changeset 28532:8b8032678def

Merge
author prr
date Tue, 23 Dec 2014 13:34:20 -0800
parents d0e5475bc8ed 4673729e145d
children aea5ffcd5b2b
files jdk/src/java.base/share/classes/sun/nio/fs/AbstractPath.java
diffstat 97 files changed, 2790 insertions(+), 1152 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/make/src/classes/build/tools/tzdb/TzdbZoneRulesProvider.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/make/src/classes/build/tools/tzdb/TzdbZoneRulesProvider.java	Tue Dec 23 13:34:20 2014 -0800
@@ -758,8 +758,8 @@
                         if (endYear == Year.MAX_VALUE) {
                             endYear = startYear;
                             lastRules.add(new TransRule(endYear, rule));
-                            lastRulesStartYear = Math.max(startYear, lastRulesStartYear);
                         }
+                        lastRulesStartYear = Math.max(startYear, lastRulesStartYear);
                     } else {
                         if (endYear == Year.MAX_VALUE) {
                             //endYear = zoneEnd.getYear();
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 package com.sun.crypto.provider;
 
 import java.security.InvalidKeyException;
+import java.security.ProviderException;
+
 
 /**
  * This class represents ciphers in cipher block chaining (CBC) mode.
@@ -122,31 +124,31 @@
      *
      * <p>The input plain text <code>plain</code>, starting at
      * <code>plainOffset</code> and ending at
-     * <code>(plainOffset + len - 1)</code>, is encrypted.
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
      * The result is stored in <code>cipher</code>, starting at
      * <code>cipherOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the embedded cipher's block size,
-     * as any excess bytes are ignored.
-     *
      * @param plain the buffer with the input data to be encrypted
      * @param plainOffset the offset in <code>plain</code>
      * @param plainLen the length of the input data
      * @param cipher the buffer for the result
      * @param cipherOffset the offset in <code>cipher</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
      * @return the length of the encrypted data
      */
     int encrypt(byte[] plain, int plainOffset, int plainLen,
                 byte[] cipher, int cipherOffset)
     {
-        int i;
+        if ((plainLen % blockSize) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
         int endIndex = plainOffset + plainLen;
 
         for (; plainOffset < endIndex;
              plainOffset+=blockSize, cipherOffset += blockSize) {
-            for (i=0; i<blockSize; i++) {
-                k[i] = (byte)(plain[i+plainOffset] ^ r[i]);
+            for (int i = 0; i < blockSize; i++) {
+                k[i] = (byte)(plain[i + plainOffset] ^ r[i]);
             }
             embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
             System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
@@ -159,14 +161,10 @@
      *
      * <p>The input cipher text <code>cipher</code>, starting at
      * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
+     * <code>(cipherOffset + cipherLen - 1)</code>, is decrypted.
      * The result is stored in <code>plain</code>, starting at
      * <code>plainOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the embedded cipher's block
-     * size, as any excess bytes are ignored.
-     *
      * <p>It is also the application's responsibility to make sure that
      * <code>init</code> has been called before this method is called.
      * (This check is omitted here, to avoid double checking.)
@@ -176,23 +174,23 @@
      * @param cipherLen the length of the input data
      * @param plain the buffer for the result
      * @param plainOffset the offset in <code>plain</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
      * @return the length of the decrypted data
-     *
-     * @exception IllegalBlockSizeException if input data whose length does
-     * not correspond to the embedded cipher's block size is passed to the
-     * embedded cipher
      */
     int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
                 byte[] plain, int plainOffset)
     {
-        int i;
+        if ((cipherLen % blockSize) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
         int endIndex = cipherOffset + cipherLen;
 
         for (; cipherOffset < endIndex;
              cipherOffset += blockSize, plainOffset += blockSize) {
             embeddedCipher.decryptBlock(cipher, cipherOffset, k, 0);
-            for (i = 0; i < blockSize; i++) {
-                plain[i+plainOffset] = (byte)(k[i] ^ r[i]);
+            for (int i = 0; i < blockSize; i++) {
+                plain[i + plainOffset] = (byte)(k[i] ^ r[i]);
             }
             System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
         }
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java	Tue Dec 23 13:34:20 2014 -0800
@@ -708,7 +708,7 @@
             len -= blockSize;
         }
         // do not count the trailing bytes which do not make up a unit
-        len = (len > 0 ? (len - (len%unitBytes)) : 0);
+        len = (len > 0 ? (len - (len % unitBytes)) : 0);
 
         // check output buffer capacity
         if ((output == null) ||
@@ -747,6 +747,9 @@
                     int bufferCapacity = buffer.length - buffered;
                     if (bufferCapacity != 0) {
                         temp = Math.min(bufferCapacity, inputConsumed);
+                        if (unitBytes != blockSize) {
+                            temp -= ((buffered + temp) % unitBytes);
+                        }
                         System.arraycopy(input, inputOffset, buffer, buffered, temp);
                         inputOffset += temp;
                         inputConsumed -= temp;
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherFeedback.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherFeedback.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.security.InvalidKeyException;
+import java.security.ProviderException;
 
 /**
  * This class represents ciphers in cipher-feedback (CFB) mode.
@@ -133,66 +134,72 @@
      *
      * <p>The input plain text <code>plain</code>, starting at
      * <code>plainOffset</code> and ending at
-     * <code>(plainOffset + len - 1)</code>, is encrypted.
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
      * The result is stored in <code>cipher</code>, starting at
      * <code>cipherOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the stream unit size
-     * <code>numBytes</code>, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param plain the buffer with the input data to be encrypted
      * @param plainOffset the offset in <code>plain</code>
      * @param plainLen the length of the input data
      * @param cipher the buffer for the result
      * @param cipherOffset the offset in <code>cipher</code>
+     * @exception ProviderException if <code>plainLen</code> is not
+     * a multiple of the <code>numBytes</code>
      * @return the length of the encrypted data
      */
     int encrypt(byte[] plain, int plainOffset, int plainLen,
-                byte[] cipher, int cipherOffset)
-    {
-        int i, len;
-        len = blockSize - numBytes;
+                byte[] cipher, int cipherOffset) {
+        if ((plainLen % numBytes) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
+
+        int nShift = blockSize - numBytes;
         int loopCount = plainLen / numBytes;
+
+        for (; loopCount > 0 ;
+             plainOffset += numBytes, cipherOffset += numBytes,
+             loopCount--) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            if (nShift != 0) {
+                System.arraycopy(register, numBytes, register, 0, nShift);
+            }
+            for (int i = 0; i < numBytes; i++) {
+                register[nShift + i] = cipher[i + cipherOffset] =
+                        (byte)(k[i] ^ plain[i + plainOffset]);
+            }
+        }
+        return plainLen;
+    }
+
+    /**
+     * Performs the last encryption operation.
+     *
+     * <p>The input plain text <code>plain</code>, starting at
+     * <code>plainOffset</code> and ending at
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
+     * The result is stored in <code>cipher</code>, starting at
+     * <code>cipherOffset</code>.
+     *
+     * @param plain the buffer with the input data to be encrypted
+     * @param plainOffset the offset in <code>plain</code>
+     * @param plainLen the length of the input data
+     * @param cipher the buffer for the result
+     * @param cipherOffset the offset in <code>cipher</code>
+     * @return the number of bytes placed into <code>cipher</code>
+     */
+    int encryptFinal(byte[] plain, int plainOffset, int plainLen,
+                     byte[] cipher, int cipherOffset) {
+
         int oddBytes = plainLen % numBytes;
-
-        if (len == 0) {
-            for (; loopCount > 0 ;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i = 0; i < blockSize; i++)
-                    register[i] = cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-            }
-            if (oddBytes > 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<oddBytes; i++)
-                    register[i] = cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-            }
-        } else {
-            for (; loopCount > 0 ;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                System.arraycopy(register, numBytes, register, 0, len);
-                for (i=0; i<numBytes; i++)
-                    register[i+len] = cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-
-            }
-            if (oddBytes != 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                System.arraycopy(register, numBytes, register, 0, len);
-                for (i=0; i<oddBytes; i++) {
-                    register[i+len] = cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-                }
+        int len = encrypt(plain, plainOffset, (plainLen - oddBytes),
+                          cipher, cipherOffset);
+        plainOffset += len;
+        cipherOffset += len;
+        if (oddBytes != 0) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            for (int i = 0; i < oddBytes; i++) {
+                 cipher[i + cipherOffset] =
+                    (byte)(k[i] ^ plain[i + plainOffset]);
             }
         }
         return plainLen;
@@ -203,17 +210,52 @@
      *
      * <p>The input cipher text <code>cipher</code>, starting at
      * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
+     * <code>(cipherOffset + cipherLen - 1)</code>, is decrypted.
      * The result is stored in <code>plain</code>, starting at
      * <code>plainOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the stream unit size
-     * <code>numBytes</code>, as any excess bytes are ignored.
+     * @param cipher the buffer with the input data to be decrypted
+     * @param cipherOffset the offset in <code>cipherOffset</code>
+     * @param cipherLen the length of the input data
+     * @param plain the buffer for the result
+     * @param plainOffset the offset in <code>plain</code>
+     * @exception ProviderException if <code>cipherLen</code> is not
+     * a multiple of the <code>numBytes</code>
+     * @return the length of the decrypted data
+     */
+    int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+                byte[] plain, int plainOffset) {
+        if ((cipherLen % numBytes) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
+
+        int nShift = blockSize - numBytes;
+        int loopCount = cipherLen / numBytes;
+
+        for (; loopCount > 0;
+             plainOffset += numBytes, cipherOffset += numBytes,
+             loopCount--) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            if (nShift != 0) {
+                System.arraycopy(register, numBytes, register, 0, nShift);
+            }
+            for (int i = 0; i < numBytes; i++) {
+                register[i + nShift] = cipher[i + cipherOffset];
+                plain[i + plainOffset]
+                    = (byte)(cipher[i + cipherOffset] ^ k[i]);
+            }
+        }
+        return cipherLen;
+    }
+
+    /**
+     * Performs the last decryption operation.
      *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
+     * <p>The input cipher text <code>cipher</code>, starting at
+     * <code>cipherOffset</code> and ending at
+     * <code>(cipherOffset + cipherLen - 1)</code>, is decrypted.
+     * The result is stored in <code>plain</code>, starting at
+     * <code>plainOffset</code>.
      *
      * @param cipher the buffer with the input data to be decrypted
      * @param cipherOffset the offset in <code>cipherOffset</code>
@@ -222,53 +264,19 @@
      * @param plainOffset the offset in <code>plain</code>
      * @return the length of the decrypted data
      */
-    int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
-                byte[] plain, int plainOffset)
-    {
-        int i, len;
-        len = blockSize - numBytes;
-        int loopCount = cipherLen / numBytes;
+    int decryptFinal(byte[] cipher, int cipherOffset, int cipherLen,
+                byte[] plain, int plainOffset) {
+
         int oddBytes = cipherLen % numBytes;
-
-        if (len == 0) {
-            for (; loopCount > 0;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i = 0; i < blockSize; i++) {
-                    register[i] = cipher[i+cipherOffset];
-                    plain[i+plainOffset]
-                        = (byte)(cipher[i+cipherOffset] ^ k[i]);
-                }
-            }
-            if (oddBytes > 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<oddBytes; i++) {
-                    register[i] = cipher[i+cipherOffset];
-                    plain[i+plainOffset]
-                        = (byte)(cipher[i+cipherOffset] ^ k[i]);
-                }
-            }
-        } else {
-            for (; loopCount > 0;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                System.arraycopy(register, numBytes, register, 0, len);
-                for (i=0; i<numBytes; i++) {
-                    register[i+len] = cipher[i+cipherOffset];
-                    plain[i+plainOffset]
-                        = (byte)(cipher[i+cipherOffset] ^ k[i]);
-                }
-            }
-            if (oddBytes != 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                System.arraycopy(register, numBytes, register, 0, len);
-                for (i=0; i<oddBytes; i++) {
-                    register[i+len] = cipher[i+cipherOffset];
-                    plain[i+plainOffset]
-                        = (byte)(cipher[i+cipherOffset] ^ k[i]);
-                }
+        int len = decrypt(cipher, cipherOffset, (cipherLen - oddBytes),
+                          plain, plainOffset);
+        cipherOffset += len;
+        plainOffset += len;
+        if (oddBytes != 0) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            for (int i = 0; i < oddBytes; i++) {
+                plain[i + plainOffset]
+                    = (byte)(cipher[i + cipherOffset] ^ k[i]);
             }
         }
         return cipherLen;
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CounterMode.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CounterMode.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 201313, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
 
 import java.security.InvalidKeyException;
 
+
 /**
  * This class represents ciphers in counter (CTR) mode.
  *
@@ -136,14 +137,6 @@
      * The result is stored in <code>cipher</code>, starting at
      * <code>cipherOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the embedded cipher's block size,
-     * as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param in the buffer with the input data to be encrypted
      * @param inOffset the offset in <code>plain</code>
      * @param len the length of the input data
@@ -155,30 +148,7 @@
         return crypt(in, inOff, len, out, outOff);
     }
 
-    /**
-     * Performs decryption operation.
-     *
-     * <p>The input cipher text <code>cipher</code>, starting at
-     * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
-     * The result is stored in <code>plain</code>, starting at
-     * <code>plainOffset</code>.
-     *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the embedded cipher's block
-     * size, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
-     * @param in the buffer with the input data to be decrypted
-     * @param inOff the offset in <code>cipherOffset</code>
-     * @param len the length of the input data
-     * @param out the buffer for the result
-     * @param outOff the offset in <code>plain</code>
-     * @return the length of the decrypted data
-     */
+    // CTR encrypt and decrypt are identical
     int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
         return crypt(in, inOff, len, out, outOff);
     }
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.security.InvalidKeyException;
+import java.security.ProviderException;
 
 /**
  * This class represents ciphers in electronic codebook (ECB) mode.
@@ -96,28 +97,24 @@
     /**
      * Performs encryption operation.
      *
-     * <p>The input plain text <code>plain</code>, starting at
-     * <code>plainOffset</code> and ending at
-     * <code>(plainOffset + len - 1)</code>, is encrypted.
-     * The result is stored in <code>cipher</code>, starting at
-     * <code>cipherOffset</code>.
-     *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the embedded cipher's block size,
-     * as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
+     * <p>The input plain text <code>in</code>, starting at
+     * <code>inOff</code> and ending at * <code>(inOff + len - 1)</code>,
+     * is encrypted. The result is stored in <code>out</code>, starting at
+     * <code>outOff</code>.
      *
      * @param in the buffer with the input data to be encrypted
-     * @param inOffset the offset in <code>plain</code>
+     * @param inOff the offset in <code>plain</code>
      * @param len the length of the input data
      * @param out the buffer for the result
      * @param outOff the offset in <code>cipher</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
      * @return the length of the encrypted data
      */
     int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+        if ((len % blockSize) != 0) {
+             throw new ProviderException("Internal error in input buffering");
+        }
         for (int i = len; i >= blockSize; i -= blockSize) {
             embeddedCipher.encryptBlock(in, inOff, out, outOff);
             inOff += blockSize;
@@ -129,28 +126,24 @@
     /**
      * Performs decryption operation.
      *
-     * <p>The input cipher text <code>cipher</code>, starting at
-     * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
-     * The result is stored in <code>plain</code>, starting at
-     * <code>plainOffset</code>.
-     *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the embedded cipher's block
-     * size, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
+     * <p>The input cipher text <code>in</code>, starting at
+     * <code>inOff</code> and ending at * <code>(inOff + len - 1)</code>,
+     * is decrypted.The result is stored in <code>out</code>, starting at
+     * <code>outOff</code>.
      *
      * @param in the buffer with the input data to be decrypted
      * @param inOff the offset in <code>cipherOffset</code>
      * @param len the length of the input data
      * @param out the buffer for the result
      * @param outOff the offset in <code>plain</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
      * @return the length of the decrypted data
      */
     int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+        if ((len % blockSize) != 0) {
+             throw new ProviderException("Internal error in input buffering");
+        }
         for (int i = len; i >= blockSize; i -= blockSize) {
             embeddedCipher.decryptBlock(in, inOff, out, outOff);
             inOff += blockSize;
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -371,21 +371,19 @@
      * and ending at <code>(inOff + len - 1)</code>, is encrypted. The result
      * is stored in <code>out</code>, starting at <code>outOfs</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>len</code> is a multiple of the embedded cipher's block size,
-     * otherwise, a ProviderException will be thrown.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param in the buffer with the input data to be encrypted
      * @param inOfs the offset in <code>in</code>
      * @param len the length of the input data
      * @param out the buffer for the result
      * @param outOfs the offset in <code>out</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
+     * @return the number of bytes placed into the <code>out</code> buffer
      */
     int encrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+        if ((len % blockSize) != 0) {
+             throw new ProviderException("Internal error in input buffering");
+        }
         processAAD();
         if (len > 0) {
             gctrPAndC.update(in, inOfs, len, out, outOfs);
@@ -398,9 +396,6 @@
     /**
      * Performs encryption operation for the last time.
      *
-     * <p>NOTE: <code>len</code> may not be multiple of the embedded
-     * cipher's block size for this call.
-     *
      * @param in the input buffer with the data to be encrypted
      * @param inOfs the offset in <code>in</code>
      * @param len the length of the input data
@@ -439,21 +434,19 @@
      * is decrypted. The result is stored in <code>out</code>, starting at
      * <code>outOfs</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>len</code> is a multiple of the embedded cipher's block
-     * size, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param in the buffer with the input data to be decrypted
      * @param inOfs the offset in <code>in</code>
      * @param len the length of the input data
      * @param out the buffer for the result
      * @param outOfs the offset in <code>out</code>
+     * @exception ProviderException if <code>len</code> is not
+     * a multiple of the block size
+     * @return the number of bytes placed into the <code>out</code> buffer
      */
     int decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+        if ((len % blockSize) != 0) {
+             throw new ProviderException("Internal error in input buffering");
+        }
         processAAD();
 
         if (len > 0) {
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java	Tue Dec 23 13:34:20 2014 -0800
@@ -898,4 +898,20 @@
         md.update("Mighty Aphrodite".getBytes("UTF8"));
         return md;
     }
+
+    /**
+     * Probe the first few bytes of the keystore data stream for a valid
+     * JCEKS keystore encoding.
+     */
+    @Override
+    public boolean engineProbe(InputStream stream) throws IOException {
+        DataInputStream dataStream;
+        if (stream instanceof DataInputStream) {
+            dataStream = (DataInputStream)stream;
+        } else {
+            dataStream = new DataInputStream(stream);
+        }
+
+        return JCEKS_MAGIC == dataStream.readInt();
+    }
 }
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/OutputFeedback.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/OutputFeedback.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.security.InvalidKeyException;
+import java.security.ProviderException;
 
 /**
  * This class represents ciphers in output-feedback (OFB) mode.
@@ -132,17 +133,52 @@
      *
      * <p>The input plain text <code>plain</code>, starting at
      * <code>plainOffset</code> and ending at
-     * <code>(plainOffset + len - 1)</code>, is encrypted.
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
      * The result is stored in <code>cipher</code>, starting at
      * <code>cipherOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the stream unit size
-     * <code>numBytes</code>, as any excess bytes are ignored.
+     * @param plain the buffer with the input data to be encrypted
+     * @param plainOffset the offset in <code>plain</code>
+     * @param plainLen the length of the input data
+     * @param cipher the buffer for the result
+     * @param cipherOffset the offset in <code>cipher</code>
+     * @exception ProviderException if <code>plainLen</code> is not
+     * a multiple of the <code>numBytes</code>
+     * @return the length of the encrypted data
+     */
+    int encrypt(byte[] plain, int plainOffset, int plainLen,
+                byte[] cipher, int cipherOffset) {
+
+        if ((plainLen % numBytes) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
+        int nShift = blockSize - numBytes;
+        int loopCount = plainLen / numBytes;
+
+        for (; loopCount > 0;
+             plainOffset += numBytes, cipherOffset += numBytes,
+             loopCount--) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            for (int i = 0; i < numBytes; i++) {
+                cipher[i + cipherOffset] =
+                    (byte)(k[i] ^ plain[i + plainOffset]);
+                if (nShift != 0) {
+                    System.arraycopy(register, numBytes, register, 0, nShift);
+                }
+                System.arraycopy(k, 0, register, nShift, numBytes);
+            }
+        }
+        return plainLen;
+    }
+
+    /**
+     * Performs last encryption operation.
      *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
+     * <p>The input plain text <code>plain</code>, starting at
+     * <code>plainOffset</code> and ending at
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
+     * The result is stored in <code>cipher</code>, starting at
+     * <code>cipherOffset</code>.
      *
      * @param plain the buffer with the input data to be encrypted
      * @param plainOffset the offset in <code>plain</code>
@@ -151,82 +187,34 @@
      * @param cipherOffset the offset in <code>cipher</code>
      * @return the length of the encrypted data
      */
-    int encrypt(byte[] plain, int plainOffset, int plainLen,
-                byte[] cipher, int cipherOffset)
-    {
-        int i;
-        int len = blockSize - numBytes;
-        int loopCount = plainLen / numBytes;
+    int encryptFinal(byte[] plain, int plainOffset, int plainLen,
+                     byte[] cipher, int cipherOffset) {
         int oddBytes = plainLen % numBytes;
+        int len = encrypt(plain, plainOffset, (plainLen - oddBytes),
+                          cipher, cipherOffset);
+        plainOffset += len;
+        cipherOffset += len;
 
-        if (len == 0) {
-            for (; loopCount > 0;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<numBytes; i++)
-                    cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-                System.arraycopy(k, 0, register, 0, numBytes);
-            }
-            if (oddBytes > 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<oddBytes; i++)
-                    cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-                System.arraycopy(k, 0, register, 0, numBytes);
-            }
-        } else {
-            for (; loopCount > 0;
-                 plainOffset += numBytes, cipherOffset += numBytes,
-                 loopCount--) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<numBytes; i++)
-                    cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-                System.arraycopy(register, numBytes, register, 0, len);
-                System.arraycopy(k, 0, register, len, numBytes);
-            }
-            if (oddBytes > 0) {
-                embeddedCipher.encryptBlock(register, 0, k, 0);
-                for (i=0; i<oddBytes; i++)
-                    cipher[i+cipherOffset] =
-                        (byte)(k[i] ^ plain[i+plainOffset]);
-                System.arraycopy(register, numBytes, register, 0, len);
-                System.arraycopy(k, 0, register, len, numBytes);
+        if (oddBytes != 0) {
+            embeddedCipher.encryptBlock(register, 0, k, 0);
+            for (int i = 0; i < oddBytes; i++) {
+                cipher[i + cipherOffset] =
+                    (byte)(k[i] ^ plain[ i + plainOffset]);
             }
         }
         return plainLen;
     }
 
-    /**
-     * Performs decryption operation.
-     *
-     * <p>The input cipher text <code>cipher</code>, starting at
-     * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
-     * The result is stored in <code>plain</code>, starting at
-     * <code>plainOffset</code>.
-     *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the stream unit size
-     * <code>numBytes</code>, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
-     * @param cipher the buffer with the input data to be decrypted
-     * @param cipherOffset the offset in <code>cipherOffset</code>
-     * @param cipherLen the length of the input data
-     * @param plain the buffer for the result
-     * @param plainOffset the offset in <code>plain</code>
-     * @return the length of the decrypted data
-     */
+    // OFB encrypt and decrypt are identical
     int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
-                        byte[] plain, int plainOffset)
-    {
-        // OFB encrypt and decrypt are identical
+                byte[] plain, int plainOffset) {
         return encrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
     }
+
+    // OFB encrypt and decrypt are identical
+    int decryptFinal(byte[] cipher, int cipherOffset, int cipherLen,
+                     byte[] plain, int plainOffset) {
+        // OFB encrypt and decrypt are identical
+        return encryptFinal(cipher, cipherOffset, cipherLen, plain, plainOffset);
+    }
 }
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/PCBC.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/PCBC.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 package com.sun.crypto.provider;
 
 import java.security.InvalidKeyException;
+import java.security.ProviderException;
+
 
 /**
  * This class represents ciphers in Plaintext Cipher Block Chaining (PCBC)
@@ -118,38 +120,36 @@
      *
      * <p>The input plain text <code>plain</code>, starting at
      * <code>plainOffset</code> and ending at
-     * <code>(plainOffset + len - 1)</code>, is encrypted.
+     * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
      * The result is stored in <code>cipher</code>, starting at
      * <code>cipherOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>plainLen</code> is a multiple of the embedded cipher's block size,
-     * as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param plain the buffer with the input data to be encrypted
      * @param plainOffset the offset in <code>plain</code>
      * @param plainLen the length of the input data
      * @param cipher the buffer for the result
      * @param cipherOffset the offset in <code>cipher</code>
+     * @exception ProviderException if <code>plainLen</code> is not
+     * a multiple of the block size
+     * @return the length of the encrypted data
      */
     int encrypt(byte[] plain, int plainOffset, int plainLen,
                 byte[] cipher, int cipherOffset)
     {
+        if ((plainLen % blockSize) != 0) {
+            throw new ProviderException("Internal error in input buffering");
+        }
         int i;
         int endIndex = plainOffset + plainLen;
 
         for (; plainOffset < endIndex;
              plainOffset += blockSize, cipherOffset += blockSize) {
-            for (i=0; i<blockSize; i++) {
-                k[i] ^= plain[i+plainOffset];
+            for (i = 0; i < blockSize; i++) {
+                k[i] ^= plain[i + plainOffset];
             }
             embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
             for (i = 0; i < blockSize; i++) {
-                k[i] = (byte)(plain[i+plainOffset] ^ cipher[i+cipherOffset]);
+                k[i] = (byte)(plain[i + plainOffset] ^ cipher[i + cipherOffset]);
             }
         }
         return plainLen;
@@ -160,27 +160,25 @@
      *
      * <p>The input cipher text <code>cipher</code>, starting at
      * <code>cipherOffset</code> and ending at
-     * <code>(cipherOffset + len - 1)</code>, is decrypted.
+     * <code>(cipherOffset + cipherLen - 1)</code>, is decrypted.
      * The result is stored in <code>plain</code>, starting at
      * <code>plainOffset</code>.
      *
-     * <p>It is the application's responsibility to make sure that
-     * <code>cipherLen</code> is a multiple of the embedded cipher's block
-     * size, as any excess bytes are ignored.
-     *
-     * <p>It is also the application's responsibility to make sure that
-     * <code>init</code> has been called before this method is called.
-     * (This check is omitted here, to avoid double checking.)
-     *
      * @param cipher the buffer with the input data to be decrypted
      * @param cipherOffset the offset in <code>cipherOffset</code>
      * @param cipherLen the length of the input data
      * @param plain the buffer for the result
      * @param plainOffset the offset in <code>plain</code>
+     * @exception ProviderException if <code>cipherLen</code> is not
+     * a multiple of the block size
+     * @return the length of the decrypted data
      */
     int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
                 byte[] plain, int plainOffset)
     {
+        if ((cipherLen % blockSize) != 0) {
+             throw new ProviderException("Internal error in input buffering");
+        }
         int i;
         int endIndex = cipherOffset + cipherLen;
 
