changeset 1546:485d3eb9b50b

Merge
author vinnie
date Tue, 11 Aug 2009 16:57:09 +0100
parents 1ff7163fc5f7 a9a5aabecc01
children 95ae810b66fb
files
diffstat 26 files changed, 768 insertions(+), 76 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/dns/DnsContext.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/com/sun/jndi/dns/DnsContext.java	Tue Aug 11 16:57:09 2009 +0100
@@ -972,14 +972,11 @@
     }
 
     /*
-     * ctx will be closed when no longer needed by the enumeration.
+     * ctx will be set to null when no longer needed by the enumeration.
      */
-    public void close () {
+    public void close() {
         nodes = null;
-        if (ctx != null) {
-            ctx.close();
-            ctx = null;
-        }
+        ctx = null;
     }
 
     public boolean hasMore() {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+/**
+ * Kerberos 5 AuthorizationData entry.
+ */
+final public class AuthorizationDataEntry {
+
+    private final int type;
+    private final byte[] data;
+
+    /**
+     * Create an AuthorizationDataEntry object.
+     * @param type the ad-type
+     * @param data the ad-data, a copy of the data will be saved
+     * inside the object.
+     */
+    public AuthorizationDataEntry(int type, byte[] data) {
+        this.type = type;
+        this.data = data.clone();
+    }
+
+    /**
+     * Get the ad-type field.
+     * @return ad-type
+     */
+    public int getType() {
+        return type;
+    }
+
+    /**
+     * Get a copy of the ad-data field.
+     * @return ad-data
+     */
+    public byte[] getData() {
+        return data.clone();
+    }
+
+    public String toString() {
+        return "AuthorizationDataEntry: type="+type+", data=" +
+                data.length + " bytes:\n" +
+                new sun.misc.HexDumpEncoder().encode(data);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSContext interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSContext},
+ * such as querying context-specific attributes.
+ */
+public interface ExtendedGSSContext extends GSSContext {
+    /**
+     * Return the mechanism-specific attribute associated with {@code type}.
+     * <br><br>
+     * For each supported attribute type, the type for the output are
+     * defined below.
+     * <ol>
+     * <li>{@code KRB5_GET_TKT_FLAGS}:
+     * the returned object is a boolean array for the service ticket flags,
+     * which is long enough to contain all true bits. This means if
+     * the user wants to get the <em>n</em>'th bit but the length of the
+     * returned array is less than <em>n</em>, it is regarded as false.
+     * <li>{@code KRB5_GET_SESSION_KEY}:
+     * the returned object is an instance of {@link java.security.Key},
+     * which has the following properties:
+     *    <ul>
+     *    <li>Algorithm: enctype as a string, where
+     *        enctype is defined in RFC 3961, section 8.
+     *    <li>Format: "RAW"
+     *    <li>Encoded form: the raw key bytes, not in any ASN.1 encoding
+     *    </ul>
+     * <li>{@code KRB5_GET_AUTHZ_DATA}:
+     * the returned object is an array of
+     * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the
+     * optional field is missing in the service ticket.
+     * <li>{@code KRB5_GET_AUTHTIME}:
+     * the returned object is a String object in the standard KerberosTime
+     * format defined in RFC 4120 5.2.3
+     * </ol>
+     *
+     * If there is a security manager, an {@link InquireSecContextPermission}
+     * with the name {@code type.mech} must be granted. Otherwise, this could
+     * result in a {@link SecurityException}.<p>
+     *
+     * Example:
+     * <pre>
+     *      GSSContext ctxt = m.createContext(...)
+     *      // Establishing the context
+     *      if (ctxt instanceof ExtendedGSSContext) {
+     *          ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
+     *          try {
+     *              Key key = (key)ex.inquireSecContext(
+     *                      InquireType.KRB5_GET_SESSION_KEY);
+     *              // read key info
+     *          } catch (GSSException gsse) {
+     *              // deal with exception
+     *          }
+     *      }
+     * </pre>
+     * @param type the type of the attribute requested
+     * @return the attribute, see the method documentation for details.
+     * @throws GSSException containing  the following
+     * major error codes:
+     *   {@link GSSException#BAD_MECH GSSException.BAD_MECH} if the mechanism
+     *   does not support this method,
+     *   {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE} if the
+     *   type specified is not supported,
+     *   {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT} if the
+     *   security context is invalid,
+     *   {@link GSSException#FAILURE GSSException.FAILURE} for other
+     *   unspecified failures.
+     * @throws SecurityException if a security manager exists and a proper
+     *   {@link InquireSecContextPermission} is not granted.
+     * @see InquireSecContextPermission
+     */
+    public Object inquireSecContext(InquireType type)
+            throws GSSException;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+import java.security.BasicPermission;
+
+/**
+ * This class is used to protect various attributes of an established
+ * GSS security context that can be accessed using the
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ * method.
+ *
+ * <p>The target name is the {@link InquireType} allowed.
+ */
+public final class InquireSecContextPermission extends BasicPermission {
+
+    /**
+     * Constructs a new {@code InquireSecContextPermission} object with
+     * the specified name. The name is the symbolic name of the
+     * {@link InquireType} allowed.
+     *
+     * @param name the {@link InquireType} allowed by this
+     * permission. "*" means all {@link InquireType}s are allowed.
+     *
+     * @throws NullPointerException if <code>name</code> is <code>null</code>.
+     * @throws IllegalArgumentException if <code>name</code> is empty.
+     */
+    public InquireSecContextPermission(String name) {
+        super(name);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/security/jgss/InquireType.java	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+/**
+ * Attribute types that can be specified as an argument of
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ */
+public enum InquireType {
+    /**
+     * Attribute type for retrieving the session key of an
+     * established Kerberos 5 security context.
+     */
+    KRB5_GET_SESSION_KEY,
+    /**
+     * Attribute type for retrieving the service ticket flags of an
+     * established Kerberos 5 security context.
+     */
+    KRB5_GET_TKT_FLAGS,
+    /**
+     * Attribute type for retrieving the authorization data in the
+     * service ticket of an established Kerberos 5 security context.
+     * Only supported on the acceptor side.
+     */
+    KRB5_GET_AUTHZ_DATA,
+    /**
+     * Attribute type for retrieving the authtime in the service ticket
+     * of an established Kerberos 5 security context.
+     */
+    KRB5_GET_AUTHTIME
+}
--- a/src/share/classes/java/nio/file/SimpleFileVisitor.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/java/nio/file/SimpleFileVisitor.java	Tue Aug 11 16:57:09 2009 +0100
@@ -48,6 +48,14 @@
     }
 
