changeset 7705:5bd0e038abd8

Merge
author coffeys
date Thu, 07 Aug 2014 12:19:57 +0100
parents 7f0e77da2bb0 b6ff2c8447c1
children 749d66993804
files .hgtags
diffstat 10 files changed, 572 insertions(+), 82 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Wed Jul 30 11:12:38 2014 -0700
+++ b/.hgtags	Thu Aug 07 12:19:57 2014 +0100
@@ -477,9 +477,15 @@
 5b9e9506bd57763c958ea6fcff99b03d47942b9d jdk7u71-b03
 347bc2b7831097ea373ef7be72bfbf0ba3de4b7f jdk7u71-b04
 3019595da91688c79f617cf737431a2acee3ef71 jdk7u71-b05
+0a05fabc719fe6c1ed02678d255f1250b32c30ed jdk7u71-b06
+48db48aab05e47cafc37b277f68a0e2ff5f1f0b6 jdk7u71-b07
+9ff013674339cb269280bfb4eaba40bba0584c40 jdk7u71-b08
 c76a5b2876b98194ccbeffeab76a0326bf163ba2 jdk7u72-b01
 b02c1a8b10cd7338eb808ebfaa5a74b4997fdc8f jdk7u72-b02
 bc98cecdab4cd4a97316a5407c91bdedc92d4bb5 jdk7u72-b03
 b227c93ab2c91ce4b412d1cfb4f7649bff30677b jdk7u72-b04
 dd7983c1586dd9e6e6d53bfa05d7e164329979b0 jdk7u72-b05
+b57a21af9f6d3cd9498099c329063a671b39e3c4 jdk7u72-b06
+9d53e2319954cc1479e190e26b110168c7073b0a jdk7u72-b07
+584b227e8efe21dd47a616afdb4f1f2a2fd630cf jdk7u72-b08
 87f9570ca734714f981d4a47477dcc6c80a7d324 jdk7u75-b00
--- a/make/common/Defs-linux.gmk	Wed Jul 30 11:12:38 2014 -0700
+++ b/make/common/Defs-linux.gmk	Thu Aug 07 12:19:57 2014 +0100
@@ -191,9 +191,9 @@
 CFLAGS_REQUIRED_amd64   += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_i586    += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_ia64    += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
-CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9
+CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9 -D_BIG_ENDIAN
 LDFLAGS_COMMON_sparcv9  += -m64 -mcpu=v9
-CFLAGS_REQUIRED_sparc   += -m32 -mcpu=v9
+CFLAGS_REQUIRED_sparc   += -m32 -mcpu=v9 -D_BIG_ENDIAN
 LDFLAGS_COMMON_sparc    += -m32 -mcpu=v9
 CFLAGS_REQUIRED_arm     += -fsigned-char -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_ppc     += -fsigned-char -D_BIG_ENDIAN
--- a/src/share/classes/sun/security/provider/SecureRandom.java	Wed Jul 30 11:12:38 2014 -0700
+++ b/src/share/classes/sun/security/provider/SecureRandom.java	Thu Aug 07 12:19:57 2014 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
 import java.security.MessageDigest;
 import java.security.SecureRandomSpi;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 
 /**
  * <p>This class provides a crytpographically strong pseudo-random number
@@ -94,9 +95,19 @@
      */
     private void init(byte[] seed) {
         try {
-            digest = MessageDigest.getInstance ("SHA");
-        } catch (NoSuchAlgorithmException e) {
-            throw new InternalError("internal error: SHA-1 not available.");
+            /*
+             * Use the local SUN implementation to avoid native
+             * performance overhead.
+             */
+            digest = MessageDigest.getInstance("SHA", "SUN");
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // Fallback to any available.
+            try {
+                digest = MessageDigest.getInstance("SHA");
+            } catch (NoSuchAlgorithmException exc) {
+                throw new InternalError(
+                    "internal error: SHA-1 not available.");
+            }
         }
 
         if (seed != null) {
@@ -258,9 +269,19 @@
         s.defaultReadObject ();
 