@@ -189,10 +187,10 @@
             embeddedCipher.decryptBlock(cipher, cipherOffset,
                                    plain, plainOffset);
             for (i = 0; i < blockSize; i++) {
-                plain[i+plainOffset] ^= k[i];
+                plain[i + plainOffset] ^= k[i];
             }
             for (i = 0; i < blockSize; i++) {
-                k[i] = (byte)(plain[i+plainOffset] ^ cipher[i+cipherOffset]);
+                k[i] = (byte)(plain[i + plainOffset] ^ cipher[i + cipherOffset]);
             }
         }
         return cipherLen;
--- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java	Tue Dec 23 13:34:20 2014 -0800
@@ -2345,7 +2345,7 @@
                 skipped++;
                 n--;
             }
-            return skipped + skip(n);
+            return skipped + in.skip(n);
         }
 
         public int available() throws IOException {
--- a/jdk/src/java.base/share/classes/java/nio/file/Path.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/java/nio/file/Path.java	Tue Dec 23 13:34:20 2014 -0800
@@ -29,6 +29,7 @@
 import java.io.IOException;
 import java.net.URI;
 import java.util.Iterator;
+import java.util.NoSuchElementException;
 
 /**
  * An object that may be used to locate a file in a file system. It will
@@ -246,6 +247,12 @@
      * "{@code foo/bar}" starts with "{@code foo}" and "{@code foo/bar}". It
      * does not start with "{@code f}" or "{@code fo}".
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     startsWith(getFileSystem().getPath(other));
+     * }</pre>
+     *
      * @param   other
      *          the given path string
      *
@@ -255,7 +262,9 @@
      * @throws  InvalidPathException
      *          If the path string cannot be converted to a Path.
      */
-    boolean startsWith(String other);
+    default boolean startsWith(String other) {
+        return startsWith(getFileSystem().getPath(other));
+    }
 
     /**
      * Tests if this path ends with the given path.
@@ -294,6 +303,12 @@
      * Path}"{@code foo/bar}" with the {@code String} "{@code bar/}" returns
      * {@code true}.
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     endsWith(getFileSystem().getPath(other));
+     * }</pre>
+     *
      * @param   other
      *          the given path string
      *
@@ -303,7 +318,9 @@
      * @throws  InvalidPathException
      *          If the path string cannot be converted to a Path.
      */
-    boolean endsWith(String other);
+    default boolean endsWith(String other) {
+        return endsWith(getFileSystem().getPath(other));
+    }
 
     /**
      * Returns a path that is this path with redundant name elements eliminated.
@@ -365,6 +382,12 @@
      * invoking this method with the path string "{@code gus}" will result in
      * the {@code Path} "{@code foo/bar/gus}".
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     resolve(getFileSystem().getPath(other));
+     * }</pre>
+     *
      * @param   other
      *          the path string to resolve against this path
      *
@@ -375,7 +398,9 @@
      *
      * @see FileSystem#getPath
      */
-    Path resolve(String other);
+    default Path resolve(String other) {
+        return resolve(getFileSystem().getPath(other));
+    }
 
     /**
      * Resolves the given path against this path's {@link #getParent parent}
@@ -389,6 +414,14 @@
      * returns this path's parent, or where this path doesn't have a parent, the
      * empty path.
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     (getParent() == null) ? other : getParent().resolve(other);
+     * }</pre>
+     * unless {@code other == null}, in which case a
+     * {@code NullPointerException} is thrown.
+     *
      * @param   other
      *          the path to resolve against this path's parent
      *
@@ -396,13 +429,24 @@
      *
      * @see #resolve(Path)
      */
-    Path resolveSibling(Path other);
+    default Path resolveSibling(Path other) {
+        if (other == null)
+            throw new NullPointerException();
+        Path parent = getParent();
+        return (parent == null) ? other : parent.resolve(other);
+    }
 
     /**
      * Converts a given path string to a {@code Path} and resolves it against
      * this path's {@link #getParent parent} path in exactly the manner
      * specified by the {@link #resolveSibling(Path) resolveSibling} method.
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     resolveSibling(getFileSystem().getPath(other));
+     * }</pre>
+     *
      * @param   other
      *          the path string to resolve against this path's parent
      *
@@ -413,7 +457,9 @@
      *
      * @see FileSystem#getPath
      */
-    Path resolveSibling(String other);
+    default Path resolveSibling(String other) {
+        return resolveSibling(getFileSystem().getPath(other));
+    }
 
     /**
      * Constructs a relative path between this path and a given path.
@@ -590,12 +636,28 @@
      * File} object returned by this method is {@link #equals equal} to the
      * original {@code File}.
      *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     new File(toString());
+     * }</pre>
+     * if the {@code FileSystem} which created this {@code Path} is the default
+     * file system; otherwise an {@code UnsupportedOperationException} is
+     * thrown.
+     *
      * @return  a {@code File} object representing this path
      *
      * @throws  UnsupportedOperationException
      *          if this {@code Path} is not associated with the default provider
      */
-    File toFile();
+    default File toFile() {
+        if (getFileSystem() == FileSystems.getDefault()) {
+            return new File(toString());
+        } else {
+            throw new UnsupportedOperationException("Path not associated with "
+                    + "default file system.");
+        }
+    }
 
     // -- watchable --
 
@@ -681,6 +743,13 @@
      *
      *     WatchKey key = dir.register(watcher, ENTRY_CREATE, ENTRY_DELETE, ENTRY_MODIFY);
      * </pre>
+     *
+     * @implSpec
+     * The default implementation is equivalent for this path to:
+     * <pre>{@code
+     *     register(watcher, events, new WatchEvent.Modifier[0]);
+     * }</pre>
+     *
      * @param   watcher
      *          The watch service to which this object is to be registered
      * @param   events
@@ -706,9 +775,10 @@
      *          method is invoked to check read access to the file.
      */
     @Override
-    WatchKey register(WatchService watcher,
-                      WatchEvent.Kind<?>... events)
-        throws IOException;
+    default WatchKey register(WatchService watcher,
+                      WatchEvent.Kind<?>... events) throws IOException {
+        return register(watcher, events, new WatchEvent.Modifier[0]);
+    }
 
     // -- Iterable --
 
@@ -721,10 +791,36 @@
      * is the name of the file or directory denoted by this path. The {@link
      * #getRoot root} component, if present, is not returned by the iterator.
      *
+     * @implSpec
+     * The default implementation returns an {@code Iterator<Path>} which, for
+     * this path, traverses the {@code Path}s returned by
+     * {@code getName(index)}, where {@code index} ranges from zero to
+     * {@code getNameCount() - 1}, inclusive.
+     *
      * @return  an iterator over the name elements of this path.
      */
     @Override
-    Iterator<Path> iterator();
+    default Iterator<Path> iterator() {
+        return new Iterator<Path>() {
+            private int i = 0;
+
+            @Override
+            public boolean hasNext() {
+                return (i < getNameCount());
+            }
+
+            @Override
+            public Path next() {
+                if (i < getNameCount()) {
+                    Path result = getName(i);
+                    i++;
+                    return result;
+                } else {
+                    throw new NoSuchElementException();
+                }
+            }
+        };
+    }
 
     // -- compareTo/equals/hashCode --
 
--- a/jdk/src/java.base/share/classes/java/security/KeyStore.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/java/security/KeyStore.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -92,9 +92,23 @@
  * be used (in a variety of formats).
  *
  * <p> Typical ways to request a KeyStore object include
+ * specifying an existing keystore file,
  * relying on the default type and providing a specific keystore type.
  *
  * <ul>
+ * <li>To specify an existing keystore file:
+ * <pre>
+ *    // get keystore password
+ *    char[] password = getPassword();
+ *
+ *    // probe the keystore file and load the keystore entries
+ *    KeyStore ks = KeyStore.getInstance(new File("keyStoreName"), password);
+ *</pre>
+ * The system will probe the specified file to determine its keystore type
+ * and return a keystore implementation with its entries already loaded.
+ * When this approach is used there is no need to call the keystore's
+ * {@link #load(java.io.InputStream, char[]) load} method.
+ *
  * <li>To rely on the default type:
  * <pre>
  *    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -110,7 +124,8 @@
  * </ul>
  *
  * <p> Before a keystore can be accessed, it must be
- * {@link #load(java.io.InputStream, char[]) loaded}.
+ * {@link #load(java.io.InputStream, char[]) loaded}
+ * (unless it was already loaded during instantiation).
  * <pre>
  *    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  *
@@ -179,6 +194,7 @@
 
 public class KeyStore {
 
+    private static final Debug kdebug = Debug.getInstance("keystore");
     private static final Debug pdebug =
                         Debug.getInstance("provider", "Provider");
     private static final boolean skipDebug =
@@ -1594,6 +1610,188 @@
     }
 
     /**
+     * Returns a loaded keystore object of the appropriate keystore type.
+     * First the keystore type is determined by probing the specified file.
+     * Then a keystore object is instantiated and loaded using the data from
+     * that file.
+     * A password may be supplied to unlock the keystore data or perform an
+     * integrity check.
+     *
+     * <p>
+     * This method traverses the list of registered security {@link Providers},
+     * starting with the most preferred Provider.
+     * For each {@link KeyStoreSpi} implementation supported by a Provider,
+     * it invokes the {@link engineProbe} method to determine if it supports
+     * the specified keystore.
+     * A new KeyStore object is returned that encapsulates the KeyStoreSpi
+     * implementation from the first Provider that supports the specified file.
+     *
+     * <p> Note that the list of registered providers may be retrieved via
+     * the {@link Security#getProviders() Security.getProviders()} method.
+     *
+     * @param  file the keystore file
+     * @param  password the keystore password, which may be {@code null}
+     *
+     * @return a keystore object loaded with keystore data
+     *
+     * @throws KeyStoreException if no Provider supports a KeyStoreSpi
+     *             implementation for the specified keystore file.
+     * @throws IOException if there is an I/O or format problem with the
+     *             keystore data, if a password is required but not given,
+     *             or if the given password was incorrect. If the error is
+     *             due to a wrong password, the {@link Throwable#getCause cause}
+     *             of the {@code IOException} should be an
+     *             {@code UnrecoverableKeyException}.
+     * @throws NoSuchAlgorithmException if the algorithm used to check the
+     *             integrity of the keystore cannot be found.
+     * @throws CertificateException if any of the certificates in the
+     *             keystore could not be loaded.
+     * @throws IllegalArgumentException if file does not exist or does not
+     *             refer to a normal file.
+     * @throws NullPointerException if file is {@code null}.
+     * @throws SecurityException if a security manager exists and its
+     *             {@link java.lang.SecurityManager#checkRead} method denies
+     *             read access to the specified file.
+     *
+     * @see Provider
+     *
+     * @since 1.9
+     */
+    public static final KeyStore getInstance(File file, char[] password)
+        throws KeyStoreException, IOException, NoSuchAlgorithmException,
+            CertificateException {
+        return getInstance(file, password, null, true);
+    }
+
+    /**
+     * Returns a loaded keystore object of the appropriate keystore type.
+     * First the keystore type is determined by probing the specified file.
+     * Then a keystore object is instantiated and loaded using the data from
+     * that file.
+     * A {@code LoadStoreParameter} may be supplied which specifies how to
+     * unlock the keystore data or perform an integrity check.
+     *
+     * <p>
+     * This method traverses the list of registered security {@link Providers},
+     * starting with the most preferred Provider.
+     * For each {@link KeyStoreSpi} implementation supported by a Provider,
+     * it invokes the {@link engineProbe} method to determine if it supports
+     * the specified keystore.
+     * A new KeyStore object is returned that encapsulates the KeyStoreSpi
+     * implementation from the first Provider that supports the specified file.
+     *
+     * <p> Note that the list of registered providers may be retrieved via
+     * the {@link Security#getProviders() Security.getProviders()} method.
+     *
+     * @param  file the keystore file
+     * @param  param the {@code LoadStoreParameter} that specifies how to load
+     *             the keystore, which may be {@code null}
+     *
+     * @return a keystore object loaded with keystore data
+     *
+     * @throws KeyStoreException if no Provider supports a KeyStoreSpi
+     *             implementation for the specified keystore file.
+     * @throws IOException if there is an I/O or format problem with the
+     *             keystore data. If the error is due to an incorrect
+     *             {@code ProtectionParameter} (e.g. wrong password)
+     *             the {@link Throwable#getCause cause} of the
+     *             {@code IOException} should be an
+     *             {@code UnrecoverableKeyException}.
+     * @throws NoSuchAlgorithmException if the algorithm used to check the
+     *             integrity of the keystore cannot be found.
+     * @throws CertificateException if any of the certificates in the
+     *             keystore could not be loaded.
+     * @throws IllegalArgumentException if file does not exist or does not
+     *             refer to a normal file, or if param is not recognized.
+     * @throws NullPointerException if file is {@code null}.
+     * @throws SecurityException if a security manager exists and its
+     *             {@link java.lang.SecurityManager#checkRead} method denies
+     *             read access to the specified file.
+     *
+     * @see Provider
+     *
+     * @since 1.9
+     */
+    public static final KeyStore getInstance(File file,
+        LoadStoreParameter param) throws KeyStoreException, IOException,
+            NoSuchAlgorithmException, CertificateException {
+        return getInstance(file, null, param, false);
+    }
+
+    // Used by getInstance(File, char[]) & getInstance(File, LoadStoreParameter)
+    private static final KeyStore getInstance(File file, char[] password,
+        LoadStoreParameter param, boolean hasPassword)
+            throws KeyStoreException, IOException, NoSuchAlgorithmException,
+                CertificateException {
+
+        if (file == null) {
+            throw new NullPointerException();
+        }
+
+        if (file.isFile() == false) {
+            throw new IllegalArgumentException(
+                "File does not exist or it does not refer to a normal file: " +
+                    file);
+        }
+
+        KeyStore keystore = null;
+
+        try (DataInputStream dataStream =
+            new DataInputStream(
+                new BufferedInputStream(
+                    new FileInputStream(file)))) {
+
+            dataStream.mark(Integer.MAX_VALUE);
+
+            // Detect the keystore type
+            for (String type : Security.getAlgorithms("KeyStore")) {
+                Object[] objs = null;
+
+                try {
+                    objs = Security.getImpl(type, "KeyStore", (String)null);
+
+                    KeyStoreSpi impl = (KeyStoreSpi)objs[0];
+                    if (impl.engineProbe(dataStream)) {
+
+                        if (kdebug != null) {
+                            kdebug.println(type + " keystore detected: " +
+                                file);
+                        }
+
+                        keystore = new KeyStore(impl, (Provider)objs[1], type);
+                        break;
+                    }
+                } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
+                    // ignore
+                    if (kdebug != null) {
+                        kdebug.println(type + " not found - " + e);
+                    }
+                } catch (IOException e) {
+                    // ignore
+                    if (kdebug != null) {
+                        kdebug.println("I/O error in " + file + " - " + e);
+                    }
+                }
+                dataStream.reset(); // prepare the stream for the next probe
+            }
+
+            // Load the keystore data
+            if (keystore != null) {
+                if (hasPassword) {
+                    dataStream.reset(); // prepare the stream for loading
+                    keystore.load(dataStream, password);
+                } else {
+                    keystore.load(param);
+                }
+                return keystore;
+            }
+        }
+
+        throw new KeyStoreException("Unrecognized keystore format: " +
+            keystore);
+    }
+
+    /**
      * A description of a to-be-instantiated KeyStore object.
      *
      * <p>An instance of this class encapsulates the information needed to
@@ -1713,7 +1911,7 @@
          * by invoking the CallbackHandler.
          *
          * <p>Subsequent calls to {@link #getKeyStore} return the same object
-         * as the initial call. If the initial call to failed with a
+         * as the initial call. If the initial call failed with a
          * KeyStoreException, subsequent calls also throw a
          * KeyStoreException.
          *
@@ -1760,6 +1958,50 @@
                 AccessController.getContext());
         }
 
+        /**
+         * Returns a new Builder object.
+         *
+         * <p>The first call to the {@link #getKeyStore} method on the returned
+         * builder will create a KeyStore using {@code file} to detect the
+         * keystore type and then call its {@link KeyStore#load load()} method.
+         * It uses the same algorithm to determine the keystore type as
+         * described in {@link KeyStore#getInstance(File, LoadStoreParameter)}.
+         * The {@code inputStream} argument is constructed from {@code file}.
+         * If {@code protection} is a {@code PasswordProtection}, the password
+         * is obtained by calling the {@code getPassword} method.
+         * Otherwise, if {@code protection} is a
+         * {@code CallbackHandlerProtection},
+         * the password is obtained by invoking the CallbackHandler.
+         *
+         * <p>Subsequent calls to {@link #getKeyStore} return the same object
+         * as the initial call. If the initial call failed with a
+         * KeyStoreException, subsequent calls also throw a KeyStoreException.
+         *
+         * <p>Calls to {@link #getProtectionParameter getProtectionParameter()}
+         * will return a {@link KeyStore.PasswordProtection PasswordProtection}
+         * object encapsulating the password that was used to invoke the
+         * {@code load} method.
+         *
+         * <p><em>Note</em> that the {@link #getKeyStore} method is executed
+         * within the {@link AccessControlContext} of the code invoking this
+         * method.
+         *
+         * @return a new Builder object
+         * @param file the File that contains the KeyStore data
+         * @param protection the ProtectionParameter securing the KeyStore data
+         * @throws NullPointerException if file or protection is null
+         * @throws IllegalArgumentException if protection is not an instance
+         *   of either PasswordProtection or CallbackHandlerProtection; or
+         *   if file does not exist or does not refer to a normal file
+         *
+         * @since 1.9
+         */
+        public static Builder newInstance(File file,
+            ProtectionParameter protection) {
+
+            return newInstance("", null, file, protection);
+        }
+
         private static final class FileBuilder extends Builder {
 
             private final String type;
@@ -1817,42 +2059,46 @@
                     }
                     public KeyStore run0() throws Exception {
                         KeyStore ks;
-                        if (provider == null) {
-                            ks = KeyStore.getInstance(type);
+                        char[] password = null;
+
+                        // Acquire keystore password
+                        if (protection instanceof PasswordProtection) {
+                            password =
+                                ((PasswordProtection)protection).getPassword();
+                            keyProtection = protection;
                         } else {
-                            ks = KeyStore.getInstance(type, provider);
+                            CallbackHandler handler =
+                                ((CallbackHandlerProtection)protection)
+                                    .getCallbackHandler();
+                            PasswordCallback callback = new PasswordCallback
+                                ("Password for keystore " + file.getName(),
+                                    false);
+                            handler.handle(new Callback[] {callback});
+                            password = callback.getPassword();
+                            if (password == null) {
+                                throw new KeyStoreException("No password" +
+                                                            " provided");
+                            }
+                            callback.clearPassword();
+                            keyProtection = new PasswordProtection(password);
                         }
-                        InputStream in = null;
-                        char[] password = null;
-                        try {
-                            in = new FileInputStream(file);
-                            if (protection instanceof PasswordProtection) {
-                                password =
-                                ((PasswordProtection)protection).getPassword();
-                                keyProtection = protection;
+
+                        if (type.isEmpty()) {
+                            // Instantiate keystore and load keystore data
+                            ks = KeyStore.getInstance(file, password);
+                        } else {
+                            // Instantiate keystore
+                            if (provider == null) {
+                                ks = KeyStore.getInstance(type);
                             } else {
-                                CallbackHandler handler =
-                                    ((CallbackHandlerProtection)protection)
-                                    .getCallbackHandler();
-                                PasswordCallback callback = new PasswordCallback
-                                    ("Password for keystore " + file.getName(),
-                                    false);
-                                handler.handle(new Callback[] {callback});
-                                password = callback.getPassword();
-                                if (password == null) {
-                                    throw new KeyStoreException("No password" +
-                                                                " provided");
-                                }
-                                callback.clearPassword();
-                                keyProtection = new PasswordProtection(password);
+                                ks = KeyStore.getInstance(type, provider);
                             }
-                            ks.load(in, password);
-                            return ks;
-                        } finally {
-                            if (in != null) {
-                                in.close();
+                            // Load keystore data
+                            try (InputStream in = new FileInputStream(file)) {
+                                ks.load(in, password);
                             }
                         }
+                        return ks;
                     }
                 };
                 try {
@@ -1998,5 +2244,4 @@
             return protection;
         }
     }
-
 }
--- a/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -590,4 +590,27 @@
         }
         return false;
     }
+
+    /**
+     * Probes the specified input stream to determine whether it contains a
+     * keystore that is supported by this implementation, or not.
+     *
+     * <p>
+     * @implSpec
+     * This method returns false by default. Keystore implementations should
+     * override this method to peek at the data stream directly or to use other
+     * content detection mechanisms.
+     *
+     * @param  stream the keystore data to be probed
+     *
+     * @return true if the keystore data is supported, otherwise false
+     *
+     * @throws IOException if there is an I/O problem with the keystore data.
+     * @throws NullPointerException if stream is {@code null}.
+     *
+     * @since 1.9
+     */
+    public boolean engineProbe(InputStream stream) throws IOException {
+        return false;
+    }
 }
--- a/jdk/src/java.base/share/classes/java/util/spi/LocaleServiceProvider.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/java/util/spi/LocaleServiceProvider.java	Tue Dec 23 13:34:20 2014 -0800
@@ -43,9 +43,8 @@
  * supported by the Java runtime environment itself.
  *
  * <h3>Packaging of Locale Sensitive Service Provider Implementations</h3>
- * Implementations of these locale sensitive services are packaged using the
- * <a href="../../../../technotes/guides/extensions/index.html">Java Extension Mechanism</a>
- * as installed extensions.  A provider identifies itself with a
+ * Implementations of these locale sensitive services can be made available
+ * by adding them to the application's class path. A provider identifies itself with a
  * provider-configuration file in the resource directory META-INF/services,
  * using the fully qualified provider interface class name as the file name.
  * The file should contain a list of fully-qualified concrete provider class names,
--- a/jdk/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -46,11 +46,7 @@
 \    -verbose:[class|gc|jni]\n\
 \                  enable verbose output\n\
 \    -version      print product version and exit\n\
-\    -version:<value>\n\
-\                  require the specified version to run\n\
 \    -showversion  print product version and continue\n\
-\    -jre-restrict-search | -no-jre-restrict-search\n\
-\                  include/exclude user private JREs in the version search\n\
 \    -? -help      print this help message\n\
 \    -X            print help on non-standard options\n\
 \    -ea[:<packagename>...|:<classname>]\n\
--- a/jdk/src/java.base/share/classes/sun/nio/fs/AbstractPath.java	Wed Dec 17 17:56:11 2014 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.nio.fs;
-
-import java.nio.file.*;
-import java.io.File;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-
-/**
- * Base implementation class of {@code Path}.
- */
-
-abstract class AbstractPath implements Path {
-    protected AbstractPath() { }
-
-    @Override
-    public final boolean startsWith(String other) {
-        return startsWith(getFileSystem().getPath(other));
-    }
-
-    @Override
-    public final boolean endsWith(String other) {
-        return endsWith(getFileSystem().getPath(other));
-    }
-
-    @Override
-    public final Path resolve(String other) {
-        return resolve(getFileSystem().getPath(other));
-    }
-
-    @Override
-    public final Path resolveSibling(Path other) {
-        if (other == null)
-            throw new NullPointerException();
-        Path parent = getParent();
-        return (parent == null) ? other : parent.resolve(other);
-    }
-
-    @Override
-    public final Path resolveSibling(String other) {
-        return resolveSibling(getFileSystem().getPath(other));
-    }
-
-    @Override
-    public final Iterator<Path> iterator() {
-        return new Iterator<Path>() {
-            private int i = 0;
-            @Override
-            public boolean hasNext() {
-                return (i < getNameCount());
-            }
-            @Override
-            public Path next() {
-                if (i < getNameCount()) {
-                    Path result = getName(i);
-                    i++;
-                    return result;
-                } else {
-                    throw new NoSuchElementException();
-                }
-            }
-            @Override
-            public void remove() {
-                throw new UnsupportedOperationException();
-            }
-        };
-    }
-
-    @Override
-    public final File toFile() {
-        return new File(toString());
-    }
-
-    @Override
-    public final WatchKey register(WatchService watcher,
-                                   WatchEvent.Kind<?>... events)
-        throws IOException
-    {
-        return register(watcher, events, new WatchEvent.Modifier[0]);
-    }
-}
--- a/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Dec 23 13:34:20 2014 -0800
@@ -69,6 +69,8 @@
 import sun.security.pkcs.ContentInfo;
 import sun.security.x509.AlgorithmId;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
+import sun.security.provider.JavaKeyStore.JKS;
+import sun.security.util.KeyStoreDelegator;
 
