changeset 4487:afb6f2370cd3

7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror Reviewed-by: xuelei, mullan Contributed-by: alexandre.boulgakov@oracle.com
author jjg
date Mon, 15 Aug 2011 11:48:20 -0700
parents 6e9ed747d0ca
children dd218ad64d5c
files make/com/sun/crypto/provider/Makefile make/com/sun/security/Makefile make/java/security/Makefile make/javax/crypto/Makefile make/sun/security/Makefile make/sun/security/ec/Makefile make/sun/security/other/Makefile make/sun/security/pkcs11/Makefile src/share/classes/com/sun/crypto/provider/AESCrypt.java src/share/classes/com/sun/crypto/provider/AESParameters.java src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java src/share/classes/com/sun/crypto/provider/BlowfishParameters.java src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java src/share/classes/com/sun/crypto/provider/CipherCore.java src/share/classes/com/sun/crypto/provider/DESCrypt.java src/share/classes/com/sun/crypto/provider/DESKey.java src/share/classes/com/sun/crypto/provider/DESKeyFactory.java src/share/classes/com/sun/crypto/provider/DESParameters.java src/share/classes/com/sun/crypto/provider/DESedeKey.java src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java src/share/classes/com/sun/crypto/provider/DESedeParameters.java src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java src/share/classes/com/sun/crypto/provider/DHKeyFactory.java src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java src/share/classes/com/sun/crypto/provider/DHParameters.java src/share/classes/com/sun/crypto/provider/DHPrivateKey.java src/share/classes/com/sun/crypto/provider/DHPublicKey.java src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java src/share/classes/com/sun/crypto/provider/HmacCore.java src/share/classes/com/sun/crypto/provider/JceKeyStore.java src/share/classes/com/sun/crypto/provider/KeyProtector.java src/share/classes/com/sun/crypto/provider/OAEPParameters.java src/share/classes/com/sun/crypto/provider/PBECipherCore.java src/share/classes/com/sun/crypto/provider/PBEKey.java src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java src/share/classes/com/sun/crypto/provider/PBEParameters.java src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java src/share/classes/com/sun/crypto/provider/PCBC.java src/share/classes/com/sun/crypto/provider/RC2Cipher.java src/share/classes/com/sun/crypto/provider/RC2Parameters.java src/share/classes/com/sun/crypto/provider/RSACipher.java src/share/classes/com/sun/crypto/provider/SunJCE.java src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java src/share/classes/com/sun/security/auth/PolicyFile.java src/share/classes/com/sun/security/auth/SubjectCodeSource.java src/share/classes/com/sun/security/auth/module/JndiLoginModule.java src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java src/share/classes/com/sun/security/auth/module/LdapLoginModule.java src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java src/share/classes/com/sun/security/ntlm/NTLMException.java src/share/classes/com/sun/security/sasl/CramMD5Server.java src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java src/share/classes/com/sun/security/sasl/util/PolicyUtils.java src/share/classes/java/security/AccessControlContext.java src/share/classes/java/security/AccessController.java src/share/classes/java/security/BasicPermission.java src/share/classes/java/security/Permissions.java src/share/classes/java/security/Policy.java src/share/classes/java/security/ProtectionDomain.java src/share/classes/java/security/Provider.java src/share/classes/java/security/Security.java src/share/classes/java/security/UnresolvedPermission.java src/share/classes/java/security/UnresolvedPermissionCollection.java src/share/classes/java/security/cert/CertificateRevokedException.java src/share/classes/java/security/cert/X509CRLSelector.java src/share/classes/java/security/cert/X509CertSelector.java src/share/classes/javax/crypto/Cipher.java src/share/classes/javax/crypto/CryptoAllPermission.java src/share/classes/javax/crypto/CryptoPermission.java src/share/classes/javax/crypto/CryptoPermissions.java src/share/classes/javax/crypto/CryptoPolicyParser.java src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java src/share/classes/javax/crypto/JarVerifier.java src/share/classes/javax/crypto/JceSecurity.java src/share/classes/javax/crypto/JceSecurityManager.java src/share/classes/javax/crypto/KeyAgreement.java src/share/classes/javax/crypto/KeyGenerator.java src/share/classes/javax/crypto/Mac.java src/share/classes/javax/crypto/SealedObject.java src/share/classes/javax/crypto/SecretKeyFactory.java src/share/classes/javax/crypto/SecretKeyFactorySpi.java src/share/classes/javax/crypto/spec/DESKeySpec.java src/share/classes/javax/crypto/spec/DESedeKeySpec.java src/share/classes/javax/crypto/spec/IvParameterSpec.java src/share/classes/javax/crypto/spec/PBEKeySpec.java src/share/classes/javax/crypto/spec/PBEParameterSpec.java src/share/classes/javax/crypto/spec/PSource.java src/share/classes/javax/crypto/spec/RC2ParameterSpec.java src/share/classes/javax/crypto/spec/RC5ParameterSpec.java src/share/classes/javax/crypto/spec/SecretKeySpec.java src/share/classes/sun/security/acl/AclEntryImpl.java src/share/classes/sun/security/action/PutAllAction.java src/share/classes/sun/security/ec/ECDSASignature.java src/share/classes/sun/security/ec/ECKeyFactory.java src/share/classes/sun/security/ec/ECParameters.java src/share/classes/sun/security/jca/GetInstance.java src/share/classes/sun/security/jca/ProviderList.java src/share/classes/sun/security/jca/Providers.java src/share/classes/sun/security/jgss/GSSUtil.java src/share/classes/sun/security/jgss/krb5/CipherHelper.java src/share/classes/sun/security/jgss/krb5/Krb5Context.java src/share/classes/sun/security/jgss/krb5/Krb5Util.java src/share/classes/sun/security/jgss/krb5/MessageToken.java src/share/classes/sun/security/jgss/krb5/SubjectComber.java src/share/classes/sun/security/jgss/spnego/SpNegoContext.java src/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java src/share/classes/sun/security/krb5/Checksum.java src/share/classes/sun/security/krb5/Config.java src/share/classes/sun/security/krb5/KrbServiceLocator.java src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java src/share/classes/sun/security/pkcs/ContentInfo.java src/share/classes/sun/security/pkcs/PKCS10.java src/share/classes/sun/security/pkcs/PKCS7.java src/share/classes/sun/security/pkcs/PKCS8Key.java src/share/classes/sun/security/pkcs/PKCS9Attribute.java src/share/classes/sun/security/pkcs/SignerInfo.java src/share/classes/sun/security/pkcs11/Config.java src/share/classes/sun/security/pkcs11/P11Cipher.java src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java src/share/classes/sun/security/pkcs11/P11Key.java src/share/classes/sun/security/pkcs11/P11KeyAgreement.java src/share/classes/sun/security/pkcs11/P11KeyFactory.java src/share/classes/sun/security/pkcs11/P11KeyStore.java src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java src/share/classes/sun/security/pkcs11/P11Signature.java src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java src/share/classes/sun/security/pkcs11/P11Util.java src/share/classes/sun/security/pkcs11/Secmod.java src/share/classes/sun/security/pkcs11/wrapper/Functions.java src/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java src/share/classes/sun/security/pkcs11/wrapper/PKCS11RuntimeException.java src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java src/share/classes/sun/security/provider/DSAKeyFactory.java src/share/classes/sun/security/provider/DSAParameters.java src/share/classes/sun/security/provider/MD4.java src/share/classes/sun/security/provider/PolicyFile.java src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java src/share/classes/sun/security/provider/certpath/Builder.java src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java src/share/classes/sun/security/provider/certpath/ForwardBuilder.java src/share/classes/sun/security/provider/certpath/ForwardState.java src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java src/share/classes/sun/security/provider/certpath/OCSP.java src/share/classes/sun/security/provider/certpath/OCSPChecker.java src/share/classes/sun/security/provider/certpath/OCSPResponse.java src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java src/share/classes/sun/security/provider/certpath/PolicyChecker.java src/share/classes/sun/security/provider/certpath/ReverseState.java src/share/classes/sun/security/provider/certpath/URICertStore.java src/share/classes/sun/security/provider/certpath/Vertex.java src/share/classes/sun/security/provider/certpath/X509CertPath.java src/share/classes/sun/security/rsa/RSAKeyFactory.java src/share/classes/sun/security/rsa/RSASignature.java src/share/classes/sun/security/ssl/CipherSuite.java src/share/classes/sun/security/ssl/HandshakeMessage.java src/share/classes/sun/security/ssl/Handshaker.java src/share/classes/sun/security/ssl/JsseJce.java src/share/classes/sun/security/ssl/SSLEngineImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/share/classes/sun/security/ssl/X509KeyManagerImpl.java src/share/classes/sun/security/timestamp/HttpTimestamper.java src/share/classes/sun/security/timestamp/TSResponse.java src/share/classes/sun/security/tools/JarSigner.java src/share/classes/sun/security/tools/KeyTool.java src/share/classes/sun/security/tools/TimestampedSigner.java src/share/classes/sun/security/tools/policytool/PolicyTool.java src/share/classes/sun/security/util/Cache.java src/share/classes/sun/security/util/ManifestDigester.java src/share/classes/sun/security/util/Password.java src/share/classes/sun/security/util/SignatureFileVerifier.java src/share/classes/sun/security/validator/SimpleValidator.java src/share/classes/sun/security/x509/AVA.java src/share/classes/sun/security/x509/AccessDescription.java src/share/classes/sun/security/x509/AlgorithmId.java src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java src/share/classes/sun/security/x509/CRLDistributionPointsExtension.java src/share/classes/sun/security/x509/CRLExtensions.java src/share/classes/sun/security/x509/CRLNumberExtension.java src/share/classes/sun/security/x509/CRLReasonCodeExtension.java src/share/classes/sun/security/x509/CertAndKeyGen.java src/share/classes/sun/security/x509/CertificateAlgorithmId.java src/share/classes/sun/security/x509/CertificateExtensions.java src/share/classes/sun/security/x509/CertificateIssuerExtension.java src/share/classes/sun/security/x509/CertificateIssuerUniqueIdentity.java src/share/classes/sun/security/x509/CertificatePoliciesExtension.java src/share/classes/sun/security/x509/CertificatePolicyId.java src/share/classes/sun/security/x509/CertificateSerialNumber.java src/share/classes/sun/security/x509/CertificateSubjectUniqueIdentity.java src/share/classes/sun/security/x509/CertificateValidity.java src/share/classes/sun/security/x509/CertificateVersion.java src/share/classes/sun/security/x509/CertificateX509Key.java src/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java src/share/classes/sun/security/x509/Extension.java src/share/classes/sun/security/x509/InhibitAnyPolicyExtension.java src/share/classes/sun/security/x509/InvalidityDateExtension.java src/share/classes/sun/security/x509/IssuerAlternativeNameExtension.java src/share/classes/sun/security/x509/KeyUsageExtension.java src/share/classes/sun/security/x509/NameConstraintsExtension.java src/share/classes/sun/security/x509/NetscapeCertTypeExtension.java src/share/classes/sun/security/x509/OIDMap.java src/share/classes/sun/security/x509/OIDName.java src/share/classes/sun/security/x509/OtherName.java src/share/classes/sun/security/x509/PolicyConstraintsExtension.java src/share/classes/sun/security/x509/PolicyInformation.java src/share/classes/sun/security/x509/PolicyMappingsExtension.java src/share/classes/sun/security/x509/PrivateKeyUsageExtension.java src/share/classes/sun/security/x509/RDN.java src/share/classes/sun/security/x509/SubjectAlternativeNameExtension.java src/share/classes/sun/security/x509/SubjectInfoAccessExtension.java src/share/classes/sun/security/x509/SubjectKeyIdentifierExtension.java src/share/classes/sun/security/x509/X500Name.java src/share/classes/sun/security/x509/X509CRLEntryImpl.java src/share/classes/sun/security/x509/X509CRLImpl.java src/share/classes/sun/security/x509/X509CertImpl.java src/share/classes/sun/security/x509/X509CertInfo.java src/share/classes/sun/security/x509/X509Key.java src/windows/classes/sun/security/mscapi/KeyStore.java src/windows/classes/sun/security/mscapi/PRNG.java src/windows/classes/sun/security/mscapi/RSAPrivateKey.java src/windows/classes/sun/security/mscapi/RSAPublicKey.java src/windows/classes/sun/security/mscapi/RSASignature.java src/windows/classes/sun/security/mscapi/SunMSCAPI.java
diffstat 238 files changed, 1950 insertions(+), 2081 deletions(-) [+]
line wrap: on
line diff
--- a/make/com/sun/crypto/provider/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/com/sun/crypto/provider/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -113,6 +113,9 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS = false
+JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
+JAVAC_WARNINGS_FATAL = true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/com/sun/security/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/com/sun/security/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,9 @@
 #
 
 BUILDDIR = ../../..
+SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=false
+SUBDIRS_MAKEFLAGS += JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
+SUBDIRS_MAKEFLAGS += JAVAC_WARNINGS_FATAL=true
 include $(BUILDDIR)/common/Defs.gmk
 
 SUBDIRS = auth
--- a/make/java/security/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/java/security/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -26,6 +26,9 @@
 BUILDDIR = ../..
 PACKAGE = java.security
 PRODUCT = sun
+JAVAC_MAX_WARNINGS = false
+JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation
+JAVAC_WARNINGS_FATAL = true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/javax/crypto/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/javax/crypto/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -128,6 +128,8 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS = true
+JAVAC_WARNINGS_FATAL = true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/sun/security/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/sun/security/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -34,6 +34,8 @@
 #
 
 BUILDDIR = ../..
+SUBDIRS_MAKEFLAGS += JAVAC_MAX_WARNINGS=true
+SUBDIRS_MAKEFLAGS += JAVAC_WARNINGS_FATAL=true
 include $(BUILDDIR)/common/Defs.gmk
 
 # build sun/security/jgss/wrapper on non-windows platform
--- a/make/sun/security/ec/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/sun/security/ec/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -109,6 +109,9 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
+JAVAC_WARNINGS_FATAL=true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/sun/security/other/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/sun/security/other/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,9 @@
 BUILDDIR = ../../..
 PACKAGE = sun.security.other
 PRODUCT = sun
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
+JAVAC_WARNINGS_FATAL=true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/make/sun/security/pkcs11/Makefile	Mon Aug 15 12:56:01 2011 -0700
+++ b/make/sun/security/pkcs11/Makefile	Mon Aug 15 11:48:20 2011 -0700
@@ -110,6 +110,9 @@
   endif
 endif
 
+JAVAC_MAX_WARNINGS=false
+JAVAC_LINT_OPTIONS=-Xlint:all,-deprecation
+JAVAC_WARNINGS_FATAL=true
 include $(BUILDDIR)/common/Defs.gmk
 
 #
--- a/src/share/classes/com/sun/crypto/provider/AESCrypt.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/AESCrypt.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -245,7 +245,7 @@
                     for (j = 0; j < 8; j++) {
                         tmp = AA[i][j];
                         AA[i][j] = AA[t][j];
-                        AA[t][j] = (byte) tmp;
+                        AA[t][j] = tmp;
                     }
                     pivot = AA[i][i];
                 }
--- a/src/share/classes/com/sun/crypto/provider/AESParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/AESParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the AES algorithm
@@ -67,9 +64,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import sun.misc.HexDumpEncoder;
@@ -64,7 +63,7 @@
             throw new InvalidParameterSpecException("IV not " +
                         block_size + " bytes long");
         }
-        iv = (byte[]) tmpIv.clone();
+        iv = tmpIv.clone();
     }
 
     void init(byte[] encoded) throws IOException {
@@ -90,11 +89,11 @@
         init(encoded);
     }
 
-    AlgorithmParameterSpec getParameterSpec(Class paramSpec)
+    <T extends AlgorithmParameterSpec> T getParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException
     {
         if (IvParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new IvParameterSpec(this.iv);
+            return paramSpec.cast(new IvParameterSpec(this.iv));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/BlowfishParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the Blowfish algorithm in
@@ -68,9 +65,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -193,7 +193,7 @@
             // This is necessary because in this constellation, a
             // ciphertext block (or parts of it) will be overridden by
             // the plaintext result.
-            cipherOrig = (byte[])cipher.clone();
+            cipherOrig = cipher.clone();
         }
 
         for (; cipherOffset < endIndex;
--- a/src/share/classes/com/sun/crypto/provider/CipherCore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/CipherCore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -301,7 +301,7 @@
      */
     byte[] getIV() {
         byte[] iv = cipher.getIV();
-        return (iv == null) ? null : (byte[])iv.clone();
+        return (iv == null) ? null : iv.clone();
     }
 
     /**
@@ -475,8 +475,7 @@
         IvParameterSpec ivSpec = null;
         if (params != null) {
             try {
-                ivSpec = (IvParameterSpec)params.getParameterSpec
-                    (IvParameterSpec.class);
+                ivSpec = params.getParameterSpec(IvParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException("Wrong parameter "
                                                              + "type: IV "
@@ -832,7 +831,7 @@
         buffered = 0;
         diffBlocksize = blockSize;
         if (cipherMode != ECB_MODE) {
-            ((FeedbackCipher)cipher).reset();
+            cipher.reset();
         }
         return totalLen;
     }
--- a/src/share/classes/com/sun/crypto/provider/DESCrypt.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESCrypt.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -622,17 +622,17 @@
             // mangler function:
             // every 6 bit is fed into the sbox, which
             // produces 4-bit output
-            left ^= s0p[(int)((temp & 0x3f) ^ key[j+0])]
-                ^ s1p[(int)(((temp >>  4) & 0x3f) ^ key[j+1])]
-                ^ s2p[(int)(((temp >>  8) & 0x3f) ^ key[j+2])]
-                ^ s3p[(int)(((temp >> 12) & 0x3f) ^ key[j+3])]
-                ^ s4p[(int)(((temp >> 16) & 0x3f) ^ key[j+4])]
-                ^ s5p[(int)(((temp >> 20) & 0x3f) ^ key[j+5])]
-                ^ s6p[(int)(((temp >> 24) & 0x3f) ^ key[j+6])];
+            left ^= s0p[(temp & 0x3f) ^ key[j+0]]
+                ^ s1p[((temp >>  4) & 0x3f) ^ key[j+1]]
+                ^ s2p[((temp >>  8) & 0x3f) ^ key[j+2]]
+                ^ s3p[((temp >> 12) & 0x3f) ^ key[j+3]]
+                ^ s4p[((temp >> 16) & 0x3f) ^ key[j+4]]
+                ^ s5p[((temp >> 20) & 0x3f) ^ key[j+5]]
+                ^ s6p[((temp >> 24) & 0x3f) ^ key[j+6]];
 
             // make the last sbox input the last bit from right[0]
             temp = ((right & 1) << 5) | ((right >> 27) & 0x1f);
-            left ^= s7p[(int)(temp ^ key[j+7])];
+            left ^= s7p[temp ^ key[j+7]];
             temp = left;
             left = right;
             right = temp;
--- a/src/share/classes/com/sun/crypto/provider/DESKey.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESKey.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,7 @@
     public byte[] getEncoded() {
         // Return a copy of the key, rather than a reference,
         // so that the key data cannot be modified from outside
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -126,7 +126,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -92,7 +92,7 @@
      * inappropriate for the given key, or the given key cannot be processed
      * (e.g., the given key has an unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
         throws InvalidKeySpecException {
 
         try {
--- a/src/share/classes/com/sun/crypto/provider/DESParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the DES algorithm in
@@ -68,9 +65,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeKey.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeKey.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -127,7 +127,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -92,7 +92,7 @@
      * inappropriate for the given key, or the given key cannot be processed
      * (e.g., the given key has an unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
         throws InvalidKeySpecException {
 
         try {
--- a/src/share/classes/com/sun/crypto/provider/DESedeParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,13 +25,10 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
-import sun.security.util.*;
 import java.security.AlgorithmParametersSpi;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
-import javax.crypto.spec.IvParameterSpec;
 
 /**
  * This class implements the parameter (IV) used with the Triple DES algorithm
@@ -67,9 +64,15 @@
         core.init(encoded, decodingMethod);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
-        return core.getParameterSpec(paramSpec);
+        if (AlgorithmParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return core.getParameterSpec(paramSpec);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter Specification");
+        }
     }
 
     protected byte[] engineGetEncoded() throws IOException {
--- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.Arrays;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@@ -151,7 +150,7 @@
      * been set.
      */
     protected byte[] engineGetIV() {
-        return (iv == null? null:(byte[]) iv.clone());
+        return (iv == null) ? null : iv.clone();
     }
 
     /**
@@ -277,8 +276,7 @@
             try {
                 DESedeParameters paramsEng = new DESedeParameters();
                 paramsEng.engineInit(params.getEncoded());
-                ivSpec = (IvParameterSpec)
-                    paramsEng.engineGetParameterSpec(IvParameterSpec.class);
+                ivSpec = paramsEng.engineGetParameterSpec(IvParameterSpec.class);
             } catch (Exception ex) {
                 InvalidAlgorithmParameterException iape =
                     new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
-import java.lang.*;
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.PrivateKey;
@@ -140,7 +138,8 @@
      * inappropriate for the given key, or the given key cannot be processed
      * (e.g., the given key has an unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(Key key, Class keySpec)
+    protected <T extends KeySpec>
+        T engineGetKeySpec(Key key, Class<T> keySpec)
         throws InvalidKeySpecException {
         DHParameterSpec params;
 
@@ -150,12 +149,12 @@
                 javax.crypto.interfaces.DHPublicKey dhPubKey
                     = (javax.crypto.interfaces.DHPublicKey) key;
                 params = dhPubKey.getParams();
-                return new DHPublicKeySpec(dhPubKey.getY(),
-                                           params.getP(),
-                                           params.getG());
+                return keySpec.cast(new DHPublicKeySpec(dhPubKey.getY(),
+                                                        params.getP(),
+                                                        params.getG()));
 
             } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return new X509EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
 
             } else {
                 throw new InvalidKeySpecException
@@ -168,12 +167,12 @@
                 javax.crypto.interfaces.DHPrivateKey dhPrivKey
                     = (javax.crypto.interfaces.DHPrivateKey)key;
                 params = dhPrivKey.getParams();
-                return new DHPrivateKeySpec(dhPrivKey.getX(),
-                                            params.getP(),
-                                            params.getG());
+                return keySpec.cast(new DHPrivateKeySpec(dhPrivKey.getX(),
+                                                         params.getP(),
+                                                         params.getG()));
 
             } else if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return new PKCS8EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
 
             } else {
                 throw new InvalidKeySpecException
@@ -208,8 +207,7 @@
                 }
                 // Convert key to spec
                 DHPublicKeySpec dhPubKeySpec
-                    = (DHPublicKeySpec)engineGetKeySpec
-                    (key, DHPublicKeySpec.class);
+                    = engineGetKeySpec(key, DHPublicKeySpec.class);
                 // Create key from spec, and return it
                 return engineGeneratePublic(dhPubKeySpec);
 
@@ -220,8 +218,7 @@
                 }
                 // Convert key to spec
                 DHPrivateKeySpec dhPrivKeySpec
-                    = (DHPrivateKeySpec)engineGetKeySpec
-                    (key, DHPrivateKeySpec.class);
+                    = engineGetKeySpec(key, DHPrivateKeySpec.class);
                 // Create key from spec, and return it
                 return engineGeneratePrivate(dhPrivKeySpec);
 
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.spec.DHParameterSpec;
@@ -141,8 +140,7 @@
             paramGen = AlgorithmParameterGenerator.getInstance("DSA");
             paramGen.init(this.primeSize, random);
             algParams = paramGen.generateParameters();
-            dsaParamSpec = (DSAParameterSpec)
-                algParams.getParameterSpec(DSAParameterSpec.class);
+            dsaParamSpec = algParams.getParameterSpec(DSAParameterSpec.class);
 
             DHParameterSpec dhParamSpec;
             if (this.exponentSize > 0) {
--- a/src/share/classes/com/sun/crypto/provider/DHParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import java.math.BigInteger;
@@ -95,11 +94,12 @@
             engineInit(params);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
 
         if (DHParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new DHParameterSpec(this.p, this.g, this.l);
+            return paramSpec.cast(new DHParameterSpec(this.p, this.g, this.l));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter Specification");
--- a/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@
 import java.security.PrivateKey;
 import java.security.InvalidKeyException;
 import java.security.ProviderException;
-import javax.crypto.*;
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.util.*;
 
@@ -182,7 +181,7 @@
 
             // ignore OPTIONAL attributes
 
-            this.encodedKey = (byte[])encodedKey.clone();
+            this.encodedKey = encodedKey.clone();
 
         } catch (NumberFormatException e) {
             InvalidKeyException ike = new InvalidKeyException(
@@ -256,7 +255,7 @@
                 return null;
             }
         }
-        return (byte[])this.encodedKey.clone();
+        return this.encodedKey.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,10 +29,8 @@
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
-import java.security.InvalidAlgorithmParameterException;
 import java.security.ProviderException;
 import java.security.PublicKey;
-import javax.crypto.*;
 import javax.crypto.spec.DHParameterSpec;
 import sun.security.util.*;
 
@@ -174,7 +172,7 @@
                 throw new InvalidKeyException("Excess key data");
             }
 
-            this.encodedKey = (byte[])encodedKey.clone();
+            this.encodedKey = encodedKey.clone();
 
         } catch (NumberFormatException e) {
             throw new InvalidKeyException("Private-value length too big");
@@ -237,7 +235,7 @@
                 return null;
             }
         }
-        return (byte[])this.encodedKey.clone();
+        return this.encodedKey.clone();
     }
 
     /**
--- a/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -77,7 +77,7 @@
         if (seq[1].data.available() != 0)
             throw new IOException("encryptedData field overrun");
 
-        this.encoded = (byte[])encoded.clone();
+        this.encoded = encoded.clone();
     }
 
     /**
@@ -86,7 +86,7 @@
      */
     EncryptedPrivateKeyInfo(AlgorithmId algid, byte[] encryptedData) {
         this.algid = algid;
-        this.encryptedData = (byte[])encryptedData.clone();
+        this.encryptedData = encryptedData.clone();
         this.encoded = null; // lazy generation of encoding
     }
 
@@ -101,7 +101,7 @@
      * Returns the encrypted data.
      */
     byte[] getEncryptedData() {
-        return (byte[])this.encryptedData.clone();
+        return this.encryptedData.clone();
     }
 
     /**
@@ -110,7 +110,7 @@
     byte[] getEncoded()
         throws IOException
     {
-        if (this.encoded != null) return (byte[])this.encoded.clone();
+        if (this.encoded != null) return this.encoded.clone();
 
         DerOutputStream out = new DerOutputStream();
         DerOutputStream tmp = new DerOutputStream();
@@ -125,6 +125,6 @@
         out.write(DerValue.tag_Sequence, tmp);
         this.encoded = out.toByteArray();
 
-        return (byte[])this.encoded.clone();
+        return this.encoded.clone();
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/HmacCore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/HmacCore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,8 +78,8 @@
     private HmacCore(HmacCore other) throws CloneNotSupportedException {
         this.md = (MessageDigest)other.md.clone();
         this.blockLen = other.blockLen;
-        this.k_ipad = (byte[])other.k_ipad.clone();
-        this.k_opad = (byte[])other.k_opad.clone();
+        this.k_ipad = other.k_ipad.clone();
+        this.k_opad = other.k_opad.clone();
         this.first = other.first;
     }
 
--- a/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/JceKeyStore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,9 +38,7 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
 import javax.crypto.SealedObject;
 
 /**
@@ -87,7 +85,7 @@
      * Private keys and certificates are stored in a hashtable.
      * Hash entries are keyed by alias names.
      */
-    private Hashtable entries = new Hashtable();
+    private Hashtable<String, Object> entries = new Hashtable<String, Object>();
 
     /**
      * Returns the key associated with the given alias, using the given
@@ -156,7 +154,7 @@
 
         if ((entry instanceof PrivateKeyEntry)
             && (((PrivateKeyEntry)entry).chain != null)) {
-            chain = (Certificate[])((PrivateKeyEntry)entry).chain.clone();
+            chain = ((PrivateKeyEntry)entry).chain.clone();
         }
 
         return chain;
@@ -262,7 +260,7 @@
                     // clone the chain
                     if ((chain != null) &&
                         (chain.length !=0)) {
-                        entry.chain = (Certificate[])chain.clone();
+                        entry.chain = chain.clone();
                     } else {
                         entry.chain = null;
                     }
@@ -316,10 +314,10 @@
             PrivateKeyEntry entry = new PrivateKeyEntry();
             entry.date = new Date();
 
-            entry.protectedKey = (byte[])key.clone();
+            entry.protectedKey = key.clone();
             if ((chain != null) &&
                 (chain.length != 0)) {
-                entry.chain = (Certificate[])chain.clone();
+                entry.chain = chain.clone();
             } else {
                 entry.chain = null;
             }
@@ -384,7 +382,7 @@
      *
      * @return enumeration of the alias names
      */
-    public Enumeration engineAliases() {
+    public Enumeration<String> engineAliases() {
         return entries.keys();
     }
 
@@ -462,9 +460,9 @@
     public String engineGetCertificateAlias(Certificate cert) {
         Certificate certElem;
 
-        Enumeration e = entries.keys();
+        Enumeration<String> e = entries.keys();
         while (e.hasMoreElements()) {
-            String alias = (String)e.nextElement();
+            String alias = e.nextElement();
             Object entry = entries.get(alias);
             if (entry instanceof TrustedCertEntry) {
                 certElem = ((TrustedCertEntry)entry).cert;
@@ -560,10 +558,10 @@
 
                 dos.writeInt(entries.size());
 
-                Enumeration e = entries.keys();
+                Enumeration<String> e = entries.keys();
                 while (e.hasMoreElements()) {
 
-                    String alias = (String)e.nextElement();
+                    String alias = e.nextElement();
                     Object entry = entries.get(alias);
 
                     if (entry instanceof PrivateKeyEntry) {
@@ -677,7 +675,7 @@
             DataInputStream dis;
             MessageDigest md = null;
             CertificateFactory cf = null;
-            Hashtable cfs = null;
+            Hashtable<String, CertificateFactory> cfs = null;
             ByteArrayInputStream bais = null;
             byte[] encoded = null;
 
@@ -713,7 +711,7 @@
                     cf = CertificateFactory.getInstance("X509");
                 } else {
                     // version 2
-                    cfs = new Hashtable(3);
+                    cfs = new Hashtable<String, CertificateFactory>(3);
                 }
 
                 entries.clear();
@@ -761,7 +759,7 @@
                                 String certType = dis.readUTF();
                                 if (cfs.containsKey(certType)) {
                                 // reuse certificate factory
-                                    cf = (CertificateFactory)cfs.get(certType);
+                                    cf = cfs.get(certType);
                                 } else {
                                 // create new certificate factory
                                     cf = CertificateFactory.getInstance(
@@ -803,7 +801,7 @@
                             String certType = dis.readUTF();
                             if (cfs.containsKey(certType)) {
                                 // reuse certificate factory
-                                cf = (CertificateFactory)cfs.get(certType);
+                                cf = cfs.get(certType);
                             } else {
                                 // create new certificate factory
                                 cf = CertificateFactory.getInstance(certType);
--- a/src/share/classes/com/sun/crypto/provider/KeyProtector.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/KeyProtector.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,8 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.io.IOException;
 import java.io.Serializable;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.ObjectInputStream.GetField;
 import java.security.Security;
 import java.security.Key;
 import java.security.PrivateKey;
@@ -42,22 +36,14 @@
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
-import java.security.InvalidParameterException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
 import java.security.AlgorithmParameters;
-import java.security.spec.InvalidParameterSpecException;
-import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherSpi;
 import javax.crypto.SecretKey;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.BadPaddingException;
 import javax.crypto.SealedObject;
 import javax.crypto.spec.*;
 import sun.security.x509.AlgorithmId;
@@ -127,7 +113,7 @@
         PBEWithMD5AndTripleDESCipher cipher;
         cipher = new PBEWithMD5AndTripleDESCipher();
         cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
-        byte[] plain = (byte[])key.getEncoded();
+        byte[] plain = key.getEncoded();
         byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
 
         // wrap encrypted private key in EncryptedPrivateKeyInfo
@@ -169,8 +155,8 @@
                 AlgorithmParameters pbeParams =
                     AlgorithmParameters.getInstance("PBE");
                 pbeParams.init(encodedParams);
-                PBEParameterSpec pbeSpec = (PBEParameterSpec)
-                    pbeParams.getParameterSpec(PBEParameterSpec.class);
+                PBEParameterSpec pbeSpec =
+                        pbeParams.getParameterSpec(PBEParameterSpec.class);
 
