changeset 10372:a31efe49556a jdk9-b25

Merge
author lana
date Wed, 30 Jul 2014 11:49:59 -0700
parents fdf4cac36ef0 87fac66a55b4
children ae38245f7a8b
files src/share/classes/sun/security/ec/CurveDB.java src/share/classes/sun/security/ec/ECParameters.java src/share/classes/sun/security/ec/NamedCurve.java test/sun/security/krb5/auto/KerberosHashEqualsTest.java test/sun/security/tools/keytool/weaksize.sh
diffstat 66 files changed, 3189 insertions(+), 1535 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Wed Jul 30 11:49:59 2014 -0700
@@ -55,7 +55,6 @@
       * Returns the CORBA object reference associated with a Remote
       * object by using the javax.rmi.CORBA package.
       *<p>
-      * Use reflection to avoid hard dependencies on javax.rmi.CORBA package.
       * This method effective does the following:
       *<blockquote><pre>
       * java.lang.Object stub;
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Wed Jul 30 11:49:59 2014 -0700
@@ -33,7 +33,10 @@
 import java.util.*;
 
 import javax.security.auth.*;
-import javax.security.auth.kerberos.*;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KeyTab;
 import javax.security.auth.callback.*;
 import javax.security.auth.login.*;
 import javax.security.auth.spi.*;
--- a/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java	Wed Jul 30 11:49:59 2014 -0700
@@ -36,33 +36,7 @@
 public interface ExtendedGSSContext extends GSSContext {
     /**
      * Return the mechanism-specific attribute associated with {@code type}.
-     * <br><br>
-     * For each supported attribute type, the type for the output are
-     * defined below.
-     * <ol>
-     * <li>{@code KRB5_GET_TKT_FLAGS}:
-     * the returned object is a boolean array for the service ticket flags,
-     * which is long enough to contain all true bits. This means if
-     * the user wants to get the <em>n</em>'th bit but the length of the
-     * returned array is less than <em>n</em>, it is regarded as false.
-     * <li>{@code KRB5_GET_SESSION_KEY}:
-     * the returned object is an instance of {@link java.security.Key},
-     * which has the following properties:
-     *    <ul>
-     *    <li>Algorithm: enctype as a string, where
-     *        enctype is defined in RFC 3961, section 8.
-     *    <li>Format: "RAW"
-     *    <li>Encoded form: the raw key bytes, not in any ASN.1 encoding
-     *    </ul>
-     * <li>{@code KRB5_GET_AUTHZ_DATA}:
-     * the returned object is an array of
-     * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the
-     * optional field is missing in the service ticket.
-     * <li>{@code KRB5_GET_AUTHTIME}:
-     * the returned object is a String object in the standard KerberosTime
-     * format defined in RFC 4120 5.2.3
-     * </ol>
-     *
+     * <p>
      * If there is a security manager, an {@link InquireSecContextPermission}
      * with the name {@code type.mech} must be granted. Otherwise, this could
      * result in a {@link SecurityException}.<p>
@@ -97,6 +71,7 @@
      * @throws SecurityException if a security manager exists and a proper
      *   {@link InquireSecContextPermission} is not granted.
      * @see InquireSecContextPermission
+     * @see InquireType
      */
     public Object inquireSecContext(InquireType type)
             throws GSSException;
--- a/src/share/classes/com/sun/security/jgss/InquireType.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/com/sun/security/jgss/InquireType.java	Wed Jul 30 11:49:59 2014 -0700
@@ -32,13 +32,38 @@
 @jdk.Exported
 public enum InquireType {
     /**
-     * Attribute type for retrieving the session key of an
-     * established Kerberos 5 security context.
+     * Attribute type for retrieving the session key of an established
+     * Kerberos 5 security context. The returned object is an instance of
+     * {@link java.security.Key}, which has the following properties:
+     *    <ul>
+     *    <li>Algorithm: enctype as a string, where
+     *        enctype is defined in RFC 3961, section 8.
+     *    <li>Format: "RAW"
+     *    <li>Encoded form: the raw key bytes, not in any ASN.1 encoding
+     *    </ul>
+     * @deprecated as of 1.9, replaced by {@link #KRB5_GET_SESSION_KEY_EX}
+     * which returns an instance of
+     * {@link sun.security.jgss.krb5.Krb5Context.EncryptionKey}
+     * that implements the {@link javax.crypto.SecretKey} interface and
+     * has similar methods with {@link javax.security.auth.kerberos.KerberosKey}.
      */
+    @Deprecated
     KRB5_GET_SESSION_KEY,
     /**
+     * Attribute type for retrieving the session key of an
+     * established Kerberos 5 security context. The return value is an
+     * instance of {@link javax.security.auth.kerberos.EncryptionKey}.
+     *
+     * @since 1.9
+     */
+    KRB5_GET_SESSION_KEY_EX,
+    /**
      * Attribute type for retrieving the service ticket flags of an
-     * established Kerberos 5 security context.
+     * established Kerberos 5 security context. The returned object is
+     * a boolean array for the service ticket flags, which is long enough
+     * to contain all true bits. This means if the user wants to get the
+     * <em>n</em>'th bit but the length of the returned array is less than
+     * <em>n</em>, it is regarded as false.
      */
     KRB5_GET_TKT_FLAGS,
     /**
@@ -49,7 +74,17 @@
     KRB5_GET_AUTHZ_DATA,
     /**
      * Attribute type for retrieving the authtime in the service ticket
-     * of an established Kerberos 5 security context.
+     * of an established Kerberos 5 security context. The returned object
+     * is a String object in the standard KerberosTime format defined in
+     * RFC 4120 Section 5.2.3.
      */
-    KRB5_GET_AUTHTIME
+    KRB5_GET_AUTHTIME,
+    /**
+     * Attribute type for retrieving the KRB_CRED message that an initiator
+     * is about to send to an acceptor. The return type is an instance of
+     * {@link javax.security.auth.kerberos.KerberosCredMessage}.
+     *
+     * @since 1.9
+     */
+    KRB5_GET_KRB_CRED,
 }
--- a/src/share/classes/java/lang/Integer.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/lang/Integer.java	Wed Jul 30 11:49:59 2014 -0700
@@ -26,6 +26,7 @@
 package java.lang;
 
 import java.lang.annotation.Native;
+import java.util.Objects;
 
 /**
  * The {@code Integer} class wraps a value of the primitive type
@@ -319,24 +320,27 @@
     }
 
     /**
-     * Format a long (treated as unsigned) into a character buffer.
+     * Format an {@code int} (treated as unsigned) into a character buffer. If
+     * {@code len} exceeds the formatted ASCII representation of {@code val},
+     * {@code buf} will be padded with leading zeroes.
+     *
      * @param val the unsigned int to format
      * @param shift the log2 of the base to format in (4 for hex, 3 for octal, 1 for binary)
      * @param buf the character buffer to write to
      * @param offset the offset in the destination buffer to start at
      * @param len the number of characters to write
-     * @return the lowest character  location used
      */
-     static int formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) {
-        int charPos = len;
+     static void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) {
+        // assert shift > 0 && shift <=5 : "Illegal shift value";
+        // assert offset >= 0 && offset < buf.length : "illegal offset";
+        // assert len > 0 && (offset + len) <= buf.length : "illegal length";
+        int charPos = offset + len;
         int radix = 1 << shift;
         int mask = radix - 1;
         do {
-            buf[offset + --charPos] = Integer.digits[val & mask];
+            buf[--charPos] = Integer.digits[val & mask];
             val >>>= shift;
-        } while (val != 0 && charPos > 0);
-
-        return charPos;
+        } while (charPos > offset);
     }
 
     final static char [] DigitTens = {
@@ -549,12 +553,9 @@
                                             " greater than Character.MAX_RADIX");
         }
 
-        int result = 0;
         boolean negative = false;
         int i = 0, len = s.length();
         int limit = -Integer.MAX_VALUE;
-        int multmin;
-        int digit;
 
         if (len > 0) {
             char firstChar = s.charAt(0);
@@ -562,21 +563,21 @@
                 if (firstChar == '-') {
                     negative = true;
                     limit = Integer.MIN_VALUE;
-                } else if (firstChar != '+')
+                } else if (firstChar != '+') {
                     throw NumberFormatException.forInputString(s);
+                }
 
-                if (len == 1) // Cannot have lone "+" or "-"
+                if (len == 1) { // Cannot have lone "+" or "-"
                     throw NumberFormatException.forInputString(s);
+                }
                 i++;
             }
-            multmin = limit / radix;
+            int multmin = limit / radix;
+            int result = 0;
             while (i < len) {
                 // Accumulating negatively avoids surprises near MAX_VALUE
-                digit = Character.digit(s.charAt(i++),radix);
-                if (digit < 0) {
-                    throw NumberFormatException.forInputString(s);
-                }
-                if (result < multmin) {
+                int digit = Character.digit(s.charAt(i++), radix);
+                if (digit < 0 || result < multmin) {
                     throw NumberFormatException.forInputString(s);
                 }
                 result *= radix;
@@ -585,10 +586,126 @@
                 }
                 result -= digit;
             }
+            return negative ? result : -result;
         } else {
             throw NumberFormatException.forInputString(s);
         }
-        return negative ? result : -result;
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as a signed {@code int} in the
+     * specified {@code radix}, beginning at the specified {@code beginIndex}
+     * and extending to the end of the sequence.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the {@code int}
+     *                  representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @return     the signed {@code int} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable {@code int} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static int parseInt(CharSequence s, int radix, int beginIndex)
+                throws NumberFormatException {
+        // forces an implicit null check of s
+        return parseInt(s, radix, beginIndex, s.length());
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as a signed {@code int} in the
+     * specified {@code radix}, beginning at the specified {@code beginIndex}
+     * and extending to {@code endIndex - 1}.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the {@code int}
+     *                  representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @param      endIndex     the ending index, exclusive.
+     * @return     the signed {@code int} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code endIndex} or if {@code endIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable {@code int} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static int parseInt(CharSequence s, int radix, int beginIndex, int endIndex)
+                throws NumberFormatException {
+        s = Objects.requireNonNull(s);
+
+        if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) {
+            throw new IndexOutOfBoundsException();
+        }
+        if (radix < Character.MIN_RADIX) {
+            throw new NumberFormatException("radix " + radix +
+                                            " less than Character.MIN_RADIX");
+        }
+        if (radix > Character.MAX_RADIX) {
+            throw new NumberFormatException("radix " + radix +
+                                            " greater than Character.MAX_RADIX");
+        }
+
+        boolean negative = false;
+        int i = beginIndex;
+        int limit = -Integer.MAX_VALUE;
+
+        if (i < endIndex) {
+            char firstChar = s.charAt(i);
+            if (firstChar < '0') { // Possible leading "+" or "-"
+                if (firstChar == '-') {
+                    negative = true;
+                    limit = Integer.MIN_VALUE;
+                } else if (firstChar != '+') {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                i++;
+                if (i == endIndex) { // Cannot have lone "+" or "-"
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+            }
+            int multmin = limit / radix;
+            int result = 0;
+            while (i < endIndex) {
+                // Accumulating negatively avoids surprises near MAX_VALUE
+                int digit = Character.digit(s.charAt(i++), radix);
+                if (digit < 0 || result < multmin) {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                result *= radix;
+                if (result < limit + digit) {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                result -= digit;
+            }
+            return negative ? result : -result;
+        } else {
+            throw NumberFormatException.forInputString("");
+        }
     }
 
     /**
@@ -689,6 +806,99 @@
     }
 
     /**
+     * Parses the {@link CharSequence} argument as an unsigned {@code int} in
+     * the specified {@code radix}, beginning at the specified
+     * {@code beginIndex} and extending to the end of the sequence.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the unsigned
+     *                 {@code int} representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @return     the unsigned {@code int} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable unsigned {@code int} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static int parseUnsignedInt(CharSequence s, int radix, int beginIndex)
+                throws NumberFormatException {
+        // forces an implicit null check of s
+        return parseUnsignedInt(s, radix, beginIndex, s.length());
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as an unsigned {@code int} in
+     * the specified {@code radix}, beginning at the specified
+     * {@code beginIndex} and extending to {@code endIndex - 1}.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the unsigned
+     *                 {@code int} representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @param      endIndex     the ending index, exclusive.
+     * @return     the unsigned {@code int} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code endIndex} or if {@code endIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable unsigned {@code int} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static int parseUnsignedInt(CharSequence s, int radix, int beginIndex, int endIndex)
+                throws NumberFormatException {
+        s = Objects.requireNonNull(s);
+
+        if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) {
+            throw new IndexOutOfBoundsException();
+        }
+        int start = beginIndex, len = endIndex - beginIndex;
+
+        if (len > 0) {
+            char firstChar = s.charAt(start);
+            if (firstChar == '-') {
+                throw new
+                    NumberFormatException(String.format("Illegal leading minus sign " +
+                                                       "on unsigned string %s.", s));
+            } else {
+                if (len <= 5 || // Integer.MAX_VALUE in Character.MAX_RADIX is 6 digits
+                        (radix == 10 && len <= 9)) { // Integer.MAX_VALUE in base 10 is 10 digits
+                    return parseInt(s, radix, start, start + len);
+                } else {
+                    long ell = Long.parseLong(s, radix, start, start + len);
+                    if ((ell & 0xffff_ffff_0000_0000L) == 0) {
+                        return (int) ell;
+                    } else {
+                        throw new
+                            NumberFormatException(String.format("String value %s exceeds " +
+                                                                "range of unsigned int.", s));
+                    }
+                }
+            }
+        } else {
+            throw new NumberFormatException("");
+        }
+    }
+
+    /**
      * Parses the string argument as an unsigned decimal integer. The
      * characters in the string must all be decimal digits, except
      * that the first character may be an an ASCII plus sign {@code
--- a/src/share/classes/java/lang/Long.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/lang/Long.java	Wed Jul 30 11:49:59 2014 -0700
@@ -27,6 +27,7 @@
 
 import java.lang.annotation.Native;
 import java.math.*;
+import java.util.Objects;
 
 
 /**
@@ -360,24 +361,27 @@
     }
 
     /**
-     * Format a long (treated as unsigned) into a character buffer.
+     * Format a long (treated as unsigned) into a character buffer. If
+     * {@code len} exceeds the formatted ASCII representation of {@code val},
+     * {@code buf} will be padded with leading zeroes.
+     *
      * @param val the unsigned long to format
      * @param shift the log2 of the base to format in (4 for hex, 3 for octal, 1 for binary)
      * @param buf the character buffer to write to
      * @param offset the offset in the destination buffer to start at
      * @param len the number of characters to write
-     * @return the lowest character location used
      */
-     static int formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) {
-        int charPos = len;
+     static void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) {
+        // assert shift > 0 && shift <=5 : "Illegal shift value";
+        // assert offset >= 0 && offset < buf.length : "illegal offset";
+        // assert len > 0 && (offset + len) <= buf.length : "illegal length";
+        int charPos = offset + len;
         int radix = 1 << shift;
         int mask = radix - 1;
         do {
-            buf[offset + --charPos] = Integer.digits[((int) val) & mask];
+            buf[--charPos] = Integer.digits[((int) val) & mask];
             val >>>= shift;
-        } while (val != 0 && charPos > 0);
-
-        return charPos;
+        } while (charPos > offset);
     }
 
     /**
@@ -561,12 +565,9 @@
                                             " greater than Character.MAX_RADIX");
         }
 
-        long result = 0;
         boolean negative = false;
         int i = 0, len = s.length();
         long limit = -Long.MAX_VALUE;
-        long multmin;
-        int digit;
 
         if (len > 0) {
             char firstChar = s.charAt(0);
@@ -574,21 +575,21 @@
                 if (firstChar == '-') {
                     negative = true;
                     limit = Long.MIN_VALUE;
-                } else if (firstChar != '+')
+                } else if (firstChar != '+') {
                     throw NumberFormatException.forInputString(s);
+                }
 
-                if (len == 1) // Cannot have lone "+" or "-"
+                if (len == 1) { // Cannot have lone "+" or "-"
                     throw NumberFormatException.forInputString(s);
+                }
                 i++;
             }
-            multmin = limit / radix;
+            long multmin = limit / radix;
+            long result = 0;
             while (i < len) {
                 // Accumulating negatively avoids surprises near MAX_VALUE
-                digit = Character.digit(s.charAt(i++),radix);
-                if (digit < 0) {
-                    throw NumberFormatException.forInputString(s);
-                }
-                if (result < multmin) {
+                int digit = Character.digit(s.charAt(i++),radix);
+                if (digit < 0 || result < multmin) {
                     throw NumberFormatException.forInputString(s);
                 }
                 result *= radix;
@@ -597,10 +598,126 @@
                 }
                 result -= digit;
             }
+            return negative ? result : -result;
         } else {
             throw NumberFormatException.forInputString(s);
         }
-        return negative ? result : -result;
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as a signed {@code long} in
+     * the specified {@code radix}, beginning at the specified {@code beginIndex}
+     * and extending to the end of the sequence.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the {@code long}
+     *                  representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @return     the signed {@code long} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable {@code long} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static long parseLong(CharSequence s, int radix, int beginIndex)
+            throws NumberFormatException {
+        // forces a null check of s
+        return parseLong(s, radix, beginIndex, s.length());
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as a signed {@code long} in
+     * the specified {@code radix}, beginning at the specified
+     * {@code beginIndex} and extending to {@code endIndex - 1}.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the {@code long}
+     *                  representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @param      endIndex     the ending index, exclusive.
+     * @return     the signed {@code long} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code endIndex} or if {@code endIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable {@code int} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static long parseLong(CharSequence s, int radix, int beginIndex, int endIndex)
+                throws NumberFormatException {
+        s = Objects.requireNonNull(s);
+
+        if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) {
+            throw new IndexOutOfBoundsException();
+        }
+        if (radix < Character.MIN_RADIX) {
+            throw new NumberFormatException("radix " + radix +
+                    " less than Character.MIN_RADIX");
+        }
+        if (radix > Character.MAX_RADIX) {
+            throw new NumberFormatException("radix " + radix +
+                    " greater than Character.MAX_RADIX");
+        }
+
+        boolean negative = false;
+        int i = beginIndex;
+        long limit = -Long.MAX_VALUE;
+
+        if (i < endIndex) {
+            char firstChar = s.charAt(i);
+            if (firstChar < '0') { // Possible leading "+" or "-"
+                if (firstChar == '-') {
+                    negative = true;
+                    limit = Long.MIN_VALUE;
+                } else if (firstChar != '+') {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                i++;
+            }
+            if (i >= endIndex) { // Cannot have lone "+", "-" or ""
+                throw NumberFormatException.forCharSequence(s, beginIndex,
+                        endIndex, i);
+            }
+            long multmin = limit / radix;
+            long result = 0;
+            while (i < endIndex) {
+                // Accumulating negatively avoids surprises near MAX_VALUE
+                int digit = Character.digit(s.charAt(i++), radix);
+                if (digit < 0 || result < multmin) {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                result *= radix;
+                if (result < limit + digit) {
+                    throw NumberFormatException.forCharSequence(s, beginIndex,
+                            endIndex, i);
+                }
+                result -= digit;
+            }
+            return negative ? result : -result;
+        } else {
+            throw new NumberFormatException("");
+        }
     }
 
     /**
@@ -694,7 +811,7 @@
                 }
 
                 // No need for range checks on len due to testing above.
-                long first = parseLong(s.substring(0, len - 1), radix);
+                long first = parseLong(s, radix, 0, len - 1);
                 int second = Character.digit(s.charAt(len - 1), radix);
                 if (second < 0) {
                     throw new NumberFormatException("Bad digit at end of " + s);
@@ -764,6 +881,155 @@
     }
 
