changeset 104:94a4cf011510

Merge
author tbell
date Mon, 17 Mar 2008 23:03:51 -0700
parents 6d5c8d474a4e 2ccefd4e038f
children a67fedfd0b21 583cac727433
files
diffstat 64 files changed, 4089 insertions(+), 2399 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -34,6 +34,7 @@
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
@@ -107,12 +108,17 @@
             throw new InvalidKeySpecException("Key length is negative");
         }
         try {
-            this.prf = Mac.getInstance(prfAlgo, new SunJCE());
+            this.prf = Mac.getInstance(prfAlgo, "SunJCE");
         } catch (NoSuchAlgorithmException nsae) {
             // not gonna happen; re-throw just in case
             InvalidKeySpecException ike = new InvalidKeySpecException();
             ike.initCause(nsae);
             throw ike;
+        } catch (NoSuchProviderException nspe) {
+            // Again, not gonna happen; re-throw just in case
+            InvalidKeySpecException ike = new InvalidKeySpecException();
+            ike.initCause(nspe);
+            throw ike;
         }
         this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
     }
--- a/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -664,7 +664,6 @@
     abstract void socketSetOption(int cmd, boolean on, Object value)
         throws SocketException;
     abstract int socketGetOption(int opt, Object iaContainerObj) throws SocketException;
-    abstract int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd) throws SocketException;
     abstract void socketSendUrgentData(int data)
         throws IOException;
 
--- a/jdk/src/share/classes/java/net/InterfaceAddress.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/net/InterfaceAddress.java	Mon Mar 17 23:03:51 2008 -0700
@@ -103,11 +103,9 @@
             return false;
         }
         InterfaceAddress cmp = (InterfaceAddress) obj;
-        if ((address != null & cmp.address == null) ||
-            (!address.equals(cmp.address)))
+        if ( !(address == null ? cmp.address == null : address.equals(cmp.address)) )
             return false;
-        if ((broadcast != null & cmp.broadcast == null) ||
-            (!broadcast.equals(cmp.broadcast)))
+        if ( !(broadcast  == null ? cmp.broadcast == null : broadcast.equals(cmp.broadcast)) )
             return false;
         if (maskLength != cmp.maskLength)
             return false;
--- a/jdk/src/share/classes/java/net/NetworkInterface.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/net/NetworkInterface.java	Mon Mar 17 23:03:51 2008 -0700
@@ -425,8 +425,6 @@
         return virtual;
     }
 
-    private native static long getSubnet0(String name, int ind) throws SocketException;
-    private native static Inet4Address getBroadcast0(String name, int ind) throws SocketException;
     private native static boolean isUp0(String name, int ind) throws SocketException;
     private native static boolean isLoopback0(String name, int ind) throws SocketException;
     private native static boolean supportsMulticast0(String name, int ind) throws SocketException;
--- a/jdk/src/share/classes/java/net/Socket.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/net/Socket.java	Mon Mar 17 23:03:51 2008 -0700
@@ -731,7 +731,8 @@
      * then this method will continue to return the connected address
      * after the socket is closed.
      *
-     * @return a <code>SocketAddress</code> reprensenting the remote endpoint of this
+
+     * @return a <code>SocketAddress</code> representing the remote endpoint of this
      *         socket, or <code>null</code> if it is not connected yet.
      * @see #getInetAddress()
      * @see #getPort()
--- a/jdk/src/share/classes/java/net/URLConnection.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/net/URLConnection.java	Mon Mar 17 23:03:51 2008 -0700
@@ -1072,7 +1072,7 @@
      * properties to be appended into a single property.
      *
      * @param   key     the keyword by which the request is known
-     *                  (e.g., "<code>accept</code>").
+     *                  (e.g., "<code>Accept</code>").
      * @param   value   the value associated with it.
      * @throws IllegalStateException if already connected
      * @throws NullPointerException if key is <CODE>null</CODE>
@@ -1096,7 +1096,7 @@
      * existing values associated with the same key.
      *
      * @param   key     the keyword by which the request is known
-     *                  (e.g., "<code>accept</code>").
+     *                  (e.g., "<code>Accept</code>").
      * @param   value  the value associated with it.
      * @throws IllegalStateException if already connected
      * @throws NullPointerException if key is null
@@ -1120,7 +1120,7 @@
      * Returns the value of the named general request property for this
      * connection.
      *
-     * @param key the keyword by which the request is known (e.g., "accept").
+     * @param key the keyword by which the request is known (e.g., "Accept").
      * @return  the value of the named general request property for this
      *           connection. If key is null, then null is returned.
      * @throws IllegalStateException if already connected
@@ -1164,7 +1164,7 @@
      * these properties.
      *
      * @param   key     the keyword by which the request is known
-     *                  (e.g., "<code>accept</code>").
+     *                  (e.g., "<code>Accept</code>").
      * @param   value   the value associated with the key.
      *
      * @see java.net.URLConnection#setRequestProperty(java.lang.String,java.lang.String)
@@ -1183,7 +1183,7 @@
      * Returns the value of the default request property. Default request
      * properties are set for every connection.
      *
-     * @param key the keyword by which the request is known (e.g., "accept").
+     * @param key the keyword by which the request is known (e.g., "Accept").
      * @return  the value of the default request property
      * for the specified key.
      *
--- a/jdk/src/share/classes/java/security/AccessControlContext.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/security/AccessControlContext.java	Mon Mar 17 23:03:51 2008 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -322,7 +322,7 @@
                     debug.println("access denied " + perm);
                 }
 
-                if (Debug.isOn("failure")) {
+                if (Debug.isOn("failure") && debug != null) {
                     // Want to make sure this is always displayed for failure,
                     // but do not want to display again if already displayed
                     // above.
--- a/jdk/src/share/classes/java/security/KeyStore.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/java/security/KeyStore.java	Mon Mar 17 23:03:51 2008 -0700
@@ -789,7 +789,7 @@
      * @param alias the alias name
      *
      * @return the certificate chain (ordered with the user's certificate first
-     * and the root certificate authority last), or null if the given alias
+     * followed by zero or more certificate authorities), or null if the given alias
      * does not exist or does not contain a certificate chain
      *
      * @exception KeyStoreException if the keystore has not been initialized
--- a/jdk/src/share/classes/javax/security/cert/X509Certificate.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/javax/security/cert/X509Certificate.java	Mon Mar 17 23:03:51 2008 -0700
@@ -363,7 +363,7 @@
      * subject    Name
      * </pre>
      *
-     * <p>See <a href = "#getIssuerDN">getIssuerDN</a> for <code>Name</code>
+     * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code>
      * and other relevant definitions.
      *
      * @return a Principal whose name is the subject name.
@@ -393,7 +393,7 @@
 
     /**
      * Gets the <code>notAfter</code> date from the validity period of
-     * the certificate. See <a href = "#getNotBefore">getNotBefore</a>
+     * the certificate. See {@link #getNotBefore() getNotBefore}
      * for relevant ASN.1 definitions.
      *
      * @return the end date of the validity period.
@@ -429,7 +429,7 @@
      * For example, the string "1.2.840.10040.4.3" identifies the SHA-1
      * with DSA signature algorithm, as per the PKIX part I.
      *
-     * <p>See <a href = "#getSigAlgName">getSigAlgName</a> for
+     * <p>See {@link #getSigAlgName() getSigAlgName} for
      * relevant ASN.1 definitions.
      *
      * @return the signature algorithm OID string.
@@ -442,7 +442,7 @@
      * algorithm parameters are null; the parameters are usually
      * supplied with the certificate's public key.
      *
-     * <p>See <a href = "#getSigAlgName">getSigAlgName</a> for
+     * <p>See {@link #getSigAlgName() getSigAlgName} for
      * relevant ASN.1 definitions.
      *
      * @return the DER-encoded signature algorithm parameters, or
--- a/jdk/src/share/classes/sun/net/www/http/ChunkedOutputStream.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/net/www/http/ChunkedOutputStream.java	Mon Mar 17 23:03:51 2008 -0700
@@ -177,14 +177,23 @@
             return;
         }
 
-        if (len > MAX_BUF_SIZE) {
+        int l = preferredChunkSize - count;
+
+        if ((len > MAX_BUF_SIZE) && (len > l)) {
+            /* current chunk is empty just write the data */
+            if (count == 0) {
+                count = len;
+                flush (b, false, off);
+                return;
+            }
+
             /* first finish the current chunk */
-            int l = preferredChunkSize - count;
             if (l > 0) {
                 System.arraycopy(b, off, buf, count, l);
                 count = preferredChunkSize;
                 flush(buf, false);
             }
+
             count = len - l;
             /* Now write the rest of the data */
             flush (b, false, l+off);
--- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Mon Mar 17 23:03:51 2008 -0700
@@ -64,11 +64,6 @@
 import java.util.TimeZone;
 import java.net.MalformedURLException;
 import java.nio.ByteBuffer;
-import java.nio.channels.ReadableByteChannel;
-import java.nio.channels.WritableByteChannel;
-import java.nio.channels.Selector;
-import java.nio.channels.SelectionKey;
-import java.nio.channels.SelectableChannel;
 import java.lang.reflect.*;
 
 /**
@@ -823,6 +818,7 @@
      * - get input, [read input,] get output, [write output]
      */
 
+    @Override
     public synchronized OutputStream getOutputStream() throws IOException {
 
         try {
@@ -924,11 +920,11 @@
                         if (l != null && !l.isEmpty()) {
                             StringBuilder cookieValue = new StringBuilder();
                             for (String value : l) {
-                                cookieValue.append(value).append(';');
+                                cookieValue.append(value).append("; ");
                             }
-                            // strip off the ending ;-sign
+                            // strip off the trailing '; '
                             try {
-                                requests.add(key, cookieValue.substring(0, cookieValue.length() - 1));
+                                requests.add(key, cookieValue.substring(0, cookieValue.length() - 2));
                             } catch (StringIndexOutOfBoundsException ignored) {
                                 // no-op
                             }
@@ -947,6 +943,8 @@
         } // end of getting cookies
     }
 
+    @Override
+    @SuppressWarnings("empty-statement")
     public synchronized InputStream getInputStream() throws IOException {
 
         if (!doInput) {
@@ -1380,6 +1378,7 @@
         }
     }
 
+    @Override
     public InputStream getErrorStream() {
         if (connected && responseCode >= 400) {
             // Client Error 4xx and Server Error 5xx
@@ -2047,6 +2046,7 @@
      */
     private void disconnectInternal() {
         responseCode = -1;
+        inputStream = null;
         if (pi != null) {
             pi.finishTracking();
             pi = null;
@@ -2145,6 +2145,7 @@
      * Gets a header field by name. Returns null if not known.
      * @param name the name of the header field
      */
+    @Override
     public String getHeaderField(String name) {
         try {
             getInputStream();
@@ -2167,6 +2168,7 @@
      * @return a Map of header fields
      * @since 1.4
      */
+    @Override
     public Map<String, List<String>> getHeaderFields() {
         try {
             getInputStream();
@@ -2183,6 +2185,7 @@
      * Gets a header field by index. Returns null if not known.
      * @param n the index of the header field
      */
+    @Override
     public String getHeaderField(int n) {
         try {
             getInputStream();
@@ -2198,6 +2201,7 @@
      * Gets a header field by index. Returns null if not known.
      * @param n the index of the header field
      */
+    @Override
     public String getHeaderFieldKey(int n) {
         try {
             getInputStream();
@@ -2215,6 +2219,7 @@
      * exists, overwrite its value with the new value.
      * @param value the value to be set
      */
+    @Override
     public void setRequestProperty(String key, String value) {
         if (connected)
             throw new IllegalStateException("Already connected");
@@ -2236,6 +2241,7 @@
      * @see #getRequestProperties(java.lang.String)
      * @since 1.4
      */
+    @Override
     public void addRequestProperty(String key, String value) {
         if (connected)
             throw new IllegalStateException("Already connected");
@@ -2255,6 +2261,7 @@
         requests.set(key, value);
     }
 
+    @Override
     public String getRequestProperty (String key) {
         // don't return headers containing security sensitive information
         if (key != null) {
@@ -2279,6 +2286,7 @@
      * @throws IllegalStateException if already connected
      * @since 1.4
      */
+    @Override
     public Map<String, List<String>> getRequestProperties() {
         if (connected)
             throw new IllegalStateException("Already connected");
@@ -2287,6 +2295,7 @@
         return requests.getHeaders(EXCLUDE_HEADERS);
     }
 
+    @Override
     public void setConnectTimeout(int timeout) {
         if (timeout < 0)
             throw new IllegalArgumentException("timeouts can't be negative");
@@ -2306,6 +2315,7 @@
      * @see java.net.URLConnection#connect()
      * @since 1.5
      */
+    @Override
     public int getConnectTimeout() {
         return (connectTimeout < 0 ? 0 : connectTimeout);
     }
@@ -2330,6 +2340,7 @@
      * @see java.io.InputStream#read()
      * @since 1.5
      */
+    @Override
     public void setReadTimeout(int timeout) {
         if (timeout < 0)
             throw new IllegalArgumentException("timeouts can't be negative");
@@ -2347,10 +2358,12 @@
      * @see java.io.InputStream#read()
      * @since 1.5
      */
+    @Override
     public int getReadTimeout() {
         return readTimeout < 0 ? 0 : readTimeout;
     }
 
+    @Override
     protected void finalize() {
         // this should do nothing.  The stream finalizer will close
         // the fd
@@ -2425,6 +2438,7 @@
          * @see     java.io.FilterInputStream#in
          * @see     java.io.FilterInputStream#reset()
          */
+        @Override
         public synchronized void mark(int readlimit) {
             super.mark(readlimit);
             if (cacheRequest != null) {
@@ -2454,6 +2468,7 @@
          * @see        java.io.FilterInputStream#in
          * @see        java.io.FilterInputStream#mark(int)
          */
+        @Override
         public synchronized void reset() throws IOException {
             super.reset();
             if (cacheRequest != null) {
@@ -2462,6 +2477,7 @@
             }
         }
 
+        @Override
         public int read() throws IOException {
             try {
                 byte[] b = new byte[1];
@@ -2475,10 +2491,12 @@
             }
         }
 
+        @Override
         public int read(byte[] b) throws IOException {
             return read(b, 0, b.length);
         }
 
+        @Override
         public int read(byte[] b, int off, int len) throws IOException {
             try {
                 int newLen = super.read(b, off, len);
@@ -2509,6 +2527,7 @@
             }
         }
 
+        @Override
         public void close () throws IOException {
             try {
                 if (outputStream != null) {
@@ -2553,6 +2572,7 @@
             error = false;
         }
 
+        @Override
         public void write (int b) throws IOException {
             checkError();
             written ++;
@@ -2562,10 +2582,12 @@
             out.write (b);
         }
 
+        @Override
         public void write (byte[] b) throws IOException {
             write (b, 0, b.length);
         }
 
+        @Override
         public void write (byte[] b, int off, int len) throws IOException {
             checkError();
             written += len;
@@ -2596,6 +2618,7 @@
             return closed && ! error;
         }
 
+        @Override
         public void close () throws IOException {
             if (closed) {
                 return;
@@ -2714,6 +2737,7 @@
             }
         }
 
+        @Override
         public int available() throws IOException {
             if (is == null) {
                 return buffer.remaining();
@@ -2728,10 +2752,12 @@
             return (ret == -1? ret : (b[0] & 0x00FF));
         }
 
+        @Override
         public int read(byte[] b) throws IOException {
             return read(b, 0, b.length);
         }
 
+        @Override
         public int read(byte[] b, int off, int len) throws IOException {
             int rem = buffer.remaining();
             if (rem > 0) {
@@ -2747,6 +2773,7 @@
             }
         }
 
+        @Override
         public void close() throws IOException {
             buffer = null;
             if (is != null) {
@@ -2763,6 +2790,7 @@
 
 class EmptyInputStream extends InputStream {
 
+    @Override
     public int available() {
         return 0;
     }
--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Mon Mar 17 23:03:51 2008 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2001-2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -518,6 +518,16 @@
         kac.put(url, sslSocketFactory, this);
     }
 
+    /*
+     * Close an idle connection to this URL (if it exists in the cache).
+     */
+    public void closeIdleConnection() {
+        HttpClient http = (HttpClient) kac.get(url, sslSocketFactory);
+        if (http != null) {
+            http.closeServer();
+        }
+    }
+
     /**
      * Returns the cipher suite in use on this connection.
      */
--- a/jdk/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/net/www/protocol/mailto/MailToURLConnection.java	Mon Mar 17 23:03:51 2008 -0700
@@ -29,9 +29,6 @@
 import java.net.InetAddress;
 import java.net.SocketPermission;
 import java.io.*;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
 import java.security.Permission;
 import sun.net.www.*;
 import sun.net.smtp.SmtpClient;
@@ -86,11 +83,11 @@
     }
 
     public void connect() throws IOException {
-        System.err.println("connect. Timeout = " + connectTimeout);
         client = new SmtpClient(connectTimeout);
         client.setReadTimeout(readTimeout);
     }
 
+    @Override
     public synchronized OutputStream getOutputStream() throws IOException {
         if (os != null) {
             return os;
@@ -107,6 +104,7 @@
         return os;
     }
 
+    @Override
     public Permission getPermission() throws IOException {
         if (permission == null) {
             connect();
@@ -116,22 +114,26 @@
         return permission;
     }
 
+    @Override
     public void setConnectTimeout(int timeout) {
         if (timeout < 0)
             throw new IllegalArgumentException("timeouts can't be negative");
         connectTimeout = timeout;
     }
 
+    @Override
     public int getConnectTimeout() {
         return (connectTimeout < 0 ? 0 : connectTimeout);
     }
 
+    @Override
     public void setReadTimeout(int timeout) {
         if (timeout < 0)
             throw new IllegalArgumentException("timeouts can't be negative");
         readTimeout = timeout;
     }
 
+    @Override
     public int getReadTimeout() {
         return readTimeout < 0 ? 0 : readTimeout;
     }
--- a/jdk/src/share/classes/sun/security/krb5/Config.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java	Mon Mar 17 23:03:51 2008 -0700
@@ -1040,11 +1040,12 @@
      * Check if need to use DNS to locate Kerberos services
      */
     public boolean useDNS(String name) {
-        boolean value = getDefaultBooleanValue(name, "libdefaults");
-        if (value == false) {
-            value = getDefaultBooleanValue("dns_fallback", "libdefaults");
+        String value = getDefault(name, "libdefaults");
+        if (value == null) {
+            return getDefaultBooleanValue("dns_fallback", "libdefaults");
+        } else {
+            return value.equalsIgnoreCase("true");
         }
-        return value;
     }
 
     /**
--- a/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java	Mon Mar 17 23:03:51 2008 -0700
@@ -75,107 +75,107 @@
             null); // EncryptionKey subSessionKey
     }
 
-     // Called by Credentials, KrbCred
-         KrbTgsReq(
-                KDCOptions options,
-                Credentials asCreds,
-                PrincipalName sname,
-                KerberosTime from,
-                KerberosTime till,
-                KerberosTime rtime,
-                int[] eTypes,
-                HostAddresses addresses,
-                AuthorizationData authorizationData,
-                Ticket[] additionalTickets,
-                EncryptionKey subKey) throws KrbException, IOException {
+    // Called by Credentials, KrbCred
+    KrbTgsReq(
+            KDCOptions options,
+            Credentials asCreds,
+            PrincipalName sname,
+            KerberosTime from,
+            KerberosTime till,
+            KerberosTime rtime,
+            int[] eTypes,
+            HostAddresses addresses,
+            AuthorizationData authorizationData,
+            Ticket[] additionalTickets,
+            EncryptionKey subKey) throws KrbException, IOException {
 
-                princName = asCreds.client;
-                servName = sname;
-                ctime = new KerberosTime(KerberosTime.NOW);
+        princName = asCreds.client;
+        servName = sname;
+        ctime = new KerberosTime(KerberosTime.NOW);
 
 
-                // check if they are valid arguments. The optional fields
-                // should be  consistent with settings in KDCOptions.
-                if (options.get(KDCOptions.FORWARDABLE) &&
-                        (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
-                    throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
-                if (options.get(KDCOptions.FORWARDED)) {
-                    if (!(asCreds.flags.get(KDCOptions.FORWARDABLE)))
-                        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
-                if (options.get(KDCOptions.PROXIABLE) &&
-                        (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) {
-                    throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
-                if (options.get(KDCOptions.PROXY)) {
-                    if (!(asCreds.flags.get(KDCOptions.PROXIABLE)))
-                        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
-                if (options.get(KDCOptions.ALLOW_POSTDATE) &&
-                        (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) {
-                    throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
-                if (options.get(KDCOptions.RENEWABLE) &&
-                        (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) {
-                    throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                }
+        // check if they are valid arguments. The optional fields
+        // should be  consistent with settings in KDCOptions.
+        if (options.get(KDCOptions.FORWARDABLE) &&
+                (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
+            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
+        if (options.get(KDCOptions.FORWARDED)) {
+            if (!(asCreds.flags.get(KDCOptions.FORWARDABLE)))
+                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
+        if (options.get(KDCOptions.PROXIABLE) &&
+                (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) {
+            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
+        if (options.get(KDCOptions.PROXY)) {
+            if (!(asCreds.flags.get(KDCOptions.PROXIABLE)))
+                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
+        if (options.get(KDCOptions.ALLOW_POSTDATE) &&
+                (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) {
+            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
+        if (options.get(KDCOptions.RENEWABLE) &&
+                (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) {
+            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        }
 
-                if (options.get(KDCOptions.POSTDATED)) {
-                    if (!(asCreds.flags.get(KDCOptions.POSTDATED)))
-                        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                } else {
-                    if (from != null)  from = null;
-                }
-                if (options.get(KDCOptions.RENEWABLE)) {
-                    if (!(asCreds.flags.get(KDCOptions.RENEWABLE)))
-                        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                } else {
-                    if (rtime != null)  rtime = null;
-                }
-                if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
-                    if (additionalTickets == null)
-                        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
-                    // in TGS_REQ there could be more than one additional
-                    // tickets,  but in file-based credential cache,
-                    // there is only one additional ticket field.
-                        secondTicket = additionalTickets[0];
-                } else {
-                    if (additionalTickets != null)
-                        additionalTickets = null;
-                }
+        if (options.get(KDCOptions.POSTDATED)) {
+            if (!(asCreds.flags.get(KDCOptions.POSTDATED)))
+                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        } else {
+            if (from != null)  from = null;
+        }
+        if (options.get(KDCOptions.RENEWABLE)) {
+            if (!(asCreds.flags.get(KDCOptions.RENEWABLE)))
+                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+        } else {
+            if (rtime != null)  rtime = null;
+        }
+        if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
+            if (additionalTickets == null)
+                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
+            // in TGS_REQ there could be more than one additional
+            // tickets,  but in file-based credential cache,
+            // there is only one additional ticket field.
+                secondTicket = additionalTickets[0];
+        } else {
+            if (additionalTickets != null)
+                additionalTickets = null;
+        }
 
-                tgsReqMessg = createRequest(
-                        options,
-                        asCreds.ticket,
-                        asCreds.key,
-                        ctime,
-                        princName,
-                        princName.getRealm(),
-                        servName,
-                        from,
-                        till,
-                        rtime,
-                        eTypes,
-                        addresses,
-                        authorizationData,
-                        additionalTickets,
-                        subKey);
-                obuf = tgsReqMessg.asn1Encode();
+        tgsReqMessg = createRequest(
+                options,
+                asCreds.ticket,
+                asCreds.key,
+                ctime,
+                princName,
+                princName.getRealm(),
+                servName,
+                from,
+                till,
+                rtime,
+                eTypes,
+                addresses,
+                authorizationData,
+                additionalTickets,
+                subKey);
+        obuf = tgsReqMessg.asn1Encode();
 
-                // XXX We need to revisit this to see if can't move it
-                // up such that FORWARDED flag set in the options
-                // is included in the marshaled request.
-                /*
-                 * If this is based on a forwarded ticket, record that in the
-                 * options, because the returned TgsRep will contain the
-                 * FORWARDED flag set.
-                 */
-                if (asCreds.flags.get(KDCOptions.FORWARDED))
-                    options.set(KDCOptions.FORWARDED, true);
+        // XXX We need to revisit this to see if can't move it
+        // up such that FORWARDED flag set in the options
+        // is included in the marshaled request.
+        /*
+         * If this is based on a forwarded ticket, record that in the
+         * options, because the returned TgsRep will contain the
+         * FORWARDED flag set.
+         */
+        if (asCreds.flags.get(KDCOptions.FORWARDED))
+            options.set(KDCOptions.FORWARDED, true);
 
 
-        }
+    }
 
     /**
      * Sends a TGS request to the realm of the target.
--- a/jdk/src/share/classes/sun/security/krb5/internal/APRep.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/APRep.java	Mon Mar 17 23:03:51 2008 -0700
@@ -54,81 +54,88 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class APRep {
-        public int pvno;
-        public int msgType;
-        public EncryptedData encPart;
 
-        public APRep(EncryptedData new_encPart) {
-                pvno = Krb5.PVNO;
-                msgType = Krb5.KRB_AP_REP;
-                encPart = new_encPart;
-        }
+    public int pvno;
+    public int msgType;
+    public EncryptedData encPart;
 
-        public APRep(byte[] data) throws Asn1Exception,
-                KrbApErrException, IOException {
-                init(new DerValue(data));
-        }
+    public APRep(EncryptedData new_encPart) {
+        pvno = Krb5.PVNO;
+        msgType = Krb5.KRB_AP_REP;
+        encPart = new_encPart;
+    }
+
+    public APRep(byte[] data) throws Asn1Exception,
+            KrbApErrException, IOException {
+        init(new DerValue(data));
+    }
 
     public APRep(DerValue encoding) throws Asn1Exception,
-                KrbApErrException, IOException {
-                init(encoding);
-        }
+            KrbApErrException, IOException {
+        init(encoding);
+    }
 
-        /**
-         * Initializes an APRep object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception KrbApErrException if the value read from the DER-encoded data
-         *  stream does not match the pre-defined value.
-         */
+    /**
+     * Initializes an APRep object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception KrbApErrException if the value read from the DER-encoded data
+     *  stream does not match the pre-defined value.
+     */
     private void init(DerValue encoding) throws Asn1Exception,
-                KrbApErrException, IOException {
+            KrbApErrException, IOException {
 
-                if (((encoding.getTag() & (byte)(0x1F)) != Krb5.KRB_AP_REP)
-             || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                DerValue der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                DerValue subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        pvno = subDer.getData().getBigInteger().intValue();
-        if (pvno != Krb5.PVNO)
-                                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) != (byte)0x01)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                msgType = subDer.getData().getBigInteger().intValue();
-                if (msgType != Krb5.KRB_AP_REP)
-                                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
-                encPart = EncryptedData.parse(der.getData(), (byte)0x02, false);
-                if (der.getData().available() > 0)
+        if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
             throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        DerValue der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        DerValue subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        pvno = subDer.getData().getBigInteger().intValue();
+        if (pvno != Krb5.PVNO) {
+            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        msgType = subDer.getData().getBigInteger().intValue();
+        if (msgType != Krb5.KRB_AP_REP) {
+            throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
+        }
+        encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        /**
-         * Encodes an APRep object.
-         * @return byte array of encoded APRep object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an APRep object.
+     * @return byte array of encoded APRep object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream bytes = new DerOutputStream();
-            DerOutputStream temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(pvno));
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(msgType));
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), encPart.asn1Encode());
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                DerOutputStream aprep = new DerOutputStream();
-                aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0F), temp);
-                return aprep.toByteArray();
-        }
-
+        DerOutputStream temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(pvno));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp);
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(msgType));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), encPart.asn1Encode());
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        DerOutputStream aprep = new DerOutputStream();
+        aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0F), temp);
+        return aprep.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/APReq.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/APReq.java	Mon Mar 17 23:03:51 2008 -0700
@@ -54,94 +54,98 @@
  * <a href="http://www.ietf.org/rfc/rfc4120.txt">
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
+public class APReq {
 
-public class APReq {
-        public int pvno;
-        public int msgType;
-        public APOptions apOptions;
-        public Ticket ticket;
-        public EncryptedData authenticator;
+    public int pvno;
+    public int msgType;
+    public APOptions apOptions;
+    public Ticket ticket;
+    public EncryptedData authenticator;
 
