbashi	east Dem. Rep. of Congo
+CD	-0418+01518	Africa/Kinshasa	Dem. Rep. of Congo (west)
+CD	-1140+02728	Africa/Lubumbashi	Dem. Rep. of Congo (east)
 CF	+0422+01835	Africa/Bangui
 CG	-0416+01517	Africa/Brazzaville
 CH	+4723+00832	Europe/Zurich
 CI	+0519-00402	Africa/Abidjan
 CK	-2114-15946	Pacific/Rarotonga
-CL	-3327-07040	America/Santiago	most locations
+CL	-3327-07040	America/Santiago	Chile (most areas)
 CL	-2709-10926	Pacific/Easter	Easter Island
 CM	+0403+00942	Africa/Douala
 CN	+3114+12128	Asia/Shanghai	Beijing Time
@@ -177,28 +177,28 @@
 CX	-1025+10543	Indian/Christmas
 CY	+3510+03322	Asia/Nicosia
 CZ	+5005+01426	Europe/Prague
-DE	+5230+01322	Europe/Berlin	most locations
+DE	+5230+01322	Europe/Berlin	Germany (most areas)
 DE	+4742+00841	Europe/Busingen	Busingen
 DJ	+1136+04309	Africa/Djibouti
 DK	+5540+01235	Europe/Copenhagen
 DM	+1518-06124	America/Dominica
 DO	+1828-06954	America/Santo_Domingo
 DZ	+3647+00303	Africa/Algiers
-EC	-0210-07950	America/Guayaquil	mainland
+EC	-0210-07950	America/Guayaquil	Ecuador (mainland)
 EC	-0054-08936	Pacific/Galapagos	Galapagos Islands
 EE	+5925+02445	Europe/Tallinn
 EG	+3003+03115	Africa/Cairo
 EH	+2709-01312	Africa/El_Aaiun
 ER	+1520+03853	Africa/Asmara
-ES	+4024-00341	Europe/Madrid	mainland
-ES	+3553-00519	Africa/Ceuta	Ceuta & Melilla
+ES	+4024-00341	Europe/Madrid	Spain (mainland)
+ES	+3553-00519	Africa/Ceuta	Ceuta, Melilla
 ES	+2806-01524	Atlantic/Canary	Canary Islands
 ET	+0902+03842	Africa/Addis_Ababa
 FI	+6010+02458	Europe/Helsinki
 FJ	-1808+17825	Pacific/Fiji
 FK	-5142-05751	Atlantic/Stanley
-FM	+0725+15147	Pacific/Chuuk	Chuuk (Truk) and Yap
-FM	+0658+15813	Pacific/Pohnpei	Pohnpei (Ponape)
+FM	+0725+15147	Pacific/Chuuk	Chuuk/Truk, Yap
+FM	+0658+15813	Pacific/Pohnpei	Pohnpei/Ponape
 FM	+0519+16259	Pacific/Kosrae	Kosrae
 FO	+6201-00646	Atlantic/Faroe
 FR	+4852+00220	Europe/Paris
@@ -210,10 +210,10 @@
 GG	+4927-00232	Europe/Guernsey
 GH	+0533-00013	Africa/Accra
 GI	+3608-00521	Europe/Gibraltar
-GL	+6411-05144	America/Godthab	most locations
-GL	+7646-01840	America/Danmarkshavn	east coast, north of Scoresbysund
-GL	+7029-02158	America/Scoresbysund	Scoresbysund / Ittoqqortoormiit
-GL	+7634-06847	America/Thule	Thule / Pituffik
+GL	+6411-05144	America/Godthab	Greenland (most areas)
+GL	+7646-01840	America/Danmarkshavn	National Park (east coast)
+GL	+7029-02158	America/Scoresbysund	Scoresbysund/Ittoqqortoormiit
+GL	+7634-06847	America/Thule	Thule/Pituffik
 GM	+1328-01639	Africa/Banjul
 GN	+0931-01343	Africa/Conakry
 GP	+1614-06132	America/Guadeloupe
@@ -229,10 +229,10 @@
 HR	+4548+01558	Europe/Zagreb
 HT	+1832-07220	America/Port-au-Prince
 HU	+4730+01905	Europe/Budapest
-ID	-0610+10648	Asia/Jakarta	Java & Sumatra
-ID	-0002+10920	Asia/Pontianak	west & central Borneo
-ID	-0507+11924	Asia/Makassar	east & south Borneo, Sulawesi (Celebes), Bali, Nusa Tengarra, west Timor
-ID	-0232+14042	Asia/Jayapura	west New Guinea (Irian Jaya) & Malukus (Moluccas)
+ID	-0610+10648	Asia/Jakarta	Java, Sumatra
+ID	-0002+10920	Asia/Pontianak	Borneo (west, central)
+ID	-0507+11924	Asia/Makassar	Borneo (east, south); Sulawesi/Celebes, Bali, Nusa Tengarra; Timor (west)
+ID	-0232+14042	Asia/Jayapura	New Guinea (West Papua / Irian Jaya); Malukus/Moluccas
 IE	+5320-00615	Europe/Dublin
 IL	+314650+0351326	Asia/Jerusalem
 IM	+5409-00428	Europe/Isle_of_Man
@@ -258,10 +258,10 @@
 KR	+3733+12658	Asia/Seoul
 KW	+2920+04759	Asia/Kuwait
 KY	+1918-08123	America/Cayman
-KZ	+4315+07657	Asia/Almaty	most locations
-KZ	+4448+06528	Asia/Qyzylorda	Qyzylorda (Kyzylorda, Kzyl-Orda)
-KZ	+5017+05710	Asia/Aqtobe	Aqtobe (Aktobe)
-KZ	+4431+05016	Asia/Aqtau	Atyrau (Atirau, Gur'yev), Mangghystau (Mankistau)
+KZ	+4315+07657	Asia/Almaty	Kazakhstan (most areas)
+KZ	+4448+06528	Asia/Qyzylorda	Qyzylorda/Kyzylorda/Kzyl-Orda
+KZ	+5017+05710	Asia/Aqtobe	Aqtobe/Aktobe
+KZ	+4431+05016	Asia/Aqtau	Atyrau/Atirau/Gur'yev, Mangghystau/Mankistau
 KZ	+5113+05121	Asia/Oral	West Kazakhstan
 LA	+1758+10236	Asia/Vientiane
 LB	+3353+03530	Asia/Beirut
@@ -280,12 +280,12 @@
 ME	+4226+01916	Europe/Podgorica
 MF	+1804-06305	America/Marigot
 MG	-1855+04731	Indian/Antananarivo
-MH	+0709+17112	Pacific/Majuro	most locations
+MH	+0709+17112	Pacific/Majuro	Marshall Islands (most areas)
 MH	+0905+16720	Pacific/Kwajalein	Kwajalein
 MK	+4159+02126	Europe/Skopje
 ML	+1239-00800	Africa/Bamako
 MM	+1647+09610	Asia/Rangoon
-MN	+4755+10653	Asia/Ulaanbaatar	most locations
+MN	+4755+10653	Asia/Ulaanbaatar	Mongolia (most areas)
 MN	+4801+09139	Asia/Hovd	Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
 MN	+4804+11430	Asia/Choibalsan	Dornod, Sukhbaatar
 MO	+2214+11335	Asia/Macau
@@ -297,19 +297,19 @@
 MU	-2010+05730	Indian/Mauritius
 MV	+0410+07330	Indian/Maldives
 MW	-1547+03500	Africa/Blantyre
-MX	+1924-09909	America/Mexico_City	Central Time - most locations
+MX	+1924-09909	America/Mexico_City	Central Time
 MX	+2105-08646	America/Cancun	Eastern Standard Time - Quintana Roo
 MX	+2058-08937	America/Merida	Central Time - Campeche, Yucatan
-MX	+2540-10019	America/Monterrey	Mexican Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas away from US border
-MX	+2550-09730	America/Matamoros	US Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas near US border
-MX	+2313-10625	America/Mazatlan	Mountain Time - S Baja, Nayarit, Sinaloa
-MX	+2838-10605	America/Chihuahua	Mexican Mountain Time - Chihuahua away from US border
-MX	+2934-10425	America/Ojinaga	US Mountain Time - Chihuahua near US border
+MX	+2540-10019	America/Monterrey	Central Time - Durango; Coahuila, Nuevo Leon, Tamaulipas (most areas)
+MX	+2550-09730	America/Matamoros	Central Time US - Coahuila, Nuevo Leon, Tamaulipas (US border)
+MX	+2313-10625	America/Mazatlan	Mountain Time - Baja California Sur, Nayarit, Sinaloa
+MX	+2838-10605	America/Chihuahua	Mountain Time - Chihuahua (most areas)
+MX	+2934-10425	America/Ojinaga	Mountain Time US - Chihuahua (US border)
 MX	+2904-11058	America/Hermosillo	Mountain Standard Time - Sonora
-MX	+3232-11701	America/Tijuana	US Pacific Time - Baja California state
-MX	+2048-10515	America/Bahia_Banderas	Mexican Central Time - Bahia de Banderas
-MY	+0310+10142	Asia/Kuala_Lumpur	peninsular Malaysia
-MY	+0133+11020	Asia/Kuching	Sabah & Sarawak
+MX	+3232-11701	America/Tijuana	Pacific Time US - Baja California
+MX	+2048-10515	America/Bahia_Banderas	Central Time - Bahia de Banderas
+MY	+0310+10142	Asia/Kuala_Lumpur	Malaysia (peninsula)
+MY	+0133+11020	Asia/Kuching	Sabah, Sarawak
 MZ	-2558+03235	Africa/Maputo
 NA	-2234+01706	Africa/Windhoek
 NC	-2216+16627	Pacific/Noumea
@@ -322,7 +322,7 @@
 NP	+2743+08519	Asia/Kathmandu
 NR	-0031+16655	Pacific/Nauru
 NU	-1901-16955	Pacific/Niue
-NZ	-3652+17446	Pacific/Auckland	most locations
+NZ	-3652+17446	Pacific/Auckland	New Zealand (most areas)
 NZ	-4357-17633	Pacific/Chatham	Chatham Islands
 OM	+2336+05835	Asia/Muscat
 PA	+0858-07932	America/Panama
@@ -330,7 +330,7 @@
 PF	-1732-14934	Pacific/Tahiti	Society Islands
 PF	-0900-13930	Pacific/Marquesas	Marquesas Islands
 PF	-2308-13457	Pacific/Gambier	Gambier Islands
-PG	-0930+14710	Pacific/Port_Moresby	most locations
+PG	-0930+14710	Pacific/Port_Moresby	Papua New Guinea (most areas)
 PG	-0613+15534	Pacific/Bougainville	Bougainville
 PH	+1435+12100	Asia/Manila
 PK	+2452+06703	Asia/Karachi
@@ -340,7 +340,7 @@
 PR	+182806-0660622	America/Puerto_Rico
 PS	+3130+03428	Asia/Gaza	Gaza Strip
 PS	+313200+0350542	Asia/Hebron	West Bank
-PT	+3843-00908	Europe/Lisbon	mainland
+PT	+3843-00908	Europe/Lisbon	Portugal (mainland)
 PT	+3238-01654	Atlantic/Madeira	Madeira Islands
 PT	+3744-02540	Atlantic/Azores	Azores
 PW	+0720+13429	Pacific/Palau
@@ -349,27 +349,32 @@
 RE	-2052+05528	Indian/Reunion
 RO	+4426+02606	Europe/Bucharest
 RS	+4450+02030	Europe/Belgrade
-RU	+5443+02030	Europe/Kaliningrad	Moscow-01 - Kaliningrad
-RU	+554521+0373704	Europe/Moscow	Moscow+00 - west Russia
-RU	+4457+03406	Europe/Simferopol	Moscow+00 - Crimea
-RU	+4844+04425	Europe/Volgograd	Moscow+00 - Caspian Sea
-RU	+5312+05009	Europe/Samara	Moscow+00 (Moscow+01 after 2014-10-26) - Samara, Udmurtia
-RU	+5651+06036	Asia/Yekaterinburg	Moscow+02 - Urals
-RU	+5500+07324	Asia/Omsk	Moscow+03 - west Siberia
-RU	+5502+08255	Asia/Novosibirsk	Moscow+03 - Novosibirsk
-RU	+5345+08707	Asia/Novokuznetsk	Moscow+03 (Moscow+04 after 2014-10-26) - Kemerovo
-RU	+5601+09250	Asia/Krasnoyarsk	Moscow+04 - Yenisei River
-RU	+5216+10420	Asia/Irkutsk	Moscow+05 - Lake Baikal
-RU	+5203+11328	Asia/Chita	Moscow+06 (Moscow+05 after 2014-10-26) - Zabaykalsky
-RU	+6200+12940	Asia/Yakutsk	Moscow+06 - Lena River
-RU	+623923+1353314	Asia/Khandyga	Moscow+06 - Tomponsky, Ust-Maysky
-RU	+4310+13156	Asia/Vladivostok	Moscow+07 - Amur River
-RU	+4658+14242	Asia/Sakhalin	Moscow+07 - Sakhalin Island
-RU	+643337+1431336	Asia/Ust-Nera	Moscow+07 - Oymyakonsky
-RU	+5934+15048	Asia/Magadan	Moscow+08 (Moscow+07 after 2014-10-26) - Magadan
-RU	+6728+15343	Asia/Srednekolymsk	Moscow+08 - E Sakha, N Kuril Is
-RU	+5301+15839	Asia/Kamchatka	Moscow+08 (Moscow+09 after 2014-10-26) - Kamchatka
-RU	+6445+17729	Asia/Anadyr	Moscow+08 (Moscow+09 after 2014-10-26) - Bering Sea
+RU	+5443+02030	Europe/Kaliningrad	MSK-01 - Kaliningrad
+RU	+554521+0373704	Europe/Moscow	MSK+00 - Moscow area
+RU	+4457+03406	Europe/Simferopol	MSK+00 - Crimea
+RU	+4844+04425	Europe/Volgograd	MSK+00 - Volgograd, Saratov
+RU	+5836+04939	Europe/Kirov	MSK+00 - Kirov
+RU	+4621+04803	Europe/Astrakhan	MSK+01 - Astrakhan
+RU	+5312+05009	Europe/Samara	MSK+01 - Samara, Udmurtia
+RU	+5420+04824	Europe/Ulyanovsk	MSK+01 - Ulyanovsk
+RU	+5651+06036	Asia/Yekaterinburg	MSK+02 - Urals
+RU	+5500+07324	Asia/Omsk	MSK+03 - Omsk
+RU	+5502+08255	Asia/Novosibirsk	MSK+03 - Novosibirsk
+RU	+5322+08345	Asia/Barnaul	MSK+04 - Altai
+RU	+5630+08458	Asia/Tomsk	MSK+04 - Tomsk
+RU	+5345+08707	Asia/Novokuznetsk	MSK+04 - Kemerovo
+RU	+5601+09250	Asia/Krasnoyarsk	MSK+04 - Krasnoyarsk area
+RU	+5216+10420	Asia/Irkutsk	MSK+05 - Irkutsk, Buryatia
+RU	+5203+11328	Asia/Chita	MSK+06 - Zabaykalsky
+RU	+6200+12940	Asia/Yakutsk	MSK+06 - Lena River
+RU	+623923+1353314	Asia/Khandyga	MSK+06 - Tomponsky, Ust-Maysky
+RU	+4310+13156	Asia/Vladivostok	MSK+07 - Amur River
+RU	+643337+1431336	Asia/Ust-Nera	MSK+07 - Oymyakonsky
+RU	+5934+15048	Asia/Magadan	MSK+08 - Magadan
+RU	+4658+14242	Asia/Sakhalin	MSK+08 - Sakhalin Island
+RU	+6728+15343	Asia/Srednekolymsk	MSK+08 - Sakha (E); North Kuril Is
+RU	+5301+15839	Asia/Kamchatka	MSK+09 - Kamchatka
+RU	+6445+17729	Asia/Anadyr	MSK+09 - Bering Sea
 RW	-0157+03004	Africa/Kigali
 SA	+2438+04643	Asia/Riyadh
 SB	-0932+16012	Pacific/Guadalcanal
@@ -408,45 +413,45 @@
 TV	-0831+17913	Pacific/Funafuti
 TW	+2503+12130	Asia/Taipei
 TZ	-0648+03917	Africa/Dar_es_Salaam
-UA	+5026+03031	Europe/Kiev	most locations
+UA	+5026+03031	Europe/Kiev	Ukraine (most areas)
 UA	+4837+02218	Europe/Uzhgorod	Ruthenia
-UA	+4750+03510	Europe/Zaporozhye	Zaporozh'ye, E Lugansk / Zaporizhia, E Luhansk
+UA	+4750+03510	Europe/Zaporozhye	Zaporozh'ye/Zaporizhia; Lugansk/Luhansk (east)
 UG	+0019+03225	Africa/Kampala
 UM	+1645-16931	Pacific/Johnston	Johnston Atoll
 UM	+2813-17722	Pacific/Midway	Midway Islands
 UM	+1917+16637	Pacific/Wake	Wake Island
-US	+404251-0740023	America/New_York	Eastern Time
-US	+421953-0830245	America/Detroit	Eastern Time - Michigan - most locations
-US	+381515-0854534	America/Kentucky/Louisville	Eastern Time - Kentucky - Louisville area
-US	+364947-0845057	America/Kentucky/Monticello	Eastern Time - Kentucky - Wayne County
-US	+394606-0860929	America/Indiana/Indianapolis	Eastern Time - Indiana - most locations
-US	+384038-0873143	America/Indiana/Vincennes	Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties
-US	+410305-0863611	America/Indiana/Winamac	Eastern Time - Indiana - Pulaski County
-US	+382232-0862041	America/Indiana/Marengo	Eastern Time - Indiana - Crawford County
-US	+382931-0871643	America/Indiana/Petersburg	Eastern Time - Indiana - Pike County
-US	+384452-0850402	America/Indiana/Vevay	Eastern Time - Indiana - Switzerland County
-US	+415100-0873900	America/Chicago	Central Time
-US	+375711-0864541	America/Indiana/Tell_City	Central Time - Indiana - Perry County
-US	+411745-0863730	America/Indiana/Knox	Central Time - Indiana - Starke County
-US	+450628-0873651	America/Menominee	Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties
-US	+470659-1011757	America/North_Dakota/Center	Central Time - North Dakota - Oliver County
-US	+465042-1012439	America/North_Dakota/New_Salem	Central Time - North Dakota - Morton County (except Mandan area)
-US	+471551-1014640	America/North_Dakota/Beulah	Central Time - North Dakota - Mercer County
-US	+394421-1045903	America/Denver	Mountain Time
-US	+433649-1161209	America/Boise	Mountain Time - south Idaho & east Oregon
-US	+332654-1120424	America/Phoenix	Mountain Standard Time - Arizona (except Navajo)
-US	+340308-1181434	America/Los_Angeles	Pacific Time
-US	+611305-1495401	America/Anchorage	Alaska Time
-US	+581807-1342511	America/Juneau	Alaska Time - Alaska panhandle
-US	+571035-1351807	America/Sitka	Alaska Time - southeast Alaska panhandle
-US	+550737-1313435	America/Metlakatla	Alaska Time - Annette Island
-US	+593249-1394338	America/Yakutat	Alaska Time - Alaska panhandle neck
-US	+643004-1652423	America/Nome	Alaska Time - west Alaska
+US	+404251-0740023	America/New_York	Eastern (most areas)
+US	+421953-0830245	America/Detroit	Eastern - MI (most areas)
+US	+381515-0854534	America/Kentucky/Louisville	Eastern - KY (Louisville area)
+US	+364947-0845057	America/Kentucky/Monticello	Eastern - KY (Wayne)
+US	+394606-0860929	America/Indiana/Indianapolis	Eastern - IN (most areas)
+US	+384038-0873143	America/Indiana/Vincennes	Eastern - IN (Da, Du, K, Mn)
+US	+410305-0863611	America/Indiana/Winamac	Eastern - IN (Pulaski)
+US	+382232-0862041	America/Indiana/Marengo	Eastern - IN (Crawford)
+US	+382931-0871643	America/Indiana/Petersburg	Eastern - IN (Pike)
+US	+384452-0850402	America/Indiana/Vevay	Eastern - IN (Switzerland)
+US	+415100-0873900	America/Chicago	Central (most areas)
+US	+375711-0864541	America/Indiana/Tell_City	Central - IN (Perry)
+US	+411745-0863730	America/Indiana/Knox	Central - IN (Starke)
+US	+450628-0873651	America/Menominee	Central - MI (Wisconsin border)
+US	+470659-1011757	America/North_Dakota/Center	Central - ND (Oliver)
+US	+465042-1012439	America/North_Dakota/New_Salem	Central - ND (Morton rural)
+US	+471551-1014640	America/North_Dakota/Beulah	Central - ND (Mercer)
+US	+394421-1045903	America/Denver	Mountain (most areas)
+US	+433649-1161209	America/Boise	Mountain - ID (south); OR (east)
+US	+332654-1120424	America/Phoenix	MST - Arizona (except Navajo)
+US	+340308-1181434	America/Los_Angeles	Pacific
+US	+611305-1495401	America/Anchorage	Alaska (most areas)
+US	+581807-1342511	America/Juneau	Alaska - Juneau area
+US	+571035-1351807	America/Sitka	Alaska - Sitka area
+US	+550737-1313435	America/Metlakatla	Alaska - Annette Island
+US	+593249-1394338	America/Yakutat	Alaska - Yakutat
+US	+643004-1652423	America/Nome	Alaska (west)
 US	+515248-1763929	America/Adak	Aleutian Islands
 US	+211825-1575130	Pacific/Honolulu	Hawaii
 UY	-3453-05611	America/Montevideo
-UZ	+3940+06648	Asia/Samarkand	west Uzbekistan
-UZ	+4120+06918	Asia/Tashkent	east Uzbekistan
+UZ	+3940+06648	Asia/Samarkand	Uzbekistan (west)
+UZ	+4120+06918	Asia/Tashkent	Uzbekistan (east)
 VA	+415408+0122711	Europe/Vatican
 VC	+1309-06114	America/St_Vincent
 VE	+1030-06656	America/Caracas
--- a/make/sun/rmi/cgi/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/rmi/cgi/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -29,7 +29,6 @@
 
 BUILDDIR = ../../..
 JAVAC_MAX_WARNINGS = true
-JAVAC_WARNINGS_FATAL = true
 # java-rmi.cgi is a JDK tool
 PACKAGE = sun.rmi
 PRODUCT = sun
--- a/make/sun/rmi/registry/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/rmi/registry/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -29,7 +29,6 @@
 
 BUILDDIR = ../../..
 JAVAC_MAX_WARNINGS = true
-JAVAC_WARNINGS_FATAL = true
 JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
 PACKAGE = sun.rmi.registry
 PRODUCT = sun
--- a/make/sun/rmi/rmi/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/rmi/rmi/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -29,7 +29,6 @@
 
 BUILDDIR = ../../..
 JAVAC_MAX_WARNINGS = true
-JAVAC_WARNINGS_FATAL = true
 JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
 PACKAGE = sun.rmi
 PRODUCT = sun
--- a/make/sun/rmi/rmid/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/rmi/rmid/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -30,7 +30,6 @@
 
 BUILDDIR = ../../..
 JAVAC_MAX_WARNINGS = true
-JAVAC_WARNINGS_FATAL = true
 PACKAGE = sun.rmi.activation
 PRODUCT = sun
 include $(BUILDDIR)/common/Defs.gmk
--- a/make/sun/security/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/security/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -34,6 +34,7 @@
 #
 
 BUILDDIR = ../..
+SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=true
 include $(BUILDDIR)/common/Defs.gmk
 
 # build sun/security/jgss/wrapper on non-windows platform
--- a/make/sun/security/ec/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/security/ec/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -109,6 +109,8 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/sun/security/other/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/security/other/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 BUILDDIR = ../../..
 PACKAGE = sun.security.other
 PRODUCT = sun
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 #
@@ -35,6 +37,7 @@
     sun/security/acl \
     sun/security/jca \
     sun/security/pkcs \
+    sun/security/pkcs10 \
     sun/security/pkcs12 \
     sun/security/provider \
     sun/security/rsa \
--- a/make/sun/security/pkcs11/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/security/pkcs11/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -110,6 +110,8 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/sun/security/tools/Makefile	Sun May 01 21:26:40 2016 -0700
+++ b/make/sun/security/tools/Makefile	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@
 # Resources
 #
 LOCALE_SET_DEFINITION = jdk
-RESOURCE_BUNDLES_JAVA = sun/security/tools/JarSignerResources.java
+RESOURCE_BUNDLES_JAVA = sun/security/tools/jarsigner/Resources.java
 