 
 /**
@@ -129,6 +131,13 @@
  */
 public final class PKCS12KeyStore extends KeyStoreSpi {
 
+    // special PKCS12 keystore that supports PKCS12 and JKS file formats
+    public static final class DualFormatPKCS12 extends KeyStoreDelegator {
+        public DualFormatPKCS12() {
+            super("PKCS12", PKCS12KeyStore.class, "JKS", JKS.class);
+        }
+    }
+
     public static final int VERSION_3 = 3;
 
     private static final String[] KEY_PROTECTION_ALGORITHM = {
@@ -1053,6 +1062,39 @@
     }
 
     /**
+     * Determines if the keystore {@code Entry} for the specified
+     * {@code alias} is an instance or subclass of the specified
+     * {@code entryClass}.
+     *
+     * @param alias the alias name
+     * @param entryClass the entry class
+     *
+     * @return true if the keystore {@code Entry} for the specified
+     *          {@code alias} is an instance or subclass of the
+     *          specified {@code entryClass}, false otherwise
+     *
+     * @since 1.5
+     */
+    @Override
+    public boolean
+        engineEntryInstanceOf(String alias,
+                              Class<? extends KeyStore.Entry> entryClass)
+    {
+        if (entryClass == KeyStore.TrustedCertificateEntry.class) {
+            return engineIsCertificateEntry(alias);
+        }
+
+        Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
+        if (entryClass == KeyStore.PrivateKeyEntry.class) {
+            return (entry != null && entry instanceof PrivateKeyEntry);
+        }
+        if (entryClass == KeyStore.SecretKeyEntry.class) {
+            return (entry != null && entry instanceof SecretKeyEntry);
+        }
+        return false;
+    }
+
+    /**
      * Returns the (alias) name of the first keystore entry whose certificate
      * matches the given certificate.
      *
@@ -1084,7 +1126,7 @@
             } else {
                 continue;
             }
-            if (certElem.equals(cert)) {
+            if (certElem != null && certElem.equals(cert)) {
                 return alias;
             }
         }
@@ -1923,7 +1965,12 @@
                 safeContentsData = safeContents.getData();
             } else if (contentType.equals((Object)ContentInfo.ENCRYPTED_DATA_OID)) {
                 if (password == null) {
-                   continue;
+
+                    if (debug != null) {
+                        debug.println("Warning: skipping PKCS#7 encryptedData" +
+                            " content-type - no password was supplied");
+                    }
+                    continue;
                 }
 
                 if (debug != null) {
@@ -1965,8 +2012,9 @@
                             password = new char[1];
                             continue;
                         }
-                        throw new IOException(
-                            "failed to decrypt safe contents entry: " + e, e);
+                        throw new IOException("keystore password was incorrect",
+                            new UnrecoverableKeyException(
+                                "failed to decrypt safe contents entry: " + e));
                     }
                 }
             } else {
@@ -2284,4 +2332,73 @@
         counter++;
         return (String.valueOf(counter));
     }
+
+    /*
+     * PKCS12 permitted first 24 bytes:
+     *
+     * 30 82 -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 8-
+     * 30 -- 02 01 03 30 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04 -- -- --
+     * 30 81 -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 81 -- 04
+     * 30 82 -- -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 81 --
+     * 30 83 -- -- -- 02 01 03 30 82 -- -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0
+     * 30 83 -- -- -- 02 01 03 30 83 -- -- -- 06 09 2A 86 48 86 F7 0D 01 07 01
+     * 30 84 -- -- -- -- 02 01 03 30 83 -- -- -- 06 09 2A 86 48 86 F7 0D 01 07
+     * 30 84 -- -- -- -- 02 01 03 30 84 -- -- -- -- 06 09 2A 86 48 86 F7 0D 01
+     */
+
+    private static final long[][] PKCS12_HEADER_PATTERNS = {
+        { 0x3082000002010330L, 0x82000006092A8648L, 0x86F70D010701A080L },
+        { 0x3000020103300006L, 0x092A864886F70D01L, 0x0701A00004000000L },
+        { 0x3081000201033081L, 0x0006092A864886F7L, 0x0D010701A0810004L },
+        { 0x3082000002010330L, 0x810006092A864886L, 0xF70D010701A08100L },
+        { 0x3083000000020103L, 0x3082000006092A86L, 0x4886F70D010701A0L },
+        { 0x3083000000020103L, 0x308200000006092AL, 0x864886F70D010701L },
+        { 0x3084000000000201L, 0x0330820000000609L, 0x2A864886F70D0107L },
+        { 0x3084000000000201L, 0x0330820000000006L, 0x092A864886F70D01L }
+    };
+
+    private static final long[][] PKCS12_HEADER_MASKS = {
+        { 0xFFFF0000FFFFFFFFL, 0xFF0000FFFFFFFFFFL, 0xFFFFFFFFFFFFFFF0L },
+        { 0xFF00FFFFFFFF00FFL, 0xFFFFFFFFFFFFFFFFL, 0xFFFFFF00FF000000L },
+        { 0xFFFF00FFFFFFFFFFL, 0x00FFFFFFFFFFFFFFL, 0xFFFFFFFFFFFF00FFL },
+        { 0xFFFF0000FFFFFFFFL, 0xFF00FFFFFFFFFFFFL, 0xFFFFFFFFFFFFFF00L },
+        { 0xFFFF000000FFFFFFL, 0xFFFF0000FFFFFFFFL, 0xFFFFFFFFFFFFFFFFL },
+        { 0xFFFF000000FFFFFFL, 0xFFFF000000FFFFFFL, 0xFFFFFFFFFFFFFFFFL },
+        { 0xFFFF00000000FFFFL, 0xFFFFFF000000FFFFL, 0xFFFFFFFFFFFFFFFFL },
+        { 0xFFFF00000000FFFFL, 0xFFFFFF00000000FFL, 0xFFFFFFFFFFFFFFFFL }
+    };
+
+    /**
+     * Probe the first few bytes of the keystore data stream for a valid
+     * PKCS12 keystore encoding.
+     */
+    @Override
+    public boolean engineProbe(InputStream stream) throws IOException {
+
+        DataInputStream dataStream;
+        if (stream instanceof DataInputStream) {
+            dataStream = (DataInputStream)stream;
+        } else {
+            dataStream = new DataInputStream(stream);
+        }
+
+        long firstPeek = dataStream.readLong();
+        long nextPeek = dataStream.readLong();
+        long finalPeek = dataStream.readLong();
+        boolean result = false;
+
+        for (int i = 0; i < PKCS12_HEADER_PATTERNS.length; i++) {
+            if (PKCS12_HEADER_PATTERNS[i][0] ==
+                    (firstPeek & PKCS12_HEADER_MASKS[i][0]) &&
+                (PKCS12_HEADER_PATTERNS[i][1] ==
+                    (nextPeek & PKCS12_HEADER_MASKS[i][1])) &&
+                (PKCS12_HEADER_PATTERNS[i][2] ==
+                    (finalPeek & PKCS12_HEADER_MASKS[i][2]))) {
+                result = true;
+                break;
+            }
+        }
+
+        return result;
+    }
 }
--- a/jdk/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,9 +31,11 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateException;
 import java.util.*;
+
 import sun.misc.IOUtils;
-
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
+import sun.security.pkcs12.PKCS12KeyStore;
+import sun.security.util.KeyStoreDelegator;
 
 /**
  * This class provides the keystore implementation referred to as "JKS".
@@ -49,7 +51,7 @@
  * @since 1.2
  */
 
-abstract class JavaKeyStore extends KeyStoreSpi {
+public abstract class JavaKeyStore extends KeyStoreSpi {
 
     // regular JKS
     public static final class JKS extends JavaKeyStore {
@@ -65,6 +67,13 @@
         }
     }
 
+    // special JKS that supports JKS and PKCS12 file formats
+    public static final class DualFormatJKS extends KeyStoreDelegator {
+        public DualFormatJKS() {
+            super("JKS", JKS.class, "PKCS12", PKCS12KeyStore.class);
+        }
+    }
+
     private static final int MAGIC = 0xfeedfeed;
     private static final int VERSION_1 = 0x01;
     private static final int VERSION_2 = 0x02;
@@ -799,4 +808,20 @@
         md.update("Mighty Aphrodite".getBytes("UTF8"));
         return md;
     }
+
+    /**
+     * Probe the first few bytes of the keystore data stream for a valid
+     * JKS keystore encoding.
+     */
+    @Override
+    public boolean engineProbe(InputStream stream) throws IOException {
+        DataInputStream dataStream;
+        if (stream instanceof DataInputStream) {
+            dataStream = (DataInputStream)stream;
+        } else {
+            dataStream = new DataInputStream(stream);
+        }
+
+        return MAGIC == dataStream.readInt();
+    }
 }
--- a/jdk/src/java.base/share/classes/sun/security/provider/Sun.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/provider/Sun.java	Tue Dec 23 13:34:20 2014 -0800
@@ -40,7 +40,7 @@
 
     private static final String INFO = "SUN " +
     "(DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; " +
-    "SecureRandom; X.509 certificates; JKS & DKS keystores; " +
+    "SecureRandom; X.509 certificates; PKCS12, JKS & DKS keystores; " +
     "PKIX CertPathValidator; " +
     "PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; " +
     "JavaLoginConfig Configuration)";
--- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java	Tue Dec 23 13:34:20 2014 -0800
@@ -228,7 +228,10 @@
         /*
          * KeyStore
          */
-        map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
+        map.put("KeyStore.PKCS12",
+                        "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
+        map.put("KeyStore.JKS",
+                        "sun.security.provider.JavaKeyStore$DualFormatJKS");
         map.put("KeyStore.CaseExactJKS",
                         "sun.security.provider.JavaKeyStore$CaseExactJKS");
         map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Tue Dec 23 13:34:20 2014 -0800
@@ -124,6 +124,7 @@
 
     private Set<Pair <String, String>> providers = null;
     private String storetype = null;
+    private boolean hasStoretypeOption = false;
     private String srcProviderName = null;
     private String providerName = null;
     private String pathlist = null;
@@ -483,11 +484,13 @@
             } else if (collator.compare(flags, "-storetype") == 0 ||
                     collator.compare(flags, "-deststoretype") == 0) {
                 storetype = args[++i];
+                hasStoretypeOption = true;
             } else if (collator.compare(flags, "-srcstorepass") == 0) {
                 srcstorePass = getPass(modifier, args[++i]);
                 passwords.add(srcstorePass);
             } else if (collator.compare(flags, "-srcstoretype") == 0) {
                 srcstoretype = args[++i];
+                hasStoretypeOption = true;
             } else if (collator.compare(flags, "-srckeypass") == 0) {
                 srckeyPass = getPass(modifier, args[++i]);
                 passwords.add(srckeyPass);
@@ -809,36 +812,42 @@
         }
 
         // Create new keystore
-        if (providerName == null) {
-            keyStore = KeyStore.getInstance(storetype);
+        // Probe for keystore type when filename is available
+        if (ksfile != null && ksStream != null && providerName == null &&
+            hasStoretypeOption == false) {
+            keyStore = KeyStore.getInstance(ksfile, storePass);
         } else {
-            keyStore = KeyStore.getInstance(storetype, providerName);
-        }
-
-        /*
-         * Load the keystore data.
-         *
-         * At this point, it's OK if no keystore password has been provided.
-         * We want to make sure that we can load the keystore data, i.e.,
-         * the keystore data has the right format. If we cannot load the
-         * keystore, why bother asking the user for his or her password?
-         * Only if we were able to load the keystore, and no keystore
-         * password has been provided, will we prompt the user for the
-         * keystore password to verify the keystore integrity.
-         * This means that the keystore is loaded twice: first load operation
-         * checks the keystore format, second load operation verifies the
-         * keystore integrity.
-         *
-         * If the keystore password has already been provided (at the
-         * command line), however, the keystore is loaded only once, and the
-         * keystore format and integrity are checked "at the same time".
-         *
-         * Null stream keystores are loaded later.
-         */
-        if (!nullStream) {
-            keyStore.load(ksStream, storePass);
-            if (ksStream != null) {
-                ksStream.close();
+            if (providerName == null) {
+                keyStore = KeyStore.getInstance(storetype);
+            } else {
+                keyStore = KeyStore.getInstance(storetype, providerName);
+            }
+
+            /*
+             * Load the keystore data.
+             *
+             * At this point, it's OK if no keystore password has been provided.
+             * We want to make sure that we can load the keystore data, i.e.,
+             * the keystore data has the right format. If we cannot load the
+             * keystore, why bother asking the user for his or her password?
+             * Only if we were able to load the keystore, and no keystore
+             * password has been provided, will we prompt the user for the
+             * keystore password to verify the keystore integrity.
+             * This means that the keystore is loaded twice: first load operation
+             * checks the keystore format, second load operation verifies the
+             * keystore integrity.
+             *
+             * If the keystore password has already been provided (at the
+             * command line), however, the keystore is loaded only once, and the
+             * keystore format and integrity are checked "at the same time".
+             *
+             * Null stream keystores are loaded later.
+             */
+            if (!nullStream) {
+                keyStore.load(ksStream, storePass);
+                if (ksStream != null) {
+                    ksStream.close();
+                }
             }
         }
 
@@ -1881,6 +1890,7 @@
         boolean isPkcs11 = false;
 
         InputStream is = null;
+        File srcksfile = null;
 
         if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
                 KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
@@ -1893,7 +1903,7 @@
             isPkcs11 = true;
         } else {
             if (srcksfname != null) {
-                File srcksfile = new File(srcksfname);
+                srcksfile = new File(srcksfname);
                     if (srcksfile.exists() && srcksfile.length() == 0) {
                         throw new Exception(rb.getString
                                 ("Source.keystore.file.exists.but.is.empty.") +
@@ -1908,10 +1918,16 @@
 
         KeyStore store;
         try {
-            if (srcProviderName == null) {
-                store = KeyStore.getInstance(srcstoretype);
+            // Probe for keystore type when filename is available
+            if (srcksfile != null && is != null && srcProviderName == null &&
+                hasStoretypeOption == false) {
+                store = KeyStore.getInstance(srcksfile, srcstorePass);
             } else {
-                store = KeyStore.getInstance(srcstoretype, srcProviderName);
+                if (srcProviderName == null) {
+                    store = KeyStore.getInstance(srcstoretype);
+                } else {
+                    store = KeyStore.getInstance(srcstoretype, srcProviderName);
+                }
             }
 
             if (srcstorePass == null
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/util/KeyStoreDelegator.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,306 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.*;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateException;
+import java.util.*;
+
+import sun.security.util.Debug;
+
+/**
+ * This class delegates to a primary or secondary keystore implementation.
+ *
+ * @since 1.9
+ */
+
+public class KeyStoreDelegator extends KeyStoreSpi {
+
+    private static final String KEYSTORE_TYPE_COMPAT = "keystore.type.compat";
+    private static final Debug debug = Debug.getInstance("keystore");
+
+    private String primaryType;   // the primary keystore's type
+    private String secondaryType; // the secondary keystore's type
+    private Class<? extends KeyStoreSpi> primaryKeyStore;
+                                  // the primary keystore's class
+    private Class<? extends KeyStoreSpi> secondaryKeyStore;
+                                  // the secondary keystore's class
+    private String type; // the delegate's type
+    private KeyStoreSpi keystore; // the delegate
+    private boolean compatModeEnabled = true;
+
+    public KeyStoreDelegator(
+        String primaryType,
+        Class<? extends KeyStoreSpi> primaryKeyStore,
+        String secondaryType,
+        Class<? extends KeyStoreSpi> secondaryKeyStore) {
+
+        // Check whether compatibility mode has been disabled
+        compatModeEnabled = "true".equalsIgnoreCase(
+            AccessController.doPrivileged((PrivilegedAction<String>) () ->
+                Security.getProperty(KEYSTORE_TYPE_COMPAT)));
+
+        if (compatModeEnabled) {
+            this.primaryType = primaryType;
+            this.secondaryType = secondaryType;
+            this.primaryKeyStore = primaryKeyStore;
+            this.secondaryKeyStore = secondaryKeyStore;
+        } else {
+            this.primaryType = primaryType;
+            this.secondaryType = null;
+            this.primaryKeyStore = primaryKeyStore;
+            this.secondaryKeyStore = null;
+
+            if (debug != null) {
+                debug.println("WARNING: compatibility mode disabled for " +
+                    primaryType + " and " + secondaryType + " keystore types");
+            }
+        }
+    }
+
+    @Override
+    public Key engineGetKey(String alias, char[] password)
+        throws NoSuchAlgorithmException, UnrecoverableKeyException {
+        return keystore.engineGetKey(alias, password);
+    }
+
+    @Override
+    public Certificate[] engineGetCertificateChain(String alias) {
+        return keystore.engineGetCertificateChain(alias);
+    }
+
+    @Override
+    public Certificate engineGetCertificate(String alias) {
+        return keystore.engineGetCertificate(alias);
+    }
+
+    @Override
+    public Date engineGetCreationDate(String alias) {
+        return keystore.engineGetCreationDate(alias);
+    }
+
+    @Override
+    public void engineSetKeyEntry(String alias, Key key, char[] password,
+        Certificate[] chain) throws KeyStoreException {
+        keystore.engineSetKeyEntry(alias, key, password, chain);
+    }
+
+    @Override
+    public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
+        throws KeyStoreException {
+        keystore.engineSetKeyEntry(alias, key, chain);
+    }
+
+    @Override
+    public void engineSetCertificateEntry(String alias, Certificate cert)
+        throws KeyStoreException {
+        keystore.engineSetCertificateEntry(alias, cert);
+    }
+
+    @Override
+    public void engineDeleteEntry(String alias) throws KeyStoreException {
+        keystore.engineDeleteEntry(alias);
+    }
+
+    @Override
+    public Enumeration<String> engineAliases() {
+        return keystore.engineAliases();
+    }
+
+    @Override
+    public boolean engineContainsAlias(String alias) {
+        return keystore.engineContainsAlias(alias);
+    }
+
+    @Override
+    public int engineSize() {
+        return keystore.engineSize();
+    }
+
+    @Override
+    public boolean engineIsKeyEntry(String alias) {
+        return keystore.engineIsKeyEntry(alias);
+    }
+
+    @Override
+    public boolean engineIsCertificateEntry(String alias) {
+        return keystore.engineIsCertificateEntry(alias);
+    }
+
+    @Override
+    public String engineGetCertificateAlias(Certificate cert) {
+        return keystore.engineGetCertificateAlias(cert);
+    }
+
+    @Override
+    public KeyStore.Entry engineGetEntry(String alias,
+        KeyStore.ProtectionParameter protParam)
+            throws KeyStoreException, NoSuchAlgorithmException,
+                UnrecoverableEntryException {
+        return keystore.engineGetEntry(alias, protParam);
+    }
+
+    @Override
+    public void engineSetEntry(String alias, KeyStore.Entry entry,
+        KeyStore.ProtectionParameter protParam)
+            throws KeyStoreException {
+        keystore.engineSetEntry(alias, entry, protParam);
+    }
+
+    @Override
+    public boolean engineEntryInstanceOf(String alias,
+        Class<? extends KeyStore.Entry> entryClass) {
+        return keystore.engineEntryInstanceOf(alias, entryClass);
+    }
+
+    @Override
+    public void engineStore(OutputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException {
+
+        if (debug != null) {
+            debug.println("Storing keystore in " + type + " format");
+        }
+        keystore.engineStore(stream, password);
+    }
+
+    @Override
+    public void engineLoad(InputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException {
+
+        // A new keystore is always created in the primary keystore format
+        if (stream == null) {
+            try {
+                keystore = primaryKeyStore.newInstance();
+
+            } catch (InstantiationException | IllegalAccessException e) {
+                // can safely ignore
+            }
+            type = primaryType;
+
+            if (debug != null) {
+                debug.println("Creating a new keystore in " + type + " format");
+            }
+            keystore.engineLoad(stream, password);
+
+        } else {
+            // First try the primary keystore then try the secondary keystore
+            try (InputStream bufferedStream = new BufferedInputStream(stream)) {
+                bufferedStream.mark(Integer.MAX_VALUE);
+
+                try {
+                    keystore = primaryKeyStore.newInstance();
+                    type = primaryType;
+                    keystore.engineLoad(bufferedStream, password);
+
+                } catch (Exception e) {
+
+                    // incorrect password
+                    if (e instanceof IOException &&
+                        e.getCause() instanceof UnrecoverableKeyException) {
+                        throw (IOException)e;
+                    }
+
+                    try {
+                        // Ignore secondary keystore when no compatibility mode
+                        if (!compatModeEnabled) {
+                            throw e;
+                        }
+
+                        keystore = secondaryKeyStore.newInstance();
+                        type = secondaryType;
+                        bufferedStream.reset();
+                        keystore.engineLoad(bufferedStream, password);
+
+                        if (debug != null) {
+                            debug.println("WARNING: switching from " +
+                              primaryType + " to " + secondaryType +
+                              " keystore file format has altered the " +
+                              "keystore security level");
+                        }
+
+                    } catch (InstantiationException |
+                        IllegalAccessException e2) {
+                        // can safely ignore
+
+                    } catch (IOException |
+                        NoSuchAlgorithmException |
+                        CertificateException e3) {
+
+                        // incorrect password
+                        if (e3 instanceof IOException &&
+                            e3.getCause() instanceof
+                                UnrecoverableKeyException) {
+                            throw (IOException)e3;
+                        }
+                        // rethrow the outer exception
+                        if (e instanceof IOException) {
+                            throw (IOException)e;
+                        } else if (e instanceof CertificateException) {
+                            throw (CertificateException)e;
+                        } else if (e instanceof NoSuchAlgorithmException) {
+                            throw (NoSuchAlgorithmException)e;
+                        }
+                    }
+                }
+            }
+
+            if (debug != null) {
+                debug.println("Loaded a keystore in " + type + " format");
+            }
+        }
+    }
+
+    /**
+     * Probe the first few bytes of the keystore data stream for a valid
+     * keystore encoding. Only the primary keystore implementation is probed.
+     */
+    @Override
+    public boolean engineProbe(InputStream stream) throws IOException {
+
+        boolean result = false;
+
+        try {
+            keystore = primaryKeyStore.newInstance();
+            type = primaryType;
+            result = keystore.engineProbe(stream);
+
+        } catch (Exception e) {
+            throw new IOException(e);
+
+        } finally {
+            // reset
+            if (result == false) {
+                type = null;
+                keystore = null;
+            }
+        }
+
+        return result;
+    }
+}
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/SPILocaleProviderAdapter.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/SPILocaleProviderAdapter.java	Tue Dec 23 13:34:20 2014 -0800
@@ -77,7 +77,8 @@
                 public P run() {
                     P delegate = null;
 
-                    for (LocaleServiceProvider provider : ServiceLoader.loadInstalled(c)) {
+                    for (LocaleServiceProvider provider :
+                             ServiceLoader.load(c, ClassLoader.getSystemClassLoader())) {
                         if (delegate == null) {
                             try {
                                 delegate =
--- a/jdk/src/java.base/share/conf/security/java.security	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/conf/security/java.security	Tue Dec 23 13:34:20 2014 -0800
@@ -183,7 +183,17 @@
 #
 # Default keystore type.
 #
-keystore.type=jks
+keystore.type=pkcs12
+
+#
+# Controls compatibility mode for JKS and PKCS12 keystore types.
+#
+# When set to 'true', both JKS and PKCS12 keystore types support loading
+# keystore files in either JKS or PKCS12 format. When set to 'false' the
+# JKS keystore type supports loading only JKS keystore files and the PKCS12
+# keystore type supports loading only PKCS12 keystore files.
+#
+keystore.type.compat=true
 
 #
 # List of comma-separated packages that start with or equal this string
--- a/jdk/src/java.base/share/native/include/jvm.h	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/native/include/jvm.h	Tue Dec 23 13:34:20 2014 -0800
@@ -334,15 +334,6 @@
                         jobject loader, jclass caller);
 
 /*
- * Find a class from a given class loader. Throw ClassNotFoundException
- * or NoClassDefFoundError depending on the value of the last
- * argument.
- */
-JNIEXPORT jclass JNICALL
-JVM_FindClassFromClassLoader(JNIEnv *env, const char *name, jboolean init,
-                             jobject loader, jboolean throwError);
-
-/*
  * Find a class from a given class.
  */
 JNIEXPORT jclass JNICALL
--- a/jdk/src/java.base/share/native/libjli/java.c	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/share/native/libjli/java.c	Tue Dec 23 13:34:20 2014 -0800
@@ -169,6 +169,13 @@
 static jlong initialHeapSize    = 0;  /* inital heap size */
 
 /*
+ * A minimum -Xss stack size suitable for all platforms.
+ */
+#ifndef STACK_SIZE_MINIMUM
+#define STACK_SIZE_MINIMUM (32 * KB)
+#endif
+
+/*
  * Entry point.
  */
 int
@@ -766,6 +773,14 @@
         jlong tmp;
         if (parse_size(str + 4, &tmp)) {
             threadStackSize = tmp;
+            /*
+             * Make sure the thread stack size is big enough that we won't get a stack
+             * overflow before the JVM startup code can check to make sure the stack
+             * is big enough.
+             */
+            if (threadStackSize < STACK_SIZE_MINIMUM) {
+                threadStackSize = STACK_SIZE_MINIMUM;
+            }
         }
     }
 
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java	Tue Dec 23 13:34:20 2014 -0800
@@ -40,9 +40,7 @@
  * Solaris/Linux implementation of java.nio.file.Path
  */
 
