changeset 11602:d49e247dade6 jdk9-b55

Merge
author lana
date Thu, 12 Mar 2015 21:15:18 -0700
parents 638416d9f937 4330ca0a31bb
children 07725f2302ac e2de56953068
files make/launcher/Launcher-jdk.runtime.gmk make/lib/Lib-jdk.runtime.gmk src/jdk.dev/share/classes/com/sun/jarsigner/ContentSigner.java src/jdk.dev/share/classes/com/sun/jarsigner/ContentSignerParameters.java src/jdk.dev/share/classes/com/sun/jarsigner/package-info.java src/jdk.dev/share/classes/sun/security/tools/jarsigner/Main.java src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources.java src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_ja.java src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java src/jdk.dev/share/classes/sun/security/tools/policytool/PolicyTool.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_de.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_es.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_fr.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_it.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_ja.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_ko.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_pt_BR.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_sv.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_CN.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_HK.java src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_TW.java src/jdk.dev/share/classes/sun/tools/jar/CommandLine.java src/jdk.dev/share/classes/sun/tools/jar/JarException.java src/jdk.dev/share/classes/sun/tools/jar/Main.java src/jdk.dev/share/classes/sun/tools/jar/Manifest.java src/jdk.dev/share/classes/sun/tools/jar/SignatureFile.java src/jdk.dev/share/classes/sun/tools/jar/resources/jar.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_de.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_es.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_fr.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_it.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_ja.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_ko.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_pt_BR.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_sv.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_zh_CN.properties src/jdk.dev/share/classes/sun/tools/jar/resources/jar_zh_TW.properties src/jdk.runtime/share/native/common-unpack/bands.cpp src/jdk.runtime/share/native/common-unpack/bands.h src/jdk.runtime/share/native/common-unpack/bytes.cpp src/jdk.runtime/share/native/common-unpack/bytes.h src/jdk.runtime/share/native/common-unpack/coding.cpp src/jdk.runtime/share/native/common-unpack/coding.h src/jdk.runtime/share/native/common-unpack/constants.h src/jdk.runtime/share/native/common-unpack/defines.h src/jdk.runtime/share/native/common-unpack/unpack.cpp src/jdk.runtime/share/native/common-unpack/unpack.h src/jdk.runtime/share/native/common-unpack/utils.cpp src/jdk.runtime/share/native/common-unpack/utils.h src/jdk.runtime/share/native/common-unpack/zip.cpp src/jdk.runtime/share/native/common-unpack/zip.h src/jdk.runtime/share/native/libunpack/jni.cpp src/jdk.runtime/share/native/unpack200/main.cpp src/jdk.runtime/windows/native/unpack200/unpack200_proto.exe.manifest
diffstat 195 files changed, 25343 insertions(+), 24216 deletions(-) [+]
line wrap: on
line diff
--- a/make/CompileDemos.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/CompileDemos.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -219,6 +219,9 @@
   # Param 7 = libs for solaris
   # Param 8 = libs for linux
   # Param 9 = extra directories with required sources
+  # Param 10 = DISABLED_WARNINGS_gcc
+  # Param 11 = DISABLED_WARNINGS_microsoft
+  # Param 12 = DISABLED_WARNINGS_clang
   BUILD_DEMO_JVMTI_$1_EXTRA_SRC := \
       $$(wildcard $(DEMO_OS_TYPE_SRC)/jvmti/$1) \
       $$(wildcard $$(addprefix $(DEMO_SHARE_SRC)/jvmti/, $2)) \
@@ -254,6 +257,9 @@
       LANG := $$(BUILD_DEMO_JVMTI_$1_LANG), \
       OPTIMIZATION := LOW, \
       CXXFLAGS := $$($1_CXXFLAGS), \
+      DISABLED_WARNINGS_gcc := $(10), \
+      DISABLED_WARNINGS_clang := $(12), \
+      DISABLED_WARNINGS_microsoft := $(11), \
       LDFLAGS := $(filter-out -incremental:no -opt:ref, $(LDFLAGS_JDKLIB)), \
       LDFLAGS_macosx := $(call SET_EXECUTABLE_ORIGIN), \
       LDFLAGS_SUFFIX := $$($1_EXTRA_CXX), \
--- a/make/gendata/GendataPolicyJars.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/gendata/GendataPolicyJars.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -77,7 +77,7 @@
     $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
 
 $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \
-    $(US_EXPORT_POLICY_JAR_DEPS), \
+    DEPENDENCIES := $(US_EXPORT_POLICY_JAR_DEPS), \
     SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
     SUFFIXES := .policy, \
     JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED), \
@@ -139,8 +139,8 @@
 	$(install-file)
 
 $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \
-    $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
-    $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
+    DEPENDENCIES := $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
+        $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
     SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \
     SUFFIXES := .policy, \
     JAR := $(LOCAL_POLICY_JAR_LIMITED), \
@@ -148,7 +148,7 @@
     SKIP_METAINF := true))
 
 $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_UNLIMITED, \
-    $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
+    DEPENDENCIES := $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
     SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \
     SUFFIXES := .policy, \
     JAR := $(LOCAL_POLICY_JAR_UNLIMITED), \
--- a/make/gensrc/Gensrc-jdk.dev.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/gensrc/Gensrc-jdk.dev.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -32,8 +32,7 @@
 $(eval $(call SetupCompileProperties,COMPILE_PROPERTIES, \
     $(filter %.properties, \
         $(call CacheFind, \
-            $(JDK_TOPDIR)/src/jdk.dev/share/classes/jdk/tools/jimage/resources \
-            $(JDK_TOPDIR)/src/jdk.dev/share/classes/sun/tools/jar/resources)), \
+            $(JDK_TOPDIR)/src/jdk.dev/share/classes/jdk/tools/jimage/resources)), \
     ListResourceBundle))
 
 TARGETS += $(COMPILE_PROPERTIES)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/gensrc/Gensrc-jdk.jartool.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -0,0 +1,44 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include GensrcCommon.gmk
+
+################################################################################
+
+include GensrcProperties.gmk
+
+$(eval $(call SetupCompileProperties,COMPILE_PROPERTIES, \
+    $(filter %.properties, \
+        $(call CacheFind, \
+            $(JDK_TOPDIR)/src/jdk.jartool/share/classes/sun/tools/jar/resources)), \
+    ListResourceBundle))
+
+TARGETS += $(COMPILE_PROPERTIES)
+
+################################################################################
+
+all: $(TARGETS)
+
+.PHONY: all
--- a/make/launcher/Launcher-jdk.dev.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/launcher/Launcher-jdk.dev.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -25,18 +25,6 @@
 
 include LauncherCommon.gmk
 
-$(eval $(call SetupLauncher,jar, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.tools.jar.Main"$(COMMA) }'))
-
-$(eval $(call SetupLauncher,jarsigner, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.jarsigner.Main"$(COMMA) }'))
-
-ifndef BUILD_HEADLESS_ONLY
-  $(eval $(call SetupLauncher,policytool, \
-      -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.policytool.PolicyTool"$(COMMA) }',, \
-      $(XLIBS)))
-endif
-
 $(eval $(call SetupLauncher,jdeps, \
     -DEXPAND_CLASSPATH_WILDCARDS \
     -DNEVER_ACT_AS_SERVER_CLASS_MACHINE \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/launcher/Launcher-jdk.jartool.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+$(eval $(call SetupLauncher,jar, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.tools.jar.Main"$(COMMA) }'))
+
+$(eval $(call SetupLauncher,jarsigner, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.jarsigner.Main"$(COMMA) }'))
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/launcher/Launcher-jdk.pack200.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -0,0 +1,112 @@
+#
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+$(eval $(call SetupLauncher,pack200, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "com.sun.java.util.jar.pack.Driver"$(COMMA) }'))
+
+################################################################################
+# The order of the object files on the link command line affects the size of the resulting
+# binary (at least on linux) which causes the size to differ between old and new build.
+
+UNPACKEXE_SRC := $(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+    $(JDK_TOPDIR)/src/jdk.pack200/share/native/unpack200
+UNPACKEXE_CFLAGS := -I$(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+    -I$(JDK_TOPDIR)/src/java.base/share/native/libjava \
+    -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava
+
+ifeq ($(USE_EXTERNAL_LIBZ), true)
+  UNPACKEXE_CFLAGS += -DSYSTEM_ZLIB
+  UNPACKEXE_ZIPOBJS := -lz
+else
+  UNPACKEXE_CFLAGS += -I$(JDK_TOPDIR)/src/java.base/share/native/libzip/zlib-1.2.8
+  UNPACKEXE_ZIPOBJS := $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zcrc32$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/deflate$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/trees$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zadler32$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/compress$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zutil$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inflate$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/infback$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inftrees$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inffast$(OBJ_SUFFIX)
+
+endif
+
+UNPACKEXE_LANG := C
+ifeq ($(OPENJDK_TARGET_OS), solaris)
+  UNPACKEXE_LANG := C++
+endif
+
+# The linker on older SuSE distros (e.g. on SLES 10) complains with:
+# "Invalid version tag `SUNWprivate_1.1'. Only anonymous version tag is allowed in executable."
+# if feeded with a version script which contains named tags.
+ifeq ($(USING_BROKEN_SUSE_LD), yes)
+  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200.anonymous
+else
+  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200
+endif
+
+$(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \
+    SRC := $(UNPACKEXE_SRC), \
+    LANG := $(UNPACKEXE_LANG), \
+    OPTIMIZATION := LOW, \
+    CFLAGS := $(UNPACKEXE_CFLAGS) $(CXXFLAGS_JDKEXE) -DFULL, \
+    CFLAGS_release := -DPRODUCT, \
+    CFLAGS_linux := -fPIC, \
+    CFLAGS_solaris := -KPIC, \
+    CFLAGS_macosx := -fPIC, \
+    DISABLED_WARNINGS_gcc := sign-compare unused-result format-nonliteral \
+        format-security parentheses, \
+    DISABLED_WARNINGS_microsoft := 4267 4018, \
+    MAPFILE := $(UNPACK_MAPFILE),\
+    LDFLAGS := $(UNPACKEXE_ZIPOBJS) \
+        $(LDFLAGS_JDKEXE) $(LDFLAGS_CXX_JDK) \
+        $(call SET_SHARED_LIBRARY_NAME,$(LIBRARY_PREFIX)unpack$(SHARED_LIBRARY_SUFFIX)) \
+        $(call SET_SHARED_LIBRARY_ORIGIN), \
+    LDFLAGS_linux := -lc, \
+    LDFLAGS_solaris := $(UNPACKEXE_LDFLAGS_solaris) -lc, \
+    LDFLAGS_SUFFIX := $(LIBCXX), \
+    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpackexe$(OUTPUT_SUBDIR), \
+    OUTPUT_DIR := $(SUPPORT_OUTPUTDIR)/modules_cmds/$(MODULE), \
+    PROGRAM := unpack200, \
+    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
+    RC_FLAGS := $(RC_FLAGS) \
+        -D "JDK_FNAME=unpack200.exe" \
+        -D "JDK_INTERNAL_NAME=unpack200" \
+        -D "JDK_FTYPE=0x1L", \
+    DEBUG_SYMBOLS := true, \
+    MANIFEST := $(JDK_TOPDIR)/src/jdk.pack200/windows/native/unpack200/unpack200_proto.exe.manifest))
+
+ifneq ($(USE_EXTERNAL_LIBZ), true)
+
+  $(BUILD_UNPACKEXE): $(UNPACKEXE_ZIPOBJS)
+
+endif
+
+TARGETS += $(BUILD_UNPACKEXE)
+
+################################################################################
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/launcher/Launcher-jdk.policytool.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+ifndef BUILD_HEADLESS_ONLY
+  $(eval $(call SetupLauncher,policytool, \
+      -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.policytool.PolicyTool"$(COMMA) }',, \
+      $(XLIBS)))
+endif
--- a/make/launcher/Launcher-jdk.runtime.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LauncherCommon.gmk
-
-$(eval $(call SetupLauncher,pack200, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "com.sun.java.util.jar.pack.Driver"$(COMMA) }'))
-
-################################################################################
-# The order of the object files on the link command line affects the size of the resulting
-# binary (at least on linux) which causes the size to differ between old and new build.
-
-UNPACKEXE_SRC := $(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-    $(JDK_TOPDIR)/src/jdk.runtime/share/native/unpack200
-UNPACKEXE_CFLAGS := -I$(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-    -I$(JDK_TOPDIR)/src/java.base/share/native/libjava \
-    -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava
-
-ifeq ($(USE_EXTERNAL_LIBZ), true)
-  UNPACKEXE_CFLAGS += -DSYSTEM_ZLIB
-  UNPACKEXE_ZIPOBJS := -lz
-else
-  UNPACKEXE_CFLAGS += -I$(JDK_TOPDIR)/src/java.base/share/native/libzip/zlib-1.2.8
-  UNPACKEXE_ZIPOBJS := $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zcrc32$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/deflate$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/trees$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zadler32$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/compress$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zutil$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inflate$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/infback$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inftrees$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inffast$(OBJ_SUFFIX)
-
-endif
-
-UNPACKEXE_LANG := C
-ifeq ($(OPENJDK_TARGET_OS), solaris)
-  UNPACKEXE_LANG := C++
-endif
-
-# The linker on older SuSE distros (e.g. on SLES 10) complains with:
-# "Invalid version tag `SUNWprivate_1.1'. Only anonymous version tag is allowed in executable."
-# if feeded with a version script which contains named tags.
-ifeq ($(USING_BROKEN_SUSE_LD), yes)
-  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200.anonymous
-else
-  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200
-endif
-
-$(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \
-    SRC := $(UNPACKEXE_SRC), \
-    LANG := $(UNPACKEXE_LANG), \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(UNPACKEXE_CFLAGS) $(CXXFLAGS_JDKEXE) -DFULL, \
-    CFLAGS_release := -DPRODUCT, \
-    CFLAGS_linux := -fPIC, \
-    CFLAGS_solaris := -KPIC, \
-    CFLAGS_macosx := -fPIC, \
-    MAPFILE := $(UNPACK_MAPFILE),\
-    LDFLAGS := $(UNPACKEXE_ZIPOBJS) \
-        $(LDFLAGS_JDKEXE) $(LDFLAGS_CXX_JDK) \
-        $(call SET_SHARED_LIBRARY_NAME,$(LIBRARY_PREFIX)unpack$(SHARED_LIBRARY_SUFFIX)) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_linux := -lc, \
-    LDFLAGS_solaris := $(UNPACKEXE_LDFLAGS_solaris) -lc, \
-    LDFLAGS_SUFFIX := $(LIBCXX), \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpackexe$(OUTPUT_SUBDIR), \
-    OUTPUT_DIR := $(SUPPORT_OUTPUTDIR)/modules_cmds/$(MODULE), \
-    PROGRAM := unpack200, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=unpack200.exe" \
-        -D "JDK_INTERNAL_NAME=unpack200" \
-        -D "JDK_FTYPE=0x1L", \
-    DEBUG_SYMBOLS := true, \
-    MANIFEST := $(JDK_TOPDIR)/src/jdk.runtime/windows/native/unpack200/unpack200_proto.exe.manifest))
-
-ifneq ($(USE_EXTERNAL_LIBZ), true)
-
-  $(BUILD_UNPACKEXE): $(UNPACKEXE_ZIPOBJS)
-
-endif
-
-TARGETS += $(BUILD_UNPACKEXE)
-
-################################################################################
--- a/make/lib/Awt2dLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/Awt2dLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -55,6 +55,9 @@
     OPTIMIZATION := HIGHEST, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBMLIB_CFLAGS), \
+    DISABLED_WARNINGS_gcc := parentheses, \
+    DISABLED_WARNINGS_clang := parentheses, \
+    DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
     MAPFILE := $(BUILD_LIBMLIB_IMAGE_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -127,6 +130,7 @@
       CFLAGS := -xarch=sparcvis \
           $(LIBMLIB_IMAGE_V_CFLAGS) \
           $(CFLAGS_JDKLIB), \
+      DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
       MAPFILE := $(BUILD_LIBMLIB_IMAGE_MAPFILE), \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(BUILD_LIBMLIB_LDLIBS) -ljava -ljvm \
@@ -175,9 +179,6 @@
 
 LIBAWT_CFLAGS += -D__MEDIALIB_OLD_NAMES -D__USE_J2D_NAMES $(X_CFLAGS)
 
-ifeq ($(OPENJDK_TARGET_OS), macosx)
-endif
-
 ifeq ($(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH), solaris-sparc)
   LIBAWT_CFLAGS += -DMLIB_ADD_SUFF
   LIBAWT_CFLAGS += -xarch=sparcvis
@@ -253,6 +254,11 @@
     LANG := $(LIBAWT_LANG), \
     OPTIMIZATION := LOW, \
     CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_CFLAGS), \
+    DISABLED_WARNINGS_gcc := sign-compare unused-result maybe-uninitialized \
+        format-nonliteral parentheses, \
+    DISABLED_WARNINGS_clang := logical-op-parentheses, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4297 4244 4267, \
     ASFLAGS := $(LIBAWT_ASFLAGS), \
     MAPFILE := $(LIBAWT_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -361,6 +367,11 @@
         OPTIMIZATION := LOW, \
         CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_XAWT_CFLAGS) \
             $(X_CFLAGS), \
+        DISABLED_WARNINGS_gcc := type-limits pointer-to-int-cast \
+            deprecated-declarations unused-result maybe-uninitialized format \
+            format-security int-to-pointer-cast parentheses, \
+        DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE \
+            E_ASSIGNMENT_TYPE_MISMATCH E_NON_CONST_INIT, \
         MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_xawt/mapfile-vers, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(X_LIBS) $(LIBAWT_XAWT_LDFLAGS) \
@@ -417,6 +428,9 @@
         $(LCMS_CFLAGS), \
     CFLAGS_solaris := -xc99=no_lib, \
     CFLAGS_windows := -DCMS_IS_WINDOWS_, \
+    DISABLED_WARNINGS_gcc := format-nonliteral, \
+    DISABLED_WARNINGS_clang := tautological-compare, \
+    DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -495,6 +509,9 @@
     CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJAVAJPEG_SRC)) \
         $(LIBJAVA_HEADER_FLAGS) \
         -I$(SUPPORT_OUTPUTDIR)/headers/java.desktop, \
+    DISABLED_WARNINGS_gcc := clobbered parentheses, \
+    DISABLED_WARNINGS_clang := logical-op-parentheses, \
+    DISABLED_WARNINGS_microsoft := 4267, \
     MAPFILE := $(BUILD_LIBJAVAJPEG_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(LIBJPEG_LIBS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -563,6 +580,9 @@
             $(CUPS_CFLAGS) \
             $(X_CFLAGS) \
             $(LIBAWT_HEADLESS_CFLAGS), \
+        DISABLED_WARNINGS_gcc := maybe-uninitialized int-to-pointer-cast, \
+        DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE \
+            E_EMPTY_TRANSLATION_UNIT, \
         MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_headless/mapfile-vers, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -644,6 +664,11 @@
     CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBFONTMANAGER_CFLAGS), \
     OPTIMIZATION := $(LIBFONTMANAGER_OPTIMIZATION), \
     CFLAGS_windows = -DCC_NOEX, \
+    DISABLED_WARNINGS_gcc := sign-compare int-to-pointer-cast reorder \
+        delete-non-virtual-dtor, \
+    DISABLED_WARNINGS_clang := unused-value incompatible-pointer-types, \
+    DISABLED_WARNINGS_solstudio := truncwarn, \
+    DISABLED_WARNINGS_microsoft := 4267 4244 4018 4090, \
     MAPFILE := $(BUILD_LIBFONTMANAGER_MAPFILE), \
     LDFLAGS := $(subst -Xlinker -z -Xlinker defs,,$(LDFLAGS_JDKLIB)) $(LDFLAGS_CXX_JDK) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -876,6 +901,10 @@
       OPTIMIZATION := LOW, \
       CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \
                 $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS) $(PNG_CFLAGS), \
+      DISABLED_WARNINGS_gcc := type-limits unused-result maybe-uninitialized, \
+      DISABLED_WARNINGS_clang := incompatible-pointer-types, \
+      DISABLED_WARNINGS_solstudio := E_NEWLINE_NOT_LAST, \
+      DISABLED_WARNINGS_microsoft := 4244 4267, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -946,6 +975,9 @@
           $(X_CFLAGS) \
           $(X_LIBS) \
           $(LIBAWT_LWAWT_CFLAGS), \
+      DISABLED_WARNINGS_clang := incomplete-implementation \
+          deprecated-declarations objc-method-access bitwise-op-parentheses \
+          incompatible-pointer-types parentheses-equality extra-tokens, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN) \
           -L$(INSTALL_LIBRARIES_HERE), \
--- a/make/lib/CoreLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/CoreLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
 WIN_VERIFY_LIB := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libverify/verify.lib
 
 ##########################################################################################
-# libfdlibm is statically linked with libjava below and not delivered into the 
+# libfdlibm is statically linked with libjava below and not delivered into the
 # product on its own.
 
 BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
@@ -48,6 +48,8 @@
       CFLAGS := $(CFLAGS_JDKLIB) $(LIBFDLIBM_CFLAGS), \
       CFLAGS_windows_debug := -DLOGGING, \
       CFLAGS_aix := -qfloat=nomaf, \
+      DISABLED_WARNINGS_gcc := sign-compare, \
+      DISABLED_WARNINGS_microsoft := 4146 4244 4018, \
       ARFLAGS := $(ARFLAGS), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libfdlibm, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -94,6 +96,7 @@
     LANG := C, \
     OPTIMIZATION := $(LIBVERIFY_OPTIMIZATION), \
     CFLAGS := $(CFLAGS_JDKLIB), \
+    DISABLED_WARNINGS_microsoft := 4244 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libverify/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -147,6 +150,10 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(LIBJAVA_CFLAGS), \
+    DISABLED_WARNINGS_gcc := type-limits format-nonliteral, \
+    DISABLED_WARNINGS_clang := int-conversion, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4022 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjava/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -209,6 +216,9 @@
         -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava \
         -I$(SUPPORT_OUTPUTDIR)/headers/java.base, \
     CFLAGS_unix := $(BUILD_LIBZIP_MMAP) -UDEBUG, \
+    DISABLED_WARNINGS_gcc := parentheses, \
+    DISABLED_WARNINGS_clang := dangling-else, \
+    DISABLED_WARNINGS_microsoft := 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libzip/mapfile-vers, \
     REORDER := $(BUILD_LIBZIP_REORDER), \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
@@ -307,6 +317,12 @@
     LANG := C, \
     OPTIMIZATION := HIGH, \
     CFLAGS := $(LIBJLI_CFLAGS), \
+    DISABLED_WARNINGS_gcc := pointer-to-int-cast sign-compare format-nonliteral \
+        parentheses, \
+    DISABLED_WARNINGS_clang := implicit-function-declaration parentheses \
+        int-conversion, \
+    DISABLED_WARNINGS_solstudio := E_ASM_DISABLES_OPTIMIZATION E_NEWLINE_NOT_LAST, \
+    DISABLED_WARNINGS_microsoft := 4244 4047 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjli/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -355,6 +371,7 @@
       LANG := C, \
       OPTIMIZATION := HIGH, \
       CFLAGS := $(STATIC_LIBRARY_FLAGS) $(LIBJLI_CFLAGS), \
+      DISABLED_WARNINGS_microsoft := 4244 4047 4267, \
       ARFLAGS := $(ARFLAGS), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjli_static, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -375,6 +392,8 @@
       LANG := C, \
       OPTIMIZATION := HIGH, \
       CFLAGS := $(CFLAGS_JDKLIB) $(LIBJLI_CFLAGS), \
+      DISABLED_WARNINGS_clang := implicit-function-declaration parentheses \
+          int-conversion, \
       LDFLAGS := -nostdlib -r, \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjli_static, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -401,4 +420,3 @@
   TARGETS += $(BUILD_LIBJLI_STATIC)
 
 endif
-
--- a/make/lib/Lib-java.security.jgss.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/Lib-java.security.jgss.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2GSS_SRC)) \
           $(LIBJAVA_HEADER_FLAGS) \
           -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
+      DISABLED_WARNINGS_gcc := pointer-to-int-cast, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2gss/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -82,6 +83,7 @@
         CFLAGS := $(CFLAGS_JDKLIB) \
             $(addprefix -I, $(BUILD_LIBKRB5_SRC)) \
             -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
+        DISABLED_WARNINGS_clang := implicit-function-declaration, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(call SET_SHARED_LIBRARY_ORIGIN), \
         LDFLAGS_SUFFIX := $(BUILD_LIBKRB5_LIBS), \
--- a/make/lib/Lib-jdk.crypto.ec.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/Lib-jdk.crypto.ec.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -54,6 +54,8 @@
           -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
       CXXFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CXXFLAGS_JDKLIB)) \
           $(BUILD_LIBSUNEC_FLAGS), \
+      DISABLED_WARNINGS_gcc := sign-compare, \
+      DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsunec/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
       LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/make/lib/Lib-jdk.crypto.pkcs11.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/Lib-jdk.crypto.pkcs11.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
     CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2PKCS11_SRC)) \
         $(LIBJAVA_HEADER_FLAGS) \
         -I$(SUPPORT_OUTPUTDIR)/headers/jdk.crypto.pkcs11, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4013 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2pkcs11/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/make/lib/Lib-jdk.deploy.osx.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/Lib-jdk.deploy.osx.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) \
           -I$(LIBAPPLESCRIPTENGINE_SRC) \
           -I$(SUPPORT_OUTPUTDIR)/headers/jdk.deploy.osx, \
+      DISABLED_WARNINGS_clang := implicit-function-declaration format, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
       LDFLAGS_SUFFIX := -framework Cocoa \
@@ -71,6 +72,7 @@
       OPTIMIZATION := LOW, \
       CFLAGS := $(CFLAGS_JDKLIB) \
           $(LIBOSX_CFLAGS), \
+      DISABLED_WARNINGS_clang := deprecated-declarations, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           -L$(SUPPORT_OUTPUTDIR)/modules_libs/java.desktop \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/lib/Lib-jdk.pack200.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LibCommon.gmk
+
+################################################################################
+
+$(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \
+    LIBRARY := unpack, \
+    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
+    SRC := $(JDK_TOPDIR)/src/jdk.pack200/share/native/libunpack \
+        $(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack, \
+    LANG := C++, \
+    OPTIMIZATION := LOW, \
+    CFLAGS := $(CXXFLAGS_JDKLIB) \
+        -DNO_ZLIB -DUNPACK_JNI -DFULL \
+        -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
+        -I$(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+        $(LIBJAVA_HEADER_FLAGS), \
+    CFLAGS_release := -DPRODUCT, \
+    DISABLED_WARNINGS_gcc := conversion-null sign-compare format-security \
+        format-nonliteral parentheses, \
+    DISABLED_WARNINGS_solstudio := truncwarn, \
+    DISABLED_WARNINGS_microsoft := 4267 4018, \
+    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \
+    LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK) \
+        $(call SET_SHARED_LIBRARY_ORIGIN), \
+    LDFLAGS_windows := -map:$(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpack.map -debug \
+        jvm.lib $(WIN_JAVA_LIB), \
+    LDFLAGS_SUFFIX_unix := -ljvm $(LIBCXX) -ljava -lc, \
+    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libunpack, \
+    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
+    RC_FLAGS := $(RC_FLAGS) \
+        -D "JDK_FNAME=unpack.dll" \
+        -D "JDK_INTERNAL_NAME=unpack" \
+        -D "JDK_FTYPE=0x2L", \
+    DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
+
+$(BUILD_LIBUNPACK): $(call FindLib, java.base, java)
+
+TARGETS += $(BUILD_LIBUNPACK)
+
+################################################################################
--- a/make/lib/Lib-jdk.runtime.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LibCommon.gmk
-
-################################################################################
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \
-    LIBRARY := unpack, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(JDK_TOPDIR)/src/jdk.runtime/share/native/libunpack \
-        $(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack, \
-    LANG := C++, \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(CXXFLAGS_JDKLIB) \
-        -DNO_ZLIB -DUNPACK_JNI -DFULL \
-        -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
-        -I$(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-        $(LIBJAVA_HEADER_FLAGS), \
-    CFLAGS_release := -DPRODUCT, \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_windows := -map:$(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpack.map -debug \
-        jvm.lib $(WIN_JAVA_LIB), \
-    LDFLAGS_SUFFIX_unix := -ljvm $(LIBCXX) -ljava -lc, \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libunpack, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=unpack.dll" \
-        -D "JDK_INTERNAL_NAME=unpack" \
-        -D "JDK_FTYPE=0x2L", \
-    DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
-
-$(BUILD_LIBUNPACK): $(call FindLib, java.base, java)
-
-TARGETS += $(BUILD_LIBUNPACK)
-
-################################################################################
--- a/make/lib/NetworkingLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/NetworkingLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,9 @@
     OPTIMIZATION := LOW, \
     CFLAGS := $(CFLAGS_JDKLIB) -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
         $(LIBJAVA_HEADER_FLAGS) $(addprefix -I, $(LIBNET_SRC_DIRS)), \
+    DISABLED_WARNINGS_gcc := format-nonliteral, \
+    DISABLED_WARNINGS_clang := parentheses-equality constant-logical-operand, \
+    DISABLED_WARNINGS_microsoft := 4244 4047 4133, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libnet/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/make/lib/NioLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/NioLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,9 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBNIO_CFLAGS), \
+    DISABLED_WARNINGS_gcc := type-limits, \
+    DISABLED_WARNINGS_clang := tautological-compare, \
+    DISABLED_WARNINGS_microsoft := 4244, \
     MAPFILE := $(BUILD_LIBNIO_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(BUILD_LIBNIO_LDFLAGS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -92,4 +95,3 @@
 TARGETS += $(BUILD_LIBNIO)
 
 $(BUILD_LIBNIO): $(BUILD_LIBNET)
-
--- a/make/lib/PlatformLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/PlatformLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) \
           $(addprefix -I, $(LIBOSXAPP_SRC)) \
           -I$(SUPPORT_OUTPUTDIR)/headers/java.desktop, \
+      DISABLED_WARNINGS_clang := objc-method-access objc-root-class, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
       LDFLAGS_SUFFIX_macosx := \
@@ -59,4 +60,3 @@
   TARGETS += $(BUILD_LIBOSXAPP)
 
 endif
-
--- a/make/lib/SoundLibraries.gmk	Thu Mar 12 13:35:13 2015 -0700
+++ b/make/lib/SoundLibraries.gmk	Thu Mar 12 21:15:18 2015 -0700
@@ -129,6 +129,8 @@
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(LIBJSOUND_CFLAGS), \
     CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBJSOUND_CFLAGS), \
+    DISABLED_WARNINGS_clang := implicit-function-declaration \
+        deprecated-writable-strings, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjsound/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -175,6 +177,7 @@
           -DUSE_PORTS=TRUE \
           -DUSE_PLATFORM_MIDI_OUT=TRUE \
           -DUSE_PLATFORM_MIDI_IN=TRUE, \
+      DISABLED_WARNINGS_gcc := parentheses, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjsoundalsa/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/src/demo/share/jvmti/compiledMethodLoad/compiledMethodLoad.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/demo/share/jvmti/compiledMethodLoad/compiledMethodLoad.c	Thu Mar 12 21:15:18 2015 -0700
@@ -143,7 +143,7 @@
 
         for (i = 0; i < numpcs; i++) {
             PCStackInfo pcrecord = (record->pcinfo[i]);
-            fprintf(fp, "PcDescriptor(pc=0x%lx):\n", (jint)(pcrecord.pc));
+            fprintf(fp, "PcDescriptor(pc=%p):\n", pcrecord.pc);
             print_stack_frames(&pcrecord, jvmti, fp);
         }
     }
--- a/src/demo/share/jvmti/waiters/Agent.cpp	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/demo/share/jvmti/waiters/Agent.cpp	Thu Mar 12 21:15:18 2015 -0700
@@ -111,8 +111,6 @@
 /* VM initialization and VM death calls to Agent */
 Agent::Agent(jvmtiEnv *jvmti, JNIEnv *env, jthread thread)
 {
-    jvmtiError err;
-
     stdout_message("Agent created..\n");
     stdout_message("VMInit...\n");
     /* Start monitor list */
@@ -129,8 +127,6 @@
 
 void Agent::vm_death(jvmtiEnv *jvmti, JNIEnv *env)
 {
-    jvmtiError err;
-
     /* Delete all Monitors we allocated */
     for ( int i = 0; i < (int)monitor_count; i++ ) {
         delete monitor_list[i];
--- a/src/java.base/share/classes/com/sun/security/cert/internal/x509/X509V1CertImpl.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/com/sun/security/cert/internal/x509/X509V1CertImpl.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,8 +45,13 @@
  * The X509V1CertImpl class is used as a conversion wrapper around
  * sun.security.x509.X509Cert certificates when running under JDK1.1.x.
  *
+ * @deprecated This is the implementation class for the deprecated
+ *  {@code javax.security.cert.X509Certificate} class. The classes in the
+ *  {@code java.security.cert} package should be used instead.
+ *
  * @author Jeff Nisewanger
  */
+@Deprecated
 public class X509V1CertImpl extends X509Certificate implements Serializable {
     static final long serialVersionUID = -2048442350420423405L;
     private java.security.cert.X509Certificate wrappedCert;
--- a/src/java.base/share/classes/java/lang/ProcessBuilder.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/lang/ProcessBuilder.java	Thu Mar 12 21:15:18 2015 -0700
@@ -171,6 +171,11 @@
  * variables, first call {@link java.util.Map#clear() Map.clear()}
  * before adding environment variables.
  *
+ * <p>
+ * Unless otherwise noted, passing a {@code null} argument to a constructor
+ * or method in this class will cause a {@link NullPointerException} to be
+ * thrown.
+ *
  * @author Martin Buchholz
  * @since 1.5
  */
@@ -193,7 +198,6 @@
      * command.
      *
      * @param  command the list containing the program and its arguments
-     * @throws NullPointerException if the argument is null
      */
     public ProcessBuilder(List<String> command) {
         if (command == null)
@@ -228,8 +232,6 @@
      *
      * @param  command the list containing the program and its arguments
      * @return this process builder
-     *
-     * @throws NullPointerException if the argument is null
      */
     public ProcessBuilder command(List<String> command) {
         if (command == null)
@@ -554,7 +556,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to read from the specified file
          */
         public static Redirect from(final File file) {
@@ -581,7 +582,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to write to the specified file
          */
         public static Redirect to(final File file) {
@@ -612,7 +612,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to append to the specified file
          */
         public static Redirect appendTo(final File file) {
--- a/src/java.base/share/classes/java/nio/charset/Charset-X-Coder.java.template	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/nio/charset/Charset-X-Coder.java.template	Thu Mar 12 21:15:18 2015 -0700
@@ -266,16 +266,15 @@
      * method, passing the new replacement, after checking that the new
      * replacement is acceptable.  </p>
      *
-     * @param  newReplacement  The replacement value
-     *
+     * @param  newReplacement  The new replacement; must not be
+     *         <tt>null</tt>, must have non-zero length,
 #if[decoder]
-     *         The new replacement; must not be <tt>null</tt>
-     *         and must have non-zero length
+     *         and must not be longer than the value returned by the
+     *         {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method
 #end[decoder]
 #if[encoder]
-     *         The new replacement; must not be <tt>null</tt>, must have
-     *         non-zero length, must not be longer than the value returned by
-     *         the {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method, and
+     *         must not be longer than the value returned by the
+     *         {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method, and
      *         must be {@link #isLegalReplacement legal}
 #end[encoder]
      *
--- a/src/java.base/share/classes/java/security/acl/Acl.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/Acl.java	Thu Mar 12 21:15:18 2015 -0700
@@ -82,8 +82,12 @@
  * @see java.security.acl.Acl#getPermissions
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
 