                 // create PBE key from password
                 PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
--- a/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package com.sun.crypto.provider;
 
 import java.math.BigInteger;
-import java.util.*;
 import java.io.*;
 import sun.security.util.*;
 import sun.security.x509.*;
@@ -180,11 +179,13 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+        T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
         if (OAEPParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new OAEPParameterSpec(mdName, "MGF1", mgfSpec,
-                new PSource.PSpecified(p));
+            return paramSpec.cast(
+                new OAEPParameterSpec(mdName, "MGF1", mgfSpec,
+                                      new PSource.PSpecified(p)));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBECipherCore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBECipherCore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@@ -326,8 +325,7 @@
         PBEParameterSpec pbeSpec = null;
         if (params != null) {
             try {
-                pbeSpec = (PBEParameterSpec) params.getParameterSpec
-                    (PBEParameterSpec.class);
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException("Wrong parameter "
                                                              + "type: PBE "
--- a/src/share/classes/com/sun/crypto/provider/PBEKey.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEKey.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.KeyRep;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.SecretKey;
@@ -69,7 +68,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     public String getAlgorithm() {
@@ -118,7 +117,7 @@
          throws java.io.IOException, ClassNotFoundException
     {
         s.defaultReadObject();
-        key = (byte[])key.clone();
+        key = key.clone();
     }
 
 
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
@@ -132,7 +131,7 @@
      * inappropriate for the given key, or the given key cannot be processed
      * (e.g., the given key has an unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl)
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
         throws InvalidKeySpecException {
         if ((key instanceof SecretKey)
             && (validTypes.contains(key.getAlgorithm().toUpperCase()))
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.util.*;
 import java.io.*;
 import java.math.BigInteger;
 import java.security.AlgorithmParametersSpi;
@@ -65,7 +64,7 @@
            throw new InvalidParameterSpecException
                ("Inappropriate parameter specification");
        }
-       this.salt = (byte[])((PBEParameterSpec)paramSpec).getSalt().clone();
+       this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
        this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
     }
 
@@ -98,11 +97,12 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException
     {
         if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return new PBEParameterSpec(this.salt, this.iCount);
+            return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,12 @@
 
 package com.sun.crypto.provider;
 
-import java.io.*;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactorySpi;
 import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements a key factory for PBE keys derived using
@@ -88,7 +86,7 @@
      * given key cannot be processed (e.g., the given key has an
      * unrecognized algorithm or format).
      */
-    protected KeySpec engineGetKeySpec(SecretKey key, Class keySpecCl)
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
         throws InvalidKeySpecException {
         if (key instanceof javax.crypto.interfaces.PBEKey) {
             // Check if requested key spec is amongst the valid ones
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -133,6 +133,7 @@
             byte[] ti = new byte[hlen];
             // SecretKeySpec cannot be used, since password can be empty here.
             SecretKey macKey = new SecretKey() {
+                private static final long serialVersionUID = 7874493593505141603L;
                 @Override
                 public String getAlgorithm() {
                     return prf.getAlgorithm();
@@ -194,7 +195,7 @@
     }
 
     public byte[] getEncoded() {
-        return (byte[]) key.clone();
+        return key.clone();
     }
 
     public String getAlgorithm() {
@@ -206,7 +207,7 @@
     }
 
     public char[] getPassword() {
-        return (char[]) passwd.clone();
+        return passwd.clone();
     }
 
     public byte[] getSalt() {
@@ -268,7 +269,7 @@
     protected void finalize() throws Throwable {
         try {
             if (this.passwd != null) {
-                java.util.Arrays.fill(this.passwd, (char) '0');
+                java.util.Arrays.fill(this.passwd, '0');
                 this.passwd = null;
             }
             if (this.key != null) {
--- a/src/share/classes/com/sun/crypto/provider/PCBC.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/PCBC.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -145,7 +145,7 @@
         for (; plainOffset < endIndex;
              plainOffset += blockSize, cipherOffset += blockSize) {
             for (i=0; i<blockSize; i++) {
-                k[i] ^= (byte)(plain[i+plainOffset]);
+                k[i] ^= plain[i+plainOffset];
             }
             embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
             for (i = 0; i < blockSize; i++) {
--- a/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -98,8 +98,8 @@
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         if (params != null && params.getAlgorithm().equals("RC2")) {
             try {
-                RC2ParameterSpec rc2Params = (RC2ParameterSpec)
-                    params.getParameterSpec(RC2ParameterSpec.class);
+                RC2ParameterSpec rc2Params =
+                        params.getParameterSpec(RC2ParameterSpec.class);
                 engineInit(opmode, key, rc2Params, random);
             } catch (InvalidParameterSpecException ipse) {
                 throw new InvalidAlgorithmParameterException
--- a/src/share/classes/com/sun/crypto/provider/RC2Parameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RC2Parameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,6 @@
  * @author Sean Mullan
  * @since 1.5
  */
-
 public final class RC2Parameters extends AlgorithmParametersSpi {
 
     // TABLE[EKB] from section 6 of RFC 2268, used to convert effective key
@@ -177,13 +176,14 @@
         engineInit(encoded);
     }
 
-    protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec)
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
         throws InvalidParameterSpecException {
 
         if (RC2ParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return (iv == null ?
-                    new RC2ParameterSpec(effectiveKeySize) :
-                    new RC2ParameterSpec(effectiveKeySize, iv));
+            return paramSpec.cast((iv == null ?
+                                   new RC2ParameterSpec(effectiveKeySize) :
+                                   new RC2ParameterSpec(effectiveKeySize, iv)));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -227,8 +227,8 @@
             init(opmode, key, random, null);
         } else {
             try {
-                OAEPParameterSpec spec = (OAEPParameterSpec)
-                    params.getParameterSpec(OAEPParameterSpec.class);
+                OAEPParameterSpec spec =
+                        params.getParameterSpec(OAEPParameterSpec.class);
                 init(opmode, key, random, spec);
             } catch (InvalidParameterSpecException ipse) {
                 InvalidAlgorithmParameterException iape =
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,11 +27,6 @@
 
 import java.security.AccessController;
 import java.security.Provider;
-import java.security.PrivilegedAction;
-import java.security.cert.*;
-import java.net.URL;
-import java.io.ByteArrayInputStream;
-import java.security.CodeSource;
 import java.security.SecureRandom;
 
 
@@ -105,352 +100,353 @@
             "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
         final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
 
-        AccessController.doPrivileged(new java.security.PrivilegedAction() {
+        AccessController.doPrivileged(
+            new java.security.PrivilegedAction<Object>() {
                 public Object run() {
 
-                /*
-                 * Cipher engines
-                 */
-                put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
-                put("Cipher.RSA SupportedModes", "ECB");
-                put("Cipher.RSA SupportedPaddings",
-                        "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING"
-                        + "|OAEPWITHSHA1ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-1ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-256ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-384ANDMGF1PADDING"
-                        + "|OAEPWITHSHA-512ANDMGF1PADDING");
-                put("Cipher.RSA SupportedKeyClasses",
-                        "java.security.interfaces.RSAPublicKey" +
-                        "|java.security.interfaces.RSAPrivateKey");
+                    /*
+                     * Cipher engines
+                     */
+                    put("Cipher.RSA", "com.sun.crypto.provider.RSACipher");
+                    put("Cipher.RSA SupportedModes", "ECB");
+                    put("Cipher.RSA SupportedPaddings",
+                            "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING"
+                            + "|OAEPWITHSHA1ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-1ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-256ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-384ANDMGF1PADDING"
+                            + "|OAEPWITHSHA-512ANDMGF1PADDING");
+                    put("Cipher.RSA SupportedKeyClasses",
+                            "java.security.interfaces.RSAPublicKey" +
+                            "|java.security.interfaces.RSAPrivateKey");
 
-                put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
-                put("Cipher.DES SupportedModes", BLOCK_MODES);
-                put("Cipher.DES SupportedPaddings", BLOCK_PADS);
-                put("Cipher.DES SupportedKeyFormats", "RAW");
+                    put("Cipher.DES", "com.sun.crypto.provider.DESCipher");
+                    put("Cipher.DES SupportedModes", BLOCK_MODES);
+                    put("Cipher.DES SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.DES SupportedKeyFormats", "RAW");
 
-                put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
-                put("Alg.Alias.Cipher.TripleDES", "DESede");
-                put("Cipher.DESede SupportedModes", BLOCK_MODES);
-                put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
-                put("Cipher.DESede SupportedKeyFormats", "RAW");
+                    put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher");
+                    put("Alg.Alias.Cipher.TripleDES", "DESede");
+                    put("Cipher.DESede SupportedModes", BLOCK_MODES);
+                    put("Cipher.DESede SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.DESede SupportedKeyFormats", "RAW");
 
-                put("Cipher.DESedeWrap",
-                    "com.sun.crypto.provider.DESedeWrapCipher");
-                put("Cipher.DESedeWrap SupportedModes", "CBC");
-                put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
-                put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+                    put("Cipher.DESedeWrap",
+                        "com.sun.crypto.provider.DESedeWrapCipher");
+                    put("Cipher.DESedeWrap SupportedModes", "CBC");
+                    put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
+                    put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
 
-                put("Cipher.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
-                put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Cipher.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
-                put("Cipher.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Cipher.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("Cipher.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
+                    put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Cipher.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+                    put("Cipher.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Cipher.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("Cipher.Blowfish",
-                    "com.sun.crypto.provider.BlowfishCipher");
-                put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
-                put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
-                put("Cipher.Blowfish SupportedKeyFormats", "RAW");
+                    put("Cipher.Blowfish",
+                        "com.sun.crypto.provider.BlowfishCipher");
+                    put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
+                    put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.Blowfish SupportedKeyFormats", "RAW");
 
-                put("Cipher.AES", "com.sun.crypto.provider.AESCipher");
-                put("Alg.Alias.Cipher.Rijndael", "AES");
-                put("Cipher.AES SupportedModes", BLOCK_MODES128);
-                put("Cipher.AES SupportedPaddings", BLOCK_PADS);
-                put("Cipher.AES SupportedKeyFormats", "RAW");
+                    put("Cipher.AES", "com.sun.crypto.provider.AESCipher");
+                    put("Alg.Alias.Cipher.Rijndael", "AES");
+                    put("Cipher.AES SupportedModes", BLOCK_MODES128);
+                    put("Cipher.AES SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.AES SupportedKeyFormats", "RAW");
 
-                put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher");
-                put("Cipher.AESWrap SupportedModes", "ECB");
-                put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
-                put("Cipher.AESWrap SupportedKeyFormats", "RAW");
+                    put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher");
+                    put("Cipher.AESWrap SupportedModes", "ECB");
+                    put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
+                    put("Cipher.AESWrap SupportedKeyFormats", "RAW");
 
-                put("Cipher.RC2",
-                    "com.sun.crypto.provider.RC2Cipher");
-                put("Cipher.RC2 SupportedModes", BLOCK_MODES);
-                put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
-                put("Cipher.RC2 SupportedKeyFormats", "RAW");
+                    put("Cipher.RC2",
+                        "com.sun.crypto.provider.RC2Cipher");
+                    put("Cipher.RC2 SupportedModes", BLOCK_MODES);
+                    put("Cipher.RC2 SupportedPaddings", BLOCK_PADS);
+                    put("Cipher.RC2 SupportedKeyFormats", "RAW");
 
-                put("Cipher.ARCFOUR",
-                    "com.sun.crypto.provider.ARCFOURCipher");
-                put("Alg.Alias.Cipher.RC4", "ARCFOUR");
-                put("Cipher.ARCFOUR SupportedModes", "ECB");
-                put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
-                put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
+                    put("Cipher.ARCFOUR",
+                        "com.sun.crypto.provider.ARCFOURCipher");
+                    put("Alg.Alias.Cipher.RC4", "ARCFOUR");
+                    put("Cipher.ARCFOUR SupportedModes", "ECB");
+                    put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING");
+                    put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
 
-                /*
-                 *  Key(pair) Generator engines
-                 */
-                put("KeyGenerator.DES",
-                    "com.sun.crypto.provider.DESKeyGenerator");
+                    /*
+                     *  Key(pair) Generator engines
+                     */
+                    put("KeyGenerator.DES",
+                        "com.sun.crypto.provider.DESKeyGenerator");
 
-                put("KeyGenerator.DESede",
-                    "com.sun.crypto.provider.DESedeKeyGenerator");
-                put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
+                    put("KeyGenerator.DESede",
+                        "com.sun.crypto.provider.DESedeKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.TripleDES", "DESede");
 
-                put("KeyGenerator.Blowfish",
-                    "com.sun.crypto.provider.BlowfishKeyGenerator");
+                    put("KeyGenerator.Blowfish",
+                        "com.sun.crypto.provider.BlowfishKeyGenerator");
 
-                put("KeyGenerator.AES",
-                    "com.sun.crypto.provider.AESKeyGenerator");
-                put("Alg.Alias.KeyGenerator.Rijndael", "AES");
+                    put("KeyGenerator.AES",
+                        "com.sun.crypto.provider.AESKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.Rijndael", "AES");
 
-                put("KeyGenerator.RC2",
-                    "com.sun.crypto.provider.KeyGeneratorCore$" +
-                    "RC2KeyGenerator");
-                put("KeyGenerator.ARCFOUR",
-                    "com.sun.crypto.provider.KeyGeneratorCore$" +
-                    "ARCFOURKeyGenerator");
-                put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
+                    put("KeyGenerator.RC2",
+                        "com.sun.crypto.provider.KeyGeneratorCore$" +
+                        "RC2KeyGenerator");
+                    put("KeyGenerator.ARCFOUR",
+                        "com.sun.crypto.provider.KeyGeneratorCore$" +
+                        "ARCFOURKeyGenerator");
+                    put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR");
 
-                put("KeyGenerator.HmacMD5",
-                    "com.sun.crypto.provider.HmacMD5KeyGenerator");
+                    put("KeyGenerator.HmacMD5",
+                        "com.sun.crypto.provider.HmacMD5KeyGenerator");
 
-                put("KeyGenerator.HmacSHA1",
-                    "com.sun.crypto.provider.HmacSHA1KeyGenerator");
+                    put("KeyGenerator.HmacSHA1",
+                        "com.sun.crypto.provider.HmacSHA1KeyGenerator");
 
-                put("KeyGenerator.HmacSHA256",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA256KG");
-                put("KeyGenerator.HmacSHA384",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA384KG");
-                put("KeyGenerator.HmacSHA512",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG");
+                    put("KeyGenerator.HmacSHA256",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA256KG");
+                    put("KeyGenerator.HmacSHA384",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA384KG");
+                    put("KeyGenerator.HmacSHA512",
+                        "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG");
 
-                put("KeyPairGenerator.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyPairGenerator");
-                put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
-                put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
-                    "DiffieHellman");
-                /*
-                 * Algorithm parameter generation engines
-                 */
-                put("AlgorithmParameterGenerator.DiffieHellman",
-                    "com.sun.crypto.provider.DHParameterGenerator");
-                put("Alg.Alias.AlgorithmParameterGenerator.DH",
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
-                    "DiffieHellman");
+                    put("KeyPairGenerator.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyPairGenerator");
+                    put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
+                        "DiffieHellman");
+                    /*
+                     * Algorithm parameter generation engines
+                     */
+                    put("AlgorithmParameterGenerator.DiffieHellman",
+                        "com.sun.crypto.provider.DHParameterGenerator");
+                    put("Alg.Alias.AlgorithmParameterGenerator.DH",
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3,
+                        "DiffieHellman");
 
-                /*
-                 * Key Agreement engines
-                 */
-                put("KeyAgreement.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyAgreement");
-                put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
-                put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
-                put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
+                    /*
+                     * Key Agreement engines
+                     */
+                    put("KeyAgreement.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyAgreement");
+                    put("Alg.Alias.KeyAgreement.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman");
+                    put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman");
 
-                put("KeyAgreement.DiffieHellman SupportedKeyClasses",
-                    "javax.crypto.interfaces.DHPublicKey" +
-                    "|javax.crypto.interfaces.DHPrivateKey");
+                    put("KeyAgreement.DiffieHellman SupportedKeyClasses",
+                        "javax.crypto.interfaces.DHPublicKey" +
+                        "|javax.crypto.interfaces.DHPrivateKey");
 
-                /*
-                 * Algorithm Parameter engines
-                 */
-                put("AlgorithmParameters.DiffieHellman",
-                    "com.sun.crypto.provider.DHParameters");
-                put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
-                    "DiffieHellman");
+                    /*
+                     * Algorithm Parameter engines
+                     */
+                    put("AlgorithmParameters.DiffieHellman",
+                        "com.sun.crypto.provider.DHParameters");
+                    put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS3,
+                        "DiffieHellman");
 
-                put("AlgorithmParameters.DES",
-                    "com.sun.crypto.provider.DESParameters");
+                    put("AlgorithmParameters.DES",
+                        "com.sun.crypto.provider.DESParameters");
 
-                put("AlgorithmParameters.DESede",
-                    "com.sun.crypto.provider.DESedeParameters");
-                put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
+                    put("AlgorithmParameters.DESede",
+                        "com.sun.crypto.provider.DESedeParameters");
+                    put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede");
 
-                put("AlgorithmParameters.PBE",
-                    "com.sun.crypto.provider.PBEParameters");
+                    put("AlgorithmParameters.PBE",
+                        "com.sun.crypto.provider.PBEParameters");
 
-                put("AlgorithmParameters.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
+                    put("AlgorithmParameters.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
 
-                put("AlgorithmParameters.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEParameters");
+                    put("AlgorithmParameters.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEParameters");
 
-                put("AlgorithmParameters.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("AlgorithmParameters.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PBEParameters");
-                put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
+                    put("AlgorithmParameters.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
 
-                put("AlgorithmParameters.Blowfish",
-                    "com.sun.crypto.provider.BlowfishParameters");
+                    put("AlgorithmParameters.Blowfish",
+                        "com.sun.crypto.provider.BlowfishParameters");
 
-                put("AlgorithmParameters.AES",
-                    "com.sun.crypto.provider.AESParameters");
-                put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+                    put("AlgorithmParameters.AES",
+                        "com.sun.crypto.provider.AESParameters");
+                    put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
 
-                put("AlgorithmParameters.RC2",
-                    "com.sun.crypto.provider.RC2Parameters");
+                    put("AlgorithmParameters.RC2",
+                        "com.sun.crypto.provider.RC2Parameters");
 
-                put("AlgorithmParameters.OAEP",
-                    "com.sun.crypto.provider.OAEPParameters");
+                    put("AlgorithmParameters.OAEP",
+                        "com.sun.crypto.provider.OAEPParameters");
 
 
-                /*
-                 * Key factories
-                 */
-                put("KeyFactory.DiffieHellman",
-                    "com.sun.crypto.provider.DHKeyFactory");
-                put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
-                put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
-                    "DiffieHellman");
-                put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
-                /*
-                 * Secret-key factories
-                 */
-                put("SecretKeyFactory.DES",
-                    "com.sun.crypto.provider.DESKeyFactory");
+                    /*
+                     * Key factories
+                     */
+                    put("KeyFactory.DiffieHellman",
+                        "com.sun.crypto.provider.DHKeyFactory");
+                    put("Alg.Alias.KeyFactory.DH", "DiffieHellman");
+                    put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
+                        "DiffieHellman");
+                    put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+                    /*
+                     * Secret-key factories
+                     */
+                    put("SecretKeyFactory.DES",
+                        "com.sun.crypto.provider.DESKeyFactory");
 
-                put("SecretKeyFactory.DESede",
-                    "com.sun.crypto.provider.DESedeKeyFactory");
-                put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
+                    put("SecretKeyFactory.DESede",
+                        "com.sun.crypto.provider.DESedeKeyFactory");
+                    put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede");
 
-                put("SecretKeyFactory.PBEWithMD5AndDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
-                put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
-                    "PBEWithMD5AndDES");
+                    put("SecretKeyFactory.PBEWithMD5AndDES",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
+                    put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES,
+                        "PBEWithMD5AndDES");
 
-                put("Alg.Alias.SecretKeyFactory.PBE",
-                    "PBEWithMD5AndDES");
+                    put("Alg.Alias.SecretKeyFactory.PBE",
+                        "PBEWithMD5AndDES");
 
-                /*
-                 * Internal in-house crypto algorithm used for
-                 * the JCEKS keystore type.  Since this was developed
-                 * internally, there isn't an OID corresponding to this
-                 * algorithm.
-                 */
-                put("SecretKeyFactory.PBEWithMD5AndTripleDES",
-                    "com.sun.crypto.provider.PBEKeyFactory$" +
-                    "PBEWithMD5AndTripleDES"
-                    );
+                    /*
+                     * Internal in-house crypto algorithm used for
+                     * the JCEKS keystore type.  Since this was developed
+                     * internally, there isn't an OID corresponding to this
+                     * algorithm.
+                     */
+                    put("SecretKeyFactory.PBEWithMD5AndTripleDES",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithMD5AndTripleDES"
+                        );
 
-                put("SecretKeyFactory.PBEWithSHA1AndDESede",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
-                    "PBEWithSHA1AndDESede");
+                    put("SecretKeyFactory.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
 
-                put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
-                    "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
-                    );
-                put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
-                    "PBEWithSHA1AndRC2_40");
+                    put("SecretKeyFactory.PBEWithSHA1AndRC2_40",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
+                        "PBEWithSHA1AndRC2_40");
 
-                put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                    "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
-                put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
-                    "PBKDF2WithHmacSHA1");
-                put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
-                    "PBKDF2WithHmacSHA1");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA1",
+                        "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
+                        "PBKDF2WithHmacSHA1");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
+                        "PBKDF2WithHmacSHA1");
 
-                /*
-                 * MAC
-                 */
-                put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
-                put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
-                put("Mac.HmacSHA256",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA256");
-                put("Mac.HmacSHA384",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA384");
-                put("Mac.HmacSHA512",
-                    "com.sun.crypto.provider.HmacCore$HmacSHA512");
-                put("Mac.HmacPBESHA1",
-                    "com.sun.crypto.provider.HmacPKCS12PBESHA1");
+                    /*
+                     * MAC
+                     */
+                    put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
+                    put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
+                    put("Mac.HmacSHA256",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA256");
+                    put("Mac.HmacSHA384",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA384");
+                    put("Mac.HmacSHA512",
+                        "com.sun.crypto.provider.HmacCore$HmacSHA512");
+                    put("Mac.HmacPBESHA1",
+                        "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
-                put("Mac.SslMacMD5",
-                    "com.sun.crypto.provider.SslMacCore$SslMacMD5");
-                put("Mac.SslMacSHA1",
-                    "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
+                    put("Mac.SslMacMD5",
+                        "com.sun.crypto.provider.SslMacCore$SslMacMD5");
+                    put("Mac.SslMacSHA1",
+                        "com.sun.crypto.provider.SslMacCore$SslMacSHA1");
 
-                put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
-                put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
-                put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
-                put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
-                put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
+                    put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
 
-                /*
-                 * KeyStore
-                 */
-                put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
+                    /*
+                     * KeyStore
+                     */
+                    put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore");
 
-                /*
-                 * SSL/TLS mechanisms
-                 *
-                 * These are strictly internal implementations and may
-                 * be changed at any time.  These names were chosen
-                 * because PKCS11/SunPKCS11 does not yet have TLS1.2
-                 * mechanisms, and it will cause calls to come here.
-                 */
-                put("KeyGenerator.SunTlsPrf",
-                        "com.sun.crypto.provider.TlsPrfGenerator$V10");
-                put("KeyGenerator.SunTls12Prf",
-                        "com.sun.crypto.provider.TlsPrfGenerator$V12");
+                    /*
+                     * SSL/TLS mechanisms
+                     *
+                     * These are strictly internal implementations and may
+                     * be changed at any time.  These names were chosen
+                     * because PKCS11/SunPKCS11 does not yet have TLS1.2
+                     * mechanisms, and it will cause calls to come here.
+                     */
+                    put("KeyGenerator.SunTlsPrf",
+                            "com.sun.crypto.provider.TlsPrfGenerator$V10");
+                    put("KeyGenerator.SunTls12Prf",
+                            "com.sun.crypto.provider.TlsPrfGenerator$V12");
 
-                put("KeyGenerator.SunTlsMasterSecret",
-                    "com.sun.crypto.provider.TlsMasterSecretGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
-                    "SunTlsMasterSecret");
+                    put("KeyGenerator.SunTlsMasterSecret",
+                        "com.sun.crypto.provider.TlsMasterSecretGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12MasterSecret",
+                        "SunTlsMasterSecret");
 
-                put("KeyGenerator.SunTlsKeyMaterial",
-                    "com.sun.crypto.provider.TlsKeyMaterialGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
-                    "SunTlsKeyMaterial");
+                    put("KeyGenerator.SunTlsKeyMaterial",
+                        "com.sun.crypto.provider.TlsKeyMaterialGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
+                        "SunTlsKeyMaterial");
 
-                put("KeyGenerator.SunTlsRsaPremasterSecret",
-                    "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
-                put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
-                    "SunTlsRsaPremasterSecret");
+                    put("KeyGenerator.SunTlsRsaPremasterSecret",
+                        "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator");
+                    put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret",
+                        "SunTlsRsaPremasterSecret");
 
-                return null;
-            }
-        });
+                    return null;
+                }
+            });
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@
 import javax.crypto.*;
 import javax.crypto.spec.*;
 
-import sun.security.internal.interfaces.TlsMasterSecret;
 import sun.security.internal.spec.*;
 
 import static com.sun.crypto.provider.TlsPrfGenerator.*;
--- a/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -140,6 +140,7 @@
     }
 
     private static final class TlsMasterSecretKey implements TlsMasterSecret {
+        private static final long serialVersionUID = 1019571680375368880L;
 
         private byte[] key;
         private final int majorVersion, minorVersion;
--- a/src/share/classes/com/sun/security/auth/PolicyFile.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/PolicyFile.java	Mon Aug 15 11:48:20 2011 -0700
@@ -26,13 +26,10 @@
 package com.sun.security.auth;
 
 import java.io.*;
-import java.lang.RuntimePermission;
 import java.lang.reflect.*;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.*;
 
-import java.security.AccessController;
 import java.security.CodeSource;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -260,7 +257,7 @@
     private static final String AUTH_POLICY_URL = "auth.policy.url.";
 
     private Vector<PolicyEntry> policyEntries;
-    private Hashtable aliasMapping;
+    private Hashtable<Object, Object> aliasMapping;
 
     private boolean initialized = false;
 
@@ -293,7 +290,7 @@
             return;
 
         policyEntries = new Vector<PolicyEntry>();
-        aliasMapping = new Hashtable(11);
+        aliasMapping = new Hashtable<Object, Object>(11);
 
         initPolicyFile();
         initialized = true;
@@ -403,7 +400,7 @@
                 }
                 try {
                     extra_policy = PropertyExpander.expand(extra_policy);
-                    URL policyURL;;
+                    URL policyURL;
                     File policyFile = new File(extra_policy);
                     if (policyFile.exists()) {
                         policyURL =
@@ -702,8 +699,8 @@
                InvocationTargetException
     {
         //XXX we might want to keep a hash of created factories...
-        Class pc = Class.forName(type);
-        Constructor c = pc.getConstructor(PARAMS);
+        Class<?> pc = Class.forName(type);
+        Constructor<?> c = pc.getConstructor(PARAMS);
         return (Permission) c.newInstance(new Object[] { name, actions });
     }
 
@@ -1088,16 +1085,20 @@
             // because the earlier CodeSource.implies succeeded
             SubjectCodeSource scs = (SubjectCodeSource)accCs;
 
-            Set<Principal> principalSet = null;
+            Set<? extends Principal> principalSet = null;
             try {
-                Class pClass = Class.forName(principal.principalClass, false,
-                                ClassLoader.getSystemClassLoader());
+                // principal.principalClass should extend Principal
+                // If it doesn't, we should stop here with a ClassCastException.
+                @SuppressWarnings("unchecked")
+                Class<? extends Principal> pClass = (Class<? extends Principal>)
+                        Class.forName(principal.principalClass, false,
+                                      ClassLoader.getSystemClassLoader());
                 principalSet = scs.getSubject().getPrincipals(pClass);
             } catch (Exception e) {
                 if (debug != null) {
                     debug.println("problem finding Principal Class " +
-                                "when expanding SELF permission: " +
-                                e.toString());
+                                  "when expanding SELF permission: " +
+                                  e.toString());
                 }
             }
 
@@ -1107,11 +1108,9 @@
             }
 
             String[][] info = new String[principalSet.size()][2];
-            java.util.Iterator<Principal> pIterator = principalSet.iterator();
 
             int i = 0;
-            while (pIterator.hasNext()) {
-                Principal p = pIterator.next();
+            for (Principal p : principalSet) {
                 info[i][0] = p.getClass().getName();
                 info[i][1] = p.getName();
                 i++;
--- a/src/share/classes/com/sun/security/auth/SubjectCodeSource.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/SubjectCodeSource.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -205,10 +205,9 @@
 
                 // handle PrincipalComparators
 
-                Class principalComparator = Class.forName(pppe.principalClass,
-                                                        true,
-                                                        sysClassLoader);
-                Constructor c = principalComparator.getConstructor(PARAMS);
+                Class<?> principalComparator = Class.forName(
+                        pppe.principalClass, true, sysClassLoader);
+                Constructor<?> c = principalComparator.getConstructor(PARAMS);
                 PrincipalComparator pc =
                         (PrincipalComparator)c.newInstance
                         (new Object[] { pppe.principalName });
--- a/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Mon Aug 15 11:48:20 2011 -0700
@@ -32,16 +32,13 @@
 import javax.naming.*;
 import javax.naming.directory.*;
 
-import java.io.IOException;
 import java.util.Map;
 import java.util.LinkedList;
-import java.util.ResourceBundle;
 
 import com.sun.security.auth.UnixPrincipal;
 import com.sun.security.auth.UnixNumericUserPrincipal;
 import com.sun.security.auth.UnixNumericGroupPrincipal;
 
-import sun.security.util.AuthResources;
 
 /**
  * <p> The module prompts for a username and password
@@ -189,7 +186,7 @@
     // initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     private static final String CRYPT = "{crypt}";
@@ -217,13 +214,18 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    // Unchecked warnings from options.get(String) are safe since we are
+    // passing known keys.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject, CallbackHandler callbackHandler,
                            Map<String,?> sharedState,
                            Map<String,?> options) {
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Mon Aug 15 11:48:20 2011 -0700
@@ -25,11 +25,9 @@
 
 package com.sun.security.auth.module;
 
-import javax.security.auth.x500.X500Principal;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.PushbackInputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.AuthProvider;
@@ -39,7 +37,6 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
-import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.Provider;
 import java.security.UnrecoverableKeyException;
@@ -49,13 +46,10 @@
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.Map;
-import java.util.ResourceBundle;
 import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.*;
-import javax.security.auth.Subject;
-import javax.security.auth.x500.*;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.ConfirmationCallback;
@@ -67,7 +61,6 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import sun.security.util.AuthResources;
 import sun.security.util.Password;
 
 /**
@@ -159,7 +152,7 @@
 
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     private char[] keyStorePassword;
@@ -202,7 +195,9 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
-
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject,
                            CallbackHandler callbackHandler,
                            Map<String,?> sharedState,
@@ -210,7 +205,7 @@
     {
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         processOptions();
@@ -337,6 +332,7 @@
     }
 
     /** Get the alias and passwords to use for looking up in the KeyStore. */
+    @SuppressWarnings("fallthrough")
     private void getAliasAndPasswords(int env) throws LoginException {
         if (callbackHandler == null) {
 
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Mon Aug 15 11:48:20 2011 -0700
@@ -367,7 +367,7 @@
     // initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
 
     // configurable option
@@ -432,7 +432,11 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
-
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    // Unchecked warnings from options.get(String) are safe since we are
+    // passing known keys.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject,
                            CallbackHandler callbackHandler,
                            Map<String, ?> sharedState,
@@ -440,7 +444,7 @@
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
         // initialize any configured options
--- a/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/auth/module/LdapLoginModule.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,12 @@
 
 package com.sun.security.auth.module;
 
-import java.io.IOException;
 import java.security.AccessController;
 import java.net.SocketPermission;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.util.Arrays;
 import java.util.Hashtable;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.regex.Matcher;
@@ -50,7 +48,6 @@
 import com.sun.security.auth.LdapPrincipal;
 import com.sun.security.auth.UserPrincipal;
 
-import sun.security.util.AuthResources;
 
