changeset 6100:220d2458ce4b

Merge
author lana
date Fri, 09 Nov 2012 14:46:34 -0800
parents ad5c1d6b1e16 9edfa0e761b9
children 130d3a54d28b 03d22c98b30a 11ba8795bbe9
files
diffstat 165 files changed, 7829 insertions(+), 1228 deletions(-) [+]
line wrap: on
line diff
--- a/make/common/shared/Defs-control.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/common/shared/Defs-control.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,9 @@
 dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
 
 # The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=7
+SOURCE_LANGUAGE_VERSION=8
 # The class version we want for this jdk build
-TARGET_CLASS_VERSION=7
+TARGET_CLASS_VERSION=8
 
 # The MESSAGE, WARNING and ERROR files are used to store sanity check and 
 # source check messages, warnings and errors. 
--- a/make/common/shared/Defs-java.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/common/shared/Defs-java.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -143,12 +143,12 @@
 endif
 
 # Add the source level
-SOURCE_LANGUAGE_VERSION = 7
+SOURCE_LANGUAGE_VERSION = 8
 LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
 JAVACFLAGS  += $(LANGUAGE_VERSION)
 
 # Add the class version we want
-TARGET_CLASS_VERSION = 7
+TARGET_CLASS_VERSION = 8
 CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
 JAVACFLAGS  += $(CLASS_VERSION)
 JAVACFLAGS  += -encoding ascii
--- a/make/java/invoke/Makefile	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/java/invoke/Makefile	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@
 
 # The sources built here use new language syntax to generate
 # method handle calls.  Let's be sure we are using that format.
-LANGUAGE_VERSION = -source 7
-CLASS_VERSION = -target 7
+LANGUAGE_VERSION = -source 8
+CLASS_VERSION = -target 8
 
 include $(BUILDDIR)/common/Classes.gmk
--- a/make/sun/javazic/tzdata/VERSION	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/VERSION	Fri Nov 09 14:46:34 2012 -0800
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2012c
+tzdata2012i
--- a/make/sun/javazic/tzdata/africa	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/africa	Fri Nov 09 14:46:34 2012 -0800
@@ -260,7 +260,7 @@
 # I received a mail from an airline which says that the daylight
 # saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
 # From Jesper Norgaard Welen (2007-08-15): [The following agree:]
-# http://www.nentjes.info/Bill/bill5.htm 
+# http://www.nentjes.info/Bill/bill5.htm
 # http://www.timeanddate.com/worldclock/city.html?n=53
 # From Steffen Thorsen (2007-09-04): The official information...:
 # http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@@ -314,18 +314,18 @@
 # in September.
 
 # From Steffen Thorsen (2009-08-11):
-# We have been able to confirm the August change with the Egyptian Cabinet 
+# We have been able to confirm the August change with the Egyptian Cabinet
 # Information and Decision Support Center:
 # <a href="http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html">
 # http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
 # </a>
-# 
+#
 # The Middle East News Agency
 # <a href="http://www.mena.org.eg/index.aspx">
 # http://www.mena.org.eg/index.aspx
 # </a>
 # also reports "Egypt starts winter time on August 21"
-# today in article numbered "71, 11/08/2009 12:25 GMT." 
+# today in article numbered "71, 11/08/2009 12:25 GMT."
 # Only the title above is available without a subscription to their service,
 # and can be found by searching for "winter" in their search engine
 # (at least today).
@@ -504,7 +504,7 @@
 # From Steffen Thorsen (2008-06-25):
 # Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
 # basis....
-# It seems that Mauritius observed daylight saving time from 1982-10-10 to 
+# It seems that Mauritius observed daylight saving time from 1982-10-10 to
 # 1983-03-20 as well, but that was not successful....
 # http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
 
@@ -528,12 +528,12 @@
 # than previously announced (2008-11-01 to 2009-03-31).  The new start
 # date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
 # given, but it is probably at either 2 or 3 wall clock time).
-# 
-# A little strange though, since the article says that they moved the date 
-# to align itself with Europe and USA which also change time on that date, 
-# but that means they have not paid attention to what happened in 
-# USA/Canada last year (DST ends first Sunday in November). I also wonder 
-# why that they end on a Friday, instead of aligning with Europe which 
+#
+# A little strange though, since the article says that they moved the date
+# to align itself with Europe and USA which also change time on that date,
+# but that means they have not paid attention to what happened in
+# USA/Canada last year (DST ends first Sunday in November). I also wonder
+# why that they end on a Friday, instead of aligning with Europe which
 # changes two days later.
 
 # From Alex Krivenyshev (2008-07-11):
@@ -592,7 +592,7 @@
 # </a>
 
 # From Arthur David Olson (2009-07-11):
-# The "mauritius-dst-will-not-repeat" wrapup includes this: 
+# The "mauritius-dst-will-not-repeat" wrapup includes this:
 # "The trial ended on March 29, 2009, when the clocks moved back by one hour
 # at 2am (or 02:00) local time..."
 
@@ -686,8 +686,8 @@
 # XXX--guess that it is only Morocco for now; guess only 2008 for now.
 
 # From Steffen Thorsen (2008-08-27):
-# Morocco will change the clocks back on the midnight between August 31 
-# and September 1. They originally planned to observe DST to near the end 
+# Morocco will change the clocks back on the midnight between August 31
+# and September 1. They originally planned to observe DST to near the end
 # of September:
 #
 # One article about it (in French):
@@ -821,6 +821,23 @@
 # "...&agrave; partir du dernier dimance d'avril et non fins mars,
 # comme annonc&eacute; pr&eacute;c&eacute;demment."
 
+# From Milamber Space Network (2012-07-17):
+# The official return to GMT is announced by the Moroccan government:
+# <a href="http://www.mmsp.gov.ma/fr/actualites.aspx?id=288">
+# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
+# </a>
+#
+# Google translation, lightly edited:
+# Back to the standard time of the Kingdom (GMT)
+# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
+# 2012) and in accordance with the order of Mr. President of the
+# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
+# of Public Service and Administration Modernization announces the return
+# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
+# Monday, August 20, 2012.  So the time will be delayed by 60 minutes from
+# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
+# August 20, 2012 from 2:00 am.
+
 # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 
 Rule	Morocco	1939	only	-	Sep	12	 0:00	1:00	S
@@ -848,6 +865,8 @@
 Rule	Morocco	2011	only	-	Jul	 31	 0	0	-
 Rule	Morocco	2012	max	-	Apr	 lastSun 2:00	1:00	S
 Rule	Morocco	2012	max	-	Sep	 lastSun 3:00	0	-
+Rule	Morocco	2012	only	-	Jul	 20	 3:00	0	-
+Rule	Morocco	2012	only	-	Aug	 20	 2:00	1:00	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Africa/Casablanca	-0:30:20 -	LMT	1913 Oct 26
@@ -876,7 +895,7 @@
 # Forecasting Riaan van Zyl explained that the far eastern parts of
 # the country are close to 40 minutes earlier in sunrise than the rest
 # of the country.
-# 
+#
 # From Paul Eggert (2007-03-31):
 # Apparently the Caprivi Strip informally observes Botswana time, but
 # we have no details.  In the meantime people there can use Africa/Gaborone.
--- a/make/sun/javazic/tzdata/asia	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/asia	Fri Nov 09 14:46:34 2012 -0800
@@ -124,7 +124,7 @@
 # From Alexander Krivenyshev (2012-02-10):
 # According to News Armenia, on Feb 9, 2012,
 # http://newsarmenia.ru/society/20120209/42609695.html
-# 
+#
 # The Armenia National Assembly adopted final reading of Amendments to the
 # Law "On procedure of calculation time on the territory of the Republic of
 # Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@@ -204,15 +204,15 @@
 # </a>
 
 # From A. N. M. Kamrus Saadat (2009-06-15):
-# Finally we've got the official mail regarding DST start time where DST start 
-# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh 
-# Telecommunication Regulatory Commission). 
+# Finally we've got the official mail regarding DST start time where DST start
+# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
+# Telecommunication Regulatory Commission).
 #
 # No DST end date has been announced yet.
 
 # From Alexander Krivenyshev (2009-09-25):
-# Bangladesh won't go back to Standard Time from October 1, 2009, 
-# instead it will continue DST measure till the cabinet makes a fresh decision. 
+# Bangladesh won't go back to Standard Time from October 1, 2009,
+# instead it will continue DST measure till the cabinet makes a fresh decision.
 #
 # Following report by same newspaper-"The Daily Star Friday":
 # "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@@ -226,8 +226,8 @@
 
 # From Steffen Thorsen (2009-10-13):
 # IANS (Indo-Asian News Service) now reports:
-# Bangladesh has decided that the clock advanced by an hour to make 
-# maximum use of daylight hours as an energy saving measure would 
+# Bangladesh has decided that the clock advanced by an hour to make
+# maximum use of daylight hours as an energy saving measure would
 # "continue for an indefinite period."
 #
 # One of many places where it is published:
@@ -255,7 +255,7 @@
 
 # From Alexander Krivenyshev (2010-03-22):
 # According to Bangladesh newspaper "The Daily Star,"
-# Cabinet cancels Daylight Saving Time 
+# Cabinet cancels Daylight Saving Time
 # <a href="http://www.thedailystar.net/newDesign/latest_news.php?nid=22817">
 # http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
 # </a>
@@ -383,11 +383,11 @@
 # observing daylight saving time in 1986.
 #
 # From Thomas S. Mullaney (2008-02-11):
-# I think you're combining two subjects that need to treated 
-# separately: daylight savings (which, you're correct, wasn't 
-# implemented until the 1980s) and the unified time zone centered near 
-# Beijing (which was implemented in 1949). Briefly, there was also a 
-# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was 
+# I think you're combining two subjects that need to treated
+# separately: daylight savings (which, you're correct, wasn't
+# implemented until the 1980s) and the unified time zone centered near
+# Beijing (which was implemented in 1949). Briefly, there was also a
+# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
 # ceased, and the second eventually recognized (again, in the 1980s).
 #
 # From Paul Eggert (2008-06-30):
@@ -524,7 +524,7 @@
 # as of 2009-10-28:
 # Year        Period
 # 1941        1 Apr to 30 Sep
-# 1942        Whole year 
+# 1942        Whole year
 # 1943        Whole year
 # 1944        Whole year
 # 1945        Whole year
@@ -615,16 +615,16 @@
 # From Arthur David Olson (2010-04-07):
 # Here's Google's translation of the table at the bottom of the "summert.htm" page:
 # Decade 	                                                    Name                      Start and end date
-# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30 
-# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31 
-# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31 
-# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30 
-# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30 
-# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30 
-# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time 
-# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30 
-# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time 
-# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30 
+# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30
+# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31
+# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31
+# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30
+# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30
+# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30
+# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
+# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30
+# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time
+# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30
 # Republic of China since 69 years (AD 1980)                  Stop Daylight Saving Time
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1193,15 +1193,15 @@
 #
 #	ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
 
-# From Paul Eggert (2005-02-22):
+# From Paul Eggert (2012-10-26):
 # I used Ephraim Silverberg's dst-israel.el program
 # <ftp://ftp.cs.huji.ac.il/pub/tz/software/dst-israel.el> (2005-02-20)
 # along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
-# to generate the transitions in this list.
+# to generate the transitions from 2005 through 2012.
 # (I replaced "lastFri" with "Fri>=26" by hand.)
-# The spring transitions below all correspond to the following Rule:
+# The spring transitions all correspond to the following Rule:
 #
-# Rule	Zion	2005	max	-	Mar	Fri>=26	2:00	1:00	D
+# Rule	Zion	2005	2012	-	Mar	Fri>=26	2:00	1:00	D
 #
 # but older zic implementations (e.g., Solaris 8) do not support
 # "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@@ -1218,39 +1218,36 @@
 Rule	Zion	2010	only	-	Sep	12	2:00	0	S
 Rule	Zion	2011	only	-	Apr	 1	2:00	1:00	D
 Rule	Zion	2011	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2012	2015	-	Mar	Fri>=26	2:00	1:00	D
+Rule	Zion	2012	only	-	Mar	Fri>=26	2:00	1:00	D
 Rule	Zion	2012	only	-	Sep	23	2:00	0	S
-Rule	Zion	2013	only	-	Sep	 8	2:00	0	S
-Rule	Zion	2014	only	-	Sep	28	2:00	0	S
-Rule	Zion	2015	only	-	Sep	20	2:00	0	S
-Rule	Zion	2016	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2016	only	-	Oct	 9	2:00	0	S
-Rule	Zion	2017	2021	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2017	only	-	Sep	24	2:00	0	S
-Rule	Zion	2018	only	-	Sep	16	2:00	0	S
-Rule	Zion	2019	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2020	only	-	Sep	27	2:00	0	S
-Rule	Zion	2021	only	-	Sep	12	2:00	0	S
-Rule	Zion	2022	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2022	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2023	2032	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2023	only	-	Sep	24	2:00	0	S
-Rule	Zion	2024	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2025	only	-	Sep	28	2:00	0	S
-Rule	Zion	2026	only	-	Sep	20	2:00	0	S
-Rule	Zion	2027	only	-	Oct	10	2:00	0	S
-Rule	Zion	2028	only	-	Sep	24	2:00	0	S
-Rule	Zion	2029	only	-	Sep	16	2:00	0	S
-Rule	Zion	2030	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2031	only	-	Sep	21	2:00	0	S
-Rule	Zion	2032	only	-	Sep	12	2:00	0	S
-Rule	Zion	2033	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2033	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2034	2037	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2034	only	-	Sep	17	2:00	0	S
-Rule	Zion	2035	only	-	Oct	 7	2:00	0	S
-Rule	Zion	2036	only	-	Sep	28	2:00	0	S
-Rule	Zion	2037	only	-	Sep	13	2:00	0	S
+
+# From Ephraim Silverberg (2012-10-18):
+
+# Yesterday, the Interior Ministry Committee, after more than a year
+# past, approved sending the proposed June 2011 changes to the Time
+# Decree Law back to the Knesset for second and third (final) votes
+# before the upcoming elections on Jan. 22, 2013.  Hence, although the
+# changes are not yet law, they are expected to be so before February 2013.
+#
+# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
+# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
+# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
+# later (i.e. at 02:00 the first Monday after October 2).
+# [Rosh Hashana holidays are factored in until 2100.]
+
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	Zion	2013	max	-	Mar	Fri>=23	2:00	1:00	D
+Rule	Zion	2013	2026	-	Oct	Sun>=2	2:00	0	S
+Rule	Zion	2027	only	-	Oct	Mon>=3	2:00	0	S
+Rule	Zion	2028	max	-	Oct	Sun>=2	2:00	0	S
+# The following rules are commented out for now, as they break older
+# versions of zic that support only signed 32-bit timestamps, i.e.,
+# through 2038-01-19 03:14:07 UTC.
+#Rule	Zion	2028	2053	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2054	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2055	2080	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2081	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2082	max	-	Oct	Sun>=2	2:00	0	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Jerusalem	2:20:56 -	LMT	1880
@@ -1385,6 +1382,16 @@
 # From Arthur David Olson (2009-04-06):
 # We still have Jordan switching to DST on Thursdays in 2000 and 2001.
 
+# From Steffen Thorsen (2012-10-25):
+# Yesterday the government in Jordan announced that they will not
+# switch back to standard time this winter, so the will stay on DST
+# until about the same time next year (at least).
+# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
+#
+# From Paul Eggert (2012-10-25):
+# For now, assume this is just a one-year measure.  If it becomes
+# permanent, we should move Jordan from EET to AST effective tomorrow.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Jordan	1973	only	-	Jun	6	0:00	1:00	S
 Rule	Jordan	1973	1975	-	Oct	1	0:00	0	-
@@ -1413,7 +1420,8 @@
 Rule	Jordan	2003	only	-	Oct	24	0:00s	0	-
 Rule	Jordan	2004	only	-	Oct	15	0:00s	0	-
 Rule	Jordan	2005	only	-	Sep	lastFri	0:00s	0	-
-Rule	Jordan	2006	max	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2006	2011	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2013	max	-	Oct	lastFri	0:00s	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Amman	2:23:44 -	LMT	1931
 			2:00	Jordan	EE%sT
@@ -1858,15 +1866,15 @@
 # shown 8 per cent higher consumption of electricity.
 
 # From Alex Krivenyshev (2008-05-15):
-# 
-# Here is an article that Pakistan plan to introduce Daylight Saving Time 
+#
+# Here is an article that Pakistan plan to introduce Daylight Saving Time
 # on June 1, 2008 for 3 months.
-# 
-# "... The federal cabinet on Wednesday announced a new conservation plan to help 
-# reduce load shedding by approving the closure of commercial centres at 9pm and 
-# moving clocks forward by one hour for the next three months. 
+#
+# "... The federal cabinet on Wednesday announced a new conservation plan to help
+# reduce load shedding by approving the closure of commercial centres at 9pm and
+# moving clocks forward by one hour for the next three months.
 # ...."
-# 
+#
 # <a href="http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html">
 # http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
 # </a>
@@ -1926,7 +1934,7 @@
 # Government has decided to restore the previous time by moving the
 # clocks backward by one hour from October 1. A formal announcement to
 # this effect will be made after the Prime Minister grants approval in
-# this regard." 
+# this regard."
 # <a href="http://www.thenews.com.pk/updates.asp?id=87168">
 # http://www.thenews.com.pk/updates.asp?id=87168
 # </a>
@@ -2222,7 +2230,7 @@
 # <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=306795">
 # http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
 # </a>
-# the clocks were set back one hour at 2010-08-11 00:00:00 local time in 
+# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
 # Gaza and the West Bank.
 # Some more background info:
 # <a href="http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html">
@@ -2261,7 +2269,7 @@
 # The rules for Egypt are stolen from the `africa' file.
 
 # From Steffen Thorsen (2011-09-30):
-# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30 
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
 # 00:00).
 # So West Bank and Gaza now have the same time again.
 #
@@ -2316,6 +2324,8 @@
 
 # From Arthur David Olson (2011-09-20):
 # 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+# From Paul Eggert (2012-10-12):
+# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
@@ -2326,7 +2336,7 @@
 			2:00 Palestine	EE%sT	2011 Apr  2 12:01
 			2:00	1:00	EEST	2011 Aug  1
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 Zone	Asia/Hebron	2:20:23	-	LMT	1900 Oct
@@ -2341,7 +2351,7 @@
 			2:00	-	EET	2011 Aug 30
 			2:00	1:00	EEST	2011 Sep 30 3:00
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28 3:00
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 # Paracel Is
@@ -2535,19 +2545,19 @@
 # having it between Wednesday and Thursday (two workdays in Syria) since the
 # weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
 # it is implemented at midnight of the last workday before weekend...
-# 
+#
 # From Steffen Thorsen (2007-10-27):
 # Jesper Norgaard Welen wrote:
-# 
+#
 # > "Winter local time in Syria will be observed at midnight of Thursday 1
 # > November 2007, and the clock will be put back 1 hour."
-# 
+#
 # I found confirmation on this in this gov.sy-article (Arabic):
 # http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
-# 
+#
 # which using Google's translate tools says:
-# Council of Ministers also approved the commencement of work on 
-# identifying the winter time as of Friday, 2/11/2007 where the 60th 
+# Council of Ministers also approved the commencement of work on
+# identifying the winter time as of Friday, 2/11/2007 where the 60th
 # minute delay at midnight Thursday 1/11/2007.
 Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 
@@ -2613,8 +2623,8 @@
 # </a>
 
 # From Steffen Thorsen (2009-10-27):
-# The Syrian Arab News Network on 2009-09-29 reported that Syria will 
-# revert back to winter (standard) time on midnight between Thursday 
+# The Syrian Arab News Network on 2009-09-29 reported that Syria will
+# revert back to winter (standard) time on midnight between Thursday
 # 2009-10-29 and Friday 2009-10-30:
 # <a href="http://www.sana.sy/ara/2/2009/09/29/247012.htm">
 # http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)
--- a/make/sun/javazic/tzdata/australasia	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/australasia	Fri Nov 09 14:46:34 2012 -0800
@@ -306,9 +306,9 @@
 # </a>
 
 # From Alexander Krivenyshev (2010-10-24):
-# According to Radio Fiji and Fiji Times online, Fiji will end DST 3 
+# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
 # weeks earlier than expected - on March 6, 2011, not March 27, 2011...
-# Here is confirmation from Government of the Republic of the Fiji Islands, 
+# Here is confirmation from Government of the Republic of the Fiji Islands,
 # Ministry of Information (fiji.gov.fj) web site:
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155">
 # http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@@ -319,15 +319,15 @@
 # </a>
 
 # From Steffen Thorsen (2011-10-03):
-# Now the dates have been confirmed, and at least our start date 
+# Now the dates have been confirmed, and at least our start date
 # assumption was correct (end date was one week wrong).
 #
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
 # www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
 # </a>
 # which says
-# Members of the public are reminded to change their time to one hour in 
-# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to 
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
 # 2am on February 26 next year.
 
 # From Ken Rylander (2011-10-24)
@@ -344,15 +344,23 @@
 # The commencement of daylight saving will remain unchanged and start
 # on the  23rd of October, 2011.
 
+# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
+# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
+# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
+# October 2012 and end at 3 am on Sunday 20th January 2013.
+# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
+#
+# From Paul Eggert (2012-08-31):
+# For now, guess a pattern of the penultimate Sundays in October and January.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Fiji	1998	1999	-	Nov	Sun>=1	2:00	1:00	S
 Rule	Fiji	1999	2000	-	Feb	lastSun	3:00	0	-
 Rule	Fiji	2009	only	-	Nov	29	2:00	1:00	S
 Rule	Fiji	2010	only	-	Mar	lastSun	3:00	0	-
-Rule	Fiji	2010	only	-	Oct	24	2:00	1:00	S
+Rule	Fiji	2010	max	-	Oct	Sun>=18	2:00	1:00	S
 Rule	Fiji	2011	only	-	Mar	Sun>=1	3:00	0	-
-Rule	Fiji	2011	only	-	Oct	23	2:00	1:00	S
-Rule	Fiji	2012	only	-	Jan	22	3:00	0	-
+Rule	Fiji	2012	max	-	Jan	Sun>=18	3:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fiji	11:53:40 -	LMT	1915 Oct 26	# Suva
 			12:00	Fiji	FJ%sT	# Fiji Time
@@ -581,7 +589,7 @@
 
 # From David Zuelke (2011-05-09):
 # Subject: Samoa to move timezone from east to west of international date line
-# 
+#
 # <a href="http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963">
 # http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
 # </a>
@@ -643,6 +651,23 @@
 # Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
 # seasons, there is not yet any indication that this trend will continue on
 # a regular basis. For now, we have explicitly listed the transitions below.
+#
+# From Nicky (2012-09-10):
+# Daylight Saving Time commences on Sunday 30th September 2012 and
+# ends on Sunday 7th of April 2013.
+#
+# Please find link below for more information.
+# http://www.mcil.gov.ws/mcil_publications.html
+#
+# That publication also includes dates for Summer of 2013/4 as well
+# which give the impression of a pattern in selecting dates for the
+# future, so for now, we will guess this will continue.
+
+# Western Samoa
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	WS	2012	max	-	Sep	lastSun	3:00	1	D
+Rule	WS	2012	max	-	Apr	Sun>=1	4:00	0	-
+# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Pacific/Apia	 12:33:04 -	LMT	1879 Jul  5
 			-11:26:56 -	LMT	1911
 			-11:30	-	SAMT	1950		# Samoa Time
@@ -650,8 +675,8 @@
 			-11:00	1:00	WSDT	2011 Apr 2 4:00
 			-11:00	-	WST	2011 Sep 24 3:00
 			-11:00	1:00	WSDT	2011 Dec 30
-			 13:00	1:00	WSDT	2012 Apr 1 4:00
-			 13:00	-	WST
+			 13:00	1:00	WSDT	2012 Apr Sun>=1 4:00
+			 13:00	WS	WS%sT
 
 # Solomon Is
 # excludes Bougainville, for which see Papua New Guinea
@@ -663,25 +688,25 @@
 #
 # From Gwillim Law (2011-12-29)
 # A correspondent informed me that Tokelau, like Samoa, will be skipping
-# December 31 this year, thereby changing its time zone from UTC-10 to
-# UTC+14. When I tried to verify this statement, I found a confirming
-# article in Time magazine online
-# <a href="http://www.time.com/time/world/article/0,8599,2103243,00.html">
-# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
-# </a>
+# December 31 this year ...
 #
-# From Jonathan Leffler (2011-12-29)
-# Information from the BBC to the same effect:
-# <a href="http://www.bbc.co.uk/news/world-asia-16351377">
-# http://www.bbc.co.uk/news/world-asia-16351377
-# </a>
+# From Steffen Thorsen (2012-07-25)
+# ... we double checked by calling hotels and offices based in Tokelau asking
+# about the time there, and they all told a time that agrees with UTC+13....
+# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
+# actually was to UTC-11 back then.
 #
-# Patch supplied by Tim Parenti (2011-12-29)
+# From Paul Eggert (2012-07-25)
+# A Google Books snippet of Appendix to the Journals of the House of
+# Representatives of New Zealand, Session 1948,
+# <http://books.google.com/books?id=ZaVCAQAAIAAJ>, page 65, says Tokelau
+# was "11 hours slow on G.M.T."  Go with Thorsen and assume Shanks & Pottenger
+# are off by an hour starting in 1901.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fakaofo	-11:24:56 -	LMT	1901
-			-10:00	-	TKT 2011 Dec 30	# Tokelau Time
-			14:00	-	TKT
+			-11:00	-	TKT 2011 Dec 30	# Tokelau Time
+			13:00	-	TKT
 
 # Tonga
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1362,22 +1387,22 @@
 # See "southeast Australia" above for 2008 and later.
 
 # From Steffen Thorsen (2009-04-28):
-# According to the official press release, South Australia's extended daylight 
-# saving period will continue with the same rules as used during the 2008-2009 
+# According to the official press release, South Australia's extended daylight
+# saving period will continue with the same rules as used during the 2008-2009
 # summer (southern hemisphere).
-# 
+#
 # From
 # <a href="http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf">
 # http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
 # </a>
-# The extended daylight saving period that South Australia has been trialling 
+# The extended daylight saving period that South Australia has been trialling
 # for over the last year is now set to be ongoing.
-# Daylight saving will continue to start on the first Sunday in October each 
+# Daylight saving will continue to start on the first Sunday in October each
 # year and finish on the first Sunday in April the following year.
-# Industrial Relations Minister, Paul Caica, says this provides South Australia 
-# with a consistent half hour time difference with NSW, Victoria, Tasmania and 
+# Industrial Relations Minister, Paul Caica, says this provides South Australia
+# with a consistent half hour time difference with NSW, Victoria, Tasmania and
 # the ACT for all 52 weeks of the year...
-# 
+#
 # We have a wrap-up here:
 # <a href="http://www.timeanddate.com/news/time/south-australia-extends-dst.html">
 # http://www.timeanddate.com/news/time/south-australia-extends-dst.html
--- a/make/sun/javazic/tzdata/europe	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/europe	Fri Nov 09 14:46:34 2012 -0800
@@ -597,12 +597,12 @@
 # According to Kremlin press service, Russian President Dmitry Medvedev
 # signed a federal law "On calculation of time" on June 9, 2011.
 # According to the law Russia is abolishing daylight saving time.
-# 
-# Medvedev signed a law "On the Calculation of Time" (in russian): 
+#
+# Medvedev signed a law "On the Calculation of Time" (in russian):
 # <a href="http://bmockbe.ru/events/?ID=7583">
 # http://bmockbe.ru/events/?ID=7583
 # </a>
-# 
+#
 # Medvedev signed a law on the calculation of the time (in russian):
 # <a href="http://www.regnum.ru/news/polit/1413906.html">
 # http://www.regnum.ru/news/polit/1413906.html
@@ -1710,7 +1710,7 @@
 # From Alexander Krivenyshev (2011-10-26)
 # NO need to divide Moldova into two timezones at this point.
 # As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
-# decision to abolish DST this winter. 
+# decision to abolish DST this winter.
 # Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
 # Tiraspol will go back to winter time on October 30, 2011.
 # News from Moldova (in russian):
@@ -2600,11 +2600,11 @@
 # http://www.alomaliye.com/bkk_2002_3769.htm
 
 # From G&ouml;kdeniz Karada&#x011f; (2011-03-10):
-# 
+#
 # According to the articles linked below, Turkey will change into summer
 # time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
 # This change is due to a nationwide exam on 27th.
-# 
+#
 # <a href="http://www.worldbulletin.net/?aType=haber&ArticleID=70872">
 # http://www.worldbulletin.net/?aType=haber&ArticleID=70872
 # </a>
@@ -2721,7 +2721,7 @@
 # time this year after all.
 #
 # From Udo Schwedt (2011-10-18):
-# As far as I understand, the recent change to the Ukranian time zone 
+# As far as I understand, the recent change to the Ukranian time zone
 # (Europe/Kiev) to introduce permanent daylight saving time (similar
 # to Russia) was reverted today:
 #
--- a/make/sun/javazic/tzdata/leapseconds	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/leapseconds	Fri Nov 09 14:46:34 2012 -0800
@@ -100,8 +100,8 @@
 #
 #
 # A positive leap second will be introduced at the end of June 2012.
-# The sequence of dates of the UTC second markers will be:		
-# 		
+# The sequence of dates of the UTC second markers will be:
+#
 #                          2012 June 30,     23h 59m 59s
 #                          2012 June 30,     23h 59m 60s
 #                          2012 July  1,      0h  0m  0s
@@ -118,6 +118,6 @@
 #
 #
 # Daniel GAMBIS
-# Head		
+# Head
 # Earth Orientation Center of IERS
 # Observatoire de Paris, France
--- a/make/sun/javazic/tzdata/northamerica	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/northamerica	Fri Nov 09 14:46:34 2012 -0800
@@ -501,7 +501,7 @@
 			 -8:00	US	P%sT	1946
 			 -8:00	-	PST	1969
 			 -8:00	US	P%sT	1980 Apr 27 2:00
-			 -9:00	US	Y%sT	1980 Oct 26 2:00	
+			 -9:00	US	Y%sT	1980 Oct 26 2:00
 			 -8:00	US	P%sT	1983 Oct 30 2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
@@ -1866,7 +1866,7 @@
 # Here is a summary of the three clock change events in Creston's history:
 # 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
 # Exact date unknown
-# 2. Oct 1916: switch to Pacific Standard Time (GMT-8) 
+# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
 # Exact date in October unknown;  Sunday October 1 is a reasonable guess.
 # 3. June 1918: switch to Pacific Daylight Time (GMT-7)
 # Exact date in June unknown; Sunday June 2 is a reasonable guess.
@@ -2696,20 +2696,20 @@
 # except that it switches at midnight standard time as usual.
 #
 # From Steffen Thorsen (2007-10-25):
-# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week 
+# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
 # earlier - on the last Sunday of October, just like in 2006.
-# 
+#
 # He supplied these references:
-# 
+#
 # http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
 # http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
-# 
+#
 # From Alex Kryvenishev (2007-10-25):
 # Here is also article from Granma (Cuba):
-# 
+#
 # [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
 # http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
-# 
+#
 # http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
 
