changeset 10027:6cfe32e4e51e

Merge
author lana
date Fri, 30 May 2014 09:25:14 -0700
parents a02731d3f739 5a9976e5f0ca
children ab7d2c565b0d
files src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/etsi.xsd src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xenc-schema.rng src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xenc-schema.xsd src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.rng src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd
diffstat 23 files changed, 396 insertions(+), 1621 deletions(-) [+]
line wrap: on
line diff
--- a/make/CopyIntoClasses.gmk	Thu May 29 22:32:11 2014 -0700
+++ b/make/CopyIntoClasses.gmk	Fri May 30 09:25:14 2014 -0700
@@ -30,7 +30,6 @@
 
 # These directories should not be copied at all
 EXCLUDES += \
-    com/sun/org/apache/xml/internal/security/resource/schema \
     java/awt/doc-files \
     java/lang/doc-files \
     javax/swing/doc-files \
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/etsi.xsd	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,347 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XML Spy v4.3 U (http://www.xmlspy.com) by XMLSpy v4 (Altova) -->
-<xsd:schema targetNamespace="http://uri.etsi.org/01903/v1.1.1#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://uri.etsi.org/01903/v1.1.1#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
-	<xsd:element name="Any" type="AnyType"/>
-	<xsd:complexType name="AnyType" mixed="true">
-		<xsd:sequence>
-			<xsd:any namespace="##any"/>
-		</xsd:sequence>
-		<xsd:anyAttribute namespace="##any"/>
-	</xsd:complexType>
-	<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType"/>
-	<xsd:complexType name="ObjectIdentifierType">
-		<xsd:sequence>
-			<xsd:element name="Identifier" type="IdentifierType"/>
-			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="DocumentationReferences" type="DocumentationReferencesType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="IdentifierType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:anyURI">
-				<xsd:attribute name="Qualifier" type="QualifierType" use="optional"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:simpleType name="QualifierType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="OIDAsURI"/>
-			<xsd:enumeration value="OIDAsURN"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:complexType name="DocumentationReferencesType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="DocumentationReference" type="xsd:anyURI"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="EncapsulatedPKIData" type="EncapsulatedPKIDataType"/>
-	<xsd:complexType name="EncapsulatedPKIDataType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:base64Binary">
-				<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:element name="TimeStamp" type="TimeStampType"/>
-	<xsd:complexType name="TimeStampType">
-		<xsd:sequence>
-			<xsd:element name="HashDataInfo" type="HashDataInfoType" maxOccurs="unbounded"/>
-			<xsd:choice>
-				<xsd:element name="EncapsulatedTimeStamp" type="EncapsulatedPKIDataType"/>
-				<xsd:element name="XMLTimeStamp" type="AnyType"/>
-			</xsd:choice>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="HashDataInfoType">
-		<xsd:sequence>
-			<xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="uri" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:element name="QualifyingProperties" type="QualifyingPropertiesType"/>
-	<xsd:complexType name="QualifyingPropertiesType">
-		<xsd:sequence>
-			<xsd:element name="SignedProperties" type="SignedPropertiesType" minOccurs="0"/>
-			<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="Target" type="xsd:anyURI" use="required"/>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="SignedProperties" type="SignedPropertiesType"/>
-	<xsd:complexType name="SignedPropertiesType">
-		<xsd:sequence>
-			<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>
-			<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="UnsignedProperties" type="UnsignedPropertiesType"/>
-	<xsd:complexType name="UnsignedPropertiesType">
-		<xsd:sequence>
-			<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType" minOccurs="0"/>
-			<xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="SignedSignatureProperties" type="SignedSignaturePropertiesType"/>
-	<xsd:complexType name="SignedSignaturePropertiesType">
-		<xsd:sequence>
-			<xsd:element name="SigningTime" type="xsd:dateTime"/>
-			<xsd:element name="SigningCertificate" type="CertIDListType"/>
-			<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>
-			<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType" minOccurs="0"/>
-			<xsd:element name="SignerRole" type="SignerRoleType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SignedDataObjectProperties" type="SignedDataObjectPropertiesType"/>
-	<xsd:complexType name="SignedDataObjectPropertiesType">
-		<xsd:sequence>
-			<xsd:element name="DataObjectFormat" type="DataObjectFormatType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="UnsignedSignatureProperties" type="UnsignedSignaturePropertiesType"/>
-	<xsd:complexType name="UnsignedSignaturePropertiesType">
-		<xsd:sequence>
-			<xsd:element name="CounterSignature" type="CounterSignatureType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="SignatureTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType" minOccurs="0"/>
-			<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType" minOccurs="0"/>
-			<xsd:choice>
-				<xsd:element name="SigAndRefsTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-				<xsd:element name="RefsOnlyTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-			</xsd:choice>
-			<xsd:element name="CertificateValues" type="CertificateValuesType" minOccurs="0"/>
-			<xsd:element name="RevocationValues" type="RevocationValuesType" minOccurs="0"/>
-			<xsd:element name="ArchiveTimeStamp" type="TimeStampType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="UnsignedDataObjectProperties" type="UnsignedDataObjectPropertiesType"/>
-	<xsd:complexType name="UnsignedDataObjectPropertiesType">
-		<xsd:sequence>
-			<xsd:element name="UnsignedDataObjectProperty" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="QualifyingPropertiesReference" type="QualifyingPropertiesReferenceType"/>
-	<xsd:complexType name="QualifyingPropertiesReferenceType">
-		<xsd:sequence>
-			<xsd:element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="SigningTime" type="xsd:dateTime"/>
-	<xsd:element name="SigningCertificate" type="CertIDListType"/>
-	<xsd:complexType name="CertIDListType">
-		<xsd:sequence>
-			<xsd:element name="Cert" type="CertIDType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CertIDType">
-		<xsd:sequence>
-			<xsd:element name="CertDigest" type="DigestAlgAndValueType"/>
-			<xsd:element name="IssuerSerial" type="ds:X509IssuerSerialType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="DigestAlgAndValueType">
-		<xsd:sequence>
-			<xsd:element name="DigestMethod" type="ds:DigestMethodType"/>
-			<xsd:element name="DigestValue" type="ds:DigestValueType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SignaturePolicyIdentifier" type="SignaturePolicyIdentifierType"/>
-	<xsd:complexType name="SignaturePolicyIdentifierType">
-		<xsd:choice>
-			<xsd:element name="SignaturePolicyId" type="SignaturePolicyIdType"/>
-			<xsd:element name="SignaturePolicyImplied"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<xsd:complexType name="SignaturePolicyIdType">
-		<xsd:sequence>
-			<xsd:element name="SigPolicyId" type="ObjectIdentifierType"/>
-			<xsd:element ref="ds:Transforms" minOccurs="0"/>
-			<xsd:element name="SigPolicyHash" type="DigestAlgAndValueType"/>
-			<xsd:element name="SigPolicyQualifiers" type="SigPolicyQualifiersListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="SigPolicyQualifiersListType">
-		<xsd:sequence>
-			<xsd:element name="SigPolicyQualifier" type="AnyType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SPURI" type="xsd:anyURI"/>
-	<xsd:element name="SPUserNotice" type="SPUserNoticeType"/>
-	<xsd:complexType name="SPUserNoticeType">
-		<xsd:sequence>
-			<xsd:element name="NoticeRef" type="NoticeReferenceType" minOccurs="0"/>
-			<xsd:element name="ExplicitText" type="xsd:string" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="NoticeReferenceType">
-		<xsd:sequence>
-			<xsd:element name="Organization" type="xsd:string"/>
-			<xsd:element name="NoticeNumbers" type="IntegerListType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="IntegerListType">
-		<xsd:sequence>
-			<xsd:element name="int" type="xsd:integer" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="CounterSignature" type="CounterSignatureType"/>
-	<xsd:complexType name="CounterSignatureType">
-		<xsd:sequence>
-			<xsd:element ref="ds:Signature"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="DataObjectFormat" type="DataObjectFormatType"/>
-	<xsd:complexType name="DataObjectFormatType">
-		<xsd:sequence>
-			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="ObjectIdentifier" type="ObjectIdentifierType" minOccurs="0"/>
-			<xsd:element name="MimeType" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="Encoding" type="xsd:anyURI" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="ObjectReference" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:element name="CommitmentTypeIndication" type="CommitmentTypeIndicationType"/>
-	<xsd:complexType name="CommitmentTypeIndicationType">
-		<xsd:sequence>
-			<xsd:element name="CommitmentTypeId" type="ObjectIdentifierType"/>
-			<xsd:choice>
-				<xsd:element name="ObjectReference" type="xsd:anyURI" minOccurs="0" maxOccurs="unbounded"/>
-				<xsd:element name="AllSignedDataObjects"/>
-			</xsd:choice>
-			<xsd:element name="CommitmentTypeQualifiers" type="CommitmentTypeQualifiersListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CommitmentTypeQualifiersListType">
-		<xsd:sequence>
-			<xsd:element name="CommitmentTypeQualifier" type="AnyType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SignatureProductionPlace" type="SignatureProductionPlaceType"/>
-	<xsd:complexType name="SignatureProductionPlaceType">
-		<xsd:sequence>
-			<xsd:element name="City" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="StateOrProvince" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="PostalCode" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="CountryName" type="xsd:string" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SignerRole" type="SignerRoleType"/>
-	<xsd:complexType name="SignerRoleType">
-		<xsd:sequence>
-			<xsd:element name="ClaimedRoles" type="ClaimedRolesListType" minOccurs="0"/>
-			<xsd:element name="CertifiedRoles" type="CertifiedRolesListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ClaimedRolesListType">
-		<xsd:sequence>
-			<xsd:element name="ClaimedRole" type="AnyType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CertifiedRolesListType">
-		<xsd:sequence>
-			<xsd:element name="CertifiedRole" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="AllDataObjectsTimeStamp" type="TimeStampType"/>
-	<xsd:element name="IndividualDataObjectsTimeStamp" type="TimeStampType"/>
-	<xsd:element name="SignatureTimeStamp" type="TimeStampType"/>
-	<xsd:element name="CompleteCertificateRefs" type="CompleteCertificateRefsType"/>
-	<xsd:complexType name="CompleteCertificateRefsType">
-		<xsd:sequence>
-			<xsd:element name="CertRefs" type="CertIDListType"/>
-		</xsd:sequence>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="CompleteRevocationRefs" type="CompleteRevocationRefsType"/>
-	<xsd:complexType name="CompleteRevocationRefsType">
-		<xsd:sequence>
-			<xsd:element name="CRLRefs" type="CRLRefsType" minOccurs="0"/>
-			<xsd:element name="OCSPRefs" type="OCSPRefsType" minOccurs="0"/>
-			<xsd:element name="OtherRefs" type="OtherCertStatusRefsType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:complexType name="CRLRefsType">
-		<xsd:sequence>
-			<xsd:element name="CRLRef" type="CRLRefType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CRLRefType">
-		<xsd:sequence>
-			<xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType"/>
-			<xsd:element name="CRLIdentifier" type="CRLIdentifierType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="CRLIdentifierType">
-		<xsd:sequence>
-			<xsd:element name="Issuer" type="xsd:string"/>
-			<xsd:element name="IssueTime" type="xsd:dateTime"/>
-			<xsd:element name="Number" type="xsd:integer" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
-	</xsd:complexType>
-	<xsd:complexType name="OCSPRefsType">
-		<xsd:sequence>
-			<xsd:element name="OCSPRef" type="OCSPRefType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="OCSPRefType">
-		<xsd:sequence>
-			<xsd:element name="OCSPIdentifier" type="OCSPIdentifierType"/>
-			<xsd:element name="DigestAlgAndValue" type="DigestAlgAndValueType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="OCSPIdentifierType">
-		<xsd:sequence>
-			<xsd:element name="ResponderID" type="xsd:string"/>
-			<xsd:element name="ProducedAt" type="xsd:dateTime"/>
-		</xsd:sequence>
-		<xsd:attribute name="URI" type="xsd:anyURI" use="optional"/>
-	</xsd:complexType>
-	<xsd:complexType name="OtherCertStatusRefsType">
-		<xsd:sequence>
-			<xsd:element name="OtherRef" type="AnyType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="SigAndRefsTimeStamp" type="TimeStampType"/>
-	<xsd:element name="RefsOnlyTimeStamp" type="TimeStampType"/>
-	<xsd:element name="CertificateValues" type="CertificateValuesType"/>
-	<xsd:complexType name="CertificateValuesType">
-		<xsd:choice minOccurs="0" maxOccurs="unbounded">
-			<xsd:element name="EncapsulatedX509Certificate" type="EncapsulatedPKIDataType"/>
-			<xsd:element name="OtherCertificate" type="AnyType"/>
-		</xsd:choice>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:element name="RevocationValues" type="RevocationValuesType"/>
-	<xsd:complexType name="RevocationValuesType">
-		<xsd:sequence>
-			<xsd:element name="CRLValues" type="CRLValuesType" minOccurs="0"/>