-class UnixPath
-    extends AbstractPath
-{
+class UnixPath implements Path {
     private static ThreadLocal<SoftReference<CharsetEncoder>> encoder =
         new ThreadLocal<SoftReference<CharsetEncoder>>();
 
--- a/jdk/src/java.base/windows/classes/sun/nio/fs/WindowsPath.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.base/windows/classes/sun/nio/fs/WindowsPath.java	Tue Dec 23 13:34:20 2014 -0800
@@ -41,7 +41,7 @@
  * Windows implementation of Path
  */
 
-class WindowsPath extends AbstractPath {
+class WindowsPath implements Path {
 
     // The maximum path that does not require long path prefix. On Windows
     // the maximum path is 260 minus 1 (NUL) but for directories it is 260
--- a/jdk/src/java.desktop/share/classes/java/awt/im/spi/package.html	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.desktop/share/classes/java/awt/im/spi/package.html	Tue Dec 23 13:34:20 2014 -0800
@@ -55,9 +55,8 @@
 
 <H4><A NAME="Packaging"></A>Packaging Input Methods</H4>
 
-<P>Input methods are packaged as installed extensions, as specified
-by the <A HREF="../../../../../technotes/guides/extensions/index.html">Extension
-Mechanism</A>. The main JAR file of an input method must contain the
+<P>Input methods can be made available by adding them to the application's
+class path. The main JAR file of an input method must contain the
 file:</P>
 
 <PRE>    META-INF/services/java.awt.im.spi.InputMethodDescriptor</PRE>
--- a/jdk/src/java.desktop/share/classes/sun/awt/im/ExecutableInputMethodManager.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.desktop/share/classes/sun/awt/im/ExecutableInputMethodManager.java	Tue Dec 23 13:34:20 2014 -0800
@@ -259,7 +259,8 @@
                 AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
                     public Object run() {
                         for (InputMethodDescriptor descriptor :
-                            ServiceLoader.loadInstalled(InputMethodDescriptor.class)) {
+                            ServiceLoader.load(InputMethodDescriptor.class,
+                                               ClassLoader.getSystemClassLoader())) {
                             ClassLoader cl = descriptor.getClass().getClassLoader();
                             javaInputMethodLocatorList.add(new InputMethodLocator(descriptor, cl, null));
                         }
--- a/jdk/src/java.sql/share/classes/java/sql/DriverManager.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/java.sql/share/classes/java/sql/DriverManager.java	Tue Dec 23 13:34:20 2014 -0800
@@ -29,7 +29,6 @@
 import java.util.ServiceLoader;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-import java.util.PropertyPermission;
 import java.util.concurrent.CopyOnWriteArrayList;
 import sun.reflect.CallerSensitive;
 import sun.reflect.Reflection;
@@ -89,6 +88,8 @@
     private static volatile java.io.PrintStream logStream = null;
     // Used in println() to synchronize logWriter
     private final static Object logSync = new Object();
+    // Used in ensureDriversInitialized() to synchronize driversInitialized
+    private final static Object lockForInitDrivers = new Object();
     private static volatile boolean driversInitialized;
     private static final String JDBC_DRIVERS_PROPERTY = "jdbc.drivers";
 
@@ -280,11 +281,13 @@
 
         println("DriverManager.getDriver(\"" + url + "\")");
 
+        ensureDriversInitialized();
+
         Class<?> callerClass = Reflection.getCallerClass();
 
         // Walk through the loaded registeredDrivers attempting to locate someone
         // who understands the given URL.
-        for (DriverInfo aDriver : getRegisteredDrivers()) {
+        for (DriverInfo aDriver : registeredDrivers) {
             // If the caller does not have permission to load the driver then
             // skip it.
             if (isDriverAllowed(aDriver.driver, callerClass)) {
@@ -384,8 +387,7 @@
      * @see SecurityManager#checkPermission
      */
     @CallerSensitive
-    public static synchronized void deregisterDriver(Driver driver)
-        throws SQLException {
+    public static void deregisterDriver(Driver driver) throws SQLException {
         if (driver == null) {
             return;
         }
@@ -398,22 +400,24 @@
         println("DriverManager.deregisterDriver: " + driver);
 
         DriverInfo aDriver = new DriverInfo(driver, null);
-        if (registeredDrivers.contains(aDriver)) {
-            if (isDriverAllowed(driver, Reflection.getCallerClass())) {
-                DriverInfo di = registeredDrivers.get(registeredDrivers.indexOf(aDriver));
-                 // If a DriverAction was specified, Call it to notify the
-                 // driver that it has been deregistered
-                 if (di.action() != null) {
-                     di.action().deregister();
-                 }
-                 registeredDrivers.remove(aDriver);
+        synchronized (lockForInitDrivers) {
+            if (registeredDrivers.contains(aDriver)) {
+                if (isDriverAllowed(driver, Reflection.getCallerClass())) {
+                    DriverInfo di = registeredDrivers.get(registeredDrivers.indexOf(aDriver));
+                     // If a DriverAction was specified, Call it to notify the
+                     // driver that it has been deregistered
+                     if (di.action() != null) {
+                         di.action().deregister();
+                     }
+                     registeredDrivers.remove(aDriver);
+                } else {
+                    // If the caller does not have permission to load the driver then
+                    // throw a SecurityException.
+                    throw new SecurityException();
+                }
             } else {
-                // If the caller does not have permission to load the driver then
-                // throw a SecurityException.
-                throw new SecurityException();
+                println("    couldn't find driver to unload");
             }
-        } else {
-            println("    couldn't find driver to unload");
         }
     }
 
@@ -430,10 +434,12 @@
     public static java.util.Enumeration<Driver> getDrivers() {
         java.util.Vector<Driver> result = new java.util.Vector<>();
 
+        ensureDriversInitialized();
+
         Class<?> callerClass = Reflection.getCallerClass();
 
         // Walk through the loaded registeredDrivers.
-        for (DriverInfo aDriver : getRegisteredDrivers()) {
+        for (DriverInfo aDriver : registeredDrivers) {
             // If the caller does not have permission to load the driver then
             // skip it.
             if (isDriverAllowed(aDriver.driver, callerClass)) {
@@ -558,91 +564,81 @@
     }
 
     /*
-     * Return the registered java.sql.Drivers and call loadInitialDrivers
-     * if needed
+     * Load the initial JDBC drivers by checking the System property
+     * jdbc.drivers and then use the {@code ServiceLoader} mechanism
      */
-    private static CopyOnWriteArrayList<DriverInfo> getRegisteredDrivers() {
-        // Check to see if we need to load the initial drivers
-        if (!driversInitialized) {
-            loadInitialDrivers();
-        }
-        return registeredDrivers;
-
-    }
-
-    /*
-     * Load the initial JDBC drivers by checking the System property
-     * jdbc.properties and then use the {@code ServiceLoader} mechanism
-     */
-    private synchronized static void loadInitialDrivers() {
-        String drivers;
-
+    private static void ensureDriversInitialized() {
         if (driversInitialized) {
             return;
         }
 
-        try {
-            drivers = AccessController.doPrivileged(new PrivilegedAction<String>() {
-                public String run() {
-                    return System.getProperty(JDBC_DRIVERS_PROPERTY);
+        synchronized (lockForInitDrivers) {
+            if (driversInitialized) {
+                return;
+            }
+            String drivers;
+            try {
+                drivers = AccessController.doPrivileged(new PrivilegedAction<String>() {
+                    public String run() {
+                        return System.getProperty(JDBC_DRIVERS_PROPERTY);
+                    }
+                });
+            } catch (Exception ex) {
+                drivers = null;
+            }
+            // If the driver is packaged as a Service Provider, load it.
+            // Get all the drivers through the classloader
+            // exposed as a java.sql.Driver.class service.
+            // ServiceLoader.load() replaces the sun.misc.Providers()
+
+            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                public Void run() {
+
+                    ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class);
+                    Iterator<Driver> driversIterator = loadedDrivers.iterator();
+
+                    /* Load these drivers, so that they can be instantiated.
+                     * It may be the case that the driver class may not be there
+                     * i.e. there may be a packaged driver with the service class
+                     * as implementation of java.sql.Driver but the actual class
+                     * may be missing. In that case a java.util.ServiceConfigurationError
+                     * will be thrown at runtime by the VM trying to locate
+                     * and load the service.
+                     *
+                     * Adding a try catch block to catch those runtime errors
+                     * if driver not available in classpath but it's
+                     * packaged as service and that service is there in classpath.
+                     */
+                    try {
+                        while (driversIterator.hasNext()) {
+                            driversIterator.next();
+                        }
+                    } catch (Throwable t) {
+                        // Do nothing
+                    }
+                    return null;
                 }
             });
-        } catch (Exception ex) {
-            drivers = null;
+
+            println("DriverManager.initialize: jdbc.drivers = " + drivers);
+
+            if (drivers != null && !drivers.equals("")) {
+                String[] driversList = drivers.split(":");
+                println("number of Drivers:" + driversList.length);
+                for (String aDriver : driversList) {
+                    try {
+                        println("DriverManager.Initialize: loading " + aDriver);
+                        Class.forName(aDriver, true,
+                                ClassLoader.getSystemClassLoader());
+                    } catch (Exception ex) {
+                        println("DriverManager.Initialize: load failed: " + ex);
+                    }
+                }
+            }
+
+            driversInitialized = true;
+            println("JDBC DriverManager initialized");
         }
-        // If the driver is packaged as a Service Provider, load it.
-        // Get all the drivers through the classloader
-        // exposed as a java.sql.Driver.class service.
-        // ServiceLoader.load() replaces the sun.misc.Providers()
-
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-            public Void run() {
-
-                ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class);
-                Iterator<Driver> driversIterator = loadedDrivers.iterator();
-
-                /* Load these drivers, so that they can be instantiated.
-                 * It may be the case that the driver class may not be there
-                 * i.e. there may be a packaged driver with the service class
-                 * as implementation of java.sql.Driver but the actual class
-                 * may be missing. In that case a java.util.ServiceConfigurationError
-                 * will be thrown at runtime by the VM trying to locate
-                 * and load the service.
-                 *
-                 * Adding a try catch block to catch those runtime errors
-                 * if driver not available in classpath but it's
-                 * packaged as service and that service is there in classpath.
-                 */
-                try{
-                    while(driversIterator.hasNext()) {
-                        driversIterator.next();
-                    }
-                } catch(Throwable t) {
-                // Do nothing
-                }
-                return null;
-            }
-        });
-
-        println("DriverManager.initialize: jdbc.drivers = " + drivers);
-
-        if (drivers == null || drivers.equals("")) {
-            return;
-        }
-        String[] driversList = drivers.split(":");
-        println("number of Drivers:" + driversList.length);
-        for (String aDriver : driversList) {
-            try {
-                println("DriverManager.Initialize: loading " + aDriver);
-                Class.forName(aDriver, true,
-                        ClassLoader.getSystemClassLoader());
-            } catch (Exception ex) {
-                println("DriverManager.Initialize: load failed: " + ex);
-            }
-        }
-
-        driversInitialized = true;
-        println("JDBC DriverManager initialized");
     }
 
 
@@ -666,11 +662,13 @@
 
         println("DriverManager.getConnection(\"" + url + "\")");
 
+        ensureDriversInitialized();
+
         // Walk through the loaded registeredDrivers attempting to make a connection.
         // Remember the first exception that gets raised so we can reraise it.
         SQLException reason = null;
 
-        for (DriverInfo aDriver : getRegisteredDrivers()) {
+        for (DriverInfo aDriver : registeredDrivers) {
             // If the caller does not have permission to load the driver then
             // skip it.
             if (isDriverAllowed(aDriver.driver, callerCL)) {
--- a/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSACipher.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSACipher.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -159,6 +159,7 @@
     }
 
     // see JCE spec
+    @SuppressWarnings("deprecation")
     protected void engineInit(int opmode, Key key,
             AlgorithmParameterSpec params, SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
@@ -369,6 +370,7 @@
     }
 
     // see JCE spec
+    @SuppressWarnings("deprecation")
     protected java.security.Key engineUnwrap(byte[] wrappedKey,
             String algorithm,
             int type) throws InvalidKeyException, NoSuchAlgorithmException {
--- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/Config.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/Config.java	Tue Dec 23 13:34:20 2014 -0800
@@ -584,16 +584,24 @@
     }
 
     private String parseLine() throws IOException {
-        String s = parseWord();
+        // allow quoted string as part of line
+        String s = null;
         while (true) {
             int token = nextToken();
             if ((token == TT_EOL) || (token == TT_EOF)) {
                 break;
             }
-            if (token != TT_WORD) {
+            if (token != TT_WORD && token != '\"') {
                 throw excToken("Unexpected value");
             }
-            s = s + " " + st.sval;
+            if (s == null) {
+                s = st.sval;
+            } else {
+                s = s + " " + st.sval;
+            }
+        }
+        if (s == null) {
+            throw excToken("Unexpected empty line");
         }
         return s;
     }
@@ -653,7 +661,9 @@
     //
 
     private String parseLibrary(String keyword) throws IOException {
-        String lib = parseStringEntry(keyword);
+        checkDup(keyword);
+        parseEquals();
+        String lib = parseLine();
         lib = expand(lib);
         int i = lib.indexOf("/$ISA/");
         if (i != -1) {
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Tue Dec 23 13:34:20 2014 -0800
@@ -178,6 +178,7 @@
 
     // see JCE spec
     @Override
+    @SuppressWarnings("deprecation")
     protected synchronized void engineInit(int opmode, Key newKey,
             AlgorithmParameterSpec params, SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
@@ -331,6 +332,7 @@
 
     // see JCE spec
     @Override
+    @SuppressWarnings("deprecation")
     protected synchronized Key engineUnwrap(byte[] wrappedKey,
             String wrappedKeyAlgorithm, int wrappedKeyType)
             throws InvalidKeyException, NoSuchAlgorithmException {
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoMech.java	Tue Dec 23 13:34:20 2014 -0800
@@ -37,6 +37,7 @@
     CRYPTO_AES_ECB(1, new String[]
         { "Cipher.AES/ECB/NoPadding;com.oracle.security.ucrypto.NativeCipher$AesEcbNoPadding",
           "Cipher.AES/ECB/PKCS5Padding;com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesEcbPKCS5",
+          "Alg.Alias.Cipher.AES;AES/ECB/PKCS5Padding",
           "Cipher.AES_128/ECB/NoPadding;com.oracle.security.ucrypto.NativeCipher$Aes128EcbNoPadding",
           "Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1;AES_128/ECB/NoPadding",
           "Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1;AES_128/ECB/NoPadding",
@@ -81,7 +82,8 @@
         { "Cipher.AES/CFB128/NoPadding;com.oracle.security.ucrypto.NativeCipher$AesCfb128NoPadding",
           "Cipher.AES/CFB128/PKCS5Padding;com.oracle.security.ucrypto.NativeCipherWithJavaPadding$AesCfb128PKCS5" }),
     CRYPTO_RSA_PKCS(31, new String[]
-        { "Cipher.RSA/ECB/PKCS1Padding;com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding" }),
+        { "Cipher.RSA/ECB/PKCS1Padding;com.oracle.security.ucrypto.NativeRSACipher$PKCS1Padding",
+          "Alg.Alias.Cipher.RSA;RSA/ECB/PKCS1Padding" }),
     CRYPTO_RSA_X_509(32, new String[]
         { "Cipher.RSA/ECB/NoPadding;com.oracle.security.ucrypto.NativeRSACipher$NoPadding" }),
     CRYPTO_MD5_RSA_PKCS(33, new String[]
--- a/jdk/src/jdk.dev/share/classes/sun/tools/native2ascii/Main.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.dev/share/classes/sun/tools/native2ascii/Main.java	Tue Dec 23 13:34:20 2014 -0800
@@ -71,11 +71,8 @@
 import java.nio.charset.CharsetEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.IllegalCharsetNameException;
-import java.nio.file.Files;
 import java.io.UnsupportedEncodingException;
 import java.nio.charset.UnsupportedCharsetException;
-import sun.tools.native2ascii.A2NFilter;
-import sun.tools.native2ascii.N2AFilter;
 
 /**
  * Main program of the native2ascii
@@ -94,7 +91,7 @@
     /**
      * Run the converter
      */
-    public synchronized boolean convert(String argv[]){
+    public synchronized boolean convert(String argv[]) {
         List<String> v = new ArrayList<>(2);
         File outputFile = null;
         boolean createOutputFile = false;
@@ -102,14 +99,14 @@
         // Parse arguments
         for (int i = 0; i < argv.length; i++) {
             if (argv[i].equals("-encoding")) {
-                if ((i + 1) < argv.length){
+                if ((i + 1) < argv.length) {
                     encodingString = argv[++i];
                 } else {
                     error(getMsg("err.bad.arg"));
                     usage();
                     return false;
                 }
-            } else if (argv[i].equals("-reverse")){
+            } else if (argv[i].equals("-reverse")) {
                 reverse = true;
             } else {
                 if (v.size() > 1) {
@@ -119,15 +116,18 @@
                 v.add(argv[i]);
             }
         }
-        if (encodingString == null)
-           defaultEncoding = Charset.defaultCharset().name();
 
+        if (encodingString == null) {
+            defaultEncoding = Charset.defaultCharset().name();
+        }
         char[] lineBreak = System.getProperty("line.separator").toCharArray();
+
         try {
             initializeConverter();
 
-            if (v.size() == 1)
+            if (v.size() == 1) {
                 inputFileName = v.get(0);
+            }
 
             if (v.size() == 2) {
                 inputFileName = v.get(0);
@@ -137,40 +137,38 @@
 
             if (createOutputFile) {
                 outputFile = new File(outputFileName);
-                    if (outputFile.exists() && !outputFile.canWrite()) {
-                        throw new Exception(formatMsg("err.cannot.write", outputFileName));
-                    }
+                if (outputFile.exists() && !outputFile.canWrite()) {
+                    throw new Exception(formatMsg("err.cannot.write", outputFileName));
+                }
             }
 
-            if (reverse){
-                BufferedReader reader = getA2NInput(inputFileName);
-                Writer osw = getA2NOutput(outputFileName);
-                String line;
-
-                while ((line = reader.readLine()) != null) {
-                    osw.write(line.toCharArray());
-                    osw.write(lineBreak);
-                    if (outputFileName == null) { // flush stdout
-                        osw.flush();
+            if (reverse) {
+                try (BufferedReader reader = getA2NInput(inputFileName);
+                        Writer osw = getA2NOutput(outputFileName);) {
+                    String line;
+                    while ((line = reader.readLine()) != null) {
+                        osw.write(line.toCharArray());
+                        osw.write(lineBreak);
+                        if (outputFileName == null) { // flush stdout
+                            osw.flush();
+                        }
                     }
                 }
-                reader.close();  // Close the stream.
-                osw.close();
             } else {
-             //N2A
-                String inLine;
-                BufferedReader in = getN2AInput(inputFileName);
-                BufferedWriter out = getN2AOutput(outputFileName);
-
-                while ((inLine = in.readLine()) != null) {
-                    out.write(inLine.toCharArray());
-                    out.write(lineBreak);
-                    if (outputFileName == null) { // flush stdout
-                        out.flush();
+                // N2A
+                try (BufferedReader in = getN2AInput(inputFileName);
+                        BufferedWriter out = getN2AOutput(outputFileName);) {
+                    String inLine;
+                    while ((inLine = in.readLine()) != null) {
+                        out.write(inLine.toCharArray());
+                        out.write(lineBreak);
+                        if (outputFileName == null) { // flush stdout
+                            out.flush();
+                        }
                     }
                 }
-                out.close();
             }
+
             // Since we are done rename temporary file to desired output file
             if (createOutputFile) {
                 if (outputFile.exists()) {
@@ -182,8 +180,7 @@
                 }
                 tempFile.renameTo(outputFile);
             }
-
-        } catch(Exception e){
+        } catch (Exception e) {
             error(e.toString());
             return false;
         }
--- a/jdk/src/jdk.jcmd/share/classes/sun/tools/jstat/Arguments.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.jcmd/share/classes/sun/tools/jstat/Arguments.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -141,8 +141,9 @@
     public Arguments(String[] args) throws IllegalArgumentException {
         int argc = 0;
 
-        if (args.length < 1) {
-            throw new IllegalArgumentException("invalid argument count");
+        if (args.length == 0) {
+            help = true;
+            return;
         }
 
         if ((args[0].compareTo("-?") == 0)
--- a/jdk/src/jdk.jdi/share/classes/com/sun/tools/jdi/ThreadReferenceImpl.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.jdi/share/classes/com/sun/tools/jdi/ThreadReferenceImpl.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -238,7 +238,7 @@
     }
 
     public void stop(ObjectReference throwable) throws InvalidTypeException {
-        validateMirror(throwable);
+        validateMirrorOrNull(throwable);
         // Verify that the given object is a Throwable instance
         List<ReferenceType> list = vm.classesByName("java.lang.Throwable");
         ClassTypeImpl throwableClass = (ClassTypeImpl)list.get(0);
--- a/jdk/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java	Tue Dec 23 13:34:20 2014 -0800
@@ -353,7 +353,6 @@
     /**
      * Wrap a RemoteException inside a NamingException.
      */
-    @SuppressWarnings("deprecation")
     public static NamingException wrapRemoteException(RemoteException re) {
 
         NamingException ne;
@@ -365,8 +364,7 @@
             ne = new NoPermissionException();
 
         } else if (re instanceof StubNotFoundException ||
-                   re instanceof UnknownHostException ||
-                   re instanceof SocketSecurityException) {
+                   re instanceof UnknownHostException) {
             ne = new ConfigurationException();
 
         } else if (re instanceof ExportException ||
@@ -414,11 +412,10 @@
      * Attempts to install a security manager if none is currently in
      * place.
      */
-    @SuppressWarnings("deprecation")
     private static void installSecurityMgr() {
 
         try {
-            System.setSecurityManager(new RMISecurityManager());
+            System.setSecurityManager(new SecurityManager());
         } catch (Exception e) {
         }
     }
--- a/jdk/test/ProblemList.txt	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/ProblemList.txt	Tue Dec 23 13:34:20 2014 -0800
@@ -135,10 +135,6 @@
 
 # jdk_management
 
-# 8044591
-com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationContentTest.java   generic-all
-com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationTest.java          generic-all
-
 # 8058492
 java/lang/management/ThreadMXBean/FindDeadlocks.java                                      generic-all
 
@@ -243,9 +239,6 @@
 java/security/KeyPairGenerator/SolarisShortDSA.java             solaris-all
 sun/security/tools/keytool/standard.sh                          solaris-all
 
-# 8049312
-com/sun/crypto/provider/Cipher/AES/CICO.java			generic-all
-
 # 8062758
 java/security/Security/ClassLoaderDeadlock/Deadlock2.sh         generic-all
 