 # From Arthur David Olson (2008-03-09):
@@ -2793,7 +2793,7 @@
 # </a>
 #
 # From Steffen Thorsen (2011-10-30)
-# Cuba will end DST two weeks later this year. Instead of going back 
+# Cuba will end DST two weeks later this year. Instead of going back
 # tonight, it has been delayed to 2011-11-13 at 01:00.
 #
 # One source (Spanish)
@@ -2805,11 +2805,11 @@
 # <a href="http://www.timeanddate.com/news/time/cuba-time-changes-2011.html">
 # http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
 # </a>
-# 
+#
 # From Steffen Thorsen (2012-03-01)
-# According to Radio Reloj, Cuba will start DST on Midnight between March 
+# According to Radio Reloj, Cuba will start DST on Midnight between March
 # 31 and April 1.
-# 
+#
 # Radio Reloj has the following info (Spanish):
 # <a href="http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril">
 # http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@@ -2820,6 +2820,13 @@
 # http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
 # </a>
 
+# From Steffen Thorsen (2012-11-03):
+# Radio Reloj and many other sources report that Cuba is changing back
+# to standard time on 2012-11-04:
+# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
+# From Paul Eggert (2012-11-03):
+# For now, assume the future rule is first Sunday in November.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Cuba	1928	only	-	Jun	10	0:00	1:00	D
 Rule	Cuba	1928	only	-	Oct	10	0:00	0	S
@@ -2857,7 +2864,7 @@
 Rule	Cuba	2011	only	-	Mar	Sun>=15	0:00s	1:00	D
 Rule	Cuba	2011	only	-	Nov	13	0:00s	0	S
 Rule	Cuba	2012	only	-	Apr	1	0:00s	1:00	D
-Rule	Cuba	2012	max	-	Oct	lastSun	0:00s	0	S
+Rule	Cuba	2012	max	-	Nov	Sun>=1	0:00s	0	S
 Rule	Cuba	2013	max	-	Mar	Sun>=8	0:00s	1:00	D
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
--- a/make/sun/javazic/tzdata/southamerica	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/sun/javazic/tzdata/southamerica	Fri Nov 09 14:46:34 2012 -0800
@@ -254,7 +254,7 @@
 Rule	Arg	2007	only	-	Dec	30	0:00	1:00	S
 Rule	Arg	2008	2009	-	Mar	Sun>=15	0:00	0	-
 Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
- 
+
 # From Mariano Absatz (2004-05-21):
 # Today it was officially published that the Province of Mendoza is changing
 # its timezone this winter... starting tomorrow night....
@@ -344,9 +344,9 @@
 # confirms what Alex Krivenyshev has earlier sent to the tz
 # emailing list about that San Luis plans to return to standard
 # time much earlier than the rest of the country. It also
-# confirms that upon request the provinces San Juan and Mendoza 
-# refused to follow San Luis in this change. 
-# 
+# confirms that upon request the provinces San Juan and Mendoza
+# refused to follow San Luis in this change.
+#
 # The change is supposed to take place Monday the 21.st at 0:00
 # hours. As far as I understand it if this goes ahead, we need
 # a new timezone for San Luis (although there are also documented
@@ -408,7 +408,7 @@
 # <a href="http://www.lanacion.com.ar/nota.asp?nota_id=1107912">
 # http://www.lanacion.com.ar/nota.asp?nota_id=1107912
 # </a>
-# 
+#
 # The press release says:
 #  (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
 # atrasar una hora sus relojes.
@@ -822,8 +822,8 @@
 #
 # From Alexander Krivenyshev (2011-10-04):
 # State Bahia will return to Daylight savings time this year after 8 years off.
-# The announcement was made by Governor Jaques Wagner in an interview to a 
-# television station in Salvador. 
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
 
 # In Portuguese:
 # <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
@@ -852,6 +852,15 @@
 # http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
 # </a>
 
+# From Kelley Cook (2012-10-16):
+# The governor of state of Bahia in Brazil announced on Thursday that
+# due to public pressure, he is reversing the DST policy they implemented
+# last year and will not be going to Summer Time on October 21st....
+# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
+
+# From Rodrigo Severo (2012-10-16):
+# Tocantins state will have DST.
+# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@@ -1071,7 +1080,8 @@
 			-3:00	Brazil	BR%sT	1990 Sep 17
 			-3:00	-	BRT	1995 Sep 14
 			-3:00	Brazil	BR%sT	2003 Sep 24
-			-3:00	-	BRT
+			-3:00	-	BRT	2012 Oct 21
+			-3:00	Brazil	BR%sT
 #
 # Alagoas (AL), Sergipe (SE)
 Zone America/Maceio	-2:22:52 -	LMT	1914
@@ -1090,7 +1100,8 @@
 Zone America/Bahia	-2:34:04 -	LMT	1914
 			-3:00	Brazil	BR%sT	2003 Sep 24
 			-3:00	-	BRT	2011 Oct 16
-			-3:00	Brazil	BR%sT
+			-3:00	Brazil	BR%sT	2012 Oct 21
+			-3:00	-	BRT
 #
 # Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
 # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@@ -1182,7 +1193,7 @@
 # Due to drought, Chile extends Daylight Time in three weeks.  This
 # is one-time change (Saturday 3/29 at 24:00 for America/Santiago
 # and Saturday 3/29 at 22:00 for Pacific/Easter)
-# The Supreme Decree is located at 
+# The Supreme Decree is located at
 # <a href="http://www.shoa.cl/servicios/supremo316.pdf">
 # http://www.shoa.cl/servicios/supremo316.pdf
 # </a>
@@ -1193,7 +1204,7 @@
 
 # From Jose Miguel Garrido (2008-03-05):
 # ...
-# You could see the announces of the change on 
+# You could see the announces of the change on
 # <a href="http://www.shoa.cl/noticias/2008/04hora/hora.htm">
 # http://www.shoa.cl/noticias/2008/04hora/hora.htm
 # </a>.
--- a/make/tools/GenerateCharacter/CharacterData01.java.template	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/GenerateCharacter/CharacterData01.java.template	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -311,6 +311,8 @@
             case 0x011063: retval = 90; break;     // BRAHMI NUMBER NINETY
             case 0x011064: retval = 100; break;    // BRAHMI NUMBER ONE HUNDRED
             case 0x011065: retval = 1000; break;   // BRAHMI NUMBER ONE THOUSAND
+            case 0x012432: retval = 216000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
+            case 0x012433: retval = 432000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
             case 0x01D36C: retval = 40; break;     // COUNTING ROD TENS DIGIT FOUR
             case 0x01D36D: retval = 50; break;     // COUNTING ROD TENS DIGIT FIVE
             case 0x01D36E: retval = 60; break;     // COUNTING ROD TENS DIGIT SIX
--- a/make/tools/UnicodeData/PropList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/UnicodeData/PropList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
--- a/make/tools/UnicodeData/Scripts.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/UnicodeData/Scripts.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
@@ -146,7 +146,7 @@
 208A..208C    ; Common # Sm   [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
 208D          ; Common # Ps       SUBSCRIPT LEFT PARENTHESIS
 208E          ; Common # Pe       SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9    ; Common # Sc  [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA    ; Common # Sc  [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
 2100..2101    ; Common # So   [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
 2102          ; Common # L&       DOUBLE-STRUCK CAPITAL C
 2103..2106    ; Common # So   [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
 E0001         ; Common # Cf       LANGUAGE TAG
 E0020..E007F  ; Common # Cf  [96] TAG SPACE..CANCEL TAG
 
-# Total code points: 6412
+# Total code points: 6413
 
 # ================================================
 
@@ -760,7 +760,7 @@
 061E          ; Arabic # Po       ARABIC TRIPLE DOT PUNCTUATION MARK
 0620..063F    ; Arabic # Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
 0641..064A    ; Arabic # Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E    ; Arabic # Mn   [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F    ; Arabic # Mn  [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
 066A..066D    ; Arabic # Po   [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
 066E..066F    ; Arabic # Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
 0671..06D3    ; Arabic # Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
 1EEAB..1EEBB  ; Arabic # Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
 1EEF0..1EEF1  ; Arabic # Sm   [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
 
-# Total code points: 1234
+# Total code points: 1235
 
 # ================================================
 
@@ -1477,7 +1477,6 @@
 0300..036F    ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
 0485..0486    ; Inherited # Mn   [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
 064B..0655    ; Inherited # Mn  [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F          ; Inherited # Mn       ARABIC WAVY HAMZA BELOW
 0670          ; Inherited # Mn       ARABIC LETTER SUPERSCRIPT ALEF
 0951..0952    ; Inherited # Mn   [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
 1CD0..1CD2    ; Inherited # Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
 1D1AA..1D1AD  ; Inherited # Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
 E0100..E01EF  ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
 
-# Total code points: 524
+# Total code points: 523
 
 # ================================================
 
--- a/make/tools/UnicodeData/SpecialCasing.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/UnicodeData/SpecialCasing.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# SpecialCasing-6.1.0.txt
-# Date: 2011-11-27, 05:10:51 GMT [MD]
+# SpecialCasing-6.2.0.txt
+# Date: 2012-05-23, 20:35:15 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 #
--- a/make/tools/UnicodeData/UnicodeData.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/UnicodeData/UnicodeData.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -7190,6 +7190,7 @@
 20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
 20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
 20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
 20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
 20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
 20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@@ -18703,8 +18704,8 @@
 1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
 12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
 12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
-12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
-12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
+12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
+12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
 12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
 12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
 12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@@ -18739,8 +18740,8 @@
 12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
 12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
 12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
-12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
-12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
+12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
+12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
 12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
 12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
 1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;
--- a/make/tools/UnicodeData/VERSION	Thu Nov 08 11:52:26 2012 -0800
+++ b/make/tools/UnicodeData/VERSION	Fri Nov 09 14:46:34 2012 -0800
@@ -1,1 +1,1 @@
-6.1.0
+6.2.0
--- a/makefiles/GendataTimeZone.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/makefiles/GendataTimeZone.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 GENDATA_TIMEZONE :=
 
 # TODO: read from make/sun/javazic/tzdata/VERSION
-GENDATA_TIMEZONE_VERSION := tzdata2012c
+GENDATA_TIMEZONE_VERSION := tzdata2012i
 
 GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
 GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone
--- a/makefiles/Setup.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/makefiles/Setup.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -45,7 +45,7 @@
      JVM:=$(JAVA),\
      JAVAC:=$(JAVAC_JARS),\
      JAVAH:=$(JAVAH_JARS),\
-     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
+     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
      SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
      SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
 
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,12 +55,25 @@
     }
 
     static {
-        validTypes = new HashSet<String>(4);
+        validTypes = new HashSet<String>(17);
         validTypes.add("PBEWithMD5AndDES".toUpperCase());
         validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
         validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
         // Proprietary algorithm.
         validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
     }
 
     public static final class PBEWithMD5AndDES
@@ -84,6 +97,27 @@
         }
     }
 
+    public static final class PBEWithSHA1AndRC2_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC2_128()  {
+            super("PBEWithSHA1AndRC2_128");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_40()  {
+            super("PBEWithSHA1AndRC4_40");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_128()  {
+            super("PBEWithSHA1AndRC4_128");
+        }
+    }
+
     /*
      * Private proprietary algorithm for supporting JCEKS.
      */
@@ -94,6 +128,75 @@
         }
     }
 
+    public static final class PBEWithHmacSHA1AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_128()  {
+            super("PBEWithHmacSHA1AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_128()  {
+            super("PBEWithHmacSHA224AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_128()  {
+            super("PBEWithHmacSHA256AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_128()  {
+            super("PBEWithHmacSHA384AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_128()  {
+            super("PBEWithHmacSHA512AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA1AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_256()  {
+            super("PBEWithHmacSHA1AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_256()  {
+            super("PBEWithHmacSHA224AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_256()  {
+            super("PBEWithHmacSHA256AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_256()  {
+            super("PBEWithHmacSHA384AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_256()  {
+            super("PBEWithHmacSHA512AndAES_256");
+        }
+    }
 
     /**
      * Generates a <code>SecretKey</code> object from the provided key
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,9 @@
     // the iteration count
     private int iCount = 0;
 
+    // the cipher parameter
+    private AlgorithmParameterSpec cipherParam = null;
+
     protected void engineInit(AlgorithmParameterSpec paramSpec)
         throws InvalidParameterSpecException
    {
@@ -66,6 +69,7 @@
        }
        this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
        this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+       this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
     }
 
