changeset 2138:3efbbc00ac5f

Merge
author lana
date Wed, 16 Dec 2009 16:25:08 -0800
parents de7807599a9b be6bc681579a
children e2f7e92c30f1
files make/tools/CharsetMapping/DoubleByte-X.java make/tools/CharsetMapping/SingleByte-X.java src/share/classes/sun/awt/ComponentAccessor.java src/share/classes/sun/awt/WindowAccessor.java src/share/classes/sun/security/provider/IdentityDatabase.java src/share/classes/sun/security/provider/SystemIdentity.java src/share/classes/sun/security/provider/SystemSigner.java src/share/classes/sun/security/x509/X500Signer.java src/share/classes/sun/security/x509/X509Cert.java src/share/classes/sun/tools/jar/JarVerifierStream.java src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java src/share/classes/sun/util/LocaleDataMetaInfo-XLocales.java test/java/util/Formatter/Basic-X.java test/sun/tools/native2ascii/test2 test/tools/launcher/SolarisDataModel.sh test/tools/launcher/SolarisRunpath.sh test/tools/launcher/libraryCaller.c test/tools/launcher/libraryCaller.h test/tools/launcher/libraryCaller.java
diffstat 281 files changed, 7808 insertions(+), 7248 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Tue Dec 15 14:50:01 2009 +0900
+++ b/.hgtags	Wed Dec 16 16:25:08 2009 -0800
@@ -51,3 +51,4 @@
 eacb36e30327e7ae33baa068e82ddccbd91eaae2 jdk7-b74
 8885b22565077236a927e824ef450742e434a230 jdk7-b75
 8fb602395be0f7d5af4e7e93b7df2d960faf9d17 jdk7-b76
+e6a5d095c356a547cf5b3c8885885aca5e91e09b jdk7-b77
--- a/make/common/shared/Platform.gmk	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/common/shared/Platform.gmk	Wed Dec 16 16:25:08 2009 -0800
@@ -165,6 +165,9 @@
                 sparc*) \
                     echo sparc \
                     ;; \
+                arm*) \
+                    echo arm \
+                    ;; \
                 *) \
                     echo $(mach) \
                     ;; \
--- a/make/java/java/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/java/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -390,7 +390,7 @@
 LOCALES_GEN_SH = localelist.sh
 
 $(GENSRCDIR)/sun/util/CoreResourceBundleControl.java: \
-	$(SHARE_SRC)/classes/sun/util/CoreResourceBundleControl-XLocales.java $(LOCALES_GEN_SH)
+	$(SHARE_SRC)/classes/sun/util/CoreResourceBundleControl-XLocales.java.template $(LOCALES_GEN_SH)
 	@$(prep-target) 
 	NAWK="$(NAWK)" SED="$(SED)" $(SH) $(LOCALES_GEN_SH) "$(JRE_NONEXIST_LOCALES)" \
 		$< $@ 
--- a/make/java/java/genlocales.gmk	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/java/genlocales.gmk	Wed Dec 16 16:25:08 2009 -0800
@@ -68,7 +68,7 @@
 FILES_java := $(FILES_java_orig)
 FILES_compiled_properties := $(FILES_compiled_properties_orig)
 
-LocaleDataMetaInfo_Src=$(SHARE_SRC)/classes/sun/util/LocaleDataMetaInfo-XLocales.java
+LocaleDataMetaInfo_Src=$(SHARE_SRC)/classes/sun/util/LocaleDataMetaInfo-XLocales.java.template
 LocaleDataMetaInfo_Dest=$(GENSRCDIR)/sun/util/LocaleDataMetaInfo.java
 LOCALEGEN_SH=localegen.sh
 RESOURCE_NAMES="FormatData CollationData TimeZoneNames LocaleNames CurrencyNames CalendarData"
--- a/make/java/java/localegen.sh	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/java/localegen.sh	Wed Dec 16 16:25:08 2009 -0800
@@ -27,7 +27,7 @@
 
 #
 # This script is to generate the supported locale list string and replace the
-# LocaleDataMetaInfo-XLocales.java in <ws>/src/share/classes/sun/util
+# LocaleDataMetaInfo-XLocales.java.template in <ws>/src/share/classes/sun/util
 # 
 # SORT, NAWK & SED is passed in as environment variables.
 #
--- a/make/java/jli/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/jli/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -96,6 +96,7 @@
 
 
 ifneq ($(PLATFORM), windows)	# UNIX systems
+        LD_RUNPATH_EXTRAS += ..
 	LIB_LOCATION = $(LIBDIR)/$(LIBARCH)/jli
 	# Note: its important to keep this order meaning -lc is the
 	# last library otherwise it could cause compatibility issues
--- a/make/java/main/java/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/main/java/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -61,8 +61,5 @@
 
 ifeq ($(PLATFORM), solaris)
 LDFLAGS += -R$(OPENWIN_LIB)
-endif
-
-ifeq ($(PLATFORM), solaris)
 LDFLAGS += -M mapfile-$(ARCH)
 endif
--- a/make/java/nio/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/nio/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -834,7 +834,7 @@
 GENCSSRC = $(BUILDDIR)/tools/CharsetMapping
 CHARSETMAPPING_JARFILE = $(BUILDTOOLJARDIR)/charsetmapping.jar
 
-$(FILES_gensbcs_out): $(GENCSSRC)/SingleByte-X.java $(GENCSSRC)/sbcs
+$(FILES_gensbcs_out): $(GENCSSRC)/SingleByte-X.java.template $(GENCSSRC)/sbcs
 	@$(prep-target)
 	$(BOOT_JAVA_CMD) -jar $(CHARSETMAPPING_JARFILE) $(GENCSSRC) $(SCS_GEN) sbcs
 
--- a/make/java/redist/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/java/redist/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -194,10 +194,8 @@
 # For backwards compatability, make a link of the 32-bit client JVM to $(LIBDIR)
 IMPORT_LIST += $(LIB_LOCATION)/$(JVM_NAME)
 
-# create a link from lib/libjvm.so to client/libjvm.so
 $(LIB_LOCATION)/$(JVM_NAME): $(LIB_LOCATION)/$(CLIENT_LOCATION)/$(JVM_NAME)
 	@$(prep-target)
-	$(LN) -s $(CLIENT_LOCATION)/$(JVM_NAME) $@
 
 #  solaris   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ solaris
 endif # 32bit solaris
--- a/make/netbeans/README	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/netbeans/README	Wed Dec 16 16:25:08 2009 -0800
@@ -411,7 +411,7 @@
             java/util/regex/,\
             java/util/spi/,\
             java/util/zip/,\
-            **/*-XLocales.java
+            **/*-XLocales.java.template
         jtreg.tests=\
             java/util/**/*Collection/ \
             java/util/**/*Map/ \
--- a/make/sun/nio/Makefile	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/sun/nio/Makefile	Wed Dec 16 16:25:08 2009 -0800
@@ -82,7 +82,9 @@
 		$(FILES_MAP) $(FILES_DAT) sjis0213
 
 
-$(FILES_genout_extcs): $(GENCSDATASRC)/SingleByte-X.java  $(GENCSDATASRC)/DoubleByte-X.java \
+$(FILES_genout_extcs): \
+                $(GENCSDATASRC)/SingleByte-X.java.template  \
+		$(GENCSDATASRC)/DoubleByte-X.java.template \
 		$(GENCSDATASRC)/extsbcs $(GENCSDATASRC)/dbcs
 	@$(prep-target)
 	$(RM) -r $(GENCSEXT)
--- a/make/sun/xawt/mapfile-vers	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/sun/xawt/mapfile-vers	Wed Dec 16 16:25:08 2009 -0800
@@ -126,6 +126,8 @@
         Java_sun_awt_X11_XlibWrapper_ServerVendor;
         Java_sun_awt_X11_XlibWrapper_VendorRelease;
         Java_sun_awt_X11_XlibWrapper_IsXsunKPBehavior;
+        Java_sun_awt_X11_XlibWrapper_IsSunKeyboard;
+        Java_sun_awt_X11_XlibWrapper_IsKanaKeyboard;
         Java_sun_awt_X11_XlibWrapper_SetToolkitErrorHandler;
         Java_sun_awt_X11_XlibWrapper_XSetErrorHandler;
         Java_sun_awt_X11_XlibWrapper_CallErrorHandler;
@@ -306,6 +308,7 @@
         Java_sun_awt_X11_XlibWrapper_XkbTranslateKeyCode;
         Java_sun_awt_X11_XlibWrapper_XGetModifierMapping;
         Java_sun_awt_X11_XlibWrapper_XFreeModifiermap;
+        Java_sun_awt_X11_XlibWrapper_XRefreshKeyboardMapping;
         Java_sun_awt_X11_XlibWrapper_XChangeActivePointerGrab;
         Java_sun_awt_X11_XlibWrapper_XNextSecondaryLoopEvent;
         Java_sun_awt_X11_XlibWrapper_ExitSecondaryLoop;
--- a/make/tools/CharsetMapping/DoubleByte-X.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,100 +0,0 @@
-/*
- * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-// -- This file was mechanically generated: Do not edit! -- //
-
-package $PACKAGE$;
-
-import java.nio.charset.Charset;
-import java.nio.charset.CharsetDecoder;
-import java.nio.charset.CharsetEncoder;
-import java.util.Arrays;
-import sun.nio.cs.HistoricallyNamedCharset;
-import sun.nio.cs.ext.DoubleByte;
-
-public class $NAME_CLZ$ extends Charset
-                        $IMPLEMENTS$
-{
-    public $NAME_CLZ$() {
-        super("$NAME_CS$", $NAME_ALIASES$);
-    }
-
-    $HISTORICALNAME$
-
-    public boolean contains(Charset cs) {
-        $CONTAINS$
-    }
-
-    public CharsetDecoder newDecoder() {
-        initb2c();
-        return new  DoubleByte.Decoder$DECTYPE$(this, b2c, b2cSB, $B2MIN$, $B2MAX$);
-    }
-
-    public CharsetEncoder newEncoder() {
-        initc2b();
-        return new DoubleByte.Encoder$ENCTYPE$(this, c2b, c2bIndex);
-    }
-
-    $B2C$
-    static char[][] b2c = new char[b2cStr.length][];
-    static char[] b2cSB;
-    private static volatile boolean b2cInitialized = false;
-
-    static void initb2c() {
-        if (b2cInitialized)
-            return;
-        synchronized (b2c) {
-            if (b2cInitialized)
-                return;
-            for (int i = 0; i < b2cStr.length; i++) {
-                if (b2cStr[i] == null)
-                    b2c[i] = DoubleByte.B2C_UNMAPPABLE;
-                else
-                    b2c[i] = b2cStr[i].toCharArray();
-            }
-            b2cSB = b2cSBStr.toCharArray();
-            b2cInitialized = true;
-        }
-    }
-
-    static char[] c2b = new char[$C2BLENGTH$];
-    static char[] c2bIndex = new char[0x100];
-    private static volatile boolean c2bInitialized = false;
-
-    static void initc2b() {
-        if (c2bInitialized)
-            return;
-        synchronized (c2b) {
-            if (c2bInitialized)
-                return;
-            $NONROUNDTRIP_B2C$
-            $NONROUNDTRIP_C2B$
-            DoubleByte.Encoder.initC2B(b2cStr, b2cSBStr, b2cNR, c2bNR,
-                                       $B2MIN$, $B2MAX$,
-                                       c2b, c2bIndex);
-            c2bInitialized = true;
-        }
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/tools/CharsetMapping/DoubleByte-X.java.template	Wed Dec 16 16:25:08 2009 -0800
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+// -- This file was mechanically generated: Do not edit! -- //
+
+package $PACKAGE$;
+
+import java.nio.charset.Charset;
+import java.nio.charset.CharsetDecoder;
+import java.nio.charset.CharsetEncoder;
+import java.util.Arrays;
+import sun.nio.cs.HistoricallyNamedCharset;
+import sun.nio.cs.ext.DoubleByte;
+
+public class $NAME_CLZ$ extends Charset
+                        $IMPLEMENTS$
+{
+    public $NAME_CLZ$() {
+        super("$NAME_CS$", $NAME_ALIASES$);
+    }
+
+    $HISTORICALNAME$
+
+    public boolean contains(Charset cs) {
+        $CONTAINS$
+    }
+
+    public CharsetDecoder newDecoder() {
+        initb2c();
+        return new  DoubleByte.Decoder$DECTYPE$(this, b2c, b2cSB, $B2MIN$, $B2MAX$);
+    }
+
+    public CharsetEncoder newEncoder() {
+        initc2b();
+        return new DoubleByte.Encoder$ENCTYPE$(this, c2b, c2bIndex);
+    }
+
+    $B2C$
+    static char[][] b2c = new char[b2cStr.length][];
+    static char[] b2cSB;
+    private static volatile boolean b2cInitialized = false;
+
+    static void initb2c() {
+        if (b2cInitialized)
+            return;
+        synchronized (b2c) {
+            if (b2cInitialized)
+                return;
+            for (int i = 0; i < b2cStr.length; i++) {
+                if (b2cStr[i] == null)
+                    b2c[i] = DoubleByte.B2C_UNMAPPABLE;
+                else
+                    b2c[i] = b2cStr[i].toCharArray();
+            }
+            b2cSB = b2cSBStr.toCharArray();
+            b2cInitialized = true;
+        }
+    }
+
+    static char[] c2b = new char[$C2BLENGTH$];
+    static char[] c2bIndex = new char[0x100];
+    private static volatile boolean c2bInitialized = false;
+
+    static void initc2b() {
+        if (c2bInitialized)
+            return;
+        synchronized (c2b) {
+            if (c2bInitialized)
+                return;
+            $NONROUNDTRIP_B2C$
+            $NONROUNDTRIP_C2B$
+            DoubleByte.Encoder.initC2B(b2cStr, b2cSBStr, b2cNR, c2bNR,
+                                       $B2MIN$, $B2MAX$,
+                                       c2b, c2bIndex);
+            c2bInitialized = true;
+        }
+    }
+}
--- a/make/tools/CharsetMapping/SingleByte-X.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-/*
- * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package $PACKAGE$;
-
-import java.nio.charset.Charset;
-import java.nio.charset.CharsetDecoder;
-import java.nio.charset.CharsetEncoder;
-import sun.nio.cs.StandardCharsets;
-import sun.nio.cs.SingleByte;
-import sun.nio.cs.HistoricallyNamedCharset;
-import static sun.nio.cs.CharsetMapping.*;
-
-public class $NAME_CLZ$ extends Charset implements HistoricallyNamedCharset
-{
-    public $NAME_CLZ$() {
-        super("$NAME_CS$", $NAME_ALIASES$);
-    }
-
-    public String historicalName() {
-        return "$NAME_HIS$";
-    }
-
-    public boolean contains(Charset cs) {
-        $CONTAINS$;
-    }
-
-    public CharsetDecoder newDecoder() {
-        return new SingleByte.Decoder(this, b2c);
-    }
-
-    public CharsetEncoder newEncoder() {
-        return new SingleByte.Encoder(this, c2b, c2bIndex);
-    }
-
-    public String getDecoderSingleByteMappings() {
-        return b2cTable;
-    }
-
-    public char[] getEncoderIndex2() {
-        return c2b;
-    }
-
-    public char[] getEncoderIndex1() {
-        return c2bIndex;
-    }
-
-    private final static String b2cTable = $B2CTABLE$
-
-    private final static char[] b2c = b2cTable.toCharArray();
-    private final static char[] c2b = new char[$C2BLENGTH$];
-    private final static char[] c2bIndex = new char[0x100];
-
-    static {
-        char[] b2cMap = b2c;
-        char[] c2bNR = null;
-        $NONROUNDTRIP_B2C$
-        $NONROUNDTRIP_C2B$
-        SingleByte.initC2B(b2cMap, c2bNR, c2b, c2bIndex);
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/tools/CharsetMapping/SingleByte-X.java.template	Wed Dec 16 16:25:08 2009 -0800
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package $PACKAGE$;
+
+import java.nio.charset.Charset;
+import java.nio.charset.CharsetDecoder;
+import java.nio.charset.CharsetEncoder;
+import sun.nio.cs.StandardCharsets;
+import sun.nio.cs.SingleByte;
+import sun.nio.cs.HistoricallyNamedCharset;
+import static sun.nio.cs.CharsetMapping.*;
+
+public class $NAME_CLZ$ extends Charset implements HistoricallyNamedCharset
+{
+    public $NAME_CLZ$() {
+        super("$NAME_CS$", $NAME_ALIASES$);
+    }
+
+    public String historicalName() {
+        return "$NAME_HIS$";
+    }
+
+    public boolean contains(Charset cs) {
+        $CONTAINS$;
+    }
+
+    public CharsetDecoder newDecoder() {
+        return new SingleByte.Decoder(this, b2c);
+    }
+
+    public CharsetEncoder newEncoder() {
+        return new SingleByte.Encoder(this, c2b, c2bIndex);
+    }
+
+    public String getDecoderSingleByteMappings() {
+        return b2cTable;
+    }
+
+    public char[] getEncoderIndex2() {
+        return c2b;
+    }
+
+    public char[] getEncoderIndex1() {
+        return c2bIndex;
+    }
+
+    private final static String b2cTable = $B2CTABLE$
+
+    private final static char[] b2c = b2cTable.toCharArray();
+    private final static char[] c2b = new char[$C2BLENGTH$];
+    private final static char[] c2bIndex = new char[0x100];
+
+    static {
+        char[] b2cMap = b2c;
+        char[] c2bNR = null;
+        $NONROUNDTRIP_B2C$
+        $NONROUNDTRIP_C2B$
+        SingleByte.initC2B(b2cMap, c2bNR, c2b, c2bIndex);
+    }
+}
--- a/make/tools/src/build/tools/charsetmapping/GenerateDBCS.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/tools/src/build/tools/charsetmapping/GenerateDBCS.java	Wed Dec 16 16:25:08 2009 -0800
@@ -63,7 +63,7 @@
             int    b2Min    = toInteger(fields[8]);
             int    b2Max    = toInteger(fields[9]);
             System.out.printf("%s,%s,%s,%b,%s%n", clzName, csName, hisName, isASCII, pkgName);
-            genClass(args[0], args[1], "DoubleByte-X.java",
+            genClass(args[0], args[1], "DoubleByte-X.java.template",
                     clzName, csName, hisName, pkgName,
                     isASCII, type,
                     b1Min, b1Max, b2Min, b2Max);
--- a/make/tools/src/build/tools/charsetmapping/GenerateSBCS.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/make/tools/src/build/tools/charsetmapping/GenerateSBCS.java	Wed Dec 16 16:25:08 2009 -0800
@@ -55,7 +55,7 @@
             String pkgName  = fields[4];
             System.out.printf("%s,%s,%s,%b,%s%n", clzName, csName, hisName, isASCII, pkgName);
 
-            genClass(args[0], args[1], "SingleByte-X.java",
+            genClass(args[0], args[1], "SingleByte-X.java.template",
                      clzName, csName, hisName, pkgName, isASCII);
         }
     }
--- a/src/share/bin/java.c	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/bin/java.c	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1995-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,15 +41,13 @@
  * options are turned into "-foo" options to the vm.  This option
  * filtering is handled in a number of places in the launcher, some of
  * it in machine-dependent code.  In this file, the function
- * CheckJVMType removes vm style options and TranslateApplicationArgs
- * removes "-J" prefixes.  On unix platforms, the
- * CreateExecutionEnvironment function from the unix java_md.c file
- * processes and removes -d<n> options.  However, in case
- * CreateExecutionEnvironment does not need to exec because
- * LD_LIBRARY_PATH is set acceptably and the data model does not need
- * to be changed, ParseArguments will screen out the redundant -d<n>
- * options and prevent them from being passed to the vm; this is done
- * by RemovableOption.
+ * CheckJvmType removes vm style options and TranslateApplicationArgs
+ * removes "-J" prefixes.  The CreateExecutionEnvironment function processes
+ * and removes -d<n> options. On unix, there is a possibility that the running
+ * data model may not match to the desired data model, in this case an exec is
+ * required to start the desired model. If the data models match, then
+ * ParseArguments will remove the -d<n> flags. If the data models do not match
+ * the CreateExecutionEnviroment will remove the -d<n> flags.
  */
 
 
@@ -1891,11 +1889,11 @@
  * Return JNI_TRUE for an option string that has no effect but should
  * _not_ be passed on to the vm; return JNI_FALSE otherwise.  On
  * Solaris SPARC, this screening needs to be done if:
- * 1) LD_LIBRARY_PATH does _not_ need to be reset and
- * 2) -d32 or -d64 is passed to a binary with a matching data model
- *    (the exec in SetLibraryPath removes -d<n> options and points the
- *    exec to the proper binary).  When this exec is not done, these options
- *    would end up getting passed onto the vm.
+ *    -d32 or -d64 is passed to a binary with an unmatched data model
+ *    (the exec in CreateExecutionEnvironment removes -d<n> options and points the
+ *    exec to the proper binary).  In the case of when the data model and the
+ *    requested version is matched, an exec would not occur, and these options
+ *    were erroneously passed to the vm.
  */
 jboolean
 RemovableOption(char * option)
--- a/src/share/classes/com/sun/crypto/provider/HmacCore.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/crypto/provider/HmacCore.java	Wed Dec 16 16:25:08 2009 -0800
@@ -36,7 +36,7 @@
 
 /**
  * This class constitutes the core of HMAC-<MD> algorithms, where
- * <MD> can be SHA1 or MD5, etc.
+ * <MD> can be SHA1 or MD5, etc. See RFC 2104 for spec.
  *
  * It also contains the implementation classes for the SHA-256,
  * SHA-384, and SHA-512 HMACs.
@@ -116,7 +116,7 @@
         }
 
         byte[] secret = key.getEncoded();
-        if (secret == null || secret.length == 0) {
+        if (secret == null) {
             throw new InvalidKeyException("Missing key data");
         }
 
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,21 +25,19 @@
 
 package com.sun.crypto.provider;
 
-import java.io.*;
+import java.io.ObjectStreamException;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
 import java.util.Arrays;
 import java.security.KeyRep;
 import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class represents a PBE key derived using PBKDF2 defined
@@ -123,7 +121,7 @@
         this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
     }
 
-    private static byte[] deriveKey(Mac prf, byte[] password, byte[] salt,
+    private static byte[] deriveKey(final Mac prf, final byte[] password, byte[] salt,
                                     int iterCount, int keyLengthInBit) {
         int keyLength = keyLengthInBit/8;
         byte[] key = new byte[keyLength];
@@ -133,7 +131,34 @@
             int intR = keyLength - (intL - 1)*hlen; // residue
             byte[] ui = new byte[hlen];
             byte[] ti = new byte[hlen];
-            SecretKey macKey = new SecretKeySpec(password, prf.getAlgorithm());
+            // SecretKeySpec cannot be used, since password can be empty here.
+            SecretKey macKey = new SecretKey() {
+                @Override
+                public String getAlgorithm() {
+                    return prf.getAlgorithm();
+                }
+                @Override
+                public String getFormat() {
+                    return "RAW";
+                }
+                @Override
+                public byte[] getEncoded() {
+                    return password;
+                }
+                @Override
+                public int hashCode() {
+                    return Arrays.hashCode(password) * 41 +
+                            prf.getAlgorithm().toLowerCase().hashCode();
+                }
+                @Override
+                public boolean equals(Object obj) {
+                    if (this == obj) return true;
+                    if (this.getClass() != obj.getClass()) return false;
+                    SecretKey sk = (SecretKey)obj;
+                    return prf.getAlgorithm().equalsIgnoreCase(sk.getAlgorithm()) &&
+                            Arrays.equals(password, sk.getEncoded());
+                }
+            };
             prf.init(macKey);
 
             byte[] ibytes = new byte[4];
@@ -230,7 +255,7 @@
      * @throws ObjectStreamException if a new object representing
      * this PBE key could not be created
      */
-    private Object writeReplace() throws java.io.ObjectStreamException {
+    private Object writeReplace() throws ObjectStreamException {
             return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
                               getFormat(), getEncoded());
     }
--- a/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Wed Dec 16 16:25:08 2009 -0800
@@ -26,6 +26,7 @@
 package com.sun.jmx.mbeanserver;
 
 import java.lang.annotation.Annotation;
+import java.lang.ref.SoftReference;
 import java.lang.reflect.AnnotatedElement;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
@@ -33,8 +34,13 @@
 import java.lang.reflect.Proxy;
 import java.lang.reflect.UndeclaredThrowableException;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
+import java.util.LinkedList;
+import java.util.Locale;
 import java.util.Map;
+import java.util.WeakHashMap;
 
 import javax.management.Descriptor;
 import javax.management.DescriptorKey;
@@ -506,11 +512,25 @@
             } else {
                 // Java Beans introspection
                 //
-                BeanInfo bi = java.beans.Introspector.getBeanInfo(complex.getClass());
-                PropertyDescriptor[] pds = bi.getPropertyDescriptors();
-                for (PropertyDescriptor pd : pds)
-                    if (pd.getName().equals(element))
-                        return pd.getReadMethod().invoke(complex);
+                Class<?> clazz = complex.getClass();
+                Method readMethod = null;
+                if (BeansHelper.isAvailable()) {
+                    Object bi = BeansHelper.getBeanInfo(clazz);
+                    Object[] pds = BeansHelper.getPropertyDescriptors(bi);
+                    for (Object pd: pds) {
+                        if (BeansHelper.getPropertyName(pd).equals(element)) {
+                            readMethod = BeansHelper.getReadMethod(pd);
+                            break;
+                        }
+                    }
+                } else {
+                    // Java Beans not available so use simple introspection
+                    // to locate method
+                    readMethod = SimpleIntrospector.getReadMethod(clazz, element);
+                }
+                if (readMethod != null)
+                    return readMethod.invoke(complex);
+
                 throw new AttributeNotFoundException(
                     "Could not find the getter method for the property " +
                     element + " using the Java Beans introspector");
@@ -524,4 +544,235 @@
                 new AttributeNotFoundException(e.getMessage()), e);
         }
     }
+
+    /**
+     * A simple introspector that uses reflection to analyze a class and
+     * identify its "getter" methods. This class is intended for use only when
+     * Java Beans is not present (which implies that there isn't explicit
+     * information about the bean available).
+     */
+    private static class SimpleIntrospector {
+        private SimpleIntrospector() { }
+
+        private static final String GET_METHOD_PREFIX = "get";
+        private static final String IS_METHOD_PREFIX = "is";
+
+        // cache to avoid repeated lookups
+        private static final Map<Class<?>,SoftReference<List<Method>>> cache =
+            Collections.synchronizedMap(
+                new WeakHashMap<Class<?>,SoftReference<List<Method>>> ());
+
+        /**
+         * Returns the list of methods cached for the given class, or {@code null}
+         * if not cached.
+         */
+        private static List<Method> getCachedMethods(Class<?> clazz) {
+            // return cached methods if possible
+            SoftReference<List<Method>> ref = cache.get(clazz);
+            if (ref != null) {
+                List<Method> cached = ref.get();
+                if (cached != null)
+                    return cached;
+            }
+            return null;
+        }
+
+        /**
+         * Returns {@code true} if the given method is a "getter" method (where
+         * "getter" method is a public method of the form getXXX or "boolean
+         * isXXX")
+         */
+        static boolean isReadMethod(Method method) {
+            // ignore static methods
+            int modifiers = method.getModifiers();
+            if (Modifier.isStatic(modifiers))
+                return false;
+
+            String name = method.getName();
+            Class<?>[] paramTypes = method.getParameterTypes();
+            int paramCount = paramTypes.length;
+
+            if (paramCount == 0 && name.length() > 2) {
+                // boolean isXXX()
+                if (name.startsWith(IS_METHOD_PREFIX))
+                    return (method.getReturnType() == boolean.class);
+                // getXXX()
+                if (name.length() > 3 && name.startsWith(GET_METHOD_PREFIX))
+                    return (method.getReturnType() != void.class);
+            }
+            return false;
+        }
+
+        /**
+         * Returns the list of "getter" methods for the given class. The list
+         * is ordered so that isXXX methods appear before getXXX methods - this
+         * is for compatability with the JavaBeans Introspector.
+         */
+        static List<Method> getReadMethods(Class<?> clazz) {
+            // return cached result if available
+            List<Method> cachedResult = getCachedMethods(clazz);
+            if (cachedResult != null)
+                return cachedResult;
+
+            // get list of public methods, filtering out methods that have
+            // been overridden to return a more specific type.
+            List<Method> methods =
+                StandardMBeanIntrospector.getInstance().getMethods(clazz);
+            methods = MBeanAnalyzer.eliminateCovariantMethods(methods);
+
+            // filter out the non-getter methods
+            List<Method> result = new LinkedList<Method>();
+            for (Method m: methods) {
+                if (isReadMethod(m)) {
+                    // favor isXXX over getXXX
+                    if (m.getName().startsWith(IS_METHOD_PREFIX)) {
+                        result.add(0, m);
+                    } else {
+                        result.add(m);
+                    }
+                }
+            }
+
+            // add result to cache
+            cache.put(clazz, new SoftReference<List<Method>>(result));
+
+            return result;
+        }
+
+        /**
+         * Returns the "getter" to read the given property from the given class or
+         * {@code null} if no method is found.
+         */
+        static Method getReadMethod(Class<?> clazz, String property) {
+            // first character in uppercase (compatability with JavaBeans)
+            property = property.substring(0, 1).toUpperCase(Locale.ENGLISH) +
+                property.substring(1);
+            String getMethod = GET_METHOD_PREFIX + property;
+            String isMethod = IS_METHOD_PREFIX + property;
+            for (Method m: getReadMethods(clazz)) {
+                String name = m.getName();
+                if (name.equals(isMethod) || name.equals(getMethod)) {
+                    return m;
+                }
+            }
+            return null;
+        }
+    }
+
+    /**
+     * A class that provides access to the JavaBeans Introspector and
+     * PropertyDescriptors without creating a static dependency on java.beans.
+     */
+    private static class BeansHelper {
+        private static final Class<?> introspectorClass =
+            getClass("java.beans.Introspector");
+        private static final Class<?> beanInfoClass =
+            (introspectorClass == null) ? null : getClass("java.beans.BeanInfo");
+        private static final Class<?> getPropertyDescriptorClass =
+            (beanInfoClass == null) ? null : getClass("java.beans.PropertyDescriptor");
+
+        private static final Method getBeanInfo =
+            getMethod(introspectorClass, "getBeanInfo", Class.class);
+        private static final Method getPropertyDescriptors =
+            getMethod(beanInfoClass, "getPropertyDescriptors");
+        private static final Method getPropertyName =
+            getMethod(getPropertyDescriptorClass, "getName");
+        private static final Method getReadMethod =
+            getMethod(getPropertyDescriptorClass, "getReadMethod");
+
+        private static Class<?> getClass(String name) {
+            try {
+                return Class.forName(name, true, null);
+            } catch (ClassNotFoundException e) {
+                return null;
+            }
+        }
+        private static Method getMethod(Class<?> clazz,
+                                        String name,
+                                        Class<?>... paramTypes)
+        {
+            if (clazz != null) {
+                try {
+                    return clazz.getMethod(name, paramTypes);
+                } catch (NoSuchMethodException e) {
+                    throw new AssertionError(e);
+                }
+            } else {
+                return null;
+            }
+        }
+
+        private BeansHelper() { }
+
+        /**
+         * Returns {@code true} if java.beans is available.
+         */
+        static boolean isAvailable() {
+            return introspectorClass != null;
+        }
+
+        /**
+         * Invokes java.beans.Introspector.getBeanInfo(Class)
+         */
+        static Object getBeanInfo(Class<?> clazz) throws Exception {
+            try {
+                return getBeanInfo.invoke(null, clazz);
+            } catch (InvocationTargetException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof Exception)
+                    throw (Exception)cause;
+                throw new AssertionError(e);
+            } catch (IllegalAccessException iae) {
+                throw new AssertionError(iae);
+            }
+        }
+
+        /**
+         * Invokes java.beans.BeanInfo.getPropertyDescriptors()
+         */
+        static Object[] getPropertyDescriptors(Object bi) {
+            try {
+                return (Object[])getPropertyDescriptors.invoke(bi);
+            } catch (InvocationTargetException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof RuntimeException)
+                    throw (RuntimeException)cause;
+                throw new AssertionError(e);
+            } catch (IllegalAccessException iae) {
+                throw new AssertionError(iae);
+            }
+        }
+
+        /**
+         * Invokes java.beans.PropertyDescriptor.getName()
+         */
+        static String getPropertyName(Object pd) {
+            try {
+                return (String)getPropertyName.invoke(pd);
+            } catch (InvocationTargetException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof RuntimeException)
+                    throw (RuntimeException)cause;
+                throw new AssertionError(e);
+            } catch (IllegalAccessException iae) {
+                throw new AssertionError(iae);
+            }
+        }
+
+        /**
+         * Invokes java.beans.PropertyDescriptor.getReadMethod()
+         */
+        static Method getReadMethod(Object pd) {
+            try {
+                return (Method)getReadMethod.invoke(pd);
+            } catch (InvocationTargetException e) {
+                Throwable cause = e.getCause();
+                if (cause instanceof RuntimeException)
+                    throw (RuntimeException)cause;
+                throw new AssertionError(e);
+            } catch (IllegalAccessException iae) {
+                throw new AssertionError(iae);
+            }
+        }
+    }
 }
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java	Wed Dec 16 16:25:08 2009 -0800
@@ -175,7 +175,7 @@
     /**
      * Get the methods to be analyzed to build the MBean interface.
      */
-    List<Method> getMethods(final Class<?> mbeanType) throws Exception {
+    List<Method> getMethods(final Class<?> mbeanType) {
         return Arrays.asList(mbeanType.getMethods());
     }
 