     /**
+     * Parses the {@link CharSequence} argument as an unsigned {@code long} in
+     * the specified {@code radix}, beginning at the specified
+     * {@code beginIndex} and extending to the end of the sequence.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the unsigned
+     *                 {@code long} representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @return     the unsigned {@code long} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable unsigned {@code long} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static long parseUnsignedLong(CharSequence s, int radix, int beginIndex)
+                throws NumberFormatException {
+        // forces a null check of s
+        return parseUnsignedLong(s, radix, beginIndex, s.length());
+    }
+
+    /**
+     * Parses the {@link CharSequence} argument as an unsigned {@code long} in
+     * the specified {@code radix}, beginning at the specified
+     * {@code beginIndex} and extending to {@code endIndex - 1}.
+     *
+     * <p>The method does not take steps to guard against the
+     * {@code CharSequence} being mutated while parsing.
+     *
+     * @param      s   the {@code CharSequence} containing the unsigned
+     *                 {@code long} representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @param      beginIndex   the beginning index, inclusive.
+     * @param      endIndex     the ending index, exclusive.
+     * @return     the unsigned {@code long} represented by the subsequence in
+     *             the specified radix.
+     * @throws     NullPointerException  if {@code s} is null.
+     * @throws     IndexOutOfBoundsException  if {@code beginIndex} is
+     *             negative, or if {@code beginIndex} is greater than
+     *             {@code endIndex} or if {@code endIndex} is greater than
+     *             {@code s.length()}.
+     * @throws     NumberFormatException  if the {@code CharSequence} does not
+     *             contain a parsable unsigned {@code long} in the specified
+     *             {@code radix}, or if {@code radix} is either smaller than
+     *             {@link java.lang.Character#MIN_RADIX} or larger than
+     *             {@link java.lang.Character#MAX_RADIX}.
+     * @since  1.9
+     */
+    public static long parseUnsignedLong(CharSequence s, int radix, int beginIndex, int endIndex)
+                throws NumberFormatException {
+        s = Objects.requireNonNull(s);
+
+        if (beginIndex < 0 || beginIndex > endIndex || endIndex > s.length()) {
+            throw new IndexOutOfBoundsException();
+        }
+        int start = beginIndex, len = endIndex - beginIndex;
+
+        if (len > 0) {
+            char firstChar = s.charAt(start);
+            if (firstChar == '-') {
+                throw new NumberFormatException(String.format("Illegal leading minus sign " +
+                        "on unsigned string %s.", s.subSequence(start, start + len)));
+            } else {
+                if (len <= 12 || // Long.MAX_VALUE in Character.MAX_RADIX is 13 digits
+                    (radix == 10 && len <= 18) ) { // Long.MAX_VALUE in base 10 is 19 digits
+                    return parseLong(s, radix, start, start + len);
+                }
+
+                // No need for range checks on end due to testing above.
+                long first = parseLong(s, radix, start, start + len - 1);
+                int second = Character.digit(s.charAt(start + len - 1), radix);
+                if (second < 0) {
+                    throw new NumberFormatException("Bad digit at end of " +
+                            s.subSequence(start, start + len));
+                }
+                long result = first * radix + second;
+
+                /*
+                 * Test leftmost bits of multiprecision extension of first*radix
+                 * for overflow. The number of bits needed is defined by
+                 * GUARD_BIT = ceil(log2(Character.MAX_RADIX)) + 1 = 7. Then
+                 * int guard = radix*(int)(first >>> (64 - GUARD_BIT)) and
+                 * overflow is tested by splitting guard in the ranges
+                 * guard < 92, 92 <= guard < 128, and 128 <= guard, where
+                 * 92 = 128 - Character.MAX_RADIX. Note that guard cannot take
+                 * on a value which does not include a prime factor in the legal
+                 * radix range.
+                 */
+                int guard = radix * (int) (first >>> 57);
+                if (guard >= 128 ||
+                        (result >= 0 && guard >= 128 - Character.MAX_RADIX)) {
+                    /*
+                     * For purposes of exposition, the programmatic statements
+                     * below should be taken to be multi-precision, i.e., not
+                     * subject to overflow.
+                     *
+                     * A) Condition guard >= 128:
+                     * If guard >= 128 then first*radix >= 2^7 * 2^57 = 2^64
+                     * hence always overflow.
+                     *
+                     * B) Condition guard < 92:
+                     * Define left7 = first >>> 57.
+                     * Given first = (left7 * 2^57) + (first & (2^57 - 1)) then
+                     * result <= (radix*left7)*2^57 + radix*(2^57 - 1) + second.
+                     * Thus if radix*left7 < 92, radix <= 36, and second < 36,
+                     * then result < 92*2^57 + 36*(2^57 - 1) + 36 = 2^64 hence
+                     * never overflow.
+                     *
+                     * C) Condition 92 <= guard < 128:
+                     * first*radix + second >= radix*left7*2^57 + second
+                     * so that first*radix + second >= 92*2^57 + 0 > 2^63
+                     *
+                     * D) Condition guard < 128:
+                     * radix*first <= (radix*left7) * 2^57 + radix*(2^57 - 1)
+                     * so
+                     * radix*first + second <= (radix*left7) * 2^57 + radix*(2^57 - 1) + 36
+                     * thus
+                     * radix*first + second < 128 * 2^57 + 36*2^57 - radix + 36
+                     * whence
+                     * radix*first + second < 2^64 + 2^6*2^57 = 2^64 + 2^63
+                     *
+                     * E) Conditions C, D, and result >= 0:
+                     * C and D combined imply the mathematical result
+                     * 2^63 < first*radix + second < 2^64 + 2^63. The lower
+                     * bound is therefore negative as a signed long, but the
+                     * upper bound is too small to overflow again after the
+                     * signed long overflows to positive above 2^64 - 1. Hence
+                     * result >= 0 implies overflow given C and D.
+                     */
+                    throw new NumberFormatException(String.format("String value %s exceeds " +
+                            "range of unsigned long.", s.subSequence(start, start + len)));
+                }
+                return result;
+            }
+        } else {
+            throw NumberFormatException.forInputString("");
+        }
+    }
+
+    /**
      * Parses the string argument as an unsigned decimal {@code long}. The
      * characters in the string must all be decimal digits, except
      * that the first character may be an an ASCII plus sign {@code
--- a/src/share/classes/java/lang/NumberFormatException.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/lang/NumberFormatException.java	Wed Jul 30 11:49:59 2014 -0700
@@ -56,7 +56,7 @@
     }
 
     /**
-     * Factory method for making a <code>NumberFormatException</code>
+     * Factory method for making a {@code NumberFormatException}
      * given the specified input which caused the error.
      *
      * @param   s   the input causing the error
@@ -64,4 +64,20 @@
     static NumberFormatException forInputString(String s) {
         return new NumberFormatException("For input string: \"" + s + "\"");
     }
+
+    /**
+     * Factory method for making a {@code NumberFormatException}
+     * given the specified input which caused the error.
+     *
+     * @param   s   the input causing the error
+     * @param   beginIndex   the beginning index, inclusive.
+     * @param   endIndex     the ending index, exclusive.
+     * @param   errorIndex   the index of the first error in s
+     */
+    static NumberFormatException forCharSequence(CharSequence s,
+            int beginIndex, int endIndex, int errorIndex) {
+        return new NumberFormatException("Error at index "
+                + (errorIndex - beginIndex) + " in: \""
+                + s.subSequence(beginIndex, endIndex) + "\"");
+    }
 }
--- a/src/share/classes/java/lang/String.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/lang/String.java	Wed Jul 30 11:49:59 2014 -0700
@@ -2580,7 +2580,8 @@
         }
         for (int i = first; i < len; i++) {
             int cp = (int)value[i];
-            if (cp == '\u03A3') {                       // GREEK CAPITAL LETTER SIGMA
+            if (cp == '\u03A3' ||                       // GREEK CAPITAL LETTER SIGMA
+                Character.isSurrogate((char)cp)) {
                 return toLowerCaseEx(result, i, locale, false);
             }
             if (cp == '\u0130') {                       // LATIN CAPITAL LETTER I WITH DOT ABOVE
@@ -2742,7 +2743,11 @@
             return toUpperCaseEx(result, first, locale, false);
         }
         for (int i = first; i < len; i++) {
-            int cp = Character.toUpperCaseEx((int)value[i]);
+            int cp = (int)value[i];
+            if (Character.isSurrogate((char)cp)) {
+                return toUpperCaseEx(result, i, locale, false);
+            }
+            cp = Character.toUpperCaseEx(cp);
             if (!Character.isBmpCodePoint(cp)) {    // Character.ERROR is not bmp
                 return toUpperCaseEx(result, i, locale, false);
             }
--- a/src/share/classes/java/lang/System.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/lang/System.java	Wed Jul 30 11:49:59 2014 -0700
@@ -1263,6 +1263,12 @@
             public void invokeFinalize(Object o) throws Throwable {
                 o.finalize();
             }
+            public void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len) {
+                Long.formatUnsignedLong(val, shift, buf, offset, len);
+            }
+            public void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len) {
+                Integer.formatUnsignedInt(val, shift, buf, offset, len);
+            }
         });
     }
 }
--- a/src/share/classes/java/nio/StringCharBuffer.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/nio/StringCharBuffer.java	Wed Jul 30 11:49:59 2014 -0700
@@ -100,7 +100,7 @@
     }
 
     final String toString(int start, int end) {
-        return str.toString().substring(start + offset, end + offset);
+        return str.subSequence(start + offset, end + offset).toString();
     }
 
     public final CharBuffer subSequence(int start, int end) {
--- a/src/share/classes/java/util/UUID.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/util/UUID.java	Wed Jul 30 11:49:59 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,9 @@
 
 import java.security.*;
 
+import sun.misc.JavaLangAccess;
+import sun.misc.SharedSecrets;
+
 /**
  * A class that represents an immutable universally unique identifier (UUID).
  * A UUID represents a 128-bit value.
@@ -88,6 +91,8 @@
      */
     private final long leastSigBits;
 
+    private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess();
+
     /*
      * The random number generator used by this class to create random
      * based UUIDs. In a holder class to defer initialization until needed.
@@ -189,21 +194,35 @@
      *
      */
     public static UUID fromString(String name) {
-        String[] components = name.split("-");
-        if (components.length != 5)
-            throw new IllegalArgumentException("Invalid UUID string: "+name);
-        for (int i=0; i<5; i++)
-            components[i] = "0x"+components[i];
+        if (name.length() > 36) {
+            throw new IllegalArgumentException("UUID string too large");
+        }
 
-        long mostSigBits = Long.decode(components[0]).longValue();
+        int dash1 = name.indexOf('-', 0);
+        int dash2 = name.indexOf('-', dash1 + 1);
+        int dash3 = name.indexOf('-', dash2 + 1);
+        int dash4 = name.indexOf('-', dash3 + 1);
+        int dash5 = name.indexOf('-', dash4 + 1);
+
+        // For any valid input, dash1 through dash4 will be positive and dash5
+        // negative, but it's enough to check dash4 and dash5:
+        // - if dash1 is -1, dash4 will be -1
+        // - if dash1 is positive but dash2 is -1, dash4 will be -1
+        // - if dash1 and dash2 is positive, dash3 will be -1, dash4 will be
+        //   positive, but so will dash5
+        if (dash4 < 0 || dash5 >= 0) {
+            throw new IllegalArgumentException("Invalid UUID string: " + name);
+        }
+
+        long mostSigBits = Long.parseLong(name, 16, 0, dash1) & 0xffffffffL;
         mostSigBits <<= 16;
-        mostSigBits |= Long.decode(components[1]).longValue();
+        mostSigBits |= Long.parseLong(name, 16, dash1 + 1, dash2) & 0xffffL;
         mostSigBits <<= 16;
-        mostSigBits |= Long.decode(components[2]).longValue();
+        mostSigBits |= Long.parseLong(name, 16, dash2 + 1, dash3) & 0xffffL;
 
-        long leastSigBits = Long.decode(components[3]).longValue();
+        long leastSigBits = Long.parseLong(name, 16, dash3 + 1, dash4) & 0xffffL;
         leastSigBits <<= 48;
-        leastSigBits |= Long.decode(components[4]).longValue();
+        leastSigBits |= Long.parseLong(name, 16, dash4 + 1) & 0xffffffffffffL;
 
         return new UUID(mostSigBits, leastSigBits);
     }
@@ -373,17 +392,17 @@
      * @return  A string representation of this {@code UUID}
      */
     public String toString() {
-        return (digits(mostSigBits >> 32, 8) + "-" +
-                digits(mostSigBits >> 16, 4) + "-" +
-                digits(mostSigBits, 4) + "-" +
-                digits(leastSigBits >> 48, 4) + "-" +
-                digits(leastSigBits, 12));
-    }
-
-    /** Returns val represented by the specified number of hex digits. */
-    private static String digits(long val, int digits) {
-        long hi = 1L << (digits * 4);
-        return Long.toHexString(hi | (val & (hi - 1))).substring(1);
+        char[] chars = new char[36];
+        jla.formatUnsignedLong(mostSigBits >> 32, 4, chars, 0, 8);
+        chars[8] = '-';
+        jla.formatUnsignedLong(mostSigBits >> 16, 4, chars, 9, 4);
+        chars[13] = '-';
+        jla.formatUnsignedLong(mostSigBits, 4, chars, 14, 4);
+        chars[18] = '-';
+        jla.formatUnsignedLong(leastSigBits >> 48, 4, chars, 19, 4);
+        chars[23] = '-';
+        jla.formatUnsignedLong(leastSigBits, 4, chars, 24, 12);
+        return jla.newStringUnsafe(chars);
     }
 
     /**
--- a/src/share/classes/java/util/package.html	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/java/util/package.html	Wed Jul 30 11:49:59 2014 -0700
@@ -43,7 +43,7 @@
 <h2>Related Documentation</h2>
 For overviews, tutorials, examples, guides, and tool documentation, please see:
 <ul>
-    <li><a href="http://www.java.sun.com/docs/books/tutorial/collections/">
+    <li><a href="http://docs.oracle.com/javase/tutorial/collections/index.html">
        <b>Collections Framework Tutorial</b></a>
     <li><a
     href="../../../technotes/guides/collections/designfaq.html"><b>Collections
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/javax/security/auth/kerberos/EncryptionKey.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package javax.security.auth.kerberos;
+
+import java.util.Arrays;
+import java.util.Objects;
+import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
+
+/**
+ * This class encapsulates an EncryptionKey used in Kerberos.<p>
+ *
+ * An EncryptionKey is defined in Section 4.2.9 of the Kerberos Protocol
+ * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as:
+ * <pre>
+ *     EncryptionKey   ::= SEQUENCE {
+ *             keytype         [0] Int32 -- actually encryption type --,
+ *             keyvalue        [1] OCTET STRING
+ *     }
+ * </pre>
+ * The key material of an {@code EncryptionKey} is defined as the value
+ * of the {@code keyValue} above.<p>
+ *
+ * @since 1.9
+ */
+public final class EncryptionKey implements SecretKey {
+
+    private static final long serialVersionUID = 9L;
+
+   /**
+    * {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes
+    * of the encryption key.
+    *
+    * @serial
+    */
+    final private KeyImpl key;
+
+    private transient boolean destroyed = false;
+
+    /**
+     * Constructs a {@code EncryptionKey} from the given bytes and
+     * the key type.
+     * <p>
+     * The contents of the byte array are copied; subsequent modification of
+     * the byte array does not affect the newly created key.
+     *
+     * @param keyBytes the key material for the key
+     * @param keyType the key type for the key as defined by the
+     *                Kerberos protocol specification.
+     * @throws NullPointerException if keyBytes is null
+     */
+    public EncryptionKey(byte[] keyBytes, int keyType) {
+        key = new KeyImpl(Objects.requireNonNull(keyBytes), keyType);
+    }
+
+    /**
+     * Returns the key type for this key.
+     *
+     * @return the key type.
+     * @throws IllegalStateException if the key is destroyed
+     */
+    public int getKeyType() {
+        // KeyImpl already checked if destroyed
+        return key.getKeyType();
+    }
+
+    /*
+     * Methods from java.security.Key
+     */
+
+    /**
+     * Returns the standard algorithm name for this key. The algorithm names
+     * are the encryption type string defined on the IANA
+     * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a>
+     * page.
+     * <p>
+     * This method can return the following value not defined on the IANA page:
+     * <ol>
+     *     <li>none: for etype equal to 0</li>
+     *     <li>unknown: for etype greater than 0 but unsupported by
+     *         the implementation</li>
+     *     <li>private: for etype smaller than 0</li>
+     * </ol>
+     *
+     * @return the name of the algorithm associated with this key.
+     * @throws IllegalStateException if the key is destroyed
+     */
+    @Override
+    public String getAlgorithm() {
+        // KeyImpl already checked if destroyed
+        return key.getAlgorithm();
+    }
+
+    /**
+     * Returns the name of the encoding format for this key.
+     *
+     * @return the String "RAW"
+     * @throws IllegalStateException if the key is destroyed
+     */
+    @Override
+    public String getFormat() {
+        // KeyImpl already checked if destroyed
+        return key.getFormat();
+    }
+
+    /**
+     * Returns the key material of this key.
+     *
+     * @return a newly allocated byte array that contains the key material
+     * @throws IllegalStateException if the key is destroyed
+     */
+    @Override
+    public byte[] getEncoded() {
+        // KeyImpl already checked if destroyed
+        return key.getEncoded();
+    }
+
+    /**
+     * Destroys this key by clearing out the key material of this key.
+     *
+     * @throws DestroyFailedException if some error occurs while destorying
+     * this key.
+     */
+    @Override
+    public void destroy() throws DestroyFailedException {
+        if (!destroyed) {
+            key.destroy();
+            destroyed = true;
+        }
+    }
+
+
+    @Override
+    public boolean isDestroyed() {
+        return destroyed;
+    }
+
+    @Override
+    public String toString() {
+        if (destroyed) {
+            return "Destroyed EncryptionKey";
+        }
+        return "key "  + key.toString();
+    }
+
+    @Override
+    public int hashCode() {
+        int result = 17;
+        if (isDestroyed()) {
+            return result;
+        }
+        result = 37 * result + Arrays.hashCode(getEncoded());
+        return 37 * result + getKeyType();
+    }
+
+    /**
+     * Compares the specified Object with this key for equality.
+     * Returns true if the given object is also a
+     * {@code EncryptionKey} and the two
+     * {@code EncryptionKey} instances are equivalent.
+     *
+     * @param other the Object to compare to
+     * @return true if the specified object is equal to this EncryptionKey,
+     * false otherwise. NOTE: Returns false if either of the EncryptionKey
+     * objects has been destroyed.
+     */
+    @Override
+    public boolean equals(Object other) {
+
+        if (other == this)
+            return true;
+
+        if (! (other instanceof EncryptionKey)) {
+            return false;
+        }
+
+        EncryptionKey otherKey = ((EncryptionKey) other);
+        if (isDestroyed() || otherKey.isDestroyed()) {
+            return false;
+        }
+
+        return getKeyType() == otherKey.getKeyType()
+                && Arrays.equals(getEncoded(), otherKey.getEncoded());
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package javax.security.auth.kerberos;
+
+import javax.security.auth.Destroyable;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Objects;
+
+/**
+ * This class encapsulates a Kerberos 5 KRB_CRED message which can be used to
+ * send Kerberos credentials from one principal to another.<p>
+ *
+ * A KRB_CRED message is defined in Section 5.8.1 of the Kerberos Protocol
+ * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as:
+ * <pre>
+ *    KRB-CRED        ::= [APPLICATION 22] SEQUENCE {
+ *            pvno            [0] INTEGER (5),
+ *            msg-type        [1] INTEGER (22),
+ *            tickets         [2] SEQUENCE OF Ticket,
+ *            enc-part        [3] EncryptedData -- EncKrbCredPart
+ *    }
+ * </pre><p>
+ *
+ * @since 1.9
+ */
+public final class KerberosCredMessage implements Destroyable {
+
+    final private KerberosPrincipal sender;
+    final private KerberosPrincipal recipient;
+    final private byte[] message;
+
+    private boolean destroyed = false;
+
+    /**
+     * Constructs a {@code KerberosCredMessage} object.
+     * <p>
+     * The contents of the {@code message} argument are copied; subsequent
+     * modification of the byte array does not affect the newly created object.
+     *
+     * @param sender the sender of the message
+     * @param recipient the recipient of the message
+     * @param message the DER encoded KRB_CRED message
+     * @throws NullPointerException if any of sender, recipient
+     *                              or message is null
+     */
+    public KerberosCredMessage(KerberosPrincipal sender,
+                               KerberosPrincipal recipient,
+                               byte[] message) {
+        this.sender = Objects.requireNonNull(sender);
+        this.recipient = Objects.requireNonNull(recipient);
+        this.message = Objects.requireNonNull(message).clone();
+    }
+
+    /**
+     * Returns the DER encoded form of the KRB_CRED message.
+     *
+     * @return a newly allocated byte array that contains the encoded form
+     * @throws IllegalStateException if the object is destroyed
+     */
+    public byte[] getEncoded() {
+        if (destroyed) {
+            throw new IllegalStateException("This object is no longer valid");
+        }
+        return message.clone();
+    }
+
+    /**
+     * Returns the sender of this message.
+     *
+     * @return the sender
+     * @throws IllegalStateException if the object is destroyed
+     */
+    public KerberosPrincipal getSender() {
+        if (destroyed) {
+            throw new IllegalStateException("This object is no longer valid");
+        }
+        return sender;
+    }
+
+    /**
+     * Returns the recipient of this message.
+     *
+     * @return the recipient
+     * @throws IllegalStateException if the object is destroyed
+     */
+    public KerberosPrincipal getRecipient() {
+        if (destroyed) {
+            throw new IllegalStateException("This object is no longer valid");
+        }
+        return recipient;
+    }
+
+    /**
+     * Destroys this object by clearing out the message.
+     */
+    @Override
+    public void destroy() {
+        if (!destroyed) {
+            Arrays.fill(message, (byte)0);
+            destroyed = true;
+        }
+    }
+
+    @Override
+    public boolean isDestroyed() {
+        return destroyed;
+    }
+
+    @Override
+    public String toString() {
+        if (destroyed) {
+            return "Destroyed KerberosCredMessage";
+        } else {
+            return "KRB_CRED from " + sender + " to " + recipient + ":\n"
+                    + Base64.getUrlEncoder().encodeToString(message);
+        }
+    }
+
+    @Override
+    public int hashCode() {
+        if (isDestroyed()) {
+            return -1;
+        } else {
+            return Objects.hash(sender, recipient, Arrays.hashCode(message));
+        }
+    }
+
+    @Override
+    public boolean equals(Object other) {
+        if (other == this) {
+            return true;
+        }
+
+        if (! (other instanceof KerberosCredMessage)) {
+            return false;
+        }
+
+        KerberosCredMessage otherMessage = ((KerberosCredMessage) other);
+        if (isDestroyed() || otherMessage.isDestroyed()) {
+            return false;
+        }
+
+        return Objects.equals(sender, otherMessage.sender)
+                && Objects.equals(recipient, otherMessage.recipient)
+                && Arrays.equals(message, otherMessage.message);
+    }
+}
--- a/src/share/classes/javax/security/auth/kerberos/KerberosKey.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/javax/security/auth/kerberos/KerberosKey.java	Wed Jul 30 11:49:59 2014 -0700
@@ -27,13 +27,27 @@
 
 import java.util.Arrays;
 import javax.crypto.SecretKey;
-import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;
 
