changeset 5099:d68e2a1744bd

Merge
author michaelm
date Fri, 22 Jun 2012 10:20:20 +0100
parents dce05a523e0e 6460dac7a299
children b521e3a5b843
files
diffstat 30 files changed, 405 insertions(+), 189 deletions(-) [+]
line wrap: on
line diff
--- a/make/common/Defs-embedded.gmk	Fri Jun 22 10:19:40 2012 +0100
+++ b/make/common/Defs-embedded.gmk	Fri Jun 22 10:20:20 2012 +0100
@@ -42,7 +42,7 @@
 OTHER_CPPFLAGS += -DJAVASE_EMBEDDED
 
 # Product naming
-PRODUCT_SUFFIX = SE Runtime Environment for Embedded
+PRODUCT_SUFFIX = SE Embedded Runtime Environment
 RUNTIME_NAME = $(PRODUCT_NAME) $(PRODUCT_SUFFIX)
 
 # Reduced JRE locations
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_de.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_de.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic={0} kann nicht umbenannt werden
 FileChooser.renameErrorFileExists.textAndMnemonic={0} kann nicht umbenannt werden: Es ist bereits eine Datei mit dem angegebenen Namen vorhanden. Geben Sie einen anderen Dateinamen an.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Alle Dateien
-FileChooser.cancelButton.textAndMnemonic=&Abbrechen
+FileChooser.cancelButton.textAndMnemonic=Abbrechen
 FileChooser.saveButton.textAndMnemonic=&Speichern
 FileChooser.openButton.textAndMnemonic=\u00D6ffnen(&F)
 FileChooser.saveDialogTitle.textAndMnemonic=Speichern
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_es.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_es.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=No se puede cambiar el nombre de {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=No se puede cambiar el nombre de {0}: ya existe un archivo con el nombre especificado. Especifique otro nombre de archivo.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Todos los Archivos
-FileChooser.cancelButton.textAndMnemonic=&Cancelar
+FileChooser.cancelButton.textAndMnemonic=Cancelar
 FileChooser.saveButton.textAndMnemonic=&Guardar
 FileChooser.openButton.textAndMnemonic=A&brir
 FileChooser.saveDialogTitle.textAndMnemonic=Guardar
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_fr.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_fr.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=Impossible de renommer {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=Impossible de renommer {0} : il existe d\u00E9j\u00E0 un fichier portant le nom indiqu\u00E9. Indiquez-en un autre.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Tous les fichiers
-FileChooser.cancelButton.textAndMnemonic=&Annuler
+FileChooser.cancelButton.textAndMnemonic=Annuler
 FileChooser.saveButton.textAndMnemonic=Enregi&strer
 FileChooser.openButton.textAndMnemonic=&Ouvrir
 FileChooser.saveDialogTitle.textAndMnemonic=Enregistrer
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_it.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_it.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=Impossibile rinominare {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=Impossibile rinominare {0}: esiste gi\u00E0 un file con il nome specificato. Specificare un altro nome.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Tutti i file
-FileChooser.cancelButton.textAndMnemonic=&Annulla
+FileChooser.cancelButton.textAndMnemonic=Annulla
 FileChooser.saveButton.textAndMnemonic=Sal&va
 FileChooser.openButton.textAndMnemonic=A&pri
 FileChooser.saveDialogTitle.textAndMnemonic=Salva
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ja.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ja.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic={0}\u306E\u540D\u524D\u3092\u5909\u66F4\u3067\u304D\u307E\u305B\u3093
 FileChooser.renameErrorFileExists.textAndMnemonic={0}\u306E\u540D\u524D\u3092\u5909\u66F4\u3067\u304D\u307E\u305B\u3093: \u6307\u5B9A\u3057\u305F\u540D\u524D\u306E\u30D5\u30A1\u30A4\u30EB\u306F\u3059\u3067\u306B\u5B58\u5728\u3057\u307E\u3059\u3002\u5225\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 FileChooser.acceptAllFileFilter.textAndMnemonic=\u3059\u3079\u3066\u306E\u30D5\u30A1\u30A4\u30EB
-FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88(&C)
+FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88
 FileChooser.saveButton.textAndMnemonic=\u4FDD\u5B58(&S)
 FileChooser.openButton.textAndMnemonic=\u958B\u304F(&O)
 FileChooser.saveDialogTitle.textAndMnemonic=\u4FDD\u5B58
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic={0}\uC758 \uC774\uB984\uC744 \uBC14\uAFC0 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
 FileChooser.renameErrorFileExists.textAndMnemonic={0}\uC758 \uC774\uB984\uC744 \uBC14\uAFC0 \uC218 \uC5C6\uC74C: \uC9C0\uC815\uD55C \uC774\uB984\uC744 \uC0AC\uC6A9\uD558\uB294 \uD30C\uC77C\uC774 \uC874\uC7AC\uD569\uB2C8\uB2E4. \uB2E4\uB978 \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD558\uC2ED\uC2DC\uC624.
 FileChooser.acceptAllFileFilter.textAndMnemonic=\uBAA8\uB4E0 \uD30C\uC77C
-FileChooser.cancelButton.textAndMnemonic=\uCDE8\uC18C(&C)
+FileChooser.cancelButton.textAndMnemonic=\uCDE8\uC18C
 FileChooser.saveButton.textAndMnemonic=\uC800\uC7A5(&S)
 FileChooser.openButton.textAndMnemonic=\uC5F4\uAE30(&O)
 FileChooser.saveDialogTitle.textAndMnemonic=\uC800\uC7A5
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_pt_BR.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_pt_BR.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=N\u00E3o \u00E9 poss\u00EDvel renomear {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=N\u00E3o \u00E9 poss\u00EDvel renomear {0}: Um arquivo com o nome especificado j\u00E1 existe. Especifique outro nome de arquivo.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Todos os Arquivos
-FileChooser.cancelButton.textAndMnemonic=&Cancelar
+FileChooser.cancelButton.textAndMnemonic=Cancelar
 FileChooser.saveButton.textAndMnemonic=&Salvar
 FileChooser.openButton.textAndMnemonic=A&brir
 FileChooser.saveDialogTitle.textAndMnemonic=Salvar
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_sv.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_sv.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=Kan inte namn\u00E4ndra {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=Kan inte namn\u00E4ndra {0}: En fil med angivet namn finns redan. Ange ett annat filnamn.
 FileChooser.acceptAllFileFilter.textAndMnemonic=Alla filer
-FileChooser.cancelButton.textAndMnemonic=&Avbryt
+FileChooser.cancelButton.textAndMnemonic=Avbryt
 FileChooser.saveButton.textAndMnemonic=&Spara
 FileChooser.openButton.textAndMnemonic=\u00D6ppna(&P)