--- a/src/share/classes/com/sun/security/auth/PolicyFile.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/security/auth/PolicyFile.java	Wed Dec 16 16:25:08 2009 -0800
@@ -34,8 +34,6 @@
 
 import java.security.AccessController;
 import java.security.CodeSource;
-import java.security.Identity;
-import java.security.IdentityScope;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Permission;
@@ -267,7 +265,7 @@
     private boolean initialized = false;
 
     private boolean expandProperties = true;
-    private boolean ignoreIdentityScope = false;
+    private boolean ignoreIdentityScope = true;
 
     // for use with the reflection API
 
@@ -459,9 +457,6 @@
         }
     }
 
-    /** the scope to check */
-    private static IdentityScope scope = null;
-
     /**
      * Checks public key. If it is marked as trusted in
      * the identity database, add it to the policy
--- a/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -99,4 +99,58 @@
      */
     public Object inquireSecContext(InquireType type)
             throws GSSException;
+
+    /**
+     * Requests that the delegation policy be respected. When a true value is
+     * requested, the underlying context would use the delegation policy
+     * defined by the environment as a hint to determine whether credentials
+     * delegation should be performed. This request can only be made on the
+     * context initiator's side and it has to be done prior to the first
+     * call to <code>initSecContext</code>.
+     * <p>
+     * When this flag is false, delegation will only be tried when the
+     * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+     * is true.
+     * <p>
+     * When this flag is true but the
+     * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+     * is false, delegation will be only tried if the delegation policy permits
+     * delegation.
+     * <p>
+     * When both this flag and the
+     * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+     * are true, delegation will be always tried. However, if the delegation
+     * policy does not permit delegation, the value of
+     * {@link #getDelegPolicyState} will be false, even
+     * if delegation is performed successfully.
+     * <p>
+     * In any case, if the delegation is not successful, the value returned
+     * by {@link GSSContext#getCredDelegState()} is false, and the value
+     * returned by {@link #getDelegPolicyState()} is also false.
+     * <p>
+     * Not all mechanisms support delegation policy. Therefore, the
+     * application should check to see if the request was honored with the
+     * {@link #getDelegPolicyState() getDelegPolicyState} method. When
+     * delegation policy is not supported, <code>requestDelegPolicy</code>
+     * should return silently without throwing an exception.
+     * <p>
+     * Note: for the Kerberos 5 mechanism, the delegation policy is expressed
+     * through the OK-AS-DELEGATE flag in the service ticket. When it's true,
+     * the KDC permits delegation to the target server. In a cross-realm
+     * environment, in order for delegation be permitted, all cross-realm TGTs
+     * on the authentication path must also have the OK-AS-DELAGATE flags set.
+     * @param state true if the policy should be respected
+     * @throws GSSException containing the following
+     * major error codes:
+     *   {@link GSSException#FAILURE GSSException.FAILURE}
+     */
+    public void requestDelegPolicy(boolean state) throws GSSException;
+
+    /**
+     * Returns the delegation policy response. Called after a security context
+     * is established. This method can be only called on the initiator's side.
+     * See {@link ExtendedGSSContext#requestDelegPolicy}.
+     * @return the delegation policy response
+     */
+    public boolean getDelegPolicyState();
 }
--- a/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java	Wed Dec 16 16:25:08 2009 -0800
@@ -57,7 +57,10 @@
             id = ((JavaObjectRef)value).getId();
         }
         value = value.dereference(snapshot, field);
-        if (value.isHeapAllocated()) {
+        if (value.isHeapAllocated() &&
+            clazz.getLoader() == snapshot.getNullThing()) {
+            // static fields are only roots if they are in classes
+            //    loaded by the root classloader.
             JavaHeapObject ho = (JavaHeapObject) value;
             String s = "Static reference from " + clazz.getName()
                        + "." + field.getName();
--- a/src/share/classes/com/sun/tracing/ProviderFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/com/sun/tracing/ProviderFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -4,7 +4,10 @@
 import java.util.HashSet;
 import java.io.PrintStream;
 import java.lang.reflect.Field;
-import java.util.logging.Logger;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import sun.security.action.GetPropertyAction;
 
 import sun.tracing.NullProviderFactory;
 import sun.tracing.PrintStreamProviderFactory;
@@ -52,23 +55,17 @@
         HashSet<ProviderFactory> factories = new HashSet<ProviderFactory>();
 
         // Try to instantiate a DTraceProviderFactory
-        String prop = null;
-        try { prop = System.getProperty("com.sun.tracing.dtrace"); }
-        catch (java.security.AccessControlException e) {
-            Logger.getAnonymousLogger().fine(
-                "Cannot access property com.sun.tracing.dtrace");
-        }
+        String prop = AccessController.doPrivileged(
+            new GetPropertyAction("com.sun.tracing.dtrace"));
+
         if ( (prop == null || !prop.equals("disable")) &&
              DTraceProviderFactory.isSupported() ) {
             factories.add(new DTraceProviderFactory());
         }
 
         // Try to instantiate an output stream factory
-        try { prop = System.getProperty("sun.tracing.stream"); }
-        catch (java.security.AccessControlException e) {
-            Logger.getAnonymousLogger().fine(
-                "Cannot access property sun.tracing.stream");
-        }
+        prop = AccessController.doPrivileged(
+            new GetPropertyAction("sun.tracing.stream"));
         if (prop != null) {
             for (String spec : prop.split(",")) {
                 PrintStream ps = getPrintStreamFromSpec(spec);
@@ -89,22 +86,29 @@
         }
     }
 
-    private static PrintStream getPrintStreamFromSpec(String spec) {
+    private static PrintStream getPrintStreamFromSpec(final String spec) {
         try {
             // spec is in the form of <class>.<field>, where <class> is
             // a fully specified class name, and <field> is a static member
             // in that class.  The <field> must be a 'PrintStream' or subtype
             // in order to be used.
-            int fieldpos = spec.lastIndexOf('.');
-            Class<?> cls = Class.forName(spec.substring(0, fieldpos));
-            Field f = cls.getField(spec.substring(fieldpos + 1));
-            Class<?> fieldType = f.getType();
+            final int fieldpos = spec.lastIndexOf('.');
+            final Class<?> cls = Class.forName(spec.substring(0, fieldpos));
+
+            Field f = AccessController.doPrivileged(new PrivilegedExceptionAction<Field>() {
+                public Field run() throws NoSuchFieldException {
+                    return cls.getField(spec.substring(fieldpos + 1));
+                }
+            });
+
             return (PrintStream)f.get(null);
-        } catch (Exception e) {
-            Logger.getAnonymousLogger().warning(
-                "Could not parse sun.tracing.stream property: " + e);
+        } catch (ClassNotFoundException e) {
+            throw new AssertionError(e);
+        } catch (IllegalAccessException e) {
+            throw new AssertionError(e);
+        } catch (PrivilegedActionException e) {
+            throw new AssertionError(e);
         }
-        return null;
     }
 }
 
--- a/src/share/classes/java/awt/Component.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/awt/Component.java	Wed Dec 16 16:25:08 2009 -0800
@@ -871,7 +871,7 @@
                 return comp.canBeFocusOwner();
             }
 
-            public boolean isVisible_NoClientCode(Component comp) {
+            public boolean isVisible(Component comp) {
                 return comp.isVisible_NoClientCode();
             }
             public void setRequestFocusController
@@ -885,6 +885,71 @@
             public void setAppContext(Component comp, AppContext appContext) {
                  comp.appContext = appContext;
             }
+            public Container getParent(Component comp) {
+                return comp.getParent_NoClientCode();
+            }
+            public void setParent(Component comp, Container parent) {
+                comp.parent = parent;
+            }
+            public void setSize(Component comp, int width, int height) {
+                comp.width = width;
+                comp.height = height;
+            }
+            public Point getLocation(Component comp) {
+                return comp.location_NoClientCode();
+            }
+            public void setLocation(Component comp, int x, int y) {
+                comp.x = x;
+                comp.y = y;
+            }
+            public boolean isEnabled(Component comp) {
+                return comp.isEnabledImpl();
+            }
+            public boolean isDisplayable(Component comp) {
+                return comp.peer != null;
+            }
+            public Cursor getCursor(Component comp) {
+                return comp.getCursor_NoClientCode();
+            }
+            public ComponentPeer getPeer(Component comp) {
+                return comp.peer;
+            }
+            public void setPeer(Component comp, ComponentPeer peer) {
+                comp.peer = peer;
+            }
+            public boolean isLightweight(Component comp) {
+                return (comp.peer instanceof LightweightPeer);
+            }
+            public boolean getIgnoreRepaint(Component comp) {
+                return comp.ignoreRepaint;
+            }
+            public int getWidth(Component comp) {
+                return comp.width;
+            }
+            public int getHeight(Component comp) {
+                return comp.height;
+            }
+            public int getX(Component comp) {
+                return comp.x;
+            }
+            public int getY(Component comp) {
+                return comp.y;
+            }
+            public Color getForeground(Component comp) {
+                return comp.foreground;
+            }
+            public Color getBackground(Component comp) {
+                return comp.background;
+            }
+            public void setBackground(Component comp, Color background) {
+                comp.background = background;
+            }
+            public Font getFont(Component comp) {
+                return comp.getFont_NoClientCode();
+            }
+            public void processEvent(Component comp, AWTEvent e) {
+                comp.processEvent(e);
+            }
         });
     }
 
@@ -8021,7 +8086,7 @@
     Container getNativeContainer() {
         Container p = parent;
         while (p != null && p.peer instanceof LightweightPeer) {
-            p = p.getParent();
+            p = p.getParent_NoClientCode();
         }
         return p;
     }
--- a/src/share/classes/java/awt/EventDispatchThread.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/awt/EventDispatchThread.java	Wed Dec 16 16:25:08 2009 -0800
@@ -104,11 +104,8 @@
         } else {
             stopEvent.dispatch();
         }
-        synchronized (theQueue) {
-            if (theQueue.getDispatchThread() == this) {
-                theQueue.detachDispatchThread();
-            }
-        }
+
+        theQueue.detachDispatchThread(this, false);
     }
 
     public void stopDispatching() {
@@ -142,35 +139,7 @@
                 }
             });
         } finally {
-            /*
-             * This synchronized block is to secure that the event dispatch
-             * thread won't die in the middle of posting a new event to the
-             * associated event queue. It is important because we notify
-             * that the event dispatch thread is busy after posting a new event
-             * to its queue, so the EventQueue.dispatchThread reference must
-             * be valid at that point.
-             */
-            synchronized (theQueue) {
-                if (theQueue.getDispatchThread() == this) {
-                    theQueue.detachDispatchThread();
-                }
-                /*
-                 * Event dispatch thread dies in case of an uncaught exception.
-                 * A new event dispatch thread for this queue will be started
-                 * only if a new event is posted to it. In case if no more
-                 * events are posted after this thread died all events that
-                 * currently are in the queue will never be dispatched.
-                 */
-                /*
-                 * Fix for 4648733. Check both the associated java event
-                 * queue and the PostEventQueue.
-                 */
-                if (theQueue.peekEvent() != null ||
-                    !SunToolkit.isPostEventQueueEmpty()) {
-                    theQueue.initDispatchThread();
-                }
-                AWTAutoShutdown.getInstance().notifyThreadFree(this);
-            }
+            theQueue.detachDispatchThread(this, true);
         }
     }
 
--- a/src/share/classes/java/awt/EventQueue.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/awt/EventQueue.java	Wed Dec 16 16:25:08 2009 -0800
@@ -45,6 +45,9 @@
 import sun.awt.EventQueueItem;
 import sun.awt.AWTAccessor;
 
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.Lock;
+
 /**
  * <code>EventQueue</code> is a platform-independent class
  * that queues events, both from the underlying peer classes
@@ -127,6 +130,14 @@
      */
     private EventQueue previousQueue;
 
+    /*
+     * A single lock to synchronize the push()/pop() and related operations with
+     * all the EventQueues from the AppContext. Synchronization on any particular
+     * event queue(s) is not enough: we should lock the whole stack.
+     */
+    private final Lock pushPopLock;
+    private final Condition pushPopCond;
+
     private EventDispatchThread dispatchThread;
 
     private final ThreadGroup threadGroup =
@@ -158,11 +169,11 @@
     static {
         AWTAccessor.setEventQueueAccessor(
             new AWTAccessor.EventQueueAccessor() {
-                public EventQueue getNextQueue(EventQueue eventQueue) {
-                    return eventQueue.nextQueue;
+                public Thread getDispatchThread(EventQueue eventQueue) {
+                    return eventQueue.getDispatchThread();
                 }
-                public Thread getDispatchThread(EventQueue eventQueue) {
-                    return eventQueue.dispatchThread;
+                public boolean isDispatchThreadImpl(EventQueue eventQueue) {
+                    return eventQueue.isDispatchThreadImpl();
                 }
             });
     }
@@ -179,6 +190,9 @@
          * may call AppContext.getAppContext() before createNewAppContext()
          * completes thus causing mess in thread group to appcontext mapping.
          */
+
+        pushPopLock = (Lock)AppContext.getAppContext().get(AppContext.EVENT_QUEUE_LOCK_KEY);
+        pushPopCond = (Condition)AppContext.getAppContext().get(AppContext.EVENT_QUEUE_COND_KEY);
     }
 
     /**
@@ -207,7 +221,8 @@
      */
     final void postEventPrivate(AWTEvent theEvent) {
         theEvent.isPosted = true;
-        synchronized(this) {
+        pushPopLock.lock();
+        try {
             if (dispatchThread == null && nextQueue == null) {
                 if (theEvent.getSource() == AWTAutoShutdown.getInstance()) {
                     return;
@@ -221,6 +236,8 @@
                 return;
             }
             postEvent(theEvent, getPriority(theEvent));
+        } finally {
+            pushPopLock.unlock();
         }
     }
 
@@ -280,9 +297,9 @@
                 if (theEvent.getSource() != AWTAutoShutdown.getInstance()) {
                     AWTAutoShutdown.getInstance().notifyThreadBusy(dispatchThread);
                 }
-                notifyAll();
+                pushPopCond.signalAll();
             } else if (notifyID) {
-                notifyAll();
+                pushPopCond.signalAll();
             }
         } else {
             // The event was not coalesced or has non-Component source.
@@ -290,7 +307,7 @@
             queues[priority].tail.next = newItem;
             queues[priority].tail = newItem;
             if (notifyID) {
-                notifyAll();
+                pushPopCond.signalAll();
             }
         }
     }
@@ -482,7 +499,8 @@
              * event queues are nested with push()/pop().
              */
             SunToolkit.flushPendingEvents();
-            synchronized (this) {
+            pushPopLock.lock();
+            try {
                 for (int i = NUM_PRIORITIES - 1; i >= 0; i--) {
                     if (queues[i].head != null) {
                         EventQueueItem entry = queues[i].head;
@@ -495,7 +513,9 @@
                     }
                 }
                 AWTAutoShutdown.getInstance().notifyThreadFree(dispatchThread);
-                wait();
+                pushPopCond.await();
+            } finally {
+                pushPopLock.unlock();
             }
         } while(true);
     }
@@ -508,7 +528,8 @@
              * event queues are nested with push()/pop().
              */
             SunToolkit.flushPendingEvents();
-            synchronized (this) {
+            pushPopLock.lock();
+            try {
                 for (int i = 0; i < NUM_PRIORITIES; i++) {
                     for (EventQueueItem entry = queues[i].head, prev = null;
                          entry != null; prev = entry, entry = entry.next)
@@ -527,9 +548,11 @@
                         }
                     }
                 }
-                this.waitForID = id;
-                wait();
-                this.waitForID = 0;
+                waitForID = id;
+                pushPopCond.await();
+                waitForID = 0;
+            } finally {
+                pushPopLock.unlock();
             }
         } while(true);
     }
@@ -539,11 +562,16 @@
      * without removing it.
      * @return the first event
      */
-    public synchronized AWTEvent peekEvent() {
-        for (int i = NUM_PRIORITIES - 1; i >= 0; i--) {
-            if (queues[i].head != null) {
-                return queues[i].head.event;
+    public AWTEvent peekEvent() {
+        pushPopLock.lock();
+        try {
+            for (int i = NUM_PRIORITIES - 1; i >= 0; i--) {
+                if (queues[i].head != null) {
+                    return queues[i].head.event;
+                }
             }
+        } finally {
+            pushPopLock.unlock();
         }
 
         return null;
@@ -555,14 +583,19 @@
      * @return the first event of the specified id or <code>null</code>
      *    if there is no such event
      */
-    public synchronized AWTEvent peekEvent(int id) {
-        for (int i = NUM_PRIORITIES - 1; i >= 0; i--) {
-            EventQueueItem q = queues[i].head;
-            for (; q != null; q = q.next) {
-                if (q.event.getID() == id) {
-                    return q.event;
+    public AWTEvent peekEvent(int id) {
+        pushPopLock.lock();
+        try {
+            for (int i = NUM_PRIORITIES - 1; i >= 0; i--) {
+                EventQueueItem q = queues[i].head;
+                for (; q != null; q = q.next) {
+                    if (q.event.getID() == id) {
+                        return q.event;
+                    }
                 }
             }
+        } finally {
+            pushPopLock.unlock();
         }
 
         return null;
@@ -661,17 +694,27 @@
     public static long getMostRecentEventTime() {
         return Toolkit.getEventQueue().getMostRecentEventTimeImpl();
     }
-    private synchronized long getMostRecentEventTimeImpl() {
-        return (Thread.currentThread() == dispatchThread)
-            ? mostRecentEventTime
-            : System.currentTimeMillis();
+    private long getMostRecentEventTimeImpl() {
+        pushPopLock.lock();
+        try {
+            return (Thread.currentThread() == dispatchThread)
+                ? mostRecentEventTime
+                : System.currentTimeMillis();
+        } finally {
+            pushPopLock.unlock();
+        }
     }
 
     /**
      * @return most recent event time on all threads.
      */
-    synchronized long getMostRecentEventTimeEx() {
-        return mostRecentEventTime;
+    long getMostRecentEventTimeEx() {
+        pushPopLock.lock();
+        try {
+            return mostRecentEventTime;
+        } finally {
+            pushPopLock.unlock();
+        }
     }
 
     /**
@@ -689,10 +732,15 @@
     public static AWTEvent getCurrentEvent() {
         return Toolkit.getEventQueue().getCurrentEventImpl();
     }
-    private synchronized AWTEvent getCurrentEventImpl() {
-        return (Thread.currentThread() == dispatchThread)
-            ? ((AWTEvent)currentEvent.get())
-            : null;
+    private AWTEvent getCurrentEventImpl() {
+        pushPopLock.lock();
+        try {
+                return (Thread.currentThread() == dispatchThread)
+                ? ((AWTEvent)currentEvent.get())
+                : null;
+        } finally {
+            pushPopLock.unlock();
+        }
     }
 
     /**
@@ -706,21 +754,22 @@
      * @throws NullPointerException if <code>newEventQueue</code> is <code>null</code>
      * @since           1.2
      */
-    public synchronized void push(EventQueue newEventQueue) {
+    public void push(EventQueue newEventQueue) {
         if (eventLog.isLoggable(PlatformLogger.FINE)) {
             eventLog.fine("EventQueue.push(" + newEventQueue + ")");
         }
 
-        if (nextQueue != null) {
-            nextQueue.push(newEventQueue);
-            return;
-        }
+        pushPopLock.lock();
+        try {
+            EventQueue toPush = this;
+            while (toPush.nextQueue != null) {
+                toPush = toPush.nextQueue;
+            }
 
-        synchronized (newEventQueue) {
             // Transfer all events forward to new EventQueue.
-            while (peekEvent() != null) {
+            while (toPush.peekEvent() != null) {
                 try {
-                    newEventQueue.postEventPrivate(getNextEvent());
+                    newEventQueue.postEventPrivate(toPush.getNextEvent());
                 } catch (InterruptedException ie) {
                     if (eventLog.isLoggable(PlatformLogger.FINE)) {
                         eventLog.fine("Interrupted push", ie);
@@ -728,27 +777,30 @@
                 }
             }
 
-            newEventQueue.previousQueue = this;
-        }
-        /*
-         * Stop the event dispatch thread associated with the currently
-         * active event queue, so that after the new queue is pushed
-         * on the top this event dispatch thread won't prevent AWT from
-         * being automatically shut down.
-         * Use stopDispatchingLater() to avoid deadlock: stopDispatching()
-         * waits for the dispatch thread to exit, so if the dispatch
-         * thread attempts to synchronize on this EventQueue object
-         * it will never exit since we already hold this lock.
-         */
-        if (dispatchThread != null) {
-            dispatchThread.stopDispatchingLater();
-        }
+            newEventQueue.previousQueue = toPush;
 
-        nextQueue = newEventQueue;
+            /*
+             * Stop the event dispatch thread associated with the currently
+             * active event queue, so that after the new queue is pushed
+             * on the top this event dispatch thread won't prevent AWT from
+             * being automatically shut down.
+             * Use stopDispatchingLater() to avoid deadlock: stopDispatching()
+             * waits for the dispatch thread to exit, which in turn waits
+             * for the lock in EQ.detachDispatchThread(), which is hold by
+             * this method.
+             */
+            if (toPush.dispatchThread != null) {
+                toPush.dispatchThread.stopDispatchingLater();
+            }
 
-        AppContext appContext = AppContext.getAppContext();
-        if (appContext.get(AppContext.EVENT_QUEUE_KEY) == this) {
-            appContext.put(AppContext.EVENT_QUEUE_KEY, newEventQueue);
+            toPush.nextQueue = newEventQueue;
+
+            AppContext appContext = AppContext.getAppContext();
+            if (appContext.get(AppContext.EVENT_QUEUE_KEY) == toPush) {
+                appContext.put(AppContext.EVENT_QUEUE_KEY, newEventQueue);
+            }
+        } finally {
+            pushPopLock.unlock();
         }
     }
 
@@ -770,25 +822,24 @@
             eventLog.fine("EventQueue.pop(" + this + ")");
         }
 
-        // To prevent deadlock, we lock on the previous EventQueue before
-        // this one.  This uses the same locking order as everything else
-        // in EventQueue.java, so deadlock isn't possible.
-        EventQueue prev = previousQueue;
-        synchronized ((prev != null) ? prev : this) {
-          synchronized(this) {
-            if (nextQueue != null) {
-                nextQueue.pop();
-                return;
+        EventDispatchThread dt = null;
+        pushPopLock.lock();
+        try {
+            EventQueue toPop = this;
+            while (toPop.nextQueue != null) {
+                toPop = toPop.nextQueue;
             }
-            if (previousQueue == null) {
+            EventQueue prev = toPop.previousQueue;
+            if (prev == null) {
                 throw new EmptyStackException();
             }
+            toPop.previousQueue = null;
 
             // Transfer all events back to previous EventQueue.
-            previousQueue.nextQueue = null;
-            while (peekEvent() != null) {
+            prev.nextQueue = null;
+            while (toPop.peekEvent() != null) {
                 try {
-                    previousQueue.postEventPrivate(getNextEvent());
+                    prev.postEventPrivate(toPop.getNextEvent());
                 } catch (InterruptedException ie) {
                     if (eventLog.isLoggable(PlatformLogger.FINE)) {
                         eventLog.fine("Interrupted pop", ie);
@@ -797,14 +848,14 @@
             }
             AppContext appContext = AppContext.getAppContext();
             if (appContext.get(AppContext.EVENT_QUEUE_KEY) == this) {
-                appContext.put(AppContext.EVENT_QUEUE_KEY, previousQueue);
+                appContext.put(AppContext.EVENT_QUEUE_KEY, prev);
             }
 
-            previousQueue = null;
-          }
+            dt = toPop.dispatchThread;
+        } finally {
+            pushPopLock.unlock();
         }
 
-        EventDispatchThread dt = this.dispatchThread;
         if (dt != null) {
             dt.stopDispatching(); // Must be done outside synchronized
                                   // block to avoid possible deadlock
@@ -833,16 +884,27 @@
      */
     public static boolean isDispatchThread() {
         EventQueue eq = Toolkit.getEventQueue();
-        EventQueue next = eq.nextQueue;
-        while (next != null) {
-            eq = next;
-            next = eq.nextQueue;
+        return eq.isDispatchThreadImpl();
+    }
+
+    final boolean isDispatchThreadImpl() {
+        EventQueue eq = this;
+        pushPopLock.lock();
+        try {
+            EventQueue next = eq.nextQueue;
+            while (next != null) {
+                eq = next;
+                next = eq.nextQueue;
+            }
+            return (Thread.currentThread() == eq.dispatchThread);
+        } finally {
+            pushPopLock.unlock();
         }
-        return (Thread.currentThread() == eq.dispatchThread);
     }
 
     final void initDispatchThread() {
-        synchronized (this) {
+        pushPopLock.lock();
+        try {
             AppContext appContext = AppContext.getAppContext();
             if (dispatchThread == null && !threadGroup.isDestroyed() && !appContext.isDisposed()) {
                 dispatchThread = (EventDispatchThread)
@@ -861,11 +923,45 @@
                 AWTAutoShutdown.getInstance().notifyThreadBusy(dispatchThread);
                 dispatchThread.start();
             }
+        } finally {
+            pushPopLock.unlock();
         }
     }
 
