changeset 12612:d99c2ffdd0f1 jdk9-b79

Merge
author lana
date Thu, 20 Aug 2015 12:29:24 -0700
parents 3ac024fd10ea 3eccb33e612a
children b14d331596a8 59ff6cd9535d 0ce9c5e18508
files make/copy/Copy-jdk.hprof.agent.gmk make/lib/Lib-jdk.hprof.agent.gmk make/mapfiles/libhprof/mapfile-vers make/mapfiles/libjava_crw_demo/mapfile-vers src/jdk.deploy.osx/macosx/classes/apple/security/AppleProvider.java src/jdk.deploy.osx/macosx/classes/apple/security/KeychainStore.java src/jdk.deploy.osx/macosx/native/libosx/KeystoreImpl.m src/jdk.hprof.agent/aix/native/libhprof/porting_aix.c src/jdk.hprof.agent/aix/native/libhprof/porting_aix.h src/jdk.hprof.agent/share/classes/com/sun/demo/jvmti/hprof/Tracker.java src/jdk.hprof.agent/share/native/libhprof/README.txt src/jdk.hprof.agent/share/native/libhprof/debug_malloc.c src/jdk.hprof.agent/share/native/libhprof/debug_malloc.h src/jdk.hprof.agent/share/native/libhprof/hprof.h src/jdk.hprof.agent/share/native/libhprof/hprof_b_spec.h src/jdk.hprof.agent/share/native/libhprof/hprof_blocks.c src/jdk.hprof.agent/share/native/libhprof/hprof_blocks.h src/jdk.hprof.agent/share/native/libhprof/hprof_check.c src/jdk.hprof.agent/share/native/libhprof/hprof_check.h src/jdk.hprof.agent/share/native/libhprof/hprof_class.c src/jdk.hprof.agent/share/native/libhprof/hprof_class.h src/jdk.hprof.agent/share/native/libhprof/hprof_cpu.c src/jdk.hprof.agent/share/native/libhprof/hprof_cpu.h src/jdk.hprof.agent/share/native/libhprof/hprof_error.c src/jdk.hprof.agent/share/native/libhprof/hprof_error.h src/jdk.hprof.agent/share/native/libhprof/hprof_event.c src/jdk.hprof.agent/share/native/libhprof/hprof_event.h src/jdk.hprof.agent/share/native/libhprof/hprof_frame.c src/jdk.hprof.agent/share/native/libhprof/hprof_frame.h src/jdk.hprof.agent/share/native/libhprof/hprof_init.c src/jdk.hprof.agent/share/native/libhprof/hprof_init.h src/jdk.hprof.agent/share/native/libhprof/hprof_io.c src/jdk.hprof.agent/share/native/libhprof/hprof_io.h src/jdk.hprof.agent/share/native/libhprof/hprof_ioname.c src/jdk.hprof.agent/share/native/libhprof/hprof_ioname.h src/jdk.hprof.agent/share/native/libhprof/hprof_listener.c src/jdk.hprof.agent/share/native/libhprof/hprof_listener.h src/jdk.hprof.agent/share/native/libhprof/hprof_loader.c src/jdk.hprof.agent/share/native/libhprof/hprof_loader.h src/jdk.hprof.agent/share/native/libhprof/hprof_md.h src/jdk.hprof.agent/share/native/libhprof/hprof_monitor.c src/jdk.hprof.agent/share/native/libhprof/hprof_monitor.h src/jdk.hprof.agent/share/native/libhprof/hprof_object.c src/jdk.hprof.agent/share/native/libhprof/hprof_object.h src/jdk.hprof.agent/share/native/libhprof/hprof_reference.c src/jdk.hprof.agent/share/native/libhprof/hprof_reference.h src/jdk.hprof.agent/share/native/libhprof/hprof_site.c src/jdk.hprof.agent/share/native/libhprof/hprof_site.h src/jdk.hprof.agent/share/native/libhprof/hprof_stack.c src/jdk.hprof.agent/share/native/libhprof/hprof_stack.h src/jdk.hprof.agent/share/native/libhprof/hprof_string.c src/jdk.hprof.agent/share/native/libhprof/hprof_string.h src/jdk.hprof.agent/share/native/libhprof/hprof_table.c src/jdk.hprof.agent/share/native/libhprof/hprof_table.h src/jdk.hprof.agent/share/native/libhprof/hprof_tag.c src/jdk.hprof.agent/share/native/libhprof/hprof_tag.h src/jdk.hprof.agent/share/native/libhprof/hprof_tls.c src/jdk.hprof.agent/share/native/libhprof/hprof_tls.h src/jdk.hprof.agent/share/native/libhprof/hprof_trace.c src/jdk.hprof.agent/share/native/libhprof/hprof_trace.h src/jdk.hprof.agent/share/native/libhprof/hprof_tracker.c src/jdk.hprof.agent/share/native/libhprof/hprof_tracker.h src/jdk.hprof.agent/share/native/libhprof/hprof_util.c src/jdk.hprof.agent/share/native/libhprof/hprof_util.h src/jdk.hprof.agent/share/native/libhprof/jvm.hprof.txt src/jdk.hprof.agent/share/native/libhprof/manual.html src/jdk.hprof.agent/unix/native/libhprof/hprof_md.c src/jdk.hprof.agent/windows/native/libhprof/hprof_md.c
diffstat 186 files changed, 4807 insertions(+), 26481 deletions(-) [+]
line wrap: on
line diff
--- a/make/copy/Copy-jdk.hprof.agent.gmk	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include CopyCommon.gmk
-
-################################################################################
-
-HPROF_SRC := $(JDK_TOPDIR)/src/jdk.hprof.agent/share/native/libhprof/jvm.hprof.txt
-
-$(LIB_DST_DIR)/jvm.hprof.txt: $(HPROF_SRC)
-	$(call install-file)
-
-TARGETS := $(LIB_DST_DIR)/jvm.hprof.txt
-
-################################################################################
--- a/make/data/tzdata/VERSION	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/VERSION	Thu Aug 20 12:29:24 2015 -0700
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2015e
+tzdata2015f
--- a/make/data/tzdata/africa	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/africa	Thu Aug 20 12:29:24 2015 -0700
@@ -561,7 +561,7 @@
 
 # From Alex Krivenyshev (2008-07-11):
 # Seems that English language article "The revival of daylight saving
-# time: Energy conservation?"-# No. 16578 (07/11/2008) was originally
+# time: Energy conservation?"- No. 16578 (07/11/2008) was originally
 # published on Monday, June 30, 2008...
 #
 # I guess that article in French "Le gouvernement avance l'introduction
@@ -693,7 +693,7 @@
 # Here is a link to official document from Royaume du Maroc Premier Ministre,
 # Ministère de la Modernisation des Secteurs Publics
 #
-# Under Article 1 of Royal Decree No. 455-67 of Act 23 safar 1387 (2 june 1967)
+# Under Article 1 of Royal Decree No. 455-67 of Act 23 safar 1387 (2 June 1967)
 # concerning the amendment of the legal time, the Ministry of Modernization of
 # Public Sectors announced that the official time in the Kingdom will be
 # advanced 60 minutes from Sunday 31 May 2009 at midnight.
--- a/make/data/tzdata/asia	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/asia	Thu Aug 20 12:29:24 2015 -0700
@@ -29,7 +29,7 @@
 # tz@iana.org for general use in the future).  For more, please see
 # the file CONTRIBUTING in the tz distribution.
 
-# From Paul Eggert (2014-10-31):
+# From Paul Eggert (2015-08-08):
 #
 # Unless otherwise specified, the source for data through 1990 is:
 # Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
@@ -66,7 +66,7 @@
 #	2:00 EET  EEST	Eastern European Time
 #	2:00 IST  IDT	Israel
 #	3:00 AST  ADT	Arabia*
-#	3:30 IRST IRDT	Iran
+#	3:30 IRST IRDT	Iran*
 #	4:00 GST	Gulf*
 #	5:30 IST	India
 #	7:00 ICT	Indochina, most times and locations*
@@ -75,10 +75,11 @@
 #	8:00 CST	China
 #	8:00 IDT	Indochina, 1943-45, 1947-55, 1960-75 (some locations)*
 #	8:00 JWST	Western Standard Time (Japan, 1896/1937)*
+#	8:30 KST  KDT	Korea when at +0830*
 #	9:00 JCST	Central Standard Time (Japan, 1896/1937)
 #	9:00 WIT	east Indonesia (Waktu Indonesia Timur)
 #	9:00 JST  JDT	Japan
-#	9:00 KST  KDT	Korea
+#	9:00 KST  KDT	Korea when at +09
 #	9:30 ACST	Australian Central Standard Time
 #
 # See the 'europe' file for Russia and Turkey in Asia.
@@ -1050,7 +1051,7 @@
 #
 # From Roozbeh Pournader (2007-11-05):
 # This is quoted from Official Gazette of the Islamic Republic of
-# Iran, Volume 63, Number 18242, dated Tuesday 1386/6/24
+# Iran, Volume 63, No. 18242, dated Tuesday 1386/6/24
 # [2007-10-16]. I am doing the best translation I can:...
 # The official time of the country will be moved forward for one hour
 # on the 24 hours of the first day of the month of Farvardin and will
@@ -1580,7 +1581,7 @@
 # - Qyzylorda switched from +5:00 to +6:00 on 1992-01-19 02:00.
 # - Oral switched from +5:00 to +4:00 in spring 1989.
 
-# From Kazakhstan Embassy's News Bulletin #11
+# From Kazakhstan Embassy's News Bulletin No. 11
 # <http://www.kazsociety.org.uk/news/2005/03/30.htm> (2005-03-21):
 # The Government of Kazakhstan passed a resolution March 15 abolishing
 # daylight saving time citing lack of economic benefits and health
@@ -1734,6 +1735,17 @@
 #
 # For Pyongyang we have no information; guess no changes since World War II.
 
+# From Steffen Thorsen (2015-08-07):
+# According to many news sources, North Korea is going to change to
+# the 8:30 time zone on August 15, one example:
+# http://www.bbc.com/news/world-asia-33815049
+#
+# From Paul Eggert (2015-08-07):
+# No transition time is specified; assume 00:00.
+# There is no common English-language abbreviation for this time zone.
+# Use %z rather than invent one.  We can't assume %z works everywhere yet,
+# so for now substitute its output manually.
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Seoul	8:27:52	-	LMT	1908 Apr  1
 			8:30	-	KST	1912 Jan  1
@@ -1746,7 +1758,8 @@
 			8:30	-	KST	1912 Jan  1
 			9:00	-	JCST	1937 Oct  1
 			9:00	-	JST	1945 Aug 24
-			9:00	-	KST
+			9:00	-	KST	2015 Aug 15
+			8:30	-	KST
 
 ###############################################################################
 
--- a/make/data/tzdata/europe	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/europe	Thu Aug 20 12:29:24 2015 -0700
@@ -216,11 +216,14 @@
 #	republished in Finest Hour (Spring 2002) 1(114):26
 #	http://www.winstonchurchill.org/images/finesthour/Vol.01%20No.114.pdf
 
-# From Paul Eggert (1996-09-03):
+# From Paul Eggert (2015-08-08):
 # The OED Supplement says that the English originally said "Daylight Saving"
 # when they were debating the adoption of DST in 1908; but by 1916 this
 # term appears only in quotes taken from DST's opponents, whereas the
 # proponents (who eventually won the argument) are quoted as using "Summer".
+# The term "Summer Time" was introduced by Herbert Samuel, Home Secretary; see:
+# Viscount Samuel. Leisure in a Democracy. Cambridge University Press
+# ISBN 978-1-107-49471-8 (1949, reissued 2015), p 8.
 
 # From Arthur David Olson (1989-01-19):
 # A source at the British Information Office in New York avers that it's
@@ -366,7 +369,7 @@
 
 # From an anonymous contributor (1996-06-02):
 # The law governing time in Ireland is under Statutory Instrument SI 395/94,
-# which gives force to European Union 7th Council Directive # 94/21/EC.
+# which gives force to European Union 7th Council Directive No. 94/21/EC.
 # Under this directive, the Minister for Justice in Ireland makes appropriate
 # regulations. I spoke this morning with the Secretary of the Department of
 # Justice (tel +353 1 678 9711) who confirmed to me that the correct name is
@@ -615,11 +618,11 @@
 Rule	Russia	1921	only	-	Mar	20	23:00	2:00	MSM  # Midsummer
 Rule	Russia	1921	only	-	Sep	 1	 0:00	1:00	MSD
 Rule	Russia	1921	only	-	Oct	 1	 0:00	0	-
-# Act No.925 of the Council of Ministers of the USSR (1980-10-24):
+# Act No. 925 of the Council of Ministers of the USSR (1980-10-24):
 Rule	Russia	1981	1984	-	Apr	 1	 0:00	1:00	S
 Rule	Russia	1981	1983	-	Oct	 1	 0:00	0	-
-# Act No.967 of the Council of Ministers of the USSR (1984-09-13), repeated in
-# Act No.227 of the Council of Ministers of the USSR (1989-03-14):
+# Act No. 967 of the Council of Ministers of the USSR (1984-09-13), repeated in
+# Act No. 227 of the Council of Ministers of the USSR (1989-03-14):
 Rule	Russia	1984	1991	-	Sep	lastSun	 2:00s	0	-
 Rule	Russia	1985	1991	-	Mar	lastSun	 2:00s	1:00	S
 #
@@ -851,7 +854,7 @@
 # Bulgaria
 #
 # From Plamen Simenov via Steffen Thorsen (1999-09-09):
-# A document of Government of Bulgaria (No.94/1997) says:
+# A document of Government of Bulgaria (No. 94/1997) says:
 # EET -> EETDST is in 03:00 Local time in last Sunday of March ...
 # EETDST -> EET is in 04:00 Local time in last Sunday of October
 #
@@ -868,7 +871,7 @@
 			1:00	C-Eur	CE%sT	1945
 			1:00	-	CET	1945 Apr  2  3:00
 			2:00	-	EET	1979 Mar 31 23:00
-			2:00	Bulg	EE%sT	1982 Sep 26  2:00
+			2:00	Bulg	EE%sT	1982 Sep 26  3:00
 			2:00	C-Eur	EE%sT	1991
 			2:00	E-Eur	EE%sT	1997
 			2:00	EU	EE%sT
@@ -1085,8 +1088,8 @@
 # after that.
 
 # From Mart Oruaas (2000-01-29):
-# Regulation no. 301 (1999-10-12) obsoletes previous regulation
-# no. 206 (1998-09-22) and thus sticks Estonia to +02:00 GMT for all
+# Regulation No. 301 (1999-10-12) obsoletes previous regulation
+# No. 206 (1998-09-22) and thus sticks Estonia to +02:00 GMT for all
 # the year round.  The regulation is effective 1999-11-01.
 
 # From Toomas Soome (2002-02-21):
@@ -1107,7 +1110,7 @@
 			3:00	Russia	MSK/MSD	1989 Mar 26  2:00s
 			2:00	1:00	EEST	1989 Sep 24  2:00s
 			2:00	C-Eur	EE%sT	1998 Sep 22
-			2:00	EU	EE%sT	1999 Nov  1
+			2:00	EU	EE%sT	1999 Oct 31  4:00
 			2:00	-	EET	2002 Feb 21
 			2:00	EU	EE%sT
 
@@ -1550,21 +1553,21 @@
 # correct data in juridical acts and I found some juridical documents about
 # changes in the counting of time in Latvia from 1981....
 #
-# Act No.35 of the Council of Ministers of Latvian SSR of 1981-01-22 ...
-# according to the Act No.925 of the Council of Ministers of USSR of 1980-10-24
+# Act No. 35 of the Council of Ministers of Latvian SSR of 1981-01-22 ...
+# according to the Act No. 925 of the Council of Ministers of USSR of 1980-10-24
 # ...: all year round the time of 2nd time zone + 1 hour, in addition turning
 # the hands of the clock 1 hour forward on 1 April at 00:00 (GMT 31 March 21:00)
 # and 1 hour backward on the 1 October at 00:00 (GMT 30 September 20:00).
 #
-# Act No.592 of the Council of Ministers of Latvian SSR of 1984-09-24 ...
-# according to the Act No.967 of the Council of Ministers of USSR of 1984-09-13
+# Act No. 592 of the Council of Ministers of Latvian SSR of 1984-09-24 ...
+# according to the Act No. 967 of the Council of Ministers of USSR of 1984-09-13
 # ...: all year round the time of 2nd time zone + 1 hour, in addition turning
 # the hands of the clock 1 hour forward on the last Sunday of March at 02:00
 # (GMT 23:00 on the previous day) and 1 hour backward on the last Sunday of
 # September at 03:00 (GMT 23:00 on the previous day).
 #
-# Act No.81 of the Council of Ministers of Latvian SSR of 1989-03-22 ...
-# according to the Act No.227 of the Council of Ministers of USSR of 1989-03-14
+# Act No. 81 of the Council of Ministers of Latvian SSR of 1989-03-22 ...
+# according to the Act No. 227 of the Council of Ministers of USSR of 1989-03-14
 # ...: since the last Sunday of March 1989 in Lithuanian SSR, Latvian SSR,
 # Estonian SSR and Kaliningrad region of Russian Federation all year round the
 # time of 2nd time zone (Moscow time minus one hour). On the territory of Latvia
@@ -1581,7 +1584,7 @@
 # From Andrei Ivanov (2000-03-06):
 # This year Latvia will not switch to Daylight Savings Time (as specified in
 # The Regulations of the Cabinet of Ministers of the Rep. of Latvia of
-# 29-Feb-2000 (#79) <http://www.lv-laiks.lv/wwwraksti/2000/071072/vd4.htm>,
+# 29-Feb-2000 (No. 79) <http://www.lv-laiks.lv/wwwraksti/2000/071072/vd4.htm>,
 # in Latvian for subscribers only).
 
 # From RFE/RL Newsline
@@ -1786,6 +1789,18 @@
 # News from Moldova (in russian):
 # http://ru.publika.md/link_317061.html
 
+# From Roman Tudos (2015-07-02):
+# http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=355077
+# From Paul Eggert (2015-07-01):
+# The abovementioned official link to IGO1445-868/2014 states that
+# 2014-10-26's fallback transition occurred at 03:00 local time.  Also,
+# http://www.trm.md/en/social/la-30-martie-vom-trece-la-ora-de-vara
+# says the 2014-03-30 spring-forward transition was at 02:00 local time.
+# Guess that since 1997 Moldova has switched one hour before the EU.
+
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	Moldova	1997	max	-	Mar	lastSun	 2:00	1:00	S
+Rule	Moldova	1997	max	-	Oct	lastSun	 3:00	0	-
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Europe/Chisinau	1:55:20 -	LMT	1880
@@ -1800,7 +1815,7 @@
 			2:00	Russia	EE%sT	1992
 			2:00	E-Eur	EE%sT	1997
 # See Romania commentary for the guessed 1997 transition to EU rules.
-			2:00	EU	EE%sT
+			2:00	Moldova	EE%sT
 
 # Monaco
 # Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
@@ -2146,7 +2161,7 @@
 # Russia
 
 # From Alexander Krivenyshev (2011-09-15):
-# Based on last Russian Government Decree # 725 on August 31, 2011
+# Based on last Russian Government Decree No. 725 on August 31, 2011
 # (Government document
 # http://www.government.ru/gov/results/16355/print/
 # in Russian)
@@ -2156,7 +2171,7 @@
 # http://www.worldtimezone.com/dst_news/dst_news_russia36.htm
 
 # From Sanjeev Gupta (2011-09-27):
-# Scans of [Decree #23 of January 8, 1992] are available at:
+# Scans of [Decree No. 23 of January 8, 1992] are available at:
 # http://government.consultant.ru/page.aspx?1223966
 # They are in Cyrillic letters (presumably Russian).
 
@@ -2167,19 +2182,19 @@
 # One source is
 # http://government.ru/gov/results/16355/
 # which, according to translate.google.com, begins "Decree of August 31,
-# 2011 No 725" and contains no other dates or "effective date" information.
+# 2011 No. 725" and contains no other dates or "effective date" information.
 #
 # Another source is
 # http://www.rg.ru/2011/09/06/chas-zona-dok.html
 # which, according to translate.google.com, begins "Resolution of the
 # Government of the Russian Federation on August 31, 2011 N 725" and also
 # contains "Date first official publication: September 6, 2011 Posted on:
-# in the 'RG' - Federal Issue number 5573 September 6, 2011" but which
+# in the 'RG' - Federal Issue No. 5573 September 6, 2011" but which
 # does not contain any "effective date" information.
 #
 # Another source is
 # http://en.wikipedia.org/wiki/Oymyakonsky_District#cite_note-RuTime-7
-# which, in note 8, contains "Resolution #725 of August 31, 2011...
+# which, in note 8, contains "Resolution No. 725 of August 31, 2011...
 # Effective as of after 7 days following the day of the official publication"
 # but which does not contain any reference to September 6, 2011.
 #
@@ -2387,7 +2402,7 @@
 # changed in May.
 			 2:00	E-Eur	EE%sT	1994 May
 # From IATA SSIM (1994/1997), which also says that Kerch is still like Kiev.
-			 3:00	E-Eur	MSK/MSD	1996 Mar 31  3:00s
+			 3:00	E-Eur	MSK/MSD	1996 Mar 31  0:00s
 			 3:00	1:00	MSD	1996 Oct 27  3:00s
 # IATA SSIM (1997-09) says Crimea switched to EET/EEST.
 # Assume it happened in March by not changing the clocks.
@@ -2522,7 +2537,7 @@
 # from current Russia Zone 6 - Krasnoyarsk Time Zone (KRA) UTC +0700
 # to Russia Zone 5 - Novosibirsk Time Zone (NOV) UTC +0600
 #
-# This is according to Government of Russia decree # 740, on September
+# This is according to Government of Russia decree No. 740, on September
 # 14, 2009 "Application in the territory of the Kemerovo region the Fifth
 # time zone." ("Russia Zone 5" or old "USSR Zone 5" is GMT +0600)
 #
@@ -2945,7 +2960,7 @@
 Zone	Atlantic/Canary	-1:01:36 -	LMT	1922 Mar # Las Palmas de Gran C.
 			-1:00	-	CANT	1946 Sep 30  1:00 # Canaries T
 			 0:00	-	WET	1980 Apr  6  0:00s
-			 0:00	1:00	WEST	1980 Sep 28  0:00s
+			 0:00	1:00	WEST	1980 Sep 28  1:00u
 			 0:00	EU	WE%sT
 # IATA SSIM (1996-09) says the Canaries switch at 2:00u, not 1:00u.
 # Ignore this for now, as the Canaries are part of the EU.
@@ -3235,7 +3250,7 @@
 # From Igor Karpov, who works for the Ukrainian Ministry of Justice,
 # via Garrett Wollman (2003-01-27):
 # BTW, I've found the official document on this matter. It's government
-# regulations number 509, May 13, 1996. In my poor translation it says:
+# regulations No. 509, May 13, 1996. In my poor translation it says:
 # "Time in Ukraine is set to second timezone (Kiev time). Each last Sunday
 # of March at 3am the time is changing to 4am and each last Sunday of
 # October the time at 4am is changing to 3am"
@@ -3244,7 +3259,7 @@
 # On September 20, 2011 the deputies of the Verkhovna Rada agreed to
 # abolish the transfer clock to winter time.
 #
-# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got
+# Bill No. 8330 of MP from the Party of Regions Oleg Nadoshi got
 # approval from 266 deputies.
 #
 # Ukraine abolishes transfer back to the winter time (in Russian)
--- a/make/data/tzdata/leapseconds	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/leapseconds	Thu Aug 20 12:29:24 2015 -0700
@@ -79,5 +79,5 @@
 Leap	2012	Jun	30	23:59:60	+	S
 Leap	2015	Jun	30	23:59:60	+	S
 
-#	Updated through IERS Bulletin C49
-#	File expires on:  28 December 2015
+#	Updated through IERS Bulletin C50
+#	File expires on:  28 June 2016
--- a/make/data/tzdata/northamerica	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/northamerica	Thu Aug 20 12:29:24 2015 -0700
@@ -1258,10 +1258,19 @@
 
 # west Labrador, Nova Scotia, Prince Edward I
 
-# From Paul Eggert (2006-03-22):
+# From Brian Inglis (2015-07-20):
+# From the historical weather station records available at:
+# https://weatherspark.com/history/28351/1971/Sydney-Nova-Scotia-Canada
+# Sydney shares the same time history as Glace Bay, so was
+# likely to be the same across the island....
+# Sydney, as the capital and most populous location, or Cape Breton, would
+# have been better names for the zone had we known this in 1996.
+
+# From Paul Eggert (2015-07-20):
 # Shanks & Pottenger write that since 1970 most of this region has been like
 # Halifax.  Many locales did not observe peacetime DST until 1972;
-# Glace Bay, NS is the largest that we know of.
+# the Cape Breton area, represented by Glace Bay, is the largest we know of
+# (Glace Bay was perhaps not the best name choice but no point changing now).
 # Shanks & Pottenger also write that Liverpool, NS was the only town
 # in Canada to observe DST in 1971 but not 1970; for now we'll assume
 # this is a typo.
@@ -1819,13 +1828,13 @@
 # Exact date in October unknown; Sunday October 1 is a reasonable guess.
 # 3. June 1918: switch to Pacific Daylight Time (GMT-7)
 # Exact date in June unknown; Sunday June 2 is a reasonable guess.
-# note#1:
+# note 1:
 # On Oct 27/1918 when daylight saving ended in the rest of Canada,
 # Creston did not change its clocks.
-# note#2:
+# note 2:
 # During WWII when the Federal Government legislated a mandatory clock change,
 # Creston did not oblige.
-# note#3:
+# note 3:
 # There is no guarantee that Creston will remain on Mountain Standard Time
 # (UTC-7) forever.
 # The subject was debated at least once this year by the town Council.
--- a/make/data/tzdata/southamerica	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/southamerica	Thu Aug 20 12:29:24 2015 -0700
@@ -154,7 +154,7 @@
 # Timezone Law (which never was effectively applied) will (would?) be
 # in effect.... The article is at
 # http://ar.clarin.com/diario/2001-06-06/e-01701.htm
-# ... The Law itself is "Ley No 25155", sanctioned on 1999-08-25, enacted
+# ... The Law itself is "Ley No. 25155", sanctioned on 1999-08-25, enacted
 # 1999-09-17, and published 1999-09-21.  The official publication is at:
 # http://www.boletin.jus.gov.ar/BON/Primera/1999/09-Septiembre/21/PDF/BO21-09-99LEG.PDF
 # Regretfully, you have to subscribe (and pay) for the on-line version....
@@ -198,15 +198,11 @@
 # http://www.worldtimezone.com/dst_news/dst_news_argentina03.html
 # http://www.impulsobaires.com.ar/nota.php?id=57832 (in spanish)
 
-# From Rodrigo Severo (2008-10-06):
-# Here is some info available at a Gentoo bug related to TZ on Argentina's DST:
-# ...
-# ------- Comment #1 from [jmdocile]  2008-10-06 16:28 0000 -------
-# Hi, there is a problem with timezone-data-2008e and maybe with
-# timezone-data-2008f
-# Argentinian law [Number] 25.155 is no longer valid.
+# From Juan Manuel Docile in https://bugs.gentoo.org/240339 (2008-10-07)
+# via Rodrigo Severo:
+# Argentinian law No. 25.155 is no longer valid.
 # http://www.infoleg.gov.ar/infolegInternet/anexos/60000-64999/60036/norma.htm
-# The new one is law [Number] 26.350
+# The new one is law No. 26.350
 # http://www.infoleg.gov.ar/infolegInternet/anexos/135000-139999/136191/norma.htm
 # So there is no summer time in Argentina for now.
 
@@ -794,7 +790,7 @@
 #	 [ and in a second message (same day): ]
 # I found the decree.
 #
-# DECRETO No- 7.584, DE 13 DE OUTUBRO DE 2011
+# DECRETO No. 7.584, DE 13 DE OUTUBRO DE 2011
 # Link :
 # http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
 
@@ -1148,7 +1144,7 @@
 # Conflicts between [1] and [2] were resolved as follows:
 #
 #  - [1] says the 1910 transition was Jan 1, [2] says Jan 10 and cites
-#    Boletín Nº 1, Aviso Nº 1 (1910).  Go with [2].
+#    Boletín No. 1, Aviso No. 1 (1910).  Go with [2].
 #
 #  - [1] says SMT was -4:42:45, [2] says Chile's official time from
 #    1916 to 1919 was -4:42:46.3, the meridian of Chile's National
@@ -1156,7 +1152,7 @@
 #    Quinta Normal in Santiago.  Go with [2], rounding it to -4:42:46.
 #
 #  - [1] says the 1918 transition was Sep 1, [2] says Sep 10 and cites
-#    Boletín Nº 22, Aviso Nº 129/1918 (1918-08-23).  Go with [2].
+#    Boletín No. 22, Aviso No. 129/1918 (1918-08-23).  Go with [2].
 #
 #  - [1] does not give times for transitions; assume they occur
 #    at midnight mainland time, the current common practice.  However,
@@ -1556,7 +1552,7 @@
 # (1999-09) reports no date; go with above sources and Gerd Knops (2001-02-27).
 Rule	Para	1998	2001	-	Mar	Sun>=1	0:00	0	-
 # From Rives McDow (2002-02-28):
-# A decree was issued in Paraguay (no. 16350) on 2002-02-26 that changed the
+# A decree was issued in Paraguay (No. 16350) on 2002-02-26 that changed the
 # dst method to be from the first Sunday in September to the first Sunday in
 # April.
 Rule	Para	2002	2004	-	Apr	Sun>=1	0:00	0	-
@@ -1736,8 +1732,19 @@
 Rule	Uruguay	2006	only	-	Mar	12	 2:00	0	-
 # From Jesper Nørgaard Welen (2006-09-06):
 # http://www.presidencia.gub.uy/_web/decretos/2006/09/CM%20210_08%2006%202006_00001.PDF
-Rule	Uruguay	2006	max	-	Oct	Sun>=1	 2:00	1:00	S
-Rule	Uruguay	2007	max	-	Mar	Sun>=8	 2:00	0	-
+#
+# From Steffen Thorsen (2015-06-30):
+# ... it looks like they will not be using DST the coming summer:
+# http://www.elobservador.com.uy/gobierno-resolvio-que-no-habra-cambio-horario-verano-n656787
+# http://www.republica.com.uy/este-ano-no-se-modificara-el-huso-horario-en-uruguay/523760/
+# From Paul Eggert (2015-06-30):
+# Apparently restaurateurs complained that DST caused people to go to the beach
+# instead of out to dinner.
+# From Pablo Camargo (2015-07-13):
+# http://archivo.presidencia.gub.uy/sci/decretos/2015/06/cons_min_201.pdf
+# [dated 2015-06-29; repeals Decree 311/006 dated 2006-09-04]
+Rule	Uruguay	2006	2014	-	Oct	Sun>=1	 2:00	1:00	S
+Rule	Uruguay	2007	2015	-	Mar	Sun>=8	 2:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone America/Montevideo	-3:44:44 -	LMT	1898 Jun 28
 			-3:44:44 -	MMT	1920 May  1 # Montevideo MT
@@ -1746,6 +1753,10 @@
 