     protected void engineInit(byte[] encoded)
@@ -102,7 +106,8 @@
         throws InvalidParameterSpecException
     {
         if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
+            return paramSpec.cast(
+                new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/crypto/provider/PBES1Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+final class PBES1Core {
+
+    // the encapsulated DES cipher
+    private CipherCore cipher;
+    private MessageDigest md;
+    private int blkSize;
+    private String algo = null;
+    private byte[] salt = null;
+    private int iCount = 10;
+
+    /**
+     * Creates an instance of PBE Cipher using the specified CipherSpi
+     * instance.
+     *
+     */
+    PBES1Core(String cipherAlg) throws NoSuchAlgorithmException,
+        NoSuchPaddingException {
+        algo = cipherAlg;
+        if (algo.equals("DES")) {
+            cipher = new CipherCore(new DESCrypt(),
+                                    DESConstants.DES_BLOCK_SIZE);
+        } else if (algo.equals("DESede")) {
+
+            cipher = new CipherCore(new DESedeCrypt(),
+                                    DESConstants.DES_BLOCK_SIZE);
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation " +
+                                               "for PBEWithMD5And" + algo);
+        }
+        cipher.setMode("CBC");
+        cipher.setPadding("PKCS5Padding");
+        // get instance of MD5
+        md = MessageDigest.getInstance("MD5");
+    }
+
+    /**
+     * Sets the mode of this cipher. This algorithm can only be run in CBC
+     * mode.
+     *
+     * @param mode the cipher mode
+     *
+     * @exception NoSuchAlgorithmException if the requested cipher mode is
+     * invalid
+     */
+    void setMode(String mode) throws NoSuchAlgorithmException {
+        cipher.setMode(mode);
+    }
+
+     /**
+     * Sets the padding mechanism of this cipher. This algorithm only uses
+     * PKCS #5 padding.
+     *
+     * @param padding the padding mechanism
+     *
+     * @exception NoSuchPaddingException if the requested padding mechanism
+     * is invalid
+     */
+    void setPadding(String paddingScheme) throws NoSuchPaddingException {
+        cipher.setPadding(paddingScheme);
+    }
+
+    /**
+     * Returns the block size (in bytes).
+     *
+     * @return the block size (in bytes)
+     */
+    int getBlockSize() {
+        return DESConstants.DES_BLOCK_SIZE;
+    }
+
+    /**
+     * Returns the length in bytes that an output buffer would need to be in
+     * order to hold the result of the next <code>update</code> or
+     * <code>doFinal</code> operation, given the input length
+     * <code>inputLen</code> (in bytes).
+     *
+     * <p>This call takes into account any unprocessed (buffered) data from a
+     * previous <code>update</code> call, and padding.
+     *
+     * <p>The actual output length of the next <code>update</code> or
+     * <code>doFinal</code> call may be smaller than the length returned by
+     * this method.
+     *
+     * @param inputLen the input length (in bytes)
+     *
+     * @return the required output buffer size (in bytes)
+     *
+     */
+    int getOutputSize(int inputLen) {
+        return cipher.getOutputSize(inputLen);
+    }
+
+    /**
+     * Returns the initialization vector (IV) in a new buffer.
+     *
+     * <p> This is useful in the case where a random IV has been created
+     * (see <a href = "#init">init</a>),
+     * or in the context of password-based encryption or
+     * decryption, where the IV is derived from a user-supplied password.
+     *
+     * @return the initialization vector in a new buffer, or null if the
+     * underlying algorithm does not use an IV, or if the IV has not yet
+     * been set.
+     */
+    byte[] getIV() {
+        return cipher.getIV();
+    }
+
+    /**
+     * Returns the parameters used with this cipher.
+     *
+     * <p>The returned parameters may be the same that were used to initialize
+     * this cipher, or may contain the default set of parameters or a set of
+     * randomly generated parameters used by the underlying cipher
+     * implementation (provided that the underlying cipher implementation
+     * uses a default set of parameters or creates new parameters if it needs
+     * parameters but was not initialized with any).
+     *
+     * @return the parameters used with this cipher, or null if this cipher
+     * does not use any parameters.
+     */
+    AlgorithmParameters getParameters() {
+        AlgorithmParameters params = null;
+        if (salt == null) {
+            salt = new byte[8];
+            SunJCE.RANDOM.nextBytes(salt);
+        }
+        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
+        try {
+            params = AlgorithmParameters.getInstance("PBEWithMD5And" +
+                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        } catch (NoSuchProviderException nspe) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        }
+        try {
+            params.init(pbeSpec);
+        } catch (InvalidParameterSpecException ipse) {
+            // should never happen
+            throw new RuntimeException("PBEParameterSpec not supported");
+        }
+        return params;
+    }
+
+    /**
+     * Initializes this cipher with a key, a set of
+     * algorithm parameters, and a source of randomness.
+     * The cipher is initialized for one of the following four operations:
+     * encryption, decryption, key wrapping or key unwrapping, depending on
+     * the value of <code>opmode</code>.
+     *
+     * <p>If this cipher (including its underlying feedback or padding scheme)
+     * requires any random bytes, it will get them from <code>random</code>.
+     *
+     * @param opmode the operation mode of this cipher (this is one of
+     * the following:
+     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
+     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * @param key the encryption key
+     * @param params the algorithm parameters
+     * @param random the source of randomness
+     *
+     * @exception InvalidKeyException if the given key is inappropriate for
+     * initializing this cipher
+     * @exception InvalidAlgorithmParameterException if the given algorithm
+     * parameters are inappropriate for this cipher
+     */
+    void init(int opmode, Key key, AlgorithmParameterSpec params,
+              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (((opmode == Cipher.DECRYPT_MODE) ||
+             (opmode == Cipher.UNWRAP_MODE)) && (params == null)) {
+            throw new InvalidAlgorithmParameterException("Parameters "
+                                                         + "missing");
+        }
+        if ((key == null) ||
+            (key.getEncoded() == null) ||
+            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+            throw new InvalidKeyException("Missing password");
+        }
+
+        if (params == null) {
+            // create random salt and use default iteration count
+            salt = new byte[8];
+            random.nextBytes(salt);
+        } else {
+            if (!(params instanceof PBEParameterSpec)) {
+                throw new InvalidAlgorithmParameterException
+                    ("Wrong parameter type: PBE expected");
+            }
+            salt = ((PBEParameterSpec) params).getSalt();
+            // salt must be 8 bytes long (by definition)
+            if (salt.length != 8) {
+                throw new InvalidAlgorithmParameterException
+                    ("Salt must be 8 bytes long");
+            }
+            iCount = ((PBEParameterSpec) params).getIterationCount();
+            if (iCount <= 0) {
+                throw new InvalidAlgorithmParameterException
+                    ("IterationCount must be a positive number");
+            }
+        }
+
+        byte[] derivedKey = deriveCipherKey(key);
+        // use all but the last 8 bytes as the key value
+        SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
+                                                    derivedKey.length-8, algo);
+        // use the last 8 bytes as the IV
+        IvParameterSpec ivSpec = new IvParameterSpec(derivedKey,
+                                                     derivedKey.length-8,
+                                                     8);
+        // initialize the underlying cipher
+        cipher.init(opmode, cipherKey, ivSpec, random);
+    }
+
+    private byte[] deriveCipherKey(Key key) {
+
+        byte[] result = null;
+        byte[] passwdBytes = key.getEncoded();
+
+        if (algo.equals("DES")) {
+            // P || S (password concatenated with salt)
+            byte[] concat = new byte[passwdBytes.length + salt.length];
+            System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
+            java.util.Arrays.fill(passwdBytes, (byte)0x00);
+            System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
+
+            // digest P || S with c iterations
+            byte[] toBeHashed = concat;
+            for (int i = 0; i < iCount; i++) {
+                md.update(toBeHashed);
+                toBeHashed = md.digest(); // this resets the digest
+            }
+            java.util.Arrays.fill(concat, (byte)0x00);
+            result = toBeHashed;
+        } else if (algo.equals("DESede")) {
+            // if the 2 salt halves are the same, invert one of them
+            int i;
+            for (i=0; i<4; i++) {
+                if (salt[i] != salt[i+4])
+                    break;
+            }
+            if (i==4) { // same, invert 1st half
+                for (i=0; i<2; i++) {
+                    byte tmp = salt[i];
+                    salt[i] = salt[3-i];
+                    salt[3-1] = tmp;
+                }
+            }
+
+            // Now digest each half (concatenated with password). For each
+            // half, go through the loop as many times as specified by the
+            // iteration count parameter (inner for loop).
+            // Concatenate the output from each digest round with the
+            // password, and use the result as the input to the next digest
+            // operation.
+            byte[] kBytes = null;
+            IvParameterSpec iv = null;
+            byte[] toBeHashed = null;
+            result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
+                              DESConstants.DES_BLOCK_SIZE];
+            for (i = 0; i < 2; i++) {
+                toBeHashed = new byte[salt.length/2];
+                System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0,
+                                 toBeHashed.length);
+                for (int j=0; j < iCount; j++) {
+                    md.update(toBeHashed);
+                    md.update(passwdBytes);
+                    toBeHashed = md.digest(); // this resets the digest
+                }
+                System.arraycopy(toBeHashed, 0, result, i*16,
+                                 toBeHashed.length);
+            }
+        }
+        return result;
+    }
+
+    void init(int opmode, Key key, AlgorithmParameters params,
+              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        PBEParameterSpec pbeSpec = null;
+        if (params != null) {
+            try {
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+            } catch (InvalidParameterSpecException ipse) {
+                throw new InvalidAlgorithmParameterException("Wrong parameter "
+                                                             + "type: PBE "
+                                                             + "expected");
+            }
+        }
+        init(opmode, key, pbeSpec, random);
+    }
+
+    /**
+     * Continues a multiple-part encryption or decryption operation
+     * (depending on how this cipher was initialized), processing another data
+     * part.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, are processed, and the
+     * result is stored in a new buffer.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     *
+     * @return the new buffer with the result
+     *
+     */
+    byte[] update(byte[] input, int inputOffset, int inputLen) {
+        return cipher.update(input, inputOffset, inputLen);
+    }
+
+    /**
+     * Continues a multiple-part encryption or decryption operation
+     * (depending on how this cipher was initialized), processing another data
+     * part.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, are processed, and the
+     * result is stored in the <code>output</code> buffer, starting at
+     * <code>outputOffset</code>.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     * @param output the buffer for the result
+     * @param outputOffset the offset in <code>output</code> where the result
+     * is stored
+     *
+     * @return the number of bytes stored in <code>output</code>
+     *
+     * @exception ShortBufferException if the given output buffer is too small
+     * to hold the result
+     */
+    int update(byte[] input, int inputOffset, int inputLen,
+               byte[] output, int outputOffset)
+        throws ShortBufferException {
+        return cipher.update(input, inputOffset, inputLen,
+                             output, outputOffset);
+    }
+
+    /**
+     * Encrypts or decrypts data in a single-part operation,
+     * or finishes a multiple-part operation.
+     * The data is encrypted or decrypted, depending on how this cipher was
+     * initialized.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, and any input bytes that
+     * may have been buffered during a previous <code>update</code> operation,
+     * are processed, with padding (if requested) being applied.
+     * The result is stored in a new buffer.
+     *
+     * <p>The cipher is reset to its initial state (uninitialized) after this
+     * call.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     *
+     * @return the new buffer with the result
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block cipher,
+     * no padding has been requested (only in encryption mode), and the total
+     * input length of the data processed by this cipher is not a multiple of
+     * block size
+     * @exception BadPaddingException if decrypting and padding is choosen,
+     * but the last input data does not have proper padding bytes.
+     */
+    byte[] doFinal(byte[] input, int inputOffset, int inputLen)
+        throws IllegalBlockSizeException, BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen);
+    }
+
+    /**
+     * Encrypts or decrypts data in a single-part operation,
+     * or finishes a multiple-part operation.
+     * The data is encrypted or decrypted, depending on how this cipher was
+     * initialized.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, and any input bytes that
+     * may have been buffered during a previous <code>update</code> operation,
+     * are processed, with padding (if requested) being applied.
+     * The result is stored in the <code>output</code> buffer, starting at
+     * <code>outputOffset</code>.
+     *
+     * <p>The cipher is reset to its initial state (uninitialized) after this
+     * call.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     * @param output the buffer for the result
+     * @param outputOffset the offset in <code>output</code> where the result
+     * is stored
+     *
+     * @return the number of bytes stored in <code>output</code>
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block cipher,
+     * no padding has been requested (only in encryption mode), and the total
+     * input length of the data processed by this cipher is not a multiple of
+     * block size
+     * @exception ShortBufferException if the given output buffer is too small
+     * to hold the result
+     * @exception BadPaddingException if decrypting and padding is choosen,
+     * but the last input data does not have proper padding bytes.
+     */
+    int doFinal(byte[] input, int inputOffset, int inputLen,
+                byte[] output, int outputOffset)
+        throws ShortBufferException, IllegalBlockSizeException,
+               BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen,
+                                    output, outputOffset);
+    }
+
+    /**
+     * Wrap a key.
+     *
+     * @param key the key to be wrapped.
+     *
+     * @return the wrapped key.
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block
+     * cipher, no padding has been requested, and the length of the
+     * encoding of the key to be wrapped is not a
+     * multiple of the block size.
+     *
+     * @exception InvalidKeyException if it is impossible or unsafe to
+     * wrap the key with this cipher (e.g., a hardware protected key is
+     * being passed to a software only cipher).
+     */
+    byte[] wrap(Key key)
+        throws IllegalBlockSizeException, InvalidKeyException {
+        byte[] result = null;
+
+        try {
+            byte[] encodedKey = key.getEncoded();
+            if ((encodedKey == null) || (encodedKey.length == 0)) {
+                throw new InvalidKeyException("Cannot get an encoding of " +
+                                              "the key to be wrapped");
+            }
+
+            result = doFinal(encodedKey, 0, encodedKey.length);
+        } catch (BadPaddingException e) {
+            // Should never happen
+        }
+
+        return result;
+    }
+
+    /**
+     * Unwrap a previously wrapped key.
+     *
+     * @param wrappedKey the key to be unwrapped.
+     *
+     * @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
+     *
+     * @param wrappedKeyType the type of the wrapped key.
+     * This is one of <code>Cipher.SECRET_KEY</code>,
+     * <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>.
+     *
+     * @return the unwrapped key.
+     *
+     * @exception NoSuchAlgorithmException if no installed providers
+     * can create keys of type <code>wrappedKeyType</code> for the
+     * <code>wrappedKeyAlgorithm</code>.
+     *
+     * @exception InvalidKeyException if <code>wrappedKey</code> does not
+     * represent a wrapped key of type <code>wrappedKeyType</code> for
+     * the <code>wrappedKeyAlgorithm</code>.
+     */
+    Key unwrap(byte[] wrappedKey,
+               String wrappedKeyAlgorithm,
+               int wrappedKeyType)
+        throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] encodedKey;
+        try {
+            encodedKey = doFinal(wrappedKey, 0, wrappedKey.length);
+        } catch (BadPaddingException ePadding) {
+            throw new InvalidKeyException("The wrapped key is not padded " +
+                                          "correctly");
+        } catch (IllegalBlockSizeException eBlockSize) {
+            throw new InvalidKeyException("The wrapped key does not have " +
+                                          "the correct length");
+        }
+        return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm,
+                                          wrappedKeyType);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/crypto/provider/PBES2Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.interfaces.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ * These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
+ * Padding is done as described in PKCS #5.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+abstract class PBES2Core extends CipherSpi {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    // the encapsulated cipher
+    private final CipherCore cipher;
+    private final int keyLength; // in bits
+    private final int blkSize; // in bits
+    private final PBKDF2Core kdf;
+    private final String pbeAlgo;
+    private final String cipherAlgo;
+    private int iCount = DEFAULT_COUNT;
+    private byte[] salt = null;
+    private IvParameterSpec ivSpec = null;
+
+    /**
+     * Creates an instance of PBE Scheme 2 according to the selected
+     * password-based key derivation function and encryption scheme.
+     */
+    PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
+        throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+        this.cipherAlgo = cipherAlgo;
+        keyLength = keySize * 8;
+        pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
+
+        if (cipherAlgo.equals("AES")) {
+            blkSize = AESConstants.AES_BLOCK_SIZE;
+            cipher = new CipherCore(new AESCrypt(), blkSize);
+
+            switch(kdfAlgo) {
+            case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+            case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+            case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+            case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+            case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+            default:
+                throw new NoSuchAlgorithmException(
+                    "No Cipher implementation for " + kdfAlgo);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation for " +
+                                               pbeAlgo);
+        }
+        cipher.setMode("CBC");
+        cipher.setPadding("PKCS5Padding");
+    }
+
+    protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+        if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
+            throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
+        }
+    }
+
+    protected void engineSetPadding(String paddingScheme)
+        throws NoSuchPaddingException {
+        if ((paddingScheme != null) &&
+            (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
+            throw new NoSuchPaddingException("Invalid padding scheme: " +
+                                             paddingScheme);
+        }
+    }
+
+    protected int engineGetBlockSize() {
+        return blkSize;
+    }
+
+    protected int engineGetOutputSize(int inputLen) {
+        return cipher.getOutputSize(inputLen);
+    }
+
+    protected byte[] engineGetIV() {
+        return cipher.getIV();
+    }
+
+    protected AlgorithmParameters engineGetParameters() {
+        AlgorithmParameters params = null;
+        if (salt == null) {
+            // generate random salt and use default iteration count
+            salt = new byte[DEFAULT_SALT_LENGTH];
+            SunJCE.RANDOM.nextBytes(salt);
+            iCount = DEFAULT_COUNT;
+        }
+        if (ivSpec == null) {
+            // generate random IV
+            byte[] ivBytes = new byte[blkSize];
+            SunJCE.RANDOM.nextBytes(ivBytes);
+            ivSpec = new IvParameterSpec(ivBytes);
+        }
+        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
+        try {
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        } catch (NoSuchProviderException nspe) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        }
+        try {
+            params.init(pbeSpec);
+        } catch (InvalidParameterSpecException ipse) {
+            // should never happen
+            throw new RuntimeException("PBEParameterSpec not supported");
+        }
+        return params;
+    }
+
+    protected void engineInit(int opmode, Key key, SecureRandom random)
+        throws InvalidKeyException {
+        try {
+            engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+        } catch (InvalidAlgorithmParameterException ie) {
+            InvalidKeyException ike =
+                new InvalidKeyException("requires PBE parameters");
+            ike.initCause(ie);
+            throw ike;
+        }
+    }
+
+    protected void engineInit(int opmode, Key key,
+                              AlgorithmParameterSpec params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+        if ((key == null) ||
+            (key.getEncoded() == null) ||
+            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+            throw new InvalidKeyException("Missing password");
+        }
+
+        // TBD: consolidate the salt, ic and IV parameter checks below
+
+        // Extract salt and iteration count from the key, if present
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+            if (salt != null && salt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+            if (iCount == 0) {
+                iCount = DEFAULT_COUNT;
+            } else if (iCount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+        }
+
+        // Extract salt, iteration count and IV from the params, if present
+        if (params == null) {
+            if (salt == null) {
+                // generate random salt and use default iteration count
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                random.nextBytes(salt);
+                iCount = DEFAULT_COUNT;
+            }
+            if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            }
+        } else {
+            if (!(params instanceof PBEParameterSpec)) {
+                throw new InvalidAlgorithmParameterException
+                    ("Wrong parameter type: PBE expected");
+            }
+            // salt and iteration count from the params take precedence
+            byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+            if (specSalt != null && specSalt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            salt = specSalt;
+            int specICount = ((PBEParameterSpec) params).getIterationCount();
+            if (specICount == 0) {
+                specICount = DEFAULT_COUNT;
+            } else if (specICount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+            iCount = specICount;
+
+            AlgorithmParameterSpec specParams =
+                ((PBEParameterSpec) params).getParameterSpec();
+            if (specParams != null) {
+                if (specParams instanceof IvParameterSpec) {
+                    ivSpec = (IvParameterSpec)specParams;
+                } else {
+                    throw new InvalidAlgorithmParameterException(
+                        "Wrong parameter type: IV expected");
+                }
+            } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            } else {
+                throw new InvalidAlgorithmParameterException(
+                    "Missing parameter type: IV expected");
+            }
+        }
+
+        SecretKeySpec cipherKey = null;
+        byte[] derivedKey = null;
+        byte[] passwdBytes = key.getEncoded();
+        char[] passwdChars = new char[passwdBytes.length];
+
+        for (int i=0; i<passwdChars.length; i++)
+            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+        java.util.Arrays.fill(passwdBytes, (byte)0x00);
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        derivedKey = s.getEncoded();
+        cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
+
+        // initialize the underlying cipher
+        cipher.init(opmode, cipherKey, ivSpec, random);
+    }
+
+    protected void engineInit(int opmode, Key key, AlgorithmParameters params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        AlgorithmParameterSpec pbeSpec = null;
+        if (params != null) {
+            try {
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+            } catch (InvalidParameterSpecException ipse) {
+                throw new InvalidAlgorithmParameterException(
+                    "Wrong parameter type: PBE expected");
+            }
+        }
+        engineInit(opmode, key, pbeSpec, random);
+    }
+
+    protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+        return cipher.update(input, inputOffset, inputLen);
+    }
+
+    protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+                               byte[] output, int outputOffset)
+        throws ShortBufferException {
+        return cipher.update(input, inputOffset, inputLen,
+                             output, outputOffset);
+    }
+
+    protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+        throws IllegalBlockSizeException, BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen);
+    }
+
+    protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+                                byte[] output, int outputOffset)
+        throws ShortBufferException, IllegalBlockSizeException,
+               BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen,
+                              output, outputOffset);
+    }
+
+    protected int engineGetKeySize(Key key) throws InvalidKeyException {
+        return keyLength;
+    }
+
+    protected byte[] engineWrap(Key key)
+        throws IllegalBlockSizeException, InvalidKeyException {
+        return cipher.wrap(key);
+    }
+
+    protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+                               int wrappedKeyType)
+        throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] encodedKey;
+        return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
+                             wrappedKeyType);
+    }
+
+    public static final class HmacSHA1AndAES_128 extends PBES2Core {
+        public HmacSHA1AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_128 extends PBES2Core {
+        public HmacSHA224AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_128 extends PBES2Core {
+        public HmacSHA256AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_128 extends PBES2Core {
+        public HmacSHA384AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_128 extends PBES2Core {
+        public HmacSHA512AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA1AndAES_256 extends PBES2Core {
+        public HmacSHA1AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_256 extends PBES2Core {
+        public HmacSHA224AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_256 extends PBES2Core {
+        public HmacSHA256AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_256 extends PBES2Core {
+        public HmacSHA384AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_256 extends PBES2Core {
+        public HmacSHA512AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 32);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,522 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.*;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+import java.security.AlgorithmParametersSpi;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+import sun.misc.HexDumpEncoder;
+import sun.security.util.*;
+
+/**
+ * This class implements the parameter set used with password-based
+ * encryption scheme 2 (PBES2), which is defined in PKCS#5 as follows:
+ *
+ * <pre>
+ * -- PBES2
+ *
+ * PBES2Algorithms ALGORITHM-IDENTIFIER ::=
+ *   { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
+ *
+ * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+ *
+ * PBES2-params ::= SEQUENCE {
+ *   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+ *   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
+ *
+ * PBES2-KDFs ALGORITHM-IDENTIFIER ::=
+ *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * -- PBKDF2
+ *
+ * PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+ *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+ *
+ * id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+ *
+ * PBKDF2-params ::= SEQUENCE {
+ *     salt CHOICE {
+ *       specified OCTET STRING,
+ *       otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+ *     },
+ *     iterationCount INTEGER (1..MAX),
+ *     keyLength INTEGER (1..MAX) OPTIONAL,
+ *     prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+ * }
+ *
+ * PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+ *     {NULL IDENTIFIED BY id-hmacWithSHA1} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA224} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA256} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA384} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA512}, ... }
+ *
+ * algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+ *     {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+ *
+ * id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * </pre>
+ */
+
+abstract class PBES2Parameters extends AlgorithmParametersSpi {
+
+    private static final int pkcs5PBKDF2[] =
+                                        {1, 2, 840, 113549, 1, 5, 12};
+    private static final int pkcs5PBES2[] =
+                                        {1, 2, 840, 113549, 1, 5, 13};
+    private static final int hmacWithSHA1[] =
+                                        {1, 2, 840, 113549, 2, 7};
+    private static final int hmacWithSHA224[] =
+                                        {1, 2, 840, 113549, 2, 8};
+    private static final int hmacWithSHA256[] =
+                                        {1, 2, 840, 113549, 2, 9};
+    private static final int hmacWithSHA384[] =
+                                        {1, 2, 840, 113549, 2, 10};
+    private static final int hmacWithSHA512[] =
+                                        {1, 2, 840, 113549, 2, 11};
+    private static final int aes128CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 2};
+    private static final int aes192CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 22};
+    private static final int aes256CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 42};
+
+    private static ObjectIdentifier pkcs5PBKDF2_OID;
+    private static ObjectIdentifier pkcs5PBES2_OID;
+    private static ObjectIdentifier hmacWithSHA1_OID;
+    private static ObjectIdentifier hmacWithSHA224_OID;
+    private static ObjectIdentifier hmacWithSHA256_OID;
+    private static ObjectIdentifier hmacWithSHA384_OID;
+    private static ObjectIdentifier hmacWithSHA512_OID;
+    private static ObjectIdentifier aes128CBC_OID;
+    private static ObjectIdentifier aes192CBC_OID;
+    private static ObjectIdentifier aes256CBC_OID;
+
+    static {
+        try {
+            pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
+            pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
+            hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
+            hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
+            hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
+            hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
+            hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
+            aes128CBC_OID = new ObjectIdentifier(aes128CBC);
+            aes192CBC_OID = new ObjectIdentifier(aes192CBC);
+            aes256CBC_OID = new ObjectIdentifier(aes256CBC);
+        } catch (IOException ioe) {
+            // should not happen
+        }
+    }
+
+    // the PBES2 algorithm name
+    private String pbes2AlgorithmName = null;
+
+    // the salt
+    private byte[] salt = null;
+
+    // the iteration count
+    private int iCount = 0;
+
+    // the cipher parameter
+    private AlgorithmParameterSpec cipherParam = null;
+
+    // the key derivation function (default is HmacSHA1)
+    private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+
+    // the encryption function
+    private ObjectIdentifier cipherAlgo_OID = null;
+
+    // the cipher keysize (in bits)
+    private int keysize = -1;
+
+    PBES2Parameters() {
+        // KDF, encryption & keysize values are set later, in engineInit(byte[])
+    }
+
+    PBES2Parameters(String pbes2AlgorithmName) throws NoSuchAlgorithmException {
+        int and;
+        String kdfAlgo = null;
+        String cipherAlgo = null;
+
+        // Extract the KDF and encryption algorithm names
+        this.pbes2AlgorithmName = pbes2AlgorithmName;
+        if (pbes2AlgorithmName.startsWith("PBEWith") &&
+            (and = pbes2AlgorithmName.indexOf("And", 7 + 1)) > 0) {
+            kdfAlgo = pbes2AlgorithmName.substring(7, and);
+            cipherAlgo = pbes2AlgorithmName.substring(and + 3);
+
+            // Check for keysize
+            int underscore;
+            if ((underscore = cipherAlgo.indexOf('_')) > 0) {
+                int slash;
+                if ((slash = cipherAlgo.indexOf('/', underscore + 1)) > 0) {
+                    keysize =
+                        Integer.parseInt(cipherAlgo.substring(underscore + 1,
+                            slash));
+                } else {
+                    keysize =
+                        Integer.parseInt(cipherAlgo.substring(underscore + 1));
+                }
+                cipherAlgo = cipherAlgo.substring(0, underscore);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No crypto implementation for " +
+                pbes2AlgorithmName);
+        }
+
+        switch (kdfAlgo) {
+        case "HmacSHA1":
+            kdfAlgo_OID = hmacWithSHA1_OID;
+            break;
+        case "HmacSHA224":
+            kdfAlgo_OID = hmacWithSHA224_OID;
+            break;
+        case "HmacSHA256":
+            kdfAlgo_OID = hmacWithSHA256_OID;
+            break;
+        case "HmacSHA384":
+            kdfAlgo_OID = hmacWithSHA384_OID;
+            break;
+        case "HmacSHA512":
+            kdfAlgo_OID = hmacWithSHA512_OID;
+            break;
+        default:
+            throw new NoSuchAlgorithmException(
+                "No crypto implementation for " + kdfAlgo);
+        }
+
+        if (cipherAlgo.equals("AES")) {
+            this.keysize = keysize;
+            switch (keysize) {
+            case 128:
+                cipherAlgo_OID = aes128CBC_OID;
+                break;
+            case 256:
+                cipherAlgo_OID = aes256CBC_OID;
+                break;
+            default:
+                throw new NoSuchAlgorithmException(
+                    "No Cipher implementation for " + keysize + "-bit " +
+                        cipherAlgo);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation for " +
+                cipherAlgo);
+        }
+    }
+
+    protected void engineInit(AlgorithmParameterSpec paramSpec)
+        throws InvalidParameterSpecException
+    {
+       if (!(paramSpec instanceof PBEParameterSpec)) {
+           throw new InvalidParameterSpecException
+               ("Inappropriate parameter specification");
+       }
+       this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
+       this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+       this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
+    }
+
+    protected void engineInit(byte[] encoded)
+        throws IOException
+    {
+        String kdfAlgo = null;
+        String cipherAlgo = null;
+
+        DerValue pBES2Algorithms = new DerValue(encoded);
+        if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                                  + "not an ASN.1 SEQUENCE tag");
+        }
+        if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for PBES2");
+        }
+        if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+
+        DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
+        if (pBES2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
+
+        if (pBES2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        cipherAlgo = parseES(pBES2_params.data.getDerValue());
+
+        pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+            .append(kdfAlgo).append("And").append(cipherAlgo).toString();
+    }
+
+    private String parseKDF(DerValue keyDerivationFunc) throws IOException {
+        String kdfAlgo = null;
+
+        if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for PBKDF2");
+        }
+        if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
+        if (pBKDF2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        DerValue specified = pBKDF2_params.data.getDerValue();
+        // the 'specified' ASN.1 CHOICE for 'salt' is supported
+        if (specified.tag == DerValue.tag_OctetString) {
+            salt = specified.getOctetString();
+        } else {
+            // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 OCTET STRING tag");
+        }
+        iCount = pBKDF2_params.data.getInteger();
+        DerValue keyLength = pBKDF2_params.data.getDerValue();
+        if (keyLength.tag == DerValue.tag_Integer) {
+            keysize = keyLength.getInteger() * 8; // keysize (in bits)
+        }
+        if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+            DerValue prf = pBKDF2_params.data.getDerValue();
+            kdfAlgo_OID = prf.data.getOID();
+            if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA1";
+            } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA224";
+            } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA256";
+            } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA384";
+            } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA512";
+            } else {
+                throw new IOException("PBE parameter parsing error: "
+                    + "expecting the object identifier for a HmacSHA key "
+                    + "derivation function");
+            }
+            if (prf.data.available() != 0) {
+                // parameter is 'NULL' for all HmacSHA KDFs
+                DerValue parameter = prf.data.getDerValue();
+                if (parameter.tag != DerValue.tag_Null) {
+                    throw new IOException("PBE parameter parsing error: "
+                        + "not an ASN.1 NULL tag");
+                }
+            }
+        }
+
+        return kdfAlgo;
+    }
+
+    private String parseES(DerValue encryptionScheme) throws IOException {
+        String cipherAlgo = null;
+
+        cipherAlgo_OID = encryptionScheme.data.getOID();
+        if (aes128CBC_OID.equals(cipherAlgo_OID)) {
+            cipherAlgo = "AES_128";
+            // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+            cipherParam =
+                new IvParameterSpec(encryptionScheme.data.getOctetString());
+            keysize = 128;
+        } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
+            cipherAlgo = "AES_256";
+            // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+            cipherParam =
+                new IvParameterSpec(encryptionScheme.data.getOctetString());
+            keysize = 256;
+        } else {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for AES cipher");
+        }
+
+        return cipherAlgo;
+    }
+
+    protected void engineInit(byte[] encoded, String decodingMethod)
+        throws IOException
+    {
+        engineInit(encoded);
+    }
+
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
+        throws InvalidParameterSpecException
+    {
+        if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return paramSpec.cast(
+                new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter specification");
+        }
+    }
+
+    protected byte[] engineGetEncoded() throws IOException {
+        DerOutputStream out = new DerOutputStream();
+        DerOutputStream pBES2Algorithms = new DerOutputStream();
+        pBES2Algorithms.putOID(pkcs5PBES2_OID);
+
+        DerOutputStream pBES2_params = new DerOutputStream();
+
+        DerOutputStream keyDerivationFunc = new DerOutputStream();
+        keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
+
+        DerOutputStream pBKDF2_params = new DerOutputStream();
+        pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
+        pBKDF2_params.putInteger(iCount);
+        pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+
+        DerOutputStream prf = new DerOutputStream();
+        // algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
+        prf.putOID(kdfAlgo_OID);
+        // parameters is 'NULL'
+        prf.putNull();
+        pBKDF2_params.write(DerValue.tag_Sequence, prf);
+
+        keyDerivationFunc.write(DerValue.tag_Sequence, pBKDF2_params);
+        pBES2_params.write(DerValue.tag_Sequence, keyDerivationFunc);
+
+        DerOutputStream encryptionScheme = new DerOutputStream();
+        // algorithm is id-aes128-CBC or id-aes256-CBC
+        encryptionScheme.putOID(cipherAlgo_OID);
+        // parameters is 'AES-IV ::= OCTET STRING (SIZE(16))'
+        if (cipherParam != null && cipherParam instanceof IvParameterSpec) {
+            encryptionScheme.putOctetString(
+                ((IvParameterSpec)cipherParam).getIV());
+        } else {
+            throw new IOException("Wrong parameter type: IV expected");
+        }
+        pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
+
+        pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
+        out.write(DerValue.tag_Sequence, pBES2Algorithms);
+
+        return out.toByteArray();
+    }
+
+    protected byte[] engineGetEncoded(String encodingMethod)
+        throws IOException
+    {
+        return engineGetEncoded();
+    }
+
+    /*
+     * Returns a formatted string describing the parameters.
+     *
+     * The algorithn name pattern is: "PBEWith<prf>And<encryption>"
+     * where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
+     * or HmacSHA512, and <encryption> is AES with a keysize suffix.
+     */
+    protected String engineToString() {
+        return pbes2AlgorithmName;
+    }
+
+    public static final class General extends PBES2Parameters {
+        public General() throws NoSuchAlgorithmException {
+            super();
+        }
+    }
+
+    public static final class HmacSHA1AndAES_128 extends PBES2Parameters {
+        public HmacSHA1AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA1AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA224AndAES_128 extends PBES2Parameters {
+        public HmacSHA224AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA224AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA256AndAES_128 extends PBES2Parameters {
+        public HmacSHA256AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA256AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA384AndAES_128 extends PBES2Parameters {
+        public HmacSHA384AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA384AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA512AndAES_128 extends PBES2Parameters {
+        public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA512AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
+        public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA1AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA224AndAES_256 extends PBES2Parameters {
+        public HmacSHA224AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA224AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA256AndAES_256 extends PBES2Parameters {
+        public HmacSHA256AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA256AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA384AndAES_256 extends PBES2Parameters {
+        public HmacSHA384AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA384AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA512AndAES_256 extends PBES2Parameters {
+        public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA512AndAES_256");
+        }
+    }
+}
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
 public final class PBEWithMD5AndDESCipher extends CipherSpi {
 
     // the encapsulated DES cipher
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -58,7 +58,7 @@
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        core = new PBECipherCore("DES");
+        core = new PBES1Core("DES");
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@
  */
 public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
 
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -70,7 +70,7 @@
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
         // set the encapsulated cipher to do triple DES
-        core = new PBECipherCore("DESede");
+        core = new PBES1Core("DESede");
     }
 
     /**
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * This class implements a key factory for PBE keys derived using
+ * PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
+ * pseudo random function (PRF) as defined in PKCS#5 v2.1.
+ *
+ * @author Valerie Peng
+ *
+ */
+abstract class PBKDF2Core extends SecretKeyFactorySpi {
+
+    private final String prfAlgo;
+
+    PBKDF2Core(String prfAlgo) {
+        this.prfAlgo = prfAlgo;
+    }
+
+    /**
+     * Generates a <code>SecretKey</code> object from the provided key
+     * specification (key material).
+     *
+     * @param keySpec the specification (key material) of the secret key
+     *
+     * @return the secret key
+     *
+     * @exception InvalidKeySpecException if the given key specification
+     * is inappropriate for this key factory to produce a public key.
+     */
+    protected SecretKey engineGenerateSecret(KeySpec keySpec)
+        throws InvalidKeySpecException
+    {
+        if (!(keySpec instanceof PBEKeySpec)) {
+            throw new InvalidKeySpecException("Invalid key spec");
+        }
+        PBEKeySpec ks = (PBEKeySpec) keySpec;
+        return new PBKDF2KeyImpl(ks, prfAlgo);
+    }
+
+    /**
+     * Returns a specification (key material) of the given key
+     * in the requested format.
+     *
+     * @param key the key
+     *
+     * @param keySpec the requested format in which the key material shall be
+     * returned
+     *
+     * @return the underlying key specification (key material) in the
+     * requested format
+     *
+     * @exception InvalidKeySpecException if the requested key
+     * specification is inappropriate for the given key, or the
+     * given key cannot be processed (e.g., the given key has an
+     * unrecognized algorithm or format).
+     */
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
+        throws InvalidKeySpecException {
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            // Check if requested key spec is amongst the valid ones
+            if ((keySpecCl != null)
+                && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                return new PBEKeySpec
+                    (pKey.getPassword(), pKey.getSalt(),
+                     pKey.getIterationCount(), pKey.getEncoded().length*8);
+            } else {
+                throw new InvalidKeySpecException("Invalid key spec");
+            }
+        } else {
+            throw new InvalidKeySpecException("Invalid key " +
+                                               "format/algorithm");
+        }
+    }
+
+    /**
+     * Translates a <code>SecretKey</code> object, whose provider may be
+     * unknown or potentially untrusted, into a corresponding
+     * <code>SecretKey</code> object of this key factory.
+     *
+     * @param key the key whose provider is unknown or untrusted
+     *
+     * @return the translated key
+     *
+     * @exception InvalidKeyException if the given key cannot be processed by
+     * this key factory.
+     */
+    protected SecretKey engineTranslateKey(SecretKey key)
+        throws InvalidKeyException {
+        if ((key != null) &&
+            (key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
+            (key.getFormat().equalsIgnoreCase("RAW"))) {
+
+            // Check if key originates from this factory
+            if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
+                return key;
+            }
+            // Check if key implements the PBEKey
+            if (key instanceof javax.crypto.interfaces.PBEKey) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                try {
+                    PBEKeySpec spec =
+                        new PBEKeySpec(pKey.getPassword(),
+                                       pKey.getSalt(),
+                                       pKey.getIterationCount(),
+                                       pKey.getEncoded().length*8);
+                    return new PBKDF2KeyImpl(spec, prfAlgo);
+                } catch (InvalidKeySpecException re) {
+                    InvalidKeyException ike = new InvalidKeyException
+                        ("Invalid key component(s)");
+                    ike.initCause(re);
+                    throw ike;
+                }
+            }
+        }
+        throw new InvalidKeyException("Invalid key format/algorithm");
+    }
+
+    public static final class HmacSHA1 extends PBKDF2Core {
+        public HmacSHA1() {
+            super("HmacSHA1");
+        }
+    }
+
+    public static final class HmacSHA224 extends PBKDF2Core {
+        public HmacSHA224() {
+            super("HmacSHA224");
+        }
+    }
+
+    public static final class HmacSHA256 extends PBKDF2Core {
+        public HmacSHA256() {
+            super("HmacSHA256");
+        }
+    }
+
+    public static final class HmacSHA384 extends PBKDF2Core {
+        public HmacSHA384() {
+            super("HmacSHA384");
+        }
+    }
+
+    public static final class HmacSHA512 extends PBKDF2Core {
+        public HmacSHA512() {
+            super("HmacSHA512");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.util.Arrays;
+import java.nio.ByteBuffer;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This is an implementation of the PBMAC1 algorithms as defined
+ * in PKCS#5 v2.1 standard.
+ */
+abstract class PBMAC1Core extends HmacCore {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    private final String kdfAlgo;
+    private final String hashAlgo;
+    private final PBKDF2Core kdf;
+    private final int blockLength; // in octets
+
+    /**
+     * Creates an instance of PBMAC1 according to the selected
+     * password-based key derivation function.
+     */
+    PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
+        throws NoSuchAlgorithmException {
+
+        super(hashAlgo, blockLength);
+        this.kdfAlgo = kdfAlgo;
+        this.hashAlgo = hashAlgo;
+        this.blockLength = blockLength;
+
+        switch(kdfAlgo) {
+        case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+        case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+        case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+        case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+        case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+        default:
+                throw new NoSuchAlgorithmException(
+                    "No MAC implementation for " + kdfAlgo);
+        }
+    }
+
+    /**
+     * Initializes the HMAC with the given secret key and algorithm parameters.
+     *
+     * @param key the secret key.
+     * @param params the algorithm parameters.
+     *
+     * @exception InvalidKeyException if the given key is inappropriate for
+     * initializing this MAC.
+     * @exception InvalidAlgorithmParameterException if the given algorithm
+     * parameters are inappropriate for this MAC.
+     */
+    protected void engineInit(Key key, AlgorithmParameterSpec params)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        char[] passwdChars;
+        byte[] salt = null;
+        int iCount = 0;
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            javax.crypto.interfaces.PBEKey pbeKey =
+                (javax.crypto.interfaces.PBEKey) key;
+            passwdChars = pbeKey.getPassword();
+            salt = pbeKey.getSalt(); // maybe null if unspecified
+            iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
+        } else if (key instanceof SecretKey) {
+            byte[] passwdBytes = key.getEncoded();
+            if ((passwdBytes == null) ||
+                !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+                throw new InvalidKeyException("Missing password");
+            }
+            passwdChars = new char[passwdBytes.length];
+            for (int i=0; i<passwdChars.length; i++) {
+                passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+            }
+        } else {
+            throw new InvalidKeyException("SecretKey of PBE type required");
+        }
+        if (params == null) {
+            // generate default for salt and iteration count if necessary
+            if (salt == null) {
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                SunJCE.RANDOM.nextBytes(salt);
+            }
+            if (iCount == 0) iCount = DEFAULT_COUNT;
+        } else if (!(params instanceof PBEParameterSpec)) {
+            throw new InvalidAlgorithmParameterException
+                ("PBEParameterSpec type required");
+        } else {
+            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+            // make sure the parameter values are consistent
+            if (salt != null) {
+                if (!Arrays.equals(salt, pbeParams.getSalt())) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Inconsistent value of salt between key and params");
+                }
+            } else {
+                salt = pbeParams.getSalt();
+            }
+            if (iCount != 0) {
+                if (iCount != pbeParams.getIterationCount()) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Different iteration count between key and params");
+                }
+            } else {
+                iCount = pbeParams.getIterationCount();
+            }
+        }
+        // For security purpose, we need to enforce a minimum length
+        // for salt; just require the minimum salt length to be 8-byte
+        // which is what PKCS#5 recommends and openssl does.
+        if (salt.length < 8) {
+            throw new InvalidAlgorithmParameterException
+                ("Salt must be at least 8 bytes long");
+        }
+        if (iCount <= 0) {
+            throw new InvalidAlgorithmParameterException
+                ("IterationCount must be a positive number");
+        }
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blockLength);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        byte[] derivedKey = s.getEncoded();
+        SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
+
+        super.engineInit(cipherKey, null);
+    }
+
+    public static final class HmacSHA1 extends PBMAC1Core {
+        public HmacSHA1() throws NoSuchAlgorithmException {
+            super("HmacSHA1", "SHA1", 64);
+        }
+    }
+
+    public static final class HmacSHA224 extends PBMAC1Core {
+        public HmacSHA224() throws NoSuchAlgorithmException {
+            super("HmacSHA224", "SHA-224", 64);
+        }
+    }
+
+    public static final class HmacSHA256 extends PBMAC1Core {
+        public HmacSHA256() throws NoSuchAlgorithmException {
+            super("HmacSHA256", "SHA-256", 64);
+        }
+    }
+
+    public static final class HmacSHA384 extends PBMAC1Core {
+        public HmacSHA384() throws NoSuchAlgorithmException {
+            super("HmacSHA384", "SHA-384", 128);
+        }
+    }
+
+    public static final class HmacSHA512 extends PBMAC1Core {
+        public HmacSHA512() throws NoSuchAlgorithmException {
+            super("HmacSHA512", "SHA-512", 128);
+        }
+    }
+}
--- a/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,19 +35,24 @@
 
 /**
  * This class implements password-base encryption algorithm with
- * SHA1 digest and the following Ciphers in CBC mode
+ * SHA1 digest and the following Ciphers (in CBC mode, where applicable):
  * - DESede cipher and
- * - RC2 Cipher with 40-bit effective key length
+ * - RC2 Cipher with 40-bit or 128-bit effective key length and
+ * - RC4 Cipher with 40-bit or 128-bit effective key length
  * as defined by PKCS #12 version 1.0 standard.
  *
  * @author Valerie Peng
  * @see javax.crypto.CipherSpi
  */
 final class PKCS12PBECipherCore {
+
+    // TBD: replace CipherCore with a CipherSpi object to simplify maintenance
+
     private CipherCore cipher;
     private int blockSize;
     private int keySize;
     private String algo = null;
+    private String pbeAlgo = null;
     private byte[] salt = null;
     private int iCount = 0;
 
@@ -58,8 +63,16 @@
     static final int CIPHER_IV = 2;
     static final int MAC_KEY = 3;
 
+    // Uses default hash algorithm (SHA-1)
     static byte[] derive(char[] chars, byte[] salt,
                          int ic, int n, int type) {
+        return derive(chars, salt, ic, n, type, "SHA-1", 64);
+    }
+
+    // Uses supplied hash algorithm
+    static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
+        String hashAlgo, int blockLength) {
+
         // Add in trailing NULL terminator.  Special case:
         // no terminator if password is "\0".
         int length = chars.length*2;
@@ -75,21 +88,23 @@
             passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
             passwd[j+1] = (byte) (chars[i] & 0xFF);
         }
-        int v = 512 / 8;
-        int u = 160 / 8;
-        int c = roundup(n, u) / u;
-        byte[] D = new byte[v];
-        int s = roundup(salt.length, v);
-        int p = roundup(passwd.length, v);
-        byte[] I = new byte[s + p];
         byte[] key = new byte[n];
 
-        Arrays.fill(D, (byte)type);
-        concat(salt, I, 0, s);
-        concat(passwd, I, s, p);
+        try {
+            MessageDigest sha = MessageDigest.getInstance(hashAlgo);
 
-        try {
-            MessageDigest sha = MessageDigest.getInstance("SHA1");
+            int v = blockLength;
+            int u = sha.getDigestLength();
+            int c = roundup(n, u) / u;
+            byte[] D = new byte[v];
+            int s = roundup(salt.length, v);
+            int p = roundup(passwd.length, v);
+            byte[] I = new byte[s + p];
+
+            Arrays.fill(D, (byte)type);
+            concat(salt, I, 0, s);
+            concat(passwd, I, s, p);
+
             byte[] Ai;
             byte[] B = new byte[v];
             byte[] tmp = new byte[v];
@@ -150,23 +165,30 @@
 
     PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
         throws NoSuchAlgorithmException {
+
         algo = symmCipherAlg;
-        SymmetricCipher symmCipher = null;
-        if (algo.equals("DESede")) {
-            symmCipher = new DESedeCrypt();
-        } else if (algo.equals("RC2")) {
-            symmCipher = new RC2Crypt();
+        if (algo.equals("RC4")) {
+            pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
         } else {
-            throw new NoSuchAlgorithmException("No Cipher implementation " +
+            SymmetricCipher symmCipher = null;
+            if (algo.equals("DESede")) {
+                symmCipher = new DESedeCrypt();
+                pbeAlgo = "PBEWithSHA1AndDESede";
+            } else if (algo.equals("RC2")) {
+                symmCipher = new RC2Crypt();
+                pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
+            } else {
+                throw new NoSuchAlgorithmException("No Cipher implementation " +
                        "for PBEWithSHA1And" + algo);
-        }
-        blockSize = symmCipher.getBlockSize();
-        cipher = new CipherCore(symmCipher, blockSize);
-        cipher.setMode("CBC");
-        try {
-            cipher.setPadding("PKCS5Padding");
-        } catch (NoSuchPaddingException nspe) {
-            // should not happen
+            }
+            blockSize = symmCipher.getBlockSize();
+            cipher = new CipherCore(symmCipher, blockSize);
+            cipher.setMode("CBC");
+            try {
+                cipher.setPadding("PKCS5Padding");
+            } catch (NoSuchPaddingException nspe) {
+                // should not happen
+            }
         }
         keySize = defKeySize;
     }
@@ -210,8 +232,7 @@
         }
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
-            params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
-                (algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
         } catch (GeneralSecurityException gse) {
             // should never happen
             throw new RuntimeException(
@@ -229,6 +250,13 @@
     void implInit(int opmode, Key key, AlgorithmParameterSpec params,
                   SecureRandom random) throws InvalidKeyException,
         InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameterSpec params,
+                  SecureRandom random, CipherSpi cipherImpl)
+                      throws InvalidKeyException,
+        InvalidAlgorithmParameterException {
         char[] passwdChars = null;
         salt = null;
         iCount = 0;
@@ -309,17 +337,29 @@
         byte[] derivedKey = derive(passwdChars, salt, iCount,
                                    keySize, CIPHER_KEY);
         SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
-        byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+
+        if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+            ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
+        } else {
+            byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
                                   CIPHER_IV);
-        IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+            IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
 
-        // initialize the underlying cipher
-        cipher.init(opmode, cipherKey, ivSpec, random);
+            // initialize the underlying cipher
+            cipher.init(opmode, cipherKey, ivSpec, random);
+        }
     }
 
     void implInit(int opmode, Key key, AlgorithmParameters params,
                   SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameters params,
+                  SecureRandom random, CipherSpi cipherImpl)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
         AlgorithmParameterSpec paramSpec = null;
         if (params != null) {
             try {
@@ -329,13 +369,19 @@
                     "requires PBE parameters");
             }
         }
-        implInit(opmode, key, paramSpec, random);
+        implInit(opmode, key, paramSpec, random, cipherImpl);
     }
 
     void implInit(int opmode, Key key, SecureRandom random)
         throws InvalidKeyException {
+        implInit(opmode, key, random, null);
+    }
+
+    void implInit(int opmode, Key key, SecureRandom random,
+        CipherSpi cipherImpl) throws InvalidKeyException {
         try {
-            implInit(opmode, key, (AlgorithmParameterSpec) null, random);
+            implInit(opmode, key, (AlgorithmParameterSpec) null, random,
+                cipherImpl);
         } catch (InvalidAlgorithmParameterException iape) {
             throw new InvalidKeyException("requires PBE parameters");
         }
@@ -526,4 +572,245 @@
             return core.implWrap(key);
         }
     }
+
+    public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
+        private final PKCS12PBECipherCore core;
+        public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC2", 16);
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return core.implGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return core.implGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return core.implGetKeySize(key);
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return core.implGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            core.implSetMode(mode);
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            core.implSetPadding(paddingScheme);
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return core.implUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return core.implUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return core.implWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 5;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 16;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
 }
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java	Fri Nov 09 14:46:34 2012 -0800
@@ -77,10 +77,14 @@
     "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
     + "Diffie-Hellman, HMAC)";
 
+    private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+    private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
+    private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+    private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
     private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
-    private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
     private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
     private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+    private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
     private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
 
     /* Are we debugging? -- for developers */
@@ -138,14 +142,26 @@
                     put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
                     put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
 
+                    // PBES1
+
                     put("Cipher.PBEWithMD5AndDES",
                         "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
                     put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
                     put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
+
                     put("Cipher.PBEWithMD5AndTripleDES",
                         "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+
+                    put("Cipher.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+
                     put("Cipher.PBEWithSHA1AndRC2_40",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
                         "PBEWithSHA1AndRC2_40");
@@ -153,13 +169,70 @@
                         "PBEWithSHA1AndRC2_40");
                     put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
-                    put("Cipher.PBEWithSHA1AndDESede",
+
+                    put("Cipher.PBEWithSHA1AndRC2_128",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("Cipher.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("Cipher.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    //PBES2
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_256");
 
                     put("Cipher.Blowfish",
                         "com.sun.crypto.provider.BlowfishCipher");
@@ -301,6 +374,7 @@
                         "DiffieHellman");
                     put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
                         "DiffieHellman");
+
                     /*
                      * Algorithm parameter generation engines
                      */
@@ -371,6 +445,64 @@
                     put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("AlgorithmParameters.PBES2",
+                        "com.sun.crypto.provider.PBES2Parameters$General");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
+                        "PBES2");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
+                        "PBES2");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+
                     put("AlgorithmParameters.Blowfish",
                         "com.sun.crypto.provider.BlowfishParameters");
 
@@ -378,6 +510,7 @@
                         "com.sun.crypto.provider.AESParameters");
                     put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
+
                     put("AlgorithmParameters.RC2",
                         "com.sun.crypto.provider.RC2Parameters");
 
@@ -393,6 +526,7 @@
                     put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
                         "DiffieHellman");
                     put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+
                     /*
                      * Secret-key factories
                      */
@@ -441,13 +575,90 @@
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_256");
+
+                    // PBKDF2
+
                     put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                        "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
                     put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
 
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA224",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA256",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA384",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA512",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
                     /*
                      * MAC
                      */
@@ -475,6 +686,19 @@
                     put("Mac.HmacPBESHA1",
                         "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
+                    // PBMAC1
+
+                    put("Mac.PBEWithHmacSHA1",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
+                    put("Mac.PBEWithHmacSHA224",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
+                    put("Mac.PBEWithHmacSHA256",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
+                    put("Mac.PBEWithHmacSHA384",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
+                    put("Mac.PBEWithHmacSHA512",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
+
                     put("Mac.SslMacMD5",
                         "com.sun.crypto.provider.SslMacCore$SslMacMD5");
                     put("Mac.SslMacSHA1",
@@ -487,6 +711,10 @@
                     put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
                     put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
                     put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
 
--- a/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Fri Nov 09 14:46:34 2012 -0800
@@ -59,6 +59,9 @@
     public final static Package.Version JAVA7_MAX_CLASS_VERSION =
             Package.Version.of(51, 00);
 
+    public final static Package.Version JAVA8_MAX_CLASS_VERSION =
+            Package.Version.of(52, 00);
+
     public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
 
     public final static Package.Version JAVA5_PACKAGE_VERSION =
@@ -72,7 +75,7 @@
 
     // upper limit, should point to the latest class version
     public final static Package.Version JAVA_MAX_CLASS_VERSION =
-            JAVA7_MAX_CLASS_VERSION;
+            JAVA8_MAX_CLASS_VERSION;
 
     // upper limit should point to the latest package version, for version info!.
     public final static Package.Version MAX_PACKAGE_VERSION =
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java	Fri Nov 09 14:46:34 2012 -0800
@@ -542,14 +542,26 @@
             try {
                 NamingEnumeration<InputStream> resources =
                     helper.getResources(cl, APP_RESOURCE_FILE_NAME);
-                while (resources.hasMore()) {
-                    Properties props = new Properties();
-                    props.load(resources.next());
+                try {
+                    while (resources.hasMore()) {
+                        Properties props = new Properties();
+                        InputStream istream = resources.next();
+                        try {
+                            props.load(istream);
+                        } finally {
+                            istream.close();
+                        }
 
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    }
+                } finally {
+                    while (resources.hasMore()) {
+                        InputStream istream = (InputStream)resources.next();
+                        istream.close();
                     }
                 }
 
@@ -557,13 +569,17 @@
                 InputStream istream =
                     helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
                 if (istream != null) {
-                    Properties props = new Properties();
-                    props.load(istream);
+                    try {
+                        Properties props = new Properties();
+                        props.load(istream);
 
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    } finally {
+                        istream.close();
                     }
                 }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSCredential interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
+ * @since 1.8
+ */
+public interface ExtendedGSSCredential extends GSSCredential {
+    /**
+     * Impersonates a principal. In Kerberos, this can be implemented
+     * using the Microsoft S4U2self extension.
+     * <p>
+     * A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
+     * impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
+     * will be  thrown if the impersonation method is not available to this
+     * credential object.
+     * @param name the name of the principal to impersonate
+     * @return a credential for that principal
+     * @throws GSSException  containing the following
+     * major error codes:
+     *   {@link GSSException#NO_CRED GSSException.NO_CRED}
+     *   {@link GSSException#FAILURE GSSException.FAILURE}
+     */
+    public GSSCredential impersonate(GSSName name) throws GSSException;
+}
--- a/src/share/classes/java/lang/Character.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/lang/Character.java	Fri Nov 09 14:46:34 2012 -0800
@@ -40,7 +40,7 @@
  * a character's category (lowercase letter, digit, etc.) and for converting
  * characters from uppercase to lowercase and vice versa.
  * <p>
- * Character information is based on the Unicode Standard, version 6.1.0.
+ * Character information is based on the Unicode Standard, version 6.2.0.
  * <p>
  * The methods and data of class {@code Character} are defined by
  * the information in the <i>UnicodeData</i> file that is part of the
@@ -3758,8 +3758,7 @@
             0x0640,   // 0640..0640; COMMON
             0x0641,   // 0641..064A; ARABIC
             0x064B,   // 064B..0655; INHERITED
-            0x0656,   // 0656..065E; ARABIC
-            0x065F,   // 065F..065F; INHERITED
+            0x0656,   // 0656..065F; ARABIC
             0x0660,   // 0660..0669; COMMON
             0x066A,   // 066A..066F; ARABIC
             0x0670,   // 0670..0670; INHERITED
@@ -4081,7 +4080,6 @@
             ARABIC,
             INHERITED,
             ARABIC,
-            INHERITED,
             COMMON,
             ARABIC,
             INHERITED,
--- a/src/share/classes/java/lang/Math.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/lang/Math.java	Fri Nov 09 14:46:34 2012 -0800
@@ -742,6 +742,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int addExact(int x, int y) {
         int r = x + y;
@@ -760,6 +761,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long addExact(long x, long y) {
         long r = x + y;
@@ -778,6 +780,7 @@
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int subtractExact(int x, int y) {
         int r = x - y;
@@ -797,6 +800,7 @@
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long subtractExact(long x, long y) {
         long r = x - y;
@@ -816,6 +820,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int multiplyExact(int x, int y) {
         long r = (long)x * (long)y;
@@ -833,6 +838,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long multiplyExact(long x, long y) {
         long r = x * y;
@@ -857,6 +863,7 @@
      * @param value the long value
      * @return the argument as an int
      * @throws ArithmeticException if the {@code argument} overflows an int
+     * @since 1.8
      */
     public static int toIntExact(long value) {
         if ((int)value != value) {
@@ -866,6 +873,159 @@
     }
 
     /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results of
+     *       {@code floorDiv} and the {@code /} operator are the same.  <br>
+     *       For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.</li>
+     *   <li>If the signs of the arguments are different,  the quotient is negative and
+     *       {@code floorDiv} returns the integer less than or equal to the quotient
+     *       and the {@code /} operator returns the integer closest to zero.<br>
+     *       For example, {@code floorDiv(-4, 3) == -2},
+     *       whereas {@code (-4 / 3) == -1}.
+     *   </li>
+     * </ul>
+     * <p>
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(int, int)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        int r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <p>
+     * For examples, see {@link #floorDiv(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(long, long)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        long r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * The difference in values between {@code floorMod} and
+     * the {@code %} operator is due to the difference between
+     * {@code floorDiv} that returns the integer less than or equal to the quotient
+     * and the {@code /} operator that returns the integer closest to zero.
+     * <p>
+     * Examples:
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results
+     *       of {@code floorMod} and the {@code %} operator are the same.  <br>
+     *       <ul>
+     *       <li>{@code floorMod(4, 3) == 1}; &nbsp; and {@code (4 % 3) == 1}</li>
+     *       </ul>
+     *   <li>If the signs of the arguments are different, the results differ from the {@code %} operator.<br>
+     *      <ul>
+     *      <li>{@code floorMod(+4, -3) == -2}; &nbsp; and {@code (+4 % -3) == +1} </li>
+     *      <li>{@code floorMod(-4, +3) == +2}; &nbsp; and {@code (-4 % +3) == -1} </li>
+     *      <li>{@code floorMod(-4, -3) == -1}; &nbsp; and {@code (-4 % -3) == -1 } </li>
+     *      </ul>
+     *   </li>
+     * </ul>
+     * <p>
+     * If the signs of arguments are unknown and a positive modulus
+     * is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        int r = x - floorDiv(x, y) * y;
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * For examples, see {@link #floorMod(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return x - floorDiv(x, y) * y;
+    }
+
+    /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.
      * If the argument is negative, the negation of the argument is returned.
--- a/src/share/classes/java/lang/StrictMath.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/lang/StrictMath.java	Fri Nov 09 14:46:34 2012 -0800
@@ -365,7 +365,7 @@
      * @param a the value to be floored or ceiled
      * @param negativeBoundary result for values in (-1, 0)
      * @param positiveBoundary result for values in (0, 1)
-     * @param sign the sign of the result
+     * @param increment value to add when the argument is non-integral
      */
     private static double floorOrCeil(double a,
                                       double negativeBoundary,
@@ -702,7 +702,7 @@
      * <p>This method is properly synchronized to allow correct use by
      * more than one thread. However, if many threads need to generate
      * pseudorandom numbers at a great rate, it may reduce contention
-     * for each thread to have its own pseudorandom number generator.
+     * for each thread to have its own pseudorandom-number generator.
      *
      * @return  a pseudorandom {@code double} greater than or equal
      * to {@code 0.0} and less than {@code 1.0}.
@@ -745,7 +745,7 @@
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -760,7 +760,7 @@
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -775,7 +775,7 @@
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -790,7 +790,7 @@
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -805,7 +805,7 @@
     }
 
     /**
-     * Return the value of the {@code long} argument;
+     * Returns the value of the {@code long} argument;
      * throwing an exception if the value overflows an {@code int}.
      *
      * @param value the long value
@@ -819,6 +819,107 @@
     }
 
     /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(int, int)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(long, long)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(int, int)
+     * @see StrictMath#floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        return Math.floorMod(x , y);
+    }
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(long, long)
+     * @see StrictMath#floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return Math.floorMod(x, y);
+    }
+
+    /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.
      * If the argument is negative, the negation of the argument is returned.
@@ -1543,7 +1644,7 @@
     }
 
     /**
-     * Return {@code d} &times;
+     * Returns {@code d} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the double value set.  See the Java
@@ -1577,7 +1678,7 @@
     }
 
     /**
-     * Return {@code f} &times;
+     * Returns {@code f} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the float value set.  See the Java
--- a/src/share/classes/java/lang/annotation/ElementType.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/lang/annotation/ElementType.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@
     /** Method declaration */
     METHOD,
 
-    /** Parameter declaration */
+    /** Formal parameter declaration */
     PARAMETER,
 
     /** Constructor declaration */
@@ -59,5 +59,19 @@
     ANNOTATION_TYPE,
 
     /** Package declaration */
-    PACKAGE
+    PACKAGE,
+
+    /**
+     * Type parameter declaration
+     *
+     * @since 1.8
+     */
+    TYPE_PARAMETER,
+
+    /**
+     * Use of a type
+     *
+     * @since 1.8
+     */
+    TYPE_USE
 }
--- a/src/share/classes/java/security/cert/CertPathBuilder.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/security/cert/CertPathBuilder.java	Fri Nov 09 14:46:34 2012 -0800
@@ -315,12 +315,14 @@
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathBuilderSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8
--- a/src/share/classes/java/security/cert/CertPathValidator.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/security/cert/CertPathValidator.java	Fri Nov 09 14:46:34 2012 -0800
@@ -327,12 +327,14 @@
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathValidatorSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8
--- a/src/share/classes/java/security/cert/PKIXRevocationChecker.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/java/security/cert/PKIXRevocationChecker.java	Fri Nov 09 14:46:34 2012 -0800
@@ -63,8 +63,8 @@
  * and then the {@code PKIXParameters} is passed along with the {@code CertPath}
  * to be validated to the {@link CertPathValidator#validate validate} method
  * of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
- * this manner, do not enable the default revocation checking mechanism (by
- * calling {@link PKIXParameters#setRevocationEnabled}.
+ * this manner, it will be used to check revocation irrespective of the setting
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
  *
  * <p>Note that when a {@code PKIXRevocationChecker} is added to
  * {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@@ -88,7 +88,7 @@
     private URI ocspResponder;
     private X509Certificate ocspResponderCert;
     private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
-    private Map<X509Certificate, byte[]> ocspStapled = Collections.emptyMap();
+    private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
     private Set<Option> options = Collections.emptySet();
 
     protected PKIXRevocationChecker() {}
@@ -169,40 +169,40 @@
     }
 
     /**
-     * Sets the stapled OCSP responses. These responses are used to determine
+     * Sets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @param responses a map of stapled OCSP responses. Each key is an
+     * @param responses a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is performed to protect against subsequent modification.
      */
-    public void setOCSPStapledResponses(Map<X509Certificate, byte[]> responses)
+    public void setOCSPResponses(Map<X509Certificate, byte[]> responses)
     {
         if (responses == null) {
-            this.ocspStapled = Collections.<X509Certificate, byte[]>emptyMap();
+            this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
         } else {
             Map<X509Certificate, byte[]> copy = new HashMap<>(responses.size());
             for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
                 copy.put(e.getKey(), e.getValue().clone());
             }
-            this.ocspStapled = copy;
+            this.ocspResponses = copy;
         }
     }
 
     /**
-     * Gets the stapled OCSP responses. These responses are used to determine
+     * Gets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @return a map of stapled OCSP responses. Each key is an
+     * @return a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is returned to protect against subsequent modification.
      *        Returns an empty map if no responses have been specified.
      */
-    public Map<X509Certificate, byte[]> getOCSPStapledResponses() {
-        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspStapled.size());
-        for (Map.Entry<X509Certificate, byte[]> e : ocspStapled.entrySet()) {
+    public Map<X509Certificate, byte[]> getOCSPResponses() {
+        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
+        for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
             copy.put(e.getKey(), e.getValue().clone());
         }
         return copy;
@@ -234,10 +234,10 @@
     public Object clone() {
         PKIXRevocationChecker copy = (PKIXRevocationChecker)super.clone();
         copy.ocspExtensions = new ArrayList<>(ocspExtensions);
-        copy.ocspStapled = new HashMap<>(ocspStapled);
-        // deep-copy the encoded stapled responses, since they are mutable
+        copy.ocspResponses = new HashMap<>(ocspResponses);
+        // deep-copy the encoded responses, since they are mutable
         for (Map.Entry<X509Certificate, byte[]> entry :
-                 copy.ocspStapled.entrySet())
+                 copy.ocspResponses.entrySet())
         {
             byte[] encoded = entry.getValue();
             entry.setValue(encoded.clone());
--- a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
 
     private byte[] salt;
     private int iterationCount;
+    private AlgorithmParameterSpec paramSpec = null;
 
     /**
      * Constructs a parameter set for password-based encryption as defined in
@@ -57,6 +58,25 @@
     }
 
     /**
+     * Constructs a parameter set for password-based encryption as defined in
+     * the PKCS #5 standard.
+     *
+     * @param salt the salt. The contents of <code>salt</code> are copied
+     * to protect against subsequent modification.
+     * @param iterationCount the iteration count.
+     * @param paramSpec the cipher algorithm parameter specification.
+     * @exception NullPointerException if <code>salt</code> is null.
+     *
+     * @since 1.8
+     */
+    public PBEParameterSpec(byte[] salt, int iterationCount,
+            AlgorithmParameterSpec paramSpec) {
+        this.salt = salt.clone();
+        this.iterationCount = iterationCount;
+        this.paramSpec = paramSpec;
+    }
+
+    /**
      * Returns the salt.
      *
      * @return the salt. Returns a new array
@@ -74,4 +94,15 @@
     public int getIterationCount() {
         return this.iterationCount;
     }
+
+    /**
+     * Returns the cipher algorithm parameter specification.
+     *
+     * @return the parameter specification, or null if none was set.
+     *
+     * @since 1.8
+     */
+    public AlgorithmParameterSpec getParameterSpec() {
+        return this.paramSpec;
+    }
 }
--- a/src/share/classes/javax/sql/rowset/serial/SerialArray.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/sql/rowset/serial/SerialArray.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
 import java.io.*;
 import java.util.Map;
 import java.net.URL;
-
+import java.util.Arrays;
 
 /**
  * A serialized version of an <code>Array</code>
@@ -525,6 +525,97 @@
     }
 
     /**
+     * Compares this SerialArray to the specified object.  The result is {@code
+     * true} if and only if the argument is not {@code null} and is a {@code
+     * SerialArray} object whose elements are identical to this object's elements
+     *
+     * @param  obj The object to compare this {@code SerialArray} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialArray}
+     *          equivalent to this SerialArray, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+
+        if (obj instanceof SerialArray) {
+            SerialArray sa = (SerialArray)obj;
+            return baseType == sa.baseType &&
+                    baseTypeName.equals(sa.baseTypeName) &&
+                    Arrays.equals(elements, sa.elements);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialArray. The hash code for a
+     * {@code SerialArray} object is computed using the hash codes
+     * of the elements of the  {@code SerialArray} object
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return (((31 + Arrays.hashCode(elements)) * 31 + len)  * 31 +
+                baseType) * 31 + baseTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialArray}. The copy will contain a
+     * reference to a clone of the underlying objects array, not a reference
+     * to the original underlying object array of this {@code SerialArray} object.
+     *
+     * @return  a clone of this SerialArray
+     */
+    public Object clone() {
+        try {
+            SerialArray sa = (SerialArray) super.clone();
+            sa.elements = Arrays.copyOf(elements, len);
+            return sa;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialArray} from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+       ObjectInputStream.GetField fields = s.readFields();
+       Object[] tmp = (Object[])fields.get("elements", null);
+       if (tmp == null)
+           throw new InvalidObjectException("elements is null and should not be!");
+       elements = tmp.clone();
+       len = fields.get("len", 0);
+       if(elements.length != len)
+           throw new InvalidObjectException("elements is not the expected size");
+
+       baseType = fields.get("baseType", 0);
+       baseTypeName = (String)fields.get("baseTypeName", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialArray}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("elements", elements);
+        fields.put("len", len);
+        fields.put("baseType", baseType);
+        fields.put("baseTypeName", baseTypeName);
+        s.writeFields();
+    }
+
+    /**
      * The identifier that assists in the serialization of this <code>SerialArray</code>
      * object.
      */
--- a/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -100,10 +100,64 @@
         return aURL;
     }
 
+    /**
+     * Compares this {@code SerialDatalink} to the specified object.
+     * The result is {@code true} if and only if the argument is not
+     * {@code null} and is a {@code SerialDatalink} object whose URL is
+     * identical to this object's URL
+     *
+     * @param  obj The object to compare this {@code SerialDatalink} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialDatalink}
+     *          equivalent to this SerialDatalink, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SerialDatalink) {
+            SerialDatalink sdl = (SerialDatalink) obj;
+            return url.equals(sdl.url);
+        }
+        return false;
+    }
 
     /**
-         * The identifier that assists in the serialization of this <code>SerialDatalink</code>
-     * object.
+     * Returns a hash code for this {@code SerialDatalink}. The hash code for a
+     * {@code SerialDatalink} object is taken as the hash code of
+     * the {@code URL} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + url.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialDatalink}.
+     *
+     * @return  a clone of this SerialDatalink
+     */
+    public Object clone() {
+        try {
+            SerialDatalink sdl = (SerialDatalink) super.clone();
+            return sdl;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
+
+    /**
+     * readObject and writeObject are called to restore the state
+     * of the {@code SerialDatalink}
+     * from a stream. Note: we leverage the default Serialized form
+     */
+
+    /**
+     * The identifier that assists in the serialization of this
+     *  {@code SerialDatalink} object.
      */
     static final long serialVersionUID = 2826907821828733626L;
 }
--- a/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import java.io.*;
 import java.lang.reflect.*;
+import java.util.Arrays;
+import java.util.Vector;
 import javax.sql.rowset.RowSetWarning;
 
 /**
@@ -49,7 +51,7 @@
     /**
      * Placeholder for object to be serialized.
      */
-    private final Object obj;
+    private Object obj;
 
 
    /**
@@ -82,18 +84,9 @@
         // any of these are static, this should invalidate
         // the action of attempting to persist these fields
         // in a serialized form
-
-        boolean anyStaticFields = false;
         fields = c.getFields();
 
-        for (int i = 0; i < fields.length; i++ ) {
-            if ( fields[i].getModifiers() == Modifier.STATIC ) {
-                anyStaticFields = true;
-            }
-        }
-
-
-        if (anyStaticFields) {
+        if (hasStaticFields(fields)) {
             throw new SerialException("Located static fields in " +
                 "object instance. Cannot serialize");
         }
@@ -132,7 +125,7 @@
     }
 
     /**
-         * The identifier that assists in the serialization of this
+     * The identifier that assists in the serialization of this
      * <code>SerialJavaObject</code> object.
      */
     static final long serialVersionUID = -1465795139032831023L;
@@ -142,15 +135,117 @@
      * object. When there are multiple warnings, each warning is chained to the
      * previous warning.
      */
-    java.util.Vector<RowSetWarning> chain;
+    Vector<RowSetWarning> chain;
+
+    /**
+     * Compares this SerialJavaObject to the specified object.
+     * The result is {@code true} if and only if the argument
+     * is not {@code null} and is a {@code SerialJavaObject}
+     * object that is identical to this object
+     *
+     * @param  o The object to compare this {@code SerialJavaObject} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialJavaObject}
+     *          equivalent to this SerialJavaObject, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o instanceof SerialJavaObject) {
+            SerialJavaObject sjo = (SerialJavaObject) o;
+            return obj.equals(sjo.obj);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialJavaObject. The hash code for a
+     * {@code SerialJavaObject} object is taken as the hash code of
+     * the {@code Object} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + obj.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialJavaObject}.
+     *
+     * @return  a clone of this SerialJavaObject
+     */
+
+    public Object clone() {
+        try {
+            SerialJavaObject sjo = (SerialJavaObject) super.clone();
+            sjo.fields = Arrays.copyOf(fields, fields.length);
+            if (chain != null)
+                sjo.chain = new Vector<>(chain);
+            return sjo;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
 
     /**
      * Registers the given warning.
      */
     private void setWarning(RowSetWarning e) {
         if (chain == null) {
-            chain = new java.util.Vector<>();
+            chain = new Vector<>();
         }
         chain.add(e);
     }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialJavaObject}
+     * from a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectInputStream.GetField fields1 = s.readFields();
+        @SuppressWarnings("unchecked")
+        Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
+        if (tmp != null)
+            chain = new Vector<>(tmp);
+
+        obj = fields1.get("obj", null);
+        if (obj != null) {
+            fields = obj.getClass().getFields();
+            if(hasStaticFields(fields))
+                throw new IOException("Located static fields in " +
+                "object instance. Cannot serialize");
+        } else {
+            throw new IOException("Object cannot be null!");
+        }
+
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialJavaObject}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException {
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("obj", obj);
+        fields.put("chain", chain);
+        s.writeFields();
+    }
+
+    /*
+     * Check to see if there are any Static Fields in this object
+     */
+    private static boolean hasStaticFields(Field[] fields) {
+        for (Field field : fields) {
+            if ( field.getModifiers() == Modifier.STATIC) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
--- a/src/share/classes/javax/sql/rowset/serial/SerialRef.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/sql/rowset/serial/SerialRef.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,85 @@
     }
 
     /**
-         * The identifier that assists in the serialization of this <code>SerialRef</code>
+     * Compares this SerialRef to the specified object.  The result is {@code
+     * true} if and only if the argument is not {@code null} and is a {@code
+     * SerialRef} object that represents the same object as this
+     * object.
+     *
+     * @param  obj The object to compare this {@code SerialRef} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialRef}
+     *          equivalent to this SerialRef, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if(obj instanceof SerialRef) {
+            SerialRef ref = (SerialRef)obj;
+            return baseTypeName.equals(ref.baseTypeName) &&
+                    object.equals(ref.object);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this {@code SerialRef}.
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return (31 + object.hashCode()) * 31 + baseTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialRef}. .
+     * The underlying {@code Ref} object will be set to null.
+     *
+     * @return  a clone of this SerialRef
+     */
+    public Object clone() {
+        try {
+            SerialRef ref = (SerialRef) super.clone();
+            ref.reference = null;
+            return ref;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the SerialRef from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField fields = s.readFields();
+        object = fields.get("object", null);
+        baseTypeName = (String) fields.get("baseTypeName", null);
+        reference = (Ref) fields.get("reference", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the SerialRef
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("baseTypeName", baseTypeName);
+        fields.put("object", object);
+        // Note: this check to see if it is an instance of Serializable
+        // is for backwards compatibiity
+        fields.put("reference", reference instanceof Serializable ? reference : null);
+        s.writeFields();
+    }
+
+    /**
+     * The identifier that assists in the serialization of this <code>SerialRef</code>
      * object.
      */
     static final long serialVersionUID = -4727123500609662274L;
--- a/src/share/classes/javax/sql/rowset/serial/SerialStruct.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/javax/sql/rowset/serial/SerialStruct.java	Fri Nov 09 14:46:34 2012 -0800
@@ -250,6 +250,88 @@
     }
 