 /**
  * This {@link LoginModule} performs LDAP-based authentication.
@@ -366,12 +363,12 @@
     // Initial state
     private Subject subject;
     private CallbackHandler callbackHandler;
-    private Map sharedState;
+    private Map<String, Object> sharedState;
     private Map<String, ?> options;
     private LdapContext ctx;
     private Matcher identityMatcher = null;
     private Matcher filterMatcher = null;
-    private Hashtable ldapEnvironment;
+    private Hashtable<String, Object> ldapEnvironment;
     private SearchControls constraints = null;
 
     /**
@@ -385,15 +382,18 @@
      *                  <code>Configuration</code> for this particular
      *                  <code>LoginModule</code>.
      */
+    // Unchecked warning from (Map<String, Object>)sharedState is safe
+    // since javax.security.auth.login.LoginContext passes a raw HashMap.
+    @SuppressWarnings("unchecked")
     public void initialize(Subject subject, CallbackHandler callbackHandler,
                         Map<String, ?> sharedState, Map<String, ?> options) {
 
         this.subject = subject;
         this.callbackHandler = callbackHandler;
-        this.sharedState = sharedState;
+        this.sharedState = (Map<String, Object>)sharedState;
         this.options = options;
 
-        ldapEnvironment = new Hashtable(9);
+        ldapEnvironment = new Hashtable<String, Object>(9);
         ldapEnvironment.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
 
--- a/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
  * <p>The target name is the {@link InquireType} allowed.
  */
 public final class InquireSecContextPermission extends BasicPermission {
+    private static final long serialVersionUID = -7131173349668647297L;
 
     /**
      * Constructs a new {@code InquireSecContextPermission} object with
--- a/src/share/classes/com/sun/security/ntlm/NTLMException.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/ntlm/NTLMException.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
  * An NTLM-related Exception
  */
 public final class NTLMException extends GeneralSecurityException {
+    private static final long serialVersionUID = -3298539507906689430L;
 
     /**
      * If the incoming packet is invalid.
--- a/src/share/classes/com/sun/security/sasl/CramMD5Server.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/CramMD5Server.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,6 @@
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 /**
@@ -68,7 +67,7 @@
      * @param pw A non-null String or byte[]
      * containing the password. If it is an array, it is first cloned.
      */
-    CramMD5Server(String protocol, String serverFqdn, Map props,
+    CramMD5Server(String protocol, String serverFqdn, Map<String, ?> props,
         CallbackHandler cbh) throws SaslException {
         if (serverFqdn == null) {
             throw new SaslException(
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,15 @@
 import java.util.Map;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import java.math.BigInteger;
 import java.util.Random;
-import java.security.Provider;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.io.IOException;
 
 import java.security.MessageDigest;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.NoSuchAlgorithmException;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
@@ -53,7 +47,6 @@
 import javax.crypto.SecretKey;
 import javax.crypto.Mac;
 import javax.crypto.SecretKeyFactory;
-import javax.crypto.BadPaddingException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.spec.IvParameterSpec;
@@ -175,8 +168,9 @@
      *
      * @throws SaslException If invalid value found in props.
      */
-    protected DigestMD5Base(Map props, String className, int firstStep,
-        String digestUri, CallbackHandler cbh) throws SaslException {
+    protected DigestMD5Base(Map<String, ?> props, String className,
+        int firstStep, String digestUri, CallbackHandler cbh)
+        throws SaslException {
         super(props, className); // sets QOP, STENGTH and BUFFER_SIZE
 
         step = firstStep;
@@ -791,7 +785,7 @@
                     }
                 } else if (realmChoices != null && i == realmIndex) {
                     // > 1 realm specified
-                    if (realmChoices.size() == 0) {
+                    if (realmChoices.isEmpty()) {
                         realmChoices.add(valueTable[i]); // add existing one
                     }
                     realmChoices.add(value);  // add new one
@@ -1585,47 +1579,45 @@
         KeySpec spec = null;
         SecretKeyFactory desFactory =
             SecretKeyFactory.getInstance(desStrength);
-
-        if (desStrength.equals("des")) {
-            spec = new DESKeySpec(subkey1, 0);
-            if (logger.isLoggable(Level.FINEST)) {
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST42:DES key input: ", input);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST43:DES key parity-adjusted: ", subkey1);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey());
-                logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}",
-                    Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0)));
-            }
-
-        } else if (desStrength.equals("desede")) {
-
-            // Generate second subkey using second 7 bytes
-            byte[] subkey2 = addDesParity(input, 7, 7);
-
-            // Construct 24-byte encryption-decryption-encryption sequence
-            byte[] ede = new byte[subkey1.length*2+subkey2.length];
-            System.arraycopy(subkey1, 0, ede, 0, subkey1.length);
-            System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length);
-            System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length,
-                subkey1.length);
-
-            spec = new DESedeKeySpec(ede, 0);
-            if (logger.isLoggable(Level.FINEST)) {
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST46:3DES key input: ", input);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST47:3DES key ede: ", ede);
-                traceOutput(DP_CLASS_NAME, "makeDesKeys",
-                    "DIGEST48:3DES key material: ",
-                    ((DESedeKeySpec)spec).getKey());
-                logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ",
-                    Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0)));
-            }
-        } else {
-            throw new IllegalArgumentException("Invalid DES strength:" +
-                desStrength);
+        switch (desStrength) {
+            case "des":
+                spec = new DESKeySpec(subkey1, 0);
+                if (logger.isLoggable(Level.FINEST)) {
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST42:DES key input: ", input);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST43:DES key parity-adjusted: ", subkey1);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST44:DES key material: ", ((DESKeySpec)spec).getKey());
+                    logger.log(Level.FINEST, "DIGEST45: is parity-adjusted? {0}",
+                        Boolean.valueOf(DESKeySpec.isParityAdjusted(subkey1, 0)));
+                }
+                break;
+            case "desede":
+                // Generate second subkey using second 7 bytes
+                byte[] subkey2 = addDesParity(input, 7, 7);
+                // Construct 24-byte encryption-decryption-encryption sequence
+                byte[] ede = new byte[subkey1.length*2+subkey2.length];
+                System.arraycopy(subkey1, 0, ede, 0, subkey1.length);
+                System.arraycopy(subkey2, 0, ede, subkey1.length, subkey2.length);
+                System.arraycopy(subkey1, 0, ede, subkey1.length+subkey2.length,
+                    subkey1.length);
+                spec = new DESedeKeySpec(ede, 0);
+                if (logger.isLoggable(Level.FINEST)) {
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST46:3DES key input: ", input);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST47:3DES key ede: ", ede);
+                    traceOutput(DP_CLASS_NAME, "makeDesKeys",
+                        "DIGEST48:3DES key material: ",
+                        ((DESedeKeySpec)spec).getKey());
+                    logger.log(Level.FINEST, "DIGEST49: is parity-adjusted? ",
+                        Boolean.valueOf(DESedeKeySpec.isParityAdjusted(ede, 0)));
+                }
+                break;
+            default:
+                throw new IllegalArgumentException("Invalid DES strength:" +
+                    desStrength);
         }
         return desFactory.generateSecret(spec);
     }
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,21 +25,16 @@
 
 package com.sun.security.sasl.digest;
 
-import java.security.AccessController;
-import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.Arrays;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 import javax.security.sasl.*;
@@ -153,7 +148,7 @@
       * @throws SaslException if no authentication ID or password is supplied
       */
     DigestMD5Client(String authzid, String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME, 2, protocol + "/" + serverName, cbh);
 
--- a/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,23 +25,16 @@
 
 package com.sun.security.sasl.digest;
 
-import java.security.AccessController;
-import java.security.Provider;
-import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.util.Random;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.Arrays;
 
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 import javax.security.sasl.*;
@@ -147,7 +140,7 @@
     private byte[] myCiphers;
     private List<String> serverRealms;
 
-    DigestMD5Server(String protocol, String serverName, Map props,
+    DigestMD5Server(String protocol, String serverName, Map<String, ?> props,
         CallbackHandler cbh) throws SaslException {
         super(props, MY_CLASS_NAME, 1, protocol + "/" + serverName, cbh);
 
@@ -179,7 +172,7 @@
         encoding = (useUTF8 ? "UTF8" : "8859_1");
 
         // By default, use server name as realm
-        if (serverRealms.size() == 0) {
+        if (serverRealms.isEmpty()) {
             serverRealms.add(serverName);
         }
     }
@@ -468,19 +461,23 @@
 
         // Check that QOP is one sent by server
         byte cQop;
-        if (negotiatedQop.equals("auth")) {
-            cQop = NO_PROTECTION;
-        } else if (negotiatedQop.equals("auth-int")) {
-            cQop = INTEGRITY_ONLY_PROTECTION;
-            integrity = true;
-            rawSendSize = sendMaxBufSize - 16;
-        } else if (negotiatedQop.equals("auth-conf")) {
-            cQop = PRIVACY_PROTECTION;
-            integrity = privacy = true;
-            rawSendSize = sendMaxBufSize - 26;
-        } else {
-            throw new SaslException("DIGEST-MD5: digest response format " +
-                "violation. Invalid QOP: " + negotiatedQop);
+        switch (negotiatedQop) {
+            case "auth":
+                cQop = NO_PROTECTION;
+                break;
+            case "auth-int":
+                cQop = INTEGRITY_ONLY_PROTECTION;
+                integrity = true;
+                rawSendSize = sendMaxBufSize - 16;
+                break;
+            case "auth-conf":
+                cQop = PRIVACY_PROTECTION;
+                integrity = privacy = true;
+                rawSendSize = sendMaxBufSize - 26;
+                break;
+            default:
+                throw new SaslException("DIGEST-MD5: digest response format " +
+                    "violation. Invalid QOP: " + negotiatedQop);
         }
         if ((cQop&allQop) == 0) {
             throw new SaslException("DIGEST-MD5: server does not support " +
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Base.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,7 @@
 
 package com.sun.security.sasl.gsskerb;
 
-import java.io.IOException;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import javax.security.sasl.*;
 import com.sun.security.sasl.util.AbstractSaslImpl;
@@ -50,7 +48,8 @@
     protected MessageProp msgProp;              // QOP and privacy for unwrap
     protected static final int JGSS_QOP = 0;    // unrelated to SASL QOP mask
 
-    protected GssKrb5Base(Map props, String className) throws SaslException {
+    protected GssKrb5Base(Map<String, ?> props, String className)
+        throws SaslException {
         super(props, className);
     }
 
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
 
 import java.io.IOException;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 import javax.security.sasl.*;
 
@@ -93,7 +92,7 @@
      * with the server.
      */
     GssKrb5Client(String authzID, String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME);
 
--- a/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
 import javax.security.sasl.*;
 import java.io.*;
 import java.util.Map;
-import java.util.logging.Logger;
 import java.util.logging.Level;
 
 // JAAS
@@ -77,7 +76,7 @@
      * with the client.
      */
     GssKrb5Server(String protocol, String serverName,
-        Map props, CallbackHandler cbh) throws SaslException {
+        Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         super(props, MY_CLASS_NAME);
 
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
      * @throws SaslException
      */
     NTLMClient(String mech, String authzid, String protocol, String serverName,
-            Map props, CallbackHandler cbh) throws SaslException {
+            Map<String, ?> props, CallbackHandler cbh) throws SaslException {
 
         this.mech = mech;
         String version = null;
@@ -194,12 +194,13 @@
 
     @Override
     public Object getNegotiatedProperty(String propName) {
-        if (propName.equals(Sasl.QOP)) {
-            return "auth";
-        } else if (propName.equals(NTLM_DOMAIN)) {
-            return client.getDomain();
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                return "auth";
+            case NTLM_DOMAIN:
+                return client.getDomain();
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -110,7 +110,8 @@
      * @throws SaslException
      */
     NTLMServer(String mech, String protocol, String serverName,
-            Map props, final CallbackHandler cbh) throws SaslException {
+            Map<String, ?> props, final CallbackHandler cbh)
+            throws SaslException {
 
         this.mech = mech;
         String version = null;
@@ -210,12 +211,13 @@
 
     @Override
     public Object getNegotiatedProperty(String propName) {
-        if (propName.equals(Sasl.QOP)) {
-            return "auth";
-        } else if (propName.equals(NTLM_HOSTNAME)) {
-            return hostname;
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                return "auth";
+            case NTLM_HOSTNAME:
+                return hostname;
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/util/AbstractSaslImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,8 +29,6 @@
 import java.io.*;
 import java.util.Map;
 import java.util.StringTokenizer;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 import java.util.logging.Logger;
 import java.util.logging.Level;
@@ -63,7 +61,8 @@
 
     protected String myClassName;
 
-    protected AbstractSaslImpl(Map props, String className) throws SaslException {
+    protected AbstractSaslImpl(Map<String, ?> props, String className)
+            throws SaslException {
         myClassName = className;
 
         // Parse properties  to set desired context options
@@ -156,23 +155,23 @@
         if (!completed) {
             throw new IllegalStateException("SASL authentication not completed");
         }
-
-        if (propName.equals(Sasl.QOP)) {
-            if (privacy) {
-                return "auth-conf";
-            } else if (integrity) {
-                return "auth-int";
-            } else {
-                return "auth";
-            }
-        } else if (propName.equals(Sasl.MAX_BUFFER)) {
-            return Integer.toString(recvMaxBufSize);
-        } else if (propName.equals(Sasl.RAW_SEND_SIZE)) {
-            return Integer.toString(rawSendSize);
-        } else if (propName.equals(MAX_SEND_BUF)) {
-            return Integer.toString(sendMaxBufSize);
-        } else {
-            return null;
+        switch (propName) {
+            case Sasl.QOP:
+                if (privacy) {
+                    return "auth-conf";
+                } else if (integrity) {
+                    return "auth-int";
+                } else {
+                    return "auth";
+                }
+            case Sasl.MAX_BUFFER:
+                return Integer.toString(recvMaxBufSize);
+            case Sasl.RAW_SEND_SIZE:
+                return Integer.toString(rawSendSize);
+            case MAX_SEND_BUF:
+                return Integer.toString(sendMaxBufSize);
+            default:
+                return null;
         }
     }
 
--- a/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/com/sun/security/sasl/util/PolicyUtils.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@
      * @param props The security policy properties to check
      * @return true if passes; false if fails
      */
-    public static boolean checkPolicy(int flags, Map props) {
+    public static boolean checkPolicy(int flags, Map<String, ?> props) {
         if (props == null) {
             return true;
         }
@@ -93,7 +93,7 @@
      *
      */
     public static String[] filterMechs(String[] mechs, int[] policies,
-        Map props) {
+        Map<String, ?> props) {
         if (props == null) {
             return mechs.clone();
         }
--- a/src/share/classes/java/security/AccessControlContext.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/AccessControlContext.java	Mon Aug 15 11:48:20 2011 -0700
@@ -29,8 +29,6 @@
 import java.util.List;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
-import sun.misc.JavaSecurityAccess;
-import sun.misc.SharedSecrets;
 
 
 /**
@@ -312,7 +310,7 @@
                 Debug.isOn("permission=" + perm.getClass().getCanonicalName());
 
             if (dumpDebug && Debug.isOn("stack")) {
-                Thread.currentThread().dumpStack();
+                Thread.dumpStack();
             }
 
             if (dumpDebug && Debug.isOn("domain")) {
@@ -353,7 +351,7 @@
                     if (!dumpDebug) {
                         debug.println("access denied " + perm);
                     }
-                    Thread.currentThread().dumpStack();
+                    Thread.dumpStack();
                     final ProtectionDomain pd = context[i];
                     final Debug db = debug;
                     AccessController.doPrivileged (new PrivilegedAction<Void>() {
@@ -561,7 +559,7 @@
                     match = (that.context[j] == null);
                 }
             } else {
-                Class thisPdClass = thisPd.getClass();
+                Class<?> thisPdClass = thisPd.getClass();
                 ProtectionDomain thatPd;
                 for (int j = 0; (j < that.context.length) && !match; j++) {
                     thatPd = that.context[j];
--- a/src/share/classes/java/security/AccessController.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/AccessController.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -406,7 +406,7 @@
          * callerClass[2] = AccessController.doPrivileged
          * callerClass[3] = caller
          */
-        final Class callerClass = sun.reflect.Reflection.getCallerClass(3);
+        final Class<?> callerClass = sun.reflect.Reflection.getCallerClass(3);
         ProtectionDomain callerPd = doPrivileged
             (new PrivilegedAction<ProtectionDomain>() {
             public ProtectionDomain run() {
@@ -538,7 +538,7 @@
             }
 
             if (dumpDebug && Debug.isOn("stack")) {
-                Thread.currentThread().dumpStack();
+                Thread.dumpStack();
             }
 
             if (dumpDebug && Debug.isOn("domain")) {
--- a/src/share/classes/java/security/BasicPermission.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/BasicPermission.java	Mon Aug 15 11:48:20 2011 -0700
@@ -25,7 +25,6 @@
 
 package java.security;
 
-import java.security.*;
 import java.util.Enumeration;
 import java.util.Map;
 import java.util.HashMap;
@@ -333,14 +332,14 @@
      *
      * @see #serialPersistentFields
      */
-    private Class permClass;
+    private Class<?> permClass;
 
     /**
      * Create an empty BasicPermissionCollection object.
      *
      */
 
-    public BasicPermissionCollection(Class clazz) {
+    public BasicPermissionCollection(Class<?> clazz) {
         perms = new HashMap<String, Permission>(11);
         all_allowed = false;
         permClass = clazz;
@@ -542,6 +541,9 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        // writeObject writes a Hashtable<String, Permission> for the
+        // permissions key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<String, Permission> permissions =
                 (Hashtable<String, Permission>)gfields.get("permissions", null);
         perms = new HashMap<String, Permission>(permissions.size()*2);
@@ -551,7 +553,7 @@
         all_allowed = gfields.get("all_allowed", false);
 
         // Get permClass
-        permClass = (Class) gfields.get("permClass", null);
+        permClass = (Class<?>) gfields.get("permClass", null);
 
         if (permClass == null) {
             // set permClass
--- a/src/share/classes/java/security/Permissions.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/Permissions.java	Mon Aug 15 11:48:20 2011 -0700
@@ -31,7 +31,6 @@
 import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
-import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Collections;
 import java.io.Serializable;
@@ -238,7 +237,7 @@
      */
     private PermissionCollection getPermissionCollection(Permission p,
         boolean createEmpty) {
-        Class c = p.getClass();
+        Class<?> c = p.getClass();
 
         PermissionCollection pc = permsMap.get(c);
 
@@ -390,6 +389,9 @@
         allPermission = (PermissionCollection) gfields.get("allPermission", null);
 
         // Get permissions
+        // writeObject writes a Hashtable<Class<?>, PermissionCollection> for
+        // the perms key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<Class<?>, PermissionCollection> perms =
             (Hashtable<Class<?>, PermissionCollection>)gfields.get("perms", null);
         permsMap = new HashMap<Class<?>, PermissionCollection>(perms.size()*2);
@@ -590,6 +592,9 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        // writeObject writes a Hashtable<Class<?>, PermissionCollection> for
+        // the perms key, so this cast is safe, unless the data is corrupt.
+        @SuppressWarnings("unchecked")
         Hashtable<Permission, Permission> perms =
                 (Hashtable<Permission, Permission>)gfields.get("perms", null);
         permsMap = new HashMap<Permission, Permission>(perms.size()*2);
--- a/src/share/classes/java/security/Policy.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/Policy.java	Mon Aug 15 11:48:20 2011 -0700
@@ -26,16 +26,7 @@
 
 package java.security;
 
-import java.io.*;
-import java.lang.RuntimePermission;
-import java.lang.reflect.*;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.PropertyPermission;
-import java.util.StringTokenizer;
-import java.util.Vector;
 import java.util.WeakHashMap;
 import sun.security.jca.GetInstance;
 import sun.security.util.Debug;
@@ -786,6 +777,8 @@
     private static class UnsupportedEmptyCollection
         extends PermissionCollection {
 
+        private static final long serialVersionUID = -8492269157353014774L;
+
         private Permissions perms;
 
         /**
--- a/src/share/classes/java/security/ProtectionDomain.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/ProtectionDomain.java	Mon Aug 15 11:48:20 2011 -0700
@@ -33,7 +33,6 @@
 import java.util.WeakHashMap;
 import sun.misc.JavaSecurityProtectionDomainAccess;
 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
-import sun.misc.SharedSecrets;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
 import sun.misc.JavaSecurityAccess;
@@ -403,7 +402,7 @@
                 e = permissions.elements();   // domain vs policy
                 while (e.hasMoreElements()) {
                     Permission pdp = e.nextElement();
-                    Class pdpClass = pdp.getClass();
+                    Class<?> pdpClass = pdp.getClass();
                     String pdpActions = pdp.getActions();
                     String pdpName = pdp.getName();
                     for (int i = 0; i < plVector.size(); i++) {
--- a/src/share/classes/java/security/Provider.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/Provider.java	Mon Aug 15 11:48:20 2011 -0700
@@ -31,9 +31,6 @@
 import java.lang.ref.*;
 import java.lang.reflect.*;
 
-import java.security.cert.CertStoreParameters;
-import javax.security.auth.login.Configuration;
-
 /**
  * This class represents a "provider" for the
  * Java Security API, where a provider implements some or all parts of
@@ -453,8 +450,8 @@
      * Internal method to be called AFTER the security check has been
      * performed.
      */
-    private void implPutAll(Map t) {
-        for (Map.Entry e : ((Map<?,?>)t).entrySet()) {
+    private void implPutAll(Map<?,?> t) {
+        for (Map.Entry<?,?> e : t.entrySet()) {
             implPut(e.getKey(), e.getValue());
         }
     }
@@ -562,9 +559,9 @@
      * occur if the legacy properties are inconsistent or incomplete.
      */
     private void removeInvalidServices(Map<ServiceKey,Service> map) {
-        for (Iterator t = map.entrySet().iterator(); t.hasNext(); ) {
-            Map.Entry entry = (Map.Entry)t.next();
-            Service s = (Service)entry.getValue();
+        for (Iterator<Map.Entry<ServiceKey, Service>> t =
+                map.entrySet().iterator(); t.hasNext(); ) {
+            Service s = t.next().getValue();
             if (s.isValid() == false) {
                 t.remove();
             }
@@ -918,15 +915,15 @@
         final String name;
         final boolean supportsParameter;
         final String constructorParameterClassName;
-        private volatile Class constructorParameterClass;
+        private volatile Class<?> constructorParameterClass;
 
         EngineDescription(String name, boolean sp, String paramName) {
             this.name = name;
             this.supportsParameter = sp;
             this.constructorParameterClassName = paramName;
         }
-        Class getConstructorParameterClass() throws ClassNotFoundException {
-            Class clazz = constructorParameterClass;
+        Class<?> getConstructorParameterClass() throws ClassNotFoundException {
+            Class<?> clazz = constructorParameterClass;
             if (clazz == null) {
                 clazz = Class.forName(constructorParameterClassName);
                 constructorParameterClass = clazz;
@@ -1038,7 +1035,7 @@
         private Map<UString,String> attributes;
 
         // Reference to the cached implementation Class object
-        private volatile Reference<Class> classRef;
+        private volatile Reference<Class<?>> classRef;
 
         // flag indicating whether this service has its attributes for
         // supportedKeyFormats or supportedKeyClasses set
@@ -1055,7 +1052,7 @@
         // whether this service has been registered with the Provider
         private boolean registered;
 
-        private static final Class[] CLASS0 = new Class[0];
+        private static final Class<?>[] CLASS0 = new Class<?>[0];
 
         // this constructor and these methods are used for parsing
         // the legacy string properties.
@@ -1234,12 +1231,12 @@
                             ("constructorParameter not used with " + type
                             + " engines");
                     }
-                    Class clazz = getImplClass();
+                    Class<?> clazz = getImplClass();
                     return clazz.newInstance();
                 } else {
-                    Class paramClass = cap.getConstructorParameterClass();
+                    Class<?> paramClass = cap.getConstructorParameterClass();
                     if (constructorParameter != null) {
-                        Class argClass = constructorParameter.getClass();
+                        Class<?> argClass = constructorParameter.getClass();
                         if (paramClass.isAssignableFrom(argClass) == false) {
                             throw new InvalidParameterException
                             ("constructorParameter must be instanceof "
@@ -1247,8 +1244,8 @@
                             + " for engine type " + type);
                         }
                     }
-                    Class clazz = getImplClass();
-                    Constructor cons = clazz.getConstructor(paramClass);
+                    Class<?> clazz = getImplClass();
+                    Constructor<?> cons = clazz.getConstructor(paramClass);
                     return cons.newInstance(constructorParameter);
                 }
             } catch (NoSuchAlgorithmException e) {
@@ -1267,10 +1264,10 @@
         }
 
         // return the implementation Class object for this service
-        private Class getImplClass() throws NoSuchAlgorithmException {
+        private Class<?> getImplClass() throws NoSuchAlgorithmException {
             try {
-                Reference<Class> ref = classRef;
-                Class clazz = (ref == null) ? null : ref.get();
+                Reference<Class<?>> ref = classRef;
+                Class<?> clazz = (ref == null) ? null : ref.get();
                 if (clazz == null) {
                     ClassLoader cl = provider.getClass().getClassLoader();
                     if (cl == null) {
@@ -1278,7 +1275,7 @@
                     } else {
                         clazz = cl.loadClass(className);
                     }
-                    classRef = new WeakReference<Class>(clazz);
+                    classRef = new WeakReference<Class<?>>(clazz);
                 }
                 return clazz;
             } catch (ClassNotFoundException e) {
@@ -1295,18 +1292,18 @@
          */
         private Object newInstanceGeneric(Object constructorParameter)
                 throws Exception {
-            Class clazz = getImplClass();
+            Class<?> clazz = getImplClass();
             if (constructorParameter == null) {
                 Object o = clazz.newInstance();
                 return o;
             }
-            Class argClass = constructorParameter.getClass();
+            Class<?> argClass = constructorParameter.getClass();
             Constructor[] cons = clazz.getConstructors();
             // find first public constructor that can take the
             // argument as parameter
             for (int i = 0; i < cons.length; i++) {
-                Constructor con = cons[i];
-                Class[] paramTypes = con.getParameterTypes();
+                Constructor<?> con = cons[i];
+                Class<?>[] paramTypes = con.getParameterTypes();
                 if (paramTypes.length != 1) {
                     continue;
                 }
@@ -1394,10 +1391,10 @@
                     s = getAttribute("SupportedKeyClasses");
                     if (s != null) {
                         String[] classNames = s.split("\\|");
-                        List<Class> classList =
+                        List<Class<?>> classList =
                             new ArrayList<>(classNames.length);
                         for (String className : classNames) {
-                            Class clazz = getKeyClass(className);
+                            Class<?> clazz = getKeyClass(className);
                             if (clazz != null) {
                                 classList.add(clazz);
                             }
@@ -1414,7 +1411,7 @@
         }
 
         // get the key class object of the specified name
-        private Class getKeyClass(String name) {
+        private Class<?> getKeyClass(String name) {
             try {
                 return Class.forName(name);
             } catch (ClassNotFoundException e) {
@@ -1451,8 +1448,8 @@
             if (supportedClasses == null) {
                 return false;
             }
-            Class keyClass = key.getClass();
-            for (Class clazz : supportedClasses) {
+            Class<?> keyClass = key.getClass();
+            for (Class<?> clazz : supportedClasses) {
                 if (clazz.isAssignableFrom(keyClass)) {
                     return true;
                 }
--- a/src/share/classes/java/security/Security.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/Security.java	Mon Aug 15 11:48:20 2011 -0700
@@ -33,8 +33,6 @@
 import sun.security.util.Debug;
 import sun.security.util.PropertyExpander;
 
-import java.security.Provider.Service;
-
 import sun.security.jca.*;
 
 /**
@@ -660,15 +658,16 @@
     }
 
     // Map containing cached Spi Class objects of the specified type
-    private static final Map<String, Class> spiMap = new ConcurrentHashMap<>();
+    private static final Map<String, Class<?>> spiMap =
+            new ConcurrentHashMap<>();
 
     /**
      * Return the Class object for the given engine type
      * (e.g. "MessageDigest"). Works for Spis in the java.security package
      * only.
      */
-    private static Class getSpiClass(String type) {
-        Class clazz = spiMap.get(type);
+    private static Class<?> getSpiClass(String type) {
+        Class<?> clazz = spiMap.get(type);
         if (clazz != null) {
             return clazz;
         }
@@ -1078,7 +1077,7 @@
 
         if ((serviceName == null) || (serviceName.length() == 0) ||
             (serviceName.endsWith("."))) {
-            return Collections.EMPTY_SET;
+            return Collections.emptySet();
         }
 
         HashSet<String> result = new HashSet<>();
--- a/src/share/classes/java/security/UnresolvedPermission.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/UnresolvedPermission.java	Mon Aug 15 11:48:20 2011 -0700
@@ -28,9 +28,7 @@
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
 import java.util.ArrayList;
-import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.Vector;
 import java.lang.reflect.*;
 import java.security.cert.*;
 
@@ -247,19 +245,19 @@
             }
         }
         try {
-            Class pc = p.getClass();
+            Class<?> pc = p.getClass();
 
             if (name == null && actions == null) {
                 try {
-                    Constructor c = pc.getConstructor(PARAMS0);
+                    Constructor<?> c = pc.getConstructor(PARAMS0);
                     return (Permission)c.newInstance(new Object[] {});
                 } catch (NoSuchMethodException ne) {
                     try {
-                        Constructor c = pc.getConstructor(PARAMS1);
+                        Constructor<?> c = pc.getConstructor(PARAMS1);
                         return (Permission) c.newInstance(
                               new Object[] { name});
                     } catch (NoSuchMethodException ne1) {
-                        Constructor c = pc.getConstructor(PARAMS2);
+                        Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
                               new Object[] { name, actions });
                     }
@@ -267,16 +265,16 @@
             } else {
                 if (name != null && actions == null) {
                     try {
-                        Constructor c = pc.getConstructor(PARAMS1);
+                        Constructor<?> c = pc.getConstructor(PARAMS1);
                         return (Permission) c.newInstance(
                               new Object[] { name});
                     } catch (NoSuchMethodException ne) {
-                        Constructor c = pc.getConstructor(PARAMS2);
+                        Constructor<?> c = pc.getConstructor(PARAMS2);
                         return (Permission) c.newInstance(
                               new Object[] { name, actions });
                     }
                 } else {
-                    Constructor c = pc.getConstructor(PARAMS2);
+                    Constructor<?> c = pc.getConstructor(PARAMS2);
                     return (Permission) c.newInstance(
                           new Object[] { name, actions });
                 }
--- a/src/share/classes/java/security/UnresolvedPermissionCollection.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/UnresolvedPermissionCollection.java	Mon Aug 15 11:48:20 2011 -0700
@@ -197,8 +197,12 @@
         ObjectInputStream.GetField gfields = in.readFields();
 
         // Get permissions
+        @SuppressWarnings("unchecked")
+        // writeObject writes a Hashtable<String, Vector<UnresolvedPermission>>
+        // for the permissions key, so this cast is safe, unless the data is corrupt.
         Hashtable<String, Vector<UnresolvedPermission>> permissions =
-                (Hashtable<String, Vector<UnresolvedPermission>>)gfields.get("permissions", null);
+                (Hashtable<String, Vector<UnresolvedPermission>>)
+                gfields.get("permissions", null);
         perms = new HashMap<String, List<UnresolvedPermission>>(permissions.size()*2);
 
         // Convert each entry (Vector) into a List
--- a/src/share/classes/java/security/cert/CertificateRevokedException.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/cert/CertificateRevokedException.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Map.Entry;
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.ObjectIdentifier;
@@ -95,7 +94,7 @@
         this.revocationDate = new Date(revocationDate.getTime());
         this.reason = reason;
         this.authority = authority;
-        this.extensions = new HashMap(extensions);
+        this.extensions = new HashMap<String, Extension>(extensions);
     }
 
     /**
@@ -148,8 +147,7 @@
             return null;
         } else {
             try {
-                Date invalidity =
-                    (Date) InvalidityDateExtension.toImpl(ext).get("DATE");
+                Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
                 return new Date(invalidity.getTime());
             } catch (IOException ioe) {
                 return null;
--- a/src/share/classes/java/security/cert/X509CRLSelector.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/cert/X509CRLSelector.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -632,7 +632,7 @@
                 byte[] encoded = in.getOctetString();
                 CRLNumberExtension crlNumExt =
                     new CRLNumberExtension(Boolean.FALSE, encoded);
-                crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER);
+                crlNum = crlNumExt.get(CRLNumberExtension.NUMBER);
             } catch (IOException ex) {
                 if (debug != null) {
                     debug.println("X509CRLSelector.match: exception in "
--- a/src/share/classes/java/security/cert/X509CertSelector.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/java/security/cert/X509CertSelector.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -277,7 +277,7 @@
         try {
             issuer = (issuerDN == null ? null : new X500Principal(issuerDN));
         } catch (IllegalArgumentException e) {
-            throw (IOException)new IOException("Invalid name").initCause(e);
+            throw new IOException("Invalid name", e);
         }
     }
 
