changeset 11537:939fcf5887f6

Merge
author robm
date Fri, 15 Apr 2016 14:47:15 +0100
parents 5b7b2c1d3d21 e9a5a65f75b5
children abab8d527099 5f39475e0165
files test/com/sun/jdi/oom/@debuggeeVMOptions test/com/sun/jdi/oom/OomDebugTest.java test/com/sun/jdi/oom/OomDebugTestSetup.sh
diffstat 52 files changed, 4571 insertions(+), 461 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/back/invoker.c	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/share/back/invoker.c	Fri Apr 15 14:47:15 2016 +0100
@@ -211,47 +211,6 @@
     return error;
 }
 
-/*
- * Delete global references from the request which got put there before a
- * invoke request was carried out. See fillInvokeRequest() and invoker invoke*()
- * impls.
- */
-static void
-deleteGlobalRefs(JNIEnv *env, InvokeRequest *request)
-{
-    void *cursor;
-    jint argIndex = 0;
-    jvalue *argument = request->arguments;
-    jbyte argumentTag = firstArgumentTypeTag(request->methodSignature, &cursor);
-
-    if (request->clazz != NULL) {
-        tossGlobalRef(env, &(request->clazz));
-    }
-    if (request->instance != NULL) {
-        tossGlobalRef(env, &(request->instance));
-    }
-    /* Delete global argument references */
-    while (argIndex < request->argumentCount) {
-        if ((argumentTag == JDWP_TAG(OBJECT)) ||
-            (argumentTag == JDWP_TAG(ARRAY))) {
-            if (argument->l != NULL) {
-                tossGlobalRef(env, &(argument->l));
-            }
-        }
-        argument++;
-        argIndex++;
-        argumentTag = nextArgumentTypeTag(&cursor);
-    }
-    /* Delete potentially saved return values */
-    if ((request->invokeType == INVOKE_CONSTRUCTOR) ||
-        (returnTypeTag(request->methodSignature) == JDWP_TAG(OBJECT)) ||
-        (returnTypeTag(request->methodSignature) == JDWP_TAG(ARRAY))) {
-        if (request->returnValue.l != NULL) {
-            tossGlobalRef(env, &(request->returnValue.l));
-        }
-    }
-}
-
 static jvmtiError
 fillInvokeRequest(JNIEnv *env, InvokeRequest *request,
                   jbyte invokeType, jbyte options, jint id,
@@ -777,13 +736,6 @@
         (void)outStream_writeObjectRef(env, &out, exc);
         outStream_sendReply(&out);
     }
-
-    /*
-     * At this time, there's no need to retain global references on
-     * arguments since the reply is processed. No one will deal with
-     * this request ID anymore, so we must call deleteGlobalRefs().
-     */
-    deleteGlobalRefs(env, request);
 }
 
 jboolean
--- a/src/share/classes/com/sun/jndi/ldap/LdapCtx.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/LdapCtx.java	Fri Apr 15 14:47:15 2016 +0100
@@ -2975,7 +2975,8 @@
             r = new LdapReferralException(resolvedName, resolvedObj, remainName,
                 msg, envprops, fullDN, handleReferrals, reqCtls);
             // only one set of URLs is present
-            r.setReferralInfo(res.referrals.elementAt(0), false);
+            r.setReferralInfo(res.referrals == null ? null :
+                    res.referrals.elementAt(0), false);
 
             if (hopCount > 1) {
                 r.setHopCount(hopCount);
@@ -3044,7 +3045,7 @@
              *     assume name resolution has not yet completed.
              */
             if (((res.entries == null) || (res.entries.isEmpty())) &&
-                (res.referrals.size() == 1)) {
+                ((res.referrals != null) && (res.referrals.size() == 1))) {
 
                 r.setReferralInfo(res.referrals, false);
 
--- a/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java	Fri Apr 15 14:47:15 2016 +0100
@@ -217,13 +217,15 @@
             System.out.println("LdapReferralException.setReferralInfo");
 
         this.referrals = referrals;
-        if (referrals != null) {
-            referralCount = referrals.size();
-        }
+        referralCount = (referrals == null) ? 0 : referrals.size();
 
         if (debug) {
-            for (int i = 0; i < referralCount; i++) {
-                System.out.println("  [" + i + "] " + referrals.elementAt(i));
+            if (referrals != null) {
+                for (int i = 0; i < referralCount; i++) {
+                    System.out.println("  [" + i + "] " + referrals.elementAt(i));
+                }
+            } else {
+                System.out.println("setReferralInfo : referrals == null");
             }
         }
     }
--- a/src/share/classes/javax/crypto/JceSecurity.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/share/classes/javax/crypto/JceSecurity.java	Fri Apr 15 14:47:15 2016 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,8 +64,7 @@
     private final static Map<Provider, Object> verifyingProviders =
             new IdentityHashMap<>();
 
-    // Set the default value. May be changed in the static initializer.
-    private static boolean isRestricted = true;
+    private static final boolean isRestricted;
 
     /*
      * Don't let anyone instantiate this.
--- a/src/share/classes/sun/nio/ch/Util.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/share/classes/sun/nio/ch/Util.java	Fri Apr 15 14:47:15 2016 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,9 @@
     // The number of temp buffers in our pool
     private static final int TEMP_BUF_POOL_SIZE = IOUtil.IOV_MAX;
 
+    // The max size allowed for a cached temp buffer, in bytes
+    private static final long MAX_CACHED_BUFFER_SIZE = getMaxCachedBufferSize();
+
     // Per-thread cache of temporary direct buffers
     private static ThreadLocal<BufferCache> bufferCache =
         new ThreadLocal<BufferCache>()
@@ -58,6 +61,52 @@
     };
 
     /**
+     * Returns the max size allowed for a cached temp buffers, in
+     * bytes. It defaults to Long.MAX_VALUE. It can be set with the
+     * jdk.nio.maxCachedBufferSize property. Even though
+     * ByteBuffer.capacity() returns an int, we're using a long here
+     * for potential future-proofing.
+     */
+    private static long getMaxCachedBufferSize() {
+        String s = java.security.AccessController.doPrivileged(
+            new PrivilegedAction<String>() {
+                @Override
+                public String run() {
+                    return System.getProperty("jdk.nio.maxCachedBufferSize");
+                }
+            });
+        if (s != null) {
+            try {
+                long m = Long.parseLong(s);
+                if (m >= 0) {
+                    return m;
+                } else {
+                    // if it's negative, ignore the system property
+                }
+            } catch (NumberFormatException e) {
+                // if the string is not well formed, ignore the system property
+            }
+        }
+        return Long.MAX_VALUE;
+    }
+
+    /**
+     * Returns true if a buffer of this size is too large to be
+     * added to the buffer cache, false otherwise.
+     */
+    private static boolean isBufferTooLarge(int size) {
+        return size > MAX_CACHED_BUFFER_SIZE;
+    }
+
+    /**
+     * Returns true if the buffer is too large to be added to the
+     * buffer cache, false otherwise.
+     */
+    private static boolean isBufferTooLarge(ByteBuffer buf) {
+        return isBufferTooLarge(buf.capacity());
+    }
+
+    /**
      * A simple cache of direct buffers.
      */
     private static class BufferCache {
@@ -83,6 +132,9 @@
          * size (or null if no suitable buffer is found).
          */
         ByteBuffer get(int size) {
+            // Don't call this if the buffer would be too large.
+            assert !isBufferTooLarge(size);
+
             if (count == 0)
                 return null;  // cache is empty
 
@@ -120,6 +172,9 @@
         }
 
         boolean offerFirst(ByteBuffer buf) {
+            // Don't call this if the buffer is too large.
+            assert !isBufferTooLarge(buf);
+
             if (count >= TEMP_BUF_POOL_SIZE) {
                 return false;
             } else {
@@ -131,6 +186,9 @@
         }
 
         boolean offerLast(ByteBuffer buf) {
+            // Don't call this if the buffer is too large.
+            assert !isBufferTooLarge(buf);
+
             if (count >= TEMP_BUF_POOL_SIZE) {
                 return false;
             } else {
@@ -159,6 +217,15 @@
      * Returns a temporary buffer of at least the given size
      */
     public static ByteBuffer getTemporaryDirectBuffer(int size) {
+        // If a buffer of this size is too large for the cache, there
+        // should not be a buffer in the cache that is at least as
+        // large. So we'll just create a new one. Also, we don't have
+        // to remove the buffer from the cache (as this method does
+        // below) given that we won't put the new buffer in the cache.
+        if (isBufferTooLarge(size)) {
+            return ByteBuffer.allocateDirect(size);
+        }
+
         BufferCache cache = bufferCache.get();
         ByteBuffer buf = cache.get(size);
         if (buf != null) {
@@ -188,6 +255,13 @@
      * likely to be returned by a subsequent call to getTemporaryDirectBuffer.
      */
     static void offerFirstTemporaryDirectBuffer(ByteBuffer buf) {
+        // If the buffer is too large for the cache we don't have to
+        // check the cache. We'll just free it.
+        if (isBufferTooLarge(buf)) {
+            free(buf);
+            return;
+        }
+
         assert buf != null;
         BufferCache cache = bufferCache.get();
         if (!cache.offerFirst(buf)) {
@@ -203,6 +277,13 @@
      * cache in same order that they were obtained.
      */
     static void offerLastTemporaryDirectBuffer(ByteBuffer buf) {
+        // If the buffer is too large for the cache we don't have to
+        // check the cache. We'll just free it.
+        if (isBufferTooLarge(buf)) {
+            free(buf);
+            return;
+        }
+
         assert buf != null;
         BufferCache cache = bufferCache.get();
         if (!cache.offerLast(buf)) {
--- a/src/windows/native/sun/font/lcdglyph.c	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/windows/native/sun/font/lcdglyph.c	Fri Apr 15 14:47:15 2016 +0100
@@ -157,6 +157,9 @@
     if (hBitmap != 0) { \
         DeleteObject(hBitmap); \
     } \
+    if (tmpBitmap != 0) { \
+        DeleteObject(tmpBitmap); \
+    } \
     if (dibImage != NULL) { \
         free(dibImage); \
     } \
@@ -196,6 +199,7 @@
     int bmWidth, bmHeight;
     int x, y;
     HBITMAP hBitmap = NULL, hOrigBM;
+    HBITMAP tmpBitmap = NULL;
     int gamma, orient;
 
     HWND hWnd = NULL;
@@ -250,6 +254,12 @@
     }
     oldFont = SelectObject(hMemoryDC, hFont);
 
+    tmpBitmap = CreateCompatibleBitmap(hDesktopDC, 1, 1);
+    if (tmpBitmap == NULL) {
+        FREE_AND_RETURN;
+    }
+    hOrigBM = (HBITMAP)SelectObject(hMemoryDC, tmpBitmap);
+
     memset(&textMetric, 0, sizeof(TEXTMETRIC));
     err = GetTextMetrics(hMemoryDC, &textMetric);
     if (err == 0) {
@@ -334,7 +344,7 @@
     if (hBitmap == NULL) {
         FREE_AND_RETURN;
     }
-    hOrigBM = (HBITMAP)SelectObject(hMemoryDC, hBitmap);
+    SelectObject(hMemoryDC, hBitmap);
 
     /* Fill in black */
     rect.left = 0;
@@ -478,6 +488,7 @@
     ReleaseDC(hWnd, hDesktopDC);
     DeleteObject(hMemoryDC);
     DeleteObject(hBitmap);
+    DeleteObject(tmpBitmap);
 
     return ptr_to_jlong(glyphInfo);
 }
--- a/src/windows/native/sun/windows/ThemeReader.cpp	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/windows/native/sun/windows/ThemeReader.cpp	Fri Apr 15 14:47:15 2016 +0100
@@ -31,6 +31,8 @@
 #include "awt_Object.h"
 #include "awt_Component.h"
 
+#include "math.h"
+
 // Important note about VC6 and VC7 (or XP Platform SDK)   !
 //
 // These type definitions have been imported from UxTheme.h
@@ -68,6 +70,11 @@
 #define TMT_TRANSPARENT 2201
 #endif // _UXTHEME_H_
 
+#if defined(_MSC_VER) && _MSC_VER >= 1800
+#  define ROUND_TO_INT(num)    ((int) round(num))
+#else
+#  define ROUND_TO_INT(num)    ((int) floor((num) + 0.5))
+#endif
 
 #define ALPHA_MASK 0xff000000
 #define RED_MASK 0xff0000
@@ -745,6 +752,23 @@
     return NULL;
 }
 
+void rescale(SIZE *size) {
+    HWND hWnd = ::GetDesktopWindow();
+    HDC hDC = ::GetDC(hWnd);
+    int dpiX = ::GetDeviceCaps(hDC, LOGPIXELSX);
+    int dpiY = ::GetDeviceCaps(hDC, LOGPIXELSY);
+
+    if (dpiX !=0 && dpiX != 96) {
+        float invScaleX = 96.0f / dpiX;
+        size->cx = ROUND_TO_INT(size->cx * invScaleX);
+    }
+    if (dpiY != 0 && dpiY != 96) {
+        float invScaleY = 96.0f / dpiY;
+        size->cy = ROUND_TO_INT(size->cy * invScaleY);
+    }
+    ::ReleaseDC(hWnd, hDC);
+}
+
 /*
  * Class:     sun_awt_windows_ThemeReader
  * Method:    getPartSize
@@ -770,6 +794,8 @@
                 dimMID = env->GetMethodID(dimClassID, "<init>", "(II)V");
                 CHECK_NULL_RETURN(dimMID, NULL);
             }
+
+            rescale(&size);
             jobject dimObj = env->NewObject(dimClassID, dimMID, size.cx, size.cy);
             if (safe_ExceptionOccurred(env)) {
                 env->ExceptionDescribe();
--- a/src/windows/native/sun/windows/awt_DesktopProperties.cpp	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/windows/native/sun/windows/awt_DesktopProperties.cpp	Fri Apr 15 14:47:15 2016 +0100
@@ -35,6 +35,14 @@
 #include <shellapi.h>
 #include <shlobj.h>
 
+#include "math.h"
+
+#if defined(_MSC_VER) && _MSC_VER >= 1800
+#  define ROUND_TO_INT(num)    ((int) round(num))
+#else
+#  define ROUND_TO_INT(num)    ((int) floor((num) + 0.5))
+#endif
+
 // WDesktopProperties fields
 jfieldID AwtDesktopProperties::pDataID = 0;
 jmethodID AwtDesktopProperties::setBooleanPropertyID = 0;
@@ -79,18 +87,35 @@
     }
 }
 
+void getInvScale(float &invScaleX, float &invScaleY) {
+    HWND hWnd = ::GetDesktopWindow();
+    HDC hDC = ::GetDC(hWnd);
+    int dpiX = ::GetDeviceCaps(hDC, LOGPIXELSX);
+    int dpiY = ::GetDeviceCaps(hDC, LOGPIXELSY);
+    ::ReleaseDC(hWnd, hDC);
+    invScaleX = (dpiX == 0.0f) ? 1.0f : 96.0f / dpiX;
+    invScaleY = (dpiY == 0.0f) ? 1.0f : 96.0f / dpiY;
+}
+
+int rescale(int value, float invScale){
+    return invScale == 1.0f ? value : ROUND_TO_INT(value * invScale);
+}
+
 void AwtDesktopProperties::GetSystemProperties() {
     HDC dc = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
 
     if (dc != NULL) {
         try {
-            SetFontProperty(dc, ANSI_FIXED_FONT, TEXT("win.ansiFixed.font"));
-            SetFontProperty(dc, ANSI_VAR_FONT, TEXT("win.ansiVar.font"));
-            SetFontProperty(dc, DEVICE_DEFAULT_FONT, TEXT("win.deviceDefault.font"));
-            SetFontProperty(dc, DEFAULT_GUI_FONT, TEXT("win.defaultGUI.font"));
-            SetFontProperty(dc, OEM_FIXED_FONT, TEXT("win.oemFixed.font"));
-            SetFontProperty(dc, SYSTEM_FONT, TEXT("win.system.font"));
-            SetFontProperty(dc, SYSTEM_FIXED_FONT, TEXT("win.systemFixed.font"));
+            float invScaleX;
+            float invScaleY;
+            getInvScale(invScaleX, invScaleY);
+            SetFontProperty(dc, ANSI_FIXED_FONT, TEXT("win.ansiFixed.font"), 1.0f);
+            SetFontProperty(dc, ANSI_VAR_FONT, TEXT("win.ansiVar.font"), 1.0f);
+            SetFontProperty(dc, DEVICE_DEFAULT_FONT, TEXT("win.deviceDefault.font"), 1.0f);
+            SetFontProperty(dc, DEFAULT_GUI_FONT, TEXT("win.defaultGUI.font"), invScaleY);
+            SetFontProperty(dc, OEM_FIXED_FONT, TEXT("win.oemFixed.font"), 1.0f);
+            SetFontProperty(dc, SYSTEM_FONT, TEXT("win.system.font"), 1.0f);
+            SetFontProperty(dc, SYSTEM_FIXED_FONT, TEXT("win.systemFixed.font"), 1.0f);
         }
         catch (std::bad_alloc&) {
             DeleteDC(dc);
@@ -266,31 +291,35 @@
     }
     VERIFY( SystemParametersInfo(SPI_GETNONCLIENTMETRICS, ncmetrics.cbSize, &ncmetrics, FALSE) );
 
-    SetFontProperty( TEXT("win.frame.captionFont"), ncmetrics.lfCaptionFont );
-    SetIntegerProperty( TEXT("win.frame.captionHeight"), ncmetrics.iCaptionHeight );
-    SetIntegerProperty( TEXT("win.frame.captionButtonWidth"), ncmetrics.iCaptionWidth );
-    SetIntegerProperty( TEXT("win.frame.captionButtonHeight"), ncmetrics.iCaptionHeight );
-    SetFontProperty( TEXT("win.frame.smallCaptionFont"), ncmetrics.lfSmCaptionFont );
-    SetIntegerProperty( TEXT("win.frame.smallCaptionHeight"), ncmetrics.iSmCaptionHeight );
-    SetIntegerProperty( TEXT("win.frame.smallCaptionButtonWidth"), ncmetrics.iSmCaptionWidth );
-    SetIntegerProperty( TEXT("win.frame.smallCaptionButtonHeight"), ncmetrics.iSmCaptionHeight );
-    SetIntegerProperty( TEXT("win.frame.sizingBorderWidth"), ncmetrics.iBorderWidth );
+    float invScaleX;
+    float invScaleY;
+    getInvScale(invScaleX, invScaleY);
+
+    SetFontProperty(TEXT("win.frame.captionFont"), ncmetrics.lfCaptionFont, invScaleY);
+    SetIntegerProperty(TEXT("win.frame.captionHeight"), rescale(ncmetrics.iCaptionHeight, invScaleY));
+    SetIntegerProperty(TEXT("win.frame.captionButtonWidth"), rescale(ncmetrics.iCaptionWidth, invScaleX));
+    SetIntegerProperty(TEXT("win.frame.captionButtonHeight"), rescale(ncmetrics.iCaptionHeight, invScaleY));
+    SetFontProperty(TEXT("win.frame.smallCaptionFont"), ncmetrics.lfSmCaptionFont, invScaleY);
+    SetIntegerProperty(TEXT("win.frame.smallCaptionHeight"), rescale(ncmetrics.iSmCaptionHeight, invScaleY));
+    SetIntegerProperty(TEXT("win.frame.smallCaptionButtonWidth"), rescale(ncmetrics.iSmCaptionWidth, invScaleX));
+    SetIntegerProperty(TEXT("win.frame.smallCaptionButtonHeight"), rescale(ncmetrics.iSmCaptionHeight, invScaleY));
+    SetIntegerProperty(TEXT("win.frame.sizingBorderWidth"), rescale(ncmetrics.iBorderWidth, invScaleX));
 
     // menu properties
-    SetFontProperty( TEXT("win.menu.font"), ncmetrics.lfMenuFont );
-    SetIntegerProperty( TEXT("win.menu.height"), ncmetrics.iMenuHeight );
-    SetIntegerProperty( TEXT("win.menu.buttonWidth"), ncmetrics.iMenuWidth );
+    SetFontProperty(TEXT("win.menu.font"), ncmetrics.lfMenuFont, invScaleY);
+    SetIntegerProperty(TEXT("win.menu.height"), rescale(ncmetrics.iMenuHeight, invScaleY));
+    SetIntegerProperty(TEXT("win.menu.buttonWidth"), rescale(ncmetrics.iMenuWidth, invScaleX));
 