 /**
  * This class encapsulates a long term secret key for a Kerberos
  * principal.<p>
  *
+ * A {@code KerberosKey} object includes an EncryptionKey, a
+ * {@link KerberosPrincipal} as its owner, and the version number
+ * of the key.<p>
+ *
+ * An EncryptionKey is defined in Section 4.2.9 of the Kerberos Protocol
+ * Specification (<a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>) as:
+ * <pre>
+ *     EncryptionKey   ::= SEQUENCE {
+ *             keytype         [0] Int32 -- actually encryption type --,
+ *             keyvalue        [1] OCTET STRING
+ *     }
+ * </pre>
+ * The key material of a {@code KerberosKey} is defined as the value
+ * of the {@code keyValue} above.<p>
+ *
  * All Kerberos JAAS login modules that obtain a principal's password and
  * generate the secret key from it should use this class.
  * Sometimes, such as when authenticating a server in
@@ -70,7 +84,7 @@
  * @author Mayank Upadhyay
  * @since 1.4
  */
-public class KerberosKey implements SecretKey, Destroyable {
+public class KerberosKey implements SecretKey {
 
     private static final long serialVersionUID = -4625402278148246993L;
 
@@ -89,15 +103,8 @@
     private final int versionNum;
 
    /**
-    * {@code KeyImpl} is serialized by writing out the ASN1 Encoded bytes
+    * {@code KeyImpl} is serialized by writing out the ASN.1 encoded bytes
     * of the encryption key.
-    * The ASN1 encoding is defined in RFC4120 and as  follows:
-    * <pre>
-    * EncryptionKey   ::= SEQUENCE {
-    *           keytype   [0] Int32 -- actually encryption type --,
-    *           keyvalue  [1] OCTET STRING
-    * }
-    * </pre>
     *
     * @serial
     */
@@ -111,7 +118,7 @@
      * key information from a Kerberos "keytab".
      *
      * @param principal the principal that this secret key belongs to
-     * @param keyBytes the raw bytes for the secret key
+     * @param keyBytes the key material for the secret key
      * @param keyType the key type for the secret key as defined by the
      * Kerberos protocol specification.
      * @param versionNum the version number of this secret key
@@ -153,10 +160,12 @@
      * Returns the principal that this key belongs to.
      *
      * @return the principal this key belongs to.
+     * @throws IllegalStateException if the key is destroyed
      */
     public final KerberosPrincipal getPrincipal() {
-        if (destroyed)
+        if (destroyed) {
             throw new IllegalStateException("This key is no longer valid");
+        }
         return principal;
     }
 
@@ -164,10 +173,12 @@
      * Returns the key version number.
      *
      * @return the key version number.
+     * @throws IllegalStateException if the key is destroyed
      */
     public final int getVersionNumber() {
-        if (destroyed)
+        if (destroyed) {
             throw new IllegalStateException("This key is no longer valid");
+        }
         return versionNum;
     }
 
@@ -175,10 +186,10 @@
      * Returns the key type for this long-term key.
      *
      * @return the key type.
+     * @throws IllegalStateException if the key is destroyed
      */
     public final int getKeyType() {
-        if (destroyed)
-            throw new IllegalStateException("This key is no longer valid");
+        // KeyImpl already checked if destroyed
         return key.getKeyType();
     }
 
@@ -201,10 +212,10 @@
      * </ol>
      *
      * @return the name of the algorithm associated with this key.
+     * @throws IllegalStateException if the key is destroyed
      */
     public final String getAlgorithm() {
-        if (destroyed)
-            throw new IllegalStateException("This key is no longer valid");
+        // KeyImpl already checked if destroyed
         return key.getAlgorithm();
     }
 
@@ -212,10 +223,10 @@
      * Returns the name of the encoding format for this secret key.
      *
      * @return the String "RAW"
+     * @throws IllegalStateException if the key is destroyed
      */
     public final String getFormat() {
-        if (destroyed)
-            throw new IllegalStateException("This key is no longer valid");
+        // KeyImpl already checked if destroyed
         return key.getFormat();
     }
 
@@ -223,16 +234,15 @@
      * Returns the key material of this secret key.
      *
      * @return the key material
+     * @throws IllegalStateException if the key is destroyed
      */
     public final byte[] getEncoded() {
-        if (destroyed)
-            throw new IllegalStateException("This key is no longer valid");
+        // KeyImpl already checked if destroyed
         return key.getEncoded();
     }
 
     /**
-     * Destroys this key. A call to any of its other methods after this
-     * will cause an  IllegalStateException to be thrown.
+     * Destroys this key by clearing out the key material of this secret key.
      *
      * @throws DestroyFailedException if some error occurs while destorying
      * this key.
@@ -253,9 +263,9 @@
 
     public String toString() {
         if (destroyed) {
-            return "Destroyed Principal";
+            return "Destroyed KerberosKey";
         }
-        return "Kerberos Principal " + principal.toString() +
+        return "Kerberos Principal " + principal +
                 "Key Version " + versionNum +
                 "key "  + key.toString();
     }
@@ -293,8 +303,9 @@
      */
     public boolean equals(Object other) {
 
-        if (other == this)
+        if (other == this) {
             return true;
+        }
 
         if (! (other instanceof KerberosKey)) {
             return false;
--- a/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/javax/security/auth/kerberos/KerberosTicket.java	Wed Jul 30 11:49:59 2014 -0700
@@ -35,9 +35,6 @@
 import javax.security.auth.RefreshFailedException;
 import javax.security.auth.DestroyFailedException;
 import sun.misc.HexDumpEncoder;
-import sun.security.krb5.EncryptionKey;
-import sun.security.krb5.Asn1Exception;
-import sun.security.util.*;
 
 /**
  * This class encapsulates a Kerberos ticket and associated
@@ -253,9 +250,10 @@
                          Date endTime,
                          Date renewTill,
                          InetAddress[] clientAddresses) {
-        if (sessionKey == null)
-           throw new IllegalArgumentException("Session key for ticket"
-                                              + " cannot be null");
+        if (sessionKey == null) {
+            throw new IllegalArgumentException("Session key for ticket"
+                    + " cannot be null");
+        }
         init(asn1Encoding, client, server,
              new KeyImpl(sessionKey, keyType), flags, authTime,
              startTime, endTime, renewTill, clientAddresses);
@@ -271,41 +269,46 @@
                          Date endTime,
                          Date renewTill,
                          InetAddress[] clientAddresses) {
-        if (asn1Encoding == null)
-           throw new IllegalArgumentException("ASN.1 encoding of ticket"
-                                              + " cannot be null");
+        if (asn1Encoding == null) {
+            throw new IllegalArgumentException("ASN.1 encoding of ticket"
+                    + " cannot be null");
+        }
         this.asn1Encoding = asn1Encoding.clone();
 
-        if (client == null)
-           throw new IllegalArgumentException("Client name in ticket"
-                                              + " cannot be null");
+        if (client == null) {
+            throw new IllegalArgumentException("Client name in ticket"
+                    + " cannot be null");
+        }
         this.client = client;
 
-        if (server == null)
-           throw new IllegalArgumentException("Server name in ticket"
-                                              + " cannot be null");
+        if (server == null) {
+            throw new IllegalArgumentException("Server name in ticket"
+                    + " cannot be null");
+        }
         this.server = server;
 
         // Caller needs to make sure `sessionKey` will not be null
         this.sessionKey = sessionKey;
 
         if (flags != null) {
-           if (flags.length >= NUM_FLAGS)
-                this.flags = flags.clone();
-           else {
+           if (flags.length >= NUM_FLAGS) {
+               this.flags = flags.clone();
+           } else {
                 this.flags = new boolean[NUM_FLAGS];
                 // Fill in whatever we have
-                for (int i = 0; i < flags.length; i++)
+                for (int i = 0; i < flags.length; i++) {
                     this.flags[i] = flags[i];
+                }
            }
-        } else
-           this.flags = new boolean[NUM_FLAGS];
+        } else {
+            this.flags = new boolean[NUM_FLAGS];
+        }
 
         if (this.flags[RENEWABLE_TICKET_FLAG]) {
-           if (renewTill == null)
-                throw new IllegalArgumentException("The renewable period "
+           if (renewTill == null) {
+               throw new IllegalArgumentException("The renewable period "
                        + "end time cannot be null for renewable tickets.");
-
+           }
            this.renewTill = new Date(renewTill.getTime());
         }
 
@@ -318,13 +321,15 @@
             this.startTime = this.authTime;
         }
 
-        if (endTime == null)
-           throw new IllegalArgumentException("End time for ticket validity"
-                                              + " cannot be null");
+        if (endTime == null) {
+            throw new IllegalArgumentException("End time for ticket validity"
+                    + " cannot be null");
+        }
         this.endTime = new Date(endTime.getTime());
 
-        if (clientAddresses != null)
-           this.clientAddresses = clientAddresses.clone();
+        if (clientAddresses != null) {
+            this.clientAddresses = clientAddresses.clone();
+        }
     }
 
     /**
@@ -346,14 +351,17 @@
     }
 
     /**
-     * Returns the session key associated with this ticket.
+     * Returns the session key associated with this ticket. The return value
+     * is always a {@link EncryptionKey} object.
      *
      * @return the session key.
      */
     public final SecretKey getSessionKey() {
-        if (destroyed)
+        if (destroyed) {
             throw new IllegalStateException("This ticket is no longer valid");
-        return sessionKey;
+        }
+        return new EncryptionKey(
+                sessionKey.getEncoded(), sessionKey.getKeyType());
     }
 
     /**
@@ -366,8 +374,9 @@
      * @see #getSessionKey()
      */
     public final int getSessionKeyType() {
-        if (destroyed)
+        if (destroyed) {
             throw new IllegalStateException("This ticket is no longer valid");
+        }
         return sessionKey.getKeyType();
     }
 
@@ -508,8 +517,9 @@
      * @return an ASN.1 encoding of the entire ticket.
      */
     public final byte[] getEncoded() {
-        if (destroyed)
+        if (destroyed) {
             throw new IllegalStateException("This ticket is no longer valid");
+        }
         return asn1Encoding.clone();
     }
 
@@ -539,16 +549,17 @@
      */
     public void refresh() throws RefreshFailedException {
 
-        if (destroyed)
+        if (destroyed) {
             throw new RefreshFailedException("A destroyed ticket "
-                                             + "cannot be renewd.");
-
-        if (!isRenewable())
+                    + "cannot be renewd.");
+        }
+        if (!isRenewable()) {
             throw new RefreshFailedException("This ticket is not renewable");
-
-        if (System.currentTimeMillis() > getRenewTill().getTime())
+        }
+        if (System.currentTimeMillis() > getRenewTill().getTime()) {
             throw new RefreshFailedException("This ticket is past "
-                                             + "its last renewal time.");
+                                           + "its last renewal time.");
+        }
         Throwable e = null;
         sun.security.krb5.Credentials krb5Creds = null;
 
@@ -634,8 +645,9 @@
     }
 
     public String toString() {
-        if (destroyed)
-            throw new IllegalStateException("This ticket is no longer valid");
+        if (destroyed) {
+            return "Destroyed KerberosTicket";
+        }
         StringBuilder caddrString = new StringBuilder();
         if (clientAddresses != null) {
             for (int i = 0; i < clientAddresses.length; i++) {
@@ -715,8 +727,9 @@
      */
     public boolean equals(Object other) {
 
-        if (other == this)
+        if (other == this) {
             return true;
+        }
 
         if (! (other instanceof KerberosTicket)) {
             return false;
@@ -731,7 +744,7 @@
                 !endTime.equals(otherTicket.getEndTime()) ||
                 !server.equals(otherTicket.getServer()) ||
                 !client.equals(otherTicket.getClient()) ||
-                !sessionKey.equals(otherTicket.getSessionKey()) ||
+                !sessionKey.equals(otherTicket.sessionKey) ||
                 !Arrays.equals(clientAddresses, otherTicket.getClientAddresses()) ||
                 !Arrays.equals(flags, otherTicket.getFlags())) {
             return false;
@@ -739,35 +752,41 @@
 
         // authTime may be null
         if (authTime == null) {
-            if (otherTicket.getAuthTime() != null)
+            if (otherTicket.getAuthTime() != null) {
                 return false;
+            }
         } else {
-            if (!authTime.equals(otherTicket.getAuthTime()))
+            if (!authTime.equals(otherTicket.getAuthTime())) {
                 return false;
+            }
         }
 
         // startTime may be null
         if (startTime == null) {
-            if (otherTicket.getStartTime() != null)
+            if (otherTicket.getStartTime() != null) {
                 return false;
+            }
         } else {
-            if (!startTime.equals(otherTicket.getStartTime()))
+            if (!startTime.equals(otherTicket.getStartTime())) {
                 return false;
+            }
         }
 
         if (renewTill == null) {
-            if (otherTicket.getRenewTill() != null)
+            if (otherTicket.getRenewTill() != null) {
                 return false;
+            }
         } else {
-            if (!renewTill.equals(otherTicket.getRenewTill()))
+            if (!renewTill.equals(otherTicket.getRenewTill())) {
                 return false;
+            }
         }
 
         return true;
     }
 
     private void readObject(ObjectInputStream s)
-        throws IOException, ClassNotFoundException {
+            throws IOException, ClassNotFoundException {
         s.defaultReadObject();
         if (sessionKey == null) {
            throw new InvalidObjectException("Session key cannot be null");
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java	Wed Jul 30 11:49:59 2014 -0700
@@ -364,7 +364,7 @@
         }
 
         void getMethods() throws ClassNotFoundException, NoSuchMethodException {
-            Class<?> c  = Class.forName("sun.security.ec.ECParameters");
+            Class<?> c  = Class.forName("sun.security.util.ECParameters");
             Class<?>[] params = new Class<?>[] { ECPoint.class,
                                                  EllipticCurve.class };
             encodePoint = c.getMethod("encodePoint", params);
@@ -372,7 +372,7 @@
             getCurveName = c.getMethod("getCurveName", params);
             params = new Class<?>[] { byte[].class, EllipticCurve.class };
             decodePoint = c.getMethod("decodePoint", params);
-            c  = Class.forName("sun.security.ec.NamedCurve");
+            c  = Class.forName("sun.security.util.NamedCurve");
             params = new Class<?>[] { String.class };
             getECParameterSpec = c.getMethod("getECParameterSpec", params);
         }
@@ -477,7 +477,7 @@
                 throw new MarshalException(ite);
             }
 /*
-                ecPoint = sun.security.ec.ECParameters.decodePoint(
+                ecPoint = sun.security.util.ECParameters.decodePoint(
                     Base64.decode(curElem), ecParams.getCurve());
 */
             ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParams);
--- a/src/share/classes/sun/misc/JavaLangAccess.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/misc/JavaLangAccess.java	Wed Jul 30 11:49:59 2014 -0700
@@ -132,4 +132,14 @@
      * Invokes the finalize method of the given object.
      */
     void invokeFinalize(Object o) throws Throwable;
+
+    /**
+     * Invokes Long.formatUnsignedLong(long val, int shift, char[] buf, int offset, int len)
+     */
+    void formatUnsignedLong(long val, int shift, char[] buf, int offset, int len);
+
+    /**
+     * Invokes Integer.formatUnsignedInt(long val, int shift, char[] buf, int offset, int len)
+     */
+    void formatUnsignedInt(int val, int shift, char[] buf, int offset, int len);
 }
--- a/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/nio/cs/ext/ExtendedCharsets.java	Wed Jul 30 11:49:59 2014 -0700
@@ -1173,8 +1173,7 @@
         if (!sun.misc.VM.isBooted())
             return;
 
-        String map = AccessController.doPrivileged(
-            (PrivilegedAction<String>) () -> System.getProperty("sun.nio.cs.map"));
+        String map = getProperty("sun.nio.cs.map");
         boolean sjisIsMS932 = false;
         boolean iso2022jpIsMS50221 = false;
         boolean iso2022jpIsMS50220 = false;
@@ -1294,8 +1293,7 @@
 
             }
         }
-        String osName = AccessController.doPrivileged(
-            (PrivilegedAction<String>) () -> System.getProperty("os.name"));
+        String osName = getProperty("os.name");
         if ("SunOS".equals(osName) || "Linux".equals(osName) || "AIX".equals(osName)
                || osName.contains("OS X")) {
             charset("x-COMPOUND_TEXT", "COMPOUND_TEXT",
@@ -1308,6 +1306,18 @@
         initialized = true;
     }
 