@@ -341,7 +341,7 @@
         try {
             subject = (subjectDN == null ? null : new X500Principal(subjectDN));
         } catch (IllegalArgumentException e) {
-            throw (IOException)new IOException("Invalid name").initCause(e);
+            throw new IOException("Invalid name", e);
         }
     }
 
@@ -872,7 +872,7 @@
      * @param object2 a Collection containing the second object to compare
      * @return true if the objects are equal, false otherwise
      */
-    static boolean equalNames(Collection object1, Collection object2) {
+    static boolean equalNames(Collection<?> object1, Collection<?> object2) {
         if ((object1 == null) || (object2 == null)) {
             return object1 == object2;
         }
@@ -1672,19 +1672,15 @@
     private static Set<List<?>> cloneAndCheckNames(Collection<List<?>> names) throws IOException {
         // Copy the Lists and Collection
         Set<List<?>> namesCopy = new HashSet<List<?>>();
-        Iterator<List<?>> i = names.iterator();
-        while (i.hasNext()) {
-            Object o = i.next();
-            if (!(o instanceof List)) {
-                throw new IOException("expected a List");
-            }
-            namesCopy.add(new ArrayList<Object>((List<?>)o));
+        for (List<?> o : names)
+        {
+            namesCopy.add(new ArrayList<Object>(o));
         }
 
         // Check the contents of the Lists and clone any byte arrays
-        i = namesCopy.iterator();
-        while (i.hasNext()) {
-            List<Object> nameList = (List<Object>)i.next();
+        for (List<?> list : namesCopy) {
+            @SuppressWarnings("unchecked") // See javadoc for parameter "names".
+            List<Object> nameList = (List<Object>)list;
             if (nameList.size() != 2) {
                 throw new IOException("name list size not 2");
             }
@@ -2184,8 +2180,7 @@
             if (debug != null) {
                 String time = "n/a";
                 try {
-                    Date notAfter =
-                        (Date)ext.get(PrivateKeyUsageExtension.NOT_AFTER);
+                    Date notAfter = ext.get(PrivateKeyUsageExtension.NOT_AFTER);
                     time = notAfter.toString();
                 } catch (CertificateException ex) {
                     // not able to retrieve notAfter value
@@ -2201,8 +2196,7 @@
             if (debug != null) {
                 String time = "n/a";
                 try {
-                    Date notBefore = (Date)
-                        ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
+                    Date notBefore = ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
                     time = notBefore.toString();
                 } catch (CertificateException ex) {
                     // not able to retrieve notBefore value
@@ -2214,14 +2208,6 @@
                 e2.printStackTrace();
             }
             return false;
-        } catch (CertificateException e3) {
-            if (debug != null) {
-                debug.println("X509CertSelector.match: CertificateException "
-                    + "in private key usage check; X509CertSelector: "
-                    + this.toString());
-                e3.printStackTrace();
-            }
-            return false;
         } catch (IOException e4) {
             if (debug != null) {
                 debug.println("X509CertSelector.match: IOException in "
@@ -2252,7 +2238,7 @@
                     + subjectPublicKeyAlgID + ", xcert subjectPublicKeyAlgID = "
                     + algID.getOID());
             }
-            if (!subjectPublicKeyAlgID.equals(algID.getOID())) {
+            if (!subjectPublicKeyAlgID.equals((Object)algID.getOID())) {
                 if (debug != null) {
                     debug.println("X509CertSelector.match: "
                         + "subject public key alg IDs don't match");
@@ -2301,7 +2287,7 @@
                                                 EXTENDED_KEY_USAGE_ID);
             if (ext != null) {
                 Vector<ObjectIdentifier> certKeyPurposeVector =
-                    (Vector<ObjectIdentifier>)ext.get(ExtendedKeyUsageExtension.USAGES);
+                    ext.get(ExtendedKeyUsageExtension.USAGES);
                 if (!certKeyPurposeVector.contains(ANY_EXTENDED_KEY_USAGE)
                         && !certKeyPurposeVector.containsAll(keyPurposeOIDSet)) {
                     if (debug != null) {
@@ -2337,8 +2323,8 @@
                 }
                 return false;
             }
-            GeneralNames certNames = (GeneralNames)
-                sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+            GeneralNames certNames =
+                    sanExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
             Iterator<GeneralNameInterface> i =
                                 subjectAlternativeGeneralNames.iterator();
             while (i.hasNext()) {
@@ -2406,7 +2392,7 @@
                 }
                 return false;
             }
-            List<PolicyInformation> policies = (List<PolicyInformation>)ext.get(CertificatePoliciesExtension.POLICIES);
+            List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
             /*
              * Convert the Vector of PolicyInformation to a Vector
              * of CertificatePolicyIds for easier comparison.
@@ -2467,7 +2453,7 @@
             if (ext == null) {
                 return true;
             }
-            if ((debug != null) && debug.isOn("certpath")) {
+            if ((debug != null) && Debug.isOn("certpath")) {
                 debug.println("X509CertSelector.match pathToNames:\n");
                 Iterator<GeneralNameInterface> i =
                                         pathToGeneralNames.iterator();
@@ -2476,10 +2462,10 @@
                 }
             }
 
-            GeneralSubtrees permitted = (GeneralSubtrees)
-                ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
-            GeneralSubtrees excluded = (GeneralSubtrees)
-                ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
+            GeneralSubtrees permitted =
+                    ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
+            GeneralSubtrees excluded =
+                    ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
             if (excluded != null) {
                 if (matchExcluded(excluded) == false) {
                     return false;
@@ -2597,12 +2583,13 @@
         return true;
     }
 
-    private static Set<?> cloneSet(Set<?> set) {
+    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
+    private static <T> Set<T> cloneSet(Set<T> set) {
         if (set instanceof HashSet) {
-            Object clone = ((HashSet<?>)set).clone();
-            return (Set<?>)clone;
+            Object clone = ((HashSet<T>)set).clone();
+            return (Set<T>)clone;
         } else {
-            return new HashSet<Object>(set);
+            return new HashSet<T>(set);
         }
     }
 
@@ -2617,17 +2604,13 @@
             // Must clone these because addPathToName et al. modify them
             if (subjectAlternativeNames != null) {
                 copy.subjectAlternativeNames =
-                        (Set<List<?>>)cloneSet(subjectAlternativeNames);
+                        cloneSet(subjectAlternativeNames);
                 copy.subjectAlternativeGeneralNames =
-                        (Set<GeneralNameInterface>)cloneSet
-                                (subjectAlternativeGeneralNames);
+                        cloneSet(subjectAlternativeGeneralNames);
             }
             if (pathToGeneralNames != null) {
-                copy.pathToNames =
-                        (Set<List<?>>)cloneSet(pathToNames);
-                copy.pathToGeneralNames =
-                        (Set<GeneralNameInterface>)cloneSet
-                                (pathToGeneralNames);
+                copy.pathToNames = cloneSet(pathToNames);
+                copy.pathToGeneralNames = cloneSet(pathToGeneralNames);
             }
             return copy;
         } catch (CloneNotSupportedException e) {
--- a/src/share/classes/javax/crypto/Cipher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/Cipher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -28,7 +28,6 @@
 import java.util.*;
 import java.util.regex.*;
 
-import static java.util.Locale.ENGLISH;
 
 import java.security.*;
 import java.security.Provider.Service;
@@ -44,7 +43,6 @@
 
 import sun.security.util.Debug;
 import sun.security.jca.*;
-import sun.security.jca.GetInstance.Instance;
 
 /**
  * This class provides the functionality of a cryptographic cipher for
@@ -227,10 +225,10 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     // list of transform Strings to lookup in the provider
-    private List transforms;
+    private List<Transform> transforms;
 
     private final Object lock;
 
@@ -271,7 +269,8 @@
     }
 
     private Cipher(CipherSpi firstSpi, Service firstService,
-            Iterator serviceIterator, String transformation, List transforms) {
+            Iterator<Service> serviceIterator, String transformation,
+            List<Transform> transforms) {
         this.firstSpi = firstSpi;
         this.firstService = firstService;
         this.serviceIterator = serviceIterator;
@@ -392,11 +391,11 @@
 
         // Map<String,Pattern> for previously compiled patterns
         // XXX use ConcurrentHashMap once available
-        private final static Map patternCache =
-            Collections.synchronizedMap(new HashMap());
+        private final static Map<String, Pattern> patternCache =
+            Collections.synchronizedMap(new HashMap<String, Pattern>());
 
         private static boolean matches(String regexp, String str) {
-            Pattern pattern = (Pattern)patternCache.get(regexp);
+            Pattern pattern = patternCache.get(regexp);
             if (pattern == null) {
                 pattern = Pattern.compile(regexp);
                 patternCache.put(regexp, pattern);
@@ -406,7 +405,7 @@
 
     }
 
-    private static List getTransforms(String transformation)
+    private static List<Transform> getTransforms(String transformation)
             throws NoSuchAlgorithmException {
         String[] parts = tokenizeTransformation(transformation);
 
@@ -426,7 +425,7 @@
             return Collections.singletonList(tr);
         } else { // if ((mode != null) && (pad != null)) {
             // DES/CBC/PKCS5Padding
-            List list = new ArrayList(4);
+            List<Transform> list = new ArrayList<>(4);
             list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
             list.add(new Transform(alg, "/" + mode, null, pad));
             list.add(new Transform(alg, "//" + pad, mode, null));
@@ -436,10 +435,10 @@
     }
 
     // get the transform matching the specified service
-    private static Transform getTransform(Service s, List transforms) {
+    private static Transform getTransform(Service s,
+                                          List<Transform> transforms) {
         String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH);
-        for (Iterator t = transforms.iterator(); t.hasNext(); ) {
-            Transform tr = (Transform)t.next();
+        for (Transform tr : transforms) {
             if (alg.endsWith(tr.suffix)) {
                 return tr;
             }
@@ -482,19 +481,18 @@
     public static final Cipher getInstance(String transformation)
             throws NoSuchAlgorithmException, NoSuchPaddingException
     {
-        List transforms = getTransforms(transformation);
-        List cipherServices = new ArrayList(transforms.size());
-        for (Iterator t = transforms.iterator(); t.hasNext(); ) {
-            Transform transform = (Transform)t.next();
+        List<Transform> transforms = getTransforms(transformation);
+        List<ServiceId> cipherServices = new ArrayList<>(transforms.size());
+        for (Transform transform : transforms) {
             cipherServices.add(new ServiceId("Cipher", transform.transform));
         }
-        List services = GetInstance.getServices(cipherServices);
+        List<Service> services = GetInstance.getServices(cipherServices);
         // make sure there is at least one service from a signed provider
         // and that it can use the specified mode and padding
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         Exception failure = null;
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -620,11 +618,10 @@
             throw new IllegalArgumentException("Missing provider");
         }
         Exception failure = null;
-        List transforms = getTransforms(transformation);
+        List<Transform> transforms = getTransforms(transformation);
         boolean providerChecked = false;
         String paddingError = null;
-        for (Iterator t = transforms.iterator(); t.hasNext();) {
-            Transform tr = (Transform)t.next();
+        for (Transform tr : transforms) {
             Service s = provider.getService("Cipher", tr.transform);
             if (s == null) {
                 continue;
@@ -727,7 +724,7 @@
                     firstService = null;
                     firstSpi = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                     thisSpi = null;
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
@@ -821,7 +818,7 @@
                     firstService = null;
                     firstSpi = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                     thisSpi = null;
                 }
                 // if provider says it does not support this key, ignore it
@@ -1622,7 +1619,7 @@
             // Check whether the cert has a key usage extension
             // marked as a critical extension.
             X509Certificate cert = (X509Certificate)certificate;
-            Set critSet = cert.getCriticalExtensionOIDs();
+            Set<String> critSet = cert.getCriticalExtensionOIDs();
 
             if (critSet != null && !critSet.isEmpty()
                 && critSet.contains(KEY_USAGE_EXTENSION_OID)) {
--- a/src/share/classes/javax/crypto/CryptoAllPermission.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/CryptoAllPermission.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -171,8 +171,8 @@
      *
      * @return an enumeration of all the CryptoAllPermission objects.
      */
-    public Enumeration elements() {
-        Vector v = new Vector(1);
+    public Enumeration<Permission> elements() {
+        Vector<Permission> v = new Vector<>(1);
         if (all_allowed) v.add(CryptoAllPermission.INSTANCE);
         return v.elements();
     }
--- a/src/share/classes/javax/crypto/CryptoPermission.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/CryptoPermission.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -475,14 +475,14 @@
 
     private static final long serialVersionUID = -511215555898802763L;
 
-    private Vector permissions;
+    private Vector<Permission> permissions;
 
     /**
      * Creates an empty CryptoPermissionCollection
      * object.
      */
     CryptoPermissionCollection() {
-        permissions = new Vector(3);
+        permissions = new Vector<Permission>(3);
     }
 
     /**
@@ -520,7 +520,7 @@
 
         CryptoPermission cp = (CryptoPermission)permission;
 
-        Enumeration e = permissions.elements();
+        Enumeration<Permission> e = permissions.elements();
 
         while (e.hasMoreElements()) {
             CryptoPermission x = (CryptoPermission) e.nextElement();
@@ -538,7 +538,7 @@
      * @return an enumeration of all the CryptoPermission objects.
      */
 
-    public Enumeration elements()
+    public Enumeration<Permission> elements()
     {
         return permissions.elements();
     }
--- a/src/share/classes/javax/crypto/CryptoPermissions.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/CryptoPermissions.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,14 +62,14 @@
     private static final long serialVersionUID = 4946547168093391015L;
 
     // This class is similar to java.security.Permissions
-    private Hashtable perms;
+    private Hashtable<String, PermissionCollection> perms;
 
     /**
      * Creates a new CryptoPermissions object containing
      * no CryptoPermissionCollections.
      */
     CryptoPermissions() {
-        perms = new Hashtable(7);
+        perms = new Hashtable<String, PermissionCollection>(7);
     }
 
     /**
@@ -166,7 +166,7 @@
      *
      * @return an enumeration of all the Permissions.
      */
-    public Enumeration elements() {
+    public Enumeration<Permission> elements() {
         // go through each Permissions in the hash table
         // and call their elements() function.
         return new PermissionsEnumerator(perms.elements());
@@ -198,8 +198,7 @@
 
 
         PermissionCollection thatWildcard =
-            (PermissionCollection)other.perms.get(
-                                        CryptoPermission.ALG_NAME_WILDCARD);
+                other.perms.get(CryptoPermission.ALG_NAME_WILDCARD);
         int maxKeySize = 0;
         if (thatWildcard != null) {
             maxKeySize = ((CryptoPermission)
@@ -208,14 +207,12 @@
         // For each algorithm in this CryptoPermissions,
         // find out if there is anything we should add into
         // ret.
-        Enumeration thisKeys = this.perms.keys();
+        Enumeration<String> thisKeys = this.perms.keys();
         while (thisKeys.hasMoreElements()) {
-            String alg = (String)thisKeys.nextElement();
+            String alg = thisKeys.nextElement();
 
-            PermissionCollection thisPc =
-                (PermissionCollection)this.perms.get(alg);
-            PermissionCollection thatPc =
-                (PermissionCollection)other.perms.get(alg);
+            PermissionCollection thisPc = this.perms.get(alg);
+            PermissionCollection thatPc = other.perms.get(alg);
 
             CryptoPermission[] partialResult;
 
@@ -238,8 +235,7 @@
         }
 
         PermissionCollection thisWildcard =
-            (PermissionCollection)this.perms.get(
-                                      CryptoPermission.ALG_NAME_WILDCARD);
+                this.perms.get(CryptoPermission.ALG_NAME_WILDCARD);
 
         // If this CryptoPermissions doesn't
         // have a wildcard, we are done.
@@ -252,16 +248,15 @@
         maxKeySize =
             ((CryptoPermission)
                     thisWildcard.elements().nextElement()).getMaxKeySize();
-        Enumeration thatKeys = other.perms.keys();
+        Enumeration<String> thatKeys = other.perms.keys();
         while (thatKeys.hasMoreElements()) {
-            String alg = (String)thatKeys.nextElement();
+            String alg = thatKeys.nextElement();
 
             if (this.perms.containsKey(alg)) {
                 continue;
             }
 
-            PermissionCollection thatPc =
-                (PermissionCollection)other.perms.get(alg);
+            PermissionCollection thatPc = other.perms.get(alg);
 
             CryptoPermission[] partialResult;
 
@@ -286,9 +281,9 @@
      */
     private CryptoPermission[] getMinimum(PermissionCollection thisPc,
                                           PermissionCollection thatPc) {
-        Vector permVector = new Vector(2);
+        Vector<CryptoPermission> permVector = new Vector<>(2);
 
-        Enumeration thisPcPermissions = thisPc.elements();
+        Enumeration<Permission> thisPcPermissions = thisPc.elements();
 
         // For each CryptoPermission in
         // thisPc object, do the following:
@@ -307,7 +302,7 @@
             CryptoPermission thisCp =
                 (CryptoPermission)thisPcPermissions.nextElement();
 
-            Enumeration thatPcPermissions = thatPc.elements();
+            Enumeration<Permission> thatPcPermissions = thatPc.elements();
             while (thatPcPermissions.hasMoreElements()) {
                 CryptoPermission thatCp =
                     (CryptoPermission)thatPcPermissions.nextElement();
@@ -342,9 +337,9 @@
      */
     private CryptoPermission[] getMinimum(int maxKeySize,
                                           PermissionCollection pc) {
-        Vector permVector = new Vector(1);
+        Vector<CryptoPermission> permVector = new Vector<>(1);
 
-        Enumeration enum_ = pc.elements();
+        Enumeration<Permission> enum_ = pc.elements();
 
         while (enum_.hasMoreElements()) {
             CryptoPermission cp =
@@ -383,19 +378,17 @@
         // If this CryptoPermissions includes CryptoAllPermission,
         // we should return CryptoAllPermission.
         if (perms.containsKey(CryptoAllPermission.ALG_NAME)) {
-            return
-                (PermissionCollection)(perms.get(CryptoAllPermission.ALG_NAME));
+            return perms.get(CryptoAllPermission.ALG_NAME);
         }
 
-        PermissionCollection pc = (PermissionCollection)perms.get(alg);
+        PermissionCollection pc = perms.get(alg);
 
         // If there isn't a PermissionCollection for
         // the given algorithm,we should return the
         // PermissionCollection for the wildcard
         // if there is one.
         if (pc == null) {
-            pc = (PermissionCollection)perms.get(
-                                       CryptoPermission.ALG_NAME_WILDCARD);
+            pc = perms.get(CryptoPermission.ALG_NAME_WILDCARD);
         }
         return pc;
     }
@@ -414,7 +407,7 @@
 
         String alg = cryptoPerm.getAlgorithm();
 
-        PermissionCollection pc = (PermissionCollection)perms.get(alg);
+        PermissionCollection pc = perms.get(alg);
 
         if (pc == null) {
             pc = cryptoPerm.newPermissionCollection();
@@ -423,14 +416,14 @@
     }
 }
 
-final class PermissionsEnumerator implements Enumeration {
+final class PermissionsEnumerator implements Enumeration<Permission> {
 
     // all the perms
-    private Enumeration perms;
+    private Enumeration<PermissionCollection> perms;
     // the current set
-    private Enumeration permset;
+    private Enumeration<Permission> permset;
 
-    PermissionsEnumerator(Enumeration e) {
+    PermissionsEnumerator(Enumeration<PermissionCollection> e) {
         perms = e;
         permset = getNextEnumWithMore();
     }
@@ -454,7 +447,7 @@
         return (permset != null);
     }
 
-    public synchronized Object nextElement() {
+    public synchronized Permission nextElement() {
         // hasMoreElements will update permset to the next permset
         // with something in it...
 
@@ -466,11 +459,10 @@
 
     }
 
-    private Enumeration getNextEnumWithMore() {
+    private Enumeration<Permission> getNextEnumWithMore() {
         while (perms.hasMoreElements()) {
-            PermissionCollection pc =
-                (PermissionCollection) perms.nextElement();
-            Enumeration next = pc.elements();
+            PermissionCollection pc = perms.nextElement();
+            Enumeration<Permission> next = pc.elements();
             if (next.hasMoreElements())
                 return next;
         }
--- a/src/share/classes/javax/crypto/CryptoPolicyParser.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/CryptoPolicyParser.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
-import java.util.StringTokenizer;
 import static java.util.Locale.ENGLISH;
 
 import java.security.GeneralSecurityException;
@@ -64,7 +63,7 @@
 
 final class CryptoPolicyParser {
 
-    private Vector grantEntries;
+    private Vector<GrantEntry> grantEntries;
 
     // Convenience variables for parsing
     private StreamTokenizer st;
@@ -74,7 +73,7 @@
      * Creates a CryptoPolicyParser object.
      */
     CryptoPolicyParser() {
-        grantEntries = new Vector();
+        grantEntries = new Vector<GrantEntry>();
     }
 
     /**
@@ -127,7 +126,7 @@
          * The crypto jurisdiction policy must be consistent. The
          * following hashtable is used for checking consistency.
          */
-        Hashtable processedPermissions = null;
+        Hashtable<String, Vector<String>> processedPermissions = null;
 
         /*
          * The main parsing loop.  The loop is executed once for each entry
@@ -152,7 +151,8 @@
     /**
      * parse a Grant entry
      */
-    private GrantEntry parseGrantEntry(Hashtable processedPermissions)
+    private GrantEntry parseGrantEntry(
+            Hashtable<String, Vector<String>> processedPermissions)
         throws ParsingException, IOException
     {
         GrantEntry e = new GrantEntry();
@@ -180,7 +180,7 @@
      * parse a CryptoPermission entry
      */
     private CryptoPermissionEntry parsePermissionEntry(
-                                       Hashtable processedPermissions)
+            Hashtable<String, Vector<String>> processedPermissions)
         throws ParsingException, IOException
     {
         CryptoPermissionEntry e = new CryptoPermissionEntry();
@@ -252,7 +252,7 @@
             // AlgorithmParameterSpec class name.
             String algParamSpecClassName = match("quoted string");
 
-            Vector paramsV = new Vector(1);
+            Vector<Integer> paramsV = new Vector<>(1);
             while (peek(",")) {
                 match(",");
                 if (peek("number")) {
@@ -285,14 +285,14 @@
         AlgorithmParameterSpec ret = null;
 
         try {
-            Class apsClass = Class.forName(type);
-            Class[] paramClasses = new Class[params.length];
+            Class<?> apsClass = Class.forName(type);
+            Class<?>[] paramClasses = new Class<?>[params.length];
 
             for (int i = 0; i < params.length; i++) {
                 paramClasses[i] = int.class;
             }
 
-            Constructor c = apsClass.getConstructor(paramClasses);
+            Constructor<?> c = apsClass.getConstructor(paramClasses);
             ret = (AlgorithmParameterSpec) c.newInstance((Object[]) params);
         } catch (Exception e) {
             throw new ParsingException("Cannot call the constructor of " +
@@ -456,15 +456,15 @@
     }
 
     CryptoPermission[] getPermissions() {
-        Vector result = new Vector();
+        Vector<CryptoPermission> result = new Vector<>();
 
-        Enumeration grantEnum = grantEntries.elements();
+        Enumeration<GrantEntry> grantEnum = grantEntries.elements();
         while (grantEnum.hasMoreElements()) {
-            GrantEntry ge = (GrantEntry)grantEnum.nextElement();
-            Enumeration permEnum = ge.permissionElements();
+            GrantEntry ge = grantEnum.nextElement();
+            Enumeration<CryptoPermissionEntry> permEnum =
+                    ge.permissionElements();
             while (permEnum.hasMoreElements()) {
-                CryptoPermissionEntry pe =
-                    (CryptoPermissionEntry)permEnum.nextElement();
+                CryptoPermissionEntry pe = permEnum.nextElement();
                 if (pe.cryptoPermission.equals(
                                         "javax.crypto.CryptoAllPermission")) {
                     result.addElement(CryptoAllPermission.INSTANCE);
@@ -491,15 +491,14 @@
         return ret;
     }
 
-    private boolean isConsistent(String alg,
-                                 String exemptionMechanism,
-                                 Hashtable processedPermissions) {
+    private boolean isConsistent(String alg, String exemptionMechanism,
+            Hashtable<String, Vector<String>> processedPermissions) {
         String thisExemptionMechanism =
             exemptionMechanism == null ? "none" : exemptionMechanism;
 
         if (processedPermissions == null) {
-            processedPermissions = new Hashtable();
-            Vector exemptionMechanisms = new Vector(1);
+            processedPermissions = new Hashtable<String, Vector<String>>();
+            Vector<String> exemptionMechanisms = new Vector<>(1);
             exemptionMechanisms.addElement(thisExemptionMechanism);
             processedPermissions.put(alg, exemptionMechanisms);
             return true;
@@ -509,15 +508,15 @@
             return false;
         }
 
-        Vector exemptionMechanisms;
+        Vector<String> exemptionMechanisms;
 
         if (processedPermissions.containsKey(alg)) {
-            exemptionMechanisms = (Vector)processedPermissions.get(alg);
+            exemptionMechanisms = processedPermissions.get(alg);
             if (exemptionMechanisms.contains(thisExemptionMechanism)) {
                 return false;
             }
         } else {
-            exemptionMechanisms = new Vector(1);
+            exemptionMechanisms = new Vector<String>(1);
         }
 
         exemptionMechanisms.addElement(thisExemptionMechanism);
@@ -556,10 +555,10 @@
 
     private static class GrantEntry {
 
-        private Vector permissionEntries;
+        private Vector<CryptoPermissionEntry> permissionEntries;
 
         GrantEntry() {
-            permissionEntries = new Vector();
+            permissionEntries = new Vector<CryptoPermissionEntry>();
         }
 
         void add(CryptoPermissionEntry pe)
@@ -580,7 +579,7 @@
         /**
          * Enumerate all the permission entries in this GrantEntry.
          */
-        Enumeration permissionElements(){
+        Enumeration<CryptoPermissionEntry> permissionElements(){
             return permissionEntries.elements();
         }
 
--- a/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@
             throw new NullPointerException("the encoded parameter " +
                                            "must be non-null");
         }
-        this.encoded = (byte[])encoded.clone();
+        this.encoded = encoded.clone();
         DerValue val = new DerValue(this.encoded);
 
         DerValue[] seq = new DerValue[2];
@@ -143,7 +143,7 @@
             throw new IllegalArgumentException("the encryptedData " +
                                                 "parameter must not be empty");
         } else {
-            this.encryptedData = (byte[])encryptedData.clone();
+            this.encryptedData = encryptedData.clone();
         }
         // delay the generation of ASN.1 encoding until
         // getEncoded() is called
@@ -183,7 +183,7 @@
             throw new IllegalArgumentException("the encryptedData " +
                                                 "parameter must not be empty");
         } else {
-            this.encryptedData = (byte[])encryptedData.clone();
+            this.encryptedData = encryptedData.clone();
         }
 
         // delay the generation of ASN.1 encoding until
@@ -222,7 +222,7 @@
      * each time this method is called.
      */
     public byte[] getEncryptedData() {
-        return (byte[])this.encryptedData.clone();
+        return this.encryptedData.clone();
     }
 
     /**
@@ -247,26 +247,13 @@
         throws InvalidKeySpecException {
         byte[] encoded = null;
         try {
-            encoded = cipher.doFinal((byte[])encryptedData);
+            encoded = cipher.doFinal(encryptedData);
             checkPKCS8Encoding(encoded);
-        } catch (GeneralSecurityException gse) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(gse);
-            throw ikse;
-        } catch (IOException ioe) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(ioe);
-            throw ikse;
-        } catch (IllegalStateException ise) {
-            InvalidKeySpecException ikse = new
-                InvalidKeySpecException(
-                    "Cannot retrieve the PKCS8EncodedKeySpec");
-            ikse.initCause(ise);
-            throw ikse;
+        } catch (GeneralSecurityException |
+                 IOException |
+                 IllegalStateException ex) {
+            throw new InvalidKeySpecException(
+                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
         return new PKCS8EncodedKeySpec(encoded);
     }
@@ -289,16 +276,9 @@
         } catch (NoSuchAlgorithmException nsae) {
             // rethrow
             throw nsae;
-        } catch (GeneralSecurityException gse) {
-            InvalidKeyException ike = new InvalidKeyException
-                ("Cannot retrieve the PKCS8EncodedKeySpec");
-            ike.initCause(gse);
-            throw ike;
-        } catch (IOException ioe) {
-            InvalidKeyException ike = new InvalidKeyException
-                ("Cannot retrieve the PKCS8EncodedKeySpec");
-            ike.initCause(ioe);
-            throw ike;
+        } catch (GeneralSecurityException | IOException ex) {
+            throw new InvalidKeyException(
+                    "Cannot retrieve the PKCS8EncodedKeySpec", ex);
         }
         return new PKCS8EncodedKeySpec(encoded);
     }
@@ -413,7 +393,7 @@
             out.write(DerValue.tag_Sequence, tmp);
             this.encoded = out.toByteArray();
         }
-        return (byte[])this.encoded.clone();
+        return this.encoded.clone();
     }
 
     private static void checkTag(DerValue val, byte tag, String valName)
@@ -424,6 +404,7 @@
         }
     }
 
+    @SuppressWarnings("fallthrough")
     private static void checkPKCS8Encoding(byte[] encodedKey)
         throws IOException {
         DerInputStream in = new DerInputStream(encodedKey);
@@ -432,6 +413,7 @@
         switch (values.length) {
         case 4:
             checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
+            /* fall through */
         case 3:
             checkTag(values[0], DerValue.tag_Integer, "version");
             DerInputStream algid = values[1].toDerInputStream();
--- a/src/share/classes/javax/crypto/JarVerifier.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/JarVerifier.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -86,23 +86,19 @@
 
             // Get a link to the Jarfile to search.
             try {
-                jf = (JarFile)
-                    AccessController.doPrivileged(
-                        new PrivilegedExceptionAction() {
-                            public Object run() throws Exception {
-                                JarURLConnection conn =
-                                    (JarURLConnection) url.openConnection();
-                                // You could do some caching here as
-                                // an optimization.
-                                conn.setUseCaches(false);
-                                return conn.getJarFile();
-                            }
-                        });
+                jf = AccessController.doPrivileged(
+                         new PrivilegedExceptionAction<JarFile>() {
+                             public JarFile run() throws Exception {
+                                 JarURLConnection conn =
+                                     (JarURLConnection) url.openConnection();
+                                 // You could do some caching here as
+                                 // an optimization.
+                                 conn.setUseCaches(false);
+                                 return conn.getJarFile();
+                             }
+                         });
             } catch (java.security.PrivilegedActionException pae) {
-                SecurityException se = new SecurityException(
-                    "Cannot load " + url.toString());
-                se.initCause(pae);
-                throw se;
+                throw new SecurityException("Cannot load " + url.toString(), pae);
             }
 
             if (jf != null) {
--- a/src/share/classes/javax/crypto/JceSecurity.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/JceSecurity.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,10 +57,12 @@
     // Map<Provider,?> of the providers we already have verified
     // value == PROVIDER_VERIFIED is successfully verified
     // value is failure cause Exception in error case
-    private final static Map verificationResults = new IdentityHashMap();
+    private final static Map<Provider, Object> verificationResults =
+            new IdentityHashMap<>();
 
     // Map<Provider,?> of the providers currently being verified
-    private final static Map verifyingProviders = new IdentityHashMap();
+    private final static Map<Provider, Object> verifyingProviders =
+            new IdentityHashMap<>();
 