-			<xsd:element name="OCSPValues" type="OCSPValuesType" minOccurs="0"/>
-			<xsd:element name="OtherValues" type="OtherCertStatusValuesType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<xsd:complexType name="CRLValuesType">
-		<xsd:sequence>
-			<xsd:element name="EncapsulatedCRLValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="OCSPValuesType">
-		<xsd:sequence>
-			<xsd:element name="EncapsulatedOCSPValue" type="EncapsulatedPKIDataType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="OtherCertStatusValuesType">
-		<xsd:sequence>
-			<xsd:element name="OtherValue" type="AnyType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="ArchiveTimeStamp" type="TimeStampType"/>
-</xsd:schema>
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xenc-schema.rng	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,219 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- http://www.xml.com/lpt/a/2002/01/23/relaxng.html -->
-<!-- http://www.oasis-open.org/committees/relax-ng/tutorial-20011203.html -->
-<!-- http://www.zvon.org/xxl/XMLSchemaTutorial/Output/ser_wildcards_st8.html -->
-<!-- http://lists.oasis-open.org/archives/relax-ng-comment/200206/maillist.html -->
-
-<grammar xmlns='http://relaxng.org/ns/structure/1.0'
-        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        ns="http://www.w3.org/2001/04/xmlenc#"
-        datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
-
-    <include href="http://www.w3.org/Signature/Drafts/xmldsig-core/xmldsig-core-schema.rng">
-    <!-- Used for DigestMethod, KeyInfoType and anyThing -->
-    <!-- Since xmldsig-core also has a start, I have to include it
-        in the include for redefinition. -->
-        <start>
-            <choice>
-                <!-- We get to define the permissible root elements! -->
-                <element name="EncryptedData"><ref name="EncryptedDataType"/></element>
-                <element name="EncryptedKey"><ref name="EncryptedKeyType"/></element>
-            </choice>
-        </start>   
-        
-        <define name='anyThing'>
-            <zeroOrMore>
-                <choice>
-                    <text/>
-                    <element>
-                        <anyName>
-                            <except>
-                                <nsName/>
-                                <nsName ns='http://www.w3.org/2000/09/xmldsig#'/>
-                            </except>
-                        </anyName>
-                        <ref name='anyThing'/>
-                        <zeroOrMore>
-                            <attribute>
-                              <anyName/>
-                            </attribute>
-                        </zeroOrMore>
-                    </element>
-                </choice>
-            </zeroOrMore>
-            </define>
-        
-        
-    </include>
-    
-        <!-- Import definitions from the xmldsig rng -->
-
-        <define name="KeyInfoType" combine="interleave">
-            <zeroOrMore>
-                <choice>
-                    <element name="EncryptedKey"><ref name="EncryptedKeyType"/></element>
-                    <element name="AgreementMethod"><ref name="AgreementMethodType"/></element>
-                </choice>
-            </zeroOrMore>    
-        </define>
-
-        <define name="DigestMethodType" combine="choice">
-            <notAllowed/>
-         </define>
-
-        <define name="TransformType" combine="choice">
-            <notAllowed/>
-         </define>
-
-    <!-- Now redefined in the include statement
-        <define name="anyThing" combine="choice">
-            <notAllowed/>
-         </define>
-    -->
-
-    <!-- End import -->
-        
-  
-    <define name="EncryptedDataType">
-          <ref name="EncryptedType"/>
-    </define>
-  
-  
-    <define name="EncryptedKeyType">
-            <ref name="EncryptedType"/>
-            <optional><element name='ReferenceList'>
-                <ref name="ReferenceListType"/></element>
-            </optional>
-            <optional><element name='CarriedKeyName'><data type="string"/></element></optional>
-            <optional><attribute name='Recipient'> <data type="string"/></attribute></optional>
-    </define>
-
-    
-     <define name="EncryptedType">
-        <element name="EncryptionMethod"><ref name="EncryptionMethodType"/></element>
-        <optional>
-            <element name="KeyInfo" ns="http://www.w3.org/2000/09/xmldsig#">
-                <ref name="KeyInfoType"/>
-            </element>
-        </optional>
-        <optional>
-            <element name="CipherData"><ref name="CipherDataType"/></element>
-        </optional> 
-        <optional>
-             <element name="EncryptionProperties"><ref name="EncryptionPropertiesType"/></element>
-        </optional>
-        <optional><attribute name="Id"><data type="ID"/></attribute></optional>
-        <optional><attribute name="Type"><data type="anyURI"/></attribute></optional>
-        <optional><attribute name="MimeType"><data type="string"/></attribute></optional>
-        <optional><attribute name="Encoding"><data type="anyURI"/></attribute></optional>
-        <optional><attribute name='xsi:schemaLocation'/></optional>
-    </define> 
-
-    <define name="EncryptionMethodType">
-        <zeroOrMore>
-            <choice>
-                <element name="KeySize">
-                    <data type="integer"/>
-                </element>
-                <element name="OAEPparams">
-                    <data type="base64Binary"/>
-                </element>
-                <text/>
-                <element name='DigestMethod' ns="http://www.w3.org/2000/09/xmldsig#">
-                    <ref name="DigestMethodType"/>
-                </element>
-            </choice>
-        </zeroOrMore>
-        <attribute name="Algorithm"><data type="anyURI"/></attribute>
-    </define>
-
-            
-    <define name="AgreementMethodType">
-        <zeroOrMore>
-            <choice>
-                <element name="KA-Nonce">
-                    <data type="base64Binary"/>
-                </element>
-                <element name='DigestMethod' ns="http://www.w3.org/2000/09/xmldsig#">
-                    <ref name="DigestMethodType"/>
-                </element>
-                <text/>
-                <element>
-                    <nsName ns="http://www.w3.org/2000/09/xmldsig#"/>
-                    <ref name="anyThing"/>
-                </element>
-                <element name="OriginatorKeyInfo"><ref name="KeyInfoType"/></element>
-                <element name="RecipientKeyInfo"><ref name="KeyInfoType"/></element>
-            </choice>
-        </zeroOrMore>
-        <attribute name="Algorithm"><data type="anyURI"/></attribute>
-    </define>            
-            
-            
-    <define name="ReferenceListType">
-        <oneOrMore>
-            <choice>
-                <element name="DataReference">
-                    <text/>
-                    <attribute name="URI"><data type="anyURI"/></attribute>
-                </element>
-                <element name="KeyReference">
-                    <text/>
-                    <attribute name="URI"><data type="anyURI"/></attribute>
-                </element>
-            </choice>
-        </oneOrMore>
-    </define>
-    
-    
-    <define name="CipherDataType">
-        <choice>
-            <element name="CipherValue"><data type="base64Binary"/></element>
-            <element name="CipherReference">
-                <element name="Transforms">
-                  <oneOrMore>
-                      <element name='Transform' ns="http://www.w3.org/2000/09/xmldsig#">
-                          <ref name='TransformType'/>
-                        </element>
-                    </oneOrMore>
-                </element>
-                <attribute name="URI">
-                    <data type="anyURI"/>
-                </attribute>      
-            </element>
-        </choice>
-    </define>
-    
-    
-    <define name="EncryptionPropertiesType">        
-        <element name="EncryptionProperty">
-          <zeroOrMore>
-                <element>
-                    <anyName/>
-                    <text/>
-                </element>
-            </zeroOrMore>
-            <optional>
-                <attribute name="Target">
-                    <data type="anyURI"/>
-                </attribute>  
-            </optional>
-            <optional>                
-                <attribute name="Id">
-                    <data type="ID"/>
-                </attribute>    
-            </optional>
-        </element>
-        
-        <optional>
-            <attribute name="Id">
-                <data type="ID"/>
-            </attribute>    
-        </optional>
-        <zeroOrMore>
-            <attribute><nsName ns="http://www.w3.org/XML/1998/namespace"/></attribute>
-        </zeroOrMore>
-    </define>
-
-</grammar>
\ No newline at end of file
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xenc-schema.xsd	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,146 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema  PUBLIC "-//W3C//DTD XMLSchema 200102//EN"
- "http://www.w3.org/2001/XMLSchema.dtd"
- [
-   <!ATTLIST schema
-     xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
-     xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
-   <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
-   <!ENTITY % p ''>
-   <!ENTITY % s ''>
-  ]>
-
-<schema xmlns='http://www.w3.org/2001/XMLSchema' version='1.0'
-        xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'
-        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
-        targetNamespace='http://www.w3.org/2001/04/xmlenc#'
-        elementFormDefault='qualified'>
-
-  <import namespace='http://www.w3.org/2000/09/xmldsig#'
-          schemaLocation='http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd'/>
-
-  <complexType name='EncryptedType' abstract='true'>
-    <sequence>
-      <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
-       minOccurs='0'/>
-      <element ref='ds:KeyInfo' minOccurs='0'/>
-      <element ref='xenc:CipherData'/>
-      <element ref='xenc:EncryptionProperties' minOccurs='0'/>
-    </sequence>
-    <attribute name='Id' type='ID' use='optional'/>
-    <attribute name='Type' type='anyURI' use='optional'/>
-    <attribute name='MimeType' type='string' use='optional'/>
-    <attribute name='Encoding' type='anyURI' use='optional'/>
-  </complexType>
-  
-  <complexType name='EncryptionMethodType' mixed='true'>
-    <sequence>
-      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
-      <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
-      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
-    </sequence>
-    <attribute name='Algorithm' type='anyURI' use='required'/>
-  </complexType>
-
-    <simpleType name='KeySizeType'>
-      <restriction base="integer"/>
-    </simpleType>
-
-  <element name='CipherData' type='xenc:CipherDataType'/>
-  <complexType name='CipherDataType'>
-     <choice>
-       <element name='CipherValue' type='base64Binary'/>
-       <element ref='xenc:CipherReference'/>
-     </choice>
-    </complexType>
-
-   <element name='CipherReference' type='xenc:CipherReferenceType'/>
-   <complexType name='CipherReferenceType'>
-       <choice>
-         <element name='Transforms' type='xenc:TransformsType' minOccurs='0'/>
-       </choice>
-       <attribute name='URI' type='anyURI' use='required'/>
-   </complexType>
-
-     <complexType name='TransformsType'>
-       <sequence>
-         <element ref='ds:Transform' maxOccurs='unbounded'/>
-       </sequence>
-     </complexType>
-
-
-  <element name='EncryptedData' type='xenc:EncryptedDataType'/>
-  <complexType name='EncryptedDataType'>
-    <complexContent>
-      <extension base='xenc:EncryptedType'>
-       </extension>
-    </complexContent>
-  </complexType>
-
-  <!-- Children of ds:KeyInfo -->
-
-  <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
-  <complexType name='EncryptedKeyType'>
-    <complexContent>
-      <extension base='xenc:EncryptedType'>
-        <sequence>
-          <element ref='xenc:ReferenceList' minOccurs='0'/>
-          <element name='CarriedKeyName' type='string' minOccurs='0'/>
-        </sequence>
-        <attribute name='Recipient' type='string'
-         use='optional'/>
-      </extension>
-    </complexContent>
-  </complexType>
-
-    <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
-    <complexType name="AgreementMethodType" mixed="true">
-      <sequence>
-        <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
-        <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
-        <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-        <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
-        <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
-      </sequence>
-      <attribute name="Algorithm" type="anyURI" use="required"/>
-    </complexType>
-
-  <!-- End Children of ds:KeyInfo -->
-
-  <element name='ReferenceList'>
-    <complexType>
-      <choice minOccurs='1' maxOccurs='unbounded'>
-        <element name='DataReference' type='xenc:ReferenceType'/>
-        <element name='KeyReference' type='xenc:ReferenceType'/>
-      </choice>
-    </complexType>
-  </element>
-
-  <complexType name='ReferenceType'>
-    <sequence>
-      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
-    </sequence>
-    <attribute name='URI' type='anyURI' use='required'/>
-  </complexType>
-
-
-  <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
-  <complexType name='EncryptionPropertiesType'>
-    <sequence>
-      <element ref='xenc:EncryptionProperty' maxOccurs='unbounded'/>
-    </sequence>
-    <attribute name='Id' type='ID' use='optional'/>
-  </complexType>
-
-    <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
-    <complexType name='EncryptionPropertyType' mixed='true'>
-      <choice maxOccurs='unbounded'>