 FileChooser.saveDialogTitle.textAndMnemonic=Spara
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_zh_CN.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_zh_CN.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=\u65E0\u6CD5\u91CD\u547D\u540D{0}
 FileChooser.renameErrorFileExists.textAndMnemonic=\u65E0\u6CD5\u91CD\u547D\u540D{0}: \u5DF2\u5B58\u5728\u5177\u6709\u6240\u6307\u5B9A\u540D\u79F0\u7684\u6587\u4EF6\u3002\u8BF7\u6307\u5B9A\u5176\u4ED6\u6587\u4EF6\u540D\u3002
 FileChooser.acceptAllFileFilter.textAndMnemonic=\u6240\u6709\u6587\u4EF6
-FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88(&C)
+FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88
 FileChooser.saveButton.textAndMnemonic=\u4FDD\u5B58(&S)
 FileChooser.openButton.textAndMnemonic=\u6253\u5F00(&O)
 FileChooser.saveDialogTitle.textAndMnemonic=\u4FDD\u5B58
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_zh_TW.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_zh_TW.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -41,7 +41,7 @@
 FileChooser.renameError.textAndMnemonic=\u7121\u6CD5\u91CD\u65B0\u547D\u540D {0}
 FileChooser.renameErrorFileExists.textAndMnemonic=\u7121\u6CD5\u91CD\u65B0\u547D\u540D {0}: \u5DF2\u7D93\u5B58\u5728\u60A8\u6240\u6307\u5B9A\u540D\u7A31\u7684\u6A94\u6848\u3002\u8ACB\u6307\u5B9A\u4E0D\u540C\u7684\u540D\u7A31\u3002
 FileChooser.acceptAllFileFilter.textAndMnemonic=\u6240\u6709\u6A94\u6848
-FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88(&C)
+FileChooser.cancelButton.textAndMnemonic=\u53D6\u6D88
 FileChooser.saveButton.textAndMnemonic=\u5132\u5B58(&S)
 FileChooser.openButton.textAndMnemonic=\u958B\u555F(&O)
 FileChooser.saveDialogTitle.textAndMnemonic=\u5132\u5B58
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Type
 FileChooser.fileDateHeader.textAndMnemonic=Modified
 FileChooser.fileAttrHeader.textAndMnemonic=Attributes
+FileChooser.saveButton.textAndMnemonic=Save
+FileChooser.openButton.textAndMnemonic=Open
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Restore
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_de.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_de.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Typ
 FileChooser.fileDateHeader.textAndMnemonic=Ge\u00E4ndert
 FileChooser.fileAttrHeader.textAndMnemonic=Attribute
+FileChooser.saveButton.textAndMnemonic=Speichern
+FileChooser.openButton.textAndMnemonic=\u00D6ffnen
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Wiederherstellen
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_es.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_es.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Tipo
 FileChooser.fileDateHeader.textAndMnemonic=Modificado
 FileChooser.fileAttrHeader.textAndMnemonic=Atributos
+FileChooser.saveButton.textAndMnemonic=Guardar
+FileChooser.openButton.textAndMnemonic=Abrir
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Restaurar
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_fr.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_fr.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Type
 FileChooser.fileDateHeader.textAndMnemonic=Modifi\u00E9
 FileChooser.fileAttrHeader.textAndMnemonic=Attributs
+FileChooser.saveButton.textAndMnemonic=Enregistrer
+FileChooser.openButton.textAndMnemonic=Ouvrir
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Restaurer
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_it.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_it.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Tipo
 FileChooser.fileDateHeader.textAndMnemonic=Modificato
 FileChooser.fileAttrHeader.textAndMnemonic=Attributi
+FileChooser.saveButton.textAndMnemonic=Salva
+FileChooser.openButton.textAndMnemonic=Apri
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Ripristina
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ja.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ja.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=\u30BF\u30A4\u30D7
 FileChooser.fileDateHeader.textAndMnemonic=\u4FEE\u6B63\u65E5
 FileChooser.fileAttrHeader.textAndMnemonic=\u5C5E\u6027
+FileChooser.saveButton.textAndMnemonic=\u4FDD\u5B58
+FileChooser.openButton.textAndMnemonic=\u958B\u304F
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=\u5FA9\u5143(&R)
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=\uC720\uD615
 FileChooser.fileDateHeader.textAndMnemonic=\uC218\uC815 \uB0A0\uC9DC
 FileChooser.fileAttrHeader.textAndMnemonic=\uC18D\uC131
+FileChooser.saveButton.textAndMnemonic=\uC800\uC7A5
+FileChooser.openButton.textAndMnemonic=\uC5F4\uAE30
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=\uBCF5\uC6D0(&R)
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_pt_BR.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_pt_BR.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Tipo
 FileChooser.fileDateHeader.textAndMnemonic=Modificado
 FileChooser.fileAttrHeader.textAndMnemonic=Atributos
+FileChooser.saveButton.textAndMnemonic=Salvar
+FileChooser.openButton.textAndMnemonic=Abrir
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=&Restaurar
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_sv.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_sv.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=Typ
 FileChooser.fileDateHeader.textAndMnemonic=\u00C4ndrad
 FileChooser.fileAttrHeader.textAndMnemonic=Attribut
+FileChooser.saveButton.textAndMnemonic=Spara
+FileChooser.openButton.textAndMnemonic=\u00D6ppna
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=\u00C5terst\u00E4ll(&R)
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_zh_CN.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_zh_CN.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=\u7C7B\u578B
 FileChooser.fileDateHeader.textAndMnemonic=\u4FEE\u6539\u65E5\u671F
 FileChooser.fileAttrHeader.textAndMnemonic=\u5C5E\u6027
+FileChooser.saveButton.textAndMnemonic=\u4FDD\u5B58
+FileChooser.openButton.textAndMnemonic=\u6253\u5F00
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=\u8FD8\u539F(&R)
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_zh_TW.properties	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_zh_TW.properties	Fri Jun 22 10:20:20 2012 +0100
@@ -43,6 +43,8 @@
 FileChooser.fileTypeHeader.textAndMnemonic=\u985E\u578B
 FileChooser.fileDateHeader.textAndMnemonic=\u4FEE\u6539\u65E5\u671F
 FileChooser.fileAttrHeader.textAndMnemonic=\u5C6C\u6027
+FileChooser.saveButton.textAndMnemonic=\u5132\u5B58
+FileChooser.openButton.textAndMnemonic=\u958B\u555F
 