     // Set the default value. May be changed in the static initializer.
     private static boolean isRestricted = true;
@@ -73,25 +75,23 @@
 
     static {
         try {
-            AccessController.doPrivileged(new PrivilegedExceptionAction() {
-                public Object run() throws Exception {
-                    setupJurisdictionPolicies();
-                    return null;
-                }
-            });
+            AccessController.doPrivileged(
+                new PrivilegedExceptionAction<Object>() {
+                    public Object run() throws Exception {
+                        setupJurisdictionPolicies();
+                        return null;
+                    }
+                });
 
             isRestricted = defaultPolicy.implies(
                 CryptoAllPermission.INSTANCE) ? false : true;
         } catch (Exception e) {
-            SecurityException se =
-                new SecurityException(
-                    "Can not initialize cryptographic mechanism");
-            se.initCause(e);
-            throw se;
+            throw new SecurityException(
+                    "Can not initialize cryptographic mechanism", e);
         }
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm,
+    static Instance getInstance(String type, Class<?> clazz, String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
         Service s = GetInstance.getService(type, algorithm, provider);
@@ -104,7 +104,7 @@
         return GetInstance.getInstance(s, clazz);
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm,
+    static Instance getInstance(String type, Class<?> clazz, String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
         Service s = GetInstance.getService(type, algorithm, provider);
         Exception ve = JceSecurity.getVerificationResult(provider);
@@ -116,12 +116,11 @@
         return GetInstance.getInstance(s, clazz);
     }
 
-    static Instance getInstance(String type, Class clazz, String algorithm)
+    static Instance getInstance(String type, Class<?> clazz, String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices(type, algorithm);
+        List<Service> services = GetInstance.getServices(type, algorithm);
         NoSuchAlgorithmException failure = null;
-        for (Iterator t = services.iterator(); t.hasNext(); ) {
-            Service s = (Service)t.next();
+        for (Service s : services) {
             if (canUseProvider(s.getProvider()) == false) {
                 // allow only signed providers
                 continue;
@@ -213,16 +212,17 @@
     }
 
     // reference to a Map we use as a cache for codebases
-    private static final Map codeBaseCacheRef = new WeakHashMap();
+    private static final Map<Class<?>, URL> codeBaseCacheRef =
+            new WeakHashMap<>();
 
     /*
      * Retuns the CodeBase for the given class.
      */
-    static URL getCodeBase(final Class clazz) {
-        URL url = (URL)codeBaseCacheRef.get(clazz);
+    static URL getCodeBase(final Class<?> clazz) {
+        URL url = codeBaseCacheRef.get(clazz);
         if (url == null) {
-            url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
-                public Object run() {
+            url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+                public URL run() {
                     ProtectionDomain pd = clazz.getProtectionDomain();
                     if (pd != null) {
                         CodeSource cs = pd.getCodeSource();
@@ -290,9 +290,9 @@
 
         JarFile jf = new JarFile(jarPathName);
 
-        Enumeration entries = jf.entries();
+        Enumeration<JarEntry> entries = jf.entries();
         while (entries.hasMoreElements()) {
-            JarEntry je = (JarEntry)entries.nextElement();
+            JarEntry je = entries.nextElement();
             InputStream is = null;
             try {
                 if (je.getName().startsWith("default_")) {
--- a/src/share/classes/javax/crypto/JceSecurityManager.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/JceSecurityManager.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@
 import java.security.*;
 import java.net.*;
 import java.util.*;
-import java.util.jar.*;
 
 /**
  * The JCE security manager.
@@ -50,8 +49,10 @@
     private static final CryptoPermissions defaultPolicy;
     private static final CryptoPermissions exemptPolicy;
     private static final CryptoAllPermission allPerm;
-    private static final Vector TrustedCallersCache = new Vector(2);
-    private static final Map exemptCache = new HashMap();
+    private static final Vector<Class<?>> TrustedCallersCache =
+            new Vector<>(2);
+    private static final Map<URL, CryptoPermissions> exemptCache =
+            new HashMap<>();
 
     // singleton instance
     static final JceSecurityManager INSTANCE;
@@ -60,12 +61,12 @@
         defaultPolicy = JceSecurity.getDefaultPolicy();
         exemptPolicy = JceSecurity.getExemptPolicy();
         allPerm = CryptoAllPermission.INSTANCE;
-        INSTANCE = (JceSecurityManager)
-              AccessController.doPrivileged(new PrivilegedAction() {
-                  public Object run() {
-                      return new JceSecurityManager();
-                  }
-              });
+        INSTANCE = AccessController.doPrivileged(
+                new PrivilegedAction<JceSecurityManager>() {
+                    public JceSecurityManager run() {
+                        return new JceSecurityManager();
+                    }
+                });
     }
 
     private JceSecurityManager() {
@@ -94,11 +95,11 @@
         // javax.crypto.* packages.
         // NOTE: javax.crypto.* package maybe subject to package
         // insertion, so need to check its classloader as well.
-        Class[] context = getClassContext();
+        Class<?>[] context = getClassContext();
         URL callerCodeBase = null;
         int i;
         for (i=0; i<context.length; i++) {
-            Class cls = context[i];
+            Class<?> cls = context[i];
             callerCodeBase = JceSecurity.getCodeBase(cls);
             if (callerCodeBase != null) {
                 break;
@@ -119,7 +120,7 @@
         CryptoPermissions appPerms;
         synchronized (this.getClass()) {
             if (exemptCache.containsKey(callerCodeBase)) {
-                appPerms = (CryptoPermissions)exemptCache.get(callerCodeBase);
+                appPerms = exemptCache.get(callerCodeBase);
             } else {
                 appPerms = getAppPermissions(callerCodeBase);
                 exemptCache.put(callerCodeBase, appPerms);
@@ -143,7 +144,7 @@
         if (appPc == null) {
             return defaultPerm;
         }
-        Enumeration enum_ = appPc.elements();
+        Enumeration<Permission> enum_ = appPc.elements();
         while (enum_.hasMoreElements()) {
             CryptoPermission cp = (CryptoPermission)enum_.nextElement();
             if (cp.getExemptionMechanism() == null) {
@@ -215,7 +216,7 @@
      * Returns the default permission for the given algorithm.
      */
     private CryptoPermission getDefaultPermission(String alg) {
-        Enumeration enum_ =
+        Enumeration<Permission> enum_ =
             defaultPolicy.getPermissionCollection(alg).elements();
         return (CryptoPermission)enum_.nextElement();
     }
--- a/src/share/classes/javax/crypto/KeyAgreement.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/KeyAgreement.java	Mon Aug 15 11:48:20 2011 -0700
@@ -93,7 +93,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private final Object lock;
 
@@ -112,7 +112,7 @@
         lock = null;
     }
 
-    private KeyAgreement(Service s, Iterator t, String algorithm) {
+    private KeyAgreement(Service s, Iterator<Service> t, String algorithm) {
         firstService = s;
         serviceIterator = t;
         this.algorithm = algorithm;
@@ -165,11 +165,12 @@
      */
     public static final KeyAgreement getInstance(String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices("KeyAgreement", algorithm);
+        List<Service> services =
+                GetInstance.getServices("KeyAgreement", algorithm);
         // make sure there is at least one service from a signed provider
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -301,7 +302,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
@@ -358,7 +359,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 // if provider says it does not support this key, ignore it
                 if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/KeyGenerator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/KeyGenerator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -127,7 +127,7 @@
 
     private final Object lock = new Object();
 
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private int initType;
     private int initKeySize;
@@ -150,7 +150,8 @@
 
     private KeyGenerator(String algorithm) throws NoSuchAlgorithmException {
         this.algorithm = algorithm;
-        List list = GetInstance.getServices("KeyGenerator", algorithm);
+        List<Service> list =
+                GetInstance.getServices("KeyGenerator", algorithm);
         serviceIterator = list.iterator();
         initType = I_NONE;
         // fetch and instantiate initial spi
@@ -320,7 +321,7 @@
                 return null;
             }
             while (serviceIterator.hasNext()) {
-                Service s = (Service)serviceIterator.next();
+                Service s = serviceIterator.next();
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
                 }
--- a/src/share/classes/javax/crypto/Mac.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/Mac.java	Mon Aug 15 11:48:20 2011 -0700
@@ -95,7 +95,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     private final Object lock;
 
@@ -114,7 +114,7 @@
         lock = null;
     }
 
-    private Mac(Service s, Iterator t, String algorithm) {
+    private Mac(Service s, Iterator<Service> t, String algorithm) {
         firstService = s;
         serviceIterator = t;
         this.algorithm = algorithm;
@@ -163,11 +163,11 @@
      */
     public static final Mac getInstance(String algorithm)
             throws NoSuchAlgorithmException {
-        List services = GetInstance.getServices("Mac", algorithm);
+        List<Service> services = GetInstance.getServices("Mac", algorithm);
         // make sure there is at least one service from a signed provider
-        Iterator t = services.iterator();
+        Iterator<Service> t = services.iterator();
         while (t.hasNext()) {
-            Service s = (Service)t.next();
+            Service s = t.next();
             if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                 continue;
             }
@@ -288,7 +288,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
@@ -331,7 +331,7 @@
                     s = firstService;
                     firstService = null;
                 } else {
-                    s = (Service)serviceIterator.next();
+                    s = serviceIterator.next();
                 }
                 // if provider says it does not support this key, ignore it
                 if (s.supportsParameter(key) == false) {
--- a/src/share/classes/javax/crypto/SealedObject.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/SealedObject.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -193,11 +193,11 @@
      * @exception NullPointerException if the given sealed object is null.
      */
     protected SealedObject(SealedObject so) {
-        this.encryptedContent = (byte[]) so.encryptedContent.clone();
+        this.encryptedContent = so.encryptedContent.clone();
         this.sealAlg = so.sealAlg;
         this.paramsAlg = so.paramsAlg;
         if (so.encodedParams != null) {
-            this.encodedParams = (byte[]) so.encodedParams.clone();
+            this.encodedParams = so.encodedParams.clone();
         } else {
             this.encodedParams = null;
         }
@@ -353,10 +353,8 @@
 
         try {
             return unseal(key, provider);
-        } catch (IllegalBlockSizeException ibse) {
-            throw new InvalidKeyException(ibse.getMessage());
-        } catch (BadPaddingException bpe) {
-            throw new InvalidKeyException(bpe.getMessage());
+        } catch (IllegalBlockSizeException | BadPaddingException ex) {
+            throw new InvalidKeyException(ex.getMessage());
         }
     }
 
@@ -450,9 +448,9 @@
     {
         s.defaultReadObject();
         if (encryptedContent != null)
-            encryptedContent = (byte[])encryptedContent.clone();
+            encryptedContent = encryptedContent.clone();
         if (encodedParams != null)
-            encodedParams = (byte[])encodedParams.clone();
+            encodedParams = encodedParams.clone();
     }
 }
 
@@ -465,7 +463,7 @@
         super(in);
     }
 
-    protected Class resolveClass(ObjectStreamClass v)
+    protected Class<?> resolveClass(ObjectStreamClass v)
         throws IOException, ClassNotFoundException
     {
 
--- a/src/share/classes/javax/crypto/SecretKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/SecretKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -96,7 +96,7 @@
 
     // remaining services to try in provider selection
     // null once provider is selected
-    private Iterator serviceIterator;
+    private Iterator<Service> serviceIterator;
 
     /**
      * Creates a SecretKeyFactory object.
@@ -114,7 +114,8 @@
 
     private SecretKeyFactory(String algorithm) throws NoSuchAlgorithmException {
         this.algorithm = algorithm;
-        List list = GetInstance.getServices("SecretKeyFactory", algorithm);
+        List<Service> list =
+                GetInstance.getServices("SecretKeyFactory", algorithm);
         serviceIterator = list.iterator();
         // fetch and instantiate initial spi
         if (nextSpi(null) == null) {
@@ -290,7 +291,7 @@
                 return null;
             }
             while (serviceIterator.hasNext()) {
-                Service s = (Service)serviceIterator.next();
+                Service s = serviceIterator.next();
                 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
                     continue;
                 }
@@ -367,7 +368,7 @@
      * (e.g., the given key has an algorithm or format not supported by this
      * secret-key factory).
      */
-    public final KeySpec getKeySpec(SecretKey key, Class keySpec)
+    public final KeySpec getKeySpec(SecretKey key, Class<?> keySpec)
             throws InvalidKeySpecException {
         if (serviceIterator == null) {
             return spi.engineGetKeySpec(key, keySpec);
--- a/src/share/classes/javax/crypto/SecretKeyFactorySpi.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/SecretKeyFactorySpi.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@
      * (e.g., the given key has an algorithm or format not supported by this
      * secret-key factory).
      */
-    protected abstract KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+    protected abstract KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
         throws InvalidKeySpecException;
 
     /**
--- a/src/share/classes/javax/crypto/spec/DESKeySpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/DESKeySpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -165,7 +165,7 @@
      * each time this method is called.
      */
     public byte[] getKey() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/DESedeKeySpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/DESedeKeySpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -95,7 +95,7 @@
      * each time this method is called.
      */
     public byte[] getKey() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/IvParameterSpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/IvParameterSpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -94,6 +94,6 @@
      * each time this method is called.
      */
     public byte[] getIV() {
-        return (byte[])this.iv.clone();
+        return this.iv.clone();
     }
 }
--- a/src/share/classes/javax/crypto/spec/PBEKeySpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/PBEKeySpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
     }
 
@@ -109,7 +109,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
         if (salt == null) {
             throw new NullPointerException("the salt parameter " +
@@ -118,7 +118,7 @@
             throw new IllegalArgumentException("the salt parameter " +
                                                 "must not be empty");
         } else {
-            this.salt = (byte[]) salt.clone();
+            this.salt = salt.clone();
         }
         if (iterationCount<=0) {
             throw new IllegalArgumentException("invalid iterationCount value");
@@ -151,7 +151,7 @@
         if ((password == null) || (password.length == 0)) {
             this.password = new char[0];
         } else {
-            this.password = (char[])password.clone();
+            this.password = password.clone();
         }
         if (salt == null) {
             throw new NullPointerException("the salt parameter " +
@@ -160,7 +160,7 @@
             throw new IllegalArgumentException("the salt parameter " +
                                                 "must not be empty");
         } else {
-            this.salt = (byte[]) salt.clone();
+            this.salt = salt.clone();
         }
         if (iterationCount<=0) {
             throw new IllegalArgumentException("invalid iterationCount value");
@@ -196,7 +196,7 @@
         if (password == null) {
             throw new IllegalStateException("password has been cleared");
         }
-        return (char[]) password.clone();
+        return password.clone();
     }
 
     /**
@@ -210,7 +210,7 @@
      */
     public final byte[] getSalt() {
         if (salt != null) {
-            return (byte[]) salt.clone();
+            return salt.clone();
         } else {
             return null;
         }
--- a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.math.BigInteger;
 import java.security.spec.AlgorithmParameterSpec;
 
 /**
@@ -53,7 +52,7 @@
      * @exception NullPointerException if <code>salt</code> is null.
      */
     public PBEParameterSpec(byte[] salt, int iterationCount) {
-        this.salt = (byte[])salt.clone();
+        this.salt = salt.clone();
         this.iterationCount = iterationCount;
     }
 
@@ -64,7 +63,7 @@
      * each time this method is called.
      */
     public byte[] getSalt() {
-        return (byte[])this.salt.clone();
+        return this.salt.clone();
     }
 
     /**
--- a/src/share/classes/javax/crypto/spec/PSource.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/PSource.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
-
 /**
  * This class specifies the source for encoding input P in OAEP Padding,
  * as defined in the
@@ -97,7 +94,7 @@
          */
         public PSpecified(byte[] p) {
             super("PSpecified");
-            this.p = (byte[]) p.clone();
+            this.p = p.clone();
         }
         /**
          * Returns the value of encoding input P.
@@ -105,7 +102,7 @@
          * returned each time this method is called.
          */
         public byte[] getValue() {
-            return (p.length==0? p: (byte[])p.clone());
+            return (p.length==0? p: p.clone());
         }
     }
 }
--- a/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,7 @@
      * Returns a new array each time this method is called.
      */
     public byte[] getIV() {
-        return (iv == null? null:(byte[])iv.clone());
+        return (iv == null? null:iv.clone());
     }
 
    /**
--- a/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -157,7 +157,7 @@
      * Returns a new array each time this method is called.
      */
     public byte[] getIV() {
-        return (iv == null? null:(byte[])iv.clone());
+        return (iv == null? null:iv.clone());
     }
 
    /**
--- a/src/share/classes/javax/crypto/spec/SecretKeySpec.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/javax/crypto/spec/SecretKeySpec.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 
 package javax.crypto.spec;
 
-import java.io.UnsupportedEncodingException;
-import java.security.Key;
 import java.security.spec.KeySpec;
 import javax.crypto.SecretKey;
 
@@ -95,7 +93,7 @@
         if (key.length == 0) {
             throw new IllegalArgumentException("Empty key");
         }
-        this.key = (byte[])key.clone();
+        this.key = key.clone();
         this.algorithm = algorithm;
     }
 
@@ -181,7 +179,7 @@
      * each time this method is called.
      */
     public byte[] getEncoded() {
-        return (byte[])this.key.clone();
+        return this.key.clone();
     }
 
     /**
--- a/src/share/classes/sun/security/acl/AclEntryImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/acl/AclEntryImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -25,7 +25,6 @@
 package sun.security.acl;
 
 import java.util.*;
-import java.io.*;
 import java.security.Principal;
 import java.security.acl.*;
 
@@ -162,6 +161,7 @@
     /**
      * Clones an AclEntry.
      */
+    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
     public synchronized Object clone() {
         AclEntryImpl cloned;
         cloned = new AclEntryImpl(user);
--- a/src/share/classes/sun/security/action/PutAllAction.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/action/PutAllAction.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,9 +41,9 @@
 public class PutAllAction implements PrivilegedAction<Void> {
 
     private final Provider provider;
-    private final Map map;
+    private final Map<?, ?> map;
 
-    public PutAllAction(Provider provider, Map map) {
+    public PutAllAction(Provider provider, Map<?, ?> map) {
         this.provider = provider;
         this.map = map;
     }
--- a/src/share/classes/sun/security/ec/ECDSASignature.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ec/ECDSASignature.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,8 @@
 
 package sun.security.ec;
 
-import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.math.BigInteger;
-import java.util.Arrays;
 
 import java.security.*;
 import java.security.interfaces.*;
@@ -36,7 +34,6 @@
 
 import sun.security.jca.JCAUtil;
 import sun.security.util.*;
-import sun.security.x509.AlgorithmId;
 
 /**
  * ECDSA signature implementation. This class currently supports the
--- a/src/share/classes/sun/security/ec/ECKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ec/ECKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,9 @@
     public final static Provider ecInternalProvider;
 
     static {
-        final Provider p = new Provider("SunEC-Internal", 1.0d, null) {};
+        final Provider p = new Provider("SunEC-Internal", 1.0d, null) {
+            private static final long serialVersionUID = 970685700309471261L;
+        };
         AccessController.doPrivileged(new PrivilegedAction<Void>() {
             public Void run() {
                 p.put("KeyFactory.EC", "sun.security.ec.ECKeyFactory");
@@ -262,12 +264,12 @@
         if (key instanceof ECPublicKey) {
             ECPublicKey ecKey = (ECPublicKey)key;
             if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) {
-                return (T) new ECPublicKeySpec(
+                return keySpec.cast(new ECPublicKeySpec(
                     ecKey.getW(),
                     ecKey.getParams()
-                );
+                ));
             } else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return (T) new X509EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
             } else {
                 throw new InvalidKeySpecException
                         ("KeySpec must be ECPublicKeySpec or "
@@ -275,13 +277,13 @@
             }
         } else if (key instanceof ECPrivateKey) {
             if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
-                return (T) new PKCS8EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
             } else if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
                 ECPrivateKey ecKey = (ECPrivateKey)key;
-                return (T) new ECPrivateKeySpec(
+                return keySpec.cast(new ECPrivateKeySpec(
                     ecKey.getS(),
                     ecKey.getParams()
-                );
+                ));
             } else {
                 throw new InvalidKeySpecException
                         ("KeySpec must be ECPrivateKeySpec or "
--- a/src/share/classes/sun/security/ec/ECParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ec/ECParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -326,9 +326,9 @@
     protected <T extends AlgorithmParameterSpec> T engineGetParameterSpec(Class<T> spec)
             throws InvalidParameterSpecException {
         if (spec.isAssignableFrom(ECParameterSpec.class)) {
-            return (T)paramSpec;
+            return spec.cast(paramSpec);
         } else if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
-            return (T)new ECGenParameterSpec(getCurveName(paramSpec));
+            return spec.cast(new ECGenParameterSpec(getCurveName(paramSpec)));
         } else {
             throw new InvalidParameterSpecException
                 ("Only ECParameterSpec and ECGenParameterSpec supported");
--- a/src/share/classes/sun/security/jca/GetInstance.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jca/GetInstance.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -149,7 +149,7 @@
      * There are overloaded methods for all the permutations.
      */
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm) throws NoSuchAlgorithmException {
         // in the almost all cases, the first service will work
         // avoid taking long path if so
@@ -181,7 +181,7 @@
         throw failure;
     }
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm, Object param) throws NoSuchAlgorithmException {
         List<Service> services = getServices(type, algorithm);
         NoSuchAlgorithmException failure = null;
@@ -200,25 +200,25 @@
         }
     }
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm, String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
         return getInstance(getService(type, algorithm, provider), clazz);
     }
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm, Object param, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
         return getInstance(getService(type, algorithm, provider), clazz, param);
     }
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm, Provider provider)
             throws NoSuchAlgorithmException {
         return getInstance(getService(type, algorithm, provider), clazz);
     }
 
-    public static Instance getInstance(String type, Class clazz,
+    public static Instance getInstance(String type, Class<?> clazz,
             String algorithm, Object param, Provider provider)
             throws NoSuchAlgorithmException {
         return getInstance(getService(type, algorithm, provider), clazz, param);
@@ -231,14 +231,14 @@
      * Signature class.
      */
 
-    public static Instance getInstance(Service s, Class clazz)
+    public static Instance getInstance(Service s, Class<?> clazz)
             throws NoSuchAlgorithmException {
         Object instance = s.newInstance(null);
         checkSuperClass(s, instance.getClass(), clazz);
         return new Instance(s.getProvider(), instance);
     }
 
-    public static Instance getInstance(Service s, Class clazz,
+    public static Instance getInstance(Service s, Class<?> clazz,
             Object param) throws NoSuchAlgorithmException {
         Object instance = s.newInstance(param);
         checkSuperClass(s, instance.getClass(), clazz);
@@ -249,8 +249,8 @@
      * Check is subClass is a subclass of superClass. If not,
      * throw a NoSuchAlgorithmException.
      */
-    public static void checkSuperClass(Service s, Class subClass,
-            Class superClass) throws NoSuchAlgorithmException {
+    public static void checkSuperClass(Service s, Class<?> subClass,
+            Class<?> superClass) throws NoSuchAlgorithmException {
         if (superClass == null) {
             return;
         }
--- a/src/share/classes/sun/security/jca/ProviderList.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jca/ProviderList.java	Mon Aug 15 11:48:20 2011 -0700
@@ -69,6 +69,7 @@
     // used to avoid explicit null checks in various places
     private static final Provider EMPTY_PROVIDER =
         new Provider("##Empty##", 1.0d, "initialization in progress") {
+            private static final long serialVersionUID = 1151354171352296389L;
             // override getService() to return null slightly faster
             public Service getService(String type, String algorithm) {
                 return null;
--- a/src/share/classes/sun/security/jca/Providers.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jca/Providers.java	Mon Aug 15 11:48:20 2011 -0700
@@ -25,10 +25,7 @@
 
 package sun.security.jca;
 
-import java.util.*;
-
 import java.security.Provider;
-import java.security.Security;
 
 /**
  * Collection of methods to get and set provider list. Also includes
@@ -97,11 +94,11 @@
     // sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
     public static Provider getSunProvider() {
         try {
-            Class clazz = Class.forName(jarVerificationProviders[0]);
+            Class<?> clazz = Class.forName(jarVerificationProviders[0]);
             return (Provider)clazz.newInstance();
         } catch (Exception e) {
             try {
-                Class clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
+                Class<?> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
                 return (Provider)clazz.newInstance();
             } catch (Exception ee) {
                 throw new RuntimeException("Sun provider not found", e);
--- a/src/share/classes/sun/security/jgss/GSSUtil.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/GSSUtil.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -316,24 +316,25 @@
      * no Subject present or a Vector which contains 0 or more
      * matching GSSCredentialSpi objects.
      */
-    public static Vector searchSubject(final GSSNameSpi name,
-                                       final Oid mech,
-                                       final boolean initiate,
-                                       final Class credCls) {
+    public static <T extends GSSCredentialSpi> Vector<T>
+            searchSubject(final GSSNameSpi name,
+                          final Oid mech,
+                          final boolean initiate,
+                          final Class<? extends T> credCls) {
         debug("Search Subject for " + getMechStr(mech) +
               (initiate? " INIT" : " ACCEPT") + " cred (" +
               (name == null? "<<DEF>>" : name.toString()) + ", " +
               credCls.getName() + ")");
         final AccessControlContext acc = AccessController.getContext();
         try {
-            Vector creds =
+            Vector<T> creds =
                 AccessController.doPrivileged
-                (new PrivilegedExceptionAction<Vector>() {
-                    public Vector run() throws Exception {
+                (new PrivilegedExceptionAction<Vector<T>>() {
+                    public Vector<T> run() throws Exception {
                         Subject accSubj = Subject.getSubject(acc);
-                        Vector<GSSCredentialSpi> result = null;
+                        Vector<T> result = null;
                         if (accSubj != null) {
-                            result = new Vector<GSSCredentialSpi>();
+                            result = new Vector<T>();
                             Iterator<GSSCredentialImpl> iterator =
                                 accSubj.getPrivateCredentials
                                 (GSSCredentialImpl.class).iterator();
@@ -347,7 +348,7 @@
                                     if (ce.getClass().equals(credCls) &&
                                         (name == null ||
                                          name.equals((Object) ce.getName()))) {
-                                        result.add(ce);
+                                        result.add(credCls.cast(ce));
                                     } else {
                                         debug("......Discard element");
                                     }
--- a/src/share/classes/sun/security/jgss/krb5/CipherHelper.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/CipherHelper.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -139,6 +139,7 @@
         return flag;
     }
 
+    @SuppressWarnings("fallthrough")
     byte[] calculateChecksum(int alg, byte[] header, byte[] trailer,
         byte[] data, int start, int len, int tokenId) throws GSSException {
 
@@ -1265,7 +1266,7 @@
         // Note: When using this RC4 based encryption type, the sequence number
         // is always sent in big-endian rather than little-endian order.
         byte[] seqNum = new byte[4];
-        token.writeBigEndian(token.getSequenceNumber(), seqNum);
+        WrapToken.writeBigEndian(token.getSequenceNumber(), seqNum);
 
         // Krb5Token.debug("\narcFourEncrypt:" + Krb5Token.getHexBytes(all));
 
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1310,6 +1310,8 @@
      * The session key returned by inquireSecContext(KRB5_INQ_SSPI_SESSION_KEY)
      */
     static class KerberosSessionKey implements Key {
+        private static final long serialVersionUID = 699307378954123869L;
+
         private final EncryptionKey key;
 
         KerberosSessionKey(EncryptionKey key) {
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Mon Aug 15 11:48:20 2011 -0700
@@ -193,6 +193,8 @@
     // Each time new keys are read from KeyTab objects in the private
     // credentials set, old ones are removed and new ones added.
     public static class KeysFromKeyTab extends KerberosKey {
+        private static final long serialVersionUID = 8238092170252746927L;
+
         public KeysFromKeyTab(KerberosKey key) {
             super(key.getPrincipal(), key.getEncoded(),
                     key.getKeyType(), key.getVersionNumber());
--- a/src/share/classes/sun/security/jgss/krb5/MessageToken.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/MessageToken.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,10 @@
 
 import org.ietf.jgss.*;
 import sun.security.jgss.*;
-import sun.security.krb5.*;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
-import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
 
 /**
@@ -184,7 +182,7 @@
         try {
             gssHeader = new GSSHeader(is);
 
-            if (!gssHeader.getOid().equals(OID)) {
+            if (!gssHeader.getOid().equals((Object)OID)) {
                 throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                                        getTokenName(tokenId));
             }
--- a/src/share/classes/sun/security/jgss/krb5/SubjectComber.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/krb5/SubjectComber.java	Mon Aug 15 11:48:20 2011 -0700
@@ -56,15 +56,17 @@
     static <T> T find(Subject subject, String serverPrincipal,
         String clientPrincipal, Class<T> credClass) {
 
-        return (T)findAux(subject, serverPrincipal, clientPrincipal, credClass,
-            true);
+        // findAux returns T if oneOnly.
+        return credClass.cast(findAux(subject, serverPrincipal,
+                                      clientPrincipal, credClass, true));
     }
 
+    @SuppressWarnings("unchecked") // findAux returns List<T> if !oneOnly.
     static <T> List<T> findMany(Subject subject, String serverPrincipal,
         String clientPrincipal, Class<T> credClass) {
 
-        return (List<T>)findAux(subject, serverPrincipal, clientPrincipal, credClass,
-            false);
+        return (List<T>)findAux(subject, serverPrincipal, clientPrincipal,
+            credClass, false);
     }
 
     /**
@@ -73,6 +75,7 @@
      *
      * @return the private credentials
      */
+    // Returns T if oneOnly and List<T> if !oneOnly.
     private static <T> Object findAux(Subject subject, String serverPrincipal,
         String clientPrincipal, Class<T> credClass, boolean oneOnly) {
 
@@ -98,11 +101,11 @@
                 }
             } else if (credClass == KerberosKey.class) {
                 // We are looking for credentials for the serverPrincipal
-                Iterator<T> iterator =
-                    subject.getPrivateCredentials(credClass).iterator();
+                Iterator<KerberosKey> iterator =
+                    subject.getPrivateCredentials(KerberosKey.class).iterator();
                 while (iterator.hasNext()) {
-                    T t = iterator.next();
-                    String name = ((KerberosKey)t).getPrincipal().getName();
+                    KerberosKey t = iterator.next();
+                    String name = t.getPrincipal().getName();
                     if (serverPrincipal == null || serverPrincipal.equals(name)) {
                          if (DEBUG) {
                              System.out.println("Found " +
@@ -116,7 +119,7 @@
                                  // belong to the same principal
                                  serverPrincipal = name;
                              }
-                             answer.add(t);
+                             answer.add(credClass.cast(t));
                          }
                     }
                 }
@@ -129,6 +132,7 @@
                     while (iterator.hasNext()) {
                         Object obj = iterator.next();
                         if (obj instanceof KerberosTicket) {
+                            @SuppressWarnings("unchecked")
                             KerberosTicket ticket = (KerberosTicket)obj;
                             if (DEBUG) {
                                 System.out.println("Found ticket for "
@@ -180,7 +184,7 @@
                                                 serverPrincipal =
                                                 ticket.getServer().getName();
                                             }
-                                            answer.add((T)ticket);
+                                            answer.add(credClass.cast(ticket));
                                         }
                                     }
                                 }
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1016,7 +1016,7 @@
         // get the peer name for the mechanism
         if (mechContext != null) {
             GSSNameImpl targName = (GSSNameImpl)mechContext.getTargName();
-            peerName = (GSSNameSpi) targName.getElement(internal_mech);
+            peerName = targName.getElement(internal_mech);
             return peerName;
         } else {
             if (DEBUG) {
@@ -1032,7 +1032,7 @@
         // get the src name for the mechanism
         if (mechContext != null) {
             GSSNameImpl srcName = (GSSNameImpl)mechContext.getSrcName();
-            myName = (GSSNameSpi) srcName.getElement(internal_mech);
+            myName = srcName.getElement(internal_mech);
             return myName;
         } else {
             if (DEBUG) {
@@ -1064,8 +1064,8 @@
             if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {
                 initiate = true;
             }
-            GSSCredentialSpi mechCred = (GSSCredentialSpi)
-                                delegCred.getElement(internal_mech, initiate);
+            GSSCredentialSpi mechCred =
+                    delegCred.getElement(internal_mech, initiate);
             SpNegoCredElement cred = new SpNegoCredElement(mechCred);
             return cred.getInternalCred();
         } else {
--- a/src/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -113,8 +113,7 @@
         }
 
         GSSCredElement credElement =
-            getCredFromSubject((GSSNameElement) nname,
-                               (usage == GSSCredential.INITIATE_ONLY));
+            getCredFromSubject(nname, (usage == GSSCredential.INITIATE_ONLY));
 
         if (credElement == null) {
             // No cred in the Subject
--- a/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java	Mon Aug 15 11:48:20 2011 -0700
@@ -52,7 +52,7 @@
         "sun.security.jgss.wrapper.NativeGSSFactory";
     private static final String LIB_PROP = "sun.security.jgss.lib";
     private static final String DEBUG_PROP = "sun.security.nativegss.debug";
-    private static HashMap MECH_MAP;
+    private static HashMap<String, String> MECH_MAP;
     static final Provider INSTANCE = new SunNativeProvider();
     static boolean DEBUG;
     static void debug(String message) {
@@ -66,8 +66,9 @@
 
     static {
         MECH_MAP =
-            AccessController.doPrivileged(new PrivilegedAction<HashMap>() {
-                    public HashMap run() {
+            AccessController.doPrivileged(
+                new PrivilegedAction<HashMap<String, String>>() {
+                    public HashMap<String, String> run() {
                         DEBUG = Boolean.parseBoolean
                             (System.getProperty(DEBUG_PROP));
                         try {
--- a/src/share/classes/sun/security/krb5/Checksum.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/krb5/Checksum.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -199,7 +199,7 @@
         if (cksumType != cksum.cksumType)
             return false;
         CksumType cksumEngine = CksumType.getInstance(cksumType);
-        return cksumEngine.isChecksumEqual(checksum, cksum.checksum);
+        return CksumType.isChecksumEqual(checksum, cksum.checksum);
     }
 