-        <any namespace='##other' processContents='lax'/>
-      </choice>
-      <attribute name='Target' type='anyURI' use='optional'/>
-      <attribute name='Id' type='ID' use='optional'/>
-      <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
-    </complexType>
-
-</schema>
-
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.dtd	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,171 +0,0 @@
-<!-- DTD for XML Signatures
-    http://www.w3.org/2000/09/xmldsig#
-    Joseph Reagle $last changed 20001215$
-
-    http://www.w3.org/2000/09/xmldsig#
-    $Revision: 1.6 $ on $Date: 2008/07/24 16:15:03 $ by $Author: mullan $
-
-    Copyright 2001 The Internet Society and W3C (Massachusetts Institute
-    of Technology, Institut National de Recherche en Informatique et en
-    Automatique, Keio University). All Rights Reserved.
-    http://www.w3.org/Consortium/Legal/
-
-    This document is governed by the W3C Software License [1] as described
-    in the FAQ [2].
-
-    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
-    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<!--
-
-The following entity declarations enable external/flexible content in
-the Signature content model.
-
-#PCDATA emulates schema string; when combined with element types it
-emulates schema's mixed content type.
-
-%foo.ANY permits the user to include their own element types from
-other namespaces, for example:
- <!ENTITY % KeyValue.ANY '| ecds:ECDSAKeyValue'>
- ...
- <!ELEMENT ecds:ECDSAKeyValue (#PCDATA)  >
-
--->
-
-<!ENTITY % Object.ANY ''>
-<!ENTITY % Method.ANY ''>
-<!ENTITY % Transform.ANY ''>
-<!ENTITY % SignatureProperty.ANY ''>
-<!ENTITY % KeyInfo.ANY ''>
-<!ENTITY % KeyValue.ANY ''>
-<!ENTITY % PGPData.ANY ''>
-<!ENTITY % X509Data.ANY ''>
-<!ENTITY % SPKIData.ANY ''>
-
-
-
-<!-- Start Core Signature declarations, these should NOT be altered -->
-
-<!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*)  >
-<!ATTLIST Signature  
-	xmlns	CDATA	#FIXED 'http://www.w3.org/2000/09/xmldsig#'
-	Id  	ID	#IMPLIED >
-
-<!ELEMENT SignatureValue (#PCDATA) >
-<!ATTLIST SignatureValue  
-         Id  ID      #IMPLIED>
-
-<!ELEMENT SignedInfo (CanonicalizationMethod, 
-	SignatureMethod,  Reference+)  >
-<!ATTLIST SignedInfo  
-	Id	 ID 	 #IMPLIED 
->
-
-<!ELEMENT CanonicalizationMethod (#PCDATA %Method.ANY;)* > 
-<!ATTLIST CanonicalizationMethod 
-	Algorithm CDATA #REQUIRED > 
-
-<!ELEMENT SignatureMethod (#PCDATA|HMACOutputLength %Method.ANY;)* >
-<!ATTLIST SignatureMethod 
-	Algorithm CDATA #REQUIRED > 
-
-<!ELEMENT Reference (Transforms?, DigestMethod, DigestValue)  >
-<!ATTLIST Reference
-	Id	ID	#IMPLIED
-	URI	CDATA	#IMPLIED
-	Type	CDATA	#IMPLIED>
-
-
-<!ELEMENT Transforms (Transform+)>
-
-<!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* >
-<!ATTLIST Transform 
-	Algorithm    CDATA    #REQUIRED >
-
-<!ELEMENT XPath (#PCDATA) >
-
-<!ELEMENT DigestMethod (#PCDATA %Method.ANY;)* >
-<!ATTLIST DigestMethod  
-	Algorithm		CDATA	#REQUIRED >
-
-<!ELEMENT DigestValue  (#PCDATA)  >
-
-<!ELEMENT KeyInfo	(#PCDATA|KeyName|KeyValue|RetrievalMethod|
-           X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
-<!ATTLIST KeyInfo
-	Id	ID	 #IMPLIED >
-
-<!-- Key Information -->
-
-<!ELEMENT KeyName (#PCDATA) >
-<!ELEMENT KeyValue (#PCDATA|DSAKeyValue|RSAKeyValue %KeyValue.ANY;)* >
-<!ELEMENT MgmtData (#PCDATA) >
-
-<!ELEMENT RetrievalMethod (Transforms?) >
-<!ATTLIST RetrievalMethod
-  URI	CDATA #REQUIRED 
-  Type	CDATA #IMPLIED > 
-
-<!-- X.509 Data -->
-
-<!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
-                    X509Certificate | X509CRL )+ %X509Data.ANY;)>
-<!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
-<!ELEMENT X509IssuerName (#PCDATA) >
-<!ELEMENT X509SubjectName (#PCDATA) >
-<!ELEMENT X509SerialNumber (#PCDATA) >
-<!ELEMENT X509SKI (#PCDATA) >
-<!ELEMENT X509Certificate (#PCDATA) >
-<!ELEMENT X509CRL (#PCDATA) >
-
-<!-- PGPData -->
-
-<!ELEMENT PGPData ((PGPKeyID, PGPKeyPacket?) | (PGPKeyPacket) %PGPData.ANY;) >
-<!ELEMENT PGPKeyPacket  (#PCDATA)  >
-<!ELEMENT PGPKeyID  (#PCDATA)  >
-
-<!-- SPKI Data -->
-
-<!ELEMENT SPKIData (SPKISexp %SPKIData.ANY;)  >
-<!ELEMENT SPKISexp  (#PCDATA)  >
-
-<!-- Extensible Content -->
-
-<!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest %Object.ANY;)* >
-<!ATTLIST Object  
-	Id	ID	#IMPLIED
-	MimeType	CDATA	#IMPLIED
-	Encoding	CDATA	#IMPLIED >
-
-<!ELEMENT Manifest (Reference+)  >
-<!ATTLIST Manifest  
-	Id	ID	#IMPLIED >
-
-<!ELEMENT SignatureProperties (SignatureProperty+)  >
-<!ATTLIST SignatureProperties  
-	Id	ID	 #IMPLIED  >
-
-<!ELEMENT SignatureProperty (#PCDATA %SignatureProperty.ANY;)* >
-<!ATTLIST SignatureProperty  
-	Target 	CDATA	 #REQUIRED
-	Id	ID	 #IMPLIED  >
-
-<!-- Algorithm Parameters -->
-
-<!ELEMENT HMACOutputLength (#PCDATA) >
-
-<!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
-<!ELEMENT P (#PCDATA) >
-<!ELEMENT Q (#PCDATA) >
-<!ELEMENT G (#PCDATA) >
-<!ELEMENT Y (#PCDATA) >
-<!ELEMENT J (#PCDATA) >
-<!ELEMENT Seed (#PCDATA) >
-<!ELEMENT PgenCounter (#PCDATA) >
-
-<!ELEMENT RSAKeyValue (Modulus, Exponent) > 
-<!ELEMENT Modulus (#PCDATA) >
-<!ELEMENT Exponent (#PCDATA) >
-
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.rng	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,339 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!-- http://www.xml.com/lpt/a/2002/01/23/relaxng.html -->
-<!-- http://www.oasis-open.org/committees/relax-ng/tutorial-20011203.html -->
-<!-- http://www.zvon.org/xxl/XMLSchemaTutorial/Output/ser_wildcards_st8.html -->
-<!-- http://lists.oasis-open.org/archives/relax-ng-comment/200206/maillist.html -->
-
-<grammar xmlns='http://relaxng.org/ns/structure/1.0'
-        xmlns:ds='http://www.w3.org/2000/09/xmldsig#'
-        xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
-        ns='http://www.w3.org/2000/09/xmldsig#'
-        datatypeLibrary='http://www.w3.org/2001/XMLSchema-datatypes'>
-
-    <start>
-            <element name='Signature'><ref name='SignatureType'/></element>
-    </start>   
-    
-    <define name='CryptoBinary'>
-        <data type='base64Binary'/>
-    </define>
-    
-    <define name='SignatureType'>
-        <element name='SignedInfo'><ref name='SignedInfoType'/></element>
-        <element name='SignatureValue'><ref name='SignatureValueType'/></element>
-        <optional><element name='KeyInfo'><ref name='KeyInfoType'/></element></optional>
-        <zeroOrMore><element name='Object'><ref name='ObjectType'/></element></zeroOrMore>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-        <optional><attribute name='xsi:schemaLocation'/></optional>
-    </define>
-
-    <define name='SignatureValueType'>
-        <data type='base64Binary'/>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-    </define>
-    
-<!-- Start SignedInfo -->
-    
-    <define name='SignedInfoType'>
-        <element name='CanonicalizationMethod'><ref name='CanonicalizationMethodType'/></element>
-        <element name='SignatureMethod'><ref name='SignatureMethodType'/></element>
-        <optional><element name='KeyInfo'><ref name='KeyInfoType'/></element></optional>
-        <oneOrMore><element name='Reference'><ref name='ReferenceType'/></element></oneOrMore>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-    </define>    
-
-    <define name='CanonicalizationMethodType'>
-        <zeroOrMore><ref name='anyThing'/></zeroOrMore>
-        <optional><attribute name='Algorithm'><data type='anyURI'/></attribute></optional>
-    </define>    
-
-
-    <define name='SignatureMethodType'>
-        <optional><element name='HMACOutputLength'><data type='integer'/></element></optional>
-        <zeroOrMore><ref name='anyThing'/></zeroOrMore>
-        <optional><attribute name='Algorithm'><data type='anyURI'/></attribute></optional>
-    </define>    
-        
-<!-- Start Reference -->
-    
-    <define name='ReferenceType'>
-        <optional><element name='Transforms'><ref name='TransformsType'/></element></optional>
-        <element name='DigestMethod'><ref name='DigestMethodType'/></element>
-        <element name='DigestValue'><ref name='DigestValueType'/></element>
-        <optional><attribute name='Type'><data type='anyURI'/></attribute></optional>
-        <optional><attribute name='URI'><data type='anyURI'/></attribute></optional>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-     </define>
-
-    <define name='TransformsType'>
-        <oneOrMore><element name='Transform'><ref name='TransformType'/></element></oneOrMore>
-    </define>
-
-    <define name='TransformType'>
-        <optional><element name='XPath'><data type='string'/></element></optional>
-        <zeroOrMore><ref name='anyThing'/></zeroOrMore>
-        <attribute name='Algorithm'><data type='anyURI'/></attribute>
-    </define>    
-
-<!-- End Reference -->
-
-    <define name='DigestMethodType'>
-        <zeroOrMore><ref name='anyThing'/></zeroOrMore>
-        <attribute name='Algorithm'><data type='anyURI'/></attribute>
-    </define>   
-
-    <define name='DigestValueType'>
-        <data type='base64Binary'/>
-    </define>  
-    
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-    
-    <define name='KeyInfoType'>
-        <oneOrMore>
-            <choice>
-                <element name='KeyName'><data type='string'/></element>
-                <element name='KeyValue'><ref name='KeyValueType'/></element>
-                <element name='RetrievalMethod'><ref name='RetrievalMethodType'/></element>
-                <element name='X509Data'><ref name='X509DataType'/></element>
-                <element name='PGPData'><ref name='PGPDataType'/></element>
-                <element name='SPKIData'><ref name='SPKIDataType'/></element>
-                <element name='MgmtData'><data type='string'/></element>
-                <ref name='anyThing'/>
-            </choice>
-        </oneOrMore>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-</define>
-
-    <define name='KeyValueType'>
-            <choice>
-                <text/>
-                <element name='DSAKeyValue'><ref name='DSAKeyValueType'/></element>
-                <element name='RSAKeyValue'><ref name='RSAKeyValueType'/></element>
-                <ref name='anyThing'/>
-            </choice>
-    </define>
-
-    <define name='RetrievalMethodType'>
-        <optional><element name='Transforms'><ref name='TransformsType'/></element></optional>
-        <optional><attribute name='Type'><data type='anyURI'/></attribute></optional>
-        <optional><attribute name='URI'><data type='anyURI'/></attribute></optional>
-    </define>
-
-<!-- Start X509Data -->
-
-    <define name='X509DataType'>
-        <oneOrMore>
-            <choice>
-                <element name='X509IssuerSerial'>
-                    <element name='X509IssuerName'>
-                        <data type='string'/>
-                    </element>
-                    <element name='X509SerialNumber'>
-                        <data type='integer'/>
-                    </element>
-                </element>
-                <element name='X509SKI'>
-                    <data type='base64Binary'/>
-                </element>
-                <element name='X509SubjectName'>
-                    <data type='string'/>
-                </element>
-                <element name='X509Certificate'>
-                    <data type='base64Binary'/>
-                </element>
-                <element name='X509CRL'>
-                    <data type='base64Binary'/>
-                </element>
-                <ref name='anyThing'/>
-            </choice>
-        </oneOrMore>
-    </define>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-    <define name='PGPDataType'>
-        <choice>
-            <group>
-                <element name='PGPKeyID'>
-                    <data type='base64Binary'/>
-                </element>
-                <optional>
-                    <element name='PGPKeyPacket'>
-                        <data type='base64Binary'/>
-                    </element>
-                </optional>
-                <zeroOrMore>
-                    <ref name='anyThing'/>
-                </zeroOrMore>
-            </group>
-            <group>
-                <element name='PGPKeyPacket'>
-                    <data type='base64Binary'/>
-                </element>
-                <zeroOrMore>
-                    <ref name='anyThing'/>
-                </zeroOrMore>
-            </group>
-        </choice>
-    </define>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-    <define name='SPKIDataType'>
-        <oneOrMore>
-            <element name='SPKISexp'>
-                <data type='base64Binary'/>
-            </element>
-            <optional>
-                <ref name='anyThing'/>
-            </optional>
-        </oneOrMore>
-    </define>
-    
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-    <define name='ObjectType'>
-        <zeroOrMore>
-            <choice>
-                <element name='Manifest'><ref name='ManifestType'/></element>
-                <element name='SignatureProperties'><ref name='SignaturePropertiesType'/></element>                
-                <ref name='anyThing'/>
-            </choice>
-        </zeroOrMore>
-        <optional>
-            <attribute name='Encoding'>
-                <data type='anyURI'/>
-            </attribute>
-        </optional>
-        <optional>
-            <attribute name='MimeType'>
-                <data type='string'/>
-            </attribute>
-        </optional>
-        <optional>
-            <attribute name='Id'>
-                <data type='ID'/>
-            </attribute>
-        </optional>
-    </define>
-
-    <define name='ManifestType'>
-        <oneOrMore>
-            <element name='Reference'><ref name='ReferenceType'/></element>
-        </oneOrMore>
-        <optional><attribute name='Id'><data type='ID'/></attribute></optional>
-    </define>
-
-    <define name='SignaturePropertiesType'>