 #
 # Rules
@@ -45,7 +45,7 @@
 include $(BUILDDIR)/common/Classes.gmk
 
 build:
-	$(call make-launcher, keytool, sun.security.tools.KeyTool, , )
+	$(call make-launcher, keytool, sun.security.tools.keytool.Main, , )
 ifndef BUILD_HEADLESS_ONLY
 	$(call make-launcher, policytool, sun.security.tools.policytool.PolicyTool, , )
 endif
--- a/src/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java	Sat Aug 20 11:59:31 2016 -0700
@@ -87,6 +87,7 @@
     private int incomingInterruptFD;
 
     static {
+        IOUtil.load();
         initStructSizes();
         String datamodel = (String) java.security.AccessController.doPrivileged(
         new sun.security.action.GetPropertyAction("sun.arch.data.model"));
--- a/src/macosx/classes/sun/nio/ch/KQueueSelectorImpl.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/macosx/classes/sun/nio/ch/KQueueSelectorImpl.java	Sat Aug 20 11:59:31 2016 -0700
@@ -246,9 +246,4 @@
         }
         return this;
     }
-
-
-    static {
-        Util.load();
-    }
 }
--- a/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Sat Aug 20 11:59:31 2016 -0700
@@ -15,13 +15,13 @@
 #
 alert=\uACBD\uBCF4
 awtcomponent=AWT \uAD6C\uC131 \uC694\uC18C
-checkbox=\uCCB4\uD06C \uBC15\uC2A4
+checkbox=\uCCB4\uD06C\uBC15\uC2A4
 colorchooser=\uC0C9\uC0C1 \uC120\uD0DD\uAE30
 columnheader=\uC5F4 \uBA38\uB9AC\uAE00
 combobox=\uCF64\uBCF4 \uC0C1\uC790
 canvas=\uCE94\uBC84\uC2A4
-desktopicon=\uBC14\uD0D5 \uD654\uBA74 \uC544\uC774\uCF58
-desktoppane=\uBC14\uD0D5 \uD654\uBA74 \uCC3D
+desktopicon=\uBC14\uD0D5\uD654\uBA74 \uC544\uC774\uCF58
+desktoppane=\uBC14\uD0D5\uD654\uBA74 \uCC3D
 dialog=\uB300\uD654\uC0C1\uC790
 directorypane=\uB514\uB809\uD1A0\uB9AC \uCC3D
 glasspane=\uAE00\uB798\uC2A4 \uCC3D
--- a/src/share/classes/com/sun/crypto/provider/AESCrypt.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/AESCrypt.java	Sat Aug 20 11:59:31 2016 -0700
@@ -255,7 +255,7 @@
                     for (j = 0; j < 8; j++) {
                         tmp = AA[i][j];
                         AA[i][j] = AA[t][j];
-                        AA[t][j] = (byte) tmp;
+                        AA[t][j] = tmp;
                     }
                     pivot = AA[i][i];
                 }
--- a/src/share/classes/com/sun/crypto/provider/AESParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/AESParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the AES algorithm
@@ -67,9 +64,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import sun.misc.HexDumpEncoder;
@@ -64,7 +63,7 @@
             throw new InvalidParameterSpecException("IV not " +
                         block_size + " bytes long");
         }
-        iv = (byte[]) tmpIv.clone();
+        iv = tmpIv.clone();
     }
 
     void init(byte[] encoded) throws IOException {
@@ -90,11 +89,11 @@
         init(encoded);
     }
 
-    AlgorithmParameterSpec getParameterSpec(Class paramSpec)
+    <T extends AlgorithmParameterSpec> T getParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException
     {
         if (IvParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new IvParameterSpec(this.iv);
+            return paramSpec.cast(new IvParameterSpec(this.iv));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the Blowfish algorithm in
@@ -68,9 +65,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -193,7 +193,7 @@
             // This is necessary because in this constellation, a
             // ciphertext block (or parts of it) will be overridden by
             // the plaintext result.
-            cipherOrig = (byte[])cipher.clone();
+            cipherOrig = cipher.clone();
         }
 
         for (; cipherOffset < endIndex;
--- a/src/share/classes/com/sun/crypto/provider/CipherCore.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/CipherCore.java	Sat Aug 20 11:59:31 2016 -0700
@@ -301,7 +301,7 @@
      */
     byte[] getIV() {
         byte[] iv = cipher.getIV();
-        return (iv == null) ? null : (byte[])iv.clone();
+        return (iv == null) ? null : iv.clone();
     }
 
     /**
@@ -475,8 +475,7 @@
         IvParameterSpec ivSpec = null;
         if (params != null) {
             try {
-                ivSpec = (IvParameterSpec)params.getParameterSpec
-                    (IvParameterSpec.class);
+                ivSpec = params.getParameterSpec(IvParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException("Wrong parameter "
                                                              + "type: IV "
@@ -832,7 +831,7 @@
         buffered = 0;
         diffBlocksize = blockSize;
         if (cipherMode != ECB_MODE) {
-            ((FeedbackCipher)cipher).reset();
+            cipher.reset();
         }
         return totalLen;
     }
--- a/src/share/classes/com/sun/crypto/provider/DESCrypt.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESCrypt.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -622,17 +622,17 @@
             // mangler function:
             // every 6 bit is fed into the sbox, which
             // produces 4-bit output
-            left ^= s0p[(int)((temp & 0x3f) ^ key[j+0])]
-                ^ s1p[(int)(((temp >>  4) & 0x3f) ^ key[j+1])]
-                ^ s2p[(int)(((temp >>  8) & 0x3f) ^ key[j+2])]
-                ^ s3p[(int)(((temp >> 12) & 0x3f) ^ key[j+3])]
-                ^ s4p[(int)(((temp >> 16) & 0x3f) ^ key[j+4])]
-                ^ s5p[(int)(((temp >> 20) & 0x3f) ^ key[j+5])]
-                ^ s6p[(int)(((temp >> 24) & 0x3f) ^ key[j+6])];
+            left ^= s0p[(temp & 0x3f) ^ key[j+0]]
+                ^ s1p[((temp >>  4) & 0x3f) ^ key[j+1]]
+                ^ s2p[((temp >>  8) & 0x3f) ^ key[j+2]]
+                ^ s3p[((temp >> 12) & 0x3f) ^ key[j+3]]
+                ^ s4p[((temp >> 16) & 0x3f) ^ key[j+4]]
+                ^ s5p[((temp >> 20) & 0x3f) ^ key[j+5]]
+                ^ s6p[((temp >> 24) & 0x3f) ^ key[j+6]];
 
             // make the last sbox input the last bit from right[0]
             temp = ((right & 1) << 5) | ((right >> 27) & 0x1f);
-            left ^= s7p[(int)(temp ^ key[j+7])];
+            left ^= s7p[temp ^ key[j+7]];
             temp = left;
             left = right;
             right = temp;
--- a/src/share/classes/com/sun/crypto/provider/DESKey.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESKey.java	Sat Aug 20 11:59:31 2016 -0700
@@ -79,7 +79,7 @@
     public byte[] getEncoded() {
         // Return a copy of the key, rather than a reference,
         // so that the key data cannot be modified from outside
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -127,7 +127,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/com/sun/crypto/provider/DESParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the DES algorithm in
@@ -68,9 +65,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeKey.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeKey.java	Sat Aug 20 11:59:31 2016 -0700
@@ -79,7 +79,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -128,7 +128,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/com/sun/crypto/provider/DESedeParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the Triple DES algorithm
@@ -67,9 +64,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.Arrays;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@@ -151,7 +150,7 @@
      * been set.
      */
     protected byte[] engineGetIV() {
-        return (iv == null? null:(byte[]) iv.clone());
+        return (iv == null) ? null : iv.clone();
     }
 
     /**
@@ -277,8 +276,7 @@
             try {
                 DESedeParameters paramsEng = new DESedeParameters();
                 paramsEng.engineInit(params.getEncoded());
-                ivSpec = (IvParameterSpec)
-                    paramsEng.engineGetParameterSpec(IvParameterSpec.class);
+                ivSpec = paramsEng.engineGetParameterSpec(IvParameterSpec.class);
             } catch (Exception ex) {
                 InvalidAlgorithmParameterException iape =
                     new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
-import java.lang.*;
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.PrivateKey;
@@ -140,7 +138,8 @@
      * inappropriate for the given key, or the given key cannot be processed
      * (e.g., the given key has an unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(Key key, Class keySpec)
+    protected <T extends KeySpec>
+        T engineGetKeySpec(Key key, Class<T> keySpec)
         throws InvalidKeySpecException {
         DHParameterSpec params;
 
@@ -150,12 +149,12 @@
                 javax.crypto.interfaces.DHPublicKey dhPubKey
                     = (javax.crypto.interfaces.DHPublicKey) key;
                 params = dhPubKey.getParams();
-                return new DHPublicKeySpec(dhPubKey.getY(),
-                                           params.getP(),
-                                           params.getG());
+                return keySpec.cast(new DHPublicKeySpec(dhPubKey.getY(),
+                                                        params.getP(),
+                                                        params.getG()));
 
             } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return new X509EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
 
             } else {
                 throw new InvalidKeySpecException
@@ -168,12 +167,12 @@
                 javax.crypto.interfaces.DHPrivateKey dhPrivKey
                     = (javax.crypto.interfaces.DHPrivateKey)key;
                 params = dhPrivKey.getParams();
-                return new DHPrivateKeySpec(dhPrivKey.getX(),
-                                            params.getP(),
-                                            params.getG());
+                return keySpec.cast(new DHPrivateKeySpec(dhPrivKey.getX(),
+                                                         params.getP(),
+                                                         params.getG()));
 
             } else if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return new PKCS8EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
 
             } else {
                 throw new InvalidKeySpecException
@@ -208,8 +207,7 @@
                 }
                 // Convert key to spec
                 DHPublicKeySpec dhPubKeySpec
-                    = (DHPublicKeySpec)engineGetKeySpec
-                    (key, DHPublicKeySpec.class);
+                    = engineGetKeySpec(key, DHPublicKeySpec.class);
                 // Create key from spec, and return it
                 return engineGeneratePublic(dhPubKeySpec);
 
@@ -220,8 +218,7 @@
                 }
                 // Convert key to spec
                 DHPrivateKeySpec dhPrivKeySpec
-                    = (DHPrivateKeySpec)engineGetKeySpec
-                    (key, DHPrivateKeySpec.class);
+                    = engineGetKeySpec(key, DHPrivateKeySpec.class);
                 // Create key from spec, and return it
                 return engineGeneratePrivate(dhPrivKeySpec);
 
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Sat Aug 20 11:59:31 2016 -0700
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.spec.DHParameterSpec;
@@ -141,8 +140,7 @@
             paramGen = AlgorithmParameterGenerator.getInstance("DSA");
             paramGen.init(this.primeSize, random);
             algParams = paramGen.generateParameters();
-            dsaParamSpec = (DSAParameterSpec)
-                algParams.getParameterSpec(DSAParameterSpec.class);
+            dsaParamSpec = algParams.getParameterSpec(DSAParameterSpec.class);
 
             DHParameterSpec dhParamSpec;
             if (this.exponentSize > 0) {
--- a/src/share/classes/com/sun/crypto/provider/DHParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import java.math.BigInteger;
@@ -95,11 +94,12 @@
             engineInit(params);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
 
         if (DHParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new DHParameterSpec(this.p, this.g, this.l);
+            return paramSpec.cast(new DHParameterSpec(this.p, this.g, this.l));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter Specification");
--- a/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Sat Aug 20 11:59:31 2016 -0700
@@ -31,7 +31,6 @@
 import java.security.PrivateKey;
 import java.security.InvalidKeyException;
 import java.security.ProviderException;
-import javax.crypto.*;
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.util.*;
 
@@ -182,7 +181,7 @@
 
             // ignore OPTIONAL attributes
 
-            this.encodedKey = (byte[])encodedKey.clone();
+            this.encodedKey = encodedKey.clone();
 
         } catch (NumberFormatException e) {
             InvalidKeyException ike = new InvalidKeyException(
@@ -256,7 +255,7 @@
                 return null;
             }
         }
-        return (byte[])this.encodedKey.clone();
+        return this.encodedKey.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,10 +29,8 @@
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
-import java.security.InvalidAlgorithmParameterException;
 import java.security.ProviderException;
 import java.security.PublicKey;
-import javax.crypto.*;
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.util.*;
 
@@ -174,7 +172,7 @@
                 throw new InvalidKeyException("Excess key data");
             }
 
-            this.encodedKey = (byte[])encodedKey.clone();
+            this.encodedKey = encodedKey.clone();
 
         } catch (NumberFormatException e) {
             throw new InvalidKeyException("Private-value length too big");
@@ -237,7 +235,7 @@
                 return null;
             }
         }
-        return (byte[])this.encodedKey.clone();
+        return this.encodedKey.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,7 @@
         if (seq[1].data.available() != 0)
             throw new IOException("encryptedData field overrun");
 
-        this.encoded = (byte[])encoded.clone();
+        this.encoded = encoded.clone();
     }
 
     /**
@@ -86,7 +86,7 @@
      */
     EncryptedPrivateKeyInfo(AlgorithmId algid, byte[] encryptedData) {
         this.algid = algid;
-        this.encryptedData = (byte[])encryptedData.clone();
+        this.encryptedData = encryptedData.clone();
         this.encoded = null; // lazy generation of encoding
     }
 
@@ -101,7 +101,7 @@
      * Returns the encrypted data.
      */
     byte[] getEncryptedData() {
-        return (byte[])this.encryptedData.clone();
+        return this.encryptedData.clone();
     }
 
     /**
@@ -110,7 +110,7 @@
     byte[] getEncoded()
         throws IOException
     {
-        if (this.encoded != null) return (byte[])this.encoded.clone();
+        if (this.encoded != null) return this.encoded.clone();
 
         DerOutputStream out = new DerOutputStream();
         DerOutputStream tmp = new DerOutputStream();
@@ -125,6 +125,6 @@
         out.write(DerValue.tag_Sequence, tmp);
         this.encoded = out.toByteArray();
 
-        return (byte[])this.encoded.clone();
+        return this.encoded.clone();
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,9 +38,7 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
 import javax.crypto.SealedObject;
 
 /**
@@ -87,7 +85,7 @@
      * Private keys and certificates are stored in a hashtable.
      * Hash entries are keyed by alias names.
      */
-    private Hashtable entries = new Hashtable();
+    private Hashtable<String, Object> entries = new Hashtable<String, Object>();
 
     /**
      * Returns the key associated with the given alias, using the given
@@ -156,7 +154,7 @@
 
         if ((entry instanceof PrivateKeyEntry)
             && (((PrivateKeyEntry)entry).chain != null)) {
-            chain = (Certificate[])((PrivateKeyEntry)entry).chain.clone();
+            chain = ((PrivateKeyEntry)entry).chain.clone();
         }
 
         return chain;
@@ -262,7 +260,7 @@
                     // clone the chain
                     if ((chain != null) &&
                         (chain.length !=0)) {
-                        entry.chain = (Certificate[])chain.clone();
+                        entry.chain = chain.clone();
                     } else {
                         entry.chain = null;
                     }
@@ -316,10 +314,10 @@
             PrivateKeyEntry entry = new PrivateKeyEntry();
             entry.date = new Date();
 
-            entry.protectedKey = (byte[])key.clone();
+            entry.protectedKey = key.clone();
             if ((chain != null) &&
                 (chain.length != 0)) {
-                entry.chain = (Certificate[])chain.clone();
+                entry.chain = chain.clone();
             } else {
                 entry.chain = null;
             }
@@ -384,7 +382,7 @@
      *
      * @return enumeration of the alias names
      */
-    public Enumeration engineAliases() {
+    public Enumeration<String> engineAliases() {
         return entries.keys();
     }
 
@@ -462,9 +460,9 @@
     public String engineGetCertificateAlias(Certificate cert) {
         Certificate certElem;
 
-        Enumeration e = entries.keys();
+        Enumeration<String> e = entries.keys();
         while (e.hasMoreElements()) {
-            String alias = (String)e.nextElement();
+            String alias = e.nextElement();
             Object entry = entries.get(alias);
             if (entry instanceof TrustedCertEntry) {
                 certElem = ((TrustedCertEntry)entry).cert;
@@ -560,10 +558,10 @@
 
                 dos.writeInt(entries.size());
 
-                Enumeration e = entries.keys();
+                Enumeration<String> e = entries.keys();
                 while (e.hasMoreElements()) {
 
-                    String alias = (String)e.nextElement();
+                    String alias = e.nextElement();
                     Object entry = entries.get(alias);
 
                     if (entry instanceof PrivateKeyEntry) {
@@ -677,7 +675,7 @@
             DataInputStream dis;
             MessageDigest md = null;
             CertificateFactory cf = null;
-            Hashtable cfs = null;
+            Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
 
@@ -713,7 +711,7 @@
                     cf = CertificateFactory.getInstance("X509");
                 } else {
                     // version 2
-                    cfs = new Hashtable(3);
+                    cfs = new Hashtable<String, CertificateFactory>(3);
                 }
 
                 entries.clear();
@@ -761,7 +759,7 @@
                                 String certType = dis.readUTF();
                                 if (cfs.containsKey(certType)) {
                                 // reuse certificate factory
-                                    cf = (CertificateFactory)cfs.get(certType);
+                                    cf = cfs.get(certType);
                                 } else {
                                 // create new certificate factory
                                     cf = CertificateFactory.getInstance(
@@ -803,7 +801,7 @@
                             String certType = dis.readUTF();
                             if (cfs.containsKey(certType)) {
                                 // reuse certificate factory
-                                cf = (CertificateFactory)cfs.get(certType);
+                                cf = cfs.get(certType);
                             } else {
                                 // create new certificate factory
                                 cf = CertificateFactory.getInstance(certType);
--- a/src/share/classes/com/sun/crypto/provider/KeyProtector.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/KeyProtector.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,8 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.io.IOException;
 import java.io.Serializable;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.ObjectInputStream.GetField;
 import java.security.Security;
 import java.security.Key;
 import java.security.PrivateKey;
@@ -42,22 +36,14 @@
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
-import java.security.InvalidParameterException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
 import java.security.AlgorithmParameters;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherSpi;
 import javax.crypto.SecretKey;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.BadPaddingException;
 import javax.crypto.SealedObject;
 import javax.crypto.spec.*;
 import sun.security.x509.AlgorithmId;
@@ -127,7 +113,7 @@
         PBEWithMD5AndTripleDESCipher cipher;
         cipher = new PBEWithMD5AndTripleDESCipher();
         cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
-        byte[] plain = (byte[])key.getEncoded();
+        byte[] plain = key.getEncoded();
         byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
 
         // wrap encrypted private key in EncryptedPrivateKeyInfo
@@ -169,8 +155,8 @@
                 AlgorithmParameters pbeParams =
                     AlgorithmParameters.getInstance("PBE");
                 pbeParams.init(encodedParams);
-                PBEParameterSpec pbeSpec = (PBEParameterSpec)
-                    pbeParams.getParameterSpec(PBEParameterSpec.class);
+                PBEParameterSpec pbeSpec =
+                        pbeParams.getParameterSpec(PBEParameterSpec.class);
 
                 // create PBE key from password
                 PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
--- a/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -26,7 +26,6 @@
 package com.sun.crypto.provider;
 
 import java.math.BigInteger;
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import sun.security.x509.*;
@@ -169,11 +168,13 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
         if (OAEPParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new OAEPParameterSpec(mdName, "MGF1", mgfSpec,
-                new PSource.PSpecified(p));
+            return paramSpec.cast(
+                new OAEPParameterSpec(mdName, "MGF1", mgfSpec,
+                                      new PSource.PSpecified(p)));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBECipherCore.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBECipherCore.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@@ -326,8 +325,7 @@
         PBEParameterSpec pbeSpec = null;
         if (params != null) {
             try {
-                pbeSpec = (PBEParameterSpec) params.getParameterSpec
-                    (PBEParameterSpec.class);
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException("Wrong parameter "
                                                              + "type: PBE "
--- a/src/share/classes/com/sun/crypto/provider/PBEKey.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEKey.java	Sat Aug 20 11:59:31 2016 -0700
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.KeyRep;
 import java.security.spec.InvalidKeySpecException;
@@ -73,7 +72,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -122,7 +121,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
 
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import java.math.BigInteger;
 import java.security.AlgorithmParametersSpi;
@@ -65,7 +64,7 @@
            throw new InvalidParameterSpecException
                ("Inappropriate parameter specification");
        }
-       this.salt = (byte[])((PBEParameterSpec)paramSpec).getSalt().clone();
+       this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
        this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
     }
 
@@ -98,11 +97,12 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException
     {
         if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new PBEParameterSpec(this.salt, this.iCount);
+            return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,12 @@
 
 package com.sun.crypto.provider;
 
-import java.io.*;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactorySpi;
 import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements a key factory for PBE keys derived using
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Sat Aug 20 11:59:31 2016 -0700
@@ -134,6 +134,7 @@
             byte[] ti = new byte[hlen];
             // SecretKeySpec cannot be used, since password can be empty here.
             SecretKey macKey = new SecretKey() {
+                private static final long serialVersionUID = 7874493593505141603L;
                 @Override
                 public String getAlgorithm() {
                     return prf.getAlgorithm();
@@ -195,7 +196,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[]) key.clone();
+        return key.clone();
     }
 
     public String getAlgorithm() {
@@ -207,7 +208,7 @@
     }
 
     public char[] getPassword() {
-        return (char[]) passwd.clone();
+        return passwd.clone();
     }
 
     public byte[] getSalt() {
@@ -269,7 +270,7 @@
     protected void finalize() throws Throwable {
         try {
             if (this.passwd != null) {
-                java.util.Arrays.fill(this.passwd, (char) '0');
+                java.util.Arrays.fill(this.passwd, '0');
                 this.passwd = null;
             }
             if (this.key != null) {
--- a/src/share/classes/com/sun/crypto/provider/PCBC.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PCBC.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -145,7 +145,7 @@
         for (; plainOffset < endIndex;
              plainOffset += blockSize, cipherOffset += blockSize) {
             for (i=0; i<blockSize; i++) {
-                k[i] ^= (byte)(plain[i+plainOffset]);
+                k[i] ^= plain[i+plainOffset];
             }
             embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
             for (i = 0; i < blockSize; i++) {
--- a/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -98,8 +98,8 @@
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         if (params != null && params.getAlgorithm().equals("RC2")) {
             try {
-                RC2ParameterSpec rc2Params = (RC2ParameterSpec)
-                    params.getParameterSpec(RC2ParameterSpec.class);
+                RC2ParameterSpec rc2Params =
+                        params.getParameterSpec(RC2ParameterSpec.class);
                 engineInit(opmode, key, rc2Params, random);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/RC2Parameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RC2Parameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,6 @@
  * @author Sean Mullan
  * @since 1.5
  */
-
 public final class RC2Parameters extends AlgorithmParametersSpi {
 
     // TABLE[EKB] from section 6 of RFC 2268, used to convert effective key
@@ -177,13 +176,14 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
 
         if (RC2ParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return (iv == null ?
-                    new RC2ParameterSpec(effectiveKeySize) :
-                    new RC2ParameterSpec(effectiveKeySize, iv));
+            return paramSpec.cast((iv == null ?
+                                   new RC2ParameterSpec(effectiveKeySize) :
+                                   new RC2ParameterSpec(effectiveKeySize, iv)));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java	Sat Aug 20 11:59:31 2016 -0700
@@ -232,8 +232,8 @@
             init(opmode, key, random, null);
         } else {
             try {
-                OAEPParameterSpec spec = (OAEPParameterSpec)
-                    params.getParameterSpec(OAEPParameterSpec.class);
+                OAEPParameterSpec spec =
+                        params.getParameterSpec(OAEPParameterSpec.class);
                 init(opmode, key, random, spec);
             } catch (InvalidParameterSpecException ipse) {
                 InvalidAlgorithmParameterException iape =
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java	Sat Aug 20 11:59:31 2016 -0700
@@ -27,11 +27,6 @@
 
 import java.security.AccessController;
 import java.security.Provider;
-import java.security.PrivilegedAction;
-import java.security.cert.*;
-import java.net.URL;
-import java.io.ByteArrayInputStream;
-import java.security.CodeSource;
 import java.security.SecureRandom;
 