     /**
--- a/src/share/classes/sun/security/krb5/Config.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/krb5/Config.java	Mon Aug 15 11:48:20 2011 -0700
@@ -45,7 +45,6 @@
 import java.util.List;
 import sun.net.dns.ResolverConfiguration;
 import sun.security.krb5.internal.crypto.EType;
-import sun.security.krb5.internal.ktab.*;
 import sun.security.krb5.internal.Krb5;
 
 /**
@@ -233,15 +232,18 @@
      * @return the value found in config file, returns null if no value
      * matched with the key is found.
      */
-    private String getDefault(String k, Hashtable t) {
+    private String getDefault(String k, Hashtable<String, Object> t) {
         String result = null;
         String key;
         if (stanzaTable != null) {
-            for (Enumeration e = t.keys(); e.hasMoreElements(); ) {
-                key = (String)e.nextElement();
+            for (Enumeration<String> e = t.keys(); e.hasMoreElements(); ) {
+                key = e.nextElement();
                 Object ob = t.get(key);
                 if (ob instanceof Hashtable) {
-                    result = getDefault(k, (Hashtable)ob);
+                    @SuppressWarnings("unchecked") // Checked with an instanceof check
+                    Hashtable<String, Object> table =
+                            (Hashtable<String, Object>)ob;
+                    result = getDefault(k, table);
                     if (result != null) {
                         return result;
                     }
@@ -276,15 +278,20 @@
      * @param section the name of the section.
      * @return the default value, null is returned if it cannot be found.
      */
+    // stanzaTable leads to a lot of unchecked casts since its value type is
+    // STANZATABLE = String | Hashtable<String, STANZATABLE>
+    @SuppressWarnings("unchecked")
     public String getDefault(String name, String section) {
         String stanzaName;
         String result = null;
-        Hashtable subTable;
+        Hashtable<String, Object> subTable;
 
         if (stanzaTable != null) {
-            for (Enumeration e = stanzaTable.keys(); e.hasMoreElements(); ) {
-                stanzaName = (String)e.nextElement();
-                subTable = (Hashtable)stanzaTable.get(stanzaName);
+            for (Enumeration<String> e = stanzaTable.keys();
+                 e.hasMoreElements(); ) {
+                stanzaName = e.nextElement();
+                subTable = (Hashtable<String, Object>)
+                        stanzaTable.get(stanzaName);
                 if (stanzaName.equalsIgnoreCase(section)) {
                     if (subTable.containsKey(name)) {
                         return (String)(subTable.get(name));
@@ -292,7 +299,8 @@
                 } else if (subTable.containsKey(section)) {
                     Object ob = subTable.get(section);
                     if (ob instanceof Hashtable) {
-                        Hashtable temp = (Hashtable)ob;
+                        Hashtable<String, Object> temp =
+                                (Hashtable<String, Object>)ob;
                         if (temp.containsKey(name)) {
                             Object object = temp.get(name);
                             if (object instanceof Vector) {
@@ -819,10 +827,10 @@
     /**
      * Compares the key with the known keys to see if it exists.
      */
-    private boolean exists(String key, Vector v) {
+    private boolean exists(String key, Vector<String> v) {
         boolean exists = false;
         for (int i = 0; i < v.size(); i++) {
-            if (((String)(v.elementAt(i))).equals(key)) {
+            if (v.elementAt(i).equals(key)) {
                 exists = true;
             }
         }
@@ -837,12 +845,15 @@
         listTable(stanzaTable);
     }
 
-    private void listTable(Hashtable table) {
-        Vector v = new Vector();
+    // stanzaTable leads to a lot of unchecked casts since its value type is
+    // STANZATABLE = String | Hashtable<String, STANZATABLE>
+    @SuppressWarnings("unchecked")
+    private void listTable(Hashtable<String, Object> table) {
+        Vector<String> v = new Vector<String>();
         String key;
         if (stanzaTable != null) {
-            for (Enumeration e = table.keys(); e.hasMoreElements(); ) {
-                key = (String)e.nextElement();
+            for (Enumeration<String> e = table.keys(); e.hasMoreElements(); ) {
+                key = e.nextElement();
                 Object object = table.get(key);
                 if (table == stanzaTable) {
                     System.out.println("[" + key + "]");
@@ -850,7 +861,7 @@
                 if (object instanceof Hashtable) {
                     if (table != stanzaTable)
                         System.out.println("\t" + key + " = {");
-                    listTable((Hashtable)object);
+                    listTable((Hashtable<String, Object>)object);
                     if (table != stanzaTable)
                         System.out.println("\t}");
 
@@ -858,10 +869,9 @@
                     System.out.println("\t" + key + " = " +
                                 (String)table.get(key));
                 } else if (object instanceof Vector) {
-                    v = (Vector)object;
+                    v = (Vector<String>)object;
                     for (int i = 0; i < v.size(); i++) {
-                        System.out.println("\t" + key + " = " +
-                                (String)v.elementAt(i));
+                        System.out.println("\t" + key + " = " + v.elementAt(i));
                     }
                 }
             }
@@ -906,7 +916,7 @@
                     ls.add(type);
                 }
             }
-            if (ls.size() == 0) {
+            if (ls.isEmpty()) {
                 if (DEBUG) {
                     System.out.println(
                         "no supported default etypes for " + enctypes);
@@ -1296,7 +1306,7 @@
             sb.append(obj);
             sb.append('\n');
         } else if (obj instanceof Hashtable) {
-            Hashtable tab = (Hashtable)obj;
+            Hashtable<?, ?> tab = (Hashtable<?, ?>)obj;
             for (Object o: tab.keySet()) {
                 sb.append(prefix);
                 sb.append(o);
@@ -1305,7 +1315,7 @@
                 sb.append(prefix + "}\n");
             }
         } else if (obj instanceof Vector) {
-            Vector v = (Vector)obj;
+            Vector<?> v = (Vector<?>)obj;
             for (Object o: v.toArray()) {
                 toStringIndented(prefix + "    ", o, sb);
             }
--- a/src/share/classes/sun/security/krb5/KrbServiceLocator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/krb5/KrbServiceLocator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,12 +26,9 @@
 package sun.security.krb5;
 
 import java.util.Arrays;
-import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.NoSuchElementException;
 import java.util.Random;
 import java.util.StringTokenizer;
-import java.util.List;
 
 import javax.naming.*;
 import javax.naming.directory.*;
@@ -80,7 +77,7 @@
             // the initial context constructor. This avoids having the initial
             // context constructor call itself (when processing the URL
             // argument in the getAttributes call).
-            Context ctx = NamingManager.getURLContext("dns", new Hashtable(0));
+            Context ctx = NamingManager.getURLContext("dns", new Hashtable<>(0));
             if (!(ctx instanceof DirContext)) {
                 return null; // cannot create a DNS context
             }
@@ -141,7 +138,7 @@
             // the initial context constructor. This avoids having the initial
             // context constructor call itself (when processing the URL
             // argument in the getAttributes call).
-            Context ctx = NamingManager.getURLContext("dns", new Hashtable(0));
+            Context ctx = NamingManager.getURLContext("dns", new Hashtable<>(0));
             if (!(ctx instanceof DirContext)) {
                 return null; // cannot create a DNS context
             }
@@ -263,7 +260,7 @@
  * See http://www.ietf.org/rfc/rfc2782.txt
  */
 
-static class SrvRecord implements Comparable {
+static class SrvRecord implements Comparable<SrvRecord> {
 
     int priority;
     int weight;
@@ -295,8 +292,7 @@
      * Sort records in ascending order of priority value. For records with
      * equal priority move those with weight 0 to the top of the list.
      */
-    public int compareTo(Object o) {
-        SrvRecord that = (SrvRecord) o;
+    public int compareTo(SrvRecord that) {
         if (priority > that.priority) {
             return 1; // this > that
         } else if (priority < that.priority) {
--- a/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Mon Aug 15 11:48:20 2011 -0700
@@ -69,9 +69,9 @@
         try {
             FileCredentialsCache fcc = new FileCredentialsCache();
             if (cache == null) {
-                cacheName = fcc.getDefaultCacheName();
+                cacheName = FileCredentialsCache.getDefaultCacheName();
             } else {
-                cacheName = fcc.checkValidation(cache);
+                cacheName = FileCredentialsCache.checkValidation(cache);
             }
             if ((cacheName == null) || !(new File(cacheName)).exists()) {
                 // invalid cache name or the file doesn't exist
@@ -105,7 +105,7 @@
                                                 String name) {
         try {
             FileCredentialsCache fcc = new FileCredentialsCache();
-            cacheName = fcc.checkValidation(name);
+            cacheName = FileCredentialsCache.checkValidation(name);
             if (cacheName == null) {
                 // invalid cache name or the file doesn't exist
                 return null;
@@ -123,7 +123,7 @@
     static synchronized FileCredentialsCache New(PrincipalName principal) {
         try {
             FileCredentialsCache fcc = new FileCredentialsCache();
-            cacheName = fcc.getDefaultCacheName();
+            cacheName = FileCredentialsCache.getDefaultCacheName();
             fcc.init(principal, cacheName);
             return fcc;
         }
--- a/src/share/classes/sun/security/pkcs/ContentInfo.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/ContentInfo.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,9 +163,9 @@
     }
 
     public byte[] getData() throws IOException {
-        if (contentType.equals(DATA_OID) ||
-            contentType.equals(OLD_DATA_OID) ||
-            contentType.equals(TIMESTAMP_TOKEN_INFO_OID)) {
+        if (contentType.equals((Object)DATA_OID) ||
+            contentType.equals((Object)OLD_DATA_OID) ||
+            contentType.equals((Object)TIMESTAMP_TOKEN_INFO_OID)) {
             if (content == null)
                 return null;
             else
--- a/src/share/classes/sun/security/pkcs/PKCS10.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/PKCS10.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 
 package sun.security.pkcs;
 
-import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -225,7 +224,7 @@
          */
         AlgorithmId algId = null;
         try {
-            algId = AlgorithmId.getAlgorithmId(signature.getAlgorithm());
+            algId = AlgorithmId.get(signature.getAlgorithm());
         } catch (NoSuchAlgorithmException nsae) {
             throw new SignatureException(nsae);
         }
--- a/src/share/classes/sun/security/pkcs/PKCS7.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/PKCS7.java	Mon Aug 15 11:48:20 2011 -0700
@@ -153,12 +153,13 @@
         contentType = contentInfo.contentType;
         DerValue content = contentInfo.getContent();
 
-        if (contentType.equals(ContentInfo.SIGNED_DATA_OID)) {
+        if (contentType.equals((Object)ContentInfo.SIGNED_DATA_OID)) {
             parseSignedData(content);
-        } else if (contentType.equals(ContentInfo.OLD_SIGNED_DATA_OID)) {
+        } else if (contentType.equals((Object)ContentInfo.OLD_SIGNED_DATA_OID)) {
             // This is for backwards compatibility with JDK 1.1.x
             parseOldSignedData(content);
-        } else if (contentType.equals(ContentInfo.NETSCAPE_CERT_SEQUENCE_OID)){
+        } else if (contentType.equals((Object)
+                       ContentInfo.NETSCAPE_CERT_SEQUENCE_OID)){
             parseNetscapeCertChain(content);
         } else {
             throw new ParsingException("content type " + contentType +
@@ -477,9 +478,7 @@
                         byte[] encoded = certificates[i].getEncoded();
                         implCerts[i] = new X509CertImpl(encoded);
                     } catch (CertificateException ce) {
-                        IOException ie = new IOException(ce.getMessage());
-                        ie.initCause(ce);
-                        throw ie;
+                        throw new IOException(ce);
                     }
                 }
             }
@@ -501,9 +500,7 @@
                         byte[] encoded = crl.getEncoded();
                         implCRLs.add(new X509CRLImpl(encoded));
                     } catch (CRLException ce) {
-                        IOException ie = new IOException(ce.getMessage());
-                        ie.initCause(ce);
-                        throw ie;
+                        throw new IOException(ce);
                     }
                 }
             }
@@ -562,7 +559,7 @@
                 intResult.addElement(signerInfo);
             }
         }
-        if (intResult.size() != 0) {
+        if (!intResult.isEmpty()) {
 
             SignerInfo[] result = new SignerInfo[intResult.size()];
             intResult.copyInto(result);
--- a/src/share/classes/sun/security/pkcs/PKCS8Key.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/PKCS8Key.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -208,7 +208,7 @@
                 throw new InstantiationException();
             }
 
-            Class keyClass = null;
+            Class<?> keyClass = null;
             try {
                 keyClass = Class.forName(classname);
             } catch (ClassNotFoundException e) {
@@ -342,9 +342,9 @@
 
 
             BigInteger version = val.data.getBigInteger();
-            if (!version.equals(this.version)) {
+            if (!version.equals(PKCS8Key.version)) {
                 throw new IOException("version mismatch: (supported: " +
-                                      Debug.toHexString(this.version) +
+                                      Debug.toHexString(PKCS8Key.version) +
                                       ", parsed: " +
                                       Debug.toHexString(version));
             }
--- a/src/share/classes/sun/security/pkcs/PKCS9Attribute.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/PKCS9Attribute.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -320,11 +320,11 @@
         {new Byte(DerValue.tag_Sequence)}     // SignatureTimestampToken
     };
 
-    private static final Class[] VALUE_CLASSES = new Class[18];
+    private static final Class<?>[] VALUE_CLASSES = new Class<?>[18];
 
     static {
         try {
-            Class str = Class.forName("[Ljava.lang.String;");
+            Class<?> str = Class.forName("[Ljava.lang.String;");
 
             VALUE_CLASSES[0] = null;  // not used
             VALUE_CLASSES[1] = str;   // EMailAddress
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs/SignerInfo.java	Mon Aug 15 11:48:20 2011 -0700
@@ -36,7 +36,6 @@
 import sun.security.x509.AlgorithmId;
 import sun.security.x509.X500Name;
 import sun.security.x509.KeyUsageExtension;
-import sun.security.x509.PKIXExtensions;
 import sun.misc.HexDumpEncoder;
 
 /**
@@ -300,7 +299,7 @@
                        authenticatedAttributes.getAttributeValue(
                          PKCS9Attribute.CONTENT_TYPE_OID);
                 if (contentType == null ||
-                    !contentType.equals(content.contentType))
+                    !contentType.equals((Object)content.contentType))
                     return null;  // contentType does not match, bad SignerInfo
 
                 // now, check message digest
@@ -371,11 +370,11 @@
                                                  + "extension");
                 }
 
-                boolean digSigAllowed = ((Boolean)keyUsage.get(
-                        KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue();
+                boolean digSigAllowed = keyUsage.get(
+                        KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue();
 
-                boolean nonRepuAllowed = ((Boolean)keyUsage.get(
-                        KeyUsageExtension.NON_REPUDIATION)).booleanValue();
+                boolean nonRepuAllowed = keyUsage.get(
+                        KeyUsageExtension.NON_REPUDIATION).booleanValue();
 
                 if (!digSigAllowed && !nonRepuAllowed) {
                     throw new SignatureException("Key usage restricted: "
--- a/src/share/classes/sun/security/pkcs11/Config.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/Config.java	Mon Aug 15 11:48:20 2011 -0700
@@ -552,12 +552,13 @@
 
     private boolean parseBoolean() throws IOException {
         String val = parseWord();
-        if (val.equals("true")) {
-            return true;
-        } else if (val.equals("false")) {
-            return false;
-        } else {
-            throw excToken("Expected boolean value, read:");
+        switch (val) {
+            case "true":
+                return true;
+            case "false":
+                return false;
+            default:
+                throw excToken("Expected boolean value, read:");
         }
     }
 
@@ -886,14 +887,15 @@
 
     private String parseOperation() throws IOException {
         String op = parseWord();
-        if (op.equals("*")) {
-            return TemplateManager.O_ANY;
-        } else if (op.equals("generate")) {
-            return TemplateManager.O_GENERATE;
-        } else if (op.equals("import")) {
-            return TemplateManager.O_IMPORT;
-        } else {
-            throw excLine("Unknown operation " + op);
+        switch (op) {
+            case "*":
+                return TemplateManager.O_ANY;
+            case "generate":
+                return TemplateManager.O_GENERATE;
+            case "import":
+                return TemplateManager.O_IMPORT;
+            default:
+                throw excLine("Unknown operation " + op);
         }
     }
 
@@ -978,6 +980,7 @@
 }
 
 class ConfigurationException extends IOException {
+    private static final long serialVersionUID = 254492758807673194L;
     ConfigurationException(String msg) {
         super(msg);
     }
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -258,7 +258,7 @@
 
     // see JCE spec
     protected byte[] engineGetIV() {
-        return (iv == null) ? null : (byte[]) iv.clone();
+        return (iv == null) ? null : iv.clone();
     }
 
     // see JCE spec
@@ -315,7 +315,7 @@
         byte[] ivValue;
         if (params != null) {
             try {
-                IvParameterSpec ivSpec = (IvParameterSpec)
+                IvParameterSpec ivSpec =
                         params.getParameterSpec(IvParameterSpec.class);
                 ivValue = ivSpec.getIV();
             } catch (InvalidParameterSpecException e) {
--- a/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -212,8 +212,8 @@
         }
     }
 
-    KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -227,15 +227,15 @@
                 attributes[1].getBigInteger(),
                 attributes[2].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // X.509 handled in superclass
             throw new InvalidKeySpecException("Only DHPublicKeySpec and "
                 + "X509EncodedKeySpec supported for DH public keys");
         }
     }
 
-    KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -249,7 +249,7 @@
                 attributes[1].getBigInteger(),
                 attributes[2].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // PKCS#8 handled in superclass
             throw new InvalidKeySpecException("Only DHPrivateKeySpec "
                 + "and PKCS8EncodedKeySpec supported for DH private keys");
--- a/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -208,8 +208,8 @@
         }
     }
 
-    KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (DSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -225,15 +225,15 @@
                 attributes[2].getBigInteger(),
                 attributes[3].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // X.509 handled in superclass
             throw new InvalidKeySpecException("Only DSAPublicKeySpec and "
                 + "X509EncodedKeySpec supported for DSA public keys");
         }
     }
 
-    KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -249,7 +249,7 @@
                 attributes[2].getBigInteger(),
                 attributes[3].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // PKCS#8 handled in superclass
             throw new InvalidKeySpecException("Only DSAPrivateKeySpec "
                 + "and PKCS8EncodedKeySpec supported for DSA private keys");
--- a/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -253,8 +253,8 @@
         }
     }
 
-    KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -265,7 +265,7 @@
             try {
                 ECParameterSpec params = decodeParameters(attributes[1].getByteArray());
                 ECPoint point = decodePoint(attributes[0].getByteArray(), params.getCurve());
-                return new ECPublicKeySpec(point, params);
+                return keySpec.cast(new ECPublicKeySpec(point, params));
             } catch (IOException e) {
                 throw new InvalidKeySpecException("Could not parse key", e);
             }
@@ -275,8 +275,8 @@
         }
     }
 
-    KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -286,7 +286,8 @@
             token.p11.C_GetAttributeValue(session[0].id(), key.keyID, attributes);
             try {
                 ECParameterSpec params = decodeParameters(attributes[1].getByteArray());
-                return new ECPrivateKeySpec(attributes[0].getBigInteger(), params);
+                return keySpec.cast(
+                    new ECPrivateKeySpec(attributes[0].getBigInteger(), params));
             } catch (IOException e) {
                 throw new InvalidKeySpecException("Could not parse key", e);
             }
--- a/src/share/classes/sun/security/pkcs11/P11Key.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Key.java	Mon Aug 15 11:48:20 2011 -0700
@@ -128,7 +128,7 @@
     // see JCA spec
     public final byte[] getEncoded() {
         byte[] b = getEncodedInternal();
-        return (b == null) ? null : (byte[])b.clone();
+        return (b == null) ? null : b.clone();
     }
 
     abstract byte[] getEncodedInternal();
@@ -299,21 +299,22 @@
     // we assume that all components of public keys are always accessible
     static PublicKey publicKey(Session session, long keyID, String algorithm,
             int keyLength, CK_ATTRIBUTE[] attributes) {
-        if (algorithm.equals("RSA")) {
-            return new P11RSAPublicKey
-                (session, keyID, algorithm, keyLength, attributes);
-        } else if (algorithm.equals("DSA")) {
-            return new P11DSAPublicKey
-                (session, keyID, algorithm, keyLength, attributes);
-        } else if (algorithm.equals("DH")) {
-            return new P11DHPublicKey
-                (session, keyID, algorithm, keyLength, attributes);
-        } else if (algorithm.equals("EC")) {
-            return new P11ECPublicKey
-                (session, keyID, algorithm, keyLength, attributes);
-        } else {
-            throw new ProviderException
-                ("Unknown public key algorithm " + algorithm);
+        switch (algorithm) {
+            case "RSA":
+                return new P11RSAPublicKey
+                    (session, keyID, algorithm, keyLength, attributes);
+            case "DSA":
+                return new P11DSAPublicKey
+                    (session, keyID, algorithm, keyLength, attributes);
+            case "DH":
+                return new P11DHPublicKey
+                    (session, keyID, algorithm, keyLength, attributes);
+            case "EC":
+                return new P11ECPublicKey
+                    (session, keyID, algorithm, keyLength, attributes);
+            default:
+                throw new ProviderException
+                    ("Unknown public key algorithm " + algorithm);
         }
     }
 
@@ -328,42 +329,43 @@
             return new P11PrivateKey
                 (session, keyID, algorithm, keyLength, attributes);
         } else {
-            if (algorithm.equals("RSA")) {
-                // XXX better test for RSA CRT keys (single getAttributes() call)
-                // we need to determine whether this is a CRT key
-                // see if we can obtain the public exponent
-                // this should also be readable for sensitive/extractable keys
-                CK_ATTRIBUTE[] attrs2 = new CK_ATTRIBUTE[] {
-                    new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT),
-                };
-                boolean crtKey;
-                try {
-                    session.token.p11.C_GetAttributeValue
-                        (session.id(), keyID, attrs2);
-                    crtKey = (attrs2[0].pValue instanceof byte[]);
-                } catch (PKCS11Exception e) {
-                    // ignore, assume not available
-                    crtKey = false;
-                }
-                if (crtKey) {
-                    return new P11RSAPrivateKey
+            switch (algorithm) {
+                case "RSA":
+                    // XXX better test for RSA CRT keys (single getAttributes() call)
+                    // we need to determine whether this is a CRT key
+                    // see if we can obtain the public exponent
+                    // this should also be readable for sensitive/extractable keys
+                    CK_ATTRIBUTE[] attrs2 = new CK_ATTRIBUTE[] {
+                        new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT),
+                    };
+                    boolean crtKey;
+                    try {
+                        session.token.p11.C_GetAttributeValue
+                            (session.id(), keyID, attrs2);
+                        crtKey = (attrs2[0].pValue instanceof byte[]);
+                    } catch (PKCS11Exception e) {
+                        // ignore, assume not available
+                        crtKey = false;
+                    }
+                    if (crtKey) {
+                        return new P11RSAPrivateKey
+                                (session, keyID, algorithm, keyLength, attributes);
+                    } else {
+                        return new P11RSAPrivateNonCRTKey
+                                (session, keyID, algorithm, keyLength, attributes);
+                    }
+                case "DSA":
+                    return new P11DSAPrivateKey
                             (session, keyID, algorithm, keyLength, attributes);
-                } else {
-                    return new P11RSAPrivateNonCRTKey
+                case "DH":
+                    return new P11DHPrivateKey
                             (session, keyID, algorithm, keyLength, attributes);
-                }
-            } else if (algorithm.equals("DSA")) {
-                return new P11DSAPrivateKey
-                        (session, keyID, algorithm, keyLength, attributes);
-            } else if (algorithm.equals("DH")) {
-                return new P11DHPrivateKey
-                        (session, keyID, algorithm, keyLength, attributes);
-            } else if (algorithm.equals("EC")) {
-                return new P11ECPrivateKey
-                        (session, keyID, algorithm, keyLength, attributes);
-            } else {
-                throw new ProviderException
-                        ("Unknown private key algorithm " + algorithm);
+                case "EC":
+                    return new P11ECPrivateKey
+                            (session, keyID, algorithm, keyLength, attributes);
+                default:
+                    throw new ProviderException
+                            ("Unknown private key algorithm " + algorithm);
             }
         }
     }
@@ -371,6 +373,8 @@
     // class for sensitive and unextractable private keys
     private static final class P11PrivateKey extends P11Key
                                                 implements PrivateKey {
+        private static final long serialVersionUID = -2138581185214187615L;
+
         P11PrivateKey(Session session, long keyID, String algorithm,
                 int keyLength, CK_ATTRIBUTE[] attributes) {
             super(PRIVATE, session, keyID, algorithm, keyLength, attributes);
@@ -387,6 +391,7 @@
     }
 
     private static class P11SecretKey extends P11Key implements SecretKey {
+        private static final long serialVersionUID = -7828241727014329084L;
         private volatile byte[] encoded;
         P11SecretKey(Session session, long keyID, String algorithm,
                 int keyLength, CK_ATTRIBUTE[] attributes) {
@@ -434,6 +439,8 @@
 
     private static class P11TlsMasterSecretKey extends P11SecretKey
             implements TlsMasterSecret {
+        private static final long serialVersionUID = -1318560923770573441L;
+
         private final int majorVersion, minorVersion;
         P11TlsMasterSecretKey(Session session, long keyID, String algorithm,
                 int keyLength, CK_ATTRIBUTE[] attributes, int major, int minor) {
@@ -453,6 +460,8 @@
     // RSA CRT private key
     private static final class P11RSAPrivateKey extends P11Key
                 implements RSAPrivateCrtKey {
+        private static final long serialVersionUID = 9215872438913515220L;
+
         private BigInteger n, e, d, p, q, pe, qe, coeff;
         private byte[] encoded;
         P11RSAPrivateKey(Session session, long keyID, String algorithm,
@@ -563,6 +572,8 @@
     // RSA non-CRT private key
     private static final class P11RSAPrivateNonCRTKey extends P11Key
                 implements RSAPrivateKey {
+        private static final long serialVersionUID = 1137764983777411481L;
+
         private BigInteger n, d;
         private byte[] encoded;
         P11RSAPrivateNonCRTKey(Session session, long keyID, String algorithm,
@@ -624,6 +635,8 @@
 
     private static final class P11RSAPublicKey extends P11Key
                                                 implements RSAPublicKey {
+        private static final long serialVersionUID = -826726289023854455L;
+
         private BigInteger n, e;
         private byte[] encoded;
         P11RSAPublicKey(Session session, long keyID, String algorithm,
@@ -676,6 +689,8 @@
 
     private static final class P11DSAPublicKey extends P11Key
                                                 implements DSAPublicKey {
+        private static final long serialVersionUID = 5989753793316396637L;
+
         private BigInteger y;
         private DSAParams params;
         private byte[] encoded;
@@ -737,6 +752,8 @@
 
     private static final class P11DSAPrivateKey extends P11Key
                                                 implements DSAPrivateKey {
+        private static final long serialVersionUID = 3119629997181999389L;
+
         private BigInteger x;
         private DSAParams params;
         private byte[] encoded;
@@ -798,6 +815,8 @@
 
     private static final class P11DHPrivateKey extends P11Key
                                                 implements DHPrivateKey {
+        private static final long serialVersionUID = -1698576167364928838L;
+
         private BigInteger x;
         private DHParameterSpec params;
         private byte[] encoded;
@@ -860,6 +879,8 @@
 
     private static final class P11DHPublicKey extends P11Key
                                                 implements DHPublicKey {
+        static final long serialVersionUID = -598383872153843657L;
+
         private BigInteger y;
         private DHParameterSpec params;
         private byte[] encoded;
@@ -922,6 +943,8 @@
 
     private static final class P11ECPrivateKey extends P11Key
                                                 implements ECPrivateKey {
+        private static final long serialVersionUID = -7786054399510515515L;
+
         private BigInteger s;
         private ECParameterSpec params;
         private byte[] encoded;
@@ -982,6 +1005,8 @@
 
     private static final class P11ECPublicKey extends P11Key
                                                 implements ECPublicKey {
+        private static final long serialVersionUID = -6371481375154806089L;
+
         private ECPoint w;
         private ECParameterSpec params;
         private byte[] encoded;
--- a/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -143,8 +143,8 @@
             // just in case not, attempt conversion
             P11DHKeyFactory kf = new P11DHKeyFactory(token, "DH");
             try {
-                DHPublicKeySpec spec = (DHPublicKeySpec)kf.engineGetKeySpec
-                                                (key, DHPublicKeySpec.class);
+                DHPublicKeySpec spec = kf.engineGetKeySpec(
+                        key, DHPublicKeySpec.class);
                 y = spec.getY();
                 p = spec.getP();
                 g = spec.getG();
--- a/src/share/classes/sun/security/pkcs11/P11KeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
 import java.security.spec.*;
 
 import sun.security.pkcs11.wrapper.PKCS11Exception;
-import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
  * KeyFactory base class. Provides common infrastructure for the RSA, DSA,
@@ -77,7 +76,7 @@
         if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)
                 || X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
             try {
-                return (T)implGetSoftwareFactory().getKeySpec(key, keySpec);
+                return implGetSoftwareFactory().getKeySpec(key, keySpec);
             } catch (GeneralSecurityException e) {
                 throw new InvalidKeySpecException("Could not encode key", e);
             }
@@ -92,9 +91,9 @@
         Session[] session = new Session[1];
         try {
             if (p11Key.isPublic()) {
-                return (T)implGetPublicKeySpec(p11Key, keySpec, session);
+                return implGetPublicKeySpec(p11Key, keySpec, session);
             } else {
-                return (T)implGetPrivateKeySpec(p11Key, keySpec, session);
+                return implGetPrivateKeySpec(p11Key, keySpec, session);
             }
         } catch (PKCS11Exception e) {
             throw new InvalidKeySpecException("Could not generate KeySpec", e);
@@ -138,10 +137,10 @@
         }
     }
 
-    abstract KeySpec implGetPublicKeySpec(P11Key key, Class keySpec,
+    abstract <T extends KeySpec> T  implGetPublicKeySpec(P11Key key, Class<T> keySpec,
             Session[] session) throws PKCS11Exception, InvalidKeySpecException;
 
-    abstract KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec,
+    abstract <T extends KeySpec> T  implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
             Session[] session) throws PKCS11Exception, InvalidKeySpecException;
 
     abstract PublicKey implTranslatePublicKey(PublicKey key)
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,12 +34,9 @@
 import java.io.UnsupportedEncodingException;
 
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.HashMap;
@@ -48,7 +45,6 @@
 import java.security.*;
 import java.security.KeyStore.*;
 
-import java.security.cert.CertPath;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateFactory;
@@ -60,7 +56,6 @@
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.*;
 
-import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.callback.Callback;
@@ -69,7 +64,6 @@
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import sun.security.util.Debug;
-import sun.security.x509.SerialNumber;
 import sun.security.util.DerValue;
 
 import sun.security.ec.ECParameters;
@@ -235,7 +229,7 @@
 
         private PasswordCallbackHandler(char[] password) {
             if (password != null) {
-                this.password = (char[])password.clone();
+                this.password = password.clone();
             }
         }
 