 ############ Used by MetalTitlePane if rendering window decorations############
 MetalTitlePane.restore.titleAndMnemonic=\u56DE\u5FA9(&R)
--- a/src/share/classes/sun/font/SunLayoutEngine.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/font/SunLayoutEngine.java	Fri Jun 22 10:20:20 2012 +0100
@@ -33,7 +33,7 @@
 import sun.font.GlyphLayout.*;
 import java.awt.geom.Point2D;
 import java.lang.ref.SoftReference;
-import java.util.HashMap;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.Locale;
 
 /*
@@ -129,9 +129,9 @@
 
   // !!! don't need this unless we have more than one sun layout engine...
     public LayoutEngine getEngine(LayoutEngineKey key) {
-        HashMap cache = (HashMap)cacheref.get();
+        ConcurrentHashMap cache = (ConcurrentHashMap)cacheref.get();
         if (cache == null) {
-            cache = new HashMap();
+            cache = new ConcurrentHashMap();
             cacheref = new SoftReference(cache);
         }
 
--- a/src/share/classes/sun/security/provider/certpath/OCSP.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/security/provider/certpath/OCSP.java	Fri Jun 22 10:20:20 2012 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,7 +84,7 @@
      */
     public static RevocationStatus check(X509Certificate cert,
         X509Certificate issuerCert)
-        throws IOException, CertPathValidatorException {
+            throws IOException, CertPathValidatorException {
         CertId certId = null;
         URI responderURI = null;
         try {
@@ -103,7 +103,7 @@
                 ("Exception while encoding OCSPRequest", ioe);
         }
         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
-            responderURI, issuerCert, null);
+            responderURI, Collections.singletonList(issuerCert), null);
         return (RevocationStatus) ocspResponse.getSingleResponse(certId);
     }
 
@@ -123,9 +123,34 @@
      *    encoding the OCSP Request or validating the OCSP Response
      */
     public static RevocationStatus check(X509Certificate cert,
-        X509Certificate issuerCert, URI responderURI, X509Certificate
-        responderCert, Date date)
-        throws IOException, CertPathValidatorException {
+        X509Certificate issuerCert, URI responderURI,
+        X509Certificate responderCert, Date date)
+            throws IOException, CertPathValidatorException {
+
+        return check(cert, issuerCert, responderURI,
+            Collections.singletonList(responderCert), date);
+    }
+
+    /**
+     * Obtains the revocation status of a certificate using OCSP.
+     *
+     * @param cert the certificate to be checked
+     * @param issuerCert the issuer certificate
+     * @param responderURI the URI of the OCSP responder
+     * @param responderCerts the OCSP responder's certificates
+     * @param date the time the validity of the OCSP responder's certificate
+     *    should be checked against. If null, the current time is used.
+     * @return the RevocationStatus
+     * @throws IOException if there is an exception connecting to or
+     *    communicating with the OCSP responder
+     * @throws CertPathValidatorException if an exception occurs while
+     *    encoding the OCSP Request or validating the OCSP Response
+     */
+    public static RevocationStatus check(X509Certificate cert,
+        X509Certificate issuerCert, URI responderURI,
+        List<X509Certificate> responderCerts, Date date)
+            throws IOException, CertPathValidatorException {
+
         CertId certId = null;
         try {
             X509CertImpl certImpl = X509CertImpl.toImpl(cert);
@@ -138,7 +163,7 @@
                 ("Exception while encoding OCSPRequest", ioe);
         }
         OCSPResponse ocspResponse = check(Collections.singletonList(certId),
-            responderURI, responderCert, date);
+            responderURI, responderCerts, date);
         return (RevocationStatus) ocspResponse.getSingleResponse(certId);
     }
 
@@ -147,7 +172,7 @@
      *
      * @param certs the CertIds to be checked
      * @param responderURI the URI of the OCSP responder
-     * @param responderCert the OCSP responder's certificate
+     * @param responderCerts the OCSP responder's certificates
      * @param date the time the validity of the OCSP responder's certificate
      *    should be checked against. If null, the current time is used.
      * @return the OCSPResponse
@@ -157,8 +182,8 @@
      *    encoding the OCSP Request or validating the OCSP Response
      */
     static OCSPResponse check(List<CertId> certIds, URI responderURI,
-        X509Certificate responderCert, Date date)
-        throws IOException, CertPathValidatorException {
+        List<X509Certificate> responderCerts, Date date)
+            throws IOException, CertPathValidatorException {
 
         byte[] bytes = null;
         try {
@@ -233,7 +258,7 @@
 
         OCSPResponse ocspResponse = null;
         try {
-            ocspResponse = new OCSPResponse(response, date, responderCert);
+            ocspResponse = new OCSPResponse(response, date, responderCerts);
         } catch (IOException ioe) {
             // response decoding exception
             throw new CertPathValidatorException(ioe);
@@ -291,7 +316,7 @@
 
         List<AccessDescription> descriptions = aia.getAccessDescriptions();
         for (AccessDescription description : descriptions) {
-            if (description.getAccessMethod().equals(
+            if (description.getAccessMethod().equals((Object)
                 AccessDescription.Ad_OCSP_Id)) {
 