-        <oneOrMore>
-            <element name='SignatureProperty'><ref name='SignaturePropertyType'/></element>
-        </oneOrMore>
-        <optional>
-            <attribute name='Id'>
-                <data type='ID'/>
-            </attribute>
-        </optional>
-    </define>
-
-    <define name='SignaturePropertyType'>
-        <oneOrMore><ref name='anyThing'/></oneOrMore>
-        <optional>
-            <attribute name='Id'>
-                <data type='ID'/>
-            </attribute>
-        </optional>
-        <attribute name='Target'>
-            <data type='anyURI'/>
-        </attribute>
-    </define>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-
-<!-- Start KeyValue Element-types -->
-
-    <define name='DSAKeyValueType'>
-        <optional>
-            <element name='P'>
-                <ref name='CryptoBinary'/>
-            </element>
-            <element name='Q'>
-                <ref name='CryptoBinary'/>
-            </element>
-        </optional>
-        <optional>
-            <element name='G'>
-                <ref name='CryptoBinary'/>
-            </element>
-        </optional>
-        <element name='Y'>
-            <ref name='CryptoBinary'/>
-        </element>
-        <optional>
-            <element name='J'>
-                <ref name='CryptoBinary'/>
-            </element>
-        </optional>
-        <optional>
-            <element name='Seed'>
-                <ref name='CryptoBinary'/>
-            </element>
-            <element name='PgenCounter'>
-                <ref name='CryptoBinary'/>
-            </element>
-        </optional>
-    </define>
-
-    <define name='RSAKeyValueType'>
-        <element name='Modulus'>
-            <ref name='CryptoBinary'/>
-        </element>
-        <element name='Exponent'>
-            <ref name='CryptoBinary'/>
-        </element>
-    </define>
-
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-
-        <!-- This should emulate the ANY content model under lax validation -->
-        <define name='anyThing'>
-            <zeroOrMore>
-                <choice>
-                    <text/>
-                    <element>
-                        <!-- "except" provided for DTD compatibility -->
-                        <!-- [1] ns='http://www.oasis-open.org/committees/relax-ng/compatibility.html#id' -->
-                        <anyName>
-                            <except>
-                                <nsName/>
-                                <!--  <nsName ns='http://www.w3.org/2001/04/xmlenc#'/>  -->
-                            </except>
-                        </anyName>
-                        <ref name='anyThing'/>
-                        <zeroOrMore>
-                            <attribute>
-                              <anyName/>
-                            </attribute>
-                        </zeroOrMore>
-                    </element>
-                </choice>
-            </zeroOrMore>
-            </define>
-            
-
-</grammar>
\ No newline at end of file
--- a/src/share/classes/com/sun/org/apache/xml/internal/security/resource/schema/xmldsig-core-schema.xsd	Thu May 29 22:32:11 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,318 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema
-  PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
- [
-   <!ATTLIST schema 
-     xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
-   <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
-   <!ENTITY % p ''>
-   <!ENTITY % s ''>
-  ]>
-
-<!-- Schema for XML Signatures
-    http://www.w3.org/2000/09/xmldsig#
-    $Revision: 1.6 $ on $Date: 2008/07/24 16:15:03 $ by $Author: mullan $
-
-    Copyright 2001 The Internet Society and W3C (Massachusetts Institute
-    of Technology, Institut National de Recherche en Informatique et en
-    Automatique, Keio University). All Rights Reserved.
-    http://www.w3.org/Consortium/Legal/
-
-    This document is governed by the W3C Software License [1] as described
-    in the FAQ [2].
-
-    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
-    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
-        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-        targetNamespace="http://www.w3.org/2000/09/xmldsig#"
-        version="0.1" elementFormDefault="qualified"> 
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
-  <restriction base="base64Binary">
-  </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
-  <sequence> 
-    <element ref="ds:SignedInfo"/> 
-    <element ref="ds:SignatureValue"/> 
-    <element ref="ds:KeyInfo" minOccurs="0"/> 
-    <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> 
-  </sequence>  
-  <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-  <element name="SignatureValue" type="ds:SignatureValueType"/> 
-  <complexType name="SignatureValueType">
-    <simpleContent>
-      <extension base="base64Binary">
-        <attribute name="Id" type="ID" use="optional"/>
-      </extension>
-    </simpleContent>
-  </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
-  <sequence> 
-    <element ref="ds:CanonicalizationMethod"/> 
-    <element ref="ds:SignatureMethod"/> 
-    <element ref="ds:Reference" maxOccurs="unbounded"/> 
-  </sequence>  
-  <attribute name="Id" type="ID" use="optional"/> 
-</complexType>
-
-  <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/> 
-  <complexType name="CanonicalizationMethodType" mixed="true">
-    <sequence>
-      <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
-      <!-- (0,unbounded) elements from (1,1) namespace -->
-    </sequence>
-    <attribute name="Algorithm" type="anyURI" use="required"/> 
-  </complexType>
-
-  <element name="SignatureMethod" type="ds:SignatureMethodType"/>
-  <complexType name="SignatureMethodType" mixed="true">
-    <sequence>
-      <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
-      <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-      <!-- (0,unbounded) elements from (1,1) external namespace -->
-    </sequence>
-    <attribute name="Algorithm" type="anyURI" use="required"/> 
-  </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
-  <sequence> 
-    <element ref="ds:Transforms" minOccurs="0"/> 
-    <element ref="ds:DigestMethod"/> 
-    <element ref="ds:DigestValue"/> 
-  </sequence>
-  <attribute name="Id" type="ID" use="optional"/> 
-  <attribute name="URI" type="anyURI" use="optional"/> 
-  <attribute name="Type" type="anyURI" use="optional"/> 
-</complexType>
-
-  <element name="Transforms" type="ds:TransformsType"/>
-  <complexType name="TransformsType">
-    <sequence>
-      <element ref="ds:Transform" maxOccurs="unbounded"/>  
-    </sequence>
-  </complexType>
-
-  <element name="Transform" type="ds:TransformType"/>
-  <complexType name="TransformType" mixed="true">
-    <choice minOccurs="0" maxOccurs="unbounded"> 
-      <any namespace="##other" processContents="lax"/>
-      <!-- (1,1) elements from (0,unbounded) namespaces -->
-      <element name="XPath" type="string"/> 
-    </choice>
-    <attribute name="Algorithm" type="anyURI" use="required"/> 
-  </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true"> 
-  <sequence>
-    <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-  </sequence>    
-  <attribute name="Algorithm" type="anyURI" use="required"/> 
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
-  <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/> 
-<complexType name="KeyInfoType" mixed="true">
-  <choice maxOccurs="unbounded">     
-    <element ref="ds:KeyName"/> 
-    <element ref="ds:KeyValue"/> 
-    <element ref="ds:RetrievalMethod"/> 
-    <element ref="ds:X509Data"/> 
-    <element ref="ds:PGPData"/> 
-    <element ref="ds:SPKIData"/>
-    <element ref="ds:MgmtData"/>
-    <any processContents="lax" namespace="##other"/>
-    <!-- (1,1) elements from (0,unbounded) namespaces -->
-  </choice>
-  <attribute name="Id" type="ID" use="optional"/> 
-</complexType>
-
-  <element name="KeyName" type="string"/>
-  <element name="MgmtData" type="string"/>
-
-  <element name="KeyValue" type="ds:KeyValueType"/> 
-  <complexType name="KeyValueType" mixed="true">
-   <choice>
-     <element ref="ds:DSAKeyValue"/>
-     <element ref="ds:RSAKeyValue"/>
-     <any namespace="##other" processContents="lax"/>
-   </choice>
-  </complexType>
-
-  <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> 
-  <complexType name="RetrievalMethodType">
-    <sequence>
-      <element ref="ds:Transforms" minOccurs="0"/> 
-    </sequence>  
-    <attribute name="URI" type="anyURI"/>
-    <attribute name="Type" type="anyURI" use="optional"/>
-  </complexType>
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/> 
-<complexType name="X509DataType">
-  <sequence maxOccurs="unbounded">
-    <choice>
-      <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
-      <element name="X509SKI" type="base64Binary"/>
-      <element name="X509SubjectName" type="string"/>
-      <element name="X509Certificate" type="base64Binary"/>
-      <element name="X509CRL" type="base64Binary"/>
-      <any namespace="##other" processContents="lax"/>
-    </choice>
-  </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType"> 
-  <sequence> 
-    <element name="X509IssuerName" type="string"/> 
-    <element name="X509SerialNumber" type="integer"/> 
-  </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/> 
-<complexType name="PGPDataType"> 
-  <choice>
-    <sequence>
-      <element name="PGPKeyID" type="base64Binary"/> 
-      <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/> 
-      <any namespace="##other" processContents="lax" minOccurs="0"
-       maxOccurs="unbounded"/>
-    </sequence>
-    <sequence>
-      <element name="PGPKeyPacket" type="base64Binary"/> 
-      <any namespace="##other" processContents="lax" minOccurs="0"
-       maxOccurs="unbounded"/>
-    </sequence>
-  </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/> 
-<complexType name="SPKIDataType">
-  <sequence maxOccurs="unbounded">
-    <element name="SPKISexp" type="base64Binary"/>
-    <any namespace="##other" processContents="lax" minOccurs="0"/>
-  </sequence>
-</complexType> 
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/> 
-<complexType name="ObjectType" mixed="true">
-  <sequence minOccurs="0" maxOccurs="unbounded">
-    <any namespace="##any" processContents="lax"/>
-  </sequence>
-  <attribute name="Id" type="ID" use="optional"/> 
-  <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
-  <attribute name="Encoding" type="anyURI" use="optional"/> 
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/> 
-<complexType name="ManifestType">
-  <sequence>
-    <element ref="ds:Reference" maxOccurs="unbounded"/> 
-  </sequence>
-  <attribute name="Id" type="ID" use="optional"/> 
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/> 
-<complexType name="SignaturePropertiesType">
-  <sequence>
-    <element ref="ds:SignatureProperty" maxOccurs="unbounded"/> 
-  </sequence>
-  <attribute name="Id" type="ID" use="optional"/> 
-</complexType>
-
-   <element name="SignatureProperty" type="ds:SignaturePropertyType"/> 
-   <complexType name="SignaturePropertyType" mixed="true">
-     <choice maxOccurs="unbounded">
-       <any namespace="##other" processContents="lax"/>
-       <!-- (1,1) elements from (1,unbounded) namespaces -->
-     </choice>
-     <attribute name="Target" type="anyURI" use="required"/> 
-     <attribute name="Id" type="ID" use="optional"/> 
-   </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
-  <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
-  <sequence>
-    <sequence minOccurs="0">
-      <element name="P" type="ds:CryptoBinary"/>
-      <element name="Q" type="ds:CryptoBinary"/>
-    </sequence>
-    <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
-    <element name="Y" type="ds:CryptoBinary"/>
-    <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
-    <sequence minOccurs="0">
-      <element name="Seed" type="ds:CryptoBinary"/>
-      <element name="PgenCounter" type="ds:CryptoBinary"/>
-    </sequence>
-  </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
-  <sequence>
-    <element name="Modulus" type="ds:CryptoBinary"/> 
-    <element name="Exponent" type="ds:CryptoBinary"/> 
-  </sequence>
-</complexType> 
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>
--- a/src/share/classes/jdk/internal/util/xml/impl/Parser.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/classes/jdk/internal/util/xml/impl/Parser.java	Fri May 30 09:25:14 2014 -0700
@@ -2860,14 +2860,25 @@
             } else {
                 //              Get encoding from BOM or the xml text decl.
                 reader = bom(is.getByteStream(), ' ');
+                /**
+                 * [#4.3.3] requires BOM for UTF-16, however, it's not uncommon
+                 * that it may be missing. A mature technique exists in Xerces
+                 * to further check for possible UTF-16 encoding
+                 */
+                if (reader == null) {
+                    reader = utf16(is.getByteStream());
+                }
+
                 if (reader == null) {
                     //          Encoding is defined by the xml text decl.
                     reader = enc("UTF-8", is.getByteStream());
                     expenc = xml(reader);
-                    if (expenc.startsWith("UTF-16")) {
-                        panic(FAULT);  // UTF-16 must have BOM [#4.3.3]
+                    if (!expenc.equals("UTF-8")) {
+                        if (expenc.startsWith("UTF-16")) {
+                            panic(FAULT);  // UTF-16 must have BOM [#4.3.3]
+                        }
+                        reader = enc(expenc, is.getByteStream());
                     }
-                    reader = enc(expenc, is.getByteStream());
                 } else {
                     //          Encoding is defined by the BOM.
                     xml(reader);
@@ -2956,6 +2967,49 @@
         }
     }
 