+@Deprecated
 public interface Acl extends Owner {
 
     /**
--- a/src/java.base/share/classes/java/security/acl/AclEntry.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/AclEntry.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,7 +50,11 @@
  * @see java.security.acl.Acl
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface AclEntry extends Cloneable {
 
     /**
--- a/src/java.base/share/classes/java/security/acl/AclNotFoundException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/AclNotFoundException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,11 @@
  * non-existent ACL (Access Control List).
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class AclNotFoundException extends Exception {
 
     private static final long serialVersionUID = 5684295034092681791L;
--- a/src/java.base/share/classes/java/security/acl/Group.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/Group.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,11 @@
  * Principal or Group.
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Group extends Principal {
 
     /**
--- a/src/java.base/share/classes/java/security/acl/LastOwnerException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/LastOwnerException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,11 @@
  * @see java.security.acl.Owner#deleteOwner
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class LastOwnerException extends Exception {
 
     private static final long serialVersionUID = -5141997548211140359L;
--- a/src/java.base/share/classes/java/security/acl/NotOwnerException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/NotOwnerException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,11 @@
  * the object, but the Principal attempting the modification is not an owner.
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class NotOwnerException extends Exception {
 
     private static final long serialVersionUID = -5555597911163362399L;
--- a/src/java.base/share/classes/java/security/acl/Owner.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/Owner.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,10 @@
  *
  * @see java.security.acl.Acl
  *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Owner {
 
     /**
--- a/src/java.base/share/classes/java/security/acl/Permission.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/Permission.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,11 @@
  * a particular type of access to a resource.
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Permission {
 
     /**
--- a/src/java.base/share/classes/java/security/acl/package-info.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/acl/package-info.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,10 +24,12 @@
  */
 
 /**
- * The classes and interfaces in this package have been
- * superseded by classes in the java.security package.
- * See that package and, for example, java.security.Permission for details.
+ * The classes and interfaces in this package have been deprecated.
+ * The {@code java.security} package contains suitable replacements.
+ * See that package and, for example, {@code java.security.Permission}
+ * for details.
  *
  * @since 1.1
  */
+@Deprecated
 package java.security.acl;
--- a/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,7 +89,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      * @throws NullPointerException if {@code encodedKey}
-     * or {@algorithm} is null.
+     * or {@code algorithm} is null.
      * @throws IllegalArgumentException if {@code algorithm} is
      * the empty string {@code ""}
      * @since 1.9
--- a/src/java.base/share/classes/java/time/format/Parsed.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/time/format/Parsed.java	Thu Mar 12 21:15:18 2015 -0700
@@ -216,7 +216,16 @@
             return (R) (date != null ? LocalDate.from(date) : null);
         } else if (query == TemporalQueries.localTime()) {
             return (R) time;
-        } else if (query == TemporalQueries.zone() || query == TemporalQueries.offset()) {
+        } else if (query == TemporalQueries.offset()) {
+            Long offsetSecs = fieldValues.get(OFFSET_SECONDS);
+            if (offsetSecs != null) {
+                return (R) ZoneOffset.ofTotalSeconds(offsetSecs.intValue());
+            }
+            if (zone instanceof ZoneOffset) {
+                return (R)zone;
+            }
+            return query.queryFrom(this);
+        } else if (query == TemporalQueries.zone()) {
             return query.queryFrom(this);
         } else if (query == TemporalQueries.precision()) {
             return null;  // not a complete date/time
--- a/src/java.base/share/classes/java/util/regex/Matcher.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/java/util/regex/Matcher.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1183,7 +1183,7 @@
      *
      * <p> Given the regular expression <tt>dog</tt>, the input
      * <tt>"zzzdogzzzdogzzz"</tt>, and the function
-     * <tt>mr -> mr.group().toUpperCase()</tt>, an invocation of this method on
+     * {@code mr -> mr.group().toUpperCase()}, an invocation of this method on
      * a matcher for that expression would yield the string
      * <tt>"zzzDOGzzzDOGzzz"</tt>.
      *
@@ -1405,7 +1405,7 @@
      *
      * <p> Given the regular expression <tt>dog</tt>, the input
      * <tt>"zzzdogzzzdogzzz"</tt>, and the function
-     * <tt>mr -> mr.group().toUpperCase()</tt>, an invocation of this method on
+     * {@code mr -> mr.group().toUpperCase()}, an invocation of this method on
      * a matcher for that expression would yield the string
      * <tt>"zzzDOGzzzdogzzz"</tt>.
      *
--- a/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -152,7 +152,11 @@
      *          {@link javax.security.cert.X509Certificate} format).
      * @exception SSLPeerUnverifiedException if the peer is not verified.
      * @see #getPeerPrincipal()
+     * @deprecated The {@link #getPeerCertificates()} method that returns an
+     *               array of {@code java.security.cert.Certificate} should
+     *               be used instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate [] getPeerCertificateChain()
             throws SSLPeerUnverifiedException
     {
--- a/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -272,7 +272,11 @@
      * @exception SSLPeerUnverifiedException if the peer's identity
      *          has not been verified
      * @see #getPeerPrincipal()
+     * @deprecated The {@link #getPeerCertificates()} method that returns an
+     *               array of {@code java.security.cert.Certificate} should
+     *               be used instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate [] getPeerCertificateChain()
             throws SSLPeerUnverifiedException;
 
--- a/src/java.base/share/classes/javax/security/cert/Certificate.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/Certificate.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,11 @@
  *
  * @since 1.4
  * @see X509Certificate
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  *
  * @author Hemma Prafullchandra
  */
+@Deprecated
 public abstract class Certificate {
 
     /**
--- a/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateEncodingException extends CertificateException {
 
     private static final long serialVersionUID = -8187642723048403470L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/CertificateException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,9 @@
  * @author Hemma Prafullchandra
  * @since 1.4
  * @see Certificate
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateException extends Exception {
 
     private static final long serialVersionUID = -5757213374030785290L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateExpiredException extends CertificateException {
 
     private static final long serialVersionUID = 5091601212177261883L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateNotYetValidException extends CertificateException {
 
     private static final long serialVersionUID = -8976172474266822818L;
--- a/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateParsingException extends CertificateException {
 
     private static final long serialVersionUID = -8449352422951136229L;
--- a/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -124,7 +124,9 @@
  * @see Certificate
  * @see java.security.cert.X509Extension
  * @see java.security.Security security properties
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public abstract class X509Certificate extends Certificate {
 
     /*
--- a/src/java.base/share/classes/javax/security/cert/package-info.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/javax/security/cert/package-info.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,15 +26,16 @@
 /**
  * Provides classes for public key certificates.
  *
- * These classes include a simplified version of the
- * java.security.cert package.  These classes were developed
- * as part of the Java Secure Socket
+ * This package has been deprecated. These classes include a simplified
+ * version of the {@code java.security.cert} package.  These classes were
+ * developed as part of the Java Secure Socket
  * Extension (JSSE).  When JSSE was added to the J2SE version 1.4, this
  * package was added for backward-compatibility reasons only.
  *
  * New applications should not use this package, but rather
- * java.security.cert.
+ * {@code java.security.cert}.
  *
  * @since 1.4
  */
+@Deprecated
 package javax.security.cert;
--- a/src/java.base/share/classes/sun/misc/Unsafe.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/misc/Unsafe.java	Thu Mar 12 21:15:18 2015 -0700
@@ -57,31 +57,29 @@
      * Provides the caller with the capability of performing unsafe
      * operations.
      *
-     * <p> The returned <code>Unsafe</code> object should be carefully guarded
+     * <p>The returned {@code Unsafe} object should be carefully guarded
      * by the caller, since it can be used to read and write data at arbitrary
      * memory addresses.  It must never be passed to untrusted code.
      *
-     * <p> Most methods in this class are very low-level, and correspond to a
+     * <p>Most methods in this class are very low-level, and correspond to a
      * small number of hardware instructions (on typical machines).  Compilers
      * are encouraged to optimize these methods accordingly.
      *
-     * <p> Here is a suggested idiom for using unsafe operations:
+     * <p>Here is a suggested idiom for using unsafe operations:
      *
-     * <blockquote><pre>
+     * <pre> {@code
      * class MyTrustedClass {
      *   private static final Unsafe unsafe = Unsafe.getUnsafe();
      *   ...
      *   private long myCountAddress = ...;
      *   public int getCount() { return unsafe.getByte(myCountAddress); }
-     * }
-     * </pre></blockquote>
+     * }}</pre>
      *
-     * (It may assist compilers to make the local variable be
-     * <code>final</code>.)
+     * (It may assist compilers to make the local variable {@code final}.)
      *
-     * @exception  SecurityException  if a security manager exists and its
-     *             <code>checkPropertiesAccess</code> method doesn't allow
-     *             access to the system properties.
+     * @throws  SecurityException  if a security manager exists and its
+     *          {@code checkPropertiesAccess} method doesn't allow
+     *          access to the system properties.
      */
     @CallerSensitive
     public static Unsafe getUnsafe() {
@@ -100,28 +98,27 @@
     /**
      * Fetches a value from a given Java variable.
      * More specifically, fetches a field or array element within the given
-     * object <code>o</code> at the given offset, or (if <code>o</code> is
-     * null) from the memory address whose numerical value is the given
-     * offset.
+     * object {@code o} at the given offset, or (if {@code o} is null)
+     * from the memory address whose numerical value is the given offset.
      * <p>
      * The results are undefined unless one of the following cases is true:
      * <ul>
      * <li>The offset was obtained from {@link #objectFieldOffset} on
      * the {@link java.lang.reflect.Field} of some Java field and the object
-     * referred to by <code>o</code> is of a class compatible with that
+     * referred to by {@code o} is of a class compatible with that
      * field's class.
      *
-     * <li>The offset and object reference <code>o</code> (either null or
+     * <li>The offset and object reference {@code o} (either null or
      * non-null) were both obtained via {@link #staticFieldOffset}
      * and {@link #staticFieldBase} (respectively) from the
      * reflective {@link Field} representation of some Java field.
      *
-     * <li>The object referred to by <code>o</code> is an array, and the offset
-     * is an integer of the form <code>B+N*S</code>, where <code>N</code> is
-     * a valid index into the array, and <code>B</code> and <code>S</code> are
+     * <li>The object referred to by {@code o} is an array, and the offset
+     * is an integer of the form {@code B+N*S}, where {@code N} is
+     * a valid index into the array, and {@code B} and {@code S} are
      * the values obtained by {@link #arrayBaseOffset} and {@link
      * #arrayIndexScale} (respectively) from the array's class.  The value
-     * referred to is the <code>N</code><em>th</em> element of the array.
+     * referred to is the {@code N}<em>th</em> element of the array.
      *
      * </ul>
      * <p>
@@ -162,7 +159,7 @@
      * is stored into that variable.
      * <p>
      * The variable must be of the same type as the method
-     * parameter <code>x</code>.
+     * parameter {@code x}.
      *
      * @param o Java heap object in which the variable resides, if any, else
      *        null
@@ -184,9 +181,9 @@
     /**
      * Stores a reference value into a given Java variable.
      * <p>
-     * Unless the reference <code>x</code> being stored is either null
+     * Unless the reference {@code x} being stored is either null
      * or matches the field type, the results are undefined.
-     * If the reference <code>o</code> is non-null, car marks or
+     * If the reference {@code o} is non-null, car marks or
      * other store barriers for that object (if the VM requires them)
      * are updated.
      * @see #putInt(Object, long, int)
@@ -272,11 +269,11 @@
      * zero, or does not point into a block obtained from {@link
      * #allocateMemory}, the results are undefined.
      *
-     * <p> If the native pointer is less than 64 bits wide, it is extended as
+     * <p>If the native pointer is less than 64 bits wide, it is extended as
      * an unsigned number to a Java long.  The pointer may be indexed by any
      * given byte offset, simply by adding that offset (as a simple integer) to
      * the long representing the pointer.  The number of bytes actually read
-     * from the target address maybe determined by consulting {@link
+     * from the target address may be determined by consulting {@link
      * #addressSize}.
      *
      * @see #allocateMemory
@@ -288,7 +285,7 @@
      * zero, or does not point into a block obtained from {@link
      * #allocateMemory}, the results are undefined.
      *
-     * <p> The number of bytes actually written at the target address maybe
+     * <p>The number of bytes actually written at the target address may be
      * determined by consulting {@link #addressSize}.
      *
      * @see #getAddress(long)
@@ -357,7 +354,7 @@
      * (usually zero).  This provides a <em>single-register</em> addressing mode,
      * as discussed in {@link #getInt(Object,long)}.
      *
-     * <p>Equivalent to <code>setMemory(null, address, bytes, value)</code>.
+     * <p>Equivalent to {@code setMemory(null, address, bytes, value)}.
      */
     public void setMemory(long address, long bytes, byte value) {
         setMemory(null, address, bytes, value);
@@ -388,7 +385,7 @@
      * block.  This provides a <em>single-register</em> addressing mode,
      * as discussed in {@link #getInt(Object,long)}.
      *
-     * Equivalent to <code>copyMemory(null, srcAddress, null, destAddress, bytes)</code>.
+     * Equivalent to {@code copyMemory(null, srcAddress, null, destAddress, bytes)}.
      */
     public void copyMemory(long srcAddress, long destAddress, long bytes) {
         copyMemory(null, srcAddress, null, destAddress, bytes);
@@ -413,7 +410,7 @@
     public static final int INVALID_FIELD_OFFSET   = -1;
 
     /**
-     * Report the location of a given field in the storage allocation of its
+     * Reports the location of a given field in the storage allocation of its
      * class.  Do not expect to perform any sort of arithmetic on this offset;
      * it is just a cookie which is passed to the unsafe heap memory accessors.
      *
@@ -433,7 +430,7 @@
     public native long objectFieldOffset(Field f);
 
     /**
-     * Report the location of a given static field, in conjunction with {@link
+     * Reports the location of a given static field, in conjunction with {@link
      * #staticFieldBase}.
      * <p>Do not expect to perform any sort of arithmetic on this offset;
      * it is just a cookie which is passed to the unsafe heap memory accessors.
@@ -452,7 +449,7 @@
     public native long staticFieldOffset(Field f);
 
     /**
-     * Report the location of a given static field, in conjunction with {@link
+     * Reports the location of a given static field, in conjunction with {@link
      * #staticFieldOffset}.
      * <p>Fetch the base "Object", if any, with which static fields of the
      * given class can be accessed via methods like {@link #getInt(Object,
@@ -464,7 +461,7 @@
     public native Object staticFieldBase(Field f);
 
     /**
-     * Detect if the given class may need to be initialized. This is often
+     * Detects if the given class may need to be initialized. This is often
      * needed in conjunction with obtaining the static field base of a
      * class.
      * @return false only if a call to {@code ensureClassInitialized} would have no effect
@@ -472,14 +469,14 @@
     public native boolean shouldBeInitialized(Class<?> c);
 
     /**
-     * Ensure the given class has been initialized. This is often
+     * Ensures the given class has been initialized. This is often
      * needed in conjunction with obtaining the static field base of a
      * class.
      */
     public native void ensureClassInitialized(Class<?> c);
 
     /**
-     * Report the offset of the first element in the storage allocation of a
+     * Reports the offset of the first element in the storage allocation of a
      * given array class.  If {@link #arrayIndexScale} returns a non-zero value
      * for the same class, you may use that scale factor, together with this
      * base offset, to form new offsets to access elements of arrays of the
@@ -527,7 +524,7 @@
             = theUnsafe.arrayBaseOffset(Object[].class);
 
     /**
-     * Report the scale factor for addressing elements in the storage
+     * Reports the scale factor for addressing elements in the storage
      * allocation of a given array class.  However, arrays of "narrow" types
      * will generally not work properly with accessors like {@link
      * #getByte(Object, long)}, so the scale factor for such classes is reported
@@ -576,7 +573,7 @@
             = theUnsafe.arrayIndexScale(Object[].class);
 
     /**
-     * Report the size in bytes of a native pointer, as stored via {@link
+     * Reports the size in bytes of a native pointer, as stored via {@link
      * #putAddress}.  This value will be either 4 or 8.  Note that the sizes of
      * other primitive types (as stored in native memory blocks) is determined
      * fully by their information content.
@@ -587,7 +584,7 @@
     public static final int ADDRESS_SIZE = theUnsafe.addressSize();
 
     /**
-     * Report the size in bytes of a native memory page (whatever that is).
+     * Reports the size in bytes of a native memory page (whatever that is).
      * This value will always be a power of two.
      */
     public native int pageSize();
@@ -596,7 +593,7 @@
     /// random trusted operations from JNI:
 
     /**
-     * Tell the VM to define a class, without security checks.  By default, the
+     * Tells the VM to define a class, without security checks.  By default, the
      * class loader and protection domain come from the caller's class.
      */
     public native Class<?> defineClass(String name, byte[] b, int off, int len,
@@ -604,7 +601,7 @@
                                        ProtectionDomain protectionDomain);
 
     /**
-     * Define a class but do not make it known to the class loader or system dictionary.
+     * Defines a class but does not make it known to the class loader or system dictionary.
      * <p>
      * For each CP entry, the corresponding CP patch must either be null or have
      * the a format that matches its tag:
@@ -621,38 +618,38 @@
      */
     public native Class<?> defineAnonymousClass(Class<?> hostClass, byte[] data, Object[] cpPatches);
 
-
-    /** Allocate an instance but do not run any constructor.
-        Initializes the class if it has not yet been. */
+    /**
+     * Allocates an instance but does not run any constructor.
+     * Initializes the class if it has not yet been.
+     */
     public native Object allocateInstance(Class<?> cls)
         throws InstantiationException;
 
-    /** Throw the exception without telling the verifier. */
+    /** Throws the exception without telling the verifier. */
     public native void throwException(Throwable ee);
 
-
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapObject(Object o, long offset,
                                                      Object expected,
                                                      Object x);
 
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapInt(Object o, long offset,
                                                   int expected,
                                                   int x);
 
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapLong(Object o, long offset,
                                                    long expected,
@@ -736,28 +733,28 @@
     public native void    putOrderedLong(Object o, long offset, long x);
 
     /**
-     * Unblock the given thread blocked on <tt>park</tt>, or, if it is
-     * not blocked, cause the subsequent call to <tt>park</tt> not to
+     * Unblocks the given thread blocked on {@code park}, or, if it is
+     * not blocked, causes the subsequent call to {@code park} not to
      * block.  Note: this operation is "unsafe" solely because the
      * caller must somehow ensure that the thread has not been
      * destroyed. Nothing special is usually required to ensure this
      * when called from Java (in which there will ordinarily be a live
      * reference to the thread) but this is not nearly-automatically
      * so when calling from native code.
+     *
      * @param thread the thread to unpark.
-     *
      */
     public native void unpark(Object thread);
 
     /**
-     * Block current thread, returning when a balancing
-     * <tt>unpark</tt> occurs, or a balancing <tt>unpark</tt> has
+     * Blocks current thread, returning when a balancing
+     * {@code unpark} occurs, or a balancing {@code unpark} has
      * already occurred, or the thread is interrupted, or, if not
      * absolute and time is not zero, the given time nanoseconds have
      * elapsed, or if absolute, the given deadline in milliseconds
      * since Epoch has passed, or spuriously (i.e., returning for no
      * "reason"). Note: This operation is in the Unsafe class only
-     * because <tt>unpark</tt> is, so it would be strange to place it
+     * because {@code unpark} is, so it would be strange to place it
      * elsewhere.
      */
     public native void park(boolean isAbsolute, long time);
@@ -765,8 +762,8 @@
     /**
      * Gets the load average in the system run queue assigned
      * to the available processors averaged over various periods of time.
-     * This method retrieves the given <tt>nelem</tt> samples and
-     * assigns to the elements of the given <tt>loadavg</tt> array.
+     * This method retrieves the given {@code nelem} samples and
+     * assigns to the elements of the given {@code loadavg} array.
      * The system imposes a maximum of 3 samples, representing
      * averages over the last 1,  5,  and  15 minutes, respectively.
      *
@@ -784,8 +781,8 @@
 
     /**
      * Atomically adds the given value to the current value of a field
-     * or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -803,8 +800,8 @@
 
     /**
      * Atomically adds the given value to the current value of a field
-     * or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -822,8 +819,8 @@
 
     /**
      * Atomically exchanges the given value with the current value of
-     * a field or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * a field or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -841,8 +838,8 @@
 
     /**
      * Atomically exchanges the given value with the current value of
-     * a field or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * a field or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -861,7 +858,7 @@
     /**
      * Atomically exchanges the given reference value with the current
      * reference value of a field or array element within the given
-     * object <code>o</code> at the given <code>offset</code>.
+     * object {@code o} at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
--- a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -244,7 +244,9 @@
     public java.security.cert.Certificate[] getServerCertificates()
             throws SSLPeerUnverifiedException {
         if (cachedResponse != null) {
-            List<java.security.cert.Certificate> l = ((SecureCacheResponse)cachedResponse).getServerCertificateChain();
+            List<java.security.cert.Certificate> l =
+                    ((SecureCacheResponse)cachedResponse)
+                            .getServerCertificateChain();
             if (l == null) {
                 return null;
             } else {
@@ -262,7 +264,12 @@
     /**
      * Returns the server's X.509 certificate chain, or null if
      * the server did not authenticate.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate[] getServerCertificateChain()
             throws SSLPeerUnverifiedException {
         if (cachedResponse != null) {
@@ -271,7 +278,7 @@
         if (http == null) {
             throw new IllegalStateException("connection not yet open");
         } else {
-            return ((HttpsClient)http).getServerCertificateChain ();
+            return ((HttpsClient)http).getServerCertificateChain();
         }
     }
 
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -699,7 +699,12 @@
     /**
      * Returns the X.509 certificate chain with which the server
      * authenticated itself, or null if the server did not authenticate.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     javax.security.cert.X509Certificate [] getServerCertificateChain()
             throws SSLPeerUnverifiedException
     {
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -204,7 +204,12 @@
      * NOTE: This method is not necessary for the version of this class
      * implementing javax.net.ssl.HttpsURLConnection, but provided for
      * compatibility with the com.sun.net.ssl.HttpsURLConnection version.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate[] getServerCertificateChain() {
         try {
             return delegate.getServerCertificateChain();
--- a/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1569,6 +1569,9 @@
     /*
      * Returns the subject alternative name of the specified type in the
      * subjectAltNames extension of a certificate.
+     *
+     * Note that only those subjectAltName types that use String data
+     * should be passed into this function.
      */
     private static Collection<String> getSubjectAltNames(
             Collection<List<?>> subjectAltNames, int type) {
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -464,8 +464,13 @@
      *
      * @return array of peer X.509 certs, with the peer's own cert
      *  first in the chain, and with the "root" CA last.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getPeerCertificates()} instead.
      */
     @Override
+    @Deprecated
     public javax.security.cert.X509Certificate[] getPeerCertificateChain()
             throws SSLPeerUnverifiedException {
         //
--- a/src/java.base/share/native/libjli/java.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/native/libjli/java.c	Thu Mar 12 21:15:18 2015 -0700
@@ -661,15 +661,24 @@
          * arguments are for the application (i.e. the main class name, or
          * the -jar argument).
          */
-        if ((i > 0 && *arg != '-')
-                || JLI_StrCmp(arg, "-version") == 0
-                || JLI_StrCmp(arg, "-fullversion") == 0
-                || JLI_StrCmp(arg, "-help") == 0
-                || JLI_StrCmp(arg, "-?") == 0
-                || JLI_StrCmp(arg, "-jar") == 0
-                || JLI_StrCmp(arg, "-X") == 0
-                ) {
-            return;
+        if (i > 0) {
+            char *prev = argv[i - 1];
+            // skip non-dash arg preceded by class path specifiers
+            if (*arg != '-' &&
+                    ((JLI_StrCmp(prev, "-cp") == 0
+                    || JLI_StrCmp(prev, "-classpath") == 0))) {
+                continue;
+            }
+
+            if (*arg != '-'
+                    || JLI_StrCmp(arg, "-version") == 0
+                    || JLI_StrCmp(arg, "-fullversion") == 0
+                    || JLI_StrCmp(arg, "-help") == 0
+                    || JLI_StrCmp(arg, "-?") == 0
+                    || JLI_StrCmp(arg, "-jar") == 0
+                    || JLI_StrCmp(arg, "-X") == 0) {
+                return;
+            }
         }
         /*
          * The following case checks for "-XX:NativeMemoryTracking=value".
--- a/src/java.base/share/native/libjli/manifest_info.h	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/native/libjli/manifest_info.h	Thu Mar 12 21:15:18 2015 -0700
@@ -32,13 +32,16 @@
  * Zip file header signatures
  */
 #define SIGSIZ 4                    /* size of all header signatures */
-#define LOCSIG 0x04034b50L          /* "PK\003\004" */
-#define EXTSIG 0x08074b50L          /* "PK\007\008" */
-#define CENSIG 0x02014b50L          /* "PK\001\002" */
-#define ENDSIG 0x06054b50L          /* "PK\005\006" */
 
-#define ZIP64_ENDSIG 0x06064b50L    /* "PK\006\006" */
-#define ZIP64_LOCSIG 0x07064b50L    /* "PK\006\007" */
+#define PKZIP_SIGNATURE_AT(p, b2, b3) \
+  (((p)[0] == 'P') & ((p)[1] == 'K') & ((p)[2] == b2) & ((p)[3] == b3))
+#define CENSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 1, 2)
+#define LOCSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 3, 4)
+#define ENDSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 5, 6)
+#define EXTSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 7, 8)
+#define ZIP64_ENDSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 6)
+#define ZIP64_LOCSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 7)
+
 /*
  * Header sizes including signatures
  */
--- a/src/java.base/share/native/libjli/parse_manifest.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/native/libjli/parse_manifest.c	Thu Mar 12 21:15:18 2015 -0700
@@ -138,7 +138,7 @@
         return -1;
     if ((bytes = read(fd, ep, ZIP64_LOCHDR)) < 0)
         return -1;
-    if (GETSIG(ep) == ZIP64_LOCSIG)
+    if (ZIP64_LOCSIG_AT(ep))
        return end64pos;
     return -1;
 }
@@ -176,7 +176,7 @@
         return (-1);
     if ((bytes = read(fd, eb, ENDHDR)) < 0)
         return (-1);
-    if (GETSIG(eb) == ENDSIG) {
+    if (ENDSIG_AT(eb)) {
         return haveZIP64(eb) ? find_end64(fd, eb, pos) : pos;
     }
 
@@ -200,14 +200,11 @@
 
     /*
      * Search backwards from the end of file stopping when the END header
-     * signature is found. (The first condition of the "if" is just a
-     * fast fail, because the GETSIG macro isn't always cheap.  The
-     * final condition protects against false positives.)
+     * signature is found.
      */
     endpos = &buffer[bytes];
     for (cp = &buffer[bytes - ENDHDR]; cp >= &buffer[0]; cp--)
-        if ((*cp == (ENDSIG & 0xFF)) && (GETSIG(cp) == ENDSIG) &&
-          (cp + ENDHDR + ENDCOM(cp) == endpos)) {
+        if (ENDSIG_AT(cp) && (cp + ENDHDR + ENDCOM(cp) == endpos)) {
             (void) memcpy(eb, cp, ENDHDR);
             free(buffer);
             pos = flen - (endpos - cp);
@@ -267,7 +264,7 @@
         if ((bytes = read(fd, buffer, MINREAD)) < 0) {
             return (-1);
         }
-        if (GETSIG(buffer) != ZIP64_ENDSIG) {
+        if (!ZIP64_ENDSIG_AT(buffer)) {
             return -1;
         }
         if ((offset = ZIP64_ENDOFF(buffer)) < (jlong)0) {
@@ -356,7 +353,7 @@
      * Loop through the Central Directory Headers. Note that a valid zip/jar
      * must have an ENDHDR (with ENDSIG) after the Central Directory.
      */
-    while (GETSIG(p) == CENSIG) {
+    while (CENSIG_AT(p)) {
 
         /*
          * If a complete header isn't in the buffer, shift the contents
@@ -403,7 +400,7 @@
                 free(buffer);
                 return (-1);
             }
-            if (GETSIG(locbuf) != LOCSIG) {
+            if (!LOCSIG_AT(locbuf)) {
                 free(buffer);
                 return (-1);
             }
--- a/src/java.base/share/native/libzip/zip_util.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/native/libzip/zip_util.c	Thu Mar 12 21:15:18 2015 -0700
@@ -281,9 +281,9 @@
     return (cenpos >= 0 &&
             locpos >= 0 &&
             readFullyAt(zip->zfd, buf, sizeof(buf), cenpos) != -1 &&
-            GETSIG(buf) == CENSIG &&
+            CENSIG_AT(buf) &&
             readFullyAt(zip->zfd, buf, sizeof(buf), locpos) != -1 &&
-            GETSIG(buf) == LOCSIG);
+            LOCSIG_AT(buf));
 }
 
 /*
@@ -674,7 +674,7 @@
         method = CENHOW(cp);
         nlen   = CENNAM(cp);
 
-        if (GETSIG(cp) != CENSIG)
+        if (!CENSIG_AT(cp))
             ZIP_FORMAT_ERROR("invalid CEN header (bad signature)");
         if (CENFLG(cp) & 1)
             ZIP_FORMAT_ERROR("invalid CEN header (encrypted entry)");
@@ -827,10 +827,7 @@
 
     // Assumption, zfd refers to start of file. Trivially, reuse errbuf.
     if (readFully(zfd, errbuf, 4) != -1) {  // errors will be handled later
-        if (GETSIG(errbuf) == LOCSIG)
-            zip->locsig = JNI_TRUE;
-        else
-            zip->locsig = JNI_FALSE;
+        zip->locsig = LOCSIG_AT(errbuf) ? JNI_TRUE : JNI_FALSE;
     }
 
     len = zip->len = IO_Lseek(zfd, 0, SEEK_END);
@@ -1284,7 +1281,7 @@
             zip->msg = "error reading zip file";
             return -1;
         }
-        if (GETSIG(loc) != LOCSIG) {
+        if (!LOCSIG_AT(loc)) {
             zip->msg = "invalid LOC header (bad signature)";
             return -1;
         }
--- a/src/java.base/share/native/libzip/zip_util.h	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/share/native/libzip/zip_util.h	Thu Mar 12 21:15:18 2015 -0700
@@ -33,13 +33,14 @@
 /*
  * Header signatures
  */
-#define LOCSIG 0x04034b50L          /* "PK\003\004" */
-#define EXTSIG 0x08074b50L          /* "PK\007\008" */
-#define CENSIG 0x02014b50L          /* "PK\001\002" */
-#define ENDSIG 0x06054b50L          /* "PK\005\006" */
-
-#define ZIP64_ENDSIG 0x06064b50L    /* "PK\006\006" */
-#define ZIP64_LOCSIG 0x07064b50L    /* "PK\006\007" */
+#define PKZIP_SIGNATURE_AT(p, b2, b3) \
+  (((p)[0] == 'P') & ((p)[1] == 'K') & ((p)[2] == b2) & ((p)[3] == b3))
+#define CENSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 1, 2)
+#define LOCSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 3, 4)
+#define ENDSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 5, 6)
+#define EXTSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 7, 8)
+#define ZIP64_ENDSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 6)
+#define ZIP64_LOCSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 7)
 
 /*
  * Header sizes including signatures
--- a/src/java.base/unix/native/launcher/jexec.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/unix/native/launcher/jexec.c	Thu Mar 12 21:15:18 2015 -0700
@@ -323,7 +323,7 @@
             result = BAD_MAGIC_MSG;
 
             // be sure the file is at least a ZIP file
-            if (GETSIG(buf) == LOCSIG) {
+            if (LOCSIG_AT(buf)) {
 
                 off_t flen  = LOCNAM(buf);
                 off_t xlen  = LOCEXT(buf);
--- a/src/java.base/windows/native/libnet/NetworkInterface_winXP.c	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.base/windows/native/libnet/NetworkInterface_winXP.c	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
 #include <winsock2.h>           /* needed for htonl */
 #include <iprtrmib.h>
 #include <assert.h>
+#include <limits.h>
 
 #include "java_net_NetworkInterface.h"
 #include "jni_util.h"
@@ -70,7 +71,7 @@
 
 #endif
 
-static int bufsize = 1024;
+static int bufsize = 4096;
 
 /*
  * return an array of IP_ADAPTER_ADDRESSES containing one element
@@ -102,7 +103,11 @@
     ret = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
 
     if (ret == ERROR_BUFFER_OVERFLOW) {
-        IP_ADAPTER_ADDRESSES * newAdapterInfo =
+        IP_ADAPTER_ADDRESSES * newAdapterInfo = NULL;
+        if (len  < (ULONG_MAX - bufsize)) {
+            len = len + bufsize;
+        }
+        newAdapterInfo =
             (IP_ADAPTER_ADDRESSES *) realloc (adapterInfo, len);
         if (newAdapterInfo == NULL) {
             free(adapterInfo);
@@ -113,7 +118,6 @@
 
         adapterInfo = newAdapterInfo;
 
-        bufsize = len;
         ret = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     }
 
@@ -176,7 +180,11 @@
     flags |= GAA_FLAG_INCLUDE_PREFIX;
     val = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     if (val == ERROR_BUFFER_OVERFLOW) {
-        IP_ADAPTER_ADDRESSES * newAdapterInfo =
+        IP_ADAPTER_ADDRESSES * newAdapterInfo = NULL;
+        if (len  < (ULONG_MAX - bufsize)) {
+            len = len + bufsize;
+        }
+        newAdapterInfo =
                 (IP_ADAPTER_ADDRESSES *) realloc (adapterInfo, len);
         if (newAdapterInfo == NULL) {
             free(adapterInfo);
@@ -187,7 +195,6 @@
 
         adapterInfo = newAdapterInfo;
 
-        bufsize = len;
         val = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     }
 
--- a/src/java.prefs/share/classes/java/util/prefs/Preferences.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.prefs/share/classes/java/util/prefs/Preferences.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -489,6 +489,8 @@
      *       <tt>MAX_VALUE_LENGTH</tt>.
      * @throws IllegalStateException if this node (or an ancestor) has been
      *         removed with the {@link #removeNode()} method.
+     * @throws IllegalArgumentException if either the key or the value contain
+     *         the null control character, code point U+0000.
      */
     public abstract void put(String key, String value);
 
--- a/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java	Thu Mar 12 21:15:18 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,13 @@
  */
 class FileSystemPreferences extends AbstractPreferences {
 