         try {
-            digest = MessageDigest.getInstance ("SHA");
-        } catch (NoSuchAlgorithmException e) {
-            throw new InternalError("internal error: SHA-1 not available.");
+            /*
+             * Use the local SUN implementation to avoid native
+             * performance overhead.
+             */
+            digest = MessageDigest.getInstance("SHA", "SUN");
+        } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+            // Fallback to any available.
+            try {
+                digest = MessageDigest.getInstance("SHA");
+            } catch (NoSuchAlgorithmException exc) {
+                throw new InternalError(
+                    "internal error: SHA-1 not available.");
+            }
         }
     }
 }
--- a/src/share/classes/sun/security/ssl/CipherSuite.java	Wed Jul 30 11:12:38 2014 -0700
+++ b/src/share/classes/sun/security/ssl/CipherSuite.java	Thu Aug 07 12:19:57 2014 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -82,6 +82,10 @@
     private final static boolean ALLOW_ECC = Debug.getBooleanProperty
         ("com.sun.net.ssl.enableECC", true);
 
+    // preserve the old order of RC4 preference
+    private final static boolean PRESERVE_RC4 = Debug.getBooleanProperty
+        ("jdk.tls.preserveRC4CipherSuites", false);
+
     // Map Integer(id) -> CipherSuite
     // contains all known CipherSuites
     private final static Map<Integer,CipherSuite> idMap;
@@ -963,16 +967,18 @@
         add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
             0x0032, --p, K_DHE_DSS,     B_AES_128, T);
 
-        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-            0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
-        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-            0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
-        add("SSL_RSA_WITH_RC4_128_SHA",
-            0x0005, --p, K_RSA,         B_RC4_128, N);
-        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-            0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
-        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
-            0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
+        if (PRESERVE_RC4) {
+            add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+                0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
+            add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+                0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
+            add("SSL_RSA_WITH_RC4_128_SHA",
+                0x0005, --p, K_RSA,         B_RC4_128, N);
+            add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+                0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
+            add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
+                0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
+        }
 
         add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
             0xC008, --p, K_ECDHE_ECDSA, B_3DES,    T);
@@ -989,6 +995,18 @@
         add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
             0x0013, --p, K_DHE_DSS,     B_3DES,    N);
 
+        if (!PRESERVE_RC4) {
+            add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+                0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
+            add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+                0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
+            add("SSL_RSA_WITH_RC4_128_SHA",
+                0x0005, --p, K_RSA,         B_RC4_128, N);
+            add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+                0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
+            add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
+                0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
+        }
         add("SSL_RSA_WITH_RC4_128_MD5",
             0x0004, --p, K_RSA,         B_RC4_128, N);
 
@@ -1008,7 +1026,7 @@
          * 2. If a cipher suite has been obsoleted, we put it at the end of
          *    the list.
          * 3. Prefer the stronger bulk cipher, in the order of AES_256,
-         *    AES_128, RC-4, 3DES-EDE, DES, RC4_40, DES40, NULL.
+         *    AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
          * 4. Prefer the stronger MAC algorithm, in the order of SHA384,
          *    SHA256, SHA, MD5.
          * 5. Prefer the better performance of key exchange and digital
@@ -1031,15 +1049,51 @@
         add("TLS_DH_anon_WITH_AES_128_CBC_SHA",
             0x0034, --p, K_DH_ANON,     B_AES_128, N);
 
+        if (!PRESERVE_RC4) {
+            add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+                0xC017, --p, K_ECDH_ANON,   B_3DES,    T);
+            add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+                0x001b, --p, K_DH_ANON,     B_3DES,    N);
+        }
+
         add("TLS_ECDH_anon_WITH_RC4_128_SHA",
             0xC016, --p, K_ECDH_ANON,   B_RC4_128, N);
         add("SSL_DH_anon_WITH_RC4_128_MD5",
             0x0018, --p, K_DH_ANON,     B_RC4_128, N);
 