@@ -331,10 +325,8 @@
 
             // did not find anything
             return null;
-        } catch (PKCS11Exception pe) {
-            throw new ProviderException(pe);
-        } catch (KeyStoreException ke) {
-            throw new ProviderException(ke);
+        } catch (PKCS11Exception | KeyStoreException e) {
+            throw new ProviderException(e);
         } finally {
             token.releaseSession(session);
         }
@@ -458,10 +450,8 @@
             } else if (key instanceof SecretKey) {
                 entry = new KeyStore.SecretKeyEntry((SecretKey)key);
             }
-        } catch (NullPointerException npe) {
-            throw new KeyStoreException(npe);
-        } catch (IllegalArgumentException iae) {
-            throw new KeyStoreException(iae);
+        } catch (NullPointerException | IllegalArgumentException e) {
+            throw new KeyStoreException(e);
         }
         engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password));
     }
@@ -566,10 +556,8 @@
                 } else {
                     throw new KeyStoreException("unexpected entry type");
                 }
-            } catch (PKCS11Exception pe) {
-                throw new KeyStoreException(pe);
-            } catch (CertificateException ce) {
-                throw new KeyStoreException(ce);
+            } catch (PKCS11Exception | CertificateException e) {
+                throw new KeyStoreException(e);
             }
         }
         return false;
@@ -770,18 +758,8 @@
             if (debug != null) {
                 dumpTokenMap();
             }
-        } catch (LoginException le) {
-            IOException ioe = new IOException("load failed");
-            ioe.initCause(le);
-            throw ioe;
-        } catch (KeyStoreException kse) {
-            IOException ioe = new IOException("load failed");
-            ioe.initCause(kse);
-            throw ioe;
-        } catch (PKCS11Exception pe) {
-            IOException ioe = new IOException("load failed");
-            ioe.initCause(pe);
-            throw ioe;
+        } catch (LoginException | KeyStoreException | PKCS11Exception e) {
+            throw new IOException("load failed", e);
         }
     }
 
@@ -860,11 +838,7 @@
             if (debug != null) {
                 dumpTokenMap();
             }
-        } catch (LoginException e) {
-            throw new IOException("load failed", e);
-        } catch (KeyStoreException e) {
-            throw new IOException("load failed", e);
-        } catch (PKCS11Exception e) {
+        } catch (LoginException | KeyStoreException | PKCS11Exception e) {
             throw new IOException("load failed", e);
         }
     }
@@ -1054,9 +1028,7 @@
                 storeCert(alias, xcert);
                 module.setTrust(token, xcert);
                 mapLabels();
-            } catch (PKCS11Exception e) {
-                throw new KeyStoreException(e);
-            } catch (CertificateException e) {
+            } catch (PKCS11Exception | CertificateException e) {
                 throw new KeyStoreException(e);
             }
 
@@ -1118,10 +1090,8 @@
                         storePkey(alias, (KeyStore.PrivateKeyEntry)entry);
                     }
 
-                } catch (PKCS11Exception pe) {
+                } catch (PKCS11Exception | CertificateException pe) {
                     throw new KeyStoreException(pe);
-                } catch (CertificateException ce) {
-                    throw new KeyStoreException(ce);
                 }
 
             } else if (entry instanceof KeyStore.SecretKeyEntry) {
@@ -1158,10 +1128,8 @@
                 if (debug != null) {
                     dumpTokenMap();
                 }
-            } catch (PKCS11Exception pe) {
+            } catch (PKCS11Exception | CertificateException pe) {
                 throw new KeyStoreException(pe);
-            } catch (CertificateException ce) {
-                throw new KeyStoreException(ce);
             }
         }
 
@@ -1870,7 +1838,7 @@
                 debug.println("creating RSAPrivateKey attrs");
             }
 
-            RSAPrivateKey rsaKey = (RSAPrivateKey)key;
+            RSAPrivateKey rsaKey = key;
 
             attrs = new CK_ATTRIBUTE[] {
                 ATTR_TOKEN_TRUE,
@@ -2662,7 +2630,7 @@
     private void dumpTokenMap() {
         Set<String> aliases = aliasMap.keySet();
         System.out.println("Token Alias Map:");
-        if (aliases.size() == 0) {
+        if (aliases.isEmpty()) {
             System.out.println("  [empty]");
         } else {
             for (String s : aliases) {
--- a/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -130,10 +130,7 @@
                 rs.getModulus(),
                 rs.getPublicExponent()
             );
-        } catch (PKCS11Exception e) {
-            throw new InvalidKeySpecException
-                ("Could not create RSA public key", e);
-        } catch (InvalidKeyException e) {
+        } catch (PKCS11Exception | InvalidKeyException e) {
             throw new InvalidKeySpecException
                 ("Could not create RSA public key", e);
         }
@@ -177,10 +174,7 @@
                 throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
                     + "and PKCS8EncodedKeySpec supported for RSA private keys");
             }
-        } catch (PKCS11Exception e) {
-            throw new InvalidKeySpecException
-                ("Could not create RSA private key", e);
-        } catch (InvalidKeyException e) {
+        } catch (PKCS11Exception | InvalidKeyException e) {
             throw new InvalidKeySpecException
                 ("Could not create RSA private key", e);
         }
@@ -260,8 +254,8 @@
         }
     }
 
-    KeySpec implGetPublicKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -273,15 +267,15 @@
                 attributes[0].getBigInteger(),
                 attributes[1].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // X.509 handled in superclass
             throw new InvalidKeySpecException("Only RSAPublicKeySpec and "
                 + "X509EncodedKeySpec supported for RSA public keys");
         }
     }
 
-    KeySpec implGetPrivateKeySpec(P11Key key, Class keySpec, Session[] session)
-            throws PKCS11Exception, InvalidKeySpecException {
+    <T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
+            Session[] session) throws PKCS11Exception, InvalidKeySpecException {
         if (RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -305,7 +299,7 @@
                 attributes[6].getBigInteger(),
                 attributes[7].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else if (RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
             session[0] = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -317,7 +311,7 @@
                 attributes[0].getBigInteger(),
                 attributes[1].getBigInteger()
             );
-            return spec;
+            return keySpec.cast(spec);
         } else { // PKCS#8 handled in superclass
             throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
                 + "and PKCS8EncodedKeySpec supported for RSA private keys");
--- a/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -319,7 +319,7 @@
     }
 
     // see JCE spec
-    protected KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
             throws InvalidKeySpecException {
         token.ensureValid();
         if ((key == null) || (keySpec == null)) {
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -396,7 +396,7 @@
         ensureInitialized();
         switch (type) {
         case T_UPDATE:
-            buffer[0] = (byte)b;
+            buffer[0] = b;
             engineUpdate(buffer, 0, 1);
             break;
         case T_DIGEST:
--- a/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -98,6 +98,8 @@
 
     // SecretKeySpec does not allow zero length keys, so we define our own class.
     private static final SecretKey NULL_KEY = new SecretKey() {
+        private static final long serialVersionUID = -8090049519656411362L;
+
         public byte[] getEncoded() {
             return new byte[0];
         }
--- a/src/share/classes/sun/security/pkcs11/P11Util.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Util.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@
         p = Security.getProvider(providerName);
         if (p == null) {
             try {
-                Class clazz = Class.forName(className);
+                Class<?> clazz = Class.forName(className);
                 p = (Provider)clazz.newInstance();
             } catch (Exception e) {
                 throw new ProviderException
--- a/src/share/classes/sun/security/pkcs11/Secmod.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/Secmod.java	Mon Aug 15 11:48:20 2011 -0700
@@ -236,6 +236,7 @@
             throw new IllegalStateException(e);
         }
         if (modules == null) {
+            @SuppressWarnings("unchecked")
             List<Module> modules = (List<Module>)nssGetModuleList(nssHandle,
                 nssLibDir);
             this.modules = Collections.unmodifiableList(modules);
--- a/src/share/classes/sun/security/pkcs11/wrapper/Functions.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/wrapper/Functions.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -517,7 +517,7 @@
 
         if (array != null) {
             for (int i = 0; (i < 4) && (i < array.length); i++) {
-                hash ^= ((int) (0xFF & array[i])) << ((i%4) << 3);
+                hash ^= (0xFF & array[i]) << ((i%4) << 3);
             }
         }
 
@@ -537,7 +537,7 @@
 
         if (array != null) {
             for (int i = 0; (i < 4) && (i < array.length); i++) {
-                hash ^= ((int) (0xFFFF & array[i])) << ((i%2) << 4);
+                hash ^= (0xFFFF & array[i]) << ((i%2) << 4);
             }
         }
 
@@ -557,18 +557,18 @@
 
         if (date != null) {
             if (date.year.length == 4) {
-                hash ^= ((int) (0xFFFF & date.year[0])) << 16;
-                hash ^= (int) (0xFFFF & date.year[1]);
-                hash ^= ((int) (0xFFFF & date.year[2])) << 16;
-                hash ^= (int) (0xFFFF & date.year[3]);
+                hash ^= (0xFFFF & date.year[0]) << 16;
+                hash ^= 0xFFFF & date.year[1];
+                hash ^= (0xFFFF & date.year[2]) << 16;
+                hash ^= 0xFFFF & date.year[3];
             }
             if (date.month.length == 2) {
-                hash ^= ((int) (0xFFFF & date.month[0])) << 16;
-                hash ^= (int) (0xFFFF & date.month[1]);
+                hash ^= (0xFFFF & date.month[0]) << 16;
+                hash ^= 0xFFFF & date.month[1];
             }
             if (date.day.length == 2) {
-                hash ^= ((int) (0xFFFF & date.day[0])) << 16;
-                hash ^= (int) (0xFFFF & date.day[1]);
+                hash ^= (0xFFFF & date.day[0]) << 16;
+                hash ^= 0xFFFF & date.day[1];
             }
         }
 
--- a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -63,6 +63,7 @@
  * @invariants
  */
 public class PKCS11Exception extends Exception {
+    private static final long serialVersionUID = 4877072363729195L;
 
     /**
      * The code of the error which was the reason for this exception.
--- a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11RuntimeException.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11RuntimeException.java	Mon Aug 15 11:48:20 2011 -0700
@@ -57,6 +57,7 @@
  * @invariants
  */
 public class PKCS11RuntimeException extends RuntimeException {
+    private static final long serialVersionUID = 7889842162743590564L;
 
     /**
      * Empty constructor.
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,13 +41,10 @@
 import java.security.cert.CertificateException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.*;
-import java.math.*;
 
 import java.security.AlgorithmParameters;
-import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.SecretKey;
 import javax.crypto.Cipher;
@@ -417,10 +414,8 @@
             // add the entry
             entries.put(alias.toLowerCase(), entry);
         } catch (Exception nsae) {
-            KeyStoreException ke = new KeyStoreException("Key protection " +
-                                        " algorithm not found: " + nsae);
-            ke.initCause(nsae);
-            throw ke;
+            throw new KeyStoreException("Key protection " +
+                       " algorithm not found: " + nsae, nsae);
         }
     }
 
@@ -456,10 +451,8 @@
         try {
             new EncryptedPrivateKeyInfo(key);
         } catch (IOException ioe) {
-            KeyStoreException ke = new KeyStoreException("Private key is not"
-                        + " stored as PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
-            ke.initCause(ioe);
-            throw ke;
+            throw new KeyStoreException("Private key is not stored"
+                    + " as PKCS#8 EncryptedPrivateKeyInfo: " + ioe, ioe);
         }
 
         KeyEntry entry = new KeyEntry();
@@ -513,11 +506,8 @@
            algParams = AlgorithmParameters.getInstance(algorithm);
            algParams.init(paramSpec);
         } catch (Exception e) {
-           IOException ioe =
-                new IOException("getAlgorithmParameters failed: " +
-                                e.getMessage());
-           ioe.initCause(e);
-           throw ioe;
+           throw new IOException("getAlgorithmParameters failed: " +
+                                 e.getMessage(), e);
         }
         return algParams;
     }
@@ -544,11 +534,8 @@
                 algParams.init(params.toByteArray());
             }
         } catch (Exception e) {
-           IOException ioe =
-                new IOException("parseAlgParameters failed: " +
-                                e.getMessage());
-           ioe.initCause(e);
-           throw ioe;
+           throw new IOException("parseAlgParameters failed: " +
+                                 e.getMessage(), e);
         }
         return algParams;
     }
@@ -565,10 +552,8 @@
             SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
             skey = skFac.generateSecret(keySpec);
         } catch (Exception e) {
-           IOException ioe = new IOException("getSecretKey failed: " +
-                                        e.getMessage());
-           ioe.initCause(e);
-           throw ioe;
+           throw new IOException("getSecretKey failed: " +
+                                 e.getMessage(), e);
         }
         return skey;
     }
@@ -826,9 +811,7 @@
             md.update(data);
             digest = md.digest();
         } catch (Exception e) {
-            IOException ioe = new IOException("generateHash failed: " + e);
-            ioe.initCause(e);
-            throw ioe;
+            throw new IOException("generateHash failed: " + e, e);
         }
         return digest;
     }
@@ -866,9 +849,7 @@
             bytes.write(macData.getEncoded());
             mData = bytes.toByteArray();
         } catch (Exception e) {
-            IOException ioe = new IOException("calculateMac failed: " + e);
-            ioe.initCause(e);
-            throw ioe;
+            throw new IOException("calculateMac failed: " + e, e);
         }
         return mData;
     }
@@ -1149,10 +1130,8 @@
             encryptedData = cipher.doFinal(data);
 
         } catch (Exception e) {
-            IOException ioe = new IOException("Failed to encrypt" +
-                                " safe contents entry: " + e);
-            ioe.initCause(e);
-            throw ioe;
+            throw new IOException("Failed to encrypt" +
+                    " safe contents entry: " + e, e);
         }
 
         // create EncryptedContentInfo
@@ -1220,7 +1199,7 @@
         ContentInfo authSafe = new ContentInfo(s);
         ObjectIdentifier contentType = authSafe.getContentType();
 
-        if (contentType.equals(ContentInfo.DATA_OID)) {
+        if (contentType.equals((Object)ContentInfo.DATA_OID)) {
            authSafeData = authSafe.getData();
         } else /* signed data */ {
            throw new IOException("public key protected PKCS12 not supported");
@@ -1246,7 +1225,7 @@
             safeContents = new ContentInfo(sci);
             contentType = safeContents.getContentType();
             safeContentsData = null;
-            if (contentType.equals(ContentInfo.DATA_OID)) {
+            if (contentType.equals((Object)ContentInfo.DATA_OID)) {
                 safeContentsData = safeContents.getData();
             } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
                 if (password == null) {
@@ -1280,10 +1259,8 @@
                     safeContentsData = cipher.doFinal(safeContentsData);
 
                 } catch (Exception e) {
-                    IOException ioe = new IOException("failed to decrypt safe"
-                                        + " contents entry: " + e);
-                    ioe.initCause(e);
-                    throw ioe;
+                    throw new IOException("failed to decrypt safe"
+                            + " contents entry: " + e, e);
                 }
             } else {
                 throw new IOException("public key protected PKCS12" +
@@ -1319,10 +1296,7 @@
                                         " integrity checking");
                 }
            } catch (Exception e) {
-                IOException ioe =
-                        new IOException("Integrity check failed: " + e);
-                ioe.initCause(e);
-                throw ioe;
+                throw new IOException("Integrity check failed: " + e, e);
            }
         }
 
@@ -1402,12 +1376,12 @@
                                         + bagValue.tag);
             }
             bagValue = bagValue.data.getDerValue();
-            if (bagId.equals(PKCS8ShroudedKeyBag_OID)) {
+            if (bagId.equals((Object)PKCS8ShroudedKeyBag_OID)) {
                 KeyEntry kEntry = new KeyEntry();
                 kEntry.protectedPrivKey = bagValue.toByteArray();
                 bagItem = kEntry;
                 privateKeyCount++;
-            } else if (bagId.equals(CertBag_OID)) {
+            } else if (bagId.equals((Object)CertBag_OID)) {
                 DerInputStream cs = new DerInputStream(bagValue.toByteArray());
                 DerValue[] certValues = cs.getSequence(2);
                 ObjectIdentifier certId = certValues[0].getOID();
@@ -1453,9 +1427,9 @@
                         throw new IOException("Attribute " + attrId +
                                 " should have a value " + e.getMessage());
                     }
-                    if (attrId.equals(PKCS9FriendlyName_OID)) {
+                    if (attrId.equals((Object)PKCS9FriendlyName_OID)) {
                         alias = valSet[0].getBMPString();
-                    } else if (attrId.equals(PKCS9LocalKeyId_OID)) {
+                    } else if (attrId.equals((Object)PKCS9LocalKeyId_OID)) {
                         keyId = valSet[0].getOctetString();
                     } else {
                         // log error message for "unknown attr"
--- a/src/share/classes/sun/security/provider/DSAKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/DSAKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,15 +25,12 @@
 
 package sun.security.provider;
 
-import java.util.*;
-import java.lang.*;
 import java.security.Key;
 import java.security.PublicKey;
 import java.security.PrivateKey;
 import java.security.KeyFactorySpi;
 import java.security.InvalidKeyException;
 import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.interfaces.DSAParams;
 import java.security.spec.DSAPublicKeySpec;
 import java.security.spec.DSAPrivateKeySpec;
@@ -194,13 +191,13 @@
                     java.security.interfaces.DSAPublicKey dsaPubKey
                         = (java.security.interfaces.DSAPublicKey)key;
                     params = dsaPubKey.getParams();
-                    return (T) new DSAPublicKeySpec(dsaPubKey.getY(),
-                                                    params.getP(),
-                                                    params.getQ(),
-                                                    params.getG());
+                    return keySpec.cast(new DSAPublicKeySpec(dsaPubKey.getY(),
+                                                             params.getP(),
+                                                             params.getQ(),
+                                                             params.getG()));
 
                 } else if (x509KeySpec.isAssignableFrom(keySpec)) {
-                    return (T) new X509EncodedKeySpec(key.getEncoded());
+                    return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
 
                 } else {
                     throw new InvalidKeySpecException
@@ -219,13 +216,13 @@
                     java.security.interfaces.DSAPrivateKey dsaPrivKey
                         = (java.security.interfaces.DSAPrivateKey)key;
                     params = dsaPrivKey.getParams();
-                    return (T) new DSAPrivateKeySpec(dsaPrivKey.getX(),
-                                                     params.getP(),
-                                                     params.getQ(),
-                                                     params.getG());
+                    return keySpec.cast(new DSAPrivateKeySpec(dsaPrivKey.getX(),
+                                                              params.getP(),
+                                                              params.getQ(),
+                                                              params.getG()));
 
                 } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) {
-                    return (T) new PKCS8EncodedKeySpec(key.getEncoded());
+                    return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
 
                 } else {
                     throw new InvalidKeySpecException
--- a/src/share/classes/sun/security/provider/DSAParameters.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/DSAParameters.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package sun.security.provider;
 
-import java.util.*;
 import java.io.*;
 import java.math.BigInteger;
 import java.security.AlgorithmParametersSpi;
@@ -103,7 +102,8 @@
                 Class<?> dsaParamSpec = Class.forName
                     ("java.security.spec.DSAParameterSpec");
                 if (dsaParamSpec.isAssignableFrom(paramSpec)) {
-                    return (T)new DSAParameterSpec(this.p, this.q, this.g);
+                    return paramSpec.cast(
+                            new DSAParameterSpec(this.p, this.q, this.g));
                 } else {
                     throw new InvalidParameterSpecException
                         ("Inappropriate parameter Specification");
--- a/src/share/classes/sun/security/provider/MD4.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/MD4.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,7 +65,9 @@
     private final static Provider md4Provider;
 
     static {
-        md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") {};
+        md4Provider = new Provider("MD4Provider", 1.0d, "MD4 MessageDigest") {
+            private static final long serialVersionUID = -8850464997518327965L;
+        };
         AccessController.doPrivileged(new PrivilegedAction<Void>() {
             public Void run() {
                 md4Provider.put("MessageDigest.MD4", "sun.security.provider.MD4");
--- a/src/share/classes/sun/security/provider/PolicyFile.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/PolicyFile.java	Mon Aug 15 11:48:20 2011 -0700
@@ -26,27 +26,21 @@
 package sun.security.provider;
 
 import java.io.*;
-import java.lang.RuntimePermission;
 import java.lang.reflect.*;
-import java.lang.ref.*;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URI;
 import java.util.*;
 import java.util.Enumeration;
-import java.util.Hashtable;
 import java.util.List;
 import java.util.StringTokenizer;
-import java.util.PropertyPermission;
 import java.util.ArrayList;
 import java.util.ListIterator;
-import java.util.WeakHashMap;
 import java.text.MessageFormat;
 import com.sun.security.auth.PrincipalComparator;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import javax.security.auth.PrivateCredentialPermission;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 import java.io.FilePermission;
@@ -68,7 +62,6 @@
 import sun.misc.JavaSecurityProtectionDomainAccess;
 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
 import sun.misc.SharedSecrets;
-import sun.security.util.Password;
 import sun.security.util.PolicyUtil;
 import sun.security.util.PropertyExpander;
 import sun.security.util.Debug;
@@ -1006,7 +999,7 @@
      * via reflection. Keep list short to not penalize non-JDK-defined
      * permissions.
      */
-    private static final Permission getKnownInstance(Class claz,
+    private static final Permission getKnownInstance(Class<?> claz,
         String name, String actions) {
         // XXX shorten list to most popular ones?
         if (claz.equals(FilePermission.class)) {
@@ -1346,7 +1339,7 @@
                 "\tActive Principals: " + accPs);
         }
 
-        if (entryPs == null || entryPs.size() == 0) {
+        if (entryPs == null || entryPs.isEmpty()) {
 
             // policy entry has no principals -
             // add perms regardless of principals in current ACC
@@ -1547,7 +1540,7 @@
                             Principal[] pdp,
                             Permissions perms) {
 
-        if (entryPs == null || entryPs.size() == 0) {
+        if (entryPs == null || entryPs.isEmpty()) {
             // No principals in the grant to substitute
             if (debug != null) {
                 debug.println("Ignoring permission "
@@ -1890,7 +1883,7 @@
     private boolean replacePrincipals(
         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
 
-        if (principals == null || principals.size() == 0 || keystore == null)
+        if (principals == null || principals.isEmpty() || keystore == null)
             return true;
 
         ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator();
@@ -2403,7 +2396,7 @@
         final List<PolicyEntry> identityPolicyEntries;
 
         // Maps aliases to certs
-        final Map aliasMapping;
+        final Map<Object, Object> aliasMapping;
 
         // Maps ProtectionDomain to PermissionCollection
         private final ProtectionDomainCache[] pdMapping;
@@ -2413,7 +2406,8 @@
             policyEntries = new ArrayList<PolicyEntry>();
             identityPolicyEntries =
                 Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
-            aliasMapping = Collections.synchronizedMap(new HashMap(11));
+            aliasMapping = Collections.synchronizedMap(
+                    new HashMap<Object, Object>(11));
 
             pdMapping = new ProtectionDomainCache[numCaches];
             JavaSecurityProtectionDomainAccess jspda
--- a/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java	Mon Aug 15 11:48:20 2011 -0700
@@ -101,7 +101,8 @@
     void parseAuthorityKeyIdentifierExtension(
             AuthorityKeyIdentifierExtension akidext) throws IOException {
         if (akidext != null) {
-            KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID);
+            KeyIdentifier akid = (KeyIdentifier)akidext.get(
+                    AuthorityKeyIdentifierExtension.KEY_ID);
             if (akid != null) {
                 // Do not override the previous setting for initial selection.
                 if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
@@ -113,8 +114,8 @@
                 }
             }
 
-            SerialNumber asn =
-                (SerialNumber)akidext.get(akidext.SERIAL_NUMBER);
+            SerialNumber asn = (SerialNumber)akidext.get(
+                    AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
             if (asn != null) {
                 // Do not override the previous setting for initial selection.
                 if (isSNSensitive || getSerialNumber() == null) {
--- a/src/share/classes/sun/security/provider/certpath/Builder.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/Builder.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -153,6 +153,7 @@
             if (debug != null) {
                 debug.println("Builder.distance(): Names are different types");
             }
+            return incomparable;
         case GeneralNameInterface.NAME_SAME_TYPE:
             if (debug != null) {
                 debug.println("Builder.distance(): Names are same type but " +
@@ -306,8 +307,8 @@
         SubjectAlternativeNameExtension altNameExt =
             certImpl.getSubjectAlternativeNameExtension();
         if (altNameExt != null) {
-            GeneralNames altNames =
-                (GeneralNames)altNameExt.get(altNameExt.SUBJECT_NAME);
+            GeneralNames altNames = altNameExt.get(
+                    SubjectAlternativeNameExtension.SUBJECT_NAME);
             /* see if any alternative name matches target */
             if (altNames != null) {
                 for (int j = 0, n = altNames.size(); j < n; j++) {
@@ -343,10 +344,10 @@
                 + String.valueOf(constraints));
         }
         /* reduce permitted by excluded */
-        GeneralSubtrees permitted = (GeneralSubtrees)
-            constraints.get(constraints.PERMITTED_SUBTREES);
-        GeneralSubtrees excluded = (GeneralSubtrees)
-            constraints.get(constraints.EXCLUDED_SUBTREES);
+        GeneralSubtrees permitted =
+                constraints.get(NameConstraintsExtension.PERMITTED_SUBTREES);
+        GeneralSubtrees excluded =
+                constraints.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
         if (permitted != null) {
             permitted.reduce(excluded);
         }
--- a/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java	Mon Aug 15 11:48:20 2011 -0700
@@ -41,7 +41,6 @@
 import java.security.cert.*;
 import java.security.cert.CertPathValidatorException.BasicReason;
 import java.security.interfaces.DSAPublicKey;
-import javax.security.auth.x500.X500Principal;
 import sun.security.util.Debug;
 import sun.security.x509.AccessDescription;
 import sun.security.x509.AuthorityInfoAccessExtension;
@@ -758,8 +757,7 @@
                      null, null);
                 points = Collections.singletonList(point);
             } else {
-                points = (List<DistributionPoint>)ext.get(
-                                        CRLDistributionPointsExtension.POINTS);
+                points = ext.get(CRLDistributionPointsExtension.POINTS);
             }
             Set<X509CRL> results = new HashSet<X509CRL>();
             DistributionPointFetcher dpf =
--- a/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java	Mon Aug 15 11:48:20 2011 -0700
@@ -114,8 +114,8 @@
                 }
                 return Collections.emptySet();
             }
-            List<DistributionPoint> points = (List<DistributionPoint>)ext.get(
-                                        CRLDistributionPointsExtension.POINTS);
+            List<DistributionPoint> points =
+                    ext.get(CRLDistributionPointsExtension.POINTS);
             Set<X509CRL> results = new HashSet<X509CRL>();
             for (Iterator<DistributionPoint> t = points.iterator();
                  t.hasNext() && !Arrays.equals(reasonsMask, ALL_REASONS); ) {
@@ -570,15 +570,16 @@
             AuthorityKeyIdentifierExtension akidext =
                                             crlImpl.getAuthKeyIdExtension();
             if (akidext != null) {
-                KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID);
+                KeyIdentifier akid = (KeyIdentifier)akidext.get(
+                        AuthorityKeyIdentifierExtension.KEY_ID);
                 if (akid != null) {
                     DerOutputStream derout = new DerOutputStream();
                     derout.putOctetString(akid.getIdentifier());
                     certSel.setSubjectKeyIdentifier(derout.toByteArray());
                 }
 
-                SerialNumber asn =
-                    (SerialNumber)akidext.get(akidext.SERIAL_NUMBER);
+                SerialNumber asn = (SerialNumber)akidext.get(
+                        AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
                 if (asn != null) {
                     certSel.setSerialNumber(asn.getNumber());
                 }
--- a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java	Mon Aug 15 11:48:20 2011 -0700
@@ -30,7 +30,6 @@
 
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
-import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.PKIXReason;
@@ -44,22 +43,13 @@
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.Debug;
-import sun.security.util.DerOutputStream;
 import sun.security.x509.AccessDescription;
 import sun.security.x509.AuthorityInfoAccessExtension;
 import sun.security.x509.PKIXExtensions;
 import sun.security.x509.PolicyMappingsExtension;
 import sun.security.x509.X500Name;
 import sun.security.x509.X509CertImpl;
-import sun.security.x509.X509CRLImpl;
 import sun.security.x509.AuthorityKeyIdentifierExtension;
-import sun.security.x509.KeyIdentifier;
-import sun.security.x509.SubjectKeyIdentifierExtension;
-import sun.security.x509.SerialNumber;
-import sun.security.x509.GeneralNames;
-import sun.security.x509.GeneralName;
-import sun.security.x509.GeneralNameInterface;
-import java.math.BigInteger;
 
 /**
  * This class represents a forward builder, which is able to retrieve
@@ -362,6 +352,9 @@
      * Download Certificates from the given AIA and add them to the
      * specified Collection.
      */
+    // cs.getCertificates(caSelector) returns a collection of X509Certificate's
+    // because of the selector, so the cast is safe
+    @SuppressWarnings("unchecked")
     private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
         Collection<X509Certificate> certs) {
         if (Builder.USE_AIA == false) {
--- a/src/share/classes/sun/security/provider/certpath/ForwardState.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/ForwardState.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -206,8 +206,8 @@
                 SubjectAlternativeNameExtension subjAltNameExt
                     = icert.getSubjectAlternativeNameExtension();
                 if (subjAltNameExt != null) {
-                    GeneralNames gNames = (GeneralNames)
-                        subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                    GeneralNames gNames = subjAltNameExt.get(
+                            SubjectAlternativeNameExtension.SUBJECT_NAME);
                     for (Iterator<GeneralName> t = gNames.iterator();
                                 t.hasNext(); ) {
                         GeneralNameInterface gName = t.next().getName();
@@ -236,6 +236,7 @@
      * because some of them will
      * not have their contents modified by subsequent calls to updateState.
      */
+    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
     public Object clone() {
         try {
             ForwardState clonedState = (ForwardState) super.clone();
--- a/src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/IndexedCollectionCertStore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -185,6 +185,7 @@
                 list.add((X509Certificate)oldEntry);
                 certSubjects.put(subject, list);
             } else {
+                @SuppressWarnings("unchecked") // See certSubjects javadoc.
                 List<X509Certificate> list = (List<X509Certificate>)oldEntry;
                 if (list.contains(cert) == false) {
                     list.add(cert);
@@ -210,6 +211,8 @@
                 list.add((X509CRL)oldEntry);
                 crlIssuers.put(issuer, list);
             } else {
+                // See crlIssuers javadoc.
+                @SuppressWarnings("unchecked")
                 List<X509CRL> list = (List<X509CRL>)oldEntry;
                 if (list.contains(crl) == false) {
                     list.add(crl);
@@ -279,6 +282,8 @@
                     return Collections.<X509Certificate>emptySet();
                 }
             } else {
+                // See certSubjects javadoc.
+                @SuppressWarnings("unchecked")
                 List<X509Certificate> list = (List<X509Certificate>)entry;
                 Set<X509Certificate> matches = new HashSet<X509Certificate>(16);
                 for (X509Certificate cert : list) {
@@ -309,6 +314,8 @@
                     matches.add(cert);
                 }
             } else {
+                // See certSubjects javadoc.
+                @SuppressWarnings("unchecked")
                 List<X509Certificate> list = (List<X509Certificate>)obj;
                 for (X509Certificate cert : list) {
                     if (selector.match(cert)) {
@@ -370,6 +377,8 @@
                         matches.add(crl);
                     }
                 } else { // List
+                    // See crlIssuers javadoc.
+                    @SuppressWarnings("unchecked")
                     List<X509CRL> list = (List<X509CRL>)entry;
                     for (X509CRL crl : list) {
                         if (x509Selector.match(crl)) {
@@ -398,6 +407,8 @@
                     matches.add(crl);
                 }
             } else {
+                // See crlIssuers javadoc.
+                @SuppressWarnings("unchecked")
                 List<X509CRL> list = (List<X509CRL>)obj;
                 for (X509CRL crl : list) {
                     if (selector.match(crl)) {
--- a/src/share/classes/sun/security/provider/certpath/OCSP.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/OCSP.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -291,7 +291,7 @@
 
         List<AccessDescription> descriptions = aia.getAccessDescriptions();
         for (AccessDescription description : descriptions) {
-            if (description.getAccessMethod().equals(
+            if (description.getAccessMethod().equals((Object)
                 AccessDescription.Ad_OCSP_Id)) {
 
                 GeneralName generalName = description.getAccessLocation();
--- a/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -300,7 +300,7 @@
                 if (filter != null) {
                     List<CertStore> certStores = pkixParams.getCertStores();
                     for (CertStore certStore : certStores) {
-                        Iterator i = null;
+                        Iterator<? extends Certificate> i = null;
                         try {
                             i = certStore.getCertificates(filter).iterator();
                         } catch (CertStoreException cse) {
@@ -392,7 +392,7 @@
 
         List<AccessDescription> descriptions = aia.getAccessDescriptions();
         for (AccessDescription description : descriptions) {
-            if (description.getAccessMethod().equals(
+            if (description.getAccessMethod().equals((Object)
                 AccessDescription.Ad_OCSP_Id)) {
 