+    /**
+     * The code point U+0000, assigned to the null control character, is the
+     * only character encoded in Unicode and ISO/IEC 10646 that is always
+     * invalid in any XML 1.0 and 1.1 document.
+     */
+    private static final String CODE_POINT_U0000 = String.valueOf('\u0000');
+
     static {
         PrivilegedAction<Void> load = () -> {
             System.loadLibrary("prefs");
@@ -525,6 +532,11 @@
     }
 
     protected void putSpi(String key, String value) {
+        if (key.indexOf(CODE_POINT_U0000) != -1) {
+            throw new IllegalArgumentException("Key contains code point U+0000");
+        } else if (value.indexOf(CODE_POINT_U0000) != -1) {
+            throw new IllegalArgumentException("Value contains code point U+0000");
+        }
         initCacheIfNecessary();
         changeLog.add(new Put(key, value));
         prefsCache.put(key, value);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Manifest.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Manifest.java	Thu Mar 12 21:15:18 2015 -0700
@@ -52,7 +52,7 @@
  * <pre>
  *   XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
  *   Reference ref = factory.newReference("#reference-1", DigestMethod.SHA1);
- *   List<Reference> references = Collections.singletonList(ref);
+ *   List&lt;Reference&gt; references = Collections.singletonList(ref);
  *   Manifest manifest = factory.newManifest(references, "manifest-1");
  * </pre>
  *
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLObject.java	Thu Mar 12 13:35:13 2015 -0700
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLObject.java	Thu Mar 12 21:15:18 2015 -0700
@@ -65,7 +65,7 @@
  * <pre>
  *   XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
  *   Manifest manifest = fac.newManifest(references);
- *   List<XMLStructure> content = Collections.singletonList(manifest);
+ *   List&lt;XMLStructure&gt; content = Collections.singletonList(manifest);
  *   XMLObject object = factory.newXMLObject(content, "object-1", null, null);
  * </pre>
  *
--- a/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSigner.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-
-/**
- * This class defines a content signing service.
- * Implementations must be instantiable using a zero-argument constructor.
- *
- * @since 1.5
- * @author Vincent Ryan
- */
-
-@jdk.Exported
-public abstract class ContentSigner {
-
-    /**
-     * Generates a PKCS #7 signed data message.
-     * This method is used when the signature has already been generated.
-     * The signature, the signer's details, and optionally a signature
-     * timestamp and the content that was signed, are all packaged into a
-     * signed data message.
-     *
-     * @param parameters The non-null input parameters.
-     * @param omitContent true if the content should be omitted from the
-     *         signed data message. Otherwise the content is included.
-     * @param applyTimestamp true if the signature should be timestamped.
-     *         Otherwise timestamping is not performed.
-     * @return A PKCS #7 signed data message.
-     * @throws NoSuchAlgorithmException The exception is thrown if the signature
-     *         algorithm is unrecognised.
-     * @throws CertificateException The exception is thrown if an error occurs
-     *         while processing the signer's certificate or the TSA's
-     *         certificate.
-     * @throws IOException The exception is thrown if an error occurs while
-     *         generating the signature timestamp or while generating the signed
-     *         data message.
-     * @throws NullPointerException The exception is thrown if parameters is
-     *         null.
-     */
-    public abstract byte[] generateSignedData(
-        ContentSignerParameters parameters, boolean omitContent,
-        boolean applyTimestamp)
-            throws NoSuchAlgorithmException, CertificateException, IOException;
-}
--- a/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSignerParameters.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.net.URI;
-import java.security.cert.X509Certificate;
-import java.util.zip.ZipFile;
-
-/**
- * This interface encapsulates the parameters for a ContentSigner object.
- *
- * @since 1.5
- * @author Vincent Ryan
- */
-@jdk.Exported
-public interface ContentSignerParameters {
-
-    /**
-     * Retrieves the command-line arguments passed to the jarsigner tool.
-     *
-     * @return The command-line arguments. May be null.
-     */
-    public String[] getCommandLine();
-
-    /**
-     * Retrieves the identifier for a Timestamping Authority (TSA).
-     *
-     * @return The TSA identifier. May be null.
-     */
-    public URI getTimestampingAuthority();
-
-    /**
-     * Retrieves the certificate for a Timestamping Authority (TSA).
-     *
-     * @return The TSA certificate. May be null.
-     */
-    public X509Certificate getTimestampingAuthorityCertificate();
-
-    /**
-     * Retrieves the TSAPolicyID for a Timestamping Authority (TSA).
-     *
-     * @return The TSAPolicyID. May be null.
-     */
-    public default String getTSAPolicyID() {
-        return null;
-    }
-
-    /**
-     * Retreives the message digest algorithm that is used to generate
-     * the message imprint to be sent to the TSA server.
-     *
-     * @since 1.9
-     * @return The non-null string of the message digest algorithm name.
-     */
-    public default String getTSADigestAlg() {
-        return "SHA-256";
-    }
-
-    /**
-     * Retrieves the JAR file's signature.
-     *
-     * @return The non-null array of signature bytes.
-     */
-    public byte[] getSignature();
-
-    /**
-     * Retrieves the name of the signature algorithm.
-     *
-     * @return The non-null string name of the signature algorithm.
-     */
-    public String getSignatureAlgorithm();
-
-    /**
-     * Retrieves the signer's X.509 certificate chain.
-     *
-     * @return The non-null array of X.509 public-key certificates.
-     */
-    public X509Certificate[] getSignerCertificateChain();
-
-    /**
-     * Retrieves the content that was signed.
-     * The content is the JAR file's signature file.
-     *
-     * @return The content bytes. May be null.
-     */
-    public byte[] getContent();
-
-    /**
-     * Retrieves the original source ZIP file before it was signed.
-     *
-     * @return The original ZIP file. May be null.
-     */
-    public ZipFile getSource();
-}
--- a/src/jdk.dev/share/classes/com/sun/jarsigner/package-info.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-/**
- * This package comprises the interfaces and classes used to define the
- * signing mechanism used by the <tt>jarsigner</tt> tool.
- * <p>
- * Clients may override the default signing mechanism of the <tt>jarsigner</tt>
- * tool by supplying an alternative implementation of
- * {@link com.sun.jarsigner.ContentSigner}.
- */
-
-@jdk.Exported
-package com.sun.jarsigner;
--- a/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Main.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2571 +0,0 @@
-/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-import java.io.*;
-import java.util.*;
-import java.util.zip.*;
-import java.util.jar.*;
-import java.math.BigInteger;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.text.Collator;
-import java.text.MessageFormat;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateException;
-import java.security.*;
-import java.lang.reflect.Constructor;
-
-import com.sun.jarsigner.ContentSigner;
-import com.sun.jarsigner.ContentSignerParameters;
-import java.net.SocketTimeoutException;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.util.Map.Entry;
-import sun.security.tools.KeyStoreUtil;
-import sun.security.tools.PathList;
-import sun.security.x509.*;
-import sun.security.util.*;
-import java.util.Base64;
-
-
-/**
- * <p>The jarsigner utility.
- *
- * The exit codes for the main method are:
- *
- * 0: success
- * 1: any error that the jar cannot be signed or verified, including:
- *      keystore loading error
- *      TSP communication error
- *      jarsigner command line error...
- * otherwise: error codes from -strict
- *
- * @author Roland Schemers
- * @author Jan Luehe
- */
-
-public class Main {
-
-    // for i18n
-    private static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle
-        ("sun.security.tools.jarsigner.Resources");
-    private static final Collator collator = Collator.getInstance();
-    static {
-        // this is for case insensitive string comparisions
-        collator.setStrength(Collator.PRIMARY);
-    }
-
-    private static final String META_INF = "META-INF/";
-
-    private static final Class<?>[] PARAM_STRING = { String.class };
-
-    private static final String NONE = "NONE";
-    private static final String P11KEYSTORE = "PKCS11";
-
-    private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
-
-    // Attention:
-    // This is the entry that get launched by the security tool jarsigner.
-    public static void main(String args[]) throws Exception {
-        Main js = new Main();
-        js.run(args);
-    }
-
-    static final String VERSION = "1.0";
-
-    static final int IN_KEYSTORE = 0x01;        // signer is in keystore
-    static final int IN_SCOPE = 0x02;
-    static final int NOT_ALIAS = 0x04;          // alias list is NOT empty and
-                                                // signer is not in alias list
-    static final int SIGNED_BY_ALIAS = 0x08;    // signer is in alias list
-
-    X509Certificate[] certChain;    // signer's cert chain (when composing)
-    PrivateKey privateKey;          // private key
-    KeyStore store;                 // the keystore specified by -keystore
-                                    // or the default keystore, never null
-
-    String keystore; // key store file
-    boolean nullStream = false; // null keystore input stream (NONE)
-    boolean token = false; // token-based keystore
-    String jarfile;  // jar files to sign or verify
-    String alias;    // alias to sign jar with
-    List<String> ckaliases = new ArrayList<>(); // aliases in -verify
-    char[] storepass; // keystore password
-    boolean protectedPath; // protected authentication path
-    String storetype; // keystore type
-    String providerName; // provider name
-    Vector<String> providers = null; // list of providers
-    // arguments for provider constructors
-    HashMap<String,String> providerArgs = new HashMap<>();
-    char[] keypass; // private key password
-    String sigfile; // name of .SF file
-    String sigalg; // name of signature algorithm
-    String digestalg = "SHA-256"; // name of digest algorithm
-    String signedjar; // output filename
-    String tsaUrl; // location of the Timestamping Authority
-    String tsaAlias; // alias for the Timestamping Authority's certificate
-    String altCertChain; // file to read alternative cert chain from
-    String tSAPolicyID;
-    String tSADigestAlg = "SHA-256";
-    boolean verify = false; // verify the jar
-    String verbose = null; // verbose output when signing/verifying
-    boolean showcerts = false; // show certs when verifying
-    boolean debug = false; // debug
-    boolean signManifest = true; // "sign" the whole manifest
-    boolean externalSF = true; // leave the .SF out of the PKCS7 block
-    boolean strict = false;  // treat warnings as error
-
-    // read zip entry raw bytes
-    private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
-    private byte[] buffer = new byte[8192];
-    private ContentSigner signingMechanism = null;
-    private String altSignerClass = null;
-    private String altSignerClasspath = null;
-    private ZipFile zipFile = null;
-
-    // Informational warnings
-    private boolean hasExpiringCert = false;
-    private boolean noTimestamp = false;
-    private Date expireDate = new Date(0L);     // used in noTimestamp warning
-
-    // Severe warnings
-    private boolean hasExpiredCert = false;
-    private boolean notYetValidCert = false;
-    private boolean chainNotValidated = false;
-    private boolean notSignedByAlias = false;
-    private boolean aliasNotInStore = false;
-    private boolean hasUnsignedEntry = false;
-    private boolean badKeyUsage = false;
-    private boolean badExtendedKeyUsage = false;
-    private boolean badNetscapeCertType = false;
-
-    CertificateFactory certificateFactory;
-    CertPathValidator validator;
-    PKIXParameters pkixParameters;
-
-    public void run(String args[]) {
-        try {
-            args = parseArgs(args);
-
-            // Try to load and install the specified providers
-            if (providers != null) {
-                ClassLoader cl = ClassLoader.getSystemClassLoader();
-                Enumeration<String> e = providers.elements();
-                while (e.hasMoreElements()) {
-                    String provName = e.nextElement();
-                    Class<?> provClass;
-                    if (cl != null) {
-                        provClass = cl.loadClass(provName);
-                    } else {
-                        provClass = Class.forName(provName);
-                    }
-
-                    String provArg = providerArgs.get(provName);
-                    Object obj;
-                    if (provArg == null) {
-                        obj = provClass.newInstance();
-                    } else {
-                        Constructor<?> c =
-                                provClass.getConstructor(PARAM_STRING);
-                        obj = c.newInstance(provArg);
-                    }
-
-                    if (!(obj instanceof Provider)) {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("provName.not.a.provider"));
-                        Object[] source = {provName};
-                        throw new Exception(form.format(source));
-                    }
-                    Security.addProvider((Provider)obj);
-                }
-            }
-
-            if (verify) {
-                try {
-                    loadKeyStore(keystore, false);
-                } catch (Exception e) {
-                    if ((keystore != null) || (storepass != null)) {
-                        System.out.println(rb.getString("jarsigner.error.") +
-                                        e.getMessage());
-                        System.exit(1);
-                    }
-                }
-                /*              if (debug) {
-                    SignatureFileVerifier.setDebug(true);
-                    ManifestEntryVerifier.setDebug(true);
-                }
-                */
-                verifyJar(jarfile);
-            } else {
-                loadKeyStore(keystore, true);
-                getAliasInfo(alias);
-
-                // load the alternative signing mechanism
-                if (altSignerClass != null) {
-                    signingMechanism = loadSigningMechanism(altSignerClass,
-                        altSignerClasspath);
-                }
-                signJar(jarfile, alias, args);
-            }
-        } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner.error.") + e);
-            if (debug) {
-                e.printStackTrace();
-            }
-            System.exit(1);
-        } finally {
-            // zero-out private key password
-            if (keypass != null) {
-                Arrays.fill(keypass, ' ');
-                keypass = null;
-            }
-            // zero-out keystore password
-            if (storepass != null) {
-                Arrays.fill(storepass, ' ');
-                storepass = null;
-            }
-        }
-
-        if (strict) {
-            int exitCode = 0;
-            if (chainNotValidated || hasExpiredCert || notYetValidCert) {
-                exitCode |= 4;
-            }
-            if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
-                exitCode |= 8;
-            }
-            if (hasUnsignedEntry) {
-                exitCode |= 16;
-            }
-            if (notSignedByAlias || aliasNotInStore) {
-                exitCode |= 32;
-            }
-            if (exitCode != 0) {
-                System.exit(exitCode);
-            }
-        }
-    }
-
-    /*
-     * Parse command line arguments.
-     */
-    String[] parseArgs(String args[]) throws Exception {
-        /* parse flags */
-        int n = 0;
-
-        if (args.length == 0) fullusage();
-
-        String confFile = null;
-        String command = "-sign";
-        for (n=0; n < args.length; n++) {
-            if (collator.compare(args[n], "-verify") == 0) {
-                command = "-verify";
-            } else if (collator.compare(args[n], "-conf") == 0) {
-                if (n == args.length - 1) {
-                    usageNoArg();
-                }
-                confFile = args[++n];
-            }
-        }
-
-        if (confFile != null) {
-            args = KeyStoreUtil.expandArgs(
-                    "jarsigner", confFile, command, null, args);
-        }
-
-        debug = Arrays.stream(args).anyMatch(
-                x -> collator.compare(x, "-debug") == 0);
-
-        if (debug) {
-            // No need to localize debug output
-            System.out.println("Command line args: " +
-                    Arrays.toString(args));
-        }
-
-        for (n=0; n < args.length; n++) {
-
-            String flags = args[n];
-            String modifier = null;
-
-            if (flags.startsWith("-")) {
-                int pos = flags.indexOf(':');
-                if (pos > 0) {
-                    modifier = flags.substring(pos+1);
-                    flags = flags.substring(0, pos);
-                }
-            }
-
-            if (!flags.startsWith("-")) {
-                if (jarfile == null) {
-                    jarfile = flags;
-                } else {
-                    alias = flags;
-                    ckaliases.add(alias);
-                }
-            } else if (collator.compare(flags, "-conf") == 0) {
-                if (++n == args.length) usageNoArg();
-            } else if (collator.compare(flags, "-keystore") == 0) {
-                if (++n == args.length) usageNoArg();
-                keystore = args[n];
-            } else if (collator.compare(flags, "-storepass") ==0) {
-                if (++n == args.length) usageNoArg();
-                storepass = getPass(modifier, args[n]);
-            } else if (collator.compare(flags, "-storetype") ==0) {
-                if (++n == args.length) usageNoArg();
-                storetype = args[n];
-            } else if (collator.compare(flags, "-providerName") ==0) {
-                if (++n == args.length) usageNoArg();
-                providerName = args[n];
-            } else if ((collator.compare(flags, "-provider") == 0) ||
-                        (collator.compare(flags, "-providerClass") == 0)) {
-                if (++n == args.length) usageNoArg();
-                if (providers == null) {
-                    providers = new Vector<String>(3);
-                }
-                providers.add(args[n]);
-
-                if (args.length > (n+1)) {
-                    flags = args[n+1];
-                    if (collator.compare(flags, "-providerArg") == 0) {
-                        if (args.length == (n+2)) usageNoArg();
-                        providerArgs.put(args[n], args[n+2]);
-                        n += 2;
-                    }
-                }
-            } else if (collator.compare(flags, "-protected") ==0) {
-                protectedPath = true;
-            } else if (collator.compare(flags, "-certchain") ==0) {
-                if (++n == args.length) usageNoArg();
-                altCertChain = args[n];
-            } else if (collator.compare(flags, "-tsapolicyid") ==0) {
-                if (++n == args.length) usageNoArg();
-                tSAPolicyID = args[n];
-            } else if (collator.compare(flags, "-tsadigestalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                tSADigestAlg = args[n];
-            } else if (collator.compare(flags, "-debug") ==0) {
-                // Already processed
-            } else if (collator.compare(flags, "-keypass") ==0) {
-                if (++n == args.length) usageNoArg();
-                keypass = getPass(modifier, args[n]);
-            } else if (collator.compare(flags, "-sigfile") ==0) {
-                if (++n == args.length) usageNoArg();
-                sigfile = args[n];
-            } else if (collator.compare(flags, "-signedjar") ==0) {
-                if (++n == args.length) usageNoArg();
-                signedjar = args[n];
-            } else if (collator.compare(flags, "-tsa") ==0) {
-                if (++n == args.length) usageNoArg();
-                tsaUrl = args[n];
-            } else if (collator.compare(flags, "-tsacert") ==0) {
-                if (++n == args.length) usageNoArg();
-                tsaAlias = args[n];
-            } else if (collator.compare(flags, "-altsigner") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClass = args[n];
-            } else if (collator.compare(flags, "-altsignerpath") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClasspath = args[n];
-            } else if (collator.compare(flags, "-sectionsonly") ==0) {
-                signManifest = false;
-            } else if (collator.compare(flags, "-internalsf") ==0) {
-                externalSF = false;
-            } else if (collator.compare(flags, "-verify") ==0) {
-                verify = true;
-            } else if (collator.compare(flags, "-verbose") ==0) {
-                verbose = (modifier != null) ? modifier : "all";
-            } else if (collator.compare(flags, "-sigalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                sigalg = args[n];
-            } else if (collator.compare(flags, "-digestalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                digestalg = args[n];
-            } else if (collator.compare(flags, "-certs") ==0) {
-                showcerts = true;
-            } else if (collator.compare(flags, "-strict") ==0) {
-                strict = true;
-            } else if (collator.compare(flags, "-h") == 0 ||
-                        collator.compare(flags, "-help") == 0) {
-                fullusage();
-            } else {
-                System.err.println(
-                        rb.getString("Illegal.option.") + flags);
-                usage();
-            }
-        }
-
-        // -certs must always be specified with -verbose
-        if (verbose == null) showcerts = false;
-
-        if (jarfile == null) {
-            System.err.println(rb.getString("Please.specify.jarfile.name"));
-            usage();
-        }
-        if (!verify && alias == null) {
-            System.err.println(rb.getString("Please.specify.alias.name"));
-            usage();
-        }
-        if (!verify && ckaliases.size() > 1) {
-            System.err.println(rb.getString("Only.one.alias.can.be.specified"));
-            usage();
-        }
-
-        if (storetype == null) {
-            storetype = KeyStore.getDefaultType();
-        }
-        storetype = KeyStoreUtil.niceStoreTypeName(storetype);
-
-        try {
-            if (signedjar != null && new File(signedjar).getCanonicalPath().equals(
-                    new File(jarfile).getCanonicalPath())) {
-                signedjar = null;
-            }
-        } catch (IOException ioe) {
-            // File system error?
-            // Just ignore it.
-        }
-
-        if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
-                KeyStoreUtil.isWindowsKeyStore(storetype)) {
-            token = true;
-            if (keystore == null) {
-                keystore = NONE;
-            }
-        }
-
-        if (NONE.equals(keystore)) {
-            nullStream = true;
-        }
-
-        if (token && !nullStream) {
-            System.err.println(MessageFormat.format(rb.getString
-                (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype));
-            usage();
-        }
-
-        if (token && keypass != null) {
-            System.err.println(MessageFormat.format(rb.getString
-                (".keypass.can.not.be.specified.if.storetype.is.{0}"), storetype));
-            usage();
-        }
-
-        if (protectedPath) {
-            if (storepass != null || keypass != null) {
-                System.err.println(rb.getString
-                        ("If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified"));
-                usage();
-            }
-        }
-        if (KeyStoreUtil.isWindowsKeyStore(storetype)) {
-            if (storepass != null || keypass != null) {
-                System.err.println(rb.getString
-                        ("If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified"));
-                usage();
-            }
-        }
-        return args;
-    }
-
-    static char[] getPass(String modifier, String arg) {
-        char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
-        if (output != null) return output;
-        usage();
-        return null;    // Useless, usage() already exit
-    }
-
-    static void usageNoArg() {
-        System.out.println(rb.getString("Option.lacks.argument"));
-        usage();
-    }
-
-    static void usage() {
-        System.out.println();
-        System.out.println(rb.getString("Please.type.jarsigner.help.for.usage"));
-        System.exit(1);
-    }
-
-    static void fullusage() {
-        System.out.println(rb.getString
-                ("Usage.jarsigner.options.jar.file.alias"));
-        System.out.println(rb.getString
-                (".jarsigner.verify.options.jar.file.alias."));
-        System.out.println();
-        System.out.println(rb.getString
-                (".keystore.url.keystore.location"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".storepass.password.password.for.keystore.integrity"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".storetype.type.keystore.type"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".keypass.password.password.for.private.key.if.different."));
-        System.out.println();
-        System.out.println(rb.getString
-                (".certchain.file.name.of.alternative.certchain.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sigfile.file.name.of.SF.DSA.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".signedjar.file.name.of.signed.JAR.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".digestalg.algorithm.name.of.digest.algorithm"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sigalg.algorithm.name.of.signature.algorithm"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".verify.verify.a.signed.JAR.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".verbose.suboptions.verbose.output.when.signing.verifying."));
-        System.out.println(rb.getString
-                (".suboptions.can.be.all.grouped.or.summary"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".certs.display.certificates.when.verbose.and.verifying"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsa.url.location.of.the.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsacert.alias.public.key.certificate.for.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsapolicyid.tsapolicyid.for.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsadigestalg.algorithm.of.digest.data.in.timestamping.request"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".altsigner.class.class.name.of.an.alternative.signing.mechanism"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".internalsf.include.the.SF.file.inside.the.signature.block"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sectionsonly.don.t.compute.hash.of.entire.manifest"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".protected.keystore.has.protected.authentication.path"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".providerName.name.provider.name"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".providerClass.class.name.of.cryptographic.service.provider.s"));
-        System.out.println(rb.getString
-                (".providerArg.arg.master.class.file.and.constructor.argument"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".strict.treat.warnings.as.errors"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".conf.url.specify.a.pre.configured.options.file"));
-        System.out.println();
-
-        System.exit(0);
-    }
-
-    void verifyJar(String jarName)
-        throws Exception
-    {
-        boolean anySigned = false;  // if there exists entry inside jar signed
-        JarFile jf = null;
-
-        try {
-            jf = new JarFile(jarName, true);
-            Vector<JarEntry> entriesVec = new Vector<>();
-            byte[] buffer = new byte[8192];
-
-            Enumeration<JarEntry> entries = jf.entries();
-            while (entries.hasMoreElements()) {
-                JarEntry je = entries.nextElement();
-                entriesVec.addElement(je);
-                InputStream is = null;
-                try {
-                    is = jf.getInputStream(je);
-                    int n;
-                    while ((n = is.read(buffer, 0, buffer.length)) != -1) {
-                        // we just read. this will throw a SecurityException
-                        // if  a signature/digest check fails.
-                    }
-                } finally {
-                    if (is != null) {
-                        is.close();
-                    }
-                }
-            }
-
-            Manifest man = jf.getManifest();
-
-            // The map to record display info, only used when -verbose provided
-            //      key: signer info string
-            //      value: the list of files with common key
-            Map<String,List<String>> output = new LinkedHashMap<>();
-
-            if (man != null) {
-                if (verbose != null) System.out.println();
-                Enumeration<JarEntry> e = entriesVec.elements();
-
-                String tab = rb.getString("6SPACE");
-
-                while (e.hasMoreElements()) {
-                    JarEntry je = e.nextElement();
-                    String name = je.getName();
-                    CodeSigner[] signers = je.getCodeSigners();
-                    boolean isSigned = (signers != null);
-                    anySigned |= isSigned;
-                    hasUnsignedEntry |= !je.isDirectory() && !isSigned
-                                        && !signatureRelated(name);
-
-                    int inStoreOrScope = inKeyStore(signers);
-
-                    boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0;
-                    boolean inScope = (inStoreOrScope & IN_SCOPE) != 0;
-
-                    notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0;
-                    if (keystore != null) {
-                        aliasNotInStore |= isSigned && (!inStore && !inScope);
-                    }
-
-                    // Only used when -verbose provided
-                    StringBuffer sb = null;
-                    if (verbose != null) {
-                        sb = new StringBuffer();
-                        boolean inManifest =
-                            ((man.getAttributes(name) != null) ||
-                             (man.getAttributes("./"+name) != null) ||
-                             (man.getAttributes("/"+name) != null));
-                        sb.append(isSigned ? rb.getString("s") : rb.getString("SPACE"))
-                                .append(inManifest ? rb.getString("m") : rb.getString("SPACE"))
-                                .append(inStore ? rb.getString("k") : rb.getString("SPACE"))
-                                .append(inScope ? rb.getString("i") : rb.getString("SPACE"))
-                                .append((inStoreOrScope & NOT_ALIAS) != 0 ? 'X' : ' ')
-                                .append(rb.getString("SPACE"));
-                        sb.append('|');
-                    }
-
-                    // When -certs provided, display info has extra empty
-                    // lines at the beginning and end.
-                    if (isSigned) {
-                        if (showcerts) sb.append('\n');
-                        for (CodeSigner signer: signers) {
-                            // signerInfo() must be called even if -verbose
-                            // not provided. The method updates various
-                            // warning flags.
-                            String si = signerInfo(signer, tab);
-                            if (showcerts) {
-                                sb.append(si);
-                                sb.append('\n');
-                            }
-                        }
-                    } else if (showcerts && !verbose.equals("all")) {
-                        // Print no info for unsigned entries when -verbose:all,
-                        // to be consistent with old behavior.
-                        if (signatureRelated(name)) {
-                            sb.append('\n')
-                                    .append(tab)
-                                    .append(rb
-                                            .getString(".Signature.related.entries."))
-                                    .append("\n\n");
-                        } else {
-                            sb.append('\n').append(tab)
-                                    .append(rb.getString(".Unsigned.entries."))
-                                    .append("\n\n");
-                        }
-                    }
-
-                    if (verbose != null) {
-                        String label = sb.toString();
-                        if (signatureRelated(name)) {
-                            // Entries inside META-INF and other unsigned
-                            // entries are grouped separately.
-                            label = "-" + label;
-                        }
-
-                        // The label finally contains 2 parts separated by '|':
-                        // The legend displayed before the entry names, and
-                        // the cert info (if -certs specified).
-
-                        if (!output.containsKey(label)) {
-                            output.put(label, new ArrayList<String>());
-                        }
-
-                        StringBuilder fb = new StringBuilder();
-                        String s = Long.toString(je.getSize());
-                        for (int i = 6 - s.length(); i > 0; --i) {
-                            fb.append(' ');
-                        }
-                        fb.append(s).append(' ').
-                                append(new Date(je.getTime()).toString());
-                        fb.append(' ').append(name);
-
-                        output.get(label).add(fb.toString());
-                    }
-                }
-            }
-            if (verbose != null) {
-                for (Entry<String,List<String>> s: output.entrySet()) {
-                    List<String> files = s.getValue();
-                    String key = s.getKey();
-                    if (key.charAt(0) == '-') { // the signature-related group
-                        key = key.substring(1);
-                    }
-                    int pipe = key.indexOf('|');
-                    if (verbose.equals("all")) {
-                        for (String f: files) {
-                            System.out.println(key.substring(0, pipe) + f);
-                            System.out.printf(key.substring(pipe+1));
-                        }
-                    } else {
-                        if (verbose.equals("grouped")) {
-                            for (String f: files) {
-                                System.out.println(key.substring(0, pipe) + f);
-                            }
-                        } else if (verbose.equals("summary")) {
-                            System.out.print(key.substring(0, pipe));
-                            if (files.size() > 1) {
-                                System.out.println(files.get(0) + " " +
-                                        String.format(rb.getString(
-                                        ".and.d.more."), files.size()-1));
-                            } else {
-                                System.out.println(files.get(0));
-                            }
-                        }
-                        System.out.printf(key.substring(pipe+1));
-                    }
-                }
-                System.out.println();
-                System.out.println(rb.getString(
-                    ".s.signature.was.verified."));
-                System.out.println(rb.getString(
-                    ".m.entry.is.listed.in.manifest"));
-                System.out.println(rb.getString(
-                    ".k.at.least.one.certificate.was.found.in.keystore"));
-                System.out.println(rb.getString(
-                    ".i.at.least.one.certificate.was.found.in.identity.scope"));
-                if (ckaliases.size() > 0) {
-                    System.out.println(rb.getString(
-                        ".X.not.signed.by.specified.alias.es."));
-                }
-                System.out.println();
-            }
-            if (man == null)
-                System.out.println(rb.getString("no.manifest."));
-
-            if (!anySigned) {
-                System.out.println(rb.getString(
-                      "jar.is.unsigned.signatures.missing.or.not.parsable."));
-            } else {
-                boolean warningAppeared = false;
-                boolean errorAppeared = false;
-                if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
-                        notYetValidCert || chainNotValidated || hasExpiredCert ||
-                        hasUnsignedEntry ||
-                        aliasNotInStore || notSignedByAlias) {
-
-                    if (strict) {
-                        System.out.println(rb.getString("jar.verified.with.signer.errors."));
-                        System.out.println();
-                        System.out.println(rb.getString("Error."));
-                        errorAppeared = true;
-                    } else {
-                        System.out.println(rb.getString("jar.verified."));
-                        System.out.println();
-                        System.out.println(rb.getString("Warning."));
-                        warningAppeared = true;
-                    }
-
-                    if (badKeyUsage) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (badExtendedKeyUsage) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (badNetscapeCertType) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (hasUnsignedEntry) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
-                    }
-                    if (hasExpiredCert) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.entries.whose.signer.certificate.has.expired."));
-                    }
-                    if (notYetValidCert) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
-                    }
-
-                    if (chainNotValidated) {
-                        System.out.println(
-                                rb.getString("This.jar.contains.entries.whose.certificate.chain.is.not.validated."));
-                    }
-
-                    if (notSignedByAlias) {
-                        System.out.println(
-                                rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
-                    }
-
-                    if (aliasNotInStore) {
-                        System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
-                    }
-                } else {
-                    System.out.println(rb.getString("jar.verified."));
-                }
-                if (hasExpiringCert || noTimestamp) {
-                    if (!warningAppeared) {
-                        System.out.println();
-                        System.out.println(rb.getString("Warning."));
-                        warningAppeared = true;
-                    }
-                    if (hasExpiringCert) {
-                        System.out.println(rb.getString(
-                                "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
-                    }
-                    if (noTimestamp) {
-                        System.out.println(
-                                String.format(rb.getString("no.timestamp.verifying"), expireDate));
-                    }
-                }
-                if (warningAppeared || errorAppeared) {
-                    if (! (verbose != null && showcerts)) {
-                        System.out.println();
-                        System.out.println(rb.getString(
-                                "Re.run.with.the.verbose.and.certs.options.for.more.details."));
-                    }
-                }
-            }
-            return;
-        } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner.") + e);
-            if (debug) {
-                e.printStackTrace();
-            }
-        } finally { // close the resource
-            if (jf != null) {
-                jf.close();
-            }
-        }
-
-        System.exit(1);
-    }
-
-    private static MessageFormat validityTimeForm = null;
-    private static MessageFormat notYetTimeForm = null;
-    private static MessageFormat expiredTimeForm = null;