-        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-            0xC017, --p, K_ECDH_ANON,   B_3DES,    T);
-        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
-            0x001b, --p, K_DH_ANON,     B_3DES,    N);
+        if (!PRESERVE_RC4) {
+            // weak cipher suites obsoleted in TLS 1.2
+            add("SSL_RSA_WITH_DES_CBC_SHA",
+                0x0009, --p, K_RSA,         B_DES,     N, tls12);
+            add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
+                0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
+            add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
+                0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
+            add("SSL_DH_anon_WITH_DES_CBC_SHA",
+                0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
+
+            // weak cipher suites obsoleted in TLS 1.1
+            add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+                0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
+            add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+                0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
+
+            add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
+            add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
+            add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+                0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
+            add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+                0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
+        }
+
+        if (PRESERVE_RC4) {
+            add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+                0xC017, --p, K_ECDH_ANON,   B_3DES,    T);
+            add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+                0x001b, --p, K_DH_ANON,     B_3DES,    N);
+        }
 
         add("TLS_RSA_WITH_NULL_SHA256",
             0x003b, --p, K_RSA,         B_NULL,    N, max, tls12, P_SHA256);
@@ -1058,52 +1112,70 @@
         add("SSL_RSA_WITH_NULL_MD5",
             0x0001, --p, K_RSA,         B_NULL,    N);
 
-        // weak cipher suites obsoleted in TLS 1.2
-        add("SSL_RSA_WITH_DES_CBC_SHA",
-            0x0009, --p, K_RSA,         B_DES,     N, tls12);
-        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
-            0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
-        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
-            0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
-        add("SSL_DH_anon_WITH_DES_CBC_SHA",
-            0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
+        if (PRESERVE_RC4) {
+            // weak cipher suites obsoleted in TLS 1.2
+            add("SSL_RSA_WITH_DES_CBC_SHA",
+                0x0009, --p, K_RSA,         B_DES,     N, tls12);
+            add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
+                0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
+            add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
+                0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
+            add("SSL_DH_anon_WITH_DES_CBC_SHA",
+                0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
 
-        // weak cipher suites obsoleted in TLS 1.1
-        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
-            0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
-            0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
+            // weak cipher suites obsoleted in TLS 1.1
+            add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+                0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
+            add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+                0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
 
-        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
-        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
-        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-            0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
-            0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
+            add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
+            add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+                0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
+            add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+                0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
+            add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+                0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
+        }
 
         // Supported Kerberos ciphersuites from RFC2712
+        if (!PRESERVE_RC4) {
+            add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+                0x001f, --p, K_KRB5,        B_3DES,    N);
+            add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+                0x0023, --p, K_KRB5,        B_3DES,    N);
+        }
         add("TLS_KRB5_WITH_RC4_128_SHA",
             0x0020, --p, K_KRB5,        B_RC4_128, N);
         add("TLS_KRB5_WITH_RC4_128_MD5",
             0x0024, --p, K_KRB5,        B_RC4_128, N);
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-            0x001f, --p, K_KRB5,        B_3DES,    N);
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
-            0x0023, --p, K_KRB5,        B_3DES,    N);
+        if (PRESERVE_RC4) {
+            add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+                0x001f, --p, K_KRB5,        B_3DES,    N);
+            add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+                0x0023, --p, K_KRB5,        B_3DES,    N);
+        }
         add("TLS_KRB5_WITH_DES_CBC_SHA",
             0x001e, --p, K_KRB5,        B_DES,     N, tls12);
         add("TLS_KRB5_WITH_DES_CBC_MD5",
             0x0022, --p, K_KRB5,        B_DES,     N, tls12);
+        if (!PRESERVE_RC4) {
+            add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+                0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+            add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+                0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+        }
         add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
             0x0028, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
         add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
             0x002b, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-            0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
-            0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+        if (PRESERVE_RC4) {
+            add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+                0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+            add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+                0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
+        }
 