@@ -303,25 +296,6 @@
 
 # jdk_util
 
-# 8051641
-sun/util/calendar/zi/TestZoneInfo310.java                        generic-all
-
-# 8062588
-java/util/Locale/LocaleProviders.sh                              generic-all
-java/util/PluggableLocale/BreakIteratorProviderTest.sh           generic-all
-java/util/PluggableLocale/CalendarDataProviderTest.sh            generic-all
-java/util/PluggableLocale/CalendarNameProviderTest.sh            generic-all
-java/util/PluggableLocale/CollatorProviderTest.sh                generic-all
-java/util/PluggableLocale/CurrencyNameProviderTest.sh            generic-all
-java/util/PluggableLocale/DateFormatProviderTest.sh              generic-all
-java/util/PluggableLocale/DateFormatSymbolsProviderTest.sh       generic-all
-java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.sh    generic-all
-java/util/PluggableLocale/GenericTest.sh                         generic-all
-java/util/PluggableLocale/LocaleNameProviderTest.sh              generic-all
-java/util/PluggableLocale/NumberFormatProviderTest.sh            generic-all
-java/util/PluggableLocale/TimeZoneNameProviderTest.sh            generic-all
-java/util/ResourceBundle/Bug6299235Test.sh                       generic-all
-
 # 8062512
 java/util/spi/ResourceBundleControlProvider/UserDefaultControlTest.java generic-all
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/oracle/security/ucrypto/TestAlias.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043349
+ * @summary Ensure the cipher aliases of AES and RSA works correctly
+ */
+import java.io.*;
+import java.security.*;
+import java.security.spec.*;
+import java.util.*;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class TestAlias extends UcryptoTest {
+
+    private static final String[] CIPHER_ALGOS = {
+        "AES/ECB/PKCS5Padding",
+        "AES",
+        "RSA/ECB/PKCS1Padding",
+        "RSA",
+    };
+
+    public static void main(String[] args) throws Exception {
+        main(new TestAlias(), null);
+    }
+
+    public void doTest(Provider prov) throws Exception {
+        Cipher c;
+        for (int i = 0; i < (CIPHER_ALGOS.length - 1); i+=2) {
+            String fullTransformation = CIPHER_ALGOS[i];
+            try {
+                c = Cipher.getInstance(fullTransformation, prov);
+            } catch (NoSuchAlgorithmException nsae) {
+                System.out.println("Skip unsupported algo: " + fullTransformation);
+                continue;
+            }
+            c = Cipher.getInstance(CIPHER_ALGOS[i+1], prov);
+        }
+
+        System.out.println("Test Passed");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8048819
+ * @summary This test stressful verifies the assertion of "The secret keys generated
+ * by all involved parties should be the same." for javax.crypto.KeyAgreement
+ * @run main SameDHKeyStressTest
+ */
+import java.security.AlgorithmParameterGenerator;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DHGenParameterSpec;
+import javax.crypto.spec.DHParameterSpec;
+
+public class SameDHKeyStressTest {
+
+    static final String[] ALGORITHMS = {"DH", "DiffieHellman", "dh", "diffieHELLMAN"};
+    static final String[] SECRET_ALOGRITHMS = {"DES", "DESede", "blowfish"};
+    static final int[] NUMBER_OF_PARTIES = {2, 3, 4};
+    static final String[] PA_NAMES = {"Alice", "Bob", "Carol", "David"};
+
+    public static void main(String args[]) {
+        int failedCnt = 0;
+        StringBuilder failedList = new StringBuilder("Failed List:");
+
+        for (String algorithm : ALGORITHMS) {
+            for (int numOfParties : NUMBER_OF_PARTIES) {
+                for (String secretAlgorithm : SECRET_ALOGRITHMS) {
+                    if (!runTest(algorithm, numOfParties, secretAlgorithm)) {
+                        failedCnt++;
+                        failedList.append("\n Altorightm = ").append(algorithm).
+                                append(" Number of Parties = ").append(numOfParties).
+                                append(" Secret Algorithm = ").append(secretAlgorithm);
+                    }
+                }
+            }
+        } //end of for loop
+
+        if (failedCnt > 0) {
+            System.out.println(failedList);
+            throw new RuntimeException("SameDHKeyStressTest Failed");
+        }
+    }
+
+    public static boolean runTest(String algo, int numParties, String secretAlgo) {
+        KAParticipant[] parties = new KAParticipant[numParties];
+        Key[] keyArchives = new Key[numParties];
+        try {
+            // generate AlogirhtmParameterSpec
+            AlgorithmParameterGenerator apg = AlgorithmParameterGenerator.getInstance("DH","SunJCE");
+            AlgorithmParameterSpec aps = new DHGenParameterSpec(512, 64);
+            apg.init(aps);
+            DHParameterSpec spec = apg.generateParameters().
+                    getParameterSpec(DHParameterSpec.class);
+
+            //initilize all KeyAgreement participants
+            for (int i = 0; i < numParties; i++) {
+                parties[i] = new KAParticipant(PA_NAMES[i], algo);
+                parties[i].initialize(spec);
+                keyArchives[i] = parties[i].getPublicKey();
+            }
+
+            // Do all phases in the KeyAgreement for all participants
+            Key[] keyBuffer = new Key[numParties];
+            boolean lastPhase = false;
+            for (int j = 0; j < numParties - 1; j++) {
+                if (j == numParties - 2) {
+                    lastPhase = true;
+                }
+                for (int k = 0; k < numParties; k++) {
+                    if (k == numParties - 1) {
+                        keyBuffer[k] = parties[k].doPhase(keyArchives[0], lastPhase);
+                    } else {
+                        keyBuffer[k] = parties[k].doPhase(keyArchives[k + 1], lastPhase);
+                    }
+                }
+                System.arraycopy(keyBuffer, 0, keyArchives, 0, numParties);
+            }
+
+            //Comparison: The secret keys generated by all involved parties should be the same
+            SecretKey[] sKeys = new SecretKey[numParties];
+            for (int n = 0; n < numParties; n++) {
+                sKeys[n] = parties[n].generateSecret(secretAlgo);
+            }
+            for (int q = 0; q < numParties - 1; q++) {
+                if (!Arrays.equals(sKeys[q].getEncoded(), sKeys[q + 1].getEncoded())) {
+                    return false;
+                }
+            }
+            return true;
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            return false;
+        }
+
+    }
+
+}
+
+class KAParticipant {
+
+    private String name = null;
+    private String algorithm = null;
+    private KeyPairGenerator keyGen = null;
+    private KeyPair keys = null;
+    private KeyAgreement ka = null;
+
+    public KAParticipant(String pName, String algo) throws NoSuchAlgorithmException, NoSuchProviderException {
+        name = pName;
+        algorithm = algo;
+        keyGen = KeyPairGenerator.getInstance(algo,"SunJCE");
+        ka = KeyAgreement.getInstance(algo,"SunJCE");
+    }
+
+    public void initialize(AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException, InvalidKeyException {
+        keyGen.initialize(spec);
+        keys = keyGen.generateKeyPair();
+        ka.init(keys.getPrivate());
+    }
+
+    public Key doPhase(Key key, boolean lastPhase) throws InvalidKeyException {
+        return ka.doPhase(key, lastPhase);
+    }
+
+    public Key getPublicKey() {
+        return keys.getPublic();
+    }
+
+    public byte[] generateSecret() {
+        return ka.generateSecret();
+    }
+
+    public SecretKey generateSecret(String algo) throws java.lang.IllegalStateException,
+            java.security.NoSuchAlgorithmException,
+            java.security.InvalidKeyException {
+        return ka.generateSecret(algo);
+    }
+}
--- a/jdk/test/com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationContentTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationContentTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -26,6 +26,7 @@
  * @bug     7036199
  * @summary Check that GarbageCollectionNotification contents are reasonable
  * @author  Frederic Parain
+ * @requires vm.opt.ExplicitGCInvokesConcurrent == null | vm.opt.ExplicitGCInvokesConcurrent == false
  * @run     main/othervm GarbageCollectionNotificationContentTest
  */
 
--- a/jdk/test/com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/com/sun/management/GarbageCollectorMXBean/GarbageCollectionNotificationTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -26,6 +26,7 @@
  * @bug     7036199
  * @summary Check that GarbageCollection notification are thrown by every GarbageCollectorMXBean
  * @author  Frederic Parain
+ * @requires vm.opt.ExplicitGCInvokesConcurrent == null | vm.opt.ExplicitGCInvokesConcurrent == false
  * @run     main/othervm GarbageCollectionNotificationTest
  */
 
--- a/jdk/test/com/sun/tools/attach/StartManagementAgent.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/com/sun/tools/attach/StartManagementAgent.java	Tue Dec 23 13:34:20 2014 -0800
@@ -41,7 +41,7 @@
  * @summary Test for VirtualMachine.startManagementAgent and VirtualMachine.startLocalManagementAgent
  * @library /lib/testlibrary
  * @run build Application SimpleProvider jdk.testlibrary.*
- * @run main StartManagementAgent
+ * @run main/timeout=300 StartManagementAgent
  */
 
 /*
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/io/ObjectInputStream/PeekInputStreamTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+
+/*
+ * @test
+ * @bug 8067870
+ * @summary verifies java.io.ObjectInputStream.PeekInputStream.skip works
+ *          as intended
+ */
+public class PeekInputStreamTest {
+
+    public static void main(String[] args) throws ReflectiveOperationException,
+            IOException {
+
+        InputStream pin = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        peek(pin);
+        if (pin.skip(1) != 1 || pin.read() != 2)
+            throw new AssertionError();
+
+        InputStream pin1 = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        if (pin1.skip(1) != 1 || pin1.read() != 2)
+            throw new AssertionError();
+
+        InputStream pin2 = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        if (pin2.skip(0) != 0 || pin2.read() != 1)
+            throw new AssertionError();
+
+        InputStream pin3 = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        if (pin3.skip(2) != 2 || pin3.read() != 3)
+            throw new AssertionError();
+
+        InputStream pin4 = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        if (pin4.skip(3) != 3 || pin4.read() != 4)
+            throw new AssertionError();
+
+        InputStream pin5 = createPeekInputStream(
+                new ByteArrayInputStream(new byte[]{1, 2, 3, 4}));
+        if (pin5.skip(16) != 4 || pin5.read() != -1)
+            throw new AssertionError();
+    }
+
+    private static InputStream createPeekInputStream(InputStream underlying)
+            throws ReflectiveOperationException {
+        Class<? extends InputStream> clazz =
+                Class.forName("java.io.ObjectInputStream$PeekInputStream")
+                        .asSubclass(InputStream.class);
+
+        Constructor<? extends InputStream> ctr =
+                clazz.getDeclaredConstructor(InputStream.class);
+        ctr.setAccessible(true);
+        return ctr.newInstance(underlying);
+    }
+
+    private static void peek(InputStream pin)
+            throws ReflectiveOperationException {
+        Method p = pin.getClass().getDeclaredMethod("peek");
+        p.setAccessible(true);
+        p.invoke(pin);
+    }
+}
--- a/jdk/test/java/lang/ClassLoader/EndorsedDirs.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/lang/ClassLoader/EndorsedDirs.java	Tue Dec 23 13:34:20 2014 -0800
@@ -23,25 +23,48 @@
 
 /*
  * @test
- * @bug 8060206
+ * @bug 8060206 8067366
  * @summary Endorsed standards and override mechanism is removed
  */
 
 import java.io.*;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 public class EndorsedDirs {
-    public static void main(String arg[]) throws Exception {
+    private static String[] VALUES = new String[] {
+            null,
+            "",
+            "\"\""
+    };
+    public static void main(String... args) throws Exception {
         String value = System.getProperty("java.endorsed.dirs");
+        System.out.format("java.endorsed.dirs = '%s'%n", value);
+        if (args.length > 0) {
+            int index = Integer.valueOf(args[0]);
+            String expectedValue = VALUES[index];
+            if (!(expectedValue == value ||
+                    (value != null && value.isEmpty()) ||
+                    (expectedValue != null & expectedValue.equals(value)))) {
+                throw new RuntimeException("java.endorsed.dirs (" +
+                        value + ") != " + expectedValue);
+            }
+            // launched by subprocess.
+            return;
+        }
+
         if (value != null) {
             throw new RuntimeException("java.endorsed.dirs not removed: " + value);
         }
 
-        fatalError("-Djava.endorsed.dirs=foo");
+        fatalError(0, "-Djava.endorsed.dirs=foo");
+        start(0);
+        start(1, "-Djava.endorsed.dirs=");
+        start(2, "-Djava.endorsed.dirs=\"\"");
     }
 
-    static void fatalError(String... args) throws Exception {
+    static ProcessBuilder newProcessBuilder(int testParam, String... args) throws Exception {
         List<String> commands = new ArrayList<>();
         String java = System.getProperty("java.home") + "/bin/java";
         commands.add(java);
@@ -52,9 +75,22 @@
         commands.add("-cp");
         commands.add(cpath);
         commands.add("EndorsedDirs");
+        commands.add(String.valueOf(testParam));
 
-        ProcessBuilder processBuilder = new ProcessBuilder(commands);
-        final Process process = processBuilder.start();
+        System.out.println("Testing " + commands.stream().collect(Collectors.joining(" ")));
+        return new ProcessBuilder(commands);
+    }
+
+    static void start(int testParam, String... args) throws Exception {
+        start(newProcessBuilder(testParam, args), false);
+    }
+
+    static void fatalError(int testParam, String... args) throws Exception {
+        start(newProcessBuilder(testParam, args), true);
+    }
+
+    static void start(ProcessBuilder pb, boolean fatalError) throws Exception {
+        final Process process = pb.start();
         BufferedReader errorStream = new BufferedReader(
                 new InputStreamReader(process.getErrorStream()));
         BufferedReader outStream = new BufferedReader(
@@ -72,11 +108,15 @@
         System.err.println(errorLine);
         process.waitFor(1000, TimeUnit.MILLISECONDS);
         int exitStatus = process.exitValue();
-        if (exitStatus == 0) {
-            throw new RuntimeException("Expect fatal error");
-        }
-        if (!errorLine.contains("Could not create the Java Virtual Machine")) {
-            throw new RuntimeException(errorLine);
+        if (fatalError) {
+            if (exitStatus == 0) {
+                throw new RuntimeException("Expected fatal error");
+            }
+            if (!errorLine.contains("Could not create the Java Virtual Machine")) {
+                throw new RuntimeException(errorLine);
+            }
+        } else if (exitStatus != 0) {
+            throw new RuntimeException("Failed: " + errorLine);
         }
     }
 }
--- a/jdk/test/java/lang/ClassLoader/ExtDirs.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/lang/ClassLoader/ExtDirs.java	Tue Dec 23 13:34:20 2014 -0800
@@ -23,25 +23,49 @@
 
 /*
  * @test
- * @bug 8060206
+ * @bug 8060206 8067366
  * @summary Extension mechanism is removed
  */
 
 import java.io.*;
+import java.lang.Integer;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 public class ExtDirs {
-    public static void main(String arg[]) throws Exception {
+    private static String[] VALUES = new String[] {
+            null,
+            "",
+            "\"\""
+    };
+    public static void main(String... args) throws Exception {
         String value = System.getProperty("java.ext.dirs");
+        System.out.format("java.ext.dirs = '%s'%n", value);
+        if (args.length > 0) {
+            int index = Integer.valueOf(args[0]);
+            String expectedValue = VALUES[index];
+            if (!(expectedValue == value ||
+                    (value != null && value.isEmpty()) ||
+                    (expectedValue != null & expectedValue.equals(value)))) {
+                throw new RuntimeException("java.ext.dirs (" +
+                        value + ") != " + expectedValue);
+            }
+            // launched by subprocess.
+            return;
+        }
+
         if (value != null) {
             throw new RuntimeException("java.ext.dirs not removed: " + value);
         }
 
-        fatalError("-Djava.ext.dirs=foo");
+        fatalError(0, "-Djava.ext.dirs=foo");
+        start(0);
+        start(1, "-Djava.ext.dirs=");
+        start(2, "-Djava.ext.dirs=\"\"");
     }
 
-    static void fatalError(String... args) throws Exception {
+    static ProcessBuilder newProcessBuilder(int testParam, String... args) throws Exception {
         List<String> commands = new ArrayList<>();
         String java = System.getProperty("java.home") + "/bin/java";
         commands.add(java);
@@ -52,9 +76,22 @@
         commands.add("-cp");
         commands.add(cpath);
         commands.add("ExtDirs");
+        commands.add(String.valueOf(testParam));
 
-        ProcessBuilder processBuilder = new ProcessBuilder(commands);
-        final Process process = processBuilder.start();
+        System.out.println("Testing " + commands.stream().collect(Collectors.joining(" ")));
+        return new ProcessBuilder(commands);
+    }
+
+    static void start(int testParam, String... args) throws Exception {
+        start(newProcessBuilder(testParam, args), false);
+    }
+
+    static void fatalError(int testParam, String... args) throws Exception {
+        start(newProcessBuilder(testParam, args), true);
+    }
+
+    static void start(ProcessBuilder pb, boolean fatalError) throws Exception {
+        final Process process = pb.start();
         BufferedReader errorStream = new BufferedReader(
                 new InputStreamReader(process.getErrorStream()));
         BufferedReader outStream = new BufferedReader(
@@ -72,11 +109,15 @@
         System.err.println(errorLine);
         process.waitFor(1000, TimeUnit.MILLISECONDS);
         int exitStatus = process.exitValue();
-        if (exitStatus == 0) {
-            throw new RuntimeException("Expect fatal error");
-        }
-        if (!errorLine.contains("Could not create the Java Virtual Machine")) {
-            throw new RuntimeException(errorLine);
+        if (fatalError) {
+            if (exitStatus == 0) {
+                throw new RuntimeException("Expected fatal error");
+            }
+            if (!errorLine.contains("Could not create the Java Virtual Machine")) {
+                throw new RuntimeException(errorLine);
+            }
+        } else if (exitStatus != 0) {
+            throw new RuntimeException("Failed: " + errorLine);
         }
     }
 }
--- a/jdk/test/java/lang/instrument/ParallelTransformerLoaderAgent.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/lang/instrument/ParallelTransformerLoaderAgent.java	Tue Dec 23 13:34:20 2014 -0800
@@ -79,24 +79,15 @@
                         throws IllegalClassFormatException
                 {
                         String tName = Thread.currentThread().getName();
-                        // In 160_03 and older, transform() is called
-                        // with the "system_loader_lock" held and that
-                        // prevents the bootstrap class loaded from
-                        // running in parallel. If we add a slight sleep
-                        // delay here when the transform() call is not
-                        // main or TestThread, then the deadlock in
-                        // 160_03 and older is much more reproducible.
-                        if (!tName.equals("main") && !tName.equals("TestThread")) {
-                            System.out.println("Thread '" + tName +
-                                "' has called transform()");
-                            try {
-                                Thread.sleep(500);
-                            } catch (InterruptedException ie) {
-                            }
-                        }
 
-                        // load additional classes when called from other threads
-                        if (!tName.equals("main"))
+                        // Load additional classes when called from thread 'TestThread'
+                        // When a class is loaded during a callback handling the boot loader, we can
+                        // run into ClassCircularityError if the ClassFileLoadHook is set early enough
+                        // to catch classes needed during class loading, e.g.
+                        //          sun.misc.URLClassPath$JarLoader$2.
+                        // The goal of the test is to stress class loading on the test class loaders.
+
+                        if (tName.equals("TestThread") && loader != null)
                         {
                                 loadClasses(3);
                         }
--- a/jdk/test/java/lang/management/MemoryMXBean/LowMemoryTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/lang/management/MemoryMXBean/LowMemoryTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,11 +35,13 @@
  * @run main/timeout=600 LowMemoryTest
  */
 
+import com.sun.management.DiagnosticCommandMBean;
 import java.lang.management.*;
 import java.util.*;
 import java.util.concurrent.Phaser;
 import javax.management.*;
 import javax.management.openmbean.CompositeData;
+import sun.management.ManagementFactoryHelper;
 
 public class LowMemoryTest {
     private static final MemoryMXBean mm = ManagementFactory.getMemoryMXBean();
@@ -94,9 +96,15 @@
     }
 
     static class TestListener implements NotificationListener {
+        private boolean isRelaxed = false;
         private int triggers = 0;
         private final long[] count = new long[NUM_TRIGGERS * 2];
         private final long[] usedMemory = new long[NUM_TRIGGERS * 2];
+
+        public TestListener() {
+            isRelaxed = ManagementFactory.getRuntimeMXBean().getInputArguments().contains("-XX:+UseConcMarkSweepGC");
+        }
+
         @Override
         public void handleNotification(Notification notif, Object handback) {
             MemoryNotificationInfo minfo = MemoryNotificationInfo.
@@ -106,7 +114,8 @@
             triggers++;
         }
         public void checkResult() throws Exception {
-            if (triggers != NUM_TRIGGERS) {
+            if ((!isRelaxed && triggers != NUM_TRIGGERS) ||
+                (isRelaxed && triggers < NUM_TRIGGERS)) {
                 throw new RuntimeException("Unexpected number of triggers = " +
                     triggers + " but expected to be " + NUM_TRIGGERS);
             }
--- a/jdk/test/java/lang/management/ThreadMXBean/Locks.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/lang/management/ThreadMXBean/Locks.java	Tue Dec 23 13:34:20 2014 -0800
@@ -29,17 +29,21 @@
  * @author  Mandy Chung
  * @author  Jaroslav Bachorik
  *
+ * @library /lib/testlibrary
+ * @build jdk.testlibrary.*
  * @run main/othervm Locks
  */
 
 import java.lang.management.*;
 import java.util.concurrent.Phaser;
+import jdk.testlibrary.LockFreeLogManager;
 
 public class Locks {
     private static final Object objA = new Object();
     private static final Object objB = new Object();
     private static final Object objC = new Object();
     private static final ThreadMXBean tm = ManagementFactory.getThreadMXBean();
+    private static final LockFreeLogManager logger = new LockFreeLogManager();
 
     private static boolean testFailed = false;
 
@@ -126,14 +130,14 @@
         public void run() {
             synchronized(objA) {
                 // stop here  for LockBThread to hold objB
-                System.out.println("LockAThread about to block on objB");
+                log("LockAThread about to block on objB");
                 p.arriveAndAwaitAdvance(); // Phase 1 (blocking)
                 synchronized(objB) {
                     dummyCounter++;
                 };
             }
             p.arriveAndAwaitAdvance(); // Phase 2 (blocking)
-            System.out.println("LockAThread about to exit");
+            log("LockAThread about to exit");
             // Make sure the current thread is not holding any lock
             assertNoLock(this);
         }
@@ -147,7 +151,7 @@
         }
         public void run() {
             synchronized(objB) {
-                System.out.println("LockBThread about to block on objC");
+                log("LockBThread about to block on objC");
                 p.arriveAndAwaitAdvance(); // Phase 1 (blocking)
                 // Signal main thread about to block on objC
                 synchronized(objC) {
@@ -155,14 +159,14 @@
                 };
             }
             p.arriveAndAwaitAdvance(); // Phase 2 (blocking)
-            System.out.println("LockBThread about to exit");
+            log("LockBThread about to exit");
             // Make sure the current thread is not holding any lock
             assertNoLock(this);
         }
     }
 
     private static WaitingThread waiter;
-    private static Object ready = new Object();
+    private static final Object ready = new Object();
     private static CheckerThread checker;
     static class WaitingThread extends Thread {
         private final Phaser p;
@@ -173,9 +177,10 @@
             super("WaitingThread");
             this.p = p;
         }
+        @Override
         public void run() {
             synchronized(objC) {
-                System.out.println("WaitingThread about to wait on objC");
+                log("WaitingThread about to wait on objC");
                 try {
                     // Signal checker thread, about to wait on objC.
                     waiting = false;
@@ -188,13 +193,13 @@
                 }
 
                 // block until CheckerThread finishes checking
-                System.out.println("WaitingThread about to block on ready");
+                log("WaitingThread about to block on ready");
                 // signal checker thread that it is about acquire
                 // object ready.
                 p.arriveAndAwaitAdvance(); // Phase 2 (waiting)
                 synchronized(ready) {
                     dummyCounter++;
-                };
+                }
             }
             synchronized(objC) {
                 try {
@@ -208,7 +213,7 @@
                     testFailed = true;
                 }
             }
-            System.out.println("WaitingThread about to exit waiting on objC 2");
+            log("WaitingThread about to exit waiting on objC 2");
         }
 
         public void waitForWaiting() {
@@ -321,10 +326,10 @@
     private static ThreadInfo findOwnerInfo(ThreadInfo[] infos, String lock)
             throws Exception {
         ThreadInfo ownerInfo = null;
-        for (int i = 0; i < infos.length; i++) {
-            String blockedLock = infos[i].getLockName();
+        for (ThreadInfo info : infos) {
+            String blockedLock = info.getLockName();
             if (lock.equals(blockedLock)) {
-                long threadId = infos[i].getLockOwnerId();
+                long threadId = info.getLockOwnerId();
                 if (threadId == -1) {
                     throw new RuntimeException("TEST FAILED: " +
                             lock + " expected to have owner");
@@ -355,14 +360,17 @@
             throws Exception {
         ThreadInfo ownerInfo = null;
         // Find the thread who is blocking on lock
-        for (int i = 0; i < infos.length;  i++) {
-            String blockedLock = infos[i].getLockName();
+        for (ThreadInfo info : infos) {
+            String blockedLock = info.getLockName();
             if (lock.equals(blockedLock)) {
-                System.out.print(infos[i].getThreadName() +
-                        " blocked on " + blockedLock);
-                ownerInfo = infos[i];
+                log("%s blocked on %s", info.getThreadName(), blockedLock);
+                ownerInfo = info;
             }
         }
+        if (ownerInfo == null) {
+            throw new RuntimeException("TEST FAILED: " +
+                    "Can't retrieve ThreadInfo for the blocked thread");
+        }
 
         long[] threads = new long[10];
         int count = 0;
@@ -370,14 +378,18 @@
         while (ownerInfo != null && ownerInfo.getThreadState() == Thread.State.BLOCKED) {
             ownerInfo = findOwnerInfo(infos, lock);
             threads[count++] = ownerInfo.getThreadId();
-            System.out.println(" Owner = " + ownerInfo.getThreadName() +
-                    " id = " + ownerInfo.getThreadId());
+            log(" Owner = %s  id = %d",
+                    ownerInfo.getThreadName(),
+                    ownerInfo.getThreadId()
+            );
             lock = ownerInfo.getLockName();
-            System.out.print(ownerInfo.getThreadName() + " Id = " +
-                    ownerInfo.getThreadId() +
-                    " blocked on " + lock);
+            log("%s Id = %d  blocked on %s",
+                    ownerInfo.getThreadName(),
+                    ownerInfo.getThreadId(),
+                    lock
+            );
         }
-        System.out.println();
+        log("");
 
         if (count != expectedThreads.length) {
             throw new RuntimeException("TEST FAILED: " +
@@ -385,10 +397,15 @@
         }
         for (int i = 0; i < count; i++) {
             if (threads[i] != expectedThreads[i]) {
-                System.out.println("TEST FAILED: " +
-                        "Unexpected thread in the chain " + threads[i] +
-                        " expected to be " + expectedThreads[i]);
+                log("TEST FAILED: Unexpected thread in the chain %s expected to be %s",
+                    threads[i],
+                    expectedThreads[i]
+                );
             }
         }
     }
+
+    private static void log(String format, Object ... args) {
+        logger.log(format + "%n", args);
+    }
 }
--- a/jdk/test/java/net/ResponseCache/ResponseCacheTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/net/ResponseCache/ResponseCacheTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@
 import java.net.*;
 import java.util.*;
 import java.io.*;
-import sun.net.www.ParseUtil;
 import javax.net.ssl.*;
 
 /**
@@ -178,11 +177,16 @@
     }
 
     static class MyResponseCache extends ResponseCache {
-        public CacheResponse
-        get(URI uri, String rqstMethod, Map<String,List<String>> rqstHeaders)
-            throws IOException {
-            if (uri.equals(ParseUtil.toURI(url1))) {
-                return new MyCacheResponse(FNPrefix+"file1.cache");
+        public CacheResponse get(URI uri, String rqstMethod,
+                                 Map<String,List<String>> rqstHeaders)
+            throws IOException
+        {
+            try {
+                if (uri.equals(url1.toURI())) {
+                    return new MyCacheResponse(FNPrefix+"file1.cache");
+                }
+            } catch (URISyntaxException ex) {
+                throw new RuntimeException (ex);
             }
             return null;
         }
--- a/jdk/test/java/rmi/server/RemoteObject/notExtending/NotExtending.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/rmi/server/RemoteObject/notExtending/NotExtending.java	Tue Dec 23 13:34:20 2014 -0800
@@ -30,7 +30,7 @@
  * @author Peter Jones
  *
  * @build NotExtending_Stub NotExtending_Skel
- * @run main/othervm/timeout=240 NotExtending
+ * @run main/othervm NotExtending
  */
 