+
+    /**
+     * Using a mature technique from Xerces, this method checks further after
+     * the bom method above to see if the encoding is UTF-16
+     *
+     * @param is A byte stream of the entity.
+     * @return a reader, may be null
+     * @exception Exception is parser specific exception form panic method.
+     * @exception IOException
+     */
+    private Reader utf16(InputStream is)
+            throws Exception {
+        if (mChIdx != 0) {
+            //The bom method has read ONE byte into the buffer.
+            byte b0 = (byte)mChars[0];
+            if (b0 == 0x00 || b0 == 0x3C) {
+                int b1 = is.read();
+                int b2 = is.read();
+                int b3 = is.read();
+                if (b0 == 0x00 && b1 == 0x3C && b2 == 0x00 && b3 == 0x3F) {
+                    // UTF-16, big-endian, no BOM
+                    mChars[0] = (char)(b1);
+                    mChars[mChIdx++] = (char)(b3);
+                    return new ReaderUTF16(is, 'b');
+                } else if (b0 == 0x3C && b1 == 0x00 && b2 == 0x3F && b3 == 0x00) {
+                    // UTF-16, little-endian, no BOM
+                    mChars[0] = (char)(b0);
+                    mChars[mChIdx++] = (char)(b2);
+                    return new ReaderUTF16(is, 'l');
+                } else {
+                    /**not every InputStream supports reset, so we have to remember
+                     * the state for further parsing
+                    **/
+                    mChars[0] = (char)(b0);
+                    mChars[mChIdx++] = (char)(b1);
+                    mChars[mChIdx++] = (char)(b2);
+                    mChars[mChIdx++] = (char)(b3);
+                }
+
+            }
+        }
+        return null;
+    }
     /**
      * Parses the xml text declaration.
      *
@@ -2974,17 +3028,17 @@
         String enc = "UTF-8";
         char ch;
         int val;
-        short st;
-        //              Read the xml text declaration into the buffer
-        if (mChIdx != 0) {
-            //          The bom method have read ONE char into the buffer.
-            st = (short) ((mChars[0] == '<') ? 1 : -1);
-        } else {
-            st = 0;
-        }
+        short st = 0;
+        int byteRead =  mChIdx; //number of bytes read prior to entering this method
+
         while (st >= 0 && mChIdx < mChars.length) {
-            ch = ((val = reader.read()) >= 0) ? (char) val : EOS;
-            mChars[mChIdx++] = ch;
+            if (st < byteRead) {
+                ch = mChars[st];
+            } else {
+                ch = ((val = reader.read()) >= 0) ? (char) val : EOS;
+                mChars[mChIdx++] = ch;
+            }
+
             switch (st) {
                 case 0:     // read '<' of xml declaration
                     switch (ch) {
--- a/src/share/classes/sun/nio/ch/ServerSocketAdaptor.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/classes/sun/nio/ch/ServerSocketAdaptor.java	Fri May 30 09:25:14 2014 -0700
@@ -93,9 +93,9 @@
 