-        public APReq(
-                APOptions new_apOptions,
-                Ticket new_ticket,
-                EncryptedData new_authenticator
-        ) {
-                pvno = Krb5.PVNO;
-                msgType = Krb5.KRB_AP_REQ;
-                apOptions = new_apOptions;
-                ticket = new_ticket;
-                authenticator = new_authenticator;
-        }
+    public APReq(
+            APOptions new_apOptions,
+            Ticket new_ticket,
+            EncryptedData new_authenticator) {
+        pvno = Krb5.PVNO;
+        msgType = Krb5.KRB_AP_REQ;
+        apOptions = new_apOptions;
+        ticket = new_ticket;
+        authenticator = new_authenticator;
+    }
 
-        public APReq(byte[] data) throws Asn1Exception,IOException, KrbApErrException, RealmException {
+    public APReq(byte[] data) throws Asn1Exception, IOException, KrbApErrException, RealmException {
         init(new DerValue(data));
-        }
+    }
 
     public APReq(DerValue encoding) throws Asn1Exception, IOException, KrbApErrException, RealmException {
-                init(encoding);
+        init(encoding);
+    }
+
+    /**
+     * Initializes an APReq object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
+     * @exception RealmException if an error occurs while parsing a Realm object.
+     */
+    private void init(DerValue encoding) throws Asn1Exception,
+            IOException, KrbApErrException, RealmException {
+        DerValue der, subDer;
+        if (((encoding.getTag() & (byte) 0x1F) != Krb5.KRB_AP_REQ)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        pvno = subDer.getData().getBigInteger().intValue();
+        if (pvno != Krb5.PVNO) {
+            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        msgType = subDer.getData().getBigInteger().intValue();
+        if (msgType != Krb5.KRB_AP_REQ) {
+            throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
+        }
+        apOptions = APOptions.parse(der.getData(), (byte) 0x02, false);
+        ticket = Ticket.parse(der.getData(), (byte) 0x03, false);
+        authenticator = EncryptedData.parse(der.getData(), (byte) 0x04, false);
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        /**
-         * Initializes an APReq object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
-         * @exception RealmException if an error occurs while parsing a Realm object.
-         */
-        private void init(DerValue encoding) throws Asn1Exception,
-           IOException, KrbApErrException, RealmException {
-                DerValue der, subDer;
-        if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_AP_REQ)
-                        || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                der = encoding.getData().getDerValue();
-                if (der.getTag() != DerValue.tag_Sequence)
-                   throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-        if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        pvno = subDer.getData().getBigInteger().intValue();
-        if (pvno != Krb5.PVNO)
-                                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) != (byte)0x01)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                msgType = subDer.getData().getBigInteger().intValue();
-                if (msgType != Krb5.KRB_AP_REQ)
-                         throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
-                apOptions = APOptions.parse(der.getData(), (byte)0x02, false);
-                ticket = Ticket.parse(der.getData(), (byte)0x03, false);
-                authenticator = EncryptedData.parse(der.getData(), (byte)0x04, false);
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
-
-        /**
-         * Encodes an APReq object.
-         * @return byte array of encoded APReq object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an APReq object.
+     * @return byte array of encoded APReq object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream bytes = new DerOutputStream();
-            DerOutputStream temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(pvno));
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(msgType));
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), apOptions.asn1Encode());
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), ticket.asn1Encode());
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authenticator.asn1Encode());
-            temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                DerOutputStream apreq = new DerOutputStream();
-                apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0E), temp);
-                return apreq.toByteArray();
-
-        }
-
+        DerOutputStream temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(pvno));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp);
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(msgType));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), apOptions.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), ticket.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), authenticator.asn1Encode());
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        DerOutputStream apreq = new DerOutputStream();
+        apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0E), temp);
+        return apreq.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java	Mon Mar 17 23:03:51 2008 -0700
@@ -40,30 +40,28 @@
 
 public class ASRep extends KDCRep {
 
-        public ASRep(
-                PAData[] new_pAData,
-                Realm new_crealm,
-                PrincipalName new_cname,
-                Ticket new_ticket,
-                EncryptedData new_encPart
-        ) throws IOException {
-                super(new_pAData, new_crealm, new_cname, new_ticket,
-                        new_encPart, Krb5.KRB_AS_REP);
-        }
+    public ASRep(
+            PAData[] new_pAData,
+            Realm new_crealm,
+            PrincipalName new_cname,
+            Ticket new_ticket,
+            EncryptedData new_encPart) throws IOException {
+        super(new_pAData, new_crealm, new_cname, new_ticket,
+                new_encPart, Krb5.KRB_AS_REP);
+    }
 
-        public ASRep(byte[] data) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(new DerValue(data));
-        }
+    public ASRep(byte[] data) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(new DerValue(data));
+    }
 
-     public ASRep(DerValue encoding) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(encoding);
-        }
+    public ASRep(DerValue encoding) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(encoding);
+    }
 
-        private void init(DerValue encoding) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(encoding, Krb5.KRB_AS_REP);
-        }
-
+    private void init(DerValue encoding) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(encoding, Krb5.KRB_AS_REP);
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java	Mon Mar 17 23:03:51 2008 -0700
@@ -36,20 +36,19 @@
 
 public class ASReq extends KDCReq {
 
-        public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException {
-                super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ);
-        }
+    public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException {
+        super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ);
+    }
 
-        public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException {
-                init(new DerValue(data));
-        }
+    public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException {
+        init(new DerValue(data));
+    }
 
     public ASReq(DerValue encoding) throws Asn1Exception, KrbException, IOException {
-                init(encoding);
-        }
+        init(encoding);
+    }
 
-        private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException {
-                super.init(encoding, Krb5.KRB_AS_REQ);
-        }
-
+    private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException {
+        super.init(encoding, Krb5.KRB_AS_REQ);
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java	Mon Mar 17 23:03:51 2008 -0700
@@ -34,6 +34,7 @@
 import java.util.Vector;
 import java.io.IOException;
 import java.math.BigInteger;
+
 /**
  * Implements the ASN.1 Authenticator type.
  *
@@ -58,6 +59,7 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class Authenticator {
+
     public int authenticator_vno;
     public Realm crealm;
     public PrincipalName cname;
@@ -68,137 +70,145 @@
     Integer seqNumber; //optional
     public AuthorizationData authorizationData; //optional
 
-        public Authenticator (
-                Realm new_crealm,
-                PrincipalName new_cname,
-                Checksum new_cksum,
-                int new_cusec,
-                KerberosTime new_ctime,
-                EncryptionKey new_subKey,
-                Integer new_seqNumber,
-                AuthorizationData new_authorizationData
-        ) {
-                authenticator_vno = Krb5.AUTHNETICATOR_VNO;
-                crealm = new_crealm;
-                cname = new_cname;
-                cksum = new_cksum;
-                cusec = new_cusec;
-                ctime = new_ctime;
-                subKey = new_subKey;
-                seqNumber = new_seqNumber;
-                authorizationData = new_authorizationData;
+    public Authenticator(
+            Realm new_crealm,
+            PrincipalName new_cname,
+            Checksum new_cksum,
+            int new_cusec,
+            KerberosTime new_ctime,
+            EncryptionKey new_subKey,
+            Integer new_seqNumber,
+            AuthorizationData new_authorizationData) {
+        authenticator_vno = Krb5.AUTHNETICATOR_VNO;
+        crealm = new_crealm;
+        cname = new_cname;
+        cksum = new_cksum;
+        cusec = new_cusec;
+        ctime = new_ctime;
+        subKey = new_subKey;
+        seqNumber = new_seqNumber;
+        authorizationData = new_authorizationData;
+    }
+
+    public Authenticator(byte[] data)
+            throws Asn1Exception, IOException, KrbApErrException, RealmException {
+        init(new DerValue(data));
+    }
+
+    public Authenticator(DerValue encoding)
+            throws Asn1Exception, IOException, KrbApErrException, RealmException {
+        init(encoding);
+    }
+
+    /**
+     * Initializes an Authenticator object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception KrbApErrException if the value read from the DER-encoded data
+     *  stream does not match the pre-defined value.
+     * @exception RealmException if an error occurs while parsing a Realm object.
+     */
+    private void init(DerValue encoding)
+            throws Asn1Exception, IOException, KrbApErrException, RealmException {
+        DerValue der, subDer;
+        //may not be the correct error code for a tag
+        //mismatch on an encrypted structure
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x02)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        authenticator_vno = subDer.getData().getBigInteger().intValue();
+        if (authenticator_vno != 5) {
+            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+        }
+        crealm = Realm.parse(der.getData(), (byte) 0x01, false);
+        cname = PrincipalName.parse(der.getData(), (byte) 0x02, false);
+        cksum = Checksum.parse(der.getData(), (byte) 0x03, true);
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) == 0x04) {
+            cusec = subDer.getData().getBigInteger().intValue();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        ctime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
+        if (der.getData().available() > 0) {
+            subKey = EncryptionKey.parse(der.getData(), (byte) 0x06, true);
+        } else {
+            subKey = null;
+            seqNumber = null;
+            authorizationData = null;
+        }
+        if (der.getData().available() > 0) {
+            if ((der.getData().peekByte() & 0x1F) == 0x07) {
+                subDer = der.getData().getDerValue();
+                if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x07) {
+                    seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
+                }
+            }
+        } else {
+            seqNumber = null;
+            authorizationData = null;
+        }
+        if (der.getData().available() > 0) {
+            authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x08, true);
+        } else {
+            authorizationData = null;
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public Authenticator(byte[] data)
-                throws Asn1Exception, IOException, KrbApErrException, RealmException {
-                init(new DerValue(data));
+    /**
+     * Encodes an Authenticator object.
+     * @return byte array of encoded Authenticator object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        Vector<DerValue> v = new Vector<DerValue>();
+        DerOutputStream temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(authenticator_vno));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray()));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode()));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode()));
+        if (cksum != null) {
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));
         }
-
-        public Authenticator(DerValue encoding)
-                throws Asn1Exception,IOException, KrbApErrException, RealmException {
-                init(encoding);
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(cusec));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), temp.toByteArray()));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), ctime.asn1Encode()));
+        if (subKey != null) {
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), subKey.asn1Encode()));
         }
-
-        /**
-         * Initializes an Authenticator object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception KrbApErrException if the value read from the DER-encoded data
-         *  stream does not match the pre-defined value.
-         * @exception RealmException if an error occurs while parsing a Realm object.
-         */
-        private void init(DerValue encoding)
-                throws Asn1Exception, IOException, KrbApErrException, RealmException {
-                DerValue der, subDer;
-                        //may not be the correct error code for a tag
-                        //mismatch on an encrypted structure
-        if (((encoding.getTag() & (byte)0x1F) != (byte)0x02)
-             || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        authenticator_vno = subDer.getData().getBigInteger().intValue();
-                if (authenticator_vno != 5)
-            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-                crealm = Realm.parse(der.getData(), (byte)0x01, false);
-                cname = PrincipalName.parse(der.getData(), (byte)0x02, false);
-                cksum = Checksum.parse(der.getData(), (byte)0x03, true);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) == 0x04) {
-                        cusec = subDer.getData().getBigInteger().intValue();
-                }
-                else throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                ctime = KerberosTime.parse(der.getData(), (byte)0x05, false);
-                if (der.getData().available() > 0) {
-                        subKey = EncryptionKey.parse(der.getData(), (byte)0x06, true);
-                }
-                else {
-                        subKey = null;
-                        seqNumber = null;
-                        authorizationData = null;
-                }
-                if (der.getData().available() > 0) {
-                        if ((der.getData().peekByte() & 0x1F) == 0x07) {
-                                subDer = der.getData().getDerValue();
-                                if ((subDer.getTag() & (byte)0x1F) == (byte)0x07)
-                                        seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
-                        }
-                }
-                else {
-                        seqNumber = null;
-                        authorizationData = null;
-                }
-                if (der.getData().available() > 0) {
-                        authorizationData = AuthorizationData.parse(der.getData(), (byte)0x08, true);
-                }
-                else authorizationData = null;
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        if (seqNumber != null) {
+            temp = new DerOutputStream();
+            // encode as an unsigned integer (UInt32)
+            temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), temp.toByteArray()));
         }
-
-        /**
-         * Encodes an Authenticator object.
-         * @return byte array of encoded Authenticator object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
-                Vector<DerValue> v = new Vector<DerValue> ();
-                DerOutputStream temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(authenticator_vno));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp.toByteArray()));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), crealm.asn1Encode()));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.asn1Encode()));
-                if (cksum != null)
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cksum.asn1Encode()));
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(cusec));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), temp.toByteArray()));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ctime.asn1Encode()));
-                if (subKey != null)
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), subKey.asn1Encode()));
-                if (seqNumber != null)   {
-                        temp = new DerOutputStream();
-                        // encode as an unsigned integer (UInt32)
-                        temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), temp.toByteArray()));
-                }
-                if (authorizationData != null)
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), authorizationData.asn1Encode()));
-                DerValue der[] = new DerValue[v.size()];
-                v.copyInto(der);
-                temp = new DerOutputStream();
-                temp.putSequence(der);
-                DerOutputStream out = new DerOutputStream();
-                out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x02), temp);
-                return out.toByteArray();
+        if (authorizationData != null) {
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), authorizationData.asn1Encode()));
         }
+        DerValue der[] = new DerValue[v.size()];
+        v.copyInto(der);
+        temp = new DerOutputStream();
+        temp.putSequence(der);
+        DerOutputStream out = new DerOutputStream();
+        out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x02), temp);
+        return out.toByteArray();
+    }
 
     public final Checksum getChecksum() {
         return cksum;
@@ -211,5 +221,4 @@
     public final EncryptionKey getSubKey() {
         return subKey;
     }
-
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java	Mon Mar 17 23:03:51 2008 -0700
@@ -53,82 +53,81 @@
  * }
  */
 public class AuthorizationData implements Cloneable {
-        private AuthorizationDataEntry[] entry = null;
 
-        private AuthorizationData() {
+    private AuthorizationDataEntry[] entry = null;
+
+    private AuthorizationData() {
+    }
+
+    public AuthorizationData(AuthorizationDataEntry[] new_entries)
+            throws IOException {
+        if (new_entries != null) {
+            entry = new AuthorizationDataEntry[new_entries.length];
+            for (int i = 0; i < new_entries.length; i++) {
+                if (new_entries[i] == null) {
+                    throw new IOException("Cannot create an AuthorizationData");
+                } else {
+                    entry[i] = (AuthorizationDataEntry) new_entries[i].clone();
+                }
+            }
         }
+    }
 
-        public AuthorizationData(
-                AuthorizationDataEntry[] new_entries
-        ) throws IOException {
-                if (new_entries != null) {
-                   entry = new AuthorizationDataEntry[new_entries.length];
-                   for (int i = 0; i < new_entries.length; i++) {
-                        if (new_entries[i] == null) {
-                           throw new IOException("Cannot create an AuthorizationData");
-                        } else {
-                           entry[i] = (AuthorizationDataEntry)new_entries[i].clone();
-                        }
-                   }
-                }
+    public AuthorizationData(AuthorizationDataEntry new_entry) {
+        entry = new AuthorizationDataEntry[1];
+        entry[0] = new_entry;
+    }
+
+    public Object clone() {
+        AuthorizationData new_authorizationData =
+                new AuthorizationData();
+        if (entry != null) {
+            new_authorizationData.entry =
+                    new AuthorizationDataEntry[entry.length];
+            for (int i = 0; i < entry.length; i++) {
+                new_authorizationData.entry[i] =
+                        (AuthorizationDataEntry) entry[i].clone();
+            }
         }
+        return new_authorizationData;
+    }
 
-        public AuthorizationData(
-                AuthorizationDataEntry new_entry
-        ) {
-                entry = new AuthorizationDataEntry[1];
-                entry[0] = new_entry;
+    /**
+     * Constructs a new <code>AuthorizationData,</code> instance.
+     * @param der a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public AuthorizationData(DerValue der) throws Asn1Exception, IOException {
+        Vector<AuthorizationDataEntry> v =
+                new Vector<AuthorizationDataEntry>();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        while (der.getData().available() > 0) {
+            v.addElement(new AuthorizationDataEntry(der.getData().getDerValue()));
+        }
+        if (v.size() > 0) {
+            entry = new AuthorizationDataEntry[v.size()];
+            v.copyInto(entry);
+        }
+    }
 
-        public Object clone() {
-                AuthorizationData new_authorizationData =
-                        new AuthorizationData();
-                if (entry != null) {
-                        new_authorizationData.entry =
-                                new AuthorizationDataEntry[entry.length];
-                        for (int i = 0; i < entry.length; i++)
-                                new_authorizationData.entry[i] =
-                                        (AuthorizationDataEntry)entry[i].clone();
-                }
-                return new_authorizationData;
+    /**
+     * Encodes an <code>AuthorizationData</code> object.
+     * @return byte array of encoded <code>AuthorizationData</code> object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        DerOutputStream bytes = new DerOutputStream();
+        DerValue der[] = new DerValue[entry.length];
+        for (int i = 0; i < entry.length; i++) {
+            der[i] = new DerValue(entry[i].asn1Encode());
         }
-
-        /**
-         * Constructs a new <code>AuthorizationData,</code> instance.
-         * @param der a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public AuthorizationData(DerValue der) throws Asn1Exception, IOException {
-                Vector<AuthorizationDataEntry> v =
-                    new Vector<AuthorizationDataEntry> ();
-                if (der.getTag() != DerValue.tag_Sequence) {
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                }
-                while (der.getData().available() > 0) {
-                        v.addElement(new AuthorizationDataEntry(der.getData().getDerValue()));
-                }
-                if (v.size() > 0) {
-                        entry = new AuthorizationDataEntry[v.size()];
-                        v.copyInto(entry);
-                }
-        }
-
-        /**
-         * Encodes an <code>AuthorizationData</code> object.
-         * @return byte array of encoded <code>AuthorizationData</code> object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
-                DerOutputStream bytes = new DerOutputStream();
-                DerValue der[] = new DerValue[entry.length];
-                for (int i = 0; i < entry.length; i++) {
-                        der[i] = new DerValue(entry[i].asn1Encode());
-                }
-                bytes.putSequence(der);
-                return bytes.toByteArray();
-        }
+        bytes.putSequence(der);
+        return bytes.toByteArray();
+    }
 
     /**
      * Parse (unmarshal) an <code>AuthorizationData</code> object from a DER input stream.
@@ -143,31 +142,30 @@
      * @return an instance of AuthorizationData.
      *
      */
-        public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException{
-                if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) {
-                        return null;
-                }
-                DerValue der = data.getDerValue();
-                if (explicitTag != (der.getTag() & (byte)0x1F))  {
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                }
-                else {
-                        DerValue subDer = der.getData().getDerValue();
-                        return new AuthorizationData(subDer);
-                }
+    public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException {
+        if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag)) {
+            return null;
         }
+        DerValue der = data.getDerValue();
+        if (explicitTag != (der.getTag() & (byte) 0x1F)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        } else {
+            DerValue subDer = der.getData().getDerValue();
+            return new AuthorizationData(subDer);
+        }
+    }
 
-        /**
-         * Writes <code>AuthorizationData</code> data fields to a output stream.
-         *
-         * @param cos a <code>CCacheOutputStream</code> to be written to.
-         * @exception IOException if an I/O exception occurs.
-         */
-        public void writeAuth(CCacheOutputStream cos) throws IOException {
-                for (int i = 0; i < entry.length; i++) {
-                        entry[i].writeEntry(cos);
-                }
+    /**
+     * Writes <code>AuthorizationData</code> data fields to a output stream.
+     *
+     * @param cos a <code>CCacheOutputStream</code> to be written to.
+     * @exception IOException if an I/O exception occurs.
+     */
+    public void writeAuth(CCacheOutputStream cos) throws IOException {
+        for (int i = 0; i < entry.length; i++) {
+            entry[i].writeEntry(cos);
         }
+    }
 
     public String toString() {
         String retVal = "AuthorizationData:\n";
--- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java	Mon Mar 17 23:03:51 2008 -0700
@@ -35,90 +35,90 @@
 import sun.security.krb5.internal.ccache.CCacheOutputStream;
 
 public class AuthorizationDataEntry implements Cloneable {
-        public int adType;
-        public byte[] adData;
 
-        private AuthorizationDataEntry() {
+    public int adType;
+    public byte[] adData;
+
+    private AuthorizationDataEntry() {
+    }
+
+    public AuthorizationDataEntry(
+            int new_adType,
+            byte[] new_adData) {
+        adType = new_adType;
+        adData = new_adData;
+    }
+
+    public Object clone() {
+        AuthorizationDataEntry new_authorizationDataEntry =
+                new AuthorizationDataEntry();
+        new_authorizationDataEntry.adType = adType;
+        if (adData != null) {
+            new_authorizationDataEntry.adData = new byte[adData.length];
+            System.arraycopy(adData, 0,
+                    new_authorizationDataEntry.adData, 0, adData.length);
         }
+        return new_authorizationDataEntry;
+    }
 
-        public AuthorizationDataEntry(
-                int new_adType,
-                byte[] new_adData
-        ) {
-                adType = new_adType;
-                adData = new_adData;
-        }
-
-        public Object clone() {
-                AuthorizationDataEntry new_authorizationDataEntry =
-                        new AuthorizationDataEntry();
-                new_authorizationDataEntry.adType = adType;
-                if (adData != null) {
-                        new_authorizationDataEntry.adData = new byte[adData.length];
-                        System.arraycopy(adData, 0,
-                                new_authorizationDataEntry.adData, 0, adData.length);
-                }
-                return new_authorizationDataEntry;
-        }
-
-        /**
-         * Constructs an instance of AuthorizationDataEntry.
-         * @param encoding a single DER-encoded value.
-         */
-        public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException {
-                DerValue der;
+    /**
+     * Constructs an instance of AuthorizationDataEntry.
+     * @param encoding a single DER-encoded value.
+     */
+    public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException {
+        DerValue der;
         if (encoding.getTag() != DerValue.tag_Sequence) {
             throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                }
-                der = encoding.getData().getDerValue();
-        if ((der.getTag() & (byte)0x1F) == (byte)0x00) {
-                        adType = der.getData().getBigInteger().intValue();
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
         der = encoding.getData().getDerValue();
-        if ((der.getTag() & (byte)0x1F) == (byte)0x01) {
-                        adData = der.getData().getOctetString();
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        if (encoding.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        if ((der.getTag() & (byte) 0x1F) == (byte) 0x00) {
+            adType = der.getData().getBigInteger().intValue();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & (byte) 0x1F) == (byte) 0x01) {
+            adData = der.getData().getOctetString();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if (encoding.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        /**
-         * Encodes an AuthorizationDataEntry object.
-         * @return byte array of encoded AuthorizationDataEntry object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an AuthorizationDataEntry object.
+     * @return byte array of encoded AuthorizationDataEntry object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream bytes = new DerOutputStream();
-                DerOutputStream temp = new DerOutputStream();
-                temp.putInteger(adType);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-                temp = new DerOutputStream();
-                temp.putOctetString(adData);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                return temp.toByteArray();
-        }
+        DerOutputStream temp = new DerOutputStream();
+        temp.putInteger(adType);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp);
+        temp = new DerOutputStream();
+        temp.putOctetString(adData);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp);
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        return temp.toByteArray();
+    }
 
-        /**
-         * Writes the entry's data fields in FCC format to an output stream.
-         *
-         * @param cos a <code>CCacheOutputStream</code>.
-         * @exception IOException if an I/O exception occurs.
-         */
-        public void writeEntry(CCacheOutputStream cos) throws IOException {
-                cos.write16(adType);
-                cos.write32(adData.length);
-                cos.write(adData, 0, adData.length);
-        }
+    /**
+     * Writes the entry's data fields in FCC format to an output stream.
+     *
+     * @param cos a <code>CCacheOutputStream</code>.
+     * @exception IOException if an I/O exception occurs.
+     */
+    public void writeEntry(CCacheOutputStream cos) throws IOException {
+        cos.write16(adType);
+        cos.write32(adData.length);
+        cos.write(adData, 0, adData.length);
+    }
 
     public String toString() {
         return ("adType=" + adType + " adData.length=" + adData.length);
     }
-
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ETypeInfo2.java	Mon Mar 17 23:03:51 2008 -0700
@@ -100,16 +100,16 @@
 
         // salt
         if (encoding.getData().available() > 0) {
-            der = encoding.getData().getDerValue();
-            if ((der.getTag() & 0x1F) == 0x01) {
+            if ((encoding.getData().peekByte() & 0x1F) == 0x01) {
+                der = encoding.getData().getDerValue();
                 this.saltStr = der.getData().getGeneralString();
             }
         }
 
         // s2kparams
         if (encoding.getData().available() > 0) {
-            der = encoding.getData().getDerValue();
-            if ((der.getTag() & 0x1F) == 0x02) {
+            if ((encoding.getData().peekByte() & 0x1F) == 0x02) {
+                der = encoding.getData().getDerValue();
                 this.s2kparams = der.getData().getOctetString();
             }
         }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -55,102 +55,111 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class EncAPRepPart {
-        public KerberosTime ctime;
-        public int cusec;
+
+    public KerberosTime ctime;
+    public int cusec;
     EncryptionKey subKey; //optional
     Integer seqNumber; //optional
 