     /**
+     * Throws NullPointerException if obj is null.
+     */
+    private static void checkNotNull(Object obj) {
+        if (obj == null)
+            throw new NullPointerException();
+    }
+
+    /**
      * Invoked for a directory before entries in the directory are visited.
      *
      * <p> Unless overridden, this method returns {@link FileVisitResult#CONTINUE
@@ -55,6 +63,7 @@
      */
     @Override
     public FileVisitResult preVisitDirectory(T dir) {
+        checkNotNull(dir);
         return FileVisitResult.CONTINUE;
     }
 
@@ -70,6 +79,8 @@
      */
     @Override
     public FileVisitResult preVisitDirectoryFailed(T dir, IOException exc) {
+        checkNotNull(dir);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -81,6 +92,8 @@
      */
     @Override
     public FileVisitResult visitFile(T file, BasicFileAttributes attrs) {
+        checkNotNull(file);
+        checkNotNull(attrs);
         return FileVisitResult.CONTINUE;
     }
 
@@ -96,6 +109,8 @@
      */
     @Override
     public FileVisitResult visitFileFailed(T file, IOException exc) {
+        checkNotNull(file);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -114,6 +129,7 @@
      */
     @Override
     public FileVisitResult postVisitDirectory(T dir, IOException exc) {
+        checkNotNull(dir);
         if (exc != null)
             throw new IOError(exc);
         return FileVisitResult.CONTINUE;
--- a/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java	Tue Aug 11 16:57:09 2009 +0100
@@ -75,7 +75,7 @@
  *         .lookupPrincipalByName("joe");
  *
  *     // get view
- *     AclFileAttributeView view = file.newFileAttributeView(AclFileAttributeView.class);
+ *     AclFileAttributeView view = file.getFileAttributeView(AclFileAttributeView.class);
  *
  *     // create ACE to give "joe" read access
  *     AclEntry entry = AclEntry.newBuilder()
--- a/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java	Tue Aug 11 16:57:09 2009 +0100
@@ -61,7 +61,7 @@
  * Suppose we need to print out the owner and access permissions of a file:
  * <pre>
  *     FileRef file = ...
- *     PosixFileAttributes attrs = file.newFileAttributeView(PosixFileAttributeView.class)
+ *     PosixFileAttributes attrs = file.getFileAttributeView(PosixFileAttributeView.class)
  *         .readAttributes();
  *     System.out.format("%s %s%n",
  *         attrs.owner().getName(),
--- a/src/share/classes/sun/security/jgss/GSSContextImpl.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/GSSContextImpl.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,13 @@
 