     // scrollbar properties
-    SetIntegerProperty( TEXT("win.scrollbar.width"), ncmetrics.iScrollWidth );
-    SetIntegerProperty( TEXT("win.scrollbar.height"), ncmetrics.iScrollHeight );
+    SetIntegerProperty(TEXT("win.scrollbar.width"), rescale(ncmetrics.iScrollWidth, invScaleX));
+    SetIntegerProperty(TEXT("win.scrollbar.height"), rescale(ncmetrics.iScrollHeight, invScaleY));
 
     // status bar and tooltip properties
-    SetFontProperty( TEXT("win.status.font"), ncmetrics.lfStatusFont );
-    SetFontProperty( TEXT("win.tooltip.font"), ncmetrics.lfStatusFont );
+    SetFontProperty(TEXT("win.status.font"), ncmetrics.lfStatusFont, invScaleY);
+    SetFontProperty(TEXT("win.tooltip.font"), ncmetrics.lfStatusFont, invScaleY);
 
     // message box properties
-    SetFontProperty( TEXT("win.messagebox.font"), ncmetrics.lfMessageFont );
+    SetFontProperty(TEXT("win.messagebox.font"), ncmetrics.lfMessageFont, invScaleY);
 }
 
 void AwtDesktopProperties::GetIconParameters() {
@@ -302,10 +331,13 @@
     iconmetrics.cbSize = sizeof(iconmetrics);
     VERIFY( SystemParametersInfo(SPI_GETICONMETRICS, iconmetrics.cbSize, &iconmetrics, FALSE) );
 
-    SetIntegerProperty(TEXT("win.icon.hspacing"), iconmetrics.iHorzSpacing);
-    SetIntegerProperty(TEXT("win.icon.vspacing"), iconmetrics.iVertSpacing);
+    float invScaleX;
+    float invScaleY;
+    getInvScale(invScaleX, invScaleY);
+    SetIntegerProperty(TEXT("win.icon.hspacing"), rescale(iconmetrics.iHorzSpacing, invScaleX));
+    SetIntegerProperty(TEXT("win.icon.vspacing"), rescale(iconmetrics.iVertSpacing, invScaleY));
     SetBooleanProperty(TEXT("win.icon.titleWrappingOn"), iconmetrics.iTitleWrap != 0);
-    SetFontProperty(TEXT("win.icon.font"), iconmetrics.lfFont);
+    SetFontProperty(TEXT("win.icon.font"), iconmetrics.lfFont, invScaleY);
 }
 /*
  Windows settings for these are also in the registry
@@ -718,6 +750,7 @@
 }
 
 void AwtDesktopProperties::SetIntegerProperty(LPCTSTR propName, int value) {
+
     jstring key = JNU_NewStringPlatform(GetEnv(), propName);
     if (key == NULL) {
         throw std::bad_alloc();
@@ -752,8 +785,8 @@
 }
 
 void AwtDesktopProperties::SetFontProperty(HDC dc, int fontID,
-                                           LPCTSTR propName) {
-    HGDIOBJ font = GetStockObject(fontID);
+    LPCTSTR propName, float invScale) {
+        HGDIOBJ font = GetStockObject(fontID);
     if (font != NULL && SelectObject(dc, font) != NULL) {
         int length = GetTextFace(dc, 0, NULL);
 
@@ -789,8 +822,8 @@
                         throw std::bad_alloc();
                     }
 
-                    jint pointSize = metrics.tmHeight -
-                                     metrics.tmInternalLeading;
+                    jint pointSize = rescale(metrics.tmHeight -
+                                     metrics.tmInternalLeading, invScale);
                     jint style = java_awt_Font_PLAIN;
 
                     if (metrics.tmWeight >= FW_BOLD) {
@@ -818,7 +851,8 @@
     }
 }
 
-void AwtDesktopProperties::SetFontProperty(LPCTSTR propName, const LOGFONT & font) {
+void AwtDesktopProperties::SetFontProperty(LPCTSTR propName, const LOGFONT & font,
+    float invScale) {
     jstring fontName;
     jint pointSize;
     jint style;
@@ -836,7 +870,7 @@
     ReleaseDC(NULL, hdc);
 #endif
     // Java uses point sizes, but assumes 1 pixel = 1 point
-    pointSize = -font.lfHeight;
+    pointSize = rescale(-font.lfHeight, invScale);
 
     // convert Windows font style to Java style
     style = java_awt_Font_PLAIN;
--- a/src/windows/native/sun/windows/awt_DesktopProperties.h	Mon Apr 11 13:49:55 2016 -0700
+++ b/src/windows/native/sun/windows/awt_DesktopProperties.h	Fri Apr 15 14:47:15 2016 +0100
@@ -73,8 +73,8 @@
         void SetIntegerProperty(LPCTSTR, int);
         void SetStringProperty(LPCTSTR, LPTSTR);
         void SetColorProperty(LPCTSTR, DWORD);
-        void SetFontProperty(HDC, int, LPCTSTR);
-        void SetFontProperty(LPCTSTR, const LOGFONT &);
+        void SetFontProperty(HDC, int, LPCTSTR, float invScale);
+        void SetFontProperty(LPCTSTR, const LOGFONT &, float invScale);
         void SetSoundProperty(LPCTSTR, LPCTSTR);
 
         JNIEnv * GetEnv() {
--- a/test/TEST.ROOT	Mon Apr 11 13:49:55 2016 -0700
+++ b/test/TEST.ROOT	Fri Apr 15 14:47:15 2016 +0100
@@ -17,5 +17,8 @@
 # Tests that cannot run concurrently
 exclusiveAccess.dirs=java/rmi/Naming java/util/Currency java/util/prefs sun/management/jmxremote sun/tools/jstatd sun/security/mscapi javax/rmi
 