         /*
          * Other values from the TLS Cipher Suite Registry, as of August 2010.
--- a/src/share/classes/sun/security/tools/JarSigner.java	Wed Jul 30 11:12:38 2014 -0700
+++ b/src/share/classes/sun/security/tools/JarSigner.java	Thu Aug 07 12:19:57 2014 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1547,8 +1547,7 @@
             first = false;
         }
         try {
-            CertPath cp = certificateFactory.generateCertPath(certs);
-            validator.validate(cp, pkixParameters);
+            validateCertChain(certs);
         } catch (Exception e) {
             if (debug) {
                 e.printStackTrace();
@@ -1859,8 +1858,7 @@
             printCert("", certChain[0], true, null, true);
 
             try {
-                CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
-                validator.validate(cp, pkixParameters);
+                validateCertChain(Arrays.asList(certChain));
             } catch (Exception e) {
                 if (debug) {
                     e.printStackTrace();
@@ -1925,6 +1923,22 @@
         System.exit(1);
     }
 
+    void validateCertChain(List<? extends Certificate> certs) throws Exception {
+        int cpLen = 0;
+        out: for (; cpLen<certs.size(); cpLen++) {
+            for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
+                if (ta.getTrustedCert().equals(certs.get(cpLen))) {
+                    break out;
+                }
+            }
+        }
+        if (cpLen > 0) {
+            CertPath cp = certificateFactory.generateCertPath(
+                    (cpLen == certs.size())? certs: certs.subList(0, cpLen));
+            validator.validate(cp, pkixParameters);
+        }
+    }
+
     char[] getPass(String prompt)
     {
         System.err.print(prompt);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/bind/xjc/8029837/PreParseGrammarTest.java	Thu Aug 07 12:19:57 2014 +0100
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029837
+ * @summary Test simulates the partial call to xjc ant task that fails with
+ *          NullPointer exception
+ * @run main/othervm PreParseGrammarTest
+ */
+
+import com.sun.org.apache.xerces.internal.parsers.XMLGrammarPreparser;
+import com.sun.org.apache.xerces.internal.xni.XNIException;
+import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
+import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class PreParseGrammarTest {
+
+    public static void main(String[] args) throws FileNotFoundException, XNIException, IOException {
+        File xsdf = new File(System.getProperty("test.src", ".") + "/test.xsd");
+        InputStream is = new BufferedInputStream(new FileInputStream(xsdf));
+        XMLInputSource xis = new XMLInputSource(null, null, null, is, null);
+        XMLGrammarPreparser gp = new XMLGrammarPreparser();
+        gp.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+        //The NullPointerException is observed on next call during ant task
+        // execution
+        Grammar res = gp.preparseGrammar(XMLGrammarDescription.XML_SCHEMA, xis);
+        System.out.println("Grammar preparsed successfully:" + res);
+        return;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/bind/xjc/8029837/test.xsd	Thu Aug 07 12:19:57 2014 +0100
@@ -0,0 +1,4 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+	<xsd:element name="root">
+	</xsd:element>
+</xsd:schema>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOldOrder.java	Thu Aug 07 12:19:57 2014 +0100
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7174244 8043200 8050158
+ * @summary NPE in Krb5ProxyImpl.getServerKeys()
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ * @run main/othervm -Djdk.tls.preserveRC4CipherSuites=true CipherSuitesInOldOrder
+ */
+
+import java.util.*;
+import javax.net.ssl.*;
+
+public class CipherSuitesInOldOrder {
+
+    // supported ciphersuites
+    private final static List<String> supportedCipherSuites =
+            Arrays.<String>asList(
+        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+        "TLS_RSA_WITH_AES_256_CBC_SHA256",
+        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+        "SSL_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+        "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+        "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+        "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+        "SSL_RSA_WITH_RC4_128_MD5",
+
+        "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+
+        "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+        "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+        "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+        "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+        "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_anon_WITH_RC4_128_SHA",
+        "SSL_DH_anon_WITH_RC4_128_MD5",
+        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+        "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+        "TLS_RSA_WITH_NULL_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+        "TLS_ECDHE_RSA_WITH_NULL_SHA",
+        "SSL_RSA_WITH_NULL_SHA",
+        "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+        "TLS_ECDH_RSA_WITH_NULL_SHA",
+        "TLS_ECDH_anon_WITH_NULL_SHA",
+        "SSL_RSA_WITH_NULL_MD5",
+        "SSL_RSA_WITH_DES_CBC_SHA",
+        "SSL_DHE_RSA_WITH_DES_CBC_SHA",
+        "SSL_DHE_DSS_WITH_DES_CBC_SHA",
+        "SSL_DH_anon_WITH_DES_CBC_SHA",
+        "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