 import org.ietf.jgss.*;
 import sun.security.jgss.spi.*;
-import sun.security.jgss.*;
 import sun.security.util.ObjectIdentifier;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-
+import com.sun.security.jgss.*;
 
 /**
  * This class represents the JGSS security context and its associated
@@ -88,7 +87,7 @@
  * per-message operations are returned in an instance of the MessageProp
  * class, which is used as an argument in these calls.</dl>
  */
-class GSSContextImpl implements GSSContext {
+class GSSContextImpl implements ExtendedGSSContext {
 
     private GSSManagerImpl gssManager = null;
 
@@ -630,4 +629,16 @@
         srcName = null;
         targName = null;
     }
+
+    @Override
+    public Object inquireSecContext(InquireType type) throws GSSException {
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkPermission(new InquireSecContextPermission(type.toString()));
+        }
+        if (mechCtxt == null) {
+            throw new GSSException(GSSException.NO_CONTEXT);
+        }
+        return mechCtxt.inquireSecContext(type);
+    }
 }
--- a/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,14 @@
 
 package sun.security.jgss.krb5;
 
+import com.sun.security.jgss.AuthorizationDataEntry;
 import org.ietf.jgss.*;
 import java.io.InputStream;
-import java.io.OutputStream;
 import java.io.IOException;
 import sun.security.krb5.*;
 import java.net.InetAddress;
+import sun.security.krb5.internal.AuthorizationData;
+import sun.security.krb5.internal.KerberosTime;
 
 class InitSecContextToken extends InitialToken {
 
@@ -59,6 +61,9 @@
 
         Checksum checksum = gssChecksum.getChecksum();
 
+        context.setTktFlags(serviceTicket.getFlags());
+        context.setAuthTime(
+                new KerberosTime(serviceTicket.getAuthTime()).toString());
         apReq = new KrbApReq(serviceTicket,
                              mutualRequired,
                              useSubkey,
@@ -143,6 +148,21 @@
             // Use the same sequence number as the peer
             // (Behaviour exhibited by the Windows SSPI server)
             context.resetMySequenceNumber(peerSeqNumber);
+        context.setAuthTime(
+                new KerberosTime(apReq.getCreds().getAuthTime()).toString());
+        context.setTktFlags(apReq.getCreds().getFlags());
+        AuthorizationData ad = apReq.getCreds().getAuthzData();
+        if (ad == null) {
+            context.setAuthzData(null);
+        } else {
+            AuthorizationDataEntry[] authzData =
+                    new AuthorizationDataEntry[ad.count()];
+            for (int i=0; i<ad.count(); i++) {
+                authzData[i] = new AuthorizationDataEntry(
+                        ad.item(i).adType, ad.item(i).adData);
+            }
+            context.setAuthzData(authzData);
+        }
     }
 
     public final KrbApReq getKrbApReq() {
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Tue Aug 11 16:57:09 2009 +0100
@@ -25,6 +25,7 @@
 
 package sun.security.jgss.krb5;
 