+    private static String getProperty(String key) {
+        // this method may be called during initialization of
+        // system class loader and thus not using lambda
+        return AccessController.doPrivileged(
+            new PrivilegedAction<String>() {
+                @Override
+                public String run() {
+                    return System.getProperty(key);
+                }
+            });
+    }
+
     public static String[] aliasesFor(String charsetName) {
         if (instance == null)
             return null;
--- a/src/share/classes/sun/security/ec/CurveDB.java	Fri Jul 25 15:38:10 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,669 +0,0 @@
-/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.math.BigInteger;
-
-import java.security.spec.*;
-
-import java.util.*;
-import java.util.regex.Pattern;
-
-/**
- * Repository for well-known Elliptic Curve parameters. It is used by both
- * the SunPKCS11 and SunJSSE code.
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-public class CurveDB {
-    private final static int P  = 1; // prime curve
-    private final static int B  = 2; // binary curve
-    private final static int PD = 5; // prime curve, mark as default
-    private final static int BD = 6; // binary curve, mark as default
-
-    private static final Map<String,NamedCurve> oidMap =
-        new LinkedHashMap<String,NamedCurve>();
-    private static final Map<String,NamedCurve> nameMap =
-        new HashMap<String,NamedCurve>();
-    private static final Map<Integer,NamedCurve> lengthMap =
-        new HashMap<Integer,NamedCurve>();
-
-    private static Collection<? extends NamedCurve> specCollection;
-
-    static final String SPLIT_PATTERN = ",|\\[|\\]";
-
-    // Used by SunECEntries
-    static Collection<? extends NamedCurve>getSupportedCurves() {
-        return specCollection;
-    }
-
-    // Return a NamedCurve for the specified OID/name or null if unknown.
-    static NamedCurve lookup(String name) {
-        NamedCurve spec = oidMap.get(name);
-        if (spec != null) {
-            return spec;
-        }
-
-        return nameMap.get(name);
-    }
-
-    // Return EC parameters for the specified field size. If there are known
-    // NIST recommended parameters for the given length, they are returned.
-    // Otherwise, if there are multiple matches for the given size, an
-    // arbitrary one is returns.
-    // If no parameters are known, the method returns null.
-    // NOTE that this method returns both prime and binary curves.
-    static NamedCurve lookup(int length) {
-        return lengthMap.get(length);
-    }
-
-    // Convert the given ECParameterSpec object to a NamedCurve object.
-    // If params does not represent a known named curve, return null.
-    static NamedCurve lookup(ECParameterSpec params) {
-        if ((params instanceof NamedCurve) || (params == null)) {
-            return (NamedCurve)params;
-        }
-
-        // This is a hack to allow SunJSSE to work with 3rd party crypto
-        // providers for ECC and not just SunPKCS11.
-        // This can go away once we decide how to expose curve names in the
-        // public API.
-        // Note that it assumes that the 3rd party provider encodes named
-        // curves using the short form, not explicitly. If it did that, then
-        // the SunJSSE TLS ECC extensions are wrong, which could lead to
-        // interoperability problems.
-        int fieldSize = params.getCurve().getField().getFieldSize();
-        for (NamedCurve namedCurve : specCollection) {
-            // ECParameterSpec does not define equals, so check all the
-            // components ourselves.
-            // Quick field size check first
-            if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
-                continue;
-            }
-            if (namedCurve.getCurve().equals(params.getCurve()) == false) {
-                continue;
-            }
-            if (namedCurve.getGenerator().equals(params.getGenerator()) ==
-                    false) {
-                continue;
-            }
-            if (namedCurve.getOrder().equals(params.getOrder()) == false) {
-                continue;
-            }
-            if (namedCurve.getCofactor() != params.getCofactor()) {
-                continue;
-            }
-            // everything matches our named curve, return it
-            return namedCurve;
-        }
-        // no match found
-        return null;
-    }
-
-    private static BigInteger bi(String s) {
-        return new BigInteger(s, 16);
-    }
-
-    private static void add(String name, String soid, int type, String sfield,
-            String a, String b, String x, String y, String n, int h,
-            Pattern nameSplitPattern) {
-        BigInteger p = bi(sfield);
-        ECField field;
-        if ((type == P) || (type == PD)) {
-            field = new ECFieldFp(p);
-        } else if ((type == B) || (type == BD)) {
-            field = new ECFieldF2m(p.bitLength() - 1, p);
-        } else {
-            throw new RuntimeException("Invalid type: " + type);
-        }
-
-        EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
-        ECPoint g = new ECPoint(bi(x), bi(y));
-
-        NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
-        if (oidMap.put(soid, params) != null) {
-            throw new RuntimeException("Duplication oid: " + soid);
-        }
-
-        String[] commonNames = nameSplitPattern.split(name);
-        for (String commonName : commonNames) {
-            if (nameMap.put(commonName.trim(), params) != null) {
-                throw new RuntimeException("Duplication name: " + commonName);
-            }
-        }
-
-        int len = field.getFieldSize();
-        if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) {
-            // add entry if none present for this field size or if
-            // the curve is marked as a default curve.
-            lengthMap.put(len, params);
-        }
-    }
-
-    static {
-        Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
-
-        /* SEC2 prime curves */
-        add("secp112r1", "1.3.132.0.6", P,
-            "DB7C2ABF62E35E668076BEAD208B",
-            "DB7C2ABF62E35E668076BEAD2088",
-            "659EF8BA043916EEDE8911702B22",
-            "09487239995A5EE76B55F9C2F098",
-            "A89CE5AF8724C0A23E0E0FF77500",
-            "DB7C2ABF62E35E7628DFAC6561C5",
-            1, nameSplitPattern);
-
-        add("secp112r2", "1.3.132.0.7", P,
-            "DB7C2ABF62E35E668076BEAD208B",
-            "6127C24C05F38A0AAAF65C0EF02C",
-            "51DEF1815DB5ED74FCC34C85D709",
-            "4BA30AB5E892B4E1649DD0928643",
-            "adcd46f5882e3747def36e956e97",
-            "36DF0AAFD8B8D7597CA10520D04B",
-            4, nameSplitPattern);
-
-        add("secp128r1", "1.3.132.0.28", P,
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
-            "E87579C11079F43DD824993C2CEE5ED3",
-            "161FF7528B899B2D0C28607CA52C5B86",
-            "CF5AC8395BAFEB13C02DA292DDED7A83",
-            "FFFFFFFE0000000075A30D1B9038A115",
-            1, nameSplitPattern);
-
-        add("secp128r2", "1.3.132.0.29", P,
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-            "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
-            "5EEEFCA380D02919DC2C6558BB6D8A5D",
-            "7B6AA5D85E572983E6FB32A7CDEBC140",
-            "27B6916A894D3AEE7106FE805FC34B44",
-            "3FFFFFFF7FFFFFFFBE0024720613B5A3",
-            4, nameSplitPattern);
-
-        add("secp160k1", "1.3.132.0.9", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-            "0000000000000000000000000000000000000000",
-            "0000000000000000000000000000000000000007",
-            "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
-            "938CF935318FDCED6BC28286531733C3F03C4FEE",
-            "0100000000000000000001B8FA16DFAB9ACA16B6B3",
-            1, nameSplitPattern);
-
-        add("secp160r1", "1.3.132.0.8", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
-            "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
-            "4A96B5688EF573284664698968C38BB913CBFC82",
-            "23A628553168947D59DCC912042351377AC5FB32",
-            "0100000000000000000001F4C8F927AED3CA752257",
-            1, nameSplitPattern);
-
-        add("secp160r2", "1.3.132.0.30", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
-            "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
-            "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
-            "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
-            "0100000000000000000000351EE786A818F3A1A16B",
-            1, nameSplitPattern);
-
-        add("secp192k1", "1.3.132.0.31", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
-            "000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000003",
-            "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
-            "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
-            "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
-            1, nameSplitPattern);
-
-        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
-            "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
-            "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
-            "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
-            1, nameSplitPattern);
-
-        add("secp224k1", "1.3.132.0.32", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
-            "00000000000000000000000000000000000000000000000000000000",
-            "00000000000000000000000000000000000000000000000000000005",
-            "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
-            "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
-            "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
-            1, nameSplitPattern);
-
-        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-            "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-            "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-            "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
-            1, nameSplitPattern);
-
-        add("secp256k1", "1.3.132.0.10", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
-            "0000000000000000000000000000000000000000000000000000000000000000",
-            "0000000000000000000000000000000000000000000000000000000000000007",
-            "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
-            "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
-            1, nameSplitPattern);
-
-        add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
-            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
-            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
-            "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
-            "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
-            "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
-            "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
-            1, nameSplitPattern);
-
-        add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
-            "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
-            "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
-            "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
-            1, nameSplitPattern);
-
-        add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
-            "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
-            "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
-            "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
-            1, nameSplitPattern);
-
-        /* ANSI X9.62 prime curves */
-        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
-            "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
-            "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
-            "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
-            1, nameSplitPattern);
-
-        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
-            "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
-            "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
-            "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
-            "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
-            "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
-            "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
-            "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
-            "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
-            "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
-            "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
-            1, nameSplitPattern);
-
-        /* SEC2 binary curves */
-        add("sect113r1", "1.3.132.0.4", B,
-            "020000000000000000000000000201",
-            "003088250CA6E7C7FE649CE85820F7",
-            "00E8BEE4D3E2260744188BE0E9C723",
-            "009D73616F35F4AB1407D73562C10F",
-            "00A52830277958EE84D1315ED31886",
-            "0100000000000000D9CCEC8A39E56F",
-            2, nameSplitPattern);
-
-        add("sect113r2", "1.3.132.0.5", B,
-            "020000000000000000000000000201",
-            "00689918DBEC7E5A0DD6DFC0AA55C7",
-            "0095E9A9EC9B297BD4BF36E059184F",
-            "01A57A6A7B26CA5EF52FCDB8164797",
-            "00B3ADC94ED1FE674C06E695BABA1D",
-            "010000000000000108789B2496AF93",
-            2, nameSplitPattern);
-
-        add("sect131r1", "1.3.132.0.22", B,
-            "080000000000000000000000000000010D",
-            "07A11B09A76B562144418FF3FF8C2570B8",
-            "0217C05610884B63B9C6C7291678F9D341",
-            "0081BAF91FDF9833C40F9C181343638399",
-            "078C6E7EA38C001F73C8134B1B4EF9E150",
-            "0400000000000000023123953A9464B54D",
-            2, nameSplitPattern);
-
-        add("sect131r2", "1.3.132.0.23", B,
-            "080000000000000000000000000000010D",
-            "03E5A88919D7CAFCBF415F07C2176573B2",
-            "04B8266A46C55657AC734CE38F018F2192",
-            "0356DCD8F2F95031AD652D23951BB366A8",
-            "0648F06D867940A5366D9E265DE9EB240F",
-            "0400000000000000016954A233049BA98F",
-            2, nameSplitPattern);
-
-        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
-            "0800000000000000000000000000000000000000C9",
-            "000000000000000000000000000000000000000001",
-            "000000000000000000000000000000000000000001",
-            "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-            "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-            "04000000000000000000020108A2E0CC0D99F8A5EF",
-            2, nameSplitPattern);
-
-        add("sect163r1", "1.3.132.0.2", B,
-            "0800000000000000000000000000000000000000C9",
-            "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
-            "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
-            "0369979697AB43897789566789567F787A7876A654",
-            "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
-            "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
-            2, nameSplitPattern);
-
-        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
-            "0800000000000000000000000000000000000000C9",
-            "000000000000000000000000000000000000000001",
-            "020A601907B8C953CA1481EB10512F78744A3205FD",
-            "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-            "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-            "040000000000000000000292FE77E70C12A4234C33",
-            2, nameSplitPattern);
-
-        add("sect193r1", "1.3.132.0.24", B,
-            "02000000000000000000000000000000000000000000008001",
-            "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
-            "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
-            "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
-            "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
-            "01000000000000000000000000C7F34A778F443ACC920EBA49",
-            2, nameSplitPattern);
-
-        add("sect193r2", "1.3.132.0.25", B,
-            "02000000000000000000000000000000000000000000008001",
-            "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
-            "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
-            "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
-            "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
-            "010000000000000000000000015AAB561B005413CCD4EE99D5",
-            2, nameSplitPattern);
-
-        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
-            "020000000000000000000000000000000000000004000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-            "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-            "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-            4, nameSplitPattern);
-
-        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
-            "020000000000000000000000000000000000000004000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-            "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-            "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-            "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-            2, nameSplitPattern);
-
-        add("sect239k1", "1.3.132.0.3", B,
-            "800000000000000000004000000000000000000000000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
-            "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
-            "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
-            4, nameSplitPattern);
-
-        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-            "000000000000000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
-            "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-            4, nameSplitPattern);
-
-        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-            "000000000000000000000000000000000000000000000000000000000000000000000001",
-            "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
-            "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
-            "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-            2, nameSplitPattern);
-
-        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
-            "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
-            "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-            4, nameSplitPattern);
-
-        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
-            "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
-            "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
-            "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-            2, nameSplitPattern);
-
-        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
-            "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
-            "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-            4, nameSplitPattern);
-
-        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
-            "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
-            "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-            2, nameSplitPattern);
-
-        /* ANSI X9.62 binary curves */
-        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
-            "800000000000000000000000000000000000000000000201",
-            "2866537B676752636A68F56554E12640276B649EF7526267",
-            "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
-            "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
-            "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
-            "40000000000000000000000004A20E90C39067C893BBB9A5",
-            2, nameSplitPattern);
-
-        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
-            "800000000000000000000000000000000000000000000201",
-            "401028774D7777C7B7666D1366EA432071274F89FF01E718",
-            "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
-            "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
-            "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
-            "20000000000000000000000050508CB89F652824E06B8173",
-            4, nameSplitPattern);
-
-        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
-            "800000000000000000000000000000000000000000000201",
-            "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
-            "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
-            "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
-            "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
-            "155555555555555555555555610C0B196812BFB6288A3EA3",
-            6, nameSplitPattern);
-
-        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
-            "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
-            "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
-            "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
-            "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
-            4, nameSplitPattern);
-
-        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
-            "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
-            "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
-            "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
-            "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
-            6, nameSplitPattern);
-
-        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
-            "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
-            "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
-            "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
-            "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
-            0xA, nameSplitPattern);
-
-        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
-            "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
-            "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
-            "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
-            "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
-            "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
-            "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
-            0x4C, nameSplitPattern);
-
-        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
-            "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
-            "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
-            "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
-            "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
-            "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
-            "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
-            0x2760, nameSplitPattern);
-
-        /* ANSI X9.62 binary curves from the 1998 standard but forbidden
-         * in the 2005 version of the standard.
-         * We don't register them but leave them here for the time being in
-         * case we need to support them after all.
-         */
-/*
-        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
-            "080000000000000000000000000000000000000107",
-            "072546B5435234A422E0789675F432C89435DE5242",
-            "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
-            "07AF69989546103D79329FCC3D74880F33BBE803CB",
-            "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
-            "0400000000000000000001E60FC8821CC74DAEAFC1",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
-            "080000000000000000000000000000000000000107",
-            "0108B39E77C4B108BED981ED0E890E117C511CF072",
-            "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
-            "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
-            "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
-            "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
-            "080000000000000000000000000000000000000107",
-            "07A526C63D3E25A256A007699F5447E32AE456B50E",
-            "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
-            "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
-            "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
-            "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
-            "0100000000000000000000000000000000080000000007",
-            "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
-            "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
-            "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
-            "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
-            "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
-            0xFF6E, nameSplitPattern);
-
-        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
-            "010000000000000000000000000000000800000000000000000007",
-            "0000000000000000000000000000000000000000000000000000",
-            "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
-            "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
-            "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
-            "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
-            0xFE48, nameSplitPattern);
-
-        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
-            "010000000000000000000000000000000000000000000000000000010000000000000B",
-            "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
-            "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
-            "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
-            "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
-            "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
-            0xFF06, nameSplitPattern);
-
-        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
-            "010000000000000000000000000000000000000000000000000000000000000000000000000807",
-            "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
-            "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
-            "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
-            "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
-            "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
-            0xFE2E, nameSplitPattern);
-
-        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
-            "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
-            "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
-            "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
-            "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
-            "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
-            "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
-            0xFF70, nameSplitPattern);
-*/
-
-        specCollection = Collections.unmodifiableCollection(oidMap.values());
-    }
-}
--- a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java	Wed Jul 30 11:49:59 2014 -0700
@@ -32,11 +32,10 @@
 import java.security.spec.ECParameterSpec;
 import java.security.spec.ECPoint;
 
-import sun.security.ec.NamedCurve;
-import sun.security.ec.ECParameters;
 import sun.security.ec.ECPrivateKeyImpl;
 import sun.security.ec.ECPublicKeyImpl;
 import sun.security.jca.JCAUtil;
+import sun.security.util.ECParameters;
 import sun.security.util.ECUtil;
 
 /**
--- a/src/share/classes/sun/security/ec/ECParameters.java	Fri Jul 25 15:38:10 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.io.IOException;
-
-import java.security.*;
-import java.security.spec.*;
-
-import sun.security.util.*;
-
-/**
- * This class implements encoding and decoding of Elliptic Curve parameters
- * as specified in RFC 3279.
- *
- * However, only named curves are currently supported.
- *
- * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional
- * options.
- *
- * <pre>
- *    EcpkParameters ::= CHOICE {
- *      ecParameters  ECParameters,
- *      namedCurve    OBJECT IDENTIFIER,
- *      implicitlyCA  NULL }
- *
- *    ECParameters ::= SEQUENCE {
- *       version   ECPVer,          -- version is always 1
- *       fieldID   FieldID,         -- identifies the finite field over
- *                                  -- which the curve is defined
- *       curve     Curve,           -- coefficients a and b of the
- *                                  -- elliptic curve
- *       base      ECPoint,         -- specifies the base point P
- *                                  -- on the elliptic curve
- *       order     INTEGER,         -- the order n of the base point
- *       cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
- *       }
- *
- *    ECPVer ::= INTEGER {ecpVer1(1)}
- *
- *    Curve ::= SEQUENCE {
- *       a         FieldElement,
- *       b         FieldElement,
- *       seed      BIT STRING OPTIONAL }
- *
- *    FieldElement ::= OCTET STRING
- *
- *    ECPoint ::= OCTET STRING
- * </pre>
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-public final class ECParameters extends AlgorithmParametersSpi {
-
-    // used by ECPublicKeyImpl and ECPrivateKeyImpl
-    static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec)
-            throws InvalidKeyException {
-        try {
-            AlgorithmParameters params =
-                AlgorithmParameters.getInstance("EC", "SunEC");
-            params.init(spec);
-            return params;
-        } catch (GeneralSecurityException e) {
-            throw new InvalidKeyException("EC parameters error", e);
-        }
-    }
-
-    /*
-     * The parameters these AlgorithmParameters object represents.
-     * Currently, it is always an instance of NamedCurve.
-     */
-    private NamedCurve namedCurve;
-
-    // A public constructor is required by AlgorithmParameters class.
-    public ECParameters() {
-        // empty
-    }
-
-    // AlgorithmParameterSpi methods
-
-    protected void engineInit(AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException {
-
-        if (paramSpec == null) {
-            throw new InvalidParameterSpecException
-                ("paramSpec must not be null");
-        }
-
-        if (paramSpec instanceof NamedCurve) {
-            namedCurve = (NamedCurve)paramSpec;
-            return;
-        }
-
-        if (paramSpec instanceof ECParameterSpec) {
-            namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec);
-        } else if (paramSpec instanceof ECGenParameterSpec) {
-            String name = ((ECGenParameterSpec)paramSpec).getName();
-            namedCurve = CurveDB.lookup(name);
-        } else if (paramSpec instanceof ECKeySizeParameterSpec) {
-            int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize();
-            namedCurve = CurveDB.lookup(keySize);
-        } else {
-            throw new InvalidParameterSpecException
-                ("Only ECParameterSpec and ECGenParameterSpec supported");
-        }
-
-        if (namedCurve == null) {
-            throw new InvalidParameterSpecException(
-                "Not a supported curve: " + paramSpec);
-        }
-    }
-
-    protected void engineInit(byte[] params) throws IOException {
-        DerValue encodedParams = new DerValue(params);
-        if (encodedParams.tag == DerValue.tag_ObjectId) {
-            ObjectIdentifier oid = encodedParams.getOID();
-            NamedCurve spec = CurveDB.lookup(oid.toString());
-            if (spec == null) {
-                throw new IOException("Unknown named curve: " + oid);
-            }
-
-            namedCurve = spec;
-            return;
-        }
-
-        throw new IOException("Only named ECParameters supported");
-
-        // The code below is incomplete.
-        // It is left as a starting point for a complete parsing implementation.
-
-/*
-        if (encodedParams.tag != DerValue.tag_Sequence) {
-            throw new IOException("Unsupported EC parameters, tag: " +
-                encodedParams.tag);
-        }
-
-        encodedParams.data.reset();
-
-        DerInputStream in = encodedParams.data;
-
-        int version = in.getInteger();
-        if (version != 1) {
-            throw new IOException("Unsupported EC parameters version: " +
-               version);
-        }
-        ECField field = parseField(in);
-        EllipticCurve curve = parseCurve(in, field);
-        ECPoint point = parsePoint(in, curve);
-
-        BigInteger order = in.getBigInteger();
-        int cofactor = 0;
-
-        if (in.available() != 0) {
-            cofactor = in.getInteger();
-        }
-
-        // XXX HashAlgorithm optional
-
-        if (encodedParams.data.available() != 0) {
-            throw new IOException("encoded params have " +
-                                  encodedParams.data.available() +
-                                  " extra bytes");
-        }
-
-        return new ECParameterSpec(curve, point, order, cofactor);
-*/
-    }
-
-    protected void engineInit(byte[] params, String decodingMethod)
-            throws IOException {
-        engineInit(params);
-    }
-
-    protected <T extends AlgorithmParameterSpec> T
-            engineGetParameterSpec(Class<T> spec)
-            throws InvalidParameterSpecException {
-
-        if (spec.isAssignableFrom(ECParameterSpec.class)) {
-            return spec.cast(namedCurve);
-        }
-
-        if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
-            // Ensure the name is the Object ID
-            String name = namedCurve.getObjectId();
-            return spec.cast(new ECGenParameterSpec(name));
-        }
-
-        if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) {
-            int keySize = namedCurve.getCurve().getField().getFieldSize();
-            return spec.cast(new ECKeySizeParameterSpec(keySize));
-        }
-
-        throw new InvalidParameterSpecException(
-            "Only ECParameterSpec and ECGenParameterSpec supported");
-    }
-
-    protected byte[] engineGetEncoded() throws IOException {
-        return namedCurve.getEncoded();
-    }
-
-    protected byte[] engineGetEncoded(String encodingMethod)
-            throws IOException {
-        return engineGetEncoded();
-    }
-
-    protected String engineToString() {
-        if (namedCurve == null) {
-            return "Not initialized";
-        }
-
-        return namedCurve.toString();
-    }
-}
-
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Wed Jul 30 11:49:59 2014 -0700
@@ -32,7 +32,11 @@
 import java.security.interfaces.*;
 import java.security.spec.*;
 