 
@@ -105,430 +100,431 @@
             "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
         final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
 
-        AccessController.doPrivileged(new java.security.PrivilegedAction() {
+        AccessController.doPrivileged(
+            new java.security.PrivilegedAction<Object>() {
                 public Object run() {
 
-                /*
-                 * Cipher engines
-                 */
-                put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
-                put("Cipher.RSA SupportedModes", "ECB");
-                put("Cipher.RSA SupportedPaddings",
-                        "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING"
-                        + "|OAEPWITHSHA1ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-1ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-224ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-256ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-384ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-512ANDMGF1PADDING");
-                put("Cipher.RSA SupportedKeyClasses",
-                        "java.security.interfaces.RSAPublicKey" +
-                        "|java.security.interfaces.RSAPrivateKey");
+                    /*
+                     * Cipher engines
+                     */
+                    put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
+                    put("Cipher.RSA SupportedModes", "ECB");
+                    put("Cipher.RSA SupportedPaddings",
+                            "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING"
+                            + "|OAEPWITHSHA1ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-1ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-224ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-256ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-384ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-512ANDMGF1PADDING");
+                    put("Cipher.RSA SupportedKeyClasses",
+                            "java.security.interfaces.RSAPublicKey" +
+                            "|java.security.interfaces.RSAPrivateKey");
 
-                put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
-                put("Cipher.DES SupportedModes", BLOCK_MODES);
-                put("Cipher.DES SupportedPaddings", BLOCK_PADS);
-                put("Cipher.DES SupportedKeyFormats", "RAW");
+                    put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
+                    put("Cipher.DES SupportedModes", BLOCK_MODES);
+                    put("Cipher.DES SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.DES SupportedKeyFormats", "RAW");
 
-                put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
-                put("Alg.Alias.Cipher.TripleDES", "DESede");
-                put("Cipher.DESede SupportedModes", BLOCK_MODES);
-                put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
-                put("Cipher.DESede SupportedKeyFormats", "RAW");
+                    put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
+                    put("Alg.Alias.Cipher.TripleDES", "DESede");
+                    put("Cipher.DESede SupportedModes", BLOCK_MODES);
+                    put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.DESede SupportedKeyFormats", "RAW");
 
-                put("Cipher.DESedeWrap",
-                    "com.sun.crypto.provider.DESedeWrapCipher");
-                put("Cipher.DESedeWrap SupportedModes", "CBC");
-                put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
-                put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+                    put("Cipher.DESedeWrap",
+                        "com.sun.crypto.provider.DESedeWrapCipher");
+                    put("Cipher.DESedeWrap SupportedModes", "CBC");
+                    put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
+                    put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
 
-                put("Cipher.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
-                put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Cipher.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
-                put("Cipher.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Cipher.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("Cipher.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
+                    put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Cipher.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+                    put("Cipher.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Cipher.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("Cipher.Blowfish",
-                    "com.sun.crypto.provider.BlowfishCipher");
-                put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
-                put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
-                put("Cipher.Blowfish SupportedKeyFormats", "RAW");
+                    put("Cipher.Blowfish",
+                        "com.sun.crypto.provider.BlowfishCipher");
+                    put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
+                    put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.Blowfish SupportedKeyFormats", "RAW");
 
-                put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
-                put("Alg.Alias.Cipher.Rijndael", "AES");
-                put("Cipher.AES SupportedModes", BLOCK_MODES128);
-                put("Cipher.AES SupportedPaddings", BLOCK_PADS);
-                put("Cipher.AES SupportedKeyFormats", "RAW");
+                    put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
+                    put("Alg.Alias.Cipher.Rijndael", "AES");
+                    put("Cipher.AES SupportedModes", BLOCK_MODES128);
+                    put("Cipher.AES SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.AES SupportedKeyFormats", "RAW");
 
-                put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
-                put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
-                put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
-                put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+                    put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+                    put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+                    put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+                    put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
 
-                put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
-                put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
-                put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
-                put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+                    put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+                    put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+                    put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+                    put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
 
 
-                put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
-                put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
-                put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
-                put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+                    put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+                    put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+                    put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+                    put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
 
-                put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
-                put("Cipher.AESWrap SupportedModes", "ECB");
-                put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
-                put("Cipher.AESWrap SupportedKeyFormats", "RAW");
+                    put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
+                    put("Cipher.AESWrap SupportedModes", "ECB");
+                    put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
+                    put("Cipher.AESWrap SupportedKeyFormats", "RAW");
 
-                put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
-                put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
-                put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
-                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
-                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+                    put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+                    put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+                    put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
+                    put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+                    put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
 
-                put("Cipher.RC2",
-                    "com.sun.crypto.provider.RC2Cipher");
-                put("Cipher.RC2 SupportedModes", BLOCK_MODES);
-                put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
-                put("Cipher.RC2 SupportedKeyFormats", "RAW");
+                    put("Cipher.RC2",
+                        "com.sun.crypto.provider.RC2Cipher");
+                    put("Cipher.RC2 SupportedModes", BLOCK_MODES);
+                    put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.RC2 SupportedKeyFormats", "RAW");
 
-                put("Cipher.ARCFOUR",
-                    "com.sun.crypto.provider.ARCFOURCipher");
-                put("Alg.Alias.Cipher.RC4", "ARCFOUR");
-                put("Cipher.ARCFOUR SupportedModes", "ECB");
-                put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
-                put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
+                    put("Cipher.ARCFOUR",
+                        "com.sun.crypto.provider.ARCFOURCipher");
+                    put("Alg.Alias.Cipher.RC4", "ARCFOUR");
+                    put("Cipher.ARCFOUR SupportedModes", "ECB");
+                    put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
+                    put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
 
-                /*
-                 * Key(pair) Generator engines
-                 */
-                put("KeyGenerator.DES",
-                    "com.sun.crypto.provider.DESKeyGenerator");
+                    /*
+                     *  Key(pair) Generator engines
+                     */
+                    put("KeyGenerator.DES",
+                        "com.sun.crypto.provider.DESKeyGenerator");
 
-                put("KeyGenerator.DESede",
-                    "com.sun.crypto.provider.DESedeKeyGenerator");
-                put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
+                    put("KeyGenerator.DESede",
+                        "com.sun.crypto.provider.DESedeKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
 
-                put("KeyGenerator.Blowfish",
-                    "com.sun.crypto.provider.BlowfishKeyGenerator");
+                    put("KeyGenerator.Blowfish",
+                        "com.sun.crypto.provider.BlowfishKeyGenerator");
 
-                put("KeyGenerator.AES",
-                    "com.sun.crypto.provider.AESKeyGenerator");
-                put("Alg.Alias.KeyGenerator.Rijndael", "AES");
+                    put("KeyGenerator.AES",
+                        "com.sun.crypto.provider.AESKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.Rijndael", "AES");
 
-                put("KeyGenerator.RC2",
-                    "com.sun.crypto.provider.KeyGeneratorCore$" +
-                    "RC2KeyGenerator");
-                put("KeyGenerator.ARCFOUR",
-                    "com.sun.crypto.provider.KeyGeneratorCore$" +
-                    "ARCFOURKeyGenerator");
-                put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
+                    put("KeyGenerator.RC2",
+                        "com.sun.crypto.provider.KeyGeneratorCore$" +
+                        "RC2KeyGenerator");
+                    put("KeyGenerator.ARCFOUR",
+                        "com.sun.crypto.provider.KeyGeneratorCore$" +
+                        "ARCFOURKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
 
-                put("KeyGenerator.HmacMD5",
-                    "com.sun.crypto.provider.HmacMD5KeyGenerator");
+                    put("KeyGenerator.HmacMD5",
+                        "com.sun.crypto.provider.HmacMD5KeyGenerator");
 
-                put("KeyGenerator.HmacSHA1",
-                    "com.sun.crypto.provider.HmacSHA1KeyGenerator");
-                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
-                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
+                    put("KeyGenerator.HmacSHA1",
+                        "com.sun.crypto.provider.HmacSHA1KeyGenerator");
+                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
+                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
 
-                put("KeyGenerator.HmacSHA224",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
-                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
-                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
+                    put("KeyGenerator.HmacSHA224",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
+                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
+                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
 
-                put("KeyGenerator.HmacSHA256",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
-                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
-                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
+                    put("KeyGenerator.HmacSHA256",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
+                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
+                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
 
-                put("KeyGenerator.HmacSHA384",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
-                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
-                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
+                    put("KeyGenerator.HmacSHA384",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
+                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
+                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
 
-                put("KeyGenerator.HmacSHA512",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
-                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
-                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
+                    put("KeyGenerator.HmacSHA512",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
+                    put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
+                    put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
 
-                put("KeyPairGenerator.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyPairGenerator");
-                put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
-                put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
-                    "DiffieHellman");
-                /*
-                 * Algorithm parameter generation engines
-                 */
-                put("AlgorithmParameterGenerator.DiffieHellman",
-                    "com.sun.crypto.provider.DHParameterGenerator");
-                put("Alg.Alias.AlgorithmParameterGenerator.DH",
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
-                    "DiffieHellman");
+                    put("KeyPairGenerator.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyPairGenerator");
+                    put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
+                        "DiffieHellman");
+                    /*
+                     * Algorithm parameter generation engines
+                     */
+                    put("AlgorithmParameterGenerator.DiffieHellman",
+                        "com.sun.crypto.provider.DHParameterGenerator");
+                    put("Alg.Alias.AlgorithmParameterGenerator.DH",
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
+                        "DiffieHellman");
 
-                /*
-                 * Key Agreement engines
-                 */
-                put("KeyAgreement.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyAgreement");
-                put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
-                put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
-                put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
+                    /*
+                     * Key Agreement engines
+                     */
+                    put("KeyAgreement.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyAgreement");
+                    put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
+                    put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
 
-                put("KeyAgreement.DiffieHellman SupportedKeyClasses",
-                    "javax.crypto.interfaces.DHPublicKey" +
-                    "|javax.crypto.interfaces.DHPrivateKey");
+                    put("KeyAgreement.DiffieHellman SupportedKeyClasses",
+                        "javax.crypto.interfaces.DHPublicKey" +
+                        "|javax.crypto.interfaces.DHPrivateKey");
 
-                /*
-                 * Algorithm Parameter engines
-                 */
-                put("AlgorithmParameters.DiffieHellman",
-                    "com.sun.crypto.provider.DHParameters");
-                put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
-                    "DiffieHellman");
+                    /*
+                     * Algorithm Parameter engines
+                     */
+                    put("AlgorithmParameters.DiffieHellman",
+                        "com.sun.crypto.provider.DHParameters");
+                    put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
+                        "DiffieHellman");
 
-                put("AlgorithmParameters.DES",
-                    "com.sun.crypto.provider.DESParameters");
+                    put("AlgorithmParameters.DES",
+                        "com.sun.crypto.provider.DESParameters");
 
-                put("AlgorithmParameters.DESede",
-                    "com.sun.crypto.provider.DESedeParameters");
-                put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
+                    put("AlgorithmParameters.DESede",
+                        "com.sun.crypto.provider.DESedeParameters");
+                    put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
 
-                put("AlgorithmParameters.PBE",
-                    "com.sun.crypto.provider.PBEParameters");
+                    put("AlgorithmParameters.PBE",
+                        "com.sun.crypto.provider.PBEParameters");
 
-                put("AlgorithmParameters.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
+                    put("AlgorithmParameters.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
 
-                put("AlgorithmParameters.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEParameters");
+                    put("AlgorithmParameters.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEParameters");
 
-                put("AlgorithmParameters.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("AlgorithmParameters.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
+                    put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
 
-                put("AlgorithmParameters.Blowfish",
-                    "com.sun.crypto.provider.BlowfishParameters");
+                    put("AlgorithmParameters.Blowfish",
+                        "com.sun.crypto.provider.BlowfishParameters");
 
-                put("AlgorithmParameters.AES",
-                    "com.sun.crypto.provider.AESParameters");
-                put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+                    put("AlgorithmParameters.AES",
+                        "com.sun.crypto.provider.AESParameters");
+                    put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
-                put("AlgorithmParameters.RC2",
-                    "com.sun.crypto.provider.RC2Parameters");
+                    put("AlgorithmParameters.RC2",
+                        "com.sun.crypto.provider.RC2Parameters");
 
-                put("AlgorithmParameters.OAEP",
-                    "com.sun.crypto.provider.OAEPParameters");
+                    put("AlgorithmParameters.OAEP",
+                        "com.sun.crypto.provider.OAEPParameters");
 
-                /*
-                 * Key factories
-                 */
-                put("KeyFactory.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyFactory");
-                put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
-                put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
-                /*
-                 * Secret-key factories
-                 */
-                put("SecretKeyFactory.DES",
-                    "com.sun.crypto.provider.DESKeyFactory");
+                    /*
+                     * Key factories
+                     */
+                    put("KeyFactory.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyFactory");
+                    put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+                    /*
+                     * Secret-key factories
+                     */
+                    put("SecretKeyFactory.DES",
+                        "com.sun.crypto.provider.DESKeyFactory");
 
-                put("SecretKeyFactory.DESede",
-                    "com.sun.crypto.provider.DESedeKeyFactory");
-                put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
+                    put("SecretKeyFactory.DESede",
+                        "com.sun.crypto.provider.DESedeKeyFactory");
+                    put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
 
-                put("SecretKeyFactory.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
+                    put("SecretKeyFactory.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
 
-                put("Alg.Alias.SecretKeyFactory.PBE",
-                    "PBEWithMD5AndDES");
+                    put("Alg.Alias.SecretKeyFactory.PBE",
+                        "PBEWithMD5AndDES");
 
-                /*
-                 * Internal in-house crypto algorithm used for
-                 * the JCEKS keystore type.  Since this was developed
-                 * internally, there isn't an OID corresponding to this
-                 * algorithm.
-                 */
-                put("SecretKeyFactory.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$" +
-                    "PBEWithMD5AndTripleDES"
-                    );
+                    /*
+                     * Internal in-house crypto algorithm used for
+                     * the JCEKS keystore type.  Since this was developed
+                     * internally, there isn't an OID corresponding to this
+                     * algorithm.
+                     */
+                    put("SecretKeyFactory.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithMD5AndTripleDES"
+                        );
 
-                put("SecretKeyFactory.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("SecretKeyFactory.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
+                    put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
 
-                put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                    "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
-                put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
-                    "PBKDF2WithHmacSHA1");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
-                    "PBKDF2WithHmacSHA1");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA1",
+                        "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
+                        "PBKDF2WithHmacSHA1");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
+                        "PBKDF2WithHmacSHA1");
 
-                /*
-                 * MAC
-                 */
-                put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
-                put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
-                put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
-                put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
-                put("Mac.HmacSHA224",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA224");
-                put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
-                put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
-                put("Mac.HmacSHA256",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA256");
-                put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
-                put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
-                put("Mac.HmacSHA384",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA384");
-                put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
-                put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
-                put("Mac.HmacSHA512",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA512");
-                put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
-                put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
+                    /*
+                     * MAC
+                     */
+                    put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
+                    put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
+                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
+                    put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
+                    put("Mac.HmacSHA224",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA224");
+                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
+                    put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
+                    put("Mac.HmacSHA256",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA256");
+                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
+                    put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
+                    put("Mac.HmacSHA384",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA384");
+                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
+                    put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
+                    put("Mac.HmacSHA512",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA512");
+                    put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
+                    put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
 
-                put("Mac.HmacPBESHA1",
-                    "com.sun.crypto.provider.HmacPKCS12PBESHA1");
+                    put("Mac.HmacPBESHA1",
+                        "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
-                put("Mac.SslMacMD5",
-                    "com.sun.crypto.provider.SslMacCore$SslMacMD5");
-                put("Mac.SslMacSHA1",
-                    "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
+                    put("Mac.SslMacMD5",
+                        "com.sun.crypto.provider.SslMacCore$SslMacMD5");
+                    put("Mac.SslMacSHA1",
+                        "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
 
-                put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
-                put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
-                put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
-                put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
+                    put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
 
-                /*
-                 * KeyStore
-                 */
-                put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
+                    /*
+                     * KeyStore
+                     */
+                    put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
 
-                /*
-                 * SSL/TLS mechanisms
-                 *
-                 * These are strictly internal implementations and may
-                 * be changed at any time.  These names were chosen
-                 * because PKCS11/SunPKCS11 does not yet have TLS1.2
-                 * mechanisms, and it will cause calls to come here.
-                 */
-                put("KeyGenerator.SunTlsPrf",
-                        "com.sun.crypto.provider.TlsPrfGenerator$V10");
-                put("KeyGenerator.SunTls12Prf",
-                        "com.sun.crypto.provider.TlsPrfGenerator$V12");
+                    /*
+                     * SSL/TLS mechanisms
+                     *
+                     * These are strictly internal implementations and may
+                     * be changed at any time.  These names were chosen
+                     * because PKCS11/SunPKCS11 does not yet have TLS1.2
+                     * mechanisms, and it will cause calls to come here.
+                     */
+                    put("KeyGenerator.SunTlsPrf",
+                            "com.sun.crypto.provider.TlsPrfGenerator$V10");
+                    put("KeyGenerator.SunTls12Prf",
+                            "com.sun.crypto.provider.TlsPrfGenerator$V12");
 
-                put("KeyGenerator.SunTlsMasterSecret",
-                    "com.sun.crypto.provider.TlsMasterSecretGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
-                    "SunTlsMasterSecret");
+                    put("KeyGenerator.SunTlsMasterSecret",
+                        "com.sun.crypto.provider.TlsMasterSecretGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
+                        "SunTlsMasterSecret");
 
-                put("KeyGenerator.SunTlsKeyMaterial",
-                    "com.sun.crypto.provider.TlsKeyMaterialGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
-                    "SunTlsKeyMaterial");
+                    put("KeyGenerator.SunTlsKeyMaterial",
+                        "com.sun.crypto.provider.TlsKeyMaterialGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
+                        "SunTlsKeyMaterial");
 
-                put("KeyGenerator.SunTlsRsaPremasterSecret",
-                    "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
-                    "SunTlsRsaPremasterSecret");
+                    put("KeyGenerator.SunTlsRsaPremasterSecret",
+                        "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
+                        "SunTlsRsaPremasterSecret");
 
-                return null;
-            }
-        });
+                    return null;
+                }
+            });
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@
 import javax.crypto.*;
 import javax.crypto.spec.*;
 
-import sun.security.internal.interfaces.TlsMasterSecret;
 import sun.security.internal.spec.*;
 
 import static com.sun.crypto.provider.TlsPrfGenerator.*;
--- a/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -140,6 +140,7 @@
     }
 
     private static final class TlsMasterSecretKey implements TlsMasterSecret {
+        private static final long serialVersionUID = 1019571680375368880L;
 
         private byte[] key;
         private final int majorVersion, minorVersion;
--- a/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/jarsigner/ContentSignerParameters.java	Sat Aug 20 11:59:31 2016 -0700
@@ -60,6 +60,13 @@
     public X509Certificate getTimestampingAuthorityCertificate();
 
     /**
+     * Retrieves the TSAPolicyID for a Timestamping Authority (TSA).
+     *
+     * @return The TSAPolicyID. May be null.
+     */
+    public String getTSAPolicyID();
+
+    /**
      * Retrieves the JAR file's signature.
      *
      * @return The non-null array of signature bytes.
--- a/src/share/classes/com/sun/java/util/jar/pack/Attribute.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Attribute.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
  * attribute layouts.
  * @author John Rose
  */
-class Attribute implements Comparable {
+class Attribute implements Comparable<Attribute> {
     // Attribute instance fields.
 
     Layout def;     // the name and format of this attr
@@ -99,8 +99,7 @@
         return this == def.canon;
     }
 
-    public int compareTo(Object o) {
-        Attribute that = (Attribute) o;
+    public int compareTo(Attribute that) {
         return this.def.compareTo(that.def);
     }
 
@@ -447,7 +446,7 @@
      *  and format.  The formats are specified in a "little language".
      */
     public static
-    class Layout implements Comparable {
+    class Layout implements Comparable<Layout> {
         int ctype;       // attribute context type, e.g., ATTR_CONTEXT_CODE
         String name;     // name of attribute
         boolean hasRefs; // this kind of attr contains CP refs?
@@ -540,8 +539,7 @@
                     * 37 + layout.hashCode())
                     * 37 + ctype);
         }
-        public int compareTo(Object o) {
-            Layout that = (Layout) o;
+        public int compareTo(Layout that) {
             int r;
             r = this.name.compareTo(that.name);
             if (r != 0)  return r;
@@ -663,6 +661,8 @@
 
     public static
     class FormatException extends IOException {
+        private static final long serialVersionUID = -2542243830788066513L;
+
         private int ctype;
         private String name;
         String layout;
--- a/src/share/classes/com/sun/java/util/jar/pack/BandStructure.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/BandStructure.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1705,7 +1705,7 @@
         for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) {
             assert(attrIndexLimit[i] == 0);
             attrIndexLimit[i] = 32;  // just for the sake of predefs.
-            attrDefs.set(i, new ArrayList<Attribute.Layout>(Collections.nCopies(
+            attrDefs.set(i, new ArrayList<>(Collections.nCopies(
                     attrIndexLimit[i], (Attribute.Layout)null)));
 
         }
@@ -1893,7 +1893,7 @@
         return testBit(archiveOptions, mask);
     }
 
-    protected List getPredefinedAttrs(int ctype) {
+    protected List<Attribute.Layout> getPredefinedAttrs(int ctype) {
         assert(attrIndexLimit[ctype] != 0);
         List<Attribute.Layout> res = new ArrayList<>(attrIndexLimit[ctype]);
         // Remove nulls and non-predefs.
@@ -2650,7 +2650,7 @@
 
     // Utilities for reallocating:
     protected static Object[] realloc(Object[] a, int len) {
-        java.lang.Class elt = a.getClass().getComponentType();
+        java.lang.Class<?> elt = a.getClass().getComponentType();
         Object[] na = (Object[]) java.lang.reflect.Array.newInstance(elt, len);
         System.arraycopy(a, 0, na, 0, Math.min(a.length, len));
         return na;
--- a/src/share/classes/com/sun/java/util/jar/pack/ClassReader.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/ClassReader.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,7 @@
     long inPos;
     DataInputStream in;
     Map<Attribute.Layout, Attribute> attrDefs;
-    Map attrCommands;
+    Map<Attribute.Layout, String> attrCommands;
     String unknownAttrCommand = "error";;
 
     ClassReader(Class cls, InputStream in) throws IOException {
@@ -82,7 +82,7 @@
         this.attrDefs = attrDefs;
     }
 
-    public void setAttrCommands(Map attrCommands) {
+    public void setAttrCommands(Map<Attribute.Layout, String> attrCommands) {
         this.attrCommands = attrCommands;
     }
 
@@ -348,8 +348,8 @@
             int length = readInt();
             // See if there is a special command that applies.
             if (attrCommands != null) {
-                Object lkey = Attribute.keyForLookup(ctype, name);
-                String cmd = (String) attrCommands.get(lkey);
+                Attribute.Layout lkey = Attribute.keyForLookup(ctype, name);
+                String cmd = attrCommands.get(lkey);
                 if (cmd != null) {
                     switch (cmd) {
                         case "pass":
@@ -483,6 +483,8 @@
     }
 
     static class ClassFormatException extends IOException {
+        private static final long serialVersionUID = -3564121733989501833L;
+
         public ClassFormatException(String message) {
             super(message);
         }
--- a/src/share/classes/com/sun/java/util/jar/pack/ClassWriter.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/ClassWriter.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,6 @@
 import java.io.DataOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Iterator;
 import java.util.List;
 import static com.sun.java.util.jar.pack.Constants.*;
 /**
@@ -165,14 +164,13 @@
     }
 
     void writeMembers(boolean doMethods) throws IOException {
-        List mems;
+        List<? extends Class.Member> mems;
         if (!doMethods)
             mems = cls.getFields();
         else
             mems = cls.getMethods();
         writeShort(mems.size());
-        for (Iterator i = mems.iterator(); i.hasNext(); ) {
-            Class.Member m = (Class.Member) i.next();
+        for (Class.Member m : mems) {
             writeMember(m, doMethods);
         }
     }
--- a/src/share/classes/com/sun/java/util/jar/pack/Code.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Code.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -125,7 +125,7 @@
         return expandInstructionMap(getInsnMap());
     }
 