 # Venezuela
 #
+# From Paul Eggert (2015-07-28):
+# For the 1965 transition see Gaceta Oficial No. 27.619 (1964-12-15), p 205.533
+# http://www.pgr.gob.ve/dmdocuments/1964/27619.pdf
+#
 # From John Stainforth (2007-11-28):
 # ... the change for Venezuela originally expected for 2007-12-31 has
 # been brought forward to 2007-12-09.  The official announcement was
@@ -1757,6 +1768,6 @@
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	America/Caracas	-4:27:44 -	LMT	1890
 			-4:27:40 -	CMT	1912 Feb 12 # Caracas Mean Time?
-			-4:30	-	VET	1965        # Venezuela Time
+			-4:30	-	VET	1965 Jan  1  0:00 # Venezuela T.
 			-4:00	-	VET	2007 Dec  9  3:00
 			-4:30	-	VET
--- a/make/data/tzdata/zone.tab	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/data/tzdata/zone.tab	Thu Aug 20 12:29:24 2015 -0700
@@ -129,8 +129,8 @@
 BY	+5354+02734	Europe/Minsk
 BZ	+1730-08812	America/Belize
 CA	+4734-05243	America/St_Johns	Newfoundland Time, including SE Labrador
-CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (most places), PEI
-CA	+4612-05957	America/Glace_Bay	Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971
+CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (peninsula), PEI
+CA	+4612-05957	America/Glace_Bay	Atlantic Time - Nova Scotia (Cape Breton)
 CA	+4606-06447	America/Moncton	Atlantic Time - New Brunswick
 CA	+5320-06025	America/Goose_Bay	Atlantic Time - Labrador - most locations
 CA	+5125-05707	America/Blanc-Sablon	Atlantic Standard Time - Quebec - Lower North Shore
--- a/make/lib/Lib-java.base.gmk	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/lib/Lib-java.base.gmk	Thu Aug 20 12:29:24 2015 -0700
@@ -32,3 +32,4 @@
 include CoreLibraries.gmk
 include NetworkingLibraries.gmk
 include NioLibraries.gmk
+include SecurityLibraries.gmk
--- a/make/lib/Lib-jdk.deploy.osx.gmk	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/lib/Lib-jdk.deploy.osx.gmk	Thu Aug 20 12:29:24 2015 -0700
@@ -80,7 +80,6 @@
           -framework ApplicationServices \
           -framework JavaNativeFoundation \
           -framework JavaRuntimeSupport \
-          -framework Security \
           -framework SystemConfiguration \
           $(LDFLAGS_JDKLIB_SUFFIX), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libosx, \
--- a/make/lib/Lib-jdk.hprof.agent.gmk	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LibCommon.gmk
-
-################################################################################
-
-BUILD_LIBHPROF_SRC := $(call FindSrcDirsForLib, jdk.hprof.agent, hprof)
-
-BUILD_LIBHPROF_CFLAGS := $(addprefix -I, $(BUILD_LIBHPROF_SRC)) \
-    -I$(JDK_TOPDIR)/src/demo/share/jvmti/java_crw_demo
-
-BUILD_LIBHPROF_LDFLAGS :=
-
-LIBHPROF_OPTIMIZATION := HIGHEST
-ifneq ($(findstring $(OPENJDK_TARGET_OS), solaris linux), )
-  ifeq ($(ENABLE_DEBUG_SYMBOLS), true)
-    LIBHPROF_OPTIMIZATION := LOW
-  endif
-endif
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBHPROF, \
-    LIBRARY := hprof, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(BUILD_LIBHPROF_SRC), \
-    OPTIMIZATION := $(LIBHPROF_OPTIMIZATION), \
-    CFLAGS := $(CFLAGS_JDKLIB) \
-        $(BUILD_LIBHPROF_CFLAGS), \
-    CFLAGS_debug := -DHPROF_LOGGING, \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libhprof/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_windows := wsock32.lib winmm.lib advapi32.lib, \
-    LDFLAGS_SUFFIX_linux := $(LIBDL), \
-    LDFLAGS_SUFFIX_macosx := $(LIBDL), \
-    LDFLAGS_SUFFIX_solaris := -lsocket -lnsl $(LIBDL) -lc, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=hprof.dll" \
-        -D "JDK_INTERNAL_NAME=hprof" \
-        -D "JDK_FTYPE=0x2L", \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libhprof_jvmti, \
-    DEBUG_SYMBOLS := true))
-
-TARGETS += $(BUILD_LIBHPROF)
-
-################################################################################
-
-LIBJAVA_CRW_DEMO_SRC := $(JDK_TOPDIR)/src/demo/share/jvmti/java_crw_demo
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBJAVA_CRW_DEMO, \
-    LIBRARY := java_crw_demo, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(LIBJAVA_CRW_DEMO_SRC), \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(CFLAGS_JDKLIB) \
-        $(addprefix -I, $(LIBJAVA_CRW_DEMO_SRC)), \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjava_crw_demo/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_SUFFIX_solaris := -lc, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=java_crw_demo.dll" \
-        -D "JDK_INTERNAL_NAME=java_crw_demo" \
-        -D "JDK_FTYPE=0x2L", \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjava_crw_demo, \
-    DEBUG_SYMBOLS := true))
-
-TARGETS += $(BUILD_LIBJAVA_CRW_DEMO)
-
-################################################################################
--- a/make/lib/NioLibraries.gmk	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/lib/NioLibraries.gmk	Thu Aug 20 12:29:24 2015 -0700
@@ -69,9 +69,6 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBNIO_CFLAGS), \
-    DISABLED_WARNINGS_gcc := type-limits, \
-    DISABLED_WARNINGS_clang := tautological-compare, \
-    DISABLED_WARNINGS_microsoft := 4244 4996, \
     MAPFILE := $(BUILD_LIBNIO_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(BUILD_LIBNIO_LDFLAGS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/lib/SecurityLibraries.gmk	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,63 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LibCommon.gmk
+
+ifeq ($(OPENJDK_TARGET_OS), macosx)
+
+  ################################################################################
+
+  LIBOSXSECURITY_DIRS := $(JDK_TOPDIR)/src/java.base/macosx/native/libosxsecurity
+  LIBOSXSECURITY_CFLAGS := -I$(LIBOSXSECURITY_DIRS) \
+      $(LIBJAVA_HEADER_FLAGS) \
+      -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
+
+  $(eval $(call SetupNativeCompilation,BUILD_LIBOSXSECURITY, \
+      LIBRARY := osxsecurity, \
+      OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
+      SRC := $(LIBOSXSECURITY_DIRS), \
+      OPTIMIZATION := LOW, \
+      CFLAGS := $(CFLAGS_JDKLIB) \
+          $(LIBOSXSECURITY_CFLAGS), \
+      DISABLED_WARNINGS_clang := deprecated-declarations, \
+      LDFLAGS := $(LDFLAGS_JDKLIB) \
+          -L$(SUPPORT_OUTPUTDIR)/modules_libs/java.base \
+          $(call SET_SHARED_LIBRARY_ORIGIN), \
+      LDFLAGS_SUFFIX_macosx := \
+          -fobjc-link-runtime \
+          -framework JavaNativeFoundation \
+          -framework CoreServices \
+          -framework Security \
+          $(LDFLAGS_JDKLIB_SUFFIX), \
+      OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libosxsecurity, \
+      DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
+
+  $(BUILD_LIBOSXSECURITY): $(BUILD_LIBJAVA)
+
+  TARGETS += $(BUILD_LIBOSXSECURITY)
+
+  ################################################################################
+
+endif
--- a/make/mapfiles/libhprof/mapfile-vers	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define public interface.
-
-SUNWprivate_1.1 {
-	global:
-	    Agent_OnLoad;
-	    Agent_OnUnload;
-	local:
-	    *;
-};
--- a/make/mapfiles/libjava_crw_demo/mapfile-vers	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define public interface.
-
-SUNWprivate_1.1 {
-	global:
-	    java_crw_demo;
-	    java_crw_demo_classname;
-	local:
-	    *;
-};
--- a/make/src/classes/build/tools/module/boot.modules	Thu Aug 20 11:38:21 2015 -0700
+++ b/make/src/classes/build/tools/module/boot.modules	Thu Aug 20 12:29:24 2015 -0700
@@ -19,7 +19,6 @@
 jdk.charsets
 jdk.deploy
 jdk.deploy.osx
-jdk.hprof.agent
 jdk.httpserver
 jdk.jfr
 jdk.management
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/aix/native/libjava/ProcessHandleImpl_aix.c	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include "jni.h"
+
+#include "ProcessHandleImpl_unix.h"
+
+#include <sys/procfs.h>
+
+/*
+ * Implementation of native ProcessHandleImpl functions for AIX.
+ * See ProcessHandleImpl_unix.c for more details.
+ */
+
+void os_initNative(JNIEnv *env, jclass clazz) {}
+
+jint os_getChildren(JNIEnv *env, jlong jpid, jlongArray jarray,
+                    jlongArray jparentArray, jlongArray jstimesArray) {
+    return unix_getChildren(env, jpid, jarray, jparentArray, jstimesArray);
+}
+
+pid_t os_getParentPidAndTimings(JNIEnv *env, pid_t pid, jlong *total, jlong *start) {
+    return unix_getParentPidAndTimings(env, pid, total, start);
+}
+
+void os_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
+    unix_getCmdlineAndUserInfo(env, jinfo, pid);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/linux/native/libjava/ProcessHandleImpl_linux.c	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include "jni.h"
+#include "jni_util.h"
+#include "java_lang_ProcessHandleImpl.h"
+#include "java_lang_ProcessHandleImpl_Info.h"
+
+#include "ProcessHandleImpl_unix.h"
+
+
+#include <fcntl.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <string.h>
+#include <ctype.h>
+
+/*
+ * Implementation of native ProcessHandleImpl functions for Linux.
+ * See ProcessHandleImpl_unix.c for more details.
+ */
+
+/* Signatures for internal OS specific functions. */
+static long long getBoottime(JNIEnv *env);
+
+/* A static offset in milliseconds since boot. */
+static long long bootTime_ms;
+static long clock_ticks_per_second;
+static int pageSize;
+
+void os_initNative(JNIEnv *env, jclass clazz) {
+    bootTime_ms = getBoottime(env);
+    clock_ticks_per_second = sysconf(_SC_CLK_TCK);
+    pageSize = sysconf(_SC_PAGESIZE);
+}
+
+jint os_getChildren(JNIEnv *env, jlong jpid, jlongArray jarray,
+                    jlongArray jparentArray, jlongArray jstimesArray) {
+    return unix_getChildren(env, jpid, jarray, jparentArray, jstimesArray);
+}
+
+/**
+ * Read /proc/<pid>/stat and return the ppid, total cputime and start time.
+ * -1 is fail;  >=  0 is parent pid
+ * 'total' will contain the running time of 'pid' in nanoseconds.
+ * 'start' will contain the start time of 'pid' in milliseconds since epoch.
+ */
+pid_t os_getParentPidAndTimings(JNIEnv *env, pid_t pid,
+                                jlong *totalTime, jlong* startTime) {
+    FILE* fp;
+    char buffer[2048];
+    int statlen;
+    char fn[32];
+    char* s;
+    int parentPid;
+    long unsigned int utime = 0;      // clock tics
+    long unsigned int stime = 0;      // clock tics
+    long long unsigned int start = 0; // microseconds
+
+    /*
+     * Try to stat and then open /proc/%d/stat
+     */
+    snprintf(fn, sizeof fn, "/proc/%d/stat", pid);
+
+    fp = fopen(fn, "r");
+    if (fp == NULL) {
+        return -1;              // fail, no such /proc/pid/stat
+    }
+
+    /*
+     * The format is: pid (command) state ppid ...
+     * As the command could be anything we must find the right most
+     * ")" and then skip the white spaces that follow it.
+     */
+    statlen = fread(buffer, 1, (sizeof buffer - 1), fp);
+    fclose(fp);
+    if (statlen < 0) {
+        return -1;               // parent pid is not available
+    }
+
+    buffer[statlen] = '\0';
+    s = strchr(buffer, '(');
+    if (s == NULL) {
+        return -1;               // parent pid is not available
+    }
+    // Found start of command, skip to end
+    s++;
+    s = strrchr(s, ')');
+    if (s == NULL) {
+        return -1;               // parent pid is not available
+    }
+    s++;
+
+    // Scan the needed fields from status, retaining only ppid(4),
+    // utime (14), stime(15), starttime(22)
+    if (4 != sscanf(s, " %*c %d %*d %*d %*d %*d %*d %*u %*u %*u %*u %lu %lu %*d %*d %*d %*d %*d %*d %llu",
+            &parentPid, &utime, &stime, &start)) {
+        return 0;              // not all values parsed; return error
+    }
+
+    *totalTime = (utime + stime) * (jlong)(1000000000 / clock_ticks_per_second);
+
+    *startTime = bootTime_ms + ((start * 1000) / clock_ticks_per_second);
+
+    return parentPid;
+}
+
+void os_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
+    int fd;
+    int cmdlen = 0;
+    char *cmdline = NULL, *cmdEnd = NULL; // used for command line args and exe
+    char *args = NULL;
+    jstring cmdexe = NULL;
+    char fn[32];
+    struct stat stat_buf;
+
+    /*
+     * Try to open /proc/<pid>/cmdline
+     */
+    snprintf(fn, sizeof fn, "/proc/%d/cmdline", pid);
+    if ((fd = open(fn, O_RDONLY)) < 0) {
+        return;
+    }
+
+    if (fstat(fd, &stat_buf) == 0) {
+        unix_getUserInfo(env, jinfo, stat_buf.st_uid);
+    }
+
+    do {                // Block to break out of on errors
+        int i, truncated = 0;
+        int count;
+        char *s;
+
+        /*
+         * The path name read by readlink() is limited to PATH_MAX characters.
+         * The content of /proc/<pid>/cmdline is limited to PAGE_SIZE characters.
+         */
+        cmdline = (char*)malloc((PATH_MAX > pageSize ? PATH_MAX : pageSize) + 1);
+        if (cmdline == NULL) {
+            break;
+        }
+
+        /*
+         * On Linux, the full path to the executable command is the link in
+         * /proc/<pid>/exe. But it is only readable for processes we own.
+         */
+        snprintf(fn, sizeof fn, "/proc/%d/exe", pid);
+        if ((cmdlen = readlink(fn, cmdline, PATH_MAX)) > 0) {
+            // null terminate and create String to store for command
+            cmdline[cmdlen] = '\0';
+            cmdexe = JNU_NewStringPlatform(env, cmdline);
+            (*env)->ExceptionClear(env);        // unconditionally clear any exception
+        }
+
+        /*
+         * The command-line arguments appear as a set of strings separated by
+         * null bytes ('\0'), with a further null byte after the last
+         * string. The last string is only null terminated if the whole command
+         * line is not exceeding (PAGE_SIZE - 1) characters.
+         */
+        cmdlen = 0;
+        s = cmdline;
+        while ((count = read(fd, s, pageSize - cmdlen)) > 0) {
+            cmdlen += count;
+            s += count;
+        }
+        if (count < 0) {
+            break;
+        }
+        // We have to null-terminate because the process may have changed argv[]
+        // or because the content in /proc/<pid>/cmdline is truncated.
+        cmdline[cmdlen] = '\0';
+        if (cmdlen == pageSize && cmdline[pageSize - 1] != '\0') {
+            truncated = 1;
+        } else if (cmdlen == 0) {
+            // /proc/<pid>/cmdline was empty. This usually happens for kernel processes
+            // like '[kthreadd]'. We could try to read /proc/<pid>/comm in the future.
+        }
+        if (cmdlen > 0 && (cmdexe == NULL || truncated)) {
+            // We have no exact command or the arguments are truncated.
+            // In this case we save the command line from /proc/<pid>/cmdline.
+            args = (char*)malloc(pageSize + 1);
+            if (args != NULL) {
+                memcpy(args, cmdline, cmdlen + 1);
+                for (i = 0; i < cmdlen; i++) {
+                    if (args[i] == '\0') {
+                        args[i] = ' ';
+                    }
+                }
+            }
+        }
+        i = 0;
+        if (!truncated) {
+            // Count the arguments
+            cmdEnd = &cmdline[cmdlen];
+            for (s = cmdline; *s != '\0' && (s < cmdEnd); i++) {
+                s += strnlen(s, (cmdEnd - s)) + 1;
+            }
+        }
+        unix_fillArgArray(env, jinfo, i, cmdline, cmdEnd, cmdexe, args);
+    } while (0);
+
+    if (cmdline != NULL) {
+        free(cmdline);
+    }
+    if (args != NULL) {
+        free(args);
+    }
+    if (fd >= 0) {
+        close(fd);
+    }
+}
+
+/**
+ * Read the boottime from /proc/stat.
+ */
+static long long getBoottime(JNIEnv *env) {
+    FILE *fp;
+    char *line = NULL;
+    size_t len = 0;
+    long long bootTime = 0;
+
+    fp = fopen("/proc/stat", "r");
+    if (fp == NULL) {
+        return -1;
+    }
+
+    while (getline(&line, &len, fp) != -1) {
+        if (sscanf(line, "btime %llu", &bootTime) == 1) {
+            break;
+        }
+    }
+    free(line);
+
+    if (fp != 0) {
+        fclose(fp);
+    }
+
+    return bootTime * 1000;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/classes/apple/security/AppleProvider.java	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package apple.security;
+
+import java.security.*;
+
+/**
+ * The Apple Security Provider.
+ */
+
+/**
+ * Defines the Apple provider.
+ *
+ * This provider only exists to provide access to the Apple keychain-based KeyStore implementation
+ */
+@SuppressWarnings("serial") // JDK implementation class
+public final class AppleProvider extends Provider {
+
+    private static final String info = "Apple Provider";
+
+    private static final class ProviderService extends Provider.Service {
+        ProviderService(Provider p, String type, String algo, String cn) {
+            super(p, type, algo, cn, null, null);
+        }
+
+        @Override
+        public Object newInstance(Object ctrParamObj)
+            throws NoSuchAlgorithmException {
+            String type = getType();
+            if (ctrParamObj != null) {
+                throw new InvalidParameterException
+                    ("constructorParameter not used with " + type + " engines");
+            }
+
+            String algo = getAlgorithm();
+            try {
+                if (type.equals("KeyStore")) {
+                    if (algo.equals("KeychainStore")) {
+                        return new KeychainStore();
+                    }
+                }
+            } catch (Exception ex) {
+                throw new NoSuchAlgorithmException("Error constructing " +
+                    type + " for " + algo + " using Apple", ex);
+            }
+            throw new ProviderException("No impl for " + algo +
+                " " + type);
+        }
+    }
+
+
+    public AppleProvider() {
+        /* We are the Apple provider */
+        super("Apple", 1.9d, info);
+
+        final Provider p = this;
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                putService(new ProviderService(p, "KeyStore",
+                           "KeychainStore", "apple.security.KeychainStore"));
+                return null;
+            }
+        });
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,1149 @@
+/*
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package apple.security;
+
+import java.io.*;
+import java.security.*;
+import java.security.cert.*;
+import java.security.cert.Certificate;
+import java.security.spec.*;
+import java.util.*;
+
+import javax.crypto.*;
+import javax.crypto.spec.*;
+import javax.security.auth.x500.*;
+
+import sun.security.pkcs.*;
+import sun.security.pkcs.EncryptedPrivateKeyInfo;
+import sun.security.util.*;
+import sun.security.x509.*;
+
+/**
+ * This class provides the keystore implementation referred to as "KeychainStore".
+ * It uses the current user's keychain as its backing storage, and does NOT support
+ * a file-based implementation.
+ */
+
+public final class KeychainStore extends KeyStoreSpi {
+
+    // Private keys and their supporting certificate chains
+    // If a key came from the keychain it has a SecKeyRef and one or more
+    // SecCertificateRef.  When we delete the key we have to delete all of the corresponding
+    // native objects.
+    class KeyEntry {
+        Date date; // the creation date of this entry
+        byte[] protectedPrivKey;
+        char[] password;
+        long keyRef;  // SecKeyRef for this key
+        Certificate chain[];
+        long chainRefs[];  // SecCertificateRefs for this key's chain.
+    };
+
+    // Trusted certificates
+    class TrustedCertEntry {
+        Date date; // the creation date of this entry
+
+        Certificate cert;
+        long certRef;  // SecCertificateRef for this key
+    };
+
+    /**
+     * Entries that have been deleted.  When something calls engineStore we'll
+     * remove them from the keychain.
+     */
+    private Hashtable<String, Object> deletedEntries = new Hashtable<>();
+
+    /**
+     * Entries that have been added.  When something calls engineStore we'll
+     * add them to the keychain.
+     */
+    private Hashtable<String, Object> addedEntries = new Hashtable<>();
+
+    /**
+     * Private keys and certificates are stored in a hashtable.
+     * Hash entries are keyed by alias names.
+     */
+    private Hashtable<String, Object> entries = new Hashtable<>();
+
+    /**
+     * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
+     */
+    private static final int keyBag[]  = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
+    private static final int pbeWithSHAAnd3KeyTripleDESCBC[] =     {1, 2, 840, 113549, 1, 12, 1, 3};
+    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
+    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
+
+    /**
+     * Constnats used in PBE decryption.
+     */
+    private static final int iterationCount = 1024;
+    private static final int SALT_LEN = 20;
+
+    static {
+        AccessController.doPrivileged(
+            new PrivilegedAction<Void>() {
+                public Void run() {
+                    System.loadLibrary("osxsecurity");
+                    return null;
+                }
+            });
+        try {
+            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
+            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
+        } catch (IOException ioe) {
+            // should not happen
+        }
+    }
+
+    private static void permissionCheck() {
+        SecurityManager sec = System.getSecurityManager();
+
+        if (sec != null) {
+            sec.checkPermission(new RuntimePermission("useKeychainStore"));
+        }
+    }
+
+
+    /**
+     * Verify the Apple provider in the constructor.
+     *
+     * @exception SecurityException if fails to verify
+     * its own integrity
+     */
+    public KeychainStore() { }
+
+    /**
+        * Returns the key associated with the given alias, using the given
+     * password to recover it.
+     *
+     * @param alias the alias name
+     * @param password the password for recovering the key. This password is
+     *        used internally as the key is exported in a PKCS12 format.
+     *
+     * @return the requested key, or null if the given alias does not exist
+     * or does not identify a <i>key entry</i>.
+     *
+     * @exception NoSuchAlgorithmException if the algorithm for recovering the
+     * key cannot be found
+     * @exception UnrecoverableKeyException if the key cannot be recovered
+     * (e.g., the given password is wrong).
+     */
+    public Key engineGetKey(String alias, char[] password)
+        throws NoSuchAlgorithmException, UnrecoverableKeyException
+    {
+        permissionCheck();
+
+        // An empty password is rejected by MacOS API, no private key data
+        // is exported. If no password is passed (as is the case when
+        // this implementation is used as browser keystore in various
+        // deployment scenarios like Webstart, JFX and applets), create
+        // a dummy password so MacOS API is happy.
+        if (password == null || password.length == 0) {
+            // Must not be a char array with only a 0, as this is an empty
+            // string.
+            if (random == null) {
+                random = new SecureRandom();
+            }
+            password = Long.toString(random.nextLong()).toCharArray();
+        }
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry == null || !(entry instanceof KeyEntry)) {
+            return null;
+        }
+
+        // This call gives us a PKCS12 bag, with the key inside it.
+        byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry)entry).keyRef, password);
+        if (exportedKeyInfo == null) {
+            return null;
+        }
+
+        PrivateKey returnValue = null;
+
+        try {
+            byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
+            byte[] encryptedKey;
+            AlgorithmParameters algParams;
+            ObjectIdentifier algOid;
+            try {
+                // get the encrypted private key
+                EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
+                encryptedKey = encrInfo.getEncryptedData();
+
+                // parse Algorithm parameters
+                DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
+                DerInputStream in = val.toDerInputStream();
+                algOid = in.getOID();
+                algParams = parseAlgParameters(in);
+
+            } catch (IOException ioe) {
+                UnrecoverableKeyException uke =
+                new UnrecoverableKeyException("Private key not stored as "
+                                              + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
+                uke.initCause(ioe);
+                throw uke;
+            }
+
+            // Use JCE to decrypt the data using the supplied password.
+            SecretKey skey = getPBEKey(password);
+            Cipher cipher = Cipher.getInstance(algOid.toString());
+            cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
+            byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
+            PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
+
+             // Parse the key algorithm and then use a JCA key factory to create the private key.
+            DerValue val = new DerValue(decryptedPrivateKey);
+            DerInputStream in = val.toDerInputStream();
+
+            // Ignore this -- version should be 0.
+            int i = in.getInteger();
+
+            // Get the Algorithm ID next
+            DerValue[] value = in.getSequence(2);
+            AlgorithmId algId = new AlgorithmId(value[0].getOID());
+            String algName = algId.getName();
+
+            // Get a key factory for this algorithm.  It's likely to be 'RSA'.
+            KeyFactory kfac = KeyFactory.getInstance(algName);
+            returnValue = kfac.generatePrivate(kspec);
+        } catch (Exception e) {
+            UnrecoverableKeyException uke =
+            new UnrecoverableKeyException("Get Key failed: " +
+                                          e.getMessage());
+            uke.initCause(e);
+            throw uke;
+        }
+
+        return returnValue;
+    }
+
+    private native byte[] _getEncodedKeyData(long secKeyRef, char[] password);
+
+    /**
+     * Returns the certificate chain associated with the given alias.
+     *
+     * @param alias the alias name
+     *
+     * @return the certificate chain (ordered with the user's certificate first
+                                      * and the root certificate authority last), or null if the given alias
+     * does not exist or does not contain a certificate chain (i.e., the given
+                                                               * alias identifies either a <i>trusted certificate entry</i> or a
+                                                               * <i>key entry</i> without a certificate chain).
+     */
+    public Certificate[] engineGetCertificateChain(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null && entry instanceof KeyEntry) {
+            if (((KeyEntry)entry).chain == null) {
+                return null;
+            } else {
+                return ((KeyEntry)entry).chain.clone();
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Returns the certificate associated with the given alias.
+     *
+     * <p>If the given alias name identifies a
+     * <i>trusted certificate entry</i>, the certificate associated with that
+     * entry is returned. If the given alias name identifies a
+     * <i>key entry</i>, the first element of the certificate chain of that
+     * entry is returned, or null if that entry does not have a certificate
+     * chain.
+     *
+     * @param alias the alias name
+     *
+     * @return the certificate, or null if the given alias does not exist or
+     * does not contain a certificate.
+     */
+    public Certificate engineGetCertificate(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null) {
+            if (entry instanceof TrustedCertEntry) {
+                return ((TrustedCertEntry)entry).cert;
+            } else {
+                KeyEntry ke = (KeyEntry)entry;
+                if (ke.chain == null || ke.chain.length == 0) {
+                    return null;
+                }
+                return ke.chain[0];
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+        * Returns the creation date of the entry identified by the given alias.
+     *
+     * @param alias the alias name
+     *
+     * @return the creation date of this entry, or null if the given alias does
+     * not exist
+     */
+    public Date engineGetCreationDate(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null) {
+            if (entry instanceof TrustedCertEntry) {
+                return new Date(((TrustedCertEntry)entry).date.getTime());
+            } else {
+                return new Date(((KeyEntry)entry).date.getTime());
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+        * Assigns the given key to the given alias, protecting it with the given
+     * password.
+     *
+     * <p>If the given key is of type <code>java.security.PrivateKey</code>,
+     * it must be accompanied by a certificate chain certifying the
+     * corresponding public key.
+     *
+     * <p>If the given alias already exists, the keystore information
+     * associated with it is overridden by the given key (and possibly
+                                                          * certificate chain).
+     *
+     * @param alias the alias name
+     * @param key the key to be associated with the alias
+     * @param password the password to protect the key
+     * @param chain the certificate chain for the corresponding public
+     * key (only required if the given key is of type
+            * <code>java.security.PrivateKey</code>).
+     *
+     * @exception KeyStoreException if the given key cannot be protected, or
+     * this operation fails for some other reason
+     */
+    public void engineSetKeyEntry(String alias, Key key, char[] password,
+                                  Certificate[] chain)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            try {
+                KeyEntry entry = new KeyEntry();
+                entry.date = new Date();
+
+                if (key instanceof PrivateKey) {
+                    if ((key.getFormat().equals("PKCS#8")) ||
+                        (key.getFormat().equals("PKCS8"))) {
+                        entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
+                        entry.password = password.clone();
+                    } else {
+                        throw new KeyStoreException("Private key is not encoded as PKCS#8");
+                    }
+                } else {
+                    throw new KeyStoreException("Key is not a PrivateKey");
+                }
+
+                // clone the chain
+                if (chain != null) {
+                    if ((chain.length > 1) && !validateChain(chain)) {
+                        throw new KeyStoreException("Certificate chain does not validate");
+                    }
+
+                    entry.chain = chain.clone();
+                    entry.chainRefs = new long[entry.chain.length];
+                }
+
+                String lowerAlias = alias.toLowerCase();
+                if (entries.get(lowerAlias) != null) {
+                    deletedEntries.put(lowerAlias, entries.get(lowerAlias));
+                }
+
+                entries.put(lowerAlias, entry);
+                addedEntries.put(lowerAlias, entry);
+            } catch (Exception nsae) {
+                KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
+                ke.initCause(nsae);
+                throw ke;
+            }
+        }
+    }
+
+    /**
+        * Assigns the given key (that has already been protected) to the given
+     * alias.
+     *
+     * <p>If the protected key is of type
+     * <code>java.security.PrivateKey</code>, it must be accompanied by a
+     * certificate chain certifying the corresponding public key. If the
+     * underlying keystore implementation is of type <code>jks</code>,
+     * <code>key</code> must be encoded as an
+     * <code>EncryptedPrivateKeyInfo</code> as defined in the PKCS #8 standard.
+     *
+     * <p>If the given alias already exists, the keystore information
+     * associated with it is overridden by the given key (and possibly
+                                                          * certificate chain).
+     *
+     * @param alias the alias name
+     * @param key the key (in protected format) to be associated with the alias
+     * @param chain the certificate chain for the corresponding public
+     * key (only useful if the protected key is of type
+            * <code>java.security.PrivateKey</code>).
+     *
+     * @exception KeyStoreException if this operation fails.
+     */
+    public void engineSetKeyEntry(String alias, byte[] key,
+                                  Certificate[] chain)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            // key must be encoded as EncryptedPrivateKeyInfo as defined in
+            // PKCS#8
+            KeyEntry entry = new KeyEntry();
+            try {
+                EncryptedPrivateKeyInfo privateKey = new EncryptedPrivateKeyInfo(key);
+                entry.protectedPrivKey = privateKey.getEncoded();
+            } catch (IOException ioe) {
+                throw new KeyStoreException("key is not encoded as "
+                                            + "EncryptedPrivateKeyInfo");
+            }
+
+            entry.date = new Date();
+
+            if ((chain != null) &&
+                (chain.length != 0)) {
+                entry.chain = chain.clone();
+                entry.chainRefs = new long[entry.chain.length];
+            }
+
+            String lowerAlias = alias.toLowerCase();
+            if (entries.get(lowerAlias) != null) {
+                deletedEntries.put(lowerAlias, entries.get(alias));
+            }
+            entries.put(lowerAlias, entry);
+            addedEntries.put(lowerAlias, entry);
+        }
+    }
+
+    /**
+        * Assigns the given certificate to the given alias.
+     *
+     * <p>If the given alias already exists in this keystore and identifies a
+     * <i>trusted certificate entry</i>, the certificate associated with it is
+     * overridden by the given certificate.
+     *
+     * @param alias the alias name
+     * @param cert the certificate
+     *
+     * @exception KeyStoreException if the given alias already exists and does
+     * not identify a <i>trusted certificate entry</i>, or this operation
+     * fails for some other reason.
+     */
+    public void engineSetCertificateEntry(String alias, Certificate cert)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+
+            Object entry = entries.get(alias.toLowerCase());
+            if ((entry != null) && (entry instanceof KeyEntry)) {
+                throw new KeyStoreException
+                ("Cannot overwrite key entry with certificate");
+            }
+
+            // This will be slow, but necessary.  Enumerate the values and then see if the cert matches the one in the trusted cert entry.
+            // Security framework doesn't support the same certificate twice in a keychain.
+            Collection<Object> allValues = entries.values();
+
+            for (Object value : allValues) {
+                if (value instanceof TrustedCertEntry) {
+                    TrustedCertEntry tce = (TrustedCertEntry)value;
+                    if (tce.cert.equals(cert)) {
+                        throw new KeyStoreException("Keychain does not support mulitple copies of same certificate.");
+                    }
+                }
+            }
+
+            TrustedCertEntry trustedCertEntry = new TrustedCertEntry();
+            trustedCertEntry.cert = cert;
+            trustedCertEntry.date = new Date();
+            String lowerAlias = alias.toLowerCase();
+            if (entries.get(lowerAlias) != null) {
+                deletedEntries.put(lowerAlias, entries.get(lowerAlias));
+            }
+            entries.put(lowerAlias, trustedCertEntry);
+            addedEntries.put(lowerAlias, trustedCertEntry);
+        }
+    }
+
+    /**
+        * Deletes the entry identified by the given alias from this keystore.
+     *
+     * @param alias the alias name
+     *
+     * @exception KeyStoreException if the entry cannot be removed.
+     */
+    public void engineDeleteEntry(String alias)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            Object entry = entries.remove(alias.toLowerCase());
+            deletedEntries.put(alias.toLowerCase(), entry);
+        }
+    }
+
+    /**
+        * Lists all the alias names of this keystore.
+     *
+     * @return enumeration of the alias names
+     */
+    public Enumeration<String> engineAliases() {
+        permissionCheck();
+        return entries.keys();
+    }
+
+    /**
+        * Checks if the given alias exists in this keystore.
+     *
+     * @param alias the alias name
+     *
+     * @return true if the alias exists, false otherwise
+     */
+    public boolean engineContainsAlias(String alias) {
+        permissionCheck();
+        return entries.containsKey(alias.toLowerCase());
+    }
+
+    /**
+        * Retrieves the number of entries in this keystore.
+     *
+     * @return the number of entries in this keystore
+     */
+    public int engineSize() {
+        permissionCheck();
+        return entries.size();
+    }
+
+    /**
+        * Returns true if the entry identified by the given alias is a
+     * <i>key entry</i>, and false otherwise.
+     *
+     * @return true if the entry identified by the given alias is a
+     * <i>key entry</i>, false otherwise.
+     */
+    public boolean engineIsKeyEntry(String alias) {
+        permissionCheck();
+        Object entry = entries.get(alias.toLowerCase());
+        if ((entry != null) && (entry instanceof KeyEntry)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+        * Returns true if the entry identified by the given alias is a
+     * <i>trusted certificate entry</i>, and false otherwise.
+     *
+     * @return true if the entry identified by the given alias is a
+     * <i>trusted certificate entry</i>, false otherwise.
+     */
+    public boolean engineIsCertificateEntry(String alias) {
+        permissionCheck();
+        Object entry = entries.get(alias.toLowerCase());
+        if ((entry != null) && (entry instanceof TrustedCertEntry)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+        * Returns the (alias) name of the first keystore entry whose certificate
+     * matches the given certificate.
+     *
+     * <p>This method attempts to match the given certificate with each
+     * keystore entry. If the entry being considered
+     * is a <i>trusted certificate entry</i>, the given certificate is
+     * compared to that entry's certificate. If the entry being considered is
+     * a <i>key entry</i>, the given certificate is compared to the first
+     * element of that entry's certificate chain (if a chain exists).
+     *
+     * @param cert the certificate to match with.
+     *
+     * @return the (alias) name of the first entry with matching certificate,
+     * or null if no such entry exists in this keystore.
+     */
+    public String engineGetCertificateAlias(Certificate cert) {
+        permissionCheck();
+        Certificate certElem;
+
+        for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = entries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                certElem = ((TrustedCertEntry)entry).cert;
+            } else {
+                KeyEntry ke = (KeyEntry)entry;
+                if (ke.chain == null || ke.chain.length == 0) {
+                    continue;
+                }
+                certElem = ke.chain[0];
+            }
+            if (certElem.equals(cert)) {
+                return alias;
+            }
+        }
+        return null;
+    }
+
+    /**
+        * Stores this keystore to the given output stream, and protects its
+     * integrity with the given password.
+     *
+     * @param stream Ignored. the output stream to which this keystore is written.
+     * @param password the password to generate the keystore integrity check
+     *
+     * @exception IOException if there was an I/O problem with data
+     * @exception NoSuchAlgorithmException if the appropriate data integrity
+     * algorithm could not be found
+     * @exception CertificateException if any of the certificates included in
+     * the keystore data could not be stored
+     */
+    public void engineStore(OutputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        permissionCheck();
+
+        // Delete items that do have a keychain item ref.
+        for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = deletedEntries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                if (((TrustedCertEntry)entry).certRef != 0) {
+                    _removeItemFromKeychain(((TrustedCertEntry)entry).certRef);
+                    _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
+                }
+            } else {
+                Certificate certElem;
+                KeyEntry keyEntry = (KeyEntry)entry;
+
+                if (keyEntry.chain != null) {
+                    for (int i = 0; i < keyEntry.chain.length; i++) {
+                        if (keyEntry.chainRefs[i] != 0) {
+                            _removeItemFromKeychain(keyEntry.chainRefs[i]);
+                            _releaseKeychainItemRef(keyEntry.chainRefs[i]);
+                        }
+                    }
+
+                    if (keyEntry.keyRef != 0) {
+                        _removeItemFromKeychain(keyEntry.keyRef);
+                        _releaseKeychainItemRef(keyEntry.keyRef);
+                    }
+                }
+            }
+        }
+
+        // Add all of the certs or keys in the added entries.
+        // No need to check for 0 refs, as they are in the added list.
+        for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = addedEntries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                TrustedCertEntry tce = (TrustedCertEntry)entry;
+                Certificate certElem;
+                certElem = tce.cert;
+                tce.certRef = addCertificateToKeychain(alias, certElem);
+            } else {
+                KeyEntry keyEntry = (KeyEntry)entry;
+
+                if (keyEntry.chain != null) {
+                    for (int i = 0; i < keyEntry.chain.length; i++) {
+                        keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]);
+                    }
+
+                    keyEntry.keyRef = _addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password);
+                }
+            }
+        }
+
+        // Clear the added and deletedEntries hashtables here, now that we're done with the updates.
+        // For the deleted entries, we freed up the native references above.
+        deletedEntries.clear();
+        addedEntries.clear();
+    }
+
+    private long addCertificateToKeychain(String alias, Certificate cert) {
+        byte[] certblob = null;
+        long returnValue = 0;
+
+        try {
+            certblob = cert.getEncoded();
+            returnValue = _addItemToKeychain(alias, true, certblob, null);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        return returnValue;
+    }
+
+    private native long _addItemToKeychain(String alias, boolean isCertificate, byte[] datablob, char[] password);
+    private native int _removeItemFromKeychain(long certRef);
+    private native void _releaseKeychainItemRef(long keychainItemRef);
+
+    /**
+      * Loads the keystore from the Keychain.
+     *
+     * @param stream Ignored - here for API compatibility.
+     * @param password Ignored - if user needs to unlock keychain Security
+     * framework will post any dialogs.
+     *
+     * @exception IOException if there is an I/O or format problem with the
+     * keystore data
+     * @exception NoSuchAlgorithmException if the algorithm used to check
+     * the integrity of the keystore cannot be found
+     * @exception CertificateException if any of the certificates in the
+     * keystore could not be loaded
+     */
+    public void engineLoad(InputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        permissionCheck();
+
+        // Release any stray keychain references before clearing out the entries.
+        synchronized(entries) {
+            for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
+                String alias = e.nextElement();
+                Object entry = entries.get(alias);
+                if (entry instanceof TrustedCertEntry) {
+                    if (((TrustedCertEntry)entry).certRef != 0) {
+                        _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
+                    }
+                } else {
+                    KeyEntry keyEntry = (KeyEntry)entry;
+
+                    if (keyEntry.chain != null) {
+                        for (int i = 0; i < keyEntry.chain.length; i++) {
+                            if (keyEntry.chainRefs[i] != 0) {
+                                _releaseKeychainItemRef(keyEntry.chainRefs[i]);
+                            }
+                        }
+
+                        if (keyEntry.keyRef != 0) {
+                            _releaseKeychainItemRef(keyEntry.keyRef);
+                        }
+                    }
+                }
+            }
+
+            entries.clear();
+            _scanKeychain();
+        }
+    }
+
+    private native void _scanKeychain();
+
+    /**
+     * Callback method from _scanKeychain.  If a trusted certificate is found, this method will be called.
+     */
+    private void createTrustedCertEntry(String alias, long keychainItemRef, long creationDate, byte[] derStream) {
+        TrustedCertEntry tce = new TrustedCertEntry();
+
+        try {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            InputStream input = new ByteArrayInputStream(derStream);
+            X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
+            input.close();
+            tce.cert = cert;
+            tce.certRef = keychainItemRef;
+
+            // Make a creation date.
+            if (creationDate != 0)
+                tce.date = new Date(creationDate);
+            else
+                tce.date = new Date();
+
+            int uniqueVal = 1;
+            String originalAlias = alias;
+
+            while (entries.containsKey(alias.toLowerCase())) {
+                alias = originalAlias + " " + uniqueVal;
+                uniqueVal++;
+            }
+
+            entries.put(alias.toLowerCase(), tce);
+        } catch (Exception e) {
+            // The certificate will be skipped.
+            System.err.println("KeychainStore Ignored Exception: " + e);
+        }
+    }
+
+    /**
+     * Callback method from _scanKeychain.  If an identity is found, this method will be called to create Java certificate
+     * and private key objects from the keychain data.
+     */
+    private void createKeyEntry(String alias, long creationDate, long secKeyRef, long[] secCertificateRefs, byte[][] rawCertData)
+        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
+        KeyEntry ke = new KeyEntry();
+
+        // First, store off the private key information.  This is the easy part.
+        ke.protectedPrivKey = null;
+        ke.keyRef = secKeyRef;
+
+        // Make a creation date.
+        if (creationDate != 0)
+            ke.date = new Date(creationDate);
+        else
+            ke.date = new Date();
+
+        // Next, create X.509 Certificate objects from the raw data.  This is complicated
+        // because a certificate's public key may be too long for Java's default encryption strength.
+        List<CertKeychainItemPair> createdCerts = new ArrayList<>();
+
+        try {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+            for (int i = 0; i < rawCertData.length; i++) {
+                try {
+                    InputStream input = new ByteArrayInputStream(rawCertData[i]);
+                    X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
+                    input.close();
+
+                    // We successfully created the certificate, so track it and its corresponding SecCertificateRef.
+                    createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
+                } catch (CertificateException e) {
+                    // The certificate will be skipped.
+                    System.err.println("KeychainStore Ignored Exception: " + e);
+                }
+            }
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (IOException ioe) {
+            ioe.printStackTrace();  // How would this happen?
+        }
+
+        // We have our certificates in the List, so now extract them into an array of
+        // Certificates and SecCertificateRefs.
+        CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
+        Certificate[] certArray = new Certificate[objArray.length];
+        long[] certRefArray = new long[objArray.length];
+
+        for (int i = 0; i < objArray.length; i++) {
+            CertKeychainItemPair addedItem = objArray[i];
+            certArray[i] = addedItem.mCert;
+            certRefArray[i] = addedItem.mCertificateRef;
+        }
+
+        ke.chain = certArray;
+        ke.chainRefs = certRefArray;
+
+        // If we don't have already have an item with this item's alias
+        // create a new one for it.
+        int uniqueVal = 1;
+        String originalAlias = alias;
+
+        while (entries.containsKey(alias.toLowerCase())) {
+            alias = originalAlias + " " + uniqueVal;
+            uniqueVal++;
+        }
+
+        entries.put(alias.toLowerCase(), ke);
+    }
+
+    private class CertKeychainItemPair {
+        long mCertificateRef;
+        Certificate mCert;
+
+        CertKeychainItemPair(long inCertRef, Certificate cert) {
+            mCertificateRef = inCertRef;
+            mCert = cert;
+        }
+    }
+
+    /*
+     * Validate Certificate Chain
+     */
+    private boolean validateChain(Certificate[] certChain)
+    {
+        for (int i = 0; i < certChain.length-1; i++) {
+            X500Principal issuerDN =
+            ((X509Certificate)certChain[i]).getIssuerX500Principal();
+            X500Principal subjectDN =
+                ((X509Certificate)certChain[i+1]).getSubjectX500Principal();
+            if (!(issuerDN.equals(subjectDN)))
+                return false;
+        }
+        return true;
+    }
+
+    @SuppressWarnings("deprecation")
+    private byte[] fetchPrivateKeyFromBag(byte[] privateKeyInfo) throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        byte[] returnValue = null;
+        DerValue val = new DerValue(new ByteArrayInputStream(privateKeyInfo));
+        DerInputStream s = val.toDerInputStream();
+        int version = s.getInteger();
+
+        if (version != 3) {
+            throw new IOException("PKCS12 keystore not in version 3 format");
+        }
+
+        /*
+            * Read the authSafe.
+         */
+        byte[] authSafeData;
+        ContentInfo authSafe = new ContentInfo(s);
+        ObjectIdentifier contentType = authSafe.getContentType();
+
+        if (contentType.equals(ContentInfo.DATA_OID)) {
+            authSafeData = authSafe.getData();
+        } else /* signed data */ {
+            throw new IOException("public key protected PKCS12 not supported");
+        }
+
+        DerInputStream as = new DerInputStream(authSafeData);
+        DerValue[] safeContentsArray = as.getSequence(2);
+        int count = safeContentsArray.length;
+
+        /*
+         * Spin over the ContentInfos.
+         */
+        for (int i = 0; i < count; i++) {
+            byte[] safeContentsData;
+            ContentInfo safeContents;
+            DerInputStream sci;
+            byte[] eAlgId = null;
+
+            sci = new DerInputStream(safeContentsArray[i].toByteArray());
+            safeContents = new ContentInfo(sci);
+            contentType = safeContents.getContentType();
+            safeContentsData = null;
+
+            if (contentType.equals(ContentInfo.DATA_OID)) {
+                safeContentsData = safeContents.getData();
+            } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
+                // The password was used to export the private key from the keychain.
+                // The Keychain won't export the key with encrypted data, so we don't need
+                // to worry about it.
+                continue;
+            } else {
+                throw new IOException("public key protected PKCS12" +
+                                      " not supported");
+            }
+            DerInputStream sc = new DerInputStream(safeContentsData);
+            returnValue = extractKeyData(sc);
+        }
+
+        return returnValue;
+    }
+
+    @SuppressWarnings("deprecation")
+    private byte[] extractKeyData(DerInputStream stream)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        byte[] returnValue = null;
+        DerValue[] safeBags = stream.getSequence(2);
+        int count = safeBags.length;
+
+        /*
+         * Spin over the SafeBags.
+         */
+        for (int i = 0; i < count; i++) {
+            ObjectIdentifier bagId;
+            DerInputStream sbi;
+            DerValue bagValue;
+            Object bagItem = null;
+
+            sbi = safeBags[i].toDerInputStream();
+            bagId = sbi.getOID();
+            bagValue = sbi.getDerValue();
+            if (!bagValue.isContextSpecific((byte)0)) {
+                throw new IOException("unsupported PKCS12 bag value type "
+                                      + bagValue.tag);
+            }
+            bagValue = bagValue.data.getDerValue();
+            if (bagId.equals(PKCS8ShroudedKeyBag_OID)) {
+                // got what we were looking for.  Return it.
+                returnValue = bagValue.toByteArray();
+            } else {
+                // log error message for "unsupported PKCS12 bag type"
+                System.out.println("Unsupported bag type '" + bagId + "'");
+            }
+        }
+
+        return returnValue;
+    }
+
+    /*
+        * Generate PBE Algorithm Parameters
+     */
+    private AlgorithmParameters getAlgorithmParameters(String algorithm)
+        throws IOException
+    {
+        AlgorithmParameters algParams = null;
+
+        // create PBE parameters from salt and iteration count
+        PBEParameterSpec paramSpec =
+            new PBEParameterSpec(getSalt(), iterationCount);
+        try {
+            algParams = AlgorithmParameters.getInstance(algorithm);
+            algParams.init(paramSpec);
+        } catch (Exception e) {
+            IOException ioe =
+            new IOException("getAlgorithmParameters failed: " +
+                            e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return algParams;
+    }
+
+    // the source of randomness
+    private SecureRandom random;
+
+    /*
+     * Generate random salt
+     */
+    private byte[] getSalt()
+    {
+        // Generate a random salt.
+        byte[] salt = new byte[SALT_LEN];
+        if (random == null) {
+            random = new SecureRandom();
+        }
+        salt = random.generateSeed(SALT_LEN);
+        return salt;
+    }
+
+    /*
+     * parse Algorithm Parameters
+     */
+    private AlgorithmParameters parseAlgParameters(DerInputStream in)
+        throws IOException
+    {
+        AlgorithmParameters algParams = null;
+        try {
+            DerValue params;
+            if (in.available() == 0) {
+                params = null;
+            } else {
+                params = in.getDerValue();
+                if (params.tag == DerValue.tag_Null) {
+                    params = null;
+                }
+            }
+            if (params != null) {
+                algParams = AlgorithmParameters.getInstance("PBE");
+                algParams.init(params.toByteArray());
+            }
+        } catch (Exception e) {
+            IOException ioe =
+            new IOException("parseAlgParameters failed: " +
+                            e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return algParams;
+    }
+
+    /*
+     * Generate PBE key
+     */
+    private SecretKey getPBEKey(char[] password) throws IOException
+    {
+        SecretKey skey = null;
+
+        try {
+            PBEKeySpec keySpec = new PBEKeySpec(password);
+            SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
+            skey = skFac.generateSecret(keySpec);
+        } catch (Exception e) {
+            IOException ioe = new IOException("getSecretKey failed: " +
+                                              e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return skey;
+    }
+
+    /*
+     * Encrypt private key using Password-based encryption (PBE)
+     * as defined in PKCS#5.
+     *
+     * NOTE: Currently pbeWithSHAAnd3-KeyTripleDES-CBC algorithmID is
+     *       used to derive the key and IV.
+     *
+     * @return encrypted private key encoded as EncryptedPrivateKeyInfo
+     */
+    private byte[] encryptPrivateKey(byte[] data, char[] password)
+        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException
+    {
+        byte[] key = null;
+
+        try {
+            // create AlgorithmParameters
+            AlgorithmParameters algParams =
+            getAlgorithmParameters("PBEWithSHA1AndDESede");
+
+            // Use JCE
+            SecretKey skey = getPBEKey(password);
+            Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
+            cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
+            byte[] encryptedKey = cipher.doFinal(data);
+
+            // wrap encrypted private key in EncryptedPrivateKeyInfo
+            // as defined in PKCS#8
+            AlgorithmId algid =
+                new AlgorithmId(pbeWithSHAAnd3KeyTripleDESCBC_OID, algParams);
+            EncryptedPrivateKeyInfo encrInfo =
+                new EncryptedPrivateKeyInfo(algid, encryptedKey);
+            key = encrInfo.getEncoded();
+        } catch (Exception e) {
+            UnrecoverableKeyException uke =
+            new UnrecoverableKeyException("Encrypt Private Key failed: "
+                                          + e.getMessage());
+            uke.initCause(e);
+            throw uke;
+        }
+
+        return key;
+    }
+
+
+}
+
--- a/src/java.base/macosx/native/libjava/ProcessHandleImpl_macosx.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/macosx/native/libjava/ProcessHandleImpl_macosx.c	Thu Aug 20 12:29:24 2015 -0700
@@ -28,6 +28,8 @@
 #include "java_lang_ProcessHandleImpl.h"
 #include "java_lang_ProcessHandleImpl_Info.h"
 