+import com.sun.security.jgss.InquireType;
 import org.ietf.jgss.*;
 import sun.misc.HexDumpEncoder;
 import sun.security.jgss.GSSUtil;
@@ -38,6 +39,7 @@
 import java.security.Provider;
 import java.security.AccessController;
 import java.security.AccessControlContext;
+import java.security.Key;
 import java.security.PrivilegedExceptionAction;
 import java.security.PrivilegedActionException;
 import javax.crypto.Cipher;
@@ -1283,4 +1285,81 @@
         // Currently used by InitialToken only
         return caller;
     }
+
+    /**
+     * The session key returned by inquireSecContext(KRB5_INQ_SSPI_SESSION_KEY)
+     */
+    static class KerberosSessionKey implements Key {
+        private final EncryptionKey key;
+
+        KerberosSessionKey(EncryptionKey key) {
+            this.key = key;
+        }
+
+        @Override
+        public String getAlgorithm() {
+            return Integer.toString(key.getEType());
+        }
+
+        @Override
+        public String getFormat() {
+            return "RAW";
+        }
+
+        @Override
+        public byte[] getEncoded() {
+            return key.getBytes().clone();
+        }
+
+        @Override
+        public String toString() {
+            return "Kerberos session key: etype: " + key.getEType() + "\n" +
+                    new sun.misc.HexDumpEncoder().encodeBuffer(key.getBytes());
+        }
+    }
+
+    /**
+     * Return the mechanism-specific attribute associated with {@code type}.
+     */
+    public Object inquireSecContext(InquireType type)
+            throws GSSException {
+        if (!isEstablished()) {
+             throw new GSSException(GSSException.NO_CONTEXT, -1,
+                     "Security context not established.");
+        }
+        switch (type) {
+            case KRB5_GET_SESSION_KEY:
+                return new KerberosSessionKey(key);
+            case KRB5_GET_TKT_FLAGS:
+                return tktFlags.clone();
+            case KRB5_GET_AUTHZ_DATA:
+                if (isInitiator()) {
+                    throw new GSSException(GSSException.UNAVAILABLE, -1,
+                            "AuthzData not available on initiator side.");
+                } else {
+                    return (authzData==null)?null:authzData.clone();
+                }
+            case KRB5_GET_AUTHTIME:
+                return authTime;
+        }
+        throw new GSSException(GSSException.UNAVAILABLE, -1,
+                "Inquire type not supported.");
+    }
+
+    // Helpers for inquireSecContext
+    private boolean[] tktFlags;
+    private String authTime;
+    private com.sun.security.jgss.AuthorizationDataEntry[] authzData;
+
+    public void setTktFlags(boolean[] tktFlags) {
+        this.tktFlags = tktFlags;
+    }
+
+    public void setAuthTime(String authTime) {
+        this.authTime = authTime;
+    }
+
+    public void setAuthzData(com.sun.security.jgss.AuthorizationDataEntry[] authzData) {
+        this.authzData = authzData;
+    }
 }
--- a/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Portions Copyright 2000-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Portions Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,7 @@
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.Provider;
+import com.sun.security.jgss.*;
 
 /**
  * This interface is implemented by a mechanism specific instance of a GSS
@@ -265,7 +266,6 @@
      * @param msgPro on input it contains the requested qop and
      *    confidentiality state, on output, the applied values
      * @exception GSSException may be thrown
-     * @see MessageInfo
      * @see unwrap
      */
     public void wrap(InputStream is, OutputStream os, MessageProp msgProp)
@@ -315,7 +315,6 @@
      * @param msgProp will contain the applied qop and confidentiality
      *    of the input token and any informatory status values
      * @exception GSSException may be thrown
-     * @see MessageInfo
      * @see wrap
      */
     public void unwrap(InputStream is, OutputStream os,
@@ -403,4 +402,15 @@
      * @exception GSSException may be thrown
      */
     public void dispose() throws GSSException;
+
+    /**
+     * Return the mechanism-specific attribute associated with (@code type}.
+     *
+     * @param type the type of the attribute requested
+     * @return the attribute
+     * @throws GSSException see {@link ExtendedGSSContext#inquireSecContext}
+     * for details
+     */
+    public Object inquireSecContext(InquireType type)
+            throws GSSException;
 }
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Tue Aug 11 16:57:09 2009 +0100
@@ -25,10 +25,10 @@
 
 package sun.security.jgss.spnego;
 
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
 import java.io.*;
 import java.security.Provider;
-import java.util.List;
-import java.util.ArrayList;
 import org.ietf.jgss.*;
 import sun.security.jgss.*;
 import sun.security.jgss.spi.*;
@@ -1185,4 +1185,22 @@
                 return ("Unknown state " + state);
         }
     }
+
+    /**
+     * Retrieve attribute of the context for {@code type}.
+     */
+    public Object inquireSecContext(InquireType type)
+            throws GSSException {
+        if (mechContext == null) {
+            throw new GSSException(GSSException.NO_CONTEXT, -1,
+                    "Underlying mech not established.");
+        }
+        if (mechContext instanceof ExtendedGSSContext) {
+            return ((ExtendedGSSContext)mechContext).inquireSecContext(type);
+        } else {
+            throw new GSSException(GSSException.BAD_MECH, -1,
+                    "inquireSecContext not supported by underlying mech.");
+        }
+    }
+
 }
--- a/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
 import sun.security.jgss.spnego.NegTokenInit;
 import sun.security.jgss.spnego.NegTokenTarg;
 import javax.security.auth.kerberos.DelegationPermission;
+import com.sun.security.jgss.InquireType;
 import java.io.*;
 