                 GeneralName generalName = description.getAccessLocation();
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Fri Jun 22 10:20:20 2012 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
 
 package sun.security.provider.certpath;
 
+import java.io.IOException;
 import java.math.BigInteger;
 import java.util.*;
 import java.security.AccessController;
@@ -190,7 +191,8 @@
         // (unless we're processing the final cert).
         X509Certificate issuerCert = null;
         boolean seekIssuerCert = true;
-        X509Certificate responderCert = null;
+        List<X509Certificate> responderCerts = new ArrayList<X509Certificate>();
+
         if (remainingCerts < certs.length) {
             issuerCert = certs[remainingCerts];
             seekIssuerCert = false; // done
@@ -198,7 +200,7 @@
             // By default, the OCSP responder's cert is the same as the
             // issuer of the cert being validated.
             if (!seekResponderCert) {
-                responderCert = issuerCert;
+                responderCerts.add(issuerCert);
                 if (DEBUG != null) {
                     DEBUG.println("Responder's certificate is the same " +
                         "as the issuer of the certificate being validated");
@@ -212,8 +214,8 @@
         if (seekIssuerCert || seekResponderCert) {
 
             if (DEBUG != null && seekResponderCert) {
-                DEBUG.println("Searching trust anchors for responder's " +
-                    "certificate");
+                DEBUG.println("Searching trust anchors for issuer or " +
+                    "responder certificate");
             }
 
             // Extract the anchor certs
@@ -226,6 +228,8 @@
 
             X500Principal certIssuerName =
                 currCertImpl.getIssuerX500Principal();
+            byte[] certIssuerKeyId = null;
+
             while (anchors.hasNext() && (seekIssuerCert || seekResponderCert)) {
 
                 TrustAnchor anchor = anchors.next();
@@ -242,13 +246,38 @@
                 if (seekIssuerCert &&
                     certIssuerName.equals(anchorSubjectName)) {
 
+                    // Retrieve the issuer's key identifier
+                    if (certIssuerKeyId == null) {
+                        certIssuerKeyId = currCertImpl.getIssuerKeyIdentifier();
+                        if (certIssuerKeyId == null) {
+                            if (DEBUG != null) {
+                                DEBUG.println("No issuer key identifier (AKID) "
+                                    + "in the certificate being validated");
+                            }
+                        }
+                    }
+
+                    // Check that the key identifiers match
+                    if (certIssuerKeyId != null &&
+                        !Arrays.equals(certIssuerKeyId, getKeyId(anchorCert))) {
+
+                        continue; // try next cert
+                    }
+
+                    if (DEBUG != null && certIssuerKeyId != null) {
+                        DEBUG.println("Issuer certificate key ID: " +
+                            String.format("0x%0" +
+                                (certIssuerKeyId.length * 2) + "x",
+                                    new BigInteger(1, certIssuerKeyId)));
+                    }
+
                     issuerCert = anchorCert;
                     seekIssuerCert = false; // done
 
                     // By default, the OCSP responder's cert is the same as
                     // the issuer of the cert being validated.
-                    if (!seekResponderCert && responderCert == null) {
-                        responderCert = anchorCert;
+                    if (!seekResponderCert && responderCerts.isEmpty()) {
+                        responderCerts.add(anchorCert);
                         if (DEBUG != null) {
                             DEBUG.println("Responder's certificate is the" +
                                 " same as the issuer of the certificate " +
@@ -271,8 +300,7 @@
                          responderSerialNumber.equals(
                          anchorCert.getSerialNumber()))) {
 
-                        responderCert = anchorCert;
-                        seekResponderCert = false; // done
+                        responderCerts.add(anchorCert);
                     }
                 }
             }
@@ -300,9 +328,10 @@
                 if (filter != null) {
                     List<CertStore> certStores = pkixParams.getCertStores();
                     for (CertStore certStore : certStores) {
-                        Iterator i = null;
                         try {
-                            i = certStore.getCertificates(filter).iterator();
+                            responderCerts.addAll(
+                                (Collection<X509Certificate>)
+                                    certStore.getCertificates(filter));
                         } catch (CertStoreException cse) {
                             // ignore and try next certStore
                             if (DEBUG != null) {
@@ -310,23 +339,23 @@
                             }
                             continue;
                         }
-                        if (i.hasNext()) {
-                            responderCert = (X509Certificate) i.next();
-                            seekResponderCert = false; // done
-                            break;
-                        }
                     }
                 }
             }
         }
 
         // Could not find the certificate identified in the OCSP properties
-        if (seekResponderCert) {
+        if (seekResponderCert && responderCerts.isEmpty()) {
             throw new CertPathValidatorException(
                 "Cannot find the responder's certificate " +
                 "(set using the OCSP security properties).");
         }
 
+        if (DEBUG != null) {
+            DEBUG.println("Located " + responderCerts.size() +
+                " trusted responder certificate(s)");
+        }
+
         // The algorithm constraints of the OCSP trusted responder certificate
         // does not need to be checked in this code. The constraints will be
         // checked when the responder's certificate is validated.
@@ -337,7 +366,7 @@
             certId = new CertId
                 (issuerCert, currCertImpl.getSerialNumberObject());
             response = OCSP.check(Collections.singletonList(certId), uri,
-                responderCert, pkixParams.getDate());
+                responderCerts, pkixParams.getDate());
         } catch (Exception e) {
             if (e instanceof CertPathValidatorException) {
                 throw (CertPathValidatorException) e;
@@ -353,14 +382,15 @@
         if (certStatus == RevocationStatus.CertStatus.REVOKED) {
             Throwable t = new CertificateRevokedException(
                 rs.getRevocationTime(), rs.getRevocationReason(),
-                responderCert.getSubjectX500Principal(),
+                responderCerts.get(0).getSubjectX500Principal(),
                 rs.getSingleExtensions());
             throw new CertPathValidatorException(t.getMessage(), t,
                 null, -1, BasicReason.REVOKED);
         } else if (certStatus == RevocationStatus.CertStatus.UNKNOWN) {
             throw new CertPathValidatorException(
                 "Certificate's revocation status is unknown", null, cp,
-                remainingCerts, BasicReason.UNDETERMINED_REVOCATION_STATUS);
+                (remainingCerts - 1),
+                BasicReason.UNDETERMINED_REVOCATION_STATUS);
         }
     }
 