+# Allow querying of sun.arch.data.model in @requires clauses
+requires.properties=sun.arch.data.model 
+
 # Group definitions
 groups=TEST.groups [closed/TEST.groups]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/CICO.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES ciphers with different modes and padding schemes (ECB mode
+ *          doesn't use IV). The test tries 3 different read methods of
+ *          CipherInputStream.
+ */
+public class CICO {
+    private static final String ALGORITHM = "aEs";
+    private static final String[] MODES = { "PCBC", "ECb", "cbC", "cFB",
+        "cFB24", "cFB32", "Cfb40", "CFB72", "OfB", "OfB20", "OfB48",
+        "OfB56", "OFB64", "OFB112", "CFB112", "pCbC" };
+    private static final String[] PADDING = { "noPadding", "pkcs5padding" };
+    private static final String PROVIDER = "SunJCE";
+    private static final int NREADS = 3;
+    private static final int KEY_LENGTH = 128;
+
+    private final byte[] plainText = new byte[1600000];
+
+
+    public static void main(String argv[]) throws Exception {
+        CICO test = new CICO();
+        for (String mode : MODES) {
+            for (String pad : PADDING) {
+                for (int m = 0; m < NREADS; m++) {
+                    test.runTest(ALGORITHM, mode, pad, m);
+                }
+            }
+        }
+    }
+
+    public void runTest(String algo, String mo, String pad, int whichRead) throws Exception {
+        Cipher ci1 = null;
+        Cipher ci2 = null;
+        byte[] iv = null;
+        AlgorithmParameterSpec aps = null;
+        SecretKey key = null;
+
+        try {
+            // Do initialization
+            Random rdm = new Random();
+            rdm.nextBytes(plainText);
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            if (!kg.getAlgorithm().equals(algo)) {
+                throw new RuntimeException("Unexpected algorithm <"
+                        + kg.getAlgorithm() + ">, expected value is <" + algo
+                        + ">");
+            }
+
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            ci1 = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+
+            if (mo.equalsIgnoreCase("ECB")) {
+                ci1.init(Cipher.ENCRYPT_MODE, key);
+            } else {
+                ci1.init(Cipher.ENCRYPT_MODE, key, aps);
+            }
+
+            if (!mo.equalsIgnoreCase("ECB")) {
+                iv = ci1.getIV();
+                aps = new IvParameterSpec(iv);
+            } else {
+                aps = null;
+            }
+
+            ci2 = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+            if (mo.equalsIgnoreCase("ECB")) {
+                ci2.init(Cipher.DECRYPT_MODE, key);
+            } else {
+                ci2.init(Cipher.DECRYPT_MODE, key, aps);
+            }
+
+            ByteArrayInputStream baInput = new ByteArrayInputStream(plainText);
+            ByteArrayOutputStream baOutput = new ByteArrayOutputStream();
+            try (CipherInputStream ciInput = new CipherInputStream(baInput, ci1);
+                    CipherOutputStream ciOutput = new CipherOutputStream(
+                            baOutput, ci2)) {
+                // According to specification, CipherInputStream does not support the
+                // mark and reset methods
+                if (ciInput.markSupported()) {
+                    throw new RuntimeException(
+                            "CipherInputStream unexpectedly supports the mark and reset methods");
+                }
+
+                // Read from the input and write to the output using 2 types
+                // of buffering : byte[] and int
+                switch (whichRead) {
+                case 0:
+                    int buffer0 = ciInput.read();
+                    while (buffer0 != -1) {
+                        ciOutput.write(buffer0);
+                        buffer0 = ciInput.read();
+                    }
+                    break;
+                case 1:
+                    byte[] buffer1 = new byte[20];
+                    int len1 = ciInput.read(buffer1);
+                    while (len1 != -1) {
+                        ciOutput.write(buffer1, 0, len1);
+                        len1 = ciInput.read(buffer1);
+                    }
+                    break;
+                case NREADS - 1:
+                    byte[] buffer2 = new byte[ci1
+                                              .getOutputSize(plainText.length)];
+                    int offset2 = 0;
+                    int len2 = 0;
+                    while (len2 != -1) {
+                        len2 = ciInput.read(buffer2, offset2, buffer2.length
+                                - offset2);
+                        offset2 += len2;
+                    }
+                    ciOutput.write(buffer2, 0, buffer2.length);
+                    break;
+                }
+            }
+
+            // Get the output
+            byte[] recoveredText = new byte[baOutput.size()];
+            recoveredText = baOutput.toByteArray();
+            if (!java.util.Arrays.equals(plainText, recoveredText)) {
+                throw new RuntimeException(
+                        "Original text is not equal with recovered text, with "
+                                + algo + "/" + mo + "/" + pad + "/" + whichRead);
+            }
+
+            // Compare input and output
+
+        } catch (NoSuchAlgorithmException e) {
+            //OFB20 is for negative testing
+            if (!mo.equalsIgnoreCase("OFB20")) {
+                System.out.println("Unexpected NoSuchAlgorithmException with "
+                        + algo + "/" + mo + "/" + pad + "/" + whichRead);
+                throw new RuntimeException("Test failed!");
+            }
+        } catch (IOException | NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidAlgorithmParameterException e) {
+            System.out.println("Unexpected Exception with "
+                    + algo + "/" + mo + "/" + pad + "/" + whichRead);
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/CTR.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES ciphers with 4 different modes with NoPadding. Check if
+ *          data before encryption and after decryption is the same.
+ */
+
+public class CTR {
+
+    private static final String ALGORITHM = "AES";
+
+    private static final String PROVIDER = "SunJCE";
+
+    private static final String[] MODES = {"CTR","CFB24","OFB32","GCM"};
+
+    private static final String PADDING = "NoPadding";
+
+
+    private static final int KEY_LENGTH = 128;
+
+    public static void main(String argv[]) throws Exception {
+        CTR test = new CTR();
+        for (String mode : MODES) {
+            test.runTest(ALGORITHM, mode, PADDING);
+        }
+    }
+
+
+    public void runTest(String algo, String mo, String pad) throws Exception {
+        Cipher ci = null;
+        byte[] iv = null;
+        AlgorithmParameterSpec aps = null;
+        SecretKey key = null;
+
+        try {
+            Random rdm = new Random();
+            byte[] plainText;
+
+            ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            for (int i = 0; i < 15; i++) {
+                plainText = new byte[1600 + i + 1];
+                rdm.nextBytes(plainText);
+
+                if (!mo.equalsIgnoreCase("GCM")) {
+                    ci.init(Cipher.ENCRYPT_MODE, key, aps);
+                } else {
+                    ci.init(Cipher.ENCRYPT_MODE, key);
+                }
+
+                byte[] cipherText = new byte[ci.getOutputSize(plainText.length)];
+                int offset = ci.update(plainText, 0, plainText.length,
+                        cipherText, 0);
+
+                ci.doFinal(cipherText, offset);
+
+                if (!mo.equalsIgnoreCase("ECB")) {
+                    iv = ci.getIV();
+                    aps = new IvParameterSpec(iv);
+                } else {
+                    aps = null;
+                }
+
+                if (!mo.equalsIgnoreCase("GCM")) {
+                    ci.init(Cipher.DECRYPT_MODE, key, aps);
+                } else {
+                    ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
+                }
+
+                byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
+                int len = ci.doFinal(cipherText, 0, cipherText.length,
+                        recoveredText);
+                byte[] tmp = new byte[len];
+
+                for (int j = 0; j < len; j++) {
+                    tmp[j] = recoveredText[j];
+                }
+                Arrays.toString(plainText);
+                if (!java.util.Arrays.equals(plainText, tmp)) {
+                    System.out.println("Original: ");
+                    dumpBytes(plainText);
+                    System.out.println("Recovered: ");
+                    dumpBytes(tmp);
+                    throw new RuntimeException("Original text is not equal with recovered text, with mode:" + mo);
+                }
+            }
+        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidAlgorithmParameterException
+                | ShortBufferException | IllegalBlockSizeException
+                | BadPaddingException e) {
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+
+    private void dumpBytes(byte[] bytes){
+        for (byte b : bytes){
+            System.out.print(Integer.toHexString(b));
+        }
+        System.out.println();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/Padding.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES ciphers with different modes and padding schemes (ECB mode
+ *          doesn't use IV). The test tries 3 different read methods of
+ *          CipherInputStream.
+ */
+public class Padding {
+
+    private static final String ALGORITHM = "AES";
+    private static final String PROVIDER = "SunJCE";
+    private static final String[] MODES = { "ECb", "CbC", "PCBC", "OFB",
+        "OFB150", "cFB", "CFB7", "cFB8", "cFB16", "cFB24", "cFB32",
+        "Cfb40", "cfB48", "cfB56", "cfB64", "cfB72", "cfB80", "cfB88",
+        "cfB96", "cfb104", "cfB112", "cfB120", "OFB8", "OFB16", "OFB24",
+        "OFB32", "OFB40", "OFB48", "OFB56", "OFB64", "OFB72", "OFB80",
+        "OFB88", "OFB96", "OFB104", "OFB112", "OFB120", "GCM" };
+    private static final String PADDING = "PKCS5Padding";
+    private static final int KEY_LENGTH = 128;
+
+    public static void main(String argv[]) throws Exception {
+        Padding test = new Padding();
+        for (String mode : MODES) {
+            test.runTest(ALGORITHM, mode, PADDING);
+        }
+    }
+
+    public void runTest(String algo, String mo, String pad) throws Exception {
+        Cipher ci = null;
+        byte[] iv = null;
+        AlgorithmParameterSpec aps = null;
+        SecretKey key = null;
+        try {
+            Random rdm = new Random();
+            byte[] plainText;
+
+            ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            for (int i = 0; i < 15; i++) {
+                plainText = new byte[1600 + i + 1];
+                rdm.nextBytes(plainText);
+
+                if (!mo.equalsIgnoreCase("GCM")) {
+                    ci.init(Cipher.ENCRYPT_MODE, key, aps);
+                } else {
+                    ci.init(Cipher.ENCRYPT_MODE, key);
+                }
+
+                byte[] cipherText = new byte[ci.getOutputSize(plainText.length)];
+                int offset = ci.update(plainText, 0, plainText.length,
+                        cipherText, 0);
+                ci.doFinal(cipherText, offset);
+
+                if (!mo.equalsIgnoreCase("ECB")) {
+                    iv = ci.getIV();
+                    aps = new IvParameterSpec(iv);
+                } else {
+                    aps = null;
+                }
+
+                if (!mo.equalsIgnoreCase("GCM")) {
+                    ci.init(Cipher.DECRYPT_MODE, key, aps);
+                } else {
+                    ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
+                }
+
+                byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
+                int len = ci.doFinal(cipherText, 0, cipherText.length,
+                        recoveredText);
+                byte[] tmp = new byte[len];
+
+                for (int j = 0; j < len; j++) {
+                    tmp[j] = recoveredText[j];
+                }
+
+                if (!java.util.Arrays.equals(plainText, tmp)) {
+                    System.out.println("Original: ");
+                    dumpBytes(plainText);
+                    System.out.println("Recovered: ");
+                    dumpBytes(tmp);
+                    throw new RuntimeException(
+                            "Original text is not equal with recovered text, with mode:"
+                                    + mo);
+                }
+            }
+        } catch (NoSuchAlgorithmException e) {
+            //CFB7 and OFB150 are for negative testing
+            if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("OFB150")) {
+                System.out
+                .println("Unexpected NoSuchAlgorithmException with mode: "
+                        + mo);
+                throw new RuntimeException("Test failed!");
+            }
+        } catch ( NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidAlgorithmParameterException
+                | ShortBufferException | IllegalBlockSizeException
+                | BadPaddingException e) {
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+
+    private void dumpBytes(byte[] bytes) {
+        for (byte b : bytes) {
+            System.out.print(Integer.toHexString(b));
+        }
+
+        System.out.println();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/TestAESCipher.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES ciphers with different modes and padding schemes (ECB mode
+ *          doesn't use IV).
+ * @author Liwen Wang
+ * @author Parag Salvi
+ */
+public class TestAESCipher {
+
+    private static final String ALGORITHM = "AES";
+    private static final String PROVIDER = "SunJCE";
+    private static final String[] MODES = { "ECb", "CbC", "CTR", "PCBC", "OFB",
+        "OFB150", "cFB", "CFB7", "cFB8", "cFB16", "cFB24", "cFB32",
+        "Cfb40", "cfB48", "cfB56", "cfB64", "cfB72", "cfB80", "cfB88",
+        "cfB96", "cfb104", "cfB112", "cfB120", "OFB8", "OFB16", "OFB24",
+        "OFB32", "OFB40", "OFB48", "OFB56", "OFB64", "OFB72", "OFB80",
+        "OFB88", "OFB96", "OFB104", "OFB112", "OFB120", "GCM" };
+    private static final String[] PADDING = { "NoPadding", "PKCS5Padding" };
+    private static final int KEY_LENGTH = 128;
+
+    public static void main(String argv[]) throws Exception {
+        TestAESCipher test = new TestAESCipher();
+        for (String mode : MODES) {
+            int padKinds = 1;
+            if (mode.equalsIgnoreCase("ECB") || mode.equalsIgnoreCase("PCBC")
+                    || mode.equalsIgnoreCase("CBC")) {
+                padKinds = PADDING.length;
+            }
+
+            for (int k = 0; k < padKinds; k++) {
+                test.runTest(ALGORITHM, mode, PADDING[k]);
+            }
+        }
+    }
+
+    public void runTest(String algo, String mo, String pad) throws Exception {
+        Cipher ci = null;
+        byte[] iv = null;
+        AlgorithmParameterSpec aps = null;
+        SecretKey key = null;
+        try {
+            // Initialization
+            Random rdm = new Random();
+            byte[] plainText = new byte[128];
+            rdm.nextBytes(plainText);
+
+            ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            // encrypt
+            if (!mo.equalsIgnoreCase("GCM")) {
+                ci.init(Cipher.ENCRYPT_MODE, key, aps);
+            } else {
+                ci.init(Cipher.ENCRYPT_MODE, key);
+            }
+
+            byte[] cipherText = new byte[ci.getOutputSize(plainText.length)];
+            int offset = ci.update(plainText, 0, plainText.length, cipherText,
+                    0);
+            ci.doFinal(cipherText, offset);
+
+            if (!mo.equalsIgnoreCase("ECB")) {
+                iv = ci.getIV();
+                aps = new IvParameterSpec(iv);
+            } else {
+                aps = null;
+            }
+
+            if (!mo.equalsIgnoreCase("GCM")) {
+                ci.init(Cipher.DECRYPT_MODE, key, aps);
+            } else {
+                ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
+            }
+
+            byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
+            int len = ci.doFinal(cipherText, 0, cipherText.length,
+                    recoveredText);
+            byte[] tmp = new byte[len];
+            System.arraycopy(recoveredText, 0, tmp, 0, len);
+
+            // Comparison
+            if (!java.util.Arrays.equals(plainText, tmp)) {
+                System.out.println("Original: ");
+                dumpBytes(plainText);
+                System.out.println("Recovered: ");
+                dumpBytes(tmp);
+                throw new RuntimeException(
+                        "Original text is not equal with recovered text, with mode:"
+                                + mo);
+            }
+
+        } catch (NoSuchAlgorithmException e) {
+            //CFB7 and OFB150 are for negative testing
+            if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("OFB150")) {
+                System.out.println("Unexpected NoSuchAlgorithmException with mode: "
+                        + mo);
+                throw new RuntimeException("Test failed!");
+            }
+        }  catch ( NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidAlgorithmParameterException
+                | ShortBufferException | IllegalBlockSizeException
+                | BadPaddingException e) {
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+
+    private void dumpBytes(byte[] bytes) {
+        for (byte b : bytes) {
+            System.out.print(Integer.toHexString(b));
+        }
+
+        System.out.println();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.GCMParameterSpec;
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES encryption with no padding. Expect the original data length
+ *          is the same as the encrypted data.
+ */
+public class TestNonexpanding {
+
+    private static final String ALGORITHM = "AES";
+    private static final String PROVIDER = "SunJCE";
+    private static final String[] MODES = { "ECb", "CbC", "OFB", "OFB150",
+        "cFB", "CFB7", "cFB8", "cFB16", "cFB24", "cFB32", "Cfb40", "cfB48",
+        "cfB56", "cfB64", "cfB72", "cfB80", "cfB88", "cfB96", "cfb104",
+        "cfB112", "cfB120", "GCM" };
+    private static final String PADDING = "NoPadding";
+    private static final int KEY_LENGTH = 128;
+
+    public static void main(String argv[]) throws Exception {
+        TestNonexpanding test = new TestNonexpanding();
+        for (String mode : MODES) {
+            test.runTest(ALGORITHM, mode, PADDING);
+        }
+    }
+
+    public void runTest(String algo, String mo, String pad) throws Exception {
+        Cipher ci = null;
+        SecretKey key = null;
+        try {
+            // Initialization
+            Random rdm = new Random();
+            byte[] plainText = new byte[128];
+            rdm.nextBytes(plainText);
+
+            ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            // encrypt
+            ci.init(Cipher.ENCRYPT_MODE, key);
+            byte[] cipherText = new byte[ci.getOutputSize(plainText.length)];
+            int offset = ci.update(plainText, 0, plainText.length, cipherText,
+                    0);
+            ci.doFinal(cipherText, offset);
+
+            // Comparison
+            if (!(plainText.length == cipherText.length)) {
+                // The result of encryption in GCM is a combination of an
+                // authentication tag and cipher text.
+                if (mo.equalsIgnoreCase("GCM")) {
+                    GCMParameterSpec spec = ci.getParameters().getParameterSpec(GCMParameterSpec.class);
+                    int cipherTextLength = cipherText.length - spec.getTLen()
+                            / 8;
+                    if (plainText.length == cipherTextLength) {
+                        return;
+                    }
+                }
+                System.out.println("Original length: " + plainText.length);
+                System.out.println("Cipher text length: " + cipherText.length);
+                throw new RuntimeException("Test failed!");
+            }
+        } catch (NoSuchAlgorithmException e) {
+            //CFB7 and OFB150 are for negative testing
+            if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("OFB150")) {
+                System.out.println("Unexpected NoSuchAlgorithmException with mode: "
+                        + mo);
+                throw new RuntimeException("Test failed!");
+            }
+        } catch ( NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidParameterSpecException
+                | ShortBufferException | IllegalBlockSizeException
+                | BadPaddingException e) {
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+/**
+ * @test
+ * @bug 8043836
+ * @summary Test AES ciphers with different modes and padding schemes (ECB mode
+ *          doesn't use IV). The test tries 3 different read methods of
+ *          CipherInputStream.
+ */
+public class TestSameBuffer {
+
+    private static final String ALGORITHM = "Rijndael";
+    private static final String PROVIDER = "SunJCE";
+    private static final String[] MODES = { "ECb", "CbC", "OFB", "CFB150",
+        "cFB", "CFB7", " cFB8", "cFB16", "cFB24", "cFB32", "Cfb40",
+        "cfB48", " cfB56", "cfB64", "cfB72", "cfB80", "cfB88", "cfB96",
+        "cfb104", "cfB112", "cfB120" };
+    private static final String PADDING = "NoPadding";
+    private static final int KEY_LENGTH = 128;
+
+    public static void main(String argv[]) throws Exception {
+        TestSameBuffer test = new TestSameBuffer();
+        for (String mode : MODES) {
+            test.runTest(ALGORITHM, mode, PADDING);
+        }
+    }
+
+    public void runTest(String algo, String mo, String pad) throws Exception {
+        Cipher ci = null;
+        byte[] iv = null;
+        AlgorithmParameterSpec aps = null;
+        SecretKey key = null;
+        try {
+            // Initialization
+            Random rdm = new Random();
+            byte[] plainText = new byte[128];
+            rdm.nextBytes(plainText);
+
+            // keep the plain text
+            byte[] tmpText = new byte[plainText.length];
+            for (int i = 0; i < plainText.length; i++) {
+                tmpText[i] = plainText[i];
+            }
+
+            ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
+
+            KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
+            kg.init(KEY_LENGTH);
+            key = kg.generateKey();
+
+            // encrypt
+            ci.init(Cipher.ENCRYPT_MODE, key);
+            int offset = ci
+                    .update(plainText, 0, plainText.length, plainText, 0);
+            ci.doFinal(plainText, offset);
+
+            if (!mo.equalsIgnoreCase("ECB")) {
+                iv = ci.getIV();
+                aps = new IvParameterSpec(iv);
+            } else {
+                aps = null;
+            }
+
+            ci.init(Cipher.DECRYPT_MODE, key, aps);
+            byte[] recoveredText = new byte[ci.getOutputSize(plainText.length)];
+            ci.doFinal(plainText, 0, plainText.length, recoveredText);
+
+            // Comparison
+            if (!java.util.Arrays.equals(tmpText, recoveredText)) {
+                System.out.println("Original: ");
+                dumpBytes(plainText);
+                System.out.println("Recovered: ");
+                dumpBytes(recoveredText);
+                throw new RuntimeException(
+                        "Original text is not equal with recovered text, with mode:"
+                                + mo);
+            }
+
+        } catch (NoSuchAlgorithmException e) {
+            //CFB7 and CFB150 are for negative testing
+            if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("CFB150")) {
+                System.out.println("Unexpected NoSuchAlgorithmException with mode: "
+                        + mo);
+                throw new RuntimeException("Test failed!");
+            }
+        }  catch (NoSuchProviderException | NoSuchPaddingException
+                | InvalidKeyException | InvalidAlgorithmParameterException
+                | ShortBufferException | IllegalBlockSizeException
+                | BadPaddingException e) {
+            System.out.println("Test failed!");
+            throw e;
+        }
+    }
+
+    private void dumpBytes(byte[] bytes) {
+        for (byte b : bytes) {
+            System.out.print(Integer.toHexString(b));
+        }
+
+        System.out.println();
+    }
+}
--- a/test/com/sun/jdi/oom/@debuggeeVMOptions	Mon Apr 11 13:49:55 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
--Xmx40m
\ No newline at end of file
--- a/test/com/sun/jdi/oom/OomDebugTest.java	Mon Apr 11 13:49:55 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) 2016 Red Hat Inc.
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- *  @test
- *  @bug 4858370
- *  @summary JDWP: Memory Leak (global references not deleted after invokeMethod).
- *
- *  @author Severin Gehwolf <sgehwolf@redhat.com>
- *
- *  @library ..
- *  @run build TestScaffold VMConnection TargetListener TargetAdapter
- *  @run compile -g OomDebugTest.java
- *  @run shell OomDebugTestSetup.sh
- *  @run main OomDebugTest OomDebugTestTarget test1
- *  @run main OomDebugTest OomDebugTestTarget test2
- *  @run main OomDebugTest OomDebugTestTarget test3
- *  @run main OomDebugTest OomDebugTestTarget test4
- *  @run main OomDebugTest OomDebugTestTarget test5
- */
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import com.sun.jdi.ArrayReference;
-import com.sun.jdi.ArrayType;
-import com.sun.jdi.ClassType;
-import com.sun.jdi.Field;
-import com.sun.jdi.InvocationException;
-import com.sun.jdi.Method;
-import com.sun.jdi.ObjectReference;
-import com.sun.jdi.ReferenceType;
-import com.sun.jdi.StackFrame;
-import com.sun.jdi.VMOutOfMemoryException;
-import com.sun.jdi.Value;
-import com.sun.jdi.event.BreakpointEvent;
-
-/***************** Target program **********************/
-
-class OomDebugTestTarget {
-
-    OomDebugTestTarget() {
-        System.out.println("DEBUG: invoked constructor");
-    }
-    static class FooCls {
-        @SuppressWarnings("unused")
-        private byte[] bytes = new byte[3000000];
-    };
-
-    FooCls fooCls = new FooCls();
-    byte[] byteArray = new byte[0];
-
-    void testMethod(FooCls foo) {
-        System.out.println("DEBUG: invoked 'void testMethod(FooCls)', foo == " + foo);
-    }
-
-    void testPrimitive(byte[] foo) {
-        System.out.println("DEBUG: invoked 'void testPrimitive(byte[])', foo == " + foo);
-    }
-
-    byte[] testPrimitiveArrRetval() {
-        System.out.println("DEBUG: invoked 'byte[] testPrimitiveArrRetval()'");
-        return new byte[3000000];
-    }
-
-    FooCls testFooClsRetval() {
-        System.out.println("DEBUG: invoked 'FooCls testFooClsRetval()'");
-        return new FooCls();
-    }
-
-    public void entry() {}
-
-    public static void main(String[] args){
-        System.out.println("DEBUG: OomDebugTestTarget.main");
-        new OomDebugTestTarget().entry();
-    }
-}
-
-/***************** Test program ************************/
-
-public class OomDebugTest extends TestScaffold {
-
-    private static final int TOTAL_TESTS = 1;
-    private ReferenceType targetClass;
-    private ObjectReference thisObject;
-    private int failedTests;
-    private final String testMethodName;
-
-    public OomDebugTest(String[] args) {
-        super(args);
-        if (args.length != 2) {
-            throw new RuntimeException("Test failed unexpectedly.");
-        }
-        testMethodName = args[1];
-    }
-
-    @Override
-    protected void runTests() throws Exception {
-        try {
-            /*
-             * Get to the top of entry()
-             * to determine targetClass and mainThread
-             */
-            BreakpointEvent bpe = startTo("OomDebugTestTarget", "entry", "()V");
-            targetClass = bpe.location().declaringType();
-
-            mainThread = bpe.thread();
-
-            StackFrame frame = mainThread.frame(0);
-            thisObject = frame.thisObject();
-            java.lang.reflect.Method m = findTestMethod();
-            m.invoke(this);
-        } catch (NoSuchMethodException e) {
-            e.printStackTrace();
-            failure();
-        } catch (SecurityException e) {
-            e.printStackTrace();
-            failure();
-        }
-    }
-
-    private java.lang.reflect.Method findTestMethod()
-            throws NoSuchMethodException, SecurityException {
-        return OomDebugTest.class.getDeclaredMethod(testMethodName);
-    }
-
-    private void failure() {
-        failedTests++;
-    }
-
-    /*
-     * Test case: Object reference as method parameter.
-     */
-    @SuppressWarnings("unused") // called via reflection
-    private void test1() throws Exception {
-        System.out.println("DEBUG: ------------> Running " + testMethodName);
-        try {
-            Field field = targetClass.fieldByName("fooCls");
-            ClassType clsType = (ClassType)field.type();
-            Method constructor = getConstructorForClass(clsType);
-            for (int i = 0; i < 15; i++) {
-                @SuppressWarnings({ "rawtypes", "unchecked" })
-                ObjectReference objRef = clsType.newInstance(mainThread,
-                                                             constructor,
-                                                             new ArrayList(0),
-                                                             ObjectReference.INVOKE_NONVIRTUAL);
-                invoke("testMethod", "(LOomDebugTestTarget$FooCls;)V", objRef);
-            }
-        } catch (InvocationException e) {
-            handleFailure(e);
-        }
-    }
-
-    /*
-     * Test case: Array reference as method parameter.
-     */
-    @SuppressWarnings("unused") // called via reflection
-    private void test2() throws Exception {
-        System.out.println("DEBUG: ------------> Running " + testMethodName);
-        try {
-            Field field = targetClass.fieldByName("byteArray");
-            ArrayType arrType = (ArrayType)field.type();
-
-            for (int i = 0; i < 15; i++) {
-                ArrayReference byteArrayVal = arrType.newInstance(3000000);
-                invoke("testPrimitive", "([B)V", byteArrayVal);
-            }
-        } catch (VMOutOfMemoryException e) {
-            defaultHandleOOMFailure(e);
-        }
-    }
-
-    /*
-     * Test case: Array reference as return value.
-     */
-    @SuppressWarnings("unused") // called via reflection
-    private void test3() throws Exception {
-        System.out.println("DEBUG: ------------> Running " + testMethodName);
-        try {
-            for (int i = 0; i < 15; i++) {
-                invoke("testPrimitiveArrRetval",
-                       "()[B",
-                       Collections.EMPTY_LIST,
-                       vm().mirrorOfVoid());
-            }
-        } catch (InvocationException e) {
-            handleFailure(e);
-        }
-    }
-
-    /*
-     * Test case: Object reference as return value.
-     */
-    @SuppressWarnings("unused") // called via reflection
-    private void test4() throws Exception {
-        System.out.println("DEBUG: ------------> Running " + testMethodName);
-        try {
-            for (int i = 0; i < 15; i++) {
-                invoke("testFooClsRetval",
-                       "()LOomDebugTestTarget$FooCls;",
-                       Collections.EMPTY_LIST,
-                       vm().mirrorOfVoid());
-            }
-        } catch (InvocationException e) {
-            handleFailure(e);
-        }
-    }
-
-    /*
-     * Test case: Constructor
-     */
-    @SuppressWarnings({ "unused", "unchecked", "rawtypes" }) // called via reflection
-    private void test5() throws Exception {
-        System.out.println("DEBUG: ------------> Running " + testMethodName);
-        try {
-            ClassType type = (ClassType)thisObject.type();
-            for (int i = 0; i < 15; i++) {
-                type.newInstance(mainThread,
-                                 findMethod(targetClass, "<init>", "()V"),
-                                 new ArrayList(0),
-                                 ObjectReference.INVOKE_NONVIRTUAL);
-            }
-        } catch (InvocationException e) {
-            handleFailure(e);
-        }
-    }
-
-    private Method getConstructorForClass(ClassType clsType) {
-        List<Method> methods = clsType.methodsByName("<init>");
-        if (methods.size() != 1) {
-            throw new RuntimeException("FAIL. Expected only one, the default, constructor");
-        }
-        return methods.get(0);
-    }
-
-    private void handleFailure(InvocationException e) {
-        // There is no good way to see the OOME diagnostic message in the target since the
-        // TestScaffold might throw an exception while trying to print the stack trace. I.e
-        // it might get a a VMDisconnectedException before the stack trace printing finishes.
-        System.err.println("FAILURE: InvocationException caused by OOM");
-        defaultHandleOOMFailure(e);
-    }
-
-    private void defaultHandleOOMFailure(Exception e) {
-        e.printStackTrace();
-        failure();
-    }
-
-    @SuppressWarnings({ "rawtypes", "unchecked" })
-    void invoke(String methodName, String methodSig, Value value)
-            throws Exception {
-        List args = new ArrayList(1);
-        args.add(value);
-        invoke(methodName, methodSig, args, value);
-    }
-
-    void invoke(String methodName,
-                String methodSig,
-                @SuppressWarnings("rawtypes") List args,
-                Value value) throws Exception {
-        Method method = findMethod(targetClass, methodName, methodSig);
-        if ( method == null) {
-            failure("FAILED: Can't find method: "
-                    + methodName  + " for class = " + targetClass);
-            return;
-        }
-        invoke(method, args, value);
-    }
-
-    @SuppressWarnings({ "rawtypes", "unchecked" })
-    void invoke(Method method, List args, Value value) throws Exception {
-        thisObject.invokeMethod(mainThread, method, args, 0);
-        System.out.println("DEBUG: Done invoking method via debugger.");
-    }
-
-    Value fieldValue(String fieldName) {
-        Field field = targetClass.fieldByName(fieldName);
-        return thisObject.getValue(field);
-    }
-
-    public static void main(String[] args) throws Exception {
-        OomDebugTest oomTest = new OomDebugTest(args);
-        oomTest.startTests();
-        if (oomTest.failedTests > 0) {
-            throw new RuntimeException(oomTest.failedTests
-                                       + " of " + TOTAL_TESTS + " test(s) failed.");
-        }
-        System.out.println("All " + TOTAL_TESTS + " tests passed.");
-    }
-
-}
--- a/test/com/sun/jdi/oom/OomDebugTestSetup.sh	Mon Apr 11 13:49:55 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2016 Red Hat Inc.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-
-if [ "${TESTSRC}" = "" ]
-then
-  echo "TESTSRC not set.  Test cannot execute.  Failed."
-  exit 1
-fi
-echo "TESTSRC=${TESTSRC}"
-
-if [ "${TESTJAVA}" = "" ]
-then
-  echo "TESTJAVA not set.  Test cannot execute.  Failed."
-  exit 1
-fi
-echo "TESTJAVA=${TESTJAVA}"
-
-if [ "${TESTCLASSES}" = "" ]
-then
-  echo "TESTCLASSES not set.  Test cannot execute.  Failed."
-  exit 1
-fi
-
-cp ${TESTSRC}/@debuggeeVMOptions ${TESTCLASSES}/
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/font/FontScaling/FontScalingTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.swing.JButton;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
+import javax.swing.plaf.metal.MetalLookAndFeel;
+
+/*
+ * @test
+ * @bug 8076545