-    void addFixups(Collection moreFixups) {
+    void addFixups(Collection<Fixups.Fixup> moreFixups) {
         if (fixups == null) {
             fixups = new Fixups(bytes);
         }
--- a/src/share/classes/com/sun/java/util/jar/pack/Coding.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Coding.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@
  * varying degrees of length variability, and varying amounts of signed-ness.
  * @author John Rose
  */
-class Coding implements Comparable, CodingMethod, Histogram.BitMetric {
+class Coding implements Comparable<Coding>, CodingMethod, Histogram.BitMetric {
     /*
       Coding schema for single integers, parameterized by (B,H,S):
 
@@ -605,8 +605,7 @@
     public int byteMin(int b) { return byteMin[b-1]; }
     public int byteMax(int b) { return byteMax[b-1]; }
 
-    public int compareTo(Object x) {
-        Coding that = (Coding) x;
+    public int compareTo(Coding that) {
         int dkey = this.del - that.del;
         if (dkey == 0)
             dkey = this.B - that.B;
--- a/src/share/classes/com/sun/java/util/jar/pack/ConstantPool.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/ConstantPool.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,7 +72,7 @@
         return e;
     }
     /** Factory for literal constants (String, Integer, etc.). */
-    public static synchronized LiteralEntry getLiteralEntry(Comparable value) {
+    public static synchronized LiteralEntry getLiteralEntry(Comparable<?> value) {
         Map<Object, LiteralEntry> literalEntries = Utils.getLiteralEntries();
         LiteralEntry e = literalEntries.get(value);
         if (e == null) {
@@ -140,7 +140,7 @@
 
     /** Entries in the constant pool. */
     public static abstract
-    class Entry implements Comparable {
+    class Entry implements Comparable<Object> {
         protected final byte tag;       // a CONSTANT_foo code
         protected int valueHash;        // cached hashCode
 
@@ -257,7 +257,7 @@
             super(tag);
         }
 
-        public abstract Comparable literalValue();
+        public abstract Comparable<?> literalValue();
     }
 
     public static
@@ -280,15 +280,17 @@
         public int compareTo(Object o) {
             int x = superCompareTo(o);
             if (x == 0) {
-                x = ((Comparable)value).compareTo(((NumberEntry)o).value);
+                @SuppressWarnings("unchecked")
+                Comparable<Number> compValue = (Comparable<Number>)value;
+                x = compValue.compareTo(((NumberEntry)o).value);
             }
             return x;
         }
         public Number numberValue() {
             return value;
         }
-        public Comparable literalValue() {
-            return (Comparable) value;
+        public Comparable<?> literalValue() {
+            return (Comparable<?>) value;
         }
         public String stringValue() {
             return value.toString();
@@ -319,7 +321,7 @@
             }
             return x;
         }
-        public Comparable literalValue() {
+        public Comparable<?> literalValue() {
             return ref.stringValue();
         }
         public String stringValue() {
@@ -730,7 +732,7 @@
 
     /** An Index is a mapping between CP entries and small integers. */
     public static final
-    class Index extends AbstractList {
+    class Index extends AbstractList<Entry> {
         protected String debugName;
         protected Entry[] cpMap;
         protected boolean flattenSigs;
@@ -760,7 +762,7 @@
         public int size() {
             return cpMap.length;
         }
-        public Object get(int i) {
+        public Entry get(int i) {
             return cpMap[i];
         }
         public Entry getEntry(int i) {
@@ -805,13 +807,7 @@
             assert(index >= 0);
             return index;
         }
-        public boolean contains(Object e) {
-            return findIndexOf((Entry)e) >= 0;
-        }
-        public int indexOf(Object e) {
-            return findIndexOf((Entry)e);
-        }
-        public int lastIndexOf(Object e) {
+        public int lastIndexOf(Entry e) {
             return indexOf(e);
         }
 
@@ -864,14 +860,14 @@
                 indexValue[probe] = i;
             }
         }
-        public Object[] toArray(Object[] a) {
+        public Entry[] toArray(Entry[] a) {
             int sz = size();
             if (a.length < sz)  return super.toArray(a);
             System.arraycopy(cpMap, 0, a, 0, sz);
             if (a.length > sz)  a[sz] = null;
             return a;
         }
-        public Object[] toArray() {
+        public Entry[] toArray() {
             return toArray(new Entry[size()]);
         }
         public Object clone() {
--- a/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -153,11 +153,11 @@
     public static final int NO_MODTIME = 0;  // null modtime value
 
     // some comstantly empty containers
-    public final static int[]    noInts = {};
-    public final static byte[]   noBytes = {};
-    public final static Object[] noValues = {};
-    public final static String[] noStrings = {};
-    public final static List     emptyList = Arrays.asList(noValues);
+    public final static int[]        noInts = {};
+    public final static byte[]       noBytes = {};
+    public final static Object[]     noValues = {};
+    public final static String[]     noStrings = {};
+    public final static List<Object> emptyList = Arrays.asList(noValues);
 
     // meta-coding
     public final static int
--- a/src/share/classes/com/sun/java/util/jar/pack/Fixups.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Fixups.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
  *
  * @author John Rose
  */
-final class Fixups extends AbstractCollection {
+final class Fixups extends AbstractCollection<Fixups.Fixup> {
     byte[] bytes;    // the subject of the relocations
     int head;        // desc locating first reloc
     int tail;        // desc locating last reloc
@@ -66,11 +66,11 @@
         // If there are no bytes, all descs are kept in bigDescs.
         this((byte[])null);
     }
-    Fixups(byte[] bytes, Collection fixups) {
+    Fixups(byte[] bytes, Collection<Fixup> fixups) {
         this(bytes);
         addAll(fixups);
     }
-    Fixups(Collection fixups) {
+    Fixups(Collection<Fixup> fixups) {
         this((byte[])null);
         addAll(fixups);
     }
@@ -108,8 +108,7 @@
     public void clear() {
         if (bytes != null) {
             // Clean the bytes:
-            for (Iterator i = iterator(); i.hasNext(); ) {
-                Fixup fx = (Fixup) i.next();
+            for (Fixup fx : this) {
                 //System.out.println("clean "+fx);
                 storeIndex(fx.location(), fx.format(), 0);
             }
@@ -124,15 +123,14 @@
         return bytes;
     }
 
-    @SuppressWarnings("unchecked")
     public void setBytes(byte[] newBytes) {
         if (bytes == newBytes)  return;
-        ArrayList old = null;
-        assert((old = new ArrayList(this)) != null);
+        ArrayList<Fixup> old = null;
+        assert((old = new ArrayList<>(this)) != null);
         if (bytes == null || newBytes == null) {
             // One or the other representations is deficient.
             // Construct a checkpoint.
-            ArrayList save = new ArrayList(this);
+            ArrayList<Fixup> save = new ArrayList<>(this);
             clear();
             bytes = newBytes;
             addAll(save);
@@ -140,7 +138,7 @@
             // assume newBytes is some sort of bitwise copy of the old bytes
             bytes = newBytes;
         }
-        assert(old.equals(new ArrayList(this)));
+        assert(old.equals(new ArrayList<>(this)));
     }
 
     static final int LOC_SHIFT = 1;
@@ -236,7 +234,7 @@
 
     /** Simple and necessary tuple to present each fixup. */
     public static
-    class Fixup implements Comparable {
+    class Fixup implements Comparable<Fixup> {
         int desc;         // location and format of reloc
         Entry entry;      // which entry to plug into the bytes
         Fixup(int desc, Entry entry) {
@@ -254,9 +252,6 @@
             // Ordering depends only on location.
             return this.location() - that.location();
         }
-        public int compareTo(Object that) {
-            return compareTo((Fixup)that);
-        }
         public boolean equals(Object x) {
             if (!(x instanceof Fixup))  return false;
             Fixup that = (Fixup) x;
@@ -268,13 +263,13 @@
     }
 
     private
-    class Itr implements Iterator {
+    class Itr implements Iterator<Fixup> {
         int index = 0;               // index into entries
         int bigIndex = BIGSIZE+1;    // index into bigDescs
         int next = head;             // desc pointing to next fixup
         public boolean hasNext() { return index < size; }
         public void remove() { throw new UnsupportedOperationException(); }
-        public Object next() {
+        public Fixup next() {
             int thisIndex = index;
             return new Fixup(nextDesc(), entries[thisIndex]);
         }
@@ -298,7 +293,7 @@
         }
     }
 
-    public Iterator iterator() {
+    public Iterator<Fixup> iterator() {
         return new Itr();
     }
     public void add(int location, int format, Entry entry) {
@@ -308,11 +303,8 @@
         addDesc(f.desc, f.entry);
         return true;
     }
-    public boolean add(Object fixup) {
-        return add((Fixup) fixup);
-    }
-    @SuppressWarnings("unchecked")
-    public boolean addAll(Collection c) {
+
+    public boolean addAll(Collection<? extends Fixup> c) {
         if (c instanceof Fixups) {
             // Use knowledge of Itr structure to avoid building little structs.
             Fixups that = (Fixups) c;
@@ -453,8 +445,7 @@
     void finishRefs(ConstantPool.Index ix) {
         if (isEmpty())
             return;
-        for (Iterator i = iterator(); i.hasNext(); ) {
-            Fixup fx = (Fixup) i.next();
+        for (Fixup fx : this) {
             int index = ix.indexOf(fx.entry);
             //System.out.println("finish "+fx+" = "+index);
             // Note that the iterator has already fetched the
--- a/src/share/classes/com/sun/java/util/jar/pack/Instruction.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Instruction.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -657,6 +657,8 @@
         }
     }
     static class FormatException extends IOException {
+        private static final long serialVersionUID = 3175572275651367015L;
+
         FormatException(String message) {
             super(message);
         }
--- a/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java	Sat Aug 20 11:59:31 2016 -0700
@@ -296,7 +296,7 @@
         }
 
         ZipEntry z = new ZipEntry(name);
-        z.setTime( (long)mtime * 1000);
+        z.setTime(mtime * 1000);
 
         if (size == 0) {
             z.setMethod(ZipOutputStream.STORED);
--- a/src/share/classes/com/sun/java/util/jar/pack/Package.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Package.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -188,7 +188,7 @@
     }
 
     public final
-    class Class extends Attribute.Holder implements Comparable {
+    class Class extends Attribute.Holder implements Comparable<Class> {
         public Package getPackage() { return Package.this; }
 
         // Optional file characteristics and data source (a "class stub")
@@ -247,8 +247,7 @@
         }
 
         // Note:  equals and hashCode are identity-based.
-        public int compareTo(Object o) {
-            Class that = (Class)o;
+        public int compareTo(Class that) {
             String n0 = this.getName();
             String n1 = that.getName();
             return n0.compareTo(n1);
@@ -488,7 +487,7 @@
         }
 
         public abstract
-        class Member extends Attribute.Holder implements Comparable {
+        class Member extends Attribute.Holder implements Comparable<Member> {
             DescriptorEntry descriptor;
 
             protected Member(int flags, DescriptorEntry descriptor) {
@@ -549,7 +548,7 @@
                 return descriptor.getLiteralTag();
             }
 
-            public int compareTo(Object o) {
+            public int compareTo(Member o) {
                 Field that = (Field)o;
                 return this.order - that.order;
             }
@@ -582,7 +581,7 @@
             }
 
             // Sort methods in a canonical order (by type, then by name).
-            public int compareTo(Object o) {
+            public int compareTo(Member o) {
                 Method that = (Method)o;
                 return this.getDescriptor().compareTo(that.getDescriptor());
             }
@@ -608,11 +607,10 @@
         public void trimToSize() {
             super.trimToSize();
             for (int isM = 0; isM <= 1; isM++) {
-                ArrayList members = (isM == 0) ? fields : methods;
+                ArrayList<? extends Member> members = (isM == 0) ? fields : methods;
                 if (members == null)  continue;
                 members.trimToSize();
-                for (Iterator i = members.iterator(); i.hasNext(); ) {
-                    Member m = (Member)i.next();
+                for (Member m : members) {
                     m.trimToSize();
                 }
             }
@@ -625,10 +623,9 @@
             if ("InnerClass".equals(attrName))
                 innerClasses = null;
             for (int isM = 0; isM <= 1; isM++) {
-                ArrayList members = (isM == 0) ? fields : methods;
+                ArrayList<? extends Member> members = (isM == 0) ? fields : methods;
                 if (members == null)  continue;
-                for (Iterator i = members.iterator(); i.hasNext(); ) {
-                    Member m = (Member)i.next();
+                for (Member m : members) {
                     m.strip(attrName);
                 }
             }
@@ -641,10 +638,9 @@
             refs.add(superClass);
             refs.addAll(Arrays.asList(interfaces));
             for (int isM = 0; isM <= 1; isM++) {
-                ArrayList members = (isM == 0) ? fields : methods;
+                ArrayList<? extends Member> members = (isM == 0) ? fields : methods;
                 if (members == null)  continue;
-                for (Iterator i = members.iterator(); i.hasNext(); ) {
-                    Member m = (Member)i.next();
+                for (Member m : members) {
                     boolean ok = false;
                     try {
                         m.visitRefs(mode, refs);
@@ -747,13 +743,13 @@
         return classStubs;
     }
 
-    public final class File implements Comparable {
+    public final class File implements Comparable<File> {
         String nameString;  // true name of this file
         Utf8Entry name;
         int modtime = NO_MODTIME;
         int options = 0;  // random flag bits, such as deflate_hint
         Class stubClass;  // if this is a stub, here's the class
-        ArrayList prepend = new ArrayList();  // list of byte[]
+        ArrayList<byte[]> prepend = new ArrayList<>();  // list of byte[]
         java.io.ByteArrayOutputStream append = new ByteArrayOutputStream();
 
         File(Utf8Entry name) {
@@ -798,8 +794,7 @@
             return nameString.hashCode();
         }
         // Simple alphabetic sort.  PackageWriter uses a better comparator.
-        public int compareTo(Object o) {
-            File that = (File)o;
+        public int compareTo(File that) {
             return this.nameString.compareTo(that.nameString);
         }
         public String toString() {
@@ -834,8 +829,7 @@
         public long getFileLength() {
             long len = 0;
             if (prepend == null || append == null)  return 0;
-            for (Iterator i = prepend.iterator(); i.hasNext(); ) {
-                byte[] block = (byte[]) i.next();
+            for (byte[] block : prepend) {
                 len += block.length;
             }
             len += append.size();
@@ -843,8 +837,7 @@
         }
         public void writeTo(OutputStream out) throws IOException {
             if (prepend == null || append == null)  return;
-            for (Iterator i = prepend.iterator(); i.hasNext(); ) {
-                byte[] block = (byte[]) i.next();
+            for (byte[] block : prepend) {
                 out.write(block);
             }
             append.writeTo(out);
@@ -860,8 +853,7 @@
             InputStream in = new ByteArrayInputStream(append.toByteArray());
             if (prepend.isEmpty())  return in;
             List<InputStream> isa = new ArrayList<>(prepend.size()+1);
-            for (Iterator i = prepend.iterator(); i.hasNext(); ) {
-                byte[] bytes = (byte[]) i.next();
+            for (byte[] bytes : prepend) {
                 isa.add(new ByteArrayInputStream(bytes));
             }
             isa.add(in);
@@ -926,7 +918,7 @@
     }
 
     static
-    class InnerClass implements Comparable {
+    class InnerClass implements Comparable<InnerClass> {
         final ClassEntry thisClass;
         final ClassEntry outerClass;
         final Utf8Entry name;
@@ -977,8 +969,7 @@
         public int hashCode() {
             return thisClass.hashCode();
         }
-        public int compareTo(Object o) {
-            InnerClass that = (InnerClass)o;
+        public int compareTo(InnerClass that) {
             return this.thisClass.compareTo(that.thisClass);
         }
 
@@ -1108,7 +1099,7 @@
         return ConstantPool.getUtf8Entry(s);
     }
 
-    static LiteralEntry getRefLiteral(Comparable s) {
+    static LiteralEntry getRefLiteral(Comparable<?> s) {
         return ConstantPool.getLiteralEntry(s);
     }
 
@@ -1199,7 +1190,6 @@
     // compress better.  It also moves classes to the end of the
     // file order.  It also removes JAR directory entries, which
     // are useless.
-    @SuppressWarnings("unchecked")
     void reorderFiles(boolean keepClassOrder, boolean stripDirectories) {
         // First reorder the classes, if that is allowed.
         if (!keepClassOrder) {
@@ -1226,10 +1216,8 @@
         // This keeps files of similar format near each other.
         // Put class files at the end, keeping their fixed order.
         // Be sure the JAR file's required manifest stays at the front. (4893051)
-        Collections.sort(files, new Comparator() {
-                public int compare(Object o0, Object o1) {
-                    File r0 = (File) o0;
-                    File r1 = (File) o1;
+        Collections.sort(files, new Comparator<File>() {
+                public int compare(File r0, File r1) {
                     // Get the file name.
                     String f0 = r0.nameString;
                     String f1 = r1.nameString;
--- a/src/share/classes/com/sun/java/util/jar/pack/PackageReader.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/PackageReader.java	Sat Aug 20 11:59:31 2016 -0700
@@ -750,7 +750,7 @@
         file_options.readFrom(in);
         file_bits.setInputStreamFrom(in);
 
-        Iterator nextClass = pkg.getClasses().iterator();
+        Iterator<Class> nextClass = pkg.getClasses().iterator();
 
         // Compute file lengths before reading any file bits.
         long totalFileLength = 0;
@@ -790,14 +790,14 @@
             pkg.addFile(file);
             if (file.isClassStub()) {
                 assert(file.getFileLength() == 0);
-                Class cls = (Class) nextClass.next();
+                Class cls = nextClass.next();
                 cls.initFile(file);
             }
         }
 
         // Do the rest of the classes.
         while (nextClass.hasNext()) {
-            Class cls = (Class) nextClass.next();
+            Class cls = nextClass.next();
             cls.initFile(null);  // implicitly initialize to a trivial one
             cls.file.modtime = pkg.default_modtime;
         }
@@ -1006,14 +1006,14 @@
         if (k >= 0)
             return k;
         if (e.tag == CONSTANT_Utf8) {
-            Entry se = (Entry) utf8Signatures.get(e);
+            Entry se = utf8Signatures.get(e);
             return pkg.cp.untypedIndexOf(se);
         }
         return -1;
     }
 
     Comparator<Entry> entryOutputOrder = new Comparator<Entry>() {
-        public int compare(Entry  e0, Entry e1) {
+        public int compare(Entry e0, Entry e1) {
             int k0 = getOutputIndex(e0);
             int k1 = getOutputIndex(e1);
             if (k0 >= 0 && k1 >= 0)
@@ -1332,7 +1332,8 @@
     // classes, fields, methods, and codes.
     // The holders is a global list, already collected,
     // of attribute "customers".
-    void countAndReadAttrs(int ctype, Collection holders) throws IOException {
+    void countAndReadAttrs(int ctype, Collection<? extends Attribute.Holder> holders)
+            throws IOException {
         //  class_attr_bands:
         //        *class_flags :UNSIGNED5
         //        *class_attr_count :UNSIGNED5
@@ -1386,7 +1387,8 @@
 
     // Read flags and count the attributes that are to be placed
     // on the given holders.
-    void countAttrs(int ctype, Collection holders) throws IOException {
+    void countAttrs(int ctype, Collection<? extends Attribute.Holder> holders)
+            throws IOException {
         // Here, xxx stands for one of class, field, method, code.
         MultiBand xxx_attr_bands = attrBands[ctype];
         long flagMask = attrFlagMask[ctype];
@@ -1414,8 +1416,7 @@
         xxx_flags_lo.expectLength(holders.size());
         xxx_flags_lo.readFrom(in);
         assert((flagMask & overflowMask) == overflowMask);
-        for (Iterator i = holders.iterator(); i.hasNext(); ) {
-            Attribute.Holder h = (Attribute.Holder) i.next();
+        for (Attribute.Holder h : holders) {
             int flags = xxx_flags_lo.getInt();
             h.flags = flags;
             if ((flags & overflowMask) != 0)
@@ -1433,8 +1434,7 @@
         // (class/field/method/code), and also we accumulate (b) a total
         // count for each attribute type.
         int[] totalCounts = new int[defs.length];
-        for (Iterator i = holders.iterator(); i.hasNext(); ) {
-            Attribute.Holder h = (Attribute.Holder) i.next();
+        for (Attribute.Holder h : holders) {
             assert(h.attributes == null);
             // System.out.println("flags="+h.flags+" using fm="+flagMask);
             long attrBits = ((h.flags & flagMask) << 32) >>> 32;
@@ -1582,13 +1582,12 @@
                                    ATTR_CONTEXT_NAME[ctype]+" attribute");
     }
 
-    @SuppressWarnings("unchecked")
-    void readAttrs(int ctype, Collection holders) throws IOException {
+    void readAttrs(int ctype, Collection<? extends Attribute.Holder> holders)
+            throws IOException {
         // Decode band values into attributes.
         Set<Attribute.Layout> sawDefs = new HashSet<>();
         ByteArrayOutputStream buf = new ByteArrayOutputStream();
-        for (Iterator i = holders.iterator(); i.hasNext(); ) {
-            final Attribute.Holder h = (Attribute.Holder) i.next();
+        for (final Attribute.Holder h : holders) {
             if (h.attributes == null)  continue;
             for (ListIterator<Attribute> j = h.attributes.listIterator(); j.hasNext(); ) {
                 Attribute a = j.next();
--- a/src/share/classes/com/sun/java/util/jar/pack/PackageWriter.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/PackageWriter.java	Sat Aug 20 11:59:31 2016 -0700
@@ -720,7 +720,6 @@
             Utils.log.info("Wrote "+numFiles+" resource files");
     }
 
-    @SuppressWarnings("unchecked")
     void collectAttributeLayouts() {
         maxFlags = new int[ATTR_CONTEXT_LIMIT];
         allLayouts = new FixedList<>(ATTR_CONTEXT_LIMIT);
@@ -781,26 +780,27 @@
             avHiBits &= (1L<<attrIndexLimit[i])-1;
             int nextLoBit = 0;
             Map<Attribute.Layout, int[]> defMap = allLayouts.get(i);
-            Map.Entry[] layoutsAndCounts = new Map.Entry[defMap.size()];
+            @SuppressWarnings({ "unchecked", "rawtypes" })
+            Map.Entry<Attribute.Layout, int[]>[] layoutsAndCounts =
+                    new Map.Entry[defMap.size()];
             defMap.entrySet().toArray(layoutsAndCounts);
             // Sort by count, most frequent first.
             // Predefs. participate in this sort, though it does not matter.
-            Arrays.sort(layoutsAndCounts, new Comparator<Object>() {
-                public int compare(Object o0, Object o1) {
-                    Map.Entry e0 = (Map.Entry) o0;
-                    Map.Entry e1 = (Map.Entry) o1;
+            Arrays.sort(layoutsAndCounts,
+                        new Comparator<Map.Entry<Attribute.Layout, int[]>>() {
+                public int compare(Map.Entry<Attribute.Layout, int[]> e0,
+                                   Map.Entry<Attribute.Layout, int[]> e1) {
                     // Primary sort key is count, reversed.
-                    int r = - ( ((int[])e0.getValue())[0]
-                              - ((int[])e1.getValue())[0] );
+                    int r = -(e0.getValue()[0] - e1.getValue()[0]);
                     if (r != 0)  return r;
-                    return ((Comparable)e0.getKey()).compareTo(e1.getKey());
+                    return e0.getKey().compareTo(e1.getKey());
                 }
             });
             attrCounts[i] = new int[attrIndexLimit[i]+layoutsAndCounts.length];
             for (int j = 0; j < layoutsAndCounts.length; j++) {
-                Map.Entry e = layoutsAndCounts[j];
-                Attribute.Layout def = (Attribute.Layout) e.getKey();
-                int count = ((int[])e.getValue())[0];
+                Map.Entry<Attribute.Layout, int[]> e = layoutsAndCounts[j];
+                Attribute.Layout def = e.getKey();
+                int count = e.getValue()[0];
                 int index;
                 Integer predefIndex = attrIndexTable.get(def);
                 if (predefIndex != null) {
@@ -881,7 +881,6 @@
 
     Attribute.Layout[] attrDefsWritten;
 