+#include "ProcessHandleImpl_unix.h"
+
 #include <stdio.h>
 #include <errno.h>
 #include <signal.h>
@@ -38,144 +40,15 @@
 #include <sys/sysctl.h>
 
 /**
- * Implementations of ProcessHandleImpl functions for MAC OS X;
- * are NOT common to all Unix variants.
+ * Implementation of native ProcessHandleImpl functions for MAC OS X.
+ * See ProcessHandleImpl_unix.c for more details.
  */
 
-static void getStatInfo(JNIEnv *env, jobject jinfo, pid_t pid);
-static void getCmdlineInfo(JNIEnv *env, jobject jinfo, pid_t pid);
-
-/*
- * Common Unix function to lookup the uid and return the user name.
- */
-extern jstring uidToUser(JNIEnv* env, uid_t uid);
-
-/* Field id for jString 'command' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_commandID;
-
-/* Field id for jString[] 'arguments' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_argumentsID;
-
-/* Field id for jlong 'totalTime' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_totalTimeID;
-
-/* Field id for jlong 'startTime' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_startTimeID;
-
-/* Field id for jString 'user' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_userID;
-
-/* static value for clock ticks per second. */
-static long clock_ticks_per_second;
-
-/**************************************************************
- * Static method to initialize field IDs and the ticks per second rate.
- *
- * Class:     java_lang_ProcessHandleImpl_Info
- * Method:    initIDs
- * Signature: ()V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_initIDs(JNIEnv *env, jclass clazz) {
-    CHECK_NULL(ProcessHandleImpl_Info_commandID =
-            (*env)->GetFieldID(env, clazz, "command", "Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_argumentsID =
-            (*env)->GetFieldID(env, clazz, "arguments", "[Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_totalTimeID =
-            (*env)->GetFieldID(env, clazz, "totalTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_startTimeID =
-            (*env)->GetFieldID(env, clazz, "startTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_userID =
-            (*env)->GetFieldID(env, clazz, "user", "Ljava/lang/String;"));
-}
-/**************************************************************
- * Static method to initialize the ticks per second rate.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    initNative
- * Signature: ()V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_initNative(JNIEnv *env, jclass clazz) {
-      clock_ticks_per_second = sysconf(_SC_CLK_TCK);
-}
-
-/*
- * Check if a process is alive.
- * Return the start time (ms since 1970) if it is available.
- * If the start time is not available return 0.
- * If the pid is invalid, return -1.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    isAlive0
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_java_lang_ProcessHandleImpl_isAlive0(JNIEnv *env, jobject obj, jlong jpid) {
-    pid_t pid = (pid_t) jpid;
-    struct kinfo_proc kp;
-    size_t bufSize = sizeof kp;
-
-    // Read the process info for the specific pid
-    int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
-
-    if (sysctl(mib, 4, &kp, &bufSize, NULL, 0) < 0) {
-        return  (errno == EINVAL) ? -1 : 0;
-    } else {
-        return (bufSize == 0) ?  -1 :
-                                 (jlong) (kp.kp_proc.p_starttime.tv_sec * 1000
-                                        + kp.kp_proc.p_starttime.tv_usec / 1000);
-    }
-}
-
-/*
- * Returns the parent pid of the requested pid.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    parent0
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_java_lang_ProcessHandleImpl_parent0(JNIEnv *env,
-                                         jobject obj,
-                                         jlong jpid,
-                                         jlong startTime) {
-    pid_t pid = (pid_t) jpid;
-    pid_t ppid = -1;
-
-    if (pid == getpid()) {
-        ppid = getppid();
-    } else {
-        const pid_t pid = (pid_t) jpid;
-        struct kinfo_proc kp;
-        size_t bufSize = sizeof kp;
-
-        // Read the process info for the specific pid
-        int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
-        if (sysctl(mib, 4, &kp, &bufSize, NULL, 0) < 0) {
-            JNU_ThrowByNameWithLastError(env,
-                "java/lang/RuntimeException", "sysctl failed");
-            return -1;
-        }
-        // If the buffer is full and for the pid requested then check the start
-        if (bufSize > 0 && kp.kp_proc.p_pid == pid) {
-            jlong start = (jlong) (kp.kp_proc.p_starttime.tv_sec * 1000
-                                   + kp.kp_proc.p_starttime.tv_usec / 1000);
-            if (start == startTime || start == 0 || startTime == 0) {
-                ppid = kp.kp_eproc.e_ppid;
-            }
-        }
-    }
-    return (jlong) ppid;
-}
+void os_initNative(JNIEnv *env, jclass clazz) {}
 
 /*
  * Returns the children of the requested pid and optionally each parent.
  *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    getProcessPids0
- * Signature: (J[J[J)I
- *
  * Use sysctl to accumulate any process whose parent pid is zero or matches.
  * The resulting pids are stored into the array of longs.
  * The number of pids is returned if they all fit.
@@ -183,13 +56,8 @@
  * If the array is too short, excess pids are not stored and
  * the desired length is returned.
  */
-JNIEXPORT jint JNICALL
-Java_java_lang_ProcessHandleImpl_getProcessPids0(JNIEnv *env,
-                                                 jclass clazz,
-                                                 jlong jpid,
-                                                 jlongArray jarray,
-                                                 jlongArray jparentArray,
-                                                 jlongArray jstimesArray) {
+jint os_getChildren(JNIEnv *env, jlong jpid, jlongArray jarray,
+                    jlongArray jparentArray, jlongArray jstimesArray) {
     jlong* pids = NULL;
     jlong* ppids = NULL;
     jlong* stimes = NULL;
@@ -303,35 +171,17 @@
     return count;
 }
 
-/**************************************************************
- * Implementation of ProcessHandleImpl_Info native methods.
+/**
+ * Use sysctl and return the ppid, total cputime and start time.
+ * Return: -1 is fail;  >=  0 is parent pid
+ * 'total' will contain the running time of 'pid' in nanoseconds.
+ * 'start' will contain the start time of 'pid' in milliseconds since epoch.
  */
-
-/*
- * Fill in the Info object from the OS information about the process.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    info0
- * Signature: (J)I
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_info0(JNIEnv *env,
-                                                 jobject jinfo,
-                                                 jlong jpid) {
-    pid_t pid = (pid_t) jpid;
-    getStatInfo(env, jinfo, pid);
-    getCmdlineInfo(env, jinfo, pid);
-}
-
-/**
- * Read /proc/<pid>/stat and fill in the fields of the Info object.
- * The executable name, plus the user, system, and start times are gathered.
- */
-static void getStatInfo(JNIEnv *env, jobject jinfo, pid_t jpid) {
-    jlong totalTime;                    // nanoseconds
-    unsigned long long startTime;       // milliseconds
+pid_t os_getParentPidAndTimings(JNIEnv *env, pid_t jpid,
+                                jlong *totalTime, jlong *startTime) {
 
     const pid_t pid = (pid_t) jpid;
+    pid_t ppid = -1;
     struct kinfo_proc kp;
     size_t bufSize = sizeof kp;
 
@@ -339,92 +189,70 @@
     int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
 
     if (sysctl(mib, 4, &kp, &bufSize, NULL, 0) < 0) {
-        if (errno == EINVAL) {
-            return;
-        } else {
-            JNU_ThrowByNameWithLastError(env,
-                "java/lang/RuntimeException", "sysctl failed");
-        }
-        return;
+        JNU_ThrowByNameWithLastError(env,
+            "java/lang/RuntimeException", "sysctl failed");
+        return -1;
     }
-
-    // Convert the UID to the username
-    jstring name = NULL;
-    CHECK_NULL((name = uidToUser(env, kp.kp_eproc.e_ucred.cr_uid)));
-    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_userID, name);
-    JNU_CHECK_EXCEPTION(env);
-
-    startTime = kp.kp_proc.p_starttime.tv_sec * 1000 +
-                kp.kp_proc.p_starttime.tv_usec / 1000;
-
-    (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_startTimeID, startTime);
-    JNU_CHECK_EXCEPTION(env);
+    if (bufSize > 0 && kp.kp_proc.p_pid == pid) {
+        *startTime = (jlong) (kp.kp_proc.p_starttime.tv_sec * 1000 +
+                              kp.kp_proc.p_starttime.tv_usec / 1000);
+        ppid = kp.kp_eproc.e_ppid;
+    }
 
     // Get cputime if for current process
     if (pid == getpid()) {
         struct rusage usage;
-        if (getrusage(RUSAGE_SELF, &usage) != 0) {
-            return;
+        if (getrusage(RUSAGE_SELF, &usage) == 0) {
+          jlong microsecs =
+              usage.ru_utime.tv_sec * 1000 * 1000 + usage.ru_utime.tv_usec +
+              usage.ru_stime.tv_sec * 1000 * 1000 + usage.ru_stime.tv_usec;
+          *totalTime = microsecs * 1000;
         }
-        jlong microsecs =
-            usage.ru_utime.tv_sec * 1000 * 1000 + usage.ru_utime.tv_usec +
-            usage.ru_stime.tv_sec * 1000 * 1000 + usage.ru_stime.tv_usec;
-        totalTime = microsecs * 1000;
-        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_totalTimeID, totalTime);
-        JNU_CHECK_EXCEPTION(env);
     }
+
+    return ppid;
+
 }
 
 /**
- * Construct the argument array by parsing the arguments from the sequence of arguments.
+ * Return the uid of a process or -1 on error
  */
-static int fillArgArray(JNIEnv *env, jobject jinfo, int nargs,
-                        const char *cp, const char *argsEnd) {
-    jstring str = NULL;
-    jobject argsArray;
-    int i;
+static uid_t getUID(pid_t pid) {
+    struct kinfo_proc kp;
+    size_t bufSize = sizeof kp;
 
-    if (nargs < 1) {
-        return 0;
+    // Read the process info for the specific pid
+    int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
+
+    if (sysctl(mib, 4, &kp, &bufSize, NULL, 0) == 0) {
+        if (bufSize > 0 && kp.kp_proc.p_pid == pid) {
+            return kp.kp_eproc.e_ucred.cr_uid;
+        }
     }
-    // Create a String array for nargs-1 elements
-    CHECK_NULL_RETURN((argsArray = (*env)->NewObjectArray(env,
-            nargs - 1, JNU_ClassString(env), NULL)), -1);
-
-    for (i = 0; i < nargs - 1; i++) {
-        // skip to the next argument; omits arg[0]
-        cp += strnlen(cp, (argsEnd - cp)) + 1;
-
-        if (cp > argsEnd || *cp == '\0') {
-            return -2;  // Off the end pointer or an empty argument is an error
-        }
-
-        CHECK_NULL_RETURN((str = JNU_NewStringPlatform(env, cp)), -1);
-
-        (*env)->SetObjectArrayElement(env, argsArray, i, str);
-        JNU_CHECK_EXCEPTION_RETURN(env, -3);
-    }
-    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_argumentsID, argsArray);
-    JNU_CHECK_EXCEPTION_RETURN(env, -4);
-    return 0;
+    return (uid_t)-1;
 }
 
 /**
  * Retrieve the command and arguments for the process and store them
  * into the Info object.
  */
-static void getCmdlineInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
+void os_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
     int mib[3], maxargs, nargs, i;
     size_t size;
     char *args, *cp, *sp, *np;
 
+    // Get the UID first. This is done here because it is cheap to do it here
+    // on other platforms like Linux/Solaris/AIX where the uid comes from the
+    // same source like the command line info.
+    unix_getUserInfo(env, jinfo, getUID(pid));
+
     // Get the maximum size of the arguments
     mib[0] = CTL_KERN;
     mib[1] = KERN_ARGMAX;
     size = sizeof(maxargs);
     if (sysctl(mib, 2, &maxargs, &size, NULL, 0) == -1) {
             JNU_ThrowByNameWithLastError(env,
-                    "java/lang/RuntimeException", "sysctl failed");
+                "java/lang/RuntimeException", "sysctl failed");
         return;
     }
 
@@ -437,7 +265,7 @@
 
     do {            // a block to break out of on error
         char *argsEnd;
-        jstring str = NULL;
+        jstring cmdexe = NULL;
 
         mib[0] = CTL_KERN;
         mib[1] = KERN_PROCARGS2;
@@ -445,7 +273,7 @@
         size = (size_t) maxargs;
         if (sysctl(mib, 3, args, &size, NULL, 0) == -1) {
             if (errno != EINVAL) {
-            JNU_ThrowByNameWithLastError(env,
+                JNU_ThrowByNameWithLastError(env,
                     "java/lang/RuntimeException", "sysctl failed");
             }
             break;
@@ -456,11 +284,7 @@
         argsEnd = &args[size];
 
         // Store the command executable path
-        if ((str = JNU_NewStringPlatform(env, cp)) == NULL) {
-            break;
-        }
-        (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_commandID, str);
-        if ((*env)->ExceptionCheck(env)) {
+        if ((cmdexe = JNU_NewStringPlatform(env, cp)) == NULL) {
             break;
         }
 
@@ -471,7 +295,7 @@
             }
         }
 
-        fillArgArray(env, jinfo, nargs, cp, argsEnd);
+        unix_fillArgArray(env, jinfo, nargs, cp, argsEnd, cmdexe, NULL);
     } while (0);
     // Free the arg buffer
     free(args);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,589 @@
+/*
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#import "apple_security_KeychainStore.h"
+
+#import <Security/Security.h>
+#import <Security/SecImportExport.h>
+#import <CoreServices/CoreServices.h>  // (for require() macros)
+#import <JavaNativeFoundation/JavaNativeFoundation.h>
+
+
+static JNF_CLASS_CACHE(jc_KeychainStore, "apple/security/KeychainStore");
+static JNF_MEMBER_CACHE(jm_createTrustedCertEntry, jc_KeychainStore, "createTrustedCertEntry", "(Ljava/lang/String;JJ[B)V");
+static JNF_MEMBER_CACHE(jm_createKeyEntry, jc_KeychainStore, "createKeyEntry", "(Ljava/lang/String;JJ[J[[B)V");
+
+static jstring getLabelFromItem(JNIEnv *env, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    jstring returnValue = NULL;
+    char *attribCString = NULL;
+
+    SecKeychainAttribute itemAttrs[] = { { kSecLabelItemAttr, 0, NULL } };
+    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
+
+    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
+
+    if(status) {
+        cssmPerror("getLabelFromItem: SecKeychainItemCopyContent", status);
+        goto errOut;
+    }
+
+    attribCString = malloc(itemAttrs[0].length + 1);
+    strncpy(attribCString, itemAttrs[0].data, itemAttrs[0].length);
+    attribCString[itemAttrs[0].length] = '\0';
+    returnValue = (*env)->NewStringUTF(env, attribCString);
+
+errOut:
+    SecKeychainItemFreeContent(&attrList, NULL);
+    if (attribCString) free(attribCString);
+    return returnValue;
+}
+
+static jlong getModDateFromItem(JNIEnv *env, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    SecKeychainAttribute itemAttrs[] = { { kSecModDateItemAttr, 0, NULL } };
+    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
+    jlong returnValue = 0;
+
+    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
+
+    if(status) {
+        // This is almost always missing, so don't dump an error.
+        // cssmPerror("getModDateFromItem: SecKeychainItemCopyContent", status);
+        goto errOut;
+    }
+
+    memcpy(&returnValue, itemAttrs[0].data, itemAttrs[0].length);
+
+errOut:
+    SecKeychainItemFreeContent(&attrList, NULL);
+    return returnValue;
+}
+
+static void setLabelForItem(NSString *inLabel, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    const char *labelCString = [inLabel UTF8String];
+
+    // Set up attribute vector (each attribute consists of {tag, length, pointer}):
+    SecKeychainAttribute attrs[] = {
+        { kSecLabelItemAttr, strlen(labelCString), (void *)labelCString }
+    };
+
+    const SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs };
+
+    // Not changing data here, just attributes.
+    status = SecKeychainItemModifyContent(inItem, &attributes, 0, NULL);
+
+    if(status) {
+        cssmPerror("setLabelForItem: SecKeychainItemModifyContent", status);
+    }
+}
+
+/*
+ * Given a SecIdentityRef, do our best to construct a complete, ordered, and
+ * verified cert chain, returning the result in a CFArrayRef. The result is
+ * can be passed back to Java as a chain for a private key.
+ */
+static OSStatus completeCertChain(
+                                     SecIdentityRef         identity,
+                                     SecCertificateRef    trustedAnchor,    // optional additional trusted anchor
+                                     bool                 includeRoot,     // include the root in outArray
+                                     CFArrayRef            *outArray)        // created and RETURNED
+{
+    SecTrustRef                    secTrust = NULL;
+    SecPolicyRef                policy = NULL;
+    SecPolicySearchRef            policySearch = NULL;
+    SecTrustResultType            secTrustResult;
+    CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv;            // not used
+    CFArrayRef                    certChain = NULL;   // constructed chain, CERTS ONLY
+    CFMutableArrayRef             subjCerts;            // passed to SecTrust
+    CFMutableArrayRef             certArray;            // returned array starting with
+                                                    //   identity
+    CFIndex                     numResCerts;
+    CFIndex                     dex;
+    OSStatus                     ortn;
+      SecCertificateRef             certRef;
+
+    /* First element in out array is the SecIdentity */
+    certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+    CFArrayAppendValue(certArray, identity);
+
+    /* the single element in certs-to-be-evaluated comes from the identity */
+       ortn = SecIdentityCopyCertificate(identity, &certRef);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecIdentityCopyCertificate", ortn);
+        return ortn;
+    }
+
+    /*
+     * Now use SecTrust to get a complete cert chain, using all of the
+     * user's keychains to look for intermediate certs.
+     * NOTE this does NOT handle root certs which are not in the system
+     * root cert DB.
+     */
+    subjCerts = CFArrayCreateMutable(NULL, 1, &kCFTypeArrayCallBacks);
+    CFArraySetValueAtIndex(subjCerts, 0, certRef);
+
+    /* the array owns the subject cert ref now */
+    CFRelease(certRef);
+
+    /* Get a SecPolicyRef for generic X509 cert chain verification */
+    ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3,
+                                 &CSSMOID_APPLE_X509_BASIC,
+                                 NULL,                // value
+                                 &policySearch);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecPolicySearchCreate", ortn);
+        goto errOut;
+    }
+    ortn = SecPolicySearchCopyNext(policySearch, &policy);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecPolicySearchCopyNext", ortn);
+        goto errOut;
+    }
+
+    /* build a SecTrustRef for specified policy and certs */
+    ortn = SecTrustCreateWithCertificates(subjCerts,
+                                          policy, &secTrust);
+    if(ortn) {
+        cssmPerror("SecTrustCreateWithCertificates", ortn);
+        goto errOut;
+    }
+
+    if(trustedAnchor) {
+        /*
+        * Tell SecTrust to trust this one in addition to the current
+         * trusted system-wide anchors.
+         */
+        CFMutableArrayRef newAnchors;
+        CFArrayRef currAnchors;
+
+        ortn = SecTrustCopyAnchorCertificates(&currAnchors);
+        if(ortn) {
+            /* should never happen */
+            cssmPerror("SecTrustCopyAnchorCertificates", ortn);
+            goto errOut;
+        }
+        newAnchors = CFArrayCreateMutableCopy(NULL,
+                                              CFArrayGetCount(currAnchors) + 1,
+                                              currAnchors);
+        CFRelease(currAnchors);
+        CFArrayAppendValue(newAnchors, trustedAnchor);
+        ortn = SecTrustSetAnchorCertificates(secTrust, newAnchors);
+        CFRelease(newAnchors);
+        if(ortn) {
+            cssmPerror("SecTrustSetAnchorCertificates", ortn);
+            goto errOut;
+        }
+    }
+
+    /* evaluate: GO */
+    ortn = SecTrustEvaluate(secTrust, &secTrustResult);
+    if(ortn) {
+        cssmPerror("SecTrustEvaluate", ortn);
+        goto errOut;
+    }
+    switch(secTrustResult) {
+        case kSecTrustResultUnspecified:
+            /* cert chain valid, no special UserTrust assignments; drop thru */
+        case kSecTrustResultProceed:
+            /* cert chain valid AND user explicitly trusts this */
+            break;
+        default:
+            /*
+             * Cert chain construction failed.
+             * Just go with the single subject cert we were given; maybe the
+             * peer can complete the chain.
+             */
+            ortn = noErr;
+            goto errOut;
+    }
+
+    /* get resulting constructed cert chain */
+    ortn = SecTrustGetResult(secTrust, &secTrustResult, &certChain, &dummyEv);
+    if(ortn) {
+        cssmPerror("SecTrustEvaluate", ortn);
+        goto errOut;
+    }
+
+    /*
+     * Copy certs from constructed chain to our result array, skipping
+     * the leaf (which is already there, as a SecIdentityRef) and possibly
+     * a root.
+     */
+    numResCerts = CFArrayGetCount(certChain);
+    if(numResCerts < 1) {
+        /*
+         * Can't happen: If chain doesn't verify to a root, we'd
+         * have bailed after SecTrustEvaluate().
+         */
+        ortn = noErr;
+        goto errOut;
+    }
+    if(!includeRoot) {
+        /* skip the last (root) cert) */
+        numResCerts--;
+    }
+    for(dex=1; dex<numResCerts; dex++) {
+        certRef = (SecCertificateRef)CFArrayGetValueAtIndex(certChain, dex);
+        CFArrayAppendValue(certArray, certRef);
+    }
+errOut:
+        /* clean up */
+        if(secTrust) {
+            CFRelease(secTrust);
+        }
+    if(subjCerts) {
+        CFRelease(subjCerts);
+    }
+    if(policy) {
+        CFRelease(policy);
+    }
+    if(policySearch) {
+        CFRelease(policySearch);
+    }
+    *outArray = certArray;
+    return ortn;
+}
+
+static void addIdentitiesToKeystore(JNIEnv *env, jobject keyStore)
+{
+    // Search the user keychain list for all identities. Identities are a certificate/private key association that
+    // can be chosen for a purpose such as signing or an SSL connection.
+    SecIdentitySearchRef identitySearch = NULL;
+    // Pass 0 if you want all identities returned by this search
+    OSStatus err = SecIdentitySearchCreate(NULL, 0, &identitySearch);
+    SecIdentityRef theIdentity = NULL;
+    OSErr searchResult = noErr;
+
+    do {
+        searchResult = SecIdentitySearchCopyNext(identitySearch, &theIdentity);
+
+        if (searchResult == noErr) {
+            // Get the cert from the identity, then generate a chain.
+            SecCertificateRef certificate;
+            SecIdentityCopyCertificate(theIdentity, &certificate);
+            CFArrayRef certChain = NULL;
+
+            // *** Should do something with this error...
+            err = completeCertChain(theIdentity, NULL, TRUE, &certChain);
+
+            CFIndex i, certCount = CFArrayGetCount(certChain);
+
+            // Make a java array of certificate data from the chain.
+            jclass byteArrayClass = (*env)->FindClass(env, "[B");
+            if (byteArrayClass == NULL) {
+                goto errOut;
+            }
+            jobjectArray javaCertArray = (*env)->NewObjectArray(env, certCount, byteArrayClass, NULL);
+            // Cleanup first then check for a NULL return code
+            (*env)->DeleteLocalRef(env, byteArrayClass);
+            if (javaCertArray == NULL) {
+                goto errOut;
+            }
+
+            // And, make an array of the certificate refs.
+            jlongArray certRefArray = (*env)->NewLongArray(env, certCount);
+            if (certRefArray == NULL) {
+                goto errOut;
+            }
+
+            SecCertificateRef currCertRef = NULL;
+
+            for (i = 0; i < certCount; i++) {
+                CSSM_DATA currCertData;
+
+                if (i == 0)
+                    currCertRef = certificate;
+                else
+                    currCertRef = (SecCertificateRef)CFArrayGetValueAtIndex(certChain, i);
+
+                bzero(&currCertData, sizeof(CSSM_DATA));
+                err = SecCertificateGetData(currCertRef, &currCertData);
+                jbyteArray encodedCertData = (*env)->NewByteArray(env, currCertData.Length);
+                if (encodedCertData == NULL) {
+                    goto errOut;
+                }
+                (*env)->SetByteArrayRegion(env, encodedCertData, 0, currCertData.Length, (jbyte *)currCertData.Data);
+                (*env)->SetObjectArrayElement(env, javaCertArray, i, encodedCertData);
+                jlong certRefElement = ptr_to_jlong(currCertRef);
+                (*env)->SetLongArrayRegion(env, certRefArray, i, 1, &certRefElement);
+            }
+
+            // Get the private key.  When needed we'll export the data from it later.
+            SecKeyRef privateKeyRef;
+            err = SecIdentityCopyPrivateKey(theIdentity, &privateKeyRef);
+
+            // Find the label.  It's a 'blob', but we interpret as characters.
+            jstring alias = getLabelFromItem(env, (SecKeychainItemRef)certificate);
+            if (alias == NULL) {
+                goto errOut;
+            }
+
+            // Find the creation date.
+            jlong creationDate = getModDateFromItem(env, (SecKeychainItemRef)certificate);
+
+            // Call back to the Java object to create Java objects corresponding to this security object.
+            jlong nativeKeyRef = ptr_to_jlong(privateKeyRef);
+            JNFCallVoidMethod(env, keyStore, jm_createKeyEntry, alias, creationDate, nativeKeyRef, certRefArray, javaCertArray);
+        }
+    } while (searchResult == noErr);
+
+errOut:
+    if (identitySearch != NULL) {
+        CFRelease(identitySearch);
+    }
+}
+
+static void addCertificatesToKeystore(JNIEnv *env, jobject keyStore)
+{
+    // Search the user keychain list for all X509 certificates.
+    SecKeychainSearchRef keychainItemSearch = NULL;
+    OSStatus err = SecKeychainSearchCreateFromAttributes(NULL, kSecCertificateItemClass, NULL, &keychainItemSearch);
+    SecKeychainItemRef theItem = NULL;
+    OSErr searchResult = noErr;
+
+    do {
+        searchResult = SecKeychainSearchCopyNext(keychainItemSearch, &theItem);
+
+        if (searchResult == noErr) {
+            // Make a byte array with the DER-encoded contents of the certificate.
+            SecCertificateRef certRef = (SecCertificateRef)theItem;
+            CSSM_DATA currCertificate;
+            err = SecCertificateGetData(certRef, &currCertificate);
+            jbyteArray certData = (*env)->NewByteArray(env, currCertificate.Length);
+            if (certData == NULL) {
+                goto errOut;
+            }
+            (*env)->SetByteArrayRegion(env, certData, 0, currCertificate.Length, (jbyte *)currCertificate.Data);
+
+            // Find the label.  It's a 'blob', but we interpret as characters.
+            jstring alias = getLabelFromItem(env, theItem);
+            if (alias == NULL) {
+                goto errOut;
+            }
+
+            // Find the creation date.
+            jlong creationDate = getModDateFromItem(env, theItem);
+
+            // Call back to the Java object to create Java objects corresponding to this security object.
+            jlong nativeRef = ptr_to_jlong(certRef);
+            JNFCallVoidMethod(env, keyStore, jm_createTrustedCertEntry, alias, nativeRef, creationDate, certData);
+        }
+    } while (searchResult == noErr);
+
+errOut:
+    if (keychainItemSearch != NULL) {
+        CFRelease(keychainItemSearch);
+    }
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _getEncodedKeyData
+ * Signature: (J)[B
+     */
+JNIEXPORT jbyteArray JNICALL Java_apple_security_KeychainStore__1getEncodedKeyData
+(JNIEnv *env, jobject this, jlong keyRefLong, jcharArray passwordObj)
+{
+    SecKeyRef keyRef = (SecKeyRef)jlong_to_ptr(keyRefLong);
+    SecKeyImportExportParameters paramBlock;
+    OSStatus err = noErr;
+    CFDataRef exportedData = NULL;
+    jbyteArray returnValue = NULL;
+    CFStringRef passwordStrRef = NULL;
+
+    jsize passwordLen = 0;
+    jchar *passwordChars = NULL;
+
+    if (passwordObj) {
+        passwordLen = (*env)->GetArrayLength(env, passwordObj);
+
+        if (passwordLen > 0) {
+            passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL);
+            if (passwordChars == NULL) {
+                goto errOut;
+            }
+            passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen);
+        }
+    }
+
+    paramBlock.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    // Note that setting the flags field **requires** you to pass in a password of some kind.  The keychain will not prompt you.
+    paramBlock.flags = 0;
+    paramBlock.passphrase = passwordStrRef;
+    paramBlock.alertTitle = NULL;
+    paramBlock.alertPrompt = NULL;
+    paramBlock.accessRef = NULL;
+    paramBlock.keyUsage = CSSM_KEYUSE_ANY;
+    paramBlock.keyAttributes = CSSM_KEYATTR_RETURN_DEFAULT;
+
+    err = SecKeychainItemExport(keyRef, kSecFormatPKCS12, 0, &paramBlock, &exportedData);
+
+    if (err == noErr) {
+        CFIndex size = CFDataGetLength(exportedData);
+        returnValue = (*env)->NewByteArray(env, size);
+        if (returnValue == NULL) {
+            goto errOut;
+        }
+        (*env)->SetByteArrayRegion(env, returnValue, 0, size, (jbyte *)CFDataGetBytePtr(exportedData));
+    }
+
+errOut:
+    if (exportedData) CFRelease(exportedData);
+    if (passwordStrRef) CFRelease(passwordStrRef);
+
+    return returnValue;
+}
+
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _scanKeychain
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL Java_apple_security_KeychainStore__1scanKeychain
+(JNIEnv *env, jobject this)
+{
+    // Look for 'identities' -- private key and certificate chain pairs -- and add those.
+    // Search for these first, because a certificate that's found here as part of an identity will show up
+    // again later as a certificate.
+    addIdentitiesToKeystore(env, this);
+
+    // Scan current keychain for trusted certificates.
+    addCertificatesToKeystore(env, this);
+
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _addItemToKeychain
+ * Signature: (Ljava/lang/String;[B)I
+*/
+JNIEXPORT jlong JNICALL Java_apple_security_KeychainStore__1addItemToKeychain
+(JNIEnv *env, jobject this, jstring alias, jboolean isCertificate, jbyteArray rawDataObj, jcharArray passwordObj)
+{
+    OSStatus err;
+    jlong returnValue = 0;
+
+JNF_COCOA_ENTER(env);
+
+    jsize dataSize = (*env)->GetArrayLength(env, rawDataObj);
+    jbyte *rawData = (*env)->GetByteArrayElements(env, rawDataObj, NULL);
+    if (rawData == NULL) {
+        goto errOut;
+    }
+
+    CFDataRef cfDataToImport = CFDataCreate(kCFAllocatorDefault, (UInt8 *)rawData, dataSize);
+    CFArrayRef createdItems = NULL;
+
+    SecKeychainRef defaultKeychain = NULL;
+    SecKeychainCopyDefault(&defaultKeychain);
+
+    SecExternalItemType dataType = (isCertificate == JNI_TRUE ? kSecFormatX509Cert : kSecFormatWrappedPKCS8);
+
+    // Convert the password obj into a CFStringRef that the keychain importer can use for encryption.
+    SecKeyImportExportParameters paramBlock;
+    CFStringRef passwordStrRef = NULL;
+
+    jsize passwordLen = 0;
+    jchar *passwordChars = NULL;
+
+    if (passwordObj) {
+        passwordLen = (*env)->GetArrayLength(env, passwordObj);
+        passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL);
+        passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen);
+    }
+
+    paramBlock.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    // Note that setting the flags field **requires** you to pass in a password of some kind.  The keychain will not prompt you.
+    paramBlock.flags = 0;
+    paramBlock.passphrase = passwordStrRef;
+    paramBlock.alertTitle = NULL;
+    paramBlock.alertPrompt = NULL;
+    paramBlock.accessRef = NULL;
+    paramBlock.keyUsage = CSSM_KEYUSE_ANY;
+    paramBlock.keyAttributes = CSSM_KEYATTR_RETURN_DEFAULT;
+
+    err = SecKeychainItemImport(cfDataToImport, NULL, &dataType, NULL,
+                                0, &paramBlock, defaultKeychain, &createdItems);
+
+    if (err == noErr) {
+        SecKeychainItemRef anItem = (SecKeychainItemRef)CFArrayGetValueAtIndex(createdItems, 0);
+
+        // Don't bother labeling keys. They become part of an identity, and are not an accessible part of the keychain.
+        if (CFGetTypeID(anItem) == SecCertificateGetTypeID()) {
+            setLabelForItem(JNFJavaToNSString(env, alias), anItem);
+        }
+
+        // Retain the item, since it will be released once when the array holding it gets released.
+        CFRetain(anItem);
+        returnValue = ptr_to_jlong(anItem);
+    } else {
+        cssmPerror("_addItemToKeychain: SecKeychainItemImport", err);
+    }
+
+    (*env)->ReleaseByteArrayElements(env, rawDataObj, rawData, JNI_ABORT);
+
+    if (createdItems != NULL) {
+        CFRelease(createdItems);
+    }
+
+errOut: ;
+
+JNF_COCOA_EXIT(env);
+
+    return returnValue;
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _removeItemFromKeychain
+ * Signature: (J)I
+*/
+JNIEXPORT jint JNICALL Java_apple_security_KeychainStore__1removeItemFromKeychain
+(JNIEnv *env, jobject this, jlong keychainItem)
+{
+    SecKeychainItemRef itemToRemove = jlong_to_ptr(keychainItem);
+    return SecKeychainItemDelete(itemToRemove);
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _releaseKeychainItemRef
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_apple_security_KeychainStore__1releaseKeychainItemRef
+(JNIEnv *env, jobject this, jlong keychainItem)
+{
+    SecKeychainItemRef itemToFree = jlong_to_ptr(keychainItem);
+    CFRelease(itemToFree);
+}
--- a/src/java.base/share/classes/java/lang/ProcessHandle.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/lang/ProcessHandle.java	Thu Aug 20 12:29:24 2015 -0700
@@ -225,8 +225,34 @@
         public Optional<String> command();
 
         /**
+         * Returns the command line of the process.
+         * <p>
+         * If {@link #command command()} and  {@link #arguments arguments()} return
+         * non-empty optionals, this is simply a convenience method which concatenates
+         * the values of the two functions separated by spaces. Otherwise it will return a
+         * best-effort, platform dependent representation of the command line.
+         *
+         * @apiNote Note that the returned executable pathname and the
+         *          arguments may be truncated on some platforms due to system
+         *          limitations.
+         *          <p>
+         *          The executable pathname may contain only the
+         *          name of the executable without the full path information.
+         *          It is undecideable whether white space separates different
+         *          arguments or is part of a single argument.
+         *
+         * @return an {@code Optional<String>} of the command line
+         *         of the process
+         */
+        public Optional<String> commandLine();
+
+        /**
          * Returns an array of Strings of the arguments of the process.
          *
+         * @apiNote On some platforms, native applications are free to change
+         *          the arguments array after startup and this method may only
+         *          show the changed values.
+         *
          * @return an {@code Optional<String[]>} of the arguments of the process
          */
         public Optional<String[]> arguments();
--- a/src/java.base/share/classes/java/lang/ProcessHandleImpl.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/lang/ProcessHandleImpl.java	Thu Aug 20 12:29:24 2015 -0700
@@ -472,7 +472,7 @@
     /**
      * Implementation of ProcessHandle.Info.
      * Information snapshot about a process.
-     * The attributes of a process vary by operating system and not available
+     * The attributes of a process vary by operating system and are not available
      * in all implementations.  Additionally, information about other processes
      * is limited by the operating system privileges of the process making the request.
      * If a value is not available, either a {@code null} or {@code -1} is stored.
@@ -496,6 +496,7 @@
         private native void info0(long pid);
 
         String command;
+        String commandLine;
         String[] arguments;
         long startTime;
         long totalTime;
@@ -503,6 +504,7 @@
 
         Info() {
             command = null;
+            commandLine = null;
             arguments = null;
             startTime = -1L;
             totalTime = -1L;
@@ -539,6 +541,15 @@
         }
 