-        public EncAPRepPart(
-                KerberosTime new_ctime,
-                int new_cusec,
-                EncryptionKey new_subKey,
-                Integer new_seqNumber
-        ) {
-                ctime = new_ctime;
-                cusec = new_cusec;
-                subKey = new_subKey;
-                seqNumber = new_seqNumber;
+    public EncAPRepPart(
+            KerberosTime new_ctime,
+            int new_cusec,
+            EncryptionKey new_subKey,
+            Integer new_seqNumber) {
+        ctime = new_ctime;
+        cusec = new_cusec;
+        subKey = new_subKey;
+        seqNumber = new_seqNumber;
+    }
+
+    public EncAPRepPart(byte[] data)
+            throws Asn1Exception, IOException {
+        init(new DerValue(data));
+    }
+
+    public EncAPRepPart(DerValue encoding)
+            throws Asn1Exception, IOException {
+        init(encoding);
+    }
+
+    /**
+     * Initializes an EncaPRepPart object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    private void init(DerValue encoding) throws Asn1Exception, IOException {
+        DerValue der, subDer;
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1B)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        ctime = KerberosTime.parse(der.getData(), (byte) 0x00, true);
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x01) {
+            cusec = subDer.getData().getBigInteger().intValue();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if (der.getData().available() > 0) {
+            subKey = EncryptionKey.parse(der.getData(), (byte) 0x02, true);
+        } else {
+            subKey = null;
+            seqNumber = null;
+        }
+        if (der.getData().available() > 0) {
+            subDer = der.getData().getDerValue();
+            if ((subDer.getTag() & 0x1F) != 0x03) {
+                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+            }
+            seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
+        } else {
+            seqNumber = null;
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public EncAPRepPart(byte[] data)
-                throws Asn1Exception, IOException {
-                init(new DerValue(data));
+    /**
+     * Encodes an EncAPRepPart object.
+     * @return byte array of encoded EncAPRepPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        Vector<DerValue> v = new Vector<DerValue>();
+        DerOutputStream temp = new DerOutputStream();
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), ctime.asn1Encode()));
+        temp.putInteger(BigInteger.valueOf(cusec));
+        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), temp.toByteArray()));
+        if (subKey != null) {
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x02), subKey.asn1Encode()));
         }
-
-        public EncAPRepPart(DerValue encoding)
-                throws Asn1Exception, IOException {
-                init(encoding);
+        if (seqNumber != null) {
+            temp = new DerOutputStream();
+            // encode as an unsigned integer (UInt32)
+            temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x03), temp.toByteArray()));
         }
-
-        /**
-         * Initializes an EncaPRepPart object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        private void init(DerValue encoding) throws Asn1Exception, IOException {
-                DerValue der, subDer;
-        if (((encoding.getTag() & (byte)0x1F) != (byte)0x1B)
-             || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                ctime = KerberosTime.parse(der.getData(), (byte)0x00, true);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) == (byte)0x01) {
-                        cusec = subDer.getData().getBigInteger().intValue();
-                }
-        else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                if (der.getData().available() > 0) {
-                        subKey = EncryptionKey.parse(der.getData(), (byte)0x02, true);
-                }
-                else {
-                        subKey = null;
-                        seqNumber = null;
-                }
-                if (der.getData().available() > 0) {
-                        subDer = der.getData().getDerValue();
-                        if ((subDer.getTag() & 0x1F) != 0x03) {
-                                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                        }
-                        seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
-                }
-                else seqNumber = null;
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
-
-        /**
-         * Encodes an EncAPRepPart object.
-         * @return byte array of encoded EncAPRepPart object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException{
-                Vector<DerValue> v = new Vector<DerValue> ();
-        DerOutputStream temp = new DerOutputStream();
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), ctime.asn1Encode()));
-                temp.putInteger(BigInteger.valueOf(cusec));
-                v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp.toByteArray()));
-                if (subKey != null)
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), subKey.asn1Encode()));
-                if (seqNumber != null) {
-                        temp = new DerOutputStream();
-                        // encode as an unsigned integer (UInt32)
-                        temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
-                        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp.toByteArray()));
-                }
-                DerValue der[] = new DerValue[v.size()];
-                v.copyInto(der);
-                temp = new DerOutputStream();
-                temp.putSequence(der);
+        DerValue der[] = new DerValue[v.size()];
+        v.copyInto(der);
+        temp = new DerOutputStream();
+        temp.putSequence(der);
         DerOutputStream out = new DerOutputStream();
-        out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1B), temp);
-                return out.toByteArray();
-        }
+        out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) 0x1B), temp);
+        return out.toByteArray();
+    }
 
     public final EncryptionKey getSubKey() {
         return subKey;
@@ -159,5 +168,4 @@
     public final Integer getSeqNumber() {
         return seqNumber;
     }
-
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -36,57 +36,55 @@
 
 public class EncASRepPart extends EncKDCRepPart {
 
-        public EncASRepPart(
-                EncryptionKey new_key,
-                LastReq new_lastReq,
-                int new_nonce,
-                KerberosTime new_keyExpiration,
-                TicketFlags new_flags,
-                KerberosTime new_authtime,
-                KerberosTime new_starttime,
-                KerberosTime new_endtime,
-                KerberosTime new_renewTill,
-                Realm new_srealm,
-                PrincipalName new_sname,
-                HostAddresses new_caddr
-        ) {
-                super(
-                        new_key,
-                        new_lastReq,
-                        new_nonce,
-                        new_keyExpiration,
-                        new_flags,
-                        new_authtime,
-                        new_starttime,
-                        new_endtime,
-                        new_renewTill,
-                        new_srealm,
-                        new_sname,
-                        new_caddr,
-                        Krb5.KRB_ENC_AS_REP_PART
-                        //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic
-                        //behavior of other implementaions, instead of above
+    public EncASRepPart(
+            EncryptionKey new_key,
+            LastReq new_lastReq,
+            int new_nonce,
+            KerberosTime new_keyExpiration,
+            TicketFlags new_flags,
+            KerberosTime new_authtime,
+            KerberosTime new_starttime,
+            KerberosTime new_endtime,
+            KerberosTime new_renewTill,
+            Realm new_srealm,
+            PrincipalName new_sname,
+            HostAddresses new_caddr) {
+        super(
+                new_key,
+                new_lastReq,
+                new_nonce,
+                new_keyExpiration,
+                new_flags,
+                new_authtime,
+                new_starttime,
+                new_endtime,
+                new_renewTill,
+                new_srealm,
+                new_sname,
+                new_caddr,
+                Krb5.KRB_ENC_AS_REP_PART
                 );
-        }
+        //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic
+        //behavior of other implementaions, instead of above
+    }
 
-        public EncASRepPart(byte[] data) throws Asn1Exception,
-                IOException, KrbException {
-         init(new DerValue(data));
-        }
+    public EncASRepPart(byte[] data) throws Asn1Exception,
+            IOException, KrbException {
+        init(new DerValue(data));
+    }
 
-        public EncASRepPart(DerValue encoding) throws Asn1Exception,
-                IOException, KrbException {
-                init(encoding);
-        }
+    public EncASRepPart(DerValue encoding) throws Asn1Exception,
+            IOException, KrbException {
+        init(encoding);
+    }
 
-        private void init(DerValue encoding) throws Asn1Exception,
-                IOException, KrbException {
-                init(encoding, Krb5.KRB_ENC_AS_REP_PART);
-        }
+    private void init(DerValue encoding) throws Asn1Exception,
+            IOException, KrbException {
+        init(encoding, Krb5.KRB_ENC_AS_REP_PART);
+    }
 
-        public byte[] asn1Encode() throws Asn1Exception,
-                IOException {
-                return asn1Encode(Krb5.KRB_ENC_AS_REP_PART);
-        }
-
+    public byte[] asn1Encode() throws Asn1Exception,
+            IOException {
+        return asn1Encode(Krb5.KRB_ENC_AS_REP_PART);
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -36,6 +36,7 @@
 import java.util.Vector;
 import java.io.IOException;
 import java.math.BigInteger;
+
 /**
  * Implements the ASN.1 EncKDCRepPart type.
  *
@@ -63,143 +64,163 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class EncKDCRepPart {
-        public EncryptionKey key;
-        public LastReq lastReq;
-        public int nonce;
-        public KerberosTime keyExpiration; //optional
-        public TicketFlags flags;
-        public KerberosTime authtime;
-        public KerberosTime starttime; //optional
-        public KerberosTime endtime;
-        public KerberosTime renewTill; //optional
-        public Realm srealm;
-        public PrincipalName sname;
-        public HostAddresses caddr; //optional
-        public int msgType; //not included in sequence
 
-        public EncKDCRepPart(
-                EncryptionKey new_key,
-                LastReq new_lastReq,
-                int new_nonce,
-                KerberosTime new_keyExpiration,
-                TicketFlags new_flags,
-                KerberosTime new_authtime,
-                KerberosTime new_starttime,
-                KerberosTime new_endtime,
-                KerberosTime new_renewTill,
-                Realm new_srealm,
-                PrincipalName new_sname,
-                HostAddresses new_caddr,
-                int new_msgType
-        ) {
-                key = new_key;
-                lastReq = new_lastReq;
-                nonce = new_nonce;
-                keyExpiration = new_keyExpiration;
-                flags = new_flags;
-                authtime = new_authtime;
-                starttime = new_starttime;
-                endtime = new_endtime;
-                renewTill = new_renewTill;
-                srealm = new_srealm;
-                sname = new_sname;
-                caddr = new_caddr;
-                msgType = new_msgType;
+    public EncryptionKey key;
+    public LastReq lastReq;
+    public int nonce;
+    public KerberosTime keyExpiration; //optional
+    public TicketFlags flags;
+    public KerberosTime authtime;
+    public KerberosTime starttime; //optional
+    public KerberosTime endtime;
+    public KerberosTime renewTill; //optional
+    public Realm srealm;
+    public PrincipalName sname;
+    public HostAddresses caddr; //optional
+    public int msgType; //not included in sequence
+
+    public EncKDCRepPart(
+            EncryptionKey new_key,
+            LastReq new_lastReq,
+            int new_nonce,
+            KerberosTime new_keyExpiration,
+            TicketFlags new_flags,
+            KerberosTime new_authtime,
+            KerberosTime new_starttime,
+            KerberosTime new_endtime,
+            KerberosTime new_renewTill,
+            Realm new_srealm,
+            PrincipalName new_sname,
+            HostAddresses new_caddr,
+            int new_msgType) {
+        key = new_key;
+        lastReq = new_lastReq;
+        nonce = new_nonce;
+        keyExpiration = new_keyExpiration;
+        flags = new_flags;
+        authtime = new_authtime;
+        starttime = new_starttime;
+        endtime = new_endtime;
+        renewTill = new_renewTill;
+        srealm = new_srealm;
+        sname = new_sname;
+        caddr = new_caddr;
+        msgType = new_msgType;
+    }
+
+    public EncKDCRepPart() {
+    }
+
+    public EncKDCRepPart(byte[] data, int rep_type)
+            throws Asn1Exception, IOException, RealmException {
+        init(new DerValue(data), rep_type);
+    }
+
+    public EncKDCRepPart(DerValue encoding, int rep_type)
+            throws Asn1Exception, IOException, RealmException {
+        init(encoding, rep_type);
+    }
+
+    /**
+     * Initializes an EncKDCRepPart object.
+     *
+     * @param encoding a single DER-encoded value.
+     * @param rep_type type of the encrypted reply message.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception RealmException if an error occurs while decoding an Realm object.
+     */
+    protected void init(DerValue encoding, int rep_type)
+            throws Asn1Exception, IOException, RealmException {
+        DerValue der, subDer;
+        //implementations return the incorrect tag value, so
+        //we don't use the above line; instead we use the following
+        msgType = (encoding.getTag() & (byte) 0x1F);
+        if (msgType != Krb5.KRB_ENC_AS_REP_PART &&
+                msgType != Krb5.KRB_ENC_TGS_REP_PART) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        key = EncryptionKey.parse(der.getData(), (byte) 0x00, false);
+        lastReq = LastReq.parse(der.getData(), (byte) 0x01, false);
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) {
+            nonce = subDer.getData().getBigInteger().intValue();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true);
+        flags = TicketFlags.parse(der.getData(), (byte) 0x04, false);
+        authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
+        starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
+        endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
+        renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
+        srealm = Realm.parse(der.getData(), (byte) 0x09, false);
+        sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false);
+        if (der.getData().available() > 0) {
+            caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public EncKDCRepPart() {
-        }
-
-        public EncKDCRepPart(byte[] data, int rep_type)
-                throws Asn1Exception, IOException, RealmException{
-                init(new DerValue(data), rep_type);
-        }
-
-        public EncKDCRepPart(DerValue encoding, int rep_type)
-                throws Asn1Exception, IOException, RealmException
-                {
-                init(encoding, rep_type);
-        }
-
-        /**
-         * Initializes an EncKDCRepPart object.
-         *
-         * @param encoding a single DER-encoded value.
-         * @param rep_type type of the encrypted reply message.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception RealmException if an error occurs while decoding an Realm object.
-         */
-        protected void init(DerValue encoding, int rep_type)
-                throws Asn1Exception, IOException, RealmException
-                 {
-                DerValue der, subDer;
-                //implementations return the incorrect tag value, so
-                //we don't use the above line; instead we use the following
-                msgType = (encoding.getTag() & (byte)0x1F);
-        if (msgType != Krb5.KRB_ENC_AS_REP_PART &&
-                        msgType != Krb5.KRB_ENC_TGS_REP_PART)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                key = EncryptionKey.parse(der.getData(), (byte)0x00, false);
-                lastReq = LastReq.parse(der.getData(), (byte)0x01, false);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) == (byte)0x02)
-                        nonce = subDer.getData().getBigInteger().intValue();
-                else  throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                keyExpiration = KerberosTime.parse(der.getData(), (byte)0x03, true);
-                flags = TicketFlags.parse(der.getData(), (byte)0x04, false);
-                authtime =      KerberosTime.parse(der.getData(), (byte)0x05, false);
-                starttime = KerberosTime.parse(der.getData(), (byte)0x06, true);
-                endtime = KerberosTime.parse(der.getData(), (byte)0x07, false);
-                renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true);
-                srealm = Realm.parse(der.getData(), (byte)0x09, false);
-                sname = PrincipalName.parse(der.getData(), (byte)0x0A, false);
-                if (der.getData().available() > 0)
-                        caddr = HostAddresses.parse(der.getData(), (byte)0x0B, true);
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
-
-        /**
-         * Encodes an EncKDCRepPart object.
-         * @param rep_type type of encrypted reply message.
-         * @return byte array of encoded EncKDCRepPart object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode(int rep_type) throws Asn1Exception,
-                IOException {
+    /**
+     * Encodes an EncKDCRepPart object.
+     * @param rep_type type of encrypted reply message.
+     * @return byte array of encoded EncKDCRepPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode(int rep_type) throws Asn1Exception,
+            IOException {
         DerOutputStream temp = new DerOutputStream();
         DerOutputStream bytes = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), lastReq.asn1Encode());
-                temp.putInteger(BigInteger.valueOf(nonce));
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), key.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), lastReq.asn1Encode());
+        temp.putInteger(BigInteger.valueOf(nonce));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x02), temp);
 
-                if (keyExpiration != null)
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), keyExpiration.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), flags.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode());
-                if (starttime != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode());
-                if (renewTill != null)
-             bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), srealm.asn1Encode());
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode());
-                if (caddr != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0B), caddr.asn1Encode());
-                //should use the rep_type to build the encoding
-                //but other implementations do not; it is ignored and
-                //the cached msgType is used instead
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                bytes = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), temp);
-                return bytes.toByteArray();
+        if (keyExpiration != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x03), keyExpiration.asn1Encode());
         }
-
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x04), flags.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x05), authtime.asn1Encode());
+        if (starttime != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x06), starttime.asn1Encode());
+        }
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x07), endtime.asn1Encode());
+        if (renewTill != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x08), renewTill.asn1Encode());
+        }
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x09), srealm.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x0A), sname.asn1Encode());
+        if (caddr != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x0B), caddr.asn1Encode());
+        }
+        //should use the rep_type to build the encoding
+        //but other implementations do not; it is ignored and
+        //the cached msgType is used instead
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) msgType), temp);
+        return bytes.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -36,6 +36,7 @@
 import java.util.Vector;
 import java.io.IOException;
 import java.math.BigInteger;
+
 /**
  * Implements the ASN.1 EncKrbCredPart type.
  *
@@ -57,148 +58,158 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class EncKrbCredPart {
-        public KrbCredInfo[] ticketInfo = null;
-        public KerberosTime timeStamp; //optional
 
-        private Integer nonce; //optional
-        private Integer usec; //optional
-        private HostAddress sAddress; //optional
-        private HostAddresses rAddress; //optional
+    public KrbCredInfo[] ticketInfo = null;
+    public KerberosTime timeStamp; //optional
+    private Integer nonce; //optional
+    private Integer usec; //optional
+    private HostAddress sAddress; //optional
+    private HostAddresses rAddress; //optional
 
-        public EncKrbCredPart(
-                KrbCredInfo[] new_ticketInfo,
-                KerberosTime new_timeStamp,
-                Integer new_usec,
-                Integer new_nonce,
-                HostAddress new_sAddress,
-                HostAddresses new_rAddress
-        ) throws IOException {
-                if (new_ticketInfo != null) {
-                   ticketInfo = new KrbCredInfo[new_ticketInfo.length];
-                   for (int i = 0; i < new_ticketInfo.length; i++) {
-                        if (new_ticketInfo[i] == null) {
-                           throw new IOException("Cannot create a EncKrbCredPart");
-                        } else {
-                           ticketInfo[i] = (KrbCredInfo)new_ticketInfo[i].clone();
-                        }
-                   }
+    public EncKrbCredPart(
+            KrbCredInfo[] new_ticketInfo,
+            KerberosTime new_timeStamp,
+            Integer new_usec,
+            Integer new_nonce,
+            HostAddress new_sAddress,
+            HostAddresses new_rAddress) throws IOException {
+        if (new_ticketInfo != null) {
+            ticketInfo = new KrbCredInfo[new_ticketInfo.length];
+            for (int i = 0; i < new_ticketInfo.length; i++) {
+                if (new_ticketInfo[i] == null) {
+                    throw new IOException("Cannot create a EncKrbCredPart");
+                } else {
+                    ticketInfo[i] = (KrbCredInfo) new_ticketInfo[i].clone();
                 }
-                timeStamp = new_timeStamp;
-                usec = new_usec;
-                nonce = new_nonce;
-                sAddress = new_sAddress;
-                rAddress = new_rAddress;
+            }
+        }
+        timeStamp = new_timeStamp;
+        usec = new_usec;
+        nonce = new_nonce;
+        sAddress = new_sAddress;
+        rAddress = new_rAddress;
+    }
+
+    public EncKrbCredPart(byte[] data) throws Asn1Exception,
+            IOException, RealmException {
+        init(new DerValue(data));
+    }
+
+    public EncKrbCredPart(DerValue encoding) throws Asn1Exception,
+            IOException, RealmException {
+        init(encoding);
+    }
+
+    /**
+     * Initializes an EncKrbCredPart object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception RealmException if an error occurs while parsing a Realm object.
+     */
+    private void init(DerValue encoding) throws Asn1Exception,
+            IOException, RealmException {
+        DerValue der, subDer;
+        //may not be the correct error code for a tag
+        //mismatch on an encrypted structure
+        nonce = null;
+        timeStamp = null;
+        usec = null;
+        sAddress = null;
+        rAddress = null;
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1D)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
 
-        public EncKrbCredPart(byte[] data) throws Asn1Exception,
-                IOException, RealmException {
-                init(new DerValue(data));
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) {
+            DerValue derValues[] = subDer.getData().getSequence(1);
+            ticketInfo = new KrbCredInfo[derValues.length];
+            for (int i = 0; i < derValues.length; i++) {
+                ticketInfo[i] = new KrbCredInfo(derValues[i]);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        if (der.getData().available() > 0) {
+            if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x01) {
+                subDer = der.getData().getDerValue();
+                nonce = new Integer(subDer.getData().getBigInteger().intValue());
+            }
+        }
+        if (der.getData().available() > 0) {
+            timeStamp = KerberosTime.parse(der.getData(), (byte) 0x02, true);
+        }
+        if (der.getData().available() > 0) {
+            if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x03) {
+                subDer = der.getData().getDerValue();
+                usec = new Integer(subDer.getData().getBigInteger().intValue());
+            }
+        }
+        if (der.getData().available() > 0) {
+            sAddress = HostAddress.parse(der.getData(), (byte) 0x04, true);
+        }
+        if (der.getData().available() > 0) {
+            rAddress = HostAddresses.parse(der.getData(), (byte) 0x05, true);
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public EncKrbCredPart(DerValue encoding) throws Asn1Exception,
-                IOException, RealmException {
-                init(encoding);
+    /**
+     * Encodes an EncKrbCredPart object.
+     * @return byte array of encoded EncKrbCredPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     *
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        DerOutputStream bytes = new DerOutputStream();
+        DerOutputStream temp = new DerOutputStream();
+        DerValue[] tickets = new DerValue[ticketInfo.length];
+        for (int i = 0; i < ticketInfo.length; i++) {
+            tickets[i] = new DerValue(ticketInfo[i].asn1Encode());
         }
+        temp.putSequence(tickets);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), temp);
 
-        /**
-         * Initializes an EncKrbCredPart object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception RealmException if an error occurs while parsing a Realm object.
-         */
-        private void init(DerValue encoding) throws Asn1Exception,
-                IOException, RealmException {
-                DerValue der, subDer;
-                        //may not be the correct error code for a tag
-                        //mismatch on an encrypted structure
-                nonce = null;
-                timeStamp = null;
-                usec= null;
-        sAddress = null;
-        rAddress = null;
-        if (((encoding.getTag() & (byte)0x1F) != (byte)0x1D)
-             || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) {
-           DerValue derValues[] = subDer.getData().getSequence(1);
-                   ticketInfo = new KrbCredInfo[derValues.length];
-                   for (int i = 0; i < derValues.length; i++) {
-                           ticketInfo[i] = new KrbCredInfo(derValues[i]);
-                   }
-                }
-        else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                if (der.getData().available() > 0) {
-                        if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x01) {
-                                subDer = der.getData().getDerValue();
-                                nonce = new Integer(subDer.getData().getBigInteger().intValue());
-                        }
-                }
-                if (der.getData().available() >0) {
-                        timeStamp = KerberosTime.parse(der.getData(), (byte)0x02, true);
-                }
-        if (der.getData().available() >0) {
-                        if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x03) {
-                                subDer = der.getData().getDerValue();
-                                usec = new Integer(subDer.getData().getBigInteger().intValue());
-                        }
-                }
-        if (der.getData().available() >0) {
-                        sAddress = HostAddress.parse(der.getData(), (byte)0x04, true);
-                }
-        if (der.getData().available() >0) {
-                        rAddress = HostAddresses.parse(der.getData(), (byte)0x05, true);
-                }
-        if (der.getData().available() >0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        if (nonce != null) {
+            temp = new DerOutputStream();
+            temp.putInteger(BigInteger.valueOf(nonce.intValue()));
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x01), temp);
         }
-
-       /**
-        * Encodes an EncKrbCredPart object.
-        * @return byte array of encoded EncKrbCredPart object.
-        * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-        * @exception IOException if an I/O error occurs while reading encoded data.
-        *
-        */
-        public byte[] asn1Encode() throws Asn1Exception, IOException{
-        DerOutputStream bytes = new DerOutputStream();
-            DerOutputStream temp = new DerOutputStream();
-                DerValue[] tickets = new DerValue[ticketInfo.length];
-                for (int i = 0; i < ticketInfo.length; i++)
-                        tickets[i] = new DerValue(ticketInfo[i].asn1Encode());
-                temp.putSequence(tickets);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-
-                if (nonce != null) {
+        if (timeStamp != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x02), timeStamp.asn1Encode());
+        }
+        if (usec != null) {
             temp = new DerOutputStream();
-                        temp.putInteger(BigInteger.valueOf(nonce.intValue()));
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-                }
-        if (timeStamp != null) {
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), timeStamp.asn1Encode());
-                }
-                if (usec != null) {
-                        temp = new DerOutputStream();
-                        temp.putInteger(BigInteger.valueOf(usec.intValue()));
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
-                }
-                if (sAddress != null) {
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode());
-                }
-                if (rAddress != null) {
-                        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode());
-                }
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                bytes = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1D), temp);
-                return bytes.toByteArray();
+            temp.putInteger(BigInteger.valueOf(usec.intValue()));
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x03), temp);
         }
+        if (sAddress != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x04), sAddress.asn1Encode());
+        }
+        if (rAddress != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x05), rAddress.asn1Encode());
+        }
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) 0x1D), temp);
+        return bytes.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -55,114 +55,119 @@
  * <a href="http://www.ietf.org/rfc/rfc4120.txt">
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
+public class EncKrbPrivPart {
 
-public class EncKrbPrivPart {
-        public byte[] userData = null;
-        public KerberosTime timestamp; //optional
-        public Integer usec; //optional
-        public Integer seqNumber; //optional
-        public HostAddress sAddress; //optional
-        public HostAddress rAddress; //optional
+    public byte[] userData = null;
+    public KerberosTime timestamp; //optional
+    public Integer usec; //optional
+    public Integer seqNumber; //optional
+    public HostAddress sAddress; //optional
+    public HostAddress rAddress; //optional
 
-        public EncKrbPrivPart(
-                byte[] new_userData,
-                KerberosTime new_timestamp,
-                Integer new_usec,
-                Integer new_seqNumber,
-                HostAddress new_sAddress,
-                HostAddress new_rAddress
-        ) {
-                if (new_userData != null) {
-                   userData = new_userData.clone();
-                }
-                timestamp = new_timestamp;
-                usec = new_usec;
-                seqNumber = new_seqNumber;
-                sAddress = new_sAddress;
-                rAddress = new_rAddress;
+    public EncKrbPrivPart(
+            byte[] new_userData,
+            KerberosTime new_timestamp,
+            Integer new_usec,
+            Integer new_seqNumber,
+            HostAddress new_sAddress,
+            HostAddress new_rAddress) {
+        if (new_userData != null) {
+            userData = new_userData.clone();
         }
+        timestamp = new_timestamp;
+        usec = new_usec;
+        seqNumber = new_seqNumber;
+        sAddress = new_sAddress;
+        rAddress = new_rAddress;
+    }
 
-        public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException {
-                init(new DerValue(data));
+    public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException {
+        init(new DerValue(data));
+    }
+
+    public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException {
+        init(encoding);
+    }
+
+    /**
+     * Initializes an EncKrbPrivPart object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    private void init(DerValue encoding) throws Asn1Exception, IOException {
+        DerValue der, subDer;
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1C)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) {
+            userData = subDer.getData().getOctetString();
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        timestamp = KerberosTime.parse(der.getData(), (byte) 0x01, true);
+        if ((der.getData().peekByte() & 0x1F) == 0x02) {
+            subDer = der.getData().getDerValue();
+            usec = new Integer(subDer.getData().getBigInteger().intValue());
+        } else {
+            usec = null;
+        }
+        if ((der.getData().peekByte() & 0x1F) == 0x03) {
+            subDer = der.getData().getDerValue();
+            seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
+        } else {
+            seqNumber = null;
+        }
+        sAddress = HostAddress.parse(der.getData(), (byte) 0x04, false);
+        if (der.getData().available() > 0) {
+            rAddress = HostAddress.parse(der.getData(), (byte) 0x05, true);
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException {
-                init(encoding);
-        }
-
-        /**
-         * Initializes an EncKrbPrivPart object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        private void init(DerValue encoding) throws Asn1Exception, IOException {
-        DerValue der, subDer;
-                if (((encoding.getTag() & (byte)0x1F) != (byte)0x1C)
-                        || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                der = encoding.getData().getDerValue();
-        if (der.getTag() != DerValue.tag_Sequence)
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) {
-                        userData = subDer.getData().getOctetString();
-                }
-        else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                timestamp = KerberosTime.parse(der.getData(), (byte)0x01, true);
-                if ((der.getData().peekByte() & 0x1F) == 0x02) {
-                        subDer = der.getData().getDerValue();
-                        usec = new Integer(subDer.getData().getBigInteger().intValue());
-                }
-                else usec = null;
-                if ((der.getData().peekByte() & 0x1F) == 0x03 ) {
-                        subDer = der.getData().getDerValue();
-                        seqNumber = new Integer(subDer.getData().getBigInteger().intValue());
-                }
-                else seqNumber = null;
-                sAddress = HostAddress.parse(der.getData(), (byte)0x04, false);
-                if (der.getData().available() > 0) {
-                        rAddress = HostAddress.parse(der.getData(), (byte)0x05, true);
-                }
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
-
-       /**
-        * Encodes an EncKrbPrivPart object.
-        * @return byte array of encoded EncKrbPrivPart object.
-        * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-        * @exception IOException if an I/O error occurs while reading encoded data.
-        */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an EncKrbPrivPart object.
+     * @return byte array of encoded EncKrbPrivPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream temp = new DerOutputStream();
         DerOutputStream bytes = new DerOutputStream();
 
-                temp.putOctetString(userData);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-                if (timestamp != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), timestamp.asn1Encode());
-                if (usec != null) {
-                        temp = new DerOutputStream();
-                        temp.putInteger(BigInteger.valueOf(usec.intValue()));
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp);
-                }
-                if (seqNumber != null) {
-                        temp = new DerOutputStream();
-                        // encode as an unsigned integer (UInt32)
-                        temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
-                }
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode());
-                if (rAddress != null) {
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode());
-                }
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_Sequence, bytes);
-                bytes = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1C), temp);
-                return bytes.toByteArray();
+        temp.putOctetString(userData);
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp);
+        if (timestamp != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), timestamp.asn1Encode());
         }
+        if (usec != null) {
+            temp = new DerOutputStream();
+            temp.putInteger(BigInteger.valueOf(usec.intValue()));
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), temp);
+        }
+        if (seqNumber != null) {
+            temp = new DerOutputStream();
+            // encode as an unsigned integer (UInt32)
+            temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), temp);
+        }
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), sAddress.asn1Encode());
+        if (rAddress != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), rAddress.asn1Encode());
+        }
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x1C), temp);
+        return bytes.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -35,55 +35,52 @@
 
 public class EncTGSRepPart extends EncKDCRepPart {
 
-        public EncTGSRepPart(
-                EncryptionKey new_key,
-                LastReq new_lastReq,
-                int new_nonce,
-                KerberosTime new_keyExpiration,
-                TicketFlags new_flags,
-                KerberosTime new_authtime,
-                KerberosTime new_starttime,
-                KerberosTime new_endtime,
-                KerberosTime new_renewTill,
-                Realm new_srealm,
-                PrincipalName new_sname,
-                HostAddresses new_caddr
-        ) {
-                super(
-                        new_key,
-                        new_lastReq,
-                        new_nonce,
-                        new_keyExpiration,
-                        new_flags,
-                        new_authtime,
-                        new_starttime,
-                        new_endtime,
-                        new_renewTill,
-                        new_srealm,
-                        new_sname,
-                        new_caddr,
-                        Krb5.KRB_ENC_TGS_REP_PART
-                );
-        }
+    public EncTGSRepPart(
+            EncryptionKey new_key,
+            LastReq new_lastReq,
+            int new_nonce,
+            KerberosTime new_keyExpiration,
+            TicketFlags new_flags,
+            KerberosTime new_authtime,
+            KerberosTime new_starttime,
+            KerberosTime new_endtime,
+            KerberosTime new_renewTill,
+            Realm new_srealm,
+            PrincipalName new_sname,
+            HostAddresses new_caddr) {
+        super(
+                new_key,
+                new_lastReq,
+                new_nonce,
+                new_keyExpiration,
+                new_flags,
+                new_authtime,
+                new_starttime,
+                new_endtime,
+                new_renewTill,
+                new_srealm,
+                new_sname,
+                new_caddr,
+                Krb5.KRB_ENC_TGS_REP_PART);
+    }
 