-    final void detachDispatchThread() {
-        dispatchThread = null;
+    final void detachDispatchThread(EventDispatchThread edt, boolean restart) {
+        /*
+         * This synchronized block is to secure that the event dispatch
+         * thread won't die in the middle of posting a new event to the
+         * associated event queue. It is important because we notify
+         * that the event dispatch thread is busy after posting a new event
+         * to its queue, so the EventQueue.dispatchThread reference must
+         * be valid at that point.
+         */
+        pushPopLock.lock();
+        try {
+            EventDispatchThread oldDispatchThread = dispatchThread;
+            if (dispatchThread == edt) {
+                dispatchThread = null;
+            }
+            if (restart) {
+                /*
+                 * Event dispatch thread dies in case of an uncaught exception.
+                 * A new event dispatch thread for this queue will be started
+                 * only if a new event is posted to it. In case if no more
+                 * events are posted after this thread died all events that
+                 * currently are in the queue will never be dispatched.
+                 *
+                 * Fix for 4648733. Check both the associated java event
+                 * queue and the PostEventQueue.
+                 */
+                if ((peekEvent() != null) || !SunToolkit.isPostEventQueueEmpty()) {
+                    initDispatchThread();
+                }
+                AWTAutoShutdown.getInstance().notifyThreadFree(oldDispatchThread);
+            }
+        } finally {
+            pushPopLock.unlock();
+        }
     }
 
     /*
@@ -878,7 +974,12 @@
      * @see    java.awt.EventQueue#detachDispatchThread
      */
     final EventDispatchThread getDispatchThread() {
-        return dispatchThread;
+        pushPopLock.lock();
+        try {
+            return dispatchThread;
+        } finally {
+            pushPopLock.unlock();
+        }
     }
 
     /*
@@ -895,7 +996,8 @@
      */
     final void removeSourceEvents(Object source, boolean removeAllEvents) {
         SunToolkit.flushPendingEvents();
-        synchronized (this) {
+        pushPopLock.lock();
+        try {
             for (int i = 0; i < NUM_PRIORITIES; i++) {
                 EventQueueItem entry = queues[i].head;
                 EventQueueItem prev = null;
@@ -928,43 +1030,49 @@
                 }
                 queues[i].tail = prev;
             }
+        } finally {
+            pushPopLock.unlock();
         }
     }
 
     static void setCurrentEventAndMostRecentTime(AWTEvent e) {
         Toolkit.getEventQueue().setCurrentEventAndMostRecentTimeImpl(e);
     }
-    private synchronized void setCurrentEventAndMostRecentTimeImpl(AWTEvent e)
-    {
-        if (Thread.currentThread() != dispatchThread) {
-            return;
+    private void setCurrentEventAndMostRecentTimeImpl(AWTEvent e) {
+        pushPopLock.lock();
+        try {
+            if (Thread.currentThread() != dispatchThread) {
+                return;
+            }
+
+            currentEvent = new WeakReference(e);
+
+            // This series of 'instanceof' checks should be replaced with a
+            // polymorphic type (for example, an interface which declares a
+            // getWhen() method). However, this would require us to make such
+            // a type public, or to place it in sun.awt. Both of these approaches
+            // have been frowned upon. So for now, we hack.
+            //
+            // In tiger, we will probably give timestamps to all events, so this
+            // will no longer be an issue.
+            long mostRecentEventTime2 = Long.MIN_VALUE;
+            if (e instanceof InputEvent) {
+                InputEvent ie = (InputEvent)e;
+                mostRecentEventTime2 = ie.getWhen();
+            } else if (e instanceof InputMethodEvent) {
+                InputMethodEvent ime = (InputMethodEvent)e;
+                mostRecentEventTime2 = ime.getWhen();
+            } else if (e instanceof ActionEvent) {
+                ActionEvent ae = (ActionEvent)e;
+                mostRecentEventTime2 = ae.getWhen();
+            } else if (e instanceof InvocationEvent) {
+                InvocationEvent ie = (InvocationEvent)e;
+                mostRecentEventTime2 = ie.getWhen();
+            }
+            mostRecentEventTime = Math.max(mostRecentEventTime, mostRecentEventTime2);
+        } finally {
+            pushPopLock.unlock();
         }
-
-        currentEvent = new WeakReference(e);
-
-        // This series of 'instanceof' checks should be replaced with a
-        // polymorphic type (for example, an interface which declares a
-        // getWhen() method). However, this would require us to make such
-        // a type public, or to place it in sun.awt. Both of these approaches
-        // have been frowned upon. So for now, we hack.
-        //
-        // In tiger, we will probably give timestamps to all events, so this
-        // will no longer be an issue.
-        long mostRecentEventTime2 = Long.MIN_VALUE;
-        if (e instanceof InputEvent) {
-            InputEvent ie = (InputEvent)e;
-            mostRecentEventTime2 = ie.getWhen();
-        } else if (e instanceof InputMethodEvent) {
-            InputMethodEvent ime = (InputMethodEvent)e;
-            mostRecentEventTime2 = ime.getWhen();
-        } else if (e instanceof ActionEvent) {
-            ActionEvent ae = (ActionEvent)e;
-            mostRecentEventTime2 = ae.getWhen();
-        } else if (e instanceof InvocationEvent) {
-            InvocationEvent ie = (InvocationEvent)e;
-            mostRecentEventTime2 = ie.getWhen();
-        }
-        mostRecentEventTime = Math.max(mostRecentEventTime, mostRecentEventTime2);
     }
 
     /**
@@ -1045,15 +1153,18 @@
      * or starts a new one otherwise.
      */
     private void wakeup(boolean isShutdown) {
-        synchronized(this) {
+        pushPopLock.lock();
+        try {
             if (nextQueue != null) {
                 // Forward call to the top of EventQueue stack.
                 nextQueue.wakeup(isShutdown);
             } else if (dispatchThread != null) {
-                notifyAll();
+                pushPopCond.signalAll();
             } else if (!isShutdown) {
                 initDispatchThread();
             }
+        } finally {
+            pushPopLock.unlock();
         }
     }
 }
--- a/src/share/classes/java/awt/KeyboardFocusManager.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/awt/KeyboardFocusManager.java	Wed Dec 16 16:25:08 2009 -0800
@@ -53,8 +53,7 @@
 import java.util.StringTokenizer;
 import java.util.WeakHashMap;
 
-import java.util.logging.Level;
-import java.util.logging.Logger;
+import sun.util.logging.PlatformLogger;
 
 import sun.awt.AppContext;
 import sun.awt.HeadlessToolkit;
@@ -111,7 +110,7 @@
 {
 
     // Shared focus engine logger
-    private static final Logger focusLog = Logger.getLogger("java.awt.focus.KeyboardFocusManager");
+    private static final PlatformLogger focusLog = PlatformLogger.getLogger("java.awt.focus.KeyboardFocusManager");
 
     static {
         /* ensure that the necessary native libraries are loaded */
@@ -154,7 +153,7 @@
      */
     private static native void initIDs();
 
-    private static final Logger log = Logger.getLogger("java.awt.KeyboardFocusManager");
+    private static final PlatformLogger log = PlatformLogger.getLogger("java.awt.KeyboardFocusManager");
 
     /**
      * The identifier for the Forward focus traversal keys.
@@ -504,8 +503,8 @@
             if (this == getCurrentKeyboardFocusManager()) {
                 return focusOwner;
             } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                 }
                 throw new SecurityException(notPrivileged);
             }
@@ -609,9 +608,9 @@
     }
 
     void setNativeFocusOwner(Component comp) {
-        if (focusLog.isLoggable(Level.FINEST)) {
-            focusLog.log(Level.FINEST, "Calling peer {0} setCurrentFocusOwner for {1}",
-                         new Object[] {String.valueOf(peer), String.valueOf(comp)});
+        if (focusLog.isLoggable(PlatformLogger.FINEST)) {
+            focusLog.finest("Calling peer {0} setCurrentFocusOwner for {1}",
+                            String.valueOf(peer), String.valueOf(comp));
         }
         peer.setCurrentFocusOwner(comp);
     }
@@ -673,8 +672,8 @@
             if (this == getCurrentKeyboardFocusManager()) {
                 return permanentFocusOwner;
             } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                 }
                 throw new SecurityException(notPrivileged);
             }
@@ -781,8 +780,8 @@
             if (this == getCurrentKeyboardFocusManager()) {
                return focusedWindow;
             } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                 }
                 throw new SecurityException(notPrivileged);
             }
@@ -885,8 +884,8 @@
             if (this == getCurrentKeyboardFocusManager()) {
                return activeWindow;
             } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                 }
                 throw new SecurityException(notPrivileged);
             }
@@ -919,8 +918,8 @@
         Window oldActiveWindow;
         synchronized (KeyboardFocusManager.class) {
             oldActiveWindow = getActiveWindow();
-            if (focusLog.isLoggable(Level.FINER)) {
-                focusLog.log(Level.FINER, "Setting global active window to " + activeWindow + ", old active " + oldActiveWindow);
+            if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                focusLog.finer("Setting global active window to " + activeWindow + ", old active " + oldActiveWindow);
             }
 
             try {
@@ -1215,8 +1214,8 @@
             if (this == getCurrentKeyboardFocusManager()) {
                 return currentFocusCycleRoot;
             } else {
-                if (focusLog.isLoggable(Level.FINER)) {
-                    focusLog.log(Level.FINER, "This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
+                if (focusLog.isLoggable(PlatformLogger.FINER)) {
+                    focusLog.finer("This manager is " + this + ", current is " + getCurrentKeyboardFocusManager());
                 }
                 throw new SecurityException(notPrivileged);
             }
@@ -2149,9 +2148,9 @@
 
         HeavyweightFocusRequest(Component heavyweight, Component descendant,
                                 boolean temporary, CausedFocusEvent.Cause cause) {
-            if (log.isLoggable(Level.FINE)) {
+            if (log.isLoggable(PlatformLogger.FINE)) {
                 if (heavyweight == null) {
-                    log.log(Level.FINE, "Assertion (heavyweight != null) failed");
+                    log.fine("Assertion (heavyweight != null) failed");
                 }
             }
 
@@ -2161,12 +2160,12 @@
         }
         boolean addLightweightRequest(Component descendant,
                                       boolean temporary, CausedFocusEvent.Cause cause) {
-            if (log.isLoggable(Level.FINE)) {
+            if (log.isLoggable(PlatformLogger.FINE)) {
                 if (this == HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) {
-                    log.log(Level.FINE, "Assertion (this != HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) failed");
+                    log.fine("Assertion (this != HeavyweightFocusRequest.CLEAR_GLOBAL_FOCUS_OWNER) failed");
                 }
                 if (descendant == null) {
-                    log.log(Level.FINE, "Assertion (descendant != null) failed");
+                    log.fine("Assertion (descendant != null) failed");
                 }
             }
 
@@ -2339,12 +2338,12 @@
         (Component heavyweight, Component descendant, boolean temporary,
          boolean focusedWindowChangeAllowed, long time, CausedFocusEvent.Cause cause)
     {
-        if (log.isLoggable(Level.FINE)) {
+        if (log.isLoggable(PlatformLogger.FINE)) {
             if (heavyweight == null) {
-                log.log(Level.FINE, "Assertion (heavyweight != null) failed");
+                log.fine("Assertion (heavyweight != null) failed");
             }
             if (time == 0) {
-                log.log(Level.FINE, "Assertion (time != 0) failed");
+                log.fine("Assertion (time != 0) failed");
             }
         }
 
@@ -2361,31 +2360,31 @@
         Component currentFocusOwner = thisManager.getGlobalFocusOwner();
         Component nativeFocusOwner = thisManager.getNativeFocusOwner();
         Window nativeFocusedWindow = thisManager.getNativeFocusedWindow();
-        if (focusLog.isLoggable(Level.FINER)) {
-            focusLog.log(Level.FINER, "SNFH for {0} in {1}",
-                         new Object[] {String.valueOf(descendant), String.valueOf(heavyweight)});
+        if (focusLog.isLoggable(PlatformLogger.FINER)) {
+            focusLog.finer("SNFH for {0} in {1}",
+                           String.valueOf(descendant), String.valueOf(heavyweight));
         }
-        if (focusLog.isLoggable(Level.FINEST)) {
-            focusLog.log(Level.FINEST, "0. Current focus owner {0}",
-                         String.valueOf(currentFocusOwner));
-            focusLog.log(Level.FINEST, "0. Native focus owner {0}",
-                         String.valueOf(nativeFocusOwner));
-            focusLog.log(Level.FINEST, "0. Native focused window {0}",
-                         String.valueOf(nativeFocusedWindow));
+        if (focusLog.isLoggable(PlatformLogger.FINEST)) {
+            focusLog.finest("0. Current focus owner {0}",
+                            String.valueOf(currentFocusOwner));
+            focusLog.finest("0. Native focus owner {0}",
+                            String.valueOf(nativeFocusOwner));
+            focusLog.finest("0. Native focused window {0}",
+                            String.valueOf(nativeFocusedWindow));
         }
         synchronized (heavyweightRequests) {
             HeavyweightFocusRequest hwFocusRequest = getLastHWRequest();
-            if (focusLog.isLoggable(Level.FINEST)) {
-                focusLog.log(Level.FINEST, "Request {0}", String.valueOf(hwFocusRequest));
+            if (focusLog.isLoggable(PlatformLogger.FINEST)) {
+                focusLog.finest("Request {0}", String.valueOf(hwFocusRequest));
             }
             if (hwFocusRequest == null &&
                 heavyweight == nativeFocusOwner)
             {
                 if (descendant == currentFocusOwner) {
                     // Redundant request.
-                    if (focusLog.isLoggable(Level.FINEST))
-                        focusLog.log(Level.FINEST, "1. SNFH_FAILURE for {0}",
-                                     String.valueOf(descendant));
+                    if (focusLog.isLoggable(PlatformLogger.FINEST))
+                        focusLog.finest("1. SNFH_FAILURE for {0}",
+                                        String.valueOf(descendant));
                     return SNFH_FAILURE;
                 }
 
@@ -2417,8 +2416,8 @@
                 // SunToolkit.postPriorityEvent(newFocusOwnerEvent);
                 SunToolkit.postEvent(descendant.appContext, newFocusOwnerEvent);
 
-                if (focusLog.isLoggable(Level.FINEST))
-                    focusLog.log(Level.FINEST, "2. SNFH_HANDLED for {0}", String.valueOf(descendant));
+                if (focusLog.isLoggable(PlatformLogger.FINEST))
+                    focusLog.finest("2. SNFH_HANDLED for {0}", String.valueOf(descendant));
                 return SNFH_SUCCESS_HANDLED;
             } else if (hwFocusRequest != null &&
                        hwFocusRequest.heavyweight == heavyweight) {
@@ -2431,7 +2430,7 @@
                     manager.enqueueKeyEvents(time, descendant);
                 }
 
-                if (focusLog.isLoggable(Level.FINEST))
+                if (focusLog.isLoggable(PlatformLogger.FINEST))
                     focusLog.finest("3. SNFH_HANDLED for lightweight" +
                                     descendant + " in " + heavyweight);
                 return SNFH_SUCCESS_HANDLED;
@@ -2454,7 +2453,7 @@
                                              (hwFocusRequest != null)
                                              ? hwFocusRequest.heavyweight
                                              : nativeFocusedWindow)) {
-                        if (focusLog.isLoggable(Level.FINEST))
+                        if (focusLog.isLoggable(PlatformLogger.FINEST))
                             focusLog.finest("4. SNFH_FAILURE for " + descendant);
                         return SNFH_FAILURE;
                     }
@@ -2464,7 +2463,7 @@
                 heavyweightRequests.add
                     (new HeavyweightFocusRequest(heavyweight, descendant,
                                                  temporary, cause));
-                if (focusLog.isLoggable(Level.FINEST))
+                if (focusLog.isLoggable(PlatformLogger.FINEST))
                     focusLog.finest("5. SNFH_PROCEED for " + descendant);
                 return SNFH_SUCCESS_PROCEED;
             }
@@ -2855,14 +2854,14 @@
         }
 
         KeyboardFocusManager manager = getCurrentKeyboardFocusManager();
-        if (focusLog.isLoggable(Level.FINER)) {
+        if (focusLog.isLoggable(PlatformLogger.FINER)) {
             if (event instanceof FocusEvent || event instanceof WindowEvent) {
-                focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)});
+                focusLog.finer(">>> {0}", String.valueOf(event));
             }
-            if (focusLog.isLoggable(Level.FINER) && event instanceof KeyEvent) {
-                focusLog.log(Level.FINER, "    focus owner is {0}",
-                                          new Object[] {String.valueOf(manager.getGlobalFocusOwner())});
-                focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)});
+            if (focusLog.isLoggable(PlatformLogger.FINER) && event instanceof KeyEvent) {
+                focusLog.finer("    focus owner is {0}",
+                               String.valueOf(manager.getGlobalFocusOwner()));
+                focusLog.finer(">>> {0}", String.valueOf(event));
             }
         }
 
@@ -2946,9 +2945,9 @@
         }
     }
     static void removeLastFocusRequest(Component heavyweight) {
-        if (log.isLoggable(Level.FINE)) {
+        if (log.isLoggable(PlatformLogger.FINE)) {
             if (heavyweight == null) {
-                log.log(Level.FINE, "Assertion (heavyweight != null) failed");
+                log.fine("Assertion (heavyweight != null) failed");
             }
         }
 
--- a/src/share/classes/java/awt/Window.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/awt/Window.java	Wed Dec 16 16:25:08 2009 -0800
@@ -148,6 +148,51 @@
 public class Window extends Container implements Accessible {
 
     /**
+     * Enumeration of available <i>window types</i>.
+     *
+     * A window type defines the generic visual appearance and behavior of a
+     * top-level window. For example, the type may affect the kind of
+     * decorations of a decorated {@code Frame} or {@code Dialog} instance.
+     * <p>
+     * Some platforms may not fully support a certain window type. Depending on
+     * the level of support, some properties of the window type may be
+     * disobeyed.
+     *
+     * @see   #getType
+     * @see   #setType
+     * @since 1.7
+     */
+    public static enum Type {
+        /**
+         * Represents a <i>normal</i> window.
+         *
+         * This is the default type for objects of the {@code Window} class or
+         * its descendants. Use this type for regular top-level windows.
+         */
+        NORMAL,
+
+        /**
+         * Represents a <i>utility</i> window.
+         *
+         * A utility window is usually a small window such as a toolbar or a
+         * palette. The native system may render the window with smaller
+         * title-bar if the window is either a {@code Frame} or a {@code
+         * Dialog} object, and if it has its decorations enabled.
+         */
+        UTILITY,
+
+        /**
+         * Represents a <i>popup</i> window.
+         *
+         * A popup window is a temporary window such as a drop-down menu or a
+         * tooltip. On some platforms, windows of that type may be forcibly
+         * made undecorated even if they are instances of the {@code Frame} or
+         * {@code Dialog} class, and have decorations enabled.
+         */
+        POPUP
+    }
+
+    /**
      * This represents the warning message that is
      * to be displayed in a non secure window. ie :
      * a window that has a security manager installed for
@@ -2718,6 +2763,52 @@
     }
 
     /**
+     * Window type.
+     *
+     * Synchronization: ObjectLock
+     */
+    private Type type = Type.NORMAL;
+
+    /**
+     * Sets the type of the window.
+     *
+     * This method can only be called while the window is not displayable.
+     *
+     * @throws IllegalComponentStateException if the window
+     *         is displayable.
+     * @throws IllegalArgumentException if the type is {@code null}
+     * @see    Component#isDisplayable
+     * @see    #getType
+     * @since 1.7
+     */
+    public void setType(Type type) {
+        if (type == null) {
+            throw new IllegalArgumentException("type should not be null.");
+        }
+        synchronized (getTreeLock()) {
+            if (isDisplayable()) {
+                throw new IllegalComponentStateException(
+                        "The window is displayable.");
+            }
+            synchronized (getObjectLock()) {
+                this.type = type;
+            }
+        }
+    }
+
+    /**
+     * Returns the type of the window.
+     *
+     * @see   #setType
+     * @since 1.7
+     */
+    public Type getType() {
+        synchronized (getObjectLock()) {
+            return type;
+        }
+    }
+
+    /**
      * The window serialized data version.
      *
      * @serial
@@ -3873,6 +3964,18 @@
             public void setLWRequestStatus(Window changed, boolean status) {
                 changed.syncLWRequests = status;
             }
+
+            public boolean isAutoRequestFocus(Window w) {
+                return w.autoRequestFocus;
+            }
+
+            public boolean isTrayIconWindow(Window w) {
+                return w.isTrayIconWindow;
+            }
+
+            public void setTrayIconWindow(Window w, boolean isTrayIconWindow) {
+                w.isTrayIconWindow = isTrayIconWindow;
+            }
         }); // WindowAccessor
     } // static
 
--- a/src/share/classes/java/lang/ClassLoader.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/lang/ClassLoader.java	Wed Dec 16 16:25:08 2009 -0800
@@ -175,15 +175,8 @@
 public abstract class ClassLoader {
 
     private static native void registerNatives();
-
-    // Set of classes which are registered as parallel capable class loaders
-    private static final Set<Class<? extends ClassLoader>> parallelLoaders
-        = Collections.newSetFromMap(Collections.synchronizedMap
-              (new WeakHashMap<Class<? extends ClassLoader>, Boolean>()));
-
     static {
         registerNatives();
-        parallelLoaders.add(ClassLoader.class);
     }
 
     // The parent class loader for delegation
@@ -191,6 +184,52 @@
     // must be added *after* it.
     private final ClassLoader parent;
 
+    /**
+     * Encapsulates the set of parallel capable loader types.
+     */
+    private static class ParallelLoaders {
+        private ParallelLoaders() {}
+
+        // the set of parallel capable loader types
+        private static final Set<Class<? extends ClassLoader>> loaderTypes =
+            Collections.newSetFromMap(
+                new WeakHashMap<Class<? extends ClassLoader>, Boolean>());
+        static {
+            synchronized (loaderTypes) { loaderTypes.add(ClassLoader.class); }
+        }
+
+        /**
+         * Registers the given class loader type as parallel capabale.
+         * Returns {@code true} is successfully registered; {@code false} if
+         * loader's super class is not registered.
+         */
+        static boolean register(Class<? extends ClassLoader> c) {
+            synchronized (loaderTypes) {
+                if (loaderTypes.contains(c.getSuperclass())) {
+                    // register the class loader as parallel capable
+                    // if and only if all of its super classes are.
+                    // Note: given current classloading sequence, if
+                    // the immediate super class is parallel capable,
+                    // all the super classes higher up must be too.
+                    loaderTypes.add(c);
+                    return true;
+                } else {
+                    return false;
+                }
+            }
+        }
+
+        /**
+         * Returns {@code true} if the given class loader type is
+         * registered as parallel capable.
+         */
+        static boolean isRegistered(Class<? extends ClassLoader> c) {
+            synchronized (loaderTypes) {
+                return loaderTypes.contains(c);
+            }
+        }
+    }
+
     // Maps class name to the corresponding lock object when the current
     // class loader is parallel capable.
     // Note: VM also uses this field to decide if the current class loader
@@ -237,7 +276,7 @@
 
     private ClassLoader(Void unused, ClassLoader parent) {
         this.parent = parent;
-        if (parallelLoaders.contains(this.getClass())) {
+        if (ParallelLoaders.isRegistered(this.getClass())) {
             parallelLockMap = new ConcurrentHashMap<String, Object>();
             package2certs = new ConcurrentHashMap<String, Certificate[]>();
             domains =
@@ -1194,24 +1233,7 @@
      * @since   1.7
      */
     protected static boolean registerAsParallelCapable() {
-        Class<? extends ClassLoader> caller = getCaller(1);
-        Class superCls = caller.getSuperclass();
-        boolean result = false;
-        // Explicit synchronization needed for composite action
-        synchronized (parallelLoaders) {
-            if (!parallelLoaders.contains(caller)) {
-                if (parallelLoaders.contains(superCls)) {
-                    // register the immediate caller as parallel capable
-                    // if and only if all of its super classes are.
-                    // Note: given current classloading sequence, if
-                    // the immediate super class is parallel capable,
-                    // all the super classes higher up must be too.
-                    result = true;
-                    parallelLoaders.add(caller);
-                }
-            } else result = true;
-        }
-        return result;
+        return ParallelLoaders.register(getCaller(1));
     }
 
     /**
@@ -2174,4 +2196,3 @@
         return sys;
     }
 }
-
--- a/src/share/classes/java/lang/System.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/lang/System.java	Wed Dec 16 16:25:08 2009 -0800
@@ -620,6 +620,20 @@
     }
 
     /**
+     * Returns the system-dependent line separator string.  It always
+     * returns the same value - the initial value of the {@linkplain
+     * #getProperty(String) system property} {@code line.separator}.
+     *
+     * <p>On UNIX systems, it returns {@code "\n"}; on Microsoft
+     * Windows systems it returns {@code "\r\n"}.
+     */
+    public static String lineSeparator() {
+        return lineSeparator;
+    }
+
+    private static String lineSeparator;
+
+    /**
      * Sets the system properties to the <code>Properties</code>
      * argument.
      * <p>
@@ -1104,6 +1118,7 @@
     private static void initializeSystemClass() {
         props = new Properties();
         initProperties(props);
+        lineSeparator = props.getProperty("line.separator");
         sun.misc.Version.init();
 
         // Workaround until DownloadManager initialization is revisited.
@@ -1192,7 +1207,7 @@
     }
 
     /* returns the class of the caller. */
-    static Class getCallerClass() {
+    static Class<?> getCallerClass() {
         // NOTE use of more generic Reflection.getCallerClass()
         return Reflection.getCallerClass(3);
     }
--- a/src/share/classes/java/net/CookieManager.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/net/CookieManager.java	Wed Dec 16 16:25:08 2009 -0800
@@ -30,6 +30,7 @@
 import java.util.Collections;
 import java.util.Comparator;
 import java.io.IOException;
+import sun.util.logging.PlatformLogger;
 
 /**
  * CookieManager provides a concrete implementation of {@link CookieHandler},
@@ -263,6 +264,7 @@
         if (cookieJar == null)
             return;
 
+    PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
         for (String headerKey : responseHeaders.keySet()) {
             // RFC 2965 3.2.2, key must be 'Set-Cookie2'
             // we also accept 'Set-Cookie' here for backward compatibility
@@ -277,7 +279,16 @@
 
             for (String headerValue : responseHeaders.get(headerKey)) {
                 try {
-                    List<HttpCookie> cookies = HttpCookie.parse(headerValue);
+                    List<HttpCookie> cookies;
+                    try {
+                        cookies = HttpCookie.parse(headerValue);
+                    } catch (IllegalArgumentException e) {
+                        // Bogus header, make an empty list and log the error
+                        cookies = java.util.Collections.EMPTY_LIST;
+                        if (logger.isLoggable(PlatformLogger.SEVERE)) {
+                            logger.severe("Invalid cookie for " + uri + ": " + headerValue);
+                        }
+                    }
                     for (HttpCookie cookie : cookies) {
                         if (cookie.getPath() == null) {
                             // If no path is specified, then by default
--- a/src/share/classes/java/net/HttpCookie.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/net/HttpCookie.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1036,7 +1036,7 @@
                         int version = Integer.parseInt(attrValue);
                         cookie.setVersion(version);
                     } catch (NumberFormatException ignored) {
-                        throw new IllegalArgumentException("Illegal cookie version attribute");
+                        // Just ignore bogus version, it will default to 0 or 1
                     }
                 }
             });
@@ -1147,12 +1147,15 @@
     }
 
     private static String stripOffSurroundingQuote(String str) {
-        if (str != null && str.length() > 0 &&
+        if (str != null && str.length() > 2 &&
             str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') {
             return str.substring(1, str.length() - 1);
-        } else {
-            return str;
         }
+        if (str != null && str.length() > 2 &&
+            str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') {
+            return str.substring(1, str.length() - 1);
+        }
+        return str;
     }
 
     private static boolean equalsIgnoreCase(String s, String t) {
--- a/src/share/classes/java/nio/channels/Selector.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/nio/channels/Selector.java	Wed Dec 16 16:25:08 2009 -0800
@@ -25,6 +25,7 @@
 
 package java.nio.channels;
 
+import java.io.Closeable;
 import java.io.IOException;
 import java.nio.channels.spi.SelectorProvider;
 import java.util.Set;
@@ -202,7 +203,7 @@
  * @see SelectionKey
  */
 
-public abstract class Selector {
+public abstract class Selector implements Closeable {
 
     /**
      * Initializes a new instance of this class.
--- a/src/share/classes/java/util/DualPivotQuicksort.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/util/DualPivotQuicksort.java	Wed Dec 16 16:25:08 2009 -0800
@@ -36,12 +36,12 @@
  * @author Jon Bentley
  * @author Josh Bloch
  *
- * @version 2009.11.16 m765.827.v12a
+ * @version 2009.11.29 m765.827.12i
  */
 final class DualPivotQuicksort {
 
     /**
-     * Suppresses default constructor.
+     * Prevents instantiation.
      */
     private DualPivotQuicksort() {}
 