         @Override
+        public Optional<String> commandLine() {
+            if (command != null && arguments != null) {
+                return Optional.of(command + " " + String.join(" ", arguments));
+            } else {
+                return Optional.ofNullable(commandLine);
+            }
+        }
+
+        @Override
         public Optional<String[]> arguments() {
             return Optional.ofNullable(arguments);
         }
@@ -580,6 +591,11 @@
                 sb.append("args: ");
                 sb.append(Arrays.toString(arguments));
             }
+            if (commandLine != null) {
+                if (sb.length() != 0) sb.append(", ");
+                sb.append("cmdLine: ");
+                sb.append(commandLine);
+            }
             if (startTime > 0) {
                 if (sb.length() != 0) sb.append(", ");
                 sb.append("startTime: ");
--- a/src/java.base/share/classes/java/lang/Shutdown.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/lang/Shutdown.java	Thu Aug 20 12:29:24 2015 -0700
@@ -86,10 +86,10 @@
      *               to be registered even if the shutdown is in progress.
      * @params hook  the hook to be registered
      *
-     * @throw IllegalStateException
-     *        if registerShutdownInProgress is false and shutdown is in progress; or
-     *        if registerShutdownInProgress is true and the shutdown process
-     *           already passes the given slot
+     * @throws IllegalStateException
+     *         if registerShutdownInProgress is false and shutdown is in progress; or
+     *         if registerShutdownInProgress is true and the shutdown process
+     *         already passes the given slot
      */
     static void add(int slot, boolean registerShutdownInProgress, Runnable hook) {
         synchronized (lock) {
--- a/src/java.base/share/classes/java/lang/ref/ReferenceQueue.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/lang/ref/ReferenceQueue.java	Thu Aug 20 12:29:24 2015 -0700
@@ -65,10 +65,13 @@
                 return false;
             }
             assert queue == this;
-            r.queue = ENQUEUED;
             r.next = (head == null) ? r : head;
             head = r;
             queueLength++;
+            // Update r.queue *after* adding to list, to avoid race
+            // with concurrent enqueued checks and fast-path poll().
+            // Volatiles ensure ordering.
+            r.queue = ENQUEUED;
             if (r instanceof FinalReference) {
                 sun.misc.VM.addFinalRefCount(1);
             }
@@ -80,10 +83,13 @@
     private Reference<? extends T> reallyPoll() {       /* Must hold lock */
         Reference<? extends T> r = head;
         if (r != null) {
+            r.queue = NULL;
+            // Update r.queue *before* removing from list, to avoid
+            // race with concurrent enqueued checks and fast-path
+            // poll().  Volatiles ensure ordering.
             @SuppressWarnings("unchecked")
             Reference<? extends T> rn = r.next;
             head = (rn == r) ? null : rn;
-            r.queue = NULL;
             r.next = r;
             queueLength--;
             if (r instanceof FinalReference) {
--- a/src/java.base/share/classes/java/net/ContentHandler.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/net/ContentHandler.java	Thu Aug 20 12:29:24 2015 -0700
@@ -47,7 +47,7 @@
  * If no content handler could be {@linkplain URLConnection#getContent() found},
  * URLConnection will look for a content handler in a user-definable set of places.
  * Users can define a vertical-bar delimited set of class prefixes
- * to search through by defining the <i>{@value java.net.URLConnection#contentPathProp}</i>
+ * to search through by defining the <i>{@link java.net.URLConnection#contentPathProp}</i>
  * property. The class name must be of the form:
  * <blockquote>
  *     <i>{package-prefix}.{major}.{minor}</i>
--- a/src/java.base/share/classes/java/net/InetSocketAddress.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/net/InetSocketAddress.java	Thu Aug 20 12:29:24 2015 -0700
@@ -206,7 +206,7 @@
      * @param   hostname the Host name
      * @param   port    The port number
      * @throws IllegalArgumentException if the port parameter is outside the range
-     * of valid port values, or if the hostname parameter is <TT>null</TT>.
+     * of valid port values, or if the hostname parameter is {@code null}.
      * @throws SecurityException if a security manager is present and
      *                           permission to resolve the host name is
      *                           denied.
@@ -244,7 +244,7 @@
      * @param   port    The port number
      * @throws IllegalArgumentException if the port parameter is outside
      *                  the range of valid port values, or if the hostname
-     *                  parameter is <TT>null</TT>.
+     *                  parameter is {@code null}.
      * @see     #isUnresolved()
      * @return  a {@code InetSocketAddress} representing the unresolved
      *          socket address
--- a/src/java.base/share/classes/java/net/spi/package-info.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/net/spi/package-info.java	Thu Aug 20 12:29:24 2015 -0700
@@ -24,7 +24,7 @@
  */
 
 /**
- * Service-provider classes for the <tt>{@link java.net}</tt> package.
+ * Service-provider classes for the {@link java.net} package.
  *
  * <p> Only developers who are defining new URL stream handler providers
  * should need to make direct use of this package.
--- a/src/java.base/share/classes/java/nio/Buffer.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/nio/Buffer.java	Thu Aug 20 12:29:24 2015 -0700
@@ -215,8 +215,8 @@
      * {@code put(src)} when the parameter is the {@code Buffer} on which the
      * method is being invoked.
      *
-     * @returns  IllegalArgumentException
-     *           With a message indicating equal source and target buffers
+     * @return  IllegalArgumentException
+     *          With a message indicating equal source and target buffers
      */
     static IllegalArgumentException createSameBufferException() {
         return new IllegalArgumentException("The source buffer is this buffer");
--- a/src/java.base/share/classes/java/security/KeyStoreSpi.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/security/KeyStoreSpi.java	Thu Aug 20 12:29:24 2015 -0700
@@ -618,9 +618,12 @@
      * @throws IOException if there is an I/O problem with the keystore data.
      * @throws NullPointerException if stream is {@code null}.
      *
-     * @since 1.9
+     * @since 9
      */
     public boolean engineProbe(InputStream stream) throws IOException {
+        if (stream == null) {
+            throw new NullPointerException("input stream must not be null");
+        }
         return false;
     }
 }
--- a/src/java.base/share/classes/java/util/Formatter.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/java/util/Formatter.java	Thu Aug 20 12:29:24 2015 -0700
@@ -273,6 +273,10 @@
  *
  * </ol>
  *
+ * <p> For category <i>General</i>, <i>Character</i>, <i>Numberic</i>,
+ * <i>Integral</i> and <i>Date/Time</i> conversion, unless otherwise specified,
+ * if the argument <i>arg</i> is {@code null}, then the result is "{@code null}".
+ *
  * <p> The following table summarizes the supported conversions.  Conversions
  * denoted by an upper-case character (i.e. {@code 'B'}, {@code 'H'},
  * {@code 'S'}, {@code 'C'}, {@code 'X'}, {@code 'E'}, {@code 'G'},
@@ -301,14 +305,12 @@
  *
  * <tr><td valign="top"> {@code 'h'}, {@code 'H'}
  *     <td valign="top"> general
- *     <td> If the argument <i>arg</i> is {@code null}, then the result is
- *     "{@code null}".  Otherwise, the result is obtained by invoking
+ *     <td> The result is obtained by invoking
  *     {@code Integer.toHexString(arg.hashCode())}.
  *
  * <tr><td valign="top"> {@code 's'}, {@code 'S'}
  *     <td valign="top"> general
- *     <td> If the argument <i>arg</i> is {@code null}, then the result is
- *     "{@code null}".  If <i>arg</i> implements {@link Formattable}, then
+ *     <td> If <i>arg</i> implements {@link Formattable}, then
  *     {@link Formattable#formatTo arg.formatTo} is invoked. Otherwise, the
  *     result is obtained by invoking {@code arg.toString()}.
  *
@@ -683,6 +685,10 @@
  * methods such as {@link String#format(String,Object...) String.format} and
  * {@link java.io.PrintStream#printf(String,Object...) PrintStream.printf}.
  *
+ * <p> For category <i>General</i>, <i>Character</i>, <i>Numberic</i>,
+ * <i>Integral</i> and <i>Date/Time</i> conversion, unless otherwise specified,
+ * if the argument <i>arg</i> is {@code null}, then the result is "{@code null}".
+ *
  * <p> Conversions denoted by an upper-case character (i.e. {@code 'B'},
  * {@code 'H'}, {@code 'S'}, {@code 'C'}, {@code 'X'}, {@code 'E'},
  * {@code 'G'}, {@code 'A'}, and {@code 'T'}) are the same as those for the
@@ -722,9 +728,8 @@
  *     <td valign="top"> <code>'&#92;u0068'</code>
  *     <td> Produces a string representing the hash code value of the object.
  *
- *     <p> If the argument, <i>arg</i> is {@code null}, then the
- *     result is "{@code null}".  Otherwise, the result is obtained
- *     by invoking {@code Integer.toHexString(arg.hashCode())}.
+ *     <p> The result is obtained by invoking
+ *     {@code Integer.toHexString(arg.hashCode())}.
  *
  *     <p> If the {@code '#'} flag is given, then a {@link
  *     FormatFlagsConversionMismatchException} will be thrown.
@@ -737,8 +742,7 @@
  *     <td valign="top"> <code>'&#92;u0073'</code>
  *     <td> Produces a string.
  *
- *     <p> If the argument is {@code null}, then the result is
- *     "{@code null}".  If the argument implements {@link Formattable}, then
+ *     <p> If the argument implements {@link Formattable}, then
  *     its {@link Formattable#formatTo formatTo} method is invoked.
  *     Otherwise, the result is obtained by invoking the argument's
  *     {@code toString()} method.
--- a/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Thu Aug 20 12:29:24 2015 -0700
@@ -39,7 +39,7 @@
  * <p> Every implementation of the Java platform is required to support the
  * following standard {@code SSLContext} protocol:
  * <ul>
- * <li><tt>TLSv1</tt></li>
+ * <li>{@code TLSv1}</li>
  * </ul>
  * This protocol is described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">
--- a/src/java.base/share/classes/javax/net/ssl/SSLException.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/javax/net/ssl/SSLException.java	Thu Aug 20 12:29:24 2015 -0700
@@ -53,13 +53,13 @@
     }
 
     /**
-     * Creates a <code>SSLException</code> with the specified
+     * Creates a {@code SSLException} with the specified
      * detail message and cause.
      *
      * @param message the detail message (which is saved for later retrieval
      *          by the {@link #getMessage()} method).
      * @param cause the cause (which is saved for later retrieval by the
-     *          {@link #getCause()} method).  (A <tt>null</tt> value is
+     *          {@link #getCause()} method).  (A {@code null} value is
      *          permitted, and indicates that the cause is nonexistent or
      *          unknown.)
      * @since 1.5
@@ -70,13 +70,13 @@
     }
 
     /**
-     * Creates a <code>SSLException</code> with the specified cause
-     * and a detail message of <tt>(cause==null ? null : cause.toString())</tt>
+     * Creates a {@code SSLException} with the specified cause
+     * and a detail message of {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <tt>cause</tt>).
+     * {@code cause}).
      *
      * @param cause the cause (which is saved for later retrieval by the
-     *          {@link #getCause()} method).  (A <tt>null</tt> value is
+     *          {@link #getCause()} method).  (A {@code null} value is
      *          permitted, and indicates that the cause is nonexistent or
      *          unknown.)
      * @since 1.5
--- a/src/java.base/share/classes/jdk/internal/jimage/ImageFileCreator.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/jdk/internal/jimage/ImageFileCreator.java	Thu Aug 20 12:29:24 2015 -0700
@@ -139,6 +139,7 @@
     }
 
     public static void recreateJimage(Path jimageFile,
+            String jdataName,
             Set<Archive> archives,
             Map<String, Set<String>> modulePackages)
             throws IOException {
@@ -159,12 +160,7 @@
             throw new UnsupportedOperationException("Not supported, no external file "
                     + "in a jimage file");
         }, entriesForModule, order);
-        String fileName = jimageFile.getFileName().toString();
-        if (fileName.endsWith(IMAGE_EXT)) {
-            fileName = fileName.substring(0, fileName.length()
-                    - BasicImageWriter.IMAGE_EXT.length());
-        }
-        generateJImage(jimageFile, fileName, resources, order);
+        generateJImage(jimageFile, jdataName, resources, order);
     }
 
     private void writeImage(String fileName,
--- a/src/java.base/share/classes/sun/net/ftp/FtpClientProvider.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/net/ftp/FtpClientProvider.java	Thu Aug 20 12:29:24 2015 -0700
@@ -52,7 +52,7 @@
      * Initializes a new instance of this class.
      *
      * @throws SecurityException if a security manager is installed and it denies
-     *         {@link RuntimePermission}<tt>("ftpClientProvider")</tt>
+     *         {@link RuntimePermission}{@code ("ftpClientProvider")}
      */
     protected FtpClientProvider() {
         SecurityManager sm = System.getSecurityManager();
@@ -108,7 +108,7 @@
      * <ol>
      *
      *   <li><p> If the system property
-     *   <tt>java.net.FtpClientProvider</tt> is defined then it is
+     *   {@code java.net.FtpClientProvider} is defined then it is
      *   taken to be the fully-qualified name of a concrete provider class.
      *   The class is loaded and instantiated; if this process fails then an
      *   unspecified unchecked error or exception is thrown.  </p></li>
@@ -116,8 +116,8 @@
      *   <li><p> If a provider class has been installed in a jar file that is
      *   visible to the system class loader, and that jar file contains a
      *   provider-configuration file named
-     *   <tt>java.net.FtpClientProvider</tt> in the resource
-     *   directory <tt>META-INF/services</tt>, then the first class name
+     *   {@code java.net.FtpClientProvider} in the resource
+     *   directory {@code META-INF/services}, then the first class name
      *   specified in that file is taken.  The class is loaded and
      *   instantiated; if this process fails then an unspecified unchecked error or exception is
      *   thrown.  </p></li>
--- a/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java	Thu Aug 20 12:29:24 2015 -0700
@@ -191,7 +191,7 @@
 
     /**
      * return the first token.
-     * @returns the token
+     * @return the token
      * @throws IOException if <code>Negotiator.getNegotiator()</code> or
      *                     <code>Negotiator.firstToken()</code> failed.
      */
@@ -219,7 +219,7 @@
     /**
      * return more tokens
      * @param token the token to be fed into <code>negotiator.nextToken()</code>
-     * @returns the token
+     * @return the token
      * @throws IOException if <code>negotiator.nextToken()</code> throws Exception.
      *  May happen if the input token is invalid.
      */
--- a/src/java.base/share/classes/sun/nio/ch/Net.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/nio/ch/Net.java	Thu Aug 20 12:29:24 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -391,8 +391,7 @@
     private static native boolean isIPv6Available0();
 
     /*
-     * Returns 1 for Windows versions that support exclusive binding by default, 0
-     * for those that do not, and -1 for Solaris/Linux/Mac OS
+     * Returns 1 for Windows and -1 for Solaris/Linux/Mac OS
      */
     private static native int isExclusiveBindAvailable();
 
--- a/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Thu Aug 20 12:29:24 2015 -0700
@@ -98,8 +98,8 @@
      * Sole constructor.
      *
      * @param annotationClass the class object for the annotation type
-     * @throw IllegalArgumentException if the specified class object for
-     *     does not represent a valid annotation type
+     * @throws IllegalArgumentException if the specified class object for
+     *         does not represent a valid annotation type
      */
     private AnnotationType(final Class<? extends Annotation> annotationClass) {
         if (!annotationClass.isAnnotation())
--- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Thu Aug 20 12:29:24 2015 -0700
@@ -178,6 +178,26 @@
             p = new com.sun.crypto.provider.SunJCE();
         } else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
             p = new com.sun.net.ssl.internal.ssl.Provider();
+        } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
+            // need to use reflection since this class only exists on MacOsx
+            p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
+                public Provider run() {
+                    try {
+                        Class<?> c = Class.forName("apple.security.AppleProvider");
+                        if (Provider.class.isAssignableFrom(c)) {
+                            return (Provider) c.newInstance();
+                        } else {
+                            return null;
+                        }
+                    } catch (Exception ex) {
+                        if (debug != null) {
+                        debug.println("Error loading provider Apple");
+                        ex.printStackTrace();
+                    }
+                    return null;
+                }
+             }
+             });
         } else {
             if (isLoading) {
                 // because this method is synchronized, this can only
--- a/src/java.base/share/classes/sun/security/rsa/RSAPadding.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/security/rsa/RSAPadding.java	Thu Aug 20 12:29:24 2015 -0700
@@ -319,18 +319,17 @@
             }
             // generate non-zero padding bytes
             // use a buffer to reduce calls to SecureRandom
-            byte[] r = new byte[64];
-            int i = -1;
-            while (psSize-- > 0) {
-                int b;
-                do {
-                    if (i < 0) {
-                        random.nextBytes(r);
-                        i = r.length - 1;
+            while (psSize > 0) {
+                // extra bytes to avoid zero bytes,
+                // number of zero bytes <= 4 in 98% cases
+                byte[] r = new byte[psSize + 4];
+                random.nextBytes(r);
+                for (int i = 0; i < r.length && psSize > 0; i++) {
+                    if (r[i] != 0) {
+                        padded[k++] = r[i];
+                        psSize--;
                     }
-                    b = r[i--] & 0xff;
-                } while (b == 0);
-                padded[k++] = (byte)b;
+                }
             }
         }
         return padded;
--- a/src/java.base/share/classes/sun/util/CoreResourceBundleControl-XLocales.java.template	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/util/CoreResourceBundleControl-XLocales.java.template	Thu Aug 20 12:29:24 2015 -0700
@@ -92,7 +92,7 @@
     }
 
     /**
-     * @returns a list of candidate locales to search from.
+     * @return a list of candidate locales to search from.
      * @exception NullPointerException if baseName or locale is null.
      */
     @Override
--- a/src/java.base/share/classes/sun/util/PreHashedMap.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/util/PreHashedMap.java	Thu Aug 20 12:29:24 2015 -0700
@@ -56,7 +56,7 @@
  *
  * }</pre></blockquote>
  *
- * <p> The <tt>init</tt> method is invoked by the <tt>PreHashedMap</tt>
+ * <p> The {@code init} method is invoked by the {@code PreHashedMap}
  * constructor with an object array long enough for the map's rows.  The method
  * must construct the hash chain for each row and store it in the appropriate
  * element of the array.
@@ -73,7 +73,7 @@
  * methods in the {@link java.util.Collections} utility class.
  *
  * <p> In the JDK build, subclasses of this class are typically created via the
- * <tt>Hasher</tt> program in the <tt>make/tools/Hasher</tt> directory.
+ * {@code Hasher} program in the {@code make/tools/Hasher} directory.
  *
  * @author Mark Reinhold
  * @since 1.5
@@ -95,7 +95,7 @@
      * Creates a new map.
      *
      * <p> This constructor invokes the {@link #init init} method, passing it a
-     * newly-constructed row array that is <tt>rows</tt> elements long.
+     * newly-constructed row array that is {@code rows} elements long.
      *
      * @param rows
      *        The number of rows in the map
--- a/src/java.base/share/classes/sun/util/resources/LocaleData.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/classes/sun/util/resources/LocaleData.java	Thu Aug 20 12:29:24 2015 -0700
@@ -201,7 +201,7 @@
          *
          * @param baseName the resource bundle base name.
          *        locale   the requested locale for the resource bundle.
-         * @returns a list of candidate locales to search from.
+         * @return a list of candidate locales to search from.
          * @exception NullPointerException if baseName or locale is null.
          */
         @Override
--- a/src/java.base/share/native/libjli/java.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/share/native/libjli/java.c	Thu Aug 20 12:29:24 2015 -0700
@@ -1082,15 +1082,6 @@
             AddOption("-Xverify:remote", NULL);
         } else if (JLI_StrCmp(arg, "-noverify") == 0) {
             AddOption("-Xverify:none", NULL);
-        } else if (JLI_StrCCmp(arg, "-prof") == 0) {
-            char *p = arg + 5;
-            char *tmp = JLI_MemAlloc(JLI_StrLen(arg) + 50);
-            if (*p) {
-                sprintf(tmp, "-Xrunhprof:cpu=old,file=%s", p + 1);
-            } else {
-                sprintf(tmp, "-Xrunhprof:cpu=old,file=java.prof");
-            }
-            AddOption(tmp, NULL);
         } else if (JLI_StrCCmp(arg, "-ss") == 0 ||
                    JLI_StrCCmp(arg, "-oss") == 0 ||
                    JLI_StrCCmp(arg, "-ms") == 0 ||
--- a/src/java.base/solaris/native/libjava/ProcessHandleImpl_solaris.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/solaris/native/libjava/ProcessHandleImpl_solaris.c	Thu Aug 20 12:29:24 2015 -0700
@@ -24,368 +24,28 @@
  */
 
 #include "jni.h"
-#include "jni_util.h"
-#include "java_lang_ProcessHandleImpl.h"
-#include "java_lang_ProcessHandleImpl_Info.h"
 
+#include "ProcessHandleImpl_unix.h"
 
-#include <stdio.h>
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
 #include <procfs.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <limits.h>
 
-/**
- * Implementations of ProcessHandleImpl functions that are
- * NOT common to all Unix variants:
- * - getProcessPids0(pid, pidArray)
- *
- * Implementations of ProcessHandleImpl_Info
- * - totalTime, startTime
- * - Command
- * - Arguments
+/*
+ * Implementation of native ProcessHandleImpl functions for Solaris.
+ * See ProcessHandleImpl_unix.c for more details.
  */
 
-/*
- * Signatures for internal OS specific functions.
- */
-static pid_t getStatInfo(JNIEnv *env, pid_t pid,
-                                     jlong *totalTime, jlong* startTime,
-                                     uid_t *uid);
-static void getCmdlineInfo(JNIEnv *env, jobject jinfo, pid_t pid);
+void os_initNative(JNIEnv *env, jclass clazz) {}
 
-extern jstring uidToUser(JNIEnv* env, uid_t uid);
-
-/* Field id for jString 'command' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_commandID;
-
-/* Field id for jString[] 'arguments' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_argumentsID;
-
-/* Field id for jlong 'totalTime' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_totalTimeID;
-
-/* Field id for jlong 'startTime' in java.lang.ProcessHandle.Info */
-static jfieldID ProcessHandleImpl_Info_startTimeID;
-
-/* Field id for jString 'user' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_userID;
-
-/* static value for clock ticks per second. */
-static long clock_ticks_per_second;
-
-/**************************************************************
- * Static method to initialize field IDs and the ticks per second rate.
- *
- * Class:     java_lang_ProcessHandleImpl_Info
- * Method:    initIDs
- * Signature: ()V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_initIDs(JNIEnv *env, jclass clazz) {
-    CHECK_NULL(ProcessHandleImpl_Info_commandID = (*env)->GetFieldID(env,
-        clazz, "command", "Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_argumentsID = (*env)->GetFieldID(env,
-        clazz, "arguments", "[Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_totalTimeID = (*env)->GetFieldID(env,
-        clazz, "totalTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_startTimeID = (*env)->GetFieldID(env,
-        clazz, "startTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_userID = (*env)->GetFieldID(env,
-        clazz, "user", "Ljava/lang/String;"));
+jint os_getChildren(JNIEnv *env, jlong jpid, jlongArray jarray,
+                    jlongArray jparentArray, jlongArray jstimesArray) {
+    return unix_getChildren(env, jpid, jarray, jparentArray, jstimesArray);
 }
 
-/**************************************************************
- * Static method to initialize the ticks per second rate.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    initNative
- * Signature: ()V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_initNative(JNIEnv *env, jclass clazz) {
-    clock_ticks_per_second = sysconf(_SC_CLK_TCK);
+pid_t os_getParentPidAndTimings(JNIEnv *env, pid_t pid, jlong *total, jlong *start) {
+    return unix_getParentPidAndTimings(env, pid, total, start);
 }
 
-/*
- * Check if a process is alive.
- * Return the start time (ms since 1970) if it is available.
- * If the start time is not available return 0.
- * If the pid is invalid, return -1.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    isAlive0
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_java_lang_ProcessHandleImpl_isAlive0(JNIEnv *env, jobject obj, jlong jpid) {
-    pid_t pid = (pid_t) jpid;
-    jlong startTime = 0L;
-    jlong totalTime = 0L;
-    uid_t uid = -1;
-    pid_t ppid = getStatInfo(env, pid, &totalTime, &startTime, &uid);
-    return (ppid < 0) ? -1 : startTime;
+void os_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
+    unix_getCmdlineAndUserInfo(env, jinfo, pid);
 }
 
-/*
- * Returns the parent pid of the requested pid.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    parent0
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_java_lang_ProcessHandleImpl_parent0(JNIEnv *env,
-                                         jobject obj,
-                                         jlong jpid,
-                                         jlong startTime) {
-    pid_t pid = (pid_t) jpid;
-    pid_t ppid = -1;
-
-    if (pid == getpid()) {
-        ppid = getppid();
-    } else {
-        jlong start = 0L;
-        jlong total = 0L;
-        uid_t uid = -1;
-
-        pid_t ppid = getStatInfo(env, pid, &total, &start, &uid);
-        if (start != startTime
-            && start != 0
-            && startTime != 0) {
-            ppid = -1;
-        }
-    }
-    return (jlong) ppid;
-}
-
-/*
- * Returns the children of the requested pid and optionally each parent.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    getChildPids
- * Signature: (J[J)I
- *
- * Reads /proc and accumulates any process who parent pid matches.
- * The resulting pids are stored into the array of longs.
- * The number of pids is returned if they all fit.
- * If the array is too short, the desired length is returned.
- */
-JNIEXPORT jint JNICALL
-Java_java_lang_ProcessHandleImpl_getProcessPids0(JNIEnv *env,
-                                                 jclass clazz,
-                                                 jlong jpid,
-                                                 jlongArray jarray,
-                                                 jlongArray jparentArray,
-                                                 jlongArray jstimesArray) {
-    DIR* dir;
-    struct dirent* ptr;
-    pid_t pid = (pid_t) jpid;
-    jlong* pids = NULL;
-    jlong* ppids = NULL;
-    jlong* stimes = NULL;
-    jsize parentArraySize = 0;
-    jsize arraySize = 0;
-    jsize stimesSize = 0;
-    jsize count = 0;
-    char procname[32];
-
-    arraySize = (*env)->GetArrayLength(env, jarray);
-    JNU_CHECK_EXCEPTION_RETURN(env, 0);
-    if (jparentArray != NULL) {
-        parentArraySize = (*env)->GetArrayLength(env, jparentArray);
-        JNU_CHECK_EXCEPTION_RETURN(env, 0);
-
-        if (arraySize != parentArraySize) {
-            JNU_ThrowIllegalArgumentException(env, "array sizes not equal");
-            return 0;
-        }
-    }
-    if (jstimesArray != NULL) {
-        stimesSize = (*env)->GetArrayLength(env, jstimesArray);
-        JNU_CHECK_EXCEPTION_RETURN(env, -1);
-
-        if (arraySize != stimesSize) {
-            JNU_ThrowIllegalArgumentException(env, "array sizes not equal");
-            return 0;
-        }
-    }
-
-    /*
-     * To locate the children we scan /proc looking for files that have a
-     * positive integer as a filename.
-     */
-    if ((dir = opendir("/proc")) == NULL) {
-        JNU_ThrowByNameWithLastError(env,
-            "java/lang/Runtime", "Unable to open /proc");
-        return 0;
-    }
-
-    do { // Block to break out of on Exception
-        pids = (*env)->GetLongArrayElements(env, jarray, NULL);
-        if (pids == NULL) {
-            break;
-        }
-        if (jparentArray != NULL) {
-            ppids  = (*env)->GetLongArrayElements(env, jparentArray, NULL);
-            if (ppids == NULL) {
-                break;
-            }
-        }
-        if (jstimesArray != NULL) {
-            stimes  = (*env)->GetLongArrayElements(env, jstimesArray, NULL);
-            if (stimes == NULL) {
-                break;
-            }
-        }
-
-        while ((ptr = readdir(dir)) != NULL) {
-            pid_t ppid = 0;
-            jlong totalTime = 0L;
-            jlong startTime = 0L;
-            uid_t uid; // value unused
-
-            /* skip files that aren't numbers */
-            pid_t childpid = (pid_t) atoi(ptr->d_name);
-            if ((int) childpid <= 0) {
-                continue;
-            }
-
-            // Read /proc/pid/stat and get the parent pid, and start time
-            ppid = getStatInfo(env, childpid, &totalTime, &startTime, &uid);
-            if (ppid >= 0 && (pid == 0 || ppid == pid)) {
-                if (count < arraySize) {
-                    // Only store if it fits
-                    pids[count] = (jlong) childpid;
-
-                    if (ppids != NULL) {
-                        // Store the parent Pid
-                        ppids[count] = (jlong) ppid;
-                    }
-                    if (stimes != NULL) {
-                        // Store the process start time
-                        stimes[count] = startTime;
-                    }
-                }
-                count++; // Count to tabulate size needed
-            }
-        }
-    } while (0);
-
-    if (pids != NULL) {
-        (*env)->ReleaseLongArrayElements(env, jarray, pids, 0);
-    }
-    if (ppids != NULL) {
-        (*env)->ReleaseLongArrayElements(env, jparentArray, ppids, 0);
-    }
-    if (stimes != NULL) {
-        (*env)->ReleaseLongArrayElements(env, jstimesArray, stimes, 0);
-    }
-
-    closedir(dir);
-    // If more pids than array had size for; count will be greater than array size
-    return count;
-}
-
-/**************************************************************
- * Implementation of ProcessHandleImpl_Info native methods.
- */
-
-/*
- * Fill in the Info object from the OS information about the process.
- *
- * Class:     java_lang_ProcessHandleImpl_Info
- * Method:    info0
- * Signature: (J)V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_info0(JNIEnv *env,
-                                                 jobject jinfo,
-                                                  jlong jpid) {
-    pid_t pid = (pid_t) jpid;
-    jlong startTime = 0L;
-    jlong totalTime = 0L;
-    uid_t uid = -1;
-    pid_t ppid = getStatInfo(env, pid, &totalTime, &startTime, &uid);
-
-    getCmdlineInfo(env, jinfo, pid);
-
-    if (ppid > 0) {
-        jstring str;
-        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_startTimeID, startTime);
-        JNU_CHECK_EXCEPTION(env);
-
-        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_totalTimeID, totalTime);
-        JNU_CHECK_EXCEPTION(env);
-
-        CHECK_NULL((str = uidToUser(env, uid)));
-        (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_userID, str);
-        JNU_CHECK_EXCEPTION(env);
-    }
-}
-
-/**
- * Read /proc/<pid>/status and return the ppid, total cputime and start time.
- * Return: -1 is fail;  zero is unknown; >  0 is parent pid
- */
-static pid_t getStatInfo(JNIEnv *env, pid_t pid,
-                                      jlong *totalTime, jlong* startTime,
-                                      uid_t* uid) {
-    FILE* fp;
-    psinfo_t psinfo;
-    char fn[32];
-    int ret;
-
-    /*
-     * Try to open /proc/%d/status
-     */
-    snprintf(fn, sizeof fn, "/proc/%d/psinfo", pid);
-    fp = fopen(fn, "r");
-    if (fp == NULL) {
-        return -1;
-    }
-
-    ret = fread(&psinfo, 1, (sizeof psinfo), fp);
-    fclose(fp);
-    if (ret < (sizeof psinfo)) {
-        return -1;
-    }
-
-    *totalTime = psinfo.pr_time.tv_sec * 1000000000L + psinfo.pr_time.tv_nsec;
-
-    *startTime = psinfo.pr_start.tv_sec * (jlong)1000 +
-                 psinfo.pr_start.tv_nsec / 1000000;
-
-    *uid = psinfo.pr_uid;
-
-    return (pid_t) psinfo.pr_ppid;
-}
-
-static void getCmdlineInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
-    char fn[32];
-    char exePath[PATH_MAX];
-    jstring str = NULL;
-    int ret;
-
-    /*
-     * The path to the executable command is the link in /proc/<pid>/paths/a.out.
-     */
-    snprintf(fn, sizeof fn, "/proc/%d/path/a.out", pid);
-    if ((ret = readlink(fn, exePath, PATH_MAX - 1)) < 0) {
-        return;
-    }
-
-    // null terminate and create String to store for command
-    exePath[ret] = '\0';
-    CHECK_NULL(str = JNU_NewStringPlatform(env, exePath));
-    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_commandID, str);
-    JNU_CHECK_EXCEPTION(env);
-}
-
--- a/src/java.base/unix/classes/sun/net/www/protocol/file/Handler.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/unix/classes/sun/net/www/protocol/file/Handler.java	Thu Aug 20 12:29:24 2015 -0700
@@ -116,8 +116,8 @@
      * Compares the host components of two URLs.
      * @param u1 the URL of the first host to compare
      * @param u2 the URL of the second host to compare
-     * @return  <tt>true</tt> if and only if they
-     * are equal, <tt>false</tt> otherwise.
+     * @return  {@code true} if and only if they
+     * are equal, {@code false} otherwise.
      */
     protected boolean hostsEqual(URL u1, URL u2) {
         /*
--- a/src/java.base/unix/native/libjava/ProcessHandleImpl_unix.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/unix/native/libjava/ProcessHandleImpl_unix.c	Thu Aug 20 12:29:24 2015 -0700
@@ -28,31 +28,87 @@
 #include "java_lang_ProcessHandleImpl.h"
 #include "java_lang_ProcessHandleImpl_Info.h"
 
+#include "ProcessHandleImpl_unix.h"
+
 
 #include <stdio.h>
-
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <string.h>
+#include <dirent.h>
+#include <ctype.h>
+#include <limits.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 
-#include <string.h>
-#include <dirent.h>
-#include <ctype.h>
+#ifdef _AIX
+#include <sys/procfs.h>
+#endif
+#ifdef __solaris__
+#include <procfs.h>
+#endif
 
 /**
- * Implementations of ProcessHandleImpl functions that are common to all
- * Unix variants:
- * - waitForProcessExit0(pid, reap)
- * - getCurrentPid0()
- * - destroy0(pid, force)
+ * This file contains the implementation of the native ProcessHandleImpl
+ * functions which are common to all Unix variants.
+ *
+ * The currently supported Unix variants are Solaris, Linux, MaxOS X and AIX.
+ * The various similarities and differences between these systems make it hard
+ * to find a clear boundary between platform specific and shared code.
+ *
+ * In order to ease code sharing between the platforms while still keeping the
+ * code as clean as possible (i.e. free of preprocessor macros) we use the
+ * following source code layout (remember that ProcessHandleImpl_unix.c will
+ * be compiled on EVERY Unix platform while ProcessHandleImpl_<os>.c will be
+ * only compiled on the specific OS):
+ *
+ * - all the JNI wrappers for the ProcessHandleImpl functions go into this file
+ * - if their implementation is common on ALL the supported Unix platforms it
+ *   goes right into the JNI wrappers
+ * - if the whole function or substantial parts of it are platform dependent,
+ *   the implementation goes into os_<function_name> functions in
+ *   ProcessHandleImpl_<os>.c
+ * - if at least two platforms implement an os_<function_name> function in the
+ *   same way, this implementation is factored out into unix_<function_name>,
+ *   placed into this file and called from the corresponding os_<function_name>
+ *   function.
+ * - For convenience, all the os_ and unix_ functions are declared in
+ *   ProcessHandleImpl_unix.h which is included into every
+ *   ProcessHandleImpl_<os>.c file.
+ *
+ * Example 1:
+ * ----------
+ * The implementation of Java_java_lang_ProcessHandleImpl_initNative()
+ * is the same on all platforms except on Linux where it initilizes one
+ * additional field. So we place the implementation right into
+ * Java_java_lang_ProcessHandleImpl_initNative() but add call to
+ * os_init() at the end of the function which is empty on all platforms
+ * except Linux where it performs the additionally initializations.
+ *
+ * Example 2:
+ * ----------
+ * The implementation of Java_java_lang_ProcessHandleImpl_00024Info_info0 is the
+ * same on Solaris and AIX but different on Linux and MacOSX. We therefore simply
+ * call the helpers os_getParentPidAndTimings() and os_getCmdlineAndUserInfo().
+ * The Linux and MaxOS X versions of these functions (in the corresponding files
+ * ProcessHandleImpl_linux.c and ProcessHandleImpl_macosx.c) directly contain
+ * the platform specific implementations while the Solaris and AIX
+ * implementations simply call back to unix_getParentPidAndTimings() and
+ * unix_getCmdlineAndUserInfo() which are implemented right in this file.
+ *
+ * The term "same implementation" is still a question of interpretation. It my
+ * be acceptable to have a few ifdef'ed lines if that allows the sharing of a
+ * huge function. On the other hand, if the platform specific code in a shared
+ * function grows over a certain limit, it may be better to refactor that
+ * functionality into corresponding, platform-specific os_ functions.
  */
 
+
 #ifndef WIFEXITED
 #define WIFEXITED(status) (((status)&0xFF) == 0)
 #endif
@@ -69,6 +125,19 @@
 #define WTERMSIG(status) ((status)&0x7F)
 #endif
 
+#ifdef __solaris__
+/* The child exited because of a signal.
+ * The best value to return is 0x80 + signal number,
+ * because that is what all Unix shells do, and because
+ * it allows callers to distinguish between process exit and
+ * process death by signal.
+ * Unfortunately, the historical behavior on Solaris is to return
+ * the signal number, and we preserve this for compatibility. */
+#define WTERMSIG_RETURN(status) WTERMSIG(status)
+#else
+#define WTERMSIG_RETURN(status) (WTERMSIG(status) + 0x80)
+#endif
+
 #define RESTARTABLE(_cmd, _result) do { \
   do { \
     _result = _cmd; \
@@ -81,21 +150,83 @@
   } while((_result == NULL) && (errno == EINTR)); \
 } while(0)
 
-#ifdef __solaris__
-    #define STAT_FILE "/proc/%d/status"
-#else
-    #define STAT_FILE "/proc/%d/stat"
-#endif
+
+/* Field id for jString 'command' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_commandID;
+
+/* Field id for jString 'commandLine' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_commandLineID;
+
+/* Field id for jString[] 'arguments' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_argumentsID;
+
+/* Field id for jlong 'totalTime' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_totalTimeID;
+
+/* Field id for jlong 'startTime' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_startTimeID;
+
+/* Field id for jString 'user' in java.lang.ProcessHandleImpl.Info */
+jfieldID ProcessHandleImpl_Info_userID;
+
+/* Size of password or group entry when not available via sysconf */
+#define ENT_BUF_SIZE   1024
+/* The value for the size of the buffer used by getpwuid_r(). The result of */
+/* sysconf(_SC_GETPW_R_SIZE_MAX) if available or ENT_BUF_SIZE otherwise. */
+static long getpw_buf_size;
+
+/**************************************************************
+ * Static method to initialize field IDs and the ticks per second rate.
+ *
+ * Class:     java_lang_ProcessHandleImpl_Info
+ * Method:    initIDs
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_lang_ProcessHandleImpl_00024Info_initIDs(JNIEnv *env, jclass clazz) {
+
+    CHECK_NULL(ProcessHandleImpl_Info_commandID =
+            (*env)->GetFieldID(env, clazz, "command", "Ljava/lang/String;"));
+    CHECK_NULL(ProcessHandleImpl_Info_commandLineID =
+            (*env)->GetFieldID(env, clazz, "commandLine", "Ljava/lang/String;"));
+    CHECK_NULL(ProcessHandleImpl_Info_argumentsID =
+            (*env)->GetFieldID(env, clazz, "arguments", "[Ljava/lang/String;"));
+    CHECK_NULL(ProcessHandleImpl_Info_totalTimeID =
+            (*env)->GetFieldID(env, clazz, "totalTime", "J"));
+    CHECK_NULL(ProcessHandleImpl_Info_startTimeID =
+            (*env)->GetFieldID(env, clazz, "startTime", "J"));
+    CHECK_NULL(ProcessHandleImpl_Info_userID =
+            (*env)->GetFieldID(env, clazz, "user", "Ljava/lang/String;"));
+}
+
+/***********************************************************
+ * Static method to initialize platform dependent constants.
+ *
+ * Class:     java_lang_ProcessHandleImpl
+ * Method:    initNative
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_java_lang_ProcessHandleImpl_initNative(JNIEnv *env, jclass clazz) {
+    getpw_buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+    if (getpw_buf_size == -1) {
+        getpw_buf_size = ENT_BUF_SIZE;
+    }
+    os_initNative(env, clazz);
+}
 