 
@@ -46,9 +46,16 @@
     /** true if the hashValue field has been initialized */
     private boolean hashValueInitialized = false;
 
-    public NotExtending() throws RemoteException {
+    // no declared constructor - rely on implicit no-arg contructor
+
+    public Remote export() throws RemoteException {
         stub = UnicastRemoteObject.exportObject(this);
         setHashValue(stub.hashCode());
+        return stub;
+    }
+
+    public void unexport() throws RemoteException {
+        UnicastRemoteObject.unexportObject(this, true);
     }
 
     private void setHashValue(int value) {
@@ -58,12 +65,11 @@
 
     public int hashCode() {
         /*
-         * Test fails with a RuntimeException if the hashCode() method is
-         * called (during the export procedure) before the correct hash
-         * value has been initialized.
+         * Test fails if the hashCode() method is called (during export)
+         * before the correct hash value has been initialized.
          */
         if (!hashValueInitialized) {
-            throw new RuntimeException(
+            throw new AssertionError(
                 "hashCode() invoked before hashValue initialized");
         }
         return hashValue;
@@ -74,69 +80,40 @@
     }
 
     public static void main(String[] args) throws Exception {
-        /*
-         * The following line is required with the JDK 1.2 VM so that the
-         * VM can exit gracefully when this test completes.  Otherwise, the
-         * conservative garbage collector will find a handle to the server
-         * object on the native stack and not clear the weak reference to
-         * it in the RMI runtime's object table.
-         */
-        Object dummy = new Object();
+        NotExtending server = null;
 
-        NotExtending server;
         try {
             /*
              * Verify that hashCode() is not invoked before it is
              * initialized.  Tests bugid 4102938.
              */
             server = new NotExtending();
+            Remote stub = server.export();
             System.err.println("Server exported without invoking hashCode().");
 
             /*
              * Verify that passing stub to server's equals() method
              * returns true.
              */
-            if (server.equals(server.stub)) {
-                System.err.println(
-                    "Passing stub to server's equals() method succeeded.");
+            if (server.equals(stub)) {
+                System.err.println("server.equals(stub) returns true");
             } else {
-                throw new RuntimeException(
-                    "passing stub to server's equals() method failed");
+                throw new AssertionError("server.equals(stub) returns false");
             }
 
             /*
              * Verify that passing server to stub's equals() method
              * returns true.  Tests bugid 4099660.
              */
-            if (server.stub.equals(server)) {
-                System.err.println(
-                    "Passing server to stub's equals() method succeeded.");
+            if (stub.equals(server)) {
+                System.err.println("stub.equals(server) returns true");
             } else {
-                throw new RuntimeException(
-                    "passing server to stub's equals() method failed");
+                throw new AssertionError("stub.equals(server) returns false");
             }
-
         } finally {
-            server = null;
-            flushCachedRefs();
-        }
-    }
-
-    /**
-     * Force desperate garbage collection so that soft references
-     * will be cleared.
-     *
-     * This method is required with the JDK 1.1.x RMI runtime so that the
-     * VM can exit gracefully when this test completes.  See bugid 4006356.
-     */
-    public static void flushCachedRefs() {
-        java.util.Vector chain = new java.util.Vector();
-        try {
-            while (true) {
-                int[] hungry = new int[65536];
-                chain.addElement(hungry);
+            if (server != null) {
+                server.unexport();
             }
-        } catch (OutOfMemoryError e) {
         }
     }
 }
--- a/jdk/test/java/security/KeyStore/PKCS12/ReadP12Test.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/security/KeyStore/PKCS12/ReadP12Test.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003,2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,8 +65,7 @@
 
 public class ReadP12Test {
 
-    private final static String IN_KETYSTORE_TYPE = "pkcs12";
-    private final static String IN_KEYSTORE_PRV = "SunJSSE";
+    private final static String IN_KEYSTORE_TYPE = "pkcs12";
     private final static String IN_STORE_PASS = "pass";
 
     public static void main(String args[]) throws Exception {
@@ -124,8 +123,7 @@
         String dir = System.getProperty("test.src", ".");
         String keystorePath = dir + File.separator + "certs" + File.separator
                 + "readP12";
-        inputKeyStore = KeyStore
-                .getInstance(IN_KETYSTORE_TYPE, IN_KEYSTORE_PRV);
+        inputKeyStore = KeyStore.getInstance(IN_KEYSTORE_TYPE);
         // KeyStore have encoded by Base64.getMimeEncoder().encode(),need decode
         // first.
         byte[] input = Files.readAllBytes(Paths.get(keystorePath, inKeyStore));
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/KeyStore/ProbeKeystores.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,287 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8044445
+ * @summary test new methods from JEP-229: Create PKCS12 Keystores by Default
+ */
+
+import java.io.*;
+import java.security.*;
+import java.security.KeyStore.*;
+import java.security.cert.*;
+import javax.crypto.*;
+import javax.security.auth.callback.*;
+
+public class ProbeKeystores {
+    private static final char[] PASSWORD = "changeit".toCharArray();
+    private static final char[] BAD_PASSWORD = "badpasword".toCharArray();
+    private static final String DIR = System.getProperty("test.src", ".");
+    private static final String CERT_FILE = "trusted.pem";
+
+    public static final void main(String[] args) throws Exception {
+        try {
+            test();
+        } finally {
+            cleanup();
+        }
+    }
+
+    private static final void test() throws Exception {
+        cleanup();
+
+        // Testing empty keystores
+
+        init("empty.jks", "JKS");
+        init("empty.jceks", "JCEKS");
+        init("empty.p12", "PKCS12");
+
+        load("empty.jks", "JKS");
+        load("empty.jceks", "JCEKS");
+        load("empty.p12", "PKCS12");
+        load("empty.jks", "PKCS12"); // test compatibility mode
+        load("empty.p12", "JKS"); // test compatibility mode
+        load("empty.jks", "PKCS12", true); // test without compatibility mode
+        load("empty.jks", "JKS", false); // test without compatibility mode
+        load("empty.p12", "JKS", true); // test without compatibility mode
+        load("empty.p12", "PKCS12", false); // test without compatibility mode
+
+        probe("empty.jks", "JKS");
+        probe("empty.jceks", "JCEKS");
+        probe("empty.p12", "PKCS12");
+
+        build("empty.jks", "JKS", true);
+        build("empty.jks", "JKS", false);
+        build("empty.jceks", "JCEKS", true);
+        build("empty.jceks", "JCEKS", false);
+        build("empty.p12", "PKCS12", true);
+        build("empty.p12", "PKCS12", false);
+
+        // Testing keystores containing an X.509 certificate
+
+        X509Certificate cert = loadCertificate(CERT_FILE);
+        init("onecert.jks", "JKS", cert);
+        init("onecert.jceks", "JCEKS", cert);
+        init("onecert.p12", "PKCS12", cert);
+
+        load("onecert.jks", "JKS");
+        load("onecert.jceks", "JCEKS");
+        load("onecert.p12", "PKCS12");
+        load("onecert.jks", "PKCS12"); // test compatibility mode
+        load("onecert.p12", "JKS"); // test compatibility mode
+        load("onecert.jks", "PKCS12", true); // test without compatibility mode
+        load("onecert.jks", "JKS", false); // test without compatibility mode
+        load("onecert.p12", "JKS", true); // test without compatibility mode
+        load("onecert.p12", "PKCS12", false); // test without compatibility mode
+
+        probe("onecert.jks", "JKS");
+        probe("onecert.jceks", "JCEKS");
+        probe("onecert.p12", "PKCS12");
+
+        build("onecert.jks", "JKS", true);
+        build("onecert.jks", "JKS", false);
+        build("onecert.jceks", "JCEKS", true);
+        build("onecert.jceks", "JCEKS", false);
+        build("onecert.p12", "PKCS12", true);
+        build("onecert.p12", "PKCS12", false);
+
+        // Testing keystores containing a secret key
+
+        SecretKey key = generateSecretKey("AES", 128);
+        init("onekey.jceks", "JCEKS", key);
+        init("onekey.p12", "PKCS12", key);
+
+        load("onekey.jceks", "JCEKS");
+        load("onekey.p12", "PKCS12");
+        load("onekey.p12", "JKS"); // test compatibility mode
+        load("onekey.p12", "JKS", true); // test without compatibility mode
+        load("onekey.p12", "PKCS12", false); // test without compatibility mode
+
+        probe("onekey.jceks", "JCEKS");
+        probe("onekey.p12", "PKCS12");
+
+        build("onekey.jceks", "JCEKS", true);
+        build("onekey.jceks", "JCEKS", false);
+        build("onekey.p12", "PKCS12", true);
+        build("onekey.p12", "PKCS12", false);
+
+        System.out.println("OK.");
+    }
+
+    private static void cleanup() {
+        new File("empty.jks").delete();
+        new File("empty.jceks").delete();
+        new File("empty.p12").delete();
+        new File("onecert.jks").delete();
+        new File("onecert.jceks").delete();
+        new File("onecert.p12").delete();
+        new File("onekey.jceks").delete();
+        new File("onekey.p12").delete();
+    }
+
+    // Instantiate an empty keystore using the supplied keystore type
+    private static void init(String file, String type) throws Exception {
+        KeyStore ks = KeyStore.getInstance(type);
+        ks.load(null, null);
+        try (OutputStream stream = new FileOutputStream(DIR + "/" + file)) {
+            ks.store(stream, PASSWORD);
+        }
+        System.out.println("Created a " + type + " keystore named '" + file + "'");
+    }
+
+    // Instantiate a keystore using the supplied keystore type & create an entry
+    private static void init(String file, String type, X509Certificate cert)
+        throws Exception {
+        KeyStore ks = KeyStore.getInstance(type);
+        ks.load(null, null);
+        ks.setEntry("mycert", new KeyStore.TrustedCertificateEntry(cert), null);
+        try (OutputStream stream = new FileOutputStream(DIR + "/" + file)) {
+            ks.store(stream, PASSWORD);
+        }
+        System.out.println("Created a " + type + " keystore named '" + file + "'");
+    }
+
+    // Instantiate a keystore using the supplied keystore type & create an entry
+    private static void init(String file, String type, SecretKey key)
+        throws Exception {
+        KeyStore ks = KeyStore.getInstance(type);
+        ks.load(null, null);
+        ks.setEntry("mykey", new KeyStore.SecretKeyEntry(key),
+            new PasswordProtection(PASSWORD));
+        try (OutputStream stream = new FileOutputStream(DIR + "/" + file)) {
+            ks.store(stream, PASSWORD);
+        }
+        System.out.println("Created a " + type + " keystore named '" + file + "'");
+    }
+
+    // Instantiate a keystore by probing the supplied file for the keystore type
+    private static void probe(String file, String type) throws Exception {
+        // First try with the correct password
+        KeyStore ks = KeyStore.getInstance(new File(DIR, file), PASSWORD);
+        if (!type.equalsIgnoreCase(ks.getType())) {
+            throw new Exception("ERROR: expected a " + type + " keystore, " +
+                "got a " + ks.getType() + " keystore instead");
+        } else {
+            System.out.println("Probed a " + type + " keystore named '" + file + "'");
+        }
+
+        // Next try with an incorrect password
+        try {
+            ks = KeyStore.getInstance(new File(DIR, file), BAD_PASSWORD);
+            throw new Exception("ERROR: expected an exception but got success");
+        } catch (IOException e) {
+            System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)");
+        }
+    }
+
+    // Instantiate a keystore by probing the supplied file for the keystore type
+    private static void build(String file, String type, boolean usePassword)
+        throws Exception {
+
+        Builder builder;
+        if (usePassword) {
+            builder = Builder.newInstance(new File(DIR, file),
+                new PasswordProtection(PASSWORD));
+        } else {
+            builder = Builder.newInstance(new File(DIR, file),
+                new CallbackHandlerProtection(new DummyHandler()));
+        }
+        KeyStore ks = builder.getKeyStore();
+        if (!type.equalsIgnoreCase(ks.getType())) {
+            throw new Exception("ERROR: expected a " + type + " keystore, " +
+                "got a " + ks.getType() + " keystore instead");
+        } else {
+            System.out.println("Built a " + type + " keystore named '" + file + "'");
+        }
+    }
+
+    // Load the keystore entries
+    private static void load(String file, String type) throws Exception {
+        KeyStore ks = KeyStore.getInstance(type);
+        try (InputStream stream = new FileInputStream(DIR + "/" + file)) {
+            ks.load(stream, PASSWORD);
+        }
+        if (!type.equalsIgnoreCase(ks.getType())) {
+            throw new Exception("ERROR: expected a " + type + " keystore, " +
+                "got a " + ks.getType() + " keystore instead");
+        } else {
+            System.out.println("Loaded a " + type + " keystore named '" + file + "'");
+        }
+    }
+
+    // Load the keystore entries (with compatibility mode disabled)
+    private static void load(String file, String type, boolean expectFailure)
+        throws Exception {
+        Security.setProperty("keystore.type.compat", "false");
+        try {
+            load(file, type);
+            if (expectFailure) {
+                throw new Exception("ERROR: expected load to fail but it didn't");
+            }
+        } catch (IOException e) {
+            if (expectFailure) {
+                System.out.println("Failed to load a " + type + " keystore named '" + file + "' (as expected)");
+            } else {
+                throw e;
+            }
+        } finally {
+            Security.setProperty("keystore.type.compat", "true");
+        }
+    }
+
+    // Read an X.509 certificate from the supplied file
+    private static X509Certificate loadCertificate(String certFile)
+        throws Exception {
+        X509Certificate cert = null;
+        try (FileInputStream certStream =
+            new FileInputStream(DIR + "/" + certFile)) {
+            CertificateFactory factory =
+                CertificateFactory.getInstance("X.509");
+            return (X509Certificate) factory.generateCertificate(certStream);
+        }
+    }
+
+    // Generate a secret key using the supplied algorithm name and key size
+    private static SecretKey generateSecretKey(String algorithm, int size)
+        throws NoSuchAlgorithmException {
+        KeyGenerator generator = KeyGenerator.getInstance(algorithm);
+        generator.init(size);
+        return generator.generateKey();
+    }
+
+    private static class DummyHandler implements CallbackHandler {
+        public void handle(Callback[] callbacks)
+            throws IOException, UnsupportedCallbackException {
+            System.out.println("** Callbackhandler invoked");
+            for (int i = 0; i < callbacks.length; i++) {
+                Callback cb = callbacks[i];
+                if (cb instanceof PasswordCallback) {
+                    PasswordCallback pcb = (PasswordCallback)cb;
+                    pcb.setPassword(PASSWORD);
+                    break;
+                }
+            }
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/KeyStore/trusted.pem	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF5DCCBMygAwIBAgIQGVCD3zqdD1ZMZZ/zLAPnQzANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L3JwYSAoYykxMDE2MDQGA1UEAxMtVmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZl
+ciBDQSAtIEczMB4XDTEyMDcxMDAwMDAwMFoXDTEzMDczMTIzNTk1OVowgbgxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHFA5SZWR3b29kIFNob3JlczEbMBkGA1UEChQS
+T3JhY2xlIENvcnBvcmF0aW9uMRIwEAYDVQQLFAlHbG9iYWwgSVQxMzAxBgNVBAsUKlRlcm1zIG9m
+IHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEVMBMGA1UEAxQMKi5vcmFjbGUuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/dOCGrWzPj62q0ZkF59Oj9Fli4wHAuX
+U4/S0yBXF8j6K7TKWFTQkGZt3+08KUhmLm1CE1DbbyRJT292YNXYXunNaKdABob8kaBO/NESUOEJ
+0SZh7fd0xCSJAAPiwOMrM5jLeb/dEpU6nP74Afrhu5ffvKdcvTRGguj9H2oVsisTK8Z1HsiiwcJG
+JXcrjvdCZoPU4FHvK03XZPAqPHKNSaJOrux6kRIWYjQMlmL+qDOb0nNHa6gBdi+VqqJHJHeAM677
+dcUd0jn2m2OWtUnrM3MJZQof7/z27RTdX5J8np0ChkUgm63biDgRZO7uZP0DARQ0I6lZMlrarT8/
+sct3twIDAQABo4IB4jCCAd4wFwYDVR0RBBAwDoIMKi5vcmFjbGUuY29tMAkGA1UdEwQCMAAwCwYD
+VR0PBAQDAgWgMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6
+Ly93d3cudmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbgYI
+KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQ
+UjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMHIGCCsG
+AQUFBwEBBGYwZDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMDwGCCsGAQUF
+BzAChjBodHRwOi8vc3ZyaW50bC1nMy1haWEudmVyaXNpZ24uY29tL1NWUkludGxHMy5jZXIwQQYD
+VR0fBDowODA2oDSgMoYwaHR0cDovL3N2cmludGwtZzMtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRs
+RzMuY3JsMB8GA1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1MA0GCSqGSIb3DQEBBQUAA4IB
+AQAITRBlEo+qXLwCL53Db2BGnhDgnSomjne8aCmU7Yt4Kp91tzJdhNuaC/wwDuzD2dPJqzemae3s
+wKiOXrmDQZDj9NNTdkrXHnCvDR4TpOynWe3zBa0bwKnV2cIRKcv482yV53u0kALyFZbagYPwOOz3
+YJA/2SqdcDn9Ztc/ABQ1SkyXyA5j4LJdf2g7BtYrFxjy0RG6We2iM781WSB/9MCNKyHgiwd3KpLf
+urdSKLzy1elNAyt1P3UHwBIIvZ6sJIr/eeELc54Lxt6PtQCXx8qwxYTYXWPXbLgKBHdebgrmAbPK
+TfD69wysvjk6vwSHjmvaqB4R4WRcgkuT+1gxx+ve
+-----END CERTIFICATE-----
--- a/jdk/test/java/util/Locale/LocaleProviders.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/Locale/LocaleProviders.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -137,7 +137,7 @@
 
 runTest()
 {
-    RUNCMD="${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -classpath ${TESTCLASSES} -Djava.locale.providers=$PREFLIST LocaleProviders $METHODNAME $PARAM1 $PARAM2 $PARAM3"
+    RUNCMD="${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -classpath ${TESTCLASSES}${PS}${SPICLASSES} -Djava.locale.providers=$PREFLIST LocaleProviders $METHODNAME $PARAM1 $PARAM2 $PARAM3"
     echo ${RUNCMD}
     ${RUNCMD}
     result=$?
@@ -189,6 +189,7 @@
   PARAM2=zh
   PARAM3=CN
 fi
+SPICLASSES=
 runTest
 
 # testing SPI is NOT selected, as there is none.
@@ -197,6 +198,7 @@
 PARAM1=JRE
 PARAM2=en
 PARAM3=US
+SPICLASSES=
 runTest
 
 # testing the order, variaton #1. This assumes en_GB DateFormat data are available both in JRE & CLDR
@@ -205,6 +207,7 @@
 PARAM1=CLDR
 PARAM2=en
 PARAM3=GB
+SPICLASSES=
 runTest
 
 # testing the order, variaton #2. This assumes en_GB DateFormat data are available both in JRE & CLDR
@@ -213,6 +216,7 @@
 PARAM1=JRE
 PARAM2=en
 PARAM3=GB
+SPICLASSES=
 runTest
 
 # testing the order, variaton #3 for non-existent locale in JRE assuming "haw" is not in JRE.
@@ -221,6 +225,7 @@
 PARAM1=CLDR
 PARAM2=haw
 PARAM3=GB
+SPICLASSES=
 runTest
 
 # testing the order, variaton #4 for the bug 7196799. CLDR's "zh" data should be used in "zh_CN"
@@ -229,6 +234,7 @@
 PARAM1=CLDR
 PARAM2=zh
 PARAM3=CN
+SPICLASSES=
 runTest
 
 # testing FALLBACK provider. SPI and invalid one cases.
@@ -237,16 +243,19 @@
 PARAM1=FALLBACK
 PARAM2=en
 PARAM3=US
+SPICLASSES=
 runTest
 PREFLIST=FOO
 PARAM1=JRE
 PARAM2=en
 PARAM3=US
+SPICLASSES=
 runTest
 PREFLIST=BAR,SPI
 PARAM1=FALLBACK
 PARAM2=en
 PARAM3=US
+SPICLASSES=
 runTest
 
 # testing 7198834 fix. Only works on Windows Vista or upper.
@@ -255,22 +264,25 @@
 PARAM1=
 PARAM2=
 PARAM3=
+SPICLASSES=
 runTest
 
 # testing 8000245 fix.
 METHODNAME=tzNameTest
-PREFLIST="JRE -Djava.ext.dirs=${SPIDIR}"
+PREFLIST=JRE
 PARAM1=Europe/Moscow
 PARAM2=
 PARAM3=
+SPICLASSES=${SPIDIR}
 runTest
 
 # testing 8000615 fix.
 METHODNAME=tzNameTest
-PREFLIST="JRE -Djava.ext.dirs=${SPIDIR}"
+PREFLIST=JRE
 PARAM1=America/Los_Angeles
 PARAM2=
 PARAM3=
+SPICLASSES=${SPIDIR}
 runTest
 
 # testing 8001440 fix.
@@ -279,6 +291,7 @@
 PARAM1=
 PARAM2=
 PARAM3=
+SPICLASSES=
 runTest
 
 # testing 8010666 fix.
@@ -289,15 +302,17 @@
   PARAM1=
   PARAM2=
   PARAM3=
+  SPICLASSES=
   runTest
 fi
 
 # testing 8013086 fix.
 METHODNAME=bug8013086Test
-PREFLIST="JRE,SPI -Djava.ext.dirs=${SPIDIR}"
+PREFLIST=JRE,SPI
 PARAM1=ja
 PARAM2=JP
 PARAM3=
+SPICLASSES=${SPIDIR}
 runTest
 
 # testing 8013903 fix. (Windows only)
@@ -306,12 +321,14 @@
 PARAM1=
 PARAM2=
 PARAM3=
+SPICLASSES=
 runTest
 METHODNAME=bug8013903Test
 PREFLIST=HOST
 PARAM1=
 PARAM2=
 PARAM3=
+SPICLASSES=
 runTest
 
 # testing 8027289 fix, if the platform format default is zh_CN
@@ -323,12 +340,14 @@
   PARAM1=FFE5
   PARAM2=
   PARAM3=
+  SPICLASSES=
   runTest
   METHODNAME=bug8027289Test
   PREFLIST=HOST
   PARAM1=00A5
   PARAM2=
   PARAM3=
+  SPICLASSES=
   runTest
 fi
 
--- a/jdk/test/java/util/PluggableLocale/BreakIteratorProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/BreakIteratorProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440
+# @bug 4052440 8062588
 # @summary BreakIteratorProvider tests
-# @run shell ExecTest.sh foo BreakIteratorProviderTest true
+# @run shell ExecTest.sh foo BreakIteratorProviderTest
--- a/jdk/test/java/util/PluggableLocale/CalendarDataProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/CalendarDataProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 7058207 8000986
+# @bug 7058207 8000986 8062588
 # @summary CalendarDataProvider tests
-# @run shell ExecTest.sh bar CalendarDataProviderTest true
+# @run shell ExecTest.sh bar CalendarDataProviderTest
--- a/jdk/test/java/util/PluggableLocale/CalendarNameProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/CalendarNameProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -22,6 +22,6 @@
 #
 
 # @test
-# @bug 8000986
+# @bug 8000986 8062588
 # @summary CalendarNameProvider tests
-# @run shell ExecTest.sh bar CalendarNameProviderTest true
+# @run shell ExecTest.sh bar CalendarNameProviderTest
--- a/jdk/test/java/util/PluggableLocale/ClasspathTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/ClasspathTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -36,13 +36,13 @@
 
     ClasspathTest() {
         /*
-         * Since providers can only be loaded from the extension directory,
-         * this test will fail if they are loaded from classpath.
+         * Since providers can be loaded from the application's classpath,
+         * this test will fail if they are NOT loaded from classpath.
          */
         Locale OSAKA = new Locale("ja", "JP", "osaka");
         List<Locale> availableLocales = Arrays.asList(Locale.getAvailableLocales());
-        if (availableLocales.contains(OSAKA)) {
-            throw new RuntimeException("LSS providers were loaded from the class path.");
+        if (!availableLocales.contains(OSAKA)) {
+            throw new RuntimeException("LSS providers were NOT loaded from the class path.");
         }
     }
 }
--- a/jdk/test/java/util/PluggableLocale/ClasspathTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/ClasspathTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,7 +23,6 @@
 #
 #
 # @test
-# @bug 6388652
-# @summary  Checks whether providers can only be loaded from extension directories, 
-#     not from classpath.
-# @run shell ExecTest.sh bar ClasspathTest false
+# @bug 6388652 8062588
+# @summary  Checks whether providers can be loaded from classpath.
+# @run shell ExecTest.sh bar ClasspathTest
--- a/jdk/test/java/util/PluggableLocale/CollatorProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/CollatorProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440
+# @bug 4052440 8062588 
 # @summary CollatorProvider tests
-# @run shell ExecTest.sh foo CollatorProviderTest true
+# @run shell ExecTest.sh foo CollatorProviderTest
--- a/jdk/test/java/util/PluggableLocale/CurrencyNameProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/CurrencyNameProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 7199750 8000997
+# @bug 4052440 7199750 8000997 8062588
 # @summary CurrencyNameProvider tests
-# @run shell ExecTest.sh bar CurrencyNameProviderTest true
+# @run shell ExecTest.sh bar CurrencyNameProviderTest
--- a/jdk/test/java/util/PluggableLocale/DateFormatProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/DateFormatProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 7003643
+# @bug 4052440 7003643 8062588 
 # @summary DateFormatProvider tests
-# @run shell ExecTest.sh foo DateFormatProviderTest true
+# @run shell ExecTest.sh foo DateFormatProviderTest
--- a/jdk/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 7200341
+# @bug 4052440 7200341 8062588
 # @summary DateFormatSymbolsProvider tests
-# @run shell ExecTest.sh foo DateFormatSymbolsProviderTest true
+# @run shell ExecTest.sh foo DateFormatSymbolsProviderTest
--- a/jdk/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440
+# @bug 4052440 8062588
 # @summary DecimalFormatSymbolsProvider tests
-# @run shell ExecTest.sh foo DecimalFormatSymbolsProviderTest true
+# @run shell ExecTest.sh foo DecimalFormatSymbolsProviderTest
--- a/jdk/test/java/util/PluggableLocale/ExecTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/ExecTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -76,14 +76,6 @@
     ;;
 esac
 