@@ -392,7 +422,7 @@
 
         List<AccessDescription> descriptions = aia.getAccessDescriptions();
         for (AccessDescription description : descriptions) {
-            if (description.getAccessMethod().equals(
+            if (description.getAccessMethod().equals((Object)
                 AccessDescription.Ad_OCSP_Id)) {
 
                 GeneralName generalName = description.getAccessLocation();
@@ -443,4 +473,34 @@
         }
         return hexNumber.toString();
     }
+
+    /*
+     * Returns the subject key identifier for the supplied certificate, or null
+     */
+    static byte[] getKeyId(X509Certificate cert) {
+        X509CertImpl certImpl = null;
+        byte[] certSubjectKeyId = null;
+
+        try {
+            certImpl = X509CertImpl.toImpl(cert);
+            certSubjectKeyId = certImpl.getSubjectKeyIdentifier();
+
+            if (certSubjectKeyId == null) {
+                if (DEBUG != null) {
+                    DEBUG.println("No subject key identifier (SKID) in the " +
+                        "certificate (Subject: " +
+                        cert.getSubjectX500Principal() + ")");
+                }
+            }
+
+        } catch (CertificateException e) {
+            // Ignore certificate
+            if (DEBUG != null) {
+                DEBUG.println("Error parsing X.509 certificate (Subject: " +
+                    cert.getSubjectX500Principal() + ") " + e);
+            }
+        }
+
+        return certSubjectKeyId;
+    }
 }
--- a/src/share/classes/sun/security/provider/certpath/OCSPRequest.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/security/provider/certpath/OCSPRequest.java	Fri Jun 22 10:20:20 2012 +0100
@@ -75,7 +75,7 @@
 class OCSPRequest {
 
     private static final Debug debug = Debug.getInstance("certpath");
-    private static final boolean dump = false;
+    private static final boolean dump = debug.isOn("ocsp");
 
     // List of request CertIds
     private final List<CertId> certIds;
@@ -116,8 +116,8 @@
 
         if (dump) {
             HexDumpEncoder hexEnc = new HexDumpEncoder();
-            System.out.println("OCSPRequest bytes are... ");
-            System.out.println(hexEnc.encode(bytes));
+            debug.println("\nOCSPRequest bytes... ");
+            debug.println(hexEnc.encode(bytes) + "\n");
         }
 
         return bytes;
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Jun 22 10:20:20 2012 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
 import java.security.cert.CRLReason;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -127,7 +128,7 @@
     private static ResponseStatus[] rsvalues = ResponseStatus.values();
 
     private static final Debug DEBUG = Debug.getInstance("certpath");
-    private static final boolean dump = false;
+    private static final boolean dump = DEBUG.isOn("ocsp");
     private static final ObjectIdentifier OCSP_BASIC_RESPONSE_OID =
         ObjectIdentifier.newInternal(new int[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1});
     private static final ObjectIdentifier OCSP_NONCE_EXTENSION_OID =
@@ -158,14 +159,14 @@
      * Create an OCSP response from its ASN.1 DER encoding.
      */
     OCSPResponse(byte[] bytes, Date dateCheckedAgainst,
-        X509Certificate responderCert)
+        List<X509Certificate> responderCerts)
         throws IOException, CertPathValidatorException {
 
         // OCSPResponse
         if (dump) {
             HexDumpEncoder hexEnc = new HexDumpEncoder();
-            System.out.println("OCSPResponse bytes are...");
-            System.out.println(hexEnc.encode(bytes));
+            DEBUG.println("\nOCSPResponse bytes...");
+            DEBUG.println(hexEnc.encode(bytes) + "\n");
         }
         DerValue der = new DerValue(bytes);
         if (der.tag != DerValue.tag_Sequence) {
@@ -206,7 +207,7 @@
         // responseType
         derIn = tmp.data;
         ObjectIdentifier responseType = derIn.getOID();
-        if (responseType.equals(OCSP_BASIC_RESPONSE_OID)) {
+        if (responseType.equals((Object)OCSP_BASIC_RESPONSE_OID)) {
             if (DEBUG != null) {
                 DEBUG.println("OCSP response type: basic");
             }
@@ -263,10 +264,16 @@
                 DEBUG.println("OCSP Responder name: " + responderName);
             }
         } else if (tag == KEY_TAG) {
-            // Ignore, for now
+            if (DEBUG != null) {
+                byte[] responderKeyId = seq.getOctetString();
+                DEBUG.println("OCSP Responder key ID: " +
+                    String.format("0x%0" +
+                        (responderKeyId.length * 2) + "x",
+                            new BigInteger(1, responderKeyId)));
+            }
         } else {
             throw new IOException("Bad encoding in responderID element of " +
-                "OCSP response: expected ASN.1 context specific tag 0 or 1");
+                "OCSP response: expected ASN.1 context specific tag 1 or 2");
         }
 
         // producedAt
@@ -301,7 +308,7 @@
                     if (DEBUG != null) {
                         DEBUG.println("OCSP extension: " + responseExtension);
                     }
-                    if (responseExtension.getExtensionId().equals(
+                    if (responseExtension.getExtensionId().equals((Object)
                         OCSP_NONCE_EXTENSION_OID)) {
                         /*
                         ocspNonce =
@@ -342,99 +349,147 @@
             }
         }
 
-        // Check whether the cert returned by the responder is trusted
+        X509Certificate trustedResponderCert = null;
+
+        // Check whether the signer cert returned by the responder is trusted
         if (x509Certs != null && x509Certs[0] != null) {
-            X509CertImpl cert = x509Certs[0];
+            X509CertImpl signerCert = x509Certs[0];
 
-            // First check if the cert matches the responder cert which
-            // was set locally.
-            if (cert.equals(responderCert)) {
-                // cert is trusted, now verify the signed response
+            if (DEBUG != null) {
+                DEBUG.println("Signer certificate name: " +
+                    signerCert.getSubjectX500Principal());
 