-        public EncTGSRepPart(byte[] data) throws Asn1Exception,
-                IOException, KrbException {
-                init(new DerValue(data));
-        }
+    public EncTGSRepPart(byte[] data) throws Asn1Exception,
+            IOException, KrbException {
+        init(new DerValue(data));
+    }
 
-        public EncTGSRepPart(DerValue encoding) throws Asn1Exception,
-                IOException, KrbException {
-                init(encoding);
-        }
+    public EncTGSRepPart(DerValue encoding) throws Asn1Exception,
+            IOException, KrbException {
+        init(encoding);
+    }
 
-        private void init(DerValue encoding) throws Asn1Exception,
-                IOException, KrbException {
-                init(encoding, Krb5.KRB_ENC_TGS_REP_PART);
-        }
+    private void init(DerValue encoding) throws Asn1Exception,
+            IOException, KrbException {
+        init(encoding, Krb5.KRB_ENC_TGS_REP_PART);
+    }
 
-        public byte[] asn1Encode() throws Asn1Exception,
-                IOException {
-                return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART);
-        }
-
+    public byte[] asn1Encode() throws Asn1Exception,
+            IOException {
+        return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART);
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java	Mon Mar 17 23:03:51 2008 -0700
@@ -62,69 +62,68 @@
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
 public class EncTicketPart {
-        public TicketFlags flags;
-        public EncryptionKey key;
-        public Realm crealm;
-        public PrincipalName cname;
-        public TransitedEncoding transited;
-        public KerberosTime authtime;
-        public KerberosTime starttime; //optional
-        public KerberosTime endtime;
-        public KerberosTime renewTill; //optional
-        public HostAddresses caddr; //optional
-        public AuthorizationData authorizationData; //optional
 
-        public EncTicketPart(
-                TicketFlags new_flags,
-                EncryptionKey new_key,
-                Realm new_crealm,
-                PrincipalName new_cname,
-                TransitedEncoding new_transited,
-                KerberosTime new_authtime,
-                KerberosTime new_starttime,
-                KerberosTime new_endtime,
-                KerberosTime new_renewTill,
-                HostAddresses new_caddr,
-                AuthorizationData new_authorizationData
-        ) {
-                flags = new_flags;
-                key = new_key;
-                crealm = new_crealm;
-                cname = new_cname;
-                transited = new_transited;
-                authtime = new_authtime;
-                starttime = new_starttime;
-                endtime = new_endtime;
-                renewTill = new_renewTill;
-                caddr = new_caddr;
-                authorizationData = new_authorizationData;
-        }
+    public TicketFlags flags;
+    public EncryptionKey key;
+    public Realm crealm;
+    public PrincipalName cname;
+    public TransitedEncoding transited;
+    public KerberosTime authtime;
+    public KerberosTime starttime; //optional
+    public KerberosTime endtime;
+    public KerberosTime renewTill; //optional
+    public HostAddresses caddr; //optional
+    public AuthorizationData authorizationData; //optional
 
-        public EncTicketPart(byte[] data)
-                throws Asn1Exception, KrbException, IOException {
-                init(new DerValue(data));
-        }
+    public EncTicketPart(
+            TicketFlags new_flags,
+            EncryptionKey new_key,
+            Realm new_crealm,
+            PrincipalName new_cname,
+            TransitedEncoding new_transited,
+            KerberosTime new_authtime,
+            KerberosTime new_starttime,
+            KerberosTime new_endtime,
+            KerberosTime new_renewTill,
+            HostAddresses new_caddr,
+            AuthorizationData new_authorizationData) {
+        flags = new_flags;
+        key = new_key;
+        crealm = new_crealm;
+        cname = new_cname;
+        transited = new_transited;
+        authtime = new_authtime;
+        starttime = new_starttime;
+        endtime = new_endtime;
+        renewTill = new_renewTill;
+        caddr = new_caddr;
+        authorizationData = new_authorizationData;
+    }
 
-        public EncTicketPart(DerValue encoding)
-                throws Asn1Exception, KrbException, IOException {
-                init(encoding);
-        }
+    public EncTicketPart(byte[] data)
+            throws Asn1Exception, KrbException, IOException {
+        init(new DerValue(data));
+    }
 
-   /**
-    * Initializes an EncTicketPart object.
-    * @param encoding a single DER-encoded value.
-    * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-    * @exception IOException if an I/O error occurs while reading encoded data.
-    * @exception RealmException if an error occurs while parsing a Realm object.
-    */
+    public EncTicketPart(DerValue encoding)
+            throws Asn1Exception, KrbException, IOException {
+        init(encoding);
+    }
 
+    /**
+     * Initializes an EncTicketPart object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception RealmException if an error occurs while parsing a Realm object.
+     */
     private static String getHexBytes(byte[] bytes, int len)
-        throws IOException {
+            throws IOException {
 
         StringBuffer sb = new StringBuffer();
         for (int i = 0; i < len; i++) {
 
-            int b1 = (bytes[i]>>4) & 0x0f;
+            int b1 = (bytes[i] >> 4) & 0x0f;
             int b2 = bytes[i] & 0x0f;
 
             sb.append(Integer.toHexString(b1));
@@ -134,73 +133,91 @@
         return sb.toString();
     }
 
-        private void init(DerValue encoding)
-                throws Asn1Exception, IOException, RealmException {
-            DerValue der, subDer;
+    private void init(DerValue encoding)
+            throws Asn1Exception, IOException, RealmException {
+        DerValue der, subDer;
 
-            renewTill = null;
-            caddr = null;
-            authorizationData = null;
-            if (((encoding.getTag() & (byte)0x1F) != (byte)0x03)
+        renewTill = null;
+        caddr = null;
+        authorizationData = null;
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03)
                 || (encoding.isApplication() != true)
-                || (encoding.isConstructed() != true))
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            der = encoding.getData().getDerValue();
-            if (der.getTag() != DerValue.tag_Sequence)
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            flags = TicketFlags.parse(der.getData(), (byte)0x00, false);
-            key = EncryptionKey.parse(der.getData(), (byte)0x01, false);
-            crealm = Realm.parse(der.getData(), (byte)0x02, false);
-            cname = PrincipalName.parse(der.getData(), (byte)0x03, false);
-            transited = TransitedEncoding.parse(der.getData(), (byte)0x04, false);
-            authtime = KerberosTime.parse(der.getData(), (byte)0x05, false);
-            starttime = KerberosTime.parse(der.getData(), (byte)0x06, true);
-            endtime = KerberosTime.parse(der.getData(), (byte)0x07, false);
-            if (der.getData().available() > 0) {
-                renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true);
-            }
-            if (der.getData().available() > 0) {
-                caddr = HostAddresses.parse(der.getData(), (byte)0x09, true);
-            }
-            if (der.getData().available() > 0) {
-                authorizationData = AuthorizationData.parse(der.getData(), (byte)0x0A, true);
-            }
-            if (der.getData().available() > 0)
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
+        key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
+        crealm = Realm.parse(der.getData(), (byte) 0x02, false);
+        cname = PrincipalName.parse(der.getData(), (byte) 0x03, false);
+        transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
+        authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
+        starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
+        endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
+        if (der.getData().available() > 0) {
+            renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
+        }
+        if (der.getData().available() > 0) {
+            caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true);
+        }
+        if (der.getData().available() > 0) {
+            authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true);
+        }
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
 
-       /**
-        * Encodes an EncTicketPart object.
-        * @return byte array of encoded EncTicketPart object.
-        * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-        * @exception IOException if an I/O error occurs while reading encoded data.
-        */
+    }
 
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an EncTicketPart object.
+     * @return byte array of encoded EncTicketPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream bytes = new DerOutputStream();
-            DerOutputStream temp = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), flags.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), key.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cname.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), transited.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode());
-                if (starttime != null)
-           bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode());
-        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode());
+        DerOutputStream temp = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), flags.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), key.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x02), crealm.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x03), cname.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x04), transited.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x05), authtime.asn1Encode());
+        if (starttime != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x06), starttime.asn1Encode());
+        }
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x07), endtime.asn1Encode());
 
-                if (renewTill != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode());
+        if (renewTill != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x08), renewTill.asn1Encode());
+        }
 
-                if (caddr != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), caddr.asn1Encode());
+        if (caddr != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x09), caddr.asn1Encode());
+        }
 
-                if (authorizationData != null)
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), authorizationData.asn1Encode());
-                temp.write(DerValue.tag_Sequence, bytes);
-                bytes = new DerOutputStream();
-                bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x03), temp);
-                return bytes.toByteArray();
+        if (authorizationData != null) {
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x0A), authorizationData.asn1Encode());
         }
+        temp.write(DerValue.tag_Sequence, bytes);
+        bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) 0x03), temp);
+        return bytes.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java	Mon Mar 17 23:03:51 2008 -0700
@@ -35,6 +35,7 @@
 import java.util.Vector;
 import java.io.IOException;
 import java.math.BigInteger;
+
 /**
  * Implements the ASN.1 KDC-REP type.
  *
@@ -59,163 +60,168 @@
  * <a href="http://www.ietf.org/rfc/rfc4120.txt">
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
+public class KDCRep {
 
-public class KDCRep {
-        public Realm crealm;
-        public PrincipalName cname;
-        public Ticket ticket;
-        public EncryptedData encPart;
-        public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding
+    public Realm crealm;
+    public PrincipalName cname;
+    public Ticket ticket;
+    public EncryptedData encPart;
+    public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding
+    private int pvno;
+    private int msgType;
+    private PAData[] pAData = null; //optional
+    private boolean DEBUG = Krb5.DEBUG;
 
-        private int pvno;
-        private int msgType;
-        private PAData[] pAData = null; //optional
-        private boolean DEBUG = Krb5.DEBUG;
+    public KDCRep(
+            PAData[] new_pAData,
+            Realm new_crealm,
+            PrincipalName new_cname,
+            Ticket new_ticket,
+            EncryptedData new_encPart,
+            int req_type) throws IOException {
+        pvno = Krb5.PVNO;
+        msgType = req_type;
+        if (new_pAData != null) {
+            pAData = new PAData[new_pAData.length];
+            for (int i = 0; i < new_pAData.length; i++) {
+                if (new_pAData[i] == null) {
+                    throw new IOException("Cannot create a KDCRep");
+                } else {
+                    pAData[i] = (PAData) new_pAData[i].clone();
+                }
+            }
+        }
+        crealm = new_crealm;
+        cname = new_cname;
+        ticket = new_ticket;
+        encPart = new_encPart;
+    }
 
-        public KDCRep(
-                PAData[] new_pAData,
-                Realm new_crealm,
-                PrincipalName new_cname,
-                Ticket new_ticket,
-                EncryptedData new_encPart,
-                int req_type
-        ) throws IOException {
-                pvno = Krb5.PVNO;
-                msgType = req_type;
-                if (new_pAData != null) {
-                    pAData = new PAData[new_pAData.length];
-                    for (int i = 0; i < new_pAData.length; i++) {
-                        if (new_pAData[i] == null) {
-                            throw new IOException("Cannot create a KDCRep");
-                        } else {
-                            pAData[i] = (PAData)new_pAData[i].clone();
-                        }
-                    }
-                }
-                crealm = new_crealm;
-                cname = new_cname;
-                ticket = new_ticket;
-                encPart = new_encPart;
-        }
+    public KDCRep() {
+    }
 
-        public KDCRep() {
-        }
+    public KDCRep(byte[] data, int req_type) throws Asn1Exception,
+            KrbApErrException, RealmException, IOException {
+        init(new DerValue(data), req_type);
+    }
 
-        public KDCRep(byte[] data, int req_type) throws Asn1Exception, KrbApErrException, RealmException, IOException {
-                init(new DerValue(data), req_type);
-        }
-
-        public KDCRep(DerValue encoding, int req_type) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(encoding, req_type);
-        }
+    public KDCRep(DerValue encoding, int req_type) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(encoding, req_type);
+    }
 
     /*
     // Not used? Don't know what keyusage to use here %%%
+    public void decrypt(EncryptionKey key) throws Asn1Exception,
+            IOException, KrbException, RealmException {
+        encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key), msgType);
+    }
+     */
+    /**
+     * Initializes an KDCRep object.
+     *
+     * @param encoding a single DER-encoded value.
+     * @param req_type reply message type.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception RealmException if an error occurs while constructing
+     * a Realm object from DER-encoded data.
+     * @exception KrbApErrException if the value read from the DER-encoded
+     * data stream does not match the pre-defined value.
+     *
+     */
+    protected void init(DerValue encoding, int req_type)
+            throws Asn1Exception, RealmException, IOException,
+            KrbApErrException {
+        DerValue der, subDer;
+        if ((encoding.getTag() & 0x1F) != req_type) {
+            if (DEBUG) {
+                System.out.println(">>> KDCRep: init() " +
+                        "encoding tag is " +
+                        encoding.getTag() +
+                        " req type is " + req_type);
+            }
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x1F) == 0x00) {
+            pvno = subDer.getData().getBigInteger().intValue();
+            if (pvno != Krb5.PVNO) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x1F) == 0x01) {
+            msgType = subDer.getData().getBigInteger().intValue();
+            if (msgType != req_type) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if ((der.getData().peekByte() & 0x1F) == 0x02) {
+            subDer = der.getData().getDerValue();
+            DerValue[] padata = subDer.getData().getSequence(1);
+            pAData = new PAData[padata.length];
+            for (int i = 0; i < padata.length; i++) {
+                pAData[i] = new PAData(padata[i]);
+            }
+        } else {
+            pAData = null;
+        }
+        crealm = Realm.parse(der.getData(), (byte) 0x03, false);
+        cname = PrincipalName.parse(der.getData(), (byte) 0x04, false);
+        ticket = Ticket.parse(der.getData(), (byte) 0x05, false);
+        encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false);
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-        public void decrypt(EncryptionKey key) throws Asn1Exception,
-                IOException, KrbException, RealmException {
-                encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key),
-                        msgType);
+    /**
+     * Encodes this object to a byte array.
+     * @return byte array of encoded APReq object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     *
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+
+        DerOutputStream bytes = new DerOutputStream();
+        DerOutputStream temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(pvno));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), temp);
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(msgType));
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), temp);
+        if (pAData != null && pAData.length > 0) {
+            DerOutputStream padata_stream = new DerOutputStream();
+            for (int i = 0; i < pAData.length; i++) {
+                padata_stream.write(pAData[i].asn1Encode());
+            }
+            temp = new DerOutputStream();
+            temp.write(DerValue.tag_SequenceOf, padata_stream);
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x02), temp);
         }
-*/
-
-        /**
-         * Initializes an KDCRep object.
-         *
-         * @param encoding a single DER-encoded value.
-         * @param req_type reply message type.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception RealmException if an error occurs while constructing a Realm object from DER-encoded data.
-         * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
-         *
-         */
-        protected void init(DerValue encoding, int req_type)
-            throws Asn1Exception, RealmException, IOException,
-                   KrbApErrException {
-            DerValue der, subDer;
-            if ((encoding.getTag() & 0x1F) != req_type) {
-                if (DEBUG) {
-                    System.out.println(">>> KDCRep: init() " +
-                                       "encoding tag is " +
-                                       encoding.getTag() +
-                                       " req type is " + req_type);
-                }
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            }
-            der = encoding.getData().getDerValue();
-            if (der.getTag() != DerValue.tag_Sequence) {
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            }
-            subDer = der.getData().getDerValue();
-            if ((subDer.getTag() & 0x1F) == 0x00) {
-                pvno = subDer.getData().getBigInteger().intValue();
-                if (pvno != Krb5.PVNO)
-                    throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-            } else {
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            }
-            subDer = der.getData().getDerValue();
-            if ((subDer.getTag() & 0x1F) == 0x01) {
-                msgType = subDer.getData().getBigInteger().intValue();
-                if (msgType != req_type) {
-                    throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
-                }
-            } else {
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            }
-            if ((der.getData().peekByte() & 0x1F) == 0x02) {
-                subDer = der.getData().getDerValue();
-                DerValue[] padata = subDer.getData().getSequence(1);
-                pAData = new PAData[padata.length];
-                for (int i = 0; i < padata.length; i++) {
-                    pAData[i] = new PAData(padata[i]);
-                }
-            } else {
-                pAData = null;
-            }
-            crealm = Realm.parse(der.getData(), (byte)0x03, false);
-            cname = PrincipalName.parse(der.getData(), (byte)0x04, false);
-            ticket = Ticket.parse(der.getData(), (byte)0x05, false);
-            encPart = EncryptedData.parse(der.getData(), (byte)0x06, false);
-            if (der.getData().available() > 0) {
-                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-            }
-        }
-
-
-        /**
-         * Encodes this object to a byte array.
-         * @return byte array of encoded APReq object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         *
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
-
-            DerOutputStream bytes = new DerOutputStream();
-            DerOutputStream temp = new DerOutputStream();
-            temp.putInteger(BigInteger.valueOf(pvno));
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-            temp = new DerOutputStream();
-            temp.putInteger(BigInteger.valueOf(msgType));
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-            if (pAData != null && pAData.length > 0) {
-                DerOutputStream padata_stream = new DerOutputStream();
-                for (int i = 0; i < pAData.length; i++) {
-                    padata_stream.write(pAData[i].asn1Encode());
-                }
-                temp = new DerOutputStream();
-                temp.write(DerValue.tag_SequenceOf, padata_stream);
-                bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp);
-            }
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), crealm.asn1Encode());
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), cname.asn1Encode());
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ticket.asn1Encode());
-            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), encPart.asn1Encode());
-            temp = new DerOutputStream();
-            temp.write(DerValue.tag_Sequence, bytes);
-            return temp.toByteArray();
-        }
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x03), crealm.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x04), cname.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x05), ticket.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x06), encPart.asn1Encode());
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        return temp.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java	Mon Mar 17 23:03:51 2008 -0700
@@ -56,155 +56,160 @@
  * <a href="http://www.ietf.org/rfc/rfc4120.txt">
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
+public class KDCReq {
 
-public class KDCReq {
-        public KDCReqBody reqBody;
+    public KDCReqBody reqBody;
+    private int pvno;
+    private int msgType;
+    private PAData[] pAData = null; //optional
 
-        private int pvno;
-        private int msgType;
-        private PAData[] pAData = null; //optional
+    public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody,
+            int req_type) throws IOException {
+        pvno = Krb5.PVNO;
+        msgType = req_type;
+        if (new_pAData != null) {
+            pAData = new PAData[new_pAData.length];
+            for (int i = 0; i < new_pAData.length; i++) {
+                if (new_pAData[i] == null) {
+                    throw new IOException("Cannot create a KDCRep");
+                } else {
+                    pAData[i] = (PAData) new_pAData[i].clone();
+                }
+            }
+        }
+        reqBody = new_reqBody;
+    }
 
-        public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody,
-                int req_type) throws IOException {
-                pvno = Krb5.PVNO;
-                msgType = req_type;
-                if (new_pAData != null) {
-                    pAData = new PAData[new_pAData.length];
-                    for (int i = 0; i < new_pAData.length; i++) {
-                        if (new_pAData[i] == null) {
-                            throw new IOException("Cannot create a KDCRep");
-                        } else {
-                            pAData[i] = (PAData)new_pAData[i].clone();
-                        }
-                    }
-                }
-                reqBody = new_reqBody;
-        }
+    public KDCReq() {
+    }
 
-        public KDCReq() {
-        }
-
-        public KDCReq(byte[] data, int req_type) throws Asn1Exception,
-                IOException, KrbException {
+    public KDCReq(byte[] data, int req_type) throws Asn1Exception,
+            IOException, KrbException {
         init(new DerValue(data), req_type);
-        }
+    }
 
     /**
-         * Creates an KDCReq object from a DerValue object and asn1 type.
-         *
-         * @param der a DER value of an KDCReq object.
-         * @param req_type a encoded asn1 type value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exceptoin KrbErrException
-         */
+     * Creates an KDCReq object from a DerValue object and asn1 type.
+     *
+     * @param der a DER value of an KDCReq object.
+     * @param req_type a encoded asn1 type value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exceptoin KrbErrException
+     */
     public KDCReq(DerValue der, int req_type) throws Asn1Exception,
-                IOException, KrbException {
-                init(der, req_type);
+            IOException, KrbException {
+        init(der, req_type);
+    }
+
+    /**
+     * Initializes a KDCReq object from a DerValue.  The DER encoding
+     * must be in the format specified by the KRB_KDC_REQ ASN.1 notation.
+     *
+     * @param encoding a DER-encoded KDCReq object.
+     * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception KrbException if an error occurs while constructing a Realm object,
+     * or a Krb object from DER-encoded data.
+     */
+    protected void init(DerValue encoding, int req_type) throws Asn1Exception,
+            IOException, KrbException {
+        DerValue der, subDer;
+        BigInteger bint;
+        if ((encoding.getTag() & 0x1F) != req_type) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x01F) == 0x01) {
+            bint = subDer.getData().getBigInteger();
+            this.pvno = bint.intValue();
+            if (this.pvno != Krb5.PVNO) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x01F) == 0x02) {
+            bint = subDer.getData().getBigInteger();
+            this.msgType = bint.intValue();
+            if (this.msgType != req_type) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if ((der.getData().peekByte() & 0x1F) == 0x03) {
+            subDer = der.getData().getDerValue();
+            DerValue subsubDer = subDer.getData().getDerValue();
+            if (subsubDer.getTag() != DerValue.tag_SequenceOf) {
+                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+            }
+            Vector<PAData> v = new Vector<PAData>();
+            while (subsubDer.getData().available() > 0) {
+                v.addElement(new PAData(subsubDer.getData().getDerValue()));
+            }
+            if (v.size() > 0) {
+                pAData = new PAData[v.size()];
+                v.copyInto(pAData);
+            }
+        } else {
+            pAData = null;
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x01F) == 0x04) {
+            DerValue subsubDer = subDer.getData().getDerValue();
+            reqBody = new KDCReqBody(subsubDer, msgType);
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+    }
 
-   /**
-    * Initializes a KDCReq object from a DerValue.  The DER encoding
-    * must be in the format specified by the KRB_KDC_REQ ASN.1 notation.
-    *
-    * @param encoding a DER-encoded KDCReq object.
-    * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type
-    * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-    * @exception IOException if an I/O error occurs while reading encoded data.
-    * @exception KrbException if an error occurs while constructing a Realm object,
-    * or a Krb object from DER-encoded data.
-    */
-    protected void init(DerValue encoding, int req_type) throws Asn1Exception,
-                IOException, KrbException {
-                DerValue der, subDer;
-                BigInteger bint;
-                if ((encoding.getTag() & 0x1F) != req_type) {
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                }
-                der = encoding.getData().getDerValue();
-                if (der.getTag() != DerValue.tag_Sequence) {
-            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                }
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x01F) == 0x01) {
-                        bint = subDer.getData().getBigInteger();
-                        this.pvno = bint.intValue();
-            if (this.pvno != Krb5.PVNO)
-                                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-                }
-                else
-                 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x01F) == 0x02) {
-                        bint = subDer.getData().getBigInteger();
-                        this.msgType = bint.intValue();
-            if (this.msgType != req_type)
-                                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x01F) == 0x03) {
-                        DerValue subsubDer = subDer.getData().getDerValue();
-                        if (subsubDer.getTag() != DerValue.tag_SequenceOf) {
-                                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                        }
-                        Vector<PAData> v = new Vector<PAData> ();
-                        while (subsubDer.getData().available() > 0) {
-                                v.addElement(new PAData(subsubDer.getData().getDerValue()));
-                        }
-                        if (v.size() > 0) {
-                                pAData = new PAData[v.size()];
-                                v.copyInto(pAData);
-                        }
-                }
-                else pAData = null;
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x01F) == 0x04) {
-                        DerValue subsubDer = subDer.getData().getDerValue();
-                        reqBody = new KDCReqBody(subsubDer, msgType);
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+    /**
+     * Encodes this object to a byte array.
+     *
+     * @return an byte array of encoded data.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     *
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        DerOutputStream temp, bytes, out;
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(pvno));
+        out = new DerOutputStream();
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), temp);
+        temp = new DerOutputStream();
+        temp.putInteger(BigInteger.valueOf(msgType));
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x02), temp);
+        if (pAData != null && pAData.length > 0) {
+            temp = new DerOutputStream();
+            for (int i = 0; i < pAData.length; i++) {
+                temp.write(pAData[i].asn1Encode());
+            }
+            bytes = new DerOutputStream();
+            bytes.write(DerValue.tag_SequenceOf, temp);
+            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                    true, (byte) 0x03), bytes);
         }
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x04), reqBody.asn1Encode(msgType));
+        bytes = new DerOutputStream();
+        bytes.write(DerValue.tag_Sequence, out);
+        out = new DerOutputStream();
+        out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) msgType), bytes);
+        return out.toByteArray();
+    }
 
-   /**
-    * Encodes this object to a byte array.
-    *
-    * @return an byte array of encoded data.
-    * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-    * @exception IOException if an I/O error occurs while reading encoded data.
-    *
-    */
-    public byte[] asn1Encode() throws Asn1Exception, IOException {
-                DerOutputStream temp, bytes, out;
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(pvno));
-                out = new DerOutputStream();
-                out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(msgType));
-                out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp);
-        if (pAData != null && pAData.length > 0) {
-                        temp = new DerOutputStream();
-                        for (int i = 0; i < pAData.length; i++) {
-                                temp.write(pAData[i].asn1Encode());
-                        }
-                        bytes = new DerOutputStream();
-                        bytes.write(DerValue.tag_SequenceOf, temp);
-                        out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), bytes);
-                }
-                out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), reqBody.asn1Encode(msgType));
-                bytes = new DerOutputStream();
-                bytes.write(DerValue.tag_Sequence, out);
-                out = new DerOutputStream();
-                out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), bytes);
-                return out.toByteArray();
-        }
-
-        public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException
-        {
-                return reqBody.asn1Encode(msgType);
-        }
-
+    public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException {
+        return reqBody.asn1Encode(msgType);
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java	Mon Mar 17 23:03:51 2008 -0700
@@ -56,128 +56,134 @@
  * <a href="http://www.ietf.org/rfc/rfc4120.txt">
  * http://www.ietf.org/rfc/rfc4120.txt</a>.
  */
+public class KRBCred {
 
-public class KRBCred {
-        public Ticket[] tickets = null;
-        public EncryptedData encPart;
+    public Ticket[] tickets = null;
+    public EncryptedData encPart;
+    private int pvno;
+    private int msgType;
 
-        private int pvno;
-        private int msgType;
+    public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException {
+        pvno = Krb5.PVNO;
+        msgType = Krb5.KRB_CRED;
+        if (new_tickets != null) {
+            tickets = new Ticket[new_tickets.length];
+            for (int i = 0; i < new_tickets.length; i++) {
+                if (new_tickets[i] == null) {
+                    throw new IOException("Cannot create a KRBCred");
+                } else {
+                    tickets[i] = (Ticket) new_tickets[i].clone();
+                }
+            }
+        }
+        encPart = new_encPart;
+    }
 