-# set classpath and extension directory variables
-if [ -d ${TESTJAVA}${FS}lib${FS}ext ]
-then
-    EXTDIRS="${TESTJAVA}${FS}lib${FS}ext${PS}${TESTCLASSES}"
-else
-    EXTDIRS="${TESTJAVA}${FS}jre${FS}lib${FS}ext${PS}${TESTCLASSES}"
-fi
-
 case "$1" in
   "foo" )
     cp ${TESTSRC}${FS}fooprovider.jar ${TESTCLASSES}
@@ -122,12 +114,7 @@
 fi
 
 # run
-if [ "$3" = "true" ]
-then
-  RUNCMD="${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -Djava.ext.dirs=${EXTDIRS} $2 "
-else
-  RUNCMD="${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -classpath ${CLASSPATHARG} $2 "
-fi
+RUNCMD="${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -classpath ${CLASSPATHARG} $2 "
 
 echo ${RUNCMD}
 ${RUNCMD}
--- a/jdk/test/java/util/PluggableLocale/GenericTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/GenericTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440
+# @bug 4052440 8062588
 # @summary Generic tests for the pluggable locales feature
-# @run shell ExecTest.sh foobar GenericTest true
+# @run shell ExecTest.sh foobar GenericTest
--- a/jdk/test/java/util/PluggableLocale/LocaleNameProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/LocaleNameProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 8000273
+# @bug 4052440 8000273 8062588
 # @summary LocaleNameProvider tests
-# @run shell ExecTest.sh bar LocaleNameProviderTest true
+# @run shell ExecTest.sh bar LocaleNameProviderTest
--- a/jdk/test/java/util/PluggableLocale/NumberFormatProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/NumberFormatProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 7003643
+# @bug 4052440 7003643 8062588
 # @summary NumberFormatProvider tests
-# @run shell ExecTest.sh foo NumberFormatProviderTest true
+# @run shell ExecTest.sh foo NumberFormatProviderTest
--- a/jdk/test/java/util/PluggableLocale/TimeZoneNameProviderTest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/PluggableLocale/TimeZoneNameProviderTest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -23,6 +23,6 @@
 #
 #
 # @test
-# @bug 4052440 8003267
+# @bug 4052440 8003267 8062588
 # @summary TimeZoneNameProvider tests
-# @run shell ExecTest.sh bar TimeZoneNameProviderTest true
+# @run shell ExecTest.sh bar TimeZoneNameProviderTest
--- a/jdk/test/java/util/ResourceBundle/Bug6299235Test.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/java/util/ResourceBundle/Bug6299235Test.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -55,27 +55,14 @@
   exit 1
 fi
 
-# See if TESTJAVA points to JRE or JDK
-if [ -d "${TESTJAVA}${FILESEP}jre" ]; then
-    JRE_EXT_DIR=${TESTJAVA}${FILESEP}jre${FILESEP}lib${FILESEP}ext
-else
-    JRE_EXT_DIR=${TESTJAVA}${FILESEP}lib${FILESEP}ext
-fi
-
-if [ -d "${JRE_EXT_DIR}" ]; then
-    NEW_EXT_DIR="${JRE_EXT_DIR}${PATHSEP}${TESTSRC}"
-else
-    NEW_EXT_DIR=${TESTSRC}
-fi
-
 echo "TESTJAVA=${TESTJAVA}"
 echo "TESTSRC=${TESTSRC}"
 echo "TESTCLASSES=${TESTCLASSES}"
 echo "NEW_EXT_DIR=${NEW_EXT_DIR}"
 
 cd ${TESTSRC}
-
-${TESTJAVA}/bin/java ${TESTVMOPTS} -cp ${TESTCLASSES} -Djava.ext.dirs=${NEW_EXT_DIR} Bug6299235Test
+echo 
+${TESTJAVA}/bin/java ${TESTVMOPTS} -cp ${TESTCLASSES}${PATHSEP}${TESTSRC}${FILESEP}awtres.jar Bug6299235Test
 
 if [ $? -ne 0 ]
     then
--- a/jdk/test/lib/testlibrary/OutputAnalyzerTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/lib/testlibrary/OutputAnalyzerTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -112,8 +112,10 @@
         }
 
         String stdoutPattern = "[a]";
+        String stdoutByLinePattern = "a*";
         String stderrPattern = "[b]";
         String nonExistingPattern = "[c]";
+        String byLinePattern = "[ab]*";
 
         // Should match
         try {
@@ -148,6 +150,19 @@
             // expected
         }
 
+        if (output.shouldMatchByLine(byLinePattern) != 1) {
+            throw new Exception("shouldMatchByLine() should find one line");
+        }
+        try {
+            output.shouldMatchByLine(nonExistingPattern);
+            throw new Exception("shouldMatchByLine() failed to throw exception");
+        } catch (RuntimeException e) {
+            // expected
+        }
+        if (output.stdoutShouldMatchByLine(stdoutByLinePattern) != 1) {
+            throw new Exception("stdoutShouldMatchByLine() should find one line");
+        }
+
         // Should not match
         try {
             output.shouldNotMatch(nonExistingPattern);
--- a/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java	Tue Dec 23 13:34:20 2014 -0800
@@ -25,13 +25,9 @@
 
 import static jdk.testlibrary.Asserts.*;
 
-import java.io.ByteArrayOutputStream;
-
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -414,8 +410,12 @@
      * @return Contents of the output buffer as list of strings
      */
     public List<String> asLines() {
+        return asLines(getOutput());
+    }
+
+    private List<String> asLines(String buffer) {
         List<String> l = new ArrayList<>();
-        String[] a = getOutput().split(Utils.NEW_LINE);
+        String[] a = buffer.split(Utils.NEW_LINE);
         for (String string : a) {
             l.add(string);
         }
@@ -445,6 +445,13 @@
     }
 
     /**
+     * @see #stdoutShouldMatchByLine(String, String, String)
+     */
+    public int stdoutShouldMatchByLine(String pattern) {
+        return stdoutShouldMatchByLine(null, null, pattern);
+    }
+
+    /**
      * @see #shouldMatchByLine(String, String, String)
      */
     public int shouldMatchByLineFrom(String from, String pattern) {
@@ -474,7 +481,30 @@
      * @return Count of lines which match the {@code pattern}
      */
     public int shouldMatchByLine(String from, String to, String pattern) {
-        List<String> lines = asLines();
+        return shouldMatchByLine(getOutput(), from, to, pattern);
+    }
+
+    /**
+     * Verify that the stdout contents of output buffer matches the
+     * {@code pattern} line by line. The whole stdout could be matched or
+     * just a subset of it.
+     *
+     * @param from
+     *            The line from where stdout will be matched.
+     *            Set {@code from} to null for matching from the first line.
+     * @param to
+     *            The line until where stdout will be matched.
+     *            Set {@code to} to null for matching until the last line.
+     * @param pattern
+     *            Matching pattern
+     * @return Count of lines which match the {@code pattern}
+     */
+    public int stdoutShouldMatchByLine(String from, String to, String pattern) {
+        return shouldMatchByLine(getStdout(), from, to, pattern);
+    }
+
+    private int shouldMatchByLine(String buffer, String from, String to, String pattern) {
+        List<String> lines = asLines(buffer);
 
         int fromIndex = 0;
         if (from != null) {
@@ -500,4 +530,5 @@
 
         return matchedCount;
     }
+
 }
--- a/jdk/test/sun/security/pkcs11/Provider/ConfigShortPath.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/pkcs11/Provider/ConfigShortPath.java	Tue Dec 23 13:34:20 2014 -0800
@@ -22,8 +22,8 @@
  */
 /**
  * @test
- * @bug 6581254 6986789 7196009
- * @summary Allow '~', '+' and quoted paths in config file
+ * @bug 6581254 6986789 7196009 8062170
+ * @summary Allow '~', '+', and quoted paths in config file
  * @author Valerie Peng
  */
 
@@ -34,7 +34,7 @@
 public class ConfigShortPath {
 
     private static final String[] configNames = {
-        "csp.cfg", "cspPlus.cfg", "cspQuotedPath.cfg"
+        "csp.cfg", "cspPlus.cfg", "cspSpace.cfg", "cspQuotedPath.cfg"
     };
 
     public static void main(String[] args) throws Exception {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/Provider/cspSpace.cfg	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,5 @@
+showInfo = false
+name = test
+library = C:\pki DLL\x64\acpkcs211.dll
+
+
--- a/jdk/test/sun/security/tools/jarsigner/DefaultSigalg.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/jarsigner/DefaultSigalg.java	Tue Dec 23 13:34:20 2014 -0800
@@ -74,7 +74,7 @@
         KeyStore ks = KeyStore.getInstance("JKS");
         try (FileInputStream jks = new FileInputStream("jks");
                 JarFile jf = new JarFile("a.jar")) {
-            ks.load(jks, null);
+            ks.load(jks, "changeit".toCharArray());
             for (int i = 0; i<keyalgs.length; i++) {
                 String keyalg = keyalgs[i];
                 // keytool
--- a/jdk/test/sun/security/tools/jarsigner/concise_jarsigner.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/jarsigner/concise_jarsigner.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -47,12 +47,13 @@
 # Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In
 # fact, every keyalg/keysize combination is OK for this test.
 
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore js.jks -keyalg rsa -keysize 1024"
+KS=js.ks
+KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024"
 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
 
-rm js.jks
+rm $KS
 
 echo class A1 {} > A1.java
 echo class A2 {} > A2.java
@@ -73,9 +74,9 @@
 
 # a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3
 $JAR cvf a.jar A1.class A2.class
-$JARSIGNER -keystore js.jks -storepass changeit a.jar a1
+$JARSIGNER -keystore $KS -storepass changeit a.jar a1
 $JAR uvf a.jar A3.class A4.class
-$JARSIGNER -keystore js.jks -storepass changeit a.jar a2
+$JARSIGNER -keystore $KS -storepass changeit a.jar a2
 $JAR uvf a.jar A5.class A6.class
 
 # Verify OK
@@ -87,15 +88,15 @@
 [ $? = 20 ] || exit $LINENO
 
 # 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar -strict -keystore js.jks
+$JARSIGNER -verify a.jar -strict -keystore $KS -storepass changeit
 [ $? = 16 ] || exit $LINENO
 
 # 16(hasUnsignedEntry)+32(notSignedByAlias)
-$JARSIGNER -verify a.jar a1 -strict -keystore js.jks
+$JARSIGNER -verify a.jar a1 -strict -keystore $KS -storepass changeit
 [ $? = 48 ] || exit $LINENO
 
 # 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar a1 a2 -strict -keystore js.jks
+$JARSIGNER -verify a.jar a1 a2 -strict -keystore $KS -storepass changeit
 [ $? = 16 ] || exit $LINENO
 
 # 12 entries all together
@@ -153,25 +154,25 @@
         $KT -importcert -alias badchain
 $KT -delete -alias ca
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expired
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar expired
 [ $? = 4 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar notyetvalid
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar notyetvalid
 [ $? = 4 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badku
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badku
 [ $? = 8 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badeku
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badeku
 [ $? = 8 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodku
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodku
 [ $? = 0 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodeku
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku
 [ $? = 0 ] || exit $LINENO
 
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badchain
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain
 [ $? = 4 ] || exit $LINENO
 
 $JARSIGNER -verify a.jar
@@ -189,11 +190,11 @@
 $KT -delete -alias ca2
 
 # Now altchain is still self-signed
-$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar altchain
+$JARSIGNER -strict -keystore $KS -storepass changeit a.jar altchain
 [ $? = 0 ] || exit $LINENO
 
 # If -certchain is used, then it's bad
-$JARSIGNER -strict -keystore js.jks -storepass changeit -certchain certchain a.jar altchain
+$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
 [ $? = 4 ] || exit $LINENO
 
 $JARSIGNER -verify a.jar
--- a/jdk/test/sun/security/tools/jarsigner/emptymanifest.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/jarsigner/emptymanifest.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,14 +44,14 @@
     ;;
 esac
 
-KS=emptymanifest.jks
+KS=emptymanifest.ks
 JFILE=em.jar
 
 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
 JAVA="$TESTJAVA${FS}bin${FS}java ${TESTVMOPTS}"
 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
+JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
 
 rm $KS $JFILE
 echo A > A
@@ -70,7 +70,7 @@
 
 $KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
 
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a || exit 1
-$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 2
+$JARSIGNER $JFILE a || exit 1
+$JARSIGNER -verify -debug -strict $JFILE || exit 2
 
 exit 0
--- a/jdk/test/sun/security/tools/jarsigner/nameclash.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/jarsigner/nameclash.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014 Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -42,12 +42,12 @@
     ;;
 esac
 
-KS=nc.jks
+KS=nc.ks
 JFILE=nc.jar
 
 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
+JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
 
 rm $KS $JFILE
 
@@ -57,10 +57,10 @@
 echo A > A
 $JAR cvf $JFILE A
 
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA1 || exit 1
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-1 || exit 2
+$JARSIGNER $JFILE a -digestalg SHA1 || exit 1
+$JARSIGNER $JFILE b -digestalg SHA-1 || exit 2
 
-$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
+$JARSIGNER -verify -debug -strict $JFILE || exit 3
 
 exit 0
 
--- a/jdk/test/sun/security/tools/jarsigner/passtype.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/jarsigner/passtype.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
     ;;
 esac
 
-KS=pt.jks
+KS=pt.ks
 JFILE=pt.jar
 
 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore $KS -validity 300 -keyalg rsa"
@@ -62,11 +62,15 @@
 echo A > A
 $JAR cvf $JFILE A
 
+# Sign
 $JARSIGNER -keystore $KS -storepass test12 $JFILE a || exit 4
 PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV $JFILE b || exit 5
 $JARSIGNER -keystore $KS -storepass:file passfile $JFILE b || exit 6
 
-$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 7
+# Verify
+$JARSIGNER -keystore $KS -storepass test12 -verify -debug -strict $JFILE || exit 7
+PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV -verify -debug -strict $JFILE || exit 8
+$JARSIGNER -keystore $KS -storepass:file passfile -verify -debug -strict $JFILE || exit 9
 
 exit 0
 
--- a/jdk/test/sun/security/tools/keytool/KeyToolTest.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/keytool/KeyToolTest.java	Tue Dec 23 13:34:20 2014 -0800
@@ -328,15 +328,15 @@
         // name changes: genkeypair, importcert, exportcert
         remove("x.jks");
         remove("x.jks.p1.cert");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -alias p1 -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -alias p1 -file x.jks.p1.cert");
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(ks.getKey("p1", "changeit".toCharArray()) != null,
             "key not DSA");
         assertTrue(new File("x.jks.p1.cert").exists(), "p1 export err");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias p1");
-        testOK("y\n", "-keystore x.jks -storepass changeit -importcert -alias c1 -file x.jks.p1.cert");  // importcert, prompt for Yes/No
-        testOK("", "-keystore x.jks -storepass changeit -importcert -alias c2 -file x.jks.p1.cert -noprompt"); // importcert, -noprompt
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias p1");
+        testOK("y\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -alias c1 -file x.jks.p1.cert");  // importcert, prompt for Yes/No
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -alias c2 -file x.jks.p1.cert -noprompt"); // importcert, -noprompt
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(ks.getCertificate("c1") != null, "import c1 err");
 
@@ -346,10 +346,10 @@
         assertTrue(certImpl.getVersion() == 3, "Version is not 3");
 
         // changealias and keyclone
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala");
-        testOK("changeit\n", "-keystore x.jks -changealias -alias p1 -destalias p11");
-        testOK("changeit\n", "-keystore x.jks -changealias -alias c1 -destalias c11");
-        testOK("changeit\n\n", "-keystore x.jks -keyclone -alias p11 -destalias p111"); // press ENTER when prompt for p111's keypass
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala");
+        testOK("changeit\n", "-keystore x.jks -storetype JKS -changealias -alias p1 -destalias p11");
+        testOK("changeit\n", "-keystore x.jks -storetype JKS -changealias -alias c1 -destalias c11");
+        testOK("changeit\n\n", "-keystore x.jks -storetype JKS -keyclone -alias p11 -destalias p111"); // press ENTER when prompt for p111's keypass
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(!ks.containsAlias("p1"), "there is no p1");
         assertTrue(!ks.containsAlias("c1"), "there is no c1");
@@ -382,7 +382,7 @@
         assertTrue(!ks.containsAlias("s7"), "s7 not created");
 
         // maybe we needn't test this, one day JKS will support SecretKey
-        //testFail("changeit\nchangeit\n", "-keystore x.jks -genseckey -keyalg AES -alias s3 -keysize 128");
+        //testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS -genseckey -keyalg AES -alias s3 -keysize 128");
 
         // importKeyStore
         remove("x.jks");
@@ -479,9 +479,9 @@
 
         // pkcs12
         remove("x.jks");
-        testFail("changeit\nchangeit\n", "-keystore x.jks -genkeypair -alias p1 -dname CN=olala"); // JKS prompt for keypass
+        testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS -genkeypair -alias p1 -dname CN=olala"); // JKS prompt for keypass
         remove("x.jks");
-        testOK("changeit\nchangeit\n\n", "-keystore x.jks -genkeypair -alias p1 -dname CN=olala"); // just type ENTER means keypass=storepass
+        testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS -genkeypair -alias p1 -dname CN=olala"); // just type ENTER means keypass=storepass
         remove("x.p12");
         testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit -genkeypair -alias p0 -dname CN=olala"); // PKCS12 only need storepass
         testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 -genkeypair -alias p1 -dname CN=olala");
@@ -616,84 +616,84 @@
     void sqeImportTest() throws Exception {
         KeyStore ks;
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert");
-        /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
-        /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("yes\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert");
+        /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
+        /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("yes\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert");
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(ks.containsAlias("mykey"), "imported");
-        /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert");
+        /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert");
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(!ks.containsAlias("mykey"), "imported");
-        testOK("no\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert");
+        testOK("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert");
         ks = loadStore("x.jks", "changeit", "JKS");
         assertTrue(!ks.containsAlias("mykey"), "imported");
-        testFail("no\n", "-keystore x.jks -storepass changeit -importcert -file nonexist");
-        testFail("no\n", "-keystore x.jks -storepass changeit -importcert -file x.jks");
+        testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file nonexist");
+        testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks");
         remove("x.jks");
     }
     // keyclone: exist. nonexist err, cert err, dest exist, misc
     void sqeKeyclonetest() throws Exception {
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass
-        testOK("\n", "-keystore x.jks -storepass changeit -keypass changeit -keyclone -dest p1"); // new pass
-        testOK("\n", "-keystore x.jks -storepass changeit -keyclone -dest p2");
-        testFail("\n", "-keystore x.jks -storepass changeit -keyclone -dest p2");
-        testFail("\n", "-keystore x.jks -storepass changeit -keyclone -dest p3 -alias noexist");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass
+        testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keyclone -dest p1"); // new pass
+        testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2");
+        testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2");
+        testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p3 -alias noexist");
         // no cert
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass
         remove("x.jks");
     }
     // keypasswd: exist, short, nonexist err, cert err, misc
     void sqeKeypasswdTest() throws Exception {
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd -new newpass");
-        /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit");
-        testOK("newpass\nnewpass\n", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd");
-        /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit");
-        testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd");
-        /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit");
-        testOK("", "-keystore x.jks -storepass changeit -keypasswd -new newpass");
-        /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit");
-        testOK("changeit\n", "-keystore x.jks -keypasswd -new newpass");
-        /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit");
-        testFail("", "-keystore x.jks -storepass badpass -keypass changeit -keypasswd -new newpass");
-        testFail("", "-keystore x.jks -storepass changeit -keypass bad -keypasswd -new newpass");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass");
+        /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit");
+        testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd");
+        /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit");
+        testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd");
+        /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass");
+        /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit");
+        testOK("changeit\n", "-keystore x.jks -storetype JKS -keypasswd -new newpass");
+        /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit");
+        testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -keypasswd -new newpass");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass bad -keypasswd -new newpass");
         // no cert
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd -new newpass");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass");
         // diff pass
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -keypass keypass -genkeypair -dname CN=olala");
-        testFail("", "-keystore x.jks -storepass changeit -keypasswd -new newpass");
-        testOK("keypass\n", "-keystore x.jks -storepass changeit -keypasswd -new newpass");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass");
+        testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass");
         // i hate those misc test
         remove("x.jks");
     }
     // list: -f -alias, exist, nonexist err; otherwise, check all shows, -rfc shows more, and misc
     void sqeListTest() throws Exception {
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -list");
-        testOK("", "-keystore x.jks -storepass changeit -list -alias mykey");
-        testFail("", "-keystore x.jks -storepass changeit -list -alias notexist");
-        testFail("", "-keystore x.jks -storepass badpass -list -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -keypass badpass -list -alias mykey");  // keypass ignore
-        testOK("\n", "-keystore x.jks -list");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias mykey");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias notexist");
+        testFail("", "-keystore x.jks -storetype JKS -storepass badpass -list -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badpass -list -alias mykey");  // keypass ignore
+        testOK("\n", "-keystore x.jks -storetype JKS -list");
         assertTrue(err.indexOf("WARNING") != -1, "no storepass");
-        testOK("changeit\n", "-keystore x.jks -list");
+        testOK("changeit\n", "-keystore x.jks -storetype JKS -list");
         assertTrue(err.indexOf("WARNING") == -1, "has storepass");
-        testFail("badpass\n", "-keystore x.jks -list");
+        testFail("badpass\n", "-keystore x.jks -storetype JKS -list");
         // misc
         testFail("", "-keystore aa\\bb//cc -storepass changeit -list");
         testFail("", "-keystore nonexisting -storepass changeit -list");
@@ -703,45 +703,45 @@
     // selfcert: exist, non-exist err, cert err, sig..., dname, wrong keypass, misc
     void sqeSelfCertTest() throws Exception {
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -selfcert");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -alias nonexisting"); // not exist
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -dname CN=NewName");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -sigalg MD5withRSA"); // sig not compatible
-        testFail("", "-keystore x.jks -storepass wrong -keypass changeit -selfcert"); // bad pass
-        testFail("", "-keystore x.jks -storepass changeit -keypass wrong -selfcert"); // bad pass
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -alias nonexisting"); // not exist
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -dname CN=NewName");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -sigalg MD5withRSA"); // sig not compatible
+        testFail("", "-keystore x.jks -storetype JKS -storepass wrong -keypass changeit -selfcert"); // bad pass
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass wrong -selfcert"); // bad pass
         //misc
         testFail("", "-keystore nonexist -storepass changeit -keypass changeit -selfcert");
         testFail("", "-keystore aa//dd\\gg -storepass changeit -keypass changeit -selfcert");
         // diff pass
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass keypass -genkeypair -dname CN=olala");
-        testFail("", "-keystore x.jks -storepass changeit -selfcert");
-        testOK("keypass\n", "-keystore x.jks -storepass changeit -selfcert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert");
+        testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -selfcert");
 