+ * @summary Text size is twice bigger under Windows L&F on Win 8.1 with
+ *          HiDPI display
+ */
+public class FontScalingTest {
+
+    public static void main(String[] args) throws Exception {
+        int metalFontSize = getFontSize(MetalLookAndFeel.class.getName());
+        int systemFontSize = getFontSize(UIManager.getSystemLookAndFeelClassName());
+
+        if (Math.abs(systemFontSize - metalFontSize) > 8) {
+            throw new RuntimeException("System L&F is too big!");
+        }
+    }
+
+    private static int getFontSize(String laf) throws Exception {
+
+        UIManager.setLookAndFeel(laf);
+        final int[] sizes = new int[1];
+
+        SwingUtilities.invokeAndWait(() -> {
+            JButton button = new JButton("Test");
+            sizes[0] = button.getFont().getSize();
+        });
+
+        return sizes[0];
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/Signature/Offsets.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,251 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import jdk.testlibrary.RandomFactory;
+
+/*
+ * @test
+ * @bug 8050374
+ * @key randomness
+ * @summary This test validates signature verification
+ *          Signature.verify(byte[], int, int). The test uses RandomFactory to
+ *          get random set of clear text data to sign. After the signature
+ *          generation, the test tries to verify signature with the above API
+ *          and passing in different signature offset (0, 33, 66, 99).
+ * @library /lib/testlibrary
+ * @run main Offsets SUN NONEwithDSA
+ * @run main Offsets SUN SHA1withDSA
+ * @run main Offsets SUN SHA224withDSA
+ * @run main Offsets SUN SHA256withDSA
+ */
+public class Offsets {
+
+    private final int size;
+    private final byte[] cleartext;
+    private final PublicKey pubkey;
+    private final Signature signature;
+    private final byte[] signed;
+
+    private Offsets(Signature signature, PublicKey pubkey, PrivateKey privkey,
+            int size, byte[] cleartext) throws InvalidKeyException,
+                SignatureException {
+        this.pubkey = pubkey;
+        this.signature = signature;
+        this.size = size;
+        this.cleartext = cleartext;
+
+        signature.initSign(privkey);
+        signature.update(cleartext, 0, size);
+        signed = signature.sign();
+    }
+
+    int getDataSize() {
+        return size;
+    }
+
+    int getSignatureLength() {
+        return signed.length;
+    }
+
+    byte[] shiftSignData(int offset) {
+        byte[] testSignData = new byte[offset + signed.length];
+        System.arraycopy(signed, 0, testSignData, offset,
+                signed.length);
+        return testSignData;
+    }
+
+    boolean verifySignature(byte[] sigData, int sigOffset, int sigLength,
+            int updateOffset, int updateLength)
+                throws InvalidKeyException, SignatureException {
+        signature.initVerify(pubkey);
+        signature.update(cleartext, updateOffset, updateLength);
+        return signature.verify(sigData, sigOffset, sigLength);
+    }
+
+    static Offsets init(String provider, String algorithm)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            InvalidKeyException, SignatureException {
+        // fill the cleartext data with random bytes
+        byte[] cleartext = new byte[100];
+        RandomFactory.getRandom().nextBytes(cleartext);
+
+        // NONEwith requires input to be of 20 bytes
+        int size = algorithm.contains("NONEwith") ? 20 : 100;
+
+        // create signature instance
+        Signature signature = Signature.getInstance(algorithm, provider);
+
+        String keyAlgo;
+        if (algorithm.contains("RSA")) {
+            keyAlgo = "RSA";
+        } else if (algorithm.contains("ECDSA")) {
+            keyAlgo = "EC";
+        } else if (algorithm.contains("DSA")) {
+            keyAlgo = "DSA";
+        } else {
+            throw new RuntimeException("Test doesn't support this signature "
+                    + "algorithm: " + algorithm);
+        }
+
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        KeyPair kp = kpg.generateKeyPair();
+        PublicKey pubkey = kp.getPublic();
+        PrivateKey privkey = kp.getPrivate();
+
+        return new Offsets(signature, pubkey, privkey, size, cleartext);
+    }
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        if (args.length < 2) {
+            throw new RuntimeException("Wrong parameters");
+        }
+
+        boolean result = true;
+        try {
+            Offsets test = init(args[0], args[1]);
+
+            // We are trying 3 different offsets, data size has nothing to do
+            // with signature length
+            for (int chunk = 3; chunk > 0; chunk--) {
+                int signOffset = test.getDataSize() / chunk;
+
+                System.out.println("Running test with offset " + signOffset);
+                byte[] signData = test.shiftSignData(signOffset);
+
+                boolean success = test.verifySignature(signData, signOffset,
+                        test.getSignatureLength(), 0, test.getDataSize());
+
+                if (success) {
+                    System.out.println("Successfully verified with offset "
+                            + signOffset);
+                } else {
+                    System.out.println("Verification failed with offset "
+                            + signOffset);
+                    result = false;
+                }
+            }
+
+            // save signature to offset 0
+            byte[] signData = test.shiftSignData(0);
+
+            // Negative tests
+
+            // Test signature offset 0.
+            // Wrong test data will be passed to update,
+            // so signature verification should fail.
+            for (int chunk = 3; chunk > 0; chunk--) {
+                int dataOffset = (test.getDataSize() - 1) / chunk;
+                boolean success;
+                try {
+                    success = test.verifySignature(signData, 0,
+                            test.getSignatureLength(), dataOffset,
+                            (test.getDataSize() - dataOffset));
+                } catch (SignatureException e) {
+                    // Since we are trying different data size, it can throw
+                    // SignatureException
+                    success = false;
+                }
+
+                if (!success) {
+                    System.out.println("Signature verification failed "
+                            + "as expected, with data offset " + dataOffset
+                            + " and length "
+                            + (test.getDataSize() - dataOffset));
+                } else {
+                    System.out.println("Signature verification "
+                            + "should not succeed, with data offset "
+                            + dataOffset + " and length "
+                            + (test.getDataSize() - dataOffset));
+                    result = false;
+                }
+            }
+
+            // Tests with manipulating offset and length
+            result &= Offsets.checkFailure(test, signData, -1,
+                    test.getSignatureLength());
+
+            result &= Offsets.checkFailure(test, signData, 0,
+                    test.getSignatureLength() - 1);
+
+            result &= Offsets.checkFailure(test, signData,
+                    test.getSignatureLength() + 1, test.getSignatureLength());
+
+            result &= Offsets.checkFailure(test, signData, 0,
+                    test.getSignatureLength() + 1);
+
+            result &= Offsets.checkFailure(test, signData, 0, 0);
+
+            result &= Offsets.checkFailure(test, signData, 0, -1);
+
+            result &= Offsets.checkFailure(test, signData,
+                    2147483646, test.getSignatureLength());
+
+            result &= Offsets.checkFailure(test, null, 0,
+                    test.getSignatureLength());
+        } catch (NoSuchProviderException nspe) {
+            System.out.println("No such provider: " + nspe);
+        }
+
+        if (!result) {
+            throw new RuntimeException("Some test cases failed");
+        }
+    }
+
+    static boolean checkFailure(Offsets test, byte[] signData, int offset,
+            int length) {
+        boolean success;
+        try {
+            success = test.verifySignature(signData, offset, length, 0,
+                    test.getDataSize());
+        } catch (IllegalArgumentException | SignatureException e) {
+            System.out.println("Expected exception: " + e);
+            success = false;
+        } catch (InvalidKeyException e) {
+            System.out.println("Unexpected exception: " + e);
+            return false;
+        }
+
+        if (!success) {
+            System.out.println("Signature verification failed as expected, "
+                    + "with signature offset " + offset + " and length "
+                    + length);
+            return true;
+        } else {
+            System.out.println("Signature verification should not succeed, "
+                    + "with signature offset " + offset + " and length "
+                    + length);
+            return false;
+        }
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/SignedObject/Chain.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Signature;
+import java.security.SignedObject;
+import java.security.KeyPairGenerator;
+import java.security.KeyPair;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Arrays;
+
+/*
+ * @test
+ * @bug 8050374
+ * @summary Verify a chain of signed objects
+ */
+public class Chain {
+
+    static enum KeyAlg {
+        RSA("RSA"),
+        DSA("DSA"),
+        EC("EC");
+
+        final String name;
+
+        KeyAlg(String alg) {
+            this.name = alg;
+        }
+    }
+
+    static enum Provider {
+        Default("default"),
+        SunRsaSign("SunRsaSign"),
+        Sun("SUN"),
+        SunEC("SunEC"),
+        SunJSSE("SunJSSE"),
+        SunMSCAPI("SunMSCAPI");
+
+        final String name;
+
+        Provider(String name) {
+            this.name = name;
+        }
+    }
+
+    static enum SigAlg {
+        MD2withRSA("MD2withRSA"),
+        MD5withRSA("md5withRSA"),
+
+        SHA1withDSA("SHA1withDSA"),
+        SHA224withDSA("SHA224withDSA"),
+        SHA256withDSA("SHA256withDSA"),
+
+        SHA1withRSA("Sha1withrSA"),
+        SHA224withRSA("SHA224withRSA"),
+        SHA256withRSA("SHA256withRSA"),
+        SHA384withRSA("SHA384withRSA"),
+        SHA512withRSA("SHA512withRSA"),
+
+        SHA1withECDSA("SHA1withECDSA"),
+        SHA256withECDSA("SHA256withECDSA"),
+        SHA224withECDSA("SHA224withECDSA"),
+        SHA384withECDSA("SHA384withECDSA"),
+        SHA512withECDSA("SHA512withECDSA"),
+
+        MD5andSHA1withRSA("MD5andSHA1withRSA");
+
+        final String name;
+
+        SigAlg(String name) {
+            this.name = name;
+        }
+    }
+
+    static class Test {
+        final Provider provider;
+        final KeyAlg keyAlg;
+        final SigAlg sigAlg;
+
+        Test(SigAlg sigAlg, KeyAlg keyAlg, Provider privider) {
+            this.provider = privider;
+            this.keyAlg = keyAlg;
+            this.sigAlg = sigAlg;
+        }
+    }
+
+    private static final Test[] tests = {
+        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default),
+        new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
+        new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
+        new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default),
+        new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun),
+        new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun),
+        new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun),
+    };
+
+    private static final String str = "to-be-signed";
+    private static final int N = 3;
+
+    public static void main(String argv[]) {
+        boolean result = Arrays.stream(tests).allMatch((test) -> runTest(test));
+        if(result) {
+            System.out.println("All tests passed");
+        } else {
+            throw new RuntimeException("Some tests failed");
+        }
+    }
+
+    static boolean runTest(Test test) {
+        System.out.format("Test: provider = %s, signature algorithm = %s, "
+                + "key algorithm = %s\n",
+                test.provider, test.sigAlg, test.keyAlg);
+        try {
+            // Generate all private/public key pairs
+            PrivateKey[] privKeys = new PrivateKey[N];
+            PublicKey[] pubKeys = new PublicKey[N];
+            PublicKey[] anotherPubKeys = new PublicKey[N];
+            KeyPairGenerator kpg = KeyPairGenerator.getInstance(
+                    test.keyAlg.name);
+            for (int j=0; j < N; j++) {
+                KeyPair kp = kpg.genKeyPair();
+                KeyPair anotherKp = kpg.genKeyPair();
+                privKeys[j] = kp.getPrivate();
+                pubKeys[j] = kp.getPublic();
+                anotherPubKeys[j] = anotherKp.getPublic();
+
+                if (Arrays.equals(pubKeys[j].getEncoded(),
+                        anotherPubKeys[j].getEncoded())) {
+                    System.out.println("Failed: it should not get "
+                            + "the same pair of public key");
+                    return false;
+                }
+            }
+
+            Signature signature;
+            if (test.provider != Provider.Default) {
+                signature = Signature.getInstance(test.sigAlg.name,
+                        test.provider.name);
+            } else {
+                signature = Signature.getInstance(test.sigAlg.name);
+            }
+
+            // Create a chain of signed objects
+            SignedObject[] objects = new SignedObject[N];
+            objects[0] = new SignedObject(str, privKeys[0], signature);
+            for (int j = 1; j < N; j++) {
+                objects[j] = new SignedObject(objects[j - 1], privKeys[j],
+                        signature);
+            }
+
+            // Verify the chain
+            int n = objects.length - 1;
+            SignedObject object = objects[n];
+            do {
+                if (!object.verify(pubKeys[n], signature)) {
+                    System.out.println("Failed: verification failed, n = " + n);
+                    return false;
+                }
+
+                if (object.verify(anotherPubKeys[n], signature)) {
+                    System.out.println("Failed: verification should not "
+                            + "succeed with wrong public key, n = " + n);
+                    return false;
+                }
+
+                object = (SignedObject) object.getObject();
+                n--;
+            } while (n > 0);
+
+            System.out.println("signed data: " + object.getObject());
+            if (!str.equals(object.getObject())) {
+                System.out.println("Failed: signed data is not equal to "
+                        + "original one");
+                return false;
+            }
+
+            System.out.println("Test passed");
+            return true;
+        } catch (NoSuchProviderException nspe) {
+            if (test.provider == Provider.SunMSCAPI
+                    && !System.getProperty("os.name").startsWith("Windows")) {
+                System.out.println("SunMSCAPI is available only on Windows: "
+                        + nspe);
+                return true;
+            }
+            System.out.println("Unexpected exception: " + nspe);
+            return false;
+        } catch (Exception e) {
+            System.out.println("Unexpected exception: " + e);
+            e.printStackTrace(System.out);
+            return false;
+        }
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/SignedObject/Copy.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.Serializable;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.SignedObject;
+
+/*
+ * @test
+ * @bug 8050374
+ * @summary Checks if a signed object is a copy of an original object
+ */
+public class Copy {
+
+    private static final String DSA = "DSA";
+    private static final int KEY_SIZE = 512;
+    private static final int MAGIC = 123;
+
+    public static void main(String args[]) throws Exception {
+        KeyPairGenerator kg = KeyPairGenerator.getInstance(DSA);
+        kg.initialize(KEY_SIZE);
+        KeyPair kp = kg.genKeyPair();
+
+        Signature signature = Signature.getInstance(DSA);
+        Test original = new Test();
+        SignedObject so = new SignedObject(original, kp.getPrivate(),
+                signature);
+        System.out.println("Signature algorithm: " + so.getAlgorithm());
+
+        signature = Signature.getInstance(DSA, "SUN");
+        if (!so.verify(kp.getPublic(), signature)) {
+            throw new RuntimeException("Verification failed");
+        }
+
+        kg = KeyPairGenerator.getInstance(DSA);
+        kg.initialize(KEY_SIZE);
+        kp = kg.genKeyPair();
+
+        if (so.verify(kp.getPublic(), signature)) {
+            throw new RuntimeException("Unexpected success");
+        }
+
+        Object copy = so.getObject();
+        if (!original.equals(copy)) {
+            throw new RuntimeException("Signed object is not equal "
+                    + "to original one: " + copy);
+        }
+
+        /*
+         * The signed object is a copy of an original one.
+         * Once the copy is made, further manipulation
+         * of the original object shouldn't has any effect on the copy.
+         */
+        original.set(MAGIC - 1);
+        copy = so.getObject();
+        if (original.equals(copy)) {
+            throw new RuntimeException("Signed object is not a copy "
+                    + "of original one: " + copy);
+        }
+
+        System.out.println("Test passed");
+    }
+
+    private static class Test implements Serializable {
+        private int number = MAGIC;
+
+        public int get() {
+            return number;
+        }
+
+        public void set(int magic) {
+            this.number = magic;
+        }
+
+        @Override
+        public int hashCode() {
+            return number;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj == null) {
+                return false;
+            }
+
+            if (!(obj instanceof Test)) {
+                return false;
+            }
+
+            Test other = (Test) obj;
+            return number == other.number;
+        }
+
+        @Override
+        public String toString() {
+            return "" + number;
+        }
+    }
+}
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/cert/CertPathEncodingTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertPath;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8074931
+ * @summary CertPathEncodingTest tests the ability of the CertPath and
+ *          CertificateFactory to encode and decode CertPaths.
+ */
+public final class CertPathEncodingTest {
+    /*
+            Certificate:
+                Data:
+                    Version: 3 (0x2)
+                    Serial Number: 935438132 (0x37c1a734)
+                Signature Algorithm: dsaWithSHA1
+                    Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir
+                    Validity
+                        Not Before: Aug 23 19:55:32 1999 GMT
+                        Not After : Aug 22 19:55:32 2000 GMT
+                    Subject: C=us, O=sun, OU=east, OU=bcn
+                    Subject Public Key Info:
+                        Public Key Algorithm: dsaEncryption
+                            pub:
+                                63:47:4f:f6:29:e5:98:a2:21:fd:da:97:9e:3f:ca:
+                                b0:17:49:8d:8a:a7:06:0d:a6:78:97:39:59:33:72:
+                                a2:a5:74:d5:3a:ef:e6:7c:07:d7:8e:8e:d1:66:73:
+                                99:14:04:96:f5:31:d6:72:ee:d2:53:f8:90:b5:f3:
+                                c3:f1:64:ba:1a:9e:c0:0a:da:92:48:c5:d3:84:7e:
+                                48:09:66:d9:51:ba:74:56:5a:77:8a:8c:9a:9c:f6:
+                                84:12:61:12:51:dc:c6:4f:84:94:ec:cb:78:51:83:
+                                8c:20:8a:53:7b:d2:b6:36:df:50:35:95:1f:cb:50:
+                                55:8b:3f:fb:e2:77:cb
+                            P:
+                                00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                                e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                                51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                                c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                                6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                                10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                                c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                                54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                                f2:22:03:19:9d:d1:48:01:c7
+                            Q:
+                                00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                                84:0b:f0:58:1c:f5
+                            G:
+                                00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                                57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                                07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                                81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                                32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                                ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                                f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                                a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                                25:64:01:4c:3b:fe:cf:49:2a
+                    X509v3 extensions:
+                        X509v3 Key Usage: critical
+                            Digital Signature, Key Encipherment, Certificate Sign
+                Signature Algorithm: dsaWithSHA1
+                     r:
+                         52:80:52:2b:2c:3d:02:66:58:b4:dc:ef:52:26:70:
+                         1b:53:ca:b3:7d
+                     s:
+                         62:03:b2:ab:3e:18:2a:66:09:b6:ce:d4:05:a5:8e:
+                         a5:7a:0d:55:67
+    */
+    private static final String cert1 =
+            "-----BEGIN CERTIFICATE-----\n" +
+            "MIICzTCCAougAwIBAgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" +
+            "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" +
+            "VQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcNMDAwODIyMTk1NTMyWjA4MQsw\n" +
+            "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" +
+            "EwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" +
+            "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ\n" +
+            "UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu\n" +
+            "K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9\n" +
+            "3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW\n" +
+            "E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ\n" +
+            "iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/yrAX\n" +
+            "SY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoa\n" +
+            "nsAK2pJIxdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY2\n" +
+            "31A1lR/LUFWLP/vid8ujEzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUA\n" +
+            "Ay8AMCwCFFKAUissPQJmWLTc71ImcBtTyrN9AhRiA7KrPhgqZgm2ztQFpY6leg1V\n" +
+            "Zw==\n" +
+            "-----END CERTIFICATE-----\n" +
+            "";
+
+    /*
+            Certificate:
+                Data:
+                    Version: 3 (0x2)
+                    Serial Number: 935095671 (0x37bc6d77)
+                Signature Algorithm: dsaWithSHA1
+                    Issuer: C=us, O=sun, OU=east, OU=bcn, CN=yassir
+                    Validity
+                        Not Before: Aug 19 20:47:51 1999 GMT
+                        Not After : Aug 18 20:47:51 2000 GMT
+                    Subject: C=us, O=sun, OU=east, OU=bcn, CN=yassir
+                    Subject Public Key Info:
+                        Public Key Algorithm: dsaEncryption
+                            pub:
+                                0a:cc:a4:ec:d6:88:45:c2:24:6b:0d:78:f1:82:f3:
+                                5e:3e:31:5d:fb:64:d5:06:5e:39:16:f1:0a:85:d1:
+                                ff:d1:a4:74:c5:e6:b0:ba:93:1c:ee:69:51:be:3b:
+                                a6:66:44:50:b4:f0:5e:0e:dd:9f:08:71:fe:a1:91:
+                                2e:d4:9e:6b:b2:c0:82:3c:91:6c:18:b0:d9:bc:a3:
+                                48:91:3f:8b:59:01:61:00:02:ab:22:31:bc:7c:6c:
+                                0d:9f:ed:be:33:e6:5c:44:9e:62:30:95:f8:6d:22:
+                                d7:e5:85:4c:b0:98:6e:ad:cc:ca:3b:ad:cb:fa:f7:
+                                9f:37:13:f7:ca:e2:22:ba
+                            P:
+                                00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                                e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                                51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                                c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                                6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                                10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                                c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                                54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                                f2:22:03:19:9d:d1:48:01:c7
+                            Q:
+                                00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                                84:0b:f0:58:1c:f5
+                            G:
+                                00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                                57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                                07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                                81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                                32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                                ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                                f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                                a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                                25:64:01:4c:3b:fe:cf:49:2a
+                    X509v3 extensions:
+                        X509v3 Key Usage: critical
+                            Digital Signature, Key Encipherment, Certificate Sign
+                        X509v3 Basic Constraints: critical
+                            CA:TRUE, pathlen:5
+                Signature Algorithm: dsaWithSHA1
+                     r:
+                         2f:88:46:37:94:92:b2:02:07:5b:8d:76:e5:81:23:
+                         85:7f:bc:8d:b9
+                     s:
+                         00:8b:d7:41:fa:11:c7:ab:27:92:5d:0a:03:98:56:
+                         36:42:5f:f5:1f:9d
+    */
+    private static final String cert2 =
+            "-----BEGIN CERTIFICATE-----\n" +
+            "MIIC9TCCArKgAwIBAgIEN7xtdzALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMx\n" +
+            "DDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" +
+            "VQQDEwZ5YXNzaXIwHhcNOTkwODE5MjA0NzUxWhcNMDAwODE4MjA0NzUxWjBJMQsw\n" +
+            "CQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0MQwwCgYDVQQL\n" +
+            "EwNiY24xDzANBgNVBAMTBnlhc3NpcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9\n" +
+            "f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2\n" +
+            "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD\n" +
+            "9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr\n" +
+            "hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU\n" +
+            "WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6\n" +
+            "ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKB\n" +
+            "gArMpOzWiEXCJGsNePGC814+MV37ZNUGXjkW8QqF0f/RpHTF5rC6kxzuaVG+O6Zm\n" +
+            "RFC08F4O3Z8Icf6hkS7UnmuywII8kWwYsNm8o0iRP4tZAWEAAqsiMbx8bA2f7b4z\n" +
+            "5lxEnmIwlfhtItflhUywmG6tzMo7rcv69583E/fK4iK6oycwJTAPBgNVHQ8BAf8E\n" +
+            "BQMDB6QAMBIGA1UdEwEB/wQIMAYBAf8CAQUwCwYHKoZIzjgEAwUAAzAAMC0CFC+I\n" +
+            "RjeUkrICB1uNduWBI4V/vI25AhUAi9dB+hHHqyeSXQoDmFY2Ql/1H50=\n" +
+            "-----END CERTIFICATE-----\n" +
+            "";
+
+    private static final String pkcs7path =
+            "MIIF9QYJKoZIhvcNAQcCoIIF5jCCBeICAQExADALBgkqhkiG9w0BBwGgggXKMIICzTCCAougAwIB\n" +
+            "AgIEN8GnNDALBgcqhkjOOAQDBQAwSTELMAkGA1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UE\n" +
+            "CxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYDVQQDEwZ5YXNzaXIwHhcNOTkwODIzMTk1NTMyWhcN\n" +
+            "MDAwODIyMTk1NTMyWjA4MQswCQYDVQQGEwJ1czEMMAoGA1UEChMDc3VuMQ0wCwYDVQQLEwRlYXN0\n" +
+            "MQwwCgYDVQQLEwNiY24wggG1MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR\n" +
+            "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQ\n" +
+            "IsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCX\n" +
+            "YFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ\n" +
+            "V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7\n" +
+            "YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBggACf2NHT/Yp5ZiiIf3al54/\n" +
+            "yrAXSY2KpwYNpniXOVkzcqKldNU67+Z8B9eOjtFmc5kUBJb1MdZy7tJT+JC188PxZLoansAK2pJI\n" +
+            "xdOEfkgJZtlRunRWWneKjJqc9oQSYRJR3MZPhJTsy3hRg4wgilN70rY231A1lR/LUFWLP/vid8uj\n" +
+            "EzARMA8GA1UdDwEB/wQFAwMHpAAwCwYHKoZIzjgEAwUAAy8AMCwCFFKAUissPQJmWLTc71ImcBtT\n" +
+            "yrN9AhRiA7KrPhgqZgm2ztQFpY6leg1VZzCCAvUwggKyoAMCAQICBDe8bXcwCwYHKoZIzjgEAwUA\n" +
+            "MEkxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xDTALBgNVBAsTBGVhc3QxDDAKBgNVBAsTA2Jj\n" +
+            "bjEPMA0GA1UEAxMGeWFzc2lyMB4XDTk5MDgxOTIwNDc1MVoXDTAwMDgxODIwNDc1MVowSTELMAkG\n" +
+            "A1UEBhMCdXMxDDAKBgNVBAoTA3N1bjENMAsGA1UECxMEZWFzdDEMMAoGA1UECxMDYmNuMQ8wDQYD\n" +
+            "VQQDEwZ5YXNzaXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8\n" +
+            "70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJP\n" +
+            "u6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCP\n" +
+            "FSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466\n" +
+            "1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoB\n" +
+            "JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAKzKTs1ohFwiRrDXjxgvNe\n" +
+            "PjFd+2TVBl45FvEKhdH/0aR0xeawupMc7mlRvjumZkRQtPBeDt2fCHH+oZEu1J5rssCCPJFsGLDZ\n" +
+            "vKNIkT+LWQFhAAKrIjG8fGwNn+2+M+ZcRJ5iMJX4bSLX5YVMsJhurczKO63L+vefNxP3yuIiuqMn\n" +
+            "MCUwDwYDVR0PAQH/BAUDAwekADASBgNVHRMBAf8ECDAGAQH/AgEFMAsGByqGSM44BAMFAAMwADAt\n" +
+            "AhQviEY3lJKyAgdbjXblgSOFf7yNuQIVAIvXQfoRx6snkl0KA5hWNkJf9R+dMQA=\n" +
+            "";
+
+    // Runs test of CertPath encoding and decoding.
+    public static void main(String[] args) throws Exception {
+        // Make the CertPath whose encoded form has already been stored
+        CertificateFactory certFac = CertificateFactory.getInstance("X509");
+
+        final List<Certificate> certs = new ArrayList<>();
+        certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes())));
+        certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes())));
+
+        CertPath cp = certFac.generateCertPath(certs);
+
+        // Get the encoded form of the CertPath we made
+        byte[] encoded = cp.getEncoded("PKCS7");
+
+        // check if it matches the encoded value
+        if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) {
+            throw new RuntimeException("PKCS#7 encoding doesn't match stored value");
+        }
+
+        // Generate a CertPath from the encoded value and check if it equals
+        // the CertPath generated from the certificates
+        CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7");
+        if (!decodedCP.equals(cp)) {
+            throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/security/cert/X509CertSelectorTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,536 @@
+/*
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY;
+import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES;
+import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import sun.security.util.DerInputStream;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.AuthorityKeyIdentifierExtension;
+import sun.security.x509.CertificatePoliciesExtension;
+import sun.security.x509.DNSName;
+import sun.security.x509.GeneralName;
+import sun.security.x509.GeneralNameInterface;
+import sun.security.x509.GeneralNames;
+import sun.security.x509.GeneralSubtree;
+import sun.security.x509.GeneralSubtrees;
+import sun.security.x509.KeyIdentifier;
+import sun.security.x509.NameConstraintsExtension;
+import sun.security.x509.PolicyInformation;
+import sun.security.x509.PrivateKeyUsageExtension;
+import sun.security.x509.SubjectAlternativeNameExtension;
+import sun.security.x509.X500Name;
+
+/*
+ * @test
+ * @bug 8074931
+ * @summary This class tests the X509CertSelector. The tests check particular criteria
+ *          by setting them to a value that should match our test certificate and
+ *          ensuring that they do match, then setting them to a value that should not
+ *          match our test certificate and ensuring that they do not match.
+ */
+public class X509CertSelectorTest {
+    /*
+            Certificate:
+                Data:
+                    Version: 3 (0x2)
+                    Serial Number: 954172088 (0x38df82b8)
+                Signature Algorithm: dsaWithSHA1
+                    Issuer: C=us, O=sun, OU=testing
+                    Validity
+                        Not Before: Mar 27 15:48:08 2000 GMT
+                        Not After : Jun 25 14:48:08 2000 GMT
+                    Subject: C=us, O=sun, OU=testing, CN=mullan
+                    Subject Public Key Info:
+                        Public Key Algorithm: dsaEncryption
+                            pub:  0
+                            P:    0
+                            Q:    0
+                            G:    0
+                    X509v3 extensions:
+                        X509v3 Name Constraints: critical
+                            0D.B0@.>1.0...U....us1.0
+            ..U.
+            ..sun1.0...U....testing1.0
+            ..U....mullan
+                        X509v3 Subject Key Identifier:
+                            56:E8:88:AE:9D:B5:3F:2B:CB:A0:4C:4B:E2:87:53:07:33:77:1B:DF
+                        X509v3 Authority Key Identifier:
+                            keyid:8E:DD:AF:6F:EE:02:12:F4:61:E9:2F:E3:64:1A:6F:71:32:25:20:C0
+
+                        X509v3 Subject Alternative Name:
+                            email:mullan@east.sun.com
+                        X509v3 Private Key Usage Period:
+                            Not Before: Jan  1 05:00:00 2000 GMT, Not After: Jan  1 05:00:00 2001 GMT
+                        X509v3 Key Usage: critical
+                            Digital Signature
+                        X509v3 Certificate Policies:
+                            0$0\..*...0.0...+.......0..
+            Testing...
+                Signature Algorithm: dsaWithSHA1
+                     r:
+                         44:c7:35:40:5d:6c:28:75:7f:73:b2:f8:0d:72:6c:
+                         09:65:b8:81:14
+                     s:
+                         76:79:f5:c7:37:3b:0d:9b:db:70:2f:20:80:36:e3:
+                         80:e8:a6:c6:71
+    */
+    private static final String testCert =
+            "-----BEGIN CERTIFICATE-----\n" +