-            // Next check if the cert was issued by the responder cert
-            // which was set locally.
-            } else if (cert.getIssuerX500Principal().equals(
-                responderCert.getSubjectX500Principal())) {
+                byte[] signerKeyId = signerCert.getSubjectKeyIdentifier();
+                if (signerKeyId != null) {
+                    DEBUG.println("Signer certificate key ID: " +
+                        String.format("0x%0" + (signerKeyId.length * 2) + "x",
+                                new BigInteger(1, signerKeyId)));
+                }
+            }
 
-                // Check for the OCSPSigning key purpose
-                try {
-                    List<String> keyPurposes = cert.getExtendedKeyUsage();
-                    if (keyPurposes == null ||
-                        !keyPurposes.contains(KP_OCSP_SIGNING_OID)) {
-                        throw new CertPathValidatorException(
-                            "Responder's certificate not valid for signing " +
-                            "OCSP responses");
+            byte[] certIssuerKeyId = null;
+
+            for (X509Certificate responderCert : responderCerts) {
+
+                // First check if signer cert matches a trusted responder cert
+                if (signerCert.equals(responderCert)) {
+
+                    // signer cert is trusted, now verify the signed response
+                    trustedResponderCert = responderCert;
+                    if (DEBUG != null) {
+                        DEBUG.println("Signer certificate is a trusted " +
+                            "responder");
                     }
-                } catch (CertificateParsingException cpe) {
-                    // assume cert is not valid for signing
-                    throw new CertPathValidatorException(
-                        "Responder's certificate not valid for signing " +
-                        "OCSP responses", cpe);
+                    break;
+
+                // Next check if signer cert was issued by a trusted responder
+                // cert
+                } else if (signerCert.getIssuerX500Principal().equals(
+                    responderCert.getSubjectX500Principal())) {
+
+                    // Retrieve the issuer's key identifier
+                    if (certIssuerKeyId == null) {
+                        certIssuerKeyId = signerCert.getIssuerKeyIdentifier();
+                    }
+
+                    // Check that the key identifiers match
+                    if (certIssuerKeyId == null ||
+                        !Arrays.equals(certIssuerKeyId,
+                            OCSPChecker.getKeyId(responderCert))) {
+
+                        continue; // try next cert
+                    }
+
+                    if (DEBUG != null) {
+                        DEBUG.println("Issuer certificate key ID: " +
+                            String.format("0x%0" +
+                                (certIssuerKeyId.length * 2) + "x",
+                                    new BigInteger(1, certIssuerKeyId)));
+                    }
+
+                    // Check for the OCSPSigning key purpose
+                    try {
+                        List<String> keyPurposes =
+                            signerCert.getExtendedKeyUsage();
+                        if (keyPurposes == null ||
+                            !keyPurposes.contains(KP_OCSP_SIGNING_OID)) {
+
+                            continue; // try next cert
+                        }
+                    } catch (CertificateParsingException cpe) {
+
+                        continue; // try next cert
+                    }
+
+                    // Check algorithm constraints specified in security
+                    // property "jdk.certpath.disabledAlgorithms".
+                    AlgorithmChecker algChecker = new AlgorithmChecker(
+                                        new TrustAnchor(responderCert, null));
+                    algChecker.init(false);
+                    algChecker.check(signerCert,
+                        Collections.<String>emptySet());
+
+                    // Check the date validity
+                    try {
+                        if (dateCheckedAgainst == null) {
+                            signerCert.checkValidity();
+                        } else {
+                            signerCert.checkValidity(dateCheckedAgainst);
+                        }
+                    } catch (GeneralSecurityException e) {
+                        if (DEBUG != null) {
+                            DEBUG.println("Responder's certificate not within" +
+                            " the validity period" + e);
+                        }
+                        continue; // try next cert
+                    }
+
+                    // Check for revocation
+                    //
+                    // A CA may specify that an OCSP client can trust a
+                    // responder for the lifetime of the responder's
+                    // certificate. The CA does so by including the
+                    // extension id-pkix-ocsp-nocheck.
+                    //
+                    Extension noCheck =
+                        signerCert.getExtension(PKIXExtensions.OCSPNoCheck_Id);
+                    if (noCheck != null) {
+                        if (DEBUG != null) {
+                            DEBUG.println("Responder's certificate includes " +
+                                "the extension id-pkix-ocsp-nocheck.");
+                        }
+                    } else {
+                        // we should do the revocation checking of the
+                        // authorized responder in a future update.
+                    }
+
+                    // Verify the signature
+                    try {
+                        signerCert.verify(responderCert.getPublicKey());
+                        trustedResponderCert = signerCert;
+                        // cert is trusted, now verify the signed response
+                        if (DEBUG != null) {
+                            DEBUG.println("Signer certificate was issued by " +
+                                "a trusted responder");
+                        }
+                        break;
+
+                    } catch (GeneralSecurityException e) {
+                        trustedResponderCert = null;
+                    }
                 }
-
-                // Check algorithm constraints specified in security property
-                // "jdk.certpath.disabledAlgorithms".
-                AlgorithmChecker algChecker = new AlgorithmChecker(
-                                    new TrustAnchor(responderCert, null));
-                algChecker.init(false);
-                algChecker.check(cert, Collections.<String>emptySet());
-
-                // check the validity
-                try {
-                    if (dateCheckedAgainst == null) {
-                        cert.checkValidity();
-                    } else {
-                        cert.checkValidity(dateCheckedAgainst);
-                    }
-                } catch (GeneralSecurityException e) {
-                    throw new CertPathValidatorException(
-                        "Responder's certificate not within the " +
-                        "validity period", e);
-                }
-
-                // check for revocation
-                //
-                // A CA may specify that an OCSP client can trust a
-                // responder for the lifetime of the responder's
-                // certificate. The CA does so by including the
-                // extension id-pkix-ocsp-nocheck.
-                //
-                Extension noCheck =
-                    cert.getExtension(PKIXExtensions.OCSPNoCheck_Id);
-                if (noCheck != null) {
-                    if (DEBUG != null) {
-                        DEBUG.println("Responder's certificate includes " +
-                            "the extension id-pkix-ocsp-nocheck.");
-                    }
-                } else {
-                    // we should do the revocation checking of the
-                    // authorized responder in a future update.
-                }
-
-                // verify the signature
-                try {
-                    cert.verify(responderCert.getPublicKey());
-                    responderCert = cert;
-                    // cert is trusted, now verify the signed response
-
-                } catch (GeneralSecurityException e) {
-                    responderCert = null;
-                }
-            } else {
-                throw new CertPathValidatorException(
-                    "Responder's certificate is not authorized to sign " +
-                    "OCSP responses");
             }
         }
 