-    private static MessageFormat expiringTimeForm = null;
-
-    /*
-     * Display some details about a certificate:
-     *
-     * [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"]
-     * [<validity-period> | <expiry-warning>]
-     *
-     * Note: no newline character at the end
-     */
-    String printCert(String tab, Certificate c, boolean checkValidityPeriod,
-        Date timestamp, boolean checkUsage) {
-
-        StringBuilder certStr = new StringBuilder();
-        String space = rb.getString("SPACE");
-        X509Certificate x509Cert = null;
-
-        if (c instanceof X509Certificate) {
-            x509Cert = (X509Certificate) c;
-            certStr.append(tab).append(x509Cert.getType())
-                .append(rb.getString("COMMA"))
-                .append(x509Cert.getSubjectDN().getName());
-        } else {
-            certStr.append(tab).append(c.getType());
-        }
-
-        String alias = storeHash.get(c);
-        if (alias != null) {
-            certStr.append(space).append(alias);
-        }
-
-        if (checkValidityPeriod && x509Cert != null) {
-
-            certStr.append("\n").append(tab).append("[");
-            Date notAfter = x509Cert.getNotAfter();
-            try {
-                boolean printValidity = true;
-                if (timestamp == null) {
-                    if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
-                        expireDate = notAfter;
-                    }
-                    x509Cert.checkValidity();
-                    // test if cert will expire within six months
-                    if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
-                        hasExpiringCert = true;
-                        if (expiringTimeForm == null) {
-                            expiringTimeForm = new MessageFormat(
-                                rb.getString("certificate.will.expire.on"));
-                        }
-                        Object[] source = { notAfter };
-                        certStr.append(expiringTimeForm.format(source));
-                        printValidity = false;
-                    }
-                } else {
-                    x509Cert.checkValidity(timestamp);
-                }
-                if (printValidity) {
-                    if (validityTimeForm == null) {
-                        validityTimeForm = new MessageFormat(
-                            rb.getString("certificate.is.valid.from"));
-                    }
-                    Object[] source = { x509Cert.getNotBefore(), notAfter };
-                    certStr.append(validityTimeForm.format(source));
-                }
-            } catch (CertificateExpiredException cee) {
-                hasExpiredCert = true;
-
-                if (expiredTimeForm == null) {
-                    expiredTimeForm = new MessageFormat(
-                        rb.getString("certificate.expired.on"));
-                }
-                Object[] source = { notAfter };
-                certStr.append(expiredTimeForm.format(source));
-
-            } catch (CertificateNotYetValidException cnyve) {
-                notYetValidCert = true;
-
-                if (notYetTimeForm == null) {
-                    notYetTimeForm = new MessageFormat(
-                        rb.getString("certificate.is.not.valid.until"));
-                }
-                Object[] source = { x509Cert.getNotBefore() };
-                certStr.append(notYetTimeForm.format(source));
-            }
-            certStr.append("]");
-
-            if (checkUsage) {
-                boolean[] bad = new boolean[3];
-                checkCertUsage(x509Cert, bad);
-                if (bad[0] || bad[1] || bad[2]) {
-                    String x = "";
-                    if (bad[0]) {
-                        x ="KeyUsage";
-                    }
-                    if (bad[1]) {
-                        if (x.length() > 0) x = x + ", ";
-                        x = x + "ExtendedKeyUsage";
-                    }
-                    if (bad[2]) {
-                        if (x.length() > 0) x = x + ", ";
-                        x = x + "NetscapeCertType";
-                    }
-                    certStr.append("\n").append(tab)
-                        .append(MessageFormat.format(rb.getString(
-                        ".{0}.extension.does.not.support.code.signing."), x));
-                }
-            }
-        }
-        return certStr.toString();
-    }
-
-    private static MessageFormat signTimeForm = null;
-
-    private String printTimestamp(String tab, Timestamp timestamp) {
-
-        if (signTimeForm == null) {
-            signTimeForm =
-                new MessageFormat(rb.getString("entry.was.signed.on"));
-        }
-        Object[] source = { timestamp.getTimestamp() };
-
-        return new StringBuilder().append(tab).append("[")
-            .append(signTimeForm.format(source)).append("]").toString();
-    }
-
-    private Map<CodeSigner,Integer> cacheForInKS = new IdentityHashMap<>();
-
-    private int inKeyStoreForOneSigner(CodeSigner signer) {
-        if (cacheForInKS.containsKey(signer)) {
-            return cacheForInKS.get(signer);
-        }
-
-        boolean found = false;
-        int result = 0;
-        List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
-        for (Certificate c : certs) {
-            String alias = storeHash.get(c);
-            if (alias != null) {
-                if (alias.startsWith("(")) {
-                    result |= IN_KEYSTORE;
-                } else if (alias.startsWith("[")) {
-                    result |= IN_SCOPE;
-                }
-                if (ckaliases.contains(alias.substring(1, alias.length() - 1))) {
-                    result |= SIGNED_BY_ALIAS;
-                }
-            } else {
-                if (store != null) {
-                    try {
-                        alias = store.getCertificateAlias(c);
-                    } catch (KeyStoreException kse) {
-                        // never happens, because keystore has been loaded
-                    }
-                    if (alias != null) {
-                        storeHash.put(c, "(" + alias + ")");
-                        found = true;
-                        result |= IN_KEYSTORE;
-                    }
-                }
-                if (ckaliases.contains(alias)) {
-                    result |= SIGNED_BY_ALIAS;
-                }
-            }
-        }
-        cacheForInKS.put(signer, result);
-        return result;
-    }
-
-    Hashtable<Certificate, String> storeHash = new Hashtable<>();
-
-    int inKeyStore(CodeSigner[] signers) {
-
-        if (signers == null)
-            return 0;
-
-        int output = 0;
-
-        for (CodeSigner signer: signers) {
-            int result = inKeyStoreForOneSigner(signer);
-            output |= result;
-        }
-        if (ckaliases.size() > 0 && (output & SIGNED_BY_ALIAS) == 0) {
-            output |= NOT_ALIAS;
-        }
-        return output;
-    }
-
-    void signJar(String jarName, String alias, String[] args)
-        throws Exception {
-        boolean aliasUsed = false;
-        X509Certificate tsaCert = null;
-
-        if (sigfile == null) {
-            sigfile = alias;
-            aliasUsed = true;
-        }
-
-        if (sigfile.length() > 8) {
-            sigfile = sigfile.substring(0, 8).toUpperCase(Locale.ENGLISH);
-        } else {
-            sigfile = sigfile.toUpperCase(Locale.ENGLISH);
-        }
-
-        StringBuilder tmpSigFile = new StringBuilder(sigfile.length());
-        for (int j = 0; j < sigfile.length(); j++) {
-            char c = sigfile.charAt(j);
-            if (!
-                ((c>= 'A' && c<= 'Z') ||
-                (c>= '0' && c<= '9') ||
-                (c == '-') ||
-                (c == '_'))) {
-                if (aliasUsed) {
-                    // convert illegal characters from the alias to be _'s
-                    c = '_';
-                } else {
-                 throw new
-                   RuntimeException(rb.getString
-                        ("signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or."));
-                }
-            }
-            tmpSigFile.append(c);
-        }
-
-        sigfile = tmpSigFile.toString();
-
-        String tmpJarName;
-        if (signedjar == null) tmpJarName = jarName+".sig";
-        else tmpJarName = signedjar;
-
-        File jarFile = new File(jarName);
-        File signedJarFile = new File(tmpJarName);
-
-        // Open the jar (zip) file
-        try {
-            zipFile = new ZipFile(jarName);
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.open.jar.file.")+jarName, ioe);
-        }
-
-        FileOutputStream fos = null;
-        try {
-            fos = new FileOutputStream(signedJarFile);
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.create.")+tmpJarName, ioe);
-        }
-
-        PrintStream ps = new PrintStream(fos);
-        ZipOutputStream zos = new ZipOutputStream(ps);
-
-        /* First guess at what they might be - we don't xclude RSA ones. */
-        String sfFilename = (META_INF + sigfile + ".SF").toUpperCase(Locale.ENGLISH);
-        String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase(Locale.ENGLISH);
-
-        Manifest manifest = new Manifest();
-        Map<String,Attributes> mfEntries = manifest.getEntries();
-
-        // The Attributes of manifest before updating
-        Attributes oldAttr = null;
-
-        boolean mfModified = false;
-        boolean mfCreated = false;
-        byte[] mfRawBytes = null;
-
-        try {
-            MessageDigest digests[] = { MessageDigest.getInstance(digestalg) };
-
-            // Check if manifest exists
-            ZipEntry mfFile;
-            if ((mfFile = getManifestFile(zipFile)) != null) {
-                // Manifest exists. Read its raw bytes.
-                mfRawBytes = getBytes(zipFile, mfFile);
-                manifest.read(new ByteArrayInputStream(mfRawBytes));
-                oldAttr = (Attributes)(manifest.getMainAttributes().clone());
-            } else {
-                // Create new manifest
-                Attributes mattr = manifest.getMainAttributes();
-                mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(),
-                               "1.0");
-                String javaVendor = System.getProperty("java.vendor");
-                String jdkVersion = System.getProperty("java.version");
-                mattr.putValue("Created-By", jdkVersion + " (" +javaVendor
-                               + ")");
-                mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
-                mfCreated = true;
-            }
-
-            /*
-             * For each entry in jar
-             * (except for signature-related META-INF entries),
-             * do the following:
-             *
-             * - if entry is not contained in manifest, add it to manifest;
-             * - if entry is contained in manifest, calculate its hash and
-             *   compare it with the one in the manifest; if they are
-             *   different, replace the hash in the manifest with the newly
-             *   generated one. (This may invalidate existing signatures!)
-             */
-            Vector<ZipEntry> mfFiles = new Vector<>();
-
-            boolean wasSigned = false;
-
-            for (Enumeration<? extends ZipEntry> enum_=zipFile.entries();
-                        enum_.hasMoreElements();) {
-                ZipEntry ze = enum_.nextElement();
-
-                if (ze.getName().startsWith(META_INF)) {
-                    // Store META-INF files in vector, so they can be written
-                    // out first
-                    mfFiles.addElement(ze);
-
-                    if (SignatureFileVerifier.isBlockOrSF(
-                            ze.getName().toUpperCase(Locale.ENGLISH))) {
-                        wasSigned = true;
-                    }
-
-                    if (signatureRelated(ze.getName())) {
-                        // ignore signature-related and manifest files
-                        continue;
-                    }
-                }
-
-                if (manifest.getAttributes(ze.getName()) != null) {
-                    // jar entry is contained in manifest, check and
-                    // possibly update its digest attributes
-                    if (updateDigests(ze, zipFile, digests,
-                                      manifest) == true) {
-                        mfModified = true;
-                    }
-                } else if (!ze.isDirectory()) {
-                    // Add entry to manifest
-                    Attributes attrs = getDigestAttributes(ze, zipFile,
-                                                           digests);
-                    mfEntries.put(ze.getName(), attrs);
-                    mfModified = true;
-                }
-            }
-
-            // Recalculate the manifest raw bytes if necessary
-            if (mfModified) {
-                ByteArrayOutputStream baos = new ByteArrayOutputStream();
-                manifest.write(baos);
-                if (wasSigned) {
-                    byte[] newBytes = baos.toByteArray();
-                    if (mfRawBytes != null
-                            && oldAttr.equals(manifest.getMainAttributes())) {
-
-                        /*
-                         * Note:
-                         *
-                         * The Attributes object is based on HashMap and can handle
-                         * continuation columns. Therefore, even if the contents are
-                         * not changed (in a Map view), the bytes that it write()
-                         * may be different from the original bytes that it read()
-                         * from. Since the signature on the main attributes is based
-                         * on raw bytes, we must retain the exact bytes.
-                         */
-
-                        int newPos = findHeaderEnd(newBytes);
-                        int oldPos = findHeaderEnd(mfRawBytes);
-
-                        if (newPos == oldPos) {
-                            System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos);
-                        } else {
-                            // cat oldHead newTail > newBytes
-                            byte[] lastBytes = new byte[oldPos +
-                                    newBytes.length - newPos];
-                            System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos);
-                            System.arraycopy(newBytes, newPos, lastBytes, oldPos,
-                                    newBytes.length - newPos);
-                            newBytes = lastBytes;
-                        }
-                    }
-                    mfRawBytes = newBytes;
-                } else {
-                    mfRawBytes = baos.toByteArray();
-                }
-            }
-
-            // Write out the manifest
-            if (mfModified) {
-                // manifest file has new length
-                mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
-            }
-            if (verbose != null) {
-                if (mfCreated) {
-                    System.out.println(rb.getString(".adding.") +
-                                        mfFile.getName());
-                } else if (mfModified) {
-                    System.out.println(rb.getString(".updating.") +
-                                        mfFile.getName());
-                }
-            }
-            zos.putNextEntry(mfFile);
-            zos.write(mfRawBytes);
-
-            // Calculate SignatureFile (".SF") and SignatureBlockFile
-            ManifestDigester manDig = new ManifestDigester(mfRawBytes);
-            SignatureFile sf = new SignatureFile(digests, manifest, manDig,
-                                                 sigfile, signManifest);
-
-            if (tsaAlias != null) {
-                tsaCert = getTsaCert(tsaAlias);
-            }
-
-            if (tsaUrl == null && tsaCert == null) {
-                noTimestamp = true;
-            }
-
-            SignatureFile.Block block = null;
-
-            try {
-                block =
-                    sf.generateBlock(privateKey, sigalg, certChain,
-                        externalSF, tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg,
-                        signingMechanism, args, zipFile);
-            } catch (SocketTimeoutException e) {
-                // Provide a helpful message when TSA is beyond a firewall
-                error(rb.getString("unable.to.sign.jar.") +
-                rb.getString("no.response.from.the.Timestamping.Authority.") +
-                "\n  -J-Dhttp.proxyHost=<hostname>" +
-                "\n  -J-Dhttp.proxyPort=<portnumber>\n" +
-                rb.getString("or") +
-                "\n  -J-Dhttps.proxyHost=<hostname> " +
-                "\n  -J-Dhttps.proxyPort=<portnumber> ", e);
-            }
-
-            sfFilename = sf.getMetaName();
-            bkFilename = block.getMetaName();
-
-            ZipEntry sfFile = new ZipEntry(sfFilename);
-            ZipEntry bkFile = new ZipEntry(bkFilename);
-
-            long time = System.currentTimeMillis();
-            sfFile.setTime(time);
-            bkFile.setTime(time);
-
-            // signature file
-            zos.putNextEntry(sfFile);
-            sf.write(zos);
-            if (verbose != null) {
-                if (zipFile.getEntry(sfFilename) != null) {
-                    System.out.println(rb.getString(".updating.") +
-                                sfFilename);
-                } else {
-                    System.out.println(rb.getString(".adding.") +
-                                sfFilename);
-                }
-            }
-
-            if (verbose != null) {
-                if (tsaUrl != null || tsaCert != null) {
-                    System.out.println(
-                        rb.getString("requesting.a.signature.timestamp"));
-                }
-                if (tsaUrl != null) {
-                    System.out.println(rb.getString("TSA.location.") + tsaUrl);
-                }
-                if (tsaCert != null) {
-                    URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert);
-                    if (tsaURI != null) {
-                        System.out.println(rb.getString("TSA.location.") +
-                            tsaURI);
-                    }
-                    System.out.println(rb.getString("TSA.certificate.") +
-                        printCert("", tsaCert, false, null, false));
-                }
-                if (signingMechanism != null) {
-                    System.out.println(
-                        rb.getString("using.an.alternative.signing.mechanism"));
-                }
-            }
-
-            // signature block file
-            zos.putNextEntry(bkFile);
-            block.write(zos);
-            if (verbose != null) {
-                if (zipFile.getEntry(bkFilename) != null) {
-                    System.out.println(rb.getString(".updating.") +
-                        bkFilename);
-                } else {
-                    System.out.println(rb.getString(".adding.") +
-                        bkFilename);
-                }
-            }
-
-            // Write out all other META-INF files that we stored in the
-            // vector
-            for (int i=0; i<mfFiles.size(); i++) {
-                ZipEntry ze = mfFiles.elementAt(i);
-                if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME)
-                    && !ze.getName().equalsIgnoreCase(sfFilename)
-                    && !ze.getName().equalsIgnoreCase(bkFilename)) {
-                    writeEntry(zipFile, zos, ze);
-                }
-            }
-
-            // Write out all other files
-            for (Enumeration<? extends ZipEntry> enum_=zipFile.entries();
-                        enum_.hasMoreElements();) {
-                ZipEntry ze = enum_.nextElement();
-
-                if (!ze.getName().startsWith(META_INF)) {
-                    if (verbose != null) {
-                        if (manifest.getAttributes(ze.getName()) != null)
-                          System.out.println(rb.getString(".signing.") +
-                                ze.getName());
-                        else
-                          System.out.println(rb.getString(".adding.") +
-                                ze.getName());
-                    }
-                    writeEntry(zipFile, zos, ze);
-                }
-            }
-        } catch(IOException ioe) {
-            error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
-        } finally {
-            // close the resouces
-            if (zipFile != null) {
-                zipFile.close();
-                zipFile = null;
-            }
-
-            if (zos != null) {
-                zos.close();
-            }
-        }
-
-        // no IOException thrown in the follow try clause, so disable
-        // the try clause.
-        // try {
-            if (signedjar == null) {
-                // attempt an atomic rename. If that fails,
-                // rename the original jar file, then the signed
-                // one, then delete the original.
-                if (!signedJarFile.renameTo(jarFile)) {
-                    File origJar = new File(jarName+".orig");
-
-                    if (jarFile.renameTo(origJar)) {
-                        if (signedJarFile.renameTo(jarFile)) {
-                            origJar.delete();
-                        } else {
-                            MessageFormat form = new MessageFormat(rb.getString
-                        ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
-                            Object[] source = {signedJarFile, jarFile};
-                            error(form.format(source));
-                        }
-                    } else {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("attempt.to.rename.jarFile.to.origJar.failed"));
-                        Object[] source = {jarFile, origJar};
-                        error(form.format(source));
-                    }
-                }
-            }
-
-            boolean warningAppeared = false;
-            if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
-                    notYetValidCert || chainNotValidated || hasExpiredCert) {
-                if (strict) {
-                    System.out.println(rb.getString("jar.signed.with.signer.errors."));
-                    System.out.println();
-                    System.out.println(rb.getString("Error."));
-                } else {
-                    System.out.println(rb.getString("jar.signed."));
-                    System.out.println();
-                    System.out.println(rb.getString("Warning."));
-                    warningAppeared = true;
-                }
-
-                if (badKeyUsage) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (badExtendedKeyUsage) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (badNetscapeCertType) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (hasExpiredCert) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.has.expired."));
-                } else if (notYetValidCert) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.is.not.yet.valid."));
-                }
-
-                if (chainNotValidated) {
-                    System.out.println(
-                            rb.getString("The.signer.s.certificate.chain.is.not.validated."));
-                }
-            } else {
-                System.out.println(rb.getString("jar.signed."));
-            }
-            if (hasExpiringCert || noTimestamp) {
-                if (!warningAppeared) {
-                    System.out.println();
-                    System.out.println(rb.getString("Warning."));
-                }
-
-                if (hasExpiringCert) {
-                    System.out.println(
-                            rb.getString("The.signer.certificate.will.expire.within.six.months."));
-                }
-
-                if (noTimestamp) {
-                    System.out.println(
-                            String.format(rb.getString("no.timestamp.signing"), expireDate));
-                }
-            }
-
-        // no IOException thrown in the above try clause, so disable
-        // the catch clause.
-        // } catch(IOException ioe) {
-        //     error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
-        // }
-    }
-
-    /**
-     * Find the length of header inside bs. The header is a multiple (>=0)
-     * lines of attributes plus an empty line. The empty line is included
-     * in the header.
-     */
-    @SuppressWarnings("fallthrough")
-    private int findHeaderEnd(byte[] bs) {
-        // Initial state true to deal with empty header
-        boolean newline = true;     // just met a newline
-        int len = bs.length;
-        for (int i=0; i<len; i++) {
-            switch (bs[i]) {
-                case '\r':
-                    if (i < len - 1 && bs[i+1] == '\n') i++;
-                    // fallthrough
-                case '\n':
-                    if (newline) return i+1;    //+1 to get length
-                    newline = true;
-                    break;
-                default:
-                    newline = false;
-            }
-        }
-        // If header end is not found, it means the MANIFEST.MF has only
-        // the main attributes section and it does not end with 2 newlines.
-        // Returns the whole length so that it can be completely replaced.
-        return len;
-    }
-
-    /**
-     * signature-related files include:
-     * . META-INF/MANIFEST.MF
-     * . META-INF/SIG-*
-     * . META-INF/*.SF
-     * . META-INF/*.DSA
-     * . META-INF/*.RSA
-     * . META-INF/*.EC
-     */
-    private boolean signatureRelated(String name) {
-        return SignatureFileVerifier.isSigningRelated(name);
-    }
-
-    Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>();
-
-    /**
-     * Returns a string of singer info, with a newline at the end
-     */
-    private String signerInfo(CodeSigner signer, String tab) {
-        if (cacheForSignerInfo.containsKey(signer)) {
-            return cacheForSignerInfo.get(signer);
-        }
-        StringBuilder sb = new StringBuilder();
-        List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
-        // display the signature timestamp, if present
-        Date timestamp;
-        Timestamp ts = signer.getTimestamp();
-        if (ts != null) {
-            sb.append(printTimestamp(tab, ts));
-            sb.append('\n');
-            timestamp = ts.getTimestamp();
-        } else {
-            timestamp = null;
-            noTimestamp = true;
-        }
-        // display the certificate(sb). The first one is end-entity cert and
-        // its KeyUsage should be checked.
-        boolean first = true;
-        for (Certificate c : certs) {
-            sb.append(printCert(tab, c, true, timestamp, first));
-            sb.append('\n');
-            first = false;
-        }
-        try {
-            validateCertChain(certs);
-        } catch (Exception e) {
-            if (debug) {
-                e.printStackTrace();
-            }
-            if (e.getCause() != null &&
-                    (e.getCause() instanceof CertificateExpiredException ||
-                     e.getCause() instanceof CertificateNotYetValidException)) {
-                // No more warning, we alreay have hasExpiredCert or notYetValidCert
-            } else {
-                chainNotValidated = true;
-                sb.append(tab).append(rb.getString(".CertPath.not.validated."))
-                        .append(e.getLocalizedMessage()).append("]\n"); // TODO
-            }
-        }
-        String result = sb.toString();
-        cacheForSignerInfo.put(signer, result);
-        return result;
-    }
-
-    private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
-    throws IOException
-    {
-        ZipEntry ze2 = new ZipEntry(ze.getName());
-        ze2.setMethod(ze.getMethod());
-        ze2.setTime(ze.getTime());
-        ze2.setComment(ze.getComment());
-        ze2.setExtra(ze.getExtra());
-        if (ze.getMethod() == ZipEntry.STORED) {
-            ze2.setSize(ze.getSize());
-            ze2.setCrc(ze.getCrc());
-        }
-        os.putNextEntry(ze2);
-        writeBytes(zf, ze, os);
-    }
-
-    /**
-     * Writes all the bytes for a given entry to the specified output stream.
-     */
-    private synchronized void writeBytes
-        (ZipFile zf, ZipEntry ze, ZipOutputStream os) throws IOException {
-        int n;
-
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            long left = ze.getSize();
-
-            while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                os.write(buffer, 0, n);
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-    }
-
-    void loadKeyStore(String keyStoreName, boolean prompt) {
-
-        if (!nullStream && keyStoreName == null) {
-            keyStoreName = System.getProperty("user.home") + File.separator
-                + ".keystore";
-        }
-
-        try {
-
-            certificateFactory = CertificateFactory.getInstance("X.509");
-            validator = CertPathValidator.getInstance("PKIX");
-            Set<TrustAnchor> tas = new HashSet<>();
-            try {
-                KeyStore caks = KeyStoreUtil.getCacertsKeyStore();
-                if (caks != null) {
-                    Enumeration<String> aliases = caks.aliases();
-                    while (aliases.hasMoreElements()) {
-                        String a = aliases.nextElement();
-                        try {
-                            tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
-                        } catch (Exception e2) {
-                            // ignore, when a SecretkeyEntry does not include a cert
-                        }
-                    }
-                }
-            } catch (Exception e) {
-                // Ignore, if cacerts cannot be loaded
-            }
-
-            if (providerName == null) {
-                store = KeyStore.getInstance(storetype);
-            } else {
-                store = KeyStore.getInstance(storetype, providerName);
-            }
-
-            // Get pass phrase
-            // XXX need to disable echo; on UNIX, call getpass(char *prompt)Z
-            // and on NT call ??
-            if (token && storepass == null && !protectedPath
-                    && !KeyStoreUtil.isWindowsKeyStore(storetype)) {
-                storepass = getPass
-                        (rb.getString("Enter.Passphrase.for.keystore."));
-            } else if (!token && storepass == null && prompt) {
-                storepass = getPass
-                        (rb.getString("Enter.Passphrase.for.keystore."));
-            }
-
-            try {
-                if (nullStream) {
-                    store.load(null, storepass);
-                } else {
-                    keyStoreName = keyStoreName.replace(File.separatorChar, '/');
-                    URL url = null;
-                    try {
-                        url = new URL(keyStoreName);
-                    } catch (java.net.MalformedURLException e) {
-                        // try as file
-                        url = new File(keyStoreName).toURI().toURL();
-                    }
-                    InputStream is = null;
-                    try {
-                        is = url.openStream();
-                        store.load(is, storepass);
-                    } finally {
-                        if (is != null) {
-                            is.close();
-                        }
-                    }
-                }
-                Enumeration<String> aliases = store.aliases();
-                while (aliases.hasMoreElements()) {
-                    String a = aliases.nextElement();
-                    try {
-                        X509Certificate c = (X509Certificate)store.getCertificate(a);
-                        // Only add TrustedCertificateEntry and self-signed
-                        // PrivateKeyEntry
-                        if (store.isCertificateEntry(a) ||
-                                c.getSubjectDN().equals(c.getIssuerDN())) {
-                            tas.add(new TrustAnchor(c, null));
-                        }
-                    } catch (Exception e2) {
-                        // ignore, when a SecretkeyEntry does not include a cert
-                    }
-                }
-            } finally {
-                try {
-                    pkixParameters = new PKIXParameters(tas);
-                    pkixParameters.setRevocationEnabled(false);
-                } catch (InvalidAlgorithmParameterException ex) {
-                    // Only if tas is empty
-                }
-            }
-        } catch (IOException ioe) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        ioe.getMessage());
-        } catch (java.security.cert.CertificateException ce) {
-            throw new RuntimeException(rb.getString("certificate.exception.") +
-                                        ce.getMessage());
-        } catch (NoSuchProviderException pe) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        pe.getMessage());
-        } catch (NoSuchAlgorithmException nsae) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        nsae.getMessage());
-        } catch (KeyStoreException kse) {
-            throw new RuntimeException
-                (rb.getString("unable.to.instantiate.keystore.class.") +
-                kse.getMessage());
-        }
-    }
-
-    X509Certificate getTsaCert(String alias) {
-
-        java.security.cert.Certificate cs = null;
-
-        try {
-            cs = store.getCertificate(alias);
-        } catch (KeyStoreException kse) {
-            // this never happens, because keystore has been loaded
-        }
-        if (cs == null || (!(cs instanceof X509Certificate))) {
-            MessageFormat form = new MessageFormat(rb.getString
-                ("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the"));
-            Object[] source = {alias, alias};
-            error(form.format(source));
-        }
-        return (X509Certificate) cs;
-    }
-
-    /**
-     * Check if userCert is designed to be a code signer
-     * @param userCert the certificate to be examined
-     * @param bad 3 booleans to show if the KeyUsage, ExtendedKeyUsage,
-     *            NetscapeCertType has codeSigning flag turned on.
-     *            If null, the class field badKeyUsage, badExtendedKeyUsage,
-     *            badNetscapeCertType will be set.
-     */
-    void checkCertUsage(X509Certificate userCert, boolean[] bad) {
-
-        // Can act as a signer?
-        // 1. if KeyUsage, then [0:digitalSignature] or
-        //    [1:nonRepudiation] should be true
-        // 2. if ExtendedKeyUsage, then should contains ANY or CODE_SIGNING
-        // 3. if NetscapeCertType, then should contains OBJECT_SIGNING
-        // 1,2,3 must be true
-
-        if (bad != null) {
-            bad[0] = bad[1] = bad[2] = false;
-        }
-
-        boolean[] keyUsage = userCert.getKeyUsage();
-        if (keyUsage != null) {
-            keyUsage = Arrays.copyOf(keyUsage, 9);
-            if (!keyUsage[0] && !keyUsage[1]) {
-                if (bad != null) {
-                    bad[0] = true;
-                    badKeyUsage = true;
-                }
-            }
-        }
-
-        try {
-            List<String> xKeyUsage = userCert.getExtendedKeyUsage();
-            if (xKeyUsage != null) {
-                if (!xKeyUsage.contains("2.5.29.37.0") // anyExtendedKeyUsage
-                        && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) {  // codeSigning
-                    if (bad != null) {
-                        bad[1] = true;
-                        badExtendedKeyUsage = true;
-                    }
-                }
-            }
-        } catch (java.security.cert.CertificateParsingException e) {
-            // shouldn't happen
-        }
-
-        try {
-            // OID_NETSCAPE_CERT_TYPE
-            byte[] netscapeEx = userCert.getExtensionValue
-                    ("2.16.840.1.113730.1.1");
-            if (netscapeEx != null) {
-                DerInputStream in = new DerInputStream(netscapeEx);
-                byte[] encoded = in.getOctetString();
-                encoded = new DerValue(encoded).getUnalignedBitString()
-                        .toByteArray();
-
-                NetscapeCertTypeExtension extn =
-                        new NetscapeCertTypeExtension(encoded);
-
-                Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
-                if (!val) {
-                    if (bad != null) {
-                        bad[2] = true;
-                        badNetscapeCertType = true;
-                    }
-                }
-            }
-        } catch (IOException e) {
-            //
-        }
-    }
-
-    void getAliasInfo(String alias) {
-
-        Key key = null;
-
-        try {
-            java.security.cert.Certificate[] cs = null;
-            if (altCertChain != null) {
-                try (FileInputStream fis = new FileInputStream(altCertChain)) {
-                    cs = CertificateFactory.getInstance("X.509").
-                            generateCertificates(fis).
-                            toArray(new Certificate[0]);
-                } catch (FileNotFoundException ex) {
-                    error(rb.getString("File.specified.by.certchain.does.not.exist"));
-                } catch (CertificateException | IOException ex) {
-                    error(rb.getString("Cannot.restore.certchain.from.file.specified"));
-                }
-            } else {
-                try {
-                    cs = store.getCertificateChain(alias);
-                } catch (KeyStoreException kse) {
-                    // this never happens, because keystore has been loaded
-                }
-            }
-            if (cs == null || cs.length == 0) {
-                if (altCertChain != null) {
-                    error(rb.getString
-                            ("Certificate.chain.not.found.in.the.file.specified."));
-                } else {
-                    MessageFormat form = new MessageFormat(rb.getString
-                        ("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and"));
-                    Object[] source = {alias, alias};
-                    error(form.format(source));
-                }
-            }
-
-            certChain = new X509Certificate[cs.length];
-            for (int i=0; i<cs.length; i++) {
-                if (!(cs[i] instanceof X509Certificate)) {
-                    error(rb.getString
-                        ("found.non.X.509.certificate.in.signer.s.chain"));
-                }
-                certChain[i] = (X509Certificate)cs[i];
-            }
-
-            // We don't meant to print anything, the next call
-            // checks validity and keyUsage etc
-            printCert("", certChain[0], true, null, true);
-
-            try {
-                validateCertChain(Arrays.asList(certChain));
-            } catch (Exception e) {
-                if (debug) {
-                    e.printStackTrace();
-                }
-                if (e.getCause() != null &&
-                        (e.getCause() instanceof CertificateExpiredException ||
-                        e.getCause() instanceof CertificateNotYetValidException)) {
-                    // No more warning, we alreay have hasExpiredCert or notYetValidCert
-                } else {
-                    chainNotValidated = true;
-                }
-            }
-
-            try {
-                if (!token && keypass == null)
-                    key = store.getKey(alias, storepass);
-                else
-                    key = store.getKey(alias, keypass);
-            } catch (UnrecoverableKeyException e) {
-                if (token) {
-                    throw e;
-                } else if (keypass == null) {
-                    // Did not work out, so prompt user for key password
-                    MessageFormat form = new MessageFormat(rb.getString
-                        ("Enter.key.password.for.alias."));
-                    Object[] source = {alias};
-                    keypass = getPass(form.format(source));
-                    key = store.getKey(alias, keypass);
-                }
-            }
-        } catch (NoSuchAlgorithmException e) {
-            error(e.getMessage());
-        } catch (UnrecoverableKeyException e) {
-            error(rb.getString("unable.to.recover.key.from.keystore"));
-        } catch (KeyStoreException kse) {
-            // this never happens, because keystore has been loaded
-        }
-
-        if (!(key instanceof PrivateKey)) {
-            MessageFormat form = new MessageFormat(rb.getString
-                ("key.associated.with.alias.not.a.private.key"));
-            Object[] source = {alias};
-            error(form.format(source));
-        } else {
-            privateKey = (PrivateKey)key;
-        }
-    }
-
-    void error(String message)
-    {
-        System.out.println(rb.getString("jarsigner.")+message);