     public Socket accept() throws IOException {
         synchronized (ssc.blockingLock()) {
-            if (!ssc.isBound())
-                throw new IllegalBlockingModeException();
             try {
+                if (!ssc.isBound())
+                    throw new NotYetBoundException();
                 if (timeout == 0) {
                     SocketChannel sc = ssc.accept();
                     if (sc == null && !ssc.isBlocking())
--- a/src/share/classes/sun/security/krb5/KdcComm.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/classes/sun/security/krb5/KdcComm.java	Fri May 30 09:25:14 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -144,7 +144,8 @@
         try {
             Config cfg = Config.getInstance();
             String temp = cfg.get("libdefaults", "kdc_timeout");
-            timeout = parsePositiveIntString(temp);
+            timeout = parseTimeString(temp);
+
             temp = cfg.get("libdefaults", "max_retries");
             max_retries = parsePositiveIntString(temp);
             temp = cfg.get("libdefaults", "udp_preference_limit");
@@ -426,6 +427,25 @@
     }
 
     /**
+     * Parses a time value string. If it ends with "s", parses as seconds.
+     * Otherwise, parses as milliseconds.
+     * @param s the time string
+     * @return the integer value in milliseconds, or -1 if input is null or
+     * has an invalid format
+     */
+    private static int parseTimeString(String s) {
+        if (s == null) {
+            return -1;
+        }
+        if (s.endsWith("s")) {
+            int seconds = parsePositiveIntString(s.substring(0, s.length()-1));
+            return (seconds < 0) ? -1 : (seconds*1000);
+        } else {
+            return parsePositiveIntString(s);
+        }
+    }
+
+    /**
      * Returns krb5.conf setting of {@code key} for a specific realm,
      * which can be:
      * 1. defined in the sub-stanza for the given realm inside [realms], or
@@ -446,7 +466,11 @@
         try {
             String value =
                Config.getInstance().get("realms", realm, key);
-            temp = parsePositiveIntString(value);
+            if (key.equals("kdc_timeout")) {
+                temp = parseTimeString(value);
+            } else {
+                temp = parsePositiveIntString(value);
+            }
         } catch (Exception exc) {
             // Ignored, defValue will be picked up
         }
--- a/src/share/classes/sun/security/smartcardio/CardImpl.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/classes/sun/security/smartcardio/CardImpl.java	Fri May 30 09:25:14 2014 -0700
@@ -246,7 +246,7 @@
         }
         checkExclusive();
         try {
-            SCardDisconnect(cardId, (reset ? SCARD_LEAVE_CARD : SCARD_RESET_CARD));
+            SCardDisconnect(cardId, (reset ? SCARD_RESET_CARD : SCARD_LEAVE_CARD));
         } catch (PCSCException e) {
             throw new CardException("disconnect() failed", e);
         } finally {
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java	Fri May 30 09:25:14 2014 -0700
@@ -1560,8 +1560,7 @@
             first = false;
         }
         try {
-            CertPath cp = certificateFactory.generateCertPath(certs);
-            validator.validate(cp, pkixParameters);
+            validateCertChain(certs);
         } catch (Exception e) {
             if (debug) {
                 e.printStackTrace();
@@ -1871,8 +1870,7 @@
             printCert("", certChain[0], true, null, true);
 