+            "MIICLjCCAeygAwIBAgIEON+CuDALBgcqhkjOOAQDBQAwLTELMAkGA1UEBhMCdXMx\n" +
+            "DDAKBgNVBAoTA3N1bjEQMA4GA1UECxMHdGVzdGluZzAeFw0wMDAzMjcxNTQ4MDha\n" +
+            "Fw0wMDA2MjUxNDQ4MDhaMD4xCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAO\n" +
+            "BgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMTBm11bGxhbjAcMBQGByqGSM44BAEwCQIB\n" +
+            "AAIBAAIBAAMEAAIBAKOCASMwggEfMFAGA1UdHgEB/wRGMESgQjBApD4xCzAJBgNV\n" +
+            "BAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAOBgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMT\n" +
+            "Bm11bGxhbjAdBgNVHQ4EFgQUVuiIrp21PyvLoExL4odTBzN3G98wHwYDVR0jBBgw\n" +
+            "FoAUjt2vb+4CEvRh6S/jZBpvcTIlIMAwHgYDVR0RBBcwFYETbXVsbGFuQGVhc3Qu\n" +
+            "c3VuLmNvbTArBgNVHRAEJDAigA8yMDAwMDEwMTA1MDAwMFqBDzIwMDEwMTAxMDUw\n" +
+            "MDAwWjAPBgNVHQ8BAf8EBQMDB4AAMC0GA1UdIAQmMCQwIgYEKoSAADAaMBgGCCsG\n" +
+            "AQUFBwICMAwSClRlc3RpbmcuLi4wCwYHKoZIzjgEAwUAAy8AMCwCFETHNUBdbCh1\n" +
+            "f3Oy+A1ybAlluIEUAhR2efXHNzsNm9twLyCANuOA6KbGcQ==\n" +
+            "-----END CERTIFICATE-----\n" +
+            "";
+
+    private static final String testKey =
+            "MIIBtjCCASsGByqGSM44BAEwggEeAoGBAIVWPEkcxbxhQRCqVzg55tNqbP5j0K4kdu4bkmXvfqC5\n" +
+            "+qA75DvnfzsOJseb+9AuKXWk/DvCzFDmrY1YaU3scZC3OQEO9lEO3F4VDKOaudY6OT1SI22pAIwz\n" +
+            "j5pvq+i7zOp4xUqkQUeh/4iQSfxOT5UrFGjkcbnbpVkCXD/GxAz7AhUAjtnm3dVIddUUHl6wxpZ7\n" +
+            "GcA6gSsCgYAf/PXzQtemgIDjpFrNNSgTEKkLposBXKatAM+gUKlMUjf8SQvquqPxDtRrscGjXkoL\n" +
+            "oTkaR7/akULYFpBvUcFkeIFiCnJg8M9XhCWdLvn9MPt+jR2oxookvCb9xLtD6WvIM/wd/nZ1iK4u\n" +
+            "iY1+q85xvns/Awbtwl7oZDAwE2TUKAOBhAACgYBDc9UZ+3xsZubUZvRG5cpyJceYpJp2exOPVJXn\n" +
+            "jR4CcR+cT9bAJpFSxqE/8KtNHXxHdu4f3DU67IMOVDpugzihyzXJvNm3w2H9x+6xczHG2wjvAJeh\n" +
+            "X62EWbUatxPXFAoVKZWuUbaYaZzdWBDtNRrCuKKsLo0GFy8g2BZISuD3jw==\n" +
+            "";
+
+    // Certificate to run tests on
+    private final X509Certificate cert;
+
+    public static void main(String[] args) throws Exception {
+        X509CertSelectorTest test = new X509CertSelectorTest();
+        test.doTest();
+    }
+
+    public X509CertSelectorTest() throws CertificateException, IOException {
+        cert = (X509Certificate) CertificateFactory.getInstance("X.509")
+                .generateCertificate(new ByteArrayInputStream(testCert.getBytes()));
+    }
+
+    // Runs the test.
+    private void doTest() throws Exception {
+        System.out.println("START OF TESTS FOR " + "X509CertSelector");
+
+        testSerialNumber();
+        testIssuer();
+        testSubjectKeyIdentifier();
+        testAuthorityKeyIdentifier();
+        testCertificateValid();
+        testPrivateKeyValid();
+        testSubjectPublicKeyAlgID();
+        testKeyUsage();
+        testSubjectAltName();
+        testPolicy();
+        testPathToName();
+        testSubject();
+        testSubjectPublicKey();
+        testNameConstraints();
+        testBasicConstraints();
+        testCertificate();
+    }
+
+    // Tests matching on the serial number contained in the certificate.
+    private void testSerialNumber() {
+        System.out.println("X.509 Certificate Match on serialNumber");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        selector.setSerialNumber(new BigInteger("999999999"));
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setSerialNumber(cert.getSerialNumber());
+        checkMatch(selector, cert, true);
+    }
+
+    // Tests matching on the issuer name contained in the certificate.
+    private void testIssuer() throws IOException {
+        System.out.println("X.509 Certificate Match on issuer");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        selector.setIssuer("ou=bogus,ou=east,o=sun,c=us");
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setIssuer((cert.getIssuerX500Principal()).getName("RFC2253"));
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the subject key identifier contained in the
+     * certificate.
+     */
+    private void testSubjectKeyIdentifier() throws IOException {
+        System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+        selector.setSubjectKeyIdentifier(b);
+        checkMatch(selector, cert, false);
+
+        // good match
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14"));
+        byte[] encoded = in.getOctetString();
+        selector.setSubjectKeyIdentifier(encoded);
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the authority key identifier contained in the
+     * certificate.
+     */
+    private void testAuthorityKeyIdentifier() throws IOException {
+        System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
+        AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
+        selector.setAuthorityKeyIdentifier(a.getExtensionValue());
+        checkMatch(selector, cert, false);
+
+        // good match
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
+        byte[] encoded = in.getOctetString();
+        selector.setAuthorityKeyIdentifier(encoded);
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the certificate validity component contained in the
+     * certificate.
+     */
+    private void testCertificateValid() {
+        System.out.println("X.509 Certificate Match on certificateValid");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        Calendar cal = Calendar.getInstance();
+        cal.set(1968, 12, 31);
+        selector.setCertificateValid(cal.getTime());
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setCertificateValid(cert.getNotBefore());
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the private key validity component contained in the
+     * certificate.
+     */
+    private void testPrivateKeyValid() throws IOException, CertificateException {
+        System.out.println("X.509 Certificate Match on privateKeyValid");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        Calendar cal = Calendar.getInstance();
+        cal.set(1968, 12, 31);
+        selector.setPrivateKeyValid(cal.getTime());
+        checkMatch(selector, cert, false);
+
+        // good match
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
+        byte[] encoded = in.getOctetString();
+        PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
+        Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
+        selector.setPrivateKeyValid(validDate);
+        checkMatch(selector, cert, true);
+
+    }
+
+    private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate xcert) throws IOException {
+        byte[] encodedKey = xcert.getPublicKey().getEncoded();
+        DerValue val = new DerValue(encodedKey);
+        if (val.tag != DerValue.tag_Sequence) {
+            throw new RuntimeException("invalid key format");
+        }
+
+        return AlgorithmId.parse(val.data.getDerValue()).getOID();
+    }
+
+    /*
+     * Tests matching on the subject public key algorithm ID component contained
+     * in the certificate.
+     */
+    private void testSubjectPublicKeyAlgID() throws IOException {
+        System.out.println("X.509 Certificate Match on subjectPublicKeyAlgID");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        selector.setSubjectPublicKeyAlgID("2.5.29.14");
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setSubjectPublicKeyAlgID(getCertPubKeyAlgOID(cert).toString());
+        checkMatch(selector, cert, true);
+
+    }
+
+    // Tests matching on the key usage extension contained in the certificate.
+    private void testKeyUsage() {
+        System.out.println("X.509 Certificate Match on keyUsage");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        boolean[] keyUsage = { true, false, true, false, true, false, true, false };
+        selector.setKeyUsage(keyUsage);
+        System.out.println("Selector = " + selector.toString());
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setKeyUsage(cert.getKeyUsage());
+        System.out.println("Selector = " + selector.toString());
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the subject alternative name extension contained in the
+     * certificate.
+     */
+    private void testSubjectAltName() throws IOException {
+        System.out.println("X.509 Certificate Match on subjectAltName");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        GeneralNameInterface dnsName = new DNSName("foo.com");
+        DerOutputStream tmp = new DerOutputStream();
+        dnsName.encode(tmp);
+        selector.addSubjectAlternativeName(2, tmp.toByteArray());
+        checkMatch(selector, cert, false);
+
+        // good match
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
+        byte[] encoded = in.getOctetString();
+        SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
+        GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+        GeneralName name = (GeneralName) names.get(0);
+        selector.setSubjectAlternativeNames(null);
+        DerOutputStream tmp2 = new DerOutputStream();
+        name.getName().encode(tmp2);
+        selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
+        checkMatch(selector, cert, true);
+
+        // good match 2 (matches at least one)
+        selector.setMatchAllSubjectAltNames(false);
+        selector.addSubjectAlternativeName(2, "foo.com");
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the policy constraints extension contained in the
+     * certificate.
+     */
+    private void testPolicy() throws IOException {
+        System.out.println("X.509 Certificate Match on certificatePolicies");
+        // test encoding of CertificatePoliciesExtension because we wrote the
+        // code
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        Set<String> s = new HashSet<>();
+        s.add(new String("1.2.5.7.68"));
+        selector.setPolicy(s);
+        checkMatch(selector, cert, false);
+
+        // good match
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
+        CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
+        List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
+        // match on the first policy id
+        PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
+        s.clear();
+        s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
+        selector.setPolicy(s);
+        checkMatch(selector, cert, true);
+    }
+
+    /*
+     * Tests matching on the name constraints extension contained in the
+     * certificate.
+     */
+    private void testPathToName() throws IOException {
+        System.out.println("X.509 Certificate Match on pathToName");
+
+        X509CertSelector selector = null;
+        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
+        byte[] encoded = in.getOctetString();
+        NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
+        GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
+        GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
+
+        // bad matches on pathToName within excluded subtrees
+        if (excluded != null) {
+            Iterator<GeneralSubtree> e = excluded.iterator();
+            while (e.hasNext()) {
+                GeneralSubtree tree = e.next();
+                if (tree.getName().getType() == NAME_DIRECTORY) {
+                    X500Name excludedDN1 = new X500Name(tree.getName().toString());
+                    X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
+                    DerOutputStream derDN1 = new DerOutputStream();
+                    DerOutputStream derDN2 = new DerOutputStream();
+                    excludedDN1.encode(derDN1);
+                    excludedDN2.encode(derDN2);
+                    selector = new X509CertSelector();
+                    selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
+                    checkMatch(selector, cert, false);
+                    selector.setPathToNames(null);
+                    selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
+                    checkMatch(selector, cert, false);
+                }
+            }
+        }
+
+        // good matches on pathToName within permitted subtrees
+        if (permitted != null) {
+            Iterator<GeneralSubtree> e = permitted.iterator();
+            while (e.hasNext()) {
+                GeneralSubtree tree = e.next();
+                if (tree.getName().getType() == NAME_DIRECTORY) {
+                    X500Name permittedDN1 = new X500Name(tree.getName().toString());
+                    X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
+                    DerOutputStream derDN1 = new DerOutputStream();
+                    DerOutputStream derDN2 = new DerOutputStream();
+                    permittedDN1.encode(derDN1);
+                    permittedDN2.encode(derDN2);
+                    selector = new X509CertSelector();
+                    selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
+                    checkMatch(selector, cert, true);
+                    selector.setPathToNames(null);
+                    selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
+                    checkMatch(selector, cert, true);
+                }
+            }
+        }
+    }
+
+    // Tests matching on the subject name contained in the certificate.
+    private void testSubject() throws IOException {
+        System.out.println("X.509 Certificate Match on subject");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        selector.setSubject("ou=bogus,ou=east,o=sun,c=us");
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253"));
+        checkMatch(selector, cert, true);
+    }
+
+    // Tests matching on the subject public key contained in the certificate.
+    private void testSubjectPublicKey() throws IOException, GeneralSecurityException {
+        System.out.println("X.509 Certificate Match on subject public key");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(
+                Base64.getMimeDecoder().decode(testKey.getBytes()));
+        KeyFactory keyFactory = KeyFactory.getInstance("DSA");
+        PublicKey pubKey = keyFactory.generatePublic(keySpec);
+        selector.setSubjectPublicKey(pubKey);
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setSubjectPublicKey(cert.getPublicKey());
+        checkMatch(selector, cert, true);
+    }
+
+    // Tests matching on the name constraints contained in the certificate.
+    private void testNameConstraints() throws IOException {
+        System.out.println("X.509 Certificate Match on name constraints");
+        // bad match
+        GeneralSubtrees subjectTree = new GeneralSubtrees();
+        subjectTree.add(getGeneralSubtree((X500Name) cert.getSubjectDN()));
+        NameConstraintsExtension ext = new NameConstraintsExtension((GeneralSubtrees) null, subjectTree);
+        X509CertSelector selector = new X509CertSelector();
+        selector.setNameConstraints(ext.getExtensionValue());
+        checkMatch(selector, cert, false);
+
+        // good match
+        ext = new NameConstraintsExtension(subjectTree, null);
+        selector.setNameConstraints(ext.getExtensionValue());
+        checkMatch(selector, cert, true);
+    }
+
+    // Tests matching on basic constraints.
+    private void testBasicConstraints() {
+        System.out.println("X.509 Certificate Match on basic constraints");
+        // bad match
+        X509CertSelector selector = new X509CertSelector();
+        int mpl = cert.getBasicConstraints();
+        selector.setBasicConstraints(0);
+        checkMatch(selector, cert, false);
+
+        // good match
+        selector.setBasicConstraints(mpl);
+        checkMatch(selector, cert, true);
+    }
+
+    // Tests certificateEquals criterion
+    private void testCertificate() {
+        System.out.println("X.509 Certificate Match on certificateEquals criterion");
+
+        X509CertSelector selector = new X509CertSelector();
+        // good match
+        selector.setCertificate(cert);
+        checkMatch(selector, cert, true);
+    }
+
+    private void checkMatch(X509CertSelector selector, X509Certificate cert, boolean match) {
+        boolean result = selector.match(cert);
+        if (match != result)
+            throw new RuntimeException(selector + " match " + cert + " is " + result + ", but expect " + match);
+    }
+
+    private static GeneralSubtree getGeneralSubtree(GeneralNameInterface gni) {
+        // Create a new GeneralSubtree with the specified name, 0 base, and
+        // unlimited length
+        GeneralName gn = new GeneralName(gni);
+        GeneralSubtree subTree = new GeneralSubtree(gn, 0, -1);
+        return subTree;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/crypto/JceSecurity/FinalRestricted.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8149417
+ * @summary Use final restricted flag
+ */
+
+import java.security.*;
+import java.lang.reflect.*;
+
+public class FinalRestricted {
+
+    public static void main(String[] args) throws Exception {
+
+        int modifiers = Class.forName("javax.crypto.JceSecurity")
+                    .getDeclaredField("isRestricted").getModifiers();
+        if (!(Modifier.isFinal(modifiers) && Modifier.isStatic(modifiers) &&
+                Modifier.isPrivate(modifiers))) {
+            throw new Exception("JceSecurity.isRestricted is not " +
+                                "a private static final field!");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/Subject/doAs/NestedActions.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights
+ * reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import jdk.testlibrary.ProcessTools;
+
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+import java.io.*;
+import java.security.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.jar.JarEntry;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Manifest;
+
+/**
+ * @test
+ * @bug 8048147
+ * @summary Check if proper AccessControlException is thrown
+ *          in case of nested Subject.doAs() invocations
+ *          when one of protection domains doesn't have permissions
+ *
+ * @library /lib/testlibrary
+ *
+ * @run main NestedActions jar NestedActionsACE.jar
+ *              NestedActionsACE.class Utils.class
+ * @run main NestedActions jar NestedActionsPAE.jar
+ *              NestedActionsPAE.class Utils.class
+ * @run main NestedActions jar NestedActionsOnePrincipal.jar
+ *              NestedActionsOnePrincipal.class Utils.class
+ * @run main NestedActions jar NestedActionsTwoPrincipals.jar
+ *              NestedActionsTwoPrincipals.class Utils.class
+ * @run main NestedActions jar WriteToFileAction.jar
+ *              WriteToFileAction.class
+ * @run main NestedActions jar WriteToFileNegativeAction.jar
+ *              WriteToFileNegativeAction.class
+ * @run main NestedActions jar WriteToFileExceptionAction.jar
+ *              WriteToFileExceptionAction.class
+ * @run main NestedActions jar ReadFromFileAction.jar
+ *              ReadFromFileAction.class
+ * @run main NestedActions jar ReadFromFileNegativeAction.jar
+ *              ReadFromFileNegativeAction.class
+ * @run main NestedActions jar ReadFromFileExceptionAction.jar
+ *              ReadFromFileExceptionAction.class
+ * @run main NestedActions jar ReadPropertyAction.jar
+ *              ReadPropertyAction.class
+ * @run main NestedActions jar ReadPropertyNegativeAction.jar
+ *              ReadPropertyNegativeAction.class
+ * @run main NestedActions jar ReadPropertyExceptionAction.jar
+ *              ReadPropertyExceptionAction.class ReadPropertyException.class
+ *
+ * @run main NestedActions NestedActionsACE policy.expect.ace
+ *              NestedActionsACE.jar WriteToFileNegativeAction.jar
+ *              ReadFromFileNegativeAction.jar ReadPropertyNegativeAction.jar
+ * @run main NestedActions NestedActionsPAE policy.expect.pae
+ *              NestedActionsPAE.jar WriteToFileExceptionAction.jar
+ *              ReadFromFileExceptionAction.jar ReadPropertyExceptionAction.jar
+ * @run main NestedActions NestedActionsOnePrincipal policy.one.principal
+ *              NestedActionsOnePrincipal.jar WriteToFileAction.jar
+ *              ReadFromFileAction.jar ReadPropertyAction.jar
+ * @run main NestedActions NestedActionsTwoPrincipals policy.two.principals
+ *              NestedActionsTwoPrincipals.jar WriteToFileAction.jar
+ *              ReadFromFileAction.jar ReadPropertyAction.jar
+ */
+public class NestedActions {
+
+    static final String file = "NestedActions.tmp";
+    static final String PS = System.getProperty("path.separator");
+    static final String FS = System.getProperty("file.separator");
+    static final String TEST_CLASSES = System.getProperty("test.classes");
+    static final String TEST_SOURCES = System.getProperty("test.src");
+    static final String JAVA_OPTS = System.getProperty("test.java.opts");
+    static final String JAVA = System.getProperty("java.home")
+            + FS + "bin" + FS + "java";
+
+    public static void main(String[] args) throws IOException {
+        if (args.length > 0) {
+            if ("jar".equals(args[0]) && args.length > 2) {
+                createJar(args[1],
+                    Arrays.copyOfRange(args, 2, args.length));
+            } else {
+                runJava(args);
+            }
+        } else {
+            throw new RuntimeException("Wrong parameters");
+        }
+    }
+
+    static void createJar(String dest, String... files) throws IOException {
+        System.out.println("Create " + dest + " with the following content:");
+        try (JarOutputStream jos = new JarOutputStream(
+                new FileOutputStream(dest), new Manifest())) {
+            for (String file : files) {
+                System.out.println("  " + file);
+                jos.putNextEntry(new JarEntry(file));
+                try (FileInputStream fis = new FileInputStream(
+                        TEST_CLASSES + FS + file)) {
+                    byte[] buffer = new byte[1024];
+                    int read;
+                    while ((read = fis.read(buffer, 0, buffer.length)) > 0) {
+                        jos.write(buffer, 0, read);
+                    }
+                }
+            }
+        }
+    }
+
+    static void runJava(String[] args) {
+        if (args == null || args.length < 3) {
+            throw new IllegalArgumentException("wrong parameters");
+        }
+
+        List<String> cmds = new ArrayList<>();
+        cmds.add(JAVA);
+        StringBuilder sb = new StringBuilder();
+        cmds.add("-classpath");
+        for (int i=2; i<args.length; i++) {
+            sb.append(args[i]).append(PS);
+        }
+        cmds.add(sb.toString());
+        if (JAVA_OPTS != null && !JAVA_OPTS.isEmpty()) {
+            Collections.addAll(cmds, JAVA_OPTS.trim().split("\\s+"));
+        }
+        cmds.add("-Djava.security.manager");
+        cmds.add("-Djava.security.policy=" + TEST_SOURCES + FS + args[1]);
+        cmds.add(args[0]);
+        try {
+            ProcessTools.executeCommand(cmds.toArray(new String[cmds.size()]))
+                    .shouldHaveExitValue(0);
+        } catch (Throwable e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ *
+ * The test expects AccessControllException.
+ */
+class NestedActionsACE {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        WriteToFileNegativeAction writeToFile
+                = new WriteToFileNegativeAction(NestedActions.file);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ *
+ * The test expects PrivilegedActionException
+ * that caused by AccessControlEception.
+ */
+class NestedActionsPAE {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        try {
+            WriteToFileExceptionAction writeToFile =
+                    new WriteToFileExceptionAction(NestedActions.file);
+            Subject.doAs(subject, writeToFile);
+            throw new RuntimeException(
+                    "Test failed: no PrivilegedActionException thrown");
+        } catch (PrivilegedActionException pae) {
+            System.out.println(
+                    "PrivilegedActionException thrown as expected: "
+                    + pae);
+
+            // check if AccessControlException caused PrivilegedActionException
+            Throwable exception = pae.getException();
+            do {
+                if (!(exception instanceof PrivilegedActionException)) {
+                    break;
+                }
+                exception = ((PrivilegedActionException) exception).
+                        getException();
+            } while (true);
+
+            if (!(exception instanceof ReadPropertyException)) {
+                throw new RuntimeException(
+                        "Test failed: PrivilegedActionException "
+                        + "was not caused by ReadPropertyException");
+            }
+
+            exception = exception.getCause();
+            if (!(exception instanceof AccessControlException)) {
+                throw new RuntimeException(
+                        "Test failed: PrivilegedActionException "
+                        + "was not caused by ReadPropertyException");
+            }
+
+            System.out.println(
+                    "Test passed: PrivilegedActionException "
+                    + "was caused by AccessControlException");
+        }
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Duke principal)
+ */
+class NestedActionsOnePrincipal {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        WriteToFileAction writeToFile =
+                new WriteToFileAction(NestedActions.file);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Test for nested Subject.doAs() invocation:
+ *
+ * WriteToFileAction (CN=Duke principal) ->
+ *      ReadFromFileAction (CN=Duke principal) ->
+ *          ReadPropertyAction (CN=Java principal)
+ */
+class NestedActionsTwoPrincipals {
+
+    public static void main(String args[]) {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new X500Principal("CN=Duke"));
+        Subject anotherSubject = new Subject();
+        anotherSubject.getPrincipals().add(new X500Principal("CN=Java"));
+        ReadFromFileAction readFromFile
+                = new ReadFromFileAction(NestedActions.file, anotherSubject);
+        WriteToFileAction writeToFile
+                = new WriteToFileAction(NestedActions.file, readFromFile);
+        Subject.doAs(subject, writeToFile);
+    }
+}
+
+/**
+ * Helper class.
+ */
+class Utils {
+
+    static void readFile(String filename) {
+        System.out.println("ReadFromFileAction: try to read " + filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+        try (FileInputStream fis = new FileInputStream(filename)) {
+            // do nothing
+        } catch (IOException e) {
+            throw new RuntimeException("Unexpected IOException", e);
+        }
+    }
+
+    static void writeFile(String filename) {
+        System.out.println("WriteToFileAction: try to write to " + filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+        try (BufferedOutputStream bos = new BufferedOutputStream(
+                new FileOutputStream(filename))) {
+            bos.write(0);
+            bos.flush();
+        } catch (IOException e) {
+            throw new RuntimeException("Unexpected IOException", e);
+        }
+    }
+
+}
+
+class WriteToFileAction implements PrivilegedAction {
+
+    private final String filename;
+    private final PrivilegedAction nextAction;
+
+    WriteToFileAction(String filename, PrivilegedAction nextAction) {
+        this.filename = filename;
+        this.nextAction = nextAction;
+    }
+
+    WriteToFileAction(String filename) {
+        this(filename, new ReadFromFileAction(filename));
+    }
+
+    @Override
+    public Object run() {
+        Utils.writeFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        return Subject.doAs(subject, nextAction);
+    }
+
+}
+
+class ReadFromFileAction implements PrivilegedAction {
+
+    private final String filename;
+    private final Subject anotherSubject;
+
+    ReadFromFileAction(String filename) {
+        this(filename, null);
+    }
+
+    ReadFromFileAction(String filename, Subject anotherSubject) {
+        this.filename = filename;
+        this.anotherSubject = anotherSubject;
+    }
+
+    @Override
+    public Object run() {
+        Utils.readFile(filename);
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadPropertyAction readProperty = new ReadPropertyAction();
+        if (anotherSubject != null) {
+            return Subject.doAs(anotherSubject, readProperty);
+        } else {
+            return Subject.doAs(subject, readProperty);
+        }
+    }
+
+}
+
+class ReadPropertyAction implements PrivilegedAction {
+
+    @Override
+    public java.lang.Object run() {
+        System.out.println("ReadPropertyAction: "
+                + "try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+        System.out.println("java.class.path = "
+                + System.getProperty("java.class.path"));
+
+        return null;
+    }
+
+}
+
+class WriteToFileNegativeAction implements PrivilegedAction {
+
+    private final String filename;
+
+    public WriteToFileNegativeAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() {
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+
+        try {
+            Utils.writeFile(filename);
+            new File(filename).delete();
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        ReadFromFileNegativeAction readFromFile
+                = new ReadFromFileNegativeAction(filename);
+        return Subject.doAs(subject, readFromFile);
+    }
+
+}
+
+class ReadFromFileNegativeAction implements PrivilegedAction {
+
+    private final String filename;
+
+    public ReadFromFileNegativeAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() {
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        System.out.println("principals = " + subject.getPrincipals());
+
+        try {
+            Utils.readFile(filename);
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        ReadPropertyNegativeAction readProperty =
+                new ReadPropertyNegativeAction();
+        return Subject.doAs(subject, readProperty);
+    }
+
+}
+
+class ReadPropertyNegativeAction implements PrivilegedAction {
+
+    @Override
+    public java.lang.Object run() {
+        System.out.println("Try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+
+        try {
+            System.out.println("java.class.path = "
+                    + System.getProperty("java.class.path"));
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+        }
+
+        return null;
+    }
+
+}
+
+class WriteToFileExceptionAction implements PrivilegedExceptionAction {
+
+    private final String filename;
+
+    WriteToFileExceptionAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() throws Exception {
+        Utils.writeFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadFromFileExceptionAction readFromFile =
+                new ReadFromFileExceptionAction(filename);
+        return Subject.doAs(subject, readFromFile);
+    }
+
+}
+
+class ReadFromFileExceptionAction implements PrivilegedExceptionAction {
+
+    private final String filename;
+
+    ReadFromFileExceptionAction(String filename) {
+        this.filename = filename;
+    }
+
+    @Override
+    public Object run() throws Exception {
+        Utils.readFile(filename);
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        ReadPropertyExceptionAction readProperty =
+                new ReadPropertyExceptionAction();
+        return Subject.doAs(subject, readProperty);
+    }
+
+}
+
+class ReadPropertyExceptionAction implements PrivilegedExceptionAction {
+
+    @Override
+    public java.lang.Object run() throws Exception {
+        System.out.println("Try to read 'java.class.path' property");
+
+        AccessControlContext acc = AccessController.getContext();
+        Subject s = Subject.getSubject(acc);
+        System.out.println("principals = " + s.getPrincipals());
+
+        try {
+            System.out.println("java.class.path = "
+                    + System.getProperty("java.class.path"));
+            throw new RuntimeException(
+                    "Test failed: no AccessControlException thrown");
+        } catch (AccessControlException ace) {
+            System.out.println(
+                    "AccessControlException thrown as expected: "
+                    + ace.getMessage());
+            throw new ReadPropertyException(ace);
+        }
+    }
+
+}
+
+class ReadPropertyException extends Exception {
+
+    ReadPropertyException(Throwable cause) {
+        super(cause);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/Subject/doAs/policy.expect.ace	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,27 @@
+// this code has limited permissions that should cause ACE
+grant codeBase "file:NestedActionsACE.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+};
+
+grant codeBase "file:WriteToFileNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadFromFileNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadPropertyNegativeAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/Subject/doAs/policy.expect.pae	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,19 @@
+grant codeBase "file:NestedActionsPAE.jar" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:WriteToFileExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:ReadFromFileExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission java.security.AllPermission;
+};
+
+// this code has limited permissions that should cause ACE
+grant codeBase "file:ReadPropertyExceptionAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/Subject/doAs/policy.one.principal	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,36 @@
+grant codeBase "file:NestedActionsOnePrincipal.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:WriteToFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:ReadFromFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read";
+};
+
+grant codeBase "file:ReadPropertyAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+};
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/Subject/doAs/policy.two.principals	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,37 @@
+grant codeBase "file:NestedActionsTwoPrincipals.jar" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "test.classes", "read";
+    permission java.util.PropertyPermission "test.src", "read";
+    permission java.util.PropertyPermission "test.java.opts", "read";
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write,delete";
+};
+
+grant codeBase "file:WriteToFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read,write";
+};
+
+grant codeBase "file:ReadFromFileAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Duke"{
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+    permission java.io.FilePermission "NestedActions.tmp", "read";
+};
+
+grant codeBase "file:ReadPropertyAction.jar"
+        Principal javax.security.auth.x500.X500Principal "cn=Java" {
+    permission javax.security.auth.AuthPermission "getSubject";
+    permission javax.security.auth.AuthPermission "doAs";
+    permission java.util.PropertyPermission "java.class.path", "read";
+};
\ No newline at end of file
--- a/test/javax/xml/crypto/dsig/ValidationTests.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/test/javax/xml/crypto/dsig/ValidationTests.java	Fri Apr 15 14:47:15 2016 +0100
@@ -35,6 +35,7 @@
 import java.security.*;
 import javax.xml.crypto.Data;
 import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.OctetStreamData;
 import javax.xml.crypto.URIDereferencer;
 import javax.xml.crypto.URIReference;
@@ -60,9 +61,17 @@
     static class Test {
         String file;
         KeySelector ks;
-        Test(String file, KeySelector ks) {
+        Class exception;
+
+        Test(String file, KeySelector ks, Class exception) {
             this.file = file;
             this.ks = ks;
+            this.exception = exception;
+        }
+
+        // XMLSignatureException is expected by default
+        Test(String file, KeySelector ks) {
+            this(file, ks, XMLSignatureException.class);
         }
     }
 