-        System.exit(1);
-    }
-
-
-    void error(String message, Exception e)
-    {
-        System.out.println(rb.getString("jarsigner.")+message);
-        if (debug) {
-            e.printStackTrace();
-        }
-        System.exit(1);
-    }
-
-    void validateCertChain(List<? extends Certificate> certs) throws Exception {
-        int cpLen = 0;
-        out: for (; cpLen<certs.size(); cpLen++) {
-            for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
-                if (ta.getTrustedCert().equals(certs.get(cpLen))) {
-                    break out;
-                }
-            }
-        }
-        if (cpLen > 0) {
-            CertPath cp = certificateFactory.generateCertPath(
-                    (cpLen == certs.size())? certs: certs.subList(0, cpLen));
-            validator.validate(cp, pkixParameters);
-        }
-    }
-
-    char[] getPass(String prompt)
-    {
-        System.err.print(prompt);
-        System.err.flush();
-        try {
-            char[] pass = Password.readPassword(System.in);
-
-            if (pass == null) {
-                error(rb.getString("you.must.enter.key.password"));
-            } else {
-                return pass;
-            }
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.read.password.")+ioe.getMessage());
-        }
-        // this shouldn't happen
-        return null;
-    }
-
-    /*
-     * Reads all the bytes for a given zip entry.
-     */
-    private synchronized byte[] getBytes(ZipFile zf,
-                                         ZipEntry ze) throws IOException {
-        int n;
-
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            baos.reset();
-            long left = ze.getSize();
-
-            while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                baos.write(buffer, 0, n);
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-
-        return baos.toByteArray();
-    }
-
-    /*
-     * Returns manifest entry from given jar file, or null if given jar file
-     * does not have a manifest entry.
-     */
-    private ZipEntry getManifestFile(ZipFile zf) {
-        ZipEntry ze = zf.getEntry(JarFile.MANIFEST_NAME);
-        if (ze == null) {
-            // Check all entries for matching name
-            Enumeration<? extends ZipEntry> enum_ = zf.entries();
-            while (enum_.hasMoreElements() && ze == null) {
-                ze = enum_.nextElement();
-                if (!JarFile.MANIFEST_NAME.equalsIgnoreCase
-                    (ze.getName())) {
-                    ze = null;
-                }
-            }
-        }
-        return ze;
-    }
-
-    /*
-     * Computes the digests of a zip entry, and returns them as an array
-     * of base64-encoded strings.
-     */
-    private synchronized String[] getDigests(ZipEntry ze, ZipFile zf,
-                                             MessageDigest[] digests)
-        throws IOException {
-
-        int n, i;
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            long left = ze.getSize();
-            while((left > 0)
-                && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                for (i=0; i<digests.length; i++) {
-                    digests[i].update(buffer, 0, n);
-                }
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-
-        // complete the digests
-        String[] base64Digests = new String[digests.length];
-        for (i=0; i<digests.length; i++) {
-            base64Digests[i] = Base64.getEncoder().encodeToString(digests[i].digest());
-        }
-        return base64Digests;
-    }
-
-    /*
-     * Computes the digests of a zip entry, and returns them as a list of
-     * attributes
-     */
-    private Attributes getDigestAttributes(ZipEntry ze, ZipFile zf,
-                                           MessageDigest[] digests)
-        throws IOException {
-
-        String[] base64Digests = getDigests(ze, zf, digests);
-        Attributes attrs = new Attributes();
-
-        for (int i=0; i<digests.length; i++) {
-            attrs.putValue(digests[i].getAlgorithm()+"-Digest",
-                           base64Digests[i]);
-        }
-        return attrs;
-    }
-
-    /*
-     * Updates the digest attributes of a manifest entry, by adding or
-     * replacing digest values.
-     * A digest value is added if the manifest entry does not contain a digest
-     * for that particular algorithm.
-     * A digest value is replaced if it is obsolete.
-     *
-     * Returns true if the manifest entry has been changed, and false
-     * otherwise.
-     */
-    private boolean updateDigests(ZipEntry ze, ZipFile zf,
-                                  MessageDigest[] digests,
-                                  Manifest mf) throws IOException {
-        boolean update = false;
-
-        Attributes attrs = mf.getAttributes(ze.getName());
-        String[] base64Digests = getDigests(ze, zf, digests);
-
-        for (int i=0; i<digests.length; i++) {
-            // The entry name to be written into attrs
-            String name = null;
-            try {
-                // Find if the digest already exists
-                AlgorithmId aid = AlgorithmId.get(digests[i].getAlgorithm());
-                for (Object key: attrs.keySet()) {
-                    if (key instanceof Attributes.Name) {
-                        String n = ((Attributes.Name)key).toString();
-                        if (n.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) {
-                            String tmp = n.substring(0, n.length() - 7);
-                            if (AlgorithmId.get(tmp).equals(aid)) {
-                                name = n;
-                                break;
-                            }
-                        }
-                    }
-                }
-            } catch (NoSuchAlgorithmException nsae) {
-                // Ignored. Writing new digest entry.
-            }
-
-            if (name == null) {
-                name = digests[i].getAlgorithm()+"-Digest";
-                attrs.putValue(name, base64Digests[i]);
-                update=true;
-            } else {
-                // compare digests, and replace the one in the manifest
-                // if they are different
-                String mfDigest = attrs.getValue(name);
-                if (!mfDigest.equalsIgnoreCase(base64Digests[i])) {
-                    attrs.putValue(name, base64Digests[i]);
-                    update=true;
-                }
-            }
-        }
-        return update;
-    }
-
-    /*
-     * Try to load the specified signing mechanism.
-     * The URL class loader is used.
-     */
-    private ContentSigner loadSigningMechanism(String signerClassName,
-        String signerClassPath) throws Exception {
-
-        // construct class loader
-        String cpString = null;   // make sure env.class.path defaults to dot
-
-        // do prepends to get correct ordering
-        cpString = PathList.appendPath(System.getProperty("env.class.path"), cpString);
-        cpString = PathList.appendPath(System.getProperty("java.class.path"), cpString);
-        cpString = PathList.appendPath(signerClassPath, cpString);
-        URL[] urls = PathList.pathToURLs(cpString);
-        ClassLoader appClassLoader = new URLClassLoader(urls);
-
-        // attempt to find signer
-        Class<?> signerClass = appClassLoader.loadClass(signerClassName);
-
-        // Check that it implements ContentSigner
-        Object signer = signerClass.newInstance();
-        if (!(signer instanceof ContentSigner)) {
-            MessageFormat form = new MessageFormat(
-                rb.getString("signerClass.is.not.a.signing.mechanism"));
-            Object[] source = {signerClass.getName()};
-            throw new IllegalArgumentException(form.format(source));
-        }
-        return (ContentSigner)signer;
-    }
-}
-
-class SignatureFile {
-
-    /** SignatureFile */
-    Manifest sf;
-
-    /** .SF base name */
-    String baseName;
-
-    public SignatureFile(MessageDigest digests[],
-                         Manifest mf,
-                         ManifestDigester md,
-                         String baseName,
-                         boolean signManifest)
-
-    {
-        this.baseName = baseName;
-
-        String version = System.getProperty("java.version");
-        String javaVendor = System.getProperty("java.vendor");
-
-        sf = new Manifest();
-        Attributes mattr = sf.getMainAttributes();
-
-        mattr.putValue(Attributes.Name.SIGNATURE_VERSION.toString(), "1.0");
-        mattr.putValue("Created-By", version + " (" + javaVendor + ")");
-
-        if (signManifest) {
-            // sign the whole manifest
-            for (int i=0; i < digests.length; i++) {
-                mattr.putValue(digests[i].getAlgorithm()+"-Digest-Manifest",
-                               Base64.getEncoder().encodeToString(md.manifestDigest(digests[i])));
-            }
-        }
-
-        // create digest of the manifest main attributes
-        ManifestDigester.Entry mde =
-                md.get(ManifestDigester.MF_MAIN_ATTRS, false);
-        if (mde != null) {
-            for (int i=0; i < digests.length; i++) {
-                mattr.putValue(digests[i].getAlgorithm() +
-                        "-Digest-" + ManifestDigester.MF_MAIN_ATTRS,
-                        Base64.getEncoder().encodeToString(mde.digest(digests[i])));
-            }
-        } else {
-            throw new IllegalStateException
-                ("ManifestDigester failed to create " +
-                "Manifest-Main-Attribute entry");
-        }
-
-        /* go through the manifest entries and create the digests */
-
-        Map<String,Attributes> entries = sf.getEntries();
-        Iterator<Map.Entry<String,Attributes>> mit =
-                                mf.getEntries().entrySet().iterator();
-        while(mit.hasNext()) {
-            Map.Entry<String,Attributes> e = mit.next();
-            String name = e.getKey();
-            mde = md.get(name, false);
-            if (mde != null) {
-                Attributes attr = new Attributes();
-                for (int i=0; i < digests.length; i++) {
-                    attr.putValue(digests[i].getAlgorithm()+"-Digest",
-                                  Base64.getEncoder().encodeToString(mde.digest(digests[i])));
-                }
-                entries.put(name, attr);
-            }
-        }
-    }
-
-    /**
-     * Writes the SignatureFile to the specified OutputStream.
-     *
-     * @param out the output stream
-     * @exception IOException if an I/O error has occurred
-     */
-
-    public void write(OutputStream out) throws IOException
-    {
-        sf.write(out);
-    }
-
-    /**
-     * get .SF file name
-     */
-    public String getMetaName()
-    {
-        return "META-INF/"+ baseName + ".SF";
-    }
-
-    /**
-     * get base file name
-     */
-    public String getBaseName()
-    {
-        return baseName;
-    }
-
-    /*
-     * Generate a signed data block.
-     * If a URL or a certificate (containing a URL) for a Timestamping
-     * Authority is supplied then a signature timestamp is generated and
-     * inserted into the signed data block.
-     *
-     * @param sigalg signature algorithm to use, or null to use default
-     * @param tsaUrl The location of the Timestamping Authority. If null
-     *               then no timestamp is requested.
-     * @param tsaCert The certificate for the Timestamping Authority. If null
-     *               then no timestamp is requested.
-     * @param signingMechanism The signing mechanism to use.
-     * @param args The command-line arguments to jarsigner.
-     * @param zipFile The original source Zip file.
-     */
-    public Block generateBlock(PrivateKey privateKey,
-                               String sigalg,
-                               X509Certificate[] certChain,
-                               boolean externalSF, String tsaUrl,
-                               X509Certificate tsaCert,
-                               String tSAPolicyID,
-                               String tSADigestAlg,
-                               ContentSigner signingMechanism,
-                               String[] args, ZipFile zipFile)
-        throws NoSuchAlgorithmException, InvalidKeyException, IOException,
-            SignatureException, CertificateException
-    {
-        return new Block(this, privateKey, sigalg, certChain, externalSF,
-                tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg, signingMechanism, args, zipFile);
-    }
-
-
-    public static class Block {
-
-        private byte[] block;
-        private String blockFileName;
-
-        /*
-         * Construct a new signature block.
-         */
-        Block(SignatureFile sfg, PrivateKey privateKey, String sigalg,
-            X509Certificate[] certChain, boolean externalSF, String tsaUrl,
-            X509Certificate tsaCert, String tSAPolicyID, String tSADigestAlg,
-            ContentSigner signingMechanism, String[] args, ZipFile zipFile)
-            throws NoSuchAlgorithmException, InvalidKeyException, IOException,
-            SignatureException, CertificateException {
-
-            Principal issuerName = certChain[0].getIssuerDN();
-            if (!(issuerName instanceof X500Name)) {
-                // must extract the original encoded form of DN for subsequent
-                // name comparison checks (converting to a String and back to
-                // an encoded DN could cause the types of String attribute
-                // values to be changed)
-                X509CertInfo tbsCert = new
-                    X509CertInfo(certChain[0].getTBSCertificate());
-                issuerName = (Principal)
-                    tbsCert.get(X509CertInfo.ISSUER + "." +
-                                X509CertInfo.DN_NAME);
-                }
-            BigInteger serial = certChain[0].getSerialNumber();
-
-            String signatureAlgorithm;
-            String keyAlgorithm = privateKey.getAlgorithm();
-            /*
-             * If no signature algorithm was specified, we choose a
-             * default that is compatible with the private key algorithm.
-             */
-            if (sigalg == null) {
-
-                if (keyAlgorithm.equalsIgnoreCase("DSA"))
-                    signatureAlgorithm = "SHA256withDSA";
-                else if (keyAlgorithm.equalsIgnoreCase("RSA"))
-                    signatureAlgorithm = "SHA256withRSA";
-                else if (keyAlgorithm.equalsIgnoreCase("EC"))
-                    signatureAlgorithm = "SHA256withECDSA";
-                else
-                    throw new RuntimeException("private key is not a DSA or "
-                                               + "RSA key");
-            } else {
-                signatureAlgorithm = sigalg;
-            }
-
-            // check common invalid key/signature algorithm combinations
-            String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
-            if ((sigAlgUpperCase.endsWith("WITHRSA") &&
-                !keyAlgorithm.equalsIgnoreCase("RSA")) ||
-                (sigAlgUpperCase.endsWith("WITHECDSA") &&
-                !keyAlgorithm.equalsIgnoreCase("EC")) ||
-                (sigAlgUpperCase.endsWith("WITHDSA") &&
-                !keyAlgorithm.equalsIgnoreCase("DSA"))) {
-                throw new SignatureException
-                    ("private key algorithm is not compatible with signature algorithm");
-            }
-
-            blockFileName = "META-INF/"+sfg.getBaseName()+"."+keyAlgorithm;
-
-            AlgorithmId sigAlg = AlgorithmId.get(signatureAlgorithm);
-            AlgorithmId digEncrAlg = AlgorithmId.get(keyAlgorithm);
-
-            Signature sig = Signature.getInstance(signatureAlgorithm);
-            sig.initSign(privateKey);
-
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            sfg.write(baos);
-
-            byte[] content = baos.toByteArray();
-
-            sig.update(content);
-            byte[] signature = sig.sign();
-
-            // Timestamp the signature and generate the signature block file
-            if (signingMechanism == null) {
-                signingMechanism = new TimestampedSigner();
-            }
-            URI tsaUri = null;
-            try {
-                if (tsaUrl != null) {
-                    tsaUri = new URI(tsaUrl);
-                }
-            } catch (URISyntaxException e) {
-                throw new IOException(e);
-            }
-
-            // Assemble parameters for the signing mechanism
-            ContentSignerParameters params =
-                new JarSignerParameters(args, tsaUri, tsaCert, tSAPolicyID,
-                        tSADigestAlg, signature,
-                    signatureAlgorithm, certChain, content, zipFile);
-
-            // Generate the signature block
-            block = signingMechanism.generateSignedData(
-                    params, externalSF, (tsaUrl != null || tsaCert != null));
-        }
-
-        /*
-         * get block file name.
-         */
-        public String getMetaName()
-        {
-            return blockFileName;
-        }
-
-        /**
-         * Writes the block file to the specified OutputStream.
-         *
-         * @param out the output stream
-         * @exception IOException if an I/O error has occurred
-         */
-
-        public void write(OutputStream out) throws IOException
-        {
-            out.write(block);
-        }
-    }
-}
-
-
-/*
- * This object encapsulates the parameters used to perform content signing.
- */
-class JarSignerParameters implements ContentSignerParameters {
-
-    private String[] args;
-    private URI tsa;
-    private X509Certificate tsaCertificate;
-    private byte[] signature;
-    private String signatureAlgorithm;
-    private X509Certificate[] signerCertificateChain;
-    private byte[] content;
-    private ZipFile source;
-    private String tSAPolicyID;
-    private String tSADigestAlg;
-
-    /**
-     * Create a new object.
-     */
-    JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate,
-        String tSAPolicyID, String tSADigestAlg,
-        byte[] signature, String signatureAlgorithm,
-        X509Certificate[] signerCertificateChain, byte[] content,
-        ZipFile source) {
-
-        if (signature == null || signatureAlgorithm == null ||
-            signerCertificateChain == null || tSADigestAlg == null) {
-            throw new NullPointerException();
-        }
-        this.args = args;
-        this.tsa = tsa;
-        this.tsaCertificate = tsaCertificate;
-        this.tSAPolicyID = tSAPolicyID;
-        this.tSADigestAlg = tSADigestAlg;
-        this.signature = signature;
-        this.signatureAlgorithm = signatureAlgorithm;
-        this.signerCertificateChain = signerCertificateChain;
-        this.content = content;
-        this.source = source;
-    }
-
-    /**
-     * Retrieves the command-line arguments.
-     *
-     * @return The command-line arguments. May be null.
-     */
-    public String[] getCommandLine() {
-        return args;
-    }
-
-    /**
-     * Retrieves the identifier for a Timestamping Authority (TSA).
-     *
-     * @return The TSA identifier. May be null.
-     */
-    public URI getTimestampingAuthority() {
-        return tsa;
-    }
-
-    /**
-     * Retrieves the certificate for a Timestamping Authority (TSA).
-     *
-     * @return The TSA certificate. May be null.
-     */
-    public X509Certificate getTimestampingAuthorityCertificate() {
-        return tsaCertificate;
-    }
-
-    public String getTSAPolicyID() {
-        return tSAPolicyID;
-    }
-
-    public String getTSADigestAlg() {
-        return tSADigestAlg;
-    }
-
-    /**
-     * Retrieves the signature.
-     *
-     * @return The non-null signature bytes.
-     */
-    public byte[] getSignature() {
-        return signature;
-    }
-
-    /**
-     * Retrieves the name of the signature algorithm.
-     *
-     * @return The non-null string name of the signature algorithm.
-     */
-    public String getSignatureAlgorithm() {
-        return signatureAlgorithm;
-    }
-
-    /**
-     * Retrieves the signer's X.509 certificate chain.
-     *
-     * @return The non-null array of X.509 public-key certificates.
-     */
-    public X509Certificate[] getSignerCertificateChain() {
-        return signerCertificateChain;
-    }
-
-    /**
-     * Retrieves the content that was signed.
-     *
-     * @return The content bytes. May be null.
-     */
-    public byte[] getContent() {
-        return content;
-    }
-
-    /**
-     * Retrieves the original source ZIP file before it was signed.
-     *
-     * @return The original ZIP file. May be null.
-     */
-    public ZipFile getSource() {
-        return source;
-    }
-}
--- a/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,261 +0,0 @@
-/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0} not a provider"},
-        {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"},
-        {"jarsigner.error.", "jarsigner error: "},
-        {"Illegal.option.", "Illegal option: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "-keystore must be NONE if -storetype is {0}"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "-keypass can not be specified if -storetype is {0}"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "If -protected is specified, then -storepass and -keypass must not be specified"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "If keystore is not password protected, then -storepass and -keypass must not be specified"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "Usage: jarsigner [options] jar-file alias"},
-        {".jarsigner.verify.options.jar.file.alias.",
-                "       jarsigner -verify [options] jar-file [alias...]"},
-        {".keystore.url.keystore.location",
-                "[-keystore <url>]           keystore location"},
-        {".storepass.password.password.for.keystore.integrity",
-            "[-storepass <password>]     password for keystore integrity"},
-        {".storetype.type.keystore.type",
-                "[-storetype <type>]         keystore type"},
-        {".keypass.password.password.for.private.key.if.different.",
-                "[-keypass <password>]       password for private key (if different)"},
-        {".certchain.file.name.of.alternative.certchain.file",
-                "[-certchain <file>]         name of alternative certchain file"},
-        {".sigfile.file.name.of.SF.DSA.file",
-                "[-sigfile <file>]           name of .SF/.DSA file"},
-        {".signedjar.file.name.of.signed.JAR.file",
-                "[-signedjar <file>]         name of signed JAR file"},
-        {".digestalg.algorithm.name.of.digest.algorithm",
-                "[-digestalg <algorithm>]    name of digest algorithm"},
-        {".sigalg.algorithm.name.of.signature.algorithm",
-                "[-sigalg <algorithm>]       name of signature algorithm"},
-        {".verify.verify.a.signed.JAR.file",
-                "[-verify]                   verify a signed JAR file"},
-        {".verbose.suboptions.verbose.output.when.signing.verifying.",
-                "[-verbose[:suboptions]]     verbose output when signing/verifying."},
-        {".suboptions.can.be.all.grouped.or.summary",
-                "                            suboptions can be all, grouped or summary"},
-        {".certs.display.certificates.when.verbose.and.verifying",
-                "[-certs]                    display certificates when verbose and verifying"},
-        {".tsa.url.location.of.the.Timestamping.Authority",
-                "[-tsa <url>]                location of the Timestamping Authority"},
-        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
-                "[-tsacert <alias>]          public key certificate for Timestamping Authority"},
-        {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
-                "[-tsapolicyid <oid>]        TSAPolicyID for Timestamping Authority"},
-        {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
-                "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        class name of an alternative signing mechanism"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] location of an alternative signing mechanism"},
-        {".internalsf.include.the.SF.file.inside.the.signature.block",
-                "[-internalsf]               include the .SF file inside the signature block"},
-        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
-                "[-sectionsonly]             don't compute hash of entire manifest"},
-        {".protected.keystore.has.protected.authentication.path",
-                "[-protected]                keystore has protected authentication path"},
-        {".providerName.name.provider.name",
-                "[-providerName <name>]      provider name"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <class>     name of cryptographic service provider's"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <arg>]] ... master class file and constructor argument"},
-        {".strict.treat.warnings.as.errors",
-                "[-strict]                   treat warnings as errors"},
-        {".conf.url.specify.a.pre.configured.options.file",
-                "[-conf <url>]               specify a pre-configured options file"},
-        {"Option.lacks.argument", "Option lacks argument"},
-        {"Please.type.jarsigner.help.for.usage", "Please type jarsigner -help for usage"},
-        {"Please.specify.jarfile.name", "Please specify jarfile name"},
-        {"Please.specify.alias.name", "Please specify alias name"},
-        {"Only.one.alias.can.be.specified", "Only one alias can be specified"},
-        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
-                 "This jar contains signed entries which are not signed by the specified alias(es)."},
-        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
-                  "This jar contains signed entries that are not signed by alias in this keystore."},
-        {"s", "s"},
-        {"m", "m"},
-        {"k", "k"},
-        {"i", "i"},
-        {".and.d.more.", "(and %d more)"},
-        {".s.signature.was.verified.",
-                "  s = signature was verified "},
-        {".m.entry.is.listed.in.manifest",
-                "  m = entry is listed in manifest"},
-        {".k.at.least.one.certificate.was.found.in.keystore",
-                "  k = at least one certificate was found in keystore"},
-        {".i.at.least.one.certificate.was.found.in.identity.scope",
-                "  i = at least one certificate was found in identity scope"},
-        {".X.not.signed.by.specified.alias.es.",
-                "  X = not signed by specified alias(es)"},
-        {"no.manifest.", "no manifest."},
-        {".Signature.related.entries.","(Signature related entries)"},
-        {".Unsigned.entries.", "(Unsigned entries)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar is unsigned. (signatures missing or not parsable)"},
-        {"jar.signed.", "jar signed."},
-        {"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
-        {"jar.verified.", "jar verified."},
-        {"jar.verified.with.signer.errors.", "jar verified, with signer errors."},
-        {"jarsigner.", "jarsigner: "},
-        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
-                "signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
-        {"unable.to.open.jar.file.", "unable to open jar file: "},
-        {"unable.to.create.", "unable to create: "},
-        {".adding.", "   adding: "},
-        {".updating.", " updating: "},
-        {".signing.", "  signing: "},
-        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
-                "attempt to rename {0} to {1} failed"},
-        {"attempt.to.rename.jarFile.to.origJar.failed",
-                "attempt to rename {0} to {1} failed"},
-        {"unable.to.sign.jar.", "unable to sign jar: "},
-        {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "},
-        {"keystore.load.", "keystore load: "},
-        {"certificate.exception.", "certificate exception: "},
-        {"unable.to.instantiate.keystore.class.",
-                "unable to instantiate keystore class: "},
-        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
-                "Certificate chain not found for: {0}.  {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."},
-        {"File.specified.by.certchain.does.not.exist",
-                "File specified by -certchain does not exist"},
-        {"Cannot.restore.certchain.from.file.specified",
-                "Cannot restore certchain from file specified"},
-        {"Certificate.chain.not.found.in.the.file.specified.",
-                "Certificate chain not found in the file specified."},
-        {"found.non.X.509.certificate.in.signer.s.chain",
-                "found non-X.509 certificate in signer's chain"},
-        {"incomplete.certificate.chain", "incomplete certificate chain"},
-        {"Enter.key.password.for.alias.", "Enter key password for {0}: "},
-        {"unable.to.recover.key.from.keystore",
-                "unable to recover key from keystore"},
-        {"key.associated.with.alias.not.a.private.key",
-                "key associated with {0} not a private key"},
-        {"you.must.enter.key.password", "you must enter key password"},
-        {"unable.to.read.password.", "unable to read password: "},
-        {"certificate.is.valid.from", "certificate is valid from {0} to {1}"},
-        {"certificate.expired.on", "certificate expired on {0}"},
-        {"certificate.is.not.valid.until",
-                "certificate is not valid until {0}"},
-        {"certificate.will.expire.on", "certificate will expire on {0}"},
-        {".CertPath.not.validated.", "[CertPath not validated: "},
-        {"requesting.a.signature.timestamp",
-                "requesting a signature timestamp"},
-        {"TSA.location.", "TSA location: "},
-        {"TSA.certificate.", "TSA certificate: "},
-        {"no.response.from.the.Timestamping.Authority.",
-                "no response from the Timestamping Authority. When connecting"
-                + " from behind a firewall an HTTP or HTTPS proxy may need to"
-                + " be specified. Supply the following options to jarsigner:"},
-        {"or", "or"},
-        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
-                "Certificate not found for: {0}.  {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."},
-        {"using.an.alternative.signing.mechanism",
-                "using an alternative signing mechanism"},
-        {"entry.was.signed.on", "entry was signed on {0}"},
-        {"Warning.", "Warning: "},
-        {"Error.", "Error: "},
-        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
-                "This jar contains unsigned entries which have not been integrity-checked. "},
-        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
-                "This jar contains entries whose signer certificate has expired. "},
-        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
-                "This jar contains entries whose signer certificate will expire within six months. "},
-        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
-                "This jar contains entries whose signer certificate is not yet valid. "},
-        {"Re.run.with.the.verbose.option.for.more.details.",
-                "Re-run with the -verbose option for more details."},
-        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
-                "Re-run with the -verbose and -certs options for more details."},
-        {"The.signer.certificate.has.expired.",
-                "The signer certificate has expired."},
-        {"The.signer.certificate.will.expire.within.six.months.",
-                "The signer certificate will expire within six months."},
-        {"The.signer.certificate.is.not.yet.valid.",
-                "The signer certificate is not yet valid."},
-        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {".{0}.extension.does.not.support.code.signing.",
-                 "[{0} extension does not support code signing]"},
-        {"The.signer.s.certificate.chain.is.not.validated.",
-                "The signer's certificate chain is not validated."},
-        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
-                 "This jar contains entries whose certificate chain is not validated."},
-        {"no.timestamp.signing",
-                "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
-        {"no.timestamp.verifying",
-                "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
-        {"Unknown.password.type.", "Unknown password type: "},
-        {"Cannot.find.environment.variable.",
-                "Cannot find environment variable: "},
-        {"Cannot.find.file.", "Cannot find file: "},
-    };
-
-    /**
-     * Returns the contents of this <code>ResourceBundle</code>.
-     *
-     * <p>
-     *
-     * @return the contents of this <code>ResourceBundle</code>.
-     */
-    @Override
-    public Object[][] getContents() {
-        return contents;
-    }
-}
--- a/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_ja.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources_ja extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"signerClass.is.not.a.signing.mechanism", "{0}\u306F\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"jarsigner.error.", "jarsigner\u30A8\u30E9\u30FC: "},
-        {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "-protected\u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u306F\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "\u4F7F\u7528\u65B9\u6CD5: jarsigner [options] jar-file alias"},
-        {".jarsigner.verify.options.jar.file.alias.",
-                "       jarsigner -verify [options] jar-file [alias...]"},
-        {".keystore.url.keystore.location",
-                "[-keystore <url>]           \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4F4D\u7F6E"},
-        {".storepass.password.password.for.keystore.integrity",
-            "[-storepass <password>]     \u30AD\u30FC\u30B9\u30C8\u30A2\u6574\u5408\u6027\u306E\u305F\u3081\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"},
-        {".storetype.type.keystore.type",
-                "[-storetype <type>]         \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u578B"},
-        {".keypass.password.password.for.private.key.if.different.",
-                "[-keypass <password>]       \u79D8\u5BC6\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9(\u7570\u306A\u308B\u5834\u5408)"},
-        {".certchain.file.name.of.alternative.certchain.file",
-                "[-certchain <file>]         \u4EE3\u66FF\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".sigfile.file.name.of.SF.DSA.file",
-                "[-sigfile <file>]           .SF/.DSA\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".signedjar.file.name.of.signed.JAR.file",
-                "[-signedjar <file>]         \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".digestalg.algorithm.name.of.digest.algorithm",
-                "[-digestalg <algorithm>]    \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"},
-        {".sigalg.algorithm.name.of.signature.algorithm",
-                "[-sigalg <algorithm>]       \u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"},
-        {".verify.verify.a.signed.JAR.file",
-                "[-verify]                   \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u8A3C"},
-        {".verbose.suboptions.verbose.output.when.signing.verifying.",
-                "[-verbose[:suboptions]]     \u7F72\u540D/\u691C\u8A3C\u6642\u306E\u8A73\u7D30\u51FA\u529B\u3002"},
-        {".suboptions.can.be.all.grouped.or.summary",
-                "                            \u30B5\u30D6\u30AA\u30D7\u30B7\u30E7\u30F3\u3068\u3057\u3066\u3001all\u3001grouped\u307E\u305F\u306Fsummary\u3092\u4F7F\u7528\u3067\u304D\u307E\u3059"},
-        {".certs.display.certificates.when.verbose.and.verifying",
-                "[-certs]                    \u8A73\u7D30\u51FA\u529B\u304A\u3088\u3073\u691C\u8A3C\u6642\u306B\u8A3C\u660E\u66F8\u3092\u8868\u793A"},
-        {".tsa.url.location.of.the.Timestamping.Authority",
-                "[-tsa <url>]                \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u5834\u6240"},
-        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
-                "[-tsacert <alias>]          \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u516C\u958B\u9375\u8A3C\u660E\u66F8"},
-        {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
-                "[-tsapolicyid <oid>]        \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306ETSAPolicyID"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u5834\u6240"},
-        {".internalsf.include.the.SF.file.inside.the.signature.block",
-                "[-internalsf]               \u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30D6\u30ED\u30C3\u30AF\u306B.SF\u30D5\u30A1\u30A4\u30EB\u3092\u542B\u3081\u308B"},
-        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
-                "[-sectionsonly]             \u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5168\u4F53\u306E\u30CF\u30C3\u30B7\u30E5\u306F\u8A08\u7B97\u3057\u306A\u3044"},
-        {".protected.keystore.has.protected.authentication.path",
-                "[-protected]                \u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F\u4FDD\u8B77\u3055\u308C\u305F\u8A8D\u8A3C\u30D1\u30B9\u304C\u3042\u308B"},
-        {".providerName.name.provider.name",
-                "[-providerName <name>]      \u30D7\u30ED\u30D0\u30A4\u30C0\u540D"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <class>     \u6697\u53F7\u5316\u30B5\u30FC\u30D3\u30B9\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u306E\u540D\u524D"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <arg>]] ... \u30DE\u30B9\u30BF\u30FC\u30FB\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3068\u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570"},
-        {".strict.treat.warnings.as.errors",
-                "[-strict]                   \u8B66\u544A\u3092\u30A8\u30E9\u30FC\u3068\u3057\u3066\u51E6\u7406"},
-        {"Option.lacks.argument", "\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u5F15\u6570\u304C\u3042\u308A\u307E\u305B\u3093"},
-        {"Please.type.jarsigner.help.for.usage", "\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306Fjarsigner -help\u3068\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Please.specify.jarfile.name", "jarfile\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Please.specify.alias.name", "\u5225\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Only.one.alias.can.be.specified", "\u5225\u540D\u306F1\u3064\u306E\u307F\u6307\u5B9A\u3067\u304D\u307E\u3059"},
-        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
-                 "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u6307\u5B9A\u3055\u308C\u305F\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
-                  "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u3053\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"s", "s"},
-        {"m", "m"},
-        {"k", "k"},
-        {"i", "i"},
-        {".and.d.more.", "(\u4ED6\u306B\u3082%d\u500B)"},
-        {".s.signature.was.verified.",
-                "  s=\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F "},
-        {".m.entry.is.listed.in.manifest",
-                "  m=\u30A8\u30F3\u30C8\u30EA\u304C\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5185\u306B\u30EA\u30B9\u30C8\u3055\u308C\u307E\u3059"},
-        {".k.at.least.one.certificate.was.found.in.keystore",
-                "  k=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {".i.at.least.one.certificate.was.found.in.identity.scope",
-                "  i=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30B9\u30B3\u30FC\u30D7\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {".X.not.signed.by.specified.alias.es.",
-                "  X =\u6307\u5B9A\u3057\u305F\u5225\u540D\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093"},
-        {"no.manifest.", "\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002"},
-        {".Signature.related.entries.","(\u30B7\u30B0\u30CD\u30C1\u30E3\u95A2\u9023\u30A8\u30F3\u30C8\u30EA)"},
-        {".Unsigned.entries.", "(\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002(\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u304B\u3001\u69CB\u6587\u89E3\u6790\u3067\u304D\u307E\u305B\u3093)"},
-        {"jar.verified.", "jar\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F\u3002"},
-        {"jarsigner.", "jarsigner: "},
-        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
-                "\u30B7\u30B0\u30CD\u30C1\u30E3\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u306B\u4F7F\u7528\u3067\u304D\u308B\u6587\u5B57\u306F\u3001A-Z\u30010-9\u3001_\u3001- \u306E\u307F\u3067\u3059\u3002"},
-        {"unable.to.open.jar.file.", "\u6B21\u306Ejar\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u304F\u3053\u3068\u304C\u3067\u304D\u307E\u305B\u3093: "},