-        public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException {
-                pvno = Krb5.PVNO;
-                msgType = Krb5.KRB_CRED;
-                if (new_tickets != null) {
-                    tickets = new Ticket[new_tickets.length];
-                    for (int i = 0; i < new_tickets.length; i++) {
-                        if (new_tickets[i] == null) {
-                            throw new IOException("Cannot create a KRBCred");
-                        } else {
-                            tickets[i] = (Ticket)new_tickets[i].clone();
-                        }
-                    }
-                }
-                encPart = new_encPart;
+    public KRBCred(byte[] data) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(new DerValue(data));
+    }
+
+    public KRBCred(DerValue encoding) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        init(encoding);
+    }
+
+    /**
+     * Initializes an KRBCred object.
+     * @param encoding a single DER-encoded value.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     * @exception KrbApErrException if the value read from the DER-encoded data
+     *  stream does not match the pre-defined value.
+     * @exception RealmException if an error occurs while parsing a Realm object.
+     */
+    private void init(DerValue encoding) throws Asn1Exception,
+            RealmException, KrbApErrException, IOException {
+        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x16)
+                || (encoding.isApplication() != true)
+                || (encoding.isConstructed() != true)) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+        DerValue der, subDer;
+        der = encoding.getData().getDerValue();
+        if (der.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x1F) == 0x00) {
+            pvno = subDer.getData().getBigInteger().intValue();
+            if (pvno != Krb5.PVNO) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x1F) == 0x01) {
+            msgType = subDer.getData().getBigInteger().intValue();
+            if (msgType != Krb5.KRB_CRED) {
+                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        subDer = der.getData().getDerValue();
+        if ((subDer.getTag() & 0x1F) == 0x02) {
+            DerValue subsubDer = subDer.getData().getDerValue();
+            if (subsubDer.getTag() != DerValue.tag_SequenceOf) {
+                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+            }
+            Vector<Ticket> v = new Vector<Ticket>();
+            while (subsubDer.getData().available() > 0) {
+                v.addElement(new Ticket(subsubDer.getData().getDerValue()));
+            }
+            if (v.size() > 0) {
+                tickets = new Ticket[v.size()];
+                v.copyInto(tickets);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        encPart = EncryptedData.parse(der.getData(), (byte) 0x03, false);
 
-        public KRBCred(byte[] data) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(new DerValue(data));
+        if (der.getData().available() > 0) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
+    }
 
-        public KRBCred(DerValue encoding) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-                init(encoding);
-        }
-
-        /**
-         * Initializes an KRBCred object.
-         * @param encoding a single DER-encoded value.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         * @exception KrbApErrException if the value read from the DER-encoded data
-         *  stream does not match the pre-defined value.
-         * @exception RealmException if an error occurs while parsing a Realm object.
-         */
-        private void init(DerValue encoding) throws Asn1Exception,
-                RealmException, KrbApErrException, IOException {
-        if (((encoding.getTag() & (byte)0x1F) != (byte)0x16)
-                        || (encoding.isApplication() != true)
-                        || (encoding.isConstructed() != true))
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        DerValue der, subDer;
-                der = encoding.getData().getDerValue();
-                if (der.getTag() != DerValue.tag_Sequence)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-            if ((subDer.getTag() & 0x1F) == 0x00) {
-                        pvno = subDer.getData().getBigInteger().intValue();
-                        if (pvno != Krb5.PVNO) {
-                throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
-                        }
-                }
-        else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x1F) == 0x01) {
-                        msgType = subDer.getData().getBigInteger().intValue();
-            if (msgType != Krb5.KRB_CRED)
-                throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        subDer = der.getData().getDerValue();
-                if ((subDer.getTag() & 0x1F) == 0x02) {
-                        DerValue subsubDer = subDer.getData().getDerValue();
-            if (subsubDer.getTag() != DerValue.tag_SequenceOf) {
-                                throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                        }
-            Vector<Ticket> v = new Vector<Ticket> ();
-            while (subsubDer.getData().available() > 0) {
-                                v.addElement(new Ticket(subsubDer.getData().getDerValue()));
-                        }
-            if (v.size() > 0) {
-                                tickets = new Ticket[v.size()];
-                                v.copyInto(tickets);
-                        }
-                }
-                else
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-                encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
-
-                if (der.getData().available() > 0)
-                        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
-
-
-        /**
-         * Encodes an KRBCred object.
-         * @return the data of encoded EncAPRepPart object.
-         * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
-         * @exception IOException if an I/O error occurs while reading encoded data.
-         */
-        public byte[] asn1Encode() throws Asn1Exception, IOException {
+    /**
+     * Encodes an KRBCred object.
+     * @return the data of encoded EncAPRepPart object.
+     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
+     * @exception IOException if an I/O error occurs while reading encoded data.
+     */
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
         DerOutputStream temp, bytes, out;
         temp = new DerOutputStream();
         temp.putInteger(BigInteger.valueOf(pvno));
         out = new DerOutputStream();
-        out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp);
-                temp = new DerOutputStream();
-                temp.putInteger(BigInteger.valueOf(msgType));
-                out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp);
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x00), temp);
         temp = new DerOutputStream();
-                for (int i = 0; i < tickets.length; i++) {
-                        temp.write(tickets[i].asn1Encode());
-                }
+        temp.putInteger(BigInteger.valueOf(msgType));
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x01), temp);
+        temp = new DerOutputStream();
+        for (int i = 0; i < tickets.length; i++) {
+            temp.write(tickets[i].asn1Encode());
+        }
         bytes = new DerOutputStream();
         bytes.write(DerValue.tag_SequenceOf, temp);
-        out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), bytes);
-                out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode());
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x02), bytes);
+        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
+                true, (byte) 0x03), encPart.asn1Encode());
         bytes = new DerOutputStream();
         bytes.write(DerValue.tag_Sequence, out);
-                out = new DerOutputStream();
-                out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x16), bytes);
-                return out.toByteArray();
-        }
-
+        out = new DerOutputStream();
+        out.write(DerValue.createTag(DerValue.TAG_APPLICATION,
+                true, (byte) 0x16), bytes);
+        return out.toByteArray();
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java	Mon Mar 17 23:03:51 2008 -0700
@@ -111,7 +111,7 @@
      * @exception RealmException if an error occurs while parsing a Realm object.
      */
     public KrbCredInfo(DerValue encoding)
-        throws Asn1Exception, IOException, RealmException{
+            throws Asn1Exception, IOException, RealmException{
         if (encoding.getTag() != DerValue.tag_Sequence) {
             throw new Asn1Exception(Krb5.ASN1_BAD_ID);
         }
@@ -160,25 +160,25 @@
         Vector<DerValue> v = new Vector<DerValue> ();
         v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()));
         if (prealm != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode()));
         if (pname != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode()));
         if (flags != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode()));
         if (authtime != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode()));
         if (starttime != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode()));
         if (endtime != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode()));
         if (renewTill != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode()));
         if (srealm != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode()));
         if (sname != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode()));
         if (caddr != null)
-        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode()));
+            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode()));
         DerValue der[] = new DerValue[v.size()];
         v.copyInto(der);
         DerOutputStream out = new DerOutputStream();
--- a/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java	Mon Mar 17 23:03:51 2008 -0700
@@ -215,7 +215,9 @@
                 addrType = read(2);
                 addrLength = read(4);
                 if (!(addrLength == 4 || addrLength == 16)) {
-                    System.out.println("Incorrect address format.");
+                    if (DEBUG) {
+                        System.out.println("Incorrect address format.");
+                    }
                     return null;
                 }
                 byte[] result = new byte[addrLength];
@@ -338,15 +340,19 @@
             System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
         long times[] = readTimes();
         KerberosTime authtime = new KerberosTime(times[0]);
-        KerberosTime starttime = new KerberosTime(times[1]);
+        KerberosTime starttime =
+                (times[1]==0) ? null : new KerberosTime(times[1]);
         KerberosTime endtime = new KerberosTime(times[2]);
-        KerberosTime renewTill = new KerberosTime(times[3]);
+        KerberosTime renewTill =
+                (times[3]==0) ? null : new KerberosTime(times[3]);
 
         if (DEBUG) {
             System.out.println(">>>DEBUG <CCacheInputStream> auth time: " + authtime.toDate().toString());
-            System.out.println(">>>DEBUG <CCacheInputStream> start time: " + starttime.toDate().toString());
+            System.out.println(">>>DEBUG <CCacheInputStream> start time: " +
+                    ((starttime==null)?"null":starttime.toDate().toString()));
             System.out.println(">>>DEBUG <CCacheInputStream> end time: " + endtime.toDate().toString());
-            System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " + renewTill.toDate().toString());
+            System.out.println(">>>DEBUG <CCacheInputStream> renew_till time: " +
+                    ((renewTill==null)?"null":renewTill.toDate().toString()));
         }
         boolean skey = readskey();
         boolean flags[] = readFlags();
--- a/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java	Mon Mar 17 23:03:51 2008 -0700
@@ -34,168 +34,184 @@
 import sun.security.krb5.internal.*;
 
 public class Credentials {
-        PrincipalName cname;
-        Realm crealm;
+
+    PrincipalName cname;
+    Realm crealm;
     PrincipalName sname;
-        Realm srealm;
-        EncryptionKey key;
-        KerberosTime authtime;
-        KerberosTime starttime;//optional
-        KerberosTime endtime;
-        KerberosTime renewTill; //optional
-        HostAddresses caddr; //optional; for proxied tickets only
+    Realm srealm;
+    EncryptionKey key;
+    KerberosTime authtime;
+    KerberosTime starttime;//optional
+    KerberosTime endtime;
+    KerberosTime renewTill; //optional
+    HostAddresses caddr; //optional; for proxied tickets only
     AuthorizationData authorizationData; //optional, not being actually used
     public boolean isEncInSKey;  // true if ticket is encrypted in another ticket's skey
-        TicketFlags flags;
+    TicketFlags flags;
     Ticket ticket;
-        Ticket secondTicket; //optional
-        private boolean DEBUG = Krb5.DEBUG;
+    Ticket secondTicket; //optional
+    private boolean DEBUG = Krb5.DEBUG;
 
-        public Credentials(
-                PrincipalName new_cname,
-                PrincipalName new_sname,
-                EncryptionKey new_key,
-                KerberosTime new_authtime,
-                KerberosTime new_starttime,
-                KerberosTime new_endtime,
-                KerberosTime new_renewTill,
-                boolean new_isEncInSKey,
-                TicketFlags new_flags,
-                HostAddresses new_caddr,
-                AuthorizationData new_authData,
-                Ticket new_ticket,
-                Ticket new_secondTicket) {
-                cname = (PrincipalName)new_cname.clone();
-                if (new_cname.getRealm() != null)
-                        crealm = (Realm)new_cname.getRealm().clone();
-
-                sname = (PrincipalName)new_sname.clone();
-                if (new_sname.getRealm() != null)
-                        srealm = (Realm)new_sname.getRealm().clone();
-
-                key = (EncryptionKey)new_key.clone();
-
-                authtime = (KerberosTime)new_authtime.clone();
-                starttime = (KerberosTime)new_starttime.clone();
-                endtime = (KerberosTime)new_endtime.clone();
-                renewTill = (KerberosTime)new_renewTill.clone();
-                if (new_caddr != null)
-                        caddr = (HostAddresses)new_caddr.clone();
-                if (new_authData != null) {
-                    authorizationData
-                        = (AuthorizationData)new_authData.clone();
-                }
-
-                isEncInSKey = new_isEncInSKey;
-                flags = (TicketFlags)new_flags.clone();
-                ticket = (Ticket)(new_ticket.clone());
-                if (new_secondTicket != null)
-                         secondTicket = (Ticket)new_secondTicket.clone();
+    public Credentials(
+            PrincipalName new_cname,
+            PrincipalName new_sname,
+            EncryptionKey new_key,
+            KerberosTime new_authtime,
+            KerberosTime new_starttime,
+            KerberosTime new_endtime,
+            KerberosTime new_renewTill,
+            boolean new_isEncInSKey,
+            TicketFlags new_flags,
+            HostAddresses new_caddr,
+            AuthorizationData new_authData,
+            Ticket new_ticket,
+            Ticket new_secondTicket) {
+        cname = (PrincipalName) new_cname.clone();
+        if (new_cname.getRealm() != null) {
+            crealm = (Realm) new_cname.getRealm().clone();
         }
 
-
-
-        public Credentials(
-                KDCRep kdcRep,
-                Ticket new_secondTicket,
-                AuthorizationData new_authorizationData,
-                boolean new_isEncInSKey
-        ) {
-                if (kdcRep.encKDCRepPart == null) //can't store while encrypted
-                        return;
-                crealm = (Realm)kdcRep.crealm.clone();
-                cname = (PrincipalName)kdcRep.cname.clone();
-                ticket = (Ticket)kdcRep.ticket.clone();
-                key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone();
-                flags = (TicketFlags)kdcRep.encKDCRepPart.flags.clone();
-                authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone();
-                starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone();
-                endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone();
-                renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone();
-                srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone();
-                sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone();
-                caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone();
-                secondTicket = (Ticket)new_secondTicket.clone();
-                authorizationData =
-                        (AuthorizationData)new_authorizationData.clone();
-                isEncInSKey = new_isEncInSKey;
+        sname = (PrincipalName) new_sname.clone();
+        if (new_sname.getRealm() != null) {
+            srealm = (Realm) new_sname.getRealm().clone();
         }
 
-        public Credentials(KDCRep kdcRep) {
-                this(kdcRep, null);
+        key = (EncryptionKey) new_key.clone();
+
+        authtime = (KerberosTime) new_authtime.clone();
+        if (new_starttime != null) {
+            starttime = (KerberosTime) new_starttime.clone();
+        }
+        endtime = (KerberosTime) new_endtime.clone();
+        if (new_renewTill != null) {
+            renewTill = (KerberosTime) new_renewTill.clone();
+        }
+        if (new_caddr != null) {
+            caddr = (HostAddresses) new_caddr.clone();
+        }
+        if (new_authData != null) {
+            authorizationData = (AuthorizationData) new_authData.clone();
         }
 
-        public Credentials(KDCRep kdcRep, Ticket new_ticket) {
-                sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone();
-                srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone();
-                try {
-                        sname.setRealm(srealm);
-                }
-                catch (RealmException e) {
-                }
-                cname = (PrincipalName)kdcRep.cname.clone();
-                crealm = (Realm)kdcRep.crealm.clone();
-                try {
-                        cname.setRealm(crealm);
-                }
-                catch (RealmException e) {
-                }
-                key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone();
-                authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone();
-                if (kdcRep.encKDCRepPart.starttime != null) {
-            starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone();
-                }
-                else starttime = null;
-                endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone();
-                if (kdcRep.encKDCRepPart.renewTill != null) {
-                        renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone();
-                }
-                else renewTill = null;
-           // if (kdcRep.msgType == Krb5.KRB_AS_REP) {
-          //    isEncInSKey = false;
-          //    secondTicket = null;
-          //  }
-                flags = kdcRep.encKDCRepPart.flags;
-                if (kdcRep.encKDCRepPart.caddr != null)
-                        caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone();
-                else caddr = null;
-                ticket = (Ticket)kdcRep.ticket.clone();
-                if (new_ticket != null) {
-                        secondTicket = (Ticket)new_ticket.clone();
-                        isEncInSKey = true;
-                } else {
-                        secondTicket = null;
-                        isEncInSKey = false;
-                }
+        isEncInSKey = new_isEncInSKey;
+        flags = (TicketFlags) new_flags.clone();
+        ticket = (Ticket) (new_ticket.clone());
+        if (new_secondTicket != null) {
+            secondTicket = (Ticket) new_secondTicket.clone();
         }
+    }
 
-        /**
-         * Checks if this credential is expired
-         */
-        public boolean isValid() {
-                boolean valid = true;
-                if (endtime.getTime() < System.currentTimeMillis()) {
-                        valid = false;
-                }
-                else if ((starttime.getTime() > System.currentTimeMillis())
-                        || ((starttime == null) && (authtime.getTime() > System.currentTimeMillis())))
-                 {
-                  valid = false;
-                }
-                return valid;
+    public Credentials(
+            KDCRep kdcRep,
+            Ticket new_secondTicket,
+            AuthorizationData new_authorizationData,
+            boolean new_isEncInSKey) {
+        if (kdcRep.encKDCRepPart == null) //can't store while encrypted
+        {
+            return;
         }
+        crealm = (Realm) kdcRep.crealm.clone();
+        cname = (PrincipalName) kdcRep.cname.clone();
+        ticket = (Ticket) kdcRep.ticket.clone();
+        key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
+        flags = (TicketFlags) kdcRep.encKDCRepPart.flags.clone();
+        authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
+        if (kdcRep.encKDCRepPart.starttime != null) {
+            starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
+        }
+        endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone();
+        if (kdcRep.encKDCRepPart.renewTill != null) {
+            renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
+        }
+        srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
+        sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
+        caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
+        secondTicket = (Ticket) new_secondTicket.clone();
+        authorizationData =
+                (AuthorizationData) new_authorizationData.clone();
+        isEncInSKey = new_isEncInSKey;
+    }
 
-        public PrincipalName getServicePrincipal() throws RealmException{
-                if (sname.getRealm() == null) {
-                        sname.setRealm(srealm);
-                }
-                return sname;
+    public Credentials(KDCRep kdcRep) {
+        this(kdcRep, null);
+    }
+
+    public Credentials(KDCRep kdcRep, Ticket new_ticket) {
+        sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
+        srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
+        try {
+            sname.setRealm(srealm);
+        } catch (RealmException e) {
         }
+        cname = (PrincipalName) kdcRep.cname.clone();
+        crealm = (Realm) kdcRep.crealm.clone();
+        try {
+            cname.setRealm(crealm);
+        } catch (RealmException e) {
+        }
+        key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
+        authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
+        if (kdcRep.encKDCRepPart.starttime != null) {
+            starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
+        } else {
+            starttime = null;
+        }
+        endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone();
+        if (kdcRep.encKDCRepPart.renewTill != null) {
+            renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
+        } else {
+            renewTill = null;
+        }
+        // if (kdcRep.msgType == Krb5.KRB_AS_REP) {
+        //    isEncInSKey = false;
+        //    secondTicket = null;
+        //  }
+        flags = kdcRep.encKDCRepPart.flags;
+        if (kdcRep.encKDCRepPart.caddr != null) {
+            caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
+        } else {
+            caddr = null;
+        }
+        ticket = (Ticket) kdcRep.ticket.clone();
+        if (new_ticket != null) {
+            secondTicket = (Ticket) new_ticket.clone();
+            isEncInSKey = true;
+        } else {
+            secondTicket = null;
+            isEncInSKey = false;
+        }
+    }
 
-        public sun.security.krb5.Credentials setKrbCreds() {
-                return new sun.security.krb5.Credentials(ticket,
-          cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr);
+    /**
+     * Checks if this credential is expired
+     */
+    public boolean isValid() {
+        boolean valid = true;
+        if (endtime.getTime() < System.currentTimeMillis()) {
+            valid = false;
+        } else if (starttime != null) {
+            if (starttime.getTime() > System.currentTimeMillis()) {
+                valid = false;
+            }
+        } else {
+            if (authtime.getTime() > System.currentTimeMillis()) {
+                valid = false;
+            }
         }
+        return valid;
+    }
+
+    public PrincipalName getServicePrincipal() throws RealmException {
+        if (sname.getRealm() == null) {
+            sname.setRealm(srealm);
+        }
+        return sname;
+    }
+
+    public sun.security.krb5.Credentials setKrbCreds() {
+        return new sun.security.krb5.Credentials(ticket,
+                cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr);
+    }
 
     public KerberosTime getAuthTime() {
         return authtime;
--- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java	Mon Mar 17 23:03:51 2008 -0700
@@ -440,7 +440,9 @@
                 for (int i = 0; i < hashSize; i++) {
                     if (calculatedHmac[i] != ciphertext[hmacOffset+i]) {
                         cksumFailed = true;
-                        System.err.println("Checksum failed !");
+                        if (debug) {
+                            System.err.println("Checksum failed !");
+                        }
                         break;
                     }
                 }
--- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/dk/ArcFourCrypto.java	Mon Mar 17 23:03:51 2008 -0700
@@ -397,7 +397,9 @@
             for (int i = 0; i < hashSize; i++) {
                 if (calculatedHmac[i] != ciphertext[i]) {
                     cksumFailed = true;
-                    System.err.println("Checksum failed !");
+                    if (debug) {
+                        System.err.println("Checksum failed !");
+                    }
                     break;
                 }
             }
--- a/jdk/src/share/classes/sun/security/ssl/Handshaker.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/Handshaker.java	Mon Mar 17 23:03:51 2008 -0700
@@ -617,7 +617,8 @@
         r.write(1);     // single byte of data
 
         if (conn != null) {
-            synchronized (conn.writeLock) {
+            conn.writeLock.lock();
+            try {
                 conn.writeRecord(r);
                 conn.changeWriteCiphers();
                 if (debug != null && Debug.isOn("handshake")) {
@@ -625,6 +626,8 @@
                 }
                 mesg.write(output);
                 output.flush();
+            } finally {
+                conn.writeLock.unlock();
             }
         } else {
             synchronized (engine.writeLock) {
--- a/jdk/src/share/classes/sun/security/ssl/InputRecord.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/InputRecord.java	Mon Mar 17 23:03:51 2008 -0700
@@ -426,11 +426,11 @@
             if (really < 0) {
                 throw new SSLException("SSL peer shut down incorrectly");
             }
+        }
 
-            // now we've got a complete record.
-            count = contentLen + headerSize;
-            exlen = 0;
-        }
+        // now we've got a complete record.
+        count = contentLen + headerSize;
+        exlen = 0;
 
         if (debug != null && Debug.isOn("record")) {
             if (count < 0 || count > (maxRecordSize - headerSize)) {
@@ -502,10 +502,11 @@
                 if (really < 0) {
                     throw new EOFException("SSL peer shut down incorrectly");
                 }
+            }
 
-                // now we've got a complete record.
-                exlen = 0;
-            }
+            // now we've got a complete record.
+            exlen = 0;
+
             hashInternal(buf, 2, 3);
             hashInternal(v2Buf, 0, len);
             V2toV3ClientHello(v2Buf);
--- a/jdk/src/share/classes/sun/security/ssl/OutputRecord.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/OutputRecord.java	Mon Mar 17 23:03:51 2008 -0700
@@ -174,6 +174,18 @@
         return count == headerSize;
     }
 
+    /*
+     * Return true if the record is of a given alert.
+     */
+    boolean isAlert(byte description) {
+        // An alert is defined with a two bytes struct,
+        // {byte level, byte description}, following after the header bytes.
+        if (count > (headerSize + 1) && contentType == ct_alert) {
+            return buf[headerSize + 1] == description;
+        }
+
+        return false;
+    }
 
     /*
      * Compute the MAC and append it to this record.  In case we
--- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1996-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1996-2008 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@
 import java.security.AccessControlContext;
 import java.security.PrivilegedAction;
 import java.util.*;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.ReentrantLock;
 
 import javax.crypto.BadPaddingException;
 
@@ -274,7 +276,7 @@
      * from the peer are handled properly.
      */
     private Object              handshakeLock;
-    Object                      writeLock;
+    ReentrantLock               writeLock;
     private Object              readLock;
 
     private InputRecord         inrec;
@@ -314,7 +316,6 @@
     private HashMap<HandshakeCompletedListener, AccessControlContext>
                                                         handshakeListeners;
 
-
     /*
      * Reuse the same internal input/output streams.
      */
@@ -526,7 +527,7 @@
         enabledCipherSuites = CipherSuiteList.getDefault();
         enabledProtocols = ProtocolList.getDefault();
         handshakeLock = new Object();
-        writeLock = new Object();
+        writeLock = new ReentrantLock();
         readLock = new Object();
         inrec = null;
 
@@ -677,16 +678,81 @@
         // implementations are fragile and don't like to see empty
         // records, so this also increases robustness.
         //
-        synchronized (writeLock) {
-            if (!r.isEmpty()) {
-                // r.compress(c);
-                r.addMAC(writeMAC);
-                r.encrypt(writeCipher);
-                r.write(sockOutput);
+        if (!r.isEmpty()) {
+
+            // If the record is a close notify alert, we need to honor
+            // socket option SO_LINGER. Note that we will try to send
+            // the close notify even if the SO_LINGER set to zero.
+            if (r.isAlert(Alerts.alert_close_notify) && getSoLinger() >= 0) {
+
+                // keep and clear the current thread interruption status.
+                boolean interrupted = Thread.interrupted();
+                try {
+                    if (writeLock.tryLock(getSoLinger(), TimeUnit.SECONDS)) {
+                        try {
+                            writeRecordInternal(r);
+                        } finally {
+                            writeLock.unlock();
+                        }
+                    } else {
+                        SSLException ssle = new SSLException(
+                                "SO_LINGER timeout," +
+                                " close_notify message cannot be sent.");
+
+
+                        // For layered, non-autoclose sockets, we are not
+                        // able to bring them into a usable state, so we
+                        // treat it as fatal error.
+                        if (self != this && !autoClose) {
+                            // Note that the alert description is
+                            // specified as -1, so no message will be send
+                            // to peer anymore.
+                            fatal((byte)(-1), ssle);
+                        } else if ((debug != null) && Debug.isOn("ssl")) {
+                            System.out.println(threadName() +
+                                ", received Exception: " + ssle);
+                        }
+
+                        // RFC2246 requires that the session becomes
+                        // unresumable if any connection is terminated
+                        // without proper close_notify messages with
+                        // level equal to warning.
+                        //
+                        // RFC4346 no longer requires that a session not be
+                        // resumed if failure to properly close a connection.
+                        //
+                        // We choose to make the session unresumable if
+                        // failed to send the close_notify message.
+                        //
+                        sess.invalidate();
+                    }
+                } catch (InterruptedException ie) {
+                    // keep interrupted status
+                    interrupted = true;
+                }
+
+                // restore the interrupted status
+                if (interrupted) {
+                    Thread.currentThread().interrupt();
+                }
+            } else {
+                writeLock.lock();
+                try {
+                    writeRecordInternal(r);
+                } finally {
+                    writeLock.unlock();
+                }
             }
         }
     }
 
+    private void writeRecordInternal(OutputRecord r) throws IOException {
+        // r.compress(c);
+        r.addMAC(writeMAC);
+        r.encrypt(writeCipher);
+        r.write(sockOutput);
+    }
+
 
     /*
      * Read an application data record.  Alerts and handshake
@@ -1533,7 +1599,11 @@
             if (oldState == cs_HANDSHAKE) {
                 sockInput.skip(sockInput.available());
             }
-            sendAlert(Alerts.alert_fatal, description);
+
+            // If the description equals -1, the alert won't be sent to peer.
+            if (description != -1) {
+                sendAlert(Alerts.alert_fatal, description);
+            }
             if (cause instanceof SSLException) { // only true if != null
                 closeReason = (SSLException)cause;
             } else {
@@ -1614,7 +1684,7 @@
      * Emit alerts.  Caller must have synchronized with "this".
      */
     private void sendAlert(byte level, byte description) {
-        if (connectionState >= cs_CLOSED) {
+        if (connectionState >= cs_SENT_CLOSE) {
             return;
         }
 
--- a/jdk/src/share/classes/sun/security/x509/AVA.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/share/classes/sun/security/x509/AVA.java	Mon Mar 17 23:03:51 2008 -0700
@@ -780,7 +780,8 @@
              * Implementations MAY escape other characters.
              *
              * NOTE: this implementation also recognizes "=" and "#" as
-             * characters which need escaping.
+             * characters which need escaping, and null which is escaped as
+             * '\00' (see RFC 4514).
              *
              * If a character to be escaped is one of the list shown above, then
              * it is prefixed by a backslash ('\' ASCII 92).
@@ -805,6 +806,10 @@
                     // append printable/escaped char
                     sbuffer.append(c);
 
+                } else if (c == '\u0000') {
+                    // escape null character
+                    sbuffer.append("\\00");
+
                 } else if (debug != null && Debug.isOn("ava")) {
 
                     // embed non-printable/non-escaped char
--- a/jdk/src/solaris/classes/java/net/PlainSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/solaris/classes/java/net/PlainSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -76,9 +76,6 @@
 
     native int socketGetOption(int opt, Object iaContainerObj) throws SocketException;
 