             try {
-                CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
-                validator.validate(cp, pkixParameters);
+                validateCertChain(Arrays.asList(certChain));
             } catch (Exception e) {
                 if (debug) {
                     e.printStackTrace();
@@ -1937,6 +1935,22 @@
         System.exit(1);
     }
 
+    void validateCertChain(List<? extends Certificate> certs) throws Exception {
+        int cpLen = 0;
+        out: for (; cpLen<certs.size(); cpLen++) {
+            for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
+                if (ta.getTrustedCert().equals(certs.get(cpLen))) {
+                    break out;
+                }
+            }
+        }
+        if (cpLen > 0) {
+            CertPath cp = certificateFactory.generateCertPath(
+                    (cpLen == certs.size())? certs: certs.subList(0, cpLen));
+            validator.validate(cp, pkixParameters);
+        }
+    }
+
     char[] getPass(String prompt)
     {
         System.err.print(prompt);
--- a/src/share/native/sun/security/smartcardio/pcsc.c	Thu May 29 22:32:11 2014 -0700
+++ b/src/share/native/sun/security/smartcardio/pcsc.c	Fri May 30 09:25:14 2014 -0700
@@ -125,7 +125,7 @@
 jobjectArray pcsc_multi2jstring(JNIEnv *env, char *spec) {
     jobjectArray result;
     jclass stringClass;
-    char *cp, **tab;
+    char *cp, **tab = NULL;
     jstring js;
     int cnt = 0;
 
@@ -179,7 +179,7 @@
 {
     SCARDCONTEXT context = (SCARDCONTEXT)jContext;
     LONG rv;
-    LPTSTR mszReaders;
+    LPTSTR mszReaders = NULL;
     DWORD size = 0;
     jobjectArray result;
 
@@ -190,19 +190,21 @@
     }
     dprintf1("-size: %d\n", size);
 
-    mszReaders = malloc(size);
-    if (mszReaders == NULL) {
-        throwOutOfMemoryError(env, NULL);
-        return NULL;
+    if (size) {
+        mszReaders = malloc(size);
+        if (mszReaders == NULL) {
+            throwOutOfMemoryError(env, NULL);
+            return NULL;
+        }
+
+        rv = CALL_SCardListReaders(context, NULL, mszReaders, &size);
+        if (handleRV(env, rv)) {
+            free(mszReaders);
+            return NULL;
+        }
+        dprintf1("-String: %s\n", mszReaders);
     }
 
-    rv = CALL_SCardListReaders(context, NULL, mszReaders, &size);
-    if (handleRV(env, rv)) {
-        free(mszReaders);
-        return NULL;
-    }
-    dprintf1("-String: %s\n", mszReaders);
-
     result = pcsc_multi2jstring(env, mszReaders);
     free(mszReaders);
     return result;
@@ -336,7 +338,7 @@
     const char *readerName;
 
     readerState = calloc(readers, sizeof(SCARD_READERSTATE));
-    if (readerState == NULL) {
+    if (readerState == NULL && readers > 0) {
         throwOutOfMemoryError(env, NULL);
         return NULL;
     }
@@ -348,6 +350,10 @@
     }
 
     for (i = 0; i < readers; i++) {
+        readerState[i].szReader = NULL;
+    }
+
+    for (i = 0; i < readers; i++) {
         jobject jReaderName = (*env)->GetObjectArrayElement(env, jReaderNames, i);
         if ((*env)->ExceptionCheck(env)) {
             goto cleanup;
@@ -369,9 +375,11 @@
         (*env)->DeleteLocalRef(env, jReaderName);
     }
 
-    rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers);
-    if (handleRV(env, rv)) {
-        goto cleanup;
+    if (readers > 0) {
+        rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers);
+        if (handleRV(env, rv)) {
+            goto cleanup;
+        }
     }
 
     jEventState = (*env)->NewIntArray(env, readers);
--- a/src/solaris/classes/java/lang/UNIXProcess.java	Thu May 29 22:32:11 2014 -0700
+++ b/src/solaris/classes/java/lang/UNIXProcess.java	Fri May 30 09:25:14 2014 -0700
@@ -97,6 +97,7 @@
                 EnumSet.copyOf(Arrays.asList(launchMechanisms));
         }
 
+        @SuppressWarnings("fallthrough")
         private String helperPath(String javahome, String osArch) {
             switch (this) {
                 case SOLARIS:
--- a/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Thu May 29 22:32:11 2014 -0700
+++ b/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Fri May 30 09:25:14 2014 -0700
@@ -136,5 +136,9 @@
     if ((*env)->ExceptionCheck(env)) {
          return;
     }
+#ifndef __APPLE__
     scardControl          = (FPTR_SCardControl)         findFunction(env, hModule, "SCardControl");
+#else
+    scardControl          = (FPTR_SCardControl)         findFunction(env, hModule, "SCardControl132");
+#endif // __APPLE__
 }
--- a/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java	Thu May 29 22:32:11 2014 -0700
+++ b/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java	Fri May 30 09:25:14 2014 -0700
@@ -33,11 +33,9 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.nio.file.Files;
-import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.attribute.PosixFileAttributeView;
-import java.util.stream.Stream;
 
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
@@ -163,34 +161,66 @@
         tr.assertZero("Should still return 0");
     }
 
+    private static boolean isWriteableDirectory(Path p) {
+        if (!Files.isDirectory(p)) {
+            return false;
+        }
+        Path test = p.resolve(Paths.get("test"));
+        try {
+            Files.createFile(test);
+            assertTrue(Files.exists(test));
+            return true;
+        } catch (IOException e) {
+            assertFalse(Files.exists(test));
+            return false;
+        } finally {
+            if (Files.exists(test)) {
+                try {
+                    Files.delete(test);
+                } catch (IOException e) {
+                    throw new Error(e);
+                }
+            }
+        }
+    }
+
     @Test
     public void testDumpDirNotWritable() throws IOException {
-        if (! Files.getFileStore(Paths.get("."))
-                   .supportsFileAttributeView(PosixFileAttributeView.class)) {
+        if (!Files.getFileStore(Paths.get("."))
+                  .supportsFileAttributeView(PosixFileAttributeView.class)) {
             // No easy way to setup readonly directory without POSIX
             // We would like to skip the test with a cause with
             //     throw new SkipException("Posix not supported");
             // but jtreg will report failure so we just pass the test
             // which we can look at if jtreg changed its behavior
+            System.out.println("WARNING: POSIX is not supported. Skipping testDumpDirNotWritable test.");
             return;
         }
 
         Files.createDirectory(Paths.get("readOnly"),
                               asFileAttribute(fromString("r-xr-xr-x")));
+        try {
+            if (isWriteableDirectory(Paths.get("readOnly"))) {
+                // Skipping the test: it's allowed to write into read-only directory
+                // (e.g. current user is super user).
+                System.out.println("WARNING: readOnly directory is writeable. Skipping testDumpDirNotWritable test.");
+                return;
+            }
 
-        TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
-                               "-cp", ".",
-                               "-Djdk.internal.lambda.dumpProxyClasses=readOnly",
-                               "-Djava.security.manager",
-                               "com.example.TestLambda");
-        assertEquals(tr.testOutput.stream()
-                                  .filter(s -> s.startsWith("WARNING"))
-                                  .peek(s -> assertTrue(s.contains("not writable")))
-                                  .count(),
-                     1, "only show error once");
-        tr.assertZero("Should still return 0");
-
-        TestUtil.removeAll(Paths.get("readOnly"));
+            TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
+                                   "-cp", ".",
+                                   "-Djdk.internal.lambda.dumpProxyClasses=readOnly",
+                                   "-Djava.security.manager",
+                                   "com.example.TestLambda");
+            assertEquals(tr.testOutput.stream()
+                                      .filter(s -> s.startsWith("WARNING"))
+                                      .peek(s -> assertTrue(s.contains("not writable")))
+                                      .count(),
+                         1, "only show error once");
+            tr.assertZero("Should still return 0");
+        } finally {
+            TestUtil.removeAll(Paths.get("readOnly"));
+        }
     }
 
     @Test
--- a/test/java/util/Properties/LoadAndStoreXML.java	Thu May 29 22:32:11 2014 -0700
+++ b/test/java/util/Properties/LoadAndStoreXML.java	Fri May 30 09:25:14 2014 -0700
@@ -32,6 +32,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
 import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -47,6 +48,7 @@
 import java.util.PropertyPermission;
 
 public class LoadAndStoreXML {
+    static final String bomChar = "\uFEFF";
 
     /**
      * Simple policy implementation that grants a set of permissions to
@@ -125,13 +127,14 @@
      * Sanity test that properties saved with Properties#storeToXML can be
      * read with Properties#loadFromXML.
      */
-    static void testLoadAndStore(String encoding) throws IOException {
+    static void testLoadAndStore(String encoding, boolean appendBOM) throws IOException {
         System.out.println("testLoadAndStore, encoding=" + encoding);
 
         Properties props = new Properties();
+        props.put("k0", "\u6C34");
         props.put("k1", "foo");
         props.put("k2", "bar");
-        props.put("k3", "\\u0020\\u0391\\u0392\\u0393\\u0394\\u0395\\u0396\\u0397");
+        props.put("k3", "\u0020\u0391\u0392\u0393\u0394\u0395\u0396\u0397");
         props.put("k4", "\u7532\u9aa8\u6587");
         props.put("k5", "<java.home>/lib/jaxp.properties");
 