@@ -84,7 +84,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * @param a the array to be sorted
      * @param fromIndex the index of the first element, inclusive, to be sorted
@@ -101,8 +101,8 @@
     /**
      * Sorts the specified range of the array into ascending order. This
      * method differs from the public {@code sort} method in that the
-     * {@code right} index is inclusive, and it does no range checking on
-     * {@code left} or {@code right}.
+     * {@code right} index is inclusive, and it does no range checking
+     * on {@code left} or {@code right}.
      *
      * @param a the array to be sorted
      * @param left the index of the first element, inclusive, to be sorted
@@ -111,13 +111,13 @@
     private static void doSort(int[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                int ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                int ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else { // Use Dual-Pivot Quicksort on large arrays
             dualPivotQuicksort(a, left, right);
@@ -162,7 +162,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -170,27 +170,26 @@
         int pivot1 = ae2; a[e2] = a[left];
         int pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -200,37 +199,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 int ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) < pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -243,30 +242,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 int ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -289,26 +292,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 int ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -330,7 +362,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * @param a the array to be sorted
      * @param fromIndex the index of the first element, inclusive, to be sorted
@@ -357,13 +389,13 @@
     private static void doSort(long[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                long ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                long ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else { // Use Dual-Pivot Quicksort on large arrays
             dualPivotQuicksort(a, left, right);
@@ -408,7 +440,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -416,27 +448,26 @@
         long pivot1 = ae2; a[e2] = a[left];
         long pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -446,37 +477,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 long ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -489,30 +520,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 long ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -535,26 +570,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 long ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -576,7 +640,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * @param a the array to be sorted
      * @param fromIndex the index of the first element, inclusive, to be sorted
@@ -606,13 +670,13 @@
     private static void doSort(short[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                short ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                short ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else if (right-left+1 > COUNTING_SORT_THRESHOLD_FOR_SHORT_OR_CHAR) {
             // Use counting sort on huge arrays
@@ -671,7 +735,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -679,27 +743,26 @@
         short pivot1 = ae2; a[e2] = a[left];
         short pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -709,37 +772,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 short ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -752,30 +815,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 short ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -798,26 +865,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 short ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -839,7 +935,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * @param a the array to be sorted
      * @param fromIndex the index of the first element, inclusive, to be sorted
@@ -869,13 +965,13 @@
     private static void doSort(char[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                char ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                char ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else if (right-left+1 > COUNTING_SORT_THRESHOLD_FOR_SHORT_OR_CHAR) {
             // Use counting sort on huge arrays
@@ -932,7 +1028,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -940,27 +1036,26 @@
         char pivot1 = ae2; a[e2] = a[left];
         char pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -970,37 +1065,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 char ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -1013,30 +1108,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 char ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -1059,26 +1158,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 char ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -1100,7 +1228,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * @param a the array to be sorted
      * @param fromIndex the index of the first element, inclusive, to be sorted
@@ -1130,13 +1258,13 @@
     private static void doSort(byte[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                byte ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                byte ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else if (right - left + 1 > COUNTING_SORT_THRESHOLD_FOR_BYTE) {
             // Use counting sort on huge arrays
@@ -1195,7 +1323,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -1203,27 +1331,26 @@
         byte pivot1 = ae2; a[e2] = a[left];
         byte pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -1233,37 +1360,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 byte ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -1276,30 +1403,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 byte ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -1322,26 +1453,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 byte ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -1371,7 +1531,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty  and the call is a no-op).
      *
      * <p>The {@code <} relation does not provide a total order on all float
      * values: {@code -0.0f == 0.0f} is {@code true} and a {@code Float.NaN}
@@ -1485,13 +1645,13 @@
     private static void doSort(float[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                float ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                float ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else { // Use Dual-Pivot Quicksort on large arrays
             dualPivotQuicksort(a, left, right);
@@ -1536,7 +1696,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -1544,27 +1704,26 @@
         float pivot1 = ae2; a[e2] = a[left];
         float pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -1574,37 +1733,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 float ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -1617,30 +1776,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 float ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -1663,26 +1826,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 float ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
@@ -1712,7 +1904,7 @@
      * Sorts the specified range of the array into ascending order. The range
      * to be sorted extends from the index {@code fromIndex}, inclusive, to
      * the index {@code toIndex}, exclusive. If {@code fromIndex == toIndex},
-     * the range to be sorted is empty.
+     * the range to be sorted is empty (and the call is a no-op).
      *
      * <p>The {@code <} relation does not provide a total order on all double
      * values: {@code -0.0d == 0.0d} is {@code true} and a {@code Double.NaN}
@@ -1826,13 +2018,13 @@
     private static void doSort(double[] a, int left, int right) {
         // Use insertion sort on tiny arrays
         if (right - left + 1 < INSERTION_SORT_THRESHOLD) {
-            for (int k = left + 1; k <= right; k++) {
-                double ak = a[k];
+            for (int i = left + 1; i <= right; i++) {
+                double ai = a[i];
                 int j;
-                for (j = k - 1; j >= left && ak < a[j]; j--) {
+                for (j = i - 1; j >= left && ai < a[j]; j--) {
                     a[j + 1] = a[j];
                 }
-                a[j + 1] = ak;
+                a[j + 1] = ai;
             }
         } else { // Use Dual-Pivot Quicksort on large arrays
             dualPivotQuicksort(a, left, right);
@@ -1877,7 +2069,7 @@
          * second terciles of the array. Note that pivot1 <= pivot2.
          *
          * The pivots are stored in local variables, and the first and
-         * the last of the sorted elements are moved to the locations
+         * the last of the elements to be sorted are moved to the locations
          * formerly occupied by the pivots. When partitioning is complete,
          * the pivots are swapped back into their final positions, and
          * excluded from subsequent sorting.
@@ -1885,27 +2077,26 @@
         double pivot1 = ae2; a[e2] = a[left];
         double pivot2 = ae4; a[e4] = a[right];
 
-        /*
-         * Partitioning
-         *
-         *   left part         center part                  right part
-         * ------------------------------------------------------------
-         * [ < pivot1  |  pivot1 <= && <= pivot2  |   ?   |  > pivot2 ]
-         * ------------------------------------------------------------
-         *              ^                          ^     ^
-         *              |                          |     |
-         *             less                        k   great
-         */
-
         // Pointers
         int less  = left  + 1; // The index of first element of center part
         int great = right - 1; // The index before first element of right part
 
-        boolean pivotsDiffer = pivot1 != pivot2;
+        boolean pivotsDiffer = (pivot1 != pivot2);
 
         if (pivotsDiffer) {
             /*
+             * Partitioning:
+             *
+             *   left part         center part                    right part
+             * +------------------------------------------------------------+
+             * | < pivot1  |  pivot1 <= && <= pivot2  |    ?    |  > pivot2 |
+             * +------------------------------------------------------------+
+             *              ^                          ^       ^
+             *              |                          |       |
+             *             less                        k     great
+             *
              * Invariants:
+             *
              *              all in (left, less)   < pivot1
              *    pivot1 <= all in [less, k)     <= pivot2
              *              all in (great, right) > pivot2
@@ -1915,37 +2106,37 @@
             outer:
             for (int k = less; k <= great; k++) {
                 double ak = a[k];
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else if (ak > pivot2) {
+                } else if (ak > pivot2) { // Move a[k] to right part
                     while (a[great] > pivot2) {
-                        if (k == great--) {
+                        if (great-- == k) {
                             break outer;
                         }
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // pivot1 <= a[great] <= pivot2
+                        a[k] = a[great];
+                        a[great--] = ak;
                     }
                 }
             }
         } else { // Pivots are equal
             /*
-             * Partition degenerates to the traditional 3-way
-             * (or "Dutch National Flag") partition:
+             * Partition degenerates to the traditional 3-way,
+             * or "Dutch National Flag", partition:
              *
              *   left part   center part            right part
-             * -------------------------------------------------
-             * [  < pivot  |  == pivot  |    ?    |  > pivot   ]
-             * -------------------------------------------------
-             *
+             * +----------------------------------------------+
+             * |  < pivot  |  == pivot  |    ?    |  > pivot  |
+             * +----------------------------------------------+
              *              ^            ^       ^
              *              |            |       |
              *             less          k     great
@@ -1958,30 +2149,34 @@
              *
              * Pointer k is the first index of ?-part
              */
-            outer:
             for (int k = less; k <= great; k++) {
                 double ak = a[k];
                 if (ak == pivot1) {
                     continue;
                 }
-                if (ak < pivot1) {
-                    if (k > less) {
+                if (ak < pivot1) { // Move a[k] to left part
+                    if (k != less) {
                         a[k] = a[less];
                         a[less] = ak;
                     }
                     less++;
-                } else { // a[k] > pivot
+                } else { // (a[k] > pivot1) -  Move a[k] to right part
+                    /*
+                     * We know that pivot1 == a[e3] == pivot2. Thus, we know
+                     * that great will still be >= k when the following loop
+                     * terminates, even though we don't test for it explicitly.
+                     * In other words, a[e3] acts as a sentinel for great.
+                     */
                     while (a[great] > pivot1) {
-                        if (k == great--) {
-                            break outer;
-                        }
+                        great--;
                     }
-                    a[k] = a[great];
-                    a[great--] = ak;
-
-                    if ((ak = a[k]) <  pivot1) {
+                    if (a[great] < pivot1) {
                         a[k] = a[less];
-                        a[less++] = ak;
+                        a[less++] = a[great];
+                        a[great--] = ak;
+                    } else { // a[great] == pivot1
+                        a[k] = pivot1;
+                        a[great--] = ak;
                     }
                 }
             }
@@ -2004,26 +2199,55 @@
         }
 
         /*
-         * If center part is too large (comprises > 5/6 of
-         * the array), swap internal pivot values to ends
+         * If center part is too large (comprises > 2/3 of the array),
+         * swap internal pivot values to ends
          */
-        if (less < e1 && e5 < great) {
+        if (less < e1 && great > e5) {
             while (a[less] == pivot1) {
                 less++;
             }
             while (a[great] == pivot2) {
                 great--;
             }
-            for (int k = less + 1; k <= great; ) {
+
+            /*
+             * Partitioning:
+             *
+             *   left part       center part                   right part
+             * +----------------------------------------------------------+
+             * | == pivot1 |  pivot1 < && < pivot2  |    ?    | == pivot2 |
+             * +----------------------------------------------------------+
+             *              ^                        ^       ^
+             *              |                        |       |
+             *             less                      k     great
+             *
+             * Invariants:
+             *
+             *              all in (*, less)  == pivot1
+             *     pivot1 < all in [less, k)   < pivot2
+             *              all in (great, *) == pivot2
+             *
+             * Pointer k is the first index of ?-part
+             */
+            outer:
+            for (int k = less; k <= great; k++) {
                 double ak = a[k];
-                if (ak == pivot1) {
-                    a[k++] = a[less];
+                if (ak == pivot2) { // Move a[k] to right part
+                    while (a[great] == pivot2) {
+                        if (great-- == k) {
+                            break outer;
+                        }
+                    }
+                    if (a[great] == pivot1) {
+                        a[k] = a[less];
+                        a[less++] = pivot1;
+                    } else { // pivot1 < a[great] < pivot2
+                        a[k] = a[great];
+                    }
+                    a[great--] = pivot2;
+                } else if (ak == pivot1) { // Move a[k] to left part
+                    a[k] = a[less];
                     a[less++] = pivot1;
-                } else if (ak == pivot2) {
-                    a[k] = a[great];
-                    a[great--] = pivot2;
-                } else {
-                    k++;
                 }
             }
         }
--- a/src/share/classes/java/util/Formatter.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/util/Formatter.java	Wed Dec 16 16:25:08 2009 -0800
@@ -2552,9 +2552,6 @@
         private boolean dt = false;
         private char c;
 
-        // cache the line separator
-        private String ls;
-
         private int index(String s) {
             if (s != null) {
                 try {
@@ -2702,9 +2699,7 @@
                 printHashCode(arg);
                 break;
             case Conversion.LINE_SEPARATOR:
-                if (ls == null)
-                    ls = System.getProperty("line.separator");
-                a.append(ls);
+                a.append(System.lineSeparator());
                 break;
             case Conversion.PERCENT_SIGN:
                 a.append('%');
--- a/src/share/classes/java/util/zip/Deflater.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/util/zip/Deflater.java	Wed Dec 16 16:25:08 2009 -0800
@@ -318,7 +318,7 @@
     /**
      * Compresses the input data and fills specified buffer with compressed
      * data. Returns actual number of bytes of compressed data. A return value
-     * of 0 indicates that {@link needsInput() needsInput} should be called
+     * of 0 indicates that {@link #needsInput() needsInput} should be called
      * in order to determine if more input data is required.
      *
      * <p>This method uses {@link #NO_FLUSH} as its compression flush mode.
@@ -339,7 +339,7 @@
     /**
      * Compresses the input data and fills specified buffer with compressed
      * data. Returns actual number of bytes of compressed data. A return value
-     * of 0 indicates that {@link needsInput() needsInput} should be called
+     * of 0 indicates that {@link #needsInput() needsInput} should be called
      * in order to determine if more input data is required.
      *
      * <p>This method uses {@link #NO_FLUSH} as its compression flush mode.
--- a/src/share/classes/java/util/zip/DeflaterOutputStream.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/java/util/zip/DeflaterOutputStream.java	Wed Dec 16 16:25:08 2009 -0800
@@ -66,7 +66,7 @@
      * @param def the compressor ("deflater")
      * @param size the output buffer size
      * @param syncFlush
-     *        if {@code true} the {@link flush()} method of this
+     *        if {@code true} the {@link #flush()} method of this
      *        instance flushes the compressor with flush mode
      *        {@link Deflater#SYNC_FLUSH} before flushing the output
      *        stream, otherwise only flushes the output stream
@@ -114,7 +114,7 @@
      * @param out the output stream
      * @param def the compressor ("deflater")
      * @param syncFlush
-     *        if {@code true} the {@link flush()} method of this
+     *        if {@code true} the {@link #flush()} method of this
      *        instance flushes the compressor with flush mode
      *        {@link Deflater#SYNC_FLUSH} before flushing the output
      *        stream, otherwise only flushes the output stream
@@ -151,7 +151,7 @@
      *
      * @param out the output stream
      * @param syncFlush
-     *        if {@code true} the {@link flush()} method of this
+     *        if {@code true} the {@link #flush()} method of this
      *        instance flushes the compressor with flush mode
      *        {@link Deflater#SYNC_FLUSH} before flushing the output
      *        stream, otherwise only flushes the output stream
@@ -262,10 +262,10 @@
     /**
      * Flushes the compressed output stream.
      *
-     * If {@link DeflaterOutputStream(OutputStream, Deflater, int, boolean)
+     * If {@link #DeflaterOutputStream(OutputStream, Deflater, int, boolean)
      * syncFlush} is {@code true} when this compressed output stream is
-     * constructed this method flushes the underlying {@code compressor}
-     * first with the flush mode {@link Deflater#SYNC_FLUSH} to force
+     * constructed, this method first flushes the underlying {@code compressor}
+     * with the flush mode {@link Deflater#SYNC_FLUSH} to force
      * all pending data to be flushed out to the output stream and then
      * flushes the output stream. Otherwise this method only flushes the
      * output stream without flushing the {@code compressor}.
--- a/src/share/classes/javax/naming/InitialContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/javax/naming/InitialContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -198,6 +198,8 @@
      *
      * <p> This constructor will not modify <tt>environment</tt>
      * or save a reference to it, but may save a clone.
+     * Caller should not modify mutable keys and values in
+     * <tt>environment</tt> after it has been passed to the constructor.
      *
      * @param environment
      *          environment used to create the initial context.
--- a/src/share/classes/javax/naming/directory/InitialDirContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/javax/naming/directory/InitialDirContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2004 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,6 +86,8 @@
      *
      * <p> This constructor will not modify <tt>environment</tt>
      * or save a reference to it, but may save a clone.
+     * Caller should not modify mutable keys and values in
+     * <tt>environment</tt> after it has been passed to the constructor.
      *
      * @param environment
      *          environment used to create the initial DirContext.
--- a/src/share/classes/javax/naming/ldap/InitialLdapContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/javax/naming/ldap/InitialLdapContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2004 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -110,6 +110,8 @@
      *
      * <p> This constructor will not modify its parameters or
      * save references to them, but may save a clone or copy.
+     * Caller should not modify mutable keys and values in
+     * <tt>environment</tt> after it has been passed to the constructor.
      *
      * <p> <tt>connCtls</tt> is used as the underlying context instance's
      * connection request controls.  See the class description
--- a/src/share/classes/javax/security/auth/Subject.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/javax/security/auth/Subject.java	Wed Dec 16 16:25:08 2009 -0800
@@ -40,7 +40,6 @@
 import java.security.PrivilegedActionException;
 import java.security.ProtectionDomain;
 import sun.security.util.ResourcesMgr;
-import sun.security.util.SecurityConstants;
 
 /**
  * <p> A <code>Subject</code> represents a grouping of related information
@@ -239,7 +238,7 @@
     public void setReadOnly() {
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(new AuthPermission("setReadOnly"));
+            sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
         }
 
         this.readOnly = true;
@@ -285,7 +284,7 @@
 
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(new AuthPermission("getSubject"));
+            sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION);
         }
 
         if (acc == null) {
@@ -343,7 +342,7 @@
 
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
+            sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
         }
         if (action == null)
             throw new NullPointerException
@@ -402,7 +401,7 @@
 
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
+            sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
         }
 
         if (action == null)
@@ -456,7 +455,7 @@
 
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
+            sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
         }
 
         if (action == null)
@@ -520,7 +519,7 @@
 
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
+            sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
         }
 
         if (action == null)
@@ -1044,16 +1043,13 @@
                     if (sm != null) {
                         switch (which) {
                         case Subject.PRINCIPAL_SET:
-                            sm.checkPermission(new AuthPermission
-                                        ("modifyPrincipals"));
+                            sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
                             break;
                         case Subject.PUB_CREDENTIAL_SET:
-                            sm.checkPermission(new AuthPermission
-                                        ("modifyPublicCredentials"));
+                            sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
                             break;
                         default:
-                            sm.checkPermission(new AuthPermission
-                                        ("modifyPrivateCredentials"));
+                            sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
                             break;
                         }
                     }
@@ -1073,16 +1069,13 @@
             if (sm != null) {
                 switch (which) {
                 case Subject.PRINCIPAL_SET:
-                    sm.checkPermission
-                        (new AuthPermission("modifyPrincipals"));
+                    sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
                     break;
                 case Subject.PUB_CREDENTIAL_SET:
-                    sm.checkPermission
-                        (new AuthPermission("modifyPublicCredentials"));
+                    sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
                     break;
                 default:
-                    sm.checkPermission
-                        (new AuthPermission("modifyPrivateCredentials"));
+                    sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
                     break;
                 }
             }
@@ -1405,4 +1398,27 @@
             return set.add(o);
         }
     }
+
+    static class AuthPermissionHolder {
+        static final AuthPermission DO_AS_PERMISSION =
+            new AuthPermission("doAs");
+
+        static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
+            new AuthPermission("doAsPrivileged");
+
+        static final AuthPermission SET_READ_ONLY_PERMISSION =
+            new AuthPermission("setReadOnly");
+
+        static final AuthPermission GET_SUBJECT_PERMISSION =
+            new AuthPermission("getSubject");
+
+        static final AuthPermission MODIFY_PRINCIPALS_PERMISSION =
+            new AuthPermission("modifyPrincipals");
+
+        static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION =
+            new AuthPermission("modifyPublicCredentials");
+
+        static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION =
+            new AuthPermission("modifyPrivateCredentials");
+    }
 }
--- a/src/share/classes/javax/swing/Popup.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/javax/swing/Popup.java	Wed Dec 16 16:25:08 2009 -0800
@@ -227,12 +227,8 @@
         HeavyWeightWindow(Window parent) {
             super(parent);
             setFocusableWindowState(false);
-            Toolkit tk = Toolkit.getDefaultToolkit();
-            if (tk instanceof SunToolkit) {
-                // all the short-lived windows like Popups should be
-                // OverrideRedirect on X11 platforms
-                ((SunToolkit)tk).setOverrideRedirect(this);
-            }
+            setType(Window.Type.POPUP);
+
             // Popups are typically transient and most likely won't benefit
             // from true double buffering.  Turn it off here.
             getRootPane().setUseTrueDoubleBuffering(false);
--- a/src/share/classes/org/ietf/jgss/GSSContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/org/ietf/jgss/GSSContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2001 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -678,7 +678,7 @@
      * are not definitive then the method will attempt to treat all
      * available bytes as part of the token.<p>
      *
-     * Other than the possible blocking behaviour described above, this
+     * Other than the possible blocking behavior described above, this
      * method is equivalent to the byte array based {@link #unwrap(byte[],
      * int, int, MessageProp) unwrap} method.<p>
      *
@@ -826,7 +826,7 @@
      * are not definitive then the method will attempt to treat all
      * available bytes as part of the token.<p>
      *
-     * Other than the possible blocking behaviour described above, this
+     * Other than the possible blocking behavior described above, this
      * method is equivalent to the byte array based {@link #verifyMIC(byte[],
      * int, int, byte[], int, int, MessageProp) verifyMIC} method.<p>
      *
@@ -917,7 +917,7 @@
      * getMutualAuthState} method.<p>
      *
      * @param state a boolean value indicating whether mutual
-     * authentication shouls be used or not.
+     * authentication should be used or not.
      * @see #getMutualAuthState()
      *
      * @throws GSSException containing the following
@@ -928,7 +928,7 @@
 
     /**
      * Requests that replay detection be enabled for the
-     * per-message security services after context establishemnt. This
+     * per-message security services after context establishment. This
      * request can only be made on the context initiator's side and it has
      * to be done prior to the first call to
      * <code>initSecContext</code>. During context establishment replay
@@ -958,7 +958,7 @@
 
     /**
      * Requests that sequence checking be enabled for the
-     * per-message security services after context establishemnt. This
+     * per-message security services after context establishment. This
      * request can only be made on the context initiator's side and it has
      * to be done prior to the first call to
      * <code>initSecContext</code>. During context establishment sequence
--- a/src/share/classes/sun/awt/AWTAccessor.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/awt/AWTAccessor.java	Wed Dec 16 16:25:08 2009 -0800
@@ -98,7 +98,7 @@
          * Returns whether the component is visible without invoking
          * any client code.
          */
-        boolean isVisible_NoClientCode(Component comp);
+        boolean isVisible(Component comp);
 
         /**
          * Sets the RequestFocusController.
@@ -114,6 +114,112 @@
          * Sets the appContext of the component.
          */
         void setAppContext(Component comp, AppContext appContext);
+
+        /**
+         * Returns the parent of the component.
+         */
+        Container getParent(Component comp);
+
+        /**
+         * Sets the parent of the component to the specified parent.
+         */
+        void setParent(Component comp, Container parent);
+
+        /**
+         * Resizes the component to the specified width and height.
+         */
+        void setSize(Component comp, int width, int height);
+
+        /**
+         * Returns the location of the component.
+         */
+        Point getLocation(Component comp);
+
+        /**
+         * Moves the component to the new location.
+         */
+        void setLocation(Component comp, int x, int y);
+
+        /**
+         * Determines whether this component is enabled.
+         */
+        boolean isEnabled(Component comp);
+
+        /**
+         * Determines whether this component is displayable.
+         */
+        boolean isDisplayable(Component comp);
+
+        /**
+         * Gets the cursor set in the component.
+         */
+        Cursor getCursor(Component comp);
+
+        /**
+         * Returns the peer of the component.
+         */
+        ComponentPeer getPeer(Component comp);
+
+        /**
+         * Sets the peer of the component to the specified peer.
+         */
+        void setPeer(Component comp, ComponentPeer peer);
+
+        /**
+         * Determines whether this component is lightweight.
+         */
+        boolean isLightweight(Component comp);
+
+        /**
+         * Returns whether or not paint messages received from
+         * the operating system should be ignored.
+         */
+        boolean getIgnoreRepaint(Component comp);
+
+        /**
+         * Returns the width of the component.
+         */
+        int getWidth(Component comp);
+
+        /**
+         * Returns the height of the component.
+         */
+        int getHeight(Component comp);
+
+        /**
+         * Returns the x coordinate of the component.
+         */
+        int getX(Component comp);
+
+        /**
+         * Returns the y coordinate of the component.
+         */
+        int getY(Component comp);
+
+        /**
+         * Gets the foreground color of this component.
+         */
+        Color getForeground(Component comp);
+
+        /**
+         * Gets the background color of this component.
+         */
+        Color getBackground(Component comp);
+
+        /**
+         * Sets the background of this component to the specified color.
+         */
+        void setBackground(Component comp, Color background);
+
+        /**
+         * Gets the font of the component.
+         */
+        Font getFont(Component comp);
+
+        /**
+         * Processes events occurring on this component.
+         */
+        void processEvent(Component comp, AWTEvent e);
     }
 
     /*
@@ -169,6 +275,22 @@
          * components in the specified window to the specified value.
          */
         void setLWRequestStatus(Window changed, boolean status);
+
+        /**
+         * Indicates whether this window should receive focus on subsequently
+         * being shown, or being moved to the front.
+         */
+        boolean isAutoRequestFocus(Window w);
+
+        /**
+         * Indicates whether the specified window is an utility window for TrayIcon.
+         */
+        boolean isTrayIconWindow(Window w);
+
+        /**
+         * Marks the specified window as an utility window for TrayIcon.
+         */
+        void setTrayIconWindow(Window w, boolean isTrayIconWindow);
     }
 
     /*
@@ -249,13 +371,13 @@
      */
     public interface EventQueueAccessor {
         /*
-         * Gets the next event queue.
-         */
-        EventQueue getNextQueue(EventQueue eventQueue);
-        /*
          * Gets the event dispatch thread.
          */
         Thread getDispatchThread(EventQueue eventQueue);
+        /*
+         * Checks if the current thread is EDT for the given EQ.
+         */
+        public boolean isDispatchThreadImpl(EventQueue eventQueue);
     }
 
     /*
--- a/src/share/classes/sun/awt/AppContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/awt/AppContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -43,6 +43,9 @@
 import java.beans.PropertyChangeSupport;
 import java.beans.PropertyChangeListener;
 import sun.util.logging.PlatformLogger;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
 
 /**
  * The AppContext is a table referenced by ThreadGroup which stores
@@ -132,10 +135,17 @@
     /* Since the contents of an AppContext are unique to each Java
      * session, this class should never be serialized. */
 
-    /* The key to put()/get() the Java EventQueue into/from the AppContext.
+    /*
+     * The key to put()/get() the Java EventQueue into/from the AppContext.
      */
     public static final Object EVENT_QUEUE_KEY = new StringBuffer("EventQueue");
 