-    native int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd)
-        throws SocketException;
-
     native void socketSendUrgentData(int data) throws IOException;
 
 }
--- a/jdk/src/windows/classes/java/net/DualStackPlainSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/windows/classes/java/net/DualStackPlainSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -218,9 +218,6 @@
         return value;
     }
 
-    int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd)
-        throws SocketException {return 0;}   // un-implemented REMOVE
-
     void socketSendUrgentData(int data) throws IOException {
         int nativefd = checkAndReturnNativeFD();
         sendOOB(nativefd, data);
--- a/jdk/src/windows/classes/java/net/PlainSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/windows/classes/java/net/PlainSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -304,11 +304,6 @@
         return impl.socketGetOption(opt, iaContainerObj);
     }
 
-    int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd)
-        throws SocketException {
-        return impl.socketGetOption1(opt, iaContainerObj, fd);
-    }
-
     void socketSendUrgentData(int data) throws IOException {
         impl.socketSendUrgentData(data);
     }
--- a/jdk/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/windows/classes/java/net/TwoStacksPlainSocketImpl.java	Mon Mar 17 23:03:51 2008 -0700
@@ -199,8 +199,5 @@
 
     native int socketGetOption(int opt, Object iaContainerObj) throws SocketException;
 
-    native int socketGetOption1(int opt, Object iaContainerObj, FileDescriptor fd)
-        throws SocketException;
-
     native void socketSendUrgentData(int data) throws IOException;
 }
--- a/jdk/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/windows/native/sun/net/www/protocol/http/NTLMAuthSequence.c	Mon Mar 17 23:03:51 2008 -0700
@@ -36,6 +36,8 @@
 #include <tchar.h>
 #include <fcntl.h>
 
+#include "jni_util.h"
+
 #define SECURITY_WIN32
 #include "sspi.h"
 #include "issperr.h"
@@ -52,7 +54,7 @@
 static COMPLETE_AUTH_TOKEN_FN pCompleteAuthToken;
 static DELETE_SECURITY_CONTEXT_FN pDeleteSecurityContext;
 
-static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, SecBufferDesc OutBuffDesc);
+static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle);
 
 static jfieldID ntlm_ctxHandleID;
 static jfieldID ntlm_crdHandleID;
@@ -117,22 +119,36 @@
 {
     SEC_WINNT_AUTH_IDENTITY   AuthId;
     SEC_WINNT_AUTH_IDENTITY * pAuthId;
-    CHAR        *pUser = 0;
-    CHAR        *pDomain = 0;
-    CHAR        *pPassword = 0;
+    const CHAR        *pUser = 0;
+    const CHAR        *pDomain = 0;
+    const CHAR        *pPassword = 0;
     CredHandle      *pCred;
     TimeStamp            ltime;
     jboolean         isCopy;
     SECURITY_STATUS      ss;
 
     if (user != 0) {
-        pUser = (CHAR *)(*env)->GetStringUTFChars(env, user, &isCopy);
+        pUser = JNU_GetStringPlatformChars(env, user, &isCopy);
+        if (pUser == NULL)
+            return 0;  // pending Exception
     }
     if (domain != 0) {
-        pDomain = (CHAR *)(*env)->GetStringUTFChars(env, domain, &isCopy);
+        pDomain = JNU_GetStringPlatformChars(env, domain, &isCopy);
+        if (pDomain == NULL) {
+            if (pUser != NULL)
+                JNU_ReleaseStringPlatformChars(env, user, pUser);
+            return 0;  // pending Exception
+        }
     }
     if (password != 0) {
-        pPassword = (CHAR *)(*env)->GetStringUTFChars(env, password, &isCopy);
+        pPassword = JNU_GetStringPlatformChars(env, password, &isCopy);
+        if (pPassword == NULL) {
+            if(pUser != NULL)
+                JNU_ReleaseStringPlatformChars(env, user, pUser);
+            if(pDomain != NULL)
+                JNU_ReleaseStringPlatformChars(env, domain, pDomain);
+            return 0;  // pending Exception
+        }
     }
     pCred = (CredHandle *)malloc(sizeof (CredHandle));
 
@@ -167,6 +183,14 @@
         pCred, &ltime
         );
 
+    /* Release resources held by JNU_GetStringPlatformChars */
+    if (pUser != NULL)
+        JNU_ReleaseStringPlatformChars(env, user, pUser);
+    if (pPassword != NULL)
+        JNU_ReleaseStringPlatformChars(env, password, pPassword);
+    if (pDomain != NULL)
+        JNU_ReleaseStringPlatformChars(env, domain, pDomain);
+
     if (ss == 0) {
         return (jlong) pCred;
     } else {
@@ -181,7 +205,6 @@
     VOID        *pInput = 0;
     DWORD            inputLen;
     CHAR         buffOut[512];
-    DWORD        pcbBuffOut;
     jboolean         isCopy;
     SECURITY_STATUS      ss;
     SecBufferDesc        OutBuffDesc;
@@ -247,7 +270,7 @@
     }
 
     if (ss < 0) {
-        endSequence (pCred, pCtx, OutBuffDesc);
+        endSequence (pCred, pCtx);
         return 0;
     }
 
@@ -255,7 +278,7 @@
         ss = pCompleteAuthToken( pCtx, &OutBuffDesc );
 
         if (ss < 0) {
-            endSequence (pCred, pCtx, OutBuffDesc);
+            endSequence (pCred, pCtx);
             return 0;
         }
     }
@@ -265,25 +288,23 @@
         (*env)->SetByteArrayRegion(env, ret, 0, OutSecBuff.cbBuffer,
                 OutSecBuff.pvBuffer);
         if (lastToken != 0) // 2nd stage
-            endSequence (pCred, pCtx, OutBuffDesc);
+            endSequence (pCred, pCtx);
         result = ret;
     }
 
     if ((ss != SEC_I_CONTINUE_NEEDED) && (ss == SEC_I_COMPLETE_AND_CONTINUE)) {
-        endSequence (pCred, pCtx, OutBuffDesc);
+        endSequence (pCred, pCtx);
     }
 
     return result;
 }
 
-static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle, SecBufferDesc OutBuffDesc) {
+static void endSequence (PCredHandle credHand, PCtxtHandle ctxHandle) {
     if (credHand != 0) {
         pFreeCredentialsHandle (credHand);
         free (credHand);
     }
 
-    pFreeContextBuffer (&OutBuffDesc);
-
     if (ctxHandle != 0) {
         pDeleteSecurityContext(ctxHandle);
         free (ctxHandle);
--- a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c	Mon Mar 17 23:03:51 2008 -0700
@@ -88,9 +88,9 @@
 
 VOID
 InitUnicodeString(
-        PUNICODE_STRING DestinationString,
+    PUNICODE_STRING DestinationString,
     PCWSTR SourceString OPTIONAL
-    );
+);
 
 jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize);
 
@@ -108,215 +108,215 @@
  */
 
 JNIEXPORT jint JNICALL JNI_OnLoad(
-                JavaVM  *jvm,
-                void    *reserved) {
+        JavaVM  *jvm,
+        void    *reserved) {
 
-        jclass cls;
-        JNIEnv *env;
+    jclass cls;
+    JNIEnv *env;
 
-        if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
-                return JNI_EVERSION; /* JNI version not supported */
-        }
+    if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
+        return JNI_EVERSION; /* JNI version not supported */
+    }
 
-        cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
+    cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket");
 
-        if (cls == NULL) {
-                printf("Couldn't find Ticket\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found Ticket\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find Ticket\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found Ticket\n");
+    #endif /* DEBUG */
 
-        ticketClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (ticketClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    ticketClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (ticketClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
+    cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName");
 
-        if (cls == NULL) {
-                printf("Couldn't find PrincipalName\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found PrincipalName\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find PrincipalName\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found PrincipalName\n");
+    #endif /* DEBUG */
 
-        principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (principalNameClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    principalNameClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (principalNameClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env,"sun/security/util/DerValue");
+    cls = (*env)->FindClass(env,"sun/security/util/DerValue");
 
-        if (cls == NULL) {
-                printf("Couldn't find DerValue\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found DerValue\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find DerValue\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found DerValue\n");
+    #endif /* DEBUG */
 
-        derValueClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (derValueClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    derValueClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (derValueClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
+    cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey");
 
-        if (cls == NULL) {
-                printf("Couldn't find EncryptionKey\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found EncryptionKey\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find EncryptionKey\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found EncryptionKey\n");
+    #endif /* DEBUG */
 
-        encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (encryptionKeyClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (encryptionKeyClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
+    cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags");
 
-        if (cls == NULL) {
-                printf("Couldn't find TicketFlags\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found TicketFlags\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find TicketFlags\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found TicketFlags\n");
+    #endif /* DEBUG */
 
-        ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (ticketFlagsClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (ticketFlagsClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
+    cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime");
 
-        if (cls == NULL) {
-                printf("Couldn't find KerberosTime\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found KerberosTime\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find KerberosTime\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found KerberosTime\n");
+    #endif /* DEBUG */
 
-        kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (kerberosTimeClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (kerberosTimeClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        cls = (*env)->FindClass(env,"java/lang/String");
+    cls = (*env)->FindClass(env,"java/lang/String");
 
-        if (cls == NULL) {
-                printf("Couldn't find String\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found String\n");
-        #endif /* DEBUG */
+    if (cls == NULL) {
+        printf("Couldn't find String\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found String\n");
+    #endif /* DEBUG */
 
-        javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
-        if (javaLangStringClass == NULL) {
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Made NewWeakGlobalRef\n");
-        #endif /* DEBUG */
+    javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls);
+    if (javaLangStringClass == NULL) {
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Made NewWeakGlobalRef\n");
+    #endif /* DEBUG */
 
-        derValueConstructor = (*env)->GetMethodID(env, derValueClass,
-                                                "<init>", "([B)V");
-        if (derValueConstructor == 0) {
-                printf("Couldn't find DerValue constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found DerValue constructor\n");
-        #endif /* DEBUG */
+    derValueConstructor = (*env)->GetMethodID(env, derValueClass,
+                                            "<init>", "([B)V");
+    if (derValueConstructor == 0) {
+        printf("Couldn't find DerValue constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found DerValue constructor\n");
+    #endif /* DEBUG */
 
-        ticketConstructor = (*env)->GetMethodID(env, ticketClass,
-                                "<init>", "(Lsun/security/util/DerValue;)V");
-        if (ticketConstructor == 0) {
-                printf("Couldn't find Ticket constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found Ticket constructor\n");
-        #endif /* DEBUG */
+    ticketConstructor = (*env)->GetMethodID(env, ticketClass,
+                            "<init>", "(Lsun/security/util/DerValue;)V");
+    if (ticketConstructor == 0) {
+        printf("Couldn't find Ticket constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found Ticket constructor\n");
+    #endif /* DEBUG */
 
-        principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
-                                        "<init>", "([Ljava/lang/String;)V");
-        if (principalNameConstructor == 0) {
-                printf("Couldn't find PrincipalName constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found PrincipalName constructor\n");
-        #endif /* DEBUG */
+    principalNameConstructor = (*env)->GetMethodID(env, principalNameClass,
+                                    "<init>", "([Ljava/lang/String;)V");
+    if (principalNameConstructor == 0) {
+        printf("Couldn't find PrincipalName constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found PrincipalName constructor\n");
+    #endif /* DEBUG */
 
-        encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
-                                                "<init>", "(I[B)V");
-        if (encryptionKeyConstructor == 0) {
-                printf("Couldn't find EncryptionKey constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found EncryptionKey constructor\n");
-        #endif /* DEBUG */
+    encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass,
+                                            "<init>", "(I[B)V");
+    if (encryptionKeyConstructor == 0) {
+        printf("Couldn't find EncryptionKey constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found EncryptionKey constructor\n");
+    #endif /* DEBUG */
 
-        ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
-                                                "<init>", "(I[B)V");
-        if (ticketFlagsConstructor == 0) {
-                printf("Couldn't find TicketFlags constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found TicketFlags constructor\n");
-        #endif /* DEBUG */
+    ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass,
+                                            "<init>", "(I[B)V");
+    if (ticketFlagsConstructor == 0) {
+        printf("Couldn't find TicketFlags constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found TicketFlags constructor\n");
+    #endif /* DEBUG */
 
-        kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
-                                        "<init>", "(Ljava/lang/String;)V");
-        if (kerberosTimeConstructor == 0) {
-                printf("Couldn't find KerberosTime constructor\n");
-                return JNI_ERR;
-        }
-        #ifdef DEBUG
-        printf("Found KerberosTime constructor\n");
-        #endif /* DEBUG */
+    kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass,
+                                    "<init>", "(Ljava/lang/String;)V");
+    if (kerberosTimeConstructor == 0) {
+        printf("Couldn't find KerberosTime constructor\n");
+        return JNI_ERR;
+    }
+    #ifdef DEBUG
+    printf("Found KerberosTime constructor\n");
+    #endif /* DEBUG */
 
-        // load the setRealm method in PrincipalName
-        setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
-                                        "setRealm", "(Ljava/lang/String;)V");
-        if (setRealmMethod == 0) {
-                printf("Couldn't find setRealm in PrincipalName\n");
-                return JNI_ERR;
-        }
+    // load the setRealm method in PrincipalName
+    setRealmMethod = (*env)->GetMethodID(env, principalNameClass,
+                                    "setRealm", "(Ljava/lang/String;)V");
+    if (setRealmMethod == 0) {
+        printf("Couldn't find setRealm in PrincipalName\n");
+        return JNI_ERR;
+    }
 
-        #ifdef DEBUG
-        printf("Finished OnLoad processing\n");
-        #endif /* DEBUG */
+    #ifdef DEBUG
+    printf("Finished OnLoad processing\n");
+    #endif /* DEBUG */
 
-        return JNI_VERSION_1_2;
+    return JNI_VERSION_1_2;
 }
 
 /*
@@ -325,38 +325,38 @@
  */
 
 JNIEXPORT void JNICALL JNI_OnUnload(
-                JavaVM  *jvm,
-                void    *reserved) {
+        JavaVM  *jvm,
+        void    *reserved) {
 
-        JNIEnv *env;
+    JNIEnv *env;
 
-        if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
-                return; /* Nothing else we can do */
-        }
+    if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
+        return; /* Nothing else we can do */
+    }
 
-        if (ticketClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,ticketClass);
-        }
-        if (derValueClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,derValueClass);
-        }
-        if (principalNameClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,principalNameClass);
-        }
-        if (encryptionKeyClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass);
-        }
-        if (ticketFlagsClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass);
-        }
-        if (kerberosTimeClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass);
-        }
-        if (javaLangStringClass != NULL) {
-                (*env)->DeleteWeakGlobalRef(env,javaLangStringClass);
-        }
+    if (ticketClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,ticketClass);
+    }
+    if (derValueClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,derValueClass);
+    }
+    if (principalNameClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,principalNameClass);
+    }
+    if (encryptionKeyClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass);
+    }
+    if (ticketFlagsClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass);
+    }
+    if (kerberosTimeClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass);
+    }
+    if (javaLangStringClass != NULL) {
+        (*env)->DeleteWeakGlobalRef(env,javaLangStringClass);
+    }
 
-        return;
+    return;
 }
 
 /*
@@ -365,31 +365,31 @@
  * Signature: ()Lsun/security/krb5/Credentials;
  */
 JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds(
-                JNIEnv *env,
-                jclass krbcredsClass) {
+        JNIEnv *env,
+        jclass krbcredsClass) {
 
-        KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
-        PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL;
-        PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
-        PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
-        NTSTATUS Status, SubStatus;
-        ULONG requestSize = 0;
-        ULONG responseSize = 0;
-        ULONG rspSize = 0;
-        HANDLE LogonHandle = NULL;
-        ULONG PackageId;
-        jobject ticket, clientPrincipal, targetPrincipal, encryptionKey;
-        jobject ticketFlags, startTime, endTime, krbCreds = NULL;
-        jobject authTime, renewTillTime, hostAddresses = NULL;
-        KERB_EXTERNAL_TICKET *msticket;
-        int ignore_cache = 0;
-        FILETIME Now, EndTime, LocalEndTime;
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    NTSTATUS Status, SubStatus;
+    ULONG requestSize = 0;
+    ULONG responseSize = 0;
+    ULONG rspSize = 0;
+    HANDLE LogonHandle = NULL;
+    ULONG PackageId;
+    jobject ticket, clientPrincipal, targetPrincipal, encryptionKey;
+    jobject ticketFlags, startTime, endTime, krbCreds = NULL;
+    jobject authTime, renewTillTime, hostAddresses = NULL;
+    KERB_EXTERNAL_TICKET *msticket;
+    int ignore_cache = 0;
+    FILETIME Now, EndTime, LocalEndTime;
 
-        while (TRUE) {
+    while (TRUE) {
 
         if (krbcredsConstructor == 0) {
-                krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
-        "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
+            krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
+                    "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
             if (krbcredsConstructor == 0) {
                 printf("Couldn't find sun.security.krb5.Credentials constructor\n");
                 break;
@@ -510,88 +510,88 @@
             msticket = &(pTicketResponse->Ticket);
         }
 
-/*
+        /*
 
-typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
-    KERB_EXTERNAL_TICKET Ticket;
-} KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE;
+        typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
+            KERB_EXTERNAL_TICKET Ticket;
+        } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE;
 
-typedef struct _KERB_EXTERNAL_TICKET {
-    PKERB_EXTERNAL_NAME ServiceName;
-    PKERB_EXTERNAL_NAME TargetName;
-    PKERB_EXTERNAL_NAME ClientName;
-    UNICODE_STRING DomainName;
-    UNICODE_STRING TargetDomainName;
-    UNICODE_STRING AltTargetDomainName;
-    KERB_CRYPTO_KEY SessionKey;
-    ULONG TicketFlags;
-    ULONG Flags;
-    LARGE_INTEGER KeyExpirationTime;
-    LARGE_INTEGER StartTime;
-    LARGE_INTEGER EndTime;
-    LARGE_INTEGER RenewUntil;
-    LARGE_INTEGER TimeSkew;
-    ULONG EncodedTicketSize;
-    PUCHAR EncodedTicket; <========== Here's the good stuff
-} KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET;
+        typedef struct _KERB_EXTERNAL_TICKET {
+            PKERB_EXTERNAL_NAME ServiceName;
+            PKERB_EXTERNAL_NAME TargetName;
+            PKERB_EXTERNAL_NAME ClientName;
+            UNICODE_STRING DomainName;
+            UNICODE_STRING TargetDomainName;
+            UNICODE_STRING AltTargetDomainName;
+            KERB_CRYPTO_KEY SessionKey;
+            ULONG TicketFlags;
+            ULONG Flags;
+            LARGE_INTEGER KeyExpirationTime;
+            LARGE_INTEGER StartTime;
+            LARGE_INTEGER EndTime;
+            LARGE_INTEGER RenewUntil;
+            LARGE_INTEGER TimeSkew;
+            ULONG EncodedTicketSize;
+            PUCHAR EncodedTicket; <========== Here's the good stuff
+        } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET;
 
-typedef struct _KERB_EXTERNAL_NAME {
-    SHORT NameType;
-    USHORT NameCount;
-    UNICODE_STRING Names[ANYSIZE_ARRAY];
-} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME;
+        typedef struct _KERB_EXTERNAL_NAME {
+            SHORT NameType;
+            USHORT NameCount;
+            UNICODE_STRING Names[ANYSIZE_ARRAY];
+        } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME;
 
-typedef struct _LSA_UNICODE_STRING {
-    USHORT Length;
-    USHORT MaximumLength;
-    PWSTR  Buffer;
-} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
+        typedef struct _LSA_UNICODE_STRING {
+            USHORT Length;
+            USHORT MaximumLength;
+            PWSTR  Buffer;
+        } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
 
-typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
+        typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
 
-typedef struct KERB_CRYPTO_KEY {
-    LONG KeyType;
-    ULONG Length;
-    PUCHAR Value;
-} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY;
+        typedef struct KERB_CRYPTO_KEY {
+            LONG KeyType;
+            ULONG Length;
+            PUCHAR Value;
+        } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY;
 
-*/
+        */
         // Build a com.sun.security.krb5.Ticket
         ticket = BuildTicket(env, msticket->EncodedTicket,
                                 msticket->EncodedTicketSize);
         if (ticket == NULL) {
-                break;
+            break;
         }
         // OK, have a Ticket, now need to get the client name
         clientPrincipal = BuildPrincipal(env, msticket->ClientName,
                                 msticket->TargetDomainName); // mdu
         if (clientPrincipal == NULL) {
-                break;
+            break;
         }
 
         // and the "name" of tgt
         targetPrincipal = BuildPrincipal(env, msticket->ServiceName,
                         msticket->DomainName);
         if (targetPrincipal == NULL) {
-                break;
+            break;
         }
 
         // Get the encryption key
         encryptionKey = BuildEncryptionKey(env, &(msticket->SessionKey));
         if (encryptionKey == NULL) {
-                break;
+            break;
         }
 
         // and the ticket flags
         ticketFlags = BuildTicketFlags(env, &(msticket->TicketFlags));
         if (ticketFlags == NULL) {
-                break;
+            break;
         }
 
         // Get the start time
         startTime = BuildKerberosTime(env, &(msticket->StartTime));
         if (startTime == NULL) {
-                break;
+            break;
         }
 
         /*
@@ -604,13 +604,13 @@
         // and the end time
         endTime = BuildKerberosTime(env, &(msticket->EndTime));
         if (endTime == NULL) {
-                break;
+            break;
         }
 
         // Get the renew till time
         renewTillTime = BuildKerberosTime(env, &(msticket->RenewUntil));
         if (renewTillTime == NULL) {
-                break;
+            break;
         }
 
         // and now go build a KrbCreds object
@@ -630,87 +630,87 @@
                 hostAddresses);
 
         break;
-        } // end of WHILE
+    } // end of WHILE
 
-        // clean up resources
-        if (TktCacheResponse != NULL) {
-                LsaFreeReturnBuffer(TktCacheResponse);
-        }
-        if (pTicketRequest) {
-                LocalFree(pTicketRequest);
-        }
-        if (pTicketResponse != NULL) {
-                LsaFreeReturnBuffer(pTicketResponse);
-        }
+    // clean up resources
+    if (TktCacheResponse != NULL) {
+        LsaFreeReturnBuffer(TktCacheResponse);
+    }
+    if (pTicketRequest) {
+        LocalFree(pTicketRequest);
+    }
+    if (pTicketResponse != NULL) {
+        LsaFreeReturnBuffer(pTicketResponse);
+    }
 
-        return krbCreds;
+    return krbCreds;
 }
 
 static NTSTATUS
 ConstructTicketRequest(UNICODE_STRING DomainName,
                 PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
 {
-        NTSTATUS Status;
-        UNICODE_STRING TargetPrefix;
-        USHORT TargetSize;
-        ULONG RequestSize;
-        ULONG Length;
-        PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    NTSTATUS Status;
+    UNICODE_STRING TargetPrefix;
+    USHORT TargetSize;
+    ULONG RequestSize;
+    ULONG Length;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
 
-        *outRequest = NULL;
-        *outSize = 0;
+    *outRequest = NULL;
+    *outSize = 0;
 
-        //
-        // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we
-        // can easily concatenate it later.
-        //
+    //
+    // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we
+    // can easily concatenate it later.
+    //
 
-        TargetPrefix.Buffer = L"krbtgt/";
-        Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
-        TargetPrefix.Length = (USHORT)Length;
-        TargetPrefix.MaximumLength = TargetPrefix.Length;
+    TargetPrefix.Buffer = L"krbtgt/";
+    Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
+    TargetPrefix.Length = (USHORT)Length;
+    TargetPrefix.MaximumLength = TargetPrefix.Length;
 
-        //
-        // We will need to concatenate the "krbtgt/" prefix and the
-        // Logon Session's DnsDomainName into our request's target name.
-        //
-        // Therefore, first compute the necessary buffer size for that.
-        //
-        // Note that we might theoretically have integer overflow.
-        //
+    //
+    // We will need to concatenate the "krbtgt/" prefix and the
+    // Logon Session's DnsDomainName into our request's target name.
+    //
+    // Therefore, first compute the necessary buffer size for that.
+    //
+    // Note that we might theoretically have integer overflow.
+    //
 
-        TargetSize = TargetPrefix.Length + DomainName.Length;
+    TargetSize = TargetPrefix.Length + DomainName.Length;
 
-        //
-        // The ticket request buffer needs to be a single buffer.  That buffer
-        // needs to include the buffer for the target name.
-        //
+    //
+    // The ticket request buffer needs to be a single buffer.  That buffer
+    // needs to include the buffer for the target name.
+    //
 
-        RequestSize = sizeof (*pTicketRequest) + TargetSize;
+    RequestSize = sizeof (*pTicketRequest) + TargetSize;
 
-        //
-        // Allocate the request buffer and make sure it's zero-filled.
-        //
+    //
+    // Allocate the request buffer and make sure it's zero-filled.
+    //
 
-        pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
-                        LocalAlloc(LMEM_ZEROINIT, RequestSize);
-        if (!pTicketRequest)
-            return GetLastError();
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
+                    LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return GetLastError();
 
-        //
-        // Concatenate the target prefix with the previous reponse's
-        // target domain.
-        //
+    //
+    // Concatenate the target prefix with the previous reponse's
+    // target domain.
+    //
 
-        pTicketRequest->TargetName.Length = 0;
-        pTicketRequest->TargetName.MaximumLength = TargetSize;
-        pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
-        Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
-                                        TargetPrefix,
-                                        DomainName);
-        *outRequest = pTicketRequest;
-        *outSize    = RequestSize;
-        return Status;
+    pTicketRequest->TargetName.Length = 0;
+    pTicketRequest->TargetName.MaximumLength = TargetSize;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
+                                    TargetPrefix,
+                                    DomainName);
+    *outRequest = pTicketRequest;
+    *outSize    = RequestSize;
+    return Status;
 }
 
 DWORD
@@ -720,22 +720,22 @@
     UNICODE_STRING Source2
     )
 {
-        //
-        // The buffers for Source1 and Source2 cannot overlap pTarget's
-        // buffer.  Source1.Length + Source2.Length must be <= 0xFFFF,
-        // otherwise we overflow...
-        //
+    //
+    // The buffers for Source1 and Source2 cannot overlap pTarget's
+    // buffer.  Source1.Length + Source2.Length must be <= 0xFFFF,
+    // otherwise we overflow...
+    //
 
-        USHORT TotalSize = Source1.Length + Source2.Length;
-        PBYTE buffer = (PBYTE) pTarget->Buffer;
+    USHORT TotalSize = Source1.Length + Source2.Length;
+    PBYTE buffer = (PBYTE) pTarget->Buffer;
 
-        if (TotalSize > pTarget->MaximumLength)
-            return ERROR_INSUFFICIENT_BUFFER;
+    if (TotalSize > pTarget->MaximumLength)
+        return ERROR_INSUFFICIENT_BUFFER;
 
-        pTarget->Length = TotalSize;
-        memcpy(buffer, Source1.Buffer, Source1.Length);
-        memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
-        return ERROR_SUCCESS;
+    pTarget->Length = TotalSize;
+    memcpy(buffer, Source1.Buffer, Source1.Length);
+    memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
+    return ERROR_SUCCESS;
 }
 
 BOOL
@@ -783,27 +783,27 @@
         DWORD dwError
         )
 {
-   #define MAX_MSG_SIZE 256
+    #define MAX_MSG_SIZE 256
 
-   static WCHAR szMsgBuf[MAX_MSG_SIZE];
-   DWORD dwRes;
+    static WCHAR szMsgBuf[MAX_MSG_SIZE];
+    DWORD dwRes;
 
-   printf("Error calling function %s: %lu\n", szAPI, dwError);
+    printf("Error calling function %s: %lu\n", szAPI, dwError);
 