-        {"unable.to.create.", "\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093: "},
-        {".adding.", "   \u8FFD\u52A0\u4E2D: "},
-        {".updating.", " \u66F4\u65B0\u4E2D: "},
-        {".signing.", "  \u7F72\u540D\u4E2D: "},
-        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
-                "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"},
-        {"attempt.to.rename.jarFile.to.origJar.failed",
-                "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"},
-        {"unable.to.sign.jar.", "jar\u306B\u7F72\u540D\u3067\u304D\u307E\u305B\u3093: "},
-        {"Enter.Passphrase.for.keystore.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "},
-        {"keystore.load.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30ED\u30FC\u30C9: "},
-        {"certificate.exception.", "\u8A3C\u660E\u66F8\u4F8B\u5916: "},
-        {"unable.to.instantiate.keystore.class.",
-                "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30AF\u30E9\u30B9\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u3092\u751F\u6210\u3067\u304D\u307E\u305B\u3093: "},
-        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
-                "\u6B21\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}\u3002{1}\u306F\u3001\u79D8\u5BC6\u9375\u304A\u3088\u3073\u5BFE\u5FDC\u3059\u308B\u516C\u958B\u9375\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u542B\u3080\u6709\u52B9\u306AKeyStore\u9375\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
-        {"File.specified.by.certchain.does.not.exist",
-                "-certchain\u3067\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"},
-        {"Cannot.restore.certchain.from.file.specified",
-                "\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"},
-        {"Certificate.chain.not.found.in.the.file.specified.",
-                "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u306B\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002"},
-        {"found.non.X.509.certificate.in.signer.s.chain",
-                "\u7F72\u540D\u8005\u306E\u9023\u9396\u5185\u3067\u975EX.509\u8A3C\u660E\u66F8\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {"incomplete.certificate.chain", "\u4E0D\u5B8C\u5168\u306A\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3"},
-        {"Enter.key.password.for.alias.", "{0}\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "},
-        {"unable.to.recover.key.from.keystore",
-                "\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u3089\u9375\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"},
-        {"key.associated.with.alias.not.a.private.key",
-                "{0}\u3068\u95A2\u9023\u4ED8\u3051\u3089\u308C\u305F\u9375\u306F\u3001\u79D8\u5BC6\u9375\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"you.must.enter.key.password", "\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"},
-        {"unable.to.read.password.", "\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u8AAD\u307F\u8FBC\u3081\u307E\u305B\u3093: "},
-        {"certificate.is.valid.from", "\u8A3C\u660E\u66F8\u306F{0}\u304B\u3089{1}\u307E\u3067\u6709\u52B9\u3067\u3059"},
-        {"certificate.expired.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3057\u305F"},
-        {"certificate.is.not.valid.until",
-                "\u8A3C\u660E\u66F8\u306F{0}\u307E\u3067\u6709\u52B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"certificate.will.expire.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3059"},
-        {".CertPath.not.validated.", "[CertPath\u304C\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "},
-        {"requesting.a.signature.timestamp",
-                "\u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u30EA\u30AF\u30A8\u30B9\u30C8"},
-        {"TSA.location.", "TSA\u306E\u5834\u6240: "},
-        {"TSA.certificate.", "TSA\u8A3C\u660E\u66F8: "},
-        {"no.response.from.the.Timestamping.Authority.",
-                "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u304B\u3089\u306E\u30EC\u30B9\u30DD\u30F3\u30B9\u304C\u3042\u308A\u307E\u305B\u3093\u3002\u30D5\u30A1\u30A4\u30A2\u30A6\u30A9\u30FC\u30EB\u3092\u4ECB\u3057\u3066\u63A5\u7D9A\u3059\u308B\u3068\u304D\u306F\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066HTTP\u307E\u305F\u306FHTTPS\u30D7\u30ED\u30AD\u30B7\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002jarsigner\u306B\u6B21\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044:"},
-        {"or", "\u307E\u305F\u306F"},
-        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
-                "\u8A3C\u660E\u66F8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F: {0}\u3002{1}\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306EX.509\u516C\u958B\u9375\u8A3C\u660E\u66F8\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u6709\u52B9\u306AKeyStore\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
-        {"using.an.alternative.signing.mechanism",
-                "\u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u4F7F\u7528"},
-        {"entry.was.signed.on", "\u30A8\u30F3\u30C8\u30EA\u306F{0}\u306B\u7F72\u540D\u3055\u308C\u307E\u3057\u305F"},
-        {"Warning.", "\u8B66\u544A: "},
-        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u671F\u9650\u5207\u308C\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u3068\u306A\u308B\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"Re.run.with.the.verbose.option.for.more.details.",
-                "\u8A73\u7D30\u306F\u3001-verbose\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
-        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
-                "\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
-        {"The.signer.certificate.has.expired.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"},
-        {"The.signer.certificate.will.expire.within.six.months.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
-        {"The.signer.certificate.is.not.yet.valid.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {".{0}.extension.does.not.support.code.signing.",
-                 "[{0}\u62E1\u5F35\u6A5F\u80FD\u306F\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u3066\u3044\u307E\u305B\u3093]"},
-        {"The.signer.s.certificate.chain.is.not.validated.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "},
-        {"Cannot.find.environment.variable.",
-                "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
-        {"Cannot.find.file.", "\u30D5\u30A1\u30A4\u30EB\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
-    };
-
-    /**
-     * Returns the contents of this <code>ResourceBundle</code>.
-     *
-     * <p>
-     *
-     * @return the contents of this <code>ResourceBundle</code>.
-     */
-    @Override
-    public Object[][] getContents() {
-        return contents;
-    }
-}
--- a/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources_zh_CN extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"},
-        {"signerClass.is.not.a.signing.mechanism", "{0}\u4E0D\u662F\u7B7E\u540D\u673A\u5236"},
-        {"jarsigner.error.", "jarsigner \u9519\u8BEF: "},
-        {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "\u7528\u6CD5: jarsigner [\u9009\u9879] jar-file \u522B\u540D"},
-        {".jarsigner.verify.options.jar.file.alias.",
-                "       jarsigner -verify [\u9009\u9879] jar-file [\u522B\u540D...]"},
-        {".keystore.url.keystore.location",
-                "[-keystore <url>]           \u5BC6\u94A5\u5E93\u4F4D\u7F6E"},
-        {".storepass.password.password.for.keystore.integrity",
-            "[-storepass <\u53E3\u4EE4>]         \u7528\u4E8E\u5BC6\u94A5\u5E93\u5B8C\u6574\u6027\u7684\u53E3\u4EE4"},
-        {".storetype.type.keystore.type",
-                "[-storetype <\u7C7B\u578B>]         \u5BC6\u94A5\u5E93\u7C7B\u578B"},
-        {".keypass.password.password.for.private.key.if.different.",
-                "[-keypass <\u53E3\u4EE4>]           \u79C1\u6709\u5BC6\u94A5\u7684\u53E3\u4EE4 (\u5982\u679C\u4E0D\u540C)"},
-        {".certchain.file.name.of.alternative.certchain.file",
-                "[-certchain <\u6587\u4EF6>]         \u66FF\u4EE3 certchain \u6587\u4EF6\u7684\u540D\u79F0"},
-        {".sigfile.file.name.of.SF.DSA.file",
-                "[-sigfile <\u6587\u4EF6>]           .SF/.DSA \u6587\u4EF6\u7684\u540D\u79F0"},
-        {".signedjar.file.name.of.signed.JAR.file",
-                "[-signedjar <\u6587\u4EF6>]         \u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6\u7684\u540D\u79F0"},
-        {".digestalg.algorithm.name.of.digest.algorithm",
-                "[-digestalg <\u7B97\u6CD5>]        \u6458\u8981\u7B97\u6CD5\u7684\u540D\u79F0"},
-        {".sigalg.algorithm.name.of.signature.algorithm",
-                "[-sigalg <\u7B97\u6CD5>]           \u7B7E\u540D\u7B97\u6CD5\u7684\u540D\u79F0"},
-        {".verify.verify.a.signed.JAR.file",
-                "[-verify]                   \u9A8C\u8BC1\u5DF2\u7B7E\u540D\u7684 JAR \u6587\u4EF6"},
-        {".verbose.suboptions.verbose.output.when.signing.verifying.",
-                "[-verbose[:suboptions]]     \u7B7E\u540D/\u9A8C\u8BC1\u65F6\u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u3002"},
-        {".suboptions.can.be.all.grouped.or.summary",
-                "                            \u5B50\u9009\u9879\u53EF\u4EE5\u662F all, grouped \u6216 summary"},
-        {".certs.display.certificates.when.verbose.and.verifying",
-                "[-certs]                    \u8F93\u51FA\u8BE6\u7EC6\u4FE1\u606F\u548C\u9A8C\u8BC1\u65F6\u663E\u793A\u8BC1\u4E66"},
-        {".tsa.url.location.of.the.Timestamping.Authority",
-                "[-tsa <url>]                \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u4F4D\u7F6E"},
-        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
-                "[-tsacert <\u522B\u540D>]           \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66"},
-        {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
-                "[-tsapolicyid <oid>]        \u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 TSAPolicyID"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <\u7C7B>]           \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u7C7B\u540D"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <\u8DEF\u5F84\u5217\u8868>] \u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236\u7684\u4F4D\u7F6E"},
-        {".internalsf.include.the.SF.file.inside.the.signature.block",
-                "[-internalsf]               \u5728\u7B7E\u540D\u5757\u5185\u5305\u542B .SF \u6587\u4EF6"},
-        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
-                "[-sectionsonly]             \u4E0D\u8BA1\u7B97\u6574\u4E2A\u6E05\u5355\u7684\u6563\u5217"},
-        {".protected.keystore.has.protected.authentication.path",
-                "[-protected]                \u5BC6\u94A5\u5E93\u5177\u6709\u53D7\u4FDD\u62A4\u9A8C\u8BC1\u8DEF\u5F84"},
-        {".providerName.name.provider.name",
-                "[-providerName <\u540D\u79F0>]      \u63D0\u4F9B\u65B9\u540D\u79F0"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <\u7C7B>        \u52A0\u5BC6\u670D\u52A1\u63D0\u4F9B\u65B9\u7684\u540D\u79F0"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <\u53C2\u6570>]]... \u4E3B\u7C7B\u6587\u4EF6\u548C\u6784\u9020\u5668\u53C2\u6570"},
-        {".strict.treat.warnings.as.errors",
-                "[-strict]                   \u5C06\u8B66\u544A\u89C6\u4E3A\u9519\u8BEF"},
-        {"Option.lacks.argument", "\u9009\u9879\u7F3A\u5C11\u53C2\u6570"},
-        {"Please.type.jarsigner.help.for.usage", "\u8BF7\u952E\u5165 jarsigner -help \u4EE5\u4E86\u89E3\u7528\u6CD5"},
-        {"Please.specify.jarfile.name", "\u8BF7\u6307\u5B9A jarfile \u540D\u79F0"},
-        {"Please.specify.alias.name", "\u8BF7\u6307\u5B9A\u522B\u540D"},
-        {"Only.one.alias.can.be.specified", "\u53EA\u80FD\u6307\u5B9A\u4E00\u4E2A\u522B\u540D"},
-        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
-                 "\u6B64 jar \u5305\u542B\u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"},
-        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
-                  "\u6B64 jar \u5305\u542B\u672A\u7531\u6B64\u5BC6\u94A5\u5E93\u4E2D\u7684\u522B\u540D\u7B7E\u540D\u7684\u5DF2\u7B7E\u540D\u6761\u76EE\u3002"},
-        {"s", "s"},
-        {"m", "m"},
-        {"k", "k"},
-        {"i", "i"},
-        {".and.d.more.", "(%d \u53CA\u4EE5\u4E0A)"},
-        {".s.signature.was.verified.",
-                "  s = \u5DF2\u9A8C\u8BC1\u7B7E\u540D "},
-        {".m.entry.is.listed.in.manifest",
-                "  m = \u5728\u6E05\u5355\u4E2D\u5217\u51FA\u6761\u76EE"},
-        {".k.at.least.one.certificate.was.found.in.keystore",
-                "  k = \u5728\u5BC6\u94A5\u5E93\u4E2D\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"},
-        {".i.at.least.one.certificate.was.found.in.identity.scope",
-                "  i = \u5728\u8EAB\u4EFD\u4F5C\u7528\u57DF\u5185\u81F3\u5C11\u627E\u5230\u4E86\u4E00\u4E2A\u8BC1\u4E66"},
-        {".X.not.signed.by.specified.alias.es.",
-                "  X = \u672A\u7531\u6307\u5B9A\u522B\u540D\u7B7E\u540D"},
-        {"no.manifest.", "\u6CA1\u6709\u6E05\u5355\u3002"},
-        {".Signature.related.entries.","(\u4E0E\u7B7E\u540D\u76F8\u5173\u7684\u6761\u76EE)"},
-        {".Unsigned.entries.", "(\u672A\u7B7E\u540D\u6761\u76EE)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar \u672A\u7B7E\u540D\u3002(\u7F3A\u5C11\u7B7E\u540D\u6216\u65E0\u6CD5\u89E3\u6790\u7B7E\u540D)"},
-        {"jar.verified.", "jar \u5DF2\u9A8C\u8BC1\u3002"},
-        {"jarsigner.", "jarsigner: "},
-        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
-                "\u7B7E\u540D\u6587\u4EF6\u540D\u5FC5\u987B\u5305\u542B\u4EE5\u4E0B\u5B57\u7B26: A-Z, 0-9, _ \u6216 -"},
-        {"unable.to.open.jar.file.", "\u65E0\u6CD5\u6253\u5F00 jar \u6587\u4EF6: "},
-        {"unable.to.create.", "\u65E0\u6CD5\u521B\u5EFA: "},
-        {".adding.", "   \u6B63\u5728\u6DFB\u52A0: "},
-        {".updating.", " \u6B63\u5728\u66F4\u65B0: "},
-        {".signing.", "  \u6B63\u5728\u7B7E\u540D: "},
-        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
-                "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"},
-        {"attempt.to.rename.jarFile.to.origJar.failed",
-                "\u5C1D\u8BD5\u5C06{0}\u91CD\u547D\u540D\u4E3A{1}\u65F6\u5931\u8D25"},
-        {"unable.to.sign.jar.", "\u65E0\u6CD5\u5BF9 jar \u8FDB\u884C\u7B7E\u540D: "},
-        {"Enter.Passphrase.for.keystore.", "\u8F93\u5165\u5BC6\u94A5\u5E93\u7684\u5BC6\u7801\u77ED\u8BED: "},
-        {"keystore.load.", "\u5BC6\u94A5\u5E93\u52A0\u8F7D: "},
-        {"certificate.exception.", "\u8BC1\u4E66\u5F02\u5E38\u9519\u8BEF: "},
-        {"unable.to.instantiate.keystore.class.",
-                "\u65E0\u6CD5\u5B9E\u4F8B\u5316\u5BC6\u94A5\u5E93\u7C7B: "},
-        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
-                "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u94FE\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u79C1\u6709\u5BC6\u94A5\u548C\u76F8\u5E94\u7684\u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u94FE\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u5BC6\u94A5\u6761\u76EE\u3002"},
-        {"File.specified.by.certchain.does.not.exist",
-                "\u7531 -certchain \u6307\u5B9A\u7684\u6587\u4EF6\u4E0D\u5B58\u5728"},
-        {"Cannot.restore.certchain.from.file.specified",
-                "\u65E0\u6CD5\u4ECE\u6307\u5B9A\u7684\u6587\u4EF6\u8FD8\u539F certchain"},
-        {"Certificate.chain.not.found.in.the.file.specified.",
-                "\u5728\u6307\u5B9A\u7684\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230\u8BC1\u4E66\u94FE\u3002"},
-        {"found.non.X.509.certificate.in.signer.s.chain",
-                "\u5728\u7B7E\u540D\u8005\u7684\u94FE\u4E2D\u627E\u5230\u975E X.509 \u8BC1\u4E66"},
-        {"incomplete.certificate.chain", "\u8BC1\u4E66\u94FE\u4E0D\u5B8C\u6574"},
-        {"Enter.key.password.for.alias.", "\u8F93\u5165{0}\u7684\u5BC6\u94A5\u53E3\u4EE4: "},
-        {"unable.to.recover.key.from.keystore",
-                "\u65E0\u6CD5\u4ECE\u5BC6\u94A5\u5E93\u4E2D\u6062\u590D\u5BC6\u94A5"},
-        {"key.associated.with.alias.not.a.private.key",
-                "\u4E0E{0}\u5173\u8054\u7684\u5BC6\u94A5\u4E0D\u662F\u79C1\u6709\u5BC6\u94A5"},
-        {"you.must.enter.key.password", "\u5FC5\u987B\u8F93\u5165\u5BC6\u94A5\u53E3\u4EE4"},
-        {"unable.to.read.password.", "\u65E0\u6CD5\u8BFB\u53D6\u53E3\u4EE4: "},
-        {"certificate.is.valid.from", "\u8BC1\u4E66\u7684\u6709\u6548\u671F\u4E3A{0}\u81F3{1}"},
-        {"certificate.expired.on", "\u8BC1\u4E66\u5230\u671F\u65E5\u671F\u4E3A {0}"},
-        {"certificate.is.not.valid.until",
-                "\u76F4\u5230{0}, \u8BC1\u4E66\u624D\u6709\u6548"},
-        {"certificate.will.expire.on", "\u8BC1\u4E66\u5C06\u5728{0}\u5230\u671F"},
-        {".CertPath.not.validated.", "[CertPath \u672A\u9A8C\u8BC1: "},
-        {"requesting.a.signature.timestamp",
-                "\u6B63\u5728\u8BF7\u6C42\u7B7E\u540D\u65F6\u95F4\u6233"},
-        {"TSA.location.", "TSA \u4F4D\u7F6E: "},
-        {"TSA.certificate.", "TSA \u8BC1\u4E66: "},
-        {"no.response.from.the.Timestamping.Authority.",
-                "\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u6CA1\u6709\u54CD\u5E94\u3002\u5982\u679C\u8981\u4ECE\u9632\u706B\u5899\u540E\u9762\u8FDE\u63A5, \u5219\u53EF\u80FD\u9700\u8981\u6307\u5B9A HTTP \u6216 HTTPS \u4EE3\u7406\u3002\u8BF7\u4E3A jarsigner \u63D0\u4F9B\u4EE5\u4E0B\u9009\u9879: "},
-        {"or", "\u6216"},
-        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
-                "\u627E\u4E0D\u5230{0}\u7684\u8BC1\u4E66\u3002{1}\u5FC5\u987B\u5F15\u7528\u5305\u542B\u65F6\u95F4\u6233\u9881\u53D1\u673A\u6784\u7684 X.509 \u516C\u5171\u5BC6\u94A5\u8BC1\u4E66\u7684\u6709\u6548\u5BC6\u94A5\u5E93\u6761\u76EE\u3002"},
-        {"using.an.alternative.signing.mechanism",
-                "\u6B63\u5728\u4F7F\u7528\u66FF\u4EE3\u7684\u7B7E\u540D\u673A\u5236"},
-        {"entry.was.signed.on", "\u6761\u76EE\u7684\u7B7E\u540D\u65E5\u671F\u4E3A {0}"},
-        {"Warning.", "\u8B66\u544A: "},
-        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
-                "\u6B64 jar \u5305\u542B\u5C1A\u672A\u8FDB\u884C\u5B8C\u6574\u6027\u68C0\u67E5\u7684\u672A\u7B7E\u540D\u6761\u76EE\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
-                "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u7684\u6761\u76EE\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
-                "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u7684\u6761\u76EE\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
-                "\u6B64 jar \u5305\u542B\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u7684\u6761\u76EE\u3002 "},
-        {"Re.run.with.the.verbose.option.for.more.details.",
-                "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"},
-        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
-                "\u6709\u5173\u8BE6\u7EC6\u4FE1\u606F, \u8BF7\u4F7F\u7528 -verbose \u548C -certs \u9009\u9879\u91CD\u65B0\u8FD0\u884C\u3002"},
-        {"The.signer.certificate.has.expired.",
-                "\u7B7E\u540D\u8005\u8BC1\u4E66\u5DF2\u8FC7\u671F\u3002"},
-        {"The.signer.certificate.will.expire.within.six.months.",
-                "\u7B7E\u540D\u8005\u8BC1\u4E66\u5C06\u5728\u516D\u4E2A\u6708\u5185\u8FC7\u671F\u3002"},
-        {"The.signer.certificate.is.not.yet.valid.",
-                "\u7B7E\u540D\u8005\u8BC1\u4E66\u4ECD\u65E0\u6548\u3002"},
-        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"},
-        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"},
-        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 KeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 ExtendedKeyUsage \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u6B64 jar \u5305\u542B\u7531\u4E8E\u7B7E\u540D\u8005\u8BC1\u4E66\u7684 NetscapeCertType \u6269\u5C55\u800C\u65E0\u6CD5\u8FDB\u884C\u4EE3\u7801\u7B7E\u540D\u7684\u6761\u76EE\u3002"},
-        {".{0}.extension.does.not.support.code.signing.",
-                 "[{0} \u6269\u5C55\u4E0D\u652F\u6301\u4EE3\u7801\u7B7E\u540D]"},
-        {"The.signer.s.certificate.chain.is.not.validated.",
-                "\u7B7E\u540D\u8005\u7684\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u3002"},
-        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
-                 "\u6B64 jar \u5305\u542B\u8BC1\u4E66\u94FE\u672A\u9A8C\u8BC1\u7684\u6761\u76EE\u3002"},
-        {"Unknown.password.type.", "\u672A\u77E5\u53E3\u4EE4\u7C7B\u578B: "},
-        {"Cannot.find.environment.variable.",
-                "\u627E\u4E0D\u5230\u73AF\u5883\u53D8\u91CF: "},
-        {"Cannot.find.file.", "\u627E\u4E0D\u5230\u6587\u4EF6: "},
-    };
-
-    /**
-     * Returns the contents of this <code>ResourceBundle</code>.
-     *
-     * <p>
-     *
-     * @return the contents of this <code>ResourceBundle</code>.
-     */
-    @Override
-    public Object[][] getContents() {
-        return contents;
-    }
-}
--- a/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,188 +0,0 @@
-/*
- * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-import java.io.IOException;
-import java.net.URI;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import com.sun.jarsigner.*;
-import sun.security.pkcs.PKCS7;
-import sun.security.util.*;
-import sun.security.x509.*;
-
-/**
- * This class implements a content signing service.
- * It generates a timestamped signature for a given content according to
- * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>.
- * The signature along with a trusted timestamp and the signer's certificate
- * are all packaged into a standard PKCS #7 Signed Data message.
- *
- * @author Vincent Ryan
- */
-
-public final class TimestampedSigner extends ContentSigner {
-
-    /*
-     * Object identifier for the subject information access X.509 certificate
-     * extension.
-     */
-    private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
-
-    /*
-     * Object identifier for the timestamping access descriptors.
-     */
-    private static final ObjectIdentifier AD_TIMESTAMPING_Id;
-    static {
-        ObjectIdentifier tmp = null;
-        try {
-            tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3");
-        } catch (IOException e) {
-            // ignore
-        }
-        AD_TIMESTAMPING_Id = tmp;
-    }
-
-    /**
-     * Instantiates a content signer that supports timestamped signatures.
-     */
-    public TimestampedSigner() {
-    }
-
-    /**
-     * Generates a PKCS #7 signed data message that includes a signature
-     * timestamp.
-     * This method is used when a signature has already been generated.
-     * The signature, a signature timestamp, the signer's certificate chain,
-     * and optionally the content that was signed, are packaged into a PKCS #7
-     * signed data message.
-     *
-     * @param params The non-null input parameters.
-     * @param omitContent true if the content should be omitted from the
-     *        signed data message. Otherwise the content is included.
-     * @param applyTimestamp true if the signature should be timestamped.
-     *        Otherwise timestamping is not performed.
-     * @return A PKCS #7 signed data message including a signature timestamp.
-     * @throws NoSuchAlgorithmException The exception is thrown if the signature
-     *         algorithm is unrecognised.
-     * @throws CertificateException The exception is thrown if an error occurs
-     *         while processing the signer's certificate or the TSA's
-     *         certificate.
-     * @throws IOException The exception is thrown if an error occurs while
-     *         generating the signature timestamp or while generating the signed
-     *         data message.
-     * @throws NullPointerException The exception is thrown if parameters is
-     *         null.
-     */
-    public byte[] generateSignedData(ContentSignerParameters params,
-        boolean omitContent, boolean applyTimestamp)
-            throws NoSuchAlgorithmException, CertificateException, IOException {
-
-        if (params == null) {
-            throw new NullPointerException();
-        }
-
-        // Parse the signature algorithm to extract the digest
-        // algorithm. The expected format is:
-        //     "<digest>with<encryption>"
-        // or  "<digest>with<encryption>and<mgf>"
-        String signatureAlgorithm = params.getSignatureAlgorithm();
-
-        X509Certificate[] signerChain = params.getSignerCertificateChain();
-        byte[] signature = params.getSignature();
-
-        // Include or exclude content
-        byte[] content = (omitContent == true) ? null : params.getContent();
-
-        URI tsaURI = null;
-        if (applyTimestamp) {
-            tsaURI = params.getTimestampingAuthority();
-            if (tsaURI == null) {
-                // Examine TSA cert
-                tsaURI = getTimestampingURI(
-                    params.getTimestampingAuthorityCertificate());
-                if (tsaURI == null) {
-                    throw new CertificateException(
-                        "Subject Information Access extension not found");
-                }
-            }
-        }
-        return PKCS7.generateSignedData(signature, signerChain, content,
-                                        params.getSignatureAlgorithm(), tsaURI,
-                                        params.getTSAPolicyID(),
-                                        params.getTSADigestAlg());
-    }
-
-    /**
-     * Examine the certificate for a Subject Information Access extension
-     * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>).
-     * The extension's <tt>accessMethod</tt> field should contain the object
-     * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its
-     * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.
-     *
-     * @param tsaCertificate An X.509 certificate for the TSA.
-     * @return An HTTP or HTTPS URI or null if none was found.
-     */
-    public static URI getTimestampingURI(X509Certificate tsaCertificate) {
-
-        if (tsaCertificate == null) {
-            return null;
-        }
-        // Parse the extensions
-        try {
-            byte[] extensionValue =
-                tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID);
-            if (extensionValue == null) {
-                return null;
-            }
-            DerInputStream der = new DerInputStream(extensionValue);
-            der = new DerInputStream(der.getOctetString());
-            DerValue[] derValue = der.getSequence(5);
-            AccessDescription description;
-            GeneralName location;
-            URIName uri;
-            for (int i = 0; i < derValue.length; i++) {
-                description = new AccessDescription(derValue[i]);
-                if (description.getAccessMethod()
-                        .equals((Object)AD_TIMESTAMPING_Id)) {
-                    location = description.getAccessLocation();
-                    if (location.getType() == GeneralNameInterface.NAME_URI) {
-                        uri = (URIName) location.getName();
-                        if (uri.getScheme().equalsIgnoreCase("http") ||
-                                uri.getScheme().equalsIgnoreCase("https")) {
-                            return uri.getURI();
-                        }
-                    }
-                }
-            }
-        } catch (IOException ioe) {
-            // ignore
-        }
-        return null;
-    }
-}
--- a/src/jdk.dev/share/classes/sun/security/tools/policytool/PolicyTool.java	Thu Mar 12 13:35:13 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4554 +0,0 @@
-/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.policytool;
-
-import java.io.*;
-import java.util.LinkedList;
-import java.util.ListIterator;
-import java.util.Vector;
-import java.util.Enumeration;
-import java.net.URL;
-import java.net.MalformedURLException;
-import java.lang.reflect.*;
-import java.text.Collator;
-import java.text.MessageFormat;
-import sun.security.util.PropertyExpander;
-import sun.security.util.PropertyExpander.ExpandException;
-import java.awt.Component;
-import java.awt.Container;
-import java.awt.Dimension;
-import java.awt.FileDialog;
-import java.awt.GridBagConstraints;
-import java.awt.GridBagLayout;
-import java.awt.Insets;
-import java.awt.Point;
-import java.awt.Toolkit;
-import java.awt.Window;
-import java.awt.event.*;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.*;
-import sun.security.provider.*;
-import sun.security.util.PolicyUtil;
-import javax.security.auth.x500.X500Principal;
-import javax.swing.*;
-import javax.swing.border.EmptyBorder;
-
-/**
- * PolicyTool may be used by users and administrators to configure the
- * overall java security policy (currently stored in the policy file).
- * Using PolicyTool administrators may add and remove policies from
- * the policy file. <p>
- *
- * @see java.security.Policy
- * @since   1.2
- */
-
-public class PolicyTool {
-
-    // for i18n
-    static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle(
-            "sun.security.tools.policytool.Resources");
-    static final Collator collator = Collator.getInstance();
-    static {
-        // this is for case insensitive string comparisons
-        collator.setStrength(Collator.PRIMARY);
-
-        // Support for Apple menu bar
-        if (System.getProperty("apple.laf.useScreenMenuBar") == null) {
-            System.setProperty("apple.laf.useScreenMenuBar", "true");
-        }
-        System.setProperty("apple.awt.application.name", getMessage("Policy.Tool"));
-
-        // Apply the system L&F if not specified with a system property.
-        if (System.getProperty("swing.defaultlaf") == null) {
-            try {
-                UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
-            } catch (Exception e) {
-                // ignore
-            }
-        }
-    }
-
-    // anyone can add warnings
-    Vector<String> warnings;
-    boolean newWarning = false;
-
-    // set to true if policy modified.
-    // this way upon exit we know if to ask the user to save changes
-    boolean modified = false;
-
-    private static final boolean testing = false;
-    private static final Class<?>[] TWOPARAMS = { String.class, String.class };
-    private static final Class<?>[] ONEPARAMS = { String.class };
-    private static final Class<?>[] NOPARAMS  = {};
-    /*
-     * All of the policy entries are read in from the
-     * policy file and stored here.  Updates to the policy entries
-     * using addEntry() and removeEntry() are made here.  To ultimately save
-     * the policy entries back to the policy file, the SavePolicy button
-     * must be clicked.
-     **/
-    private static String policyFileName = null;
-    private Vector<PolicyEntry> policyEntries = null;
-    private PolicyParser parser = null;
-
-    /* The public key alias information is stored here.  */
-    private KeyStore keyStore = null;
-    private String keyStoreName = " ";
-    private String keyStoreType = " ";
-    private String keyStoreProvider = " ";
-    private String keyStorePwdURL = " ";
-
-    /* standard PKCS11 KeyStore type */
-    private static final String P11KEYSTORE = "PKCS11";
-
-    /* reserved word for PKCS11 KeyStores */
-    private static final String NONE = "NONE";
-
-    /**
-     * default constructor
-     */
-    private PolicyTool() {
-        policyEntries = new Vector<PolicyEntry>();
-        parser = new PolicyParser();
-        warnings = new Vector<String>();
-    }
-
-    /**
-     * get the PolicyFileName
-     */
-    String getPolicyFileName() {
-        return policyFileName;
-    }
-
-    /**
-     * set the PolicyFileName
-     */
-    void setPolicyFileName(String policyFileName) {
-        PolicyTool.policyFileName = policyFileName;
-    }
-
-   /**
-    * clear keyStore info
-    */
-    void clearKeyStoreInfo() {
-        this.keyStoreName = null;
-        this.keyStoreType = null;
-        this.keyStoreProvider = null;
-        this.keyStorePwdURL = null;
-
-        this.keyStore = null;
-    }
-
-    /**
-     * get the keyStore URL name
-     */
-    String getKeyStoreName() {
-        return keyStoreName;
-    }
-
-    /**
-     * get the keyStore Type
-     */
-    String getKeyStoreType() {
-        return keyStoreType;
-    }
-
-    /**
-     * get the keyStore Provider
-     */
-    String getKeyStoreProvider() {
-        return keyStoreProvider;
-    }
-
-    /**
-     * get the keyStore password URL
-     */
-    String getKeyStorePwdURL() {
-        return keyStorePwdURL;
-    }
-
-    /**
-     * Open and read a policy file
-     */
-    void openPolicy(String filename) throws FileNotFoundException,
-                                        PolicyParser.ParsingException,
-                                        KeyStoreException,
-                                        CertificateException,
-                                        InstantiationException,
-                                        MalformedURLException,
-                                        IOException,
-                                        NoSuchAlgorithmException,
-                                        IllegalAccessException,
-                                        NoSuchMethodException,
-                                        UnrecoverableKeyException,
-                                        NoSuchProviderException,
-                                        ClassNotFoundException,
-                                        PropertyExpander.ExpandException,
-                                        InvocationTargetException {
-
-        newWarning = false;
-
-        // start fresh - blow away the current state
-        policyEntries = new Vector<PolicyEntry>();
-        parser = new PolicyParser();
-        warnings = new Vector<String>();
-        setPolicyFileName(null);
-        clearKeyStoreInfo();
-
-        // see if user is opening a NEW policy file
-        if (filename == null) {
-            modified = false;
-            return;
-        }
-
-        // Read in the policy entries from the file and
-        // populate the parser vector table.  The parser vector
-        // table only holds the entries as strings, so it only
-        // guarantees that the policies are syntactically
-        // correct.
-        setPolicyFileName(filename);
-        parser.read(new FileReader(filename));
-
-        // open the keystore
-        openKeyStore(parser.getKeyStoreUrl(), parser.getKeyStoreType(),
-                parser.getKeyStoreProvider(), parser.getStorePassURL());
-
-        // Update the local vector with the same policy entries.
-        // This guarantees that the policy entries are not only
-        // syntactically correct, but semantically valid as well.
-        Enumeration<PolicyParser.GrantEntry> enum_ = parser.grantElements();
-        while (enum_.hasMoreElements()) {
-            PolicyParser.GrantEntry ge = enum_.nextElement();
-
-            // see if all the signers have public keys
-            if (ge.signedBy != null) {
-
-                String signers[] = parseSigners(ge.signedBy);
-                for (int i = 0; i < signers.length; i++) {
-                    PublicKey pubKey = getPublicKeyAlias(signers[i]);
-                    if (pubKey == null) {
-                        newWarning = true;
-                        MessageFormat form = new MessageFormat(getMessage
-                            ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                        Object[] source = {signers[i]};
-                        warnings.addElement(form.format(source));
-                    }
-                }
-            }
-
-            // check to see if the Principals are valid
-            ListIterator<PolicyParser.PrincipalEntry> prinList =
-                                                ge.principals.listIterator(0);
-            while (prinList.hasNext()) {
-                PolicyParser.PrincipalEntry pe = prinList.next();
-                try {
-                    verifyPrincipal(pe.getPrincipalClass(),
-                                pe.getPrincipalName());
-                } catch (ClassNotFoundException fnfe) {
-                    newWarning = true;
-                    MessageFormat form = new MessageFormat(getMessage
-                                ("Warning.Class.not.found.class"));
-                    Object[] source = {pe.getPrincipalClass()};
-                    warnings.addElement(form.format(source));
-                }
-            }
-
-            // check to see if the Permissions are valid
-            Enumeration<PolicyParser.PermissionEntry> perms =
-                                                ge.permissionElements();
-            while (perms.hasMoreElements()) {
-                PolicyParser.PermissionEntry pe = perms.nextElement();
-                try {
-                    verifyPermission(pe.permission, pe.name, pe.action);
-                } catch (ClassNotFoundException fnfe) {
-                    newWarning = true;
-                    MessageFormat form = new MessageFormat(getMessage
-                                ("Warning.Class.not.found.class"));
-                    Object[] source = {pe.permission};
-                    warnings.addElement(form.format(source));
-                } catch (InvocationTargetException ite) {
-                    newWarning = true;
-                    MessageFormat form = new MessageFormat(getMessage
-                        ("Warning.Invalid.argument.s.for.constructor.arg"));
-                    Object[] source = {pe.permission};
-                    warnings.addElement(form.format(source));
-                }
-
-                // see if all the permission signers have public keys
-                if (pe.signedBy != null) {
-
-                    String signers[] = parseSigners(pe.signedBy);
-
-                    for (int i = 0; i < signers.length; i++) {
-                        PublicKey pubKey = getPublicKeyAlias(signers[i]);
-                        if (pubKey == null) {
-                            newWarning = true;
-                            MessageFormat form = new MessageFormat(getMessage
-                                ("Warning.A.public.key.for.alias.signers.i.does.not.exist.Make.sure.a.KeyStore.is.properly.configured."));
-                            Object[] source = {signers[i]};
-                            warnings.addElement(form.format(source));
-                        }
-                    }
-                }
-            }
-            PolicyEntry pEntry = new PolicyEntry(this, ge);
-            policyEntries.addElement(pEntry);
-        }
-
-        // just read in the policy -- nothing has been modified yet
-        modified = false;
-    }
-
-
-    /**
-     * Save a policy to a file
-     */
-    void savePolicy(String filename)
-    throws FileNotFoundException, IOException {
-        // save the policy entries to a file
-        parser.setKeyStoreUrl(keyStoreName);
-        parser.setKeyStoreType(keyStoreType);
-        parser.setKeyStoreProvider(keyStoreProvider);
-        parser.setStorePassURL(keyStorePwdURL);
-        parser.write(new FileWriter(filename));
-        modified = false;
-    }
-
-    /**
-     * Open the KeyStore
-     */
-    void openKeyStore(String name,
-                String type,
-                String provider,
-                String pwdURL) throws   KeyStoreException,
-                                        NoSuchAlgorithmException,
-                                        UnrecoverableKeyException,
-                                        IOException,
-                                        CertificateException,
-                                        NoSuchProviderException,
-                                        ExpandException {
-
-        if (name == null && type == null &&
-            provider == null && pwdURL == null) {
-
-            // policy did not specify a keystore during open
-            // or use wants to reset keystore values
-
-            this.keyStoreName = null;
-            this.keyStoreType = null;
-            this.keyStoreProvider = null;
-            this.keyStorePwdURL = null;
-
-            // caller will set (tool.modified = true) if appropriate
-
-            return;
-        }
-
-        URL policyURL = null;
-        if (policyFileName != null) {
-            File pfile = new File(policyFileName);
-            policyURL = new URL("file:" + pfile.getCanonicalPath());
-        }
-
-        // although PolicyUtil.getKeyStore may properly handle
-        // defaults and property expansion, we do it here so that
-        // if the call is successful, we can set the proper values
-        // (PolicyUtil.getKeyStore does not return expanded values)
-
-        if (name != null && name.length() > 0) {
-            name = PropertyExpander.expand(name).replace
-                                        (File.separatorChar, '/');
-        }
-        if (type == null || type.length() == 0) {
-            type = KeyStore.getDefaultType();
-        }
-        if (pwdURL != null && pwdURL.length() > 0) {
-            pwdURL = PropertyExpander.expand(pwdURL).replace
-                                        (File.separatorChar, '/');
-        }
-
-        try {