+    /*
+     * The keys to store EventQueue push/pop lock and condition.
+     */
+    public final static Object EVENT_QUEUE_LOCK_KEY = new StringBuilder("EventQueue.Lock");
+    public final static Object EVENT_QUEUE_COND_KEY = new StringBuilder("EventQueue.Condition");
+
     /* A map of AppContexts, referenced by ThreadGroup.
      */
     private static final Map<ThreadGroup, AppContext> threadGroup2appContext =
@@ -244,6 +254,13 @@
                         return Thread.currentThread().getContextClassLoader();
                     }
                 });
+
+        // Initialize push/pop lock and its condition to be used by all the
+        // EventQueues within this AppContext
+        Lock eventQueuePushPopLock = new ReentrantLock();
+        put(EVENT_QUEUE_LOCK_KEY, eventQueuePushPopLock);
+        Condition eventQueuePushPopCond = eventQueuePushPopLock.newCondition();
+        put(EVENT_QUEUE_COND_KEY, eventQueuePushPopCond);
     }
 
     private static final ThreadLocal<AppContext> threadAppContext =
--- a/src/share/classes/sun/awt/ComponentAccessor.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,483 +0,0 @@
-/*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.awt;
-
-import java.awt.Component;
-import java.awt.Container;
-import java.awt.AWTEvent;
-import java.awt.Font;
-import java.awt.Color;
-import java.awt.Cursor;
-import java.awt.Point;
-
-import java.awt.peer.ComponentPeer;
-
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.lang.reflect.InvocationTargetException;
-
-import sun.util.logging.PlatformLogger;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-/**
- * A collection of methods for modifying package private fields in AWT components.
- * This class is meant to be used by Peer code only. Previously peer code
- * got around this problem by modifying fields from native code. However
- * as we move away from native code to Pure-java peers we need this class.
- *
- * @author Bino George
- */
-
-
-public class ComponentAccessor
-{
-    private static Class componentClass;
-    private static Field fieldX;
-    private static Field fieldY;
-    private static Field fieldWidth;
-    private static Field fieldHeight;
-    private static Method methodGetParentNoClientCode;
-    private static Method methodGetFontNoClientCode;
-    private static Method methodProcessEvent;
-    private static Method methodEnableEvents;
-    private static Field fieldParent;
-    private static Field fieldBackground;
-    private static Field fieldForeground;
-    private static Field fieldFont;
-    private static Field fieldPacked;
-    private static Field fieldIgnoreRepaint;
-    private static Field fieldPeer;
-    private static Field fieldVisible;
-    private static Method methodIsEnabledImpl;
-    private static Method methodGetCursorNoClientCode;
-    private static Method methodLocationNoClientCode;
-
-    private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.ComponentAccessor");
-
-    private ComponentAccessor() {
-    }
-
-    static {
-        AccessController.doPrivileged( new PrivilegedAction() {
-                public Object run() {
-                    try {
-                        componentClass = Class.forName("java.awt.Component");
-                        fieldX  = componentClass.getDeclaredField("x");
-                        fieldX.setAccessible(true);
-                        fieldY  = componentClass.getDeclaredField("y");
-                        fieldY.setAccessible(true);
-                        fieldWidth  = componentClass.getDeclaredField("width");
-                        fieldWidth.setAccessible(true);
-                        fieldHeight  = componentClass.getDeclaredField("height");
-                        fieldHeight.setAccessible(true);
-                        fieldForeground  = componentClass.getDeclaredField("foreground");
-                        fieldForeground.setAccessible(true);
-                        fieldBackground  = componentClass.getDeclaredField("background");
-                        fieldBackground.setAccessible(true);
-                        fieldFont = componentClass.getDeclaredField("font");
-                        fieldFont.setAccessible(true);
-                        methodGetParentNoClientCode = componentClass.getDeclaredMethod("getParent_NoClientCode", (Class[]) null);
-                        methodGetParentNoClientCode.setAccessible(true);
-                        methodGetFontNoClientCode = componentClass.getDeclaredMethod("getFont_NoClientCode", (Class[]) null);
-                        methodGetFontNoClientCode.setAccessible(true);
-                        Class[] argTypes = { AWTEvent.class };
-                        methodProcessEvent = componentClass.getDeclaredMethod("processEvent",argTypes);
-                        methodProcessEvent.setAccessible(true);
-                        Class[] argTypesForMethodEnableEvents = { Long.TYPE };
-                        methodEnableEvents = componentClass.getDeclaredMethod("enableEvents",argTypesForMethodEnableEvents);
-                        methodEnableEvents.setAccessible(true);
-
-                        fieldParent  = componentClass.getDeclaredField("parent");
-                        fieldParent.setAccessible(true);
-                        fieldPacked = componentClass.getDeclaredField("isPacked");
-                        fieldPacked.setAccessible(true);
-                        fieldIgnoreRepaint = componentClass.getDeclaredField("ignoreRepaint");
-                        fieldIgnoreRepaint.setAccessible(true);
-
-                        fieldPeer = componentClass.getDeclaredField("peer");
-                        fieldPeer.setAccessible(true);
-
-                        fieldVisible = componentClass.getDeclaredField("visible");
-                        fieldVisible.setAccessible(true);
-
-                        methodIsEnabledImpl = componentClass.getDeclaredMethod("isEnabledImpl", (Class[]) null);
-                        methodIsEnabledImpl.setAccessible(true);
-
-                        methodGetCursorNoClientCode = componentClass.getDeclaredMethod("getCursor_NoClientCode", (Class[]) null);
-                        methodGetCursorNoClientCode.setAccessible(true);
-
-                        methodLocationNoClientCode = componentClass.getDeclaredMethod("location_NoClientCode", (Class[]) null);
-                        methodLocationNoClientCode.setAccessible(true);
-                    }
-                    catch (NoSuchFieldException e) {
-                        log.fine("Unable to initialize ComponentAccessor", e);
-                    }
-                    catch (ClassNotFoundException e) {
-                        log.fine("Unable to initialize ComponentAccessor", e);
-                    }
-                    catch (NoSuchMethodException e) {
-                        log.fine("Unable to initialize ComponentAccessor", e);
-                    }
-                    // to please javac
-                    return null;
-                }
-            });
-    }
-
-    public static void setX(Component c, int x)
-    {
-        try {
-            fieldX.setInt(c,x);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static void setY(Component c, int y)
-    {
-        try {
-            fieldY.setInt(c,y);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static void setWidth(Component c, int width)
-    {
-        try {
-            fieldWidth.setInt(c,width);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static void setHeight(Component c, int height)
-    {
-        try {
-            fieldHeight.setInt(c,height);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static void setBounds(Component c, int x, int y, int width, int height)
-    {
-        try {
-            fieldX.setInt(c,x);
-            fieldY.setInt(c,y);
-            fieldWidth.setInt(c,width);
-            fieldHeight.setInt(c,height);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static int getX(Component c) {
-        try {
-            return fieldX.getInt(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return 0;
-    }
-
-    public static int getY(Component c) {
-        try {
-            return fieldY.getInt(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return 0;
-    }
-
-    public static int getWidth(Component c) {
-        try {
-            return fieldWidth.getInt(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return 0;
-    }
-
-    public static int getHeight(Component c) {
-        try {
-            return fieldHeight.getInt(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return 0;
-    }
-
-    public static boolean getIsPacked(Component c) {
-        try {
-            return fieldPacked.getBoolean(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return false;
-    }
-
-    public static Container getParent_NoClientCode(Component c) {
-        Container parent=null;
-
-        try {
-            parent = (Container) methodGetParentNoClientCode.invoke(c, (Object[]) null);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-
-        return parent;
-    }
-
-    public static Font getFont_NoClientCode(Component c) {
-        Font font=null;
-
-        try {
-            font = (Font) methodGetFontNoClientCode.invoke(c, (Object[]) null);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-
-        return font;
-    }
-
-    public static void processEvent(Component c, AWTEvent event) {
-        Font font=null;
-
-        try {
-            Object[] args = new Object[1];
-            args[0] = event;
-            methodProcessEvent.invoke(c,args);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-    }
-
-    public static void enableEvents(Component c, long event_mask) {
-        try {
-            Object[] args = new Object[1];
-            args[0] = Long.valueOf(event_mask);
-            methodEnableEvents.invoke(c,args);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-    }
-
-    public static void setParent(Component c, Container parent)
-    {
-        try {
-            fieldParent.set(c,parent);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static Color getForeground(Component c)
-    {
-        Color color = null;
-        try {
-            color = (Color) fieldForeground.get(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return color;
-    }
-
-    public static Color getBackground(Component c)
-    {
-        Color color = null;
-        try {
-            color = (Color) fieldBackground.get(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return color;
-    }
-
-    public static void setBackground(Component c, Color color) {
-        try {
-            fieldBackground.set(c, color);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static Font getFont(Component c)
-    {
-        Font f = null;
-        try {
-            f = (Font) fieldFont.get(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return f;
-    }
-
-    public static ComponentPeer getPeer(Component c) {
-        ComponentPeer peer = null;
-        try {
-            peer = (ComponentPeer)fieldPeer.get(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return peer;
-    }
-
-    public static void setPeer(Component c, ComponentPeer peer) {
-        try {
-            fieldPeer.set(c, peer);
-        } catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-    }
-
-    public static boolean getIgnoreRepaint(Component comp) {
-        try {
-            return fieldIgnoreRepaint.getBoolean(comp);
-        }
-        catch (IllegalAccessException e) {
-            log.fine("Unable to access the Component object", e);
-        }
-
-        return false;
-    }
-
-    public static boolean getVisible(Component c) {
-        try {
-            return fieldVisible.getBoolean(c);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        return false;
-    }
-
-    public static boolean isEnabledImpl(Component c) {
-        boolean enabled = true;
-        try {
-            enabled = (Boolean) methodIsEnabledImpl.invoke(c, (Object[]) null);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-        return enabled;
-    }
-
-    public static Cursor getCursor_NoClientCode(Component c) {
-        Cursor cursor = null;
-
-        try {
-            cursor = (Cursor) methodGetCursorNoClientCode.invoke(c, (Object[]) null);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-
-        return cursor;
-    }
-
-    public static Point getLocation_NoClientCode(Component c) {
-        Point loc = null;
-
-        try {
-            loc = (Point) methodLocationNoClientCode.invoke(c, (Object[]) null);
-        }
-        catch (IllegalAccessException e)
-        {
-            log.fine("Unable to access the Component object", e);
-        }
-        catch (InvocationTargetException e) {
-            log.fine("Unable to invoke on the Component object", e);
-        }
-
-        return loc;
-    }
-
-}
--- a/src/share/classes/sun/awt/GlobalCursorManager.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/awt/GlobalCursorManager.java	Wed Dec 16 16:25:08 2009 -0800
@@ -183,7 +183,7 @@
             }
 
             if (comp instanceof Window) {
-                p = ComponentAccessor.getLocation_NoClientCode(comp);
+                p = AWTAccessor.getComponentAccessor().getLocation(comp);
             } else if (comp instanceof Container) {
                 p = getLocationOnScreen(comp);
             }
@@ -202,7 +202,7 @@
                 }
             }
 
-            setCursor(comp, ComponentAccessor.getCursor_NoClientCode(comp), useCache);
+            setCursor(comp, AWTAccessor.getComponentAccessor().getCursor(comp), useCache);
 
         } catch (IllegalComponentStateException e) {
             // Shouldn't happen, but if it does, abort.
--- a/src/share/classes/sun/awt/SunToolkit.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/awt/SunToolkit.java	Wed Dec 16 16:25:08 2009 -0800
@@ -722,13 +722,7 @@
         EventQueue eq = (EventQueue)appContext.get(AppContext.EVENT_QUEUE_KEY);
 
         AWTAccessor.EventQueueAccessor accessor = AWTAccessor.getEventQueueAccessor();
-        EventQueue next = accessor.getNextQueue(eq);
-        while (next != null) {
-            eq = next;
-            next = accessor.getNextQueue(eq);
-        }
-
-        return (Thread.currentThread() == accessor.getDispatchThread(eq));
+        return accessor.isDispatchThreadImpl(eq);
     }
 
     public Dimension getScreenSize() {
@@ -806,17 +800,9 @@
     }
 
 
-    /**
-     * Makes the window OverrideRedirect, on X11 platforms. See
-     * ICCCM specification for more details about OverrideRedirect
-     * windows. Implemented in XToolkit, no-op in WToolkit.
-     */
-    public void setOverrideRedirect(Window target) {
-    }
+    static final SoftCache imgCache = new SoftCache();
 
-    static SoftCache imgCache = new SoftCache();
-
-    static synchronized Image getImageFromHash(Toolkit tk, URL url) {
+    static Image getImageFromHash(Toolkit tk, URL url) {
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             try {
@@ -844,32 +830,36 @@
                     sm.checkConnect(url.getHost(), url.getPort());
             }
         }
-        Image img = (Image)imgCache.get(url);
-        if (img == null) {
-            try {
-                img = tk.createImage(new URLImageSource(url));
-                imgCache.put(url, img);
-            } catch (Exception e) {
+        synchronized (imgCache) {
+            Image img = (Image)imgCache.get(url);
+            if (img == null) {
+                try {
+                    img = tk.createImage(new URLImageSource(url));
+                    imgCache.put(url, img);
+                } catch (Exception e) {
+                }
             }
+            return img;
         }
-        return img;
     }
 
-    static synchronized Image getImageFromHash(Toolkit tk,
+    static Image getImageFromHash(Toolkit tk,
                                                String filename) {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkRead(filename);
         }
-        Image img = (Image)imgCache.get(filename);
-        if (img == null) {
-            try {
-                img = tk.createImage(new FileImageSource(filename));
-                imgCache.put(filename, img);
-            } catch (Exception e) {
+        synchronized (imgCache) {
+            Image img = (Image)imgCache.get(filename);
+            if (img == null) {
+                try {
+                    img = tk.createImage(new FileImageSource(filename));
+                    imgCache.put(filename, img);
+                } catch (Exception e) {
+                }
             }
+            return img;
         }
-        return img;
     }
 
     public Image getImage(String filename) {
@@ -1129,6 +1119,18 @@
     }
 
     /**
+     * Gives native peers the ability to query the closest HW component.
+     * If the given component is heavyweight, then it returns this. Otherwise,
+     * it goes one level up in the hierarchy and tests next component.
+     */
+    public static Component getHeavyweightComponent(Component c) {
+        while (c != null && AWTAccessor.getComponentAccessor().isLightweight(c)) {
+            c = AWTAccessor.getComponentAccessor().getParent(c);
+        }
+        return c;
+    }
+
+    /**
      * Returns a new input method window, with behavior as specified in
      * {@link java.awt.im.spi.InputMethodContext#createInputMethodWindow}.
      * If the inputContext is not null, the window should return it from its
--- a/src/share/classes/sun/awt/WindowAccessor.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,96 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.awt;
-
-import java.awt.Window;
-
-import java.lang.reflect.Field;
-
-import sun.util.logging.PlatformLogger;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-public class WindowAccessor {
-
-    private static Class windowClass;
-    private static Field fieldIsAutoRequestFocus;
-    private static Field fieldIsTrayIconWindow;
-
-    private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.WindowAccessor");
-
-    private WindowAccessor() {
-    }
-
-    static {
-        AccessController.doPrivileged( new PrivilegedAction() {
-                public Object run() {
-                    try {
-                        windowClass = Class.forName("java.awt.Window");
-                        fieldIsAutoRequestFocus = windowClass.getDeclaredField("autoRequestFocus");
-                        fieldIsAutoRequestFocus.setAccessible(true);
-                        fieldIsTrayIconWindow = windowClass.getDeclaredField("isTrayIconWindow");
-                        fieldIsTrayIconWindow.setAccessible(true);
-
-                    } catch (NoSuchFieldException e) {
-                        log.fine("Unable to initialize WindowAccessor: ", e);
-                    } catch (ClassNotFoundException e) {
-                        log.fine("Unable to initialize WindowAccessor: ", e);
-                    }
-                    return null;
-                }
-            });
-    }
-
-    public static boolean isAutoRequestFocus(Window w) {
-        try {
-            return fieldIsAutoRequestFocus.getBoolean(w);
-
-        } catch (IllegalAccessException e) {
-            log.fine("Unable to access the Window object", e);
-        }
-        return true;
-    }
-
-    public static boolean isTrayIconWindow(Window w) {
-        try {
-            return fieldIsTrayIconWindow.getBoolean(w);
-
-        } catch (IllegalAccessException e) {
-            log.fine("Unable to access the Window object", e);
-        }
-        return false;
-    }
-
-    public static void setTrayIconWindow(Window w, boolean isTrayIconWindow) {
-        try {
-            fieldIsTrayIconWindow.set(w, isTrayIconWindow);
-
-        } catch (IllegalAccessException e) {
-            log.fine("Unable to access the Window object", e);
-        }
-    }
-}
--- a/src/share/classes/sun/awt/datatransfer/DataTransferer.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/awt/datatransfer/DataTransferer.java	Wed Dec 16 16:25:08 2009 -0800
@@ -51,6 +51,9 @@
 import java.io.SequenceInputStream;
 import java.io.StringReader;
 
+import java.net.URI;
+import java.net.URISyntaxException;
+
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.Charset;
@@ -626,6 +629,14 @@
     public abstract boolean isImageFormat(long format);
 
     /**
+     * Determines whether the format is a URI list we can convert to
+     * a DataFlavor.javaFileListFlavor.
+     */
+    protected boolean isURIListFormat(long format) {
+        return false;
+    }
+
+    /**
      * Returns a Map whose keys are all of the possible formats into which the
      * Transferable's transfer data flavors can be translated. The value of
      * each key is the DataFlavor in which the Transferable's data should be
@@ -1297,45 +1308,53 @@
             if (!DataFlavor.javaFileListFlavor.equals(flavor)) {
                 throw new IOException("data translation failed");
             }
+
             final List list = (List)obj;
 
-            final ArrayList fileList = new ArrayList();
-
             final ProtectionDomain userProtectionDomain = getUserProtectionDomain(contents);
 
-            int nFiles = 0;
-            for (int i = 0; i < list.size(); i++) {
-                Object o = list.get(i);
-                if (o instanceof File || o instanceof String) {
-                    nFiles++;
+            final ArrayList<String> fileList = castToFiles(list, userProtectionDomain);
+
+            bos = convertFileListToBytes(fileList);
+
+
+        // Target data is a URI list. Source data must be a
+        // java.util.List which contains java.io.File or String instances.
+        } else if (isURIListFormat(format)) {
+            if (!DataFlavor.javaFileListFlavor.equals(flavor)) {
+                throw new IOException("data translation failed");
+            }
+            String nat = getNativeForFormat(format);
+            String targetCharset = null;
+            if (nat != null) {
+                try {
+                    targetCharset = new DataFlavor(nat).getParameter("charset");
+                } catch (ClassNotFoundException cnfe) {
+                    throw new IOException(cnfe);
                 }
             }
-
-            try {
-                AccessController.doPrivileged(new PrivilegedExceptionAction() {
-                    public Object run() throws IOException {
-                        for (Object fileObject : list)
-                        {
-                            File file = castToFile(fileObject);
-                            if (null == System.getSecurityManager() ||
-                                !(isFileInWebstartedCache(file) ||
-                                isForbiddenToRead(file, userProtectionDomain)))
-                            {
-                                fileList.add(file.getCanonicalPath());
-                            }
-                        }
-                        return null;
-                    }
-                });
-            } catch (PrivilegedActionException pae) {
-                throw new IOException(pae.getMessage());
+            if (targetCharset == null) {
+                targetCharset = "UTF-8";
             }
-
-            for (int i = 0; i < fileList.size(); i++)
-            {
-                byte[] bytes = ((String)fileList.get(i)).getBytes();
-                if (i != 0) bos.write(0);
+            final List list = (List)obj;
+            final ProtectionDomain userProtectionDomain = getUserProtectionDomain(contents);
+            final ArrayList<String> fileList = castToFiles(list, userProtectionDomain);
+            final ArrayList<String> uriList = new ArrayList<String>(fileList.size());
+            for (String fileObject : fileList) {
+                final URI uri = new File(fileObject).toURI();
+                // Some implementations are fussy about the number of slashes (file:///path/to/file is best)
+                try {
+                    uriList.add(new URI(uri.getScheme(), "", uri.getPath(), uri.getFragment()).toString());
+                } catch (URISyntaxException uriSyntaxException) {
+                    throw new IOException(uriSyntaxException);
+                  }
+              }
+
+            byte[] eoln = "\r\n".getBytes(targetCharset);
+            for (int i = 0; i < uriList.size(); i++) {
+                byte[] bytes = uriList.get(i).getBytes(targetCharset);
                 bos.write(bytes, 0, bytes.length);
+                bos.write(eoln, 0, eoln.length);
             }
 
         // Source data is an InputStream. For arbitrary flavors, just grab the
@@ -1385,6 +1404,8 @@
         return ret;
     }
 
+    protected abstract ByteArrayOutputStream convertFileListToBytes(ArrayList<String> fileList) throws IOException;
+
     private String removeSuspectedData(DataFlavor flavor, final Transferable contents, final String str)
             throws IOException
     {
@@ -1452,6 +1473,33 @@
         return true;
     }
 
+    private ArrayList<String> castToFiles(final List files,
+                                          final ProtectionDomain userProtectionDomain) throws IOException
+    {
+        final ArrayList<String> fileList = new ArrayList<String>();
+        try {
+            AccessController.doPrivileged(new PrivilegedExceptionAction() {
+                public Object run() throws IOException {
+                    for (Object fileObject : files)
+                    {
+                        File file = castToFile(fileObject);
+                        if (file != null &&
+                            (null == System.getSecurityManager() ||
+                            !(isFileInWebstartedCache(file) ||
+                            isForbiddenToRead(file, userProtectionDomain))))
+                        {
+                            fileList.add(file.getCanonicalPath());
+                        }
+                    }
+                    return null;
+                }
+            });
+        } catch (PrivilegedActionException pae) {
+            throw new IOException(pae.getMessage());
+        }
+        return fileList;
+    }
+
     // It is important do not use user's successors
     // of File class.
     private File castToFile(Object fileObject) throws IOException {
@@ -1460,6 +1508,8 @@
             filePath = ((File)fileObject).getCanonicalPath();
         } else if (fileObject instanceof String) {
            filePath = (String) fileObject;
+        } else {
+           return null;
         }
         return new File(filePath);
     }
@@ -1565,6 +1615,29 @@
             // Turn the list of Files into a List and return
             return Arrays.asList(files);
 
+        // Source data is a URI list. Convert to DataFlavor.javaFileListFlavor
+        // where possible.
+        } else if (isURIListFormat(format) && DataFlavor.javaFileListFlavor.equals(flavor)) {
+            try {
+                URI uris[] = dragQueryURIs(str, bytes, format, localeTransferable);
+                if (uris == null) {
+                    return null;
+                }
+                ArrayList files = new ArrayList();
+                for (URI uri : uris) {
+                    try {
+                        files.add(new File(uri));
+                    } catch (IllegalArgumentException illegalArg) {
+                        // When converting from URIs to less generic files,
+                        // common practice (Wine, SWT) seems to be to
+                        // silently drop the URIs that aren't local files.
+                    }
+                }
+                return files;
+            } finally {
+                str.close();
+            }
+
         // Target data is a String. Strip terminating NUL bytes. Decode bytes
         // into characters. Search-and-replace EOLN.
         } else if (String.class.equals(flavor.getRepresentationClass()) &&
@@ -1950,6 +2023,19 @@
     protected abstract String[] dragQueryFile(byte[] bytes);
 
     /**
+     * Decodes URIs from either a byte array or a stream.
+     */
+    protected URI[] dragQueryURIs(InputStream stream,
+                                  byte[] bytes,
+                                  long format,
+                                  Transferable localeTransferable)
+      throws IOException
+    {
+        throw new IOException(
+            new UnsupportedOperationException("not implemented on this platform"));
+    }
+
+    /**
      * Translates either a byte array or an input stream which contain
      * platform-specific image data in the given format into an Image.
      */
--- a/src/share/classes/sun/font/StandardGlyphVector.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/font/StandardGlyphVector.java	Wed Dec 16 16:25:08 2009 -0800
@@ -396,12 +396,19 @@
 
     // !!! not cached, assume TextLayout will cache if necessary
     public Rectangle2D getVisualBounds() {
-        if (glyphs.length == 0) {
-            return new Rectangle2D.Float(0, 0, 0, 0);
+        Rectangle2D result = null;
+        for (int i = 0; i < glyphs.length; ++i) {
+            Rectangle2D glyphVB = getGlyphVisualBounds(i).getBounds2D();
+            if (!glyphVB.isEmpty()) {
+                if (result == null) {
+                    result = glyphVB;
+                } else {
+                    Rectangle2D.union(result, glyphVB, result);
+                }
+            }
         }
-        Rectangle2D result = getGlyphVisualBounds(0).getBounds2D();
-        for (int i = 1; i < glyphs.length; ++i) {
-            Rectangle2D.union(result, getGlyphVisualBounds(i).getBounds2D(), result);
+        if (result == null) {
+            result = new Rectangle2D.Float(0, 0, 0, 0);
         }
         return result;
     }
@@ -1787,8 +1794,19 @@
                 gp.transform(sgv.invdtx);
                 result = gp.getBounds2D();
             }
-            result.setRect(result.getMinX() + x + dx, result.getMinY() + y + dy,
-                           result.getWidth(), result.getHeight());
+            /* Since x is the logical advance of the glyph to this point.
+             * Because of the way that Rectangle.union is specified, this
+             * means that subsequent unioning of a rect including that
+             * will be affected, even if the glyph is empty. So skip such
+             * cases. This alone isn't a complete solution since x==0
+             * may also not be what is wanted. The code that does the
+             * unioning also needs to be aware to ignore empty glyphs.
+             */
+            if (!result.isEmpty()) {
+                result.setRect(result.getMinX() + x + dx,
+                               result.getMinY() + y + dy,
+                               result.getWidth(), result.getHeight());
+            }
             return result;
         }
 
--- a/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java	Wed Dec 16 16:25:08 2009 -0800
@@ -25,6 +25,7 @@
 
 package sun.net.www.protocol.http.spnego;
 
+import com.sun.security.jgss.ExtendedGSSContext;
 import java.io.IOException;
 
 import org.ietf.jgss.GSSContext;
@@ -100,15 +101,10 @@
                                         null,
                                         GSSContext.DEFAULT_LIFETIME);
 
-        // In order to support credential delegation in HTTP/SPNEGO,
-        // we always request it before initSecContext. The current
-        // implementation will check the OK-AS-DELEGATE flag inside
-        // the service ticket of the web server, and only enable
-        // delegation when this flag is set. This check is only
-        // performed when the GSS caller is CALLER_HTTP_NEGOTIATE,
-        // so all other normal GSS-API calls are not affected.
-
-        context.requestCredDeleg(true);
+        // Always respect delegation policy in HTTP/SPNEGO.
+        if (context instanceof ExtendedGSSContext) {
+            ((ExtendedGSSContext)context).requestDelegPolicy(true);
+        }
         oneToken = context.initSecContext(new byte[0], 0, 0);
     }
 
--- a/src/share/classes/sun/security/jgss/GSSContextImpl.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/GSSContextImpl.java	Wed Dec 16 16:25:08 2009 -0800
@@ -89,7 +89,8 @@
  */
 class GSSContextImpl implements ExtendedGSSContext {
 
-    private GSSManagerImpl gssManager = null;
+    private final GSSManagerImpl gssManager;
+    private final boolean initiator;
 
     // private flags for the context state
     private static final int PRE_INIT = 1;
@@ -99,14 +100,12 @@
 
     // instance variables
     private int currentState = PRE_INIT;
-    private boolean initiator;
 
     private GSSContextSpi mechCtxt = null;
     private Oid mechOid = null;
     private ObjectIdentifier objId = null;
 
     private GSSCredentialImpl myCred = null;
-    private GSSCredentialImpl delegCred = null;
 
     private GSSNameImpl srcName = null;
     private GSSNameImpl targName = null;
@@ -121,6 +120,7 @@
     private boolean reqSequenceDetState = true;
     private boolean reqCredDelegState = false;
     private boolean reqAnonState = false;
+    private boolean reqDelegPolicyState = false;
 
     /**
      * Creates a GSSContextImp on the context initiator's side.
@@ -221,6 +221,7 @@
                 mechCtxt.requestSequenceDet(reqSequenceDetState);
                 mechCtxt.requestAnonymity(reqAnonState);
                 mechCtxt.setChannelBinding(channelBindings);
+                mechCtxt.requestDelegPolicy(reqDelegPolicyState);
 
                 objId = new ObjectIdentifier(mechOid.toString());
 
@@ -465,42 +466,42 @@
     }
 
     public void requestMutualAuth(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqMutualAuthState = state;
     }
 
     public void requestReplayDet(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqReplayDetState = state;
     }
 
     public void requestSequenceDet(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqSequenceDetState = state;
     }
 
     public void requestCredDeleg(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqCredDelegState = state;
     }
 
     public void requestAnonymity(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqAnonState = state;
     }
 
     public void requestConf(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqConfState = state;
     }
 
     public void requestInteg(boolean state) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqIntegState = state;
     }
 
     public void requestLifetime(int lifetime) throws GSSException {
-        if (mechCtxt == null)
+        if (mechCtxt == null && initiator)
             reqLifetime = lifetime;
     }
 
@@ -630,6 +631,8 @@
         targName = null;
     }
 
+    // ExtendedGSSContext methods:
+
     @Override
     public Object inquireSecContext(InquireType type) throws GSSException {
         SecurityManager security = System.getSecurityManager();
@@ -641,4 +644,18 @@
         }
         return mechCtxt.inquireSecContext(type);
     }
+
+    @Override
+    public void requestDelegPolicy(boolean state) throws GSSException {
+        if (mechCtxt == null && initiator)
+            reqDelegPolicyState = state;
+    }
+
+    @Override
+    public boolean getDelegPolicyState() {
+        if (mechCtxt != null)
+            return mechCtxt.getDelegPolicyState();
+        else
+            return reqDelegPolicyState;
+    }
 }
--- a/src/share/classes/sun/security/jgss/krb5/InitialToken.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/krb5/InitialToken.java	Wed Dec 16 16:25:08 2009 -0800
@@ -85,32 +85,39 @@
             int size = CHECKSUM_LENGTH_SIZE + CHECKSUM_BINDINGS_SIZE +
                 CHECKSUM_FLAGS_SIZE;
 
+            if (!tgt.isForwardable()) {
+                context.setCredDelegState(false);
+                context.setDelegPolicyState(false);
+            } else if (context.getCredDelegState()) {
+                if (context.getDelegPolicyState()) {
+                    if (!serviceTicket.checkDelegate()) {
+                        // delegation not permitted by server policy, mark it
+                        context.setDelegPolicyState(false);
+                    }
+                }
+            } else if (context.getDelegPolicyState()) {
+                if (serviceTicket.checkDelegate()) {
+                    context.setCredDelegState(true);
+                } else {
+                    context.setDelegPolicyState(false);
+                }
+            }
+
             if (context.getCredDelegState()) {
-                if (context.getCaller() instanceof HttpCaller &&
-                        !serviceTicket.getFlags()[Krb5.TKT_OPTS_DELEGATE]) {
-                    // When the caller is HTTP/SPNEGO and OK-AS-DELEGATE
-                    // is not present in the service ticket, delegation
-                    // is disabled.
-                    context.setCredDelegState(false);
-                } else if (!tgt.isForwardable()) {
-                    // XXX log this resetting of delegation state
-                    context.setCredDelegState(false);
+                KrbCred krbCred = null;
+                CipherHelper cipherHelper =
+                    context.getCipherHelper(serviceTicket.getSessionKey());
+                if (useNullKey(cipherHelper)) {
+                    krbCred = new KrbCred(tgt, serviceTicket,
+                                              EncryptionKey.NULL_KEY);
                 } else {
-                    KrbCred krbCred = null;
-                    CipherHelper cipherHelper =
-                        context.getCipherHelper(serviceTicket.getSessionKey());
-                    if (useNullKey(cipherHelper)) {
-                        krbCred = new KrbCred(tgt, serviceTicket,
-                                                  EncryptionKey.NULL_KEY);
-                    } else {
-                        krbCred = new KrbCred(tgt, serviceTicket,
-                                        serviceTicket.getSessionKey());
-                    }
-                    krbCredMessage = krbCred.getMessage();
-                    size += CHECKSUM_DELEG_OPT_SIZE +
-                            CHECKSUM_DELEG_LGTH_SIZE +
-                            krbCredMessage.length;
+                    krbCred = new KrbCred(tgt, serviceTicket,
+                                    serviceTicket.getSessionKey());
                 }
+                krbCredMessage = krbCred.getMessage();
+                size += CHECKSUM_DELEG_OPT_SIZE +
+                        CHECKSUM_DELEG_LGTH_SIZE +
+                        krbCredMessage.length;
             }
 
             checksumBytes = new byte[size];
@@ -296,6 +303,7 @@
             return delegCreds;
         }
 
+        // Only called by acceptor
         public void setContextFlags(Krb5Context context) {
                 // default for cred delegation is false
             if ((flags & CHECKSUM_DELEG_FLAG) > 0)
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Wed Dec 16 16:25:08 2009 -0800
@@ -78,6 +78,7 @@
     private boolean sequenceDetState  = true;
     private boolean confState  = true;
     private boolean integState  = true;
+    private boolean delegPolicyState = false;
 
     private int mySeqNumber;
     private int peerSeqNumber;
@@ -299,6 +300,21 @@
         return sequenceDetState || replayDetState;
     }
 