     /**
+     * Compares this SerialStruct to the specified object.  The result is
+     * {@code true} if and only if the argument is not {@code null} and is a
+     * {@code SerialStruct} object whose attributes are identical to this
+     * object's attributes
+     *
+     * @param  obj The object to compare this {@code SerialStruct} against
+     *
+     * @return {@code true} if the given object represents a {@code SerialStruct}
+     *          equivalent to this SerialStruct, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SerialStruct) {
+            SerialStruct ss = (SerialStruct)obj;
+            return SQLTypeName.equals(ss.SQLTypeName) &&
+                    Arrays.equals(attribs, ss.attribs);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this {@code SerialStruct}. The hash code for a
+     * {@code SerialStruct} object is computed using the hash codes
+     * of the attributes of the {@code SerialStruct} object and its
+     * {@code SQLTypeName}
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return ((31 + Arrays.hashCode(attribs)) * 31) * 31
+                + SQLTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialStruct}. The copy will contain a
+     * reference to a clone of the underlying attribs array, not a reference
+     * to the original underlying attribs array of this {@code SerialStruct} object.
+     *
+     * @return  a clone of this SerialStruct
+     */
+    public Object clone() {
+        try {
+            SerialStruct ss = (SerialStruct) super.clone();
+            ss.attribs = Arrays.copyOf(attribs, attribs.length);
+            return ss;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialStruct} from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+       ObjectInputStream.GetField fields = s.readFields();
+       Object[] tmp = (Object[])fields.get("attribs", null);
+       attribs = tmp == null ? null : tmp.clone();
+       SQLTypeName = (String)fields.get("SQLTypeName", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialStruct}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("attribs", attribs);
+        fields.put("SQLTypeName", SQLTypeName);
+        s.writeFields();
+    }
+
+    /**
      * The identifier that assists in the serialization of this
      * <code>SerialStruct</code> object.
      */
--- a/src/share/classes/sun/nio/ch/FileChannelImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/nio/ch/FileChannelImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -302,12 +302,10 @@
         }
     }
 
-    public FileChannel truncate(long size) throws IOException {
+    public FileChannel truncate(long newSize) throws IOException {
         ensureOpen();
-        if (size < 0)
-            throw new IllegalArgumentException();
-        if (size > size())
-            return this;
+        if (newSize < 0)
+            throw new IllegalArgumentException("Negative size");
         if (!writable)
             throw new NonWritableChannelException();
         synchronized (positionLock) {
@@ -320,6 +318,14 @@
                 if (!isOpen())
                     return null;
 
+                // get current size
+                long size;
+                do {
+                    size = nd.size(fd);
+                } while ((size == IOStatus.INTERRUPTED) && isOpen());
+                if (!isOpen())
+                    return null;
+
                 // get current position
                 do {
                     p = position0(fd, -1);
@@ -328,16 +334,18 @@
                     return null;
                 assert p >= 0;
 
-                // truncate file
-                do {
-                    rv = nd.truncate(fd, size);
-                } while ((rv == IOStatus.INTERRUPTED) && isOpen());
-                if (!isOpen())
-                    return null;
+                // truncate file if given size is less than the current size
+                if (newSize < size) {
+                    do {
+                        rv = nd.truncate(fd, newSize);
+                    } while ((rv == IOStatus.INTERRUPTED) && isOpen());
+                    if (!isOpen())
+                        return null;
+                }
 
-                // set position to size if greater than size
-                if (p > size)
-                    p = size;
+                // if position is beyond new size then adjust it
+                if (p > newSize)
+                    p = newSize;
                 do {
                     rv = (int)position0(fd, p);
                 } while ((rv == IOStatus.INTERRUPTED) && isOpen());
@@ -779,6 +787,8 @@
         throws IOException
     {
         ensureOpen();
+        if (mode == null)
+            throw new NullPointerException("Mode is null");
         if (position < 0L)
             throw new IllegalArgumentException("Negative position");
         if (size < 0L)
@@ -787,6 +797,7 @@
             throw new IllegalArgumentException("Position + size overflow");
         if (size > Integer.MAX_VALUE)
             throw new IllegalArgumentException("Size exceeds Integer.MAX_VALUE");
+
         int imode = -1;
         if (mode == MapMode.READ_ONLY)
             imode = MAP_RO;
--- a/src/share/classes/sun/security/jgss/GSSCaller.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/GSSCaller.java	Fri Nov 09 14:46:34 2012 -0800
@@ -31,10 +31,19 @@
  * different callers.
  */
 public class GSSCaller {
-    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller();
-    public static final GSSCaller CALLER_INITIATE = new GSSCaller();
-    public static final GSSCaller CALLER_ACCEPT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller();
+    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
+    public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
+    public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
+    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
+    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
+
+    private String name;
+    GSSCaller(String s) {
+        name = s;
+    }
+    @Override
+    public String toString() {
+        return "GSSCaller{" + name + '}';
+    }
 }
 
--- a/src/share/classes/sun/security/jgss/GSSCredentialImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/GSSCredentialImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,8 +28,9 @@
 import org.ietf.jgss.*;
 import sun.security.jgss.spi.*;
 import java.util.*;
+import com.sun.security.jgss.*;
 
-public class GSSCredentialImpl implements GSSCredential {
+public class GSSCredentialImpl implements ExtendedGSSCredential {
 
     private GSSManagerImpl gssManager = null;
     private boolean destroyed = false;
@@ -122,6 +123,19 @@
         }
     }
 
+    public GSSCredential impersonate(GSSName name) throws GSSException {
+        if (destroyed) {
+            throw new IllegalStateException("This credential is " +
+                                        "no longer valid");
+        }
+        Oid mech = tempCred.getMechanism();
+        GSSNameSpi nameElement = (name == null ? null :
+                                  ((GSSNameImpl)name).getElement(mech));
+        GSSCredentialSpi cred = tempCred.impersonate(nameElement);
+        return (cred == null ?
+            null : new GSSCredentialImpl(gssManager, cred));
+    }
+
     public GSSName getName() throws GSSException {
         if (destroyed) {
             throw new IllegalStateException("This credential is " +
--- a/src/share/classes/sun/security/jgss/HttpCaller.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/HttpCaller.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,6 +35,7 @@
     final private HttpCallerInfo hci;
 
     public HttpCaller(HttpCallerInfo hci) {
+        super("HTTP_CLIENT");
         this.hci = hci;
     }
 
--- a/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -25,6 +25,7 @@
 
 package sun.security.jgss.krb5;
 
+import java.io.IOException;
 import org.ietf.jgss.*;
 import sun.security.jgss.GSSCaller;
 import sun.security.jgss.spi.*;
@@ -177,4 +178,21 @@
     public void destroy() throws DestroyFailedException {
         screds.destroy();
     }
+
+    /**
+     * Impersonation is only available on the initiator side. The
+     * service must starts as an initiator to get an initial TGT to complete
+     * the S4U2self protocol.
+     */
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        Credentials cred = screds.getInitCred();
+        if (cred != null) {
+            return Krb5InitCredential.getInstance(this.name, cred)
+                    .impersonate(name);
+        } else {
+            throw new GSSException(GSSException.FAILURE, -1,
+                "Only an initiate credentials can impersonate");
+        }
+    }
 }
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Fri Nov 09 14:46:34 2012 -0800
@@ -45,6 +45,7 @@
 import javax.crypto.Cipher;
 import javax.security.auth.Subject;
 import javax.security.auth.kerberos.*;
+import sun.security.krb5.internal.Ticket;
 
 /**
  * Implements the mechanism specific context class for the Kerberos v5
@@ -76,7 +77,7 @@
      * values.
      */
 
-    private boolean credDelegState  = false;
+    private boolean credDelegState  = false;    // now only useful at client
     private boolean mutualAuthState  = true;
     private boolean replayDetState  = true;
     private boolean sequenceDetState  = true;
@@ -84,6 +85,8 @@
     private boolean integState  = true;
     private boolean delegPolicyState = false;
 
+    private boolean isConstrainedDelegationTried = false;
+
     private int mySeqNumber;
     private int peerSeqNumber;
     private int keySrc;
@@ -113,13 +116,11 @@
     private Krb5CredElement myCred;
     private Krb5CredElement delegatedCred; // Set only on acceptor side
 
-    /* DESCipher instance used by the corresponding GSSContext */
-    private Cipher desCipher = null;
-
     // XXX See if the required info from these can be extracted and
     // stored elsewhere
     private Credentials serviceCreds;
     private KrbApReq apReq;
+    Ticket serviceTicket;
     final private GSSCaller caller;
     private static final boolean DEBUG = Krb5Util.DEBUG;
 
@@ -248,7 +249,14 @@
      * Is credential delegation enabled?
      */
     public final boolean getCredDelegState() {
-        return credDelegState;
+        if (isInitiator()) {
+            return credDelegState;
+        } else {
+            // Server side deleg state is not flagged by credDelegState.
+            // It can use constrained delegation.
+            tryConstrainedDelegation();
+            return delegatedCred != null;
+        }
     }
 
     /**
@@ -498,7 +506,8 @@
      * Returns the delegated credential for the context. This
      * is an optional feature of contexts which not all
      * mechanisms will support. A context can be requested to
-     * support credential delegation by using the <b>CRED_DELEG</b>.
+     * support credential delegation by using the <b>CRED_DELEG</b>,
+     * or it can request for a constrained delegation.
      * This is only valid on the acceptor side of the context.
      * @return GSSCredentialSpi object for the delegated credential
      * @exception GSSException
@@ -507,11 +516,41 @@
     public final GSSCredentialSpi getDelegCred() throws GSSException {
         if (state != STATE_IN_PROCESS && state != STATE_DONE)
             throw new GSSException(GSSException.NO_CONTEXT);
-        if (delegatedCred == null)
+        if (isInitiator()) {
             throw new GSSException(GSSException.NO_CRED);
+        }
+        tryConstrainedDelegation();
+        if (delegatedCred == null) {
+            throw new GSSException(GSSException.NO_CRED);
+        }
         return delegatedCred;
     }
 
+    private void tryConstrainedDelegation() {
+        if (state != STATE_IN_PROCESS && state != STATE_DONE) {
+            return;
+        }
+        // We will only try constrained delegation once (if necessary).
+        if (!isConstrainedDelegationTried) {
+            if (delegatedCred == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Constrained deleg from " + caller);
+                }
+                // The constrained delegation part. The acceptor needs to have
+                // isInitiator=true in order to get a TGT, either earlier at
+                // logon stage, if useSubjectCredsOnly, or now.
+                try {
+                    delegatedCred = new Krb5ProxyCredential(
+                        Krb5InitCredential.getInstance(
+                            GSSCaller.CALLER_ACCEPT, myName, lifetime),
+                        peerName, serviceTicket);
+                } catch (GSSException gsse) {
+                    // OK, delegatedCred is null then
+                }
+            }
+            isConstrainedDelegationTried = true;
+        }
+    }
     /**
      * Tests if this is the initiator side of the context.
      *
@@ -577,8 +616,15 @@
                                            "No TGT available");
                     }
                     myName = (Krb5NameElement) myCred.getName();
-                    Credentials tgt =
-                    ((Krb5InitCredential) myCred).getKrb5Credentials();
+                    Credentials tgt;
+                    final Krb5ProxyCredential second;
+                    if (myCred instanceof Krb5InitCredential) {
+                        second = null;
+                        tgt = ((Krb5InitCredential) myCred).getKrb5Credentials();
+                    } else {
+                        second = (Krb5ProxyCredential) myCred;
+                        tgt = second.self.getKrb5Credentials();
+                    }
 
                     checkPermission(peerName.getKrb5PrincipalName().getName(),
                                     "initiate");
@@ -607,7 +653,9 @@
                                         GSSCaller.CALLER_UNKNOWN,
                                         // since it's useSubjectCredsOnly here,
                                         // don't worry about the null
-                                        myName.getKrb5PrincipalName().getName(),
+                                        second == null ?
+                                            myName.getKrb5PrincipalName().getName():
+                                            second.getName().getKrb5PrincipalName().getName(),
                                         peerName.getKrb5PrincipalName().getName(),
                                         acc);
                                 }});
@@ -638,9 +686,17 @@
                                                "the subject");
                         }
                         // Get Service ticket using the Kerberos protocols
-                        serviceCreds = Credentials.acquireServiceCreds(
+                        if (second == null) {
+                            serviceCreds = Credentials.acquireServiceCreds(
                                      peerName.getKrb5PrincipalName().getName(),
                                      tgt);
+                        } else {
+                            serviceCreds = Credentials.acquireS4U2proxyCreds(
+                                    peerName.getKrb5PrincipalName().getName(),
+                                    second.tkt,
+                                    second.getName().getKrb5PrincipalName(),
+                                    tgt);
+                        }
                         if (GSSUtil.useSubjectCredsOnly(caller)) {
                             final Subject subject =
                                 AccessController.doPrivileged(
@@ -776,6 +832,7 @@
                         retVal = new AcceptSecContextToken(this,
                                           token.getKrbApReq()).encode();
                 }
+                serviceTicket = token.getKrbApReq().getCreds().getTicket();
                 myCred = null;
                 state = STATE_DONE;
             } else  {
@@ -802,8 +859,6 @@
         return retVal;
     }
 
-
-
     /**
      * Queries the context for largest data size to accomodate
      * the specified protection and be <= maxTokSize.
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -309,8 +309,7 @@
                                                  int initLifetime)
         throws GSSException {
 
-        String realm = null;
-        final String clientPrincipal, tgsPrincipal = null;
+        final String clientPrincipal;
 
         /*
          * Find the TGT for the realm that the client is in. If the client
@@ -318,20 +317,8 @@
          */
         if (name != null) {
             clientPrincipal = (name.getKrb5PrincipalName()).getName();
-            realm = (name.getKrb5PrincipalName()).getRealmAsString();
         } else {
             clientPrincipal = null;
-            try {
-                Config config = Config.getInstance();
-                realm = config.getDefaultRealm();
-            } catch (KrbException e) {
-                GSSException ge =
-                        new GSSException(GSSException.NO_CRED, -1,
-                            "Attempt to obtain INITIATE credentials failed!" +
-                            " (" + e.getMessage() + ")");
-                ge.initCause(e);
-                throw ge;
-            }
         }
 
         final AccessControlContext acc = AccessController.getContext();
@@ -343,9 +330,11 @@
             return AccessController.doPrivileged(
                 new PrivilegedExceptionAction<KerberosTicket>() {
                 public KerberosTicket run() throws Exception {
+                    // It's OK to use null as serverPrincipal. TGT is almost
+                    // the first ticket for a principal and we use list.
                     return Krb5Util.getTicket(
                         realCaller,
-                        clientPrincipal, tgsPrincipal, acc);
+                        clientPrincipal, null, acc);
                         }});
         } catch (PrivilegedActionException e) {
             GSSException ge =
@@ -356,4 +345,20 @@
             throw ge;
         }
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        try {
+            Krb5NameElement kname = (Krb5NameElement)name;
+            Credentials newCred = Credentials.acquireS4U2selfCreds(
+                    kname.getKrb5PrincipalName(), krb5Credentials);
+            return new Krb5ProxyCredential(this, kname, newCred.getTicket());
+        } catch (IOException | KrbException ke) {
+            GSSException ge =
+                new GSSException(GSSException.FAILURE, -1,
+                    "Attempt to obtain S4U2self credentials failed!");
+            ge.initCause(ke);
+            throw ge;
+        }
+    }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.jgss.krb5;
+
+import org.ietf.jgss.*;
+import sun.security.jgss.spi.*;
+import java.util.Date;
+import sun.security.krb5.internal.Ticket;
+
+/**
+ * Implements the krb5 proxy credential element used in constrained
+ * delegation. It is used in both impersonation (where there is no Kerberos 5
+ * communication between the middle server and the client) and normal
+ * constrained delegation (where there is, but client has not called
+ * requestCredDeleg(true)).
+ * @since 1.8
+ */
+
+public class Krb5ProxyCredential
+    implements Krb5CredElement {
+
+    public final Krb5InitCredential self;   // the middle server
+    private final Krb5NameElement client;     // the client
+
+    // The ticket with cname=client and sname=self. This can be a normal
+    // service ticket or an S4U2self ticket.
+    public final Ticket tkt;
+
+    Krb5ProxyCredential(Krb5InitCredential self, Krb5NameElement client,
+            Ticket tkt) {
+        this.self = self;
+        this.tkt = tkt;
+        this.client = client;
+    }
+
+    // The client name behind the proxy
+    @Override
+    public final Krb5NameElement getName() throws GSSException {
+        return client;
+    }
+
+    @Override
+    public int getInitLifetime() throws GSSException {
+        // endTime of tkt is not used by KDC, and it's also not
+        // available in the case of kerberos constr deleg
+        return self.getInitLifetime();
+    }
+
+    @Override
+    public int getAcceptLifetime() throws GSSException {
+        return 0;
+    }
+
+    @Override
+    public boolean isInitiatorCredential() throws GSSException {
+        return true;
+    }
+
+    @Override
+    public boolean isAcceptorCredential() throws GSSException {
+        return false;
+    }
+
+    @Override
+    public final Oid getMechanism() {
+        return Krb5MechFactory.GSS_KRB5_MECH_OID;
+    }
+
+    @Override
+    public final java.security.Provider getProvider() {
+        return Krb5MechFactory.PROVIDER;
+    }
+
+    @Override
+    public void dispose() throws GSSException {
+        try {
+            self.destroy();
+        } catch (javax.security.auth.DestroyFailedException e) {
+            GSSException gssException =
+                new GSSException(GSSException.FAILURE, -1,
+                 "Could not destroy credentials - " + e.getMessage());
+            gssException.initCause(e);
+        }
+    }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        // Cannot impersonate multiple levels without the impersonatee's TGT.
+        throw new GSSException(GSSException.FAILURE, -1,
+                "Only an initiate credentials can impersonate");
+    }
+}
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Fri Nov 09 14:46:34 2012 -0800
@@ -206,7 +206,7 @@
      * identity, which can be:
      *   1. Some KerberosKeys (generated from password)
      *   2. A KeyTab (for a typical service)
-     *   3. A TGT (for a user2user service. Not supported yet)
+     *   3. A TGT (for S4U2proxy extension)
      *
      * Note that some creds can coexist. For example, a user2user service
      * can use its keytab (or keys) if the client can successfully obtain a
@@ -219,7 +219,7 @@
         private List<KeyTab> ktabs;
         private List<KerberosKey> kk;
         private Subject subj;
-        //private KerberosTicket tgt;   // user2user, not supported yet
+        private KerberosTicket tgt;
 
         private static ServiceCreds getInstance(
                 Subject subj, String serverPrincipal) {
@@ -255,6 +255,8 @@
                         subj, null, null, KeyTab.class);
             sc.kk = SubjectComber.findMany(
                         subj, serverPrincipal, null, KerberosKey.class);
+            sc.tgt = SubjectComber.find(subj, null, null, KerberosTicket.class);
+
             if (sc.ktabs.isEmpty() && sc.kk.isEmpty()) {
                 return null;
             }
@@ -310,10 +312,22 @@
             return ekeys;
         }
 
+        public Credentials getInitCred() {
+            if (tgt == null) {
+                return null;
+            }
+            try {
+                return ticketToCreds(tgt);
+            } catch (KrbException | IOException e) {
+                return null;
+            }
+        }
+
         public void destroy() {
             kp = null;
             ktabs = null;
             kk = null;
+            tgt = null;
         }
     }
     /**
@@ -357,7 +371,7 @@
     };
 
     public static Credentials ticketToCreds(KerberosTicket kerbTicket)
-        throws KrbException, IOException {
+            throws KrbException, IOException {
         return new Credentials(
             kerbTicket.getEncoded(),
             kerbTicket.getClient().getName(),
--- a/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java	Fri Nov 09 14:46:34 2012 -0800
@@ -96,4 +96,13 @@
      * @exception GSSException may be thrown
      */
     public Oid getMechanism();
+
+    /**
+     * Impersonates another client.
+     *
+     * @param name the client to impersonate
+     * @return the new credential
+     * @exception GSSException may be thrown
+     */
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
 }
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1059,6 +1059,9 @@
         if (mechContext != null) {
             GSSCredentialImpl delegCred =
                         (GSSCredentialImpl)mechContext.getDelegCred();
+            if (delegCred == null) {
+                return null;
+            }
             // determine delegated cred element usage
             boolean initiate = false;
             if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java	Fri Nov 09 14:46:34 2012 -0800
@@ -88,4 +88,9 @@
     public Oid getMechanism() {
         return GSSUtil.GSS_SPNEGO_MECH_OID;
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        return cred.impersonate(name);
+    }
 }
--- a/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,6 +28,7 @@
 import java.security.Provider;
 import sun.security.jgss.GSSUtil;
 import sun.security.jgss.spi.GSSCredentialSpi;
+import sun.security.jgss.spi.GSSNameSpi;
 
 /**
  * This class is essentially a wrapper class for the gss_cred_id_t
@@ -132,4 +133,10 @@
     protected void finalize() throws Throwable {
         dispose();
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        throw new GSSException(GSSException.FAILURE, -1,
+                "Not supported yet");
+    }
 }
--- a/src/share/classes/sun/security/krb5/Credentials.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/Credentials.java	Fri Nov 09 14:46:34 2012 -0800
@@ -449,6 +449,18 @@
         return CredentialsUtil.acquireServiceCreds(service, ccreds);
     }
 
+    public static Credentials acquireS4U2selfCreds(PrincipalName user,
+            Credentials ccreds) throws KrbException, IOException {
+        return CredentialsUtil.acquireS4U2selfCreds(user, ccreds);
+    }
+
+    public static Credentials acquireS4U2proxyCreds(String service,
+            Ticket second, PrincipalName client, Credentials ccreds)
+        throws KrbException, IOException {
+        return CredentialsUtil.acquireS4U2proxyCreds(
+                service, second, client, ccreds);
+    }
+
     public CredentialsCache getCache() {
         return cache;
     }
@@ -490,18 +502,19 @@
 
     public String toString() {
         StringBuffer buffer = new StringBuffer("Credentials:");
-        buffer.append("\nclient=").append(client);
-        buffer.append("\nserver=").append(server);
+        buffer.append(    "\n      client=").append(client);
+        buffer.append(    "\n      server=").append(server);
         if (authTime != null) {
-            buffer.append("\nauthTime=").append(authTime);
+            buffer.append("\n    authTime=").append(authTime);
         }
         if (startTime != null) {
-            buffer.append("\nstartTime=").append(startTime);
+            buffer.append("\n   startTime=").append(startTime);
         }
-        buffer.append("\nendTime=").append(endTime);
-        buffer.append("\nrenewTill=").append(renewTill);
-        buffer.append("\nflags: ").append(flags);
-        buffer.append("\nEType (int): ").append(key.getEType());
+        buffer.append(    "\n     endTime=").append(endTime);
+        buffer.append(    "\n   renewTill=").append(renewTill);
+        buffer.append(    "\n       flags=").append(flags);
+        buffer.append(    "\nEType (skey)=").append(key.getEType());
+        buffer.append(    "\n   (tkt key)=").append(ticket.encPart.eType);
         return buffer.toString();
     }
 
--- a/src/share/classes/sun/security/krb5/EncryptedData.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/EncryptedData.java	Fri Nov 09 14:46:34 2012 -0800
@@ -160,8 +160,6 @@
         kvno = key.getKeyVersionNumber();
     }
     */
-
-    // currently destructive on cipher
     public byte[] decrypt(
                           EncryptionKey key, int usage)
         throws KdcErrException, KrbApErrException, KrbCryptoException {
@@ -175,7 +173,9 @@
 
             EType etypeEngine = EType.getInstance(eType);
             plain = etypeEngine.decrypt(cipher, key.getBytes(), usage);
-            cipher = null;
+            // The service ticket will be used in S4U2proxy request. Therefore
+            // the raw ticket is still needed.
+            //cipher = null;
             return etypeEngine.decryptedData(plain);
         }
 
--- a/src/share/classes/sun/security/krb5/KrbApReq.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/KrbApReq.java	Fri Nov 09 14:46:34 2012 -0800
@@ -287,8 +287,9 @@
         cusec = authenticator.cusec;
         authenticator.ctime.setMicroSeconds(authenticator.cusec);
 
-        if (!authenticator.cname.equals(enc_ticketPart.cname))
+        if (!authenticator.cname.equals(enc_ticketPart.cname)) {
             throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
+        }
 
         KerberosTime currTime = new KerberosTime(KerberosTime.NOW);
         if (!authenticator.ctime.inClockSkew(currTime))
--- a/src/share/classes/sun/security/krb5/KrbKdcRep.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/KrbKdcRep.java	Fri Nov 09 14:46:34 2012 -0800
@@ -64,7 +64,12 @@
 
         for (int i = 1; i < 6; i++) {
             if (req.reqBody.kdcOptions.get(i) !=
-                rep.encKDCRepPart.flags.get(i)) {
+                   rep.encKDCRepPart.flags.get(i)) {
+                if (Krb5.DEBUG) {
+                    System.out.println("> KrbKdcRep.check: at #" + i
+                            + ". request for " + req.reqBody.kdcOptions.get(i)
+                            + ", received " + rep.encKDCRepPart.flags.get(i));
+                }
                 throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
             }
         }
--- a/src/share/classes/sun/security/krb5/KrbTgsRep.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/KrbTgsRep.java	Fri Nov 09 14:46:34 2012 -0800
@@ -87,7 +87,7 @@
         check(false, req, rep);
 
         this.creds = new Credentials(rep.ticket,
-                                req.reqBody.cname,
+                                rep.cname,
                                 rep.ticket.sname,
                                 enc_part.key,
                                 enc_part.flags,
--- a/src/share/classes/sun/security/krb5/KrbTgsReq.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/KrbTgsReq.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,6 +35,7 @@
 import sun.security.krb5.internal.crypto.*;
 import java.io.IOException;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 
 /**
  * This class encapsulates a Kerberos TGS-REQ that is sent from the
@@ -55,7 +56,7 @@
     private byte[] obuf;
     private byte[] ibuf;
 
-     // Used in CredentialsUtil
+    // Used in CredentialsUtil
     public KrbTgsReq(Credentials asCreds,
                      PrincipalName sname)
         throws KrbException, IOException {
@@ -72,6 +73,45 @@
             null); // EncryptionKey subSessionKey
     }
 
+    // S4U2proxy
+    public KrbTgsReq(Credentials asCreds,
+                     Ticket second,
+                     PrincipalName sname)
+            throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
+                KDCOptions.FORWARDABLE),
+            asCreds,
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            new Ticket[] {second}, // the service ticket
+            null);
+    }
+
+    // S4U2user
+    public KrbTgsReq(Credentials asCreds,
+                     PrincipalName sname,
+                     PAData extraPA)
+        throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.FORWARDABLE),
+            asCreds,
+            asCreds.getClient(),
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            extraPA); // the PA-FOR-USER
+    }
+
     // Called by Credentials, KrbCred
     KrbTgsReq(
             KDCOptions options,
@@ -85,14 +125,42 @@
             AuthorizationData authorizationData,
             Ticket[] additionalTickets,
             EncryptionKey subKey) throws KrbException, IOException {
+        this(options, asCreds, asCreds.getClient(), sname,
+                from, till, rtime, eTypes, addresses,
+                authorizationData, additionalTickets, subKey, null);
+    }
 
-        princName = asCreds.client;
+    private KrbTgsReq(
+            KDCOptions options,
+            Credentials asCreds,
+            PrincipalName cname,
+            PrincipalName sname,
+            KerberosTime from,
+            KerberosTime till,
+            KerberosTime rtime,
+            int[] eTypes,
+            HostAddresses addresses,
+            AuthorizationData authorizationData,
+            Ticket[] additionalTickets,
+            EncryptionKey subKey,
+            PAData extraPA) throws KrbException, IOException {
+
+        princName = cname;
         servName = sname;
         ctime = new KerberosTime(KerberosTime.NOW);
 
 
         // check if they are valid arguments. The optional fields
         // should be  consistent with settings in KDCOptions.
+
+        // TODO: Is this necessary? If the TGT is not FORWARDABLE,
+        // you can still request for a FORWARDABLE ticket, just the
+        // KDC will give you a non-FORWARDABLE one. Even if you
+        // cannot use the ticket expected, it still contains info.
+        // This means there will be problem later. We already have
+        // flags check in KrbTgsRep. Of course, sometimes the KDC
+        // will not issue the ticket at all.
+
         if (options.get(KDCOptions.FORWARDABLE) &&
                 (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
             throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
@@ -130,13 +198,13 @@
         } else {
             if (rtime != null)  rtime = null;
         }
-        if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
+        if (options.get(KDCOptions.ENC_TKT_IN_SKEY) || options.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
             if (additionalTickets == null)
                 throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
             // in TGS_REQ there could be more than one additional
             // tickets,  but in file-based credential cache,
             // there is only one additional ticket field.
-                secondTicket = additionalTickets[0];
+            secondTicket = additionalTickets[0];
         } else {
             if (additionalTickets != null)
                 additionalTickets = null;
@@ -156,7 +224,8 @@
                 addresses,
                 authorizationData,
                 additionalTickets,
-                subKey);
+                subKey,
+                extraPA);
         obuf = tgsReqMessg.asn1Encode();
 
         // XXX We need to revisit this to see if can't move it
@@ -221,7 +290,8 @@
                          HostAddresses addresses,
                          AuthorizationData authorizationData,
                          Ticket[] additionalTickets,
-                         EncryptionKey subKey)
+                         EncryptionKey subKey,
+                         PAData extraPA)
         throws Asn1Exception, IOException, KdcErrException, KrbApErrException,
                UnknownHostException, KrbCryptoException {
         KerberosTime req_till = null;
@@ -318,10 +388,12 @@
                                          null,
                                          null).getMessage();
 
-        PAData[] tgsPAData = new PAData[1];
-        tgsPAData[0] = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
-
-        return new TGSReq(tgsPAData, reqBody);
+        PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
+        return new TGSReq(
+                extraPA != null ?
+                    new PAData[] {extraPA, tgsPAData } :
+                    new PAData[] {tgsPAData},
+                reqBody);
     }
 
     TGSReq getMessage() {
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Fri Nov 09 14:46:34 2012 -0800
@@ -32,17 +32,7 @@
 package sun.security.krb5.internal;
 
 import sun.security.krb5.*;
-import sun.security.krb5.internal.ccache.CredentialsCache;
-import java.util.StringTokenizer;
-import sun.security.krb5.internal.ktab.*;
-import java.io.File;
 import java.io.IOException;
-import java.util.Date;
-import java.util.Vector;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
 