 
@@ -615,4 +616,10 @@
     protected void finalize() throws Throwable {
         dispose();
     }
+
+    public Object inquireSecContext(InquireType type)
+            throws GSSException {
+        throw new GSSException(GSSException.UNAVAILABLE, -1,
+                "Inquire type not supported.");
+    }
 }
--- a/src/share/classes/sun/security/krb5/Credentials.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/krb5/Credentials.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Portions Copyright 2000-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Portions Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,6 +63,7 @@
     KerberosTime renewTill;
     HostAddresses cAddr;
     EncryptionKey serviceKey;
+    AuthorizationData authzData;
     private static boolean DEBUG = Krb5.DEBUG;
     private static CredentialsCache cache;
     static boolean alreadyLoaded = false;
@@ -78,6 +79,22 @@
                        KerberosTime new_startTime,
                        KerberosTime new_endTime,
                        KerberosTime renewTill,
+                       HostAddresses cAddr,
+                       AuthorizationData authzData) {
+        this(new_ticket, new_client, new_server, new_key, new_flags,
+                authTime, new_startTime, new_endTime, renewTill, cAddr);
+        this.authzData = authzData;
+    }
+
+    public Credentials(Ticket new_ticket,
+                       PrincipalName new_client,
+                       PrincipalName new_server,
+                       EncryptionKey new_key,
+                       TicketFlags new_flags,
+                       KerberosTime authTime,
+                       KerberosTime new_startTime,
+                       KerberosTime new_endTime,
+                       KerberosTime renewTill,
                        HostAddresses cAddr) {
         ticket = new_ticket;
         client = new_client;
@@ -213,6 +230,9 @@
         return flags;
     }
 
+    public AuthorizationData getAuthzData() {
+        return authzData;
+    }
     /**
      * Checks if the service ticket returned by the KDC has the OK-AS-DELEGATE
      * flag set
--- a/src/share/classes/sun/security/krb5/KrbApReq.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/krb5/KrbApReq.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Portions Copyright 2000-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Portions Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -356,12 +356,13 @@
                                 authenticator.cname,
                                 apReqMessg.ticket.sname,
                                 enc_ticketPart.key,
-                                null,
+                                enc_ticketPart.flags,
                                 enc_ticketPart.authtime,
                                 enc_ticketPart.starttime,
                                 enc_ticketPart.endtime,
                                 enc_ticketPart.renewTill,
-                                enc_ticketPart.caddr);
+                                enc_ticketPart.caddr,
+                                enc_ticketPart.authorizationData);
         if (DEBUG) {
             System.out.println(">>> KrbApReq: authenticate succeed.");
         }
--- a/src/share/classes/sun/security/krb5/internal/AuthorizationData.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/krb5/internal/AuthorizationData.java	Tue Aug 11 16:57:09 2009 +0100
@@ -174,4 +174,12 @@
         }
         return retVal;
     }
+
+    public int count() {
+        return entry.length;
+    }
+
+    public AuthorizationDataEntry item(int i) {
+        return (AuthorizationDataEntry)entry[i].clone();
+    }
 }
--- a/src/share/classes/sun/security/tools/JarSigner.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/tools/JarSigner.java	Tue Aug 11 16:57:09 2009 +0100
@@ -412,6 +412,16 @@
         }
         storetype = KeyStoreUtil.niceStoreTypeName(storetype);
 