+    /**
+     * Requests that the deleg policy be respected.
+     */
+    public final void requestDelegPolicy(boolean value) {
+        if (state == STATE_NEW && isInitiator())
+            delegPolicyState = value;
+    }
+
+    /**
+     * Is deleg policy respected?
+     */
+    public final boolean getDelegPolicyState() {
+        return delegPolicyState;
+    }
+
     /*
      * Anonymity is a little different in that after an application
      * requests anonymity it will want to know whether the mechanism
@@ -422,6 +438,10 @@
         integState = state;
     }
 
+    final void setDelegPolicyState(boolean state) {
+        delegPolicyState = state;
+    }
+
     /**
      * Sets the channel bindings to be used during context
      * establishment.
--- a/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java	Wed Dec 16 16:25:08 2009 -0800
@@ -124,6 +124,8 @@
 
     public void requestInteg(boolean state) throws GSSException;
 
+    public void requestDelegPolicy(boolean state) throws GSSException;
+
     public void setChannelBinding(ChannelBinding cb) throws GSSException;
 
     public boolean getCredDelegState();
@@ -136,6 +138,8 @@
 
     public boolean getAnonymityState();
 
+    public boolean getDelegPolicyState();
+
     public boolean isTransferable() throws GSSException;
 
     public boolean isProtReady();
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -63,6 +63,7 @@
     private boolean sequenceDetState = true;
     private boolean confState = true;
     private boolean integState = true;
+    private boolean delegPolicyState = false;
 
     private GSSNameSpi peerName = null;
     private GSSNameSpi myName = null;
@@ -154,6 +155,14 @@
     }
 
     /**
+     * Requests that deleg policy be respected.
+     */
+    public final void requestDelegPolicy(boolean value) throws GSSException {
+        if (state == STATE_NEW && isInitiator())
+            delegPolicyState = value;
+    }
+
+    /**
      * Is integrity available?
      */
     public final boolean getIntegState() {
@@ -161,6 +170,19 @@
     }
 
     /**
+     * Is deleg policy respected?
+     */
+    public final boolean getDelegPolicyState() {
+        if (isInitiator() && mechContext != null &&
+                mechContext instanceof ExtendedGSSContext &&
+                (state == STATE_IN_PROCESS || state == STATE_DONE)) {
+            return ((ExtendedGSSContext)mechContext).getDelegPolicyState();
+        } else {
+            return delegPolicyState;
+        }
+    }
+
+    /**
      * Requests that credential delegation be done during context
      * establishment.
      */
@@ -173,7 +195,7 @@
      * Is credential delegation enabled?
      */
     public final boolean getCredDelegState() {
-        if (mechContext != null &&
+        if (isInitiator() && mechContext != null &&
                 (state == STATE_IN_PROCESS || state == STATE_DONE)) {
             return mechContext.getCredDelegState();
         } else {
@@ -201,30 +223,6 @@
         return mutualAuthState;
     }
 
-    final void setCredDelegState(boolean state) {
-        credDelegState = state;
-    }
-
-    final void setMutualAuthState(boolean state) {
-        mutualAuthState = state;
-    }
-
-    final void setReplayDetState(boolean state) {
-        replayDetState = state;
-    }
-
-    final void setSequenceDetState(boolean state) {
-        sequenceDetState = state;
-    }
-
-    final void setConfState(boolean state) {
-        confState = state;
-    }
-
-    final void setIntegState(boolean state) {
-        integState = state;
-    }
-
     /**
      * Returns the mechanism oid.
      *
@@ -319,14 +317,9 @@
                 mechToken = GSS_initSecContext(null);
 
                 errorCode = GSSException.DEFECTIVE_TOKEN;
-                byte[] micToken = null;
-                if (!GSSUtil.useMSInterop()) {
-                    // calculate MIC only in normal mode
-                    micToken = generateMechListMIC(DER_mechTypes);
-                }
                 // generate SPNEGO token
                 initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
-                                        mechToken, micToken);
+                                        mechToken, null);
                 if (DEBUG) {
                     System.out.println("SpNegoContext.initSecContext: " +
                                 "sending token of type = " +
@@ -585,15 +578,9 @@
                                 "negotiated result = " + negoResult);
                 }
 
-                // calculate MIC only in normal mode
-                byte[] micToken = null;
-                if (!GSSUtil.useMSInterop() && valid) {
-                    micToken = generateMechListMIC(DER_mechTypes);
-                }
-
                 // generate SPNEGO token
                 NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
-                                mech_wanted, accept_token, micToken);
+                                mech_wanted, accept_token, null);
                 if (DEBUG) {
                     System.out.println("SpNegoContext.acceptSecContext: " +
                                 "sending token of type = " +
@@ -653,6 +640,10 @@
             throw gssException;
         }
 
+        if (state == STATE_DONE) {
+            // now set the context flags for acceptor
+            setContextFlags();
+        }
         return retVal;
     }
 
@@ -703,36 +694,39 @@
         return out;
     }
 
+    // Only called on acceptor side. On the initiator side, most flags
+    // are already set at request. For those that might get chanegd,
+    // state from mech below is used.
     private void setContextFlags() {
 
         if (mechContext != null) {
             // default for cred delegation is false
             if (mechContext.getCredDelegState()) {
-                setCredDelegState(true);
+                credDelegState = true;
             }
             // default for the following are true
             if (!mechContext.getMutualAuthState()) {
-                setMutualAuthState(false);
+                mutualAuthState = false;
             }
             if (!mechContext.getReplayDetState()) {
-                setReplayDetState(false);
+                replayDetState = false;
             }
             if (!mechContext.getSequenceDetState()) {
-                setSequenceDetState(false);
+                sequenceDetState = false;
             }
             if (!mechContext.getIntegState()) {
-                setIntegState(false);
+                integState = false;
             }
             if (!mechContext.getConfState()) {
-                setConfState(false);
+                confState = false;
             }
         }
     }
 
     /**
-     * generate MIC on mechList
+     * generate MIC on mechList. Not used at the moment.
      */
-    private byte[] generateMechListMIC(byte[] mechTypes)
+    /*private byte[] generateMechListMIC(byte[] mechTypes)
         throws GSSException {
 
         // sanity check the required input
@@ -769,7 +763,7 @@
             }
         }
         return mic;
-    }
+    }*/
 
     /**
      * verify MIC on MechList
@@ -837,6 +831,10 @@
             mechContext.requestMutualAuth(mutualAuthState);
             mechContext.requestReplayDet(replayDetState);
             mechContext.requestSequenceDet(sequenceDetState);
+            if (mechContext instanceof ExtendedGSSContext) {
+                ((ExtendedGSSContext)mechContext).requestDelegPolicy(
+                        delegPolicyState);
+            }
         }
 
         // pass token
@@ -1202,5 +1200,5 @@
                     "inquireSecContext not supported by underlying mech.");
         }
     }
+}
 
-}
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -57,6 +57,12 @@
                         GSSName.NT_HOSTBASED_SERVICE,
                         GSSName.NT_EXPORT_NAME};
 
+    // The default underlying mech of SPNEGO, must not be SPNEGO itself.
+    private static final Oid DEFAULT_SPNEGO_MECH_OID =
+            ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
+                GSSUtil.GSS_KRB5_MECH_OID:
+                ProviderList.DEFAULT_MECH_OID;
+
     // Use an instance of a GSSManager whose provider list
     // does not include native provider
     final GSSManagerImpl manager;
@@ -100,18 +106,27 @@
                 availableMechs[j++] = mechs[i];
             }
         }
+        // Move the preferred mech to first place
+        for (int i=0; i<availableMechs.length; i++) {
+            if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
+                if (i != 0) {
+                    availableMechs[i] = availableMechs[0];
+                    availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
+                }
+                break;
+            }
+        }
     }
 
     public GSSNameSpi getNameElement(String nameStr, Oid nameType)
-        throws GSSException {
-        // get NameElement for the default Mechanism
-        return manager.getNameElement(nameStr, nameType, null);
+            throws GSSException {
+        return manager.getNameElement(
+                nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
     }
 
     public GSSNameSpi getNameElement(byte[] name, Oid nameType)
-        throws GSSException {
-        // get NameElement for the default Mechanism
-        return manager.getNameElement(name, nameType, null);
+            throws GSSException {
+        return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
     }
 
     public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
--- a/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java	Wed Dec 16 16:25:08 2009 -0800
@@ -549,6 +549,9 @@
     public void requestInteg(boolean state) throws GSSException {
         changeFlags(GSS_C_INTEG_FLAG, state);
     }
+    public void requestDelegPolicy(boolean state) throws GSSException {
+        // Not supported, ignore
+    }
     public void requestLifetime(int lifetime) throws GSSException {
         if (isInitiator && pContext == 0) {
             this.lifetime = lifetime;
@@ -590,6 +593,9 @@
     public boolean getIntegState() {
         return checkFlags(GSS_C_INTEG_FLAG);
     }
+    public boolean getDelegPolicyState() {
+        return false;
+    }
     public int getLifetime() {
         return cStub.getContextTime(pContext);
     }
--- a/src/share/classes/sun/security/krb5/Credentials.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/krb5/Credentials.java	Wed Dec 16 16:25:08 2009 -0800
@@ -234,7 +234,19 @@
      * @return true if OK-AS_DELEGATE flag is set, otherwise, return false.
      */
     public boolean checkDelegate() {
-        return (flags.get(Krb5.TKT_OPTS_DELEGATE));
+        return flags.get(Krb5.TKT_OPTS_DELEGATE);
+    }
+
+    /**
+     * Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement
+     * when one of the cross-realm TGTs does not have the OK-AS-DELEGATE
+     * flag set. This info must be preservable and restorable through
+     * the Krb5Util.credsToTicket/ticketToCreds() methods so that even if
+     * the service ticket is cached it still remembers the cross-realm
+     * authentication result.
+     */
+    public void resetDelegate() {
+        flags.set(Krb5.TKT_OPTS_DELEGATE, false);
     }
 
     public Credentials renew() throws KrbException, IOException {
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Wed Dec 16 16:25:08 2009 -0800
@@ -1,5 +1,5 @@
 /*
- * Portions Copyright 2001-2004 Sun Microsystems, Inc.  All Rights Reserved.
+ * Portions Copyright 2001-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,6 +117,7 @@
 
         // Get a list of realms to traverse
         String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
+        boolean okAsDelegate = true;
 
         if (realms == null || realms.length == 0)
         {
@@ -194,6 +195,15 @@
              */
 
             newTgtRealm = newTgt.getServer().getInstanceComponent();
+            if (okAsDelegate && !newTgt.checkDelegate()) {
+                if (DEBUG)
+                {
+                    System.out.println(">>> Credentials acquireServiceCreds: " +
+                            "global OK-AS-DELEGATE turned off at " +
+                            newTgt.getServer());
+                }
+                okAsDelegate = false;
+            }
 
             if (DEBUG)
             {
@@ -283,6 +293,9 @@
                 System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
                 Credentials.printDebug(theCreds);
             }
+            if (!okAsDelegate) {
+                theCreds.resetDelegate();
+            }
             return theCreds;
         }
         throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
--- a/src/share/classes/sun/security/pkcs/PKCS10.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/pkcs/PKCS10.java	Wed Dec 16 16:25:08 2009 -0800
@@ -44,7 +44,6 @@
 import sun.security.x509.AlgorithmId;
 import sun.security.x509.X509Key;
 import sun.security.x509.X500Name;
-import sun.security.x509.X500Signer;
 
 /**
  * A PKCS #10 certificate request is created and sent to a Certificate
@@ -183,13 +182,13 @@
      * Create the signed certificate request.  This will later be
      * retrieved in either string or binary format.
      *
-     * @param requester identifies the signer (by X.500 name)
-     *          and provides the private key used to sign.
+     * @param subject identifies the signer (by X.500 name).
+     * @param signature private key and signing algorithm to use.
      * @exception IOException on errors.
      * @exception CertificateException on certificate handling errors.
      * @exception SignatureException on signature handling errors.
      */
-    public void encodeAndSign(X500Signer requester)
+    public void encodeAndSign(X500Name subject, Signature signature)
     throws CertificateException, IOException, SignatureException {
         DerOutputStream out, scratch;
         byte[]          certificateRequestInfo;
@@ -198,7 +197,7 @@
         if (encoded != null)
             throw new SignatureException("request is already signed");
 
-        subject = requester.getSigner();
+        this.subject = subject;
 
         /*
          * Encode cert request info, wrap in a sequence for signing
@@ -217,14 +216,20 @@
         /*
          * Sign it ...
          */
-        requester.update(certificateRequestInfo, 0,
+        signature.update(certificateRequestInfo, 0,
                 certificateRequestInfo.length);
-        sig = requester.sign();
+        sig = signature.sign();
 
         /*
          * Build guts of SIGNED macro
          */
-        requester.getAlgorithmId().encode(scratch);     // sig algorithm
+        AlgorithmId algId = null;
+        try {
+            algId = AlgorithmId.getAlgorithmId(signature.getAlgorithm());
+        } catch (NoSuchAlgorithmException nsae) {
+            throw new SignatureException(nsae);
+        }
+        algId.encode(scratch);     // sig algorithm
         scratch.putBitString(sig);                      // sig
 
         /*
--- a/src/share/classes/sun/security/provider/IdentityDatabase.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,427 +0,0 @@
-/*
- * Copyright 1996-2006 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.provider;
-
-import java.io.*;
-import java.util.*;
-import java.security.*;
-
-/**
- * An implementation of IdentityScope as a persistent identity
- * database.
- *
- * @see Identity
- * @see Key
- *
- * @author Benjamin Renaud
- */
-public
-class IdentityDatabase extends IdentityScope implements Serializable {
-
-    /** use serialVersionUID from JDK 1.1. for interoperability */
-    private static final long serialVersionUID = 4923799573357658384L;
-
-    /* Are we debugging? */
-    private static final boolean debug = false;
-
-    /* Are we printing out error messages? */
-    private static final boolean error = true;
-
-    /* The source file, if any, for this database.*/
-    File sourceFile;
-
-    /* The private representation of the database.*/
-    Hashtable<String, Identity> identities;
-
-    IdentityDatabase() throws InvalidParameterException {
-        this("restoring...");
-    }
-
-    /**
-     * Construct a new, empty database with a specified source file.
-     *
-     * @param file the source file.
-     */
-    public IdentityDatabase(File file) throws InvalidParameterException {
-        this(file.getName());
-        sourceFile = file;
-    }
-
-    /**
-     * Construct a new, empty database.
-     */
-    public IdentityDatabase(String name) throws InvalidParameterException {
-        super(name);
-        identities = new Hashtable<String, Identity>();
-    }
-
-    /**
-     * Initialize an identity database from a stream. The stream should
-     * contain data to initialized a serialized IdentityDatabase
-     * object.
-     *
-     * @param is the input stream from which to restore the database.
-     *
-     * @exception IOException if a stream IO exception occurs
-     */
-    public static IdentityDatabase fromStream(InputStream is)
-    throws IOException {
-        IdentityDatabase db = null;
-        try {
-            ObjectInputStream ois = new ObjectInputStream(is);
-            db = (IdentityDatabase)ois.readObject();
-        } catch (ClassNotFoundException e) {
-            // this can't happen.
-            debug("This should not be happening.", e);
-            error(
-                "The version of the database is obsolete. Cannot initialize.");
-
-        } catch (InvalidClassException e) {
-            // this may happen in developers workspaces happen.
-            debug("This should not be happening.", e);
-            error("Unable to initialize system identity scope: " +
-                  " InvalidClassException. \nThis is most likely due to " +
-                  "a serialization versioning problem: a class used in " +
-                  "key management was obsoleted");
-
-        } catch (StreamCorruptedException e) {
-            debug("The serialization stream is corrupted. Unable to load.", e);
-            error("Unable to initialize system identity scope." +
-                  " StreamCorruptedException.");
-        }
-
-        if (db == null) {
-            db = new IdentityDatabase("uninitialized");
-        }
-
-        return db;
-    }
-
-    /**
-     * Initialize an IdentityDatabase from file.
-     *
-     * @param f the filename where the identity database is stored.
-     *
-     * @exception IOException a file-related exception occurs (e.g.
-     * the directory of the file passed does not exists, etc.
-     *
-     * @IOException if a file IO exception occurs.
-     */
-    public static IdentityDatabase fromFile(File f) throws IOException {
-        FileInputStream fis = new FileInputStream(f);
-        IdentityDatabase edb = fromStream(fis);
-        edb.sourceFile = f;
-        return edb;
-    }
-
-
-
-    /**
-     * @return the number of identities in the database.
-     */
-   public int size() {
-       return identities.size();
-   }
-
-
-    /**
-     * @param name the name of the identity to be retrieved.
-     *
-     * @return the identity named name, or null if there are
-     * no identities named name in the database.
-     */
-    public Identity getIdentity(String name) {
-        Identity id = identities.get(name);
-        if (id instanceof Signer) {
-            localCheck("get.signer");
-        }
-        return id;
-    }
-
-    /**
-     * Get an identity by key.
-     *
-     * @param name the key of the identity to be retrieved.
-     *
-     * @return the identity with a given key, or null if there are no
-     * identities with that key in the database.
-     */
-    public Identity getIdentity(PublicKey key) {
-        if (key == null) {
-            return null;
-        }
-        Enumeration<Identity> e = identities();
-        while (e.hasMoreElements()) {
-            Identity i = e.nextElement();
-            PublicKey k = i.getPublicKey();
-            if (k != null && keyEqual(k, key)) {
-                if (i instanceof Signer) {
-                    localCheck("get.signer");
-                }
-                return i;
-            }
-        }
-        return null;
-    }
-
-    private boolean keyEqual(Key key1, Key key2) {
-        if (key1 == key2) {
-            return true;
-        } else {
-            return MessageDigest.isEqual(key1.getEncoded(), key2.getEncoded());
-        }
-    }
-
-    /**
-     * Adds an identity to the database.
-     *
-     * @param identity the identity to be added.
-     *
-     * @exception KeyManagementException if a name or key clash
-     * occurs, or if another exception occurs.
-     */
-    public void addIdentity(Identity identity)
-    throws KeyManagementException {
-        localCheck("add.identity");
-        Identity byName = getIdentity(identity.getName());
-        Identity byKey = getIdentity(identity.getPublicKey());
-        String msg = null;
-
-        if (byName != null) {
-            msg = "name conflict";
-        }
-        if (byKey != null) {
-            msg = "key conflict";
-        }
-        if (msg != null) {
-            throw new KeyManagementException(msg);
-        }
-        identities.put(identity.getName(), identity);
-    }
-
-    /**
-     * Removes an identity to the database.
-     */
-    public void removeIdentity(Identity identity)
-    throws KeyManagementException {
-        localCheck("remove.identity");
-        String name = identity.getName();
-        if (identities.get(name) == null) {
-            throw new KeyManagementException("there is no identity named " +
-                                             name + " in " + this);
-        }
-        identities.remove(name);
-    }
-
-    /**
-     * @return an enumeration of all identities in the database.
-     */
-    public Enumeration<Identity> identities() {
-        return identities.elements();
-    }
-
-    /**
-     * Set the source file for this database.
-     */
-    void setSourceFile(File f) {
-        sourceFile = f;
-    }
-
-    /**
-     * @return the source file for this database.
-     */
-    File getSourceFile() {
-        return sourceFile;
-    }
-
-    /**
-     * Save the database in its current state to an output stream.
-     *
-     * @param os the output stream to which the database should be serialized.
-     *
-     * @exception IOException if an IO exception is raised by stream
-     * operations.
-     */
-    public void save(OutputStream os) throws IOException {
-        try {
-            ObjectOutputStream oos = new ObjectOutputStream(os);
-            oos.writeObject(this);
-            oos.flush();
-        } catch (InvalidClassException e) {
-            debug("This should not be happening.", e);
-            return;
-        }
-    }
-
-    /**
-     * Save the database to a file.
-     *
-     * @exception IOException if an IO exception is raised by stream
-     * operations.
-     */
-    void save(File f) throws IOException {
-        setSourceFile(f);
-        FileOutputStream fos = new FileOutputStream(f);
-        save(fos);
-    }
-
-    /**
-     * Saves the database to the default source file.
-     *
-     * @exception KeyManagementException when there is no default source
-     * file specified for this database.
-     */
-    public void save() throws IOException {
-        if (sourceFile == null) {
-            throw new IOException("this database has no source file");
-        }
-        save(sourceFile);
-    }
-
-    /**
-     * This method returns the file from which to initialize the
-     * system database.
-     */
-    private static File systemDatabaseFile() {
-
-        // First figure out where the identity database is hiding, if anywhere.
-        String dbPath = Security.getProperty("identity.database");
-        // if nowhere, it's the canonical place.
-        if (dbPath == null) {
-            dbPath = System.getProperty("user.home") + File.separatorChar +
-                "identitydb.obj";
-        }
-        return new File(dbPath);
-    }
-
-
-    /* This block initializes the system database, if there is one. */
-    static {
-        java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
-            public Void run() {
-                initializeSystem();
-                return null;
-            }
-        });
-    }
-
-    /**
-     * This method initializes the system's identity database. The
-     * canonical location is
-     * <user.home>/identitydatabase.obj. This is settable through
-     * the identity.database property.  */
-    private static void initializeSystem() {
-
-        IdentityDatabase systemDatabase;
-        File dbFile = systemDatabaseFile();
-
-        // Second figure out if it's there, and if it isn't, create one.
-        try {
-            if (dbFile.exists()) {
-                debug("loading system database from file: " + dbFile);
-                systemDatabase = fromFile(dbFile);
-            } else {
-                systemDatabase = new IdentityDatabase(dbFile);
-            }
-            IdentityScope.setSystemScope(systemDatabase);
-            debug("System database initialized: " + systemDatabase);
-        } catch (IOException e) {
-            debug("Error initializing identity database: " + dbFile, e);
-            return;
-        } catch (InvalidParameterException e) {
-            debug("Error trying to instantiate a system identities db in " +
-                               dbFile, e);
-            return;
-        }
-    }
-
-    /*
-    private static File securityPropFile(String filename) {
-        // maybe check for a system property which will specify where to
-        // look.
-        String sep = File.separator;
-        return new File(System.getProperty("java.home") +
-                        sep + "lib" + sep + "security" +
-                        sep + filename);
-    }
-    */
-
-    public String toString() {
-        return "sun.security.provider.IdentityDatabase, source file: " +
-            sourceFile;
-    }
-
-
-    private static void debug(String s) {
-        if (debug) {
-            System.err.println(s);
-        }
-    }
-
-    private static void debug(String s, Throwable t) {
-        if (debug) {
-            t.printStackTrace();
-            System.err.println(s);
-        }
-    }
-
-    private static void error(String s) {
-        if (error) {
-            System.err.println(s);
-        }
-    }
-
-    void localCheck(String directive) {
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            directive = this.getClass().getName() + "." +
-                directive + "." + localFullName();
-            security.checkSecurityAccess(directive);
-        }
-    }
-
-    /**
-     * Returns a parsable name for identity: identityName.scopeName
-     */
-    String localFullName() {
-        String parsable = getName();
-        if (getScope() != null) {
-            parsable += "." +getScope().getName();
-        }
-        return parsable;
-    }
-
-    /**
-     * Serialization write.
-     */
-    private synchronized void writeObject (java.io.ObjectOutputStream stream)
-    throws IOException {
-        localCheck("serialize.identity.database");
-        stream.writeObject(identities);
-        stream.writeObject(sourceFile);
-    }
-}
--- a/src/share/classes/sun/security/provider/PolicyFile.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/provider/PolicyFile.java	Wed Dec 16 16:25:08 2009 -0800
@@ -295,16 +295,13 @@
 
     private static final int DEFAULT_CACHE_SIZE = 1;
 
-    /** the scope to check */
-    private static IdentityScope scope = null;
-
     // contains the policy grant entries, PD cache, and alias mapping
     private AtomicReference<PolicyInfo> policyInfo =
         new AtomicReference<PolicyInfo>();
     private boolean constructed = false;
 
     private boolean expandProperties = true;
-    private boolean ignoreIdentityScope = false;
+    private boolean ignoreIdentityScope = true;
     private boolean allowSystemProperties = true;
     private boolean notUtf8 = false;
     private URL url;
@@ -2024,85 +2021,9 @@
     private boolean checkForTrustedIdentity(final Certificate cert,
         PolicyInfo myInfo)
     {
-        if (cert == null)
-            return false;
-
-        // see if we are ignoring the identity scope or not
-        if (ignoreIdentityScope)
-            return false;
-
-        // try to initialize scope
-        synchronized(PolicyFile.class) {
-            if (scope == null) {
-                IdentityScope is = IdentityScope.getSystemScope();
-
-                if (is instanceof sun.security.provider.IdentityDatabase) {
-                    scope = is;
-                } else {
-                    // leave scope null
-                }
-            }
-        }
-
-        if (scope == null) {
-            ignoreIdentityScope = true;
-            return false;
-        }
-
-        // need privileged block for getIdentity in case we are trying
-        // to get a signer
-        final Identity id = AccessController.doPrivileged(
-                              new java.security.PrivilegedAction<Identity>() {
-            public Identity run() {
-                return scope.getIdentity(cert.getPublicKey());
-            }
-        });
-
-        if (isTrusted(id)) {
-            if (debug != null) {
-                debug.println("Adding policy entry for trusted Identity: ");
-                //needed for identity toString!
-                AccessController.doPrivileged(
-                      new java.security.PrivilegedAction<Void>() {
-                    public Void run() {
-                        debug.println("  identity = " + id);
-                        return null;
-                    }
-                });
-                debug.println("");
-            }
-
-            // add it to the policy for future reference
-            Certificate certs[] = new Certificate[] {cert};
-            PolicyEntry pe = new PolicyEntry(new CodeSource(null, certs));
-            pe.add(SecurityConstants.ALL_PERMISSION);
-
-            myInfo.identityPolicyEntries.add(pe);
-
-            // add it to the mapping as well so
-            // we don't have to go through this again
-            myInfo.aliasMapping.put(cert, id.getName());
-
-            return true;
-        }
         return false;
     }
 
-    private static boolean isTrusted(Identity id) {
-            if (id instanceof SystemIdentity) {
-                SystemIdentity sysid = (SystemIdentity)id;
-                if (sysid.isTrusted()) {
-                    return true;
-                }
-            } else if (id instanceof SystemSigner) {
-                SystemSigner sysid = (SystemSigner)id;
-                if (sysid.isTrusted()) {
-                    return true;
-                }
-            }
-            return false;
-    }
-
     /**
      * Each entry in the policy configuration file is represented by a
      * PolicyEntry object.  <p>
--- a/src/share/classes/sun/security/provider/SystemIdentity.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,107 +0,0 @@
-/*
- * Copyright 1996-2000 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.provider;
-
-import java.io.Serializable;
-import java.util.Enumeration;
-import java.security.*;
-
-/**
- * An identity with a very simple trust mechanism.
- *
- * @author      Benjamin Renaud
- */
-
-public class SystemIdentity extends Identity implements Serializable {
-
-    /** use serialVersionUID from JDK 1.1. for interoperability */
-    private static final long serialVersionUID = 9060648952088498478L;
-
-    /* This should be changed to ACL */
-    boolean trusted = false;
-
-    /* Free form additional information about this identity. */
-    private String info;
-
-    public SystemIdentity(String name, IdentityScope scope)
-    throws InvalidParameterException, KeyManagementException {
-        super(name, scope);
-    }
-
-    /**
-     * Is this identity trusted by sun.* facilities?
-     */
-    public boolean isTrusted() {
-        return trusted;
-    }
-
-    /**
-     * Set the trust status of this identity.
-     */
-    protected void setTrusted(boolean trusted) {
-        this.trusted = trusted;
-    }
-
-    void setIdentityInfo(String info) {
-        super.setInfo(info);
-    }
-
-    String getIndentityInfo() {
-        return super.getInfo();
-    }
-
-    /**
-     * Call back method into a protected method for package friends.
-     */
-    void setIdentityPublicKey(PublicKey key) throws KeyManagementException {
-        setPublicKey(key);
-    }
-
-    /**
-     * Call back method into a protected method for package friends.
-     */
-    void addIdentityCertificate(Certificate cert)
-    throws KeyManagementException {
-        addCertificate(cert);
-    }
-
-    void clearCertificates() throws KeyManagementException {
-        Certificate[] certs = certificates();
-        for (int i = 0; i < certs.length; i++) {
-            removeCertificate(certs[i]);
-        }
-    }
-
-    public String toString() {
-        String trustedString = "not trusted";
-        if (trusted) {
-            trustedString = "trusted";
-        }
-        return super.toString() + "[" + trustedString + "]";
-    }
-
-
-}
--- a/src/share/classes/sun/security/provider/SystemSigner.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-/*
- * Copyright 1996-2000 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.provider;
-
-import java.util.*;
-import java.security.*;
-
-/**
- * SunSecurity signer. Like SystemIdentity, it has a trust bit, which
- * can be set by SunSecurity classes, and a set of accessors for other
- * classes in sun.security.*.
- *
- * @author Benjamin Renaud
- */
-
-public class SystemSigner extends Signer {
-
-    /** use serialVersionUID from JDK 1.1. for interoperability */
-    private static final long serialVersionUID = -2127743304301557711L;
-
-    /* Is this signer trusted */
-    private boolean trusted = false;
-
-    /**
-     * Construct a signer with a given name.
-     */
-    public SystemSigner(String name) {
-        super(name);
-    }
-
-    /**
-     * Construct a signer with a name and a scope.
-     *
-     * @param name the signer's name.
-     *
-     * @param scope the scope for this signer.
-     */
-    public SystemSigner(String name, IdentityScope scope)
-     throws KeyManagementException {
-
-        super(name, scope);
-    }
-
-    /* Set the trust status of this signer */
-    void setTrusted(boolean trusted) {
-        this.trusted = trusted;
-    }
-
-    /**
-     * Returns true if this signer is trusted.
-     */
-    public boolean isTrusted() {
-        return trusted;
-    }
-
-    /* friendly callback for set keys */
-    void setSignerKeyPair(KeyPair pair)
-    throws InvalidParameterException, KeyException {
-        setKeyPair(pair);
-    }
-
-    /* friendly callback for getting private keys */
-    PrivateKey getSignerPrivateKey() {
-        return getPrivateKey();
-    }
-
-    void setSignerInfo(String s) {
-        setInfo(s);
-    }
-
-    /**
-     * Call back method into a protected method for package friends.
-     */
-    void addSignerCertificate(Certificate cert) throws KeyManagementException {
-        addCertificate(cert);
-    }
-
-    void clearCertificates() throws KeyManagementException {
-        Certificate[] certs = certificates();
-        for (int i = 0; i < certs.length; i++) {
-            removeCertificate(certs[i]);
-        }
-    }
-
-    public String toString() {
-        String trustedString = "not trusted";
-        if (trusted) {
-            trustedString = "trusted";
-        }
-        return super.toString() + "[" + trustedString + "]";
-    }
-}
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Wed Dec 16 16:25:08 2009 -0800
@@ -335,10 +335,13 @@
             response = OCSP.check(Collections.singletonList(certId), uri,
                 responderCert, pkixParams.getDate());
         } catch (Exception e) {
-            // Wrap all exceptions in CertPathValidatorException so that
-            // we can fallback to CRLs, if enabled.
-            throw new CertPathValidatorException
-                ("Unable to send OCSP request", e);
+            if (e instanceof CertPathValidatorException) {
+                throw (CertPathValidatorException) e;
+            } else {
+                // Wrap exceptions in CertPathValidatorException so that
+                // we can fallback to CRLs, if enabled.
+                throw new CertPathValidatorException(e);
+            }
         }
 
         RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);
--- a/src/share/classes/sun/security/tools/JarSigner.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/tools/JarSigner.java	Wed Dec 16 16:25:08 2009 -0800
@@ -118,8 +118,6 @@
     KeyStore store;                 // the keystore specified by -keystore
                                     // or the default keystore, never null
 
-    IdentityScope scope;
-
     String keystore; // key store file
     boolean nullStream = false; // null keystore input stream (NONE)
     boolean token = false; // token-based keystore
@@ -212,7 +210,6 @@
             if (verify) {
                 try {
                     loadKeyStore(keystore, false);
-                    scope = IdentityScope.getSystemScope();
                 } catch (Exception e) {
                     if ((keystore != null) || (storepass != null)) {
                         System.out.println(rb.getString("jarsigner error: ") +
@@ -984,13 +981,6 @@
                         result |= IN_KEYSTORE;
                     }
                 }
-                if (!found && (scope != null)) {
-                    Identity id = scope.getIdentity(c.getPublicKey());
-                    if (id != null) {
-                        result |= IN_SCOPE;
-                        storeHash.put(c, "[" + id.getName() + "]");
-                    }
-                }
                 if (ckaliases.contains(alias)) {
                     result |= SIGNED_BY_ALIAS;
                 }
--- a/src/share/classes/sun/security/tools/KeyTool.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/tools/KeyTool.java	Wed Dec 16 16:25:08 2009 -0800
@@ -40,7 +40,6 @@
 import java.security.UnrecoverableKeyException;
 import java.security.Principal;
 import java.security.Provider;
-import java.security.Identity;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -57,9 +56,6 @@
 import sun.misc.BASE64Encoder;
 import sun.security.util.ObjectIdentifier;
 import sun.security.pkcs.PKCS10;
-import sun.security.provider.IdentityDatabase;
-import sun.security.provider.SystemSigner;
-import sun.security.provider.SystemIdentity;
 import sun.security.provider.X509Factory;
 import sun.security.util.DerOutputStream;
 import sun.security.util.Password;
@@ -1163,18 +1159,16 @@
         Signature signature = Signature.getInstance(sigAlgName);
         signature.initSign(privateKey);
 
-        X500Signer signer = new X500Signer(signature, issuer);
-
         X509CertInfo info = new X509CertInfo();
         info.set(X509CertInfo.VALIDITY, interval);
         info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                     new java.util.Random().nextInt() & 0x7fffffff));
         info.set(X509CertInfo.VERSION,
-                     new CertificateVersion(CertificateVersion.V3));
+                    new CertificateVersion(CertificateVersion.V3));
         info.set(X509CertInfo.ALGORITHM_ID,
-                     new CertificateAlgorithmId(signer.getAlgorithmId()));
-        info.set(X509CertInfo.ISSUER,
-                     new CertificateIssuerName(signer.getSigner()));
+                    new CertificateAlgorithmId(
+                        AlgorithmId.getAlgorithmId(sigAlgName)));
+        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
 
         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
         boolean canRead = false;
@@ -1249,7 +1243,7 @@
         request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
                 new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
 
-        // Construct an X500Signer object, so that we can sign the request
+        // Construct a Signature object, so that we can sign the request
         if (sigAlgName == null) {
             sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
         }
@@ -1259,10 +1253,9 @@
         X500Name subject = dname == null?
                 new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
                 new X500Name(dname);
-        X500Signer signer = new X500Signer(signature, subject);
 
         // Sign the request and base-64 encode it
-        request.encodeAndSign(signer);
+        request.encodeAndSign(subject, signature);
         request.print(out);
     }
 
@@ -1564,75 +1557,8 @@
     private void doImportIdentityDatabase(InputStream in)
         throws Exception
     {
-        byte[] encoded;
-        ByteArrayInputStream bais;
-        java.security.cert.X509Certificate newCert;
-        java.security.cert.Certificate[] chain = null;
-        PrivateKey privKey;
-        boolean modified = false;
-
-        IdentityDatabase idb = IdentityDatabase.fromStream(in);
-        for (Enumeration<Identity> enum_ = idb.identities();
-                                        enum_.hasMoreElements();) {
-            Identity id = enum_.nextElement();
-            newCert = null;
-            // only store trusted identities in keystore
-            if ((id instanceof SystemSigner && ((SystemSigner)id).isTrusted())
-                || (id instanceof SystemIdentity
-                    && ((SystemIdentity)id).isTrusted())) {
-                // ignore if keystore entry with same alias name already exists
-                if (keyStore.containsAlias(id.getName())) {
-                    MessageFormat form = new MessageFormat
-                        (rb.getString("Keystore entry for <id.getName()> already exists"));
-                    Object[] source = {id.getName()};
-                    System.err.println(form.format(source));
-                    continue;
-                }
-                java.security.Certificate[] certs = id.certificates();
-                if (certs!=null && certs.length>0) {
-                    // we can only store one user cert per identity.
-                    // convert old-style to new-style cert via the encoding
-                    DerOutputStream dos = new DerOutputStream();
-                    certs[0].encode(dos);
-                    encoded = dos.toByteArray();
-                    bais = new ByteArrayInputStream(encoded);
-                    newCert = (X509Certificate)cf.generateCertificate(bais);
-                    bais.close();
-
-                    // if certificate is self-signed, make sure it verifies
-                    if (isSelfSigned(newCert)) {
-                        PublicKey pubKey = newCert.getPublicKey();
-                        try {
-                            newCert.verify(pubKey);
-                        } catch (Exception e) {
-                            // ignore this cert
-                            continue;
-                        }
-                    }
-
-                    if (id instanceof SystemSigner) {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("Creating keystore entry for <id.getName()> ..."));
-                        Object[] source = {id.getName()};
-                        System.err.println(form.format(source));
-                        if (chain==null) {
-                            chain = new java.security.cert.Certificate[1];
-                        }
-                        chain[0] = newCert;
-                        privKey = ((SystemSigner)id).getPrivateKey();
-                        keyStore.setKeyEntry(id.getName(), privKey, storePass,
-                                             chain);
-                    } else {
-                        keyStore.setCertificateEntry(id.getName(), newCert);
-                    }
-                    kssave = true;
-                }
-            }
-        }
-        if (!kssave) {
-            System.err.println(rb.getString
-                ("No entries from identity database added"));
-        }
+        System.err.println(rb.getString
+            ("No entries from identity database added"));
     }
 
     /**
--- a/src/share/classes/sun/security/util/SecurityConstants.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/util/SecurityConstants.java	Wed Dec 16 16:25:08 2009 -0800
@@ -33,7 +33,6 @@
 import java.security.BasicPermission;
 import java.security.SecurityPermission;
 import java.security.AllPermission;
-import javax.security.auth.AuthPermission;
 
 /**
  * Permission constants and string constants used to create permissions
@@ -259,12 +258,4 @@
     // java.lang.SecurityManager
     public static final SocketPermission LOCAL_LISTEN_PERMISSION =
         new SocketPermission("localhost:1024-", SOCKET_LISTEN_ACTION);
-
-    // javax.security.auth.Subject
-    public static final AuthPermission DO_AS_PERMISSION =
-        new AuthPermission("doAs");
-
-    // javax.security.auth.Subject
-    public static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
-        new AuthPermission("doAsPrivileged");
 }
--- a/src/share/classes/sun/security/validator/PKIXValidator.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/validator/PKIXValidator.java	Wed Dec 16 16:25:08 2009 -0800
@@ -150,9 +150,17 @@
                 ("null or zero-length certificate chain");
         }
         if (TRY_VALIDATOR) {
-            // check if chain contains trust anchor
+            // check that chain is in correct order and check if chain contains
+            // trust anchor
+            X500Principal prevIssuer = null;
             for (int i = 0; i < chain.length; i++) {
-                if (trustedCerts.contains(chain[i])) {
+                X509Certificate cert = chain[i];
+                if (i != 0 &&
+                    !cert.getSubjectX500Principal().equals(prevIssuer)) {
+                    // chain is not ordered correctly, call builder instead
+                    return doBuild(chain, otherCerts);
+                }
+                if (trustedCerts.contains(cert)) {
                     if (i == 0) {
                         return new X509Certificate[] {chain[0]};
                     }
@@ -161,6 +169,7 @@
                     System.arraycopy(chain, 0, newChain, 0, i);
                     return doValidate(newChain);
                 }
+                prevIssuer = cert.getIssuerX500Principal();
             }
 
             // apparently issued by trust anchor?
@@ -303,5 +312,4 @@
                 ("PKIX path building failed: " + e.toString(), e);
         }
     }
-
 }
--- a/src/share/classes/sun/security/x509/CertAndKeyGen.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/security/x509/CertAndKeyGen.java	Wed Dec 16 16:25:08 2009 -0800
@@ -190,41 +190,6 @@
 
 
     /**
-     * Returns a self-signed X.509v1 certificate for the public key.
-     * The certificate is immediately valid.
-     *
-     * <P>Such certificates normally are used to identify a "Certificate
-     * Authority" (CA).  Accordingly, they will not always be accepted by
-     * other parties.  However, such certificates are also useful when
-     * you are bootstrapping your security infrastructure, or deploying
-     * system prototypes.
-     *
-     * @deprecated Use the new <a href =
-     * "#getSelfCertificate(sun.security.x509.X500Name, long)">
-     *
-     * @param myname X.500 name of the subject (who is also the issuer)
-     * @param validity how long the certificate should be valid, in seconds
-     */
-    @Deprecated
-    public X509Cert             getSelfCert (X500Name myname, long validity)
-    throws InvalidKeyException, SignatureException, NoSuchAlgorithmException
-    {
-        X509Certificate cert;
-
-        try {
-            cert = getSelfCertificate(myname, validity);
-            return new X509Cert(cert.getEncoded());
-        } catch (CertificateException e) {
-            throw new SignatureException(e.getMessage());
-        } catch (NoSuchProviderException e) {
-            throw new NoSuchAlgorithmException(e.getMessage());
-        } catch (IOException e) {
-            throw new SignatureException(e.getMessage());
-        }
-    }
-
-
-    /**
      * Returns a self-signed X.509v3 certificate for the public key.
      * The certificate is immediately valid. No extensions.
      *
@@ -248,13 +213,10 @@
     throws CertificateException, InvalidKeyException, SignatureException,
         NoSuchAlgorithmException, NoSuchProviderException
     {
-        X500Signer      issuer;
         X509CertImpl    cert;
         Date            lastDate;
 
         try {
-            issuer = getSigner (myname);
-
             lastDate = new Date ();
             lastDate.setTime (firstDate.getTime () + validity * 1000);
 
@@ -267,14 +229,13 @@
                      new CertificateVersion(CertificateVersion.V3));
             info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
                     new java.util.Random().nextInt() & 0x7fffffff));
-            AlgorithmId algID = issuer.getAlgorithmId();
+            AlgorithmId algID = AlgorithmId.getAlgorithmId(sigAlg);
             info.set(X509CertInfo.ALGORITHM_ID,
                      new CertificateAlgorithmId(algID));
             info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
             info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
             info.set(X509CertInfo.VALIDITY, interval);
-            info.set(X509CertInfo.ISSUER,
-                     new CertificateIssuerName(issuer.getSigner()));
+            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
 
             cert = new X509CertImpl(info);
             cert.sign(privateKey, this.sigAlg);
@@ -315,7 +276,9 @@
         PKCS10  req = new PKCS10 (publicKey);
 
         try {
-            req.encodeAndSign (getSigner (myname));
+            Signature signature = Signature.getInstance(sigAlg);
+            signature.initSign (privateKey);
+            req.encodeAndSign(myname, signature);
 
         } catch (CertificateException e) {
             throw new SignatureException (sigAlg + " CertificateException");
@@ -330,18 +293,6 @@
         return req;
     }
 