-            this.keyStore = PolicyUtil.getKeyStore(policyURL,
-                                                name,
-                                                type,
-                                                provider,
-                                                pwdURL,
-                                                null);
-        } catch (IOException ioe) {
-
-            // copied from sun.security.pkcs11.SunPKCS11
-            String MSG = "no password provided, and no callback handler " +
-                        "available for retrieving password";
-
-            Throwable cause = ioe.getCause();
-            if (cause != null &&
-                cause instanceof javax.security.auth.login.LoginException &&
-                MSG.equals(cause.getMessage())) {
-
-                // throw a more friendly exception message
-                throw new IOException(MSG);
-            } else {
-                throw ioe;
-            }
-        }
-
-        this.keyStoreName = name;
-        this.keyStoreType = type;
-        this.keyStoreProvider = provider;
-        this.keyStorePwdURL = pwdURL;
-
-        // caller will set (tool.modified = true)
-    }
-
-    /**
-     * Add a Grant entry to the overall policy at the specified index.
-     * A policy entry consists of a CodeSource.
-     */
-    boolean addEntry(PolicyEntry pe, int index) {
-
-        if (index < 0) {
-            // new entry -- just add it to the end
-            policyEntries.addElement(pe);
-            parser.add(pe.getGrantEntry());
-        } else {
-            // existing entry -- replace old one
-            PolicyEntry origPe = policyEntries.elementAt(index);
-            parser.replace(origPe.getGrantEntry(), pe.getGrantEntry());
-            policyEntries.setElementAt(pe, index);
-        }
-        return true;
-    }
-
-    /**
-     * Add a Principal entry to an existing PolicyEntry at the specified index.
-     * A Principal entry consists of a class, and name.
-     *
-     * If the principal already exists, it is not added again.
-     */
-    boolean addPrinEntry(PolicyEntry pe,
-                        PolicyParser.PrincipalEntry newPrin,
-                        int index) {
-
-        // first add the principal to the Policy Parser entry
-        PolicyParser.GrantEntry grantEntry = pe.getGrantEntry();
-        if (grantEntry.contains(newPrin) == true)
-            return false;
-
-        LinkedList<PolicyParser.PrincipalEntry> prinList =
-                                                grantEntry.principals;
-        if (index != -1)
-            prinList.set(index, newPrin);
-        else
-            prinList.add(newPrin);
-
-        modified = true;
-        return true;
-    }
-
-    /**
-     * Add a Permission entry to an existing PolicyEntry at the specified index.
-     * A Permission entry consists of a permission, name, and actions.
-     *
-     * If the permission already exists, it is not added again.
-     */
-    boolean addPermEntry(PolicyEntry pe,
-                        PolicyParser.PermissionEntry newPerm,
-                        int index) {
-
-        // first add the permission to the Policy Parser Vector
-        PolicyParser.GrantEntry grantEntry = pe.getGrantEntry();
-        if (grantEntry.contains(newPerm) == true)
-            return false;
-
-        Vector<PolicyParser.PermissionEntry> permList =
-                                                grantEntry.permissionEntries;
-        if (index != -1)
-            permList.setElementAt(newPerm, index);
-        else
-            permList.addElement(newPerm);
-
-        modified = true;
-        return true;
-    }
-
-    /**
-     * Remove a Permission entry from an existing PolicyEntry.
-     */
-    boolean removePermEntry(PolicyEntry pe,
-                        PolicyParser.PermissionEntry perm) {
-
-        // remove the Permission from the GrantEntry
-        PolicyParser.GrantEntry ppge = pe.getGrantEntry();
-        modified = ppge.remove(perm);
-        return modified;
-    }
-
-    /**
-     * remove an entry from the overall policy
-     */
-    boolean removeEntry(PolicyEntry pe) {
-
-        parser.remove(pe.getGrantEntry());
-        modified = true;
-        return (policyEntries.removeElement(pe));
-    }
-
-    /**
-     * retrieve all Policy Entries
-     */
-    PolicyEntry[] getEntry() {
-
-        if (policyEntries.size() > 0) {
-            PolicyEntry entries[] = new PolicyEntry[policyEntries.size()];
-            for (int i = 0; i < policyEntries.size(); i++)
-                entries[i] = policyEntries.elementAt(i);
-            return entries;
-        }
-        return null;
-    }
-
-    /**
-     * Retrieve the public key mapped to a particular name.
-     * If the key has expired, a KeyException is thrown.
-     */
-    PublicKey getPublicKeyAlias(String name) throws KeyStoreException {
-        if (keyStore == null) {
-            return null;
-        }
-
-        Certificate cert = keyStore.getCertificate(name);
-        if (cert == null) {
-            return null;
-        }
-        PublicKey pubKey = cert.getPublicKey();
-        return pubKey;
-    }
-
-    /**
-     * Retrieve all the alias names stored in the certificate database
-     */
-    String[] getPublicKeyAlias() throws KeyStoreException {
-
-        int numAliases = 0;
-        String aliases[] = null;
-
-        if (keyStore == null) {
-            return null;
-        }
-        Enumeration<String> enum_ = keyStore.aliases();
-
-        // first count the number of elements
-        while (enum_.hasMoreElements()) {
-            enum_.nextElement();
-            numAliases++;
-        }
-
-        if (numAliases > 0) {
-            // now copy them into an array
-            aliases = new String[numAliases];
-            numAliases = 0;
-            enum_ = keyStore.aliases();
-            while (enum_.hasMoreElements()) {
-                aliases[numAliases] = new String(enum_.nextElement());
-                numAliases++;
-            }
-        }
-        return aliases;
-    }
-
-    /**
-     * This method parses a single string of signers separated by commas
-     * ("jordan, duke, pippen") into an array of individual strings.
-     */
-    String[] parseSigners(String signedBy) {
-
-        String signers[] = null;
-        int numSigners = 1;
-        int signedByIndex = 0;
-        int commaIndex = 0;
-        int signerNum = 0;
-
-        // first pass thru "signedBy" counts the number of signers
-        while (commaIndex >= 0) {
-            commaIndex = signedBy.indexOf(',', signedByIndex);
-            if (commaIndex >= 0) {
-                numSigners++;
-                signedByIndex = commaIndex + 1;
-            }
-        }
-        signers = new String[numSigners];
-
-        // second pass thru "signedBy" transfers signers to array
-        commaIndex = 0;
-        signedByIndex = 0;
-        while (commaIndex >= 0) {
-            if ((commaIndex = signedBy.indexOf(',', signedByIndex)) >= 0) {
-                // transfer signer and ignore trailing part of the string
-                signers[signerNum] =
-                        signedBy.substring(signedByIndex, commaIndex).trim();
-                signerNum++;
-                signedByIndex = commaIndex + 1;
-            } else {
-                // we are at the end of the string -- transfer signer
-                signers[signerNum] = signedBy.substring(signedByIndex).trim();
-            }
-        }
-        return signers;
-    }
-
-    /**
-     * Check to see if the Principal contents are OK
-     */
-    void verifyPrincipal(String type, String name)
-        throws ClassNotFoundException,
-               InstantiationException
-    {
-        if (type.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS) ||
-            type.equals(PolicyParser.PrincipalEntry.REPLACE_NAME)) {
-            return;
-        }
-        Class<?> PRIN = Class.forName("java.security.Principal");
-        Class<?> pc = Class.forName(type, true,
-                Thread.currentThread().getContextClassLoader());
-        if (!PRIN.isAssignableFrom(pc)) {
-            MessageFormat form = new MessageFormat(getMessage
-                        ("Illegal.Principal.Type.type"));
-            Object[] source = {type};
-            throw new InstantiationException(form.format(source));
-        }
-
-        if (ToolDialog.X500_PRIN_CLASS.equals(pc.getName())) {
-            // PolicyParser checks validity of X500Principal name
-            // - PolicyTool needs to as well so that it doesn't store
-            //   an invalid name that can't be read in later
-            //
-            // this can throw an IllegalArgumentException
-            X500Principal newP = new X500Principal(name);
-        }
-    }
-
-    /**
-     * Check to see if the Permission contents are OK
-     */
-    @SuppressWarnings("fallthrough")
-    void verifyPermission(String type,
-                                    String name,
-                                    String actions)
-        throws ClassNotFoundException,
-               InstantiationException,
-               IllegalAccessException,
-               NoSuchMethodException,
-               InvocationTargetException
-    {
-
-        //XXX we might want to keep a hash of created factories...
-        Class<?> pc = Class.forName(type, true,
-                Thread.currentThread().getContextClassLoader());
-        Constructor<?> c = null;
-        Vector<String> objects = new Vector<>(2);
-        if (name != null) objects.add(name);
-        if (actions != null) objects.add(actions);
-        switch (objects.size()) {
-        case 0:
-            try {
-                c = pc.getConstructor(NOPARAMS);
-                break;
-            } catch (NoSuchMethodException ex) {
-                // proceed to the one-param constructor
-                objects.add(null);
-            }
-            /* fall through */
-        case 1:
-            try {
-                c = pc.getConstructor(ONEPARAMS);
-                break;
-            } catch (NoSuchMethodException ex) {
-                // proceed to the two-param constructor
-                objects.add(null);
-            }
-            /* fall through */
-        case 2:
-            c = pc.getConstructor(TWOPARAMS);
-            break;
-        }
-        Object parameters[] = objects.toArray();
-        Permission p = (Permission)c.newInstance(parameters);
-    }
-
-    /*
-     * Parse command line arguments.
-     */
-    static void parseArgs(String args[]) {
-        /* parse flags */
-        int n = 0;
-
-        for (n=0; (n < args.length) && args[n].startsWith("-"); n++) {
-
-            String flags = args[n];
-
-            if (collator.compare(flags, "-file") == 0) {
-                if (++n == args.length) usage();
-                policyFileName = args[n];
-            } else {
-                MessageFormat form = new MessageFormat(getMessage
-                                ("Illegal.option.option"));
-                Object[] source = { flags };
-                System.err.println(form.format(source));
-                usage();
-            }
-        }
-    }
-
-    static void usage() {
-        System.out.println(getMessage("Usage.policytool.options."));
-        System.out.println();
-        System.out.println(getMessage
-                (".file.file.policy.file.location"));
-        System.out.println();
-
-        System.exit(1);
-    }
-
-    /**
-     * run the PolicyTool
-     */
-    public static void main(String args[]) {
-        parseArgs(args);
-        SwingUtilities.invokeLater(new Runnable() {
-            public void run() {
-                ToolWindow tw = new ToolWindow(new PolicyTool());
-                tw.displayToolWindow(args);
-            }
-        });
-    }
-
-    // split instr to words according to capitalization,
-    // like, AWTControl -> A W T Control
-    // this method is for easy pronounciation
-    static String splitToWords(String instr) {
-        return instr.replaceAll("([A-Z])", " $1");
-    }
-
-    /**
-     * Returns the message corresponding to the key in the bundle.
-     * This is preferred over {@link #getString} because it removes
-     * any mnemonic '&' character in the string.
-     *
-     * @param key the key
-     *
-     * @return the message
-     */
-    static String getMessage(String key) {
-        return removeMnemonicAmpersand(rb.getString(key));
-    }
-
-
-    /**
-     * Returns the mnemonic for a message.
-     *
-     * @param key the key
-     *
-     * @return the mnemonic <code>int</code>
-     */
-    static int getMnemonicInt(String key) {
-        String message = rb.getString(key);
-        return (findMnemonicInt(message));
-    }
-
-    /**
-     * Returns the mnemonic display index for a message.
-     *
-     * @param key the key
-     *
-     * @return the mnemonic display index
-     */
-    static int getDisplayedMnemonicIndex(String key) {
-        String message = rb.getString(key);
-        return (findMnemonicIndex(message));
-    }
-
-    /**
-     * Finds the mnemonic character in a message.
-     *
-     * The mnemonic character is the first character followed by the first
-     * <code>&</code> that is not followed by another <code>&</code>.
-     *
-     * @return the mnemonic as an <code>int</code>, or <code>0</code> if it
-     *         can't be found.
-     */
-    private static int findMnemonicInt(String s) {
-        for (int i = 0; i < s.length() - 1; i++) {
-            if (s.charAt(i) == '&') {
-                if (s.charAt(i + 1) != '&') {
-                    return KeyEvent.getExtendedKeyCodeForChar(s.charAt(i + 1));
-                } else {
-                    i++;
-                }
-            }
-        }
-        return 0;
-    }
-
-    /**
-     * Finds the index of the mnemonic character in a message.
-     *
-     * The mnemonic character is the first character followed by the first
-     * <code>&</code> that is not followed by another <code>&</code>.
-     *
-     * @return the mnemonic character index as an <code>int</code>, or <code>-1</code> if it
-     *         can't be found.
-     */
-    private static int findMnemonicIndex(String s) {
-        for (int i = 0; i < s.length() - 1; i++) {
-            if (s.charAt(i) == '&') {
-                if (s.charAt(i + 1) != '&') {
-                    // Return the index of the '&' since it will be removed
-                    return i;
-                } else {
-                    i++;
-                }
-            }
-        }
-        return -1;
-    }
-
-    /**
-     * Removes the mnemonic identifier (<code>&</code>) from a string unless
-     * it's escaped by <code>&&</code> or placed at the end.
-     *
-     * @param message the message
-     *
-     * @return a message with the mnemonic identifier removed
-     */
-    private static String removeMnemonicAmpersand(String message) {
-        StringBuilder s = new StringBuilder();
-        for (int i = 0; i < message.length(); i++) {
-            char current = message.charAt(i);
-            if (current != '&' || i == message.length() - 1
-                    || message.charAt(i + 1) == '&') {
-                s.append(current);
-            }
-        }
-        return s.toString();
-    }
-}
-
-/**
- * Each entry in the policy configuration file is represented by a
- * PolicyEntry object.
- *
- * A PolicyEntry is a (CodeSource,Permission) pair.  The
- * CodeSource contains the (URL, PublicKey) that together identify
- * where the Java bytecodes come from and who (if anyone) signed
- * them.  The URL could refer to localhost.  The URL could also be
- * null, meaning that this policy entry is given to all comers, as
- * long as they match the signer field.  The signer could be null,
- * meaning the code is not signed.
- *
- * The Permission contains the (Type, Name, Action) triplet.
- *
- */
-class PolicyEntry {
-
-    private CodeSource codesource;
-    private PolicyTool tool;
-    private PolicyParser.GrantEntry grantEntry;
-    private boolean testing = false;
-
-    /**
-     * Create a PolicyEntry object from the information read in
-     * from a policy file.
-     */
-    PolicyEntry(PolicyTool tool, PolicyParser.GrantEntry ge)
-    throws MalformedURLException, NoSuchMethodException,
-    ClassNotFoundException, InstantiationException, IllegalAccessException,
-    InvocationTargetException, CertificateException,
-    IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
-
-        this.tool = tool;
-
-        URL location = null;
-
-        // construct the CodeSource
-        if (ge.codeBase != null)
-            location = new URL(ge.codeBase);
-        this.codesource = new CodeSource(location,
-            (java.security.cert.Certificate[]) null);
-
-        if (testing) {
-            System.out.println("Adding Policy Entry:");
-            System.out.println("    CodeBase = " + location);
-            System.out.println("    Signers = " + ge.signedBy);
-            System.out.println("    with " + ge.principals.size() +
-                    " Principals");
-        }
-
-        this.grantEntry = ge;
-    }
-
-    /**
-     * get the codesource associated with this PolicyEntry
-     */
-    CodeSource getCodeSource() {
-        return codesource;
-    }
-
-    /**
-     * get the GrantEntry associated with this PolicyEntry
-     */
-    PolicyParser.GrantEntry getGrantEntry() {
-        return grantEntry;
-    }
-
-    /**
-     * convert the header portion, i.e. codebase, signer, principals, of
-     * this policy entry into a string
-     */
-    String headerToString() {
-        String pString = principalsToString();
-        if (pString.length() == 0) {
-            return codebaseToString();
-        } else {
-            return codebaseToString() + ", " + pString;
-        }
-    }
-
-    /**
-     * convert the Codebase/signer portion of this policy entry into a string
-     */
-    String codebaseToString() {
-
-        String stringEntry = new String();
-
-        if (grantEntry.codeBase != null &&
-            grantEntry.codeBase.equals("") == false)
-            stringEntry = stringEntry.concat
-                                ("CodeBase \"" +
-                                grantEntry.codeBase +
-                                "\"");
-
-        if (grantEntry.signedBy != null &&
-            grantEntry.signedBy.equals("") == false)
-            stringEntry = ((stringEntry.length() > 0) ?
-                stringEntry.concat(", SignedBy \"" +
-                                grantEntry.signedBy +
-                                "\"") :
-                stringEntry.concat("SignedBy \"" +
-                                grantEntry.signedBy +
-                                "\""));
-
-        if (stringEntry.length() == 0)
-            return new String("CodeBase <ALL>");
-        return stringEntry;
-    }
-
-    /**
-     * convert the Principals portion of this policy entry into a string
-     */
-    String principalsToString() {
-        String result = "";
-        if ((grantEntry.principals != null) &&
-            (!grantEntry.principals.isEmpty())) {
-            StringBuilder sb = new StringBuilder(200);
-            ListIterator<PolicyParser.PrincipalEntry> list =
-                                grantEntry.principals.listIterator();
-            while (list.hasNext()) {
-                PolicyParser.PrincipalEntry pppe = list.next();
-                sb.append(" Principal ").append(pppe.getDisplayClass())
-                        .append(' ')
-                        .append(pppe.getDisplayName(true));
-                if (list.hasNext()) sb.append(", ");
-            }
-            result = sb.toString();
-        }
-        return result;
-    }
-
-    /**
-     * convert this policy entry into a PolicyParser.PermissionEntry
-     */
-    PolicyParser.PermissionEntry toPermissionEntry(Permission perm) {
-
-        String actions = null;
-
-        // get the actions
-        if (perm.getActions() != null &&
-            perm.getActions().trim() != "")
-                actions = perm.getActions();
-
-        PolicyParser.PermissionEntry pe = new PolicyParser.PermissionEntry
-                        (perm.getClass().getName(),
-                        perm.getName(),
-                        actions);
-        return pe;
-    }
-}
-
-/**
- * The main window for the PolicyTool
- */
-class ToolWindow extends JFrame {
-    // use serialVersionUID from JDK 1.2.2 for interoperability
-    private static final long serialVersionUID = 5682568601210376777L;
-
-    /* ESCAPE key */
-    static final KeyStroke escKey = KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0);
-
-    /* external paddings */
-    public static final Insets TOP_PADDING = new Insets(25,0,0,0);
-    public static final Insets BOTTOM_PADDING = new Insets(0,0,25,0);
-    public static final Insets LITE_BOTTOM_PADDING = new Insets(0,0,10,0);
-    public static final Insets LR_PADDING = new Insets(0,10,0,10);
-    public static final Insets TOP_BOTTOM_PADDING = new Insets(15, 0, 15, 0);
-    public static final Insets L_TOP_BOTTOM_PADDING = new Insets(5,10,15,0);
-    public static final Insets LR_TOP_BOTTOM_PADDING = new Insets(15, 4, 15, 4);
-    public static final Insets LR_BOTTOM_PADDING = new Insets(0,10,5,10);
-    public static final Insets L_BOTTOM_PADDING = new Insets(0,10,5,0);
-    public static final Insets R_BOTTOM_PADDING = new Insets(0, 0, 25, 5);
-    public static final Insets R_PADDING = new Insets(0, 0, 0, 5);
-
-    /* buttons and menus */
-    public static final String NEW_POLICY_FILE          = "New";
-    public static final String OPEN_POLICY_FILE         = "Open";
-    public static final String SAVE_POLICY_FILE         = "Save";
-    public static final String SAVE_AS_POLICY_FILE      = "Save.As";
-    public static final String VIEW_WARNINGS            = "View.Warning.Log";
-    public static final String QUIT                     = "Exit";
-    public static final String ADD_POLICY_ENTRY         = "Add.Policy.Entry";
-    public static final String EDIT_POLICY_ENTRY        = "Edit.Policy.Entry";
-    public static final String REMOVE_POLICY_ENTRY      = "Remove.Policy.Entry";
-    public static final String EDIT_KEYSTORE            = "Edit";
-    public static final String ADD_PUBKEY_ALIAS         = "Add.Public.Key.Alias";
-    public static final String REMOVE_PUBKEY_ALIAS      = "Remove.Public.Key.Alias";
-
-    /* gridbag index for components in the main window (MW) */
-    public static final int MW_FILENAME_LABEL           = 0;
-    public static final int MW_FILENAME_TEXTFIELD       = 1;
-    public static final int MW_PANEL                    = 2;
-    public static final int MW_ADD_BUTTON               = 0;
-    public static final int MW_EDIT_BUTTON              = 1;
-    public static final int MW_REMOVE_BUTTON            = 2;
-    public static final int MW_POLICY_LIST              = 3; // follows MW_PANEL
-
-    /* The preferred height of JTextField should match JComboBox. */
-    static final int TEXTFIELD_HEIGHT = new JComboBox<>().getPreferredSize().height;
-
-    private PolicyTool tool;
-
-    /**
-     * Constructor
-     */
-    ToolWindow(PolicyTool tool) {
-        this.tool = tool;
-    }
-
-    /**
-     * Don't call getComponent directly on the window
-     */
-    public Component getComponent(int n) {
-        Component c = getContentPane().getComponent(n);
-        if (c instanceof JScrollPane) {
-            c = ((JScrollPane)c).getViewport().getView();
-        }
-        return c;
-    }
-
-    /**
-     * Initialize the PolicyTool window with the necessary components
-     */
-    private void initWindow() {
-        // The ToolWindowListener will handle closing the window.
-        setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE);
-
-        // create the top menu bar
-        JMenuBar menuBar = new JMenuBar();
-
-        // create a File menu
-        JMenu menu = new JMenu();
-        configureButton(menu, "File");
-        ActionListener actionListener = new FileMenuListener(tool, this);
-        addMenuItem(menu, NEW_POLICY_FILE, actionListener, "N");
-        addMenuItem(menu, OPEN_POLICY_FILE, actionListener, "O");
-        addMenuItem(menu, SAVE_POLICY_FILE, actionListener, "S");
-        addMenuItem(menu, SAVE_AS_POLICY_FILE, actionListener, null);
-        addMenuItem(menu, VIEW_WARNINGS, actionListener, null);
-        addMenuItem(menu, QUIT, actionListener, null);
-        menuBar.add(menu);
-
-        // create a KeyStore menu
-        menu = new JMenu();
-        configureButton(menu, "KeyStore");
-        actionListener = new MainWindowListener(tool, this);
-        addMenuItem(menu, EDIT_KEYSTORE, actionListener, null);
-        menuBar.add(menu);
-        setJMenuBar(menuBar);
-
-        // Create some space around components
-        ((JPanel)getContentPane()).setBorder(new EmptyBorder(6, 6, 6, 6));
-
-        // policy entry listing
-        JLabel label = new JLabel(PolicyTool.getMessage("Policy.File."));
-        addNewComponent(this, label, MW_FILENAME_LABEL,
-                        0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        LR_TOP_BOTTOM_PADDING);
-        JTextField tf = new JTextField(50);
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Policy.File."));
-        tf.setEditable(false);
-        addNewComponent(this, tf, MW_FILENAME_TEXTFIELD,
-                        1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        LR_TOP_BOTTOM_PADDING);
-
-
-        // add ADD/REMOVE/EDIT buttons in a new panel
-        JPanel panel = new JPanel();
-        panel.setLayout(new GridBagLayout());
-
-        JButton button = new JButton();
-        configureButton(button, ADD_POLICY_ENTRY);
-        button.addActionListener(new MainWindowListener(tool, this));
-        addNewComponent(panel, button, MW_ADD_BUTTON,
-                        0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        LR_PADDING);
-
-        button = new JButton();
-        configureButton(button, EDIT_POLICY_ENTRY);
-        button.addActionListener(new MainWindowListener(tool, this));
-        addNewComponent(panel, button, MW_EDIT_BUTTON,
-                        1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        LR_PADDING);
-
-        button = new JButton();
-        configureButton(button, REMOVE_POLICY_ENTRY);
-        button.addActionListener(new MainWindowListener(tool, this));
-        addNewComponent(panel, button, MW_REMOVE_BUTTON,
-                        2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        LR_PADDING);
-
-        addNewComponent(this, panel, MW_PANEL,
-                        0, 2, 2, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        BOTTOM_PADDING);
-
-
-        String policyFile = tool.getPolicyFileName();
-        if (policyFile == null) {
-            String userHome;
-            userHome = java.security.AccessController.doPrivileged(
-                (PrivilegedAction<String>) () -> System.getProperty("user.home"));
-            policyFile = userHome + File.separatorChar + ".java.policy";
-        }
-
-        try {
-            // open the policy file
-            tool.openPolicy(policyFile);
-
-            // display the policy entries via the policy list textarea
-            DefaultListModel<String> listModel = new DefaultListModel<>();
-            JList<String> list = new JList<>(listModel);
-            list.setVisibleRowCount(15);
-            list.setSelectionMode(ListSelectionModel.SINGLE_SELECTION);
-            list.addMouseListener(new PolicyListListener(tool, this));
-            PolicyEntry entries[] = tool.getEntry();
-            if (entries != null) {
-                for (int i = 0; i < entries.length; i++) {
-                    listModel.addElement(entries[i].headerToString());
-                }
-            }
-            JTextField newFilename = (JTextField)
-                                getComponent(MW_FILENAME_TEXTFIELD);
-            newFilename.setText(policyFile);
-            initPolicyList(list);
-
-        } catch (FileNotFoundException fnfe) {
-            // add blank policy listing
-            JList<String> list = new JList<>(new DefaultListModel<>());
-            list.setVisibleRowCount(15);
-            list.setSelectionMode(ListSelectionModel.SINGLE_SELECTION);
-            list.addMouseListener(new PolicyListListener(tool, this));
-            initPolicyList(list);
-            tool.setPolicyFileName(null);
-            tool.modified = false;
-
-            // just add warning
-            tool.warnings.addElement(fnfe.toString());
-
-        } catch (Exception e) {
-            // add blank policy listing
-            JList<String> list = new JList<>(new DefaultListModel<>());
-            list.setVisibleRowCount(15);
-            list.setSelectionMode(ListSelectionModel.SINGLE_SELECTION);
-            list.addMouseListener(new PolicyListListener(tool, this));
-            initPolicyList(list);
-            tool.setPolicyFileName(null);
-            tool.modified = false;
-
-            // display the error
-            MessageFormat form = new MessageFormat(PolicyTool.getMessage
-                ("Could.not.open.policy.file.policyFile.e.toString."));
-            Object[] source = {policyFile, e.toString()};
-            displayErrorDialog(null, form.format(source));
-        }
-    }
-
-
-    // Platform specific modifier (control / command).
-    private int shortCutModifier = Toolkit.getDefaultToolkit().getMenuShortcutKeyMask();
-
-    private void addMenuItem(JMenu menu, String key, ActionListener actionListener, String accelerator) {
-        JMenuItem menuItem = new JMenuItem();
-        configureButton(menuItem, key);
-
-        if (PolicyTool.rb.containsKey(key + ".accelerator")) {
-            // Accelerator from resources takes precedence
-            accelerator = PolicyTool.getMessage(key + ".accelerator");
-        }
-
-        if (accelerator != null && !accelerator.isEmpty()) {
-            KeyStroke keyStroke;
-            if (accelerator.length() == 1) {
-                keyStroke = KeyStroke.getKeyStroke(KeyEvent.getExtendedKeyCodeForChar(accelerator.charAt(0)),
-                                                   shortCutModifier);
-            } else {
-                keyStroke = KeyStroke.getKeyStroke(accelerator);
-            }
-            menuItem.setAccelerator(keyStroke);
-        }
-
-        menuItem.addActionListener(actionListener);
-        menu.add(menuItem);
-    }
-
-    static void configureButton(AbstractButton button, String key) {
-        button.setText(PolicyTool.getMessage(key));
-        button.setActionCommand(key);
-
-        int mnemonicInt = PolicyTool.getMnemonicInt(key);
-        if (mnemonicInt > 0) {
-            button.setMnemonic(mnemonicInt);
-            button.setDisplayedMnemonicIndex(PolicyTool.getDisplayedMnemonicIndex(key));
-         }
-    }
-
-    static void configureLabelFor(JLabel label, JComponent component, String key) {
-        label.setText(PolicyTool.getMessage(key));
-        label.setLabelFor(component);
-
-        int mnemonicInt = PolicyTool.getMnemonicInt(key);
-        if (mnemonicInt > 0) {
-            label.setDisplayedMnemonic(mnemonicInt);
-            label.setDisplayedMnemonicIndex(PolicyTool.getDisplayedMnemonicIndex(key));
-         }
-    }
-
-
-    /**
-     * Add a component to the PolicyTool window
-     */
-    void addNewComponent(Container container, JComponent component,
-        int index, int gridx, int gridy, int gridwidth, int gridheight,
-        double weightx, double weighty, int fill, Insets is) {
-
-        if (container instanceof JFrame) {
-            container = ((JFrame)container).getContentPane();
-        } else if (container instanceof JDialog) {
-            container = ((JDialog)container).getContentPane();
-        }
-
-        // add the component at the specified gridbag index
-        container.add(component, index);
-
-        // set the constraints
-        GridBagLayout gbl = (GridBagLayout)container.getLayout();
-        GridBagConstraints gbc = new GridBagConstraints();
-        gbc.gridx = gridx;
-        gbc.gridy = gridy;
-        gbc.gridwidth = gridwidth;
-        gbc.gridheight = gridheight;
-        gbc.weightx = weightx;
-        gbc.weighty = weighty;
-        gbc.fill = fill;
-        if (is != null) gbc.insets = is;
-        gbl.setConstraints(component, gbc);
-    }
-
-
-    /**
-     * Add a component to the PolicyTool window without external padding
-     */
-    void addNewComponent(Container container, JComponent component,
-        int index, int gridx, int gridy, int gridwidth, int gridheight,
-        double weightx, double weighty, int fill) {
-
-        // delegate with "null" external padding
-        addNewComponent(container, component, index, gridx, gridy,
-                        gridwidth, gridheight, weightx, weighty,
-                        fill, null);
-    }
-
-
-    /**
-     * Init the policy_entry_list TEXTAREA component in the
-     * PolicyTool window
-     */
-    void initPolicyList(JList<String> policyList) {
-
-        // add the policy list to the window
-        //policyList.setPreferredSize(new Dimension(500, 350));
-        JScrollPane scrollPane = new JScrollPane(policyList);
-        addNewComponent(this, scrollPane, MW_POLICY_LIST,
-                        0, 3, 2, 1, 1.0, 1.0, GridBagConstraints.BOTH);
-    }
-
-    /**
-     * Replace the policy_entry_list TEXTAREA component in the
-     * PolicyTool window with an updated one.
-     */
-    void replacePolicyList(JList<String> policyList) {
-
-        // remove the original list of Policy Entries
-        // and add the new list of entries
-        @SuppressWarnings("unchecked")
-        JList<String> list = (JList<String>)getComponent(MW_POLICY_LIST);
-        list.setModel(policyList.getModel());
-    }
-
-    /**
-     * display the main PolicyTool window
-     */
-    void displayToolWindow(String args[]) {
-
-        setTitle(PolicyTool.getMessage("Policy.Tool"));
-        setResizable(true);
-        addWindowListener(new ToolWindowListener(tool, this));
-        //setBounds(135, 80, 500, 500);
-        getContentPane().setLayout(new GridBagLayout());
-
-        initWindow();
-        pack();
-        setLocationRelativeTo(null);
-
-        // display it
-        setVisible(true);
-
-        if (tool.newWarning == true) {
-            displayStatusDialog(this, PolicyTool.getMessage
-                ("Errors.have.occurred.while.opening.the.policy.configuration.View.the.Warning.Log.for.more.information."));
-        }
-    }
-
-    /**
-     * displays a dialog box describing an error which occurred.
-     */
-    void displayErrorDialog(Window w, String error) {
-        ToolDialog ed = new ToolDialog
-                (PolicyTool.getMessage("Error"), tool, this, true);
-
-        // find where the PolicyTool gui is
-        Point location = ((w == null) ?
-                getLocationOnScreen() : w.getLocationOnScreen());
-        //ed.setBounds(location.x + 50, location.y + 50, 600, 100);
-        ed.setLayout(new GridBagLayout());
-
-        JLabel label = new JLabel(error);
-        addNewComponent(ed, label, 0,
-                        0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
-
-        JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-        ActionListener okListener = new ErrorOKButtonListener(ed);
-        okButton.addActionListener(okListener);
-        addNewComponent(ed, okButton, 1,
-                        0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-        ed.getRootPane().setDefaultButton(okButton);
-        ed.getRootPane().registerKeyboardAction(okListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        ed.pack();
-        ed.setLocationRelativeTo(w);
-        ed.setVisible(true);
-    }
-
-    /**
-     * displays a dialog box describing an error which occurred.
-     */
-    void displayErrorDialog(Window w, Throwable t) {
-        if (t instanceof NoDisplayException) {
-            return;
-        }
-        if (t.getClass() == Exception.class) {
-            // Exception is usually thrown inside policytool for user
-            // interaction error. There is no need to show the type.
-            displayErrorDialog(w, t.getLocalizedMessage());
-        } else {
-            displayErrorDialog(w, t.toString());
-        }
-    }
-
-    /**
-     * displays a dialog box describing the status of an event
-     */
-    void displayStatusDialog(Window w, String status) {
-        ToolDialog sd = new ToolDialog
-                (PolicyTool.getMessage("Status"), tool, this, true);
-
-        // find the location of the PolicyTool gui
-        Point location = ((w == null) ?
-                getLocationOnScreen() : w.getLocationOnScreen());
-        //sd.setBounds(location.x + 50, location.y + 50, 500, 100);
-        sd.setLayout(new GridBagLayout());
-
-        JLabel label = new JLabel(status);
-        addNewComponent(sd, label, 0,
-                        0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
-
-        JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-        ActionListener okListener = new StatusOKButtonListener(sd);
-        okButton.addActionListener(okListener);
-        addNewComponent(sd, okButton, 1,
-                        0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-        sd.getRootPane().setDefaultButton(okButton);
-        sd.getRootPane().registerKeyboardAction(okListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        sd.pack();
-        sd.setLocationRelativeTo(w);
-        sd.setVisible(true);
-    }
-
-    /**
-     * display the warning log
-     */
-    void displayWarningLog(Window w) {
-
-        ToolDialog wd = new ToolDialog
-                (PolicyTool.getMessage("Warning"), tool, this, true);
-
-        // find the location of the PolicyTool gui
-        Point location = ((w == null) ?
-                getLocationOnScreen() : w.getLocationOnScreen());
-        //wd.setBounds(location.x + 50, location.y + 50, 500, 100);
-        wd.setLayout(new GridBagLayout());
-
-        JTextArea ta = new JTextArea();
-        ta.setEditable(false);
-        for (int i = 0; i < tool.warnings.size(); i++) {
-            ta.append(tool.warnings.elementAt(i));
-            ta.append(PolicyTool.getMessage("NEWLINE"));
-        }
-        addNewComponent(wd, ta, 0,
-                        0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                        BOTTOM_PADDING);
-        ta.setFocusable(false);
-
-        JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-        ActionListener okListener = new CancelButtonListener(wd);
-        okButton.addActionListener(okListener);
-        addNewComponent(wd, okButton, 1,
-                        0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                        LR_PADDING);
-
-        wd.getRootPane().setDefaultButton(okButton);
-        wd.getRootPane().registerKeyboardAction(okListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        wd.pack();
-        wd.setLocationRelativeTo(w);
-        wd.setVisible(true);
-    }
-
-    char displayYesNoDialog(Window w, String title, String prompt, String yes, String no) {
-
-        final ToolDialog tw = new ToolDialog
-                (title, tool, this, true);
-        Point location = ((w == null) ?
-                getLocationOnScreen() : w.getLocationOnScreen());
-        //tw.setBounds(location.x + 75, location.y + 100, 400, 150);
-        tw.setLayout(new GridBagLayout());
-
-        JTextArea ta = new JTextArea(prompt, 10, 50);
-        ta.setEditable(false);
-        ta.setLineWrap(true);
-        ta.setWrapStyleWord(true);
-        JScrollPane scrollPane = new JScrollPane(ta,
-                                                 JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED,
-                                                 JScrollPane.HORIZONTAL_SCROLLBAR_NEVER);
-        addNewComponent(tw, scrollPane, 0,
-                0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH);
-        ta.setFocusable(false);
-
-        JPanel panel = new JPanel();
-        panel.setLayout(new GridBagLayout());
-
-        // StringBuffer to store button press. Must be final.
-        final StringBuffer chooseResult = new StringBuffer();
-
-        JButton button = new JButton(yes);
-        button.addActionListener(new ActionListener() {
-            public void actionPerformed(ActionEvent e) {
-                chooseResult.append('Y');
-                tw.setVisible(false);
-                tw.dispose();
-            }
-        });
-        addNewComponent(panel, button, 0,
-                           0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           LR_PADDING);
-
-        button = new JButton(no);
-        button.addActionListener(new ActionListener() {
-            public void actionPerformed(ActionEvent e) {
-                chooseResult.append('N');
-                tw.setVisible(false);
-                tw.dispose();
-            }
-        });
-        addNewComponent(panel, button, 1,
-                           1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           LR_PADDING);
-
-        addNewComponent(tw, panel, 1,
-                0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-        tw.pack();