@@ -141,7 +144,17 @@
             throw new RuntimeException("OutputStream closed by storeToXML");
 
         Properties p = new Properties();
-        TestInputStream in = new TestInputStream(out.toByteArray());
+        TestInputStream in;
+        if (appendBOM) {
+            byte[] byteOrderMark = bomChar.getBytes(Charset.forName(encoding));
+            byte[] outArray = out.toByteArray();
+            byte[] inputArray = new byte[byteOrderMark.length + outArray.length];
+            System.arraycopy(byteOrderMark, 0, inputArray, 0, byteOrderMark.length);
+            System.arraycopy(outArray, 0, inputArray, byteOrderMark.length, outArray.length);
+            in = new TestInputStream(inputArray);
+        } else {
+            in = new TestInputStream(out.toByteArray());
+        }
         p.loadFromXML(in);
         if (in.isOpen())
             throw new RuntimeException("InputStream not closed by loadFromXML");
@@ -231,8 +244,12 @@
 
     public static void main(String[] args) throws IOException {
 
-        testLoadAndStore("UTF-8");
-        testLoadAndStore("UTF-16");
+        testLoadAndStore("UTF-8", false);
+        testLoadAndStore("UTF-16", false);
+        testLoadAndStore("UTF-16BE", false);
+        testLoadAndStore("UTF-16LE", false);
+        testLoadAndStore("UTF-16BE", true);
+        testLoadAndStore("UTF-16LE", true);
         testLoadWithoutEncoding();
         testLoadWithBadEncoding();
         testStoreWithBadEncoding();
@@ -250,7 +267,7 @@
         Policy.setPolicy(p);
         System.setSecurityManager(new SecurityManager());
         try {
-            testLoadAndStore("UTF-8");
+            testLoadAndStore("UTF-8", false);
         } finally {
             // turn off security manager and restore policy
             System.setSecurityManager(null);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/nio/ch/ServerSocketAdaptorTest.java	Fri May 30 09:25:14 2014 -0700
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8024832
+ */
+
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.net.SocketException;
+import java.nio.channels.ServerSocketChannel;
+
+public class ServerSocketAdaptorTest {
+
+    public static void main(String[] args) throws IOException {
+
+        String message = null;
+
+        try (ServerSocket s = new ServerSocket()) {
+            s.accept();
+            throw new AssertionError();
+        } catch (IOException e) {
+            message = e.getMessage();
+        }
+
+        try (ServerSocket ss = ServerSocketChannel.open().socket()) {
+
+            assert !ss.isBound() : "the assumption !ss.isBound() doesn't hold";
+
+            try {
+                ss.accept();
+                throw new AssertionError();
+            } catch (Exception e) {
+                if (e instanceof SocketException && message.equals(e.getMessage())) {
+                    return;
+                } else {
+                    throw new AssertionError(
+                            "Expected to throw SocketException with a particular message", e);
+                }
+            }
+        }
+    }
+}
--- a/test/sun/security/krb5/auto/KDC.java	Thu May 29 22:32:11 2014 -0700
+++ b/test/sun/security/krb5/auto/KDC.java	Fri May 30 09:25:14 2014 -0700
@@ -141,6 +141,8 @@
     private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100);
     // Options
     private Map<Option,Object> options = new HashMap<>();
+    // Realm-specific krb5.conf settings
+    private List<String> conf = new ArrayList<>();
 
     private Thread thread1, thread2, thread3;
     DatagramSocket u1 = null;
@@ -243,7 +245,7 @@
     /**
      * Sets an option
      * @param key the option name
-     * @param obj the value
+     * @param value the value
      */
     public void setOption(Option key, Object value) {
         if (value == null) {
@@ -373,6 +375,13 @@
     }
 
     /**
+     * Add realm-specific krb5.conf setting
+     */
+    public void addConf(String s) {
+        conf.add(s);
+    }
+
+    /**
      * Writes a krb5.conf for one or more KDC that includes KDC locations for
      * each realm and the default realm name. You can also add extra strings
      * into the file. The method should be called like:
@@ -397,6 +406,7 @@
      * [realms]
      *   REALM.NAME = {
      *     kdc = host:port_number
+     *     # realm-specific settings
      *   }
      * </pre>
      *
@@ -444,10 +454,10 @@
             }
         }
         sb.append("\n[realms]\n");
-        sb.append(realmLineForKDC(kdc));
+        sb.append(kdc.realmLine());
         for (Object o: more) {
             if (o instanceof KDC) {
-                sb.append(realmLineForKDC((KDC)o));
+                sb.append(((KDC)o).realmLine());
             }
         }
         FileOutputStream fos = new FileOutputStream(f);
@@ -1133,14 +1143,16 @@
 
     /**
      * Generates a line for a KDC to put inside [realms] of krb5.conf
-     * @param kdc the KDC
-     * @return REALM.NAME = { kdc = host:port }
+     * @return REALM.NAME = { kdc = host:port etc }
      */
-    private static String realmLineForKDC(KDC kdc) {
-        return String.format("%s = {\n    kdc = %s:%d\n}\n",
-                kdc.realm,
-                kdc.kdc,
-                kdc.port);
+    private String realmLine() {
+        StringBuilder sb = new StringBuilder();
+        sb.append(realm).append(" = {\n    kdc = ")
+                .append(kdc).append(':').append(port).append('\n');
+        for (String s: conf) {
+            sb.append("    ").append(s).append('\n');
+        }
+        return sb.append("}\n").toString();
     }
 
     /**
--- a/test/sun/security/krb5/auto/UdpTcp.java	Thu May 29 22:32:11 2014 -0700
+++ b/test/sun/security/krb5/auto/UdpTcp.java	Fri May 30 09:25:14 2014 -0700
@@ -43,9 +43,15 @@
         OneKDC kdc = new OneKDC(null);
         kdc.writeJAASConf();
 
-        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
-                "udp_preference_limit = "
-                        + (args[0].equals("UDP") ? "1000" : "100"));
+        // Two styles of kdc_timeout setting. One global, one realm-specific.
+        if (args[0].equals("UDP")) {
+            KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+                    "kdc_timeout = 10s");
+        } else {
+            kdc.addConf("kdc_timeout = 10s");
+            KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+                    "udp_preference_limit = 1");
+        }
         Config.refresh();
 
         ByteArrayOutputStream bo = new ByteArrayOutputStream();
@@ -56,7 +62,7 @@
 
         for (String line: new String(bo.toByteArray()).split("\n")) {
             if (line.contains(">>> KDCCommunication")) {
-                if (!line.contains(args[0])) {
+                if (!line.contains(args[0]) || !line.contains("timeout=10000")) {
                     throw new Exception("No " + args[0] + " in: " + line);
                 }
             }
--- a/test/sun/security/pkcs11/PKCS11Test.java	Thu May 29 22:32:11 2014 -0700
+++ b/test/sun/security/pkcs11/PKCS11Test.java	Fri May 30 09:25:14 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -457,7 +457,7 @@
         osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"});
         osMap.put("SunOS-amd64-64", new String[]{"/usr/lib/mps/64/"});
         osMap.put("Linux-i386-32", new String[]{
-            "/usr/lib/i386-linux-gnu/", "/usr/lib/"});
+            "/usr/lib/i386-linux-gnu/", "/usr/lib32/", "/usr/lib/"});
         osMap.put("Linux-amd64-64", new String[]{
             "/usr/lib/x86_64-linux-gnu/", "/usr/lib/x86_64-linux-gnu/nss/",
             "/usr/lib64/"});
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/certpolicy.sh	Fri May 30 09:25:14 2014 -0700
@@ -0,0 +1,80 @@
+#
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8036709
+# @summary Java 7 jarsigner displays warning about cert policy tree
+#
+# @run shell certpolicy.sh
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \
+        -keypass changeit -storepass changeit -keystore ks -keyalg rsa"
+JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks"
+JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS"
+
+rm ks 2> /dev/null
+$KT -genkeypair -alias ca -dname CN=CA -ext bc
+$KT -genkeypair -alias int -dname CN=Int
+$KT -genkeypair -alias ee -dname CN=EE
+
+# CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
+# PolicyConstraints: [Require: 0; Inhibit: unspecified]
+$KT -certreq -alias int | \
+        $KT -gencert -rfc -alias ca \
+                -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \
+                -ext "2.5.29.36=30 03 80 01 00" -ext bc | \
+        $KT -import -alias int
+
+# CertificatePolicies [[PolicyId: [1.2.3]]]
+$KT -certreq -alias ee | \
+        $KT -gencert -rfc -alias int \
+                -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \
+        $KT -import -alias ee
+
+$KT -export -alias ee -rfc > cc
+$KT -export -alias int -rfc >> cc
+$KT -export -alias ca -rfc >> cc
+
+$KT -delete -alias int
+
+ERR=''
+$JAR cvf a.jar cc
+
+# Make sure the certchain in the signed jar contains all 3 certs
+$JS -strict -certchain cc a.jar ee -debug || ERR="sign"
+$JS -strict -verify a.jar -debug || ERR="$ERR verify"
+
+if [ "$ERR" = "" ]; then
+    echo "Success"
+    exit 0
+else
+    echo "Failed: $ERR"
+    exit 1
+fi
+
--- a/test/sun/security/tools/keytool/autotest.sh	Thu May 29 22:32:11 2014 -0700
+++ b/test/sun/security/tools/keytool/autotest.sh	Fri May 30 09:25:14 2014 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -72,6 +72,8 @@
   Linux )
     if [ $B32 = true ]; then
         LIBNAME=`find_one \
+            "/usr/lib32/libsoftokn3.so" \
+            "/usr/lib32/nss/libsoftokn3.so" \
             "/usr/lib/libsoftokn3.so" \
             "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so" \
             "/usr/lib/nss/libsoftokn3.so"`