-import sun.security.util.*;
+import sun.security.util.DerInputStream;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.util.ECParameters;
+import sun.security.util.ECUtil;
 import sun.security.x509.AlgorithmId;
 import sun.security.pkcs.PKCS8Key;
 
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,7 +31,9 @@
 import java.security.interfaces.*;
 import java.security.spec.*;
 
-import sun.security.util.*;
+import sun.security.util.ECParameters;
+import sun.security.util.ECUtil;
+
 import sun.security.x509.*;
 
 /**
--- a/src/share/classes/sun/security/ec/NamedCurve.java	Fri Jul 25 15:38:10 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import java.security.spec.*;
-
-import sun.security.util.DerOutputStream;
-import sun.security.util.ObjectIdentifier;
-
-
-/**
- * Contains Elliptic Curve parameters.
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-class NamedCurve extends ECParameterSpec {
-
-    // friendly name for toString() output
-    private final String name;
-
-    // well known OID
-    private final String oid;
-
-    // encoded form (as NamedCurve identified via OID)
-    private final byte[] encoded;
-
-    NamedCurve(String name, String oid, EllipticCurve curve,
-            ECPoint g, BigInteger n, int h) {
-        super(curve, g, n, h);
-        this.name = name;
-        this.oid = oid;
-
-        DerOutputStream out = new DerOutputStream();
-
-        try {
-            out.putOID(new ObjectIdentifier(oid));
-        } catch (IOException e) {
-            throw new RuntimeException("Internal error", e);
-        }
-
-        encoded = out.toByteArray();
-    }
-
-    String getName() {
-        return name;
-    }
-
-    byte[] getEncoded() {
-        return encoded.clone();
-    }
-
-    String getObjectId() {
-        return oid;
-    }
-
-    public String toString() {
-        return name + " (" + oid + ")";
-    }
-}
--- a/src/share/classes/sun/security/ec/SunECEntries.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/ec/SunECEntries.java	Wed Jul 30 11:49:59 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@
 import java.util.Map;
 
 import java.util.regex.Pattern;
+import sun.security.util.CurveDB;
+import sun.security.util.NamedCurve;
 
 /**
  * Defines the entries of the SunEC provider.
@@ -55,7 +57,7 @@
         /*
          * Algorithm Parameter engine
          */
-        map.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters");
+        map.put("AlgorithmParameters.EC", "sun.security.util.ECParameters");
         map.put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC");
         map.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC");
 
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Wed Jul 30 11:49:59 2014 -0700
@@ -40,11 +40,13 @@
 import java.security.AccessController;
 import java.security.AccessControlContext;
 import java.security.Key;
+import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-import javax.crypto.Cipher;
 import javax.security.auth.Subject;
-import javax.security.auth.kerberos.*;
+import javax.security.auth.kerberos.ServicePermission;
+import javax.security.auth.kerberos.KerberosCredMessage;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
 import sun.security.krb5.internal.Ticket;
 
 /**
@@ -118,6 +120,7 @@
 
     // XXX See if the required info from these can be extracted and
     // stored elsewhere
+    private Credentials tgt;
     private Credentials serviceCreds;
     private KrbApReq apReq;
     Ticket serviceTicket;
@@ -616,7 +619,6 @@
                                            "No TGT available");
                     }
                     myName = (Krb5NameElement) myCred.getName();
-                    Credentials tgt;
                     final Krb5ProxyCredential second;
                     if (myCred instanceof Krb5InitCredential) {
                         second = null;
@@ -750,7 +752,6 @@
                     // No need to write anything;
                     // just validate the incoming token
                     new AcceptSecContextToken(this, serviceCreds, apReq, is);
-                    serviceCreds = null;
                     apReq = null;
                     state = STATE_DONE;
                 } else {
@@ -1304,6 +1305,9 @@
     public final void dispose() throws GSSException {
         state = STATE_DELETED;
         delegatedCred = null;
+        tgt = null;
+        serviceCreds = null;
+        key = null;
     }
 
     public final Provider getProvider() {
@@ -1424,6 +1428,9 @@
         switch (type) {
             case KRB5_GET_SESSION_KEY:
                 return new KerberosSessionKey(key);
+            case KRB5_GET_SESSION_KEY_EX:
+                return new javax.security.auth.kerberos.EncryptionKey(
+                        key.getBytes(), key.getEType());
             case KRB5_GET_TKT_FLAGS:
                 return tktFlags.clone();
             case KRB5_GET_AUTHZ_DATA:
@@ -1435,6 +1442,26 @@
                 }
             case KRB5_GET_AUTHTIME:
                 return authTime;
+            case KRB5_GET_KRB_CRED:
+                if (!isInitiator()) {
+                    throw new GSSException(GSSException.UNAVAILABLE, -1,
+                            "KRB_CRED not available on acceptor side.");
+                }
+                KerberosPrincipal sender = new KerberosPrincipal(
+                        myName.getKrb5PrincipalName().getName());
+                KerberosPrincipal recipient = new KerberosPrincipal(
+                        peerName.getKrb5PrincipalName().getName());
+                try {
+                    byte[] krbCred = new KrbCred(tgt, serviceCreds, key)
+                            .getMessage();
+                    return new KerberosCredMessage(
+                            sender, recipient, krbCred);
+                } catch (KrbException | IOException e) {
+                    GSSException gsse = new GSSException(GSSException.UNAVAILABLE, -1,
+                            "KRB_CRED not generated correctly.");
+                    gsse.initCause(e);
+                    throw gsse;
+                }
         }
         throw new GSSException(GSSException.UNAVAILABLE, -1,
                 "Inquire type not supported.");
@@ -1456,4 +1483,5 @@
     public void setAuthzData(com.sun.security.jgss.AuthorizationDataEntry[] authzData) {
         this.authzData = authzData;
     }
+
 }
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Wed Jul 30 11:49:59 2014 -0700
@@ -29,8 +29,8 @@
 import sun.security.jgss.GSSCaller;
 import sun.security.jgss.spi.*;
 import sun.security.krb5.*;
-import sun.security.krb5.Config;
-import javax.security.auth.kerberos.*;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.kerberos.KerberosPrincipal;
 import java.net.InetAddress;
 import java.io.IOException;
 import java.util.Date;
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Wed Jul 30 11:49:59 2014 -0700
@@ -523,13 +523,6 @@
                     valid = false;
                 }
 
-                // get the mechanism token
-                byte[] mechToken = initToken.getMechToken();
-                if (mechToken == null) {
-                    throw new GSSException(GSSException.FAILURE, -1,
-                            "mechToken is missing");
-                }
-
                 /*
                  * Select the best match between the list of mechs
                  * that the initiator requested and the list that
@@ -545,7 +538,19 @@
                 internal_mech = mech_wanted;
 
                 // get the token for mechanism
-                byte[] accept_token = GSS_acceptSecContext(mechToken);
+                byte[] accept_token;
+
+                if (mechList[0].equals(mech_wanted)) {
+                    // get the mechanism token
+                    byte[] mechToken = initToken.getMechToken();
+                    if (mechToken == null) {
+                        throw new GSSException(GSSException.FAILURE, -1,
+                                "mechToken is missing");
+                    }
+                    accept_token = GSS_acceptSecContext(mechToken);
+                } else {
+                    accept_token = null;
+                }
 
                 // verify MIC
                 if (!GSSUtil.useMSInterop() && valid) {
@@ -594,9 +599,27 @@
                 retVal = targToken.getEncoded();
 
             } else if (state == STATE_IN_PROCESS) {
+                // read data
+                byte[] token = new byte[is.available()];
+                SpNegoToken.readFully(is, token);
+                if (DEBUG) {
+                    System.out.println("SpNegoContext.acceptSecContext: " +
+                            "receiving token = " +
+                            SpNegoToken.getHexBytes(token));
+                }
+
+                // read the SPNEGO token
+                // token will be validated when parsing
+                NegTokenTarg inputToken = new NegTokenTarg(token);
+
+                if (DEBUG) {
+                    System.out.println("SpNegoContext.acceptSecContext: " +
+                            "received token of type = " +
+                            SpNegoToken.getTokenName(inputToken.getType()));
+                }
+
                 // read the token
-                byte[] client_token = new byte[is.available()];
-                SpNegoToken.readFully(is, client_token);
+                byte[] client_token = inputToken.getResponseToken();
                 byte[] accept_token = GSS_acceptSecContext(client_token);
                 if (accept_token == null) {
                     valid = false;
@@ -1055,7 +1078,7 @@
      * This is only valid on the acceptor side of the context.
      * @return GSSCredentialSpi object for the delegated credential
      * @exception GSSException
-     * @see GSSContext#getDelegCredState
+     * @see GSSContext#getCredDelegState
      */
     public final GSSCredentialSpi getDelegCred() throws GSSException {
         if (state != STATE_IN_PROCESS && state != STATE_DONE)
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Wed Jul 30 11:49:59 2014 -0700
@@ -67,8 +67,6 @@
 import sun.security.util.DerValue;
 import sun.security.util.ECUtil;
 
-import sun.security.ec.ECParameters;
-
 import sun.security.pkcs11.Secmod.*;
 import static sun.security.pkcs11.P11Util.*;
 
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Wed Jul 30 11:49:59 2014 -0700
@@ -593,7 +593,7 @@
 
         // AlgorithmParameters for EC.
         // Only needed until we have an EC implementation in the SUN provider.
-        d(AGP, "EC",            "sun.security.ec.ECParameters",
+        d(AGP, "EC",            "sun.security.util.ECParameters",
                                                 s("1.2.840.10045.2.1"),
                 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
                     CKM_ECDSA, CKM_ECDSA_SHA1));
@@ -1032,7 +1032,7 @@
             } else if (type == KS) {
                 return token.getKeyStore();
             } else if (type == AGP) {
-                return new sun.security.ec.ECParameters();
+                return new sun.security.util.ECParameters();
             } else {
                 throw new NoSuchAlgorithmException("Unknown type: " + type);
             }
--- a/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java	Wed Jul 30 11:49:59 2014 -0700
@@ -176,7 +176,7 @@
     private final static int ARBITRARY_PRIME = 0xff01;
     private final static int ARBITRARY_CHAR2 = 0xff02;
 