         // Confirm that the signed response was generated using the public
         // key from the trusted responder cert
-        if (responderCert != null) {
+        if (trustedResponderCert != null) {
             // Check algorithm constraints specified in security property
             // "jdk.certpath.disabledAlgorithms".
-            AlgorithmChecker.check(responderCert.getPublicKey(), sigAlgId);
+            AlgorithmChecker.check(trustedResponderCert.getPublicKey(),
+                sigAlgId);
 
-            if (!verifyResponse(responseDataDer, responderCert,
+            if (!verifyResponse(responseDataDer, trustedResponderCert,
                 sigAlgId, signature)) {
                 throw new CertPathValidatorException(
                     "Error verifying OCSP Responder's signature");
@@ -442,7 +497,8 @@
         } else {
             // Need responder's cert in order to verify the signature
             throw new CertPathValidatorException(
-                "Unable to verify OCSP Responder's signature");
+                "Responder's certificate is not trusted for signing " +
+                "OCSP responses");
         }
     }
 
--- a/src/share/classes/sun/security/x509/X509CertImpl.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/share/classes/sun/security/x509/X509CertImpl.java	Fri Jun 22 10:20:20 2012 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -174,6 +174,12 @@
      */
     private boolean verificationResult;
 
+    // Cached SKID
+    private byte[] subjectKeyId = null;
+
+    // Cached AKID
+    private byte[] issuerKeyId = null;
+
     /**
      * Default constructor.
      */
@@ -196,10 +202,7 @@
             parse(new DerValue(certData));
         } catch (IOException e) {
             signedCert = null;
-            CertificateException ce = new
-                CertificateException("Unable to initialize, " + e);
-            ce.initCause(e);
-            throw ce;
+            throw new CertificateException("Unable to initialize, " + e, e);
         }
     }
 
@@ -231,25 +234,19 @@
                 inBuffered.reset();
                 der = new DerValue(inBuffered);
             } catch (IOException ioe1) {
-                CertificateException ce = new
-                    CertificateException("Input stream must be " +
-                                         "either DER-encoded bytes " +
-                                         "or RFC1421 hex-encoded " +
-                                         "DER-encoded bytes: " +
-                                         ioe1.getMessage());
-                ce.initCause(ioe1);
-                throw ce;
+                throw new CertificateException("Input stream must be " +
+                                               "either DER-encoded bytes " +
+                                               "or RFC1421 hex-encoded " +
+                                               "DER-encoded bytes: " +
+                                               ioe1.getMessage(), ioe1);
             }
         }
         try {
             parse(der);
         } catch (IOException ioe) {
             signedCert = null;
-            CertificateException ce = new
-                CertificateException("Unable to parse DER value of " +
-                                     "certificate, " + ioe);
-            ce.initCause(ioe);
-            throw ce;
+            throw new CertificateException("Unable to parse DER value of " +
+                                           "certificate, " + ioe, ioe);
         }
     }
 
@@ -320,10 +317,7 @@
             parse(derVal);
         } catch (IOException e) {
             signedCert = null;
-            CertificateException ce = new
-                CertificateException("Unable to initialize, " + e);
-            ce.initCause(e);
-            throw ce;
+            throw new CertificateException("Unable to initialize, " + e, e);
         }
     }
 
@@ -1070,6 +1064,32 @@
     }
 
     /**
+     * Return the issuing authority's key identifier bytes, or null
+     */
+    public byte[] getIssuerKeyIdentifier()
+    {
+        if (issuerKeyId == null) {
+            AuthorityKeyIdentifierExtension aki =
+                getAuthorityKeyIdentifierExtension();
+            if (aki != null) {
+
+                try {
+                    issuerKeyId = ((KeyIdentifier)
+                        aki.get(AuthorityKeyIdentifierExtension.KEY_ID))
+                            .getIdentifier();
+                } catch (IOException e) {
+                    // should never happen (because KEY_ID attr is supported)
+                }
+
+            } else {
+                issuerKeyId = new byte[0]; // no AKID present
+            }
+        }
+
+        return issuerKeyId.length != 0 ? issuerKeyId : null;
+    }
+
+    /**
      * Get BasicConstraints extension
      * @return BasicConstraints object or null (if no such object in
      * certificate)
@@ -1169,6 +1189,32 @@
     }
 
     /**
+     * Returns the subject's key identifier bytes, or null
+     */
+    public byte[] getSubjectKeyIdentifier()
+    {
+        if (subjectKeyId == null) {
+            SubjectKeyIdentifierExtension ski =
+                getSubjectKeyIdentifierExtension();
+            if (ski != null) {
+
+                try {
+                    subjectKeyId = ((KeyIdentifier)
+                        ski.get(SubjectKeyIdentifierExtension.KEY_ID))
+                            .getIdentifier();
+                } catch (IOException e) {
+                    // should never happen (because KEY_ID attr is supported)
+                }
+
+            } else {
+                subjectKeyId = new byte[0]; // no SKID present
+            }
+        }
+
+        return subjectKeyId.length != 0 ? subjectKeyId : null;
+    }
+
+    /**
      * Get CRLDistributionPoints extension
      * @return CRLDistributionPoints object or null (if no such object in
      * certificate)
@@ -1279,7 +1325,7 @@
                 return null;
             } else {
                 for (Extension ex : extensions.getAllExtensions()) {
-                    if (ex.getExtensionId().equals(oid)) {
+                    if (ex.getExtensionId().equals((Object)oid)) {
                         //XXXX May want to consider cloning this
                         return ex;
                     }
@@ -1335,7 +1381,7 @@
 
                 for (Extension ex : exts.getAllExtensions()) {
                     ObjectIdentifier inCertOID = ex.getExtensionId();
-                    if (inCertOID.equals(findOID)) {
+                    if (inCertOID.equals((Object)findOID)) {
                         certExt = ex;
                         break;
                     }
@@ -1434,10 +1480,7 @@
                 new ExtendedKeyUsageExtension(Boolean.FALSE, data);
             return Collections.unmodifiableList(ekuExt.getExtendedKeyUsage());
         } catch (IOException ioe) {
-            CertificateParsingException cpe =
-                new CertificateParsingException();
-            cpe.initCause(ioe);
-            throw cpe;
+            throw new CertificateParsingException(ioe);
         }
     }
 