 /* Block until a child process exits and return its exit code.
  * Note, can only be called once for any given pid if reapStatus = true.
+ *
+ * Class:     java_lang_ProcessHandleImpl
+ * Method:    waitForProcessExit0
+ * Signature: (JZ)I
  */
 JNIEXPORT jint JNICALL
 Java_java_lang_ProcessHandleImpl_waitForProcessExit0(JNIEnv* env,
                                                      jclass junk,
                                                      jlong jpid,
-                                                     jboolean reapStatus)
-{
+                                                     jboolean reapStatus) {
     pid_t pid = (pid_t)jpid;
     errno = 0;
 
@@ -117,18 +248,7 @@
         if (WIFEXITED(status)) {
             return WEXITSTATUS(status);
         } else if (WIFSIGNALED(status)) {
-            /* The child exited because of a signal.
-             * The best value to return is 0x80 + signal number,
-             * because that is what all Unix shells do, and because
-             * it allows callers to distinguish between process exit and
-             * process death by signal.
-             * Unfortunately, the historical behavior on Solaris is to return
-             * the signal number, and we preserve this for compatibility. */
-#ifdef __solaris__
-            return WTERMSIG(status);
-#else
-            return 0x80 + WTERMSIG(status);
-#endif
+            return WTERMSIG_RETURN(status);
         } else {
             return status;
         }
@@ -156,18 +276,7 @@
               */
              return siginfo.si_status;
         } else if (siginfo.si_code == CLD_KILLED || siginfo.si_code == CLD_DUMPED) {
-             /* The child exited because of a signal.
-              * The best value to return is 0x80 + signal number,
-              * because that is what all Unix shells do, and because
-              * it allows callers to distinguish between process exit and
-              * process death by signal.
-              * Unfortunately, the historical behavior on Solaris is to return
-              * the signal number, and we preserve this for compatibility. */
- #ifdef __solaris__
-             return WTERMSIG(siginfo.si_status);
- #else
-             return 0x80 + WTERMSIG(siginfo.si_status);
- #endif
+             return WTERMSIG_RETURN(siginfo.si_status);
         } else {
              /*
               * Unknown exit code; pass it through.
@@ -191,7 +300,7 @@
 /*
  * Class:     java_lang_ProcessHandleImpl
  * Method:    destroy0
- * Signature: (Z)Z
+ * Signature: (JJZ)Z
  */
 JNIEXPORT jboolean JNICALL
 Java_java_lang_ProcessHandleImpl_destroy0(JNIEnv *env,
@@ -210,119 +319,52 @@
     }
 }
 
-/**
- * Size of password or group entry when not available via sysconf
+/*
+ * Returns the children of the requested pid and optionally each parent and
+ * start time.
+ * Accumulates any process who parent pid matches.
+ * The resulting pids are stored into the array of longs.
+ * The number of pids is returned if they all fit.
+ * If the array is too short, the negative of the desired length is returned.
+ * Class:     java_lang_ProcessHandleImpl
+ * Method:    getProcessPids0
+ * Signature: (J[J[J[J)I
  */
-#define ENT_BUF_SIZE   1024
-
-/**
- * Return a strong username for the uid_t or null.
- */
-jstring uidToUser(JNIEnv* env, uid_t uid) {
-    int result = 0;
-    int buflen;
-    char* pwbuf;
-    jstring name = NULL;
-
-    /* allocate buffer for password record */
-    buflen = (int)sysconf(_SC_GETPW_R_SIZE_MAX);
-    if (buflen == -1)
-        buflen = ENT_BUF_SIZE;
-    pwbuf = (char*)malloc(buflen);
-    if (pwbuf == NULL) {
-        JNU_ThrowOutOfMemoryError(env, "Unable to open getpwent");
-    } else {
-        struct passwd pwent;
-        struct passwd* p = NULL;
-
-#ifdef __solaris__
-        RESTARTABLE_RETURN_PTR(getpwuid_r(uid, &pwent, pwbuf, (size_t)buflen), p);
-#else
-        RESTARTABLE(getpwuid_r(uid, &pwent, pwbuf, (size_t)buflen, &p), result);
-#endif
-
-        // Return the Java String if a name was found
-        if (result == 0 && p != NULL &&
-            p->pw_name != NULL && *(p->pw_name) != '\0') {
-            name = JNU_NewStringPlatform(env, p->pw_name);
-        }
-        free(pwbuf);
-    }
-    return name;
+JNIEXPORT jint JNICALL
+Java_java_lang_ProcessHandleImpl_getProcessPids0(JNIEnv *env,
+                                                 jclass clazz,
+                                                 jlong jpid,
+                                                 jlongArray jarray,
+                                                 jlongArray jparentArray,
+                                                 jlongArray jstimesArray) {
+    return os_getChildren(env, jpid, jarray, jparentArray, jstimesArray);
 }
 
-/**
- * Implementations of ProcessHandleImpl functions that are common to
- * (some) Unix variants:
- * - getProcessPids0(pid, pidArray, parentArray)
- */
-
-#if defined(__linux__) || defined(__AIX__)
-
 /*
- * Signatures for internal OS specific functions.
- */
-static pid_t getStatInfo(JNIEnv *env, pid_t pid,
-                                     jlong *totalTime, jlong* startTime);
-static void getCmdlineInfo(JNIEnv *env, pid_t pid, jobject jinfo);
-static long long getBoottime(JNIEnv *env);
-
-jstring uidToUser(JNIEnv* env, uid_t uid);
-
-/* Field id for jString 'command' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_commandID;
-
-/* Field id for jString[] 'arguments' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_argumentsID;
-
-/* Field id for jlong 'totalTime' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_totalTimeID;
-
-/* Field id for jlong 'startTime' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_startTimeID;
-
-/* Field id for jString 'user' in java.lang.ProcessHandleImpl.Info */
-static jfieldID ProcessHandleImpl_Info_userID;
-
-/* static value for clock ticks per second. */
-static long clock_ticks_per_second;
-
-/* A static offset in milliseconds since boot. */
-static long long bootTime_ms;
-
-/**************************************************************
- * Static method to initialize field IDs and the ticks per second rate.
+ * Fill in the Info object from the OS information about the process.
  *
  * Class:     java_lang_ProcessHandleImpl_Info
- * Method:    initIDs
- * Signature: ()V
+ * Method:    info0
+ * Signature: (Ljava/lang/ProcessHandle/Info;J)I
  */
 JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_initIDs(JNIEnv *env, jclass clazz) {
+Java_java_lang_ProcessHandleImpl_00024Info_info0(JNIEnv *env,
+                                                 jobject jinfo,
+                                                 jlong jpid) {
+    pid_t pid = (pid_t) jpid;
+    pid_t ppid;
+    jlong totalTime = -1L;
+    jlong startTime = -1L;
 
-    CHECK_NULL(ProcessHandleImpl_Info_commandID = (*env)->GetFieldID(env,
-        clazz, "command", "Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_argumentsID = (*env)->GetFieldID(env,
-        clazz, "arguments", "[Ljava/lang/String;"));
-    CHECK_NULL(ProcessHandleImpl_Info_totalTimeID = (*env)->GetFieldID(env,
-        clazz, "totalTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_startTimeID = (*env)->GetFieldID(env,
-        clazz, "startTime", "J"));
-    CHECK_NULL(ProcessHandleImpl_Info_userID = (*env)->GetFieldID(env,
-        clazz, "user", "Ljava/lang/String;"));
-}
+    ppid = os_getParentPidAndTimings(env, pid,  &totalTime, &startTime);
+    if (ppid >= 0) {
+        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_totalTimeID, totalTime);
+        JNU_CHECK_EXCEPTION(env);
 
-/**************************************************************
- * Static method to initialize the ticks per second rate.
- *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    initNative
- * Signature: ()V
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_initNative(JNIEnv *env, jclass clazz) {
-    clock_ticks_per_second = sysconf(_SC_CLK_TCK);
-    bootTime_ms = getBoottime(env);
+        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_startTimeID, startTime);
+        JNU_CHECK_EXCEPTION(env);
+    }
+    os_getCmdlineAndUserInfo(env, jinfo, pid);
 }
 
 /*
@@ -340,8 +382,8 @@
     pid_t pid = (pid_t) jpid;
     jlong startTime = 0L;
     jlong totalTime = 0L;
-    pid_t ppid = getStatInfo(env, pid, &totalTime, &startTime);
-    return (ppid <= 0) ? -1 : startTime;
+    pid_t ppid = os_getParentPidAndTimings(env, pid, &totalTime, &startTime);
+    return (ppid < 0) ? -1 : startTime;
 }
 
 /*
@@ -350,7 +392,7 @@
  *
  * Class:     java_lang_ProcessHandleImpl
  * Method:    parent0
- * Signature: (J)J
+ * Signature: (JJ)J
  */
 JNIEXPORT jlong JNICALL
 Java_java_lang_ProcessHandleImpl_parent0(JNIEnv *env,
@@ -360,13 +402,12 @@
     pid_t pid = (pid_t) jpid;
     pid_t ppid;
 
-    pid_t mypid = getpid();
-    if (pid == mypid) {
+    if (pid == getpid()) {
         ppid = getppid();
     } else {
-        jlong start = 0L;;
+        jlong start = 0L;
         jlong total = 0L;        // unused
-        ppid = getStatInfo(env, pid, &total, &start);
+        ppid = os_getParentPidAndTimings(env, pid, &total, &start);
         if (start != startTime && start != 0 && startTime != 0) {
             ppid = -1;
         }
@@ -374,24 +415,94 @@
     return (jlong) ppid;
 }
 
+/**
+ * Construct the argument array by parsing the arguments from the sequence
+ * of arguments.
+ */
+void unix_fillArgArray(JNIEnv *env, jobject jinfo, int nargs, char *cp,
+                       char *argsEnd, jstring cmdexe, char *cmdline) {
+    jobject argsArray;
+    int i;
+
+    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_commandID, cmdexe);
+    JNU_CHECK_EXCEPTION(env);
+
+    if (nargs >= 1) {
+        // Create a String array for nargs-1 elements
+        argsArray = (*env)->NewObjectArray(env, nargs - 1, JNU_ClassString(env), NULL);
+        CHECK_NULL(argsArray);
+
+        for (i = 0; i < nargs - 1; i++) {
+            jstring str = NULL;
+
+            cp += strlen(cp) + 1;
+            if (cp > argsEnd || *cp == '\0') {
+                return;  // Off the end pointer or an empty argument is an error
+            }
+
+            CHECK_NULL((str = JNU_NewStringPlatform(env, cp)));
+
+            (*env)->SetObjectArrayElement(env, argsArray, i, str);
+            JNU_CHECK_EXCEPTION(env);
+        }
+        (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_argumentsID, argsArray);
+        JNU_CHECK_EXCEPTION(env);
+    }
+    if (cmdline != NULL) {
+        jstring commandLine = NULL;
+        CHECK_NULL((commandLine = JNU_NewStringPlatform(env, cmdline)));
+        (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_commandLineID, commandLine);
+        JNU_CHECK_EXCEPTION(env);
+    }
+}
+
+void unix_getUserInfo(JNIEnv* env, jobject jinfo, uid_t uid) {
+    int result = 0;
+    char* pwbuf;
+    jstring name = NULL;
+
+    /* allocate buffer for password record */
+    pwbuf = (char*)malloc(getpw_buf_size);
+    if (pwbuf == NULL) {
+        JNU_ThrowOutOfMemoryError(env, "Unable to open getpwent");
+    } else {
+        struct passwd pwent;
+        struct passwd* p = NULL;
+
+#ifdef __solaris__
+        RESTARTABLE_RETURN_PTR(getpwuid_r(uid, &pwent, pwbuf, (size_t)getpw_buf_size), p);
+#else
+        RESTARTABLE(getpwuid_r(uid, &pwent, pwbuf, (size_t)getpw_buf_size, &p), result);
+#endif
+
+        // Create the Java String if a name was found
+        if (result == 0 && p != NULL &&
+            p->pw_name != NULL && *(p->pw_name) != '\0') {
+            name = JNU_NewStringPlatform(env, p->pw_name);
+        }
+        free(pwbuf);
+    }
+    if (name != NULL) {
+        (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_userID, name);
+    }
+}
+
 /*
- * Returns the children of the requested pid and optionally each parent.
+ * The following functions are common on Solaris, Linux and AIX.
+ */
+
+#if defined(__solaris__) || defined (__linux__) || defined(_AIX)
+
+/*
+ * Returns the children of the requested pid and optionally each parent and
+ * start time.
  * Reads /proc and accumulates any process who parent pid matches.
  * The resulting pids are stored into the array of longs.
  * The number of pids is returned if they all fit.
- * If the array is too short, the negative of the desired length is returned. *
- * Class:     java_lang_ProcessHandleImpl
- * Method:    getChildPids
- * Signature: (J[J[J)I
+ * If the array is too short, the negative of the desired length is returned.
  */
-JNIEXPORT jint JNICALL
-Java_java_lang_ProcessHandleImpl_getProcessPids0(JNIEnv *env,
-                                                 jclass clazz,
-                                                 jlong jpid,
-                                                 jlongArray jarray,
-                                                 jlongArray jparentArray,
-                                                 jlongArray jstimesArray) {
-
+jint unix_getChildren(JNIEnv *env, jlong jpid, jlongArray jarray,
+                      jlongArray jparentArray, jlongArray jstimesArray) {
     DIR* dir;
     struct dirent* ptr;
     pid_t pid = (pid_t) jpid;
@@ -462,9 +573,10 @@
             if ((int) childpid <= 0) {
                 continue;
             }
-            // Read /proc/pid/stat and get the parent pid, and start time
-            ppid = getStatInfo(env, childpid, &totalTime, &startTime);
-            if (ppid > 0 && (pid == 0 || ppid == pid)) {
+
+            // Get the parent pid, and start time
+            ppid = os_getParentPidAndTimings(env, childpid, &totalTime, &startTime);
+            if (ppid >= 0 && (pid == 0 || ppid == pid)) {
                 if (count < arraySize) {
                     // Only store if it fits
                     pids[count] = (jlong) childpid;
@@ -498,293 +610,110 @@
     return count;
 }
 
+#endif // defined(__solaris__) || defined (__linux__) || defined(_AIX)
 
-/**************************************************************
- * Implementation of ProcessHandleImpl_Info native methods.
+/*
+ * The following functions are common on Solaris and AIX.
  */
 
-/*
- * Fill in the Info object from the OS information about the process.
- *
- * Class:     java_lang_ProcessHandleImpl_Info
- * Method:    info0
- * Signature: (JLjava/lang/ProcessHandle/Info;)I
- */
-JNIEXPORT void JNICALL
-Java_java_lang_ProcessHandleImpl_00024Info_info0(JNIEnv *env,
-                                                 jobject jinfo,
-                                                 jlong jpid) {
-    pid_t pid = (pid_t) jpid;
-    pid_t ppid;
-    jlong totalTime = 0L;
-    jlong startTime = -1L;
-
-    ppid = getStatInfo(env, pid,  &totalTime, &startTime);
-    if (ppid > 0) {
-        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_totalTimeID, totalTime);
-        JNU_CHECK_EXCEPTION(env);
-
-        (*env)->SetLongField(env, jinfo, ProcessHandleImpl_Info_startTimeID, startTime);
-        JNU_CHECK_EXCEPTION(env);
-
-        getCmdlineInfo(env, pid, jinfo);
-    }
-}
+#if defined(__solaris__) || defined(_AIX)
 
 /**
- * Read /proc/<pid>/stat and return the ppid, total cputime and start time.
- * -1 is fail;  zero is unknown; >  0 is parent pid
+ * Helper function to get the 'psinfo_t' data from "/proc/%d/psinfo".
+ * Returns 0 on success and -1 on error.
  */
-static pid_t getStatInfo(JNIEnv *env, pid_t pid,
-                                     jlong *totalTime, jlong* startTime) {
+static int getPsinfo(pid_t pid, psinfo_t *psinfo) {
     FILE* fp;
-    char buffer[2048];
-    int statlen;
     char fn[32];
-    char* s;
-    int parentPid;
-    long unsigned int utime = 0;      // clock tics
-    long unsigned int stime = 0;      // clock tics
-    long long unsigned int start = 0; // microseconds
+    int ret;
 
     /*
-     * Try to stat and then open /proc/%d/stat
+     * Try to open /proc/%d/psinfo
      */
-    snprintf(fn, sizeof fn, STAT_FILE, pid);
-
+    snprintf(fn, sizeof fn, "/proc/%d/psinfo", pid);
     fp = fopen(fn, "r");
     if (fp == NULL) {
-        return -1;              // fail, no such /proc/pid/stat
-    }
-
-    /*
-     * The format is: pid (command) state ppid ...
-     * As the command could be anything we must find the right most
-     * ")" and then skip the white spaces that follow it.
-     */
-    statlen = fread(buffer, 1, (sizeof buffer - 1), fp);
-    fclose(fp);
-    if (statlen < 0) {
-        return 0;               // parent pid is not available
-    }
-
-    buffer[statlen] = '\0';
-    s = strchr(buffer, '(');
-    if (s == NULL) {
-        return 0;               // parent pid is not available
-    }
-    // Found start of command, skip to end
-    s++;
-    s = strrchr(s, ')');
-    if (s == NULL) {
-        return 0;               // parent pid is not available
-    }
-    s++;
-
-    // Scan the needed fields from status, retaining only ppid(4),
-    // utime (14), stime(15), starttime(22)
-    if (4 != sscanf(s, " %*c %d %*d %*d %*d %*d %*d %*u %*u %*u %*u %lu %lu %*d %*d %*d %*d %*d %*d %llu",
-            &parentPid, &utime, &stime, &start)) {
-        return 0;              // not all values parsed; return error
-    }
-
-    *totalTime = (utime + stime) * (jlong)(1000000000 / clock_ticks_per_second);
-
-    *startTime = bootTime_ms + ((start * 1000) / clock_ticks_per_second);
-
-    return parentPid;
-}
-
-/**
- * Construct the argument array by parsing the arguments from the sequence
- * of arguments. The zero'th arg is the command executable
- */
-static int fillArgArray(JNIEnv *env, jobject jinfo,
-                        int nargs, char *cp, char *argsEnd, jstring cmdexe) {
-    jobject argsArray;
-    int i;
-
-    if (nargs < 1) {
-        return 0;
-    }
-
-    if (cmdexe == NULL) {
-        // Create a string from arg[0]
-        CHECK_NULL_RETURN((cmdexe = JNU_NewStringPlatform(env, cp)), -1);
-    }
-    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_commandID, cmdexe);
-    JNU_CHECK_EXCEPTION_RETURN(env, -3);
-
-    // Create a String array for nargs-1 elements
-    argsArray = (*env)->NewObjectArray(env, nargs - 1, JNU_ClassString(env), NULL);
-    CHECK_NULL_RETURN(argsArray, -1);
-
-    for (i = 0; i < nargs - 1; i++) {
-        jstring str = NULL;
-
-        cp += strnlen(cp, (argsEnd - cp)) + 1;
-        if (cp > argsEnd || *cp == '\0') {
-            return -2;  // Off the end pointer or an empty argument is an error
-        }
-
-        CHECK_NULL_RETURN((str = JNU_NewStringPlatform(env, cp)), -1);
-
-        (*env)->SetObjectArrayElement(env, argsArray, i, str);
-        JNU_CHECK_EXCEPTION_RETURN(env, -3);
-    }
-    (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_argumentsID, argsArray);
-    JNU_CHECK_EXCEPTION_RETURN(env, -4);
-    return 0;
-}
-
-
-static void getCmdlineInfo(JNIEnv *env, pid_t pid, jobject jinfo) {
-    int fd;
-    int cmdlen = 0;
-    char *cmdline = NULL, *cmdEnd;  // used for command line args and exe
-    jstring cmdexe = NULL;
-    char fn[32];
-    struct stat stat_buf;
-
-    /*
-     * Try to open /proc/%d/cmdline
-     */
-    snprintf(fn, sizeof fn, "/proc/%d/cmdline", pid);
-    if ((fd = open(fn, O_RDONLY)) < 0) {
-        return;
-    }
-
-    do {                // Block to break out of on errors
-        int i;
-        char *s;
-
-        cmdline = (char*)malloc(PATH_MAX);
-        if (cmdline == NULL) {
-            break;
-        }
-
-        /*
-         * The path to the executable command is the link in /proc/<pid>/exe.
-         */
-        snprintf(fn, sizeof fn, "/proc/%d/exe", pid);
-        if ((cmdlen = readlink(fn, cmdline, PATH_MAX - 1)) > 0) {
-            // null terminate and create String to store for command
-            cmdline[cmdlen] = '\0';
-            cmdexe = JNU_NewStringPlatform(env, cmdline);
-            (*env)->ExceptionClear(env);        // unconditionally clear any exception
-        }
-
-        /*
-         * The buffer format is the arguments nul terminated with an extra nul.
-         */
-        cmdlen = read(fd, cmdline, PATH_MAX-1);
-        if (cmdlen < 0) {
-            break;
-        }
-
-        // Terminate the buffer and count the arguments
-        cmdline[cmdlen] = '\0';
-        cmdEnd = &cmdline[cmdlen + 1];
-        for (s = cmdline,i = 0; *s != '\0' && (s < cmdEnd); i++) {
-            s += strnlen(s, (cmdEnd - s)) + 1;
-        }
-
-        if (fillArgArray(env, jinfo, i, cmdline, cmdEnd, cmdexe) < 0) {
-            break;
-        }
-
-        // Get and store the user name
-        if (fstat(fd, &stat_buf) == 0) {
-            jstring name = uidToUser(env, stat_buf.st_uid);
-            if (name != NULL) {
-                (*env)->SetObjectField(env, jinfo, ProcessHandleImpl_Info_userID, name);
-            }
-        }
-    } while (0);
-
-    if (cmdline != NULL) {
-        free(cmdline);
-    }
-    if (fd >= 0) {
-        close(fd);
-    }
-}
-
-/**
- * Read the boottime from /proc/stat.
- */
-static long long getBoottime(JNIEnv *env) {
-    FILE *fp;
-    char *line = NULL;
-    size_t len = 0;
-    long long bootTime = 0;
-
-    fp = fopen("/proc/stat", "r");
-    if (fp == NULL) {
         return -1;
     }
 
-    while (getline(&line, &len, fp) != -1) {
-        if (sscanf(line, "btime %llu", &bootTime) == 1) {
-            break;
-        }
+    ret = fread(psinfo, 1, sizeof(psinfo_t), fp);
+    fclose(fp);
+    if (ret < sizeof(psinfo_t)) {
+        return -1;
     }
-    free(line);
+    return 0;
+}
 
-    if (fp != 0) {
-        fclose(fp);
+/**
+ * Read /proc/<pid>/psinfo and return the ppid, total cputime and start time.
+ * Return: -1 is fail;  >=  0 is parent pid
+ * 'total' will contain the running time of 'pid' in nanoseconds.
+ * 'start' will contain the start time of 'pid' in milliseconds since epoch.
+ */
+pid_t unix_getParentPidAndTimings(JNIEnv *env, pid_t pid,
+                                  jlong *totalTime, jlong* startTime) {
+    psinfo_t psinfo;
+
+    if (getPsinfo(pid, &psinfo) < 0) {
+        return -1;
     }
 
-    return bootTime * 1000;
+    *totalTime = psinfo.pr_time.tv_sec * 1000000000L + psinfo.pr_time.tv_nsec;
+
+    *startTime = psinfo.pr_start.tv_sec * (jlong)1000 +
+                 psinfo.pr_start.tv_nsec / 1000000;
+
+    return (pid_t) psinfo.pr_ppid;
 }
 
-#endif  //  defined(__linux__) || defined(__AIX__)
+void unix_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid) {
+    psinfo_t psinfo;
+    char fn[32];
+    char exePath[PATH_MAX];
+    char prargs[PRARGSZ + 1];
+    jstring cmdexe = NULL;
+    int ret;
 
+    /*
+     * On Solaris, the full path to the executable command is the link in
+     * /proc/<pid>/paths/a.out. But it is only readable for processes we own.
+     */
+#if defined(__solaris__)
+    snprintf(fn, sizeof fn, "/proc/%d/path/a.out", pid);
+    if ((ret = readlink(fn, exePath, PATH_MAX - 1)) > 0) {
+        // null terminate and create String to store for command
+        exePath[ret] = '\0';
+        CHECK_NULL(cmdexe = JNU_NewStringPlatform(env, exePath));
+    }
+#endif
 
-/* Block until a child process exits and return its exit code.
-   Note, can only be called once for any given pid. */
-JNIEXPORT jint JNICALL
-Java_java_lang_ProcessImpl_waitForProcessExit(JNIEnv* env,
-                                              jobject junk,
-                                              jint pid)
-{
-    /* We used to use waitid() on Solaris, waitpid() on Linux, but
-     * waitpid() is more standard, so use it on all POSIX platforms. */
-    int status;
-    /* Wait for the child process to exit.  This returns immediately if
-       the child has already exited. */
-    while (waitpid(pid, &status, 0) < 0) {
-        switch (errno) {
-        case ECHILD: return 0;
-        case EINTR: break;
-        default: return -1;
-        }
+    /*
+     * Now try to open /proc/%d/psinfo
+     */
+    if (getPsinfo(pid, &psinfo) < 0) {
+        unix_fillArgArray(env, jinfo, 0, NULL, NULL, cmdexe, NULL);
+        return;
     }
 
-    if (WIFEXITED(status)) {
-        /*
-         * The child exited normally; get its exit code.
+    unix_getUserInfo(env, jinfo, psinfo.pr_uid);
+
+    /*
+     * Now read psinfo.pr_psargs which contains the first PRARGSZ characters of the
+     * argument list (i.e. arg[0] arg[1] ...). Unfortunately, PRARGSZ is usually set
+     * to 80 characters only. Nevertheless it's better than nothing :)
+     */
+    strncpy(prargs, psinfo.pr_psargs, PRARGSZ);
+    prargs[PRARGSZ] = '\0';
+    if (prargs[0] == '\0') {
+        /* If psinfo.pr_psargs didn't contain any strings, use psinfo.pr_fname
+         * (which only contains the last component of exec()ed pathname) as a
+         * last resort. This is true for AIX kernel processes for example.
          */
-        return WEXITSTATUS(status);
-    } else if (WIFSIGNALED(status)) {
-        /* The child exited because of a signal.
-         * The best value to return is 0x80 + signal number,
-         * because that is what all Unix shells do, and because
-         * it allows callers to distinguish between process exit and
-         * process death by signal.
-         * Unfortunately, the historical behavior on Solaris is to return
-         * the signal number, and we preserve this for compatibility. */
-#ifdef __solaris__
-        return WTERMSIG(status);
-#else
-        return 0x80 + WTERMSIG(status);
-#endif
-    } else {
-        /*
-         * Unknown exit code; pass it through.
-         */
-        return status;
+        strncpy(prargs, psinfo.pr_fname, PRARGSZ);
+        prargs[PRARGSZ] = '\0';
     }
+    unix_fillArgArray(env, jinfo, 0, NULL, NULL, cmdexe,
+                      prargs[0] == '\0' ? NULL : prargs);
 }
 
-
+#endif // defined(__solaris__) || defined(_AIX)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/unix/native/libjava/ProcessHandleImpl_unix.h	Thu Aug 20 12:29:24 2015 -0700
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <sys/types.h>
+
+/*
+ * Declaration of ProcessHandleImpl functions common on all Unix platforms.
+ * 'unix_' functions have a single implementation in ProcessHandleImpl_unix.c
+ * 'os_' prefixed functions have different, os-specific implementations in the
+ * various ProcessHandleImpl_{linux,macosx,solaris,aix}.c files.
+ * See ProcessHandleImpl_unix.c for more details.
+ */
+
+/* Field id for jString 'command' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_commandID;
+
+/* Field id for jString 'commandLine' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_commandLineID;
+
+/* Field id for jString[] 'arguments' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_argumentsID;
+
+/* Field id for jlong 'totalTime' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_totalTimeID;
+
+/* Field id for jlong 'startTime' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_startTimeID;
+
+/* Field id for jString 'user' in java.lang.ProcessHandleImpl.Info */
+extern jfieldID ProcessHandleImpl_Info_userID;
+
+/**
+ * Return: -1 is fail;  >=  0 is parent pid
+ * 'total' will contain the running time of 'pid' in nanoseconds.
+ * 'start' will contain the start time of 'pid' in milliseconds since epoch.
+ */
+extern pid_t unix_getParentPidAndTimings(JNIEnv *env, pid_t pid,
+                                         jlong *total, jlong *start);
+extern pid_t os_getParentPidAndTimings(JNIEnv *env, pid_t pid,
+                                       jlong *total, jlong *start);
+
+extern void unix_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid);
+extern void os_getCmdlineAndUserInfo(JNIEnv *env, jobject jinfo, pid_t pid);
+
+extern jint unix_getChildren(JNIEnv *env, jlong jpid, jlongArray array,
+                             jlongArray jparentArray, jlongArray jstimesArray);
+extern jint os_getChildren(JNIEnv *env, jlong jpid, jlongArray array,
+                           jlongArray jparentArray, jlongArray jstimesArray);
+
+extern void unix_getUserInfo(JNIEnv* env, jobject jinfo, uid_t uid);
+extern void unix_fillArgArray(JNIEnv *env, jobject jinfo, int nargs, char *cp,
+                              char *argsEnd, jstring cmdexe, char *cmdline);
+
+extern void os_initNative(JNIEnv *env, jclass clazz);
--- a/src/java.base/unix/native/libnio/ch/IOUtil.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/unix/native/libnio/ch/IOUtil.c	Thu Aug 20 12:29:24 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -129,7 +129,8 @@
         JNU_ThrowIOExceptionWithLastError(env, "getrlimit failed");
         return -1;
     }
-    if (rlp.rlim_max < 0 || rlp.rlim_max > java_lang_Integer_MAX_VALUE) {
+    if (rlp.rlim_max == RLIM_INFINITY ||
+        rlp.rlim_max > (rlim_t)java_lang_Integer_MAX_VALUE) {
         return java_lang_Integer_MAX_VALUE;
     } else {
         return (jint)rlp.rlim_max;
--- a/src/java.base/windows/classes/sun/io/Win32ErrorMode.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/windows/classes/sun/io/Win32ErrorMode.java	Thu Aug 20 12:29:24 2015 -0700
@@ -59,8 +59,8 @@
      * Invoke at VM initialization time to disable the critical error message box.
      * <p>
      * The critial error message box is disabled unless the system property
-     * <tt>sun.io.allowCriticalErrorMessageBox</tt> is set to something other than
-     * <code>false</code>. This includes the empty string.
+     * {@code sun.io.allowCriticalErrorMessageBox} is set to something other than
+     * {@code false}. This includes the empty string.
      * <p>
      * This method does nothing if invoked after VM and class library initialization
      * has completed.
--- a/src/java.base/windows/classes/sun/net/www/protocol/file/Handler.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/windows/classes/sun/net/www/protocol/file/Handler.java	Thu Aug 20 12:29:24 2015 -0700
@@ -134,8 +134,8 @@
      * Compares the host components of two URLs.
      * @param u1 the URL of the first host to compare
      * @param u2 the URL of the second host to compare
-     * @return  <tt>true</tt> if and only if they
-     * are equal, <tt>false</tt> otherwise.
+     * @return  {@code true} if and only if they
+     * are equal, {@code false} otherwise.
      */
     protected boolean hostsEqual(URL u1, URL u2) {
         /*
--- a/src/java.base/windows/native/libjava/ProcessHandleImpl_win.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/windows/native/libjava/ProcessHandleImpl_win.c	Thu Aug 20 12:29:24 2015 -0700
@@ -45,6 +45,9 @@
 /* Field id for jString 'command' in java.lang.ProcessHandle.Info */
 static jfieldID ProcessHandleImpl_Info_commandID;
 
+/* Field id for jString 'commandLine' in java.lang.ProcessHandleImpl.Info */
+static jfieldID ProcessHandleImpl_Info_commandLineID;
+
 /* Field id for jString[] 'arguments' in java.lang.ProcessHandle.Info */
 static jfieldID ProcessHandleImpl_Info_argumentsID;
 
@@ -69,6 +72,8 @@
 
     CHECK_NULL(ProcessHandleImpl_Info_commandID = (*env)->GetFieldID(env,
         clazz, "command", "Ljava/lang/String;"));
+    CHECK_NULL(ProcessHandleImpl_Info_commandLineID = (*env)->GetFieldID(env,
+        clazz, "commandLine", "Ljava/lang/String;"));
     CHECK_NULL(ProcessHandleImpl_Info_argumentsID = (*env)->GetFieldID(env,
         clazz, "arguments", "[Ljava/lang/String;"));
     CHECK_NULL(ProcessHandleImpl_Info_totalTimeID = (*env)->GetFieldID(env,
--- a/src/java.base/windows/native/libnio/ch/Iocp.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/windows/native/libnio/ch/Iocp.c	Thu Aug 20 12:29:24 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,16 +57,6 @@
     CHECK_NULL(completionStatus_overlapped);
 }
 
-JNIEXPORT jint JNICALL
-Java_sun_nio_ch_Iocp_osMajorVersion(JNIEnv* env, jclass this)
-{
-    OSVERSIONINFOEX ver;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx((OSVERSIONINFO *) &ver);
-    return (ver.dwPlatformId == VER_PLATFORM_WIN32_NT) ?
-        (jint)(ver.dwMajorVersion) : (jint)0;
-}
-
 JNIEXPORT jlong JNICALL
 Java_sun_nio_ch_Iocp_createIoCompletionPort(JNIEnv* env, jclass this,
     jlong handle, jlong existingPort, jint completionKey, jint concurrency)
--- a/src/java.base/windows/native/libnio/ch/Net.c	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.base/windows/native/libnio/ch/Net.c	Thu Aug 20 12:29:24 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,28 +88,14 @@
 Java_sun_nio_ch_Net_isIPv6Available0(JNIEnv* env, jclass cl)
 {
     /*
-     * Return true if Windows Vista or newer, and IPv6 is configured
+     * Return true if IPv6 is configured
      */
-    OSVERSIONINFO ver;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx(&ver);
-    if ((ver.dwPlatformId == VER_PLATFORM_WIN32_NT) &&
-        (ver.dwMajorVersion >= 6)  && ipv6_available())
-    {
-        return JNI_TRUE;
-    }
-    return JNI_FALSE;
+    return ipv6_available() ? JNI_TRUE : JNI_FALSE;
 }
 
 JNIEXPORT jint JNICALL
 Java_sun_nio_ch_Net_isExclusiveBindAvailable(JNIEnv *env, jclass clazz) {
-    OSVERSIONINFO ver;
-    int version;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx(&ver);
-    version = ver.dwMajorVersion * 10 + ver.dwMinorVersion;
-    //if os <= xp exclusive binding is off by default
-    return version >= 60 ? 1 : 0;
+    return 1;
 }
 
 
@@ -567,7 +553,7 @@
     fd_set rd, wr, ex;
     jint fd = fdval(env, fdo);
 
-    t.tv_sec = timeout / 1000;
+    t.tv_sec = (long)(timeout / 1000);
     t.tv_usec = (timeout % 1000) * 1000;
 
     FD_ZERO(&rd);
--- a/src/java.corba/share/classes/com/sun/jndi/cosnaming/RemoteToCorba.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.corba/share/classes/com/sun/jndi/cosnaming/RemoteToCorba.java	Thu Aug 20 12:29:24 2015 -0700
@@ -56,7 +56,7 @@
      * @param name Ignored
      * @param ctx The non-null CNCtx whose ORB to use.
      * @param env Ignored
-     * @return The CORBA object for <tt>orig</tt> or null.
+     * @return The CORBA object for {@code orig} or null.
      * @exception ConfigurationException If the CORBA object cannot be obtained
      *    due to configuration problems, for instance, if RMI-IIOP not available.
      * @exception NamingException If some other problem prevented a CORBA
--- a/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.corba/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Thu Aug 20 12:29:24 2015 -0700
@@ -76,7 +76,7 @@
       *
       * @param remoteObj The non-null remote object for
       * @param orb       The non-null ORB to connect the remote object to
-      * @return The CORBA Object for remoteObj; null if <tt>remoteObj</tt>
+      * @return The CORBA Object for remoteObj; null if {@code remoteObj}
       *                 is a JRMP implementation or JRMP stub.
       * @exception ConfigurationException The CORBA Object cannot be obtained
       *         because of configuration problems.
--- a/src/java.management/share/classes/javax/management/InstanceOfQueryExp.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.management/share/classes/javax/management/InstanceOfQueryExp.java	Thu Aug 20 12:29:24 2015 -0700
@@ -65,7 +65,7 @@
 
     /**
      * Returns the class name.
-     * @returns The {@link StringValueExp} returning the name of
+     * @return The {@link StringValueExp} returning the name of
      *        the class of which selected MBeans should be instances.
      */
     public StringValueExp getClassNameValue()  {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java	Thu Aug 20 12:29:24 2015 -0700
@@ -909,7 +909,7 @@
      * @param dn The non-null DN of the entry to add
      * @param attrs The non-null attributes of entry to add
      * @param directUpdate Whether attrs can be updated directly
-     * @returns Non-null attributes with attributes from the RDN added
+     * @return Non-null attributes with attributes from the RDN added
      */
     private static Attributes addRdnAttributes(String dn, Attributes attrs,
         boolean directUpdate) throws NamingException {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/ServiceLocator.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/ServiceLocator.java	Thu Aug 20 12:29:24 2015 -0700
@@ -62,7 +62,7 @@
      *
      * @param dn A string distinguished name (RFC 2253).
      * @return A domain name or null if none can be derived.
-     * @throw InvalidNameException If the distinguished name is invalid.
+     * @throws InvalidNameException If the distinguished name is invalid.
      */
     static String mapDnToDomainName(String dn) throws InvalidNameException {
         if (dn == null) {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java	Thu Aug 20 12:29:24 2015 -0700
@@ -297,7 +297,7 @@
      * Returns the default SSL socket factory.
      *
      * @return The default SSL socket factory.
-     * @throw IOException If TLS is not supported.
+     * @throws IOException If TLS is not supported.
      */
     private SSLSocketFactory getDefaultFactory() throws IOException {
 
@@ -314,7 +314,7 @@
      *
      * @param factory The SSL socket factory to use.
      * @return The SSL socket.
-     * @throw IOException If an exception occurred while performing the
+     * @throws IOException If an exception occurred while performing the
      * TLS handshake.
      */
     private SSLSocket startHandshake(SSLSocketFactory factory)
--- a/src/java.prefs/share/classes/java/util/prefs/Base64.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.prefs/share/classes/java/util/prefs/Base64.java	Thu Aug 20 12:29:24 2015 -0700
@@ -124,8 +124,8 @@
      * Translates the specified Base64 string (as per Preferences.get(byte[]))
      * into a byte array.
      *
-     * @throw IllegalArgumentException if {@code s} is not a valid Base64
-     *        string.
+     * @throws IllegalArgumentException if {@code s} is not a valid Base64
+     *         string.
      */
     static byte[] base64ToByteArray(String s) {
         return base64ToByteArray(s, false);
@@ -135,9 +135,9 @@
      * Translates the specified "alternate representation" Base64 string
      * into a byte array.
      *
-     * @throw IllegalArgumentException or ArrayOutOfBoundsException
-     *        if {@code s} is not a valid alternate representation
-     *        Base64 string.
+     * @throws IllegalArgumentException or ArrayOutOfBoundsException
+     *         if {@code s} is not a valid alternate representation
+     *         Base64 string.
      */
     static byte[] altBase64ToByteArray(String s) {
         return base64ToByteArray(s, true);
@@ -194,8 +194,8 @@
      * Translates the specified character, which is assumed to be in the
      * "Base 64 Alphabet" into its equivalent 6-bit positive integer.
      *
-     * @throw IllegalArgumentException or ArrayOutOfBoundsException if
-     *        c is not in the Base64 Alphabet.
+     * @throws IllegalArgumentException or ArrayOutOfBoundsException if
+     *         c is not in the Base64 Alphabet.
      */
     private static int base64toInt(char c, byte[] alphaToInt) {
         int result = alphaToInt[c];
--- a/src/java.rmi/share/classes/java/rmi/RemoteException.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.rmi/share/classes/java/rmi/RemoteException.java	Thu Aug 20 12:29:24 2015 -0700
@@ -26,11 +26,11 @@
 package java.rmi;
 