+        "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
+        "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+        "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_KRB5_WITH_RC4_128_SHA",
+        "TLS_KRB5_WITH_RC4_128_MD5",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+        "TLS_KRB5_WITH_DES_CBC_SHA",
+        "TLS_KRB5_WITH_DES_CBC_MD5",
+        "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+        "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
+    );
+
+    private final static String[] protocols = {
+        "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
+    };
+
+
+    public static void main(String[] args) throws Exception {
+        // show all of the supported cipher suites
+        showSuites(supportedCipherSuites.toArray(new String[0]),
+                                "All supported cipher suites");
+
+        for (String protocol : protocols) {
+            System.out.println("//");
+            System.out.println("// " +
+                        "Testing for SSLContext of " + protocol);
+            System.out.println("//");
+            checkForProtocols(protocol);
+        }
+    }
+
+    public static void checkForProtocols(String protocol) throws Exception {
+        SSLContext context;
+        if (protocol.isEmpty()) {
+            context = SSLContext.getDefault();
+        } else {
+            context = SSLContext.getInstance(protocol);
+            context.init(null, null, null);
+        }
+
+        // check the order of default cipher suites of SSLContext
+        SSLParameters parameters = context.getDefaultSSLParameters();
+        checkSuites(parameters.getCipherSuites(),
+                "Default cipher suites in SSLContext");
+
+        // check the order of supported cipher suites of SSLContext
+        parameters = context.getSupportedSSLParameters();
+        checkSuites(parameters.getCipherSuites(),
+                "Supported cipher suites in SSLContext");
+
+
+        //
+        // Check the cipher suites order of SSLEngine
+        //
+        SSLEngine engine = context.createSSLEngine();
+
+        // check the order of endabled cipher suites
+        String[] ciphers = engine.getEnabledCipherSuites();
+        checkSuites(ciphers,
+                "Enabled cipher suites in SSLEngine");
+
+        // check the order of supported cipher suites
+        ciphers = engine.getSupportedCipherSuites();
+        checkSuites(ciphers,
+                "Supported cipher suites in SSLEngine");
+
+        //
+        // Check the cipher suites order of SSLSocket
+        //
+        SSLSocketFactory factory = context.getSocketFactory();
+        try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
+
+            // check the order of endabled cipher suites
+            ciphers = socket.getEnabledCipherSuites();
+            checkSuites(ciphers,
+                "Enabled cipher suites in SSLSocket");
+
+            // check the order of supported cipher suites
+            ciphers = socket.getSupportedCipherSuites();
+            checkSuites(ciphers,
+                "Supported cipher suites in SSLSocket");
+        }
+
+        //
+        // Check the cipher suites order of SSLServerSocket
+        //
+        SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
+        try (SSLServerSocket serverSocket =
+                (SSLServerSocket)serverFactory.createServerSocket()) {
+            // check the order of endabled cipher suites
+            ciphers = serverSocket.getEnabledCipherSuites();
+            checkSuites(ciphers,
+                "Enabled cipher suites in SSLServerSocket");
+
+            // check the order of supported cipher suites
+            ciphers = serverSocket.getSupportedCipherSuites();
+            checkSuites(ciphers,
+                "Supported cipher suites in SSLServerSocket");
+        }
+    }
+
+    private static void checkSuites(String[] suites, String title) {
+        showSuites(suites, title);
+
+        int loc = -1;
+        int index = 0;
+        for (String suite : suites) {
+            index = supportedCipherSuites.indexOf(suite);
+            if (index <= loc) {
+                throw new RuntimeException(suite + " is not in order");
+            }
+
+            loc = index;
+        }
+    }
+
+    private static void showSuites(String[] suites, String title) {
+        System.out.println(title + "[" + suites.length + "]:");
+        for (String suite : suites) {
+            System.out.println("  " + suite);
+        }
+    }
+}
--- a/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Wed Jul 30 11:12:38 2014 -0700
+++ b/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Thu Aug 07 12:19:57 2014 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 7174244
+ * @bug 7174244 8043200
  * @summary NPE in Krb5ProxyImpl.getServerKeys()
  *
  *     SunJSSE does not support dynamic system properties, no way to re-use
@@ -67,11 +67,6 @@
         "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-        "SSL_RSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
         "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
         "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
         "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
@@ -79,6 +74,11 @@
         "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
         "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
         "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+        "SSL_RSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
         "SSL_RSA_WITH_RC4_128_MD5",
 