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
-        testFail("", "-keystore x.jks -storepass changeit -selfcert");  // certentry cannot do selfcert
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert");  // certentry cannot do selfcert
         remove("x.jks");
     }
     // storepass: bad old, short new, misc
     void sqeStorepassTest() throws Exception {
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-storepasswd -keystore x.jks -storepass changeit -new newstore"); // all in arg
-        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit");
-        testOK("changeit\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks"); // all not in arg, new twice
-        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit");
-        testOK("changeit\n", "-storepasswd -keystore x.jks -new newstore"); // new in arg
-        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit");
-        testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks -storepass changeit"); // old in arg
-        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit");
-        testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storepass changeit"); // old in arg
-        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit");
-        testFail("", "-storepasswd -keystore x.jks -storepass badold -new newstore"); // bad old
-        testFail("", "-storepasswd -keystore x.jks -storepass changeit -new new"); // short new
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new newstore"); // all in arg
+        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit");
+        testOK("changeit\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS"); // all not in arg, new twice
+        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit");
+        testOK("changeit\n", "-storepasswd -keystore x.jks -storetype JKS -new newstore"); // new in arg
+        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit");
+        testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg
+        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit");
+        testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg
+        /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit");
+        testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass badold -new newstore"); // bad old
+        testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new new"); // short new
         // misc
         testFail("", "-storepasswd -keystore nonexist -storepass changeit -new newstore"); // non exist
         testFail("", "-storepasswd -keystore badkeystore -storepass changeit -new newstore"); // bad file
@@ -752,40 +752,40 @@
     void sqeGenkeyTest() throws Exception {
 
         remove("x.jks");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg DSA -alias n1");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -alias n2");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg NoSuchAlg -alias n3");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 56 -alias n4");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 999 -alias n5");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 512 -alias n6");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024 -alias n7");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -sigalg NoSuchAlg -alias n8");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD2withRSA -alias n9");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD5withRSA -alias n10");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg SHA1withRSA -alias n11");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg DSA -alias n1");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -alias n2");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg NoSuchAlg -alias n3");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 56 -alias n4");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 999 -alias n5");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 512 -alias n6");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024 -alias n7");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -sigalg NoSuchAlg -alias n8");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD2withRSA -alias n9");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD5withRSA -alias n10");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg SHA1withRSA -alias n11");
         testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg NoSuchAlg -alias n12");
         testFail("", "-keystore badkeystore -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias n14");
-        testFail("", "-keystore x.jks -storepass badpass -keypass changeit -genkeypair -dname CN=olala -alias n16");
-        testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CNN=olala -alias n17");
+        testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -genkeypair -dname CN=olala -alias n16");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CNN=olala -alias n17");
         remove("x.jks");
     }
 
     void sqeExportTest() throws Exception {
         remove("x.jks");
-        testFail("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey"); // nonexist
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -import -file mykey.cert -noprompt -alias c1");
-        testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert2 -alias c1");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); // nonexist
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -import -file mykey.cert -noprompt -alias c1");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert2 -alias c1");
         testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -export -file mykey.cert2 -alias c1");
         testFail("", "-keystore nonexistkeystore -storepass changeit -export -file mykey.cert2 -alias c1");
         testFail("", "-keystore badkeystore -storepass changeit -export -file mykey.cert2 -alias c1");
-        testFail("", "-keystore x.jks -storepass badpass -export -file mykey.cert2 -alias c1");
+        testFail("", "-keystore x.jks -storetype JKS -storepass badpass -export -file mykey.cert2 -alias c1");
         remove("mykey.cert");
         remove("mykey.cert2");
         remove("x.jks");
@@ -793,14 +793,14 @@
 
     void sqeDeleteTest() throws Exception {
         remove("x.jks");
-        testFail("", "-keystore x.jks -storepass changeit -delete -alias mykey"); // nonexist
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); // nonexist
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
         testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -delete -alias mykey"); // keystore name illegal
         testFail("", "-keystore nonexistkeystore -storepass changeit -delete -alias mykey"); // keystore not exist
         testFail("", "-keystore badkeystore -storepass changeit -delete -alias mykey"); // keystore invalid
-        testFail("", "-keystore x.jks -storepass xxxxxxxx -delete -alias mykey"); // wrong pass
+        testFail("", "-keystore x.jks -storetype JKS -storepass xxxxxxxx -delete -alias mykey"); // wrong pass
         remove("x.jks");
     }
 
@@ -809,31 +809,31 @@
         remove("x.jks.p1.cert");
         remove("csr1");
         // PrivateKeyEntry can do certreq
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024");
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1");
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA");
-        testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); // unmatched sigalg
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); // unmatched sigalg
         // misc test
-        testFail("", "-keystore x.jks -storepass badstorepass -certreq -file csr1"); // bad storepass
-        testOK("changeit\n", "-keystore x.jks -certreq -file csr1"); // storepass from terminal
-        testFail("\n", "-keystore x.jks -certreq -file csr1"); // must provide storepass
-        testFail("", "-keystore x.jks -storepass changeit -keypass badkeypass -certreq -file csr1"); // bad keypass
-        testFail("", "-keystore x.jks -storepass changeit -certreq -file aa\\bb//cc\\dd");  // bad filepath
+        testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass -certreq -file csr1"); // bad storepass
+        testOK("changeit\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // storepass from terminal
+        testFail("\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // must provide storepass
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badkeypass -certreq -file csr1"); // bad keypass
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file aa\\bb//cc\\dd");  // bad filepath
         testFail("", "-keystore noexistks -storepass changeit -certreq -file csr1"); // non-existing keystore
         // Try the RSA private key
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA");
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1");
-        testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); // unmatched sigalg
-        testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg MD5withRSA");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); // unmatched sigalg
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA");
         // TrustedCertificateEntry cannot do certreq
-        testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert");
-        testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey");
-        testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
-        testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey");
-        testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey");
+        testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1");
         remove("x.jks");
         remove("x.jks.p1.cert");
         remove("csr1");
@@ -842,8 +842,8 @@
     void sqePrintcertTest() throws Exception {
         remove("x.jks");
         remove("mykey.cert");
-        testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
-        testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala");
+        testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey");
         testFail("", "-printcert -file badkeystore");
         testFail("", "-printcert -file a/b/c/d");
         testOK("", "-printcert -file mykey.cert");
@@ -857,7 +857,7 @@
     void v3extTest(String keyAlg) throws Exception {
         KeyStore ks;
         remove("x.jks");
-        String simple = "-keystore x.jks -storepass changeit -keypass changeit -noprompt -keyalg " + keyAlg + " ";
+        String simple = "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -noprompt -keyalg " + keyAlg + " ";
         String pre = simple + "-genkeypair -dname CN=Olala -alias ";
 
         // Version and SKID
@@ -1195,39 +1195,39 @@
         testOK("", "-help");
 
         //   2. keytool -genkey -v -keysize 512 Enter "a" for the keystore password. Check error (password too short). Enter "password" for the keystore password. Hit 'return' for "first and last name", "organizational unit", "City", "State", and "Country Code". Type "yes" when they ask you if everything is correct. Type 'return' for new key password.
-        testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", "-genkey -v -keysize 512 -keystore x.jks");
+        testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", "-genkey -v -keysize 512 -keystore x.jks -storetype JKS");
         //   3. keytool -list -v -storepass password
-        testOK("", "-list -v -storepass password -keystore x.jks");
+        testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS");
         //   4. keytool -list -v Type "a" for the keystore password. Check error (wrong keystore password).
-        testFail("a\n", "-list -v -keystore x.jks");
+        testFail("a\n", "-list -v -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("password was incorrect") != -1);
         //   5. keytool -genkey -v -keysize 512 Enter "password" as the password. Check error (alias 'mykey' already exists).
-        testFail("password\n", "-genkey -v -keysize 512 -keystore x.jks");
+        testFail("password\n", "-genkey -v -keysize 512 -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("alias <mykey> already exists") != -1);
         //   6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password Hit 'return' for "first and last name", "organizational unit", "City", "State", and "Country Code". Type "yes" when they ask you if everything is correct. Type 'return' for new key password.
-        testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2 -storepass password -keystore x.jks");
+        testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2 -storepass password -keystore x.jks -storetype JKS");
         //   7. keytool -list -v Type 'password' for the store password.
-        testOK("password\n", "-list -v -keystore x.jks");
+        testOK("password\n", "-list -v -keystore x.jks -storetype JKS");
         //   8. keytool -keypasswd -v -alias mykey2 -storepass password Type "a" for the new key password. Type "aaaaaa" for the new key password. Type "bbbbbb" when re-entering the new key password. Type "a" for the new key password. Check Error (too many failures).
-        testFail("a\naaaaaa\nbbbbbb\na\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks");
+        testFail("a\naaaaaa\nbbbbbb\na\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("Too many failures - try later") != -1);
         //   9. keytool -keypasswd -v -alias mykey2 -storepass password Type "aaaaaa" for the new key password. Type "aaaaaa" when re-entering the new key password.
-        testOK("aaaaaa\naaaaaa\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks");
+        testOK("aaaaaa\naaaaaa\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks -storetype JKS");
         //  10. keytool -selfcert -v -alias mykey -storepass password
-        testOK("", "-selfcert -v -alias mykey -storepass password -keystore x.jks");
+        testOK("", "-selfcert -v -alias mykey -storepass password -keystore x.jks -storetype JKS");
         //  11. keytool -list -v -storepass password
-        testOK("", "-list -v -storepass password -keystore x.jks");
+        testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS");
         //  12. keytool -export -v -alias mykey -file cert -storepass password
         remove("cert");
-        testOK("", "-export -v -alias mykey -file cert -storepass password -keystore x.jks");
+        testOK("", "-export -v -alias mykey -file cert -storepass password -keystore x.jks -storetype JKS");
         //  13. keytool -import -v -file cert -storepass password Check error (Certificate reply and cert are the same)
-        testFail("", "-import -v -file cert -storepass password -keystore x.jks");
+        testFail("", "-import -v -file cert -storepass password -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("Certificate reply and certificate in keystore are identical") != -1);
         //  14. keytool -printcert -file cert
-        testOK("", "-printcert -file cert -keystore x.jks");
+        testOK("", "-printcert -file cert -keystore x.jks -storetype JKS");
         remove("cert");
         //  15. keytool -list -storepass password -provider sun.security.provider.Sun
-        testOK("", "-list -storepass password -provider sun.security.provider.Sun -keystore x.jks");
+        testOK("", "-list -storepass password -provider sun.security.provider.Sun -keystore x.jks -storetype JKS");
 
         //Error tests
 
@@ -1245,13 +1245,13 @@
         testFail("", "-keypasswd -storetype PKCS11 -keystore NONE");
         assertTrue(ex.indexOf("UnsupportedOperationException") != -1);
         //   5. keytool -list -protected -storepass password Check error (password can not be specified with -protected)
-        testFail("", "-list -protected -storepass password -keystore x.jks");
+        testFail("", "-list -protected -storepass password -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("if -protected is specified, then") != -1);
         //   6. keytool -keypasswd -protected -keypass password Check error (password can not be specified with -protected)
-        testFail("", "-keypasswd -protected -keypass password -keystore x.jks");
+        testFail("", "-keypasswd -protected -keypass password -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("if -protected is specified, then") != -1);
         //   7. keytool -keypasswd -protected -new password Check error (password can not be specified with -protected)
-        testFail("", "-keypasswd -protected -new password -keystore x.jks");
+        testFail("", "-keypasswd -protected -new password -keystore x.jks -storetype JKS");
         assertTrue(ex.indexOf("if -protected is specified, then") != -1);
         remove("x.jks");
     }
--- a/jdk/test/sun/security/tools/keytool/NewSize7.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/keytool/NewSize7.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,7 @@
                 " -keypass changeit -keyalg rsa").split(" "));
         KeyStore ks = KeyStore.getInstance("JKS");
         try (FileInputStream fin = new FileInputStream(FILE)) {
-            ks.load(fin, null);
+            ks.load(fin, "changeit".toCharArray());
         }
         Files.delete(Paths.get(FILE));
         RSAPublicKey r = (RSAPublicKey)ks.getCertificate("a").getPublicKey();
--- a/jdk/test/sun/security/tools/keytool/selfissued.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/security/tools/keytool/selfissued.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,14 +44,14 @@
     ;;
 esac
 
-KS=selfsigned.jks
+KS=selfsigned.ks
 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
 
 rm $KS
 
 $KT -alias ca -dname CN=CA -genkeypair
-$KT -alias ca1 -dname CN=CA -genkeypair
-$KT -alias ca2 -dname CN=CA -genkeypair
+$KT -alias ca1 -dname CN=CA1 -genkeypair
+$KT -alias ca2 -dname CN=CA2 -genkeypair
 $KT -alias e1 -dname CN=E1 -genkeypair
 
 # ca signs ca1, ca1 signs ca2, all self-issued
--- a/jdk/test/sun/tools/jps/JpsHelper.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/tools/jps/JpsHelper.java	Tue Dec 23 13:34:20 2014 -0800
@@ -168,10 +168,8 @@
     }
 
     /**
-     * Verify jps output contains pids and programs' name information.
-     * The function will discard any lines that come before the first line with pid.
-     * This can happen if the JVM outputs a warning message for some reason
-     * before running jps.
+     * Verify jps stdout contains only pids and programs' name information.
+     * jps stderr may contain VM warning messages which will be ignored.
      *
      * The output can look like:
      * 35536 Jps
@@ -180,8 +178,10 @@
      */
     public static void verifyJpsOutput(OutputAnalyzer output, String regex) throws Exception {
         output.shouldHaveExitValue(0);
-        int matchedCount = output.shouldMatchByLineFrom(regex, regex);
+        int matchedCount = output.stdoutShouldMatchByLine(regex);
         assertGreaterThan(matchedCount , 0, "Found no lines matching pattern: " + regex);
+        output.stderrShouldNotMatch("[E|e]xception");
+        output.stderrShouldNotMatch("[E|e]rror");
     }
 
     /**
--- a/jdk/test/sun/tools/jstat/jstatHelp.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/tools/jstat/jstatHelp.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -22,9 +22,9 @@
 #
 
 # @test
-# @bug 4990825
+# @bug 4990825 6364329
 # @run shell jstatHelp.sh
-# @summary Test that output of 'jstat -?' matches the usage.out file
+# @summary Test that output of 'jstat -?', 'jstat -help' and 'jstat' matches the usage.out file
 
 . ${TESTSRC-.}/../../jvmstat/testlibrary/utils.sh
 
@@ -38,7 +38,7 @@
 diff -w jstat.out ${TESTSRC}/usage.out
 if [ $? != 0 ]
 then
-  echo "Output of jstat -? differ from expected output. Failed."
+  echo "Output of jstat -? differs from expected output. Failed."
   exit 1
 fi
 
@@ -48,7 +48,17 @@
 diff -w jstat.out ${TESTSRC}/usage.out
 if [ $? != 0 ]
 then
-  echo "Output of jstat -help differ from expected output. Failed."
+  echo "Output of jstat -help differs from expected output. Failed."
+  exit 1
+fi
+
+rm -f jstat.out 2>/dev/null
+${JSTAT} -J-XX:+UsePerfData > jstat.out 2>&1
+
+diff -w jstat.out ${TESTSRC}/usage.out
+if [ $? != 0 ]
+then
+  echo "Output of jstat differs from expected output. Failed."
   exit 1
 fi
 
--- a/jdk/test/sun/tools/native2ascii/Native2AsciiTests.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/tools/native2ascii/Native2AsciiTests.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -24,7 +24,7 @@
 #
 
 # @test
-# @bug 4630463 4630971 4636448 4701617 4721296 4710890 6247817 7021987
+# @bug 4630463 4630971 4636448 4701617 4721296 4710890 6247817 7021987 8067964
 # @summary Tests miscellaneous native2ascii bugfixes and regressions
 
 
--- a/jdk/test/sun/util/calendar/zi/Rule.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/sun/util/calendar/zi/Rule.java	Tue Dec 23 13:34:20 2014 -0800
@@ -126,6 +126,14 @@
             });
         rules.clear();
         for (int i = 0; i < n; i++) {
+            if (i != 0 && recs[i -1].getSave() == recs[i].getSave()) {
+                // we have two recs back to back with same saving for the same year.
+                if (recs[i].isLastRule()) {
+                    continue;
+                } else if (recs[i - 1].isLastRule()) {
+                    rules.remove(rules.size() - 1);
+                }
+            }
             rules.add(recs[i]);
         }
         return rules;
--- a/jdk/test/tools/jar/JarEntryTime.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/jar/JarEntryTime.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,9 +51,6 @@
 
     static void extractJar(File jarFile, boolean useExtractionTime) throws Throwable {
         String javahome = System.getProperty("java.home");
-        if (javahome.endsWith("jre")) {
-            javahome = javahome.substring(0, javahome.length() - 4);
-        }
         String jarcmd = javahome + File.separator + "bin" + File.separator + "jar";
         String[] args;
         if (useExtractionTime) {
--- a/jdk/test/tools/launcher/ExecutionEnvironment.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/launcher/ExecutionEnvironment.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
  *            a. if LD_LIBRARY_PATH64 is set it will override LD_LIBRARY_PATH
  *            b. LD_LIBRARY_PATH32 is ignored if set
  *   5. no extra symlink exists on Solaris ie.
- *      jre/lib/$arch/libjvm.so -> client/libjvm.so
+ *      lib/$arch/libjvm.so -> client/libjvm.so
  * TODO:
  *      a. perhaps we need to add a test to audit all environment variables are
  *         in pristine condition after the launch, there may be a few that the
@@ -267,7 +267,7 @@
         }
 
         File symLink = null;
-        String libPathPrefix = isSDK ? "jre/lib" : "/lib";
+        String libPathPrefix = "/lib";
         symLink = new File(JAVAHOME, libPathPrefix +
                 getJreArch() + "/" + LIBJVM);
         if (symLink.exists()) {
--- a/jdk/test/tools/launcher/MultipleJRE.sh	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/launcher/MultipleJRE.sh	Tue Dec 23 13:34:20 2014 -0800
@@ -1,15 +1,14 @@
 #!/bin/sh
 # @test MultipleJRE.sh
-# @bug 4811102 4953711 4955505 4956301 4991229 4998210 5018605 6387069 6733959
+# @bug 4811102 4953711 4955505 4956301 4991229 4998210 5018605 6387069 6733959 8058407 8067421
 # @build PrintVersion
 # @build UglyPrintVersion
 # @build ZipMeUp
 # @run shell MultipleJRE.sh
 # @summary Verify Multiple JRE version support has been removed
 # @author Joseph E. Kowalski
-
 #
-# Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -91,6 +90,36 @@
 }
 
 #
+# Shell routine to ensure help page does not include mjre options
+#
+TestHelp() {
+    mess="`$JAVA -help 2>&1`"
+    # make sure it worked
+    if [ $? -ne 0 ]; then
+        echo "java -help failed ????"
+        exit 1
+    fi
+
+    echo $mess | grep '\-version:<value>' > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+       echo "help message contains obsolete option version:<value>"
+       exit 1
+    fi
+
+    echo $mess | grep '\-jre-restrict-search' > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+       echo "help message contains obsolete option jre-restrict-search"
+       exit 1
+    fi
+
+    echo $mess | grep '\-no-jre-restrict-search' > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+       echo "help message contains obsolete option no-jre-restrict-search"
+       exit 1
+    fi
+}
+
+#
 # Just as the name says.  We sprinkle these in the appropriate location
 # in the test file system and they just say who they are pretending to be.
 #
@@ -457,7 +486,8 @@
 	LaunchVM "" "${RELEASE}"
         # Going to silently ignore JRE-Version setting in jar file manifest
 	#LaunchVM "" "warning: The jarfile JRE-Version"
-	
+
+	# Verify help does not contain obsolete options
+	TestHelp
 
 exit 0
-
--- a/jdk/test/tools/launcher/PrintVersion.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/launcher/PrintVersion.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,9 @@
  * This stub simply prints out the java version string. It is used
  * by MultipleJRE.sh.
  */
-import sun.misc.Version;
 
 public class PrintVersion {
-
-        public static void main(String argv[]) {
-                Version.print();
-        }
-
+    public static void main(String argv[]) {
+        System.out.println(System.getProperty("java.version"));
+    }
 }
--- a/jdk/test/tools/launcher/TestHelper.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/launcher/TestHelper.java	Tue Dec 23 13:34:20 2014 -0800
@@ -67,10 +67,7 @@
 
     static final String JAVAHOME = System.getProperty("java.home");
     static final String JAVA_BIN;
-    static final String JAVA_JRE_BIN;
     static final String JAVA_LIB;
-    static final String JAVA_JRE_LIB;
-    static final boolean isSDK = JAVAHOME.endsWith("jre");
     static final String javaCmd;
     static final String javawCmd;
     static final String javacCmd;
@@ -135,17 +132,10 @@
         }
         compiler = ToolProvider.getSystemJavaCompiler();
 
-        File binDir = (isSDK)
-                ? new File((new File(JAVAHOME)).getParentFile(), "bin")
-                : new File(JAVAHOME, "bin");
+        File binDir = new File(JAVAHOME, "bin");
         JAVA_BIN = binDir.getAbsolutePath();
-        JAVA_JRE_BIN = new File(JAVAHOME, "bin").getAbsolutePath();
-
-        File libDir = (isSDK)
-                ? new File((new File(JAVAHOME)).getParentFile(), "lib")
-                : new File(JAVAHOME, "lib");
+        File libDir = new File(JAVAHOME, "lib");
         JAVA_LIB = libDir.getAbsolutePath();
-        JAVA_JRE_LIB = new File(JAVAHOME, "lib").getAbsolutePath();
 
         File javaCmdFile = (isWindows)
                 ? new File(binDir, "java.exe")
@@ -191,11 +181,11 @@
     }
     private static boolean haveVmVariant(String type) {
         if (isWindows) {
-            File vmDir = new File(JAVA_JRE_BIN, type);
+            File vmDir = new File(JAVA_BIN, type);
             File jvmFile = new File(vmDir, LIBJVM);
             return jvmFile.exists();
         } else {
-            File vmDir = new File(JAVA_JRE_LIB, type);
+            File vmDir = new File(JAVA_LIB, type);
             File vmArchDir = new File(vmDir, getJreArch());
             File jvmFile = new File(vmArchDir, LIBJVM);
             return jvmFile.exists();
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/tools/launcher/TooSmallStackSize.java	Tue Dec 23 13:34:20 2014 -0800
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6762191
+ * @summary Setting stack size to 16K causes segmentation fault
+ * @compile TooSmallStackSize.java
+ * @run main TooSmallStackSize
+ */
+
+/*
+ * The primary purpose of this test is to make sure we can run with a 16k stack
+ * size without crashing. Also this test will determine the minimum allowed
+ * stack size for the platform (as provided by the JVM error message when a very
+ * small stack is used), and then verify that the JVM can be launched with that stack
+ * size without a crash or any error messages.
+ */
+
+public class TooSmallStackSize extends TestHelper {
+    /* for debugging. Normally false. */
+    static final boolean verbose = false;
+
+    static void printTestOutput(TestResult tr) {
+        System.out.println("*** exitValue = " + tr.exitValue);
+        for (String x : tr.testOutput) {
+            System.out.println(x);
+        }
+    }
+
+    /*
+     * Returns the minimum stack size this platform will allowed based on the
+     * contents of the error message the JVM outputs when too small of a
+     * -Xss size was used.
+     *
+     * The TestResult argument must contain the result of having already run
+     * the JVM with too small of a stack size.
+     */
+    static String getMinStackAllowed(TestResult tr) {
+        /*
+         * The JVM output will contain in one of the lines:
+         *   "The stack size specified is too small, Specify at least 100k"
+         * Although the actual size will vary. We need to extract this size
+         * string from the output and return it.
+         */
+        String matchStr = "Specify at least ";
+        for (String x : tr.testOutput) {
+            int match_idx = x.indexOf(matchStr);
+            if (match_idx >= 0) {
+                int size_start_idx = match_idx + matchStr.length();
+                int k_start_idx = x.indexOf("k", size_start_idx);
+                return x.substring(size_start_idx, k_start_idx + 1); // include the "k"
+            }
+        }
+
+        System.out.println("FAILED: Could not get the stack size from the output");
+        throw new RuntimeException("test fails");
+    }
+
+    /*
+     * Run the JVM with the specified stack size.
+     *
+     * Returns the minimum allowed stack size gleaned from the error message,
+     * if there is an error message. Otherwise returns the stack size passed in.
+     */
+    static String checkStack(String stackSize) {
+        String min_stack_allowed;
+        TestResult tr;
+
+        if (verbose)
+            System.out.println("*** Testing " + stackSize);
+        tr = doExec(javaCmd, "-Xss" + stackSize, "-version");
+        if (verbose)
+            printTestOutput(tr);
+
+        if (tr.isOK()) {
+            System.out.println("PASSED: got no error message with stack size of " + stackSize);
+            min_stack_allowed = stackSize;
+        } else {
+            if (tr.contains("The stack size specified is too small")) {
+                System.out.println("PASSED: got expected error message with stack size of " + stackSize);
+                min_stack_allowed = getMinStackAllowed(tr);
+            } else {
+                // Likely a crash
+                System.out.println("FAILED: Did not get expected error message with stack size of " + stackSize);
+                throw new RuntimeException("test fails");
+            }
+        }
+
+        return min_stack_allowed;
+    }
+
+    /*
+     * Run the JVM with the minimum allowed stack size. This should always succeed.
+     */
+    static void checkMinStackAllowed(String stackSize) {
+        TestResult tr = null;
+
+        if (verbose)
+            System.out.println("*** Testing " + stackSize);
+        tr = doExec(javaCmd, "-Xss" + stackSize, "-version");
+        if (verbose)
+            printTestOutput(tr);
+
+        if (tr.isOK()) {
+            System.out.println("PASSED: VM launched with minimum allowed stack size of " + stackSize);
+        } else {
+            // Likely a crash
+            System.out.println("FAILED: VM failed to launch with minimum allowed stack size of " + stackSize);
+            throw new RuntimeException("test fails");
+        }
+    }
+
+    public static void main(String... args) {
+        /*
+         * The result of a 16k stack size should be a quick exit with a complaint
+         * that the stack size is too small. However, for some win32 builds, the
+         * stack is always at least 64k, and this also sometimes is the minimum
+         * allowed size, so we won't see an error in this case.
+         *
+         * This test case will also produce a crash on some platforms if the fix
+         * for 6762191 is not yet in place.
+         */
+        checkStack("16k");
+
+        /*
+         * Try with a 32k stack size, which is the size that the launcher will
+         * set to if you try setting to anything smaller. This should produce the same
+         * result as setting to 16k if the fix for 6762191 is in place.
+         */
+        String min_stack_allowed = checkStack("32k");
+
+        /*
+         * Try again with a the minimum stack size that was given in the error message
+         */
+        checkMinStackAllowed(min_stack_allowed);
+    }
+}
--- a/jdk/test/tools/launcher/UglyPrintVersion.java	Wed Dec 17 17:56:11 2014 +0300
+++ b/jdk/test/tools/launcher/UglyPrintVersion.java	Tue Dec 23 13:34:20 2014 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,12 +30,8 @@
  */
 package reallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallylongpackagename;
 
-import sun.misc.Version;
-
 public class UglyPrintVersion {
-
-        public static void main(String argv[]) {
-                Version.print();
-        }
-
+    public static void main(String argv[]) {
+        System.out.println(System.getProperty("java.version"));
+    }
 }