 /**
- * A <code>RemoteException</code> is the common superclass for a number of
+ * A {@code RemoteException} is the common superclass for a number of
  * communication-related exceptions that may occur during the execution of a
  * remote method call.  Each method of a remote interface, an interface that
- * extends <code>java.rmi.Remote</code>, must list
- * <code>RemoteException</code> in its throws clause.
+ * extends {@code java.rmi.Remote}, must list
+ * {@code RemoteException} in its throws clause.
  *
  * <p>As of release 1.4, this exception has been retrofitted to conform to
  * the general purpose exception-chaining mechanism.  The "wrapped remote
@@ -40,7 +40,7 @@
  * the aforementioned "legacy field."
  *
  * <p>Invoking the method {@link Throwable#initCause(Throwable)} on an
- * instance of <code>RemoteException</code> always throws {@link
+ * instance of {@code RemoteException} always throws {@link
  * IllegalStateException}.
  *
  * @author  Ann Wollrath
@@ -63,14 +63,14 @@
     public Throwable detail;
 
     /**
-     * Constructs a <code>RemoteException</code>.
+     * Constructs a {@code RemoteException}.
      */
     public RemoteException() {
         initCause(null);  // Disallow subsequent initCause
     }
 
     /**
-     * Constructs a <code>RemoteException</code> with the specified
+     * Constructs a {@code RemoteException} with the specified
      * detail message.
      *
      * @param s the detail message
@@ -81,9 +81,9 @@
     }
 
     /**
-     * Constructs a <code>RemoteException</code> with the specified detail
+     * Constructs a {@code RemoteException} with the specified detail
      * message and cause.  This constructor sets the {@link #detail}
-     * field to the specified <code>Throwable</code>.
+     * field to the specified {@code Throwable}.
      *
      * @param s the detail message
      * @param cause the cause
@@ -113,7 +113,7 @@
      * Returns the cause of this exception.  This method returns the value
      * of the {@link #detail} field.
      *
-     * @return  the cause, which may be <tt>null</tt>.
+     * @return  the cause, which may be {@code null}.
      * @since   1.4
      */
     public Throwable getCause() {
--- a/src/java.rmi/share/classes/java/rmi/activation/ActivationException.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.rmi/share/classes/java/rmi/activation/ActivationException.java	Thu Aug 20 12:29:24 2015 -0700
@@ -36,7 +36,7 @@
  * the aforementioned "legacy field."
  *
  * <p>Invoking the method {@link Throwable#initCause(Throwable)} on an
- * instance of <code>ActivationException</code> always throws {@link
+ * instance of {@code ActivationException} always throws {@link
  * IllegalStateException}.
  *
  * @author      Ann Wollrath
@@ -59,14 +59,14 @@
     private static final long serialVersionUID = -4320118837291406071L;
 
     /**
-     * Constructs an <code>ActivationException</code>.
+     * Constructs an {@code ActivationException}.
      */
     public ActivationException() {
         initCause(null);  // Disallow subsequent initCause
     }
 
     /**
-     * Constructs an <code>ActivationException</code> with the specified
+     * Constructs an {@code ActivationException} with the specified
      * detail message.
      *
      * @param s the detail message
@@ -77,9 +77,9 @@
     }
 
     /**
-     * Constructs an <code>ActivationException</code> with the specified
+     * Constructs an {@code ActivationException} with the specified
      * detail message and cause.  This constructor sets the {@link #detail}
-     * field to the specified <code>Throwable</code>.
+     * field to the specified {@code Throwable}.
      *
      * @param s the detail message
      * @param cause the cause
@@ -109,7 +109,7 @@
      * Returns the cause of this exception.  This method returns the value
      * of the {@link #detail} field.
      *
-     * @return  the cause, which may be <tt>null</tt>.
+     * @return  the cause, which may be {@code null}.
      * @since   1.4
      */
     public Throwable getCause() {
--- a/src/java.rmi/share/classes/java/rmi/server/ServerCloneException.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.rmi/share/classes/java/rmi/server/ServerCloneException.java	Thu Aug 20 12:29:24 2015 -0700
@@ -26,8 +26,8 @@
 package java.rmi.server;
 
 /**
- * A <code>ServerCloneException</code> is thrown if a remote exception occurs
- * during the cloning of a <code>UnicastRemoteObject</code>.
+ * A {@code ServerCloneException} is thrown if a remote exception occurs
+ * during the cloning of a {@code UnicastRemoteObject}.
  *
  * <p>As of release 1.4, this exception has been retrofitted to conform to
  * the general purpose exception-chaining mechanism.  The "nested exception"
@@ -37,7 +37,7 @@
  * the aforementioned "legacy field."
  *
  * <p>Invoking the method {@link Throwable#initCause(Throwable)} on an
- * instance of <code>ServerCloneException</code> always throws {@link
+ * instance of {@code ServerCloneException} always throws {@link
  * IllegalStateException}.
  *
  * @author  Ann Wollrath
@@ -61,7 +61,7 @@
     private static final long serialVersionUID = 6617456357664815945L;
 
     /**
-     * Constructs a <code>ServerCloneException</code> with the specified
+     * Constructs a {@code ServerCloneException} with the specified
      * detail message.
      *
      * @param s the detail message.
@@ -72,7 +72,7 @@
     }
 
     /**
-     * Constructs a <code>ServerCloneException</code> with the specified
+     * Constructs a {@code ServerCloneException} with the specified
      * detail message and cause.
      *
      * @param s the detail message.
@@ -103,7 +103,7 @@
      * Returns the cause of this exception.  This method returns the value
      * of the {@link #detail} field.
      *
-     * @return  the cause, which may be <tt>null</tt>.
+     * @return  the cause, which may be {@code null}.
      * @since   1.4
      */
     public Throwable getCause() {
--- a/src/java.sql.rowset/share/classes/com/sun/rowset/package.html	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql.rowset/share/classes/com/sun/rowset/package.html	Thu Aug 20 12:29:24 2015 -0700
@@ -26,51 +26,51 @@
 <!DOCTYPE doctype PUBLIC "-//w3c//dtd html 4.0 transitional//en">
 <html>
 <head>
-                                    
+
   <meta http-equiv="Content-Type"
  content="text/html; charset=iso-8859-1">
   <title>com.sun.rowset Package</title>
 </head>
   <body bgcolor="#ffffff">
-Provides five standard implementations of the standard JDBC <tt>RowSet</tt> implementation 
-interface definitions. These reference implementations are included with the J2SE version 
-1.5 platform and represent the benchmark standard <tt>RowSet</tt> implementations as verified 
+Provides five standard implementations of the standard JDBC <code>RowSet</code> implementation
+interface definitions. These reference implementations are included with the J2SE version
+1.5 platform and represent the benchmark standard <code>RowSet</code> implementations as verified
 by the Test Compatibility Kit (TCK) as mandated by the Java Community Process.
- <br>
-   
+<br>
+
 <h3>1.0 Available JDBC RowSet Reference Implementations </h3>
-  The following implementations are provided:<br>
-           
-<blockquote><tt><b>JdbcRowSetImpl</b></tt> - The <tt>javax.sql.rowset.JdbcRowSet</tt>
+The following implementations are provided:<br>
+
+<blockquote><code><b>JdbcRowSetImpl</b></code> - The <code>javax.sql.rowset.JdbcRowSet</code>
 interface reference implementation. <br>
 <br>
-<tt><b>CachedRowSetImpl </b></tt>- The <tt>javax.sql.rowset.CachedRowSet</tt> interface
+<code><b>CachedRowSetImpl</b></code> - The <code>javax.sql.rowset.CachedRowSet</code> interface
 reference implementation.<br>
 <br>
-<tt><b>WebRowSetImpl</b></tt> - The <tt>javax.sql.rowset.WebRowSet</tt> interface
+<code><b>WebRowSetImpl</b></code> - The <code>javax.sql.rowset.WebRowSet</code> interface
 reference implementation.<br>
 <br>
-<tt><b>FilteredRowSetImpl</b></tt> - The <tt>javax.sql.rowset.FilteredRowSet</tt>
+<code><b>FilteredRowSetImpl</b></code> - The <code>javax.sql.rowset.FilteredRowSet</code>
 interface reference implementation.<br>
 <br>
-<tt><b>JoinRowSetImpl</b></tt> - The <tt>javax.sql.rowset.JoinRowSet</tt> interface
+<code><b>JoinRowSetImpl</b></code> - The <code>javax.sql.rowset.JoinRowSet</code> interface
 reference implementation.<br>
 </blockquote>
 
-All details on their expected behavior, including their interactions with the <tt>SyncProvider</tt>
-SPI and helper classes are provided in the interface definitions in the <tt>javax.sql.rowset</tt>
+All details on their expected behavior, including their interactions with the <code>SyncProvider</code>
+SPI and helper classes are provided in the interface definitions in the <code>javax.sql.rowset</code>
 package specification.<br>
-   
+
 <h3>2.0 Usage</h3>
 The reference implementations represent robust implementations of the standard
-<code>RowSet</code> interfaces defined in the <code>javax.sql.rowset</code> package. 
-All disconnected <code>RowSet</code> implementations, such as the <tt>CachedRowSetImpl</tt>
-and <tt>WebRowSetImpl</tt>, are flexible enough to use the <tt>SyncFactory</tt> SPIs to 
-leverage non-reference implementation <tt>SyncProvider</tt> implementations to obtain
-differing synchronization semantics. Furthermore, developers and vendors alike are free 
+<code>RowSet</code> interfaces defined in the <code>javax.sql.rowset</code> package.
+All disconnected <code>RowSet</code> implementations, such as the <code>CachedRowSetImpl</code>
+and <code>WebRowSetImpl</code>, are flexible enough to use the <code>SyncFactory</code> SPIs to
+leverage non-reference implementation <code>SyncProvider</code> implementations to obtain
+differing synchronization semantics. Furthermore, developers and vendors alike are free
 to use these implementations and integrate them into their products just as they
 can with to other components of the Java platform.<br>
-   
+
 <h3>3.0 Extending the JDBC RowSet Implementations</h3>
 
 The JDBC <code>RowSet</code> reference implementations are provided as non-final
@@ -81,6 +81,6 @@
 provider a portal where implementations can be listed, similar to the way it
 provides a site for JDBC drivers.
 <br>
- <br>
+<br>
 </body>
 </html>
--- a/src/java.sql.rowset/share/classes/com/sun/rowset/providers/package.html	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql.rowset/share/classes/com/sun/rowset/providers/package.html	Thu Aug 20 12:29:24 2015 -0700
@@ -1,10 +1,10 @@
 <!DOCTYPE doctype PUBLIC "-//w3c//dtd html 4.0 transitional//en">
 <html>
 <head>
-                    
+
   <meta http-equiv="Content-Type"
  content="text/html; charset=iso-8859-1">
-                    
+
   <meta name="GENERATOR"
  content="Mozilla/4.79 [en] (Windows NT 5.0; U) [Netscape]">
      <!--
@@ -35,21 +35,21 @@
   <title>javax.sql.rowset.providers Package</title>
 </head>
   <body bgcolor="#ffffff">
-  Repository for the <tt>RowSet</tt> reference implementations of the 
- <tt>SyncProvider</tt> abstract class. These implementations provide a 
- disconnected <code>RowSet</code>
- object with the ability to synchronize the data in the underlying data 
- source with its data.  These implementations are provided as
-the default <tt>SyncProvider</tt> implementations and are accessible via the
-<tt>SyncProvider</tt> SPI managed by the <tt>SyncFactory</tt>.  
+Repository for the <code>RowSet</code> reference implementations of the
+<code>SyncProvider</code> abstract class. These implementations provide a
+disconnected <code>RowSet</code>
+object with the ability to synchronize the data in the underlying data
+source with its data.  These implementations are provided as
+the default <code>SyncProvider</code> implementations and are accessible via the
+<code>SyncProvider</code> SPI managed by the <code>SyncFactory</code>.
 
 <h3>1.0 <code>SyncProvider</code> Reference Implementations</h3>
-  The main job of a <tt>SyncProvider</tt> implementation is to manage
+  The main job of a <code>SyncProvider</code> implementation is to manage
 the reader and writer mechanisms.
- The <tt>SyncProvider</tt> SPI, as specified in the <tt>javax.sql.rowset.spi</tt>
-package, provides a pluggable mechanism by which <tt>javax.sql.RowSetReader</tt>
-and <tt>javax.sql.RowSetWriter</tt> implementations can be supplied to a disconnected
-<tt>RowSet</tt> object.
+ The <code>SyncProvider</code> SPI, as specified in the <code>javax.sql.rowset.spi</code>
+package, provides a pluggable mechanism by which <code>javax.sql.RowSetReader</code>
+and <code>javax.sql.RowSetWriter</code> implementations can be supplied to a disconnected
+<code>RowSet</code> object.
 <P>
  A reader, a <code>javax.sql.RowSetReader</code>
 object, does the work necessary to populate a <code>RowSet</code> object with data.
@@ -100,24 +100,24 @@
    
 <UL>
 <LI>
-<b><tt>RIOptimisticProvider </tt></b>- provides the <tt>javax.sql.RowSetReader</tt>
- and <tt>javax.sql.RowSetWriter</tt> interface implementations and provides
+<b><code>RIOptimisticProvider</code></b> - provides the <code>javax.sql.RowSetReader</code>
+and <code>javax.sql.RowSetWriter</code> interface implementations and provides
 an optimistic concurrency model for synchronization. This model assumes that there
 will be few conflicts and therefore uses a relatively low grade of synchronization.
 If no other provider is available, this is the default provider that the 
 <code>SyncFactory</code> will supply to a <code>RowSet</code> object.
     <br>
 <LI>
-    <b><tt>RIXMLProvider </tt></b>- provides the <tt>XmlReader</tt> (an extension
-of  the <tt>javax.sql.RowSetReader</tt> interface) and the <tt>XmlWriter</tt>
-(an extension of the <tt>javax.sql.RowSetWriter</tt> interface) to enable
-  <tt>WebRowSet</tt> objects to write their state to a
-well formed XML document according to the <tt>WebRowSet</tt> XML schema
+<b><code>RIXMLProvider</code></b> - provides the <code>XmlReader</code> (an extension
+of the <code>javax.sql.RowSetReader</code> interface) and the <code>XmlWriter</code>
+(an extension of the <code>javax.sql.RowSetWriter</code> interface) to enable
+<code>WebRowSet</code> objects to write their state to a
+well formed XML document according to the <code>WebRowSet</code> XML schema
 definition.<br>
 </UL>
    
 <h3>2.0 Basics in RowSet Population &amp; Synchronization</h3>
-  A rowset's first task is to populate itself with rows of column values.
+A rowset's first task is to populate itself with rows of column values.
 Generally,   these rows will come from a relational database, so a rowset
 has properties   that supply what is necessary for making a connection to
 a database and executing  a query. A rowset that does not need to establish
@@ -127,28 +127,28 @@
 properties. The general  rule is that a RowSet is required to set only the
 properties that it uses.<br>
     <br>
-    The <tt>command</tt> property contains the query that determines what 
+The <code>command</code> property contains the query that determines what 
 data  a <code>RowSet</code> will contain. Rowsets have methods for setting a query's 
 parameter(s),  which means that a query can be executed multiple times with 
 different parameters  to produce different result sets. Or the query can be
 changed to something  completely new to get a new result set.           
-<p>Once a rowset contains the rows from a <tt>ResultSet</tt> object or some
-  other data source, its column values can be updated, and its rows can be
- inserted or deleted. Any method that causes a change in the rowset's values
- or cursor position also notifies any object that has been registered as
-a  listener with the rowset. So, for example, a table that displays the rowset's
- data in an applet can be notified of changes and make updates as they
- occur.<br>
+<p>Once a rowset contains the rows from a <code>ResultSet</code> object or some
+other data source, its column values can be updated, and its rows can be
+inserted or deleted. Any method that causes a change in the rowset's values
+or cursor position also notifies any object that has been registered as
+a listener with the rowset. So, for example, a table that displays the rowset's
+data in an applet can be notified of changes and make updates as they
+occur.<br>
     <br>
-  The changes made to a rowset can be propagated back to the original data
-  source to keep the rowset and its data source synchronized. Although this
-  involves many operations behind the scenes, it is completely transparent 
- to the application programmer and remains the concern of the RowSet provider 
-  developer. All an application has to do is invoke the method <tt>acceptChanges</tt>, 
-  and the data source backing the rowset will be updated to match the current 
-  values in the rowset. </p>
-       
-<p>A disconnected rowset, such as a <tt>CachedRowSet</tt> or <tt>WebRowSet</tt>
+The changes made to a rowset can be propagated back to the original data
+source to keep the rowset and its data source synchronized. Although this
+involves many operations behind the scenes, it is completely transparent 
+to the application programmer and remains the concern of the RowSet provider 
+developer. All an application has to do is invoke the method <code>acceptChanges</code>, 
+and the data source backing the rowset will be updated to match the current 
+values in the rowset. </p>
+
+<p>A disconnected rowset, such as a <code>CachedRowSet</code> or <code>WebRowSet</code>
  object, establishes a connection to populate itself with data from a database 
  and then closes the connection. The <code>RowSet</code> object will remain 
  disconnected until it wants to propagate changes back to its database table, 
@@ -156,9 +156,9 @@
  the database), the rowset establishes a connection, write the changes, and then 
  once again disconnects itself.<br>
   </p>
-      
+
 <h3> 3.0 Other Possible Implementations</h3>
- There are many other possible implementations of the <tt>SyncProvider</tt> abstract
+ There are many other possible implementations of the <code>SyncProvider</code> abstract
  class. One possibility is to employ a more robust synchronization model, which
  would give a <code>RowSet</code> object increased trust in the provider's
  ability to get any updates back to the original data source. Another possibility 
--- a/src/java.sql.rowset/share/classes/javax/sql/rowset/package.html	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql.rowset/share/classes/javax/sql/rowset/package.html	Thu Aug 20 12:29:24 2015 -0700
@@ -1,7 +1,7 @@
 <!DOCTYPE doctype PUBLIC "-//w3c//dtd html 4.0 transitional//en">
 <html>
 <head>
-                                    
+
   <meta http-equiv="Content-Type"
  content="text/html; charset=iso-8859-1">
 <!--
@@ -53,40 +53,40 @@
  All five extend the 
 <a href="../RowSet.html">RowSet</a> interface described in the JDBC 3.0
 specification.  It is anticipated that additional definitions
-of more specialized JDBC <code>RowSet</code> types will emerge as this technology 
-matures. Future definitions <i>should</i> be specified as subinterfaces using 
+of more specialized JDBC <code>RowSet</code> types will emerge as this technology
+matures. Future definitions <i>should</i> be specified as subinterfaces using
 inheritance similar to the way it is used in this specification.
 <p>
 <i>Note:</i> The interface definitions provided in this package form the basis for
 all compliant JDBC <code>RowSet</code> implementations. Vendors and more advanced
-developers who intend to provide their own compliant <code>RowSet</code> implementations 
+developers who intend to provide their own compliant <code>RowSet</code> implementations
 should pay particular attention to the assertions detailed in specification
 interfaces. 
 
 <h3><a name="stdrowset">2.0 Standard RowSet Definitions</a></h3>
 <ul>
-<li><a href="JdbcRowSet.html"><b><code>JdbcRowSet</code></b></a> - A wrapper around 
-a <tt>ResultSet</tt> object that makes it possible to use the result set as a 
+<li><a href="JdbcRowSet.html"><b><code>JdbcRowSet</code></b></a> - A wrapper around
+a <code>ResultSet</code> object that makes it possible to use the result set as a
 JavaBeans&trade; component. Thus,
-a <tt>JdbcRowSet</tt> object can be a Bean that any tool
+a <code>JdbcRowSet</code> object can be a Bean that any tool
 makes available for assembling an application as part of a component based
-architecture . A <tt>JdbcRowSet</tt> object is a connected <code>RowSet</code>
+architecture. A <code>JdbcRowSet</code> object is a connected <code>RowSet</code>
 object, that is, it 
 <b>must</b> continually maintain its connection to its data source using a JDBC
 technology-enabled driver ("JDBC driver"). In addition, a <code>JdbcRowSet</code>
-object provides a fully updatable and scrollable tabular 
+object provides a fully updatable and scrollable tabular
 data structure as defined in the JDBC 3.0 specification.
 
 <li><a href="CachedRowSet.html">
 <b><code>CachedRowSet</code>&trade;</b></a>
- - A <tt>CachedRowSet</tt> object is a JavaBeans&trade;
+ - A <code>CachedRowSet</code> object is a JavaBeans&trade;
  component that is scrollable, updatable, serializable, and generally disconnected from
- the source of its data. A <tt>CachedRowSet</tt> object
+ the source of its data. A <code>CachedRowSet</code> object
 typically contains rows from a result set, but it can also contain rows from any
-file with a tabular format, such as a spreadsheet. <tt>CachedRowSet</tt> implementations 
-<b>must</b> use the <tt>SyncFactory</tt> to manage and obtain pluggable
+file with a tabular format, such as a spreadsheet. <code>CachedRowSet</code> implementations
+<b>must</b> use the <code>SyncFactory</code> to manage and obtain pluggable
 <code>SyncProvider</code> objects to provide synchronization between the
-disconnected <code>RowSet</code> object and the originating data source. 
+disconnected <code>RowSet</code> object and the originating data source.
 Typically a <code>SyncProvider</code> implementation relies upon a JDBC
 driver to obtain connectivity to a particular data source.
 Further details on this mechanism are discussed in the <a
@@ -94,13 +94,13 @@
 specification.
 
 <li><a href="WebRowSet.html"><b><code>WebRowSet</code></b></a> - A 
-<code>WebRowSet</code> object is an extension of <tt>CachedRowSet</tt>
+<code>WebRowSet</code> object is an extension of <code>CachedRowSet</code>
 that can read and write a <code>RowSet</code> object in a well formed XML format.
-This class calls an <a href="spi/XmlReader.html"><code>XmlReader</code></a> object 
+This class calls an <a href="spi/XmlReader.html"><code>XmlReader</code></a> object
 (an extension of the <a href="../RowSetReader.html"><code>RowSetReader</code></a>
 interface) to read a rowset in XML format. It calls an 
-<a href="spi/XmlWriter.html"><code>XmlWriter</code></a> object (an extension of the 
-<a href="../RowSetWriter.html"><code>RowSetWriter</code></a> interface) 
+<a href="spi/XmlWriter.html"><code>XmlWriter</code></a> object (an extension of the
+<a href="../RowSetWriter.html"><code>RowSetWriter</code></a> interface)
 to write a rowset in XML format. The reader and writer required by
 <code>WebRowSet</code> objects are provided by the
 <code>SyncFactory</code> in the form of <code>SyncProvider</code>
@@ -110,14 +110,14 @@
 <code>http://java.sun.com/xml/ns/jdbc/webrowset.xsd</code></a>.
 
 <li><a href="FilteredRowSet.html"><b><code>FilteredRowSet</code></b></a> - A
-<tt>FilteredRowSet</tt> object provides filtering functionality in a programmatic
-and extensible way. There are many instances when a <tt>RowSet</tt> <code>object</code>
+<code>FilteredRowSet</code> object provides filtering functionality in a programmatic
+and extensible way. There are many instances when a <code>RowSet</code> <code>object</code>
 has a need to provide filtering in its contents without sacrificing the disconnected
 environment, thus saving the expense of having to create a connection to the data source.
 Solutions to this need vary from providing heavyweight full scale 
 SQL query abilities, to portable components, to more lightweight 
 approaches. A <code>FilteredRowSet</code> object consumes
-an implementation of the <a href="Predicate.html"><code>Predicate</code></a> 
+an implementation of the <a href="Predicate.html"><code>Predicate</code></a>
 interface, which <b>may</b> define a filter at run time. In turn, a
 <code>FilteredRowSet</code> object is tasked with enforcing the set filter for both
 inbound and outbound read and write operations. That is, all filters can be
@@ -125,19 +125,19 @@
 however, sufficient mechanics are specified to permit any required filter to be
 implemented.
 
-<li><a href="JoinRowSet.html"><b><code>JoinRowSet</code></b></a> - The <tt>JoinRowSet</tt>
-interface  describes a mechanism by which relationships can be established between 
-two or more standard <code>RowSet</code> implementations. Any number of <tt>RowSet</tt>
- objects can be added to a <tt>JoinRowSet</tt> object provided  the <tt>RowSet</tt>objects 
-can be related  in a SQL <tt>JOIN</tt> like fashion. By definition, the SQL <tt>JOIN</tt> 
+<li><a href="JoinRowSet.html"><b><code>JoinRowSet</code></b></a> - The <code>JoinRowSet</code>
+interface  describes a mechanism by which relationships can be established between
+two or more standard <code>RowSet</code> implementations. Any number of <code>RowSet</code>
+ objects can be added to a <code>JoinRowSet</code> object provided  the <code>RowSet</code>objects
+can be related  in a SQL <code>JOIN</code> like fashion. By definition, the SQL <code>JOIN</code>
 statement  is used to combine the data contained in two (<i>or more</i>) relational
 database tables based upon a common attribute. By establishing and then enforcing
-column matches, a <tt>JoinRowSet</tt> object establishes relationships between
-<tt>RowSet</tt> instances without the need to touch the originating data source.     
+column matches, a <code>JoinRowSet</code> object establishes relationships between
+<code>RowSet</code> instances without the need to touch the originating data source.
 </ul>
 
 <h3><a name="impl">3.0 Implementer's Guide</a></h3>
-Compliant implementations of JDBC <code>RowSet</code> Implementations 
+Compliant implementations of JDBC <code>RowSet</code> Implementations
 <b>must</b> follow the assertions described in this specification. In accordance
 with the terms of the <a href="http://www.jcp.org">Java Community Process</a>, a
 Test Compatibility Kit (TCK) can be licensed to ensure compatibility with the
@@ -155,24 +155,24 @@
 </li>
 <li><b>3.2 Role of the <code>BaseRowSet</code> Class</b>
 <p>
-A compliant JDBC <code>RowSet</code> implementation <b>must</b> implement one or more 
-standard interfaces specified in this package and <b>may</b> extend the 
-<a href="BaseRowSet.html"><code>BaseRowSet</code></a> abstract class. For example, a 
+A compliant JDBC <code>RowSet</code> implementation <b>must</b> implement one or more
+standard interfaces specified in this package and <b>may</b> extend the
+<a href="BaseRowSet.html"><code>BaseRowSet</code></a> abstract class. For example, a
 <code>CachedRowSet</code> implementation must implement the <code>CachedRowSet</code>
 interface and extend the <code>BaseRowSet</code> abstract class. The
 <code>BaseRowSet</code> class provides the standard architecture on which all
 <code>RowSet</code> implementations should be built, regardless of whether the
 <code>RowSet</code> objects exist in a connected or disconnected environment.
-The <tt>BaseRowSet</tt> abstract class provides any <tt>RowSet</tt> implementation
+The <code>BaseRowSet</code> abstract class provides any <code>RowSet</code> implementation
 with its base functionality, including property manipulation and event notification
-that is fully compliant with <a href="http://java.sun.com/products/javabeans">JavaBeans</a> 
+that is fully compliant with <a href="http://java.sun.com/products/javabeans">JavaBeans</a>
 component requirements. As an example, all implementations provided in the
-reference implementations (contained in the <tt>com.sun.rowset</tt> package) use
-the <tt>BaseRowSet</tt> class as a basis for their implementations.            
+reference implementations (contained in the <code>com.sun.rowset</code> package) use
+the <code>BaseRowSet</code> class as a basis for their implementations.
 <P>
 The following table illustrates the features that the <code>BaseRowSet</code>
 abstract class provides.
-  <blockquote>                    
+  <blockquote>
     <table cellpadding="2" cellspacing="2" border="1" width="75%">
           <tbody>
             <tr>
@@ -185,8 +185,8 @@
               <td valign="top">Properties<br>
               </td>
               <td valign="top">Provides standard JavaBeans property manipulation
-  mechanisms to allow applications to get and set <code>RowSet</code> command and
-property  values. Refer to the   documentation of the <tt>javax.sql.RowSet</tt>
+mechanisms to allow applications to get and set <code>RowSet</code> command and
+property  values. Refer to the   documentation of the <code>javax.sql.RowSet</code>
 interface  (available in the JDBC 3.0 specification) for more details on
 the standard  <code>RowSet</code> properties.<br>
               </td>
@@ -195,9 +195,9 @@
               <td valign="top">Event notification<br>
               </td>
               <td valign="top">Provides standard JavaBeans event notifications
-  to registered event listeners. Refer to the documentation of <tt>javax.sql.RowSetEvent
-           </tt> interface (available in the JDBC 3.0 specification) for
-more  details on how  to register and handle standard RowSet events generated
+to registered event listeners. Refer to the documentation of <code>javax.sql.RowSetEvent</code>
+interface (available in the JDBC 3.0 specification) for
+more details on how  to register and handle standard RowSet events generated
 by  compliant implementations.<br>
               </td>
             </tr>
@@ -223,8 +223,8 @@
 <p>
 The <code>JdbcRowSet</code> describes a <code>RowSet</code> object that <b>must</b> always
 be connected to the originating data source. Implementations of the <code>JdbcRowSet</code>
-should ensure that this connection is provided solely by a JDBC driver. 
-Furthermore, <code>RowSet</code> objects that are implementations of the 
+should ensure that this connection is provided solely by a JDBC driver.
+Furthermore, <code>RowSet</code> objects that are implementations of the
 <code>JdbcRowSet</code> interface and are therefore operating in a connected environment
 do not use the <code>SyncFactory</code> to obtain a <code>RowSetReader</code> object
 or a <code>RowSetWriter</code> object. They can safely rely on the JDBC driver to
@@ -234,24 +234,24 @@
 <li>
 <b>3.4 Disconnected RowSet Requirements</b>
 <p> 
-A disconnected <code>RowSet</code> object, such as a <code>CachedRowSet</code> object, 
+A disconnected <code>RowSet</code> object, such as a <code>CachedRowSet</code> object,
 <b>should</b> delegate  
-connection management to a <code>SyncProvider</code> object provided by the 
-<code>SyncFactory</code>. To ensure fully disconnected semantics, all 
+connection management to a <code>SyncProvider</code> object provided by the
+<code>SyncFactory</code>. To ensure fully disconnected semantics, all
 disconnected <code>RowSet</code> objects <b>must</b> ensure
-that the original connection made to the data source to populate the <code>RowSet</code> 
+that the original connection made to the data source to populate the <code>RowSet</code>
 object is closed to permit the garbage collector to recover and release resources. The
-<code>SyncProvider</code> object ensures that the critical JDBC properties are 
-maintained in order to re-establish a connection to the data source when a 
-synchronization is required. A disconnected <code>RowSet</code> object should 
-therefore ensure that no 
+<code>SyncProvider</code> object ensures that the critical JDBC properties are
+maintained in order to re-establish a connection to the data source when a
+synchronization is required. A disconnected <code>RowSet</code> object should
+therefore ensure that no
 extraneous references remain on the <code>Connection</code> object.
 
 <li><b>3.5 Role of RowSetMetaDataImpl</b>
 <p>
 The <code>RowsetMetaDataImpl</code> class is a utility class that provides an implementation of the
 <a href="../RowSetMetaData.html">RowSetMetaData</a> interface, supplying standard setter
-method implementations for metadata for both connected and disconnected 
+method implementations for metadata for both connected and disconnected
 <code>RowSet</code> objects. All implementations are free to use this standard
 implementation but are not required to do so.
 
@@ -261,10 +261,10 @@
 on <code>RowSet</code> implementations.
 Similar to <a href="../../../java/sql/SQLWarning.html">SQLWarning</a> objects,
 <code>RowSetWarning</code>  objects are silently chained to the object whose method
-caused the warning to be thrown. All <code>RowSet</code> implementations <b>should</b>  
+caused the warning to be thrown. All <code>RowSet</code> implementations <b>should</b>
 ensure that this chaining occurs if a warning is generated and also ensure that the
 warnings are available via the <code>getRowSetWarnings</code> method defined in either
-the <code>JdbcRowSet</code> interface or the <code>CachedRowSet</code> interface. 
+the <code>JdbcRowSet</code> interface or the <code>CachedRowSet</code> interface.
 After a warning has been retrieved with one of the
 <code>getRowSetWarnings</code> methods, the <code>RowSetWarning</code> method
 <code>getNextWarning</code> can be called on it to retrieve any warnings that might
@@ -273,10 +273,10 @@
 
 <li><b>3.7 The Joinable Interface</b>
 <P>
-The <code>Joinable</code> interface provides both connected and disconnected 
-<code>RowSet</code> objects with the capability to be added to a 
+The <code>Joinable</code> interface provides both connected and disconnected
+<code>RowSet</code> objects with the capability to be added to a
 <code>JoinRowSet</code> object in an SQL <code>JOIN</code> operation.
-A <code>RowSet</code> object that has  implemented the <code>Joinable</code> 
+A <code>RowSet</code> object that has  implemented the <code>Joinable</code>
 interface can set a match column, retrieve a match column, or unset a match column.
 A <code>JoinRowSet</code> object can then use the <code>RowSet</code> object's
 match column as a basis for adding the <code>RowSet</code> object.
@@ -298,7 +298,7 @@
 <h3><a name="reldocs">5.0 Related Documentation</a></h3>
 <ul>
 <li><a href="http://docs.oracle.com/javase/tutorial/jdbc/basics/rowset.html">
-JDBC RowSet Tutorial</a>      
+JDBC RowSet Tutorial</a>
 </ul>
 </body>
 </html>
--- a/src/java.sql.rowset/share/classes/javax/sql/rowset/serial/package.html	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql.rowset/share/classes/javax/sql/rowset/serial/package.html	Thu Aug 20 12:29:24 2015 -0700
@@ -1,10 +1,10 @@
 <!DOCTYPE doctype PUBLIC "-//w3c//dtd html 4.0 transitional//en">
 <html>
 <head>
-                
+
   <meta http-equiv="Content-Type"
  content="text/html; charset=iso-8859-1">
-                
+
   <meta name="GENERATOR"
  content="Mozilla/4.79 [en] (Windows NT 5.0; U) [Netscape]">
 <!--
@@ -36,52 +36,52 @@
 <body bgcolor="#ffffff">
 Provides utility classes to allow serializable mappings between SQL types
 and data types in the Java programming language.
-<p> Standard JDBC <code>RowSet</code> implementations may use these utility 
+<p> Standard JDBC <code>RowSet</code> implementations may use these utility
 classes to
-assist in the serialization of disconnected <code>RowSet</code> objects. 
+assist in the serialization of disconnected <code>RowSet</code> objects.
 This is useful
-when  transmitting a disconnected <tt>RowSet</tt> object over the wire to
+when  transmitting a disconnected <code>RowSet</code> object over the wire to
 a different VM or across layers within an application.<br>
 </p>
 
 <h3>1.0 SerialArray</h3>
-A serializable mapping in the Java programming language of an SQL ARRAY 
+A serializable mapping in the Java programming language of an SQL ARRAY
 value. <br>
 <br>
-The <tt>SerialArray </tt>class provides a constructor for creating a <tt>SerialArray
-</tt>instance from an Array object, methods for getting the base type and
+The <code>SerialArray</code> class provides a constructor for creating a <code>SerialArray</code>
+instance from an Array object, methods for getting the base type and
 the SQL name for the base type, and methods for copying all or part of a
-<tt>SerialArray </tt>object. <br>
+<code>SerialArray</code> object. <br>
 
 <h3>2.0 SerialBlob</h3>
 A serializable mapping in the Java programming language of an SQL BLOB
 value.  <br>
 <br>
-The <tt>SerialBlob </tt>class provides a constructor for creating an instance
+The <code>SerialBlob</code>class provides a constructor for creating an instance
 from a Blob object. Note that the Blob object should have brought the SQL
-BLOB value's data over to the client before a <tt>SerialBlob </tt>object
+BLOB value's data over to the client before a <code>SerialBlob</code>object
 is constructed from it. The data of an SQL BLOB value can be materialized
-on the client as an array of bytes (using the method <tt>Blob.getBytes</tt>)
-or as a stream of uninterpreted bytes (using the method <tt>Blob.getBinaryStream</tt>).
+on the client as an array of bytes (using the method <code>Blob.getBytes</code>)
+or as a stream of uninterpreted bytes (using the method <code>Blob.getBinaryStream</code>).
 <br>
 <br>
-<tt>SerialBlob </tt>methods make it possible to make a copy of a <tt>SerialBlob
-</tt>object as an array of bytes or as a stream. They also make it possible
-to locate a given pattern of bytes or a <tt>Blob </tt>object within a <tt>SerialBlob
-</tt>object. <br>
+<code>SerialBlob</code> methods make it possible to make a copy of a <code>SerialBlob</code>
+object as an array of bytes or as a stream. They also make it possible
+to locate a given pattern of bytes or a <code>Blob</code> object within a <code>SerialBlob</code>
+object. <br>
 
 <h3>3.0 SerialClob</h3>
 A serializable mapping in the Java programming language of an SQL CLOB
 value.  <br>
 <br>
-The <tt>SerialClob </tt>class provides a constructor for creating an instance
-from a <tt>Clob </tt>object. Note that the <tt>Clob </tt>object should have
-brought the SQL CLOB value's data over to the client before a <tt>SerialClob
-</tt>object is constructed from it. The data of an SQL CLOB value can be
+The <code>SerialClob</code> class provides a constructor for creating an instance
+from a <code>Clob</code> object. Note that the <code>Clob</code> object should have
+brought the SQL CLOB value's data over to the client before a <code>SerialClob</code>
+object is constructed from it. The data of an SQL CLOB value can be
 materialized on the client as a stream of Unicode characters. <br>
 <br>
-<tt>SerialClob </tt>methods make it possible to get a substring from a 
-<tt>SerialClob </tt>object or to locate the start of a pattern of characters. 
+<code>SerialClob</code> methods make it possible to get a substring from a
+<code>SerialClob</code> object or to locate the start of a pattern of characters.
 <br>
 
 <h3>5.0 SerialDatalink</h3>
@@ -89,11 +89,11 @@
 value. A DATALINK value references a file outside of the underlying data source
 that the originating data source manages. <br>
 <br>
-<code>RowSet</code> implementations can use the method <tt>RowSet.getURL() </tt>to retrieve
+<code>RowSet</code> implementations can use the method <code>RowSet.getURL()</code> to retrieve
 a <code>java.net.URL</code> object, which can be used to manipulate the external data.
 <br>
 <br>
-&nbsp;&nbsp;<tt>&nbsp;&nbsp;&nbsp; java.net.URL url = rowset.getURL(1);</tt><br>
+&nbsp;&nbsp;<code>&nbsp;&nbsp;&nbsp; java.net.URL url = rowset.getURL(1);</code><br>
 
 <h3>6.0 SerialJavaObject</h3>
 A serializable mapping in the Java programming language of an SQL JAVA_OBJECT
@@ -103,16 +103,16 @@
 If however, the serialization is not possible in the case where the Java
 object is not immediately serializable, this class will attempt to serialize
 all non static members to permit the object instance state to be serialized.
-Static or transient fields cannot be serialized and attempting to do so 
-will result in a <tt>SerialException </tt>being thrown. <br>
+Static or transient fields cannot be serialized and attempting to do so
+will result in a <code>SerialException</code> being thrown. <br>
 