@@ -1578,8 +1621,8 @@
         }
         GeneralNames names;
         try {
-            names = (GeneralNames) subjectAltNameExt.get
-                (SubjectAlternativeNameExtension.SUBJECT_NAME);
+            names = (GeneralNames) subjectAltNameExt.get(
+                    SubjectAlternativeNameExtension.SUBJECT_NAME);
         } catch (IOException ioe) {
             // should not occur
             return Collections.<List<?>>emptySet();
@@ -1610,18 +1653,15 @@
 
             GeneralNames names;
             try {
-                names = (GeneralNames) subjectAltNameExt.get
-                    (SubjectAlternativeNameExtension.SUBJECT_NAME);
+                names = (GeneralNames) subjectAltNameExt.get(
+                        SubjectAlternativeNameExtension.SUBJECT_NAME);
             }  catch (IOException ioe) {
                 // should not occur
                 return Collections.<List<?>>emptySet();
             }
             return makeAltNames(names);
         } catch (IOException ioe) {
-            CertificateParsingException cpe =
-                new CertificateParsingException();
-            cpe.initCause(ioe);
-            throw cpe;
+            throw new CertificateParsingException(ioe);
         }
     }
 
@@ -1644,8 +1684,8 @@
         }
         GeneralNames names;
         try {
-            names = (GeneralNames) issuerAltNameExt.get
-                (IssuerAlternativeNameExtension.ISSUER_NAME);
+            names = (GeneralNames) issuerAltNameExt.get(
+                    IssuerAlternativeNameExtension.ISSUER_NAME);
         } catch (IOException ioe) {
             // should not occur
             return Collections.<List<?>>emptySet();
@@ -1676,18 +1716,15 @@
                                                     data);
             GeneralNames names;
             try {
-                names = (GeneralNames) issuerAltNameExt.get
-                    (IssuerAlternativeNameExtension.ISSUER_NAME);
+                names = (GeneralNames) issuerAltNameExt.get(
+                        IssuerAlternativeNameExtension.ISSUER_NAME);
             }  catch (IOException ioe) {
                 // should not occur
                 return Collections.<List<?>>emptySet();
             }
             return makeAltNames(names);
         } catch (IOException ioe) {
-            CertificateParsingException cpe =
-                new CertificateParsingException();
-            cpe.initCause(ioe);
-            throw cpe;
+            throw new CertificateParsingException(ioe);
         }
     }
 
--- a/src/solaris/classes/sun/print/CUPSPrinter.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/solaris/classes/sun/print/CUPSPrinter.java	Fri Jun 22 10:20:20 2012 +0100
@@ -273,14 +273,26 @@
                                          is);
                     is.close();
 
-                    if (responseMap.length > 0) {
+                    if (responseMap != null && responseMap.length > 0) {
                         defaultMap = responseMap[0];
                     }
 
                     if (defaultMap == null) {
                         os.close();
                         urlConnection.disconnect();
-                        return null;
+
+                        /* CUPS on OS X, as initially configured, considers the
+                         * default printer to be the last one used that's
+                         * presently available. So if no default was
+                         * reported, exec lpstat -d which has all the Apple
+                         * special behaviour for this built in.
+                         */
+                         if (UnixPrintServiceLookup.isMac()) {
+                             return UnixPrintServiceLookup.
+                                                   getDefaultPrinterNameSysV();
+                         } else {
+                             return null;
+                         }
                     }
 
                     AttributeClass attribClass = (AttributeClass)
--- a/src/solaris/classes/sun/print/UnixPrintServiceLookup.java	Fri Jun 22 10:19:40 2012 +0100
+++ b/src/solaris/classes/sun/print/UnixPrintServiceLookup.java	Fri Jun 22 10:20:20 2012 +0100
@@ -114,6 +114,10 @@
             new sun.security.action.GetPropertyAction("os.name"));
     }
 
+    static boolean isMac() {
+        return osname.contains("OS X");
+    }
+
     static boolean isSysV() {
         return osname.equals("SunOS");
     }
@@ -212,7 +216,7 @@
                 }
             }
         } else {
-            if (isSysV()) {
+            if (isMac() || isSysV()) {
                 printers = getAllPrinterNamesSysV();
             } else { //BSD
                 printers = getAllPrinterNamesBSD();
@@ -361,7 +365,7 @@
         if (name == null || name.equals("") || !checkPrinterName(name)) {
             return null;
         }
-        if (isSysV()) {
+        if (isMac() || isSysV()) {
             printer = getNamedPrinterNameSysV(name);
         } else {
             printer = getNamedPrinterNameBSD(name);
@@ -523,7 +527,7 @@
         if (CUPSPrinter.isCupsRunning()) {
             defaultPrinter = CUPSPrinter.getDefaultPrinter();
         } else {
-            if (isSysV()) {
+            if (isMac() || isSysV()) {
                 defaultPrinter = getDefaultPrinterNameSysV();
             } else {
                 defaultPrinter = getDefaultPrinterNameBSD();
@@ -644,7 +648,7 @@
         return names;
     }
 
-    private String getDefaultPrinterNameSysV() {
+    static String getDefaultPrinterNameSysV() {
         String defaultPrinter = "lp";
         String command = "/usr/bin/lpstat -d";