         "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
@@ -89,18 +89,10 @@
         "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
         "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+        "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
         "TLS_ECDH_anon_WITH_RC4_128_SHA",
         "SSL_DH_anon_WITH_RC4_128_MD5",
-        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-        "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
-        "TLS_RSA_WITH_NULL_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
-        "TLS_ECDHE_RSA_WITH_NULL_SHA",
-        "SSL_RSA_WITH_NULL_SHA",
-        "TLS_ECDH_ECDSA_WITH_NULL_SHA",
-        "TLS_ECDH_RSA_WITH_NULL_SHA",
-        "TLS_ECDH_anon_WITH_NULL_SHA",
-        "SSL_RSA_WITH_NULL_MD5",
         "SSL_RSA_WITH_DES_CBC_SHA",
         "SSL_DHE_RSA_WITH_DES_CBC_SHA",
         "SSL_DHE_DSS_WITH_DES_CBC_SHA",
@@ -111,16 +103,24 @@
         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
         "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+        "TLS_RSA_WITH_NULL_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+        "TLS_ECDHE_RSA_WITH_NULL_SHA",
+        "SSL_RSA_WITH_NULL_SHA",
+        "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+        "TLS_ECDH_RSA_WITH_NULL_SHA",
+        "TLS_ECDH_anon_WITH_NULL_SHA",
+        "SSL_RSA_WITH_NULL_MD5",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+        "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
         "TLS_KRB5_WITH_RC4_128_SHA",
         "TLS_KRB5_WITH_RC4_128_MD5",
-        "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-        "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
         "TLS_KRB5_WITH_DES_CBC_SHA",
         "TLS_KRB5_WITH_DES_CBC_MD5",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
         "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
-        "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
-        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-        "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
+        "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
     );
 
     private final static String[] protocols = {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/certpolicy.sh	Thu Aug 07 12:19:57 2014 +0100
@@ -0,0 +1,79 @@
+#
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8036709
+# @summary Java 7 jarsigner displays warning about cert policy tree
+#
+# @run shell certpolicy.sh
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \
+        -keypass changeit -storepass changeit -keystore ks -keyalg rsa"
+JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks"
+JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS"
+
+rm ks 2> /dev/null
+$KT -genkeypair -alias ca -dname CN=CA -ext bc
+$KT -genkeypair -alias int -dname CN=Int
+$KT -genkeypair -alias ee -dname CN=EE
+
+# CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
+# PolicyConstraints: [Require: 0; Inhibit: unspecified]
+$KT -certreq -alias int | \
+        $KT -gencert -rfc -alias ca \
+                -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \
+                -ext "2.5.29.36=30 03 80 01 00" -ext bc | \
+        $KT -import -alias int
+
+# CertificatePolicies [[PolicyId: [1.2.3]]]
+$KT -certreq -alias ee | \
+        $KT -gencert -rfc -alias int \
+                -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \
+        $KT -import -alias ee
+
+$KT -export -alias ee -rfc > cc
+$KT -export -alias int -rfc >> cc
+$KT -export -alias ca -rfc >> cc
+
+$KT -delete -alias int
+
+ERR=''
+$JAR cvf a.jar cc
+
+# Make sure the certchain in the signed jar contains all 3 certs
+$JS -strict -certchain cc a.jar ee -debug || ERR="sign"
+$JS -strict -verify a.jar -debug || ERR="$ERR verify"
+
+if [ "$ERR" = "" ]; then
+    echo "Success"
+    exit 0
+else
+    echo "Failed: $ERR"
+    exit 1
+fi