-    // See sun.security.ec.NamedCurve for the OIDs
+    // See sun.security.util.NamedCurve for the OIDs
     private final static String[] NAMED_CURVE_OID_TABLE = new String[] {
         null,                   //  (0) unused
         "1.3.132.0.1",          //  (1) sect163k1, NIST K-163
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/CurveDB.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,669 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+import java.util.*;
+import java.util.regex.Pattern;
+
+/**
+ * Repository for well-known Elliptic Curve parameters. It is used by both
+ * the SunPKCS11 and SunJSSE code.
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public class CurveDB {
+    private final static int P  = 1; // prime curve
+    private final static int B  = 2; // binary curve
+    private final static int PD = 5; // prime curve, mark as default
+    private final static int BD = 6; // binary curve, mark as default
+
+    private static final Map<String,NamedCurve> oidMap =
+        new LinkedHashMap<String,NamedCurve>();
+    private static final Map<String,NamedCurve> nameMap =
+        new HashMap<String,NamedCurve>();
+    private static final Map<Integer,NamedCurve> lengthMap =
+        new HashMap<Integer,NamedCurve>();
+
+    private static Collection<? extends NamedCurve> specCollection;
+
+    public static final String SPLIT_PATTERN = ",|\\[|\\]";
+
+    // Used by SunECEntries
+    public static Collection<? extends NamedCurve>getSupportedCurves() {
+        return specCollection;
+    }
+
+    // Return a NamedCurve for the specified OID/name or null if unknown.
+    static NamedCurve lookup(String name) {
+        NamedCurve spec = oidMap.get(name);
+        if (spec != null) {
+            return spec;
+        }
+
+        return nameMap.get(name);
+    }
+
+    // Return EC parameters for the specified field size. If there are known
+    // NIST recommended parameters for the given length, they are returned.
+    // Otherwise, if there are multiple matches for the given size, an
+    // arbitrary one is returns.
+    // If no parameters are known, the method returns null.
+    // NOTE that this method returns both prime and binary curves.
+    static NamedCurve lookup(int length) {
+        return lengthMap.get(length);
+    }
+
+    // Convert the given ECParameterSpec object to a NamedCurve object.
+    // If params does not represent a known named curve, return null.
+    static NamedCurve lookup(ECParameterSpec params) {
+        if ((params instanceof NamedCurve) || (params == null)) {
+            return (NamedCurve)params;
+        }
+
+        // This is a hack to allow SunJSSE to work with 3rd party crypto
+        // providers for ECC and not just SunPKCS11.
+        // This can go away once we decide how to expose curve names in the
+        // public API.
+        // Note that it assumes that the 3rd party provider encodes named
+        // curves using the short form, not explicitly. If it did that, then
+        // the SunJSSE TLS ECC extensions are wrong, which could lead to
+        // interoperability problems.
+        int fieldSize = params.getCurve().getField().getFieldSize();
+        for (NamedCurve namedCurve : specCollection) {
+            // ECParameterSpec does not define equals, so check all the
+            // components ourselves.
+            // Quick field size check first
+            if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
+                continue;
+            }
+            if (namedCurve.getCurve().equals(params.getCurve()) == false) {
+                continue;
+            }
+            if (namedCurve.getGenerator().equals(params.getGenerator()) ==
+                    false) {
+                continue;
+            }
+            if (namedCurve.getOrder().equals(params.getOrder()) == false) {
+                continue;
+            }
+            if (namedCurve.getCofactor() != params.getCofactor()) {
+                continue;
+            }
+            // everything matches our named curve, return it
+            return namedCurve;
+        }
+        // no match found
+        return null;
+    }
+
+    private static BigInteger bi(String s) {
+        return new BigInteger(s, 16);
+    }
+
+    private static void add(String name, String soid, int type, String sfield,
+            String a, String b, String x, String y, String n, int h,
+            Pattern nameSplitPattern) {
+        BigInteger p = bi(sfield);
+        ECField field;
+        if ((type == P) || (type == PD)) {
+            field = new ECFieldFp(p);
+        } else if ((type == B) || (type == BD)) {
+            field = new ECFieldF2m(p.bitLength() - 1, p);
+        } else {
+            throw new RuntimeException("Invalid type: " + type);
+        }
+
+        EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
+        ECPoint g = new ECPoint(bi(x), bi(y));
+
+        NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
+        if (oidMap.put(soid, params) != null) {
+            throw new RuntimeException("Duplication oid: " + soid);
+        }
+
+        String[] commonNames = nameSplitPattern.split(name);
+        for (String commonName : commonNames) {
+            if (nameMap.put(commonName.trim(), params) != null) {
+                throw new RuntimeException("Duplication name: " + commonName);
+            }
+        }
+
+        int len = field.getFieldSize();
+        if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) {
+            // add entry if none present for this field size or if
+            // the curve is marked as a default curve.
+            lengthMap.put(len, params);
+        }
+    }
+
+    static {
+        Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
+
+        /* SEC2 prime curves */
+        add("secp112r1", "1.3.132.0.6", P,
+            "DB7C2ABF62E35E668076BEAD208B",
+            "DB7C2ABF62E35E668076BEAD2088",
+            "659EF8BA043916EEDE8911702B22",
+            "09487239995A5EE76B55F9C2F098",
+            "A89CE5AF8724C0A23E0E0FF77500",
+            "DB7C2ABF62E35E7628DFAC6561C5",
+            1, nameSplitPattern);
+
+        add("secp112r2", "1.3.132.0.7", P,
+            "DB7C2ABF62E35E668076BEAD208B",
+            "6127C24C05F38A0AAAF65C0EF02C",
+            "51DEF1815DB5ED74FCC34C85D709",
+            "4BA30AB5E892B4E1649DD0928643",
+            "adcd46f5882e3747def36e956e97",
+            "36DF0AAFD8B8D7597CA10520D04B",
+            4, nameSplitPattern);
+
+        add("secp128r1", "1.3.132.0.28", P,
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+            "E87579C11079F43DD824993C2CEE5ED3",
+            "161FF7528B899B2D0C28607CA52C5B86",
+            "CF5AC8395BAFEB13C02DA292DDED7A83",
+            "FFFFFFFE0000000075A30D1B9038A115",
+            1, nameSplitPattern);
+
+        add("secp128r2", "1.3.132.0.29", P,
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+            "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+            "5EEEFCA380D02919DC2C6558BB6D8A5D",
+            "7B6AA5D85E572983E6FB32A7CDEBC140",
+            "27B6916A894D3AEE7106FE805FC34B44",
+            "3FFFFFFF7FFFFFFFBE0024720613B5A3",
+            4, nameSplitPattern);
+
+        add("secp160k1", "1.3.132.0.9", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+            "0000000000000000000000000000000000000000",
+            "0000000000000000000000000000000000000007",
+            "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+            "938CF935318FDCED6BC28286531733C3F03C4FEE",
+            "0100000000000000000001B8FA16DFAB9ACA16B6B3",
+            1, nameSplitPattern);
+
+        add("secp160r1", "1.3.132.0.8", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+            "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+            "4A96B5688EF573284664698968C38BB913CBFC82",
+            "23A628553168947D59DCC912042351377AC5FB32",
+            "0100000000000000000001F4C8F927AED3CA752257",
+            1, nameSplitPattern);
+
+        add("secp160r2", "1.3.132.0.30", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+            "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+            "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+            "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
+            "0100000000000000000000351EE786A818F3A1A16B",
+            1, nameSplitPattern);
+
+        add("secp192k1", "1.3.132.0.31", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+            "000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000003",
+            "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+            "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
+            "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
+            1, nameSplitPattern);
+
+        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+            "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+            "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
+            "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+            1, nameSplitPattern);
+
+        add("secp224k1", "1.3.132.0.32", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+            "00000000000000000000000000000000000000000000000000000000",
+            "00000000000000000000000000000000000000000000000000000005",
+            "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+            "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
+            "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
+            1, nameSplitPattern);
+
+        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+            "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+            "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+            "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+            1, nameSplitPattern);
+
+        add("secp256k1", "1.3.132.0.10", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+            "0000000000000000000000000000000000000000000000000000000000000000",
+            "0000000000000000000000000000000000000000000000000000000000000007",
+            "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+            "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
+            1, nameSplitPattern);
+
+        add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
+            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+            "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+            "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+            "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+            "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+            1, nameSplitPattern);
+
+        add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+            "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+            "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+            "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+            1, nameSplitPattern);
+
+        add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+            "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+            "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+            "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+            1, nameSplitPattern);
+
+        /* ANSI X9.62 prime curves */
+        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+            "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+            "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
+            "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
+            1, nameSplitPattern);
+
+        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+            "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+            "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
+            "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+            "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+            "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+            "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+            "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
+            "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+            "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+            "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
+            1, nameSplitPattern);
+
+        /* SEC2 binary curves */
+        add("sect113r1", "1.3.132.0.4", B,
+            "020000000000000000000000000201",
+            "003088250CA6E7C7FE649CE85820F7",
+            "00E8BEE4D3E2260744188BE0E9C723",
+            "009D73616F35F4AB1407D73562C10F",
+            "00A52830277958EE84D1315ED31886",
+            "0100000000000000D9CCEC8A39E56F",
+            2, nameSplitPattern);
+
+        add("sect113r2", "1.3.132.0.5", B,
+            "020000000000000000000000000201",
+            "00689918DBEC7E5A0DD6DFC0AA55C7",
+            "0095E9A9EC9B297BD4BF36E059184F",
+            "01A57A6A7B26CA5EF52FCDB8164797",
+            "00B3ADC94ED1FE674C06E695BABA1D",
+            "010000000000000108789B2496AF93",
+            2, nameSplitPattern);
+
+        add("sect131r1", "1.3.132.0.22", B,
+            "080000000000000000000000000000010D",
+            "07A11B09A76B562144418FF3FF8C2570B8",
+            "0217C05610884B63B9C6C7291678F9D341",
+            "0081BAF91FDF9833C40F9C181343638399",
+            "078C6E7EA38C001F73C8134B1B4EF9E150",
+            "0400000000000000023123953A9464B54D",
+            2, nameSplitPattern);
+
+        add("sect131r2", "1.3.132.0.23", B,
+            "080000000000000000000000000000010D",
+            "03E5A88919D7CAFCBF415F07C2176573B2",
+            "04B8266A46C55657AC734CE38F018F2192",
+            "0356DCD8F2F95031AD652D23951BB366A8",
+            "0648F06D867940A5366D9E265DE9EB240F",
+            "0400000000000000016954A233049BA98F",
+            2, nameSplitPattern);
+
+        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
+            "0800000000000000000000000000000000000000C9",
+            "000000000000000000000000000000000000000001",
+            "000000000000000000000000000000000000000001",
+            "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+            "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+            "04000000000000000000020108A2E0CC0D99F8A5EF",
+            2, nameSplitPattern);
+
+        add("sect163r1", "1.3.132.0.2", B,
+            "0800000000000000000000000000000000000000C9",
+            "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+            "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+            "0369979697AB43897789566789567F787A7876A654",
+            "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+            "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
+            2, nameSplitPattern);
+
+        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
+            "0800000000000000000000000000000000000000C9",
+            "000000000000000000000000000000000000000001",
+            "020A601907B8C953CA1481EB10512F78744A3205FD",
+            "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+            "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+            "040000000000000000000292FE77E70C12A4234C33",
+            2, nameSplitPattern);
+
+        add("sect193r1", "1.3.132.0.24", B,
+            "02000000000000000000000000000000000000000000008001",
+            "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+            "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+            "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+            "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+            "01000000000000000000000000C7F34A778F443ACC920EBA49",
+            2, nameSplitPattern);
+
+        add("sect193r2", "1.3.132.0.25", B,
+            "02000000000000000000000000000000000000000000008001",
+            "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+            "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+            "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+            "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+            "010000000000000000000000015AAB561B005413CCD4EE99D5",
+            2, nameSplitPattern);
+
+        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
+            "020000000000000000000000000000000000000004000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+            "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+            "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+            4, nameSplitPattern);
+
+        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
+            "020000000000000000000000000000000000000004000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+            "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+            "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+            "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+            2, nameSplitPattern);
+
+        add("sect239k1", "1.3.132.0.3", B,
+            "800000000000000000004000000000000000000000000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+            "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+            "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
+            4, nameSplitPattern);
+
+        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
+            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+            "000000000000000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+            "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+            4, nameSplitPattern);
+
+        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
+            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+            "000000000000000000000000000000000000000000000000000000000000000000000001",
+            "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+            "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+            "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+            2, nameSplitPattern);
+
+        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
+            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+            "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+            "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+            4, nameSplitPattern);
+
+        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
+            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+            "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+            "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+            "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+            2, nameSplitPattern);
+
+        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
+            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+            "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+            "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+            4, nameSplitPattern);
+
+        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
+            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+            "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+            "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+            2, nameSplitPattern);
+
+        /* ANSI X9.62 binary curves */
+        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
+            "800000000000000000000000000000000000000000000201",
+            "2866537B676752636A68F56554E12640276B649EF7526267",
+            "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+            "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+            "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+            "40000000000000000000000004A20E90C39067C893BBB9A5",
+            2, nameSplitPattern);
+
+        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
+            "800000000000000000000000000000000000000000000201",
+            "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+            "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+            "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+            "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+            "20000000000000000000000050508CB89F652824E06B8173",
+            4, nameSplitPattern);
+
+        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
+            "800000000000000000000000000000000000000000000201",
+            "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+            "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+            "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+            "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+            "155555555555555555555555610C0B196812BFB6288A3EA3",
+            6, nameSplitPattern);
+
+        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+            "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+            "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+            "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+            "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
+            4, nameSplitPattern);
+
+        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+            "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+            "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+            "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+            "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
+            6, nameSplitPattern);
+
+        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+            "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+            "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+            "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+            "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
+            0xA, nameSplitPattern);
+
+        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
+            "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+            "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
+            "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
+            "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
+            "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
+            "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
+            0x4C, nameSplitPattern);
+
+        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
+            "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+            "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
+            "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
+            "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+            "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+            "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
+            0x2760, nameSplitPattern);
+
+        /* ANSI X9.62 binary curves from the 1998 standard but forbidden
+         * in the 2005 version of the standard.
+         * We don't register them but leave them here for the time being in
+         * case we need to support them after all.
+         */
+/*
+        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
+            "080000000000000000000000000000000000000107",
+            "072546B5435234A422E0789675F432C89435DE5242",
+            "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+            "07AF69989546103D79329FCC3D74880F33BBE803CB",
+            "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+            "0400000000000000000001E60FC8821CC74DAEAFC1",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
+            "080000000000000000000000000000000000000107",
+            "0108B39E77C4B108BED981ED0E890E117C511CF072",
+            "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+            "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+            "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+            "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
+            "080000000000000000000000000000000000000107",
+            "07A526C63D3E25A256A007699F5447E32AE456B50E",
+            "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+            "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+            "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+            "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
+            "0100000000000000000000000000000000080000000007",
+            "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+            "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+            "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+            "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+            "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
+            0xFF6E, nameSplitPattern);
+
+        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
+            "010000000000000000000000000000000800000000000000000007",
+            "0000000000000000000000000000000000000000000000000000",
+            "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+            "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+            "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+            "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
+            0xFE48, nameSplitPattern);
+
+        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
+            "010000000000000000000000000000000000000000000000000000010000000000000B",
+            "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+            "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+            "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+            "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+            "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+            0xFF06, nameSplitPattern);
+
+        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
+            "010000000000000000000000000000000000000000000000000000000000000000000000000807",
+            "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
+            "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
+            "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
+            "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
+            "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
+            0xFE2E, nameSplitPattern);
+
+        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
+            "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
+            "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
+            "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
+            "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
+            "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
+            "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
+            0xFF70, nameSplitPattern);
+*/
+
+        specCollection = Collections.unmodifiableCollection(oidMap.values());
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/ECParameters.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.IOException;
+
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This class implements encoding and decoding of Elliptic Curve parameters
+ * as specified in RFC 3279.
+ *
+ * However, only named curves are currently supported.
+ *
+ * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional
+ * options.
+ *
+ * <pre>
+ *    EcpkParameters ::= CHOICE {
+ *      ecParameters  ECParameters,
+ *      namedCurve    OBJECT IDENTIFIER,
+ *      implicitlyCA  NULL }
+ *
+ *    ECParameters ::= SEQUENCE {
+ *       version   ECPVer,          -- version is always 1
+ *       fieldID   FieldID,         -- identifies the finite field over
+ *                                  -- which the curve is defined
+ *       curve     Curve,           -- coefficients a and b of the
+ *                                  -- elliptic curve
+ *       base      ECPoint,         -- specifies the base point P
+ *                                  -- on the elliptic curve
+ *       order     INTEGER,         -- the order n of the base point
+ *       cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
+ *       }
+ *
+ *    ECPVer ::= INTEGER {ecpVer1(1)}
+ *
+ *    Curve ::= SEQUENCE {
+ *       a         FieldElement,
+ *       b         FieldElement,
+ *       seed      BIT STRING OPTIONAL }
+ *
+ *    FieldElement ::= OCTET STRING
+ *
+ *    ECPoint ::= OCTET STRING
+ * </pre>
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public final class ECParameters extends AlgorithmParametersSpi {
+
+    // used by ECPublicKeyImpl and ECPrivateKeyImpl
+    public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec)
+            throws InvalidKeyException {
+        try {
+            AlgorithmParameters params =
+                AlgorithmParameters.getInstance("EC", "SunEC");
+            params.init(spec);
+            return params;
+        } catch (GeneralSecurityException e) {
+            throw new InvalidKeyException("EC parameters error", e);
+        }
+    }
+
+    /*
+     * The parameters these AlgorithmParameters object represents.
+     * Currently, it is always an instance of NamedCurve.
+     */
+    private NamedCurve namedCurve;
+
+    // A public constructor is required by AlgorithmParameters class.
+    public ECParameters() {
+        // empty
+    }
+
+    // AlgorithmParameterSpi methods
+
+    protected void engineInit(AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException {
+
+        if (paramSpec == null) {
+            throw new InvalidParameterSpecException
+                ("paramSpec must not be null");
+        }
+
+        if (paramSpec instanceof NamedCurve) {
+            namedCurve = (NamedCurve)paramSpec;
+            return;
+        }
+
+        if (paramSpec instanceof ECParameterSpec) {
+            namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec);
+        } else if (paramSpec instanceof ECGenParameterSpec) {
+            String name = ((ECGenParameterSpec)paramSpec).getName();
+            namedCurve = CurveDB.lookup(name);
+        } else if (paramSpec instanceof ECKeySizeParameterSpec) {
+            int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize();
+            namedCurve = CurveDB.lookup(keySize);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Only ECParameterSpec and ECGenParameterSpec supported");
+        }
+
+        if (namedCurve == null) {
+            throw new InvalidParameterSpecException(
+                "Not a supported curve: " + paramSpec);
+        }
+    }
+
+    protected void engineInit(byte[] params) throws IOException {
+        DerValue encodedParams = new DerValue(params);
+        if (encodedParams.tag == DerValue.tag_ObjectId) {
+            ObjectIdentifier oid = encodedParams.getOID();
+            NamedCurve spec = CurveDB.lookup(oid.toString());
+            if (spec == null) {
+                throw new IOException("Unknown named curve: " + oid);
+            }
+
+            namedCurve = spec;
+            return;
+        }
+
+        throw new IOException("Only named ECParameters supported");
+
+        // The code below is incomplete.
+        // It is left as a starting point for a complete parsing implementation.
+
+/*
+        if (encodedParams.tag != DerValue.tag_Sequence) {
+            throw new IOException("Unsupported EC parameters, tag: " +
+                encodedParams.tag);
+        }
+
+        encodedParams.data.reset();
+
+        DerInputStream in = encodedParams.data;
+
+        int version = in.getInteger();
+        if (version != 1) {
+            throw new IOException("Unsupported EC parameters version: " +
+               version);
+        }
+        ECField field = parseField(in);
+        EllipticCurve curve = parseCurve(in, field);
+        ECPoint point = parsePoint(in, curve);
+
+        BigInteger order = in.getBigInteger();
+        int cofactor = 0;
+
+        if (in.available() != 0) {
+            cofactor = in.getInteger();
+        }
+
+        // XXX HashAlgorithm optional
+
+        if (encodedParams.data.available() != 0) {
+            throw new IOException("encoded params have " +
+                                  encodedParams.data.available() +
+                                  " extra bytes");
+        }
+
+        return new ECParameterSpec(curve, point, order, cofactor);
+*/
+    }
+
+    protected void engineInit(byte[] params, String decodingMethod)
+            throws IOException {
+        engineInit(params);
+    }
+
+    protected <T extends AlgorithmParameterSpec> T
+            engineGetParameterSpec(Class<T> spec)
+            throws InvalidParameterSpecException {
+
+        if (spec.isAssignableFrom(ECParameterSpec.class)) {
+            return spec.cast(namedCurve);
+        }
+
+        if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
+            // Ensure the name is the Object ID
+            String name = namedCurve.getObjectId();
+            return spec.cast(new ECGenParameterSpec(name));
+        }
+
+        if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) {
+            int keySize = namedCurve.getCurve().getField().getFieldSize();
+            return spec.cast(new ECKeySizeParameterSpec(keySize));
+        }
+
+        throw new InvalidParameterSpecException(
+            "Only ECParameterSpec and ECGenParameterSpec supported");
+    }
+
+    protected byte[] engineGetEncoded() throws IOException {
+        return namedCurve.getEncoded();
+    }
+
+    protected byte[] engineGetEncoded(String encodingMethod)
+            throws IOException {
+        return engineGetEncoded();
+    }
+
+    protected String engineToString() {
+        if (namedCurve == null) {
+            return "Not initialized";
+        }
+
+        return namedCurve.toString();
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/NamedCurve.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+
+/**
+ * Contains Elliptic Curve parameters.
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public final class NamedCurve extends ECParameterSpec {
+
+    // friendly name for toString() output
+    private final String name;
+
+    // well known OID
+    private final String oid;
+
+    // encoded form (as NamedCurve identified via OID)
+    private final byte[] encoded;
+
+    NamedCurve(String name, String oid, EllipticCurve curve,
+            ECPoint g, BigInteger n, int h) {
+        super(curve, g, n, h);
+        this.name = name;
+        this.oid = oid;
+
+        DerOutputStream out = new DerOutputStream();
+
+        try {
+            out.putOID(new ObjectIdentifier(oid));
+        } catch (IOException e) {
+            throw new RuntimeException("Internal error", e);
+        }
+
+        encoded = out.toByteArray();
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public byte[] getEncoded() {
+        return encoded.clone();
+    }
+
+    public String getObjectId() {
+        return oid;
+    }
+
+    public String toString() {
+        return name + " (" + oid + ")";
+    }
+}
--- a/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c	Fri Jul 25 15:38:10 2014 -0700
+++ b/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c	Wed Jul 30 11:49:59 2014 -0700
@@ -388,6 +388,7 @@
     if (argsLen > 0) {
         if (argsLen > MAX_ARGS) {
             JNU_ThrowInternalError(env, "Too many arguments");
+            return;
         }
         for (i=0; i<argsLen; i++) {
             jobject obj = (*env)->GetObjectArrayElement(env, args, i);
@@ -423,6 +424,8 @@
     stubLen = (DWORD)(*env)->GetArrayLength(env, stub);
     stubCode = (*env)->GetByteArrayElements(env, stub, &isCopy);
 
+    if ((*env)->ExceptionOccurred(env)) return;
+
     pCode = (PDWORD) VirtualAllocEx( hProcess, 0, stubLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
     if (pCode == NULL) {
         JNU_ThrowIOExceptionWithLastError(env, "VirtualAllocEx failed");
@@ -592,6 +595,8 @@
         cstr[0] = '\0';
     } else {
         str = JNU_GetStringPlatformChars(env, jstr, &isCopy);
+        if ((*env)->ExceptionOccurred(env)) return;
+
         strncpy(cstr, str, len);
         cstr[len-1] = '\0';
         if (isCopy) {
--- a/test/java/lang/Integer/ParsingTest.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/lang/Integer/ParsingTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -23,29 +23,37 @@
 
 /*
  * @test
- * @bug 5017980 6576055
+ * @bug 5017980 6576055 8041972
  * @summary Test parsing methods
  * @author Joseph D. Darcy
  */
 
+import java.lang.IllegalArgumentException;
+import java.lang.IndexOutOfBoundsException;
+import java.lang.NullPointerException;
+import java.lang.RuntimeException;
 
 /**
- * There are six methods in java.lang.Integer which transform strings
+ * There are eight methods in java.lang.Integer which transform strings
  * into an int or Integer value:
  *
  * public Integer(String s)
  * public static Integer decode(String nm)
+ * public static int parseInt(CharSequence s, int radix, int beginIndex, int endIndex)
+ * public static int parseInt(CharSequence s, int radix, int beginIndex)
  * public static int parseInt(String s, int radix)
  * public static int parseInt(String s)
  * public static Integer valueOf(String s, int radix)
  * public static Integer valueOf(String s)
  *
  * Besides decode, all the methods and constructor call down into
- * parseInt(String, int) to do the actual work.  Therefore, the
- * behavior of parseInt(String, int) will be tested here.
+ * parseInt(CharSequence, int, int, int) to do the actual work.  Therefore, the
+ * behavior of parseInt(CharSequence, int, int, int) will be tested here.
+ *
  */
 
 public class ParsingTest {
+
     public static void main(String... argv) {
         check("+100", +100);
         check("-100", -100);
@@ -55,10 +63,14 @@
         check("+00000", 0);
         check("-00000", 0);
 
+        check("+00000", 0, 0, 6);
+        check("-00000", 0, 0, 6);
+
         check("0", 0);
         check("1", 1);
         check("9", 9);
 
+        checkFailure("");
         checkFailure("\u0000");
         checkFailure("\u002f");
         checkFailure("+");
@@ -72,12 +84,45 @@
         checkFailure("+-6");
         checkFailure("-+6");
         checkFailure("*100");
+
+        check("test-00000", 0, 4, 10);
+        check("test-12345", -12345, 4, 10);
+        check("xx12345yy", 12345, 2, 7);
+
+        checkNumberFormatException("", 10, 0);
+        checkNumberFormatException("100", 10, 3);
+        checkNumberFormatException("+1000000", 10, 8);
+        checkNumberFormatException("-1000000", 10, 8);
+
+        checkNumberFormatException("", 10, 0, 0);
+        checkNumberFormatException("+-6", 10, 0, 3);
+        checkNumberFormatException("1000000", 10, 7);
+        checkNumberFormatException("1000000", 10, 7, 7);
+        checkNumberFormatException("1000000", Character.MAX_RADIX + 1, 0, 2);
+        checkNumberFormatException("1000000", Character.MIN_RADIX - 1, 0, 2);
+
+        checkIndexOutOfBoundsException("1000000", 10, 8);
+        checkIndexOutOfBoundsException("1000000", 10, -1);
+        checkIndexOutOfBoundsException("1000000", 10, 10, 4);
+        checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, -1, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, -1, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, 10, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, 10, 2);
+        checkIndexOutOfBoundsException("-1", 10, 0, 3);
+        checkIndexOutOfBoundsException("-1", 10, 2, 3);
+        checkIndexOutOfBoundsException("-1", 10, -1, 2);
+
+        checkNull(10, 0, 1);
+        checkNull(10, -1, 0);
+        checkNull(10, 0, 0);
+        checkNull(10, 0, -1);
+        checkNull(-1, -1, -1);
     }
 
     private static void check(String val, int expected) {
         int n = Integer.parseInt(val);
         if (n != expected)
-            throw new RuntimeException("Integer.parsedInt failed. String:" +
+            throw new RuntimeException("Integer.parseInt failed. String:" +
                                                 val + " Result:" + n);
     }
 
@@ -91,4 +136,71 @@
             ; // Expected
         }
     }
+
+    private static void checkNumberFormatException(String val, int radix, int start) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NumberFormatException nfe) {
+            ; // Expected
+        }
+    }
+
+    private static void checkNumberFormatException(String val, int radix, int start, int end) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start, end);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NumberFormatException nfe) {
+            ; // Expected
+        }
+    }
+
+    private static void checkIndexOutOfBoundsException(String val, int radix, int start) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (IndexOutOfBoundsException ioob) {
+            ; // Expected
+        }
+    }
+
+    private static void checkIndexOutOfBoundsException(String val, int radix, int start, int end) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start, end);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (IndexOutOfBoundsException ioob) {
+            ; // Expected
+        }
+    }
+
+    private static void checkNull(int radix, int start, int end) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(null, 10, start, end);
+            System.err.println("parseInt(null, " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NullPointerException npe) {
+            ; // Expected
+        }
+    }
+
+    private static void check(String val, int expected, int start, int end) {
+        int n = Integer.parseInt(val, 10, start, end);
+        if (n != expected)
+            throw new RuntimeException("Integer.parsedInt failed. String:" +
+                    val + ", start: " + start + ", end: " + end + " Result:" + n);
+    }
 }
--- a/test/java/lang/Long/ParsingTest.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/lang/Long/ParsingTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -23,29 +23,31 @@
 
 /*
  * @test
- * @bug 5017980 6576055
+ * @bug 5017980 6576055 8041972
  * @summary Test parsing methods
  * @author Joseph D. Darcy
  */
 
-
 /**
- * There are six methods in java.lang.Long which transform strings
+ * There are eight methods in java.lang.Long which transform strings
  * into a long or Long value:
  *
  * public Long(String s)
  * public static Long decode(String nm)
+ * public static long parseLong(CharSequence s, int radix, int beginIndex, int endIndex)
+ * public static long parseLong(CharSequence s, int radix, int beginIndex)
  * public static long parseLong(String s, int radix)
  * public static long parseLong(String s)
  * public static Long valueOf(String s, int radix)
  * public static Long valueOf(String s)
  *
  * Besides decode, all the methods and constructor call down into
- * parseLong(String, int) to do the actual work.  Therefore, the
- * behavior of parseLong(String, int) will be tested here.
+ * parseLong(CharSequence, int, int, int) to do the actual work.  Therefore, the
+ * behavior of parseLong(CharSequence, int, int, int) will be tested here.
  */
 
 public class ParsingTest {
+
     public static void main(String... argv) {
         check("+100", +100L);
         check("-100", -100L);
@@ -59,6 +61,7 @@
         check("1", 1L);
         check("9", 9L);
 