 <h3>7.0 SerialRef</h3>
 A serializable mapping between the SQL REF type and the Java programming
 language. <br>
 <br>
-The <tt>SerialRef </tt>class provides a constructor for creating a <tt>SerialRef
-</tt>instance from a <tt>Ref</tt> type and provides methods for getting
-and setting the <tt>Ref</tt> object type. <br>
+The <code>SerialRef</code> class provides a constructor for creating a <code>SerialRef</code>
+instance from a <code>Ref</code> type and provides methods for getting
+and setting the <code>Ref</code> object type. <br>
 
 <h3>8.0 SerialStruct</h3>
 A serializable mapping in the Java programming language of an SQL structured
@@ -121,58 +121,58 @@
 that is not already serializable is mapped to a serializable form. <br>
 <br>
 In addition, if a <code>Map</code> object is passed to one of the constructors or
-to the method <code>getAttributes</code>, the structured type is custom mapped 
+to the method <code>getAttributes</code>, the structured type is custom mapped
 according to the mapping specified in the <code>Map</code> object.
-  <br>
-  The <tt>SerialStruct </tt>class provides a constructor for creating an
-instance  from a <tt>Struct</tt> object, a method for retrieving the SQL
+<br>
+The <code>SerialStruct</code> class provides a constructor for creating an
+instance  from a <code>Struct</code> object, a method for retrieving the SQL
 type name of the SQL structured type in the database, and methods for retrieving
 its attribute values. <br>
-   
+
 <h3>9.0 SQLInputImpl</h3>
-  An input stream used for custom mapping user-defined types (UDTs). An 
-  <tt>SQLInputImpl</tt> object is an input stream that contains a stream of 
+  An input stream used for custom mapping user-defined types (UDTs). An
+  <code>SQLInputImpl</code> object is an input stream that contains a stream of
   values that are
 the attributes of a UDT. This class is used by the driver behind the scenes
-when the method <tt>getObject</tt> is called on an SQL structured or distinct
-type that has a custom mapping; a programmer never invokes <tt>SQLInputImpl
-</tt> methods directly. <br>
+when the method <code>getObject</code> is called on an SQL structured or distinct
+type that has a custom mapping; a programmer never invokes <code>SQLInputImpl</code>
+methods directly. <br>
   <br>
-  The <tt>SQLInputImpl</tt> class provides a set of reader methods
- analogous to the <tt>ResultSet</tt> getter methods. These methods make it
- possible to read the values in an <tt>SQLInputImpl</tt> object. The method
+The <code>SQLInputImpl</code> class provides a set of reader methods
+analogous to the <code>ResultSet</code> getter methods. These methods make it
+possible to read the values in an <code>SQLInputImpl</code> object. The method
 <code>wasNull</code> is used to determine whether the last value read was SQL NULL.
+<br>
  <br>
-  <br>
-  When a constructor or getter method that takes a <code>Map</code> object is called, 
+When a constructor or getter method that takes a <code>Map</code> object is called,
 the JDBC driver calls the method
-<tt>SQLData.getSQLType</tt> to determine the SQL type of the UDT being custom
+<code>SQLData.getSQLType</code> to determine the SQL type of the UDT being custom
 mapped. The driver  creates an instance of <code>SQLInputImpl</code>, populating it with
 the attributes of  the UDT. The driver then passes the input stream to the
-method <tt>SQLData.readSQL</tt>,  which in turn calls the <tt>SQLInputImpl</tt>
+method <code>SQLData.readSQL</code>,  which in turn calls the <code>SQLInputImpl</code>
 methods to read the  attributes from the input stream. <br>
-   
+
 <h3>10.0 SQLOutputImpl</h3>
   The output stream for writing the attributes of a custom mapped user-defined
  type (UDT) back to the database. The driver uses this interface internally,
  and its methods are never directly invoked by an application programmer.
 <br>
   <br>
-  When an application calls the method <tt>PreparedStatement.setObject, </tt>the
- driver checks to see whether the value to be written is a UDT with a custom
- mapping. If it is, there will be an entry in a type map containing the Class
- object for the class that implements <tt>SQLData </tt>for this UDT. If the
- value to be written is an instance of <tt>SQLData</tt>, the driver will
-create  an instance of <code>SQLOutputImpl</code> and pass it to the method 
-<tt>SQLData.writeSQL</tt>.
- The method <code>writeSQL</code> in turn calls the appropriate <tt>SQLOutputImpl</tt>
-writer methods to write data from the <code>SQLData</code> object to the 
+When an application calls the method <code>PreparedStatement.setObject</code>, the
+driver checks to see whether the value to be written is a UDT with a custom
+mapping. If it is, there will be an entry in a type map containing the Class
+object for the class that implements <code>SQLData</code> for this UDT. If the
+value to be written is an instance of <code>SQLData</code>, the driver will
+create  an instance of <code>SQLOutputImpl</code> and pass it to the method
+<code>SQLData.writeSQL</code>.
+The method <code>writeSQL</code> in turn calls the appropriate <code>SQLOutputImpl</code>
+writer methods to write data from the <code>SQLData</code> object to the
 <code>SQLOutputImpl</code>
-output  stream as the representation of an SQL user-defined type.       
-   
+output  stream as the representation of an SQL user-defined type.
+
 <h3>Custom Mapping</h3>
-The JDBC API provides mechanisms for mapping an SQL structured type or DISTINCT 
-type to the Java programming language.  Typically, a structured type is mapped 
+The JDBC API provides mechanisms for mapping an SQL structured type or DISTINCT
+type to the Java programming language.  Typically, a structured type is mapped
 to a class, and its attributes are mapped to fields in the class.
 (A DISTINCT type can thought of as having one attribute.)  However, there are
 many other possibilities, and there may be any number of different mappings.
@@ -181,7 +181,7 @@
 For example, if an SQL structured type named AUTHORS has the attributes NAME,
 TITLE, and PUBLISHER, it could be mapped to a Java class named Authors.  The
 Authors class could have the fields name, title, and publisher, to which the
-attributes of AUTHORS are mapped.  In such a case, the implementation of 
+attributes of AUTHORS are mapped.  In such a case, the implementation of
 <code>SQLData</code> could look like the following:
 <PRE>
    public class Authors implements SQLData {
@@ -213,27 +213,27 @@
 A <code>java.util.Map</code> object is used to associate the SQL structured
 type with its mapping to the class <code>Authors</code>. The following code fragment shows
 how a <code>Map</code> object might be created and given an entry associating
-<code>AUTHORS</code> and <code>Authors</code>.  
+<code>AUTHORS</code> and <code>Authors</code>.
 <PRE>
     java.util.Map map = new java.util.HashMap();
     map.put("SCHEMA_NAME.AUTHORS", Class.forName("Authors");
 </PRE>
- 
-The <code>Map</code> object <i>map</i> now contains an entry with the 
+
+The <code>Map</code> object <i>map</i> now contains an entry with the
 fully qualified name of the SQL structured type and the <code>Class</code>
  object for the class <code>Authors</code>.  It can be passed to a method
-to tell the driver how to map <code>AUTHORS</code> to <code>Authors</code>.  
+to tell the driver how to map <code>AUTHORS</code> to <code>Authors</code>.
 <P>
 For a disconnected <code>RowSet</code> object, custom mapping can be done
 only when a <code>Map</code> object is passed to the method or constructor
 that will be doing the custom mapping.  The situation is different for
 connected <code>RowSet</code> objects because they maintain a connection
-with the data source.  A method that does custom mapping and is called by 
+with the data source.  A method that does custom mapping and is called by
 a disconnected <code>RowSet</code> object may use the <code>Map</code>
 object that is associated with the <code>Connection</code> object being
-used. So, in other words, if no map is specified, the connection's type 
+used. So, in other words, if no map is specified, the connection's type
 map can be used by default.
-     
+
 <br>
 </body>
 </html>
--- a/src/java.sql.rowset/share/classes/javax/sql/rowset/spi/package.html	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql.rowset/share/classes/javax/sql/rowset/spi/package.html	Thu Aug 20 12:29:24 2015 -0700
@@ -37,14 +37,14 @@
   <body bgcolor="#ffffff">
 
 The standard classes and interfaces that a third party vendor has to
-use in its implementation of a synchronization provider. These classes and 
-interfaces are referred to as the Service Provider Interface (SPI). A vendor may 
+use in its implementation of a synchronization provider. These classes and
+interfaces are referred to as the Service Provider Interface (SPI). A vendor may
 have its implementation included on the JDBC web page that lists available
 <code>SyncProvider</code> implementations by sending email to <code>jdbc@sun.com</code>.
 Doing this helps make developers aware of the implementation. To make it possible
 for a <code>RowSet</code> object to use an implementation, the vendor must register
 it with the <code>SyncFactory</code> singleton. (See the class comment for
-<code>SyncProvider</code> for a full explanation of the registration process and 
+<code>SyncProvider</code> for a full explanation of the registration process and
 the naming convention to be used.)
 
 <h2>Table of Contents</h2>
@@ -81,10 +81,10 @@
 object with the mechanisms for reading data into it and for writing data that has been
 modified in it
 back to the underlying data source.  A <i>reader</i>, a <code>RowSetReader</code> or
-<code>XMLReader</code> object, reads data into a <code>RowSet</code> object when the 
-<code>CachedRowSet</code> methods <code>execute</code> or <code>populate</code> 
+<code>XMLReader</code> object, reads data into a <code>RowSet</code> object when the
+<code>CachedRowSet</code> methods <code>execute</code> or <code>populate</code>
 are called.  A <i>writer</i>, a <code>RowSetWriter</code> or <code>XMLWriter</code>
-object, writes changes back to the underlying data source when the 
+object, writes changes back to the underlying data source when the
 <code>CachedRowSet</code> method <code>acceptChanges</code> is called.
 <P>
 The process of writing changes in a <code>RowSet</code> object to its data source
@@ -96,9 +96,9 @@
 The lower grades of synchronization are
 known as <i>optimistic</i> concurrency levels because they optimistically
 assume that there will be no conflicts or very few conflicts.  A conflict exists when
-the same data modified in the <code>RowSet</code> object has also been modified 
+the same data modified in the <code>RowSet</code> object has also been modified
 in the data source. Using the optimistic concurrency model means that if there
-is a conflict, modifications to either the data source or the <code>RowSet</code> 
+is a conflict, modifications to either the data source or the <code>RowSet</code>
 object will be lost.
 <P>
 Higher grades of synchronization are called <i>pessimistic</i> because they assume
@@ -106,7 +106,7 @@
 grades set varying levels of locks to increase the chances that no conflicts
 occur.
 <P>
-The lowest level of synchronization is simply writing any changes made to the 
+The lowest level of synchronization is simply writing any changes made to the
 <code>RowSet</code> object to its underlying data source.  The writer does
 nothing to check for conflicts. 
 If there is a conflict and the data
@@ -116,69 +116,69 @@
 The <code>RIXMLProvider</code> implementation uses the lowest level 
 of synchronization and just writes <code>RowSet</code> changes to the data source.
 This is true because  typically XML data sources do not enable transaction
-techniques for maintaining the integrity of data. However, specific standards 
+techniques for maintaining the integrity of data. However, specific standards
 groups have considered offering XML-based synchronization.  For details, see
 <PRE>
      <a href="http://www.syncml.org">http://www.syncml.org</a>
 </PRE>
 <P>
 For the next level up, the
-writer checks to see if there are any conflicts, and if there are, 
+writer checks to see if there are any conflicts, and if there are,
 it does not write anything to the data source.  The problem with this concurrency
-level is that if another party has modified the corresponding data in the data source 
+level is that if another party has modified the corresponding data in the data source
 since the <code>RowSet</code> object got its data,
 the changes made to the <code>RowSet</code> object are lost. The
 <code>RIOptimisticProvider</code> implementation uses this level of synchronization.
 <P>
 At higher levels of synchronization, referred to as pessimistic concurrency,
 the writer take steps to avoid conflicts by setting locks. Setting locks
-can vary from setting a lock on a single row to setting a lock on a table 
-or the entire data source. The level of synchronization is therefore a tradeoff 
+can vary from setting a lock on a single row to setting a lock on a table
+or the entire data source. The level of synchronization is therefore a tradeoff
 between the ability of users to access the data source concurrently and the  ability
 of the writer to keep the data in the <code>RowSet</code> object and its data source
 synchronized.
 <P>
-It is a requirement that all disconnected <code>RowSet</code> objects 
-(<code>CachedRowSet</code>, <code>FilteredRowSet</code>, <code>JoinRowSet</code>, 
+It is a requirement that all disconnected <code>RowSet</code> objects
+(<code>CachedRowSet</code>, <code>FilteredRowSet</code>, <code>JoinRowSet</code>,
 and <code>WebRowSet</code> objects) obtain their <code>SyncProvider</code> objects
 from the <code>SyncFactory</code> mechanism.  
 <P>
 The reference implementation (RI) provides two synchronization providers.
-	<UL>
-       <LI><b><tt>RIOptimisticProvider</tt></b> <br>
+    <UL>
+       <LI><b><code>RIOptimisticProvider</code></b> <br>
            The default provider that the <code>SyncFactory</code> instance will
            supply to a disconnected <code>RowSet</code> object when no provider
            implementation is specified.<BR>
            This synchronization provider uses an optimistic concurrency model,
-           assuming that there will be few conflicts among users 
+           assuming that there will be few conflicts among users
            who are accessing the same data in a database.  It avoids
            using locks; rather, it checks to see if there is a conflict
            before trying to synchronize the <code>RowSet</code> object and the
            data source. If there is a conflict, it does nothing, meaning that
            changes to the <code>RowSet</code> object are not persisted to the data
            source.
-       <LI><B><tt>RIXMLProvider</tt></B> <BR>
+       <LI><B><code>RIXMLProvider</code></B> <BR>
             A synchronization provider that can be used with a
-            <code>WebRowSet</code> object, which is a rowset that can be written 
-            in XML format or read from XML format. The 
+            <code>WebRowSet</code> object, which is a rowset that can be written
+            in XML format or read from XML format. The
             <code>RIXMLProvider</code> implementation does no checking at all for
             conflicts and simply writes any updated data in the
             <code>WebRowSet</code> object to the underlying data source.
             <code>WebRowSet</code> objects use this provider when they are 
             dealing with XML data.
-	</UL>
+    </UL>
 
 These <code>SyncProvider</code> implementations
 are bundled with the reference implementation, which makes them always available to
-<code>RowSet</code> implementations. 
+<code>RowSet</code> implementations.
 <code>SyncProvider</code> implementations make themselves available by being
-registered with the <code>SyncFactory</code> singleton.  When a <code>RowSet</code> 
+registered with the <code>SyncFactory</code> singleton.  When a <code>RowSet</code>
 object requests a provider, by specifying it in the constructor or as an argument to the
-<code>CachedRowSet</code> method <code>setSyncProvider</code>, 
+<code>CachedRowSet</code> method <code>setSyncProvider</code>,
 the <code>SyncFactory</code> singleton
 checks to see if the requested provider has been registered with it.
 If it has, the <code>SyncFactory</code> creates an instance of it and passes it to the
-requesting <code>RowSet</code> object.  
+requesting <code>RowSet</code> object.
 If the <code>SyncProvider</code> implementation that is specified has not been registered,
 the <code>SyncFactory</code> singleton causes a <code>SyncFactoryException</code> object
 to be thrown.  If no provider is specified,
@@ -189,18 +189,18 @@
 <P>
 If a <code>WebRowSet</code> object does not specify a provider in its constructor, the
 <code>SyncFactory</code> will give it an instance of <code>RIOptimisticProvider</code>.
-However, the constructor for <code>WebRowSet</code> is implemented to set the provider 
+However, the constructor for <code>WebRowSet</code> is implemented to set the provider
 to the <code>RIXMLProvider</code>, which reads and writes a <code>RowSet</code> object
 in XML format.
 <P>
 See the <a href="SyncProvider.html">SyncProvider</a> class
 specification for further details.
 <p>
-Vendors may develop a <tt>SyncProvider</tt> implementation with any one of the possible
+Vendors may develop a <code>SyncProvider</code> implementation with any one of the possible
 levels of synchronization, thus giving <code>RowSet</code> objects a choice of
-synchronization mechanisms.  A vendor can make its implementation available by 
+synchronization mechanisms.  A vendor can make its implementation available by
 registering the fully qualified class name with Oracle Corporation at
-<code>jdbc@sun.com</code>. This process is discussed in further detail below. 
+<code>jdbc@sun.com</code>. This process is discussed in further detail below.
 
 <h3><a name="arch">2.0 Service Provider Interface Architecture</a></h3>
 <b>2.1 Overview</b>
@@ -208,7 +208,7 @@
 The Service Provider Interface provides a pluggable mechanism by which
 <code>SyncProvider</code> implementations can be registered and then generated when
 required. The lazy reference mechanism employed by the <code>SyncFactory</code> limits
-unnecessary resource consumption by not creating an instance until it is 
+unnecessary resource consumption by not creating an instance until it is
 required by a disconnected
 <code>RowSet</code> object. The <code>SyncFactory</code> class also provides
 a standard API to configure logging options and streams that <b>may</b> be provided
@@ -216,11 +216,11 @@
 <p>
 <b>2.2 Registering with the <code>SyncFactory</code></b>
 <p>
-A third party <code>SyncProvider</code> implementation must be registered with the 
-<code>SyncFactory</code> in order for a disconnected <code>RowSet</code> object 
-to obtain it and thereby use its <code>javax.sql.RowSetReader</code> and 
+A third party <code>SyncProvider</code> implementation must be registered with the
+<code>SyncFactory</code> in order for a disconnected <code>RowSet</code> object
+to obtain it and thereby use its <code>javax.sql.RowSetReader</code> and
 <code>javax.sql.RowSetWriter</code>
-implementations. The following registration mechanisms are available to all 
+implementations. The following registration mechanisms are available to all
 <code>SyncProvider</code> implementations:
 <ul>
 <li><b>System properties</b> - Properties set at the command line. These
@@ -235,9 +235,9 @@
 file than can be edited to add additional <code>SyncProvider</code> objects.
 
 <li><b>JNDI Context</b> - Available providers can be registered on a JNDI
-context. The <tt>SyncFactory</tt> will attempt to load <tt>SyncProvider</tt>
+context. The <code>SyncFactory</code> will attempt to load <code>SyncProvider</code>
 objects bound to the context and register them with the factory. This
-context must be supplied to the <code>SyncFactory</code> for the mechanism to 
+context must be supplied to the <code>SyncFactory</code> for the mechanism to
 function correctly.
 </ul>
 <p>
@@ -250,11 +250,11 @@
 The <code>SyncFactory</code> generates a requested <code>SyncProvider</code>
 object if the provider has been correctly registered.  The
 following policies are adhered to when either a disconnected <code>RowSet</code> object
-is instantiated with a specified <code>SyncProvider</code> implementation or is 
+is instantiated with a specified <code>SyncProvider</code> implementation or is
 reconfigured at runtime with an alternative <code>SyncProvider</code> object.
 <ul>
 <li> If a <code>SyncProvider</code> object is specified and the <code>SyncFactory</code>
-contains <i>no</i> reference to the provider, a <code>SyncFactoryException</code> is 
+contains <i>no</i> reference to the provider, a <code>SyncFactoryException</code> is
 thrown.
 
 <li> If a <code>SyncProvider</code> object is specified and the <code>SyncFactory</code>
@@ -294,13 +294,13 @@
 <li><b>GRADE_NONE</b> - No synchronization with the originating data source is
 provided. A <code>SyncProvider</code> implementation returning this grade will simply
 attempt to write any data that has changed in the <code>RowSet</code> object to the
-underlying data source, overwriting whatever is there. No attempt is made to compare 
-original values with current values to see if there is a conflict. The 
+underlying data source, overwriting whatever is there. No attempt is made to compare
+original values with current values to see if there is a conflict. The
 <code>RIXMLProvider</code> is implemented with this grade.
 
 <li><b>GRADE_CHECK_MODIFIED_AT_COMMIT</b> - A low grade of optimistic synchronization.
 A <code>SyncProvider</code> implementation returning this grade
-will check for conflicts in rows that have changed between the last synchronization 
+will check for conflicts in rows that have changed between the last synchronization
 and the current synchronization under way. Any changes in the originating data source
 that have been modified will not be reflected in the disconnected <code>RowSet</code>
 object. If there are no conflicts, changes in the <code>RowSet</code> object will be
@@ -333,16 +333,16 @@
 on which constructs the locks are placed.  These locks will remain on the data
 source while the <code>RowSet</code> object is disconnected from the data source.
 <P>
-These constants <b>should</b> be considered complementary to the 
+These constants <b>should</b> be considered complementary to the
 grade constants. The default setting for the majority of grade settings requires
-that no data source locks remain when a <code>RowSet</code> object is disconnected 
+that no data source locks remain when a <code>RowSet</code> object is disconnected
 from its data source.
 The grades <code>GRADE_LOCK_WHEN_MODIFIED</code> and
 <code>GRADE_LOCK_WHEN_LOADED</code> allow a disconnected <code>RowSet</code> object
 to have a fine-grained control over the degree of locking.
 <ul>
-<li><b>DATASOURCE_NO_LOCK</b> - No locks remain on the originating data source. 
-This is the default lock setting for all <code>SyncProvider</code> implementations 
+<li><b>DATASOURCE_NO_LOCK</b> - No locks remain on the originating data source.
+This is the default lock setting for all <code>SyncProvider</code> implementations
 unless otherwise directed by a <code>RowSet</code> object.
 
 <li><b>DATASOURCE_ROW_LOCK</b> - A lock is placed on the rows that are touched by
@@ -364,26 +364,26 @@
 <ul>
 <li><b>UPDATABLE_VIEW_SYNC</b>
 Indicates that a <code>SyncProvider</code> implementation  supports synchronization
-to the table or tables from which the SQL <code>VIEW</code> used to populate  a
+to the table or tables from which the SQL <code>VIEW</code> used to populate
 a <code>RowSet</code> object is derived.
 
 <li><b>NONUPDATABLE_VIEW_SYNC</b>
 Indicates that a <code>SyncProvider</code> implementation  does <b>not</b> support
-synchronization to the table or tables from which the SQL <code>VIEW</code> 
+synchronization to the table or tables from which the SQL <code>VIEW</code>
 used to populate  a <code>RowSet</code> object is derived.
 </ul>
 <p>
 <b>3.5 Usage of <code>SyncProvider</code> Grading and Locking</b>
 <p>
-In the example below, the reference <tt>CachedRowSetImpl</tt> implementation
-reconfigures its current <tt>SyncProvider</tt> object by calling the 
-<tt>setSyncProvider</tt> method.<br>
+In the example below, the reference <code>CachedRowSetImpl</code> implementation
+reconfigures its current <code>SyncProvider</code> object by calling the
+<code>setSyncProvider</code> method.<br>
 
 <PRE>
     CachedRowSetImpl crs = new CachedRowSetImpl();
     crs.setSyncProvider("com.foo.bar.HASyncProvider");
 </PRE>
-    An application can retrieve the <tt>SyncProvider</tt> object currently in use
+    An application can retrieve the <code>SyncProvider</code> object currently in use
 by a disconnected <code>RowSet</code> object. It can also retrieve the
 grade of synchronization with which the provider was implemented and the degree of
 locking currently in use.  In addition, an application has the flexibility to set
@@ -396,14 +396,14 @@
     case: SyncProvider.GRADE_CHECK_ALL_AT_COMMIT
          //A high grade of optimistic synchronization
     break;
-    case: SyncProvider.GRADE_CHECK_MODIFIED_AT_COMMIT 
-         //A low grade of optimistic synchronization 
+    case: SyncProvider.GRADE_CHECK_MODIFIED_AT_COMMIT
+         //A low grade of optimistic synchronization
     break;
-    case: SyncProvider.GRADE_LOCK_WHEN_LOADED 
-         // A pessimistic synchronization grade 
+    case: SyncProvider.GRADE_LOCK_WHEN_LOADED
+         // A pessimistic synchronization grade
     break;
-    case: SyncProvider.GRADE_LOCK_WHEN_MODIFIED 
-         // A pessimistic synchronization grade 
+    case: SyncProvider.GRADE_LOCK_WHEN_MODIFIED
+         // A pessimistic synchronization grade
     break;
     case: SyncProvider.GRADE_NONE 
       // No synchronization with the originating data source provided
@@ -421,13 +421,13 @@
       break;
 
       case: SyncProvider.DATASOURCE_ROW_LOCK
-       // A lock is placed on the rows that are  touched by the original 
+       // A lock is placed on the rows that are  touched by the original
        // SQL statement used to populate
        // the RowSet object that is using the SyncProvider
        break;
 
       case: DATASOURCE_TABLE_LOCK
-       // A lock is placed on  all tables that are touched by the original 
+       // A lock is placed on  all tables that are touched by the original
        // SQL statement used to populated
        // the RowSet object that is using the SyncProvider
        break;
@@ -450,12 +450,12 @@
 it throws a <code>SyncProviderException</code> object.  An application can
 catch the exception and
 have it retrieve a <code>SyncResolver</code> object by calling the method
-<code>SyncProviderException.getSyncResolver()</code>. 
+<code>SyncProviderException.getSyncResolver()</code>.
 <P>
-A <code>SyncResolver</code> object, which is a special kind of 
+A <code>SyncResolver</code> object, which is a special kind of
 <code>CachedRowSet</code> object or
-a <code>JdbcRowSet</code> object that has implemented the <code>SyncResolver</code> 
-interface,  examines the conflicts row by row. It is a duplicate of the 
+a <code>JdbcRowSet</code> object that has implemented the <code>SyncResolver</code>
+interface,  examines the conflicts row by row. It is a duplicate of the
 <code>RowSet</code> object being synchronized except that it contains only the data
 from the data source this is causing a conflict. All of the other column values are
 set to <code>null</code>. To navigate from one conflict value to another, a
@@ -472,18 +472,18 @@
      to be changed
 </UL>
 <P>
-When the <code>CachedRowSet</code> method <code>acceptChanges</code> is called, it 
+When the <code>CachedRowSet</code> method <code>acceptChanges</code> is called, it
 delegates to the <code>RowSet</code> object's  <code>SyncProvider</code> object.
 How the writer provided by that <code>SyncProvider</code> object is implemented
-determines what level (grade) of checking for conflicts will be done.  After all 
+determines what level (grade) of checking for conflicts will be done.  After all
 checking for conflicts is completed and one or more conflicts has been found, the method
 <code>acceptChanges</code> throws a <code>SyncProviderException</code> object. The
-application can catch the exception and use it to obtain a <code>SyncResolver</code> object.  
+application can catch the exception and use it to obtain a <code>SyncResolver</code> object.
 <P>
 The application can then use <code>SyncResolver</code> methods to get information
 about each conflict and decide what to do.  If the application logic or the user
 decides that a value in the <code>RowSet</code> object should be the one to
-persist, the application or user can overwrite the data source value with it.  
+persist, the application or user can overwrite the data source value with it.
 <P>
 The comment for the <code>SyncResolver</code> interface has more detail.
 
--- a/src/java.sql/share/classes/java/sql/Timestamp.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/java.sql/share/classes/java/sql/Timestamp.java	Thu Aug 20 12:29:24 2015 -0700
@@ -31,43 +31,43 @@
 import sun.misc.JavaLangAccess;
 
 /**
- * <P>A thin wrapper around <code>java.util.Date</code> that allows
- * the JDBC API to identify this as an SQL <code>TIMESTAMP</code> value.
+ * <P>A thin wrapper around {@code java.util.Date} that allows
+ * the JDBC API to identify this as an SQL {@code TIMESTAMP} value.
  * It adds the ability
- * to hold the SQL <code>TIMESTAMP</code> fractional seconds value, by allowing
+ * to hold the SQL {@code TIMESTAMP} fractional seconds value, by allowing
  * the specification of fractional seconds to a precision of nanoseconds.
  * A Timestamp also provides formatting and
  * parsing operations to support the JDBC escape syntax for timestamp values.
  *
  * <p>The precision of a Timestamp object is calculated to be either:
  * <ul>
- * <li><code>19 </code>, which is the number of characters in yyyy-mm-dd hh:mm:ss
- * <li> <code> 20 + s </code>, which is the number
- * of characters in the yyyy-mm-dd hh:mm:ss.[fff...] and <code>s</code> represents  the scale of the given Timestamp,
+ * <li>{@code 19 }, which is the number of characters in yyyy-mm-dd hh:mm:ss
+ * <li> {@code  20 + s }, which is the number
+ * of characters in the yyyy-mm-dd hh:mm:ss.[fff...] and {@code s} represents  the scale of the given Timestamp,
  * its fractional seconds precision.
  *</ul>
  *
- * <P><B>Note:</B> This type is a composite of a <code>java.util.Date</code> and a
+ * <P><B>Note:</B> This type is a composite of a {@code java.util.Date} and a
  * separate nanoseconds value. Only integral seconds are stored in the
- * <code>java.util.Date</code> component. The fractional seconds - the nanos - are
- * separate.  The <code>Timestamp.equals(Object)</code> method never returns
- * <code>true</code> when passed an object
- * that isn't an instance of <code>java.sql.Timestamp</code>,
+ * {@code java.util.Date} component. The fractional seconds - the nanos - are
+ * separate.  The {@code Timestamp.equals(Object)} method never returns
+ * {@code true} when passed an object
+ * that isn't an instance of {@code java.sql.Timestamp},
  * because the nanos component of a date is unknown.
- * As a result, the <code>Timestamp.equals(Object)</code>
+ * As a result, the {@code Timestamp.equals(Object)}
  * method is not symmetric with respect to the
- * <code>java.util.Date.equals(Object)</code>
- * method.  Also, the <code>hashCode</code> method uses the underlying
- * <code>java.util.Date</code>
+ * {@code java.util.Date.equals(Object)}
+ * method.  Also, the {@code hashCode} method uses the underlying
+ * {@code java.util.Date}
  * implementation and therefore does not include nanos in its computation.
  * <P>
- * Due to the differences between the <code>Timestamp</code> class
- * and the <code>java.util.Date</code>
+ * Due to the differences between the {@code Timestamp} class
+ * and the {@code java.util.Date}
  * class mentioned above, it is recommended that code not view
- * <code>Timestamp</code> values generically as an instance of
- * <code>java.util.Date</code>.  The
- * inheritance relationship between <code>Timestamp</code>
- * and <code>java.util.Date</code> really
+ * {@code Timestamp} values generically as an instance of
+ * {@code java.util.Date}.  The
+ * inheritance relationship between {@code Timestamp}
+ * and {@code java.util.Date} really
  * denotes implementation inheritance, and not type inheritance.
  */
 public class Timestamp extends java.util.Date {
@@ -75,7 +75,7 @@
     private static final JavaLangAccess jla = SharedSecrets.getJavaLangAccess();
 
     /**
-     * Constructs a <code>Timestamp</code> object initialized
+     * Constructs a {@code Timestamp} object initialized
      * with the given values.
      *
      * @param year the year minus 1900
@@ -85,7 +85,7 @@
      * @param minute 0 to 59
      * @param second 0 to 59
      * @param nano 0 to 999,999,999
-     * @deprecated instead use the constructor <code>Timestamp(long millis)</code>
+     * @deprecated instead use the constructor {@code Timestamp(long millis)}
      * @exception IllegalArgumentException if the nano argument is out of bounds
      */
     @Deprecated
@@ -99,11 +99,11 @@
     }
 
     /**
-     * Constructs a <code>Timestamp</code> object
+     * Constructs a {@code Timestamp} object
      * using a milliseconds time value. The
      * integral seconds are stored in the underlying date value; the
-     * fractional seconds are stored in the <code>nanos</code> field of
-     * the <code>Timestamp</code> object.
+     * fractional seconds are stored in the {@code nanos} field of
+     * the {@code Timestamp} object.
      *
      * @param time milliseconds since January 1, 1970, 00:00:00 GMT.
      *        A negative number is the number of milliseconds before
@@ -120,8 +120,8 @@
     }
 
     /**
-     * Sets this <code>Timestamp</code> object to represent a point in time that is
-     * <tt>time</tt> milliseconds after January 1, 1970 00:00:00 GMT.
+     * Sets this {@code Timestamp} object to represent a point in time that is
+     * {@code time} milliseconds after January 1, 1970 00:00:00 GMT.
      *
      * @param time   the number of milliseconds.
      * @see #getTime
@@ -139,7 +139,7 @@
 
     /**
      * Returns the number of milliseconds since January 1, 1970, 00:00:00 GMT
-     * represented by this <code>Timestamp</code> object.
+     * represented by this {@code Timestamp} object.
      *
      * @return  the number of milliseconds since January 1, 1970, 00:00:00 GMT
      *          represented by this date.
@@ -157,16 +157,16 @@
     private int nanos;
 
     /**
-     * Converts a <code>String</code> object in JDBC timestamp escape format to a
-     * <code>Timestamp</code> value.
+     * Converts a {@code String} object in JDBC timestamp escape format to a
+     * {@code Timestamp} value.
      *
-     * @param s timestamp in format <code>yyyy-[m]m-[d]d hh:mm:ss[.f...]</code>.  The
-     * fractional seconds may be omitted. The leading zero for <code>mm</code>
-     * and <code>dd</code> may also be omitted.
+     * @param s timestamp in format {@code yyyy-[m]m-[d]d hh:mm:ss[.f...]}.  The
+     * fractional seconds may be omitted. The leading zero for {@code mm}
+     * and {@code dd} may also be omitted.
      *
-     * @return corresponding <code>Timestamp</code> value
+     * @return corresponding {@code Timestamp} value
      * @exception java.lang.IllegalArgumentException if the given argument
-     * does not have the format <code>yyyy-[m]m-[d]d hh:mm:ss[.f...]</code>
+     * does not have the format {@code yyyy-[m]m-[d]d hh:mm:ss[.f...]}
      */
     public static Timestamp valueOf(String s) {
         final int YEAR_LENGTH = 4;
@@ -258,11 +258,11 @@
 
     /**
      * Formats a timestamp in JDBC timestamp escape format.
-     *         <code>yyyy-mm-dd hh:mm:ss.fffffffff</code>,
-     * where <code>ffffffffff</code> indicates nanoseconds.
+     *         {@code yyyy-mm-dd hh:mm:ss.fffffffff},
+     * where {@code ffffffffff} indicates nanoseconds.
      *
-     * @return a <code>String</code> object in
-     *           <code>yyyy-mm-dd hh:mm:ss.fffffffff</code> format
+     * @return a {@code String} object in
+     *           {@code yyyy-mm-dd hh:mm:ss.fffffffff} format
      */
     @SuppressWarnings("deprecation")
     public String toString() {
@@ -315,9 +315,9 @@
     }
 
     /**
-     * Gets this <code>Timestamp</code> object's <code>nanos</code> value.
+     * Gets this {@code Timestamp} object's {@code nanos} value.
      *
-     * @return this <code>Timestamp</code> object's fractional seconds component
+     * @return this {@code Timestamp} object's fractional seconds component
      * @see #setNanos
      */
     public int getNanos() {
@@ -325,7 +325,7 @@
     }
 
     /**
-     * Sets this <code>Timestamp</code> object's <code>nanos</code> field
+     * Sets this {@code Timestamp} object's {@code nanos} field
      * to the given value.
      *
      * @param n the new fractional seconds component
@@ -341,13 +341,13 @@
     }
 
     /**
-     * Tests to see if this <code>Timestamp</code> object is
-     * equal to the given <code>Timestamp</code> object.
+     * Tests to see if this {@code Timestamp} object is
+     * equal to the given {@code Timestamp} object.
      *
-     * @param ts the <code>Timestamp</code> value to compare with
-     * @return <code>true</code> if the given <code>Timestamp</code>
-     *         object is equal to this <code>Timestamp</code> object;
-     *         <code>false</code> otherwise
+     * @param ts the {@code Timestamp} value to compare with
+     * @return {@code true} if the given {@code Timestamp}
+     *         object is equal to this {@code Timestamp} object;
+     *         {@code false} otherwise
      */
     public boolean equals(Timestamp ts) {
         if (super.equals(ts)) {
@@ -362,22 +362,22 @@
     }
 
     /**
-     * Tests to see if this <code>Timestamp</code> object is
+     * Tests to see if this {@code Timestamp} object is
      * equal to the given object.
      *
-     * This version of the method <code>equals</code> has been added
+     * This version of the method {@code equals} has been added
      * to fix the incorrect
-     * signature of <code>Timestamp.equals(Timestamp)</code> and to preserve backward
+     * signature of {@code Timestamp.equals(Timestamp)} and to preserve backward
      * compatibility with existing class files.
      *
      * Note: This method is not symmetric with respect to the
-     * <code>equals(Object)</code> method in the base class.
+     * {@code equals(Object)} method in the base class.
      *
-     * @param ts the <code>Object</code> value to compare with
-     * @return <code>true</code> if the given <code>Object</code> is an instance
-     *         of a <code>Timestamp</code> that
-     *         is equal to this <code>Timestamp</code> object;
-     *         <code>false</code> otherwise
+     * @param ts the {@code Object} value to compare with
+     * @return {@code true} if the given {@code Object} is an instance
+     *         of a {@code Timestamp} that
+     *         is equal to this {@code Timestamp} object;
+     *         {@code false} otherwise
      */
     public boolean equals(java.lang.Object ts) {
       if (ts instanceof Timestamp) {
@@ -388,40 +388,40 @@
     }
 
     /**
-     * Indicates whether this <code>Timestamp</code> object is
-     * earlier than the given <code>Timestamp</code> object.
+     * Indicates whether this {@code Timestamp} object is
+     * earlier than the given {@code Timestamp} object.
      *
-     * @param ts the <code>Timestamp</code> value to compare with
-     * @return <code>true</code> if this <code>Timestamp</code> object is earlier;
-     *        <code>false</code> otherwise
+     * @param ts the {@code Timestamp} value to compare with
+     * @return {@code true} if this {@code Timestamp} object is earlier;
+     *        {@code false} otherwise
      */
     public boolean before(Timestamp ts) {
         return compareTo(ts) < 0;
     }
 
     /**
-     * Indicates whether this <code>Timestamp</code> object is
-     * later than the given <code>Timestamp</code> object.
+     * Indicates whether this {@code Timestamp} object is
+     * later than the given {@code Timestamp} object.
      *
-     * @param ts the <code>Timestamp</code> value to compare with
-     * @return <code>true</code> if this <code>Timestamp</code> object is later;
-     *        <code>false</code> otherwise
+     * @param ts the {@code Timestamp} value to compare with
+     * @return {@code true} if this {@code Timestamp} object is later;
+     *        {@code false} otherwise
      */
     public boolean after(Timestamp ts) {
         return compareTo(ts) > 0;
     }
 
     /**
-     * Compares this <code>Timestamp</code> object to the given
-     * <code>Timestamp</code> object.
+     * Compares this {@code Timestamp} object to the given
+     * {@code Timestamp} object.
      *
-     * @param   ts   the <code>Timestamp</code> object to be compared to
-     *                this <code>Timestamp</code> object
-     * @return  the value <code>0</code> if the two <code>Timestamp</code>
-     *          objects are equal; a value less than <code>0</code> if this
-     *          <code>Timestamp</code> object is before the given argument;
-     *          and a value greater than <code>0</code> if this
-     *          <code>Timestamp</code> object is after the given argument.
+     * @param   ts   the {@code Timestamp} object to be compared to
+     *                this {@code Timestamp} object
+     * @return  the value {@code 0} if the two {@code Timestamp}
+     *          objects are equal; a value less than {@code 0} if this
+     *          {@code Timestamp} object is before the given argument;
+     *          and a value greater than {@code 0} if this
+     *          {@code Timestamp} object is after the given argument.
      * @since   1.4
      */
     public int compareTo(Timestamp ts) {
@@ -439,16 +439,16 @@
     }
 