-    @SuppressWarnings("unchecked")
     void writeAttrDefs() throws IOException {
         List<Object[]> defList = new ArrayList<>();
         for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) {
@@ -906,20 +905,19 @@
         int numAttrDefs = defList.size();
         Object[][] defs = new Object[numAttrDefs][];
         defList.toArray(defs);
-        Arrays.sort(defs, new Comparator() {
-            public int compare(Object o0, Object o1) {
-                Object[] a0 = (Object[]) o0;
-                Object[] a1 = (Object[]) o1;
+        Arrays.sort(defs, new Comparator<Object[]>() {
+            public int compare(Object[] a0, Object[] a1) {
                 // Primary sort key is attr def header.
+                @SuppressWarnings("unchecked")
                 int r = ((Comparable)a0[0]).compareTo(a1[0]);
                 if (r != 0)  return r;
-                Object ind0 = attrIndexTable.get(a0[1]);
-                Object ind1 = attrIndexTable.get(a1[1]);
+                Integer ind0 = attrIndexTable.get(a0[1]);
+                Integer ind1 = attrIndexTable.get(a1[1]);
                 // Secondary sort key is attribute index.
                 // (This must be so, in order to keep overflow attr order.)
                 assert(ind0 != null);
                 assert(ind1 != null);
-                return ((Comparable)ind0).compareTo(ind1);
+                return ind0.compareTo(ind1);
             }
         });
         attrDefsWritten = new Attribute.Layout[numAttrDefs];
--- a/src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/PackerImpl.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,8 +69,7 @@
      * Get the set of options for the pack and unpack engines.
      * @return A sorted association of option key strings to option values.
      */
-    @SuppressWarnings("unchecked")
-    public SortedMap properties() {
+    public SortedMap<String, String> properties() {
         return props;
     }
 
@@ -157,7 +156,6 @@
 
     // All the worker bees.....
     // The packer worker.
-    @SuppressWarnings("unchecked")
     private class DoPack {
         final int verbose = props.getInteger(Utils.DEBUG_VERBOSE);
 
@@ -199,9 +197,8 @@
             };
             for (int i = 0; i < ctypes.length; i++) {
                 String pfx = keys[i];
-                Map<Object, Object> map = props.prefixMap(pfx);
-                for (Object k : map.keySet()) {
-                    String key = (String)k;
+                Map<String, String> map = props.prefixMap(pfx);
+                for (String key : map.keySet()) {
                     assert(key.startsWith(pfx));
                     String name = key.substring(pfx.length());
                     String layout = props.getProperty(key);
--- a/src/share/classes/com/sun/java/util/jar/pack/PropMap.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/PropMap.java	Sat Aug 20 11:59:31 2016 -0700
@@ -27,7 +27,6 @@
 
 import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeEvent;
-import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
@@ -47,8 +46,8 @@
  * Control block for publishing Pack200 options to the other classes.
  */
 
-final class PropMap implements SortedMap<Object, Object>  {
-    private final TreeMap<Object, Object> theMap = new TreeMap<>();;
+final class PropMap implements SortedMap<String, String>  {
+    private final TreeMap<String, String> theMap = new TreeMap<>();;
     private final List<PropertyChangeListener> listenerList = new ArrayList<>(1);
 
     void addListener(PropertyChangeListener listener) {
@@ -68,12 +67,12 @@
     }
 
     // Override:
-    public Object put(Object key, Object value) {
-        Object oldValue = theMap.put(key, value);
+    public String put(String key, String value) {
+        String oldValue = theMap.put(key, value);
         if (value != oldValue && !listenerList.isEmpty()) {
             // Post the property change event.
             PropertyChangeEvent event =
-                new PropertyChangeEvent(this, (String) key,
+                new PropertyChangeEvent(this, key,
                                         oldValue, value);
             for (PropertyChangeListener listener : listenerList) {
                 listener.propertyChange(event);
@@ -85,7 +84,7 @@
     // All this other stuff is private to the current package.
     // Outide clients of Pack200 do not need to use it; they can
     // get by with generic SortedMap functionality.
-    private static Map<Object, Object> defaultProps;
+    private static Map<String, String> defaultProps;
     static {
         Properties props = new Properties();
 
@@ -141,7 +140,9 @@
             }
         }
 
-        defaultProps = (new HashMap<>(props));  // shrink to fit
+        @SuppressWarnings({"unchecked", "rawtypes"})
+        HashMap<String, String> temp = new HashMap(props);  // shrink to fit
+        defaultProps = temp;
     }
 
     PropMap() {
@@ -151,7 +152,7 @@
     // Return a view of this map which includes only properties
     // that begin with the given prefix.  This is easy because
     // the map is sorted, and has a subMap accessor.
-    SortedMap<Object, Object> prefixMap(String prefix) {
+    SortedMap<String, String> prefixMap(String prefix) {
         int len = prefix.length();
         if (len == 0)
             return this;
@@ -162,7 +163,7 @@
     }
 
     String getProperty(String s) {
-        return (String) get(s);
+        return get(s);
     }
     String getProperty(String s, String defaultVal) {
         String val = getProperty(s);
@@ -171,13 +172,13 @@
         return val;
     }
     String setProperty(String s, String val) {
-        return (String) put(s, val);
+        return put(s, val);
     }
 
     // Get sequence of props for "prefix", and "prefix.*".
-    List getProperties(String prefix) {
-        Collection<Object> values = prefixMap(prefix).values();
-        List<Object> res = new ArrayList<>(values.size());
+    List<String> getProperties(String prefix) {
+        Collection<String> values = prefixMap(prefix).values();
+        List<String> res = new ArrayList<>(values.size());
         res.addAll(values);
         while (res.remove(null));
         return res;
@@ -241,8 +242,8 @@
     }
     void list(PrintWriter out) {
         out.println("#"+Utils.PACK_ZIP_ARCHIVE_MARKER_COMMENT+"[");
-        Set defaults = defaultProps.entrySet();
-        for (Map.Entry e : theMap.entrySet()) {
+        Set<Map.Entry<String, String>> defaults = defaultProps.entrySet();
+        for (Map.Entry<String, String> e : theMap.entrySet()) {
             if (defaults.contains(e))  continue;
             out.println("  " + e.getKey() + " = " + e.getValue());
         }
@@ -270,18 +271,17 @@
     }
 
     @Override
-    public Object get(Object key) {
+    public String get(Object key) {
         return theMap.get(key);
     }
 
     @Override
-    public Object remove(Object key) {
+    public String remove(Object key) {
        return theMap.remove(key);
     }
 
     @Override
-    @SuppressWarnings("unchecked")
-    public void putAll(Map m) {
+    public void putAll(Map<? extends String, ? extends String> m) {
        theMap.putAll(m);
     }
 
@@ -291,48 +291,47 @@
     }
 
     @Override
-    public Set<Object> keySet() {
+    public Set<String> keySet() {
        return theMap.keySet();
     }
 
     @Override
-    public Collection<Object> values() {
+    public Collection<String> values() {
        return theMap.values();
     }
 
     @Override
-    public Set<Map.Entry<Object, Object>> entrySet() {
+    public Set<Map.Entry<String, String>> entrySet() {
         return theMap.entrySet();
     }
 
     @Override
-    @SuppressWarnings("unchecked")
-    public Comparator<Object> comparator() {
-        return (Comparator<Object>) theMap.comparator();
+    public Comparator<? super String> comparator() {
+        return theMap.comparator();
     }
 
     @Override
-    public SortedMap<Object, Object> subMap(Object fromKey, Object toKey) {
+    public SortedMap<String, String> subMap(String fromKey, String toKey) {
         return theMap.subMap(fromKey, toKey);
     }
 
     @Override
-    public SortedMap<Object, Object> headMap(Object toKey) {
+    public SortedMap<String, String> headMap(String toKey) {
         return theMap.headMap(toKey);
     }
 
     @Override
-    public SortedMap<Object, Object> tailMap(Object fromKey) {
+    public SortedMap<String, String> tailMap(String fromKey) {
         return theMap.tailMap(fromKey);
     }
 
     @Override
-    public Object firstKey() {
+    public String firstKey() {
         return theMap.firstKey();
     }
 
     @Override
-    public Object lastKey() {
+    public String lastKey() {
        return theMap.lastKey();
     }
 }
--- a/src/share/classes/com/sun/java/util/jar/pack/TLGlobals.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/TLGlobals.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
         props = new PropMap();
     }
 
-    SortedMap<Object, Object> getPropMap() {
+    SortedMap<String, String> getPropMap() {
         return props;
     }
 
--- a/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java	Sat Aug 20 11:59:31 2016 -0700
@@ -81,8 +81,7 @@
      * Get the set of options for the pack and unpack engines.
      * @return A sorted association of option key strings to option values.
      */
-    @SuppressWarnings("unchecked")
-    public SortedMap properties() {
+    public SortedMap<String, String> properties() {
         return props;
     }
 
--- a/src/share/classes/com/sun/java/util/jar/pack/Utils.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/java/util/jar/pack/Utils.java	Sat Aug 20 11:59:31 2016 -0700
@@ -253,8 +253,8 @@
     }
     static void copyJarFile(JarFile in, JarOutputStream out) throws IOException {
         byte[] buffer = new byte[1 << 14];
-        for (Enumeration e = in.entries(); e.hasMoreElements(); ) {
-            JarEntry je = (JarEntry) e.nextElement();
+        for (Enumeration<JarEntry> e = in.entries(); e.hasMoreElements(); ) {
+            JarEntry je = e.nextElement();
             out.putNextEntry(je);
             InputStream ein = in.getInputStream(je);
             for (int nr; 0 < (nr = ein.read(buffer)); ) {
--- a/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/jmx/remote/security/JMXSubjectDomainCombiner.java	Sat Aug 20 11:59:31 2016 -0700
@@ -81,7 +81,7 @@
      * A ProtectionDomain with a null CodeSource and an empty permission set.
      */
     private static final ProtectionDomain pdNoPerms =
-        new ProtectionDomain(nullCodeSource, new Permissions());
+        new ProtectionDomain(nullCodeSource, new Permissions(), null, null);
 
     /**
      * Get the current AccessControlContext combined with the supplied subject.
--- a/src/share/classes/com/sun/security/auth/PolicyFile.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/PolicyFile.java	Sat Aug 20 11:59:31 2016 -0700
@@ -26,13 +26,10 @@
 package com.sun.security.auth;
 
 import java.io.*;
-import java.lang.RuntimePermission;
 import java.lang.reflect.*;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.*;
 
-import java.security.AccessController;
 import java.security.CodeSource;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -260,7 +257,7 @@
     private static final String AUTH_POLICY_URL = "auth.policy.url.";
 
     private Vector<PolicyEntry> policyEntries;
-    private Hashtable aliasMapping;
+    private Hashtable<Object, Object> aliasMapping;
 
     private boolean initialized = false;
 
@@ -293,7 +290,7 @@
             return;
 
         policyEntries = new Vector<PolicyEntry>();
-        aliasMapping = new Hashtable(11);
+        aliasMapping = new Hashtable<Object, Object>(11);
 
         initPolicyFile();
         initialized = true;
@@ -403,7 +400,7 @@
                 }
                 try {
                     extra_policy = PropertyExpander.expand(extra_policy);
-                    URL policyURL;;
+                    URL policyURL;
                     File policyFile = new File(extra_policy);
                     if (policyFile.exists()) {
                         policyURL =
@@ -702,8 +699,8 @@
                InvocationTargetException
     {
         //XXX we might want to keep a hash of created factories...
-        Class pc = Class.forName(type);
-        Constructor c = pc.getConstructor(PARAMS);
+        Class<?> pc = Class.forName(type);
+        Constructor<?> c = pc.getConstructor(PARAMS);
         return (Permission) c.newInstance(new Object[] { name, actions });
     }
 
@@ -1088,16 +1085,20 @@
             // because the earlier CodeSource.implies succeeded
             SubjectCodeSource scs = (SubjectCodeSource)accCs;
 
-            Set<Principal> principalSet = null;
+            Set<? extends Principal> principalSet = null;
             try {
-                Class pClass = Class.forName(principal.principalClass, false,
-                                ClassLoader.getSystemClassLoader());
+                // principal.principalClass should extend Principal
+                // If it doesn't, we should stop here with a ClassCastException.
+                @SuppressWarnings("unchecked")
+                Class<? extends Principal> pClass = (Class<? extends Principal>)
+                        Class.forName(principal.principalClass, false,
+                                      ClassLoader.getSystemClassLoader());
                 principalSet = scs.getSubject().getPrincipals(pClass);
             } catch (Exception e) {
                 if (debug != null) {
                     debug.println("problem finding Principal Class " +
-                                "when expanding SELF permission: " +
-                                e.toString());
+                                  "when expanding SELF permission: " +
+                                  e.toString());
                 }
             }
 
@@ -1107,11 +1108,9 @@
             }
 
             String[][] info = new String[principalSet.size()][2];
-            java.util.Iterator<Principal> pIterator = principalSet.iterator();
 
             int i = 0;
-            while (pIterator.hasNext()) {
-                Principal p = pIterator.next();
+            for (Principal p : principalSet) {
                 info[i][0] = p.getClass().getName();
                 info[i][1] = p.getName();
                 i++;
--- a/src/share/classes/com/sun/security/auth/SubjectCodeSource.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/SubjectCodeSource.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -205,10 +205,9 @@
 
                 // handle PrincipalComparators
 
-                Class principalComparator = Class.forName(pppe.principalClass,
-                                                        true,
-                                                        sysClassLoader);
-                Constructor c = principalComparator.getConstructor(PARAMS);
+                Class<?> principalComparator = Class.forName(
+                        pppe.principalClass, true, sysClassLoader);
+                Constructor<?> c = principalComparator.getConstructor(PARAMS);
                 PrincipalComparator pc =
                         (PrincipalComparator)c.newInstance
                         (new Object[] { pppe.principalName });
--- a/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Sat Aug 20 11:59:31 2016 -0700
@@ -32,16 +32,13 @@
 import javax.naming.*;
 import javax.naming.directory.*;
 
-import java.io.IOException;
 import java.util.Map;
 import java.util.LinkedList;
-import java.util.ResourceBundle;
 
 import com.sun.security.auth.UnixPrincipal;
 import com.sun.security.auth.UnixNumericUserPrincipal;
 import com.sun.security.auth.UnixNumericGroupPrincipal;
 
-import sun.security.util.AuthResources;
 
 /**
  * <p> The module prompts for a username and password
@@ -189,7 +186,7 @@
     // initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     private static final String CRYPT = "{crypt}";
@@ -217,13 +214,18 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    // Unchecked warnings from options.get(String) are safe since we are
+    // passing known keys.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject, CallbackHandler callbackHandler,
                            Map<String,?> sharedState,
                            Map<String,?> options) {
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Sat Aug 20 11:59:31 2016 -0700
@@ -25,11 +25,9 @@
 
 package com.sun.security.auth.module;
 
-import javax.security.auth.x500.X500Principal;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.PushbackInputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.AuthProvider;
@@ -39,7 +37,6 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.Provider;
 import java.security.UnrecoverableKeyException;
@@ -49,13 +46,10 @@
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.Map;
-import java.util.ResourceBundle;
 import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.*;
-import javax.security.auth.Subject;
-import javax.security.auth.x500.*;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.ConfirmationCallback;
@@ -67,7 +61,6 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import sun.security.util.AuthResources;
 import sun.security.util.Password;
 
 /**
@@ -159,7 +152,7 @@
 
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     private char[] keyStorePassword;
@@ -202,7 +195,9 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
-
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject,
                            CallbackHandler callbackHandler,
                            Map<String,?> sharedState,
@@ -210,7 +205,7 @@
     {
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         processOptions();
@@ -337,6 +332,7 @@
     }
 
     /** Get the alias and passwords to use for looking up in the KeyStore. */
+    @SuppressWarnings("fallthrough")
     private void getAliasAndPasswords(int env) throws LoginException {
         if (callbackHandler == null) {
 
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Sat Aug 20 11:59:31 2016 -0700
@@ -367,7 +367,7 @@
     // initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     // configurable option
@@ -432,7 +432,11 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
-
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    // Unchecked warnings from options.get(String) are safe since we are
+    // passing known keys.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject,
                            CallbackHandler callbackHandler,
                            Map<String, ?> sharedState,
@@ -440,7 +444,7 @@
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,12 @@
 
 package com.sun.security.auth.module;
 
-import java.io.IOException;
 import java.security.AccessController;
 import java.net.SocketPermission;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.Arrays;
 import java.util.Hashtable;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.regex.Matcher;
@@ -50,7 +48,6 @@
 import com.sun.security.auth.LdapPrincipal;
 import com.sun.security.auth.UserPrincipal;
 
-import sun.security.util.AuthResources;
 
 /**
  * This {@link LoginModule} performs LDAP-based authentication.
@@ -366,12 +363,12 @@
     // Initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
     private LdapContext ctx;
     private Matcher identityMatcher = null;
     private Matcher filterMatcher = null;
-    private Hashtable ldapEnvironment;
+    private Hashtable<String, Object> ldapEnvironment;
     private SearchControls constraints = null;
 
     /**
@@ -385,15 +382,18 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject, CallbackHandler callbackHandler,
                         Map<String, ?> sharedState, Map<String, ?> options) {
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
-        ldapEnvironment = new Hashtable(9);
+        ldapEnvironment = new Hashtable<String, Object>(9);
         ldapEnvironment.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
 
--- a/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
  * <p>The target name is the {@link InquireType} allowed.
  */
 public final class InquireSecContextPermission extends BasicPermission {
+    private static final long serialVersionUID = -7131173349668647297L;
 
     /**
      * Constructs a new {@code InquireSecContextPermission} object with
--- a/src/share/classes/com/sun/security/ntlm/NTLMException.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/ntlm/NTLMException.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
  * An NTLM-related Exception
  */
 public final class NTLMException extends GeneralSecurityException {
+    private static final long serialVersionUID = -3298539507906689430L;
 
     /**
      * If the incoming packet is invalid.
--- a/src/share/classes/com/sun/security/sasl/CramMD5Server.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/CramMD5Server.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,6 @@
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 /**
@@ -68,7 +67,7 @@
      * @param pw A non-null String or byte[]
      * containing the password. If it is an array, it is first cloned.
      */
-    CramMD5Server(String protocol, String serverFqdn, Map props,
+    CramMD5Server(String protocol, String serverFqdn, Map<String, ?> props,
         CallbackHandler cbh) throws SaslException {
         if (serverFqdn == null) {
             throw new SaslException(
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,15 @@
 import java.util.Map;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import java.math.BigInteger;
 import java.util.Random;
-import java.security.Provider;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.io.IOException;
 
 import java.security.MessageDigest;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.NoSuchAlgorithmException;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
@@ -53,7 +47,6 @@
 import javax.crypto.SecretKey;
 import javax.crypto.Mac;
 import javax.crypto.SecretKeyFactory;
-import javax.crypto.BadPaddingException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.spec.IvParameterSpec;
@@ -175,8 +168,9 @@
      *
      * @throws SaslException If invalid value found in props.
      */
-    protected DigestMD5Base(Map props, String className, int firstStep,
-        String digestUri, CallbackHandler cbh) throws SaslException {
+    protected DigestMD5Base(Map<String, ?> props, String className,
+        int firstStep, String digestUri, CallbackHandler cbh)
+        throws SaslException {
         super(props, className); // sets QOP, STENGTH and BUFFER_SIZE
 
         step = firstStep;
@@ -791,7 +785,7 @@
                     }
                 } else if (realmChoices != null && i == realmIndex) {
                     // > 1 realm specified
-                    if (realmChoices.size() == 0) {
+                    if (realmChoices.isEmpty()) {
                         realmChoices.add(valueTable[i]); // add existing one
                     }
                     realmChoices.add(value);  // add new one
@@ -1585,47 +1579,45 @@
         KeySpec spec = null;
         SecretKeyFactory desFactory =
             SecretKeyFactory.getInstance(desStrength);
-
-        if (desStrength.equals("des")) {
-            spec = new DESKeySpec(subkey1, 0);
-            if (logger.isLoggable(Level.FINEST)) {
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST42:DES key input: ", input);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST43:DES key parity-adjusted: ", subkey1);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey());
-                logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}",
-                    Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0)));
-            }
-
-        } else if (desStrength.equals("desede")) {
-
-            // Generate second subkey using second 7 bytes
-            byte[] subkey2 = addDesParity(input, 7, 7);
-
-            // Construct 24-byte encryption-decryption-encryption sequence
-            byte[] ede = new byte[subkey1.length*2+subkey2.length];
-            System.arraycopy(subkey1, 0, ede, 0, subkey1.length);
-            System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length);
-            System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length,
-                subkey1.length);
-
-            spec = new DESedeKeySpec(ede, 0);
-            if (logger.isLoggable(Level.FINEST)) {
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST46:3DES key input: ", input);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST47:3DES key ede: ", ede);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST48:3DES key material: ",
-                    ((DESedeKeySpec)spec).getKey());
-                logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ",
-                    Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0)));
-            }
-        } else {
-            throw new IllegalArgumentException("Invalid DES strength:" +
-                desStrength);
+        switch (desStrength) {
+            case "des":
+                spec = new DESKeySpec(subkey1, 0);
+                if (logger.isLoggable(Level.FINEST)) {
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST42:DES key input: ", input);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST43:DES key parity-adjusted: ", subkey1);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey());
+                    logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}",
+                        Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0)));
+                }
+                break;
+            case "desede":
+                // Generate second subkey using second 7 bytes
+                byte[] subkey2 = addDesParity(input, 7, 7);
+                // Construct 24-byte encryption-decryption-encryption sequence
+                byte[] ede = new byte[subkey1.length*2+subkey2.length];
+                System.arraycopy(subkey1, 0, ede, 0, subkey1.length);
+                System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length);
+                System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length,
+                    subkey1.length);
+                spec = new DESedeKeySpec(ede, 0);
+                if (logger.isLoggable(Level.FINEST)) {
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST46:3DES key input: ", input);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST47:3DES key ede: ", ede);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST48:3DES key material: ",
+                        ((DESedeKeySpec)spec).getKey());
+                    logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ",
+                        Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0)));
+                }
+                break;
+            default:
+                throw new IllegalArgumentException("Invalid DES strength:" +
+                    desStrength);
         }
         return desFactory.generateSecret(spec);
     }
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,21 +25,16 @@
 
 package com.sun.security.sasl.digest;
 
-import java.security.AccessController;
-import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.Arrays;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 import javax.security.sasl.*;
@@ -153,7 +148,7 @@
       * @throws SaslException if no authentication ID or password is supplied
       */
     DigestMD5Client(String authzid, String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME, 2, protocol + "/" + serverName, cbh);
 
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,23 +25,16 @@
 
 package com.sun.security.sasl.digest;
 
-import java.security.AccessController;
-import java.security.Provider;
-import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.util.Random;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.Arrays;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 import javax.security.sasl.*;
@@ -147,7 +140,7 @@
     private byte[] myCiphers;
     private List<String> serverRealms;
 
-    DigestMD5Server(String protocol, String serverName, Map props,
+    DigestMD5Server(String protocol, String serverName, Map<String, ?> props,
         CallbackHandler cbh) throws SaslException {
         super(props, MY_CLASS_NAME, 1, protocol + "/" + serverName, cbh);
 
@@ -179,7 +172,7 @@
         encoding = (useUTF8 ? "UTF8" : "8859_1");
 
         // By default, use server name as realm
-        if (serverRealms.size() == 0) {
+        if (serverRealms.isEmpty()) {
             serverRealms.add(serverName);
         }
     }
@@ -468,19 +461,23 @@
 
         // Check that QOP is one sent by server
         byte cQop;
-        if (negotiatedQop.equals("auth")) {
-            cQop = NO_PROTECTION;
-        } else if (negotiatedQop.equals("auth-int")) {
-            cQop = INTEGRITY_ONLY_PROTECTION;
-            integrity = true;
-            rawSendSize = sendMaxBufSize - 16;
-        } else if (negotiatedQop.equals("auth-conf")) {
-            cQop = PRIVACY_PROTECTION;
-            integrity = privacy = true;
-            rawSendSize = sendMaxBufSize - 26;
-        } else {
-            throw new SaslException("DIGEST-MD5: digest response format " +
-                "violation. Invalid QOP: " + negotiatedQop);
+        switch (negotiatedQop) {
+            case "auth":
+                cQop = NO_PROTECTION;
+                break;
+            case "auth-int":
+                cQop = INTEGRITY_ONLY_PROTECTION;
+                integrity = true;
+                rawSendSize = sendMaxBufSize - 16;
+                break;
+            case "auth-conf":
+                cQop = PRIVACY_PROTECTION;
+                integrity = privacy = true;
+                rawSendSize = sendMaxBufSize - 26;
+                break;
+            default:
+                throw new SaslException("DIGEST-MD5: digest response format " +
+                    "violation. Invalid QOP: " + negotiatedQop);
         }
         if ((cQop&allQop) == 0) {
             throw new SaslException("DIGEST-MD5: server does not support " +
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,7 @@
 
 package com.sun.security.sasl.gsskerb;
 