+        try {
+            if (signedjar != null && new File(signedjar).getCanonicalPath().equals(
+                    new File(jarfile).getCanonicalPath())) {
+                signedjar = null;
+            }
+        } catch (IOException ioe) {
+            // File system error?
+            // Just ignore it.
+        }
+
         if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
                 KeyStoreUtil.isWindowsKeyStore(storetype)) {
             token = true;
--- a/src/share/classes/sun/security/tools/KeyTool.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/tools/KeyTool.java	Tue Aug 11 16:57:09 2009 +0100
@@ -880,41 +880,41 @@
             // might not work properly, since -gencert is slow
             // and there's no data in the pipe at the beginning.
             ByteArrayOutputStream bout = new ByteArrayOutputStream();
-            byte[] b = new byte[4096];
-            while (true) {
-                int len = inStream.read(b);
-                if (len < 0) break;
-                bout.write(b, 0, len);
-            }
-            inStream = new ByteArrayInputStream(bout.toByteArray());
             try {
-                String importAlias = (alias!=null)?alias:keyAlias;
-                if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
-                    kssave = installReply(importAlias, inStream);
-                    if (kssave) {
-                        System.err.println(rb.getString
-                            ("Certificate reply was installed in keystore"));
-                    } else {
-                        System.err.println(rb.getString
-                            ("Certificate reply was not installed in keystore"));
-                    }
-                } else if (!keyStore.containsAlias(importAlias) ||
-                        keyStore.entryInstanceOf(importAlias,
-                            KeyStore.TrustedCertificateEntry.class)) {
-                    kssave = addTrustedCert(importAlias, inStream);
-                    if (kssave) {
-                        System.err.println(rb.getString
-                            ("Certificate was added to keystore"));
-                    } else {
-                        System.err.println(rb.getString
-                            ("Certificate was not added to keystore"));
-                    }
+                byte[] b = new byte[4096];
+                while (true) {
+                    int len = inStream.read(b);
+                    if (len < 0) break;
+                    bout.write(b, 0, len);
                 }
             } finally {
                 if (inStream != System.in) {
                     inStream.close();
                 }
             }
+            inStream = new ByteArrayInputStream(bout.toByteArray());
+            String importAlias = (alias!=null)?alias:keyAlias;
+            if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
+                kssave = installReply(importAlias, inStream);
+                if (kssave) {
+                    System.err.println(rb.getString
+                        ("Certificate reply was installed in keystore"));
+                } else {
+                    System.err.println(rb.getString
+                        ("Certificate reply was not installed in keystore"));
+                }
+            } else if (!keyStore.containsAlias(importAlias) ||
+                    keyStore.entryInstanceOf(importAlias,
+                        KeyStore.TrustedCertificateEntry.class)) {
+                kssave = addTrustedCert(importAlias, inStream);
+                if (kssave) {
+                    System.err.println(rb.getString
+                        ("Certificate was added to keystore"));
+                } else {
+                    System.err.println(rb.getString
+                        ("Certificate was not added to keystore"));
+                }
+            }
         } else if (command == IMPORTKEYSTORE) {
             doImportKeyStore();
             kssave = true;
--- a/src/share/classes/sun/security/tools/PolicyTool.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/share/classes/sun/security/tools/PolicyTool.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,21 +35,16 @@
 import java.lang.reflect.*;
 import java.text.Collator;
 import java.text.MessageFormat;
-import sun.misc.BASE64Decoder;
-import sun.security.provider.PolicyParser.PermissionEntry;
 import sun.security.util.PropertyExpander;
 import sun.security.util.PropertyExpander.ExpandException;
 import java.awt.*;
 import java.awt.event.*;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
 import java.security.*;
 import sun.security.provider.*;
 import sun.security.util.PolicyUtil;
 import javax.security.auth.x500.X500Principal;
-import java.util.HashSet;
 
 /**
  * PolicyTool may be used by users and administrators to configure the
@@ -1459,6 +1454,7 @@
         PERM_ARRAY.add(new AWTPerm());
         PERM_ARRAY.add(new DelegationPerm());
         PERM_ARRAY.add(new FilePerm());
+        PERM_ARRAY.add(new InqSecContextPerm());
         PERM_ARRAY.add(new LogPerm());
         PERM_ARRAY.add(new MgmtPerm());
         PERM_ARRAY.add(new MBeanPerm());
@@ -3961,6 +3957,20 @@
     }
 }
 