 /**
  * This class is a utility that contains much of the TGS-Exchange
@@ -53,77 +43,158 @@
 
     private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
 
-   /**
-    * Acquires credentials for a specified service using initial credential. Wh
-en the service has a different realm
-    * from the initial credential, we do cross-realm authentication - first, we
- use the current credential to get
-    * a cross-realm credential from the local KDC, then use that cross-realm cr
-edential to request service credential
-    * from the foreigh KDC.
-    *
-    * @param service the name of service principal using format components@real
-m
-    * @param ccreds client's initial credential.
-    * @exception Exception general exception will be thrown when any error occu
-rs.
-    * @return a <code>Credentials</code> object.
-    */
+    /**
+     * Used by a middle server to acquire credentials on behalf of a
+     * client to itself using the S4U2self extension.
+     * @param client the client to impersonate
+     * @param ccreds the TGT of the middle service
+     * @return the new creds (cname=client, sname=middle)
+     */
+    public static Credentials acquireS4U2selfCreds(PrincipalName client,
+            Credentials ccreds) throws KrbException, IOException {
+        String uRealm = client.getRealmString();
+        String localRealm = ccreds.getClient().getRealmString();
+        if (!uRealm.equals(localRealm)) {
+            // TODO: we do not support kerberos referral now
+            throw new KrbException("Cross realm impersonation not supported");
+        }
+        KrbTgsReq req = new KrbTgsReq(
+                ccreds,
+                ccreds.getClient(),
+                new PAData(Krb5.PA_FOR_USER,
+                    new PAForUserEnc(client,
+                        ccreds.getSessionKey()).asn1Encode()));
+        Credentials creds = req.sendAndGetCreds();
+        if (!creds.getClient().equals(client)) {
+            throw new KrbException("S4U2self request not honored by KDC");
+        }
+        return creds;
+    }
+
+    /**
+     * Used by a middle server to acquire a service ticket to a backend
+     * server using the S4U2proxy extension.
+     * @param backend the name of the backend service
+     * @param second the client's service ticket to the middle server
+     * @param ccreds the TGT of the middle server
+     * @return the creds (cname=client, sname=backend)
+     */
+    public static Credentials acquireS4U2proxyCreds(
+                String backend, Ticket second,
+                PrincipalName client, Credentials ccreds)
+            throws KrbException, IOException {
+        KrbTgsReq req = new KrbTgsReq(
+                ccreds,
+                second,
+                new PrincipalName(backend));
+        Credentials creds = req.sendAndGetCreds();
+        if (!creds.getClient().equals(client)) {
+            throw new KrbException("S4U2proxy request not honored by KDC");
+        }
+        return creds;
+    }
+
+    /**
+     * Acquires credentials for a specified service using initial
+     * credential. When the service has a different realm from the initial
+     * credential, we do cross-realm authentication - first, we use the
+     * current credential to get a cross-realm credential from the local KDC,
+     * then use that cross-realm credential to request service credential
+     * from the foreign KDC.
+     *
+     * @param service the name of service principal
+     * @param ccreds client's initial credential
+     */
     public static Credentials acquireServiceCreds(
                 String service, Credentials ccreds)
-    throws KrbException, IOException {
+            throws KrbException, IOException {
         PrincipalName sname = new PrincipalName(service);
         String serviceRealm = sname.getRealmString();
         String localRealm = ccreds.getClient().getRealmString();
 
-        /*
-          if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
-          if (DEBUG) {
-          System.out.println(">>>DEBUG: Credentails request cross realm ticket for " + "krbtgt/" + serviceRealm + "@" + localRealm);
-          }
-          Credentials crossCreds = serviceCreds(new ServiceName("krbtgt/" + serviceRealm + "@" + localRealm), ccreds);
-          if (DEBUG) {
-          printDebug(crossCreds);
-          }
-          Credentials result = serviceCreds(sname, crossCreds);
-          if (DEBUG) {
-          printDebug(result);
-          }
-          return result;
-          }
-          else return serviceCreds(sname, ccreds);
-        */
-
-        if (localRealm.equals(serviceRealm))
-        {
-            if (DEBUG)
-                System.out.println(">>> Credentials acquireServiceCreds: same realm");
+        if (localRealm.equals(serviceRealm)) {
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: same realm");
+            }
             return serviceCreds(sname, ccreds);
         }
+        Credentials theCreds = null;
+
+        boolean[] okAsDelegate = new boolean[1];
+        Credentials theTgt = getTGTforRealm(localRealm, serviceRealm,
+                ccreds, okAsDelegate);
+        if (theTgt != null) {
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "got right tgt");
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "obtaining service creds for " + sname);
+            }
+
+            try {
+                theCreds = serviceCreds(sname, theTgt);
+            } catch (Exception exc) {
+                if (DEBUG) {
+                    System.out.println(exc);
+                }
+                theCreds = null;
+            }
+        }
+
+        if (theCreds != null) {
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "returning creds:");
+                Credentials.printDebug(theCreds);
+            }
+            if (!okAsDelegate[0]) {
+                theCreds.resetDelegate();
+            }
+            return theCreds;
+        }
+        throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
+                                    "No service creds");
+    }
+
+    /**
+     * Gets a TGT to another realm
+     * @param localRealm this realm
+     * @param serviceRealm the other realm
+     * @param ccreds TGT in this realm
+     * @param okAsDelegate an [out] argument to receive the okAsDelegate
+     * property. True only if all realms allow delegation.
+     * @return the TGT for the other realm, null if cannot find a path
+     * @throws KrbException if something goes wrong
+     */
+    private static Credentials getTGTforRealm(String localRealm,
+            String serviceRealm, Credentials ccreds, boolean[] okAsDelegate)
+            throws KrbException {
 
         // Get a list of realms to traverse
         String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
-        boolean okAsDelegate = true;
 
-        if (realms == null || realms.length == 0)
-        {
-            if (DEBUG)
-                System.out.println(">>> Credentials acquireServiceCreds: no realms list");
+        if (realms == null || realms.length == 0) {
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: no realms list");
+            }
             return null;
         }
 
         int i = 0, k = 0;
         Credentials cTgt = null, newTgt = null, theTgt = null;
         PrincipalName tempService = null;
-        String realm = null, newTgtRealm = null, theTgtRealm = null;
+        String newTgtRealm = null;
 
-        for (cTgt = ccreds, i = 0; i < realms.length;)
-        {
+        okAsDelegate[0] = true;
+        for (cTgt = ccreds, i = 0; i < realms.length;) {
             tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
 
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: main loop: [" + i +"] tempService=" + tempService);
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: main loop: ["
+                        + i +"] tempService=" + tempService);
             }
 
             try {
@@ -132,11 +203,10 @@
                 newTgt = null;
             }
 
-            if (newTgt == null)
-            {
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: no tgt; searching backwards");
+            if (newTgt == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "no tgt; searching backwards");
                 }
 
                 /*
@@ -144,17 +214,15 @@
                  * realm as close to the target as possible.
                  * That means traversing the realms list backwards.
                  */
-
                 for (newTgt = null, k = realms.length - 1;
-                     newTgt == null && k > i; k--)
-                {
-
+                        newTgt == null && k > i; k--) {
                     tempService = PrincipalName.tgsService(realms[k], realms[i]);
-                    if (DEBUG)
-                    {
-                        System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
+                    if (DEBUG) {
+                        System.out.println(
+                                ">>> Credentials acquireServiceCreds: "
+                                + "inner loop: [" + k
+                                + "] tempService=" + tempService);
                     }
-
                     try {
                         newTgt = serviceCreds(tempService, cTgt);
                     } catch (Exception exc) {
@@ -163,11 +231,10 @@
                 }
             } // Ends 'if (newTgt == null)'
 
-            if (newTgt == null)
-            {
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: no tgt; cannot get creds");
+            if (newTgt == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "no tgt; cannot get creds");
                 }
                 break;
             }
@@ -176,29 +243,24 @@
              * We have a tgt. It may or may not be for the target.
              * If it's for the target realm, we're done looking for a tgt.
              */
-
             newTgtRealm = newTgt.getServer().getInstanceComponent();
-            if (okAsDelegate && !newTgt.checkDelegate()) {
-                if (DEBUG)
-                {
+            if (okAsDelegate[0] && !newTgt.checkDelegate()) {
+                if (DEBUG) {
                     System.out.println(">>> Credentials acquireServiceCreds: " +
                             "global OK-AS-DELEGATE turned off at " +
                             newTgt.getServer());
                 }
-                okAsDelegate = false;
+                okAsDelegate[0] = false;
             }
 
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: got tgt");
-                //printDebug(newTgt);
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "got tgt");
             }
 
-            if (newTgtRealm.equals(serviceRealm))
-            {
+            if (newTgtRealm.equals(serviceRealm)) {
                 /* We got the right tgt */
                 theTgt = newTgt;
-                theTgtRealm = newTgtRealm;
                 break;
             }
 
@@ -207,17 +269,13 @@
              * See if the realm of the new tgt is in the list of realms
              * and continue looking from there.
              */
-
-            for (k = i+1; k < realms.length; k++)
-            {
-                if (newTgtRealm.equals(realms[k]))
-                {
+            for (k = i+1; k < realms.length; k++) {
+                if (newTgtRealm.equals(realms[k])) {
                     break;
                 }
             }
 
-            if (k < realms.length)
-            {
+            if (k < realms.length) {
                 /*
                  * (re)set the counter so we start looking
                  * from the realm we just obtained a tgt for.
@@ -225,64 +283,24 @@
                 i = k;
                 cTgt = newTgt;
 
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: continuing with main loop counter reset to " + i);
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "continuing with main loop counter reset to " + i);
                 }
-
                 continue;
             }
-            else
-            {
+            else {
                 /*
                  * The new tgt's realm is not in the heirarchy of realms.
                  * It's probably not safe to get a tgt from
                  * a tgs that is outside the known list of realms.
                  * Give up now.
                  */
-
                 break;
             }
         } // Ends outermost/main 'for' loop
 
-        Credentials theCreds = null;
-
-        if (theTgt != null)
-        {
-            /* We have the right tgt. Let's get the service creds */
-
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: got right tgt");
-
-                //printDebug(theTgt);
-
-                System.out.println(">>> Credentials acquireServiceCreds: obtaining service creds for " + sname);
-            }
-
-            try {
-                theCreds = serviceCreds(sname, theTgt);
-            } catch (Exception exc) {
-              if (DEBUG)
-                System.out.println(exc);
-              theCreds = null;
-            }
-        }
-
-        if (theCreds != null)
-        {
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
-                Credentials.printDebug(theCreds);
-            }
-            if (!okAsDelegate) {
-                theCreds.resetDelegate();
-            }
-            return theCreds;
-        }
-        throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
-                                    "No service creds");
+        return theTgt;
     }
 
    /*
--- a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Fri Nov 09 14:46:34 2012 -0800
@@ -160,9 +160,10 @@
         if (der.getData().available() > 0) {
             caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
         }
-        if (der.getData().available() > 0) {
+        // We observe extra data from MSAD
+        /*if (der.getData().available() > 0) {
             throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
+        }*/
     }
 
     /**
--- a/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Fri Nov 09 14:46:34 2012 -0800
@@ -139,13 +139,45 @@
     public static final int UNUSED9         = 9;
     public static final int UNUSED10        = 10;
     public static final int UNUSED11        = 11;
+    public static final int CNAME_IN_ADDL_TKT = 14;
     public static final int RENEWABLE_OK    = 27;
     public static final int ENC_TKT_IN_SKEY = 28;
     public static final int RENEW           = 30;
     public static final int VALIDATE        = 31;
 
+    private static final String[] names = {
+        "RESERVED",         //0
+        "FORWARDABLE",      //1;
+        "FORWARDED",        //2;
+        "PROXIABLE",        //3;
+        "PROXY",            //4;
+        "ALLOW_POSTDATE",   //5;
+        "POSTDATED",        //6;
+        "UNUSED7",          //7;
+        "RENEWABLE",        //8;
+        "UNUSED9",          //9;
+        "UNUSED10",         //10;
+        "UNUSED11",         //11;
+        null,null,
+        "CNAME_IN_ADDL_TKT",//14;
+        null,null,null,null,null,null,null,null,null,null,null,null,
+        "RENEWABLE_OK",     //27;
+        "ENC_TKT_IN_SKEY",  //28;
+        null,
+        "RENEW",            //30;
+        "VALIDATE",         //31;
+    };
+
     private boolean DEBUG = Krb5.DEBUG;
 
+    public static KDCOptions with(int... flags) {
+        KDCOptions options = new KDCOptions();
+        for (int flag: flags) {
+            options.set(flag, true);
+        }
+        return options;
+    }
+
     public KDCOptions() {
         super(Krb5.KDC_OPTS_MAX + 1);
         setDefault();
@@ -238,6 +270,20 @@
         return super.get(option);
     }
 
+    @Override public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("KDCOptions: ");
+        for (int i=0; i<Krb5.KDC_OPTS_MAX+1; i++) {
+            if (get(i)) {
+                if (names[i] != null) {
+                    sb.append(names[i]).append(",");
+                } else {
+                    sb.append(i).append(",");
+                }
+            }
+        }
+        return sb.toString();
+    }
 
     private void setDefault() {
         try {
--- a/src/share/classes/sun/security/krb5/internal/Krb5.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/Krb5.java	Fri Nov 09 14:46:34 2012 -0800
@@ -158,6 +158,9 @@
     public static final int PA_ETYPE_INFO    = 11;
     public static final int PA_ETYPE_INFO2   = 19;
 
+    // S4U2user info
+    public static final int PA_FOR_USER      = 129;
+
     //-------------------------------+-------------
     //authorization data type        |ad-type value
     //-------------------------------+-------------
--- a/src/share/classes/sun/security/krb5/internal/PAData.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/PAData.java	Fri Nov 09 14:46:34 2012 -0800
@@ -312,6 +312,9 @@
                     }
                 }
                 break;
+            case Krb5.PA_FOR_USER:
+                sb.append("\t PA-FOR-USER\n");
+                break;
             default:
                 // Unknown Pre-auth type
                 break;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.krb5.internal;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import sun.security.krb5.*;
+import sun.security.krb5.internal.crypto.KeyUsage;
+import sun.security.krb5.internal.util.KerberosString;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+/**
+ * Implements the ASN.1 PA-FOR-USER type.
+ *
+ * <xmp>
+ * padata-type  ::= PA-FOR-USER
+ *                  -- value 129
+ * padata-value ::= EncryptedData
+ *                  -- PA-FOR-USER-ENC
+ * PA-FOR-USER-ENC ::= SEQUENCE {
+ *     userName[0] PrincipalName,
+ *     userRealm[1] Realm,
+ *     cksum[2] Checksum,
+ *     auth-package[3] KerberosString
+ * }
+ * </xmp>
+ *
+ * <p>
+ * This definition reflects MS-SFU.
+ */
+
+public class PAForUserEnc {
+    final public PrincipalName name;
+    final private EncryptionKey key;
+    final public static String AUTH_PACKAGE = "Kerberos";
+
+    public PAForUserEnc(PrincipalName name, EncryptionKey key) {
+        this.name = name;
+        this.key = key;
+    }
+
+    /**
+     * Constructs a PA-FOR-USER object from a DER encoding.
+     * @param encoding the input object
+     * @param key the key to verify the checksum inside encoding
+     * @throws KrbException if the verification fails.
+     * Note: this method is now only used by test KDC, therefore
+     * the verification is ignored (at the moment).
+     */
+    public PAForUserEnc(DerValue encoding, EncryptionKey key)
+            throws Asn1Exception, KrbException, IOException {
+        DerValue der = null;
+        this.key = key;
+
+        if (encoding.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        // Realm after name? Quite abnormal.
+        PrincipalName tmpName = null;
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x00) {
+            try {
+                tmpName = new PrincipalName(der.getData().getDerValue(),
+                    new Realm("PLACEHOLDER"));
+            } catch (RealmException re) {
+                // Impossible
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x01) {
+            try {
+                Realm realm = new Realm(der.getData().getDerValue());
+                name = new PrincipalName(
+                        tmpName.getNameType(), tmpName.getNameStrings(), realm);
+            } catch (RealmException re) {
+                throw new IOException(re);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x02) {
+            // Deal with the checksum
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x03) {
+            String authPackage = new KerberosString(der.getData().getDerValue()).toString();
+            if (!authPackage.equalsIgnoreCase(AUTH_PACKAGE)) {
+                throw new IOException("Incorrect auth-package");
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if (encoding.getData().available() > 0)
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+    }
+
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        DerOutputStream bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), name.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode());
+
+        try {
+            Checksum cks = new Checksum(
+                    Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR,
+                    getS4UByteArray(),
+                    key,
+                    KeyUsage.KU_PA_FOR_USER_ENC_CKSUM);
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cks.asn1Encode());
+        } catch (KrbException ke) {
+            throw new IOException(ke);
+        }
+
+        DerOutputStream temp = new DerOutputStream();
+        temp.putDerValue(new KerberosString(AUTH_PACKAGE).toDerValue());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
+
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        return temp.toByteArray();
+    }
+
+    /**
+     * Returns S4UByteArray, the block to calculate checksum inside a
+     * PA-FOR-USER-ENC data structure. It includes:
+     * 1. userName.name-type encoded as a 4-byte integer in little endian
+     *    byte order
+     * 2. all string values in the sequence of strings contained in the
+     *    userName.name-string field
+     * 3. the string value of the userRealm field
+     * 4. the string value of auth-package field
+     */
+    public byte[] getS4UByteArray() {
+        try {
+            ByteArrayOutputStream ba = new ByteArrayOutputStream();
+            ba.write(new byte[4]);
+            for (String s: name.getNameStrings()) {
+                ba.write(s.getBytes("UTF-8"));
+            }
+            ba.write(name.getRealm().toString().getBytes("UTF-8"));
+            ba.write(AUTH_PACKAGE.getBytes("UTF-8"));
+            byte[] output = ba.toByteArray();
+            int pnType = name.getNameType();
+            output[0] = (byte)(pnType & 0xff);
+            output[1] = (byte)((pnType>>8) & 0xff);
+            output[2] = (byte)((pnType>>16) & 0xff);
+            output[3] = (byte)((pnType>>24) & 0xff);
+            return output;
+        } catch (IOException ioe) {
+            // not possible
+            throw new AssertionError("Cannot write ByteArrayOutputStream", ioe);
+        }
+    }
+
+    public String toString() {
+        return "PA-FOR-USER: " + name;
+    }
+}
--- a/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java	Fri Nov 09 14:46:34 2012 -0800
@@ -54,6 +54,7 @@
     public static final int KU_ENC_KRB_PRIV_PART = 13;          // KrbPriv
     public static final int KU_ENC_KRB_CRED_PART = 14;          // KrbCred
     public static final int KU_KRB_SAFE_CKSUM = 15;             // KrbSafe
+    public static final int KU_PA_FOR_USER_ENC_CKSUM = 17;      // S4U2user
     public static final int KU_AD_KDC_ISSUED_CKSUM = 19;
 
     public static final boolean isValid(int usage) {
--- a/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Fri Nov 09 14:46:34 2012 -0800
@@ -279,6 +279,9 @@
         EncryptionKey key;
         int size = entries.size();
         ArrayList<EncryptionKey> keys = new ArrayList<>(size);
+        if (DEBUG) {
+            System.out.println("Looking for keys for: " + service);
+        }
         for (int i = size-1; i >= 0; i--) {
             entry = entries.elementAt(i);
             if (entry.service.match(service)) {
--- a/src/share/classes/sun/security/pkcs/PKCS7.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/pkcs/PKCS7.java	Fri Nov 09 14:46:34 2012 -0800
@@ -39,7 +39,6 @@
 import sun.security.timestamp.*;
 import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateIssuerName;
 import sun.security.x509.X509CertImpl;
 import sun.security.x509.X509CertInfo;
 import sun.security.x509.X509CRLImpl;
@@ -712,8 +711,8 @@
                     X509CertInfo tbsCert =
                         new X509CertInfo(cert.getTBSCertificate());
                     certIssuerName = (Principal)
-                        tbsCert.get(CertificateIssuerName.NAME + "." +
-                                    CertificateIssuerName.DN_NAME);
+                        tbsCert.get(X509CertInfo.ISSUER + "." +
+                                    X509CertInfo.DN_NAME);
                 } catch (Exception e) {
                     // error generating X500Name object from the cert's
                     // issuer DN, leave name as is.
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Fri Nov 09 14:46:34 2012 -0800
@@ -67,7 +67,7 @@
     private URI responderURI;
     private X509Certificate responderCert;
     private List<CertStore> certStores;
-    private Map<X509Certificate, byte[]> ocspStapled;
+    private Map<X509Certificate, byte[]> ocspResponses;
     private List<Extension> ocspExtensions;
     private boolean legacy;
 
@@ -140,7 +140,7 @@
         } else {
             crlDP = true;
         }
-        ocspStapled = getOCSPStapledResponses();
+        ocspResponses = getOCSPResponses();
         ocspExtensions = getOCSPExtensions();
 
         this.anchor = anchor;
@@ -645,11 +645,11 @@
         try {
             certId = new CertId(issuerCert, currCert.getSerialNumberObject());
 
-            // check if there is a stapled OCSP response available
-            byte[] responseBytes = ocspStapled.get(cert);
+            // check if there is a cached OCSP response available
+            byte[] responseBytes = ocspResponses.get(cert);
             if (responseBytes != null) {
                 if (debug != null) {
-                    debug.println("Found stapled OCSP response");
+                    debug.println("Found cached OCSP response");
                 }
                 response = new OCSPResponse(responseBytes);
 
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java	Fri Nov 09 14:46:34 2012 -0800
@@ -2259,9 +2259,9 @@
                 X509CertInfo tbsCert = new
                     X509CertInfo(certChain[0].getTBSCertificate());
                 issuerName = (Principal)
-                    tbsCert.get(CertificateIssuerName.NAME + "." +
-                                CertificateIssuerName.DN_NAME);
-            }
+                    tbsCert.get(X509CertInfo.ISSUER + "." +
+                                X509CertInfo.DN_NAME);
+                }
             BigInteger serial = certChain[0].getSerialNumber();
 
             String signatureAlgorithm;
--- a/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java	Fri Nov 09 14:46:34 2012 -0800
@@ -258,10 +258,10 @@
             AlgorithmId algID = AlgorithmId.get(sigAlg);
             info.set(X509CertInfo.ALGORITHM_ID,
                      new CertificateAlgorithmId(algID));
-            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+            info.set(X509CertInfo.SUBJECT, myname);
             info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
             info.set(X509CertInfo.VALIDITY, interval);
-            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+            info.set(X509CertInfo.ISSUER, myname);
             if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
 
             cert = new X509CertImpl(info);
--- a/src/share/classes/sun/security/tools/keytool/Main.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/tools/keytool/Main.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1145,7 +1145,7 @@
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
         X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
 
         Date firstDate = getStartDate(startDate);
         Date lastDate = new Date();
@@ -1170,7 +1170,7 @@
         info.set(X509CertInfo.ALGORITHM_ID,
                     new CertificateAlgorithmId(
                         AlgorithmId.get(sigAlgName)));
-        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
+        info.set(X509CertInfo.ISSUER, issuer);
 
         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
         boolean canRead = false;
@@ -1193,8 +1193,8 @@
         PKCS10 req = new PKCS10(rawReq);
 
         info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
-        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
-                dname==null?req.getSubjectName():new X500Name(dname)));
+        info.set(X509CertInfo.SUBJECT,
+                    dname==null?req.getSubjectName():new X500Name(dname));
         CertificateExtensions reqex = null;
         Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
         while (attrs.hasNext()) {
@@ -1234,7 +1234,7 @@
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
         X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                                      X509CertInfo.DN_NAME);
 
         Date firstDate = getStartDate(startDate);
         Date lastDate = (Date) firstDate.clone();
@@ -2405,16 +2405,16 @@
         if (dname == null) {
             // Get the owner name from the certificate
             owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
         } else {
             // Use the owner name specified at the command line
             owner = new X500Name(dname);
             certInfo.set(X509CertInfo.SUBJECT + "." +
-                         CertificateSubjectName.DN_NAME, owner);
+                         X509CertInfo.DN_NAME, owner);
         }
         // Make issuer same as owner (self-signed!)
         certInfo.set(X509CertInfo.ISSUER + "." +
-                     CertificateIssuerName.DN_NAME, owner);
+                     X509CertInfo.DN_NAME, owner);
 
         // The inner and outer signature algorithms have to match.
         // The way we achieve that is really ugly, but there seems to be no
--- a/src/share/classes/sun/security/x509/X509CertImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/x509/X509CertImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -96,12 +96,10 @@
      */
     // x509.info.subject.dname
     public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.SUBJECT + DOT +
-                               CertificateSubjectName.DN_NAME;
+                               X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
     // x509.info.issuer.dname
     public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.ISSUER + DOT +
-                               CertificateIssuerName.DN_NAME;
+                               X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
     // x509.info.serialNumber.number
     public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
                                X509CertInfo.SERIAL_NUMBER + DOT +
@@ -890,9 +888,8 @@
         if (info == null)
             return null;
         try {
-            Principal subject = (Principal)info.get(
-                                 CertificateSubjectName.NAME + DOT +
-                                 CertificateSubjectName.DN_NAME);
+            Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
+                                                    X509CertInfo.DN_NAME);
             return subject;
         } catch (Exception e) {
             return null;
@@ -910,8 +907,8 @@
         }
         try {
             X500Principal subject = (X500Principal)info.get(
-                                CertificateSubjectName.NAME + DOT +
-                                CertificateSubjectName.DN_PRINCIPAL);
+                                            X509CertInfo.SUBJECT + DOT +
+                                            "x500principal");
             return subject;
         } catch (Exception e) {
             return null;
@@ -927,9 +924,8 @@
         if (info == null)
             return null;
         try {
-            Principal issuer = (Principal)info.get(
-                                CertificateIssuerName.NAME + DOT +
-                                CertificateIssuerName.DN_NAME);
+            Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
+                                                   X509CertInfo.DN_NAME);
             return issuer;
         } catch (Exception e) {
             return null;
@@ -947,8 +943,8 @@
         }
         try {
             X500Principal issuer = (X500Principal)info.get(
-                                CertificateIssuerName.NAME + DOT +
-                                CertificateIssuerName.DN_PRINCIPAL);
+                                            X509CertInfo.ISSUER + DOT +
+                                            "x500principal");
             return issuer;
         } catch (Exception e) {
             return null;
--- a/src/share/classes/sun/security/x509/X509CertInfo.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/x509/X509CertInfo.java	Fri Nov 09 14:46:34 2012 -0800
@@ -68,12 +68,13 @@
     public static final String IDENT = "x509.info";
     // Certificate attribute names
     public static final String NAME = "info";
+    public static final String DN_NAME = "dname";
     public static final String VERSION = CertificateVersion.NAME;
     public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
     public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
-    public static final String ISSUER = CertificateIssuerName.NAME;
+    public static final String ISSUER = "issuer";
+    public static final String SUBJECT = "subject";
     public static final String VALIDITY = CertificateValidity.NAME;
-    public static final String SUBJECT = CertificateSubjectName.NAME;
     public static final String KEY = CertificateX509Key.NAME;
     public static final String ISSUER_ID = "issuerID";
     public static final String SUBJECT_ID = "subjectID";
@@ -83,9 +84,9 @@
     protected CertificateVersion version = new CertificateVersion();
     protected CertificateSerialNumber   serialNum = null;
     protected CertificateAlgorithmId    algId = null;
-    protected CertificateIssuerName     issuer = null;
+    protected X500Name                  issuer = null;
+    protected X500Name                  subject = null;
     protected CertificateValidity       interval = null;
-    protected CertificateSubjectName    subject = null;
     protected CertificateX509Key        pubKey = null;
 
     // X509.v2 & v3 extensions
@@ -399,11 +400,7 @@
             break;
 
         case ATTR_ISSUER:
-            if (suffix == null) {
-                setIssuer(val);
-            } else {
-                issuer.set(suffix, val);
-            }
+            setIssuer(val);
             break;
 
         case ATTR_VALIDITY:
@@ -415,11 +412,7 @@
             break;
 
         case ATTR_SUBJECT:
-            if (suffix == null) {
-                setSubject(val);
-            } else {
-                subject.set(suffix, val);
-            }
+            setSubject(val);
             break;
 
         case ATTR_KEY:
@@ -493,11 +486,7 @@
             }
             break;
         case (ATTR_ISSUER):
-            if (suffix == null) {
-                issuer = null;
-            } else {
-                issuer.delete(suffix);
-            }
+            issuer = null;
             break;
         case (ATTR_VALIDITY):
             if (suffix == null) {
@@ -507,11 +496,7 @@
             }
             break;
         case (ATTR_SUBJECT):
-            if (suffix == null) {
-                subject = null;
-            } else {
-                subject.delete(suffix);
-            }
+            subject = null;
             break;
         case (ATTR_KEY):
             if (suffix == null) {
@@ -571,13 +556,13 @@
             if (suffix == null) {
                 return(subject);
             } else {
-                return(subject.get(suffix));
+                return(getX500Name(suffix, false));
             }
         case (ATTR_ISSUER):
             if (suffix == null) {
                 return(issuer);
             } else {
-                return(issuer.get(suffix));
+                return(getX500Name(suffix, true));
             }
         case (ATTR_KEY):
             if (suffix == null) {
@@ -618,6 +603,21 @@
     }
 
     /*
+     * Get the Issuer or Subject name
+     */
+    private Object getX500Name(String name, boolean getIssuer)
+        throws IOException {
+        if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
+            return getIssuer ? issuer : subject;
+        } else if (name.equalsIgnoreCase("x500principal")) {
+            return getIssuer ? issuer.asX500Principal()
+                             : subject.asX500Principal();
+        } else {
+            throw new IOException("Attribute name not recognized.");
+        }
+    }
+
+    /*
      * This routine unmarshals the certificate information.
      */
     private void parse(DerValue val)
@@ -646,9 +646,8 @@
         algId = new CertificateAlgorithmId(in);
 
         // Issuer name
-        issuer = new CertificateIssuerName(in);
-        X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
-        if (issuerDN.isEmpty()) {
+        issuer = new X500Name(in);
+        if (issuer.isEmpty()) {
             throw new CertificateParsingException(
                 "Empty issuer DN not allowed in X509Certificates");
         }
@@ -657,10 +656,9 @@
         interval = new CertificateValidity(in);
 