-import java.io.IOException;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import javax.security.sasl.*;
 import com.sun.security.sasl.util.AbstractSaslImpl;
@@ -49,7 +47,8 @@
     protected GSSContext secCtx = null;
     protected static final int JGSS_QOP = 0;    // unrelated to SASL QOP mask
 
-    protected GssKrb5Base(Map props, String className) throws SaslException {
+    protected GssKrb5Base(Map<String, ?> props, String className)
+        throws SaslException {
         super(props, className);
     }
 
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
 
 import java.io.IOException;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import javax.security.sasl.*;
 
@@ -93,7 +92,7 @@
      * with the server.
      */
     GssKrb5Client(String authzID, String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME);
 
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
 import javax.security.sasl.*;
 import java.io.*;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 // JAAS
@@ -77,7 +76,7 @@
      * with the client.
      */
     GssKrb5Server(String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME);
 
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
      * @throws SaslException
      */
     NTLMClient(String mech, String authzid, String protocol, String serverName,
-            Map props, CallbackHandler cbh) throws SaslException {
+            Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         this.mech = mech;
         String version = null;
@@ -197,12 +197,13 @@
         if (!isComplete()) {
             throw new IllegalStateException("authentication not complete");
         }
-        if (propName.equals(Sasl.QOP)) {
-            return "auth";
-        } else if (propName.equals(NTLM_DOMAIN)) {
-            return client.getDomain();
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                return "auth";
+            case NTLM_DOMAIN:
+                return client.getDomain();
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -110,7 +110,8 @@
      * @throws SaslException
      */
     NTLMServer(String mech, String protocol, String serverName,
-            Map props, final CallbackHandler cbh) throws SaslException {
+            Map<String, ?> props, final CallbackHandler cbh)
+            throws SaslException {
 
         this.mech = mech;
         String version = null;
@@ -216,12 +217,13 @@
         if (!isComplete()) {
             throw new IllegalStateException("authentication not complete");
         }
-        if (propName.equals(Sasl.QOP)) {
-            return "auth";
-        } else if (propName.equals(NTLM_HOSTNAME)) {
-            return hostname;
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                return "auth";
+            case NTLM_HOSTNAME:
+                return hostname;
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,8 +29,6 @@
 import java.io.*;
 import java.util.Map;
 import java.util.StringTokenizer;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 import java.util.logging.Logger;
 import java.util.logging.Level;
@@ -63,7 +61,8 @@
 
     protected String myClassName;
 
-    protected AbstractSaslImpl(Map props, String className) throws SaslException {
+    protected AbstractSaslImpl(Map<String, ?> props, String className)
+            throws SaslException {
         myClassName = className;
 
         // Parse properties  to set desired context options
@@ -156,23 +155,23 @@
         if (!completed) {
             throw new IllegalStateException("SASL authentication not completed");
         }
-
-        if (propName.equals(Sasl.QOP)) {
-            if (privacy) {
-                return "auth-conf";
-            } else if (integrity) {
-                return "auth-int";
-            } else {
-                return "auth";
-            }
-        } else if (propName.equals(Sasl.MAX_BUFFER)) {
-            return Integer.toString(recvMaxBufSize);
-        } else if (propName.equals(Sasl.RAW_SEND_SIZE)) {
-            return Integer.toString(rawSendSize);
-        } else if (propName.equals(MAX_SEND_BUF)) {
-            return Integer.toString(sendMaxBufSize);
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                if (privacy) {
+                    return "auth-conf";
+                } else if (integrity) {
+                    return "auth-int";
+                } else {
+                    return "auth";
+                }
+            case Sasl.MAX_BUFFER:
+                return Integer.toString(recvMaxBufSize);
+            case Sasl.RAW_SEND_SIZE:
+                return Integer.toString(rawSendSize);
+            case MAX_SEND_BUF:
+                return Integer.toString(sendMaxBufSize);
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@
      * @param props The security policy properties to check
      * @return true if passes; false if fails
      */
-    public static boolean checkPolicy(int flags, Map props) {
+    public static boolean checkPolicy(int flags, Map<String, ?> props) {
         if (props == null) {
             return true;
         }
@@ -93,7 +93,7 @@
      *
      */
     public static String[] filterMechs(String[] mechs, int[] policies,
-        Map props) {
+        Map<String, ?> props) {
         if (props == null) {
             return mechs.clone();
         }
--- a/src/share/classes/java/lang/invoke/MethodHandles.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/lang/invoke/MethodHandles.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1942,6 +1942,7 @@
      */
     public static
     MethodHandle dropArguments(MethodHandle target, int pos, List<Class<?>> valueTypes) {
+        valueTypes = copyTypes(valueTypes);
         MethodType oldType = target.type();  // get NPE
         int dropped = valueTypes.size();
         MethodType.checkSlotCount(dropped);
@@ -1957,6 +1958,11 @@
         return target.dropArguments(newType, pos, dropped);
     }
 
+    private static List<Class<?>> copyTypes(List<Class<?>> types) {
+        Object[] a = types.toArray();
+        return Arrays.asList((Class<?>[]) Arrays.copyOf(a, a.length, Class[].class));
+    }
+
     /**
      * Produces a method handle which will discard some dummy arguments
      * before calling some other specified <i>target</i> method handle.
@@ -2177,7 +2183,7 @@
         int filterValues = filterType.parameterCount();
         if (filterValues == 0
                 ? (rtype != void.class)
-                : (rtype != filterType.parameterType(0)))
+                : (rtype != filterType.parameterType(0) || filterValues != 1))
             throw newIllegalArgumentException("target and filter types do not match", target, filter);
         // result = fold( lambda(retval, arg...) { filter(retval) },
         //                lambda(        arg...) { target(arg...) } )
--- a/src/share/classes/java/security/AccessControlContext.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/AccessControlContext.java	Sat Aug 20 11:59:31 2016 -0700
@@ -29,8 +29,6 @@
 import java.util.List;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
-import sun.misc.JavaSecurityAccess;
-import sun.misc.SharedSecrets;
 
 
 /**
@@ -418,7 +416,7 @@
                 Debug.isOn("permission=" + perm.getClass().getCanonicalName());
 
             if (dumpDebug && Debug.isOn("stack")) {
-                Thread.currentThread().dumpStack();
+                Thread.dumpStack();
             }
 
             if (dumpDebug && Debug.isOn("domain")) {
@@ -461,7 +459,7 @@
                     if (!dumpDebug) {
                         debug.println("access denied " + perm);
                     }
-                    Thread.currentThread().dumpStack();
+                    Thread.dumpStack();
                     final ProtectionDomain pd = context[i];
                     final Debug db = debug;
                     AccessController.doPrivileged (new PrivilegedAction<Void>() {
@@ -895,7 +893,7 @@
                     match = (thatContext[j] == null);
                 }
             } else {
-                Class thisPdClass = thisPd.getClass();
+                Class<?> thisPdClass = thisPd.getClass();
                 ProtectionDomain thatPd;
                 for (int j = 0; (j < thatContext.length) && !match; j++) {
                     thatPd = thatContext[j];
--- a/src/share/classes/java/security/AccessController.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/AccessController.java	Sat Aug 20 11:59:31 2016 -0700
@@ -668,7 +668,7 @@
             }
 
             if (dumpDebug && Debug.isOn("stack")) {
-                Thread.currentThread().dumpStack();
+                Thread.dumpStack();
             }
 
             if (dumpDebug && Debug.isOn("domain")) {
--- a/src/share/classes/java/security/BasicPermission.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/BasicPermission.java	Sat Aug 20 11:59:31 2016 -0700
@@ -25,7 +25,6 @@
 
 package java.security;
 
-import java.security.*;
 import java.util.Enumeration;
 import java.util.Map;
 import java.util.HashMap;
@@ -333,14 +332,14 @@
      *
      * @see #serialPersistentFields
      */
-    private Class permClass;
+    private Class<?> permClass;
 
     /**
      * Create an empty BasicPermissionCollection object.
      *
      */
 
-    public BasicPermissionCollection(Class clazz) {
+    public BasicPermissionCollection(Class<?> clazz) {
         perms = new HashMap<String, Permission>(11);
         all_allowed = false;
         permClass = clazz;
@@ -542,6 +541,9 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        // writeObject writes a Hashtable<String, Permission> for the
+        // permissions key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<String, Permission> permissions =
                 (Hashtable<String, Permission>)gfields.get("permissions", null);
         perms = new HashMap<String, Permission>(permissions.size()*2);
@@ -551,7 +553,7 @@
         all_allowed = gfields.get("all_allowed", false);
 
         // Get permClass
-        permClass = (Class) gfields.get("permClass", null);
+        permClass = (Class<?>) gfields.get("permClass", null);
 
         if (permClass == null) {
             // set permClass
--- a/src/share/classes/java/security/Permissions.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/Permissions.java	Sat Aug 20 11:59:31 2016 -0700
@@ -31,7 +31,6 @@
 import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
-import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Collections;
 import java.io.Serializable;
@@ -238,7 +237,7 @@
      */
     private PermissionCollection getPermissionCollection(Permission p,
         boolean createEmpty) {
-        Class c = p.getClass();
+        Class<?> c = p.getClass();
 
         PermissionCollection pc = permsMap.get(c);
 
@@ -390,6 +389,9 @@
         allPermission = (PermissionCollection) gfields.get("allPermission", null);
 
         // Get permissions
+        // writeObject writes a Hashtable<Class<?>, PermissionCollection> for
+        // the perms key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<Class<?>, PermissionCollection> perms =
             (Hashtable<Class<?>, PermissionCollection>)gfields.get("perms", null);
         permsMap = new HashMap<Class<?>, PermissionCollection>(perms.size()*2);
@@ -590,6 +592,9 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        // writeObject writes a Hashtable<Class<?>, PermissionCollection> for
+        // the perms key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<Permission, Permission> perms =
                 (Hashtable<Permission, Permission>)gfields.get("perms", null);
         permsMap = new HashMap<Permission, Permission>(perms.size()*2);
--- a/src/share/classes/java/security/Policy.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/Policy.java	Sat Aug 20 11:59:31 2016 -0700
@@ -26,16 +26,7 @@
 
 package java.security;
 
-import java.io.*;
-import java.lang.RuntimePermission;
-import java.lang.reflect.*;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.PropertyPermission;
-import java.util.StringTokenizer;
-import java.util.Vector;
 import java.util.WeakHashMap;
 import java.util.concurrent.atomic.AtomicReference;
 import sun.security.jca.GetInstance;
@@ -814,6 +805,8 @@
     private static class UnsupportedEmptyCollection
         extends PermissionCollection {
 
+        private static final long serialVersionUID = -8492269157353014774L;
+
         private Permissions perms;
 
         /**
--- a/src/share/classes/java/security/ProtectionDomain.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/ProtectionDomain.java	Sat Aug 20 11:59:31 2016 -0700
@@ -33,7 +33,6 @@
 import java.util.WeakHashMap;
 import sun.misc.JavaSecurityProtectionDomainAccess;
 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
-import sun.misc.SharedSecrets;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
 import sun.misc.JavaSecurityAccess;
@@ -436,7 +435,7 @@
                 e = permissions.elements();   // domain vs policy
                 while (e.hasMoreElements()) {
                     Permission pdp = e.nextElement();
-                    Class pdpClass = pdp.getClass();
+                    Class<?> pdpClass = pdp.getClass();
                     String pdpActions = pdp.getActions();
                     String pdpName = pdp.getName();
                     for (int i = 0; i < plVector.size(); i++) {
@@ -495,6 +494,11 @@
                         }
                     };
                 }
+
+                @Override
+                public boolean getStaticPermissionsField(ProtectionDomain pd) {
+                    return pd.staticPermissions;
+                }
             });
     }
 }
--- a/src/share/classes/java/security/Provider.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/Provider.java	Sat Aug 20 11:59:31 2016 -0700
@@ -31,9 +31,6 @@
 import java.lang.ref.*;
 import java.lang.reflect.*;
 
-import java.security.cert.CertStoreParameters;
-import javax.security.auth.login.Configuration;
-
 /**
  * This class represents a "provider" for the
  * Java Security API, where a provider implements some or all parts of
@@ -453,8 +450,8 @@
      * Internal method to be called AFTER the security check has been
      * performed.
      */
-    private void implPutAll(Map t) {
-        for (Map.Entry e : ((Map<?,?>)t).entrySet()) {
+    private void implPutAll(Map<?,?> t) {
+        for (Map.Entry<?,?> e : t.entrySet()) {
             implPut(e.getKey(), e.getValue());
         }
     }
@@ -562,9 +559,9 @@
      * occur if the legacy properties are inconsistent or incomplete.
      */
     private void removeInvalidServices(Map<ServiceKey,Service> map) {
-        for (Iterator t = map.entrySet().iterator(); t.hasNext(); ) {
-            Map.Entry entry = (Map.Entry)t.next();
-            Service s = (Service)entry.getValue();
+        for (Iterator<Map.Entry<ServiceKey, Service>> t =
+                map.entrySet().iterator(); t.hasNext(); ) {
+            Service s = t.next().getValue();
             if (s.isValid() == false) {
                 t.remove();
             }
@@ -918,15 +915,15 @@
         final String name;
         final boolean supportsParameter;
         final String constructorParameterClassName;
-        private volatile Class constructorParameterClass;
+        private volatile Class<?> constructorParameterClass;
 
         EngineDescription(String name, boolean sp, String paramName) {
             this.name = name;
             this.supportsParameter = sp;
             this.constructorParameterClassName = paramName;
         }
-        Class getConstructorParameterClass() throws ClassNotFoundException {
-            Class clazz = constructorParameterClass;
+        Class<?> getConstructorParameterClass() throws ClassNotFoundException {
+            Class<?> clazz = constructorParameterClass;
             if (clazz == null) {
                 clazz = Class.forName(constructorParameterClassName);
                 constructorParameterClass = clazz;
@@ -1038,7 +1035,7 @@
         private Map<UString,String> attributes;
 
         // Reference to the cached implementation Class object
-        private volatile Reference<Class> classRef;
+        private volatile Reference<Class<?>> classRef;
 
         // flag indicating whether this service has its attributes for
         // supportedKeyFormats or supportedKeyClasses set
@@ -1055,7 +1052,7 @@
         // whether this service has been registered with the Provider
         private boolean registered;
 
-        private static final Class[] CLASS0 = new Class[0];
+        private static final Class<?>[] CLASS0 = new Class<?>[0];
 
         // this constructor and these methods are used for parsing
         // the legacy string properties.
@@ -1234,14 +1231,14 @@
                             ("constructorParameter not used with " + type
                             + " engines");
                     }
-                    Class clazz = getImplClass();
+                    Class<?> clazz = getImplClass();
                     Class<?>[] empty = {};
                     Constructor<?> con = clazz.getConstructor(empty);
                     return con.newInstance();
                 } else {
-                    Class paramClass = cap.getConstructorParameterClass();
+                    Class<?> paramClass = cap.getConstructorParameterClass();
                     if (constructorParameter != null) {
-                        Class argClass = constructorParameter.getClass();
+                        Class<?> argClass = constructorParameter.getClass();
                         if (paramClass.isAssignableFrom(argClass) == false) {
                             throw new InvalidParameterException
                             ("constructorParameter must be instanceof "
@@ -1249,8 +1246,8 @@
                             + " for engine type " + type);
                         }
                     }
-                    Class clazz = getImplClass();
-                    Constructor cons = clazz.getConstructor(paramClass);
+                    Class<?> clazz = getImplClass();
+                    Constructor<?> cons = clazz.getConstructor(paramClass);
                     return cons.newInstance(constructorParameter);
                 }
             } catch (NoSuchAlgorithmException e) {
@@ -1269,10 +1266,10 @@
         }
 
         // return the implementation Class object for this service
-        private Class getImplClass() throws NoSuchAlgorithmException {
+        private Class<?> getImplClass() throws NoSuchAlgorithmException {
             try {
-                Reference<Class> ref = classRef;
-                Class clazz = (ref == null) ? null : ref.get();
+                Reference<Class<?>> ref = classRef;
+                Class<?> clazz = (ref == null) ? null : ref.get();
                 if (clazz == null) {
                     ClassLoader cl = provider.getClass().getClassLoader();
                     if (cl == null) {
@@ -1285,7 +1282,7 @@
                             ("class configured for " + type + " (provider: " +
                             provider.getName() + ") is not public.");
                     }
-                    classRef = new WeakReference<Class>(clazz);
+                    classRef = new WeakReference<Class<?>>(clazz);
                 }
                 return clazz;
             } catch (ClassNotFoundException e) {
@@ -1302,7 +1299,7 @@
          */
         private Object newInstanceGeneric(Object constructorParameter)
                 throws Exception {
-            Class clazz = getImplClass();
+            Class<?> clazz = getImplClass();
             if (constructorParameter == null) {
                 // create instance with public no-arg constructor if it exists
                 try {
@@ -1314,12 +1311,12 @@
                         + "constructor found in class " + className);
                 }
             }
-            Class argClass = constructorParameter.getClass();
+            Class<?> argClass = constructorParameter.getClass();
             Constructor[] cons = clazz.getConstructors();
             // find first public constructor that can take the
             // argument as parameter
             for (Constructor<?> con : cons) {
-                Class[] paramTypes = con.getParameterTypes();
+                Class<?>[] paramTypes = con.getParameterTypes();
                 if (paramTypes.length != 1) {
                     continue;
                 }
@@ -1406,10 +1403,10 @@
                     s = getAttribute("SupportedKeyClasses");
                     if (s != null) {
                         String[] classNames = s.split("\\|");
-                        List<Class> classList =
+                        List<Class<?>> classList =
                             new ArrayList<>(classNames.length);
                         for (String className : classNames) {
-                            Class clazz = getKeyClass(className);
+                            Class<?> clazz = getKeyClass(className);
                             if (clazz != null) {
                                 classList.add(clazz);
                             }
@@ -1426,7 +1423,7 @@
         }
 
         // get the key class object of the specified name
-        private Class getKeyClass(String name) {
+        private Class<?> getKeyClass(String name) {
             try {
                 return Class.forName(name);
             } catch (ClassNotFoundException e) {
@@ -1463,8 +1460,8 @@
             if (supportedClasses == null) {
                 return false;
             }
-            Class keyClass = key.getClass();
-            for (Class clazz : supportedClasses) {
+            Class<?> keyClass = key.getClass();
+            for (Class<?> clazz : supportedClasses) {
                 if (clazz.isAssignableFrom(keyClass)) {
                     return true;
                 }
--- a/src/share/classes/java/security/Security.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/Security.java	Sat Aug 20 11:59:31 2016 -0700
@@ -33,8 +33,6 @@
 import sun.security.util.Debug;
 import sun.security.util.PropertyExpander;
 
-import java.security.Provider.Service;
-
 import sun.security.jca.*;
 
 /**
@@ -660,15 +658,16 @@
     }
 
     // Map containing cached Spi Class objects of the specified type
-    private static final Map<String, Class> spiMap = new ConcurrentHashMap<>();
+    private static final Map<String, Class<?>> spiMap =
+            new ConcurrentHashMap<>();
 
     /**
      * Return the Class object for the given engine type
      * (e.g. "MessageDigest"). Works for Spis in the java.security package
      * only.
      */
-    private static Class getSpiClass(String type) {
-        Class clazz = spiMap.get(type);
+    private static Class<?> getSpiClass(String type) {
+        Class<?> clazz = spiMap.get(type);
         if (clazz != null) {
             return clazz;
         }
@@ -1078,7 +1077,7 @@
 
         if ((serviceName == null) || (serviceName.length() == 0) ||
             (serviceName.endsWith("."))) {
-            return Collections.EMPTY_SET;
+            return Collections.emptySet();
         }
 
         HashSet<String> result = new HashSet<>();
--- a/src/share/classes/java/security/UnresolvedPermission.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/UnresolvedPermission.java	Sat Aug 20 11:59:31 2016 -0700
@@ -28,9 +28,7 @@
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
 import java.util.ArrayList;
-import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.Vector;
 import java.lang.reflect.*;
 import java.security.cert.*;
 
@@ -247,19 +245,19 @@
             }
         }
         try {
-            Class pc = p.getClass();
+            Class<?> pc = p.getClass();
 
             if (name == null && actions == null) {
                 try {
-                    Constructor c = pc.getConstructor(PARAMS0);
+                    Constructor<?> c = pc.getConstructor(PARAMS0);
                     return (Permission)c.newInstance(new Object[] {});
                 } catch (NoSuchMethodException ne) {
                     try {
-                        Constructor c = pc.getConstructor(PARAMS1);
+                        Constructor<?> c = pc.getConstructor(PARAMS1);
                         return (Permission) c.newInstance(
                               new Object[] { name});
                     } catch (NoSuchMethodException ne1) {
-                        Constructor c = pc.getConstructor(PARAMS2);
+                        Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
                               new Object[] { name, actions });
                     }
@@ -267,16 +265,16 @@
             } else {
                 if (name != null && actions == null) {
                     try {
-                        Constructor c = pc.getConstructor(PARAMS1);
+                        Constructor<?> c = pc.getConstructor(PARAMS1);
                         return (Permission) c.newInstance(
                               new Object[] { name});
                     } catch (NoSuchMethodException ne) {
-                        Constructor c = pc.getConstructor(PARAMS2);
+                        Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
                               new Object[] { name, actions });
                     }
                 } else {
-                    Constructor c = pc.getConstructor(PARAMS2);
+                    Constructor<?> c = pc.getConstructor(PARAMS2);
                     return (Permission) c.newInstance(
                           new Object[] { name, actions });
                 }
--- a/src/share/classes/java/security/UnresolvedPermissionCollection.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/UnresolvedPermissionCollection.java	Sat Aug 20 11:59:31 2016 -0700
@@ -197,8 +197,12 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        @SuppressWarnings("unchecked")
+        // writeObject writes a Hashtable<String, Vector<UnresolvedPermission>>
+        // for the permissions key, so this cast is safe, unless the data is corrupt.
         Hashtable<String, Vector<UnresolvedPermission>> permissions =
-                (Hashtable<String, Vector<UnresolvedPermission>>)gfields.get("permissions", null);
+                (Hashtable<String, Vector<UnresolvedPermission>>)
+                gfields.get("permissions", null);
         perms = new HashMap<String, List<UnresolvedPermission>>(permissions.size()*2);
 
         // Convert each entry (Vector) into a List
--- a/src/share/classes/java/security/cert/CertificateRevokedException.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/cert/CertificateRevokedException.java	Sat Aug 20 11:59:31 2016 -0700
@@ -32,7 +32,6 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Map.Entry;
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.ObjectIdentifier;
@@ -151,8 +150,7 @@
             return null;
         } else {
             try {
-                Date invalidity =
-                    (Date) InvalidityDateExtension.toImpl(ext).get("DATE");
+                Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
                 return new Date(invalidity.getTime());
             } catch (IOException ioe) {
                 return null;
--- a/src/share/classes/java/security/cert/X509CRLSelector.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/cert/X509CRLSelector.java	Sat Aug 20 11:59:31 2016 -0700
@@ -632,7 +632,7 @@
                 byte[] encoded = in.getOctetString();
                 CRLNumberExtension crlNumExt =
                     new CRLNumberExtension(Boolean.FALSE, encoded);
-                crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER);
+                crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
             } catch (IOException ex) {
                 if (debug != null) {
                     debug.println("X509CRLSelector.match: exception in "
--- a/src/share/classes/java/security/cert/X509CertSelector.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/java/security/cert/X509CertSelector.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -277,7 +277,7 @@
         try {
             issuer = (issuerDN == null ? null : new X500Principal(issuerDN));
         } catch (IllegalArgumentException e) {
-            throw (IOException)new IOException("Invalid name").initCause(e);
+            throw new IOException("Invalid name", e);
         }
     }
 
@@ -341,7 +341,7 @@
         try {
             subject = (subjectDN == null ? null : new X500Principal(subjectDN));
         } catch (IllegalArgumentException e) {
-            throw (IOException)new IOException("Invalid name").initCause(e);
+            throw new IOException("Invalid name", e);
         }
     }
 