-   dwRes = FormatMessage (
-      FORMAT_MESSAGE_FROM_SYSTEM,
-      NULL,
-      dwError,
-      0,
-      szMsgBuf,
-      MAX_MSG_SIZE,
-      NULL);
-   if (0 == dwRes) {
-      printf("FormatMessage failed with %d\n", GetLastError());
-      // ExitProcess(EXIT_FAILURE);
-   } else {
-      printf("%S",szMsgBuf);
-   }
+    dwRes = FormatMessage (
+            FORMAT_MESSAGE_FROM_SYSTEM,
+            NULL,
+            dwError,
+            0,
+            szMsgBuf,
+            MAX_MSG_SIZE,
+            NULL);
+    if (0 == dwRes) {
+        printf("FormatMessage failed with %d\n", GetLastError());
+        // ExitProcess(EXIT_FAILURE);
+    } else {
+        printf("%S",szMsgBuf);
+    }
 }
 
 VOID
@@ -831,189 +831,189 @@
         Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR );
         DestinationString->Length = (USHORT)Length;
         DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL));
-        }
+    }
     else {
         DestinationString->MaximumLength = 0;
         DestinationString->Length = 0;
-        }
+    }
 }
 
 jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) {
 
-        /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
-         * But before we can do that, we need to make a byte array out of the ET.
-         */
+    /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
+     * But before we can do that, we need to make a byte array out of the ET.
+     */
 
-        jobject derValue, ticket;
-        jbyteArray ary;
+    jobject derValue, ticket;
+    jbyteArray ary;
 
-        ary = (*env)->NewByteArray(env,encodedTicketSize);
-        if ((*env)->ExceptionOccurred(env)) {
-                return (jobject) NULL;
-        }
+    ary = (*env)->NewByteArray(env,encodedTicketSize);
+    if ((*env)->ExceptionOccurred(env)) {
+        return (jobject) NULL;
+    }
 
-        (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize,
-                                        (jbyte *)encodedTicket);
-        if ((*env)->ExceptionOccurred(env)) {
-                (*env)->DeleteLocalRef(env, ary);
-                return (jobject) NULL;
-        }
+    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize,
+                                    (jbyte *)encodedTicket);
+    if ((*env)->ExceptionOccurred(env)) {
+        (*env)->DeleteLocalRef(env, ary);
+        return (jobject) NULL;
+    }
 
-        derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
-        if ((*env)->ExceptionOccurred(env)) {
-                (*env)->DeleteLocalRef(env, ary);
-                return (jobject) NULL;
-        }
+    derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
+    if ((*env)->ExceptionOccurred(env)) {
+        (*env)->DeleteLocalRef(env, ary);
+        return (jobject) NULL;
+    }
 
-        (*env)->DeleteLocalRef(env, ary);
-        ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
-        if ((*env)->ExceptionOccurred(env)) {
-                (*env)->DeleteLocalRef(env, derValue);
-                return (jobject) NULL;
-        }
+    (*env)->DeleteLocalRef(env, ary);
+    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
+    if ((*env)->ExceptionOccurred(env)) {
         (*env)->DeleteLocalRef(env, derValue);
-        return ticket;
+        return (jobject) NULL;
+    }
+    (*env)->DeleteLocalRef(env, derValue);
+    return ticket;
 }
 
 // mdu
 jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName,
                                 UNICODE_STRING domainName) {
 
-        /*
-         * To build the Principal, we need to get the names out of
-         * this goofy MS structure
-         */
-        jobject principal = NULL;
-        jobject realmStr = NULL;
-        jobjectArray stringArray;
-        jstring tempString;
-        int nameCount,i;
-        PUNICODE_STRING scanner;
-        WCHAR *realm;
-        ULONG realmLen;
+    /*
+     * To build the Principal, we need to get the names out of
+     * this goofy MS structure
+     */
+    jobject principal = NULL;
+    jobject realmStr = NULL;
+    jobjectArray stringArray;
+    jstring tempString;
+    int nameCount,i;
+    PUNICODE_STRING scanner;
+    WCHAR *realm;
+    ULONG realmLen;
 
-        realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
-                ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
-        wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
+    realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
+            ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
+    wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
 
-        #ifdef DEBUG
-        printf("Principal domain is %S\n", realm);
-        printf("Name type is %x\n", principalName->NameType);
-        printf("Name count is %x\n", principalName->NameCount);
-        #endif
+    #ifdef DEBUG
+    printf("Principal domain is %S\n", realm);
+    printf("Name type is %x\n", principalName->NameType);
+    printf("Name count is %x\n", principalName->NameCount);
+    #endif
 
-        nameCount = principalName->NameCount;
-        stringArray = (*env)->NewObjectArray(env, nameCount,
-                                javaLangStringClass, NULL);
-        if (stringArray == NULL) {
-            printf("Can't allocate String array for Principal\n");
-            LocalFree(realm);
-            return principal;
-        }
+    nameCount = principalName->NameCount;
+    stringArray = (*env)->NewObjectArray(env, nameCount,
+                            javaLangStringClass, NULL);
+    if (stringArray == NULL) {
+        printf("Can't allocate String array for Principal\n");
+        LocalFree(realm);
+        return principal;
+    }
 
-        for (i=0; i<nameCount; i++) {
-            // get the principal name
-            scanner = &(principalName->Names[i]);
+    for (i=0; i<nameCount; i++) {
+        // get the principal name
+        scanner = &(principalName->Names[i]);
 
-            // OK, got a Char array, so construct a String
-            tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer,
-                                scanner->Length/sizeof(WCHAR));
-            // Set the String into the StringArray
-            (*env)->SetObjectArrayElement(env, stringArray, i, tempString);
+        // OK, got a Char array, so construct a String
+        tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer,
+                            scanner->Length/sizeof(WCHAR));
+        // Set the String into the StringArray
+        (*env)->SetObjectArrayElement(env, stringArray, i, tempString);
 
-            // Do I have to worry about storage reclamation here?
-        }
-        principal = (*env)->NewObject(env, principalNameClass,
-                        principalNameConstructor, stringArray);
+        // Do I have to worry about storage reclamation here?
+    }
+    principal = (*env)->NewObject(env, principalNameClass,
+                    principalNameConstructor, stringArray);
 
-        // now set the realm in the principal
-        realmLen = (ULONG)wcslen((PWCHAR)realm);
-        realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen);
-        (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr);
+    // now set the realm in the principal
+    realmLen = (ULONG)wcslen((PWCHAR)realm);
+    realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen);
+    (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr);
 
-        // free local resources
-        LocalFree(realm);
+    // free local resources
+    LocalFree(realm);
 
-        return principal;
+    return principal;
 }
 
 jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) {
-        // First, need to build a byte array
-        jbyteArray ary;
-        jobject encryptionKey = NULL;
+    // First, need to build a byte array
+    jbyteArray ary;
+    jobject encryptionKey = NULL;
 
-        ary = (*env)->NewByteArray(env,cryptoKey->Length);
-        (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
-                                        (jbyte *)cryptoKey->Value);
-        if ((*env)->ExceptionOccurred(env)) {
-                (*env)->DeleteLocalRef(env, ary);
-        } else {
-                encryptionKey = (*env)->NewObject(env, encryptionKeyClass,
-                        encryptionKeyConstructor, cryptoKey->KeyType, ary);
-        }
+    ary = (*env)->NewByteArray(env,cryptoKey->Length);
+    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
+                                    (jbyte *)cryptoKey->Value);
+    if ((*env)->ExceptionOccurred(env)) {
+        (*env)->DeleteLocalRef(env, ary);
+    } else {
+        encryptionKey = (*env)->NewObject(env, encryptionKeyClass,
+                encryptionKeyConstructor, cryptoKey->KeyType, ary);
+    }
 
-        return encryptionKey;
+    return encryptionKey;
 }
 
 jobject BuildTicketFlags(JNIEnv *env, PULONG flags) {
-        jobject ticketFlags = NULL;
-        jbyteArray ary;
-        /*
-         * mdu: Convert the bytes to nework byte order before copying
-         * them to a Java byte array.
-         */
-        ULONG nlflags = htonl(*flags);
+    jobject ticketFlags = NULL;
+    jbyteArray ary;
+    /*
+     * mdu: Convert the bytes to nework byte order before copying
+     * them to a Java byte array.
+     */
+    ULONG nlflags = htonl(*flags);
 
-        ary = (*env)->NewByteArray(env, sizeof(*flags));
-        (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
-                                        (jbyte *)&nlflags);
-        if ((*env)->ExceptionOccurred(env)) {
-                (*env)->DeleteLocalRef(env, ary);
-        } else {
-                ticketFlags = (*env)->NewObject(env, ticketFlagsClass,
-                        ticketFlagsConstructor, sizeof(*flags)*8, ary);
-        }
+    ary = (*env)->NewByteArray(env, sizeof(*flags));
+    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
+                                    (jbyte *)&nlflags);
+    if ((*env)->ExceptionOccurred(env)) {
+        (*env)->DeleteLocalRef(env, ary);
+    } else {
+        ticketFlags = (*env)->NewObject(env, ticketFlagsClass,
+                ticketFlagsConstructor, sizeof(*flags)*8, ary);
+    }
 
-        return ticketFlags;
+    return ticketFlags;
 }
 
 jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) {
-        jobject kerberosTime = NULL;
-        jstring stringTime = NULL;
-        SYSTEMTIME systemTime;
-        WCHAR timeString[16];
-        WCHAR month[3];
-        WCHAR day[3];
-        WCHAR hour[3];
-        WCHAR minute[3];
-        WCHAR second[3];
+    jobject kerberosTime = NULL;
+    jstring stringTime = NULL;
+    SYSTEMTIME systemTime;
+    WCHAR timeString[16];
+    WCHAR month[3];
+    WCHAR day[3];
+    WCHAR hour[3];
+    WCHAR minute[3];
+    WCHAR second[3];
 
-        if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) {
-// XXX Cannot use %02.2ld, because the leading 0 is ignored for integers.
-// So, print them to strings, and then print them to the master string with a
-// format pattern that makes it two digits and prefix with a 0 if necessary.
-                swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth);
-                swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay);
-                swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour);
-                swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute);
-                swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond);
-                swprintf( (wchar_t *)timeString,
-                                L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ",
+    if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) {
+        // XXX Cannot use %02.2ld, because the leading 0 is ignored for integers.
+        // So, print them to strings, and then print them to the master string with a
+        // format pattern that makes it two digits and prefix with a 0 if necessary.
+        swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth);
+        swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay);
+        swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour);
+        swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute);
+        swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond);
+        swprintf( (wchar_t *)timeString,
+                L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ",
                 systemTime.wYear,
                 month,
                 day,
                 hour,
                 minute,
                 second );
-                #ifdef DEBUG
-                printf("%S\n", (wchar_t *)timeString);
-                #endif /* DEBUG */
-                stringTime = (*env)->NewString(env, timeString,
-                                (sizeof(timeString)/sizeof(WCHAR))-1);
-                if (stringTime != NULL) { // everything's OK so far
-                        kerberosTime = (*env)->NewObject(env, kerberosTimeClass,
-                                kerberosTimeConstructor, stringTime);
-                }
+        #ifdef DEBUG
+        printf("%S\n", (wchar_t *)timeString);
+        #endif /* DEBUG */
+        stringTime = (*env)->NewString(env, timeString,
+                (sizeof(timeString)/sizeof(WCHAR))-1);
+        if (stringTime != NULL) { // everything's OK so far
+            kerberosTime = (*env)->NewObject(env, kerberosTimeClass,
+                    kerberosTimeConstructor, stringTime);
         }
-        return kerberosTime;
+    }
+    return kerberosTime;
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/KeyFactory/TestProviderLeak.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6578538
+ * @summary com.sun.crypto.provider.SunJCE instance leak using KRB5 and
+ *     LoginContext
+ * @author Brad Wetmore
+ *
+ * @run main/othervm -Xmx2m TestProviderLeak
+ */
+
+/*
+ * We force the leak to become a problem by specifying the minimum
+ * size heap we can (above).  In current runs on a server and client
+ * machine, it took roughly 220-240 iterations to have the memory leak
+ * shut down other operations.  It complained about "Unable to verify
+ * the SunJCE provider."
+ */
+
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class TestProviderLeak {
+    private static void dumpMemoryStats(String s) throws Exception {
+        Runtime rt = Runtime.getRuntime();
+        System.out.println(s + ":\t" +
+            rt.freeMemory() + " bytes free");
+    }
+
+    public static void main(String [] args) throws Exception {
+        SecretKeyFactory skf =
+            SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1", "SunJCE");
+        PBEKeySpec pbeKS = new PBEKeySpec(
+            "passPhrase".toCharArray(), new byte [] { 0 }, 5, 512);
+        for (int i = 0; i <= 1000; i++) {
+            try {
+                skf.generateSecret(pbeKS);
+                if ((i % 20) == 0) {
+                     // Calling gc() isn't dependable, but doesn't hurt.
+                     // Gives better output in leak cases.
+                    System.gc();
+                    dumpMemoryStats("Iteration " + i);
+                }
+            } catch (Exception e) {
+                dumpMemoryStats("\nException seen at iteration " + i);
+                throw e;
+            }
+        }
+    }
+}
--- a/jdk/test/java/net/CookieHandler/CookieManagerTest.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/test/java/net/CookieHandler/CookieManagerTest.java	Mon Mar 17 23:03:51 2008 -0700
@@ -132,17 +132,17 @@
                 ),
                 new CookieTestCase("Set-Cookie",
                 "PART_NUMBER=ROCKET_LAUNCHER_0001; path=/;" + "domain=." + localHostAddr,
-                "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001",
+                "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001",
                 "/"
                 ),
                 new CookieTestCase("Set-Cookie",
                 "SHIPPING=FEDEX; path=/foo;" + "domain=." + localHostAddr,
-                "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001",
+                "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001",
                 "/"
                 ),
                 new CookieTestCase("Set-Cookie",
                 "SHIPPING=FEDEX; path=/foo;" + "domain=." + localHostAddr,
-                "CUSTOMER=WILE:BOB;PART_NUMBER=ROCKET_LAUNCHER_0001;SHIPPING=FEDEX",
+                "CUSTOMER=WILE:BOB; PART_NUMBER=ROCKET_LAUNCHER_0001; SHIPPING=FEDEX",
                 "/foo"
                 )
                 };
@@ -157,7 +157,7 @@
                 ),
                 new CookieTestCase("Set-Cookie",
                 "PART_NUMBER=RIDING_ROCKET_0023; path=/ammo;" + "domain=." + localHostAddr,
-                "PART_NUMBER=RIDING_ROCKET_0023;PART_NUMBER=ROCKET_LAUNCHER_0001",
+                "PART_NUMBER=RIDING_ROCKET_0023; PART_NUMBER=ROCKET_LAUNCHER_0001",
                 "/ammo"
                 )
                 };
@@ -167,17 +167,17 @@
         testCases[count++] = new CookieTestCase[]{
                 new CookieTestCase("Set-Cookie2",
                 "Customer=\"WILE_E_COYOTE\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
                 "/acme/login"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\";Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr +  "\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr +  "\"",
                 "/acme/pickitem"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Shipping=\"FedEx\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + ";Shipping=\"FedEx\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr  + "\"" + "; Shipping=\"FedEx\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
                 "/acme/shipping"
                 )
                 };
@@ -187,17 +187,17 @@
         testCases[count++] = new CookieTestCase[]{
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
                 "/acme/ammo"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Riding_Rocket_0023\"; Version=\"1\"; Path=\"/acme/ammo\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Part_Number=\"Riding_Rocket_0023\";$Path=\"/acme/ammo\";$Domain=\"." + localHostAddr  + "\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\";$Path=\"/acme/ammo\";$Domain=\"." + localHostAddr  + "\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
                 "/acme/ammo"
                 ),
                 new CookieTestCase("",
                 "",
-                "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";" + "$Domain=\"." + localHostAddr + "\"",
                 "/acme/parts"
                 )
                 };
@@ -207,12 +207,12 @@
         testCases[count++] = new CookieTestCase[]{
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
                 "/acme"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Rocket_Launcher_2000\"; Version=\"1\"; Path=\"/acme\";" + "domain=." + localHostAddr,
-                "$Version=\"1\";Part_Number=\"Rocket_Launcher_2000\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
+                "$Version=\"1\"; Part_Number=\"Rocket_Launcher_2000\";$Path=\"/acme\";$Domain=\"." + localHostAddr + "\"",
                 "/acme"
                 )
                 };
@@ -222,17 +222,17 @@
         testCases[count++] = new CookieTestCase[]{
                 new CookieTestCase("Set-Cookie2",
                 "Customer=\"WILE_E_COYOTE\"; Version=\"1\"; Path=\"/acme\"",
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"",
                 "/acme/login"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Part_Number=\"Rocket_Launcher_0001\"; Version=\"1\";Path=\"/acme\"",
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"",
                 "/acme/pickitem"
                 ),
                 new CookieTestCase("Set-Cookie2",
                 "Shipping=\"FedEx\"; Version=\"1\"; Path=\"/acme\"",
-                "$Version=\"1\";Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + ";Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"" + ";Shipping=\"FedEx\";$Path=\"/acme\"",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\";$Path=\"/acme\"" + "; Part_Number=\"Rocket_Launcher_0001\";$Path=\"/acme\"" + "; Shipping=\"FedEx\";$Path=\"/acme\"",
                 "/acme/shipping"
                 )
                 };
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/net/InterfaceAddress/Equals.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/* @test
+ * @bug 6628576
+ * @summary InterfaceAddress.equals() NPE when broadcast field == null
+ */
+
+import java.net.InterfaceAddress;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+
+public class Equals
+{
+    public static void main(String[] args) {
+        InterfaceAddress ia1;
+        InterfaceAddress ia2;
+        InetAddress loopbackAddr = InetAddress.getLoopbackAddress();
+        InetAddress broadcast1 = null;
+        InetAddress broadcast2 = null;
+
+        try {
+            broadcast1 = InetAddress.getByName("255.255.255.0");
+            broadcast2 = InetAddress.getByName("255.255.0.0");
+        } catch (UnknownHostException e) {
+            e.printStackTrace();
+        }
+
+        ia1 = createInterfaceAddress(loopbackAddr, (InetAddress) null, (short)45);
+        ia2 = createInterfaceAddress(loopbackAddr, (InetAddress) null, (short)45);
+
+        compare(ia1, ia2, true);
+
+        ia2 = createInterfaceAddress(loopbackAddr, broadcast1, (short)45);
+        compare(ia1, ia2, false);
+
+        ia2 = createInterfaceAddress((InetAddress)null, broadcast1, (short)45);
+        compare(ia1, ia2, false);
+
+        ia1 = createInterfaceAddress(loopbackAddr, broadcast2, (short)45);
+        ia2 = createInterfaceAddress(loopbackAddr, broadcast2, (short)45);
+        compare(ia1, ia2, true);
+
+        ia1.equals(null);
+    }
+
+    static void compare(InterfaceAddress ia1, InterfaceAddress ia2, boolean equal) {
+        if (ia1.equals(ia2) != equal)
+            throw new RuntimeException("Failed: " + ia1 + " not equals to " + ia2);
+
+        if (ia2.equals(ia1) != equal)
+            throw new RuntimeException("Failed: " + ia2 + " not equals to " + ia1);
+    }
+
+    /**
+     * Returns an InterfaceAddress instance with its fields set the the values
+     * specificed.
+     */
+    static InterfaceAddress createInterfaceAddress(
+                InetAddress address, InetAddress broadcast, short prefixlength) {
+        try {
+            Class<InterfaceAddress> IAClass = InterfaceAddress.class;
+            InterfaceAddress ia;
+            Constructor<InterfaceAddress> ctr = IAClass.getDeclaredConstructor();
+            ctr.setAccessible(true);
+
+            Field addressField = IAClass.getDeclaredField("address");
+            addressField.setAccessible(true);
+
+            Field broadcastField = IAClass.getDeclaredField("broadcast");
+            broadcastField.setAccessible(true);
+
+            Field maskLengthField = IAClass.getDeclaredField("maskLength");
+            maskLengthField.setAccessible(true);
+
+            ia = ctr.newInstance();
+            addressField.set(ia, address);
+            broadcastField.set(ia, broadcast);
+            maskLengthField.setShort(ia, prefixlength);
+
+            return ia;
+        } catch (NoSuchFieldException nsfe) {
+            nsfe.printStackTrace();
+        } catch (NoSuchMethodException e) {
+            e.printStackTrace();
+        } catch (InstantiationException ie) {
+            ie.printStackTrace();
+        } catch (IllegalAccessException iae) {
+            iae.printStackTrace();
+        } catch (InvocationTargetException ite) {
+            ite.printStackTrace();
+        }
+
+        return null;
+    }
+}
--- a/jdk/test/java/net/ResponseCache/file2.1	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/test/java/net/ResponseCache/file2.1	Mon Mar 17 23:03:51 2008 -0700
@@ -1,4 +1,4 @@
-/* @test
+/* @test @(#)file2.1	1.1 03/08/09
  * @summary Unit test for java.net.ResponseCacheHandler
  * @bug 4837267
  * @author Yingxian Wang
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/AccessControlContext/FailureDebugOption.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6648816
+ * @summary REGRESSION: setting -Djava.security.debug=failure result in NPE
+ * in ACC
+ * @run main/othervm -Djava.security.debug=failure FailureDebugOption
+ */
+
+import java.security.ProtectionDomain;
+import java.security.AccessController;
+import java.security.AccessControlException;
+import java.security.BasicPermission;
+
+public class FailureDebugOption {
+
+   public static void main (String argv[]) throws Exception {
+        try {
+            AccessController.checkPermission(
+                        new BasicPermission("no such permission"){});
+        } catch (NullPointerException npe) {
+           throw new Exception("Unexpected NullPointerException for security" +
+                        " debug option, -Djava.security.debug=failure");
+        } catch (AccessControlException ace) {
+        }
+   }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/x500/X500Principal/RFC4514.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * @test
+ * @bug 6611991
+ * @summary Add support for parsing RFC 4514 DNs to X500Principal
+ *
+ * Ensure RFC 4514 Distinguished Name Strings can be parsed by X500Principal.
+ * RFC 4514 obsoleted RFC 2253 so we should make sure we can parse DNs of
+ * that form that contain subtle differences or clarifications in the grammar.
+ */
+public class RFC4514 {
+
+    private int failed = 0;
+
+    public static void main(String[] args) throws Exception {
+        new RFC4514().test();
+    }
+
+    private void test() throws Exception {
+
+        /**
+         * RFC 4514 allows space to be escaped as '\ '.
+         */
+        parse("CN=\\ Space\\ ,C=US");
+        parse("CN=Sp\\ ace,C=US");
+        /**
+         * RFC 4514 does not require escaping of '=' characters.
+         */
+        parse("CN=Eq=uals,C=US");
+        /**
+         * RFC 4514 requires the null character to be escaped.
+         */
+        parse("CN=\\00,C=US");
+        /**
+         * RFC 4514 does not require escaping of non-leading '#' characters.
+         */
+        parse("CN=Num#ber,C=US");
+        /**
+         * XMLDSig (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/)
+         * allows implementations to escape trailing whitespace as '\20'.
+         */
+        parse("CN=Trailing \\20,C=US");
+        /**
+         * XMLDSig allows implementations to escape ASCII control characters
+         * (Unicode range \x00 - \x1f) by replacing them with "\" followed by
+         * a two digit hex number showing its Unicode number.
+         */
+        parse("CN=Con\\09trol,C=US");
+
+        if (failed != 0) {
+            throw new Exception("Some RFC4514 tests FAILED");
+        }
+    }
+
+    public void parse(String dnString) throws Exception {
+
+        System.out.println("Parsing " + dnString);
+        X500Principal dn = new X500Principal(dnString);
+        String dnString2 = dn.getName();
+        X500Principal dn2 = new X500Principal(dnString2);
+        if (dn.equals(dn2)) {
+            System.out.println("PASSED");
+        } else {
+            System.out.println("FAILED");
+            failed++;
+        }
+    }
+}
--- a/jdk/test/sun/net/www/http/ChunkedOutputStream/Test.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/test/sun/net/www/http/ChunkedOutputStream/Test.java	Mon Mar 17 23:03:51 2008 -0700
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 5026745
+ * @bug 5026745 6631048
  * @run main/othervm/timeout=500 Test
  * @summary Cannot flush output stream when writing to an HttpUrlConnection
  */
@@ -158,6 +158,50 @@
                     exchange.sendResponseHeaders(200, 0);
                 }
                 break;
+            case 10: /* test11 */
+                printRequestURI(exchange);
+                is = exchange.getRequestBody();
+                s = read (is, str1.length());
+
+                error = false;
+                for (int i=10; i< 30 * 1024; i++) {
+                    byte c = (byte)is.read();
+
+                    if (c != (byte)i) {
+                        error = true;
+                        System.out.println ("error at position " + i);
+                    }
+                }
+                if (!s.equals(str1) ) {
+                    System.out.println ("received string : " + s);
+                    exchange.sendResponseHeaders(500, 0);
+                } else if (error) {
+                    System.out.println ("error");
+                    exchange.sendResponseHeaders(500, 0);
+                } else {
+                    exchange.sendResponseHeaders(200, 0);
+                }
+                break;
+            case 11: /* test12 */
+                printRequestURI(exchange);
+                is = exchange.getRequestBody();
+
+                error = false;
+                for (int i=10; i< 30 * 1024; i++) {
+                    byte c = (byte)is.read();
+
+                    if (c != (byte)i) {
+                        error = true;
+                        System.out.println ("error at position " + i);
+                    }
+                }
+                if (error) {
+                    System.out.println ("error");
+                    exchange.sendResponseHeaders(500, 0);
+                } else {
+                    exchange.sendResponseHeaders(200, 0);
+                }
+                break;
             }
             exchange.close();
             count ++;
@@ -390,6 +434,56 @@
         }
     }
 