-    private X500Signer getSigner (X500Name me)
-    throws InvalidKeyException, NoSuchAlgorithmException
-    {
-        Signature signature = Signature.getInstance(sigAlg);
-
-        // XXX should have a way to pass prng to the signature
-        // algorithm ... appropriate for DSS/DSA, not RSA
-
-        signature.initSign (privateKey);
-        return new X500Signer (signature, me);
-    }
-
     private SecureRandom        prng;
     private String              sigAlg;
     private KeyPairGenerator    keyGen;
--- a/src/share/classes/sun/security/x509/X500Signer.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-/*
- * Copyright 1996-2003 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.x509;
-
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.Signer;
-import java.security.NoSuchAlgorithmException;
-
-/**
- * This class provides a binding between a Signature object and an
- * authenticated X.500 name (from an X.509 certificate chain), which
- * is needed in many public key signing applications.
- *
- * <P>The name of the signer is important, both because knowing it is the
- * whole point of the signature, and because the associated X.509 certificate
- * is always used to verify the signature.
- *
- * <P><em>The X.509 certificate chain is temporarily not associated with
- * the signer, but this omission will be resolved.</em>
- *
- *
- * @author David Brownell
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- */
-public final class X500Signer extends Signer
-{
-    private static final long serialVersionUID = -8609982645394364834L;
-
-    /**
-     * Called for each chunk of the data being signed.  That
-     * is, you can present the data in many chunks, so that
-     * it doesn't need to be in a single sequential buffer.
-     *
-     * @param buf buffer holding the next chunk of the data to be signed
-     * @param offset starting point of to-be-signed data
-     * @param len how many bytes of data are to be signed
-     * @exception SignatureException on errors.
-     */
-    public void update(byte buf[], int offset, int len)
-    throws SignatureException {
-        sig.update (buf, offset, len);
-    }
-
-    /**
-     * Produces the signature for the data processed by update().
-     *
-     * @exception SignatureException on errors.
-     */
-    public byte[] sign() throws SignatureException {
-        return sig.sign();
-    }
-
-    /**
-     * Returns the algorithm used to sign.
-     */
-    public AlgorithmId  getAlgorithmId() {
-        return algid;
-    }
-
-    /**
-     * Returns the name of the signing agent.
-     */
-    public X500Name     getSigner() {
-        return agent;
-    }
-
-    /*
-     * Constructs a binding between a signature and an X500 name
-     * from an X.509 certificate.
-     */
-    // package private  ----hmmmmm ?????
-    public X500Signer(Signature sig, X500Name agent) {
-        if (sig == null || agent == null)
-            throw new IllegalArgumentException ("null parameter");
-
-        this.sig = sig;
-        this.agent = agent;
-
-        try {
-          this.algid = AlgorithmId.getAlgorithmId(sig.getAlgorithm());
-
-        } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException("internal error! " + e.getMessage());
-        }
-    }
-
-    private Signature   sig;
-    private X500Name    agent;          // XXX should be X509CertChain
-    private AlgorithmId algid;
-}
--- a/src/share/classes/sun/security/x509/X509Cert.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,892 +0,0 @@
-/*
- * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.x509;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import java.math.BigInteger;
-import java.security.*;
-import java.util.Date;
-import java.util.Enumeration;
-
-import sun.security.util.*;     // DER
-
-/**
- * @author David Brownell
- *
- * @see CertAndKeyGen
- * @deprecated  Use the new X509Certificate class.
- *              This class is only restored for backwards compatibility.
- */
-@Deprecated
-public class X509Cert implements Certificate, Serializable {
-
-    static final long serialVersionUID = -52595524744692374L;
-
-    /*
-     * NOTE: All fields are marked transient, because we do not want them to
-     * be included in the class description when we serialize an object of
-     * this class. We override "writeObject" and "readObject" to use the
-     * ASN.1 encoding of a certificate as the serialized form, instead of
-     * calling the default routines which would operate on the field values.
-     *
-     * MAKE SURE TO MARK ANY FIELDS THAT ARE ADDED IN THE FUTURE AS TRANSIENT.
-     */
-
-    /* The algorithm id */
-    transient protected AlgorithmId algid;
-
-    /*
-     * Certificate data, and its envelope
-     */
-    transient private byte rawCert [];
-    transient private byte signature [];
-    transient private byte signedCert [];
-
-    /*
-     * X509.v1 data (parsed)
-     */
-    transient private X500Name subject; // from subject
-    transient private PublicKey pubkey;
-
-    transient private Date notafter;    // from CA (constructor)
-    transient private Date notbefore;
-
-    transient private int version;      // from CA (signAndEncode)
-    transient private BigInteger serialnum;
-    transient private X500Name issuer;
-    transient private AlgorithmId issuerSigAlg;
-
-    /*
-     * flag to indicate whether or not this certificate has already been parsed
-     * (through a call to one of the constructors or the "decode" or
-     * "readObject" methods). This is to ensure that certificates are
-     * immutable.
-     */
-    transient private boolean parsed=false;
-
-    /*
-     * X509.v2 extensions
-     */
-
-    /*
-     * X509.v3 extensions
-     */
-
-    /*
-     * Other extensions ... Netscape, Verisign, SET, etc
-     */
-
-
-    /**
-     * Construct a uninitialized X509 Cert on which <a href="#decode">
-     * decode</a> must later be called (or which may be deserialized).
-     */
-    // XXX deprecated, delete this
-    public X509Cert() { }
-
-
-    /**
-     * Unmarshals a certificate from its encoded form, parsing the
-     * encoded bytes.  This form of constructor is used by agents which
-     * need to examine and use certificate contents.  That is, this is
-     * one of the more commonly used constructors.  Note that the buffer
-     * must include only a certificate, and no "garbage" may be left at
-     * the end.  If you need to ignore data at the end of a certificate,
-     * use another constructor.
-     *
-     * @param cert the encoded bytes, with no terminatu (CONSUMED)
-     * @exception IOException when the certificate is improperly encoded.
-     */
-    public X509Cert(byte cert []) throws IOException
-    {
-        DerValue in = new DerValue (cert);
-        parse (in);
-        if (in.data.available () != 0)
-            throw new CertParseError ("garbage at end");
-        signedCert = cert;
-    }
-
-
-    /**
-     * Unmarshals a certificate from its encoded form, parsing the
-     * encoded bytes.  This form of constructor is used by agents which
-     * need to examine and use certificate contents.  That is, this is
-     * one of the most commonly used constructors.
-     *
-     * @param buf the buffer holding the encoded bytes
-     * @param offset the offset in the buffer where the bytes begin
-     * @param len how many bytes of certificate exist
-     *
-     * @exception IOException when the certificate is improperly encoded.
-     */
-    public X509Cert(byte buf [], int offset, int len) throws IOException
-    {
-        DerValue in = new DerValue (buf, offset, len);
-
-        parse (in);
-        if (in.data.available () != 0)
-            throw new CertParseError ("garbage at end");
-        signedCert = new byte [len];
-        System.arraycopy (buf, offset, signedCert, 0, len);
-    }
-
-
-    /**
-     * Unmarshal a certificate from its encoded form, parsing a DER value.
-     * This form of constructor is used by agents which need to examine
-     * and use certificate contents.
-     *
-     * @param derVal the der value containing the encoded cert.
-     * @exception IOException when the certificate is improperly encoded.
-     */
-    public X509Cert(DerValue derVal) throws IOException
-    {
-        parse (derVal);
-        if (derVal.data.available () != 0)
-            throw new CertParseError ("garbage at end");
-        signedCert = derVal.toByteArray ();
-    }
-
-
-    /**
-     * Partially constructs a certificate from descriptive parameters.
-     * This constructor may be used by Certificate Authority (CA) code,
-     * which later <a href="#signAndEncode">signs and encodes</a> the
-     * certificate.  Also, self-signed certificates serve as CA certificates,
-     * and are sometimes used as certificate requests.
-     *
-     * <P>Until the certificate has been signed and encoded, some of
-     * the mandatory fields in the certificate will not be available
-     * via accessor functions:  the serial number, issuer name and signing
-     * algorithm, and of course the signed certificate.  The fields passed
-     * to this constructor are available, and must be non-null.
-     *
-     * <P>Note that the public key being signed is generally independent of
-     * the signature algorithm being used.  So for example Diffie-Hellman
-     * keys (which do not support signatures) can be placed in X.509
-     * certificates when some other signature algorithm (e.g. DSS/DSA,
-     * or one of the RSA based algorithms) is used.
-     *
-     * @see CertAndKeyGen
-     *
-     * @param subjectName the X.500 distinguished name being certified
-     * @param subjectPublicKey the public key being certified.  This
-     *  must be an "X509Key" implementing the "PublicKey" interface.
-     * @param notBefore the first time the certificate is valid
-     * @param notAfter the last time the certificate is valid
-     *
-     * @exception CertException if the public key is inappropriate
-     */
-    public X509Cert(X500Name subjectName, X509Key subjectPublicKey,
-                    Date notBefore, Date notAfter) throws CertException
-    {
-        subject = subjectName;
-
-        if (!(subjectPublicKey instanceof PublicKey))
-            throw new CertException (CertException.err_INVALID_PUBLIC_KEY,
-                "Doesn't implement PublicKey interface");
-
-        // The X509 cert API requires X509 keys, else things break.
-        pubkey = subjectPublicKey;
-        notbefore = notBefore;
-        notafter = notAfter;
-        version = 0;
-    }
-
-
-    /**
-     * Decode an X.509 certificate from an input stream.
-     *
-     * @param in an input stream holding at least one certificate
-     * @exception IOException when the certificate is improperly encoded, or
-     * if it has already been parsed.
-     */
-    public void decode(InputStream in) throws IOException
-    {
-        DerValue val = new DerValue(in);
-        parse(val);
-        signedCert = val.toByteArray();
-    }
-
-
-    /**
-     * Appends the certificate to an output stream.
-     *
-     * @param out an input stream to which the certificate is appended.
-     * @exception IOException when appending fails.
-     */
-    public void encode (OutputStream out) throws IOException
-        { out.write (getSignedCert ()); }
-
-
-    /**
-     * Compares two certificates.  This is false if the
-     * certificates are not both X.509 certs, otherwise it
-     * compares them as binary data.
-     *
-     * @param other the object being compared with this one
-     * @return true iff the certificates are equivalent
-     */
-    public boolean      equals (Object other)
-    {
-        if (other instanceof X509Cert)
-            return equals ((X509Cert) other);
-        else
-            return false;
-    }
-
-
-    /**
-     * Compares two certificates, returning false if any data
-     * differs between the two.
-     *
-     * @param other the object being compared with this one
-     * @return true iff the certificates are equivalent
-     */
-    public boolean      equals (X509Cert src)
-    {
-        if (this == src)
-            return true;
-        if (signedCert == null || src.signedCert == null)
-            return false;
-        if (signedCert.length != src.signedCert.length)
-            return false;
-        for (int i = 0; i < signedCert.length; i++)
-            if (signedCert [i] != src.signedCert [i])
-                return false;
-        return true;
-    }
-
-
-    /** Returns the "X.509" format identifier. */
-    public String getFormat () // for Certificate
-        { return "X.509"; }
-
-
-    /** Returns <a href="#getIssuerName">getIssuerName</a> */
-    public Principal getGuarantor () // for Certificate
-        { return getIssuerName (); }
-
-
-    /** Returns <a href="#getSubjectName">getSubjectName</a> */
-    public Principal getPrincipal ()
-        { return getSubjectName (); }
-
-
-    /**
-     * Throws an exception if the certificate is invalid because it is
-     * now outside of the certificate's validity period, or because it
-     * was not signed using the verification key provided.  Successfully
-     * verifying a certificate does <em>not</em> indicate that one should
-     * trust the entity which it represents.
-     *
-     * <P><em>Note that since this class represents only a single X.509
-     * certificate, it cannot know anything about the certificate chain
-     * which is used to provide the verification key and to establish trust.
-     * Other code must manage and use those cert chains.
-     *
-     * <P>For now, you must walk the cert chain being used to verify any
-     * given cert.  Start at the root, which is a self-signed certificate;
-     * verify it using the key inside the certificate.  Then use that to
-     * verify the next certificate in the chain, issued by that CA.  In
-     * this manner, verify each certificate until you reach the particular
-     * certificate you wish to verify.  You should not use a certificate
-     * if any of the verification operations for its certificate chain
-     * were unsuccessful.
-     * </em>
-     *
-     * @param issuerPublicKey the public key of the issuing CA
-     * @exception CertException when the certificate is not valid.
-     */
-    public void verify (PublicKey issuerPublicKey)
-    throws CertException
-    {
-        Date    now = new Date ();
-
-        if (now.before (notbefore))
-            throw new CertException (CertException.verf_INVALID_NOTBEFORE);
-        if (now.after (notafter))
-            throw new CertException (CertException.verf_INVALID_EXPIRED);
-        if (signedCert == null)
-            throw new CertException (CertException.verf_INVALID_SIG,
-                "?? certificate is not signed yet ??");
-
-        //
-        // Verify the signature ...
-        //
-        String          algName = null;
-
-        try {
-            Signature   sigVerf = null;
-
-            algName = issuerSigAlg.getName();
-            sigVerf = Signature.getInstance(algName);
-            sigVerf.initVerify (issuerPublicKey);
-            sigVerf.update (rawCert, 0, rawCert.length);
-
-            if (!sigVerf.verify (signature)) {
-                throw new CertException (CertException.verf_INVALID_SIG,
-                    "Signature ... by <" + issuer + "> for <" + subject + ">");
-            }
-
-        // Gag -- too many catch clauses, let most through.
-
-        } catch (NoSuchAlgorithmException e) {
-            throw new CertException (CertException.verf_INVALID_SIG,
-                "Unsupported signature algorithm (" + algName + ")");
-
-        } catch (InvalidKeyException e) {
-            // e.printStackTrace();
-            throw new CertException (CertException.err_INVALID_PUBLIC_KEY,
-                "Algorithm (" + algName + ") rejected public key");
-
-        } catch (SignatureException e) {
-            throw new CertException (CertException.verf_INVALID_SIG,
-                "Signature by <" + issuer + "> for <" + subject + ">");
-        }
-    }
-
-
-    /**
-     * Creates an X.509 certificate, and signs it using the issuer
-     * passed (associating a signature algorithm and an X.500 name).
-     * This operation is used to implement the certificate generation
-     * functionality of a certificate authority.
-     *
-     * @see #getSignedCert
-     * @see #getSigner
-     * @see CertAndKeyGen
-     *
-     * @param serial the serial number of the certificate (non-null)
-     * @param issuer the certificate issuer (CA) (non-null)
-     * @return the signed certificate, as returned by getSignedCert
-     *
-     * @exception IOException if any of the data could not be encoded,
-     *  or when any mandatory data was omitted
-     * @exception SignatureException on signing failures
-     */
-    public byte []
-    encodeAndSign (
-        BigInteger      serial,
-        X500Signer      issuer
-    ) throws IOException, SignatureException
-    {
-        rawCert = null;
-
-        /*
-         * Get the remaining cert parameters, and make sure we have enough.
-         *
-         * We deduce version based on what attribute data are available
-         * For now, we have no attributes, so we always deduce X.509v1 !
-         */
-        version = 0;
-        serialnum = serial;
-        this.issuer = issuer.getSigner ();
-        issuerSigAlg = issuer.getAlgorithmId ();
-
-        if (subject == null || pubkey == null
-                || notbefore == null || notafter == null)
-            throw new IOException ("not enough cert parameters");
-
-        /*
-         * Encode the raw cert, create its signature and put it
-         * into the envelope.
-         */
-        rawCert = DERencode ();
-        signedCert = sign (issuer, rawCert);
-        return signedCert;
-    }
-
-
-    /**
-     * Returns an X500Signer that may be used to create signatures.  Those
-     * signature may in turn be verified using this certificate (or a
-     * copy of it).
-     *
-     * <P><em><b>NOTE:</b>  If the private key is by itself capable of
-     * creating signatures, this fact may not be recognized at this time.
-     * Specifically, the case of DSS/DSA keys which get their algorithm
-     * parameters from higher in the certificate chain is not supportable
-     * without using an X509CertChain API, and there is no current support
-     * for other sources of algorithm parameters.</em>
-     *
-     * @param algorithm the signature algorithm to be used.  Note that a
-     *  given public/private key pair may support several such algorithms.
-     * @param privateKey the private key used to create the signature,
-     *  which must correspond to the public key in this certificate
-     * @return the Signer object
-     *
-     * @exception NoSuchAlgorithmException if the signature
-     *  algorithm is not supported
-     * @exception InvalidKeyException if either the key in the certificate,
-     *  or the private key parameter, does not support the requested
-     *  signature algorithm
-     */
-    public X500Signer   getSigner (AlgorithmId algorithmId,
-                                   PrivateKey privateKey)
-    throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        String algorithm;
-        Signature       sig;
-
-        if (privateKey instanceof Key) {
-            Key key = (Key)privateKey;
-            algorithm = key.getAlgorithm();
-        } else {
-            throw new InvalidKeyException("private key not a key!");
-        }
-
-        sig = Signature.getInstance(algorithmId.getName());
-
-        if (!pubkey.getAlgorithm ().equals (algorithm)) {
-
-          throw new InvalidKeyException( "Private key algorithm " +
-                                         algorithm +
-                                         " incompatible with certificate " +
-                                         pubkey.getAlgorithm());
-        }
-        sig.initSign (privateKey);
-        return new X500Signer (sig, subject);
-    }
-
-
-    /**
-     * Returns a signature object that may be used to verify signatures
-     * created using a specified signature algorithm and the public key
-     * contained in this certificate.
-     *
-     * <P><em><b>NOTE:</b>  If the public key in this certificate is not by
-     * itself capable of verifying signatures, this may not be recognized
-     * at this time.  Specifically, the case of DSS/DSA keys which get
-     * their algorithm parameters from higher in the certificate chain
-     * is not supportable without using an X509CertChain API, and there
-     * is no current support for other sources of algorithm parameters.</em>
-     *
-     * @param algorithm the algorithm of the signature to be verified
-     * @return the Signature object
-     * @exception NoSuchAlgorithmException if the signature
-     *  algorithm is not supported
-     * @exception InvalidKeyException if the key in the certificate
-     *  does not support the requested signature algorithm
-     */
-    public Signature getVerifier(String algorithm)
-    throws NoSuchAlgorithmException, InvalidKeyException
-    {
-        String          algName;
-        Signature       sig;
-
-        sig = Signature.getInstance(algorithm);
-        sig.initVerify (pubkey);
-        return sig;
-    }
-
-
-
-    /**
-     * Return the signed X.509 certificate as a byte array.
-     * The bytes are in standard DER marshaled form.
-     * Null is returned in the case of a partially constructed cert.
-     */
-    public byte []      getSignedCert ()
-        { return signedCert.clone(); }
-
-
-    /**
-     * Returns the certificate's serial number.
-     * Null is returned in the case of a partially constructed cert.
-     */
-    public BigInteger   getSerialNumber ()
-        { return serialnum; }
-
-
-    /**
-     * Returns the subject's X.500 distinguished name.
-     */
-    public X500Name     getSubjectName ()
-        { return subject; }
-
-
-    /**
-     * Returns the certificate issuer's X.500 distinguished name.
-     * Null is returned in the case of a partially constructed cert.
-     */
-    public X500Name     getIssuerName ()
-        { return issuer; }
-
-
-    /**
-     * Returns the algorithm used by the issuer to sign the certificate.
-     * Null is returned in the case of a partially constructed cert.
-     */
-    public AlgorithmId  getIssuerAlgorithmId ()
-        { return issuerSigAlg; }
-
-
-    /**
-     * Returns the first time the certificate is valid.
-     */
-    public Date getNotBefore ()
-        { return new Date(notbefore.getTime()); }
-
-
-    /**
-     * Returns the last time the certificate is valid.
-     */
-    public Date getNotAfter ()
-        { return new Date(notafter.getTime()); }
-
-
-    /**
-     * Returns the subject's public key.  Note that some public key
-     * algorithms support an optional certificate generation policy
-     * where the keys in the certificates are not in themselves sufficient
-     * to perform a public key operation.  Those keys need to be augmented
-     * by algorithm parameters, which the certificate generation policy
-     * chose not to place in the certificate.
-     *
-     * <P>Two such public key algorithms are:  DSS/DSA, where algorithm
-     * parameters could be acquired from a CA certificate in the chain
-     * of issuers; and Diffie-Hellman, with a similar solution although
-     * the CA then needs both a Diffie-Hellman certificate and a signature
-     * capable certificate.
-     */
-    public PublicKey            getPublicKey ()
-        { return pubkey; }
-
-
-    /**
-     * Returns the X.509 version number of this certificate, zero based.
-     * That is, "2" indicates an X.509 version 3 (1993) certificate,
-     * and "0" indicates X.509v1 (1988).
-     * Zero is returned in the case of a partially constructed cert.
-     */
-    public int          getVersion ()
-        { return version; }
-
-
-    /**
-     * Calculates a hash code value for the object.  Objects
-     * which are equal will also have the same hashcode.
-     */
-    public int          hashCode ()
-    {
-        int     retval = 0;
-
-        for (int i = 0; i < signedCert.length; i++)
-            retval += signedCert [i] * i;
-        return retval;
-    }
-
-
-    /**
-     * Returns a printable representation of the certificate.  This does not
-     * contain all the information available to distinguish this from any
-     * other certificate.  The certificate must be fully constructed
-     * before this function may be called; in particular, if you are
-     * creating certificates you must call encodeAndSign() before calling
-     * this function.
-     */
-    public String       toString ()
-    {
-        String          s;
-
-        if (subject == null || pubkey == null
-                || notbefore == null || notafter == null
-                || issuer == null || issuerSigAlg == null
-                || serialnum == null)
-            throw new NullPointerException ("X.509 cert is incomplete");
-
-        s = "  X.509v" + (version + 1) + " certificate,\n";
-        s += "  Subject is " + subject + "\n";
-        s += "  Key:  " + pubkey;
-        s += "  Validity <" + notbefore + "> until <" + notafter + ">\n";
-        s += "  Issuer is " + issuer + "\n";
-        s += "  Issuer signature used " + issuerSigAlg.toString () + "\n";
-        s += "  Serial number = " + Debug.toHexString(serialnum) + "\n";
-
-        // optional v2, v3 extras
-
-        return "[\n" + s + "]";
-    }
-
-
-    /**
-     * Returns a printable representation of the certificate.
-     *
-     * @param detailed true iff lots of detail is requested
-     */
-    public String       toString (boolean detailed)
-        { return toString (); }
-
-
-    /************************************************************/
-
-    /*
-     * Cert is a SIGNED ASN.1 macro, a three elment sequence:
-     *
-     *  - Data to be signed (ToBeSigned) -- the "raw" cert
-     *  - Signature algorithm (SigAlgId)
-     *  - The signature bits
-     *
-     * This routine unmarshals the certificate, saving the signature
-     * parts away for later verification.
-     */
-    private void parse (DerValue val) throws IOException
-    {
-        if (parsed == true) {
-            throw new IOException("Certificate already parsed");
-        }
-
-        DerValue seq [] = new DerValue [3];
-
-        seq [0] = val.data.getDerValue ();
-        seq [1] = val.data.getDerValue ();
-        seq [2] = val.data.getDerValue ();
-
-        if (val.data.available () != 0)
-            throw new CertParseError ("signed overrun, bytes = "
-                    + val.data.available ());
-        if (seq [0].tag != DerValue.tag_Sequence)
-            throw new CertParseError ("signed fields invalid");
-
-        rawCert = seq [0].toByteArray ();       // XXX slow; fixme!
-
-
-        issuerSigAlg = AlgorithmId.parse (seq [1]);
-        signature = seq [2].getBitString ();
-
-        if (seq [1].data.available () != 0) {
-            // XXX why was this error check commented out?
-            // It was originally part of the next check.
-            throw new CertParseError ("algid field overrun");
-        }
-
-        if (seq [2].data.available () != 0)
-            throw new CertParseError ("signed fields overrun");
-
-        /*
-         * Let's have fun parsing the cert itself.
-         */
-        DerInputStream  in;
-        DerValue        tmp;
-
-        in = seq [0].data;
-
-        /*
-         * Version -- this is optional (default zero). If it's there it's
-         * the first field and is specially tagged.
-         *
-         * Both branches leave "tmp" holding a value for the serial
-         * number that comes next.
-         */
-        version = 0;
-        tmp = in.getDerValue ();
-        if (tmp.isConstructed () && tmp.isContextSpecific ()) {
-            version = tmp.data.getInteger();
-            if (tmp.data.available () != 0)
-                throw new IOException ("X.509 version, bad format");
-            tmp = in.getDerValue ();
-        }
-
-        /*
-         * serial number ... an integer
-         */
-        serialnum = tmp.getBigInteger ();
-
-        /*
-         * algorithm type for CA's signature ... needs to match the
-         * one on the envelope, and that's about it!  different IDs
-         * may represent a signature attack.  In general we want to
-         * inherit parameters.
-         */
-        tmp = in.getDerValue ();
-        {
-            AlgorithmId         algid;
-
-
-            algid = AlgorithmId.parse(tmp);
-
-            if (!algid.equals (issuerSigAlg))
-                throw new CertParseError ("CA Algorithm mismatch!");
-
-            this.algid = algid;
-        }
-
-        /*
-         * issuer name
-         */
-        issuer = new X500Name (in);
-
-        /*
-         * validity:  SEQUENCE { start date, end date }
-         */
-        tmp = in.getDerValue ();
-        if (tmp.tag != DerValue.tag_Sequence)
-            throw new CertParseError ("corrupt validity field");
-
-        notbefore = tmp.data.getUTCTime ();
-        notafter = tmp.data.getUTCTime ();
-        if (tmp.data.available () != 0)
-            throw new CertParseError ("excess validity data");
-
-        /*
-         * subject name and public key
-         */
-        subject = new X500Name (in);
-
-        tmp = in.getDerValue ();
-        pubkey = X509Key.parse (tmp);
-
-        /*
-         * XXX for v2 and later, a bunch of tagged options follow
-         */
-
-        if (in.available () != 0) {
-            /*
-             * Until we parse V2/V3 data ... ignore it.
-             *
-            // throw new CertParseError ("excess cert data");
-            System.out.println (
-                    "@end'o'cert, optional V2/V3 data unparsed:  "
-                    + in.available ()
-                    + " bytes"
-                    );
-            */
-        }
-
-        parsed = true;
-    }
-
-
-    /*
-     * Encode only the parts that will later be signed.
-     */
-    private byte [] DERencode () throws IOException
-    {
-        DerOutputStream raw = new DerOutputStream ();
-
-        encode (raw);
-        return raw.toByteArray ();
-    }
-
-
-    /*
-     * Marshal the contents of a "raw" certificate into a DER sequence.
-     */
-    private void encode (DerOutputStream out) throws IOException
-    {
-        DerOutputStream tmp = new DerOutputStream ();
-
-        /*
-         * encode serial number, issuer signing algorithm,
-         * and issuer name into the data we'll return
-         */
-        tmp.putInteger (serialnum);
-        issuerSigAlg.encode (tmp);
-        issuer.encode (tmp);
-
-        /*
-         * Validity is a two element sequence ... encode the
-         * elements, then wrap them into the data we'll return
-         */
-        {
-            DerOutputStream     seq = new DerOutputStream ();
-
-            seq.putUTCTime (notbefore);
-            seq.putUTCTime (notafter);
-            tmp.write (DerValue.tag_Sequence, seq);
-        }
-
-        /*
-         * Encode subject (principal) and associated key
-         */
-        subject.encode (tmp);
-        tmp.write(pubkey.getEncoded());
-
-        /*
-         * Wrap the data; encoding of the "raw" cert is now complete.
-         */
-        out.write (DerValue.tag_Sequence, tmp);
-    }
-
-
-    /*
-     * Calculate the signature of the "raw" certificate,
-     * and marshal the cert with the signature and a
-     * description of the signing algorithm.
-     */
-    private byte [] sign (X500Signer issuer, byte data [])
-    throws IOException, SignatureException
-    {
-        /*
-         * Encode the to-be-signed data, then the algorithm used
-         * to create the signature.
-         */
-        DerOutputStream out = new DerOutputStream ();
-        DerOutputStream tmp = new DerOutputStream ();
-
-        tmp.write (data);
-        issuer.getAlgorithmId ().encode(tmp);
-
-
-        /*
-         * Create and encode the signature itself.
-         */
-        issuer.update (data, 0, data.length);
-        signature = issuer.sign ();
-        tmp.putBitString (signature);
-
-        /*
-         * Wrap the signed data in a SEQUENCE { data, algorithm, sig }
-         */
-        out.write (DerValue.tag_Sequence, tmp);
-        return out.toByteArray ();
-    }
-
-
-    /**
-     * Serialization write ... X.509 certificates serialize as
-     * themselves, and they're parsed when they get read back.
-     * (Actually they serialize as some type data from the
-     * serialization subsystem, then the cert data.)
-     */
-    private void writeObject (java.io.ObjectOutputStream stream)
-        throws IOException
-        { encode(stream); }
-
-    /**
-     * Serialization read ... X.509 certificates serialize as
-     * themselves, and they're parsed when they get read back.
-     */
-    private void readObject (ObjectInputStream stream)
-        throws IOException
-        { decode(stream); }
-}
--- a/src/share/classes/sun/tools/jar/JarVerifierStream.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,295 +0,0 @@
-/*
- * Copyright 1996-2008 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.tools.jar;
-
-import java.io.*;
-import java.util.*;
-import java.util.zip.*;
-import java.util.jar.*;
-import java.security.cert.Certificate;
-import java.security.AccessController;
-import java.security.cert.X509Certificate;
-import java.security.PublicKey;
-import java.security.Principal;
-import sun.security.provider.SystemIdentity;
-
-/**
- * This is OBSOLETE. DO NOT USE THIS. Use
- * java.util.jar.JarEntry.getCertificates instead. It has to stay here
- * because some apps (namely HJ and HJV) call directly into it.
- *
- * This class is stripped down greatly from JDK 1.1.x.
- *
- * @author Roland Schemers
- */
-public class JarVerifierStream extends ZipInputStream {
-
-    private JarEntry current;
-    private Hashtable<String, Vector<SystemIdentity>> verified
-        = new Hashtable<String, Vector<SystemIdentity>>();
-    private JarInputStream jis;
-    private sun.tools.jar.Manifest man = null;
-
-    /**
-     * construct a JarVerfierStream from an input stream.
-     */
-    public JarVerifierStream(InputStream is)
-         throws IOException
-    {
-        super(is);
-        jis = new JarInputStream(is);
-    }
-
-    public void close()
-        throws IOException
-    {
-        jis.close();
-    }
-
-    public void closeEntry() throws IOException {
-        jis.closeEntry();
-    }
-
-    /**
-     * This method scans to see which entry we're parsing and
-     * keeps various state information depending on what type of
-     * file is being parsed. Files it treats specially are: <ul>
-     *
-     * <li>Manifest files. At any point, this stream can be queried
-     * for a manifest. If it is present, a Manifest object will be
-     * returned.
-     *
-     * <li>Block Signature file. Like with the manifest, the stream
-     * can be queried at any time for all blocks parsed thus far.
-     *
-     * </ul>
-     */
-    public synchronized ZipEntry getNextEntry() throws IOException {
-        current = (JarEntry) jis.getNextEntry();
-        return current;
-    }
-
-    /**
-     * read a single byte.
-     */
-    public int read() throws IOException {
-        int n = jis.read();
-        if (n == -1) {
-            addIds();
-        }
-        return n;
-    }
-
-    /**
-     * read an array of bytes.
-     */
-    public int read(byte[] b, int off, int len) throws IOException {
-        int n = jis.read(b, off, len);
-        if (n == -1) {
-            addIds();
-        }
-        return n;
-    }
-
-    private void addIds()
-    {
-
-        if (current != null) {
-            Certificate[] certs = current.getCertificates();
-            if (certs != null) {
-                Vector<SystemIdentity> ids = getIds(certs);
-                if (ids != null) {
-                    verified.put(current.getName(), ids);
-                }
-            }
-        }
-    }
-
-    /**
-     * Returns a Hashtable mapping filenames to vectors of identities.
-     */
-    public Hashtable getVerifiedSignatures() {
-        /* we may want to return a copy of this at some point.
-           For now we simply trust the caller */
-        if (verified.isEmpty())
-            return null;
-        else
-            return verified;
-    }
-
-    /**
-     * Returns an enumeration of PKCS7 blocks. This looks bogus,
-     * but Hotjava just checks to see if enumeration is not null
-     * to see if anything was signed!
-     */
-    public Enumeration getBlocks() {
-        if (verified.isEmpty()) {
-            return null;
-        } else {
-            return new Enumeration() {
-                public boolean hasMoreElements() { return false; }
-                public Object nextElement() { return null; }
-            };
-        }
-    }
-
-    /**
-     * This method used to be called by various versions of
-     * AppletResourceLoader, even though they didn't do anything with
-     * the result. We leave them and return null for backwards compatability.
-     */
-    public Hashtable getNameToHash() {
-        return null;
-    }
-
-    /**
-     * Convert java.util.jar.Manifest object to a sun.tools.jar.Manifest
-     * object.
-     */
-
-    public sun.tools.jar.Manifest getManifest() {
-        if (man == null) {
-            try {
-                java.util.jar.Manifest jman = jis.getManifest();
-                if (jman == null)
-                    return null;
-                ByteArrayOutputStream baos = new ByteArrayOutputStream();
-                jman.write(baos);
-                byte[] data = baos.toByteArray();
-                man = new sun.tools.jar.Manifest(data);
-            } catch (IOException ioe) {
-                // return null
-            }
-        }
-        return man;
-    }
-
-    static class CertCache {
-        Certificate [] certs;
-        Vector<SystemIdentity> ids;
-
-        boolean equals(Certificate[] certs) {
-                if (this.certs == null) {
-                    if (certs!= null)
-                        return false;
-                    else
-                        return true;
-                }
-
-                if (certs == null)
-                    return false;
-
-                boolean match;
-
-                for (int i = 0; i < certs.length; i++) {
-                    match = false;
-                    for (int j = 0; j < this.certs.length; j++) {
-                        if (certs[i].equals(this.certs[j])) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match) return false;
-                }
-
-                for (int i = 0; i < this.certs.length; i++) {
-                    match = false;
-                    for (int j = 0; j < certs.length; j++) {
-                        if (this.certs[i].equals(certs[j])) {
-                            match = true;
-                            break;
-                        }
-                    }
-                    if (!match) return false;
-                }
-                return true;
-        }
-    }
-
-    private ArrayList<CertCache> certCache = null;
-
-
-    /**
-     * Returns the Identity vector for the given array of Certificates
-     */
-    protected Vector<SystemIdentity> getIds(Certificate[] certs) {
-        if (certs == null)
-            return null;
-
-        if (certCache == null)
-            certCache = new ArrayList<CertCache>();
-        CertCache cc;
-        for (int i = 0; i < certCache.size(); i++) {
-            cc = certCache.get(i);
-            if (cc.equals(certs)) {
-                return cc.ids;
-            }
-        }
-        cc = new CertCache();
-        cc.certs = certs;
-
-        if (certs.length > 0) {
-            for (int i=0; i<certs.length; i++) {
-                try {
-                    X509Certificate cert = (X509Certificate) certs[i];
-                    Principal tmpName = cert.getSubjectDN();
-                    final SystemIdentity id = new SystemIdentity(
-                                                           tmpName.getName(),
-                                                           null);
-
-                    byte[] encoded = cert.getEncoded();
-                    final java.security.Certificate oldC =
-                        new sun.security.x509.X509Cert(encoded);
-                    try {
-                        AccessController.doPrivileged(
-                         new java.security.PrivilegedExceptionAction<Void>() {
-                            public Void run()
-                                throws java.security.KeyManagementException
-                            {
-                                id.addCertificate(oldC);
-                                return null;
-                            }
-                        });
-                    } catch (java.security.PrivilegedActionException pae) {
-                        throw (java.security.KeyManagementException)
-                            pae.getException();
-                    }
-                    if (cc.ids == null)
-                        cc.ids = new Vector<SystemIdentity>();
-                    cc.ids.addElement(id);
-                } catch (java.security.KeyManagementException kme) {
-                    // ignore if we can't create Identity
-                } catch (IOException ioe) {
-                    // ignore if we can't parse
-                } catch (java.security.cert.CertificateEncodingException cee) {
-                    // ignore if we can't encode
-                }
-            }
-        }
-        certCache.add(cc);
-        return cc.ids;
-    }
-}
--- a/src/share/classes/sun/tracing/MultiplexProviderFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/tracing/MultiplexProviderFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -30,7 +30,6 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.logging.Logger;
 
 import com.sun.tracing.ProviderFactory;
 import com.sun.tracing.Provider;
@@ -65,13 +64,7 @@
             providers.add(factory.createProvider(cls));
         }
         MultiplexProvider provider = new MultiplexProvider(cls, providers);
-        try {
-            provider.init();
-        } catch (Exception e) {
-            // Probably a permission problem (can't get declared members)
-            Logger.getAnonymousLogger().warning(
-                "Could not initialize tracing provider: " + e.getMessage());
-        }
+        provider.init();
         return provider.newProxyInstance();
     }
 }
--- a/src/share/classes/sun/tracing/NullProviderFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/tracing/NullProviderFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -26,7 +26,6 @@
 package sun.tracing;
 
 import java.lang.reflect.Method;
-import java.util.logging.Logger;
 
 import com.sun.tracing.ProviderFactory;
 import com.sun.tracing.Provider;
@@ -53,13 +52,7 @@
      */
     public <T extends Provider> T createProvider(Class<T> cls) {
         NullProvider provider = new NullProvider(cls);
-        try {
-            provider.init();
-        } catch (Exception e) {
-            // Probably a permission problem (can't get declared members)
-            Logger.getAnonymousLogger().warning(
-                "Could not initialize tracing provider: " + e.getMessage());
-        }
+        provider.init();
         return provider.newProxyInstance();
     }
 }
--- a/src/share/classes/sun/tracing/PrintStreamProviderFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/tracing/PrintStreamProviderFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -28,7 +28,6 @@
 import java.lang.reflect.Method;
 import java.io.PrintStream;
 import java.util.HashMap;
-import java.util.logging.Logger;
 
 import com.sun.tracing.ProviderFactory;
 import com.sun.tracing.Provider;
@@ -54,13 +53,7 @@
 
     public <T extends Provider> T createProvider(Class<T> cls) {
         PrintStreamProvider provider = new PrintStreamProvider(cls, stream);
-        try {
-            provider.init();
-        } catch (Exception e) {
-            // Probably a permission problem (can't get declared members)
-            Logger.getAnonymousLogger().warning(
-                "Could not initialize tracing provider: " + e.getMessage());
-        }
+        provider.init();
         return provider.newProxyInstance();
     }
 }
--- a/src/share/classes/sun/tracing/ProviderSkeleton.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/tracing/ProviderSkeleton.java	Wed Dec 16 16:25:08 2009 -0800
@@ -32,6 +32,8 @@
 import java.lang.reflect.AnnotatedElement;
 import java.lang.annotation.Annotation;
 import java.util.HashMap;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 import com.sun.tracing.Provider;
 import com.sun.tracing.Probe;
@@ -99,7 +101,13 @@
      * It is up to the factory implementations to call this after construction.
      */
     public void init() {
-        for (Method m : providerType.getDeclaredMethods()) {
+        Method[] methods = AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
+            public Method[] run() {
+                return providerType.getDeclaredMethods();
+            }
+        });
+
+        for (Method m : methods) {
             if ( m.getReturnType() != Void.TYPE ) {
                 throw new IllegalArgumentException(
                    "Return value of method is not void");
--- a/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java	Tue Dec 15 14:50:01 2009 +0900
+++ b/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java	Wed Dec 16 16:25:08 2009 -0800
@@ -29,7 +29,6 @@
 import java.util.Set;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.logging.Logger;
 import java.security.Permission;
 
 import com.sun.tracing.ProviderFactory;
@@ -80,15 +79,8 @@
         DTraceProvider jsdt = new DTraceProvider(cls);
         T proxy = jsdt.newProxyInstance();
         jsdt.setProxy(proxy);
-        try {
-            jsdt.init();
-            new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
-        } catch (Exception e) {
-            // Probably a permission problem (can't get declared members)
-            Logger.getAnonymousLogger().warning(
-                "Could not initialize tracing provider: " + e.getMessage());
-            jsdt.dispose();
-        }
+        jsdt.init();
+        new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
         return proxy;
     }
 
--- a/src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java	Tue Dec 15 14:50:01 2009 +0900
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,114 +0,0 @@
-/*
- * Copyright 2005 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-#warn This file is preprocessed before being compiled
-
-package sun.util;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Locale;
-import java.util.ResourceBundle;
-import java.util.ResourceBundle.Control;
-
-/**
- * This is a convenient class for loading some of internal resources faster
- * if they are built with Resources.gmk defined in J2SE workspace. Also,
- * they have to be in class file format.
- *
- * "LOCALE_LIST" will be replaced at built time by a list of locales we
- * defined in Defs.gmk. We want to exclude these locales from search to
- * gain better performance. For example, since we know if the resource
- * is built with Resources.gmk, they are not going to provide basename_en.class
- * & basename_en_US.class resources, in that case, continuing searching them
- * is expensive. By excluding them from the candidate locale list, these
- * resources won't be searched.
- *
- * @since 1.6.
- */
-public class CoreResourceBundleControl extends ResourceBundle.Control {
-    /* the candidate locale list to search */
-    private final Collection<Locale> excludedJDKLocales;
-    /* singlton instance of the resource bundle control. */
-    private static CoreResourceBundleControl resourceBundleControlInstance =
-        new CoreResourceBundleControl();
-
-    protected CoreResourceBundleControl() {
-        excludedJDKLocales = Arrays.asList(#LOCALE_LIST#);
-    }
-
-    /**
-     * This method is to provide a customized ResourceBundle.Control to speed
-     * up the search of resources in JDK.
-     *
-     * @return the instance of resource bundle control.
-     */
-    public static CoreResourceBundleControl getRBControlInstance() {
-        return resourceBundleControlInstance;
-    }
-
-    /**
-     * This method is to provide a customized ResourceBundle.Control to speed
-     * up the search of resources in JDK, with the bundle's package name check.
-     *
-     * @param bundleName bundle name to check
-     * @return the instance of resource bundle control if the bundle is JDK's,
-     *    otherwise returns null.
-     */
-    public static CoreResourceBundleControl getRBControlInstance(String bundleName) {
-        if (bundleName.startsWith("com.sun.") ||
-            bundleName.startsWith("java.") ||
-            bundleName.startsWith("javax.") ||
-            bundleName.startsWith("sun.")) {
-            return resourceBundleControlInstance;
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * @returns a list of candidate locales to search from.
-     * @exception NullPointerException if baseName or locale is null.
-     */
-    @Override
-    public List<Locale> getCandidateLocales(String baseName, Locale locale) {
-        List<Locale> candidates = super.getCandidateLocales(baseName, locale);
-        candidates.removeAll(excludedJDKLocales);
-        return candidates;
-    }
-
-    /**
-     * @ returns TTL_DONT_CACHE so that ResourceBundle instance won't be cached.
-     * User of this CoreResourceBundleControl should probably maintain a hard reference
-     * to the ResourceBundle object themselves.
-     */
-    @Override
-    public long getTimeToLive(String baseName, Locale locale) {
-        return ResourceBundle.Control.TTL_DONT_CACHE;
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/util/CoreResourceBundleControl-XLocales.java.template	Wed Dec 16 16:25:08 2009 -0800
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2005 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+#warn This file is preprocessed before being compiled
+
+package sun.util;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.ResourceBundle;
+import java.util.ResourceBundle.Control;
+
+/**
+ * This is a convenient class for loading some of internal resources faster
+ * if they are built with Resources.gmk defined in J2SE workspace. Also,
+ * they have to be in class file format.
+ *
+ * "LOCALE_LIST" will be replaced at built time by a list of locales we
+ * defined in Defs.gmk. We want to exclude these locales from search to
+ * gain better performance. For example, since we know if the resource
+ * is built with Resources.gmk, they are not going to provide basename_en.class
+ * & basename_en_US.class resources, in that case, continuing searching them
+ * is expensive. By excluding them from the candidate locale list, these
+ * resources won't be searched.
+ *
+ * @since 1.6.
+ */
+public class CoreResourceBundleControl extends ResourceBundle.Control {
+    /* the candidate locale list to search */
+    private final Collection<Locale> excludedJDKLocales;
+    /* singlton instance of the resource bundle control. */
+    private static CoreResourceBundleControl resourceBundleControlInstance =
+        new CoreResourceBundleControl();
+
+    protected CoreResourceBundleControl() {
+        excludedJDKLocales = Arrays.asList(#LOCALE_LIST#);
+    }
+
+    /**
+     * This method is to provide a customized ResourceBundle.Control to speed
+     * up the search of resources in JDK.
+     *
+     * @return the instance of resource bundle control.
+     */
+    public static CoreResourceBundleControl getRBControlInstance() {
+        return resourceBundleControlInstance;
+    }
+
+    /**
+     * This method is to provide a customized ResourceBundle.Control to speed
+     * up the search of resources in JDK, with the bundle's package name check.
+     *
+     * @param bundleName bundle name to check
+     * @return the instance of resource bundle control if the bundle is JDK's,
+     *    otherwise returns null.
+     */
+    public static CoreResourceBundleControl getRBControlInstance(String bundleName) {
+        if (bundleName.startsWith("com.sun.") ||
+            bundleName.startsWith("java.") ||
+            bundleName.startsWith("javax.") ||
+            bundleName.startsWith("sun.")) {
+            return resourceBundleControlInstance;
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * @returns a list of candidate locales to search from.
+     * @exception NullPointerException if baseName or locale is null.
+     */
+    @Override
+    public List<Locale> getCandidateLocales(String baseName, Locale locale) {
+        List<Locale> candidates = super.getCandidateLocales(baseName, locale);
+        candidates.removeAll(excludedJDKLocales);
+