+        checkFailure("");
         checkFailure("\u0000");
         checkFailure("\u002f");
         checkFailure("+");
@@ -72,12 +75,44 @@
         checkFailure("+-6");
         checkFailure("-+6");
         checkFailure("*100");
+
+        check("test-00000", 0L, 4, 10);
+        check("test-12345", -12345L, 4, 10);
+        check("xx12345yy", 12345L, 2, 7);
+        check("xx123456789012345yy", 123456789012345L, 2, 17);
+
+        checkNumberFormatException("100", 10, 3);
+        checkNumberFormatException("", 10, 0);
+        checkNumberFormatException("+1000000", 10, 8);
+        checkNumberFormatException("-1000000", 10, 8);
+
+        checkNumberFormatException("", 10, 0, 0);
+        checkNumberFormatException("+-6", 10, 0, 3);
+        checkNumberFormatException("1000000", 10, 7, 7);
+        checkNumberFormatException("1000000", Character.MAX_RADIX + 1, 0, 2);
+        checkNumberFormatException("1000000", Character.MIN_RADIX - 1, 0, 2);
+
+        checkIndexOutOfBoundsException("", 10, 1, 1);
+        checkIndexOutOfBoundsException("1000000", 10, 10, 4);
+        checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, 10, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, 10, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MAX_RADIX + 1, -1, 2);
+        checkIndexOutOfBoundsException("1000000", Character.MIN_RADIX - 1, -1, 2);
+        checkIndexOutOfBoundsException("-1", 10, 0, 3);
+        checkIndexOutOfBoundsException("-1", 10, 2, 3);
+        checkIndexOutOfBoundsException("-1", 10, -1, 2);
+
+        checkNull(10, 0, 1);
+        checkNull(10, -1, 0);
+        checkNull(10, 0, 0);
+        checkNull(10, 0, -1);
+        checkNull(-1, -1, -1);
     }
 
     private static void check(String val, long expected) {
         long n = Long.parseLong(val);
         if (n != expected)
-            throw new RuntimeException("Long.parsedLong failed. String:" +
+            throw new RuntimeException("Long.parseLong failed. String:" +
                                        val + " Result:" + n);
     }
 
@@ -91,4 +126,71 @@
             ; // Expected
         }
     }
+
+    private static void checkNumberFormatException(String val, int radix, int start) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NumberFormatException nfe) {
+            ; // Expected
+        }
+    }
+
+    private static void checkNumberFormatException(String val, int radix, int start, int end) {
+        long n = 0;
+        try {
+            n = Long.parseLong(val, radix, start, end);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NumberFormatException nfe) {
+            ; // Expected
+        }
+    }
+
+    private static void checkIndexOutOfBoundsException(String val, int radix, int start) {
+        int n = 0;
+        try {
+            n = Integer.parseInt(val, radix, start);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (IndexOutOfBoundsException ioob) {
+            ; // Expected
+        }
+    }
+
+    private static void checkIndexOutOfBoundsException(String val, int radix, int start, int end) {
+        long n = 0;
+        try {
+            n = Long.parseLong(val, radix, start, end);
+            System.err.println("parseInt(" + val + ", " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (IndexOutOfBoundsException ioob) {
+            ; // Expected
+        }
+    }
+
+    private static void checkNull(int radix, int start, int end) {
+        long n = 0;
+        try {
+            n = Long.parseLong(null, 10, start, end);
+            System.err.println("parseInt(null, " + radix + ", " + start + ", " + end +
+                    ") incorrectly returned " + n);
+            throw new RuntimeException();
+        } catch (NullPointerException npe) {
+            ; // Expected
+        }
+    }
+
+    private static void check(String val, long expected, int start, int end) {
+        long n = Long.parseLong(val, 10, start, end);
+        if (n != expected)
+            throw new RuntimeException("Long.parseLong failed. String:" +
+                    val + ", start: " + start + ", end: " + end + " Result:" + n);
+    }
 }
--- a/test/java/lang/String/ToLowerCase.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/lang/String/ToLowerCase.java	Wed Jul 30 11:49:59 2014 -0700
@@ -23,7 +23,7 @@
 
 /*
     @test
-    @bug 4217441 4533872 4900935 8020037 8032012 8041791
+    @bug 4217441 4533872 4900935 8020037 8032012 8041791 8042589
     @summary toLowerCase should lower-case Greek Sigma correctly depending
              on the context (final/non-final).  Also it should handle
              Locale specific (lt, tr, and az) lowercasings and supplementary
@@ -106,6 +106,12 @@
         // invalid code point tests:
         test("\uD800\uD800\uD801A\uDC00\uDC00\uDC00B", Locale.US, "\uD800\uD800\uD801a\uDC00\uDC00\uDC00b");
 
+        // lower/uppercase + surrogates
+        test("a\uD801\uDC1c", Locale.ROOT, "a\uD801\uDC44");
+        test("A\uD801\uDC1c", Locale.ROOT, "a\uD801\uDC44");
+        test("a\uD801\uDC00\uD801\uDC01\uD801\uDC02", Locale.US, "a\uD801\uDC28\uD801\uDC29\uD801\uDC2A");
+        test("A\uD801\uDC00\uD801\uDC01\uD801\uDC02", Locale.US, "a\uD801\uDC28\uD801\uDC29\uD801\uDC2A");
+
         // test bmp + supp1
         StringBuilder src = new StringBuilder(0x20000);
         StringBuilder exp = new StringBuilder(0x20000);
--- a/test/java/lang/String/ToUpperCase.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/lang/String/ToUpperCase.java	Wed Jul 30 11:49:59 2014 -0700
@@ -23,7 +23,7 @@
 
 /*
     @test
-    @bug 4219630 4304573 4533872 4900935
+    @bug 4219630 4304573 4533872 4900935 8042589
     @summary toUpperCase should upper-case German sharp s correctly even if
              it's the only character in the string. should also uppercase
              all of the 1:M char mappings correctly.  Also it should handle
@@ -91,6 +91,12 @@
         test("\uD801\uDC28a\uD801\uDC29b\uD801\uDC2Ac", Locale.US, "\uD801\uDC00A\uD801\uDC01B\uD801\uDC02C");
         // invalid code point tests:
         test("\uD800\uD800\uD801a\uDC00\uDC00\uDC00b", Locale.US, "\uD800\uD800\uD801A\uDC00\uDC00\uDC00B");
+
+        // lower/uppercase + surrogates
+        test("a\uD801\uDC44", Locale.ROOT, "A\uD801\uDC1c");
+        test("A\uD801\uDC44", Locale.ROOT, "A\uD801\uDC1c");
+        test("a\uD801\uDC28\uD801\uDC29\uD801\uDC2A", Locale.US, "A\uD801\uDC00\uD801\uDC01\uD801\uDC02");
+        test("A\uD801\uDC28a\uD801\uDC29b\uD801\uDC2Ac", Locale.US, "A\uD801\uDC00A\uD801\uDC01B\uD801\uDC02C");
     }
 
     static void test(String in, Locale locale, String expected) {
--- a/test/java/net/MulticastSocket/TestInterfaces.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/net/MulticastSocket/TestInterfaces.java	Wed Jul 30 11:49:59 2014 -0700
@@ -28,6 +28,8 @@
  *          same InetAddress set by MulticastSocket.setInterface
  */
 import java.net.*;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.io.IOException;
 
@@ -47,6 +49,7 @@
             /*
              * Test MulticastSocket.getInterface
              */
+            System.out.println("Testing network interface " + ni);
             Enumeration addrs = ni.getInetAddresses();
             while (addrs.hasMoreElements()) {
                 InetAddress ia = (InetAddress)addrs.nextElement();
@@ -64,6 +67,8 @@
 
                 InetAddress curr = soc.getInterface();
                 if (!curr.equals(ia)) {
+                    System.err.println("NetworkInterface under test " + ni);
+                    displayInterfaceInformation(ni);
                     System.err.println("MulticastSocket.getInterface returned: " + curr);
                     System.err.println("Failed! Expected: " + ia);
                     failures++;
@@ -96,6 +101,10 @@
             if (!curr.equals(ni)) {
                 System.err.println("MulticastSocket.getNetworkInterface returned: " + curr);
                 System.err.println("Failed! Expected: " + ni);
+                System.err.println("NetworkInterface details for curr variable ");
+                displayInterfaceInformation(curr);
+                System.err.println("NetworkInterface details for ni variable ");
+                displayInterfaceInformation(ni) ;
                 failures++;
             } else {
                 System.out.println("Passed.");
@@ -110,4 +119,23 @@
 
     }
 
+    static void displayInterfaceInformation(NetworkInterface netint) throws SocketException {
+        System.err.println("Display name: " + netint.getDisplayName());
+        System.err.println("Name: " + netint.getName());
+        Enumeration<InetAddress> inetAddresses = netint.getInetAddresses();
+
+        for (InetAddress inetAddress : Collections.list(inetAddresses))
+            System.err.println("InetAddress: " + inetAddress);
+
+        System.err.println("Up? " + netint.isUp());
+        System.err.println("Loopback? " + netint.isLoopback());
+        System.err.println("PointToPoint? " + netint.isPointToPoint());
+        System.err.println("Supports multicast? " + netint.supportsMulticast());
+        System.err.println("Virtual? " + netint.isVirtual());
+        System.err.println("Hardware address: " +
+                Arrays.toString(netint.getHardwareAddress()));
+        System.err.println("MTU: " + netint.getMTU());
+        System.err.println("Index: " + netint.getIndex());
+        System.err.println();
+    }
 }
--- a/test/java/util/UUID/UUIDTest.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/java/util/UUID/UUIDTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -96,6 +96,23 @@
             if (!u1.equals(u2))
                 throw new Exception("UUID -> string -> UUID failed");
         }
+
+        testFromStringError("-0");
+        testFromStringError("x");
+        testFromStringError("----");
+        testFromStringError("-0-0-0-0");
+        testFromStringError("0-0-0-0-");
+        testFromStringError("0-0-0-0-0-");
+        testFromStringError("0-0-0-0-x");
+    }
+
+    private static void testFromStringError(String str) {
+        try {
+            UUID test = UUID.fromString(str);
+            throw new RuntimeException("Should have thrown IAE");
+        } catch (IllegalArgumentException iae) {
+            // pass
+        }
     }
 
     private static void versionTest() throws Exception {
--- a/test/javax/security/auth/kerberos/KerberosHashEqualsTest.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/javax/security/auth/kerberos/KerberosHashEqualsTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -33,9 +33,7 @@
 
 import java.net.InetAddress;
 import java.util.Date;
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.kerberos.*;
 
 public class KerberosHashEqualsTest {
     public static void main(String[] args) throws Exception {
@@ -66,28 +64,67 @@
 
         k2.destroy();
         checkNotSame(k1, k2);
-
-        // destroyed keys doesn't equal to each other
         checkNotSame(k2, k1);
         checkSame(k2, k2);
 
+        k1.destroy();
+        checkNotSame(k1, k2);
+
+        // Destroyed key has string and hashCode
+        k1.toString(); k1.hashCode();
+
         // a little different
+        k1 = new KerberosKey(newKP("A"), "pass".getBytes(), 1, 1);
         k2 = new KerberosKey(newKP("B"), "pass".getBytes(), 1, 1);
         checkNotSame(k1, k2);
+
         k2 = new KerberosKey(newKP("A"), "ssap".getBytes(), 1, 1);
         checkNotSame(k1, k2);
+
         k2 = new KerberosKey(newKP("A"), "pass".getBytes(), 2, 1);
         checkNotSame(k1, k2);
+
         k2 = new KerberosKey(newKP("A"), "pass".getBytes(), 1, 2);
         checkNotSame(k1, k2);
 
+        // Null
         k1 = new KerberosKey(null, "pass".getBytes(), 1, 2);
         checkNotSame(k1, k2); // null to non-null
         k2 = new KerberosKey(null, "pass".getBytes(), 1, 2);
         checkSame(k1, k2);    // null to null
 
+        // Even key with null principal has a string and hashCode
+        k1.toString(); k1.hashCode();
+
         checkNotSame(k1, "Another Object");
 
+        EncryptionKey e1, e2;
+        e1 = new EncryptionKey("pass".getBytes(), 1);
+        e2 = new EncryptionKey("pass".getBytes(), 1);
+        checkSame(e1, e1);  // me to me
+        checkSame(e1, e2);  // same
+
+        e2.destroy();
+        checkNotSame(e1, e2);
+        checkNotSame(e2, e1);
+        checkSame(e2, e2);
+
+        e1.destroy();
+        checkNotSame(e1, e2);
+
+        // Destroyed key has string and hashCode
+        e1.toString(); e1.hashCode();
+
+        // a little different
+        e1 = new EncryptionKey("pass".getBytes(), 1);
+        e2 = new EncryptionKey("ssap".getBytes(), 1);
+        checkNotSame(e1, e2);
+
+        e2 = new EncryptionKey("pass".getBytes(), 2);
+        checkNotSame(e1, e2);
+
+        checkNotSame(e1, "Another Object");
+
         KerberosTicket t1, t2;
         t1 = new KerberosTicket("asn1".getBytes(), newKP("client"), newKP("server"), "pass".getBytes(), 1, new boolean[] {true, true}, new Date(0), new Date(0), new Date(0), new Date(0), null);
         t2 = new KerberosTicket("asn1".getBytes(), newKP("client"), newKP("server"), "pass".getBytes(), 1, new boolean[] {true, true}, new Date(0), new Date(0), new Date(0), new Date(0), null);
@@ -120,6 +157,7 @@
 
         t2.destroy();
         checkNotSame(t1, t2);
+        t2.hashCode(); t2.toString();
 
         // destroyed tickets doesn't equal to each other
         checkNotSame(t2, t1);
@@ -130,6 +168,37 @@
         checkNotSame(t1, t2);  // renewtill is useful
 
         checkNotSame(t1, "Another Object");
+
+        KerberosCredMessage m1, m2;
+        m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes());
+        m2 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes());
+        checkSame(m1, m1);  // me to me
+        checkSame(m1, m2);  // same
+
+        m2.destroy();
+        checkNotSame(m1, m2);
+        checkNotSame(m2, m1);
+        checkSame(m2, m2);
+
+        m1.destroy();
+        checkNotSame(m1, m2);
+
+        // Destroyed message has string and hashCode
+        m1.toString(); m1.hashCode();
+
+        // a little different
+        m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "message".getBytes());
+        m2 = new KerberosCredMessage(newKP("A"), newKP("S"), "message".getBytes());
+        checkNotSame(m1, m2);
+
+        m2 = new KerberosCredMessage(newKP("C"), newKP("B"), "message".getBytes());
+        checkNotSame(m1, m2);
+
+        m1 = new KerberosCredMessage(newKP("C"), newKP("S"), "hello".getBytes());
+        checkNotSame(m1, m2);
+
+        checkNotSame(m1, "Another Object");
+
         System.out.println("Good!");
     }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/security/auth/kerberos/KerberosNullsAndDestroyTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043071
+ * @summary Expose session key and KRB_CRED through extended GSS-API
+ */
+
+import javax.security.auth.kerberos.*;
+import java.util.function.Supplier;
+
+public class KerberosNullsAndDestroyTest {
+
+    public static void main(String[] args) throws Exception {
+
+        KerberosPrincipal c = new KerberosPrincipal("me@HERE");
+        KerberosPrincipal s = new KerberosPrincipal("you@THERE");
+
+        // These object constructions should throw NullPointerException
+        checkNPE(() -> new KerberosKey(c, null, 17, 1));
+        checkNPE(() -> new EncryptionKey(null, 17));
+        checkNPE(() -> new KerberosCredMessage(null, s, new byte[1]));
+        checkNPE(() -> new KerberosCredMessage(c, null, new byte[1]));
+        checkNPE(() -> new KerberosCredMessage(c, s, null));
+
+        KerberosKey k1 = new KerberosKey(c, new byte[16], 17, 1);
+        EncryptionKey k2 = new EncryptionKey(new byte[16], 17);
+        KerberosCredMessage m = new KerberosCredMessage(c, s, new byte[1]);
+
+        // These get calls should throw IllegalStateException
+        k1.destroy();
+        checkISE(() -> k1.getAlgorithm());
+        checkISE(() -> k1.getEncoded());
+        checkISE(() -> k1.getFormat());
+        checkISE(() -> k1.getKeyType());
+        checkISE(() -> k1.getPrincipal());
+        checkISE(() -> k1.getVersionNumber());
+
+        k2.destroy();
+        checkISE(() -> k2.getAlgorithm());
+        checkISE(() -> k2.getEncoded());
+        checkISE(() -> k2.getFormat());
+        checkISE(() -> k2.getKeyType());
+
+        m.destroy();
+        checkISE(() -> m.getSender());
+        checkISE(() -> m.getRecipient());
+        checkISE(() -> m.getEncoded());
+    }
+
+    static void checkNPE(Supplier<?> f) throws Exception {
+        check(f, NullPointerException.class);
+    }
+
+    static void checkISE(Supplier<?> f) throws Exception {
+        check(f, IllegalStateException.class);
+    }
+
+    static void check(Supplier<?> f, Class<? extends Exception> type) throws Exception {
+        try {
+            f.get();
+        } catch (Exception e) {
+            if (e.getClass() != type) {
+                throw e;
+            } else {
+                return;
+            }
+        }
+        throw new Exception("Should fail");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/bind/xjc/8029837/PreParseGrammarTest.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029837
+ * @summary Test simulates the partial call to xjc ant task that fails with
+ *          NullPointer exception
+ * @run main/othervm PreParseGrammarTest
+ */
+
+import com.sun.org.apache.xerces.internal.parsers.XMLGrammarPreparser;
+import com.sun.org.apache.xerces.internal.xni.XNIException;
+import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
+import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
+import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class PreParseGrammarTest {
+
+    public static void main(String[] args) throws FileNotFoundException, XNIException, IOException {
+        File xsdf = new File(System.getProperty("test.src", ".") + "/test.xsd");
+        InputStream is = new BufferedInputStream(new FileInputStream(xsdf));
+        XMLInputSource xis = new XMLInputSource(null, null, null, is, null);
+        XMLGrammarPreparser gp = new XMLGrammarPreparser();
+        gp.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
+        //The NullPointerException is observed on next call during ant task
+        // execution
+        Grammar res = gp.preparseGrammar(XMLGrammarDescription.XML_SCHEMA, xis);
+        System.out.println("Grammar preparsed successfully:" + res);
+        return;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/xml/bind/xjc/8029837/test.xsd	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,4 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+	<xsd:element name="root">
+	</xsd:element>
+</xsd:schema>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/misc/JavaLangAccess/FormatUnsigned.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import sun.misc.JavaLangAccess;
+import sun.misc.SharedSecrets;
+
+/*
+ * @test
+ * @summary Test JavaLangAccess.formatUnsignedInt/-Long
+ * @bug 8050114
+ */
+public class FormatUnsigned {
+
+    static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess();
+
+    public static void testFormatUnsignedInt() {
+        testFormatUnsignedInt("7fffffff", Integer.MAX_VALUE, 8, 4, 0, 8);
+        testFormatUnsignedInt("80000000", Integer.MIN_VALUE, 8, 4, 0, 8);
+        testFormatUnsignedInt("4711", 04711, 4, 3, 0, 4);
+        testFormatUnsignedInt("4711", 0x4711, 4, 4, 0, 4);
+        testFormatUnsignedInt("1010", 0b1010, 4, 1, 0, 4);
+        testFormatUnsignedInt("00001010", 0b1010, 8, 1, 0, 8);
+        testFormatUnsignedInt("\u0000\u000000001010", 0b1010, 10, 1, 2, 8);
+    }
+
+    public static void testFormatUnsignedLong() {
+        testFormatUnsignedLong("7fffffffffffffff", Long.MAX_VALUE, 16, 4, 0, 16);
+        testFormatUnsignedLong("8000000000000000", Long.MIN_VALUE, 16, 4, 0, 16);
+        testFormatUnsignedLong("4711", 04711L, 4, 3, 0, 4);
+        testFormatUnsignedLong("4711", 0x4711L, 4, 4, 0, 4);
+        testFormatUnsignedLong("1010", 0b1010L, 4, 1, 0, 4);
+        testFormatUnsignedLong("00001010", 0b1010L, 8, 1, 0, 8);
+        testFormatUnsignedLong("\u0000\u000000001010", 0b1010L, 10, 1, 2, 8);
+    }
+
+    public static void testFormatUnsignedInt(String expected, int value, int arraySize, int shift, int offset, int length) {
+        char[] chars = new char[arraySize];
+        jla.formatUnsignedInt(value, shift, chars, offset, length);
+        String s = new String(chars);
+        if (!expected.equals(s)) {
+            throw new Error(s + " should be equal to expected " + expected);
+        }
+    }
+
+    public static void testFormatUnsignedLong(String expected, long value, int arraySize, int shift, int offset, int length) {
+        char[] chars = new char[arraySize];
+        jla.formatUnsignedLong(value, shift, chars, offset, length);
+        String s = new String(chars);
+        if (!expected.equals(s)) {
+            throw new Error(s + " should be equal to expected " + expected);
+        }
+    }
+
+    public static void main(String[] args) {
+        testFormatUnsignedInt();
+        testFormatUnsignedLong();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/jgss/spnego/NotPreferredMech.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8048194
+ * @run main/othervm NotPreferredMech
+ * @summary GSSContext.acceptSecContext fails when a supported mech is not initiator preferred
+ */
+
+import org.ietf.jgss.*;
+import sun.security.jgss.*;
+import sun.security.jgss.spnego.NegTokenInit;
+import sun.security.jgss.spnego.NegTokenTarg;
+import sun.security.util.BitArray;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.util.ObjectIdentifier;
+
+import java.io.ByteArrayOutputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+
+public class NotPreferredMech {
+
+    public static void main(String[] argv) throws Exception {
+
+        // Generates a NegTokenInit mechTypes field, with an
+        // unsupported mech as the preferred.
+        DerOutputStream mech = new DerOutputStream();
+        mech.write(new Oid("1.2.3.4").getDER());
+        mech.write(GSSUtil.GSS_KRB5_MECH_OID.getDER());
+        DerOutputStream mechTypeList = new DerOutputStream();
+        mechTypeList.write(DerValue.tag_Sequence, mech);
+
+        // Generates a NegTokenInit mechToken field for 1.2.3.4 mech
+        GSSHeader h1 = new GSSHeader(new ObjectIdentifier("1.2.3.4"), 1);
+        ByteArrayOutputStream bout = new ByteArrayOutputStream();
+        h1.encode(bout);
+        bout.write(new byte[1]);
+
+        // Generates the NegTokenInit token
+        Constructor<NegTokenInit> ctor = NegTokenInit.class.getDeclaredConstructor(
+                byte[].class, BitArray.class, byte[].class, byte[].class);
+        ctor.setAccessible(true);
+        NegTokenInit initToken = ctor.newInstance(
+                mechTypeList.toByteArray(),
+                new BitArray(0),
+                bout.toByteArray(),
+                null);
+        Method m = Class.forName("sun.security.jgss.spnego.SpNegoToken")
+                .getDeclaredMethod("getEncoded");
+        m.setAccessible(true);
+        byte[] spnegoToken = (byte[])m.invoke(initToken);
+
+        // and wraps it into a GSSToken
+        GSSHeader h = new GSSHeader(
+                new ObjectIdentifier(GSSUtil.GSS_SPNEGO_MECH_OID.toString()),
+                spnegoToken.length);
+        bout = new ByteArrayOutputStream();
+        h.encode(bout);
+        bout.write(spnegoToken);
+        byte[] token = bout.toByteArray();
+
+        // and feeds it to a GSS acceptor
+        GSSManager man = GSSManager.getInstance();
+        GSSContext ctxt = man.createContext((GSSCredential) null);
+        token = ctxt.acceptSecContext(token, 0, token.length);
+        NegTokenTarg targ = new NegTokenTarg(token);
+
+        // Make sure it's a GO-ON message
+        Method m2 = NegTokenTarg.class.getDeclaredMethod("getNegotiatedResult");
+        m2.setAccessible(true);
+        int negResult = (int)m2.invoke(targ);
+
+        if (negResult != 1 /* ACCEPT_INCOMPLETE */) {
+            throw new Exception("Not a continue");
+        }
+    }
+}
--- a/test/sun/security/krb5/auto/Context.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/krb5/auto/Context.java	Wed Jul 30 11:49:59 2014 -0700
@@ -26,9 +26,11 @@
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosCredMessage;
 import javax.security.auth.kerberos.KerberosKey;
 import javax.security.auth.kerberos.KerberosTicket;
 import javax.security.auth.login.LoginContext;
@@ -86,7 +88,6 @@
 