@@ -872,7 +872,7 @@
      * @param object2 a Collection containing the second object to compare
      * @return true if the objects are equal, false otherwise
      */
-    static boolean equalNames(Collection object1, Collection object2) {
+    static boolean equalNames(Collection<?> object1, Collection<?> object2) {
         if ((object1 == null) || (object2 == null)) {
             return object1 == object2;
         }
@@ -1672,19 +1672,15 @@
     private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException {
         // Copy the Lists and Collection
         Set<List<?>> namesCopy = new HashSet<List<?>>();
-        Iterator<List<?>> i = names.iterator();
-        while (i.hasNext()) {
-            Object o = i.next();
-            if (!(o instanceof List)) {
-                throw new IOException("expected a List");
-            }
-            namesCopy.add(new ArrayList<Object>((List<?>)o));
+        for (List<?> o : names)
+        {
+            namesCopy.add(new ArrayList<Object>(o));
         }
 
         // Check the contents of the Lists and clone any byte arrays
-        i = namesCopy.iterator();
-        while (i.hasNext()) {
-            List<Object> nameList = (List<Object>)i.next();
+        for (List<?> list : namesCopy) {
+            @SuppressWarnings("unchecked") // See javadoc for parameter "names".
+            List<Object> nameList = (List<Object>)list;
             if (nameList.size() != 2) {
                 throw new IOException("name list size not 2");
             }
@@ -2184,8 +2180,7 @@
             if (debug != null) {
                 String time = "n/a";
                 try {
-                    Date notAfter =
-                        (Date)ext.get(PrivateKeyUsageExtension.NOT_AFTER);
+                    Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER);
                     time = notAfter.toString();
                 } catch (CertificateException ex) {
                     // not able to retrieve notAfter value
@@ -2201,8 +2196,7 @@
             if (debug != null) {
                 String time = "n/a";
                 try {
-                    Date notBefore = (Date)
-                        ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
+                    Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
                     time = notBefore.toString();
                 } catch (CertificateException ex) {
                     // not able to retrieve notBefore value
@@ -2214,14 +2208,6 @@
                 e2.printStackTrace();
             }
             return false;
-        } catch (CertificateException e3) {
-            if (debug != null) {
-                debug.println("X509CertSelector.match: CertificateException "
-                    + "in private key usage check; X509CertSelector: "
-                    + this.toString());
-                e3.printStackTrace();
-            }
-            return false;
         } catch (IOException e4) {
             if (debug != null) {
                 debug.println("X509CertSelector.match: IOException in "
@@ -2252,7 +2238,7 @@
                     + subjectPublicKeyAlgID + ", xcert subjectPublicKeyAlgID = "
                     + algID.getOID());
             }
-            if (!subjectPublicKeyAlgID.equals(algID.getOID())) {
+            if (!subjectPublicKeyAlgID.equals((Object)algID.getOID())) {
                 if (debug != null) {
                     debug.println("X509CertSelector.match: "
                         + "subject public key alg IDs don't match");
@@ -2301,7 +2287,7 @@
                                                 EXTENDED_KEY_USAGE_ID);
             if (ext != null) {
                 Vector<ObjectIdentifier> certKeyPurposeVector =
-                    (Vector<ObjectIdentifier>)ext.get(ExtendedKeyUsageExtension.USAGES);
+                    ext.get(ExtendedKeyUsageExtension.USAGES);
                 if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
                         && !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
                     if (debug != null) {
@@ -2337,8 +2323,8 @@
                 }
                 return false;
             }
-            GeneralNames certNames = (GeneralNames)
-                sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+            GeneralNames certNames =
+                    sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
             Iterator<GeneralNameInterface> i =
                                 subjectAlternativeGeneralNames.iterator();
             while (i.hasNext()) {
@@ -2406,7 +2392,7 @@
                 }
                 return false;
             }
-            List<PolicyInformation> policies = (List<PolicyInformation>)ext.get(CertificatePoliciesExtension.POLICIES);
+            List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
             /*
              * Convert the Vector of PolicyInformation to a Vector
              * of CertificatePolicyIds for easier comparison.
@@ -2467,7 +2453,7 @@
             if (ext == null) {
                 return true;
             }
-            if ((debug != null) && debug.isOn("certpath")) {
+            if ((debug != null) && Debug.isOn("certpath")) {
                 debug.println("X509CertSelector.match pathToNames:\n");
                 Iterator<GeneralNameInterface> i =
                                         pathToGeneralNames.iterator();
@@ -2476,10 +2462,10 @@
                 }
             }
 
-            GeneralSubtrees permitted = (GeneralSubtrees)
-                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
-            GeneralSubtrees excluded = (GeneralSubtrees)
-                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
+            GeneralSubtrees permitted =
+                    ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
+            GeneralSubtrees excluded =
+                    ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
             if (excluded != null) {
                 if (matchExcluded(excluded) == false) {
                     return false;
@@ -2597,12 +2583,13 @@
         return true;
     }
 
-    private static Set<?> cloneSet(Set<?> set) {
+    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
+    private static <T> Set<T> cloneSet(Set<T> set) {
         if (set instanceof HashSet) {
-            Object clone = ((HashSet<?>)set).clone();
-            return (Set<?>)clone;
+            Object clone = ((HashSet<T>)set).clone();
+            return (Set<T>)clone;
         } else {
-            return new HashSet<Object>(set);
+            return new HashSet<T>(set);
         }
     }
 
@@ -2617,17 +2604,13 @@
             // Must clone these because addPathToName et al. modify them
             if (subjectAlternativeNames != null) {
                 copy.subjectAlternativeNames =
-                        (Set<List<?>>)cloneSet(subjectAlternativeNames);
+                        cloneSet(subjectAlternativeNames);
                 copy.subjectAlternativeGeneralNames =
-                        (Set<GeneralNameInterface>)cloneSet
-                                (subjectAlternativeGeneralNames);
+                        cloneSet(subjectAlternativeGeneralNames);
             }
             if (pathToGeneralNames != null) {
-                copy.pathToNames =
-                        (Set<List<?>>)cloneSet(pathToNames);
-                copy.pathToGeneralNames =
-                        (Set<GeneralNameInterface>)cloneSet
-                                (pathToGeneralNames);
+                copy.pathToNames = cloneSet(pathToNames);
+                copy.pathToGeneralNames = cloneSet(pathToGeneralNames);
             }
             return copy;
         } catch (CloneNotSupportedException e) {
--- a/src/share/classes/javax/crypto/Cipher.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/Cipher.java	Sat Aug 20 11:59:31 2016 -0700
@@ -30,7 +30,6 @@
 import java.util.concurrent.ConcurrentMap;
 import java.util.regex.*;
 
-import static java.util.Locale.ENGLISH;
 
 import java.security.*;
 import java.security.Provider.Service;
@@ -46,7 +45,6 @@
 
 import sun.security.util.Debug;
 import sun.security.jca.*;
-import sun.security.jca.GetInstance.Instance;
 
 /**
  * This class provides the functionality of a cryptographic cipher for
@@ -234,10 +232,10 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     // list of transform Strings to lookup in the provider
-    private List transforms;
+    private List<Transform> transforms;
 
     private final Object lock;
 
@@ -278,7 +276,8 @@
     }
 
     private Cipher(CipherSpi firstSpi, Service firstService,
-            Iterator serviceIterator, String transformation, List transforms) {
+            Iterator<Service> serviceIterator, String transformation,
+            List<Transform> transforms) {
         this.firstSpi = firstSpi;
         this.firstService = firstService;
         this.serviceIterator = serviceIterator;
@@ -402,7 +401,7 @@
             new ConcurrentHashMap<String, Pattern>();
 
         private static boolean matches(String regexp, String str) {
-            Pattern pattern = (Pattern)patternCache.get(regexp);
+            Pattern pattern = patternCache.get(regexp);
             if (pattern == null) {
                 pattern = Pattern.compile(regexp);
                 patternCache.putIfAbsent(regexp, pattern);
@@ -412,7 +411,7 @@
 
     }
 
-    private static List getTransforms(String transformation)
+    private static List<Transform> getTransforms(String transformation)
             throws NoSuchAlgorithmException {
         String[] parts = tokenizeTransformation(transformation);
 
@@ -432,7 +431,7 @@
             return Collections.singletonList(tr);
         } else { // if ((mode != null) && (pad != null)) {
             // DES/CBC/PKCS5Padding
-            List list = new ArrayList(4);
+            List<Transform> list = new ArrayList<>(4);
             list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
             list.add(new Transform(alg, "/" + mode, null, pad));
             list.add(new Transform(alg, "//" + pad, mode, null));
@@ -442,10 +441,10 @@
     }
 
     // get the transform matching the specified service
-    private static Transform getTransform(Service s, List transforms) {
+    private static Transform getTransform(Service s,
+                                          List<Transform> transforms) {
         String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH);
-        for (Iterator t = transforms.iterator(); t.hasNext(); ) {
-            Transform tr = (Transform)t.next();
+        for (Transform tr : transforms) {
             if (alg.endsWith(tr.suffix)) {
                 return tr;
             }
@@ -488,19 +487,18 @@
     public static final Cipher getInstance(String transformation)
             throws NoSuchAlgorithmException, NoSuchPaddingException
     {
-        List transforms = getTransforms(transformation);
-        List cipherServices = new ArrayList(transforms.size());
-        for (Iterator t = transforms.iterator(); t.hasNext(); ) {
-            Transform transform = (Transform)t.next();
+        List<Transform> transforms = getTransforms(transformation);
+        List<ServiceId> cipherServices = new ArrayList<>(transforms.size());
+        for (Transform transform : transforms) {
             cipherServices.add(new ServiceId("Cipher", transform.transform));
         }
-        List services = GetInstance.getServices(cipherServices);
+        List<Service> services = GetInstance.getServices(cipherServices);
         // make sure there is at least one service from a signed provider
         // and that it can use the specified mode and padding
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         Exception failure = null;
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -626,11 +624,10 @@
             throw new IllegalArgumentException("Missing provider");
         }
         Exception failure = null;
-        List transforms = getTransforms(transformation);
+        List<Transform> transforms = getTransforms(transformation);
         boolean providerChecked = false;
         String paddingError = null;
-        for (Iterator t = transforms.iterator(); t.hasNext();) {
-            Transform tr = (Transform)t.next();
+        for (Transform tr : transforms) {
             Service s = provider.getService("Cipher", tr.transform);
             if (s == null) {
                 continue;
@@ -733,7 +730,7 @@
                     firstService = null;
                     firstSpi = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                     thisSpi = null;
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
@@ -827,7 +824,7 @@
                     firstService = null;
                     firstSpi = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                     thisSpi = null;
                 }
                 // if provider says it does not support this key, ignore it
@@ -1661,7 +1658,7 @@
             // Check whether the cert has a key usage extension
             // marked as a critical extension.
             X509Certificate cert = (X509Certificate)certificate;
-            Set critSet = cert.getCriticalExtensionOIDs();
+            Set<String> critSet = cert.getCriticalExtensionOIDs();
 
             if (critSet != null && !critSet.isEmpty()
                 && critSet.contains(KEY_USAGE_EXTENSION_OID)) {
--- a/src/share/classes/javax/crypto/CryptoAllPermission.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/CryptoAllPermission.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -171,8 +171,8 @@
      *
      * @return an enumeration of all the CryptoAllPermission objects.
      */
-    public Enumeration elements() {
-        Vector v = new Vector(1);
+    public Enumeration<Permission> elements() {
+        Vector<Permission> v = new Vector<>(1);
         if (all_allowed) v.add(CryptoAllPermission.INSTANCE);
         return v.elements();
     }
--- a/src/share/classes/javax/crypto/CryptoPermission.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/CryptoPermission.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -475,14 +475,14 @@
 
     private static final long serialVersionUID = -511215555898802763L;
 
-    private Vector permissions;
+    private Vector<Permission> permissions;
 
     /**
      * Creates an empty CryptoPermissionCollection
      * object.
      */
     CryptoPermissionCollection() {
-        permissions = new Vector(3);
+        permissions = new Vector<Permission>(3);
     }
 
     /**
@@ -520,7 +520,7 @@
 
         CryptoPermission cp = (CryptoPermission)permission;
 
-        Enumeration e = permissions.elements();
+        Enumeration<Permission> e = permissions.elements();
 
         while (e.hasMoreElements()) {
             CryptoPermission x = (CryptoPermission) e.nextElement();
@@ -538,7 +538,7 @@
      * @return an enumeration of all the CryptoPermission objects.
      */
 
-    public Enumeration elements()
+    public Enumeration<Permission> elements()
     {
         return permissions.elements();
     }
--- a/src/share/classes/javax/crypto/CryptoPermissions.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/CryptoPermissions.java	Sat Aug 20 11:59:31 2016 -0700
@@ -179,7 +179,7 @@
      *
      * @return an enumeration of all the Permissions.
      */
-    public Enumeration elements() {
+    public Enumeration<Permission> elements() {
         // go through each Permissions in the hash table
         // and call their elements() function.
         return new PermissionsEnumerator(perms.elements());
@@ -211,8 +211,7 @@
 
 
         PermissionCollection thatWildcard =
-            (PermissionCollection)other.perms.get(
-                                        CryptoPermission.ALG_NAME_WILDCARD);
+                other.perms.get(CryptoPermission.ALG_NAME_WILDCARD);
         int maxKeySize = 0;
         if (thatWildcard != null) {
             maxKeySize = ((CryptoPermission)
@@ -221,14 +220,12 @@
         // For each algorithm in this CryptoPermissions,
         // find out if there is anything we should add into
         // ret.
-        Enumeration thisKeys = this.perms.keys();
+        Enumeration<String> thisKeys = this.perms.keys();
         while (thisKeys.hasMoreElements()) {
-            String alg = (String)thisKeys.nextElement();
+            String alg = thisKeys.nextElement();
 
-            PermissionCollection thisPc =
-                (PermissionCollection)this.perms.get(alg);
-            PermissionCollection thatPc =
-                (PermissionCollection)other.perms.get(alg);
+            PermissionCollection thisPc = this.perms.get(alg);
+            PermissionCollection thatPc = other.perms.get(alg);
 
             CryptoPermission[] partialResult;
 
@@ -251,8 +248,7 @@
         }
 
         PermissionCollection thisWildcard =
-            (PermissionCollection)this.perms.get(
-                                      CryptoPermission.ALG_NAME_WILDCARD);
+                this.perms.get(CryptoPermission.ALG_NAME_WILDCARD);
 
         // If this CryptoPermissions doesn't
         // have a wildcard, we are done.
@@ -265,16 +261,15 @@
         maxKeySize =
             ((CryptoPermission)
                     thisWildcard.elements().nextElement()).getMaxKeySize();
-        Enumeration thatKeys = other.perms.keys();
+        Enumeration<String> thatKeys = other.perms.keys();
         while (thatKeys.hasMoreElements()) {
-            String alg = (String)thatKeys.nextElement();
+            String alg = thatKeys.nextElement();
 
             if (this.perms.containsKey(alg)) {
                 continue;
             }
 
-            PermissionCollection thatPc =
-                (PermissionCollection)other.perms.get(alg);
+            PermissionCollection thatPc = other.perms.get(alg);
 
             CryptoPermission[] partialResult;
 
@@ -299,9 +294,9 @@
      */
     private CryptoPermission[] getMinimum(PermissionCollection thisPc,
                                           PermissionCollection thatPc) {
-        Vector permVector = new Vector(2);
+        Vector<CryptoPermission> permVector = new Vector<>(2);
 
-        Enumeration thisPcPermissions = thisPc.elements();
+        Enumeration<Permission> thisPcPermissions = thisPc.elements();
 
         // For each CryptoPermission in
         // thisPc object, do the following:
@@ -320,7 +315,7 @@
             CryptoPermission thisCp =
                 (CryptoPermission)thisPcPermissions.nextElement();
 
-            Enumeration thatPcPermissions = thatPc.elements();
+            Enumeration<Permission> thatPcPermissions = thatPc.elements();
             while (thatPcPermissions.hasMoreElements()) {
                 CryptoPermission thatCp =
                     (CryptoPermission)thatPcPermissions.nextElement();
@@ -355,9 +350,9 @@
      */
     private CryptoPermission[] getMinimum(int maxKeySize,
                                           PermissionCollection pc) {
-        Vector permVector = new Vector(1);
+        Vector<CryptoPermission> permVector = new Vector<>(1);
 
-        Enumeration enum_ = pc.elements();
+        Enumeration<Permission> enum_ = pc.elements();
 
         while (enum_.hasMoreElements()) {
             CryptoPermission cp =
@@ -424,7 +419,7 @@
 
         String alg = cryptoPerm.getAlgorithm();
 
-        PermissionCollection pc = (PermissionCollection)perms.get(alg);
+        PermissionCollection pc = perms.get(alg);
 
         if (pc == null) {
             pc = cryptoPerm.newPermissionCollection();
@@ -455,14 +450,14 @@
     }
 }
 
-final class PermissionsEnumerator implements Enumeration {
+final class PermissionsEnumerator implements Enumeration<Permission> {
 
     // all the perms
-    private Enumeration perms;
+    private Enumeration<PermissionCollection> perms;
     // the current set
-    private Enumeration permset;
+    private Enumeration<Permission> permset;
 
-    PermissionsEnumerator(Enumeration e) {
+    PermissionsEnumerator(Enumeration<PermissionCollection> e) {
         perms = e;
         permset = getNextEnumWithMore();
     }
@@ -486,7 +481,7 @@
         return (permset != null);
     }
 
-    public synchronized Object nextElement() {
+    public synchronized Permission nextElement() {
         // hasMoreElements will update permset to the next permset
         // with something in it...
 
@@ -497,11 +492,10 @@
         }
     }
 
-    private Enumeration getNextEnumWithMore() {
+    private Enumeration<Permission> getNextEnumWithMore() {
         while (perms.hasMoreElements()) {
-            PermissionCollection pc =
-                (PermissionCollection) perms.nextElement();
-            Enumeration next = pc.elements();
+            PermissionCollection pc = perms.nextElement();
+            Enumeration<Permission> next = pc.elements();
             if (next.hasMoreElements())
                 return next;
         }
--- a/src/share/classes/javax/crypto/CryptoPolicyParser.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/CryptoPolicyParser.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
-import java.util.StringTokenizer;
 import static java.util.Locale.ENGLISH;
 
 import java.security.GeneralSecurityException;
@@ -64,7 +63,7 @@
 
 final class CryptoPolicyParser {
 
-    private Vector grantEntries;
+    private Vector<GrantEntry> grantEntries;
 
     // Convenience variables for parsing
     private StreamTokenizer st;
@@ -74,7 +73,7 @@
      * Creates a CryptoPolicyParser object.
      */
     CryptoPolicyParser() {
-        grantEntries = new Vector();
+        grantEntries = new Vector<GrantEntry>();
     }
 
     /**
@@ -127,7 +126,7 @@
          * The crypto jurisdiction policy must be consistent. The
          * following hashtable is used for checking consistency.
          */
-        Hashtable processedPermissions = null;
+        Hashtable<String, Vector<String>> processedPermissions = null;
 
         /*
          * The main parsing loop.  The loop is executed once for each entry
@@ -152,7 +151,8 @@
     /**
      * parse a Grant entry
      */
-    private GrantEntry parseGrantEntry(Hashtable processedPermissions)
+    private GrantEntry parseGrantEntry(
+            Hashtable<String, Vector<String>> processedPermissions)
         throws ParsingException, IOException
     {
         GrantEntry e = new GrantEntry();
@@ -180,7 +180,7 @@
      * parse a CryptoPermission entry
      */
     private CryptoPermissionEntry parsePermissionEntry(
-                                       Hashtable processedPermissions)
+            Hashtable<String, Vector<String>> processedPermissions)
         throws ParsingException, IOException
     {
         CryptoPermissionEntry e = new CryptoPermissionEntry();
@@ -252,7 +252,7 @@
             // AlgorithmParameterSpec class name.
             String algParamSpecClassName = match("quoted string");
 
-            Vector paramsV = new Vector(1);
+            Vector<Integer> paramsV = new Vector<>(1);
             while (peek(",")) {
                 match(",");
                 if (peek("number")) {
@@ -285,14 +285,14 @@
         AlgorithmParameterSpec ret = null;
 
         try {
-            Class apsClass = Class.forName(type);
-            Class[] paramClasses = new Class[params.length];
+            Class<?> apsClass = Class.forName(type);
+            Class<?>[] paramClasses = new Class<?>[params.length];
 
             for (int i = 0; i < params.length; i++) {
                 paramClasses[i] = int.class;
             }
 
-            Constructor c = apsClass.getConstructor(paramClasses);
+            Constructor<?> c = apsClass.getConstructor(paramClasses);
             ret = (AlgorithmParameterSpec) c.newInstance((Object[]) params);
         } catch (Exception e) {
             throw new ParsingException("Cannot call the constructor of " +
@@ -456,15 +456,15 @@
     }
 
     CryptoPermission[] getPermissions() {
-        Vector result = new Vector();
+        Vector<CryptoPermission> result = new Vector<>();
 
-        Enumeration grantEnum = grantEntries.elements();
+        Enumeration<GrantEntry> grantEnum = grantEntries.elements();
         while (grantEnum.hasMoreElements()) {
-            GrantEntry ge = (GrantEntry)grantEnum.nextElement();
-            Enumeration permEnum = ge.permissionElements();
+            GrantEntry ge = grantEnum.nextElement();
+            Enumeration<CryptoPermissionEntry> permEnum =
+                    ge.permissionElements();
             while (permEnum.hasMoreElements()) {
-                CryptoPermissionEntry pe =
-                    (CryptoPermissionEntry)permEnum.nextElement();
+                CryptoPermissionEntry pe = permEnum.nextElement();
                 if (pe.cryptoPermission.equals(
                                         "javax.crypto.CryptoAllPermission")) {
                     result.addElement(CryptoAllPermission.INSTANCE);
@@ -491,15 +491,14 @@
         return ret;
     }
 
-    private boolean isConsistent(String alg,
-                                 String exemptionMechanism,
-                                 Hashtable processedPermissions) {
+    private boolean isConsistent(String alg, String exemptionMechanism,
+            Hashtable<String, Vector<String>> processedPermissions) {
         String thisExemptionMechanism =
             exemptionMechanism == null ? "none" : exemptionMechanism;
 
         if (processedPermissions == null) {
-            processedPermissions = new Hashtable();
-            Vector exemptionMechanisms = new Vector(1);
+            processedPermissions = new Hashtable<String, Vector<String>>();
+            Vector<String> exemptionMechanisms = new Vector<>(1);
             exemptionMechanisms.addElement(thisExemptionMechanism);
             processedPermissions.put(alg, exemptionMechanisms);
             return true;
@@ -509,15 +508,15 @@
             return false;
         }
 
-        Vector exemptionMechanisms;
+        Vector<String> exemptionMechanisms;
 
         if (processedPermissions.containsKey(alg)) {
-            exemptionMechanisms = (Vector)processedPermissions.get(alg);
+            exemptionMechanisms = processedPermissions.get(alg);
             if (exemptionMechanisms.contains(thisExemptionMechanism)) {
                 return false;
             }
         } else {
-            exemptionMechanisms = new Vector(1);
+            exemptionMechanisms = new Vector<String>(1);
         }
 
         exemptionMechanisms.addElement(thisExemptionMechanism);
@@ -556,10 +555,10 @@
 
     private static class GrantEntry {
 
-        private Vector permissionEntries;
+        private Vector<CryptoPermissionEntry> permissionEntries;
 
         GrantEntry() {
-            permissionEntries = new Vector();
+            permissionEntries = new Vector<CryptoPermissionEntry>();
         }
 
         void add(CryptoPermissionEntry pe)
@@ -580,7 +579,7 @@
         /**
          * Enumerate all the permission entries in this GrantEntry.
          */
-        Enumeration permissionElements(){
+        Enumeration<CryptoPermissionEntry> permissionElements(){
             return permissionEntries.elements();
         }
 
--- a/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@
             throw new NullPointerException("the encoded parameter " +
                                            "must be non-null");
         }
-        this.encoded = (byte[])encoded.clone();
+        this.encoded = encoded.clone();
         DerValue val = new DerValue(this.encoded);
 
         DerValue[] seq = new DerValue[2];
@@ -143,7 +143,7 @@
             throw new IllegalArgumentException("the encryptedData " +
                                                 "parameter must not be empty");
         } else {
-            this.encryptedData = (byte[])encryptedData.clone();
+            this.encryptedData = encryptedData.clone();
         }
         // delay the generation of ASN.1 encoding until
         // getEncoded() is called
@@ -183,7 +183,7 @@
             throw new IllegalArgumentException("the encryptedData " +
                                                 "parameter must not be empty");
         } else {
-            this.encryptedData = (byte[])encryptedData.clone();
+            this.encryptedData = encryptedData.clone();
         }
 