@@ -109,7 +118,17 @@
     private final static Test[] INVALID_TESTS = {
         new Test("signature-enveloping-hmac-sha1-40.xml", SKKS),
         new Test("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", SKKS),
-        new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS)
+        new Test("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", SKKS),
+        new Test("signature-extra-text-in-signed-info.xml", SKKS,
+                MarshalException.class),
+        new Test("signature-wrong-canonicalization-method-algorithm.xml", SKKS,
+                MarshalException.class),
+        new Test("signature-wrong-transform-algorithm.xml", SKKS,
+                MarshalException.class),
+        new Test("signature-no-reference-uri.xml", SKKS),
+        new Test("signature-wrong-signature-method-algorithm.xml", SKKS,
+                MarshalException.class),
+        new Test("signature-wrong-tag-names.xml", SKKS, MarshalException.class)
     };
 
     public static void main(String args[]) throws Exception {
@@ -142,9 +161,14 @@
                 test_signature(test);
                 System.out.println("FAILED");
                 atLeastOneFailed = true;
-            } catch (XMLSignatureException xse) {
-                System.out.println(xse.getMessage());
-                System.out.println("PASSED");
+            } catch (Exception e) {
+                System.out.println("Exception: " + e);
+                if (e.getClass() != test.exception) {
+                    System.out.println("FAILED: unexpected exception");
+                    atLeastOneFailed = true;
+                } else {
+                    System.out.println("PASSED");
+                }
             }
         }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-extra-text-in-signed-info.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue><test>extra text</test></Reference></SignedInfo><SignatureValue>iTrgJERmYeD5hFwY8/MwJpkF+nd++AAOgf/Kxt9SwdE6BIYq2Vyxq4CQPhD+t2971BGTgvF6ejZd
++/Ko4Zs5Dqf4Lt65Vck0q43rM0PdP1e8gJov0IPYnZ1zeqFpah+N/OjmqTbshaZWRIjf3eqS6en5
+ZKjn+TkCQ1kOX/YUNDc=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-no-reference-uri.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>BNPSYlNcyXcO/Tc1tr9mQ/KAZ40eFybLTDyB/HH1EHHMpc972A+nOX2EWBaLsVgG8apl0Isp1ZqV
+gmoDHNF6xrcJJQVydVJzU08GVV4GiXHMqRYQbted7STQLhlhssvNNdMEoVApsX5ByL66wxKZQXrT
+z1kZtOHAi88DOrmIJu0=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-wrong-canonicalization-method-algorithm.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://oracle.com"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>EBbyEV7e+1CTUsyCTyxiN8p+U3/za1oTjK7q+kF8Q87r8e/7C1z4ndGWbk6zyI3w6leT+I2suW9U
+KkdvkrDXX2OyLw0GfgJfLkNn+1pGK6kyWpL95NoWJZhHkUAKKBZ0ikfZ4j33gYxrYK+IYCLeZYzr
+hlZjdXXXCiSH0Sq+weQ=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-wrong-signature-method-algorithm.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="bogus://bogus"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>RjL9nfQg9u6+KEFfAlBBH7E7ilFgB7YEQ5MxOIJN/fOdQmc5iDD+YuhiHzNGXGi/UOyo6t8LxTxl
+X4oFE1RNlPVkSAZK4LcTWhVa757WwgW1/EZo8PQYWp5NScLq6PumYaujoovSYBKW2N6+jQpnD/L6
+4cuEVNnwEFqvOLrjogY=</SignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-wrong-tag-names.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,3 @@
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><aSignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><aCanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></aCanonicalizationMethod><aSignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></aSignatureMethod><aReference URI=""><Transforms><aTransform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></aTransform></Transforms><aDigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></aDigestMethod><aDigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</aDigestValue></aReference></aSignedInfo><aSignatureValue>cbNpPGavhM0BGUtrvLxvy2SCIt+I27BPpVEt0Q9mXrdPYurMqWF/67AdY9m5RqS7+ZZlwUtem083
+MczRYbKoOIq7sMbCqKKdzbSE/U6rfmky/ACQ5wgemZl8jtipwu5LhAUzjhzT8hhTjVqOYpHdkVJz
+l9dnd9eWbLmEr3BI0VA=</aSignatureValue></Signature></test>
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/crypto/dsig/data/signature-wrong-transform-algorithm.xml	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,4 @@
+<!-- This XML signature contains a Transform with wrong algorithm -->
+<test xmlns="http://example.org/envelope">test<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI=""><Transforms><Transform Algorithm="bogus://bogus"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>1Bq8FsjajUBYPD7stQeJSc66GlM=</DigestValue></Reference></SignedInfo><SignatureValue>Wzyx3jgEKGwY+pBXBmqWLWhASHQYCCGZVii5sKKKeZUBKxNBthjiSVfzKANuLgX6zAt16XRycrSL
+zFKTPuvGeWVPDvd+KTNKCJxN9ccrG7v23EM7RY2eMJGu2r5DLfKwV7H6YuJPsOuWifVkKAhvq7gd
+6akJshxyAj9Ud+mjo48=</SignatureValue></Signature></test>
\ No newline at end of file
--- a/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java	Mon Apr 11 13:49:55 2016 -0700
+++ b/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java	Fri Apr 15 14:47:15 2016 +0100
@@ -269,16 +269,46 @@
     }
 