+class InqSecContextPerm extends Perm {
+    public InqSecContextPerm() {
+    super("InquireSecContextPermission",
+        "com.sun.security.jgss.InquireSecContextPermission",
+        new String[]    {
+                "KRB5_GET_SESSION_KEY",
+                "KRB5_GET_TKT_FLAGS",
+                "KRB5_GET_AUTHZ_DATA",
+                "KRB5_GET_AUTHTIME"
+                },
+        null);
+    }
+}
+
 class LogPerm extends Perm {
     public LogPerm() {
     super("LoggingPermission",
--- a/src/solaris/native/sun/nio/ch/Net.c	Tue Aug 11 16:52:26 2009 +0100
+++ b/src/solaris/native/sun/nio/ch/Net.c	Tue Aug 11 16:57:09 2009 +0100
@@ -541,7 +541,7 @@
 {
     int how = (jhow == sun_nio_ch_Net_SHUT_RD) ? SHUT_RD :
         (jhow == sun_nio_ch_Net_SHUT_WR) ? SHUT_WR : SHUT_RDWR;
-    if (shutdown(fdval(env, fdo), how) < 0)
+    if ((shutdown(fdval(env, fdo), how) < 0) && (errno != ENOTCONN))
         handleSocketError(env, errno);
 }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ * @bug 6710360
+ * @summary export Kerberos session key to applications
+ */
+
+import com.sun.security.jgss.InquireSecContextPermission;
+
+public class InquireSecContextPermissionCheck {
+
+    public static void main(String[] args) throws Exception {
+
+        InquireSecContextPermission p0, p1;
+        p0 = new InquireSecContextPermission(
+                "KRB5_GET_SESSION_KEY");
+        p1 = new InquireSecContextPermission("*");
+
+        if (!p1.implies(p0) || !p1.implies(p1) || !p0.implies(p0)) {
+            throw new Exception("Check failed");
+        }
+
+        if (p0.implies(p1)) {
+            throw new Exception("This is bad");
+        }
+    }
+}
+
--- a/test/java/nio/channels/SocketChannel/Shutdown.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/test/java/nio/channels/SocketChannel/Shutdown.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,26 +22,65 @@
  */
 
 /* @test
- * @bug 4618960
- * @summary Test isInputShutdown
- * @library ..
+ * @bug 4618960 4516760
+ * @summary Test shutdownXXX and isInputShutdown
  */
 
+import java.io.IOException;
 import java.net.*;
-import java.nio.*;
+import java.nio.ByteBuffer;
 import java.nio.channels.*;
 
 public class Shutdown {
 
-    public static void main(String args[]) throws Exception {
-        InetSocketAddress sa = new InetSocketAddress(
-                                InetAddress.getByName(TestUtil.HOST), 23);
-        SocketChannel sc = SocketChannel.open(sa);
-        boolean before = sc.socket().isInputShutdown();
-        sc.socket().shutdownInput();
-        boolean after = sc.socket().isInputShutdown();
-        sc.close();
-        if (before || !after)
-            throw new Exception("Test failed");
+    /**
+     * Accept a connection, and close it immediately causing a hard reset.
+     */
+    static void acceptAndReset(ServerSocketChannel ssc) throws IOException {
+        SocketChannel peer = ssc.accept();
+        try {
+            peer.setOption(StandardSocketOption.SO_LINGER, 0);
+            peer.configureBlocking(false);
+            peer.write(ByteBuffer.wrap(new byte[128*1024]));
+        } finally {
+            peer.close();
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        ServerSocketChannel ssc = ServerSocketChannel.open()
+            .bind(new InetSocketAddress(0));
+        try {
+            InetAddress lh = InetAddress.getLocalHost();
+            int port = ((InetSocketAddress)(ssc.getLocalAddress())).getPort();
+            SocketAddress remote = new InetSocketAddress(lh, port);
+
+            // Test SocketChannel shutdownXXX
+            SocketChannel sc;
+            sc = SocketChannel.open(remote);
+            try {
+                acceptAndReset(ssc);
+                sc.shutdownInput();
+                sc.shutdownOutput();
+            } finally {
+                sc.close();
+            }
+
+            // Test Socket adapter shutdownXXX and isShutdownInput
+            sc = SocketChannel.open(remote);
+            try {
+                acceptAndReset(ssc);
+                boolean before = sc.socket().isInputShutdown();
+                sc.socket().shutdownInput();
+                boolean after = sc.socket().isInputShutdown();
+                if (before || !after)
+                    throw new RuntimeException("Before and after test failed");
+                sc.socket().shutdownOutput();
+            } finally {
+                sc.close();
+            }
+        } finally {
+            ssc.close();
+        }
     }
 }
--- a/test/java/nio/file/Files/Misc.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/test/java/nio/file/Files/Misc.java	Tue Aug 11 16:57:09 2009 +0100
@@ -22,13 +22,14 @@
  */
 