+    static void test11 (String u) throws Exception {
+        URL url = new URL (u);
+        System.out.println ("client opening connection to: " + u);
+        HttpURLConnection urlc = (HttpURLConnection)url.openConnection ();
+        urlc.setChunkedStreamingMode (36 * 1024);
+        urlc.setDoOutput(true);
+        urlc.setRequestMethod ("POST");
+        OutputStream os = urlc.getOutputStream ();
+        byte[] buf = new byte [30 * 1024];
+        for (int i=0; i< 30 * 1024; i++) {
+            buf[i] = (byte) i;
+        }
+        /* write a small bit first, and then the large buffer */
+        os.write (str1.getBytes());
+        //os.write (buf, 10, buf.length - 10); /* skip 10 bytes to test offset */
+        os.write (buf, 10, (10 * 1024) - 10);
+        os.write (buf, (10 * 1024), (10 * 1024));
+        os.write (buf, (20 * 1024), (10 * 1024));
+        os.close();
+        InputStream is = urlc.getInputStream();
+        is.close();
+        int ret = urlc.getResponseCode();
+        if (ret != 200) {
+            throw new Exception ("Expected 200: got " + ret);
+        }
+    }
+
+    static void test12 (String u) throws Exception {
+        URL url = new URL (u);
+        System.out.println ("client opening connection to: " + u);
+        HttpURLConnection urlc = (HttpURLConnection)url.openConnection ();
+        urlc.setChunkedStreamingMode (36 * 1024);
+        urlc.setDoOutput(true);
+        urlc.setRequestMethod ("POST");
+        OutputStream os = urlc.getOutputStream ();
+        byte[] buf = new byte [30 * 1024];
+        for (int i=0; i< 30 * 1024; i++) {
+            buf[i] = (byte) i;
+        }
+        os.write (buf, 10, buf.length - 10); /* skip 10 bytes to test offset */
+        os.close();
+        InputStream is = urlc.getInputStream();
+        is.close();
+        int ret = urlc.getResponseCode();
+        if (ret != 200) {
+            throw new Exception ("Expected 200: got " + ret);
+        }
+    }
+
+
     static com.sun.net.httpserver.HttpServer httpserver;
 
     public static void main (String[] args) throws Exception {
@@ -411,6 +505,8 @@
             test8("http://localhost:"+ port + "/test/test8");
             test9("http://localhost:"+ port + "/test/test9");
             test10("http://localhost:"+ port + "/test/test10");
+            test11("http://localhost:"+ port + "/test/test11");
+            test12("http://localhost:"+ port + "/test/test12");
         } finally {
             if (httpserver != null)
                 httpserver.stop(0);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/net/www/protocol/http/B6641309.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6641309
+ * @summary Wrong Cookie separator used in HttpURLConnection
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import com.sun.net.httpserver.*;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ExecutorService;
+
+public class B6641309
+{
+    com.sun.net.httpserver.HttpServer httpServer;
+    ExecutorService executorService;
+
+    public static void main(String[] args)
+    {
+        new B6641309();
+    }
+
+    public B6641309()
+    {
+        try {
+            startHttpServer();
+            doClient();
+        } catch (IOException ioe) {
+            System.err.println(ioe);
+        }
+    }
+
+    void doClient() {
+        CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL));
+        try {
+            InetSocketAddress address = httpServer.getAddress();
+
+            // GET Request
+            URL url = new URL("http://localhost:" + address.getPort() + "/test/");
+            CookieHandler ch = CookieHandler.getDefault();
+            Map<String,List<String>> header = new HashMap<String,List<String>>();
+            List<String> values = new LinkedList<String>();
+            values.add("Test1Cookie=TEST1; path=/test/");
+            values.add("Test2Cookie=TEST2; path=/test/");
+            header.put("Set-Cookie", values);
+
+            // preload the CookieHandler with a cookie for our URL
+            // so that it will be sent during the first request
+            ch.put(url.toURI(), header);
+            HttpURLConnection uc = (HttpURLConnection)url.openConnection();
+            int resp = uc.getResponseCode();
+            if (resp != 200)
+                throw new RuntimeException("Failed: Response code from GET is not 200");
+
+            System.out.println("Response code from GET = 200 OK");
+
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (URISyntaxException e) {
+            e.printStackTrace();
+        } finally {
+            httpServer.stop(1);
+            executorService.shutdown();
+        }
+    }
+
+    /**
+     * Http Server
+     */
+    public void startHttpServer() throws IOException {
+        httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0);
+
+        // create HttpServer context
+        HttpContext ctx = httpServer.createContext("/test/", new MyHandler());
+
+        executorService = Executors.newCachedThreadPool();
+        httpServer.setExecutor(executorService);
+        httpServer.start();
+    }
+
+    class MyHandler implements HttpHandler {
+        public void handle(HttpExchange t) throws IOException {
+            InputStream is = t.getRequestBody();
+            Headers reqHeaders = t.getRequestHeaders();
+            int i = 0;
+            // Read till end of stream
+            do {
+                i = is.read();
+            } while (i != -1);
+            is.close();
+
+            List<String> cookies = reqHeaders.get("Cookie");
+            if (cookies != null) {
+                for (String str : cookies) {
+                    // The separator between the 2 cookies should be
+                    // a semi-colon AND a space
+                    if (str.equals("Test1Cookie=TEST1; Test2Cookie=TEST2"))
+                        t.sendResponseHeaders(200, -1);
+                }
+            }
+            t.sendResponseHeaders(400, -1);
+            t.close();
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/net/www/protocol/http/B6660405.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6660405
+ * @summary HttpURLConnection returns the wrong InputStream
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import com.sun.net.httpserver.*;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ExecutorService;
+
+public class B6660405
+{
+    com.sun.net.httpserver.HttpServer httpServer;
+    ExecutorService executorService;
+
+    static class MyCacheResponse extends CacheResponse {
+        private byte[] buf = new byte[1024];
+
+        public MyCacheResponse() {
+        }
+
+        @Override
+        public Map<String, List<String>> getHeaders() throws IOException
+        {
+            Map<String, List<String>> h = new HashMap<String, List<String>>();
+            ArrayList<String> l = new ArrayList<String>();
+            l.add("HTTP/1.1 200 OK");
+            h.put(null, l);
+            l = new ArrayList<String>();
+            l.add("1024");
+            h.put("Content-Length", l);
+            return h;
+        }
+
+        @Override
+        public InputStream getBody() throws IOException
+        {
+            return new ByteArrayInputStream(buf);
+        }
+
+    }
+    static class MyResponseCache extends ResponseCache {
+
+        public MyResponseCache() {
+        }
+
+        @Override
+        public CacheResponse get(URI uri, String rqstMethod, Map<String, List<String>> rqstHeaders) throws IOException
+        {
+            if (uri.getPath().equals("/redirect/index.html")) {
+                return new MyCacheResponse();
+            }
+            return null;
+        }
+
+        @Override
+        public CacheRequest put(URI uri, URLConnection conn) throws IOException
+        {
+            return null;
+        }
+
+    }
+
+    public static void main(String[] args)
+    {
+        new B6660405();
+    }
+
+    public B6660405()
+    {
+        try {
+            startHttpServer();
+            doClient();
+        } catch (IOException ioe) {
+            System.err.println(ioe);
+        }
+    }
+
+    void doClient() {
+        ResponseCache.setDefault(new MyResponseCache());
+        try {
+            InetSocketAddress address = httpServer.getAddress();
+
+            // GET Request
+            URL url = new URL("http://localhost:" + address.getPort() + "/test/index.html");
+            HttpURLConnection uc = (HttpURLConnection)url.openConnection();
+            int code = uc.getResponseCode();
+            System.err.println("response code = " + code);
+            int l = uc.getContentLength();
+            System.err.println("content-length = " + l);
+            InputStream in = uc.getInputStream();
+            int i = 0;
+            // Read till end of stream
+            do {
+                i = in.read();
+            } while (i != -1);
+            in.close();
+        } catch (IOException e) {
+            throw new RuntimeException("Got the wrong InputStream after checking headers");
+        } finally {
+            httpServer.stop(1);
+            executorService.shutdown();
+        }
+    }
+
+    /**
+     * Http Server
+     */
+    public void startHttpServer() throws IOException {
+        httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0);
+
+        // create HttpServer context
+        HttpContext ctx = httpServer.createContext("/test/", new MyHandler());
+
+        executorService = Executors.newCachedThreadPool();
+        httpServer.setExecutor(executorService);
+        httpServer.start();
+    }
+
+    class MyHandler implements HttpHandler {
+        public void handle(HttpExchange t) throws IOException {
+            InputStream is = t.getRequestBody();
+            Headers reqHeaders = t.getRequestHeaders();
+            Headers resHeaders = t.getResponseHeaders();
+
+            int i = 0;
+            // Read till end of stream
+            do {
+                i = is.read();
+            } while (i != -1);
+            is.close();
+            resHeaders.add("Location", "http://foo.bar/redirect/index.html");
+            t.sendResponseHeaders(302, -1);
+            t.close();
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/DnsFallback.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6673164
+ * @summary dns_fallback parse error
+ */
+
+import sun.security.krb5.*;
+import java.io.*;
+
+public class DnsFallback {
+    public static void main(String[] args) throws Exception {
+        check("true", "true", true);
+        check("false", "true", false);
+        check("true", "false", true);
+        check("false", "false", false);
+        check("true", null, true);
+        check("false", null, false);
+        check(null, "true", true);
+        check(null, "false", false);
+    }
+
+    static void check(String realm, String fallback, boolean output) throws Exception {
+        FileOutputStream fo = new FileOutputStream("dnsfallback.conf");
+        StringBuffer sb = new StringBuffer();
+        sb.append("[libdefaults]\n");
+        if (realm != null) {
+            sb.append("dns_lookup_realm=" + realm + "\n");
+        }
+        if (fallback != null) {
+            sb.append("dns_fallback=" + fallback + "\n");
+        }
+        fo.write(sb.toString().getBytes());
+        fo.close();
+        System.setProperty("java.security.krb5.conf", "dnsfallback.conf");
+        Config.refresh();
+        System.out.println("Testing " + realm + ", " + fallback + ", " + output);
+        if (Config.getInstance().useDNS_Realm() != output) {
+            throw new Exception("Fail");
+        }
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/OptionPADataInKDCReq.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6648972
+ * @summary KDCReq.init always read padata
+ */
+import sun.security.krb5.internal.ETypeInfo2;
+import sun.security.krb5.internal.KDCReq;
+import sun.security.util.DerValue;
+
+public class OptionPADataInKDCReq {
+    public static void main(String[] args) throws Exception {
+        /*
+         * This is a AS-REQ block without padata. The content is --
+        [APPLICATION 10] SEQUENCE {
+            [1] INTEGER 5
+            [2] INTEGER 10
+            [4] SEQUENCE {
+                [0] BIT STRING 01000000 10000001 00000000 00010000
+                [1] SEQUENCE {
+                    [0] INTEGER 1
+                    [1] SEQUENCE {
+                        STRING administrator
+                    }
+                }
+                [2] STRING N3
+                [3] SEQUENCE {
+                    [0] INTEGER 2
+                    [1] SEQUENCE {
+                        STRING krbtgt
+                        STRING N3
+                    }
+                }
+                [5] TIME Sun Sep 13 10:48:05 CST 2037
+                [6] TIME Sun Sep 13 10:48:05 CST 2037
+                [7] INTEGER 2101281516
+                [8] SEQUENCE {
+                    INTEGER 23
+                    INTEGER -133
+                    INTEGER -128
+                    INTEGER 3
+                    INTEGER 1
+                    INTEGER 24
+                    INTEGER -135
+                }
+                [9] SEQUENCE {
+                    SEQUENCE {
+                        [0] INTEGER 20
+                        [1] OCTET STRING
+                            0000: 58 50 20 20 20 20 20 20   20 20 20 20 20 20 20 20  XP
+                    }
+                }
+            }
+        }
+        */
+        byte[] b = {
+            (byte)0x6a, (byte)0x81, (byte)0xbf, (byte)0x30, (byte)0x81, (byte)0xbc, (byte)0xa1, (byte)0x03,
+            (byte)0x02, (byte)0x01, (byte)0x05, (byte)0xa2, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x0a,
+            (byte)0xa4, (byte)0x81, (byte)0xaf, (byte)0x30, (byte)0x81, (byte)0xac, (byte)0xa0, (byte)0x07,
+            (byte)0x03, (byte)0x05, (byte)0x00, (byte)0x40, (byte)0x81, (byte)0x00, (byte)0x10, (byte)0xa1,
+            (byte)0x1a, (byte)0x30, (byte)0x18, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x01,
+            (byte)0xa1, (byte)0x11, (byte)0x30, (byte)0x0f, (byte)0x1b, (byte)0x0d, (byte)0x61, (byte)0x64,
+            (byte)0x6d, (byte)0x69, (byte)0x6e, (byte)0x69, (byte)0x73, (byte)0x74, (byte)0x72, (byte)0x61,
+            (byte)0x74, (byte)0x6f, (byte)0x72, (byte)0xa2, (byte)0x04, (byte)0x1b, (byte)0x02, (byte)0x4e,
+            (byte)0x33, (byte)0xa3, (byte)0x17, (byte)0x30, (byte)0x15, (byte)0xa0, (byte)0x03, (byte)0x02,
+            (byte)0x01, (byte)0x02, (byte)0xa1, (byte)0x0e, (byte)0x30, (byte)0x0c, (byte)0x1b, (byte)0x06,
+            (byte)0x6b, (byte)0x72, (byte)0x62, (byte)0x74, (byte)0x67, (byte)0x74, (byte)0x1b, (byte)0x02,
+            (byte)0x4e, (byte)0x33, (byte)0xa5, (byte)0x11, (byte)0x18, (byte)0x0f, (byte)0x32, (byte)0x30,
+            (byte)0x33, (byte)0x37, (byte)0x30, (byte)0x39, (byte)0x31, (byte)0x33, (byte)0x30, (byte)0x32,
+            (byte)0x34, (byte)0x38, (byte)0x30, (byte)0x35, (byte)0x5a, (byte)0xa6, (byte)0x11, (byte)0x18,
+            (byte)0x0f, (byte)0x32, (byte)0x30, (byte)0x33, (byte)0x37, (byte)0x30, (byte)0x39, (byte)0x31,
+            (byte)0x33, (byte)0x30, (byte)0x32, (byte)0x34, (byte)0x38, (byte)0x30, (byte)0x35, (byte)0x5a,
+            (byte)0xa7, (byte)0x06, (byte)0x02, (byte)0x04, (byte)0x7d, (byte)0x3f, (byte)0x02, (byte)0xec,
+            (byte)0xa8, (byte)0x19, (byte)0x30, (byte)0x17, (byte)0x02, (byte)0x01, (byte)0x17, (byte)0x02,
+            (byte)0x02, (byte)0xff, (byte)0x7b, (byte)0x02, (byte)0x01, (byte)0x80, (byte)0x02, (byte)0x01,
+            (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x01, (byte)0x02, (byte)0x01, (byte)0x18, (byte)0x02,
+            (byte)0x02, (byte)0xff, (byte)0x79, (byte)0xa9, (byte)0x1d, (byte)0x30, (byte)0x1b, (byte)0x30,
+            (byte)0x19, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x14, (byte)0xa1, (byte)0x12,
+            (byte)0x04, (byte)0x10, (byte)0x58, (byte)0x50, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
+            (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
+            (byte)0x20, (byte)0x20,
+        };
+        new KDCReq(b, 0x0a);
+
+        /*
+         * This is a fake ETYPEINFO2 block with no salt
+            SEQUENCE {
+                [0] INTEGER 0
+                [2] OCTET STRING 0000: 00                                                 .
+            }
+         */
+        byte[] b2 = {
+            (byte)0x30, (byte)0x0a, (byte)0xa0, (byte)0x03, (byte)0x02, (byte)0x01, (byte)0x00, (byte)0xa2,
+            (byte)0x03, (byte)0x04, (byte)0x01, (byte)0x00,
+        };
+
+        ETypeInfo2 e2 = new ETypeInfo2(new DerValue(b2));
+        if (e2.getSalt() != null || e2.getParams() == null) {
+            throw new Exception("ETypeInfo2 decoding error");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/TimeInCCache.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+/*
+ * @test
+ * @bug 6590930
+ * @summary read/write does not match for ccache
+ */
+
+import java.io.ByteArrayInputStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import sun.security.krb5.internal.ccache.CCacheInputStream;
+import sun.security.krb5.internal.ccache.Credentials;
+
+public class TimeInCCache {
+    public static void main(String[] args) throws Exception {
+        // A trivial cache file, with startdate and renewTill being zero.
+        // The endtime is set to sometime in year 2022, so that isValid()
+        // will always check starttime.
+        byte[] ccache = new byte[]{
+            5, 4, 0, 12, 0, 1, 0, 8, -1, -1, -1, 19, -1, -2, 89, 51,
+            0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73,
+            46, 76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0,
+            0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 10, 77, 65, 88, 73, 46,
+            76, 79, 67, 65, 76, 0, 0, 0, 5, 100, 117, 109, 109, 121, 0, 0,
+            0, 0, 0, 0, 0, 2, 0, 0, 0, 10, 77, 65, 88, 73, 46, 76,
+            79, 67, 65, 76, 0, 0, 0, 6, 107, 114, 98, 116, 103, 116, 0, 0,
+            0, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, 0, 17, 0, 0,
+            0, 16, -78, -85, -90, -50, -68, 115, 68, 8, -39, -109, 91, 61, -17, -27,
+            -122, -120, 71, 69, 16, -121, 0, 0, 0, 0, 98, 69, 16, -121, 0, 0,
+            0, 0, 0, 64, -32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+            0, 1, 0, 97, -127, -3, 48, -127, -6, -96, 3, 2, 1, 5, -95, 12,
+            27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -94, 31, 48, 29,
+            -96, 3, 2, 1, 0, -95, 22, 48, 20, 27, 6, 107, 114, 98, 116, 103,
+            116, 27, 10, 77, 65, 88, 73, 46, 76, 79, 67, 65, 76, -93, -127, -61,
+            48, -127, -64, -96, 3, 2, 1, 17, -95, 3, 2, 1, 1, -94, -127, -77,
+            4, -127, -80, 43, 65, -66, 34, 21, -34, 37, 35, 32, 50, -14, 122, 77,
+            -3, -29, 37, 99, 50, 125, -43, -96, -78, 85, 23, 41, -80, 68, 2, -109,
+            -27, 38, -41, -72, -32, 127, 63, -76, -22, 81, 33, -114, -30, 104, 125, -81,
+            -29, 70, -25, 23, 100, -75, -25, 62, -120, -78, -61, -100, -74, 50, -117, -127,
+            -16, 79, -106, 62, -39, 91, 100, -10, 23, -88, -18, -47, 51, -19, 113, 18,
+            98, -101, 31, 98, 22, -81, 11, -41, -42, 67, 87, 92, -2, 42, -54, 79,
+            49, -90, 43, -37, 90, -102, 125, 62, -88, -77, 100, 102, 23, -57, -51, 38,
+            68, -44, -57, -102, 103, -6, 85, -58, 74, -117, -87, 67, -103, -36, 110, -122,
+            115, 12, 118, -106, -114, -51, 79, 68, 32, -91, -53, -5, -51, 89, 72, 70,
+            123, -12, -95, 9, 40, -30, -117, 74, 77, 38, 91, 126, -82, 17, 98, 98,
+            -49, 78, 36, 36, 103, -76, -100, -23, 118, -92, -8, 80, 103, -23, -98, 56,
+            21, 65, -77, 0, 0, 0, 0
+        };
+        System.setProperty("sun.security.krb5.debug", "true");  // test code changes in DEBUG
+        CCacheInputStream cis = new CCacheInputStream(new ByteArrayInputStream(ccache));
+        cis.readVersion();
+        cis.readTag();
+        cis.readPrincipal(0x504);
+        Method m = CCacheInputStream.class.getDeclaredMethod("readCred", Integer.TYPE);
+        m.setAccessible(true);
+        Credentials c = (Credentials) m.invoke(cis, new Integer(0x504));
+        sun.security.krb5.Credentials cc = c.setKrbCreds();
+
+        // 1. Make sure starttime is still null
+        if (cc.getStartTime() != null) {
+            throw new Exception("Fail, starttime should be zero here");
+        }
+
+        // 2. Make sure renewTill is still null
+        if (cc.getRenewTill() != null) {
+            throw new Exception("Fail, renewTill should be zero here");
+        }
+
+        // 3. Make sure isValid works
+        c.isValid();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6447412
+ * @summary Issue with socket.close() for ssl sockets when poweroff on
+ *          other system
+ */
+
+import javax.net.ssl.*;
+import java.io.*;
+
+public class AsyncSSLSocketClose implements Runnable
+{
+    SSLSocket socket;
+    SSLServerSocket ss;
+
+    // Where do we find the keystores?
+    static String pathToStores = "../../../../../../../etc";
+    static String keyStoreFile = "keystore";
+    static String trustStoreFile = "truststore";
+    static String passwd = "passphrase";
+
+    public static void main(String[] args) {
+        String keyFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + keyStoreFile;
+        String trustFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + trustStoreFile;
+
+        System.setProperty("javax.net.ssl.keyStore", keyFilename);
+        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+        System.setProperty("javax.net.ssl.trustStore", trustFilename);
+        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
+        new AsyncSSLSocketClose();
+    }
+
+    public AsyncSSLSocketClose() {
+        try {
+            SSLServerSocketFactory sslssf =
+                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+            ss = (SSLServerSocket) sslssf.createServerSocket(0);
+
+            SSLSocketFactory sslsf =
+                (SSLSocketFactory)SSLSocketFactory.getDefault();
+            socket = (SSLSocket)sslsf.createSocket("localhost",
+                                                        ss.getLocalPort());
+            SSLSocket serverSoc = (SSLSocket) ss.accept();
+            ss.close();
+
+            (new Thread(this)).start();
+            serverSoc.startHandshake();
+
+            try {
+                Thread.sleep(5000);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+
+            socket.setSoLinger(true, 10);
+            System.out.println("Calling Socket.close");
+            socket.close();
+            System.out.println("ssl socket get closed");
+            System.out.flush();
+
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+    }
+
+    // block in write
+    public void run() {
+        try {
+            byte[] ba = new byte[1024];
+            for (int i=0; i<ba.length; i++)
+                ba[i] = 0x7A;
+
+            OutputStream os = socket.getOutputStream();
+            int count = 0;
+            while (true) {
+                count += ba.length;
+                System.out.println(count + " bytes to be written");
+                os.write(ba);
+                System.out.println(count + " bytes written");
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CloseKeepAliveCached.java	Mon Mar 17 23:03:51 2008 -0700
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6618387
+ * @summary SSL client sessions do not close cleanly. A TCP reset occurs
+ *      instead of a close_notify alert.
+ * @run main/othervm -Djavax.net.debug=ssl CloseKeepAliveCached
+ *
+ * @ignore
+ *    After run the test manually, at the end of the debug output,
+ *    if "MainThread, called close()" found, the test passed. Otherwise,
+ *    if "Keep-Alive-Timer: called close()", the test failed.
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import javax.net.ssl.*;
+
+public class CloseKeepAliveCached {
+    static Map cookies;
+    ServerSocket ss;
+
+    /*
+     * =============================================================
+     * Set the various variables needed for the tests, then
+     * specify what tests to run on each side.
+     */
+
+    /*
+     * Should we run the client or server in a separate thread?
+     * Both sides can throw exceptions, but do you have a preference
+     * as to which side should be the main thread.
+     */
+    static boolean separateServerThread = true;
+
+    /*
+     * Where do we find the keystores?
+     */
+    static String pathToStores = "../../../../../../etc";
+    static String keyStoreFile = "keystore";
+    static String trustStoreFile = "truststore";
+    static String passwd = "passphrase";
+
+    /*
+     * Is the server ready to serve?
+     */
+    volatile static boolean serverReady = false;
+
+    /*
+     * Turn on SSL debugging?
+     */
+    static boolean debug = false;
+
+    private SSLServerSocket sslServerSocket = null;
+
+    /*
+     * Define the server side of the test.
+     *
+     * If the server prematurely exits, serverReady will be set to true
+     * to avoid infinite hangs.
+     */
+    void doServerSide() throws Exception {
+        SSLServerSocketFactory sslssf =
+            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+        sslServerSocket =
+            (SSLServerSocket) sslssf.createServerSocket(serverPort);
+        serverPort = sslServerSocket.getLocalPort();
+
+        /*
+         * Signal Client, we're ready for his connect.
+         */
+        serverReady = true;
+        SSLSocket sslSocket = null;
+        try {
+            sslSocket = (SSLSocket) sslServerSocket.accept();
+            for (int i = 0; i < 3 && !sslSocket.isClosed(); i++) {
+                // read request
+                InputStream is = sslSocket.getInputStream ();
+
+                BufferedReader r = new BufferedReader(
+                                                new InputStreamReader(is));
+                String x;
+                while ((x=r.readLine()) != null) {
+                    if (x.length() ==0) {
+                        break;
+                    }
+                }
+
+
+                PrintStream out = new PrintStream(
+                                 new BufferedOutputStream(
+                                    sslSocket.getOutputStream() ));
+
+                /* send the header */
+                out.print("HTTP/1.1 200 OK\r\n");
+                out.print("Keep-Alive: timeout=15, max=100\r\n");
+                out.print("Connection: Keep-Alive\r\n");
+                out.print("Content-Type: text/html; charset=iso-8859-1\r\n");
+                out.print("Content-Length: 9\r\n");
+                out.print("\r\n");
+                out.print("Testing\r\n");
+                out.flush();
+
+                Thread.sleep(50);
+            }
+            sslSocket.close();
+            sslServerSocket.close();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    /*
+     * Define the client side of the test.
+     *
+     * If the server prematurely exits, serverReady will be set to true
+     * to avoid infinite hangs.
+     */
+    void doClientSide() throws Exception {
+
+        /*
+         * Wait for server to get started.
+         */
+        while (!serverReady) {
+            Thread.sleep(50);
+        }
+        try {
+            HttpsURLConnection http = null;
+
+            /* establish http connection to server */
+            URL url = new URL("https://localhost:" + serverPort+"/");
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+            http = (HttpsURLConnection)url.openConnection();
+            InputStream is = http.getInputStream ();
+            while (is.read() != -1);
+            is.close();
+
+            url = new URL("https://localhost:" + serverPort+"/");
+            http = (HttpsURLConnection)url.openConnection();
+            is = http.getInputStream ();
+            while (is.read() != -1);
+
+            // if inputstream.close() called, the http.disconnect() will
+            // not able to close the cached connection. If application
+            // wanna close the keep-alive cached connection immediately
+            // with httpURLConnection.disconnect(), they should not call
+            // inputstream.close() explicitly, the
+            // httpURLConnection.disconnect() will do it internally.
+            // is.close();
+
+            // close the connection, sending close_notify to peer.
+            // otherwise, the connection will be closed by Finalizer or
+            // Keep-Alive-Timer if timeout.
+            http.disconnect();
+            // Thread.sleep(5000);
+        } catch (IOException ioex) {
+            if (sslServerSocket != null)
+                sslServerSocket.close();
+            throw ioex;
+        }
+    }
+
+    static class NameVerifier implements HostnameVerifier {
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+    }
+
+    /*
+     * =============================================================
+     * The remainder is just support stuff
+     */
+
+    // use any free port by default
+    volatile int serverPort = 0;
+
+    volatile Exception serverException = null;
+    volatile Exception clientException = null;
+
+    public static void main(String args[]) throws Exception {
+        String keyFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + keyStoreFile;
+        String trustFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + trustStoreFile;
+
+        System.setProperty("javax.net.ssl.keyStore", keyFilename);
+        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+        System.setProperty("javax.net.ssl.trustStore", trustFilename);
+        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
+        if (debug)
+            System.setProperty("javax.net.debug", "all");
+
+        /*
+         * Start the tests.
+         */
+        new CloseKeepAliveCached();
+    }
+
+    Thread clientThread = null;
+    Thread serverThread = null;
+    /*
+     * Primary constructor, used to drive remainder of the test.
+     *
+     * Fork off the other side, then do your work.
+     */
+    CloseKeepAliveCached() throws Exception {
+        if (separateServerThread) {
+            startServer(true);
+            startClient(false);
+        } else {
+            startClient(true);
+            startServer(false);
+        }
+
+        /*
+         * Wait for other side to close down.
+         */
+        if (separateServerThread) {
+            serverThread.join();
+        } else {
+            clientThread.join();
+        }
+
+        /*
+         * When we get here, the test is pretty much over.
+         *
+         * If the main thread excepted, that propagates back
+         * immediately.  If the other thread threw an exception, we
+         * should report back.
+         */
+        if (serverException != null)
+            throw serverException;
+        if (clientException != null)
+            throw clientException;
+    }
+
+    void startServer(boolean newThread) throws Exception {
+        if (newThread) {
+            serverThread = new Thread() {
+                public void run() {
+                    try {
+                        doServerSide();
+                    } catch (Exception e) {
+                        /*
+                         * Our server thread just died.
+                         *
+                         * Release the client, if not active already...
+                         */
+                        System.err.println("Server died...");
+                        serverReady = true;
+                        serverException = e;
+                    }
+                }
+            };
+            serverThread.start();
+        } else {
+            doServerSide();
+        }
+    }
+
+    void startClient(boolean newThread) throws Exception {
+        if (newThread) {
+            clientThread = new Thread() {
+                public void run() {
+                    try {
+                        doClientSide();
+                    } catch (Exception e) {
+                        /*
+                         * Our client thread just died.
+                         */
+                        System.err.println("Client died...");
+                        clientException = e;
+                    }
+                }
+            };
+            clientThread.start();
+        } else {
+            doClientSide();
+        }
+    }
+}
+
--- a/jdk/test/sun/security/tools/keytool/StartDateTest.java	Mon Mar 17 22:56:59 2008 -0700
+++ b/jdk/test/sun/security/tools/keytool/StartDateTest.java	Mon Mar 17 23:03:51 2008 -0700
@@ -52,15 +52,15 @@
         cal.setTime(getIssueDate());
         System.out.println(cal);
         if (cal.get(Calendar.YEAR) != year + 1) {
-            throw new Exception("Function #1 check fails");
+            throw new Exception("Function check #1 fails");
         }
 
         run("-keystore jks -storetype jks -storepass changeit -keypass changeit -alias me " +
                 "-selfcert -startdate +1m");
         cal.setTime(getIssueDate());
         System.out.println(cal);
-        if (cal.get(Calendar.MONTH) != month + 1) {
-            throw new Exception("Function #1 check fails");
+        if (cal.get(Calendar.MONTH) != (month + 1) % 12) {
+            throw new Exception("Function check #2 fails");
         }
 
         new File("jks").delete();