     /**
-     * Create ProcessBuilder using the java launcher from the jdk to be tested
-     * and with any platform specific arguments prepended
+     * Create ProcessBuilder using the java launcher from the jdk to be tested,
+     * and with any platform specific arguments prepended.
+     *
+     * @param command Arguments to pass to the java command.
+     * @return The ProcessBuilder instance representing the java command.
      */
     public static ProcessBuilder createJavaProcessBuilder(String... command)
             throws Exception {
+        return createJavaProcessBuilder(false, command);
+    }
+
+    /**
+     * Create ProcessBuilder using the java launcher from the jdk to be tested,
+     * and with any platform specific arguments prepended.
+     *
+     * @param addTestVmAndJavaOptions If true, adds test.vm.opts and test.java.opts
+     *        to the java arguments.
+     * @param command Arguments to pass to the java command.
+     * @return The ProcessBuilder instance representing the java command.
+     */
+    public static ProcessBuilder createJavaProcessBuilder(boolean addTestVmAndJavaOptions, String... command) throws Exception {
         String javapath = JDKToolFinder.getJDKTool("java");
 
         ArrayList<String> args = new ArrayList<>();
         args.add(javapath);
         Collections.addAll(args, getPlatformSpecificVMArgs());
+
+        if (addTestVmAndJavaOptions) {
+            // -cp is needed to make sure the same classpath is used whether the test is
+            // run in AgentVM mode or OtherVM mode. It was added to the hotspot version
+            // of this API as part of 8077608. However, for the jdk version it is only
+            // added when addTestVmAndJavaOptions is true in order to minimize
+            // disruption to existing JDK tests, which have yet to be tested with -cp
+            // being added. At some point -cp should always be added to be consistent
+            // with what the hotspot version does.
+            args.add("-cp");
+            args.add(System.getProperty("java.class.path"));
+            Collections.addAll(args, Utils.getTestJavaOpts());
+        }
+
         Collections.addAll(args, command);
 