         // subject name
-        subject = new CertificateSubjectName(in);
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
+        subject = new X500Name(in);
         if ((version.compare(CertificateVersion.V1) == 0) &&
-                subjectDN.isEmpty()) {
+                subject.isEmpty()) {
             throw new CertificateParsingException(
                       "Empty subject DN not allowed in v1 certificate");
         }
@@ -712,13 +710,12 @@
     /*
      * Verify if X.509 V3 Certificate is compliant with RFC 3280.
      */
-    private void verifyCert(CertificateSubjectName subject,
+    private void verifyCert(X500Name subject,
         CertificateExtensions extensions)
         throws CertificateParsingException, IOException {
 
         // if SubjectName is empty, check for SubjectAlternativeNameExtension
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
-        if (subjectDN.isEmpty()) {
+        if (subject.isEmpty()) {
             if (extensions == null) {
                 throw new CertificateParsingException("X.509 Certificate is " +
                         "incomplete: subject field is empty, and certificate " +
@@ -859,11 +856,11 @@
      * @exception CertificateException on invalid data.
      */
     private void setIssuer(Object val) throws CertificateException {
-        if (!(val instanceof CertificateIssuerName)) {
+        if (!(val instanceof X500Name)) {
             throw new CertificateException(
                              "Issuer class type invalid.");
         }
-        issuer = (CertificateIssuerName)val;
+        issuer = (X500Name)val;
     }
 
     /**
@@ -887,11 +884,11 @@
      * @exception CertificateException on invalid data.
      */
     private void setSubject(Object val) throws CertificateException {
-        if (!(val instanceof CertificateSubjectName)) {
+        if (!(val instanceof X500Name)) {
             throw new CertificateException(
                              "Subject class type invalid.");
         }
-        subject = (CertificateSubjectName)val;
+        subject = (X500Name)val;
     }
 
     /**
--- a/src/share/classes/sun/security/x509/certAttributes.html	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/security/x509/certAttributes.html	Fri Nov 09 14:46:34 2012 -0800
@@ -6,7 +6,7 @@
 <h2><center>Certificate Attributes</center></h2>
 <font size=3><center>July 1998</font></center>
 <p>
-In JDK1.2 we provide an implementation of X.509 (version 3). 
+In JDK1.2 we provide an implementation of X.509 (version 3).
 The X509CertImpl class supports the following methods to
 manipulate the various attributes of a certificate:
 <pre>
@@ -86,9 +86,9 @@
 <td>issuer</td>
 <td>x509.info.issuer<br>
 x509.info.issuer.dname</td>
-<td>CertificateIssuerName.IDENT<br>
+<td>none<br>
 X509CertImpl.ISSUER_DN</td>
-<td>CertificateIssuerName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -109,9 +109,9 @@
 <td>subject</td>
 <td>x509.info.subject<br>
 x509.info.subject.dname</td>
-<td>CertificateSubjectName.IDENT<br>
+<td>none<br>
 X509CertImpl.SUBJECT_DN</td>
-<td>CertificateSubjectName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -127,18 +127,18 @@
 <td>issuerUniqueID</td>
 <td>x509.info.issuerID<br>
 x509.info.issuerID.id</td>
-<td>CertificateIssuerUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateIssuerUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>
 <td>subjectUniqueID</td>
 <td>x509.info.subjectID<br>
 x509.info.subjectID.id</td>
-<td>CertificateSubjectUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateSubjectUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>
--- a/src/share/classes/sun/tools/java/RuntimeConstants.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/tools/java/RuntimeConstants.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
     /* Class File Constants */
     int JAVA_MAGIC                   = 0xcafebabe;
     int JAVA_MIN_SUPPORTED_VERSION   = 45;
-    int JAVA_MAX_SUPPORTED_VERSION   = 51;
+    int JAVA_MAX_SUPPORTED_VERSION   = 52;
     int JAVA_MAX_SUPPORTED_MINOR_VERSION = 0;
 
     /* Generate class file version for 1.1  by default */
--- a/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Fri Nov 09 14:46:34 2012 -0800
@@ -329,9 +329,6 @@
             tagset.add(token);
         }
 
-        // ensure en-US is there (mandated by the spec, e.g. Collator.getAvailableLocales())
-        tagset.add("en-US");
-
         return tagset;
     }
 
--- a/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,6 +26,7 @@
 package sun.util.locale.provider;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.IllformedLocaleException;
@@ -177,7 +178,7 @@
             for (Class<? extends LocaleServiceProvider> c : spiClasses) {
                 LocaleServiceProviderPool pool =
                     LocaleServiceProviderPool.getPool(c);
-                all.addAll(pool.getAvailableLocaleList());
+                all.addAll(pool.getAvailableLocaleSet());
             }
 
             allAvailableLocales = all.toArray(new Locale[0]);
@@ -207,13 +208,23 @@
      * @return an array of the available locales
      */
     public Locale[] getAvailableLocales() {
-        Set<Locale> locList = getAvailableLocaleList();
+        Set<Locale> locList = new HashSet<>();
+        locList.addAll(getAvailableLocaleSet());
+        // Make sure it all contains JRE's locales for compatibility.
+        locList.addAll(Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales()));
         Locale[] tmp = new Locale[locList.size()];
         locList.toArray(tmp);
         return tmp;
     }
 
-    private synchronized Set<Locale> getAvailableLocaleList() {
+    /**
+     * Returns the union of locale sets that are available from
+     * each service provider. This method does NOT return the
+     * defensive copy.
+     *
+     * @return a set of available locales
+     */
+    private synchronized Set<Locale> getAvailableLocaleSet() {
         if (availableLocales == null) {
             availableLocales = new HashSet<>();
             for (LocaleServiceProvider lsp : providers.values()) {
@@ -222,9 +233,6 @@
                     availableLocales.add(getLookupLocale(locale));
                 }
             }
-
-            // Remove Locale.ROOT for the compatibility.
-            availableLocales.remove(Locale.ROOT);
         }
 
         return availableLocales;
@@ -295,7 +303,7 @@
 
         List<Locale> lookupLocales = getLookupLocales(locale);
 
-        Set<Locale> available = getAvailableLocaleList();
+        Set<Locale> available = getAvailableLocaleSet();
         for (Locale current : lookupLocales) {
             if (available.contains(current)) {
                 S providersObj;
--- a/src/share/native/com/sun/java/util/jar/pack/constants.h	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/com/sun/java/util/jar/pack/constants.h	Fri Nov 09 14:46:34 2012 -0800
@@ -35,12 +35,19 @@
 #define JAVA_MAGIC 0xCAFEBABE
 #define JAVA_MIN_MAJOR_VERSION 45
 #define JAVA_MIN_MINOR_VERSION 3
+
 #define JAVA5_MAX_MAJOR_VERSION 49
 #define JAVA5_MAX_MINOR_VERSION 0
-// NOTE: Assume for now
+
 #define JAVA6_MAX_MAJOR_VERSION 50
 #define JAVA6_MAX_MINOR_VERSION 0
 
+#define JAVA7_MAX_MAJOR_VERSION 51
+#define JAVA7_MAX_MINOR_VERSION 0
+
+#define JAVA8_MAX_MAJOR_VERSION 52
+#define JAVA8_MAX_MINOR_VERSION 0
+
 // package file constants
 #define JAVA_PACKAGE_MAGIC 0xCAFED00D
 #define JAVA5_PACKAGE_MAJOR_VERSION 150
--- a/src/share/native/java/lang/System.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/java/lang/System.c	Fri Nov 09 14:46:34 2012 -0800
@@ -102,7 +102,7 @@
 #define VENDOR_URL_BUG "http://bugreport.sun.com/bugreport/"
 #endif
 
-#define JAVA_MAX_SUPPORTED_VERSION 51
+#define JAVA_MAX_SUPPORTED_VERSION 52
 #define JAVA_MAX_SUPPORTED_MINOR_VERSION 0
 
 #ifdef JAVA_SPECIFICATION_VENDOR /* Third party may NOT overwrite this. */
--- a/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Fri Nov 09 14:46:34 2012 -0800
@@ -26,6 +26,7 @@
 #include "sun_security_jgss_wrapper_GSSLibStub.h"
 #include "NativeUtil.h"
 #include "NativeFunc.h"
+#include "jlong.h"
 
 /* Constants for indicating what type of info is needed for inqueries */
 const int TYPE_CRED_NAME = 10;
@@ -75,14 +76,14 @@
                                                      jclass jcls,
                                                      jbyteArray jbytes) {
   gss_OID cOid;
-  int i, len;
+  unsigned int i, len;
   jbyte* bytes;
   jthrowable gssEx;
   jboolean found;
 
   if (jbytes != NULL) {
     found = JNI_FALSE;
-    len = (*env)->GetArrayLength(env, jbytes) - 2;
+    len = (unsigned int)((*env)->GetArrayLength(env, jbytes) - 2);
     bytes = (*env)->GetByteArrayElements(env, jbytes, NULL);
     if (bytes != NULL) {
       for (i = 0; i < ftab->mechs->count; i++) {
@@ -98,9 +99,9 @@
     }
     if (found != JNI_TRUE) {
       checkStatus(env, NULL, GSS_S_BAD_MECH, 0, "[GSSLibStub_getMechPtr]");
-      return NULL;
-    } else return cOid;
-  } else return GSS_C_NO_OID;
+      return ptr_to_jlong(NULL);
+    } else return ptr_to_jlong(cOid);
+  } else return ptr_to_jlong(GSS_C_NO_OID);
 }
 
 
@@ -244,7 +245,7 @@
 
   if (ftab->inquireNamesForMech != NULL) {
 
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech = (gss_OID)jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   nameTypes = GSS_C_NO_OID_SET;
 
   /* gss_inquire_names_for_mech(...) => N/A */
@@ -273,7 +274,7 @@
   OM_uint32 minor, major;
   gss_name_t nameHdl;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
 
   sprintf(debugBuf, "[GSSLibStub_releaseName] %ld", (long) pName);
   debug(env, debugBuf);
@@ -319,7 +320,7 @@
   resetGSSBuffer(env, jnameVal, &nameVal);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_importName]");
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 
@@ -339,8 +340,8 @@
   int isEqual;
 
   isEqual = 0;
-  nameHdl1 = (gss_name_t) pName1;
-  nameHdl2 = (gss_name_t) pName2;
+  nameHdl1 = (gss_name_t) jlong_to_ptr(pName1);
+  nameHdl2 = (gss_name_t) jlong_to_ptr(pName2);
 
   sprintf(debugBuf, "[GSSLibStub_compareName] %ld %ld", (long) pName1,
     (long) pName2);
@@ -370,12 +371,12 @@
   gss_name_t nameHdl, mnNameHdl;
   gss_OID mech;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_canonicalizeName] %ld", (long) pName);
   debug(env, debugBuf);
 
   if (nameHdl != GSS_C_NO_NAME) {
-    mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+    mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
     mnNameHdl = GSS_C_NO_NAME;
 
     /* gss_canonicalize_name(...) may return GSS_S_BAD_NAMETYPE,
@@ -391,7 +392,7 @@
     checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]");
   } else mnNameHdl = GSS_C_NO_NAME;
 
-  return (jlong) mnNameHdl;
+  return ptr_to_jlong(mnNameHdl);
 }
 
 /*
@@ -408,7 +409,7 @@
   gss_buffer_desc outBuf;
   jbyteArray jresult;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_exportName] %ld", (long) pName);
   debug(env, debugBuf);
 
@@ -420,16 +421,16 @@
   if (major == GSS_S_NAME_NOT_MN) {
     debug(env, "[GSSLibStub_exportName] canonicalize and re-try");
 
-    mNameHdl = (gss_name_t)
+    mNameHdl = (gss_name_t)jlong_to_ptr(
         Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName
-                                        (env, jobj, pName);
+                                        (env, jobj, pName));
     /* return immediately if an exception has occurred */
     if ((*env)->ExceptionCheck(env)) {
       return NULL;
     }
     major = (*ftab->exportName)(&minor, mNameHdl, &outBuf);
     Java_sun_security_jgss_wrapper_GSSLibStub_releaseName
-                                        (env, jobj, (jlong) mNameHdl);
+                                        (env, jobj, ptr_to_jlong(mNameHdl));
     /* return immediately if an exception has occurred */
     if ((*env)->ExceptionCheck(env)) {
       return NULL;
@@ -460,7 +461,7 @@
   jobject jtype;
   jobjectArray jresult;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_displayName] %ld", (long) pName);
   debug(env, debugBuf);
 
@@ -512,10 +513,10 @@
   debug(env, "[GSSLibStub_acquireCred]");
 
 
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   mechs = newGSSOIDSet(env, mech);
   credUsage = (gss_cred_usage_t) usage;
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   credHdl = GSS_C_NO_CREDENTIAL;
 
   sprintf(debugBuf, "[GSSLibStub_acquireCred] pName=%ld, usage=%d",
@@ -534,7 +535,7 @@
   debug(env, debugBuf);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_acquireCred]");
-  return (jlong) credHdl;
+  return ptr_to_jlong(credHdl);
 }
 
 /*
@@ -550,9 +551,9 @@
   OM_uint32 minor, major;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   if (credHdl != GSS_C_NO_CREDENTIAL) {
@@ -562,7 +563,7 @@
 
     checkStatus(env, jobj, major, minor, "[GSSLibStub_releaseCred]");
   }
-  return (jlong) credHdl;
+  return ptr_to_jlong(credHdl);
 }
 
 /*
@@ -570,7 +571,7 @@
  */
 void inquireCred(JNIEnv *env, jobject jobj, gss_cred_id_t pCred,
                  jint type, void *result) {
-  OM_uint32 minor, major;
+  OM_uint32 minor, major=GSS_C_QOP_DEFAULT;
   OM_uint32 routineErr;
   gss_cred_id_t credHdl;
 
@@ -617,9 +618,9 @@
   gss_name_t nameHdl;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   nameHdl = GSS_C_NO_NAME;
@@ -633,7 +634,7 @@
   sprintf(debugBuf, "[GSSLibStub_getCredName] pName=%ld", (long) nameHdl);
   debug(env, debugBuf);
 
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 /*
@@ -649,9 +650,9 @@
   gss_cred_id_t credHdl;
   OM_uint32 lifetime;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   lifetime = 0;
@@ -677,9 +678,9 @@
   gss_cred_usage_t usage;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   inquireCred(env, jobj, credHdl, TYPE_CRED_USAGE, &usage);
@@ -738,13 +739,13 @@
     return NULL;
   }
 
-  mech2 = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech2 = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
 
   if (sameMech(env, mech, mech2) == JNI_TRUE) {
     /* mech match - return the context object */
     return (*env)->NewObject(env, CLS_NativeGSSContext,
                                  MID_NativeGSSContext_ctor,
-                                 (jlong) contextHdl, jobj);
+                                 ptr_to_jlong(contextHdl), jobj);
   } else {
     /* mech mismatch - clean up then return null */
     major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
@@ -784,11 +785,11 @@
 */
   debug(env, "[GSSLibStub_initContext]");
 
-  credHdl = (gss_cred_id_t) pCred;
-  contextHdl = (gss_ctx_id_t)
-    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
-  targetName = (gss_name_t) pName;
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(
+    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+  targetName = (gss_name_t) jlong_to_ptr(pName);
+  mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   flags = (OM_uint32) (*env)->GetIntField(env, jcontextSpi,
                                           FID_NativeGSSContext_flags);
   time = getGSSTime((*env)->GetIntField(env, jcontextSpi,
@@ -821,7 +822,7 @@
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
     (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        (jlong) contextHdl);
+                        ptr_to_jlong(contextHdl));
     (*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
     sprintf(debugBuf, "[GSSLibStub_initContext] set flags=0x%x", aFlags);
     debug(env, debugBuf);
@@ -879,7 +880,7 @@
   OM_uint32 aFlags;
   OM_uint32 aTime;
   gss_cred_id_t delCred;
-  jobject jsrcName;
+  jobject jsrcName=GSS_C_NO_NAME;
   jobject jdelCred;
   jobject jMech;
   jbyteArray jresult;
@@ -889,9 +890,9 @@
 
   debug(env, "[GSSLibStub_acceptContext]");
 
-  contextHdl = (gss_ctx_id_t)
-    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
-  credHdl = (gss_cred_id_t) pCred;
+  contextHdl = (gss_ctx_id_t)jlong_to_ptr(
+    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
   initGSSBuffer(env, jinToken, &inToken);
   cb = getGSSCB(env, jcb);
   srcName = GSS_C_NO_NAME;
@@ -922,7 +923,7 @@
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
     (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        (jlong) contextHdl);
+                        ptr_to_jlong(contextHdl));
     sprintf(debugBuf, "[GSSLibStub_acceptContext] set pContext=%ld",
             (long)contextHdl);
     debug(env, debugBuf);
@@ -940,7 +941,7 @@
                               NULL, NULL);
       jtargetName = (*env)->NewObject(env, CLS_GSSNameElement,
                                 MID_GSSNameElement_ctor,
-                                (jlong) targetName, jobj);
+                                ptr_to_jlong(targetName), jobj);
 
       /* return immediately if an exception has occurred */
       if ((*env)->ExceptionCheck(env)) {
@@ -955,7 +956,7 @@
     if (srcName != GSS_C_NO_NAME) {
       jsrcName = (*env)->NewObject(env, CLS_GSSNameElement,
                                    MID_GSSNameElement_ctor,
-                                   (jlong) srcName, jobj);
+                                   ptr_to_jlong(srcName), jobj);
       /* return immediately if an exception has occurred */
       if ((*env)->ExceptionCheck(env)) {
         return NULL;
@@ -981,7 +982,7 @@
       if (delCred != GSS_C_NO_CREDENTIAL) {
         jdelCred = (*env)->NewObject(env, CLS_GSSCredElement,
                                      MID_GSSCredElement_ctor,
-                                     (jlong) delCred, jsrcName, jMech);
+                                     ptr_to_jlong(delCred), jsrcName, jMech);
         /* return immediately if an exception has occurred */
         if ((*env)->ExceptionCheck(env)) {
           return NULL;
@@ -1031,7 +1032,7 @@
   jlong result[6];
   jlongArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
   sprintf(debugBuf, "[GSSLibStub_inquireContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
@@ -1051,8 +1052,8 @@
                                                 (long)targetName);
   debug(env, debugBuf);
 
-  result[0] = (jlong) srcName;
-  result[1] = (jlong) targetName;
+  result[0] = ptr_to_jlong(srcName);
+  result[1] = ptr_to_jlong(targetName);
   result[2] = (jlong) isInitiator;
   result[3] = (jlong) isEstablished;
   result[4] = (jlong) flags;
@@ -1081,9 +1082,9 @@
   gss_OID mech;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
-  sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", pContext);
+  sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", (long int)pContext);
   debug(env, debugBuf);
 
   major = (*ftab->inquireContext)(&minor, contextHdl, NULL, NULL,
@@ -1111,7 +1112,7 @@
   gss_name_t nameHdl;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
   sprintf(debugBuf, "[GSSLibStub_getContextName] %ld, isSrc=%d",
           (long)contextHdl, isSrc);
@@ -1129,13 +1130,13 @@
   checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContextAll]");
   /* return immediately if an exception has occurred */
   if ((*env)->ExceptionCheck(env)) {
-    return (long)NULL;
+    return ptr_to_jlong(NULL);
   }
 
   sprintf(debugBuf, "[GSSLibStub_getContextName] pName=%ld", (long) nameHdl);
   debug(env, debugBuf);
 
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 /*
@@ -1151,7 +1152,7 @@
   gss_ctx_id_t contextHdl;
   OM_uint32 time;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_getContextTime] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1180,17 +1181,17 @@
   OM_uint32 minor, major;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_deleteContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
-  if (contextHdl == GSS_C_NO_CONTEXT) return GSS_C_NO_CONTEXT;
+  if (contextHdl == GSS_C_NO_CONTEXT) return ptr_to_jlong(GSS_C_NO_CONTEXT);
 
   /* gss_delete_sec_context(...) => GSS_S_NO_CONTEXT(!) */
   major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_deleteContext]");
-  return (jlong) contextHdl;
+  return (jlong) ptr_to_jlong(contextHdl);
 }
 
 /*
@@ -1211,7 +1212,7 @@
   OM_uint32 outSize, maxInSize;
   gss_qop_t qop;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_wrapSizeLimit] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1244,7 +1245,7 @@
   gss_buffer_desc interProcToken;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_exportContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1281,7 +1282,7 @@
   gss_buffer_desc msgToken;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_getMic] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1290,7 +1291,7 @@
     checkStatus(env, jobj, GSS_S_CONTEXT_EXPIRED, 0, "[GSSLibStub_getMic]");
     return NULL;
   }
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   qop = (gss_qop_t) jqop;
   initGSSBuffer(env, jmsg, &msg);
 
@@ -1326,7 +1327,7 @@
   gss_buffer_desc msgToken;
   gss_qop_t qop;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_verifyMic] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1376,7 +1377,7 @@
   gss_ctx_id_t contextHdl;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_wrap] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1427,7 +1428,7 @@
   gss_qop_t qop;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_unwrap] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
--- a/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Fri Nov 09 14:46:34 2012 -0800
@@ -25,6 +25,7 @@
 
 #include "NativeUtil.h"
 #include "NativeFunc.h"
+#include "jlong.h"
 
 const int JAVA_DUPLICATE_TOKEN_CODE = 19; /* DUPLICATE_TOKEN */
 const int JAVA_OLD_TOKEN_CODE = 20; /* OLD_TOKEN */
@@ -412,7 +413,7 @@
   OM_uint32 result;
 
   /* special handle values equal to JAVA_MAX */
-  if (jtime == JAVA_MAX) {
+  if (jtime == (jint)JAVA_MAX) {
     result = GSS_C_INDEFINITE;
   } else {
     result = jtime;
@@ -482,7 +483,7 @@
 
   messageContext = 0;
   if (jstub != NULL) {
-    mech = (gss_OID) (*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech);
+    mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech));
   } else {
     mech = GSS_C_NO_OID;
   }
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c	Fri Nov 09 14:46:34 2012 -0800
@@ -422,6 +422,7 @@
     jfieldID jFieldID;
     jlong jType;
     jobject jPValue;
+    memset(&ckAttribute, 0, sizeof(CK_ATTRIBUTE));
 
     // TBD: what if jAttribute == NULL?!
 
@@ -1577,6 +1578,7 @@
     CK_RSA_PKCS_PSS_PARAMS ckParam;
     jfieldID fieldID;
     jlong jHashAlg, jMgf, jSLen;
+    memset(&ckParam, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
 
     /* get hashAlg */
     jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS);
@@ -1617,6 +1619,7 @@
     jfieldID fieldID;
     jlong jLong;
     jobject jSharedData, jPublicData;
+    memset(&ckParam, 0, sizeof(CK_ECDH1_DERIVE_PARAMS));
 
     /* get kdf */
     jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS);
@@ -1663,6 +1666,7 @@
     jfieldID fieldID;
     jlong jKdf, jPrivateDataLen, jPrivateData;
     jobject jSharedData, jPublicData, jPublicData2;
+    memset(&ckParam, 0, sizeof(CK_ECDH2_DERIVE_PARAMS));
 
     /* get kdf */
     jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS);
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c	Fri Nov 09 14:46:34 2012 -0800
@@ -180,14 +180,14 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-      inBufP = (CK_BYTE_PTR) directIn;
+      inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
     } else {
       inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
       if (inBufP == NULL) { return 0; }
     }
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) {
@@ -249,7 +249,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) { return 0; }
@@ -401,14 +401,14 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-      inBufP = (CK_BYTE_PTR) directIn;
+      inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
     } else {
       inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
       if (inBufP == NULL) { return 0; }
     }
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) {
@@ -465,7 +465,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) { return 0; }
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c	Fri Nov 09 14:46:34 2012 -0800
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include "jlong.h"
 
 #include "sun_security_pkcs11_wrapper_PKCS11.h"
 
@@ -178,7 +179,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_general.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_general.c	Fri Nov 09 14:46:34 2012 -0800
@@ -253,10 +253,12 @@
 (JNIEnv *env, jobject obj)
 {
     CK_INFO ckLibInfo;
-    jobject jInfoObject;
+    jobject jInfoObject=NULL;
     CK_RV rv;
+    CK_FUNCTION_LIST_PTR ckpFunctions;
+    memset(&ckLibInfo, 0, sizeof(CK_INFO));
 
-    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
+    ckpFunctions = getFunctionList(env, obj);
     if (ckpFunctions == NULL) { return NULL; }
 
     rv = (*ckpFunctions->C_GetInfo)(&ckLibInfo);
@@ -384,7 +386,7 @@
 {
     CK_SLOT_ID ckSlotID;
     CK_SLOT_INFO ckSlotInfo;
-    jobject jSlotInfoObject;
+    jobject jSlotInfoObject=NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
@@ -396,7 +398,7 @@
     if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
         jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo);
     }
-    return jSlotInfoObject ;
+    return jSlotInfoObject;
 }
 
 /*
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c	Fri Nov 09 14:46:34 2012 -0800
@@ -256,7 +256,7 @@
 {
     CK_SESSION_HANDLE ckSessionHandle;
     CK_SESSION_INFO ckSessionInfo;
-    jobject jSessionInfo;
+    jobject jSessionInfo=NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c	Fri Nov 09 14:46:34 2012 -0800
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include "jlong.h"
 
 #include "sun_security_pkcs11_wrapper_PKCS11.h"
 
@@ -198,7 +199,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR) jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
@@ -262,7 +263,7 @@
 
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
-    if ((jExpectedLength > 0) && (jExpectedLength < ckSignatureLength)) {
+    if ((jExpectedLength > 0) && ((CK_ULONG)jExpectedLength < ckSignatureLength)) {
         ckSignatureLength = jExpectedLength;
     }
 
@@ -496,7 +497,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_util.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_util.c	Fri Nov 09 14:46:34 2012 -0800
@@ -106,7 +106,7 @@
     if (moduleData == NULL) {
         return ;
     }
-    (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, (jlong)moduleData);
+    (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, ptr_to_jlong(moduleData));
 }
 
 
@@ -120,7 +120,7 @@
         return NULL;
     }
     jData = (*env)->GetLongField(env, pkcs11Implementation, pNativeDataID);
-    return (ModuleData*)jData;
+    return (ModuleData*)jlong_to_ptr(jData);
 }
 
 CK_FUNCTION_LIST_PTR getFunctionList(JNIEnv *env, jobject pkcs11Implementation) {
--- a/src/solaris/native/sun/security/pkcs11/j2secmod_md.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/solaris/native/sun/security/pkcs11/j2secmod_md.c	Fri Nov 09 14:46:34 2012 -0800
@@ -34,7 +34,7 @@
 #include "j2secmod.h"
 
 void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) {
-    void *hModule = (void*)jHandle;
+    void *hModule = (void*)jlong_to_ptr(jHandle);
     void *fAddress = dlsym(hModule, functionName);
     if (fAddress == NULL) {
         char errorMessage[256];
@@ -53,7 +53,7 @@
     void *hModule = dlopen(libName, RTLD_NOLOAD);
     dprintf2("-handle for %s: %u\n", libName, hModule);
     (*env)->ReleaseStringUTFChars(env, jLibName, libName);
-    return (jlong)hModule;
+    return ptr_to_jlong(hModule);
 }
 
 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary
@@ -72,5 +72,5 @@
         return 0;
     }
 
-    return (jlong)hModule;
+    return ptr_to_jlong(hModule);
 }
--- a/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c	Fri Nov 09 14:46:34 2012 -0800
@@ -79,7 +79,7 @@
 {
     void *hModule;
     char *error;
-    CK_C_GetFunctionList C_GetFunctionList;
+    CK_C_GetFunctionList C_GetFunctionList=NULL;
     CK_RV rv;
     ModuleData *moduleData;
     jobject globalPKCS11ImplementationReference;
--- a/test/ProblemList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/ProblemList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -137,11 +137,6 @@
 # 7196801
 java/lang/management/MemoryMXBean/LowMemoryTest2.sh		generic-all
 
-# Exclude until hotspot/jdk repos are sync'd w.r.t. JAVA_MAX_SUPPORTED_VERSION
-# Needed when hotspot fix 7054345 is present.  Remove when the JDK source is 
-# updated accordingly.
-java/lang/System/Versions.java   generic-all
-
 ############################################################################
 