                 GeneralName generalName = description.getAccessLocation();
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package sun.security.provider.certpath;
 
 import java.io.*;
-import java.math.BigInteger;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -206,7 +205,7 @@
         // responseType
         derIn = tmp.data;
         ObjectIdentifier responseType = derIn.getOID();
-        if (responseType.equals(OCSP_BASIC_RESPONSE_OID)) {
+        if (responseType.equals((Object)OCSP_BASIC_RESPONSE_OID)) {
             if (DEBUG != null) {
                 DEBUG.println("OCSP response type: basic");
             }
@@ -301,7 +300,7 @@
                     if (DEBUG != null) {
                         DEBUG.println("OCSP extension: " + responseExtension);
                     }
-                    if (responseExtension.getExtensionId().equals(
+                    if (responseExtension.getExtensionId().equals((Object)
                         OCSP_NONCE_EXTENSION_OID)) {
                         /*
                         ocspNonce =
--- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java	Mon Aug 15 11:48:20 2011 -0700
@@ -25,7 +25,6 @@
 
 package sun.security.provider.certpath;
 
-import java.io.IOException;
 import java.security.AccessController;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.cert.CertPath;
@@ -40,13 +39,11 @@
 import java.security.cert.PolicyNode;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
-import java.security.cert.X509CertSelector;
 import java.util.Collections;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.Set;
-import javax.security.auth.x500.X500Principal;
 import sun.security.action.GetBooleanSecurityPropertyAction;
 import sun.security.util.Debug;
 
@@ -130,6 +127,9 @@
 
         // Must copy elements of certList into a new modifiable List before
         // calling Collections.reverse().
+        // If cp is not an X.509 or X509 certpath, an
+        // InvalidAlgorithmParameterException will have been thrown by now.
+        @SuppressWarnings("unchecked")
         ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>
             ((List<X509Certificate>)cp.getCertificates());
         if (debug != null) {
--- a/src/share/classes/sun/security/provider/certpath/PolicyChecker.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/PolicyChecker.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -274,8 +274,8 @@
                 = currCert.getPolicyConstraintsExtension();
             if (polConstExt == null)
                 return explicitPolicy;
-            int require = ((Integer)
-                polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue();
+            int require =
+                polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
             if (debug != null) {
                 debug.println("PolicyChecker.mergeExplicitPolicy() "
                    + "require Index from cert = " + require);
@@ -328,8 +328,8 @@
             if (polConstExt == null)
                 return policyMapping;
 
-            int inhibit = ((Integer)
-                polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue();
+            int inhibit =
+                polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
             if (debug != null)
                 debug.println("PolicyChecker.mergePolicyMapping() "
                     + "inhibit Index from cert = " + inhibit);
@@ -376,8 +376,8 @@
             if (inhAnyPolExt == null)
                 return inhibitAnyPolicy;
 
-            int skipCerts = ((Integer)
-                inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS)).intValue();
+            int skipCerts =
+                inhAnyPolExt.get(InhibitAnyPolicyExtension.SKIP_CERTS).intValue();
             if (debug != null)
                 debug.println("PolicyChecker.mergeInhibitAnyPolicy() "
                     + "skipCerts Index from cert = " + skipCerts);
@@ -448,8 +448,7 @@
                     + "policiesCritical = " + policiesCritical);
 
             try {
-                policyInfo = (List<PolicyInformation>)
-                    currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
+                policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
             } catch (IOException ioe) {
                 throw new CertPathValidatorException("Exception while "
                     + "retrieving policyOIDs", ioe);
@@ -751,8 +750,7 @@
 
         List<CertificatePolicyMap> maps = null;
         try {
-            maps = (List<CertificatePolicyMap>)polMappingsExt.get
-                                        (PolicyMappingsExtension.MAP);
+            maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
         } catch (IOException e) {
             if (debug != null) {
                 debug.println("PolicyChecker.processPolicyMappings() "
@@ -860,8 +858,7 @@
     {
         List<PolicyInformation> policyInfo = null;
         try {
-            policyInfo = (List<PolicyInformation>)
-                currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
+            policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
         } catch (IOException ioe) {
             throw new CertPathValidatorException("Exception while "
                 + "retrieving policyOIDs", ioe);
--- a/src/share/classes/sun/security/provider/certpath/ReverseState.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/ReverseState.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -365,6 +365,7 @@
      * because some of them (e.g., subjKeyId) will
      * not have their contents modified by subsequent calls to updateState.
      */
+    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
     public Object clone() {
         try {
             ReverseState clonedState = (ReverseState) super.clone();
--- a/src/share/classes/sun/security/provider/certpath/URICertStore.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -209,7 +209,8 @@
      * object of a certificate's Authority Information Access Extension.
      */
     static CertStore getInstance(AccessDescription ad) {
-        if (!ad.getAccessMethod().equals(AccessDescription.Ad_CAISSUERS_Id)) {
+        if (!ad.getAccessMethod().equals((Object)
+                AccessDescription.Ad_CAISSUERS_Id)) {
             return null;
         }
         GeneralNameInterface gn = ad.getAccessLocation().getName();
@@ -241,6 +242,7 @@
      *         match the specified selector
      * @throws CertStoreException if an exception occurs
      */
+    @SuppressWarnings("unchecked")
     public synchronized Collection<X509Certificate> engineGetCertificates
         (CertSelector selector) throws CertStoreException {
 
@@ -255,6 +257,7 @@
             }
             // Fetch the certificates via LDAP. LDAPCertStore has its own
             // caching mechanism, see the class description for more info.
+            // Safe cast since xsel is an X509 certificate selector.
             return (Collection<X509Certificate>)
                 ldapCertStore.getCertificates(xsel);
         }
@@ -300,6 +303,7 @@
             if (debug != null) {
                 debug.println("Downloading new certificates...");
             }
+            // Safe cast since factory is an X.509 certificate factory
             certs = (Collection<X509Certificate>)
                 factory.generateCertificates(in);
             return getMatchingCerts(certs, selector);
@@ -361,6 +365,7 @@
      *         match the specified selector
      * @throws CertStoreException if an exception occurs
      */
+    @SuppressWarnings("unchecked")
     public synchronized Collection<X509CRL> engineGetCRLs(CRLSelector selector)
         throws CertStoreException {
 
@@ -375,6 +380,7 @@
             }
             // Fetch the CRLs via LDAP. LDAPCertStore has its own
             // caching mechanism, see the class description for more info.
+            // Safe cast since xsel is an X509 certificate selector.
             return (Collection<X509CRL>) ldapCertStore.getCRLs(xsel);
         }
 
--- a/src/share/classes/sun/security/provider/certpath/Vertex.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/Vertex.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -171,7 +171,8 @@
         try {
             sKeyID = x509Cert.getSubjectKeyIdentifierExtension();
             if (sKeyID != null) {
-                KeyIdentifier keyID = (KeyIdentifier)sKeyID.get(sKeyID.KEY_ID);
+                KeyIdentifier keyID = sKeyID.get(
+                        SubjectKeyIdentifierExtension.KEY_ID);
                 out = out + "SubjKeyID:  " + keyID.toString();
             }
         } catch (Exception e) {
@@ -184,7 +185,8 @@
         try {
             aKeyID = x509Cert.getAuthorityKeyIdentifierExtension();
             if (aKeyID != null) {
-                KeyIdentifier keyID = (KeyIdentifier)aKeyID.get(aKeyID.KEY_ID);
+                KeyIdentifier keyID = (KeyIdentifier)aKeyID.get(
+                        AuthorityKeyIdentifierExtension.KEY_ID);
                 out = out + "AuthKeyID:  " + keyID.toString();
             }
         } catch (Exception e) {
--- a/src/share/classes/sun/security/provider/certpath/X509CertPath.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/provider/certpath/X509CertPath.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package sun.security.provider.certpath;
 
-import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -101,11 +100,12 @@
      * @exception CertificateException if <code>certs</code> contains an element
      *                      that is not an <code>X509Certificate</code>
      */
+    @SuppressWarnings("unchecked")
     public X509CertPath(List<? extends Certificate> certs) throws CertificateException {
         super("X.509");
 
         // Ensure that the List contains only X509Certificates
-        for (Object obj : (List<?>)certs) {
+        for (Certificate obj : certs) {
             if (obj instanceof X509Certificate == false) {
                 throw new CertificateException
                     ("List is not all X509Certificates: "
@@ -147,12 +147,15 @@
             throws CertificateException {
         super("X.509");
 
-        if (PKIPATH_ENCODING.equals(encoding)) {
-            certs = parsePKIPATH(is);
-        } else if (PKCS7_ENCODING.equals(encoding)) {
-            certs = parsePKCS7(is);
-        } else {
-            throw new CertificateException("unsupported encoding");
+        switch (encoding) {
+            case PKIPATH_ENCODING:
+                certs = parsePKIPATH(is);
+                break;
+            case PKCS7_ENCODING:
+                certs = parsePKCS7(is);
+                break;
+            default:
+                throw new CertificateException("unsupported encoding");
         }
     }
 
@@ -192,10 +195,8 @@
             return Collections.unmodifiableList(certList);
 
         } catch (IOException ioe) {
-            CertificateException ce = new CertificateException("IOException" +
-                " parsing PkiPath data: " + ioe);
-            ce.initCause(ioe);
-            throw ce;
+            throw new CertificateException("IOException parsing PkiPath data: "
+                    + ioe, ioe);
         }
     }
 
@@ -220,7 +221,7 @@
                 // Copy the entire input stream into an InputStream that does
                 // support mark
                 is = new ByteArrayInputStream(readAllBytes(is));
-            };
+            }
             PKCS7 pkcs7 = new PKCS7(is);
 
             X509Certificate[] certArray = pkcs7.getCertificates();
@@ -301,10 +302,8 @@
             return derout.toByteArray();
 
         } catch (IOException ioe) {
-           CertificateEncodingException ce = new CertificateEncodingException
-                ("IOException encoding PkiPath data: " + ioe);
-           ce.initCause(ioe);
-           throw ce;
+           throw new CertificateEncodingException("IOException encoding " +
+                   "PkiPath data: " + ioe, ioe);
         }
     }
 
@@ -339,12 +338,13 @@
      */
     public byte[] getEncoded(String encoding)
             throws CertificateEncodingException {
-        if (PKIPATH_ENCODING.equals(encoding)) {
-            return encodePKIPATH();
-        } else if (PKCS7_ENCODING.equals(encoding)) {
-            return encodePKCS7();
-        } else {
-            throw new CertificateEncodingException("unsupported encoding");
+        switch (encoding) {
+            case PKIPATH_ENCODING:
+                return encodePKIPATH();
+            case PKCS7_ENCODING:
+                return encodePKCS7();
+            default:
+                throw new CertificateEncodingException("unsupported encoding");
         }
     }
 
--- a/src/share/classes/sun/security/rsa/RSAKeyFactory.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/rsa/RSAKeyFactory.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -351,12 +351,12 @@
         if (key instanceof RSAPublicKey) {
             RSAPublicKey rsaKey = (RSAPublicKey)key;
             if (rsaPublicKeySpecClass.isAssignableFrom(keySpec)) {
-                return (T) new RSAPublicKeySpec(
+                return keySpec.cast(new RSAPublicKeySpec(
                     rsaKey.getModulus(),
                     rsaKey.getPublicExponent()
-                );
+                ));
             } else if (x509KeySpecClass.isAssignableFrom(keySpec)) {
-                return (T) new X509EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
             } else {
                 throw new InvalidKeySpecException
                         ("KeySpec must be RSAPublicKeySpec or "
@@ -364,11 +364,11 @@
             }
         } else if (key instanceof RSAPrivateKey) {
             if (pkcs8KeySpecClass.isAssignableFrom(keySpec)) {
-                return (T) new PKCS8EncodedKeySpec(key.getEncoded());
+                return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
             } else if (rsaPrivateCrtKeySpecClass.isAssignableFrom(keySpec)) {
                 if (key instanceof RSAPrivateCrtKey) {
                     RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key;
-                    return (T) new RSAPrivateCrtKeySpec(
+                    return keySpec.cast(new RSAPrivateCrtKeySpec(
                         crtKey.getModulus(),
                         crtKey.getPublicExponent(),
                         crtKey.getPrivateExponent(),
@@ -377,17 +377,17 @@
                         crtKey.getPrimeExponentP(),
                         crtKey.getPrimeExponentQ(),
                         crtKey.getCrtCoefficient()
-                    );
+                    ));
                 } else {
                     throw new InvalidKeySpecException
                     ("RSAPrivateCrtKeySpec can only be used with CRT keys");
                 }
             } else if (rsaPrivateKeySpecClass.isAssignableFrom(keySpec)) {
                 RSAPrivateKey rsaKey = (RSAPrivateKey)key;
-                return (T) new RSAPrivateKeySpec(
+                return keySpec.cast(new RSAPrivateKeySpec(
                     rsaKey.getModulus(),
                     rsaKey.getPrivateExponent()
-                );
+                ));
             } else {
                 throw new InvalidKeySpecException
                         ("KeySpec must be RSAPrivate(Crt)KeySpec or "
--- a/src/share/classes/sun/security/rsa/RSASignature.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/rsa/RSASignature.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
-import java.math.BigInteger;
 import java.util.Arrays;
 
 import java.security.*;
@@ -202,8 +201,6 @@
             // return false rather than propagating the exception for
             // compatibility/ease of use
             return false;
-        } catch (GeneralSecurityException e) {
-            throw new SignatureException("Signature verification failed", e);
         } catch (IOException e) {
             throw new SignatureException("Signature encoding error", e);
         }
@@ -235,7 +232,7 @@
             throw new IOException("SEQUENCE length error");
         }
         AlgorithmId algId = AlgorithmId.parse(values[0]);
-        if (algId.getOID().equals(oid) == false) {
+        if (algId.getOID().equals((Object)oid) == false) {
             throw new IOException("ObjectIdentifier mismatch: "
                 + algId.getOID());
         }
--- a/src/share/classes/sun/security/ssl/CipherSuite.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/CipherSuite.java	Mon Aug 15 11:48:20 2011 -0700
@@ -65,7 +65,7 @@
  *    unavailable or disabled at compile time
  *
  */
-final class CipherSuite implements Comparable {
+final class CipherSuite implements Comparable<CipherSuite> {
 
     // minimum priority for supported CipherSuites
     final static int SUPPORTED_SUITES_PRIORITY = 1;
@@ -202,8 +202,8 @@
      * Note that for unsupported CipherSuites parsed from a handshake
      * message we violate the equals() contract.
      */
-    public int compareTo(Object o) {
-        return ((CipherSuite)o).priority - priority;
+    public int compareTo(CipherSuite o) {
+        return o.priority - priority;
     }
 
     /**
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java	Mon Aug 15 11:48:20 2011 -0700
@@ -811,13 +811,16 @@
             sig = JsseJce.getSignature(
                         preferableSignatureAlgorithm.getAlgorithmName());
         } else {
-            if (algorithm.equals("DSA")) {
-                sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
-            } else if (algorithm.equals("RSA")) {
-                sig = RSASignature.getInstance();
-            } else {
-                throw new SSLKeyException("neither an RSA or a DSA key");
-            }
+                switch (algorithm) {
+                    case "DSA":
+                        sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
+                        break;
+                    case "RSA":
+                        sig = RSASignature.getInstance();
+                        break;
+                    default:
+                        throw new SSLKeyException("neither an RSA or a DSA key");
+                }
         }
 
         sig.initVerify(publicKey);
@@ -1097,13 +1100,14 @@
 
     private static Signature getSignature(String keyAlgorithm)
             throws NoSuchAlgorithmException {
-        if (keyAlgorithm.equals("EC")) {
-            return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
-        } else if (keyAlgorithm.equals("RSA")) {
-            return RSASignature.getInstance();
-        } else {
-            throw new NoSuchAlgorithmException("neither an RSA or a EC key");
-        }
+            switch (keyAlgorithm) {
+                case "EC":
+                    return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
+                case "RSA":
+                    return RSASignature.getInstance();
+                default:
+                    throw new NoSuchAlgorithmException("neither an RSA or a EC key");
+            }
     }
 
     private void updateSignature(Signature sig, byte clntNonce[],
@@ -1611,16 +1615,17 @@
      */
     private static Signature getSignature(ProtocolVersion protocolVersion,
             String algorithm) throws GeneralSecurityException {
-        if (algorithm.equals("RSA")) {
-            return RSASignature.getInternalInstance();
-        } else if (algorithm.equals("DSA")) {
-            return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
-        } else if (algorithm.equals("EC")) {
-            return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
-        } else {
-            throw new SignatureException("Unrecognized algorithm: "
-                + algorithm);
-        }
+            switch (algorithm) {
+                case "RSA":
+                    return RSASignature.getInternalInstance();
+                case "DSA":
+                    return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
+                case "EC":
+                    return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
+                default:
+                    throw new SignatureException("Unrecognized algorithm: "
+                        + algorithm);
+            }
     }
 
     /*
@@ -1696,7 +1701,7 @@
         md.update(temp);
     }
 
-    private final static Class delegate;
+    private final static Class<?> delegate;
     private final static Field spiField;
 
     static {
@@ -1724,7 +1729,7 @@
     // cache Method objects per Spi class
     // Note that this will prevent the Spi classes from being GC'd. We assume
     // that is not a problem.
-    private final static Map<Class,Object> methodCache =
+    private final static Map<Class<?>,Object> methodCache =
                                         new ConcurrentHashMap<>();
 
     private static void digestKey(MessageDigest md, SecretKey key) {
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Mon Aug 15 11:48:20 2011 -0700
@@ -154,7 +154,7 @@
      * Data is protected by the SSLEngine.this lock.
      */
     private volatile boolean taskDelegated = false;
-    private volatile DelegatedTask delegatedTask = null;
+    private volatile DelegatedTask<?> delegatedTask = null;
     private volatile Exception thrown = null;
 
     // Could probably use a java.util.concurrent.atomic.AtomicReference
@@ -1316,7 +1316,7 @@
         thrown = null;
     }
 
-    DelegatedTask getTask() {
+    DelegatedTask<?> getTask() {
         if (!taskDelegated) {
             taskDelegated = true;
             return delegatedTask;
@@ -1358,8 +1358,7 @@
                 thrown = null;
 
                 if (e instanceof RuntimeException) {
-                    throw (RuntimeException)
-                        new RuntimeException(msg).initCause(e);
+                    throw new RuntimeException(msg, e);
                 } else if (e instanceof SSLHandshakeException) {
                     throw (SSLHandshakeException)
                         new SSLHandshakeException(msg).initCause(e);
@@ -1377,8 +1376,7 @@
                      * If it's SSLException or any other Exception,
                      * we'll wrap it in an SSLException.
                      */
-                    throw (SSLException)
-                        new SSLException(msg).initCause(e);
+                    throw new SSLException(msg, e);
                 }
             }
         }
--- a/src/share/classes/sun/security/ssl/JsseJce.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/JsseJce.java	Mon Aug 15 11:48:20 2011 -0700
@@ -30,7 +30,6 @@
 
 import java.security.*;
 import java.security.interfaces.RSAPublicKey;
-import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.*;
 
 import javax.crypto.*;
@@ -110,6 +109,8 @@
     }
 
     private static final class SunCertificates extends Provider {
+        private static final long serialVersionUID = -3284138292032213752L;
+
         SunCertificates(final Provider p) {
             super("SunCertificates", 1.0d, "SunJSSE internal");
             AccessController.doPrivileged(new PrivilegedAction<Object>() {
@@ -372,7 +373,7 @@
             KeyFactory factory = JsseJce.getKeyFactory("RSA");
             return factory.getKeySpec(key, RSAPublicKeySpec.class);
         } catch (Exception e) {
-            throw (RuntimeException)new RuntimeException().initCause(e);
+            throw new RuntimeException(e);
         }
     }
 
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -27,8 +27,6 @@
 
 import java.io.*;
 import java.nio.*;
-import java.nio.ReadOnlyBufferException;
-import java.util.LinkedList;
 import java.security.*;
 
 import javax.crypto.BadPaddingException;
@@ -36,7 +34,6 @@
 import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.*;
 
-import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
 
 /**
  * Implementation of an non-blocking SSLEngine.
@@ -574,8 +571,7 @@
             readMAC = handshaker.newReadMAC();
         } catch (GeneralSecurityException e) {
             // "can't happen"
-            throw (SSLException)new SSLException
-                                ("Algorithm missing:  ").initCause(e);
+            throw new SSLException("Algorithm missing:  ", e);
         }
 
         /*
@@ -611,8 +607,7 @@
             writeMAC = handshaker.newWriteMAC();
         } catch (GeneralSecurityException e) {
             // "can't happen"
-            throw (SSLException)new SSLException
-                                ("Algorithm missing:  ").initCause(e);
+            throw new SSLException("Algorithm missing:  ", e);
         }
 
         // See comment above.
@@ -877,9 +872,7 @@
         } catch (SSLException e) {
             throw e;
         } catch (IOException e) {
-            SSLException ex = new SSLException("readRecord");
-            ex.initCause(e);
-            throw ex;
+            throw new SSLException("readRecord", e);
         }
 
         /*
@@ -1151,7 +1144,7 @@
          * For now, force it to be large enough to handle any
          * valid SSL/TLS record.
          */
-        if (netData.remaining() < outputRecord.maxRecordSize) {
+        if (netData.remaining() < EngineOutputRecord.maxRecordSize) {
             return new SSLEngineResult(
                 Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0);
         }
@@ -1248,9 +1241,7 @@
         } catch (SSLException e) {
             throw e;
         } catch (IOException e) {
-            SSLException ex = new SSLException("Write problems");
-            ex.initCause(e);
-            throw ex;
+            throw new SSLException("Write problems", e);
         }
 
         /*
@@ -1624,10 +1615,7 @@
             } else if (cause instanceof SSLException) {
                 throw (SSLException)cause;
             } else if (cause instanceof Exception) {
-                SSLException ssle = new SSLException(
-                    "fatal SSLEngine condition");
-                ssle.initCause(cause);
-                throw ssle;
+                throw new SSLException("fatal SSLEngine condition", cause);
             }
         }
 
@@ -1875,6 +1863,7 @@
      * client or server mode.  Must be called before any SSL
      * traffic has started.
      */
+    @SuppressWarnings("fallthrough")
     synchronized public void setUseClientMode(boolean flag) {
         switch (connectionState) {
 
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -41,8 +41,6 @@
 
 import javax.net.ssl.*;
 
-import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
-
 /**
  * Implementation of an SSL socket.  This is a normal connection type
  * socket, implementing SSL over some lower level socket, such as TCP.
@@ -1996,8 +1994,7 @@
             readMAC = handshaker.newReadMAC();
         } catch (GeneralSecurityException e) {
             // "can't happen"
-            throw (SSLException)new SSLException
-                                ("Algorithm missing:  ").initCause(e);
+            throw new SSLException("Algorithm missing:  ", e);
         }
 
         /*
@@ -2028,8 +2025,7 @@
             writeMAC = handshaker.newWriteMAC();
         } catch (GeneralSecurityException e) {
             // "can't happen"
-            throw (SSLException)new SSLException
-                                ("Algorithm missing:  ").initCause(e);
+            throw new SSLException("Algorithm missing:  ", e);
         }
 
         // See comment above.
@@ -2217,6 +2213,7 @@
      * client or server mode.  Must be called before any SSL
      * traffic has started.
      */
+    @SuppressWarnings("fallthrough")
     synchronized public void setUseClientMode(boolean flag) {
         switch (connectionState) {
 
--- a/src/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/ssl/X509KeyManagerImpl.java	Mon Aug 15 11:48:20 2011 -0700
@@ -91,6 +91,8 @@
     // LinkedHashMap with a max size of 10
     // see LinkedHashMap JavaDocs
     private static class SizedMap<K,V> extends LinkedHashMap<K,V> {
+        private static final long serialVersionUID = -8211222668790986062L;
+
         @Override protected boolean removeEldestEntry(Map.Entry<K,V> eldest) {
             return size() > 10;
         }
@@ -247,7 +249,7 @@
                 return null;
             }
             entry = (PrivateKeyEntry)newEntry;
-            entryCacheMap.put(alias, new SoftReference(entry));
+            entryCacheMap.put(alias, new SoftReference<PrivateKeyEntry>(entry));
             return entry;
         } catch (Exception e) {
             // ignore
@@ -329,7 +331,7 @@
      */
     private String chooseAlias(List<KeyType> keyTypeList, Principal[] issuers,
             CheckType checkType, AlgorithmConstraints constraints) {
-        if (keyTypeList == null || keyTypeList.size() == 0) {
+        if (keyTypeList == null || keyTypeList.isEmpty()) {
             return null;
         }
 
@@ -403,7 +405,7 @@
                 // ignore
             }
         }
-        if (allResults == null || allResults.size() == 0) {
+        if (allResults == null || allResults.isEmpty()) {
             if (useDebug) {
                 debug.println("KeyMgr: no matching alias found");
             }
@@ -523,38 +525,43 @@
                 if (ku != null) {
                     String algorithm = cert.getPublicKey().getAlgorithm();
                     boolean kuSignature = getBit(ku, 0);
-                    if (algorithm.equals("RSA")) {
-                        // require either signature bit
-                        // or if server also allow key encipherment bit
-                        if (kuSignature == false) {
-                            if ((this == CLIENT) || (getBit(ku, 2) == false)) {
+                    switch (algorithm) {
+                        case "RSA":
+                            // require either signature bit
+                            // or if server also allow key encipherment bit
+                            if (kuSignature == false) {
+                                if ((this == CLIENT) || (getBit(ku, 2) == false)) {
+                                    return CheckResult.EXTENSION_MISMATCH;
+                                }
+                            }
+                            break;
+                        case "DSA":
+                            // require signature bit
+                            if (kuSignature == false) {
                                 return CheckResult.EXTENSION_MISMATCH;
                             }
-                        }
-                    } else if (algorithm.equals("DSA")) {
-                        // require signature bit
-                        if (kuSignature == false) {
-                            return CheckResult.EXTENSION_MISMATCH;
-                        }
-                    } else if (algorithm.equals("DH")) {
-                        // require keyagreement bit
-                        if (getBit(ku, 4) == false) {
-                            return CheckResult.EXTENSION_MISMATCH;
-                        }
-                    } else if (algorithm.equals("EC")) {
-                        // require signature bit
-                        if (kuSignature == false) {
-                            return CheckResult.EXTENSION_MISMATCH;
-                        }
-                        // For servers, also require key agreement.
-                        // This is not totally accurate as the keyAgreement bit
-                        // is only necessary for static ECDH key exchange and
-                        // not ephemeral ECDH. We leave it in for now until
-                        // there are signs that this check causes problems
-                        // for real world EC certificates.
-                        if ((this == SERVER) && (getBit(ku, 4) == false)) {
-                            return CheckResult.EXTENSION_MISMATCH;
-                        }
+                            break;
+                        case "DH":
+                            // require keyagreement bit
+                            if (getBit(ku, 4) == false) {
+                                return CheckResult.EXTENSION_MISMATCH;
+                            }
+                            break;
+                        case "EC":
+                            // require signature bit
+                            if (kuSignature == false) {
+                                return CheckResult.EXTENSION_MISMATCH;
+                            }
+                            // For servers, also require key agreement.
+                            // This is not totally accurate as the keyAgreement bit
+                            // is only necessary for static ECDH key exchange and
+                            // not ephemeral ECDH. We leave it in for now until
+                            // there are signs that this check causes problems
+                            // for real world EC certificates.
+                            if ((this == SERVER) && (getBit(ku, 4) == false)) {
+                                return CheckResult.EXTENSION_MISMATCH;
+                            }
+                            break;
                     }
                 }
             } catch (CertificateException e) {
--- a/src/share/classes/sun/security/timestamp/HttpTimestamper.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/timestamp/HttpTimestamper.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,12 +30,11 @@
 import java.io.IOException;
 import java.net.URL;
 import java.net.HttpURLConnection;
-import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
-import java.util.Arrays;
 
 import sun.misc.IOUtils;
-import sun.security.pkcs.*;
 
 /**
  * A timestamper that communicates with a Timestamping Authority (TSA)
@@ -95,11 +94,12 @@
         connection.setConnectTimeout(CONNECT_TIMEOUT);
 
         if (DEBUG) {
-            Set headers = connection.getRequestProperties().entrySet();
+            Set<Map.Entry<String, List<String>>> headers =
+                    connection.getRequestProperties().entrySet();
             System.out.println(connection.getRequestMethod() + " " + tsaUrl +
                 " HTTP/1.1");
-            for (Iterator i = headers.iterator(); i.hasNext(); ) {
-                System.out.println("  " + i.next());
+            for (Map.Entry<String, List<String>> entry : headers) {
+                System.out.println("  " + entry);
             }
             System.out.println();
         }
--- a/src/share/classes/sun/security/timestamp/TSResponse.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/timestamp/TSResponse.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,15 +26,8 @@
 package sun.security.timestamp;
 
 import java.io.IOException;
-import java.math.BigInteger;
 import sun.security.pkcs.PKCS7;
-import sun.security.pkcs.PKCS9Attribute;
-import sun.security.pkcs.PKCS9Attributes;
-import sun.security.pkcs.ParsingException;
-import sun.security.pkcs.SignerInfo;
 import sun.security.util.DerValue;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.X500Name;
 
 /**
  * This class provides the response corresponding to a timestamp request,
@@ -376,9 +369,11 @@
         }
     }
 
-final static class TimestampException extends IOException {
-    TimestampException(String message) {
-        super(message);
+    final static class TimestampException extends IOException {
+        private static final long serialVersionUID = -1631631794891940953L;
+
+        TimestampException(String message) {
+            super(message);
+        }
     }
 }
-}
--- a/src/share/classes/sun/security/tools/JarSigner.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/tools/JarSigner.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1425,6 +1425,7 @@
      * lines of attributes plus an empty line. The empty line is included
      * in the header.
      */
+    @SuppressWarnings("fallthrough")
     private int findHeaderEnd(byte[] bs) {
         // Initial state true to deal with empty header
         boolean newline = true;     // just met a newline
@@ -1739,8 +1740,7 @@
                 NetscapeCertTypeExtension extn =
                         new NetscapeCertTypeExtension(encoded);
 
-                Boolean val = (Boolean)extn.get(
-                        NetscapeCertTypeExtension.OBJECT_SIGNING);
+                Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
                 if (!val) {
                     if (bad != null) {
                         bad[2] = true;
@@ -2054,7 +2054,7 @@
         ClassLoader appClassLoader = new URLClassLoader(urls);
 
         // attempt to find signer
-        Class signerClass = appClassLoader.loadClass(signerClassName);
+        Class<?> signerClass = appClassLoader.loadClass(signerClassName);
 
         // Check that it implements ContentSigner
         Object signer = signerClass.newInstance();
@@ -2297,9 +2297,7 @@
                     tsaUri = new URI(tsaUrl);
                 }
             } catch (URISyntaxException e) {
-                IOException ioe = new IOException();
-                ioe.initCause(e);
-                throw ioe;
+                throw new IOException(e);
             }
 
             // Assemble parameters for the signing mechanism
--- a/src/share/classes/sun/security/tools/KeyTool.java	Mon Aug 15 12:56:01 2011 -0700
+++ b/src/share/classes/sun/security/tools/KeyTool.java	Mon Aug 15 11:48:20 2011 -0700
@@ -1197,7 +1197,7 @@
                     new CertificateVersion(CertificateVersion.V3));
         info.set(X509CertInfo.ALGORITHM_ID,
                     new CertificateAlgorithmId(
-                        AlgorithmId.getAlgorithmId(sigAlgName)));
+                        AlgorithmId.get(sigAlgName)));
         info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
 
         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
@@ -1227,7 +1227,7 @@
         Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
         while (attrs.hasNext()) {
             PKCS10Attribute attr = attrs.next();
-            if (attr.getAttributeId().equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+            if (attr.getAttributeId().equals((Object)PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                 reqex = (CertificateExtensions)attr.getAttributeValue();
             }
         }
@@ -1266,7 +1266,7 @@
 
         Date firstDate = getStartDate(startDate);
         Date lastDate = (Date) firstDate.clone();
-        lastDate.setTime(lastDate.getTime() + (long)validity*1000*24*60*60);
+        lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
         CertificateValidity interval = new CertificateValidity(firstDate,
                                                                lastDate);
 
@@ -2093,8 +2093,9 @@
         CRLDistributionPointsExtension ext =
                 X509CertImpl.toImpl(cert).getCRLDistributionPointsExtension();
         if (ext == null) return crls;
-        for (DistributionPoint o: (List<DistributionPoint>)
-                ext.get(CRLDistributionPointsExtension.POINTS)) {