         // Reporting
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/nio/ch/TestMaxCachedBufferSize.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.IOException;
+
+import java.lang.management.BufferPoolMXBean;
+import java.lang.management.ManagementFactory;
+
+import java.nio.ByteBuffer;
+
+import java.nio.channels.FileChannel;
+
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import static java.nio.file.StandardOpenOption.CREATE;
+import static java.nio.file.StandardOpenOption.TRUNCATE_EXISTING;
+import static java.nio.file.StandardOpenOption.WRITE;
+
+import java.util.List;
+import java.util.Random;
+
+/*
+ * @test
+ * @requires sun.arch.data.model == "64"
+ * @build TestMaxCachedBufferSize
+ * @run main/othervm TestMaxCachedBufferSize
+ * @run main/othervm -Djdk.nio.maxCachedBufferSize=0 TestMaxCachedBufferSize
+ * @run main/othervm -Djdk.nio.maxCachedBufferSize=2000 TestMaxCachedBufferSize
+ * @run main/othervm -Djdk.nio.maxCachedBufferSize=100000 TestMaxCachedBufferSize
+ * @run main/othervm -Djdk.nio.maxCachedBufferSize=10000000 TestMaxCachedBufferSize
+ * @summary Test the implementation of the jdk.nio.maxCachedBufferSize property.
+ */
+public class TestMaxCachedBufferSize {
+    private static final int DEFAULT_ITERS = 10 * 1000;
+    private static final int DEFAULT_THREAD_NUM = 4;
+
+    private static final int SMALL_BUFFER_MIN_SIZE =  4 * 1024;
+    private static final int SMALL_BUFFER_MAX_SIZE = 64 * 1024;
+    private static final int SMALL_BUFFER_DIFF_SIZE =
+                                 SMALL_BUFFER_MAX_SIZE - SMALL_BUFFER_MIN_SIZE;
+
+    private static final int LARGE_BUFFER_MIN_SIZE =      512 * 1024;
+    private static final int LARGE_BUFFER_MAX_SIZE = 4 * 1024 * 1024;
+    private static final int LARGE_BUFFER_DIFF_SIZE =
+                                 LARGE_BUFFER_MAX_SIZE - LARGE_BUFFER_MIN_SIZE;
+
+    private static final int LARGE_BUFFER_FREQUENCY = 100;
+
+    private static final String FILE_NAME_PREFIX = "nio-out-file-";
+    private static final int VERBOSE_PERIOD = 5 * 1000;
+
+    private static int iters = DEFAULT_ITERS;
+    private static int threadNum = DEFAULT_THREAD_NUM;
+
+    private static BufferPoolMXBean getDirectPool() {
+        final List<BufferPoolMXBean> pools =
+                  ManagementFactory.getPlatformMXBeans(BufferPoolMXBean.class);
+        for (BufferPoolMXBean pool : pools) {
+            if (pool.getName().equals("direct")) {
+                return pool;
+            }
+        }
+        throw new Error("could not find direct pool");
+    }
+    private static final BufferPoolMXBean directPool = getDirectPool();
+
+    // Each worker will do write operations on a file channel using
+    // buffers of various sizes. The buffer size is randomly chosen to
+    // be within a small or a large range. This way we can control
+    // which buffers can be cached (all, only the small ones, or none)
+    // by setting the jdk.nio.maxCachedBufferSize property.
+    private static class Worker implements Runnable {
+        private final int id;
+        private final Random random = new Random();
+        private long smallBufferCount = 0;
+        private long largeBufferCount = 0;
+
+        private int getWriteSize() {
+            int minSize = 0;
+            int diff = 0;
+            if (random.nextInt() % LARGE_BUFFER_FREQUENCY != 0) {
+                // small buffer
+                minSize = SMALL_BUFFER_MIN_SIZE;
+                diff = SMALL_BUFFER_DIFF_SIZE;
+                smallBufferCount += 1;
+            } else {
+                // large buffer
+                minSize = LARGE_BUFFER_MIN_SIZE;
+                diff = LARGE_BUFFER_DIFF_SIZE;
+                largeBufferCount += 1;
+            }
+            return minSize + random.nextInt(diff);
+        }
+
+        private void loop() {
+            final String fileName = String.format("%s%d", FILE_NAME_PREFIX, id);
+
+            try {
+                for (int i = 0; i < iters; i += 1) {
+                    final int writeSize = getWriteSize();
+
+                    // This will allocate a HeapByteBuffer. It should not
+                    // be a direct buffer, otherwise the write() method on
+                    // the channel below will not create a temporary
+                    // direct buffer for the write.
+                    final ByteBuffer buffer = ByteBuffer.allocate(writeSize);
+
+                    // Put some random data on it.
+                    while (buffer.hasRemaining()) {
+                        buffer.put((byte) random.nextInt());
+                    }
+                    buffer.rewind();
+
+                    final Path file = Paths.get(fileName);
+                    try (FileChannel outChannel = FileChannel.open(file, CREATE, TRUNCATE_EXISTING, WRITE)) {
+                        // The write() method will create a temporary
+                        // direct buffer for the write and attempt to cache
+                        // it. It's important that buffer is not a
+                        // direct buffer, otherwise the temporary buffer
+                        // will not be created.
+                        long res = outChannel.write(buffer);
+                    }
+
+                    if ((i + 1) % VERBOSE_PERIOD == 0) {
+                        System.out.printf(
+                          " Worker %3d | %8d Iters | Small %8d Large %8d | Direct %4d / %7dK\n",
+                          id, i + 1, smallBufferCount, largeBufferCount,
+                          directPool.getCount(), directPool.getTotalCapacity() / 1024);
+                    }
+                }
+            } catch (IOException e) {
+                throw new Error("I/O error", e);
+            }
+        }
+
+        @Override
+        public void run() {
+            loop();
+        }
+
+        public Worker(int id) {
+            this.id = id;
+        }
+    }
+
+    public static void checkDirectBuffers(long expectedCount, long expectedMax) {
+        final long directCount = directPool.getCount();
+        final long directTotalCapacity = directPool.getTotalCapacity();
+        System.out.printf("Direct %d / %dK\n",
+                          directCount, directTotalCapacity / 1024);
+
+        // Note that directCount could be < expectedCount. This can
+        // happen if a GC occurs after one of the worker threads exits
+        // since its thread-local DirectByteBuffer could be cleaned up
+        // before we reach here.
+        if (directCount > expectedCount) {
+            throw new Error(String.format(
+                "inconsistent direct buffer total count, expected = %d, found = %d",
+                expectedCount, directCount));
+        }
+
+        if (directTotalCapacity > expectedMax) {
+            throw new Error(String.format(
+                "inconsistent direct buffer total capacity, expectex max = %d, found = %d",
+                expectedMax, directTotalCapacity));
+        }
+    }
+
+    public static void main(String[] args) {
+        final String maxBufferSizeStr = System.getProperty("jdk.nio.maxCachedBufferSize");
+        final long maxBufferSize =
+            (maxBufferSizeStr != null) ? Long.valueOf(maxBufferSizeStr) : Long.MAX_VALUE;
+
+        // We assume that the max cannot be equal to a size of a
+        // buffer that can be allocated (makes sanity checking at the
+        // end easier).
+        if ((SMALL_BUFFER_MIN_SIZE <= maxBufferSize &&
+                                     maxBufferSize <= SMALL_BUFFER_MAX_SIZE) ||
+            (LARGE_BUFFER_MIN_SIZE <= maxBufferSize &&
+                                     maxBufferSize <= LARGE_BUFFER_MAX_SIZE)) {
+            throw new Error(String.format("max buffer size = %d not allowed",
+                                          maxBufferSize));
+        }
+
+        System.out.printf("Threads %d | Iterations %d | MaxBufferSize %d\n",
+                          threadNum, iters, maxBufferSize);
+        System.out.println();
+
+        final Thread[] threads = new Thread[threadNum];
+        for (int i = 0; i < threadNum; i += 1) {
+            threads[i] = new Thread(new Worker(i));
+            threads[i].start();
+        }
+
+        try {
+            for (int i = 0; i < threadNum; i += 1) {
+                threads[i].join();
+            }
+        } catch (InterruptedException e) {
+            throw new Error("join() interrupted!", e);
+        }
+
+        // There is an assumption here that, at this point, only the
+        // cached DirectByteBuffers should be active. Given we
+        // haven't used any other DirectByteBuffers in this test, this
+        // should hold.
+        //
+        // Also note that we can only do the sanity checking at the
+        // end and not during the run given that, at any time, there
+        // could be buffers currently in use by some of the workers
+        // that will not be cached.
+
+        System.out.println();
+        if (maxBufferSize < SMALL_BUFFER_MAX_SIZE) {
+            // The max buffer size is smaller than all buffers that
+            // were allocated. No buffers should have been cached.
+            checkDirectBuffers(0, 0);
+        } else if (maxBufferSize < LARGE_BUFFER_MIN_SIZE) {
+            // The max buffer size is larger than all small buffers
+            // but smaller than all large buffers that were
+            // allocated. Only small buffers could have been cached.
+            checkDirectBuffers(threadNum,
+                               (long) threadNum * (long) SMALL_BUFFER_MAX_SIZE);
+        } else {
+            // The max buffer size is larger than all buffers that
+            // were allocated. All buffers could have been cached.
+            checkDirectBuffers(threadNum,
+                               (long) threadNum * (long) LARGE_BUFFER_MAX_SIZE);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ec/SignatureOffsets.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+
+/*
+ * @test
+ * @bug 8050374
+ * @key randomness
+ * @summary This test validates signature verification
+ *          Signature.verify(byte[], int, int). The test uses RandomFactory to
+ *          get random set of clear text data to sign. After the signature
+ *          generation, the test tries to verify signature with the above API
+ *          and passing in different signature offset (0, 33, 66, 99).
+ * @library /lib/testlibrary
+ * @compile ../../../java/security/Signature/Offsets.java
+ * @run main SignatureOffsets SunEC NONEwithECDSA
+ * @run main SignatureOffsets SunEC SHA1withECDSA
+ * @run main SignatureOffsets SunEC SHA256withECDSA
+ * @run main SignatureOffsets SunEC SHA224withECDSA
+ * @run main SignatureOffsets SunEC SHA384withECDSA
+ * @run main SignatureOffsets SunEC SHA512withECDSA
+ */
+public class SignatureOffsets {
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Offsets.main(args);
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ec/SignedObjectChain.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050374
+ * @compile ../../../java/security/SignedObject/Chain.java
+ * @summary Verify a chain of signed objects
+ */
+public class SignedObjectChain {
+
+    private static class Test extends Chain.Test {
+
+        public Test(Chain.SigAlg sigAlg) {
+            super(sigAlg, Chain.KeyAlg.EC, Chain.Provider.SunEC);
+        }
+    }
+
+    private static final Test[] tests = {
+        new Test(Chain.SigAlg.SHA1withECDSA),
+        new Test(Chain.SigAlg.SHA256withECDSA),
+        new Test(Chain.SigAlg.SHA224withECDSA),
+        new Test(Chain.SigAlg.SHA384withECDSA),
+        new Test(Chain.SigAlg.SHA512withECDSA),
+    };
+
+    public static void main(String argv[]) {
+        boolean resutl = java.util.Arrays.stream(tests).allMatch(
+                (test) -> Chain.runTest(test));
+
+        if(resutl) {
+            System.out.println("All tests passed");
+        } else {
+            throw new RuntimeException("Some tests failed");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/mscapi/SignatureOffsets.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+
+/*
+ * @test
+ * @bug 8050374
+ * @key randomness
+ * @summary This test validates signature verification
+ *          Signature.verify(byte[], int, int). The test uses RandomFactory to
+ *          get random set of clear text data to sign. After the signature
+ *          generation, the test tries to verify signature with the above API
+ *          and passing in different signature offset (0, 33, 66, 99).
+ * @library /lib/testlibrary
+ * @compile ../../../java/security/Signature/Offsets.java
+ * @run main SignatureOffsets SunMSCAPI NONEwithRSA
+ * @run main SignatureOffsets SunMSCAPI MD2withRSA
+ * @run main SignatureOffsets SunMSCAPI MD5withRSA
+ * @run main SignatureOffsets SunMSCAPI SHA1withRSA
+ * @run main SignatureOffsets SunMSCAPI SHA256withRSA
+ * @run main SignatureOffsets SunMSCAPI SHA384withRSA
+ * @run main SignatureOffsets SunMSCAPI SHA512withRSA
+ */
+public class SignatureOffsets {
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Offsets.main(args);
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/mscapi/SignedObjectChain.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050374
+ * @compile ../../../java/security/SignedObject/Chain.java
+ * @summary Verify a chain of signed objects
+ */
+public class SignedObjectChain {
+
+    private static class Test extends Chain.Test {
+
+        public Test(Chain.SigAlg sigAlg) {
+            super(sigAlg, Chain.KeyAlg.RSA, Chain.Provider.SunMSCAPI);
+        }
+    }
+
+    private static final Test[] tests = {
+        new Test(Chain.SigAlg.MD2withRSA),
+        new Test(Chain.SigAlg.MD5withRSA),
+        new Test(Chain.SigAlg.SHA1withRSA),
+        new Test(Chain.SigAlg.SHA256withRSA),
+        new Test(Chain.SigAlg.SHA384withRSA),
+        new Test(Chain.SigAlg.SHA512withRSA),
+    };
+
+    public static void main(String argv[]) {
+        boolean resutl = java.util.Arrays.stream(tests).allMatch(
+                (test) -> Chain.runTest(test));
+
+        if(resutl) {
+            System.out.println("All tests passed");
+        } else {
+            throw new RuntimeException("Some tests failed");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/KeySizeTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.RSAKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+/**
+ * @test
+ * @bug 8044199
+ * @summary test if the private and public key size are the same as what is set
+ * through KeyPairGenerator.
+ * @run main KeySizeTest 512 10
+ * @run main KeySizeTest 768 10
+ * @run main KeySizeTest 1024 10
+ * @run main KeySizeTest 2048 5
+ * @run main KeySizeTest 4096 1
+ */
+public class KeySizeTest {
+
+    /**
+     * ALGORITHM name, fixed as RSA.
+     */
+    private static final String KEYALG = "RSA";
+
+    /**
+     * JDK default RSA Provider.
+     */
+    private static final String PROVIDER_NAME = "SunRsaSign";
+
+    public static void main(String[] args) throws Exception {
+        int iKeyPairSize = Integer.parseInt(args[0]);
+        int maxLoopCnt = Integer.parseInt(args[1]);
+
+        int failCount = 0;
+        KeyPairGenerator keyPairGen
+                = KeyPairGenerator.getInstance(KEYALG, PROVIDER_NAME);
+        keyPairGen.initialize(iKeyPairSize);
+        // Generate RSA keypair
+        KeyPair keyPair = keyPairGen.generateKeyPair();
+
+        // Get priavte and public keys
+        PrivateKey privateKey = keyPair.getPrivate();
+        PublicKey publicKey = keyPair.getPublic();
+        try {
+            if (!sizeTest(keyPair)) {
+                failCount++;
+            }
+        } catch (Exception ex) {
+            ex.printStackTrace(System.err);
+            failCount++;
+        }
+
+        for (int iCnt = 0; iCnt < maxLoopCnt; iCnt++) {
+
+            // Get keysize (modulus) of keys
+            KeyFactory keyFact = KeyFactory.getInstance(KEYALG, PROVIDER_NAME);
+
+            // Comparing binary length.
+            RSAPrivateKeySpec privateKeySpec
+                    = (RSAPrivateKeySpec) keyFact.getKeySpec(privateKey,
+                            RSAPrivateKeySpec.class);
+            int iPrivateKeySize = privateKeySpec.getModulus().bitLength();
+
+            RSAPublicKeySpec publicKeySpec
+                    = (RSAPublicKeySpec) keyFact.getKeySpec(publicKey,
+                            RSAPublicKeySpec.class);
+            int iPublicKeySize = publicKeySpec.getModulus().bitLength();
+
+            if ((iKeyPairSize != iPublicKeySize) || (iKeyPairSize != iPrivateKeySize)) {
+                System.err.println("iKeyPairSize : " + iKeyPairSize);
+                System.err.println("Generated a " + iPrivateKeySize
+                        + " bit RSA private key");
+                System.err.println("Generated a " + iPublicKeySize
+                        + " bit RSA public key");
+                failCount++;
+            }
+        }
+
+        if (failCount > 0) {
+            throw new RuntimeException("There are " + failCount + " tests failed.");
+        }
+    }
+
+    /**
+     * @param kpair test key pair.
+     * @return true if test passed. false if test failed.
+     */
+    private static boolean sizeTest(KeyPair kpair) {
+        RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
+        RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
+
+        // test the getModulus method
+        if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
+            if (!priv.getModulus().equals(pub.getModulus())) {
+                System.err.println("priv.getModulus() = " + priv.getModulus());
+                System.err.println("pub.getModulus() = " + pub.getModulus());
+                return false;
+            }
+        }
+        return true;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/PrivateKeyEqualityTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+
+/**
+ * @test
+ * @bug 8044199 4666485
+ * @summary Equality checking for RSAPrivateKey by SunRsaSign provider.
+ */
+public class PrivateKeyEqualityTest {
+    /**
+     * ALGORITHM name, fixed as RSA.
+     */
+    private static final String KEYALG = "RSA";
+
+    /**
+     * JDK default RSA Provider.
+     */
+    private static final String PROVIDER_NAME = "SunRsaSign";
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            NoSuchProviderException, InvalidKeySpecException {
+        // Generate the first key.
+        KeyPairGenerator generator
+                = KeyPairGenerator.getInstance(KEYALG, PROVIDER_NAME);
+        KeyPair keyPair = generator.generateKeyPair();
+        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
+        if (!(rsaPrivateKey instanceof RSAPrivateCrtKey)) {
+            System.err.println("rsaPrivateKey class : " + rsaPrivateKey.getClass().getName());
+            throw new RuntimeException("rsaPrivateKey is not a RSAPrivateCrtKey instance");
+        }
+
+        // Generate the second key.
+        KeyFactory factory = KeyFactory.getInstance(KEYALG, PROVIDER_NAME);
+        RSAPrivateKeySpec rsaPrivateKeySpec = new RSAPrivateKeySpec(
+                rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
+        RSAPrivateKey rsaPrivateKey2 = (RSAPrivateKey) factory.generatePrivate(
+                rsaPrivateKeySpec);
+
+        // Generate the third key.
+        PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(
+                rsaPrivateKey.getEncoded());
+        RSAPrivateKey rsaPrivateKey3 = (RSAPrivateKey) factory.generatePrivate(
+                encodedKeySpec);
+
+        // Check for equality.
+        if (rsaPrivateKey.equals(rsaPrivateKey2)) {
+            throw new RuntimeException("rsaPrivateKey should not equal to rsaPrivateKey2");
+        }
+        if (!rsaPrivateKey3.equals(rsaPrivateKey)) {
+            throw new RuntimeException("rsaPrivateKey3 should equal to rsaPrivateKey");
+        }
+        if (rsaPrivateKey3.equals(rsaPrivateKey2)) {
+            throw new RuntimeException("rsaPrivateKey3 should not equal to rsaPrivateKey2");
+        }
+        if (rsaPrivateKey2.equals(rsaPrivateKey3)) {
+            throw new RuntimeException("rsaPrivateKey2 should not equal to rsaPrivateKey3");
+        }
+
+        // Generate the fourth key.
+        RSAPrivateCrtKey rsaPrivateCrtKey =  (RSAPrivateCrtKey)rsaPrivateKey;
+        RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(
+                rsaPrivateCrtKey.getModulus(),
+                rsaPrivateCrtKey.getPublicExponent(),
+                rsaPrivateCrtKey.getPrivateExponent(),
+                rsaPrivateCrtKey.getPrimeP(),
+                rsaPrivateCrtKey.getPrimeQ(),
+                rsaPrivateCrtKey.getPrimeExponentP(),
+                rsaPrivateCrtKey.getPrimeExponentQ(),
+                rsaPrivateCrtKey.getCrtCoefficient()
+            );
+        RSAPrivateCrtKey rsaPrivateKey4 = (RSAPrivateCrtKey) factory.generatePrivate(
+                rsaPrivateCrtKeySpec);
+        if (!rsaPrivateKey.equals(rsaPrivateKey4)) {
+            throw new RuntimeException("rsaPrivateKey should equal to rsaPrivateKey4");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/SignatureOffsets.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+
+/*
+ * @test
+ * @bug 8050374
+ * @key randomness
+ * @summary This test validates signature verification
+ *          Signature.verify(byte[], int, int). The test uses RandomFactory to
+ *          get random set of clear text data to sign. After the signature
+ *          generation, the test tries to verify signature with the above API
+ *          and passing in different signature offset (0, 33, 66, 99).
+ * @library /lib/testlibrary
+ * @compile ../../../java/security/Signature/Offsets.java
+ * @run main SignatureOffsets SunRsaSign MD2withRSA
+ * @run main SignatureOffsets SunRsaSign MD5withRSA
+ * @run main SignatureOffsets SunRsaSign SHA1withRSA
+ * @run main SignatureOffsets SunRsaSign SHA224withRSA
+ * @run main SignatureOffsets SunRsaSign SHA256withRSA
+ * @run main SignatureOffsets SunRsaSign SHA384withRSA
+ * @run main SignatureOffsets SunRsaSign SHA512withRSA
+ */
+public class SignatureOffsets {
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Offsets.main(args);
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/SignatureTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,209 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
+import static javax.crypto.Cipher.PRIVATE_KEY;
+import static javax.crypto.Cipher.PUBLIC_KEY;
+import jdk.testlibrary.RandomFactory;
+
+/**
+ * @test
+ * @bug 8044199
+ * @summary Create a signature for RSA and get its signed data. re-initiate
+ *          the signature with the public key. The signature can be verified
+ *          by acquired signed data.
+ * @key randomness
+ * @library ../../../lib/testlibrary
+ * @run main SignatureTest MD2withRSA 512
+ * @run main SignatureTest MD5withRSA 512
+ * @run main SignatureTest SHA1withRSA 512
+ * @run main SignatureTest SHA256withRSA 512
+ * @run main SignatureTest MD2withRSA 768
+ * @run main SignatureTest MD5withRSA 768
+ * @run main SignatureTest SHA1withRSA 768
+ * @run main SignatureTest SHA256withRSA 768
+ * @run main SignatureTest MD2withRSA 1024
+ * @run main SignatureTest MD5withRSA 1024
+ * @run main SignatureTest SHA1withRSA 1024
+ * @run main SignatureTest SHA256withRSA 1024
+ * @run main SignatureTest MD2withRSA 2048
+ * @run main SignatureTest MD5withRSA 2048
+ * @run main SignatureTest SHA1withRSA 2048
+ * @run main SignatureTest SHA256withRSA 2048
+ * @run main/timeout=240 SignatureTest MD2withRSA 4096
+ * @run main/timeout=240 SignatureTest MD5withRSA 4096
+ * @run main/timeout=240 SignatureTest SHA1withRSA 4096
+ * @run main/timeout=240 SignatureTest SHA256withRSA 4096
+ * @run main/timeout=240 SignatureTest MD2withRSA 5120
+ * @run main/timeout=240 SignatureTest MD5withRSA 5120
+ * @run main/timeout=240 SignatureTest SHA1withRSA 5120
+ * @run main/timeout=240 SignatureTest SHA256withRSA 5120
+ * @run main/timeout=240 SignatureTest MD2withRSA 6144
+ * @run main/timeout=240 SignatureTest MD5withRSA 6144
+ * @run main/timeout=240 SignatureTest SHA1withRSA 6144
+ * @run main/timeout=240 SignatureTest SHA256withRSA 6144
+ */
+public class SignatureTest {
+    /**
+     * ALGORITHM name, fixed as RSA.
+     */
+    private static final String KEYALG = "RSA";
+
+    /**
+     * JDK default RSA Provider.
+     */
+    private static final String PROVIDER = "SunRsaSign";
+
+    /**
+     * How much times signature updated.
+     */
+    private static final int UPDATE_TIMES_FIFTY = 50;
+
+    /**
+     * How much times signature initial updated.
+     */
+    private static final int UPDATE_TIMES_HUNDRED = 100;
+
+    public static void main(String[] args) throws Exception {
+        String testAlg = args[0];
+        int testSize = Integer.parseInt(args[1]);
+
+        byte[] data = new byte[100];
+        RandomFactory.getRandom().nextBytes(data);
+
+        // create a key pair
+        KeyPair kpair = generateKeys(KEYALG, testSize);
+        Key[] privs = manipulateKey(PRIVATE_KEY, kpair.getPrivate());
+        Key[] pubs = manipulateKey(PUBLIC_KEY, kpair.getPublic());
+        // For signature algorithm, create and verify a signature
+
+        Arrays.stream(privs).forEach(priv
+                -> Arrays.stream(pubs).forEach(pub -> {
+                    try {
+                        checkSignature(data, (PublicKey) pub, (PrivateKey) priv,
+                                testAlg);
+                    } catch (NoSuchAlgorithmException | InvalidKeyException
+                            | SignatureException | NoSuchProviderException ex) {
+                        throw new RuntimeException(ex);
+                    }
+                }
+                ));
+
+    }
+
+    private static KeyPair generateKeys(String keyalg, int size)
+            throws NoSuchAlgorithmException {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyalg);
+        kpg.initialize(size);
+        return kpg.generateKeyPair();
+    }
+
+    private static Key[] manipulateKey(int type, Key key)
+            throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
+        KeyFactory kf = KeyFactory.getInstance(KEYALG, PROVIDER);
+
+        switch (type) {
+            case PUBLIC_KEY:
+                try {
+                    kf.getKeySpec(key, RSAPrivateKeySpec.class);
+                    throw new RuntimeException("Expected InvalidKeySpecException "
+                            + "not thrown");
+                } catch (InvalidKeySpecException expected) {
+                }
+
+                return new Key[]{
+                    kf.generatePublic(kf.getKeySpec(key, RSAPublicKeySpec.class)),
+                    kf.generatePublic(new X509EncodedKeySpec(key.getEncoded())),
+                    kf.generatePublic(new RSAPublicKeySpec(
+                    ((RSAPublicKey) key).getModulus(),
+                    ((RSAPublicKey) key).getPublicExponent()))
+                };
+            case PRIVATE_KEY:
+                try {
+                    kf.getKeySpec(key, RSAPublicKeySpec.class);
+                    throw new RuntimeException("Expected InvalidKeySpecException"
+                            + " not thrown");
+                } catch (InvalidKeySpecException expected) {
+                }
+                return new Key[]{
+                    kf.generatePrivate(kf.getKeySpec(key,
+                    RSAPrivateKeySpec.class)),
+                    kf.generatePrivate(new PKCS8EncodedKeySpec(
+                    key.getEncoded())),
+                    kf.generatePrivate(new RSAPrivateKeySpec(((RSAPrivateKey) key).getModulus(),
+                    ((RSAPrivateKey) key).getPrivateExponent()))
+                };
+        }
+        throw new RuntimeException("We shouldn't reach here");
+    }
+
+    private static void checkSignature(byte[] data, PublicKey pub,
+            PrivateKey priv, String sigalg) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException, NoSuchProviderException {
+        Signature sig = Signature.getInstance(sigalg, PROVIDER);
+        sig.initSign(priv);
+        for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) {
+            sig.update(data);
+        }
+        byte[] signedData = sig.sign();
+
+        // Make sure signature verifies with original data
+        sig.initVerify(pub);
+        for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) {
+            sig.update(data);
+        }
+        if (!sig.verify(signedData)) {
+            throw new RuntimeException("Failed to verify " + sigalg
+                    + " signature");
+        }
+
+        // Make sure signature does NOT verify when the original data
+        // has changed
+        sig.initVerify(pub);
+        for (int i = 0; i < UPDATE_TIMES_FIFTY; i++) {
+            sig.update(data);
+        }
+
+        if (sig.verify(signedData)) {
+            throw new RuntimeException("Failed to detect bad " + sigalg
+                    + " signature");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/SignedObjectChain.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050374
+ * @compile ../../../java/security/SignedObject/Chain.java
+ * @summary Verify a chain of signed objects
+ */
+public class SignedObjectChain {
+
+    private static class Test extends Chain.Test {
+
+        public Test(Chain.SigAlg sigAlg) {
+            super(sigAlg, Chain.KeyAlg.RSA, Chain.Provider.SunRsaSign);
+        }
+    }
+
+    private static final Test[] tests = {
+        new Test(Chain.SigAlg.MD2withRSA),
+        new Test(Chain.SigAlg.MD5withRSA),
+        new Test(Chain.SigAlg.SHA1withRSA),
+        new Test(Chain.SigAlg.SHA224withRSA),
+        new Test(Chain.SigAlg.SHA256withRSA),
+        new Test(Chain.SigAlg.SHA384withRSA),
+        new Test(Chain.SigAlg.SHA512withRSA),
+    };
+
+    public static void main(String argv[]) {
+        boolean resutl = java.util.Arrays.stream(tests).allMatch(
+                (test) -> Chain.runTest(test));
+
+        if(resutl) {
+            System.out.println("All tests passed");
+        } else {
+            throw new RuntimeException("Some tests failed");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/rsa/SpecTest.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.interfaces.RSAKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAKeyGenParameterSpec;
+
+/**
+ * @test
+ * @bug 8044199
+ * @summary Check same KeyPair's private key and public key have same modulus.
+ *  also check public key's public exponent equals to given spec's public
+ *  exponent.
+ * @run main SpecTest 512
+ * @run main SpecTest 768
+ * @run main SpecTest 1024
+ * @run main SpecTest 2048
+ * @run main/timeout=240 SpecTest 4096
+ * @run main/timeout=240 SpecTest 5120
+ */
+public class SpecTest {
+    /**
+     * ALGORITHM name, fixed as RSA.
+     */
+    private static final String KEYALG = "RSA";
+
+    /**
+     * JDK default RSA Provider.
+     */
+    private static final String PROVIDER = "SunRsaSign";
+
+    /**
+     *
+     * @param kpair test key pair
+     * @param pubExponent expected public exponent.
+     * @return true if test passed. false if test failed.
+     */
+    private static boolean specTest(KeyPair kpair, BigInteger pubExponent) {
+        boolean passed = true;
+        RSAPrivateKey priv = (RSAPrivateKey) kpair.getPrivate();
+        RSAPublicKey pub = (RSAPublicKey) kpair.getPublic();
+
+        // test the getModulus method
+        if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
+            if (!priv.getModulus().equals(pub.getModulus())) {
+                System.err.println("priv.getModulus() = " + priv.getModulus());
+                System.err.println("pub.getModulus() = " + pub.getModulus());
+                passed = false;
+            }
+
+            if (!pubExponent.equals(pub.getPublicExponent())) {
+                System.err.println("pubExponent = " + pubExponent);
+                System.err.println("pub.getPublicExponent() = "
+                        + pub.getPublicExponent());
+                passed = false;
+            }
+        }
+        return passed;
+    }
+
+    public static void main(String[] args) {
+        int failCount = 0;
+
+        // Test key size.
+        int size = Integer.parseInt(args[0]);
+
+        try {
+            KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(KEYALG, PROVIDER);
+            kpg1.initialize(new RSAKeyGenParameterSpec(size,
+                    RSAKeyGenParameterSpec.F4));
+            if (!specTest(kpg1.generateKeyPair(),
+                    RSAKeyGenParameterSpec.F4)) {
+                failCount++;
+            }
+
+            KeyPairGenerator kpg2 = KeyPairGenerator.getInstance(KEYALG, PROVIDER);
+            kpg2.initialize(new RSAKeyGenParameterSpec(size,
+                    RSAKeyGenParameterSpec.F0));
+            if (!specTest(kpg2.generateKeyPair(), RSAKeyGenParameterSpec.F0)) {
+                failCount++;
+            }
+        } catch (NoSuchAlgorithmException | NoSuchProviderException
+                | InvalidAlgorithmParameterException ex) {
+            ex.printStackTrace(System.err);
+            failCount++;
+        }
+
+        if (failCount != 0) {
+            throw new RuntimeException("There are " + failCount
+                    + " tests failed.");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/rsa/SignatureOffsets.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+
+/*
+ * @test
+ * @bug 8050374
+ * @key randomness
+ * @summary This test validates signature verification
+ *          Signature.verify(byte[], int, int). The test uses RandomFactory to
+ *          get random set of clear text data to sign. After the signature
+ *          generation, the test tries to verify signature with the above API
+ *          and passing in different signature offset (0, 33, 66, 99).
+ * @library /lib/testlibrary
+ * @compile ../../../../java/security/Signature/Offsets.java
+ * @run main SignatureOffsets SunJSSE MD2withRSA
+ * @run main SignatureOffsets SunJSSE MD5withRSA
+ * @run main SignatureOffsets SunJSSE SHA1withRSA
+ * @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
+ */
+public class SignatureOffsets {
+
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Offsets.main(args);
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/rsa/SignedObjectChain.java	Fri Apr 15 14:47:15 2016 +0100
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8050374
+ * @compile ../../../../java/security/SignedObject/Chain.java
+ * @summary Verify a chain of signed objects
+ */
+public class SignedObjectChain {
+
+    private static class Test extends Chain.Test {
+
+        public Test(Chain.SigAlg sigAlg) {
+            super(sigAlg, Chain.KeyAlg.RSA, Chain.Provider.SunJSSE);
+        }
+    }
+
+    private static final Test[] tests = {
+        new Test(Chain.SigAlg.MD2withRSA),
+        new Test(Chain.SigAlg.MD5withRSA),
+        new Test(Chain.SigAlg.SHA1withRSA),
+        new Test(Chain.SigAlg.MD5andSHA1withRSA),
+    };
+
+    public static void main(String argv[]) {
+        boolean resutl = java.util.Arrays.stream(tests).allMatch(
+                (test) -> Chain.runTest(test));
+
+        if(resutl) {
+            System.out.println("All tests passed");
+        } else {
+            throw new RuntimeException("Some tests failed");
+        }
+    }
+}