     /**
      * Using the delegated credentials from a previous acceptor
-     * @param c
      */
     public Context delegated() throws Exception {
         Context out = new Context();
@@ -177,7 +178,6 @@
     /**
      * Logins with username/keytab as an existing Subject. The
      * same subject can be used multiple times to simulate multiple logins.
-     * @param s existing subject
      */
     public static Context fromUserKtab(
             String user, String ktab, boolean storeKey) throws Exception {
@@ -411,6 +411,12 @@
                 Key k = (Key)ex.inquireSecContext(
                         InquireType.KRB5_GET_SESSION_KEY);
                 if (k == null) {
+                    throw new Exception("(Old) Session key cannot be null");
+                }
+                System.out.println("(Old) Session key is: " + k);
+                Key k2 = (Key)ex.inquireSecContext(
+                        InquireType.KRB5_GET_SESSION_KEY_EX);
+                if (k2 == null) {
                     throw new Exception("Session key cannot be null");
                 }
                 System.out.println("Session key is: " + k);
@@ -431,6 +437,19 @@
                             InquireType.KRB5_GET_AUTHZ_DATA);
                     System.out.println("AuthzData is: " + Arrays.toString(ad));
                 }
+                try {
+                    KerberosCredMessage tok = (KerberosCredMessage)ex.inquireSecContext(
+                            InquireType.KRB5_GET_KRB_CRED);
+                    System.out.println("KRB_CRED is " +
+                            (tok == null?"not ":"") + "available");
+                    if (tok != null) {
+                        System.out.println("From " + tok.getSender() + " to "
+                                + tok.getRecipient());
+                        System.out.println(Base64.getEncoder().encodeToString(tok.getEncoded()));
+                    }
+                } catch (Exception e) {
+                    System.out.println("KRB_CRED is not available: " + e);
+                }
             }
         }
     }
--- a/test/sun/security/krb5/auto/KerberosHashEqualsTest.java	Fri Jul 25 15:38:10 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4641821
- * @run main/othervm KerberosHashEqualsTest
- * @summary hashCode() and equals() for KerberosKey and KerberosTicket
- */
-
-import java.net.InetAddress;
-import java.util.Date;
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.kerberos.KerberosTicket;
-
-public class KerberosHashEqualsTest {
-    public static void main(String[] args) throws Exception {
-        new OneKDC(null);
-        new KerberosHashEqualsTest().check();
-    }
-
-    void checkSame(Object o1, Object o2) {
-        if(!o1.equals(o2)) {
-            throw new RuntimeException("equals() fails");
-        }
-        if(o1.hashCode() != o2.hashCode()) {
-            throw new RuntimeException("hashCode() not same");
-        }
-    }
-
-    void checkNotSame(Object o1, Object o2) {
-        if(o1.equals(o2)) {
-            throw new RuntimeException("equals() succeeds");
-        }
-    }
-
-    void check() throws Exception {
-
-        // The key part:
-        // new KerberosKey(principal, bytes, keyType, version)
-
-        KerberosKey k1, k2;
-        KerberosPrincipal CLIENT = new KerberosPrincipal("client");
-        KerberosPrincipal SERVER = new KerberosPrincipal("server");
-        byte[] PASS = "pass".getBytes();
-
-        k1 = new KerberosKey(CLIENT, PASS, 1, 1);
-        k2 = new KerberosKey(CLIENT, PASS, 1, 1);
-        checkSame(k1, k1);  // me is me
-        checkSame(k1, k2);  // same
-
-        // A destroyed key doesn't equal to any key
-        k2.destroy();
-        checkNotSame(k1, k2);
-        checkNotSame(k2, k1);
-        k1.destroy();
-        checkNotSame(k1, k2);   // even if they are both destroyed
-        checkNotSame(k2, k1);
-        checkSame(k2, k2);
-
-        // a little difference means not equal
-        k1 = new KerberosKey(CLIENT, PASS, 1, 1);
-        k2 = new KerberosKey(SERVER, PASS, 1, 1);
-        checkNotSame(k1, k2);   // Different principal name
-
-        k2 = new KerberosKey(CLIENT, "ssap".getBytes(), 1, 1);
-        checkNotSame(k1, k2);   // Different password
-
-        k2 = new KerberosKey(CLIENT, PASS, 2, 1);
-        checkNotSame(k1, k2);   // Different keytype
-
-        k2 = new KerberosKey(CLIENT, PASS, 1, 2);
-        checkNotSame(k1, k2);   // Different version
-
-        k2 = new KerberosKey(null, PASS, 1, 2);
-        checkNotSame(k1, k2);   // null is not non-null
-
-        k1 = new KerberosKey(null, PASS, 1, 2);
-        checkSame(k1, k2);      // null is null
-
-        checkNotSame(k1, "Another Object");
-
-        // The ticket part:
-        // new KerberosTicket(asn1 bytes, client, server, session key, type, flags,
-        //      auth, start, end, renewUntil times, address)
-
-        KerberosTicket t1, t2;
-
-        byte[] ASN1 = "asn1".getBytes();
-        boolean[] FORWARDABLE = new boolean[] {true, true};
-        boolean[] ALLTRUE = new boolean[] {true, true, true, true, true, true, true, true, true, true};
-        Date D0 = new Date(0);
-
-        t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        checkSame(t1, t1);
-        checkSame(t1, t2);
-
-        // destroyed tickets doesn't equal to each other
-        t1.destroy();
-        checkNotSame(t1, t2);
-        checkNotSame(t2, t1);
-
-        t2.destroy();
-        checkNotSame(t1, t2);   // even if they are both destroyed
-        checkNotSame(t2, t1);
-
-        checkSame(t2, t2);  // unless they are the same object
-
-        // a little difference means not equal
-        t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        t2 = new KerberosTicket("asn11".getBytes(), CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different ASN1 encoding
-
-        t2 = new KerberosTicket(ASN1, new KerberosPrincipal("client1"), SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different client
-
-        t2 = new KerberosTicket(ASN1, CLIENT, new KerberosPrincipal("server1"), PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different server
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, "pass1".getBytes(), 1, FORWARDABLE, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different session key
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 2, FORWARDABLE, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different key type
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, new boolean[] {true, false}, D0, D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different flags, not FORWARDABLE
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, new Date(1), D0, D0, D0, null);
-        checkNotSame(t1, t2);   // Different authtime
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, new Date(1), D0, D0, null);
-        checkNotSame(t1, t2);   // Different starttime
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, new Date(1), D0, null);
-        checkNotSame(t1, t2);   // Different endtime
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, new InetAddress[2]);
-        checkNotSame(t1, t2);   // Different client addresses
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(1), null);
-        t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(2), null);
-        checkSame(t1, t2);      // renewtill is ignored when RENEWABLE ticket flag is not set.
-
-        t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(1), null);
-        t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(2), null);
-        checkNotSame(t1, t2);   // renewtill is used when RENEWABLE is set.
-
-        checkNotSame(t1, "Another Object");
-        System.out.println("Good!");
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/krb5/auto/NewInquireTypes.java	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8043071
+ * @summary Expose session key and KRB_CRED through extended GSS-API
+ * @compile -XDignore.symbol.file NewInquireTypes.java
+ * @run main/othervm NewInquireTypes
+ */
+
+import com.sun.security.jgss.InquireType;
+import sun.security.jgss.GSSUtil;
+import sun.security.krb5.internal.KRBCred;
+import sun.security.krb5.internal.crypto.KeyUsage;
+
+import javax.security.auth.kerberos.KerberosCredMessage;
+import javax.security.auth.kerberos.EncryptionKey;
+
+public class NewInquireTypes {
+
+    public static void main(String[] args) throws Exception {
+
+        new OneKDC(null).writeJAASConf();
+
+        Context c, s;
+        c = Context.fromJAAS("client");
+        s = Context.fromJAAS("server");
+
+        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+        Context.handshake(c, s);
+
+        EncryptionKey key = (EncryptionKey)
+                c.x().inquireSecContext(InquireType.KRB5_GET_SESSION_KEY_EX);
+        KerberosCredMessage cred = (KerberosCredMessage)
+                c.x().inquireSecContext(InquireType.KRB5_GET_KRB_CRED);
+
+        // Confirm the KRB_CRED message is encrypted with the session key.
+        new KRBCred(cred.getEncoded()).encPart.decrypt(
+                new sun.security.krb5.EncryptionKey(key.getKeyType(), key.getEncoded()),
+                KeyUsage.KU_ENC_KRB_CRED_PART);
+    }
+}
--- a/test/sun/security/smartcardio/TestAll.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestAll.java	Wed Jul 30 11:49:59 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
 // Because all the tests are marked @ignore as they require special hardware,
 // we cannot use jtreg to do this.
 
-import java.lang.reflect.*;
+import java.lang.reflect.Method;
 
 public class TestAll {
 
--- a/test/sun/security/smartcardio/TestChannel.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestChannel.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,10 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.CommandAPDU;
 
 public class TestChannel extends Utils {
 
@@ -95,7 +95,7 @@
         }
 
         // disconnect
-        card.disconnect(false);
+        card.disconnect(true);
 
         System.out.println("OK.");
     }
--- a/test/sun/security/smartcardio/TestConnect.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestConnect.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,11 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import java.util.List;
+import javax.smartcardio.TerminalFactory;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardTerminal;
 
 public class TestConnect extends Utils {
 
@@ -63,7 +64,7 @@
             throw new Exception("Not T=0 protocol");
         }
         transmit(card);
-        card.disconnect(false);
+        card.disconnect(true);
 
         try {
             transmit(card);
@@ -96,7 +97,7 @@
             throw new Exception("Not T=0 protocol");
         }
         transmit(card);
-        card.disconnect(true);
+        card.disconnect(false);
 
         card = terminal.connect("*");
         System.out.println("card: " + card);
@@ -105,7 +106,6 @@
         }
         transmit(card);
         card.disconnect(true);
-        card.disconnect(true);
 
         System.out.println("OK.");
     }
--- a/test/sun/security/smartcardio/TestConnectAgain.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestConnectAgain.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,10 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardException;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardTerminal;
 
 public class TestConnectAgain extends Utils {
 
@@ -95,7 +95,7 @@
         }
 
         // disconnect
-        card.disconnect(false);
+        card.disconnect(true);
 
         System.out.println("OK.");
     }
--- a/test/sun/security/smartcardio/TestControl.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestControl.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,9 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardException;
+import javax.smartcardio.CardTerminal;
 
 public class TestControl extends Utils {
 
@@ -68,7 +67,7 @@
         }
 
         // disconnect
-        card.disconnect(false);
+        card.disconnect(true);
 
         System.out.println("OK.");
     }
--- a/test/sun/security/smartcardio/TestDefault.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestDefault.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,9 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import java.util.List;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.TerminalFactory;
 
 public class TestDefault {
 
--- a/test/sun/security/smartcardio/TestExclusive.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestExclusive.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,11 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardException;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.CommandAPDU;
 
 public class TestExclusive extends Utils {
 
@@ -84,9 +85,9 @@
         Thread.sleep(1000);
 
         // disconnect
-        card.disconnect(false);
+        card.disconnect(true);
 
-        if (otherOK == false) {
+        if (! otherOK) {
             throw new Exception("Secondary thread failed");
         }
 
--- a/test/sun/security/smartcardio/TestMultiplePresent.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestMultiplePresent.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,10 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import java.util.List;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.CardTerminals;
+import javax.smartcardio.TerminalFactory;
 import static javax.smartcardio.CardTerminals.State.*;
 
 public class TestMultiplePresent {
--- a/test/sun/security/smartcardio/TestPresent.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestPresent.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,9 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import java.util.List;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.TerminalFactory;
 
 public class TestPresent {
 
--- a/test/sun/security/smartcardio/TestTransmit.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/TestTransmit.java	Wed Jul 30 11:49:59 2014 -0700
@@ -31,10 +31,16 @@
 
 // This test requires special hardware.
 
-import java.io.*;
-import java.util.*;
-
-import javax.smartcardio.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.StringReader;
+import javax.smartcardio.Card;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.ResponseAPDU;
 
 public class TestTransmit extends Utils {
 
@@ -79,7 +85,7 @@
         }
 
         // disconnect
-        card.disconnect(false);
+        card.disconnect(true);
 
         System.out.println("OK.");
     }
--- a/test/sun/security/smartcardio/Utils.java	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/smartcardio/Utils.java	Wed Jul 30 11:49:59 2014 -0700
@@ -24,10 +24,16 @@
 
 // common utility functions for the PC/SC tests
 
-import javax.smartcardio.*;
-
-import java.io.*;
-import java.util.*;
+import java.io.StringReader;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import javax.smartcardio.CardTerminal;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.ResponseAPDU;
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.TerminalFactory;
 
 public class Utils {
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/default_options.sh	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,64 @@
+#
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8049834
+# @summary Two security tools tests do not run with only JRE
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+KS=ks
+KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}"
+JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
+JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}"
+
+rm $KS 2> /dev/null
+
+PASS=changeit
+export PASS
+
+$KEYTOOL -genkeypair -dname CN=A -alias a \
+         -storepass:env PASS -keypass:env PASS -keystore $KS \
+         -keyalg rsa || exit 1
+
+cat <<EOF > js.conf
+jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict
+jarsigner.sign = -digestalg SHA1
+jarsigner.verify = -verbose:summary
+
+EOF
+
+$JAR cvf a.jar ks js.conf
+
+$JARSIGNER -conf js.conf a.jar a || exit 21
+$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22
+grep "and 1 more" jarsigner.out || exit 23
+$JAR xvf a.jar META-INF/MANIFEST.MF
+grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24
+
+echo Done
+exit 0
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/tools/jarsigner/weaksize.sh	Wed Jul 30 11:49:59 2014 -0700
@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 8044755
+# @summary Add a test for algorithm constraints check in jarsigner
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# The sigalg used is MD2withRSA, which is obsolete.
+
+KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks
+    -storepass changeit -keypass changeit
+    -keyalg rsa -sigalg MD2withRSA -debug"
+JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks
+    -storepass changeit -strict -debug"
+JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
+
+rm ks 2> /dev/null
+
+$KT -genkeypair -alias ca -dname CN=CA -ext bc
+$KT -genkeypair -alias signer -dname CN=Signer
+
+$KT -certreq -alias signer | \
+        $KT -gencert -alias ca -ext ku=dS -rfc | \
+        $KT -importcert -alias signer
+
+$JAR cvf a.jar ks
+
+# We always trust a TrustedCertificateEntry
+$JS a.jar ca || exit 1
+
+# An end-entity cert must follow algorithm constraints
+$JS a.jar signer && exit 2
+
+exit 0
--- a/test/sun/security/tools/keytool/default_options.sh	Fri Jul 25 15:38:10 2014 -0700
+++ b/test/sun/security/tools/keytool/default_options.sh	Wed Jul 30 11:49:59 2014 -0700
@@ -33,16 +33,12 @@
 
 KS=ks
 KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}"
 
 rm $KS 2> /dev/null
 
 PASS=changeit
 export PASS
 
-# keytool
-
 cat <<EOF > kt.conf
 # A Pre-configured options file
 keytool.all = -storepass:env PASS -keypass:env PASS -keystore \${user.dir}/$KS -debug
@@ -69,23 +65,6 @@
 # Single-valued option on command line overrides again
 $KEYTOOL -conf kt.conf -delete -alias b -keystore $KS || exit 17
 
-# jarsigner
-
-cat <<EOF > js.conf
-jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict
-jarsigner.sign = -digestalg SHA1
-jarsigner.verify = -verbose:summary
-
-EOF
-
-$JAR cvf a.jar ks js.conf kt.conf
-
-$JARSIGNER -conf js.conf a.jar a || exit 21
-$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22
-grep "and 2 more" jarsigner.out || exit 23
-$JAR xvf a.jar META-INF/MANIFEST.MF
-grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24
-
 # Error cases
 
 # File does not exist
--- a/test/sun/security/tools/keytool/weaksize.sh	Fri Jul 25 15:38:10 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,60 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8044755
-# @summary Add a test for algorithm constraints check in jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# The sigalg used is MD2withRSA, which is obsolete.
-
-KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks
-    -storepass changeit -keypass changeit
-    -keyalg rsa -sigalg MD2withRSA -debug"
-JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks
-    -storepass changeit -strict -debug"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-
-rm ks 2> /dev/null
-
-$KT -genkeypair -alias ca -dname CN=CA -ext bc
-$KT -genkeypair -alias signer -dname CN=Signer
-
-$KT -certreq -alias signer | \
-        $KT -gencert -alias ca -ext ku=dS -rfc | \
-        $KT -importcert -alias signer
-
-$JAR cvf a.jar ks
-
-# We always trust a TrustedCertificateEntry
-$JS a.jar ca || exit 1
-
-# An end-entity cert must follow algorithm constraints
-$JS a.jar signer && exit 2
-
-exit 0