         // delay the generation of ASN.1 encoding until
@@ -222,7 +222,7 @@
      * each time this method is called.
      */
     public byte[] getEncryptedData() {
-        return (byte[])this.encryptedData.clone();
+        return this.encryptedData.clone();
     }
 
     /**
@@ -247,26 +247,13 @@
         throws InvalidKeySpecException {
         byte[] encoded = null;
         try {
-            encoded = cipher.doFinal((byte[])encryptedData);
+            encoded = cipher.doFinal(encryptedData);
             checkPKCS8Encoding(encoded);
-        } catch (GeneralSecurityException gse) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(gse);
-            throw ikse;
-        } catch (IOException ioe) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(ioe);
-            throw ikse;
-        } catch (IllegalStateException ise) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(ise);
-            throw ikse;
+        } catch (GeneralSecurityException |
+                 IOException |
+                 IllegalStateException ex) {
+            throw new InvalidKeySpecException(
+                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
         return new PKCS8EncodedKeySpec(encoded);
     }
@@ -289,16 +276,9 @@
         } catch (NoSuchAlgorithmException nsae) {
             // rethrow
             throw nsae;
-        } catch (GeneralSecurityException gse) {
-            InvalidKeyException ike = new InvalidKeyException
-                ("Cannot retrieve the PKCS8EncodedKeySpec");
-            ike.initCause(gse);
-            throw ike;
-        } catch (IOException ioe) {
-            InvalidKeyException ike = new InvalidKeyException
-                ("Cannot retrieve the PKCS8EncodedKeySpec");
-            ike.initCause(ioe);
-            throw ike;
+        } catch (GeneralSecurityException | IOException ex) {
+            throw new InvalidKeyException(
+                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
         return new PKCS8EncodedKeySpec(encoded);
     }
@@ -413,7 +393,7 @@
             out.write(DerValue.tag_Sequence, tmp);
             this.encoded = out.toByteArray();
         }
-        return (byte[])this.encoded.clone();
+        return this.encoded.clone();
     }
 
     private static void checkTag(DerValue val, byte tag, String valName)
@@ -424,6 +404,7 @@
         }
     }
 
+    @SuppressWarnings("fallthrough")
     private static void checkPKCS8Encoding(byte[] encodedKey)
         throws IOException {
         DerInputStream in = new DerInputStream(encodedKey);
@@ -432,6 +413,7 @@
         switch (values.length) {
         case 4:
             checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
+            /* fall through */
         case 3:
             checkTag(values[0], DerValue.tag_Integer, "version");
             DerInputStream algid = values[1].toDerInputStream();
--- a/src/share/classes/javax/crypto/JarVerifier.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/JarVerifier.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,23 +86,19 @@
 
             // Get a link to the Jarfile to search.
             try {
-                jf = (JarFile)
-                    AccessController.doPrivileged(
-                        new PrivilegedExceptionAction() {
-                            public Object run() throws Exception {
-                                JarURLConnection conn =
-                                    (JarURLConnection) url.openConnection();
-                                // You could do some caching here as
-                                // an optimization.
-                                conn.setUseCaches(false);
-                                return conn.getJarFile();
-                            }
-                        });
+                jf = AccessController.doPrivileged(
+                         new PrivilegedExceptionAction<JarFile>() {
+                             public JarFile run() throws Exception {
+                                 JarURLConnection conn =
+                                     (JarURLConnection) url.openConnection();
+                                 // You could do some caching here as
+                                 // an optimization.
+                                 conn.setUseCaches(false);
+                                 return conn.getJarFile();
+                             }
+                         });
             } catch (java.security.PrivilegedActionException pae) {
-                SecurityException se = new SecurityException(
-                    "Cannot load " + url.toString());
-                se.initCause(pae);
-                throw se;
+                throw new SecurityException("Cannot load " + url.toString(), pae);
             }
 
             if (jf != null) {
--- a/src/share/classes/javax/crypto/JceSecurity.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/JceSecurity.java	Sat Aug 20 11:59:31 2016 -0700
@@ -57,10 +57,12 @@
     // Map<Provider,?> of the providers we already have verified
     // value == PROVIDER_VERIFIED is successfully verified
     // value is failure cause Exception in error case
-    private final static Map verificationResults = new IdentityHashMap();
+    private final static Map<Provider, Object> verificationResults =
+            new IdentityHashMap<>();
 
     // Map<Provider,?> of the providers currently being verified
-    private final static Map verifyingProviders = new IdentityHashMap();
+    private final static Map<Provider, Object> verifyingProviders =
+            new IdentityHashMap<>();
 
     // Set the default value. May be changed in the static initializer.
     private static boolean isRestricted = true;
@@ -73,25 +75,23 @@
 
     static {
         try {
-            AccessController.doPrivileged(new PrivilegedExceptionAction() {
-                public Object run() throws Exception {
-                    setupJurisdictionPolicies();
-                    return null;
-                }
-            });
+            AccessController.doPrivileged(
+                new PrivilegedExceptionAction<Object>() {
+                    public Object run() throws Exception {
+                        setupJurisdictionPolicies();
+                        return null;
+                    }
+                });
 
             isRestricted = defaultPolicy.implies(
                 CryptoAllPermission.INSTANCE) ? false : true;
         } catch (Exception e) {
-            SecurityException se =
-                new SecurityException(
-                    "Can not initialize cryptographic mechanism");
-            se.initCause(e);
-            throw se;
+            throw new SecurityException(
+                    "Can not initialize cryptographic mechanism", e);
         }
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm,
+    static Instance getInstance(String type, Class<?> clazz, String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
         Service s = GetInstance.getService(type, algorithm, provider);
@@ -104,7 +104,7 @@
         return GetInstance.getInstance(s, clazz);
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm,
+    static Instance getInstance(String type, Class<?> clazz, String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
         Service s = GetInstance.getService(type, algorithm, provider);
         Exception ve = JceSecurity.getVerificationResult(provider);
@@ -116,12 +116,11 @@
         return GetInstance.getInstance(s, clazz);
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm)
+    static Instance getInstance(String type, Class<?> clazz, String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices(type, algorithm);
+        List<Service> services = GetInstance.getServices(type, algorithm);
         NoSuchAlgorithmException failure = null;
-        for (Iterator t = services.iterator(); t.hasNext(); ) {
-            Service s = (Service)t.next();
+        for (Service s : services) {
             if (canUseProvider(s.getProvider()) == false) {
                 // allow only signed providers
                 continue;
@@ -213,17 +212,18 @@
     }
 
     // reference to a Map we use as a cache for codebases
-    private static final Map codeBaseCacheRef = new WeakHashMap();
+    private static final Map<Class<?>, URL> codeBaseCacheRef =
+            new WeakHashMap<>();
 
     /*
      * Returns the CodeBase for the given class.
      */
-    static URL getCodeBase(final Class clazz) {
+    static URL getCodeBase(final Class<?> clazz) {
         synchronized (codeBaseCacheRef) {
-            URL url = (URL)codeBaseCacheRef.get(clazz);
+            URL url = codeBaseCacheRef.get(clazz);
             if (url == null) {
-                url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
-                    public Object run() {
+                url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+                    public URL run() {
                         ProtectionDomain pd = clazz.getProtectionDomain();
                         if (pd != null) {
                             CodeSource cs = pd.getCodeSource();
@@ -292,9 +292,9 @@
 
         JarFile jf = new JarFile(jarPathName);
 
-        Enumeration entries = jf.entries();
+        Enumeration<JarEntry> entries = jf.entries();
         while (entries.hasMoreElements()) {
-            JarEntry je = (JarEntry)entries.nextElement();
+            JarEntry je = entries.nextElement();
             InputStream is = null;
             try {
                 if (je.getName().startsWith("default_")) {
--- a/src/share/classes/javax/crypto/JceSecurityManager.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/JceSecurityManager.java	Sat Aug 20 11:59:31 2016 -0700
@@ -28,7 +28,6 @@
 import java.security.*;
 import java.net.*;
 import java.util.*;
-import java.util.jar.*;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
@@ -52,7 +51,8 @@
     private static final CryptoPermissions defaultPolicy;
     private static final CryptoPermissions exemptPolicy;
     private static final CryptoAllPermission allPerm;
-    private static final Vector TrustedCallersCache = new Vector(2);
+    private static final Vector<Class<?>> TrustedCallersCache =
+            new Vector<>(2);
     private static final ConcurrentMap<URL,CryptoPermissions> exemptCache =
             new ConcurrentHashMap<>();
     private static final CryptoPermissions CACHE_NULL_MARK =
@@ -65,12 +65,12 @@
         defaultPolicy = JceSecurity.getDefaultPolicy();
         exemptPolicy = JceSecurity.getExemptPolicy();
         allPerm = CryptoAllPermission.INSTANCE;
-        INSTANCE = (JceSecurityManager)
-              AccessController.doPrivileged(new PrivilegedAction() {
-                  public Object run() {
-                      return new JceSecurityManager();
-                  }
-              });
+        INSTANCE = AccessController.doPrivileged(
+                new PrivilegedAction<JceSecurityManager>() {
+                    public JceSecurityManager run() {
+                        return new JceSecurityManager();
+                    }
+                });
     }
 
     private JceSecurityManager() {
@@ -99,11 +99,11 @@
         // javax.crypto.* packages.
         // NOTE: javax.crypto.* package maybe subject to package
         // insertion, so need to check its classloader as well.
-        Class[] context = getClassContext();
+        Class<?>[] context = getClassContext();
         URL callerCodeBase = null;
         int i;
         for (i=0; i<context.length; i++) {
-            Class cls = context[i];
+            Class<?> cls = context[i];
             callerCodeBase = JceSecurity.getCodeBase(cls);
             if (callerCodeBase != null) {
                 break;
@@ -150,7 +150,7 @@
         if (appPc == null) {
             return defaultPerm;
         }
-        Enumeration enum_ = appPc.elements();
+        Enumeration<Permission> enum_ = appPc.elements();
         while (enum_.hasMoreElements()) {
             CryptoPermission cp = (CryptoPermission)enum_.nextElement();
             if (cp.getExemptionMechanism() == null) {
@@ -222,7 +222,7 @@
      * Returns the default permission for the given algorithm.
      */
     private CryptoPermission getDefaultPermission(String alg) {
-        Enumeration enum_ =
+        Enumeration<Permission> enum_ =
             defaultPolicy.getPermissionCollection(alg).elements();
         return (CryptoPermission)enum_.nextElement();
     }
--- a/src/share/classes/javax/crypto/KeyAgreement.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/KeyAgreement.java	Sat Aug 20 11:59:31 2016 -0700
@@ -98,7 +98,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private final Object lock;
 
@@ -117,7 +117,7 @@
         lock = null;
     }
 
-    private KeyAgreement(Service s, Iterator t, String algorithm) {
+    private KeyAgreement(Service s, Iterator<Service> t, String algorithm) {
         firstService = s;
         serviceIterator = t;
         this.algorithm = algorithm;
@@ -170,11 +170,12 @@
      */
     public static final KeyAgreement getInstance(String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices("KeyAgreement", algorithm);
+        List<Service> services =
+                GetInstance.getServices("KeyAgreement", algorithm);
         // make sure there is at least one service from a signed provider
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -306,7 +307,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
@@ -363,7 +364,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 // if provider says it does not support this key, ignore it
                 if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/KeyGenerator.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/KeyGenerator.java	Sat Aug 20 11:59:31 2016 -0700
@@ -133,7 +133,7 @@
 
     private final Object lock = new Object();
 
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private int initType;
     private int initKeySize;
@@ -161,7 +161,8 @@
 
     private KeyGenerator(String algorithm) throws NoSuchAlgorithmException {
         this.algorithm = algorithm;
-        List list = GetInstance.getServices("KeyGenerator", algorithm);
+        List<Service> list =
+                GetInstance.getServices("KeyGenerator", algorithm);
         serviceIterator = list.iterator();
         initType = I_NONE;
         // fetch and instantiate initial spi
@@ -336,7 +337,7 @@
                 return null;
             }
             while (serviceIterator.hasNext()) {
-                Service s = (Service)serviceIterator.next();
+                Service s = serviceIterator.next();
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
                 }
--- a/src/share/classes/javax/crypto/Mac.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/Mac.java	Sat Aug 20 11:59:31 2016 -0700
@@ -100,7 +100,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private final Object lock;
 
@@ -119,7 +119,7 @@
         lock = null;
     }
 
-    private Mac(Service s, Iterator t, String algorithm) {
+    private Mac(Service s, Iterator<Service> t, String algorithm) {
         firstService = s;
         serviceIterator = t;
         this.algorithm = algorithm;
@@ -168,11 +168,11 @@
      */
     public static final Mac getInstance(String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices("Mac", algorithm);
+        List<Service> services = GetInstance.getServices("Mac", algorithm);
         // make sure there is at least one service from a signed provider
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -293,7 +293,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
@@ -336,7 +336,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 // if provider says it does not support this key, ignore it
                 if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/SealedObject.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/SealedObject.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -193,11 +193,11 @@
      * @exception NullPointerException if the given sealed object is null.
      */
     protected SealedObject(SealedObject so) {
-        this.encryptedContent = (byte[]) so.encryptedContent.clone();
+        this.encryptedContent = so.encryptedContent.clone();
         this.sealAlg = so.sealAlg;
         this.paramsAlg = so.paramsAlg;
         if (so.encodedParams != null) {
-            this.encodedParams = (byte[]) so.encodedParams.clone();
+            this.encodedParams = so.encodedParams.clone();
         } else {
             this.encodedParams = null;
         }
@@ -353,10 +353,8 @@
 
         try {
             return unseal(key, provider);
-        } catch (IllegalBlockSizeException ibse) {
-            throw new InvalidKeyException(ibse.getMessage());
-        } catch (BadPaddingException bpe) {
-            throw new InvalidKeyException(bpe.getMessage());
+        } catch (IllegalBlockSizeException | BadPaddingException ex) {
+            throw new InvalidKeyException(ex.getMessage());
         }
     }
 
@@ -450,9 +448,9 @@
     {
         s.defaultReadObject();
         if (encryptedContent != null)
-            encryptedContent = (byte[])encryptedContent.clone();
+            encryptedContent = encryptedContent.clone();
         if (encodedParams != null)
-            encodedParams = (byte[])encodedParams.clone();
+            encodedParams = encodedParams.clone();
     }
 }
 
@@ -465,7 +463,7 @@
         super(in);
     }
 
-    protected Class resolveClass(ObjectStreamClass v)
+    protected Class<?> resolveClass(ObjectStreamClass v)
         throws IOException, ClassNotFoundException
     {
 
--- a/src/share/classes/javax/crypto/SecretKeyFactory.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/SecretKeyFactory.java	Sat Aug 20 11:59:31 2016 -0700
@@ -96,7 +96,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     /**
      * Creates a SecretKeyFactory object.
@@ -114,7 +114,8 @@
 
     private SecretKeyFactory(String algorithm) throws NoSuchAlgorithmException {
         this.algorithm = algorithm;
-        List list = GetInstance.getServices("SecretKeyFactory", algorithm);
+        List<Service> list =
+                GetInstance.getServices("SecretKeyFactory", algorithm);
         serviceIterator = list.iterator();
         // fetch and instantiate initial spi
         if (nextSpi(null) == null) {
@@ -290,7 +291,7 @@
                 return null;
             }
             while (serviceIterator.hasNext()) {
-                Service s = (Service)serviceIterator.next();
+                Service s = serviceIterator.next();
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
                 }
--- a/src/share/classes/javax/crypto/SecretKeyFactorySpi.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/SecretKeyFactorySpi.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
--- a/src/share/classes/javax/crypto/spec/DESKeySpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/DESKeySpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -165,7 +165,7 @@
      * each time this method is called.
      */
     public byte[] getKey() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/DESedeKeySpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/DESedeKeySpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -95,7 +95,7 @@
      * each time this method is called.
      */
     public byte[] getKey() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/IvParameterSpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/IvParameterSpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -94,6 +94,6 @@
      * each time this method is called.
      */
     public byte[] getIV() {
-        return (byte[])this.iv.clone();
+        return this.iv.clone();
     }
 }
--- a/src/share/classes/javax/crypto/spec/PBEKeySpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/PBEKeySpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
     }
 
@@ -109,7 +109,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
         if (salt == null) {
             throw new NullPointerException("the salt parameter " +
@@ -118,7 +118,7 @@
             throw new IllegalArgumentException("the salt parameter " +
                                                 "must not be empty");
         } else {
-            this.salt = (byte[]) salt.clone();
+            this.salt = salt.clone();
         }
         if (iterationCount<=0) {
             throw new IllegalArgumentException("invalid iterationCount value");
@@ -151,7 +151,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
         if (salt == null) {
             throw new NullPointerException("the salt parameter " +
@@ -160,7 +160,7 @@
             throw new IllegalArgumentException("the salt parameter " +
                                                 "must not be empty");
         } else {
-            this.salt = (byte[]) salt.clone();
+            this.salt = salt.clone();
         }
         if (iterationCount<=0) {
             throw new IllegalArgumentException("invalid iterationCount value");
@@ -196,7 +196,7 @@
         if (password == null) {
             throw new IllegalStateException("password has been cleared");
         }
-        return (char[]) password.clone();
+        return password.clone();
     }
 
     /**
@@ -210,7 +210,7 @@
      */
     public final byte[] getSalt() {
         if (salt != null) {
-            return (byte[]) salt.clone();
+            return salt.clone();
         } else {
             return null;
         }
--- a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.math.BigInteger;
 import java.security.spec.AlgorithmParameterSpec;
 
 /**
@@ -53,7 +52,7 @@
      * @exception NullPointerException if <code>salt</code> is null.
      */
     public PBEParameterSpec(byte[] salt, int iterationCount) {
-        this.salt = (byte[])salt.clone();
+        this.salt = salt.clone();
         this.iterationCount = iterationCount;
     }
 
@@ -64,7 +63,7 @@
      * each time this method is called.
      */
     public byte[] getSalt() {
-        return (byte[])this.salt.clone();
+        return this.salt.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/PSource.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/PSource.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
-
 /**
  * This class specifies the source for encoding input P in OAEP Padding,
  * as defined in the
@@ -97,7 +94,7 @@
          */
         public PSpecified(byte[] p) {
             super("PSpecified");
-            this.p = (byte[]) p.clone();
+            this.p = p.clone();
         }
         /**
          * Returns the value of encoding input P.
@@ -105,7 +102,7 @@
          * returned each time this method is called.
          */
         public byte[] getValue() {
-            return (p.length==0? p: (byte[])p.clone());
+            return (p.length==0? p: p.clone());
         }
     }
 }
--- a/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,7 @@
      * Returns a new array each time this method is called.
      */
     public byte[] getIV() {
-        return (iv == null? null:(byte[])iv.clone());
+        return (iv == null? null:iv.clone());
     }
 
    /**
--- a/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -157,7 +157,7 @@
      * Returns a new array each time this method is called.
      */
     public byte[] getIV() {
-        return (iv == null? null:(byte[])iv.clone());
+        return (iv == null? null:iv.clone());
     }
 
    /**
--- a/src/share/classes/javax/crypto/spec/SecretKeySpec.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/crypto/spec/SecretKeySpec.java	Sat Aug 20 11:59:31 2016 -0700
@@ -25,8 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.io.UnsupportedEncodingException;
-import java.security.Key;
 import java.security.MessageDigest;
 import java.security.spec.KeySpec;
 import javax.crypto.SecretKey;
@@ -96,7 +94,7 @@
         if (key.length == 0) {
             throw new IllegalArgumentException("Empty key");
         }
-        this.key = (byte[])key.clone();
+        this.key = key.clone();
         this.algorithm = algorithm;
     }
 
@@ -182,7 +180,7 @@
      * each time this method is called.
      */
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Sun May 01 21:26:40 2016 -0700
+++ b/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Sat Aug 20 11:59:31 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@
 import java.util.Set;
 import java.util.WeakHashMap;
 import java.lang.ref.WeakReference;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityProtectionDomainAccess;
 
 /**
  * A <code>SubjectDomainCombiner</code> updates ProtectionDomains
@@ -64,6 +66,9 @@
     private static final boolean allowCaching =
                                         (useJavaxPolicy && cachePolicy());
 
+    private static final JavaSecurityProtectionDomainAccess pdAccess =
+        SharedSecrets.getJavaSecurityProtectionDomainAccess();
+
     /**
      * Associate the provided <code>Subject</code> with this
      * <code>SubjectDomainCombiner</code>.
@@ -238,10 +243,16 @@
                 subjectPd = cachedPDs.getValue(pd);
 
                 if (subjectPd == null) {
-                    subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // Need to keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
                                                 pd.getPermissions(),
                                                 pd.getClassLoader(),
                                                 principals);
+                    }
                     cachedPDs.putValue(pd, subjectPd);
                 } else {
                     allNew = false;
@@ -338,59 +349,63 @@
                 ProtectionDomain subjectPd = cachedPDs.getValue(pd);
 
                 if (subjectPd == null) {
+                    if (pdAccess.getStaticPermissionsField(pd)) {
+                        // keep static ProtectionDomain objects static
+                        subjectPd = new ProtectionDomain(pd.getCodeSource(),
+                                                pd.getPermissions());
+                    } else {
+                        // XXX
+                        // we must first add the original permissions.
+                        // that way when we later add the new JAAS permissions,
+                        // any unresolved JAAS-related permissions will
+                        // automatically get resolved.
 
-                    // XXX
-                    // we must first add the original permissions.
-                    // that way when we later add the new JAAS permissions,
-                    // any unresolved JAAS-related permissions will
-                    // automatically get resolved.
-
-                    // get the original perms
-                    Permissions perms = new Permissions();
-                    PermissionCollection coll = pd.getPermissions();
-                    java.util.Enumeration e;
-                    if (coll != null) {
-                        synchronized (coll) {
-                            e = coll.elements();
-                            while (e.hasMoreElements()) {
-                                Permission newPerm =
-                                        (Permission)e.nextElement();
-                                 perms.add(newPerm);
+                        // get the original perms
+                        Permissions perms = new Permissions();
+                        PermissionCollection coll = pd.getPermissions();
+                        java.util.Enumeration<Permission> e;
+                        if (coll != null) {
+                            synchronized (coll) {
+                                e = coll.elements();
+                                while (e.hasMoreElements()) {
+                                    Permission newPerm =
+                                        e.nextElement();
+                                    perms.add(newPerm);
+                                }
                             }
                         }
-                    }
 
-                    // get perms from the policy
+                        // get perms from the policy
+                        final java.security.CodeSource finalCs = pd.getCodeSource();
+                        final Subject finalS = subject;
+                        PermissionCollection newPerms =
+                            java.security.AccessController.doPrivileged
+                            (new PrivilegedAction<PermissionCollection>() {
+                            @SuppressWarnings("deprecation")
+                            public PermissionCollection run() {
+                                return
+                                    javax.security.auth.Policy.getPolicy().getPermissions
+                                    (finalS, finalCs);
+                            }
+                        });
 
-                    final java.security.CodeSource finalCs = pd.getCodeSource();
-                    final Subject finalS = subject;
-                    PermissionCollection newPerms =
-                        java.security.AccessController.doPrivileged
-                        (new PrivilegedAction<PermissionCollection>() {
-                        public PermissionCollection run() {
-                          return
-                          javax.security.auth.Policy.getPolicy().getPermissions
-                                (finalS, finalCs);
-                        }
-                    });
-
-                    // add the newly granted perms,
-                    // avoiding duplicates
-                    synchronized (newPerms) {
-                        e = newPerms.elements();
-                        while (e.hasMoreElements()) {
-                            Permission newPerm = (Permission)e.nextElement();
-                            if (!perms.implies(newPerm)) {
-                                perms.add(newPerm);
-                                if (debug != null)
-                                    debug.println (
-                                        "Adding perm " + newPerm + "\n");
+                        // add the newly granted perms,
+                        // avoiding duplicates
+                        synchronized (newPerms) {
+                            e = newPerms.elements();
+                            while (e.hasMoreElements()) {
+                                Permission newPerm = e.nextElement();
+                                if (!perms.implies(newPerm)) {
+                                    perms.add(newPerm);
+                                    if (debug != null)
+                                        debug.println (
+                                            "Adding perm " + newPerm + "\n");