 /* @test
- * @bug 4313887 6838333
+ * @bug 4313887 6838333 6865748
  * @summary Unit test for java.nio.file.Files for miscellenous cases not
  *   covered by other tests
  * @library ..
  */
 
 import java.nio.file.*;
+import java.nio.file.attribute.Attributes;
 import java.io.IOException;
 import java.util.*;
 
@@ -113,5 +114,29 @@
             npeExpected();
         } catch (NullPointerException e) {
         }
+
+        SimpleFileVisitor<Path> visitor = new SimpleFileVisitor<Path>() { };
+        boolean ranTheGauntlet = false;
+        try { visitor.preVisitDirectory(null);
+        } catch (NullPointerException x0) {
+        try { visitor.preVisitDirectoryFailed(null, new IOException());
+        } catch (NullPointerException x1) {
+        try { visitor.preVisitDirectoryFailed(dir, null);
+        } catch (NullPointerException x2) {
+        try { visitor.visitFile(null, Attributes.readBasicFileAttributes(Paths.get(".")));
+        } catch (NullPointerException x3) {
+        try {  visitor.visitFile(dir, null);
+        } catch (NullPointerException x4) {
+        try { visitor.visitFileFailed(null, new IOException());
+        } catch (NullPointerException x5) {
+        try { visitor.visitFileFailed(dir, null);
+        } catch (NullPointerException x6) {
+        try { visitor.postVisitDirectory(null, new IOException());
+        } catch (NullPointerException x7) {
+            // if we get here then all visit* methods threw NPE as expected
+            ranTheGauntlet = true;
+        }}}}}}}}
+        if (!ranTheGauntlet)
+            throw new RuntimeException("A visit method did not throw NPE");
     }
 }
--- a/test/sun/security/krb5/auto/Context.java	Tue Aug 11 16:52:26 2009 +0100
+++ b/test/sun/security/krb5/auto/Context.java	Tue Aug 11 16:57:09 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2008-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
  */
 
 import com.sun.security.auth.module.Krb5LoginModule;
+import java.security.Key;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
@@ -38,6 +39,9 @@
 import org.ietf.jgss.GSSName;
 import org.ietf.jgss.MessageProp;
 import org.ietf.jgss.Oid;
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
+import com.sun.security.jgss.AuthorizationDataEntry;
 
 /**
  * Context of a JGSS subject, encapsulating Subject and GSSContext.
@@ -276,6 +280,34 @@
                 }
             }
         }
+        if (x != null && x instanceof ExtendedGSSContext) {
+            if (x.isEstablished()) {
+                ExtendedGSSContext ex = (ExtendedGSSContext)x;
+                Key k = (Key)ex.inquireSecContext(
+                        InquireType.KRB5_GET_SESSION_KEY);
+                if (k == null) {
+                    throw new Exception("Session key cannot be null");
+                }
+                System.out.println("Session key is: " + k);
+                boolean[] flags = (boolean[])ex.inquireSecContext(
+                        InquireType.KRB5_GET_TKT_FLAGS);
+                if (flags == null) {
+                    throw new Exception("Ticket flags cannot be null");
+                }
+                System.out.println("Ticket flags is: " + Arrays.toString(flags));
+                String authTime = (String)ex.inquireSecContext(
+                        InquireType.KRB5_GET_AUTHTIME);
+                if (authTime == null) {
+                    throw new Exception("Auth time cannot be null");
+                }
+                System.out.println("AuthTime is: " + authTime);
+                if (!x.isInitiator()) {
+                    AuthorizationDataEntry[] ad = (AuthorizationDataEntry[])ex.inquireSecContext(
+                            InquireType.KRB5_GET_AUTHZ_DATA);
+                    System.out.println("AuthzData is: " + Arrays.toString(ad));
+                }
+            }
+        }
     }
 
     /**
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/samename.sh	Tue Aug 11 16:57:09 2009 +0100
@@ -0,0 +1,61 @@
+#
+# Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6866479
+# @summary libzip.so caused JVM to crash when running jarsigner
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  Windows_* | CYGWIN* )
+    SIGNEDJAR=EM.jar
+    FS="\\"
+    ;;
+  * )
+    SIGNEDJAR=em.jar
+    FS="/"
+    ;;
+esac
+
+KS=samename.jks
+JFILE=em.jar
+
+KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
+JAR=$TESTJAVA${FS}bin${FS}jar
+JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
+
+rm $KS $JFILE $SIGNEDJAR
+echo A > A
+$JAR cvf $JFILE A
+
+$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
+
+$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a
+