 # jdk_management
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6209660
+ * @bug 6209660 6383200
  * @summary Ensure that InvalidAlgorithmParameterException is
  * thrown as javadoc specified when parameters of the wrong
  * type are used.
@@ -38,9 +38,21 @@
 
     private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
     private static final String[] PBE_ALGOS = {
-        "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+        "PBEWithMD5AndDES",
+        "PBEWithSHA1AndDESede",
+        "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         // skip "PBEWithMD5AndTripleDES" since it requires Unlimited
         // version of JCE jurisdiction policy files.
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+        // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+        // version of JCE jurisdiction policy files.
     };
 
     private static final IvParameterSpec INVALID_PARAMS =
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6341599
+ * @bug 6341599 6383200
  * @summary JCE Reference Guide has recommendations, not requirements,
  * for algorithm names
  * @author Brad R. Wetmore
@@ -38,8 +38,15 @@
         "PBEWithMD5AndDES",
         "PBEWithSHA1AndDESede",
         "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithMD5AndTripleDES",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         "PBKDF2WithHmacSHA1",
-        "PBEWithMD5AndTripleDES"
+        "PBKDF2WithHmacSHA224",
+        "PBKDF2WithHmacSHA256",
+        "PBKDF2WithHmacSHA384",
+        "PBKDF2WithHmacSHA512"
     };
 
     public static void main(String[] argv) throws Exception {
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4944783
+ * @bug 4944783 6383200
  * @summary ensure that the AlgorithmParameters object returned by
  * PBE ciphers have the matching algorithm name.
  * @author Valerie Peng
@@ -37,9 +37,21 @@
 
     private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
     private static final String[] PBE_ALGOS = {
-        "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+        "PBEWithMD5AndDES",
+        "PBEWithSHA1AndDESede",
+        "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         // skip "PBEWithMD5AndTripleDES" since it requires Unlimited
         // version of JCE jurisdiction policy files.
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+        // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+        // version of JCE jurisdiction policy files.
     };
     public static void main(String[] args) throws Exception {
         PBEKeySpec ks = new PBEKeySpec(PASSWORD);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6383200
+ * @summary PBE: need new algorithm support in password based encryption
+ */
+import java.security.*;
+import java.util.Arrays;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class PBES2Test {
+
+    private static final String[] algos = {
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+    };
+    private static final byte[] ivBytes = {
+        0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
+        0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+    };
+
+    public static final void main(String[] args) throws Exception {
+        for (String algo : algos) {
+            test(algo, true);  // salt, ic, IV supplied by the application
+            test(algo, false); // salt, ic, IV generated by the implementation
+        }
+    }
+
+    private static final void test(String algo, boolean suppliedParams)
+        throws Exception {
+
+        System.out.println("***********************************************");
+        System.out.println(algo +
+            (suppliedParams ? "  [algorithm parameters are supplied]\n"
+                            : "  [algorithm parameters are generated]\n"));
+        int iterationCount = 1000;
+        byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
+
+        // Create PBE key
+        PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray());
+        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algo);
+        SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
+        byte[] pbeKeyBytes = pbeKey.getEncoded();
+        System.out.println("   key[" + pbeKeyBytes.length + "]: " +
+            String.format("0x%0" + (pbeKeyBytes.length * 2) + "x",
+                new java.math.BigInteger(1, pbeKeyBytes)));
+
+        // Create PBE cipher
+        System.out.println("Encrypting...");
+        Cipher pbeCipher = Cipher.getInstance(algo);
+        if (suppliedParams) {
+            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey,
+                new PBEParameterSpec(salt, iterationCount,
+                    new IvParameterSpec(ivBytes)));
+        } else {
+            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey);
+        }
+
+        // Encrypt
+        byte[] cleartext = "This is just an example".getBytes();
+        System.out.println("  text[" + cleartext.length + "]: " +
+            String.format("0x%0" + (cleartext.length * 2) + "x",
+                new java.math.BigInteger(1, cleartext)));
+
+        byte[] ciphertext = pbeCipher.doFinal(cleartext);
+        System.out.println("c'text[" + ciphertext.length + "]: " +
+            String.format("0x%0" + (ciphertext.length * 2) + "x",
+                new java.math.BigInteger(1, ciphertext)));
+
+        AlgorithmParameters aps = pbeCipher.getParameters();
+
+        byte[] iv;
+        if (suppliedParams) {
+            iv = ivBytes;
+        } else {
+            PBEParameterSpec pbeSpec =
+                aps.getParameterSpec(PBEParameterSpec.class);
+            salt = pbeSpec.getSalt();
+            iterationCount = pbeSpec.getIterationCount();
+            IvParameterSpec ivSpec =
+                (IvParameterSpec) pbeSpec.getParameterSpec();
+            iv = ivSpec.getIV();
+        }
+        System.out.println("  salt[" + salt.length + "]: " +
+            String.format("0x%0" + (salt.length * 2) + "x",
+                new java.math.BigInteger(1, salt)));
+        System.out.println("iterationCount=" + iterationCount);
+        System.out.println("    iv[" + iv.length + "]: " +
+            String.format("0x%0" + (iv.length * 2) + "x",
+                new java.math.BigInteger(1, iv)));
+
+        // Decrypt
+        System.out.println("Decrypting...");
+        Cipher pbeCipher2 = Cipher.getInstance(algo);
+        pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps);
+        byte[] cleartext2 = pbeCipher2.doFinal(ciphertext);
+        System.out.println("  text[" + cleartext2.length + "]: " +
+            String.format("0x%0" + (cleartext2.length * 2) + "x",
+                new java.math.BigInteger(1, cleartext2)));
+
+        if (Arrays.equals(cleartext, cleartext2)) {
+            System.out.println(
+                "\nPass: decrypted ciphertext matches the original text\n");
+        } else {
+            throw new Exception(
+                "Fail: decrypted ciphertext does NOT match the original text");
+        }
+    }
+}
--- a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
 
 /**
  * @test
- * @bug 4893959
- * @summary basic test for PBEWithSHA1AndDESede and
- * PBEWithSHA1AndRC2_40
+ * @bug 4893959 6383200
+ * @summary basic test for PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ *          and PBEWithSHA1AndRC4_40/128
  * @author Valerie Peng
  */
 
@@ -87,6 +87,9 @@
         System.out.println("Testing provider " + p.getName() + "...");
         runTest("PBEWithSHA1AndDESede", input, PASSWD, p);
         runTest("PBEWithSHA1AndRC2_40", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC2_128", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC4_40", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC4_128", input, PASSWD, p);
         System.out.println("All tests passed");
         long stop = System.currentTimeMillis();
         System.out.println("Done (" + (stop - start) + " ms).");
--- a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
 
 /**
  * @test
- * @bug 4898810
- * @summary ensure PBEWithSHA1AndDESede and PBEWithSHA1AndRC2_40
- * is registered under correct OID.
+ * @bug 4898810 6383200
+ * @summary ensure PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ *          and PBEWithSHA1AndRC4_40/128 are registered under correct OID.
  * @author Valerie Peng
  */
 
@@ -37,12 +37,20 @@
 import javax.crypto.interfaces.PBEKey;
 
 public class PKCS12Oid {
-    private static String OID_PBEWithSHAAnd40BitRC2CBC = "1.2.840.113549.1.12.1.6";
-    private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = "1.2.840.113549.1.12.1.3";
+    private static String OID_PKCS12 = "1.2.840.113549.1.12.1.";
+    private static String OID_PBEWithSHAAnd128BitRC4 = OID_PKCS12 + "1";
+    private static String OID_PBEWithSHAAnd40BitRC4 = OID_PKCS12 + "2";
+    private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = OID_PKCS12 + "3";
+    private static String OID_PBEWithSHAAnd128BitRC2CBC = OID_PKCS12 + "5";
+    private static String OID_PBEWithSHAAnd40BitRC2CBC = OID_PKCS12 + "6";
 
     public static void main(String[] argv) throws Exception {
         Cipher c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC2CBC, "SunJCE");
         c = Cipher.getInstance(OID_PBEWithSHAAnd3KeyTripleDESCBC, "SunJCE");
+
+        c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC4, "SunJCE");
+        c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC4, "SunJCE");
+        c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC2CBC, "SunJCE");
         System.out.println("All tests passed");
     }
 }
--- a/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,34 +36,45 @@
 import javax.crypto.spec.*;
 
 public class HmacPBESHA1 {
-    private static final String MAC_ALGO = "HmacPBESHA1";
+    private static final String[] MAC_ALGOS = {
+        "HmacPBESHA1",
+        "PBEWithHmacSHA1",
+        "PBEWithHmacSHA224",
+        "PBEWithHmacSHA256",
+        "PBEWithHmacSHA384",
+        "PBEWithHmacSHA512"
+    };
+    private static final int[] MAC_LENGTHS = { 20, 20, 28, 32, 48, 64 };
     private static final String KEY_ALGO = "PBE";
     private static final String PROVIDER = "SunJCE";
 
-    private SecretKey key = null;
+    private static SecretKey key = null;
 
     public static void main(String argv[]) throws Exception {
-        HmacPBESHA1 test = new HmacPBESHA1();
-        test.run();
-        System.out.println("Test Passed");
+        for (int i = 0; i < MAC_ALGOS.length; i++) {
+            runtest(MAC_ALGOS[i], MAC_LENGTHS[i]);
+        }
+        System.out.println("\nTest Passed");
     }
 
-    public void run() throws Exception {
+    private static void runtest(String algo, int length) throws Exception {
+        System.out.println("Testing: " + algo);
         if (key == null) {
             char[] password = { 't', 'e', 's', 't' };
             PBEKeySpec keySpec = new PBEKeySpec(password);
-            SecretKeyFactory kf = SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
+            SecretKeyFactory kf =
+                SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
             key = kf.generateSecret(keySpec);
         }
-        Mac mac = Mac.getInstance(MAC_ALGO, PROVIDER);
+        Mac mac = Mac.getInstance(algo, PROVIDER);
         byte[] plainText = new byte[30];
 
         mac.init(key);
         mac.update(plainText);
         byte[] value1 = mac.doFinal();
-        if (value1.length != 20) {
-            throw new Exception("incorrect MAC output length, " +
-                                "expected 20, got " + value1.length);
+        if (value1.length != length) {
+            throw new Exception("incorrect MAC output length, expected " +
+                length + ", got " + value1.length);
         }
         mac.update(plainText);
         byte[] value2 = mac.doFinal();
--- a/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,15 @@
 
 public class HmacSaltLengths {
 
+    private static final String[] ALGOS = {
+        "HmacPBESHA1",
+        "PBEWithHmacSHA1",
+        "PBEWithHmacSHA224",
+        "PBEWithHmacSHA256",
+        "PBEWithHmacSHA384",
+        "PBEWithHmacSHA512"
+    };
+
     private static void runTest(String alg, byte[] plaintext,
                                 char[] password, Provider p)
         throws Exception {
@@ -81,7 +90,9 @@
         long start = System.currentTimeMillis();
         Provider p = Security.getProvider("SunJCE");
         System.out.println("Testing provider " + p.getName() + "...");
-        runTest("HmacPBESHA1", input, PASSWD, p);
+        for (String algo : ALGOS) {
+            runTest(algo, input, PASSWD, p);
+        }
         System.out.println("All tests passed");
         long stop = System.currentTimeMillis();
         System.out.println("Done (" + (stop - start) + " ms).");
--- a/test/java/lang/Character/CheckProp.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/Character/CheckProp.java	Fri Nov 09 14:46:34 2012 -0800
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 7037261 7070436
+ * @bug 7037261 7070436 7198195
  * @summary  Check j.l.Character.isLowerCase/isUppercase/isAlphabetic/isIdeographic
  */
 
--- a/test/java/lang/Character/CheckScript.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/Character/CheckScript.java	Fri Nov 09 14:46:34 2012 -0800
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 6945564 6959267 7033561 7070436
+ * @bug 6945564 6959267 7033561 7070436 7198195
  * @summary  Check that the j.l.Character.UnicodeScript
  */
 
--- a/test/java/lang/Character/PropList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/Character/PropList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
--- a/test/java/lang/Character/PropertyValueAliases.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/Character/PropertyValueAliases.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropertyValueAliases-6.1.0.txt
-# Date: 2011-12-07, 23:40:57 GMT [MD]
+# PropertyValueAliases-6.2.0.txt
+# Date: 2012-08-14, 16:05:11 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 #
@@ -73,6 +73,7 @@
 age; 5.2                              ; V5_2
 age; 6.0                              ; V6_0
 age; 6.1                              ; V6_1
+age; 6.2                              ; V6_2
 age; NA                               ; Unassigned
 
 # Alphabetic (Alpha)
@@ -382,7 +383,8 @@
 ccc; 122; CCC122                     ; CCC122
 ccc; 129; CCC129                     ; CCC129
 ccc; 130; CCC130                     ; CCC130
-ccc; 132; CCC133                     ; CCC133
+ccc; 132; CCC132                     ; CCC132
+ccc; 133; CCC133                     ; CCC133 # RESERVED
 ccc; 200; ATBL                       ; Attached_Below_Left
 ccc; 202; ATB                        ; Attached_Below
 ccc; 214; ATA                        ; Attached_Above
@@ -592,6 +594,7 @@
 GCB; LV                               ; LV
 GCB; LVT                              ; LVT
 GCB; PP                               ; Prepend
+GCB; RI                               ; Regional_Indicator
 GCB; SM                               ; SpacingMark
 GCB; T                                ; T
 GCB; V                                ; V
@@ -862,6 +865,7 @@
 lb ; PO                               ; Postfix_Numeric
 lb ; PR                               ; Prefix_Numeric
 lb ; QU                               ; Quotation
+lb ; RI                               ; Regional_Indicator
 lb ; SA                               ; Complex_Context
 lb ; SG                               ; Surrogate
 lb ; SP                               ; Space
@@ -880,10 +884,6 @@
 Lower; N                              ; No                               ; F                                ; False
 Lower; Y                              ; Yes                              ; T                                ; True
 
-# Lowercase_Mapping (lc)
-
-# @missing: 0000..10FFFF; Lowercase_Mapping; <code point>
-
 # Math (Math)
 
 Math; N                               ; No                               ; F                                ; False
@@ -1159,10 +1159,6 @@
 Term; N                               ; No                               ; F                                ; False
 Term; Y                               ; Yes                              ; T                                ; True
 
-# Titlecase_Mapping (tc)
-
-# @missing: 0000..10FFFF; Titlecase_Mapping; <code point>
-
 # Unicode_1_Name (na1)
 
 # @missing: 0000..10FFFF; Unicode_1_Name; <none>
@@ -1177,10 +1173,6 @@
 Upper; N                              ; No                               ; F                                ; False
 Upper; Y                              ; Yes                              ; T                                ; True
 
-# Uppercase_Mapping (uc)
-
-# @missing: 0000..10FFFF; Uppercase_Mapping; <code point>
-
 # Variation_Selector (VS)
 
 VS ; N                                ; No                               ; F                                ; False
@@ -1205,6 +1197,7 @@
 WB ; MN                               ; MidNum
 WB ; NL                               ; Newline
 WB ; NU                               ; Numeric
+WB ; RI                               ; Regional_Indicator
 WB ; XX                               ; Other
 
 # XID_Continue (XIDC)
--- a/test/java/lang/Character/Scripts.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/Character/Scripts.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
@@ -146,7 +146,7 @@
 208A..208C    ; Common # Sm   [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
 208D          ; Common # Ps       SUBSCRIPT LEFT PARENTHESIS
 208E          ; Common # Pe       SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9    ; Common # Sc  [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA    ; Common # Sc  [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
 2100..2101    ; Common # So   [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
 2102          ; Common # L&       DOUBLE-STRUCK CAPITAL C
 2103..2106    ; Common # So   [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
 E0001         ; Common # Cf       LANGUAGE TAG
 E0020..E007F  ; Common # Cf  [96] TAG SPACE..CANCEL TAG
 
-# Total code points: 6412
+# Total code points: 6413
 
 # ================================================
 
@@ -760,7 +760,7 @@
 061E          ; Arabic # Po       ARABIC TRIPLE DOT PUNCTUATION MARK
 0620..063F    ; Arabic # Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
 0641..064A    ; Arabic # Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E    ; Arabic # Mn   [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F    ; Arabic # Mn  [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
 066A..066D    ; Arabic # Po   [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
 066E..066F    ; Arabic # Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
 0671..06D3    ; Arabic # Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
 1EEAB..1EEBB  ; Arabic # Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
 1EEF0..1EEF1  ; Arabic # Sm   [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
 
-# Total code points: 1234
+# Total code points: 1235
 
 # ================================================
 
@@ -1477,7 +1477,6 @@
 0300..036F    ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
 0485..0486    ; Inherited # Mn   [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
 064B..0655    ; Inherited # Mn  [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F          ; Inherited # Mn       ARABIC WAVY HAMZA BELOW
 0670          ; Inherited # Mn       ARABIC LETTER SUPERSCRIPT ALEF
 0951..0952    ; Inherited # Mn   [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
 1CD0..1CD2    ; Inherited # Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
 1D1AA..1D1AD  ; Inherited # Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
 E0100..E01EF  ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
 
-# Total code points: 524
+# Total code points: 523
 
 # ================================================
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/lang/Math/DivModTests.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+
+/**
+ * @test Test Math and StrictMath Floor Div / Modulo operations.
+ * @bug 6282196
+ * @summary Basic tests for Floor division and modulo methods for both Math
+ * and StrictMath for int and long datatypes.
+ */
+public class DivModTests {
+
+    /**
+     * The count of test errors.
+     */
+    private static int errors = 0;
+
+    /**
+     * @param args the command line arguments are unused
+     */
+    public static void main(String[] args) {
+        errors = 0;
+        testIntFloorDivMod();
+        testLongFloorDivMod();
+
+        if (errors > 0) {
+            throw new RuntimeException(errors + " errors found in DivMod methods.");
+        }
+    }
+
+    /**
+     * Report a test failure and increment the error count.
+     * @param message the formatting string
+     * @param args the variable number of arguments for the message.
+     */
+    static void fail(String message, Object... args) {
+        errors++;
+        System.out.printf(message, args);
+    }
+
+    /**
+     * Test the integer floorDiv and floorMod methods.
+     * Math and StrictMath tested and the same results are expected for both.
+     */
+    static void testIntFloorDivMod() {
+        testIntFloorDivMod(4, 0, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+        testIntFloorDivMod(4, 3, 1, 1);
+        testIntFloorDivMod(3, 3, 1, 0);
+        testIntFloorDivMod(2, 3, 0, 2);
+        testIntFloorDivMod(1, 3, 0, 1);
+        testIntFloorDivMod(0, 3, 0, 0);
+        testIntFloorDivMod(4, -3, -2, -2);
+        testIntFloorDivMod(3, -3, -1, 0);
+        testIntFloorDivMod(2, -3, -1, -1);
+        testIntFloorDivMod(1, -3, -1, -2);
+        testIntFloorDivMod(0, -3, 0, 0);
+        testIntFloorDivMod(-1, 3, -1, 2);
+        testIntFloorDivMod(-2, 3, -1, 1);
+        testIntFloorDivMod(-3, 3, -1, 0);
+        testIntFloorDivMod(-4, 3, -2, 2);
+        testIntFloorDivMod(-1, -3, 0, -1);
+        testIntFloorDivMod(-2, -3, 0, -2);
+        testIntFloorDivMod(-3, -3, 1, 0);
+        testIntFloorDivMod(-4, -3, 1, -1);
+        testIntFloorDivMod(Integer.MAX_VALUE, 1, Integer.MAX_VALUE, 0);
+        testIntFloorDivMod(Integer.MAX_VALUE, -1, -Integer.MAX_VALUE, 0);
+        testIntFloorDivMod(Integer.MAX_VALUE, 3, 715827882, 1);
+        testIntFloorDivMod(Integer.MAX_VALUE - 1, 3, 715827882, 0);
+        testIntFloorDivMod(Integer.MIN_VALUE, 3, -715827883, 1);
+        testIntFloorDivMod(Integer.MIN_VALUE + 1, 3, -715827883, 2);
+        testIntFloorDivMod(Integer.MIN_VALUE + 1, -1, Integer.MAX_VALUE, 0);
+        // Special case of integer overflow
+        testIntFloorDivMod(Integer.MIN_VALUE, -1, Integer.MIN_VALUE, 0);
+    }
+
+    /**
+     * Test FloorDiv and then FloorMod with int data.
+     */
+    static void testIntFloorDivMod(int x, int y, Object divExpected, Object modExpected) {
+        testIntFloorDiv(x, y, divExpected);
+        testIntFloorMod(x, y, modExpected);
+    }
+
+    /**
+     * Test FloorDiv with int data.
+     */
+    static void testIntFloorDiv(int x, int y, Object expected) {
+        Object result = doFloorDiv(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorDiv(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+    }
+
+    /**
+     * Test FloorMod with int data.
+     */
+    static void testIntFloorMod(int x, int y, Object expected) {
+        Object result = doFloorMod(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorMod(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+
+        try {
+            // Verify result against double precision floor function
+            int tmp = x / y;     // Force ArithmeticException for divide by zero
+            double ff = x - Math.floor((double)x / (double)y) * y;
+            int fr = (int)ff;
+            if (fr != result) {
+                fail("FAIL: Math.floorMod(%d, %d) = %s differs from Math.floor(x, y): %d%n", x, y, result, fr);
+            }
+        } catch (ArithmeticException ae) {
+            if (y != 0) {
+                fail("FAIL: Math.floorMod(%d, %d); unexpected %s%n", x, y, ae);
+            }
+        }
+    }
+
+    /**
+     * Test the floorDiv and floorMod methods for primitive long.
+     */
+    static void testLongFloorDivMod() {
+        testLongFloorDivMod(4L, 0L, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+        testLongFloorDivMod(4L, 3L, 1L, 1L);
+        testLongFloorDivMod(3L, 3L, 1L, 0L);
+        testLongFloorDivMod(2L, 3L, 0L, 2L);
+        testLongFloorDivMod(1L, 3L, 0L, 1L);
+        testLongFloorDivMod(0L, 3L, 0L, 0L);
+        testLongFloorDivMod(4L, -3L, -2L, -2L);
+        testLongFloorDivMod(3L, -3L, -1L, 0l);
+        testLongFloorDivMod(2L, -3L, -1L, -1L);
+        testLongFloorDivMod(1L, -3L, -1L, -2L);
+        testLongFloorDivMod(0L, -3L, 0L, 0L);
+        testLongFloorDivMod(-1L, 3L, -1L, 2L);
+        testLongFloorDivMod(-2L, 3L, -1L, 1L);
+        testLongFloorDivMod(-3L, 3L, -1L, 0L);
+        testLongFloorDivMod(-4L, 3L, -2L, 2L);
+        testLongFloorDivMod(-1L, -3L, 0L, -1L);
+        testLongFloorDivMod(-2L, -3L, 0L, -2L);
+        testLongFloorDivMod(-3L, -3L, 1L, 0L);
+        testLongFloorDivMod(-4L, -3L, 1L, -1L);
+
+        testLongFloorDivMod(Long.MAX_VALUE, 1, Long.MAX_VALUE, 0L);
+        testLongFloorDivMod(Long.MAX_VALUE, -1, -Long.MAX_VALUE, 0L);
+        testLongFloorDivMod(Long.MAX_VALUE, 3L, Long.MAX_VALUE / 3L, 1L);
+        testLongFloorDivMod(Long.MAX_VALUE - 1L, 3L, (Long.MAX_VALUE - 1L) / 3L, 0L);
+        testLongFloorDivMod(Long.MIN_VALUE, 3L, Long.MIN_VALUE / 3L - 1L, 1L);
+        testLongFloorDivMod(Long.MIN_VALUE + 1L, 3L, Long.MIN_VALUE / 3L - 1L, 2L);
+        testLongFloorDivMod(Long.MIN_VALUE + 1, -1, Long.MAX_VALUE, 0L);
+        // Special case of integer overflow
+        testLongFloorDivMod(Long.MIN_VALUE, -1, Long.MIN_VALUE, 0L);
+    }
+
+    /**
+     * Test the integer floorDiv and floorMod methods.
+     * Math and StrictMath are tested and the same results are expected for both.
+     */
+    static void testLongFloorDivMod(long x, long y, Object divExpected, Object modExpected) {
+        testLongFloorDiv(x, y, divExpected);
+        testLongFloorMod(x, y, modExpected);
+    }
+
+    /**
+     * Test FloorDiv with long arguments against expected value.
+     * The expected value is usually a Long but in some cases  is
+     * an ArithmeticException.
+     *
+     * @param x dividend
+     * @param y modulus
+     * @param expected expected value,
+     */
+    static void testLongFloorDiv(long x, long y, Object expected) {
+        Object result = doFloorDiv(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: long Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorDiv(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: long StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+    }
+
+    /**
+     * Test FloorMod of long arguments against expected value.
+     * The expected value is usually a Long but in some cases  is
+     * an ArithmeticException.
+     *
+     * @param x dividend
+     * @param y modulus
+     * @param expected expected value
+     */
+    static void testLongFloorMod(long x, long y, Object expected) {
+        Object result = doFloorMod(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: long Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorMod(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: long StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+
+        try {
+            // Verify the result against BigDecimal rounding mode.
+            BigDecimal xD = new BigDecimal(x);
+            BigDecimal yD = new BigDecimal(y);
+            BigDecimal resultD = xD.divide(yD, RoundingMode.FLOOR);
+            resultD = resultD.multiply(yD);
+            resultD = xD.subtract(resultD);
+            long fr = resultD.longValue();
+            if (fr != result) {
+                fail("FAIL: Long.floorMod(%d, %d) = %d is different than BigDecimal result: %d%n",x, y, result, fr);
+
+            }
+        } catch (ArithmeticException ae) {
+            if (y != 0) {
+                fail("FAIL: long Math.floorMod(%d, %d); unexpected ArithmeticException from bigdecimal");
+            }
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorDiv(int x, int y) {
+        try {
+            return Math.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorDiv(long x, long y) {
+        try {
+            return Math.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorMod(int x, int y) {
+        try {
+            return Math.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorMod(long x, long y) {
+        try {
+            return Math.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorDiv(int x, int y) {
+        try {
+            return StrictMath.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorDiv(long x, long y) {
+        try {
+            return StrictMath.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorMod(int x, int y) {
+        try {
+            return StrictMath.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorMod(long x, long y) {
+        try {
+            return StrictMath.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Returns a boolean by comparing the result and the expected value.
+     * The equals method is not defined for ArithmeticException but it is
+     * desirable to have equals return true if the expected and the result
+     * both threw the same exception (class and message.)
+     *
+     * @param result the result from testing the method
+     * @param expected the expected value
+     * @return true if the result is equal to the expected values; false otherwise.
+     */
+    static boolean resultEquals(Object result, Object expected) {
+        if (result.getClass() != expected.getClass()) {
+            fail("FAIL: Result type mismatch, %s; expected: %s%n",
+                    result.getClass().getName(), expected.getClass().getName());
+            return false;
+        }
+
+        if (result.equals(expected)) {
+            return true;
+        }
+        // Handle special case to compare ArithmeticExceptions
+        if (result instanceof ArithmeticException && expected instanceof ArithmeticException) {
+            ArithmeticException ae1 = (ArithmeticException)result;
+            ArithmeticException ae2 = (ArithmeticException)expected;
+            return ae1.getMessage().equals(ae2.getMessage());
+        }
+        return false;
+    }
+
+}
--- a/test/java/lang/invoke/BigArityTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/invoke/BigArityTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 /* @test
  * @summary High arity invocations, up to the maximum of 255 arguments
  * @compile BigArityTest.java
- * @run junit/othervm -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
  */
 
 package test.java.lang.invoke;
--- a/test/java/lang/invoke/CallSiteTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/invoke/CallSiteTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,7 +28,7 @@
  *
  * @build indify.Indify
  * @compile CallSiteTest.java
- * @run main/othervm
+ * @run main/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies
  *      indify.Indify
  *      --expand-properties --classpath ${test.classes}
  *      --java test.java.lang.invoke.CallSiteTest
--- a/test/java/lang/invoke/MethodHandlesTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/invoke/MethodHandlesTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 /* @test
  * @summary unit tests for java.lang.invoke.MethodHandles
  * @compile MethodHandlesTest.java remote/RemoteExample.java
- * @run junit/othervm test.java.lang.invoke.MethodHandlesTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa test.java.lang.invoke.MethodHandlesTest
  */
 
 package test.java.lang.invoke;
--- a/test/java/lang/invoke/RicochetTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/lang/invoke/RicochetTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -25,7 +25,7 @@
 
 /* @test
  * @summary unit tests for recursive method handles
- * @run junit/othervm -DRicochetTest.MAX_ARITY=50 test.java.lang.invoke.RicochetTest
+ * @run junit/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -DRicochetTest.MAX_ARITY=10 test.java.lang.invoke.RicochetTest
  */
 /*
  * @ignore The following test creates an unreasonable number of adapters in -Xcomp mode (7049122)
--- a/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,29 +27,16 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
-import java.nio.charset.*;
 import java.util.*;
 
 
 public class AdaptDatagramSocket {
 
     static java.io.PrintStream out = System.out;
-
     static Random rand = new Random();
 
-    static final int ECHO_PORT = 7;
-    static final int DISCARD_PORT = 9;
-    static final String REMOTE_HOST = TestUtil.HOST;
-
-    static final InetSocketAddress echoAddress
-        = new InetSocketAddress(REMOTE_HOST, ECHO_PORT);
-    static final InetSocketAddress discardAddress
-        = new InetSocketAddress(REMOTE_HOST, DISCARD_PORT);
-
     static String toString(DatagramPacket dp) {
         return ("DatagramPacket[off=" + dp.getOffset()
                 + ", len=" + dp.getLength()
@@ -88,10 +75,11 @@
         out.println("rtt: " + (System.currentTimeMillis() - start));
         out.println("post op: " + toString(op) + "  ip: " + toString(ip));
 
-        for (int i = 0; i < ip.getLength(); i++)
+        for (int i = 0; i < ip.getLength(); i++) {
             if (ip.getData()[ip.getOffset() + i]
                 != op.getData()[op.getOffset() + i])
                 throw new Exception("Incorrect data received");
+        }
 
         if (!(ip.getSocketAddress().equals(dst))) {
             throw new Exception("Incorrect sender address, expected: " + dst
@@ -130,8 +118,9 @@
             ds.setSoTimeout(timeout);
         out.println("timeout: " + ds.getSoTimeout());
 
-        for (int i = 0; i < 5; i++)
+        for (int i = 0; i < 5; i++) {
             test(ds, dst, shouldTimeout);
+        }
 
         // Leave the socket open so that we don't reuse the old src address
         //ds.close();
@@ -139,10 +128,23 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test(echoAddress, 0, false, false);
-        test(echoAddress, 0, false, true);
-        test(echoAddress, 5000, false, false);
-        test(discardAddress, 10, true, false);
+        // need an UDP echo server
+        try (TestServers.UdpEchoServer echoServer
+                = TestServers.UdpEchoServer.startNewServer(100)) {
+            final InetSocketAddress address
+                = new InetSocketAddress(echoServer.getAddress(),
+                                        echoServer.getPort());
+            test(address, 0, false, false);
+            test(address, 0, false, true);
+            test(address, 5000, false, false);
+        }
+        try (TestServers.UdpDiscardServer discardServer
+                = TestServers.UdpDiscardServer.startNewServer()) {
+            final InetSocketAddress address
+                = new InetSocketAddress(discardServer.getAddress(),
+                                        discardServer.getPort());
+            test(address, 10, true, false);
+        }
     }
 
 }
--- a/test/java/nio/channels/DatagramChannel/IsBound.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/test/java/nio/channels/DatagramChannel/IsBound.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,21 +34,25 @@
 
 public class IsBound {
     public static void main(String argv[]) throws Exception {
-        InetSocketAddress isa = new InetSocketAddress(
-            InetAddress.getByName(TestUtil.HOST), 13);
-        ByteBuffer bb = ByteBuffer.allocateDirect(256);
-        bb.put("hello".getBytes());
-        bb.flip();
+        try (TestServers.UdpDayTimeServer daytimeServer
+                = TestServers.UdpDayTimeServer.startNewServer(100)) {
+            InetSocketAddress isa = new InetSocketAddress(
+                daytimeServer.getAddress(),
+                daytimeServer.getPort());
+            ByteBuffer bb = ByteBuffer.allocateDirect(256);