-        tw.setLocationRelativeTo(w);
-        tw.setVisible(true);
-        if (chooseResult.length() > 0) {
-            return chooseResult.charAt(0);
-        } else {
-            // I did encounter this once, don't why.
-            return 'N';
-        }
-    }
-
-}
-
-/**
- * General dialog window
- */
-class ToolDialog extends JDialog {
-    // use serialVersionUID from JDK 1.2.2 for interoperability
-    private static final long serialVersionUID = -372244357011301190L;
-
-    /* ESCAPE key */
-    static final KeyStroke escKey = KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0);
-
-    /* necessary constants */
-    public static final int NOACTION            = 0;
-    public static final int QUIT                = 1;
-    public static final int NEW                 = 2;
-    public static final int OPEN                = 3;
-
-    public static final String ALL_PERM_CLASS   =
-                "java.security.AllPermission";
-    public static final String FILE_PERM_CLASS  =
-                "java.io.FilePermission";
-
-    public static final String X500_PRIN_CLASS         =
-                "javax.security.auth.x500.X500Principal";
-
-    /* popup menus */
-    public static final String PERM             =
-        PolicyTool.getMessage
-        ("Permission.");
-
-    public static final String PRIN_TYPE        =
-        PolicyTool.getMessage("Principal.Type.");
-    public static final String PRIN_NAME        =
-        PolicyTool.getMessage("Principal.Name.");
-
-    /* more popu menus */
-    public static final String PERM_NAME        =
-        PolicyTool.getMessage
-        ("Target.Name.");
-
-    /* and more popup menus */
-    public static final String PERM_ACTIONS             =
-      PolicyTool.getMessage
-      ("Actions.");
-
-    /* gridbag index for display PolicyEntry (PE) components */
-    public static final int PE_CODEBASE_LABEL           = 0;
-    public static final int PE_CODEBASE_TEXTFIELD       = 1;
-    public static final int PE_SIGNEDBY_LABEL           = 2;
-    public static final int PE_SIGNEDBY_TEXTFIELD       = 3;
-
-    public static final int PE_PANEL0                   = 4;
-    public static final int PE_ADD_PRIN_BUTTON          = 0;
-    public static final int PE_EDIT_PRIN_BUTTON         = 1;
-    public static final int PE_REMOVE_PRIN_BUTTON       = 2;
-
-    public static final int PE_PRIN_LABEL               = 5;
-    public static final int PE_PRIN_LIST                = 6;
-
-    public static final int PE_PANEL1                   = 7;
-    public static final int PE_ADD_PERM_BUTTON          = 0;
-    public static final int PE_EDIT_PERM_BUTTON         = 1;
-    public static final int PE_REMOVE_PERM_BUTTON       = 2;
-
-    public static final int PE_PERM_LIST                = 8;
-
-    public static final int PE_PANEL2                   = 9;
-    public static final int PE_CANCEL_BUTTON            = 1;
-    public static final int PE_DONE_BUTTON              = 0;
-
-    /* the gridbag index for components in the Principal Dialog (PRD) */
-    public static final int PRD_DESC_LABEL              = 0;
-    public static final int PRD_PRIN_CHOICE             = 1;
-    public static final int PRD_PRIN_TEXTFIELD          = 2;
-    public static final int PRD_NAME_LABEL              = 3;
-    public static final int PRD_NAME_TEXTFIELD          = 4;
-    public static final int PRD_CANCEL_BUTTON           = 6;
-    public static final int PRD_OK_BUTTON               = 5;
-
-    /* the gridbag index for components in the Permission Dialog (PD) */
-    public static final int PD_DESC_LABEL               = 0;
-    public static final int PD_PERM_CHOICE              = 1;
-    public static final int PD_PERM_TEXTFIELD           = 2;
-    public static final int PD_NAME_CHOICE              = 3;
-    public static final int PD_NAME_TEXTFIELD           = 4;
-    public static final int PD_ACTIONS_CHOICE           = 5;
-    public static final int PD_ACTIONS_TEXTFIELD        = 6;
-    public static final int PD_SIGNEDBY_LABEL           = 7;
-    public static final int PD_SIGNEDBY_TEXTFIELD       = 8;
-    public static final int PD_CANCEL_BUTTON            = 10;
-    public static final int PD_OK_BUTTON                = 9;
-
-    /* modes for KeyStore */
-    public static final int EDIT_KEYSTORE               = 0;
-
-    /* the gridbag index for components in the Change KeyStore Dialog (KSD) */
-    public static final int KSD_NAME_LABEL              = 0;
-    public static final int KSD_NAME_TEXTFIELD          = 1;
-    public static final int KSD_TYPE_LABEL              = 2;
-    public static final int KSD_TYPE_TEXTFIELD          = 3;
-    public static final int KSD_PROVIDER_LABEL          = 4;
-    public static final int KSD_PROVIDER_TEXTFIELD      = 5;
-    public static final int KSD_PWD_URL_LABEL           = 6;
-    public static final int KSD_PWD_URL_TEXTFIELD       = 7;
-    public static final int KSD_CANCEL_BUTTON           = 9;
-    public static final int KSD_OK_BUTTON               = 8;
-
-    /* the gridbag index for components in the User Save Changes Dialog (USC) */
-    public static final int USC_LABEL                   = 0;
-    public static final int USC_PANEL                   = 1;
-    public static final int USC_YES_BUTTON              = 0;
-    public static final int USC_NO_BUTTON               = 1;
-    public static final int USC_CANCEL_BUTTON           = 2;
-
-    /* gridbag index for the ConfirmRemovePolicyEntryDialog (CRPE) */
-    public static final int CRPE_LABEL1                 = 0;
-    public static final int CRPE_LABEL2                 = 1;
-    public static final int CRPE_PANEL                  = 2;
-    public static final int CRPE_PANEL_OK               = 0;
-    public static final int CRPE_PANEL_CANCEL           = 1;
-
-    /* some private static finals */
-    private static final int PERMISSION                 = 0;
-    private static final int PERMISSION_NAME            = 1;
-    private static final int PERMISSION_ACTIONS         = 2;
-    private static final int PERMISSION_SIGNEDBY        = 3;
-    private static final int PRINCIPAL_TYPE             = 4;
-    private static final int PRINCIPAL_NAME             = 5;
-
-    /* The preferred height of JTextField should match JComboBox. */
-    static final int TEXTFIELD_HEIGHT = new JComboBox<>().getPreferredSize().height;
-
-    public static java.util.ArrayList<Perm> PERM_ARRAY;
-    public static java.util.ArrayList<Prin> PRIN_ARRAY;
-    PolicyTool tool;
-    ToolWindow tw;
-
-    static {
-
-        // set up permission objects
-
-        PERM_ARRAY = new java.util.ArrayList<Perm>();
-        PERM_ARRAY.add(new AllPerm());
-        PERM_ARRAY.add(new AudioPerm());
-        PERM_ARRAY.add(new AuthPerm());
-        PERM_ARRAY.add(new AWTPerm());
-        PERM_ARRAY.add(new DelegationPerm());
-        PERM_ARRAY.add(new FilePerm());
-        PERM_ARRAY.add(new URLPerm());
-        PERM_ARRAY.add(new InqSecContextPerm());
-        PERM_ARRAY.add(new LogPerm());
-        PERM_ARRAY.add(new MgmtPerm());
-        PERM_ARRAY.add(new MBeanPerm());
-        PERM_ARRAY.add(new MBeanSvrPerm());
-        PERM_ARRAY.add(new MBeanTrustPerm());
-        PERM_ARRAY.add(new NetPerm());
-        PERM_ARRAY.add(new NetworkPerm());
-        PERM_ARRAY.add(new PrivCredPerm());
-        PERM_ARRAY.add(new PropPerm());
-        PERM_ARRAY.add(new ReflectPerm());
-        PERM_ARRAY.add(new RuntimePerm());
-        PERM_ARRAY.add(new SecurityPerm());
-        PERM_ARRAY.add(new SerialPerm());
-        PERM_ARRAY.add(new ServicePerm());
-        PERM_ARRAY.add(new SocketPerm());
-        PERM_ARRAY.add(new SQLPerm());
-        PERM_ARRAY.add(new SSLPerm());
-        PERM_ARRAY.add(new SubjDelegPerm());
-
-        // set up principal objects
-
-        PRIN_ARRAY = new java.util.ArrayList<Prin>();
-        PRIN_ARRAY.add(new KrbPrin());
-        PRIN_ARRAY.add(new X500Prin());
-    }
-
-    ToolDialog(String title, PolicyTool tool, ToolWindow tw, boolean modal) {
-        super(tw, modal);
-        setTitle(title);
-        this.tool = tool;
-        this.tw = tw;
-        addWindowListener(new ChildWindowListener(this));
-
-        // Create some space around components
-        ((JPanel)getContentPane()).setBorder(new EmptyBorder(6, 6, 6, 6));
-    }
-
-    /**
-     * Don't call getComponent directly on the window
-     */
-    public Component getComponent(int n) {
-        Component c = getContentPane().getComponent(n);
-        if (c instanceof JScrollPane) {
-            c = ((JScrollPane)c).getViewport().getView();
-        }
-        return c;
-    }
-
-    /**
-     * get the Perm instance based on either the (shortened) class name
-     * or the fully qualified class name
-     */
-    static Perm getPerm(String clazz, boolean fullClassName) {
-        for (int i = 0; i < PERM_ARRAY.size(); i++) {
-            Perm next = PERM_ARRAY.get(i);
-            if (fullClassName) {
-                if (next.FULL_CLASS.equals(clazz)) {
-                    return next;
-                }
-            } else {
-                if (next.CLASS.equals(clazz)) {
-                    return next;
-                }
-            }
-        }
-        return null;
-    }
-
-    /**
-     * get the Prin instance based on either the (shortened) class name
-     * or the fully qualified class name
-     */
-    static Prin getPrin(String clazz, boolean fullClassName) {
-        for (int i = 0; i < PRIN_ARRAY.size(); i++) {
-            Prin next = PRIN_ARRAY.get(i);
-            if (fullClassName) {
-                if (next.FULL_CLASS.equals(clazz)) {
-                    return next;
-                }
-            } else {
-                if (next.CLASS.equals(clazz)) {
-                    return next;
-                }
-            }
-        }
-        return null;
-    }
-
-    /**
-     * pop up a dialog so the user can enter info to add a new PolicyEntry
-     * - if edit is TRUE, then the user is editing an existing entry
-     *   and we should display the original info as well.
-     *
-     * - the other reason we need the 'edit' boolean is we need to know
-     *   when we are adding a NEW policy entry.  in this case, we can
-     *   not simply update the existing entry, because it doesn't exist.
-     *   we ONLY update the GUI listing/info, and then when the user
-     *   finally clicks 'OK' or 'DONE', then we can collect that info
-     *   and add it to the policy.
-     */
-    void displayPolicyEntryDialog(boolean edit) {
-
-        int listIndex = 0;
-        PolicyEntry entries[] = null;
-        TaggedList prinList = new TaggedList(3, false);
-        prinList.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Principal.List"));
-        prinList.addMouseListener
-                (new EditPrinButtonListener(tool, tw, this, edit));
-        TaggedList permList = new TaggedList(10, false);
-        permList.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Permission.List"));
-        permList.addMouseListener
-                (new EditPermButtonListener(tool, tw, this, edit));
-
-        // find where the PolicyTool gui is
-        Point location = tw.getLocationOnScreen();
-        //setBounds(location.x + 75, location.y + 200, 650, 500);
-        setLayout(new GridBagLayout());
-        setResizable(true);
-
-        if (edit) {
-            // get the selected item
-            entries = tool.getEntry();
-            @SuppressWarnings("unchecked")
-            JList<String> policyList = (JList<String>)tw.getComponent(ToolWindow.MW_POLICY_LIST);
-            listIndex = policyList.getSelectedIndex();
-
-            // get principal list
-            LinkedList<PolicyParser.PrincipalEntry> principals =
-                entries[listIndex].getGrantEntry().principals;
-            for (int i = 0; i < principals.size(); i++) {
-                String prinString = null;
-                PolicyParser.PrincipalEntry nextPrin = principals.get(i);
-                prinList.addTaggedItem(PrincipalEntryToUserFriendlyString(nextPrin), nextPrin);
-            }
-
-            // get permission list
-            Vector<PolicyParser.PermissionEntry> permissions =
-                entries[listIndex].getGrantEntry().permissionEntries;
-            for (int i = 0; i < permissions.size(); i++) {
-                String permString = null;
-                PolicyParser.PermissionEntry nextPerm =
-                                                permissions.elementAt(i);
-                permList.addTaggedItem(ToolDialog.PermissionEntryToUserFriendlyString(nextPerm), nextPerm);
-            }
-        }
-
-        // codebase label and textfield
-        JLabel label = new JLabel();
-        tw.addNewComponent(this, label, PE_CODEBASE_LABEL,
-                0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                ToolWindow.R_PADDING);
-        JTextField tf;
-        tf = (edit ?
-                new JTextField(entries[listIndex].getGrantEntry().codeBase) :
-                new JTextField());
-        ToolWindow.configureLabelFor(label, tf, "CodeBase.");
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Code.Base"));
-        tw.addNewComponent(this, tf, PE_CODEBASE_TEXTFIELD,
-                1, 0, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH);
-
-        // signedby label and textfield
-        label = new JLabel();
-        tw.addNewComponent(this, label, PE_SIGNEDBY_LABEL,
-                           0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.R_PADDING);
-        tf = (edit ?
-                new JTextField(entries[listIndex].getGrantEntry().signedBy) :
-                new JTextField());
-        ToolWindow.configureLabelFor(label, tf, "SignedBy.");
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Signed.By."));
-        tw.addNewComponent(this, tf, PE_SIGNEDBY_TEXTFIELD,
-                           1, 1, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH);
-
-        // panel for principal buttons
-        JPanel panel = new JPanel();
-        panel.setLayout(new GridBagLayout());
-
-        JButton button = new JButton();
-        ToolWindow.configureButton(button, "Add.Principal");
-        button.addActionListener
-                (new AddPrinButtonListener(tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_ADD_PRIN_BUTTON,
-                0, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-        button = new JButton();
-        ToolWindow.configureButton(button, "Edit.Principal");
-        button.addActionListener(new EditPrinButtonListener
-                                                (tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_EDIT_PRIN_BUTTON,
-                1, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-        button = new JButton();
-        ToolWindow.configureButton(button, "Remove.Principal");
-        button.addActionListener(new RemovePrinButtonListener
-                                        (tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_REMOVE_PRIN_BUTTON,
-                2, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-        tw.addNewComponent(this, panel, PE_PANEL0,
-                1, 2, 1, 1, 0.0, 0.0, GridBagConstraints.HORIZONTAL,
-                           ToolWindow.LITE_BOTTOM_PADDING);
-
-        // principal label and list
-        label = new JLabel();
-        tw.addNewComponent(this, label, PE_PRIN_LABEL,
-                           0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.R_BOTTOM_PADDING);
-        JScrollPane scrollPane = new JScrollPane(prinList);
-        ToolWindow.configureLabelFor(label, scrollPane, "Principals.");
-        tw.addNewComponent(this, scrollPane, PE_PRIN_LIST,
-                           1, 3, 3, 1, 0.0, prinList.getVisibleRowCount(), GridBagConstraints.BOTH,
-                           ToolWindow.BOTTOM_PADDING);
-
-        // panel for permission buttons
-        panel = new JPanel();
-        panel.setLayout(new GridBagLayout());
-
-        button = new JButton();
-        ToolWindow.configureButton(button, ".Add.Permission");
-        button.addActionListener(new AddPermButtonListener
-                                                (tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_ADD_PERM_BUTTON,
-                0, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-        button = new JButton();
-        ToolWindow.configureButton(button, ".Edit.Permission");
-        button.addActionListener(new EditPermButtonListener
-                                                (tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_EDIT_PERM_BUTTON,
-                1, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-
-        button = new JButton();
-        ToolWindow.configureButton(button, "Remove.Permission");
-        button.addActionListener(new RemovePermButtonListener
-                                        (tool, tw, this, edit));
-        tw.addNewComponent(panel, button, PE_REMOVE_PERM_BUTTON,
-                2, 0, 1, 1, 100.0, 0.0, GridBagConstraints.HORIZONTAL);
-
-        tw.addNewComponent(this, panel, PE_PANEL1,
-                0, 4, 2, 1, 0.0, 0.0, GridBagConstraints.HORIZONTAL,
-                ToolWindow.LITE_BOTTOM_PADDING);
-
-        // permission list
-        scrollPane = new JScrollPane(permList);
-        tw.addNewComponent(this, scrollPane, PE_PERM_LIST,
-                           0, 5, 3, 1, 0.0, permList.getVisibleRowCount(), GridBagConstraints.BOTH,
-                           ToolWindow.BOTTOM_PADDING);
-
-
-        // panel for Done and Cancel buttons
-        panel = new JPanel();
-        panel.setLayout(new GridBagLayout());
-
-        // Done Button
-        JButton okButton = new JButton(PolicyTool.getMessage("Done"));
-        okButton.addActionListener
-                (new AddEntryDoneButtonListener(tool, tw, this, edit));
-        tw.addNewComponent(panel, okButton, PE_DONE_BUTTON,
-                           0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.LR_PADDING);
-
-        // Cancel Button
-        JButton cancelButton = new JButton(PolicyTool.getMessage("Cancel"));
-        ActionListener cancelListener = new CancelButtonListener(this);
-        cancelButton.addActionListener(cancelListener);
-        tw.addNewComponent(panel, cancelButton, PE_CANCEL_BUTTON,
-                           1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.LR_PADDING);
-
-        // add the panel
-        tw.addNewComponent(this, panel, PE_PANEL2,
-                0, 6, 2, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-        getRootPane().setDefaultButton(okButton);
-        getRootPane().registerKeyboardAction(cancelListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        pack();
-        setLocationRelativeTo(tw);
-        setVisible(true);
-    }
-
-    /**
-     * Read all the Policy information data in the dialog box
-     * and construct a PolicyEntry object with it.
-     */
-    PolicyEntry getPolicyEntryFromDialog()
-        throws InvalidParameterException, MalformedURLException,
-        NoSuchMethodException, ClassNotFoundException, InstantiationException,
-        IllegalAccessException, InvocationTargetException,
-        CertificateException, IOException, Exception {
-
-        // get the Codebase
-        JTextField tf = (JTextField)getComponent(PE_CODEBASE_TEXTFIELD);
-        String codebase = null;
-        if (tf.getText().trim().equals("") == false)
-                codebase = new String(tf.getText().trim());
-
-        // get the SignedBy
-        tf = (JTextField)getComponent(PE_SIGNEDBY_TEXTFIELD);
-        String signedby = null;
-        if (tf.getText().trim().equals("") == false)
-                signedby = new String(tf.getText().trim());
-
-        // construct a new GrantEntry
-        PolicyParser.GrantEntry ge =
-                        new PolicyParser.GrantEntry(signedby, codebase);
-
-        // get the new Principals
-        LinkedList<PolicyParser.PrincipalEntry> prins = new LinkedList<>();
-        TaggedList prinList = (TaggedList)getComponent(PE_PRIN_LIST);
-        for (int i = 0; i < prinList.getModel().getSize(); i++) {
-            prins.add((PolicyParser.PrincipalEntry)prinList.getObject(i));
-        }
-        ge.principals = prins;
-
-        // get the new Permissions
-        Vector<PolicyParser.PermissionEntry> perms = new Vector<>();
-        TaggedList permList = (TaggedList)getComponent(PE_PERM_LIST);
-        for (int i = 0; i < permList.getModel().getSize(); i++) {
-            perms.addElement((PolicyParser.PermissionEntry)permList.getObject(i));
-        }
-        ge.permissionEntries = perms;
-
-        // construct a new PolicyEntry object
-        PolicyEntry entry = new PolicyEntry(tool, ge);
-
-        return entry;
-    }
-
-    /**
-     * display a dialog box for the user to enter KeyStore information
-     */
-    void keyStoreDialog(int mode) {
-
-        // find where the PolicyTool gui is
-        Point location = tw.getLocationOnScreen();
-        //setBounds(location.x + 25, location.y + 100, 500, 300);
-        setLayout(new GridBagLayout());
-
-        if (mode == EDIT_KEYSTORE) {
-
-            // KeyStore label and textfield
-            JLabel label = new JLabel();
-            tw.addNewComponent(this, label, KSD_NAME_LABEL,
-                               0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.R_BOTTOM_PADDING);
-            JTextField tf = new JTextField(tool.getKeyStoreName(), 30);
-            ToolWindow.configureLabelFor(label, tf, "KeyStore.URL.");
-            tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-
-            // URL to U R L, so that accessibility reader will pronounce well
-            tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("KeyStore.U.R.L."));
-            tw.addNewComponent(this, tf, KSD_NAME_TEXTFIELD,
-                               1, 0, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.BOTTOM_PADDING);
-
-            // KeyStore type and textfield
-            label = new JLabel();
-            tw.addNewComponent(this, label, KSD_TYPE_LABEL,
-                               0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.R_BOTTOM_PADDING);
-            tf = new JTextField(tool.getKeyStoreType(), 30);
-            ToolWindow.configureLabelFor(label, tf, "KeyStore.Type.");
-            tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-            tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("KeyStore.Type."));
-            tw.addNewComponent(this, tf, KSD_TYPE_TEXTFIELD,
-                               1, 1, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.BOTTOM_PADDING);
-
-            // KeyStore provider and textfield
-            label = new JLabel();
-            tw.addNewComponent(this, label, KSD_PROVIDER_LABEL,
-                               0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.R_BOTTOM_PADDING);
-            tf = new JTextField(tool.getKeyStoreProvider(), 30);
-            ToolWindow.configureLabelFor(label, tf, "KeyStore.Provider.");
-            tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-            tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("KeyStore.Provider."));
-            tw.addNewComponent(this, tf, KSD_PROVIDER_TEXTFIELD,
-                               1, 2, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.BOTTOM_PADDING);
-
-            // KeyStore password URL and textfield
-            label = new JLabel();
-            tw.addNewComponent(this, label, KSD_PWD_URL_LABEL,
-                               0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.R_BOTTOM_PADDING);
-            tf = new JTextField(tool.getKeyStorePwdURL(), 30);
-            ToolWindow.configureLabelFor(label, tf, "KeyStore.Password.URL.");
-            tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-            tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("KeyStore.Password.U.R.L."));
-            tw.addNewComponent(this, tf, KSD_PWD_URL_TEXTFIELD,
-                               1, 3, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                               ToolWindow.BOTTOM_PADDING);
-
-            // OK button
-            JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-            okButton.addActionListener
-                        (new ChangeKeyStoreOKButtonListener(tool, tw, this));
-            tw.addNewComponent(this, okButton, KSD_OK_BUTTON,
-                        0, 4, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-            // cancel button
-            JButton cancelButton = new JButton(PolicyTool.getMessage("Cancel"));
-            ActionListener cancelListener = new CancelButtonListener(this);
-            cancelButton.addActionListener(cancelListener);
-            tw.addNewComponent(this, cancelButton, KSD_CANCEL_BUTTON,
-                        1, 4, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL);
-
-            getRootPane().setDefaultButton(okButton);
-            getRootPane().registerKeyboardAction(cancelListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-        }
-
-        pack();
-        setLocationRelativeTo(tw);
-        setVisible(true);
-    }
-
-    /**
-     * display a dialog box for the user to input Principal info
-     *
-     * if editPolicyEntry is false, then we are adding Principals to
-     * a new PolicyEntry, and we only update the GUI listing
-     * with the new Principal.
-     *
-     * if edit is true, then we are editing an existing Policy entry.
-     */
-    void displayPrincipalDialog(boolean editPolicyEntry, boolean edit) {
-
-        PolicyParser.PrincipalEntry editMe = null;
-
-        // get the Principal selected from the Principal List
-        TaggedList prinList = (TaggedList)getComponent(PE_PRIN_LIST);
-        int prinIndex = prinList.getSelectedIndex();
-
-        if (edit) {
-            editMe = (PolicyParser.PrincipalEntry)prinList.getObject(prinIndex);
-        }
-
-        ToolDialog newTD = new ToolDialog
-                (PolicyTool.getMessage("Principals"), tool, tw, true);
-        newTD.addWindowListener(new ChildWindowListener(newTD));
-
-        // find where the PolicyTool gui is
-        Point location = getLocationOnScreen();
-        //newTD.setBounds(location.x + 50, location.y + 100, 650, 190);
-        newTD.setLayout(new GridBagLayout());
-        newTD.setResizable(true);
-
-        // description label
-        JLabel label = (edit ?
-                new JLabel(PolicyTool.getMessage(".Edit.Principal.")) :
-                new JLabel(PolicyTool.getMessage(".Add.New.Principal.")));
-        tw.addNewComponent(newTD, label, PRD_DESC_LABEL,
-                           0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-
-        // principal choice
-        JComboBox<String> choice = new JComboBox<>();
-        choice.addItem(PRIN_TYPE);
-        choice.getAccessibleContext().setAccessibleName(PRIN_TYPE);
-        for (int i = 0; i < PRIN_ARRAY.size(); i++) {
-            Prin next = PRIN_ARRAY.get(i);
-            choice.addItem(next.CLASS);
-        }
-
-        if (edit) {
-            if (PolicyParser.PrincipalEntry.WILDCARD_CLASS.equals
-                                (editMe.getPrincipalClass())) {
-                choice.setSelectedItem(PRIN_TYPE);
-            } else {
-                Prin inputPrin = getPrin(editMe.getPrincipalClass(), true);
-                if (inputPrin != null) {
-                    choice.setSelectedItem(inputPrin.CLASS);
-                }
-            }
-        }
-        // Add listener after selected item is set
-        choice.addItemListener(new PrincipalTypeMenuListener(newTD));
-
-        tw.addNewComponent(newTD, choice, PRD_PRIN_CHOICE,
-                           0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_PADDING);
-
-        // principal textfield
-        JTextField tf;
-        tf = (edit ?
-                new JTextField(editMe.getDisplayClass(), 30) :
-                new JTextField(30));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(PRIN_TYPE);
-        tw.addNewComponent(newTD, tf, PRD_PRIN_TEXTFIELD,
-                           1, 1, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_PADDING);
-
-        // name label and textfield
-        label = new JLabel(PRIN_NAME);
-        tf = (edit ?
-                new JTextField(editMe.getDisplayName(), 40) :
-                new JTextField(40));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(PRIN_NAME);
-
-        tw.addNewComponent(newTD, label, PRD_NAME_LABEL,
-                           0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_PADDING);
-        tw.addNewComponent(newTD, tf, PRD_NAME_TEXTFIELD,
-                           1, 2, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_PADDING);
-
-        // OK button
-        JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-        okButton.addActionListener(
-            new NewPolicyPrinOKButtonListener
-                                        (tool, tw, this, newTD, edit));
-        tw.addNewComponent(newTD, okButton, PRD_OK_BUTTON,
-                           0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-        // cancel button
-        JButton cancelButton = new JButton(PolicyTool.getMessage("Cancel"));
-        ActionListener cancelListener = new CancelButtonListener(newTD);
-        cancelButton.addActionListener(cancelListener);
-        tw.addNewComponent(newTD, cancelButton, PRD_CANCEL_BUTTON,
-                           1, 3, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-
-        newTD.getRootPane().setDefaultButton(okButton);
-        newTD.getRootPane().registerKeyboardAction(cancelListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        newTD.pack();
-        newTD.setLocationRelativeTo(tw);
-        newTD.setVisible(true);
-    }
-
-    /**
-     * display a dialog box for the user to input Permission info
-     *
-     * if editPolicyEntry is false, then we are adding Permissions to
-     * a new PolicyEntry, and we only update the GUI listing
-     * with the new Permission.
-     *
-     * if edit is true, then we are editing an existing Permission entry.
-     */
-    void displayPermissionDialog(boolean editPolicyEntry, boolean edit) {
-
-        PolicyParser.PermissionEntry editMe = null;
-
-        // get the Permission selected from the Permission List
-        TaggedList permList = (TaggedList)getComponent(PE_PERM_LIST);
-        int permIndex = permList.getSelectedIndex();
-
-        if (edit) {
-            editMe = (PolicyParser.PermissionEntry)permList.getObject(permIndex);
-        }
-
-        ToolDialog newTD = new ToolDialog
-                (PolicyTool.getMessage("Permissions"), tool, tw, true);
-        newTD.addWindowListener(new ChildWindowListener(newTD));
-
-        // find where the PolicyTool gui is
-        Point location = getLocationOnScreen();
-        //newTD.setBounds(location.x + 50, location.y + 100, 700, 250);
-        newTD.setLayout(new GridBagLayout());
-        newTD.setResizable(true);
-
-        // description label
-        JLabel label = (edit ?
-                new JLabel(PolicyTool.getMessage(".Edit.Permission.")) :
-                new JLabel(PolicyTool.getMessage(".Add.New.Permission.")));
-        tw.addNewComponent(newTD, label, PD_DESC_LABEL,
-                           0, 0, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-
-        // permission choice (added in alphabetical order)
-        JComboBox<String> choice = new JComboBox<>();
-        choice.addItem(PERM);
-        choice.getAccessibleContext().setAccessibleName(PERM);
-        for (int i = 0; i < PERM_ARRAY.size(); i++) {
-            Perm next = PERM_ARRAY.get(i);
-            choice.addItem(next.CLASS);
-        }
-        tw.addNewComponent(newTD, choice, PD_PERM_CHOICE,
-                           0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-
-        // permission textfield
-        JTextField tf;
-        tf = (edit ? new JTextField(editMe.permission, 30) : new JTextField(30));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(PERM);
-        if (edit) {
-            Perm inputPerm = getPerm(editMe.permission, true);
-            if (inputPerm != null) {
-                choice.setSelectedItem(inputPerm.CLASS);
-            }
-        }
-        tw.addNewComponent(newTD, tf, PD_PERM_TEXTFIELD,
-                           1, 1, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        choice.addItemListener(new PermissionMenuListener(newTD));
-
-        // name label and textfield
-        choice = new JComboBox<>();
-        choice.addItem(PERM_NAME);
-        choice.getAccessibleContext().setAccessibleName(PERM_NAME);
-        tf = (edit ? new JTextField(editMe.name, 40) : new JTextField(40));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(PERM_NAME);
-        if (edit) {
-            setPermissionNames(getPerm(editMe.permission, true), choice, tf);
-        }
-        tw.addNewComponent(newTD, choice, PD_NAME_CHOICE,
-                           0, 2, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        tw.addNewComponent(newTD, tf, PD_NAME_TEXTFIELD,
-                           1, 2, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        choice.addItemListener(new PermissionNameMenuListener(newTD));
-
-        // actions label and textfield
-        choice = new JComboBox<>();
-        choice.addItem(PERM_ACTIONS);
-        choice.getAccessibleContext().setAccessibleName(PERM_ACTIONS);
-        tf = (edit ? new JTextField(editMe.action, 40) : new JTextField(40));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(PERM_ACTIONS);
-        if (edit) {
-            setPermissionActions(getPerm(editMe.permission, true), choice, tf);
-        }
-        tw.addNewComponent(newTD, choice, PD_ACTIONS_CHOICE,
-                           0, 3, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        tw.addNewComponent(newTD, tf, PD_ACTIONS_TEXTFIELD,
-                           1, 3, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        choice.addItemListener(new PermissionActionsMenuListener(newTD));
-
-        // signedby label and textfield
-        label = new JLabel(PolicyTool.getMessage("Signed.By."));
-        tw.addNewComponent(newTD, label, PD_SIGNEDBY_LABEL,
-                           0, 4, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-        tf = (edit ? new JTextField(editMe.signedBy, 40) : new JTextField(40));
-        tf.setPreferredSize(new Dimension(tf.getPreferredSize().width, TEXTFIELD_HEIGHT));
-        tf.getAccessibleContext().setAccessibleName(
-                PolicyTool.getMessage("Signed.By."));
-        tw.addNewComponent(newTD, tf, PD_SIGNEDBY_TEXTFIELD,
-                           1, 4, 1, 1, 1.0, 0.0, GridBagConstraints.BOTH,
-                           ToolWindow.LR_BOTTOM_PADDING);
-
-        // OK button
-        JButton okButton = new JButton(PolicyTool.getMessage("OK"));
-        okButton.addActionListener(
-            new NewPolicyPermOKButtonListener
-                                    (tool, tw, this, newTD, edit));
-        tw.addNewComponent(newTD, okButton, PD_OK_BUTTON,
-                           0, 5, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-
-        // cancel button
-        JButton cancelButton = new JButton(PolicyTool.getMessage("Cancel"));
-        ActionListener cancelListener = new CancelButtonListener(newTD);
-        cancelButton.addActionListener(cancelListener);
-        tw.addNewComponent(newTD, cancelButton, PD_CANCEL_BUTTON,
-                           1, 5, 1, 1, 0.0, 0.0, GridBagConstraints.VERTICAL,
-                           ToolWindow.TOP_BOTTOM_PADDING);
-
-        newTD.getRootPane().setDefaultButton(okButton);
-        newTD.getRootPane().registerKeyboardAction(cancelListener, escKey, JComponent.WHEN_IN_FOCUSED_WINDOW);
-
-        newTD.pack();
-        newTD.setLocationRelativeTo(tw);
-        newTD.setVisible(true);
-    }
-
-    /**
-     * construct a Principal object from the Principal Info Dialog Box
-     */
-    PolicyParser.PrincipalEntry getPrinFromDialog() throws Exception {
-
-        JTextField tf = (JTextField)getComponent(PRD_PRIN_TEXTFIELD);
-        String pclass = new String(tf.getText().trim());
-        tf = (JTextField)getComponent(PRD_NAME_TEXTFIELD);
-        String pname = new String(tf.getText().trim());
-        if (pclass.equals("*")) {
-            pclass = PolicyParser.PrincipalEntry.WILDCARD_CLASS;
-        }
-        if (pname.equals("*")) {
-            pname = PolicyParser.PrincipalEntry.WILDCARD_NAME;
-        }
-
-        PolicyParser.PrincipalEntry pppe = null;
-
-        if ((pclass.equals(PolicyParser.PrincipalEntry.WILDCARD_CLASS)) &&
-            (!pname.equals(PolicyParser.PrincipalEntry.WILDCARD_NAME))) {
-            throw new Exception
-                        (PolicyTool.getMessage("Cannot.Specify.Principal.with.a.Wildcard.Class.without.a.Wildcard.Name"));
-        } else if (pname.equals("")) {
-            throw new Exception
-                        (PolicyTool.getMessage("Cannot.Specify.Principal.without.a.Name"));
-        } else if (pclass.equals("")) {
-            // make this consistent with what PolicyParser does
-            // when it sees an empty principal class
-            pclass = PolicyParser.PrincipalEntry.REPLACE_NAME;
-            tool.warnings.addElement(
-                        "Warning: Principal name '" + pname +
-                                "' specified without a Principal class.\n" +
-                        "\t'" + pname + "' will be interpreted " +
-                                "as a key store alias.\n" +
-                        "\tThe final principal class will be " +
-                                ToolDialog.X500_PRIN_CLASS + ".\n" +
-                        "\tThe final principal name will be " +
-                                "determined by the following:\n" +
-                        "\n" +
-                        "\tIf the key store entry identified by '"
-                                + pname + "'\n" +
-                        "\tis a key entry, then the principal name will be\n" +
-                        "\tthe subject distinguished name from the first\n" +
-                        "\tcertificate in the entry's certificate chain.\n" +
-                        "\n" +
-                        "\tIf the key store entry identified by '" +
-                                pname + "'\n" +
-                        "\tis a trusted certificate entry, then the\n" +
-                        "\tprincipal name will be the subject distinguished\n" +
-                        "\tname from the trusted public key certificate.");
-            tw.displayStatusDialog(this,
-                        "'" + pname + "' will be interpreted as a key " +
-                        "store alias.  View Warning Log for details.");
-        }
-        return new PolicyParser.PrincipalEntry(pclass, pname);
-    }
-
-
-    /**
-     * construct a Permission object from the Permission Info Dialog Box
-     */
-    PolicyParser.PermissionEntry getPermFromDialog() {
-
-        JTextField tf = (JTextField)getComponent(PD_PERM_TEXTFIELD);
-        String permission = new String(tf.getText().trim());
-        tf = (JTextField)getComponent(PD_NAME_TEXTFIELD);
-        String name = null;
-        if (tf.getText().trim().equals("") == false)
-            name = new String(tf.getText().trim());
-        if (permission.equals("") ||
-            (!permission.equals(ALL_PERM_CLASS) && name == null)) {
-            throw new InvalidParameterException(PolicyTool.getMessage
-                ("Permission.and.Target.Name.must.have.a.value"));
-        }
-
-        // When the permission is FilePermission, we need to check the name
-        // to make sure it's not escaped. We believe --
-        //
-        // String             name.lastIndexOf("\\\\")
-        // ----------------   ------------------------
-        // c:\foo\bar         -1, legal
-        // c:\\foo\\bar       2, illegal
-        // \\server\share     0, legal
-        // \\\\server\share   2, illegal
-
-        if (permission.equals(FILE_PERM_CLASS) && name.lastIndexOf("\\\\") > 0) {
-            char result = tw.displayYesNoDialog(this,
-                    PolicyTool.getMessage("Warning"),
-                    PolicyTool.getMessage(
-                        "Warning.File.name.may.include.escaped.backslash.characters.It.is.not.necessary.to.escape.backslash.characters.the.tool.escapes"),
-                    PolicyTool.getMessage("Retain"),
-                    PolicyTool.getMessage("Edit")
-                    );
-            if (result != 'Y') {
-                // an invisible exception
-                throw new NoDisplayException();
-            }
-        }
-        // get the Actions
-        tf = (JTextField)getComponent(PD_ACTIONS_TEXTFIELD);
-        String actions = null;
-        if (tf.getText().trim().equals("") == false)
-            actions = new String(tf.getText().trim());
-
-        // get the Signed By
-        tf = (JTextField)getComponent(PD_SIGNEDBY_TEXTFIELD);
-        String signedBy = null;
-        if (tf.getText().trim().equals("") == false)
-            signedBy = new String(tf.getText().trim());
-
-        PolicyParser.PermissionEntry pppe = new PolicyParser.PermissionEntry
-                                (permission, name, actions);
-        pppe.signedBy = signedBy;
-