     /**
-     * Compares this <code>Timestamp</code> object to the given
-     * <code>Date</code> object.
+     * Compares this {@code Timestamp} object to the given
+     * {@code Date} object.
      *
-     * @param o the <code>Date</code> to be compared to
-     *          this <code>Timestamp</code> object
-     * @return  the value <code>0</code> if this <code>Timestamp</code> object
-     *          and the given object are equal; a value less than <code>0</code>
-     *          if this  <code>Timestamp</code> object is before the given argument;
-     *          and a value greater than <code>0</code> if this
-     *          <code>Timestamp</code> object is after the given argument.
+     * @param o the {@code Date} to be compared to
+     *          this {@code Timestamp} object
+     * @return  the value {@code 0} if this {@code Timestamp} object
+     *          and the given object are equal; a value less than {@code 0}
+     *          if this  {@code Timestamp} object is before the given argument;
+     *          and a value greater than {@code 0} if this
+     *          {@code Timestamp} object is after the given argument.
      *
      * @since   1.5
      */
--- a/src/jdk.attach/share/classes/com/sun/tools/attach/VirtualMachine.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/jdk.attach/share/classes/com/sun/tools/attach/VirtualMachine.java	Thu Aug 20 12:29:24 2015 -0700
@@ -35,7 +35,7 @@
 /**
  * A Java virtual machine.
  *
- * <p> A <code>VirtualMachine</code> represents a Java virtual machine to which this
+ * <p> A {@code VirtualMachine} represents a Java virtual machine to which this
  * Java virtual machine has attached. The Java virtual machine to which it is
  * attached is sometimes called the <i>target virtual machine</i>, or <i>target VM</i>.
  * An application (typically a tool such as a managemet console or profiler) uses a
@@ -47,7 +47,7 @@
  * with an identifier that identifies the target virtual machine. The identifier is
  * implementation-dependent but is typically the process identifier (or pid) in
  * environments where each Java virtual machine runs in its own operating system process.
- * Alternatively, a <code>VirtualMachine</code> instance is obtained by invoking the
+ * Alternatively, a {@code VirtualMachine} instance is obtained by invoking the
  * {@link #attach(VirtualMachineDescriptor) attach} method with a {@link
  * com.sun.tools.attach.VirtualMachineDescriptor VirtualMachineDescriptor} obtained
  * from the list of virtual machine descriptors returned by the {@link #list list} method.
@@ -66,7 +66,7 @@
  * <p> In addition to loading agents a VirtualMachine provides read access to the
  * {@link java.lang.System#getProperties() system properties} in the target VM.
  * This can be useful in some environments where properties such as
- * <code>java.home</code>, <code>os.name</code>, or <code>os.arch</code> are
+ * {@code java.home}, {@code os.name}, or {@code os.arch} are
  * used to construct the path to agent that will be loaded into the target VM.
  *
  * <p> The following example demonstrates how VirtualMachine may be used:</p>
@@ -87,7 +87,7 @@
  * </pre>
  *
  * <p> In this example we attach to a Java virtual machine that is identified by
- * the process identifier <code>2177</code>. Then the JMX management agent is
+ * the process identifier {@code 2177}. Then the JMX management agent is
  * started in the target process using the supplied arguments. Finally, the
  * client detaches from the target VM. </p>
  *
@@ -111,7 +111,7 @@
      *          The abstract identifier that identifies the Java virtual machine.
      *
      * @throws  NullPointerException
-     *          If <code>provider</code> or <code>id</code> is <code>null</code>.
+     *          If {@code provider} or {@code id} is {@code null}.
      */
     protected VirtualMachine(AttachProvider provider, String id) {
         if (provider == null) {
@@ -160,10 +160,10 @@
      * attachVirtualMachine} method in turn. If a provider successfully
      * attaches then the iteration terminates, and the VirtualMachine created
      * by the provider that successfully attached is returned by this method.
-     * If the <code>attachVirtualMachine</code> method of all providers throws
+     * If the {@code attachVirtualMachine} method of all providers throws
      * {@link com.sun.tools.attach.AttachNotSupportedException AttachNotSupportedException}
-     * then this method also throws <code>AttachNotSupportedException</code>.
-     * This means that <code>AttachNotSupportedException</code> is thrown when
+     * then this method also throws {@code AttachNotSupportedException}.
+     * This means that {@code AttachNotSupportedException} is thrown when
      * the identifier provided to this method is invalid, or the identifier
      * corresponds to a Java virtual machine that does not exist, or none
      * of the providers can attach to it. This exception is also thrown if
@@ -178,19 +178,19 @@
      * @throws  SecurityException
      *          If a security manager has been installed and it denies
      *          {@link com.sun.tools.attach.AttachPermission AttachPermission}
-     *          <tt>("attachVirtualMachine")</tt>, or another permission
+     *          {@code ("attachVirtualMachine")}, or another permission
      *          required by the implementation.
      *
      * @throws  AttachNotSupportedException
-     *          If the <code>attachVirtualmachine</code> method of all installed
-     *          providers throws <code>AttachNotSupportedException</code>, or
+     *          If the {@code attachVirtualmachine} method of all installed
+     *          providers throws {@code AttachNotSupportedException}, or
      *          there aren't any providers installed.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>id</code> is <code>null</code>.
+     *          If {@code id} is {@code null}.
      */
     public static VirtualMachine attach(String id)
         throws AttachNotSupportedException, IOException
@@ -231,18 +231,18 @@
      * @throws  SecurityException
      *          If a security manager has been installed and it denies
      *          {@link com.sun.tools.attach.AttachPermission AttachPermission}
-     *          <tt>("attachVirtualMachine")</tt>, or another permission
+     *          {@code ("attachVirtualMachine")}, or another permission
      *          required by the implementation.
      *
      * @throws  AttachNotSupportedException
-     *          If the attach provider's <code>attachVirtualmachine</code>
-     *          throws <code>AttachNotSupportedException</code>.
+     *          If the attach provider's {@code attachVirtualmachine}
+     *          throws {@code AttachNotSupportedException}.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>vmd</code> is <code>null</code>.
+     *          If {@code vmd} is {@code null}.
      */
     public static VirtualMachine attach(VirtualMachineDescriptor vmd)
         throws AttachNotSupportedException, IOException
@@ -259,7 +259,7 @@
      * loadAgent} for example) is in progress when this method is invoked then
      * the behaviour is implementation dependent. In other words, it is
      * implementation specific if the operation completes or throws
-     * <tt>IOException</tt>.
+     * {@code IOException}.
      *
      * <p> If already detached from the virtual machine then invoking this
      * method has no effect. </p>
@@ -296,26 +296,26 @@
      * platform equivalent of a dynamic library. Alternatively, it may be statically linked into the VM.
      * This method causes the given agent library to be loaded into the target
      * VM (if not already loaded or if not statically linked into the VM).
-     * It then causes the target VM to invoke the <code>Agent_OnAttach</code> function
-     * or, for a statically linked agent named 'L', the <code>Agent_OnAttach_L</code> function
+     * It then causes the target VM to invoke the {@code Agent_OnAttach} function
+     * or, for a statically linked agent named 'L', the {@code Agent_OnAttach_L} function
      * as specified in the
      * <a href="../../../../../../../../technotes/guides/jvmti/index.html"> JVM Tools
-     * Interface</a> specification. Note that the <code>Agent_OnAttach[_L]</code>
+     * Interface</a> specification. Note that the {@code Agent_OnAttach[_L]}
      * function is invoked even if the agent library was loaded prior to invoking
      * this method.
      *
      * <p> The agent library provided is the name of the agent library. It is interpreted
      * in the target virtual machine in an implementation-dependent manner. Typically an
      * implementation will expand the library name into an operating system specific file
-     * name. For example, on UNIX systems, the name <tt>L</tt> might be expanded to
-     * <tt>libL.so</tt>, and located using the search path specified by the
-     * <tt>LD_LIBRARY_PATH</tt> environment variable. If the agent named 'L' is
+     * name. For example, on UNIX systems, the name {@code L} might be expanded to
+     * {@code libL.so}, and located using the search path specified by the
+     * {@code LD_LIBRARY_PATH} environment variable. If the agent named 'L' is
      * statically linked into the VM then the VM must export a function named
-     * <code>Agent_OnAttach_L</code>.</p>
+     * {@code Agent_OnAttach_L}.</p>
      *
-     * <p> If the <code>Agent_OnAttach[_L]</code> function in the agent library returns
+     * <p> If the {@code Agent_OnAttach[_L]} function in the agent library returns
      * an error then an {@link com.sun.tools.attach.AgentInitializationException} is
-     * thrown. The return value from the <code>Agent_OnAttach[_L]</code> can then be
+     * thrown. The return value from the {@code Agent_OnAttach[_L]} can then be
      * obtained by invoking the {@link
      * com.sun.tools.attach.AgentInitializationException#returnValue() returnValue}
      * method on the exception. </p>
@@ -324,8 +324,8 @@
      *          The name of the agent library.
      *
      * @param   options
-     *          The options to provide to the <code>Agent_OnAttach[_L]</code>
-     *          function (can be <code>null</code>).
+     *          The options to provide to the {@code Agent_OnAttach[_L]}
+     *          function (can be {@code null}).
      *
      * @throws  AgentLoadException
      *          If the agent library does not exist, the agent library is not
@@ -333,13 +333,13 @@
      *          loaded for another reason.
      *
      * @throws  AgentInitializationException
-     *          If the <code>Agent_OnAttach[_L]</code> function returns an error.
+     *          If the {@code Agent_OnAttach[_L]} function returns an error.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agentLibrary</code> is <code>null</code>.
+     *          If {@code agentLibrary} is {@code null}.
      *
      * @see     com.sun.tools.attach.AgentInitializationException#returnValue()
      */
@@ -351,9 +351,9 @@
      *
      * <p> This convenience method works as if by invoking:
      *
-     * <blockquote><tt>
+     * <blockquote><code>
      * {@link #loadAgentLibrary(String, String) loadAgentLibrary}(agentLibrary,&nbsp;null);
-     * </tt></blockquote>
+     * </code></blockquote>
      *
      * @param   agentLibrary
      *          The name of the agent library.
@@ -364,13 +364,13 @@
      *          loaded for another reason.
      *
      * @throws  AgentInitializationException
-     *          If the <code>Agent_OnAttach[_L]</code> function returns an error.
+     *          If the {@code Agent_OnAttach[_L]} function returns an error.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agentLibrary</code> is <code>null</code>.
+     *          If {@code agentLibrary} is {@code null}.
      */
     public void loadAgentLibrary(String agentLibrary)
         throws AgentLoadException, AgentInitializationException, IOException
@@ -389,18 +389,18 @@
      * linked with the VM. The parsing of the agentPath parameter into
      * a statically linked library name is done in a platform
      * specific manner in the VM. For example, in UNIX, an agentPath parameter
-     * of <code>/a/b/libL.so</code> would name a library 'L'.
+     * of {@code /a/b/libL.so} would name a library 'L'.
      *
      * See the JVM TI Specification for more details.
      *
      * This method causes the given agent library to be loaded into the target
      * VM (if not already loaded or if not statically linked into the VM).
-     * It then causes the target VM to invoke the <code>Agent_OnAttach</code>
+     * It then causes the target VM to invoke the {@code Agent_OnAttach}
      * function or, for a statically linked agent named 'L', the
-     * <code>Agent_OnAttach_L</code> function as specified in the
+     * {@code Agent_OnAttach_L} function as specified in the
      * <a href="../../../../../../../../technotes/guides/jvmti/index.html"> JVM Tools
      * Interface</a> specification.
-     * Note that the <code>Agent_OnAttach[_L]</code>
+     * Note that the {@code Agent_OnAttach[_L]}
      * function is invoked even if the agent library was loaded prior to invoking
      * this method.
      *
@@ -408,9 +408,9 @@
      * agent library. Unlike {@link #loadAgentLibrary loadAgentLibrary}, the library name
      * is not expanded in the target virtual machine. </p>
      *
-     * <p> If the <code>Agent_OnAttach[_L]</code> function in the agent library returns
+     * <p> If the {@code Agent_OnAttach[_L]} function in the agent library returns
      * an error then an {@link com.sun.tools.attach.AgentInitializationException} is
-     * thrown. The return value from the <code>Agent_OnAttach[_L]</code> can then be
+     * thrown. The return value from the {@code Agent_OnAttach[_L]} can then be
      * obtained by invoking the {@link
      * com.sun.tools.attach.AgentInitializationException#returnValue() returnValue}
      * method on the exception. </p>
@@ -419,8 +419,8 @@
      *          The full path of the agent library.
      *
      * @param   options
-     *          The options to provide to the <code>Agent_OnAttach[_L]</code>
-     *          function (can be <code>null</code>).
+     *          The options to provide to the {@code Agent_OnAttach[_L]}
+     *          function (can be {@code null}).
      *
      * @throws  AgentLoadException
      *          If the agent library does not exist, the agent library is not
@@ -428,13 +428,13 @@
      *          loaded for another reason.
      *
      * @throws  AgentInitializationException
-     *          If the <code>Agent_OnAttach[_L]</code> function returns an error.
+     *          If the {@code Agent_OnAttach[_L]} function returns an error.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agentPath</code> is <code>null</code>.
+     *          If {@code agentPath} is {@code null}.
      *
      * @see     com.sun.tools.attach.AgentInitializationException#returnValue()
      */
@@ -446,9 +446,9 @@
      *
      * <p> This convenience method works as if by invoking:
      *
-     * <blockquote><tt>
+     * <blockquote><code>
      * {@link #loadAgentPath(String, String) loadAgentPath}(agentLibrary,&nbsp;null);
-     * </tt></blockquote>
+     * </code></blockquote>
      *
      * @param   agentPath
      *          The full path to the agent library.
@@ -459,13 +459,13 @@
      *          loaded for another reason.
      *
      * @throws  AgentInitializationException
-     *          If the <code>Agent_OnAttach[_L]</code> function returns an error.
+     *          If the {@code Agent_OnAttach[_L]} function returns an error.
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agentPath</code> is <code>null</code>.
+     *          If {@code agentPath} is {@code null}.
      */
     public void loadAgentPath(String agentPath)
        throws AgentLoadException, AgentInitializationException, IOException
@@ -482,29 +482,29 @@
      * machine where it is interpreted. The target virtual machine attempts to start
      * the agent as specified by the {@link java.lang.instrument} specification.
      * That is, the specified JAR file is added to the system class path (of the target
-     * virtual machine), and the <code>agentmain</code> method of the agent class, specified
-     * by the <code>Agent-Class</code> attribute in the JAR manifest, is invoked. This
-     * method completes when the <code>agentmain</code> method completes.
+     * virtual machine), and the {@code agentmain} method of the agent class, specified
+     * by the {@code Agent-Class} attribute in the JAR manifest, is invoked. This
+     * method completes when the {@code agentmain} method completes.
      *
      * @param   agent
      *          Path to the JAR file containing the agent.
      *
      * @param   options
-     *          The options to provide to the agent's <code>agentmain</code>
-     *          method (can be <code>null</code>).
+     *          The options to provide to the agent's {@code agentmain}
+     *          method (can be {@code null}).
      *
      * @throws  AgentLoadException
      *          If the agent does not exist, or cannot be started in the manner
      *          specified in the {@link java.lang.instrument} specification.
      *
      * @throws  AgentInitializationException
-     *          If the <code>agentmain</code> throws an exception
+     *          If the {@code agentmain} throws an exception
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agent</code> is <code>null</code>.
+     *          If {@code agent} is {@code null}.
      */
     public abstract void loadAgent(String agent, String options)
         throws AgentLoadException, AgentInitializationException, IOException;
@@ -514,9 +514,9 @@
      *
      * <p> This convenience method works as if by invoking:
      *
-     * <blockquote><tt>
+     * <blockquote><code>
      * {@link #loadAgent(String, String) loadAgent}(agent,&nbsp;null);
-     * </tt></blockquote>
+     * </code></blockquote>
      *
      * @param   agent
      *          Path to the JAR file containing the agent.
@@ -526,13 +526,13 @@
      *          specified in the {@link java.lang.instrument} specification.
      *
      * @throws  AgentInitializationException
-     *          If the <code>agentmain</code> throws an exception
+     *          If the {@code agentmain} throws an exception
      *
      * @throws  IOException
      *          If an I/O error occurs
      *
      * @throws  NullPointerException
-     *          If <code>agent</code> is <code>null</code>.
+     *          If {@code agent} is {@code null}.
      */
     public void loadAgent(String agent)
         throws AgentLoadException, AgentInitializationException, IOException
@@ -544,16 +544,16 @@
      * Returns the current system properties in the target virtual machine.
      *
      * <p> This method returns the system properties in the target virtual
-     * machine. Properties whose key or value is not a <tt>String</tt> are
+     * machine. Properties whose key or value is not a {@code String} are
      * omitted. The method is approximately equivalent to the invocation of the
      * method {@link java.lang.System#getProperties System.getProperties}
      * in the target virtual machine except that properties with a key or
-     * value that is not a <tt>String</tt> are not included.
+     * value that is not a {@code String} are not included.
      *
      * <p> This method is typically used to decide which agent to load into
      * the target virtual machine with {@link #loadAgent loadAgent}, or
      * {@link #loadAgentLibrary loadAgentLibrary}. For example, the
-     * <code>java.home</code> or <code>user.dir</code> properties might be
+     * {@code java.home} or {@code user.dir} properties might be
      * use to create the path to the agent library or JAR file.
      *
      * @return  The system properties
@@ -586,7 +586,7 @@
      * agent might create an agent property for its transport address.
      *
      * <p> This method returns the agent properties whose key and value is a
-     * <tt>String</tt>. Properties whose key or value is not a <tt>String</tt>
+     * {@code String}. Properties whose key or value is not a {@code String}
      * are omitted. If there are no agent properties maintained in the target
      * virtual machine then an empty property list is returned.
      *
@@ -686,7 +686,7 @@
      * Tests this VirtualMachine for equality with another object.
      *
      * <p> If the given object is not a VirtualMachine then this
-     * method returns <tt>false</tt>. For two VirtualMachines to
+     * method returns {@code false}. For two VirtualMachines to
      * be considered equal requires that they both reference the same
      * provider, and their {@link VirtualMachineDescriptor#id() identifiers} are equal. </p>
      *
@@ -695,7 +695,7 @@
      *
      * @param   ob   The object to which this object is to be compared
      *
-     * @return  <tt>true</tt> if, and only if, the given object is
+     * @return  {@code true} if, and only if, the given object is
      *                a VirtualMachine that is equal to this
      *                VirtualMachine.
      */
@@ -715,7 +715,7 @@
     }
 
     /**
-     * Returns the string representation of the <code>VirtualMachine</code>.
+     * Returns the string representation of the {@code VirtualMachine}.
      */
     public String toString() {
         return provider.toString() + ": " + id;
--- a/src/jdk.attach/share/classes/com/sun/tools/attach/VirtualMachineDescriptor.java	Thu Aug 20 11:38:21 2015 -0700
+++ b/src/jdk.attach/share/classes/com/sun/tools/attach/VirtualMachineDescriptor.java	Thu Aug 20 12:29:24 2015 -0700
@@ -30,7 +30,7 @@
 /**
  * Describes a Java virtual machine.
  *
- * <p> A <code>VirtualMachineDescriptor</code> is a container class used to
+ * <p> A {@code VirtualMachineDescriptor} is a container class used to
  * describe a Java virtual machine. It encapsulates an identifier that identifies
  * a target virtual machine, and a reference to the {@link
  * com.sun.tools.attach.spi.AttachProvider AttachProvider} that should be used
@@ -39,15 +39,15 @@
  * environments where each Java virtual machine runs in its own operating system
  * process. </p>
  *
- * <p> A <code>VirtualMachineDescriptor</code> also has a {@link #displayName() displayName}.
+ * <p> A {@code VirtualMachineDescriptor} also has a {@link #displayName() displayName}.
  * The display name is typically a human readable string that a tool might
  * display to a user. For example, a tool that shows a list of Java
  * virtual machines running on a system might use the display name rather
- * than the identifier. A <code>VirtualMachineDescriptor</code> may be
+ * than the identifier. A {@code VirtualMachineDescriptor} may be
  * created without a <i>display name</i>. In that case the identifier is
  * used as the <i>display name</i>.
  *
- * <p> <code>VirtualMachineDescriptor</code> instances are typically created by
+ * <p> {@code VirtualMachineDescriptor} instances are typically created by
  * invoking the {@link com.sun.tools.attach.VirtualMachine#list VirtualMachine.list()}
  * method. This returns the complete list of descriptors to describe the
  * Java virtual machines known to all installed {@link
@@ -72,7 +72,7 @@
      * @param   displayName   The display name.
      *
      * @throws  NullPointerException
-     *          If any of the arguments are <code>null</code>
+     *          If any of the arguments are {@code null}
      */
     public VirtualMachineDescriptor(AttachProvider provider, String id, String displayName) {
         if (provider == null) {
@@ -95,10 +95,10 @@
      * <p> This convenience constructor works as if by invoking the
      * three-argument constructor as follows:
      *
-     * <blockquote><tt>
+     * <blockquote><code>
      * new&nbsp;{@link #VirtualMachineDescriptor(AttachProvider, String, String)
      * VirtualMachineDescriptor}(provider, &nbsp;id, &nbsp;id);
-     * </tt></blockquote>
+     * </code></blockquote>
      *
      * <p> That is, it creates a virtual machine descriptor such that
      * the <i>display name</i> is the same as the virtual machine
@@ -108,16 +108,16 @@
      * @param   id            The virtual machine identifier.
      *
      * @throws  NullPointerException
-     *          If <tt>provider</tt> or <tt>id</tt> is <tt>null</tt>.
+     *          If {@code provider} or {@code id} is {@code null}.
      */
     public VirtualMachineDescriptor(AttachProvider provider, String id) {
         this(provider, id, id);
     }
 
     /**
-     * Return the <code>AttachProvider</code> that this descriptor references.
+     * Return the {@code AttachProvider} that this descriptor references.
      *
-     * @return The <code>AttachProvider</code> that this descriptor references.
+     * @return The {@code AttachProvider} that this descriptor references.
      */
     public AttachProvider provider() {
         return provider;
@@ -161,7 +161,7 @@
      * Tests this VirtualMachineDescriptor for equality with another object.
      *
      * <p> If the given object is not a VirtualMachineDescriptor then this
-     * method returns <tt>false</tt>. For two VirtualMachineDescriptors to
+     * method returns {@code false}. For two VirtualMachineDescriptors to
      * be considered equal requires that they both reference the same
      * provider, and their {@link #id() identifiers} are equal. </p>
      *
@@ -170,7 +170,7 @@
      *
      * @param   ob   The object to which this object is to be compared
      *
-     * @return  <tt>true</tt> if, and only if, the given object is
+     * @return  {@code true} if, and only if, the given object is
      *                a VirtualMachineDescriptor that is equal to this
      *                VirtualMachineDescriptor.
      */
@@ -190,7 +190,7 @@
     }
 
     /**
-     * Returns the string representation of the <code>VirtualMachineDescriptor</code>.
+     * Returns the string representation of the {@code VirtualMachineDescriptor}.
      */
     public String toString() {
         String s = provider.toString() + ": " + id;
--- a/src/jdk.deploy.osx/macosx/classes/apple/security/AppleProvider.java	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package apple.security;
-
-import java.security.*;
-
-/**
- * The Apple Security Provider.
- */
-
-/**
- * Defines the Apple provider.
- *
- * This provider only exists to provide access to the Apple keychain-based KeyStore implementation
- */
-@SuppressWarnings("serial") // JDK implementation class
-public final class AppleProvider extends Provider {
-
-    private static final String info = "Apple Provider";
-
-    private static final class ProviderService extends Provider.Service {
-        ProviderService(Provider p, String type, String algo, String cn) {
-            super(p, type, algo, cn, null, null);
-        }
-
-        @Override
-        public Object newInstance(Object ctrParamObj)
-            throws NoSuchAlgorithmException {
-            String type = getType();
-            if (ctrParamObj != null) {
-                throw new InvalidParameterException
-                    ("constructorParameter not used with " + type + " engines");
-            }
-
-            String algo = getAlgorithm();
-            try {
-                if (type.equals("KeyStore")) {
-                    if (algo.equals("KeychainStore")) {
-                        return new KeychainStore();
-                    }
-                }
-            } catch (Exception ex) {
-                throw new NoSuchAlgorithmException("Error constructing " +
-                    type + " for " + algo + " using Apple", ex);
-            }
-            throw new ProviderException("No impl for " + algo +
-                " " + type);
-        }
-    }
-
-
-    public AppleProvider() {
-        /* We are the Apple provider */
-        super("Apple", 1.9d, info);
-
-        final Provider p = this;
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-            public Void run() {
-                putService(new ProviderService(p, "KeyStore",
-                           "KeychainStore", "apple.security.KeychainStore"));
-                return null;
-            }
-        });
-    }
-}
--- a/src/jdk.deploy.osx/macosx/classes/apple/security/KeychainStore.java	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1149 +0,0 @@
-/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package apple.security;
-
-import java.io.*;
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-import java.security.spec.*;
-import java.util.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import javax.security.auth.x500.*;
-
-import sun.security.pkcs.*;
-import sun.security.pkcs.EncryptedPrivateKeyInfo;
-import sun.security.util.*;
-import sun.security.x509.*;
-
-/**
- * This class provides the keystore implementation referred to as "KeychainStore".
- * It uses the current user's keychain as its backing storage, and does NOT support
- * a file-based implementation.
- */
-
-public final class KeychainStore extends KeyStoreSpi {
-
-    // Private keys and their supporting certificate chains
-    // If a key came from the keychain it has a SecKeyRef and one or more
-    // SecCertificateRef.  When we delete the key we have to delete all of the corresponding
-    // native objects.
-    class KeyEntry {
-        Date date; // the creation date of this entry
-        byte[] protectedPrivKey;
-        char[] password;
-        long keyRef;  // SecKeyRef for this key
-        Certificate chain[];
-        long chainRefs[];  // SecCertificateRefs for this key's chain.
-    };
-
-    // Trusted certificates
-    class TrustedCertEntry {
-        Date date; // the creation date of this entry
-
-        Certificate cert;
-        long certRef;  // SecCertificateRef for this key
-    };
-
-    /**
-     * Entries that have been deleted.  When something calls engineStore we'll
-     * remove them from the keychain.
-     */
-    private Hashtable<String, Object> deletedEntries = new Hashtable<>();
-
-    /**
-     * Entries that have been added.  When something calls engineStore we'll
-     * add them to the keychain.
-     */
-    private Hashtable<String, Object> addedEntries = new Hashtable<>();
-
-    /**
-     * Private keys and certificates are stored in a hashtable.
-     * Hash entries are keyed by alias names.
-     */
-    private Hashtable<String, Object> entries = new Hashtable<>();
-
-    /**
-     * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
-     */
-    private static final int keyBag[]  = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
-    private static final int pbeWithSHAAnd3KeyTripleDESCBC[] =     {1, 2, 840, 113549, 1, 12, 1, 3};
-    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
-    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
-
-    /**
-     * Constnats used in PBE decryption.
-     */
-    private static final int iterationCount = 1024;
-    private static final int SALT_LEN = 20;
-
-    static {
-        AccessController.doPrivileged(
-            new PrivilegedAction<Void>() {
-                public Void run() {
-                    System.loadLibrary("osx");
-                    return null;
-                }
-            });
-        try {
-            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
-            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
-        } catch (IOException ioe) {
-            // should not happen
-        }
-    }
-
-    private static void permissionCheck() {
-        SecurityManager sec = System.getSecurityManager();
-
-        if (sec != null) {
-            sec.checkPermission(new RuntimePermission("useKeychainStore"));
-        }
-    }
-
-
-    /**
-     * Verify the Apple provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
-     */
-    public KeychainStore() { }
-
-    /**
-        * Returns the key associated with the given alias, using the given
-     * password to recover it.
-     *
-     * @param alias the alias name
-     * @param password the password for recovering the key. This password is
-     *        used internally as the key is exported in a PKCS12 format.
-     *
-     * @return the requested key, or null if the given alias does not exist
-     * or does not identify a <i>key entry</i>.
-     *
-     * @exception NoSuchAlgorithmException if the algorithm for recovering the
-     * key cannot be found
-     * @exception UnrecoverableKeyException if the key cannot be recovered
-     * (e.g., the given password is wrong).
-     */
-    public Key engineGetKey(String alias, char[] password)
-        throws NoSuchAlgorithmException, UnrecoverableKeyException
-    {
-        permissionCheck();
-
-        // An empty password is rejected by MacOS API, no private key data
-        // is exported. If no password is passed (as is the case when
-        // this implementation is used as browser keystore in various
-        // deployment scenarios like Webstart, JFX and applets), create
-        // a dummy password so MacOS API is happy.
-        if (password == null || password.length == 0) {
-            // Must not be a char array with only a 0, as this is an empty
-            // string.
-            if (random == null) {
-                random = new SecureRandom();
-            }
-            password = Long.toString(random.nextLong()).toCharArray();
-        }
-
-        Object entry = entries.get(alias.toLowerCase());
-
-        if (entry == null || !(entry instanceof KeyEntry)) {
-            return null;
-        }
-
-        // This call gives us a PKCS12 bag, with the key inside it.
-        byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry)entry).keyRef, password);
-        if (exportedKeyInfo == null) {
-            return null;
-        }
-
-        PrivateKey returnValue = null;
-
-        try {
-            byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
-            byte[] encryptedKey;
-            AlgorithmParameters algParams;
-            ObjectIdentifier algOid;
-            try {
-                // get the encrypted private key
-                EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
-                encryptedKey = encrInfo.getEncryptedData();
-
-                // parse Algorithm parameters
-                DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
-                DerInputStream in = val.toDerInputStream();
-                algOid = in.getOID();
-                algParams = parseAlgParameters(in);
-
-            } catch (IOException ioe) {
-                UnrecoverableKeyException uke =
-                new UnrecoverableKeyException("Private key not stored as "
-                                              + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
-                uke.initCause(ioe);
-                throw uke;
-            }
-
-            // Use JCE to decrypt the data using the supplied password.
-            SecretKey skey = getPBEKey(password);
-            Cipher cipher = Cipher.getInstance(algOid.toString());
-            cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
-            byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
-            PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
-
-             // Parse the key algorithm and then use a JCA key factory to create the private key.
-            DerValue val = new DerValue(decryptedPrivateKey);
-            DerInputStream in = val.toDerInputStream();
-
-            // Ignore this -- version should be 0.
-            int i = in.getInteger();
-
-            // Get the Algorithm ID next
-            DerValue[] value = in.getSequence(2);
-            AlgorithmId algId = new AlgorithmId(value[0].getOID());
-            String algName = algId.getName();
-
-            // Get a key factory for this algorithm.  It's likely to be 'RSA'.
-            KeyFactory kfac = KeyFactory.getInstance(algName);
-            returnValue = kfac.generatePrivate(kspec);
-        } catch (Exception e) {
-            UnrecoverableKeyException uke =
-            new UnrecoverableKeyException("Get Key failed: " +
-                                          e.getMessage());
-            uke.initCause(e);
-            throw uke;
-        }
-
-        return returnValue;
-    }
-
-    private native byte[] _getEncodedKeyData(long secKeyRef, char[] password);
-
-    /**
-     * Returns the certificate chain associated with the given alias.
-     *
-     * @param alias the alias name
-     *
-     * @return the certificate chain (ordered with the user's certificate first
-                                      * and the root certificate authority last), or null if the given alias
-     * does not exist or does not contain a certificate chain (i.e., the given
-                                                               * alias identifies either a <i>trusted certificate entry</i> or a
-                                                               * <i>key entry</i> without a certificate chain).
-     */
-    public Certificate[] engineGetCertificateChain(String alias) {
-        permissionCheck();
-
-        Object entry = entries.get(alias.toLowerCase());
-
-        if (entry != null && entry instanceof KeyEntry) {
-            if (((KeyEntry)entry).chain == null) {
-                return null;
-            } else {
-                return ((KeyEntry)entry).chain.clone();
-            }
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Returns the certificate associated with the given alias.
-     *
-     * <p>If the given alias name identifies a
-     * <i>trusted certificate entry</i>, the certificate associated with that
-     * entry is returned. If the given alias name identifies a
-     * <i>key entry</i>, the first element of the certificate chain of that
-     * entry is returned, or null if that entry does not have a certificate
-     * chain.
-     *
-     * @param alias the alias name
-     *
-     * @return the certificate, or null if the given alias does not exist or
-     * does not contain a certificate.
-     */
-    public Certificate engineGetCertificate(String alias) {
-        permissionCheck();
-
-        Object entry = entries.get(alias.toLowerCase());
-
-        if (entry != null) {
-            if (entry instanceof TrustedCertEntry) {
-                return ((TrustedCertEntry)entry).cert;
-            } else {
-                KeyEntry ke = (KeyEntry)entry;
-                if (ke.chain == null || ke.chain.length == 0) {
-                    return null;
-                }
-                return ke.chain[0];
-            }
-        } else {
-            return null;
-        }
-    }
-
-    /**
-        * Returns the creation date of the entry identified by the given alias.
-     *
-     * @param alias the alias name
-     *
-     * @return the creation date of this entry, or null if the given alias does
-     * not exist
-     */
-    public Date engineGetCreationDate(String alias) {
-        permissionCheck();
-
-        Object entry = entries.get(alias.toLowerCase());
-
-        if (entry != null) {
-            if (entry instanceof TrustedCertEntry) {
-                return new Date(((TrustedCertEntry)entry).date.getTime());
-            } else {
-                return new Date(((KeyEntry)entry).date.getTime());
-            }
-        } else {
-            return null;
-        }
-    }
-
-    /**
-        * Assigns the given key to the given alias, protecting it with the given
-     * password.
-     *
-     * <p>If the given key is of type <code>java.security.PrivateKey</code>,
-     * it must be accompanied by a certificate chain certifying the
-     * corresponding public key.
-     *
-     * <p>If the given alias already exists, the keystore information
-     * associated with it is overridden by the given key (and possibly
-                                                          * certificate chain).
-     *
-     * @param alias the alias name
-     * @param key the key to be associated with the alias
-     * @param password the password to protect the key
-     * @param chain the certificate chain for the corresponding public
-     * key (only required if the given key is of type
-            * <code>java.security.PrivateKey</code>).
-     *
-     * @exception KeyStoreException if the given key cannot be protected, or
-     * this operation fails for some other reason
-     */
-    public void engineSetKeyEntry(String alias, Key key, char[] password,
-                                  Certificate[] chain)
-        throws KeyStoreException
-    {
-        permissionCheck();
-
-        synchronized(entries) {
-            try {
-                KeyEntry entry = new KeyEntry();
-                entry.date = new Date();
-
-                if (key instanceof PrivateKey) {
-                    if ((key.getFormat().equals("PKCS#8")) ||
-                        (key.getFormat().equals("PKCS8"))) {
-                        entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
-                        entry.password = password.clone();
-                    } else {
-                        throw new KeyStoreException("Private key is not encoded as PKCS#8");
-                    }
-                } else {
-                    throw new KeyStoreException("Key is not a PrivateKey");
-                }
-
-                // clone the chain
-                if (chain != null) {
-                    if ((chain.length > 1) && !validateChain(chain)) {
-                        throw new KeyStoreException("Certificate chain does not validate");
-                    }
-
-                    entry.chain = chain.clone();
-                    entry.chainRefs = new long[entry.chain.length];
-                }
-
-                String lowerAlias = alias.toLowerCase();
-                if (entries.get(lowerAlias) != null) {
-                    deletedEntries.put(lowerAlias, entries.get(lowerAlias));
-                }
-
-                entries.put(lowerAlias, entry);
-                addedEntries.put(lowerAlias, entry);
-            } catch (Exception nsae) {
-                KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
-                ke.initCause(nsae);
-                throw ke;
-            }
-        }
-    }
-
-    /**
-        * Assigns the given key (that has already been protected) to the given
-     * alias.
-     *
-     * <p>If the protected key is of type
-     * <code>java.security.PrivateKey</code>, it must be accompanied by a
-     * certificate chain certifying the corresponding public key. If the
-     * underlying keystore implementation is of type <code>jks</code>,
-     * <code>key</code> must be encoded as an
-     * <code>EncryptedPrivateKeyInfo</code> as defined in the PKCS #8 standard.
-     *
-     * <p>If the given alias already exists, the keystore information
-     * associated with it is overridden by the given key (and possibly
-                                                          * certificate chain).
-     *
-     * @param alias the alias name
-     * @param key the key (in protected format) to be associated with the alias
-     * @param chain the certificate chain for the corresponding public
-     * key (only useful if the protected key is of type
-            * <code>java.security.PrivateKey</code>).
-     *
-     * @exception KeyStoreException if this operation fails.
-     */
-    public void engineSetKeyEntry(String alias, byte[] key,
-                                  Certificate[] chain)
-        throws KeyStoreException
-    {
-        permissionCheck();
-
-        synchronized(entries) {
-            // key must be encoded as EncryptedPrivateKeyInfo as defined in
-            // PKCS#8
-            KeyEntry entry = new KeyEntry();
-            try {
-                EncryptedPrivateKeyInfo privateKey = new EncryptedPrivateKeyInfo(key);
-                entry.protectedPrivKey = privateKey.getEncoded();
-            } catch (IOException ioe) {
-                throw new KeyStoreException("key is not encoded as "
-                                            + "EncryptedPrivateKeyInfo");
-            }
-
-            entry.date = new Date();
-
-            if ((chain != null) &&
-                (chain.length != 0)) {
-                entry.chain = chain.clone();
-                entry.chainRefs = new long[entry.chain.length];
-            }
-
-            String lowerAlias = alias.toLowerCase();
-            if (entries.get(lowerAlias) != null) {
-                deletedEntries.put(lowerAlias, entries.get(alias));
-            }
-            entries.put(lowerAlias, entry);
-            addedEntries.put(lowerAlias, entry);
-        }
-    }
-
-    /**
-        * Assigns the given certificate to the given alias.
-     *
-     * <p>If the given alias already exists in this keystore and identifies a
-     * <i>trusted certificate entry</i>, the certificate associated with it is
-     * overridden by the given certificate.
-     *
-     * @param alias the alias name
-     * @param cert the certificate
-     *
-     * @exception KeyStoreException if the given alias already exists and does
-     * not identify a <i>trusted certificate entry</i>, or this operation
-     * fails for some other reason.
-     */
-    public void engineSetCertificateEntry(String alias, Certificate cert)
-        throws KeyStoreException
-    {
-        permissionCheck();
-
-        synchronized(entries) {
-
-            Object entry = entries.get(alias.toLowerCase());
-            if ((entry != null) && (entry instanceof KeyEntry)) {
-                throw new KeyStoreException
-                ("Cannot overwrite key entry with certificate");
-            }
-
-            // This will be slow, but necessary.  Enumerate the values and then see if the cert matches the one in the trusted cert entry.
-            // Security framework doesn't support the same certificate twice in a keychain.
-            Collection<Object> allValues = entries.values();
-
-            for (Object value : allValues) {
-                if (value instanceof TrustedCertEntry) {
-                    TrustedCertEntry tce = (TrustedCertEntry)value;
-                    if (tce.cert.equals(cert)) {
-                        throw new KeyStoreException("Keychain does not support mulitple copies of same certificate.");
-                    }
-                }
-            }
-
-            TrustedCertEntry trustedCertEntry = new TrustedCertEntry();
-            trustedCertEntry.cert = cert;
-            trustedCertEntry.date = new Date();
-            String lowerAlias = alias.toLowerCase();
-            if (entries.get(lowerAlias) != null) {
-                deletedEntries.put(lowerAlias, entries.get(lowerAlias));
-            }
-            entries.put(lowerAlias, trustedCertEntry);
-            addedEntries.put(lowerAlias, trustedCertEntry);
-        }
-    }
-
-    /**
-        * Deletes the entry identified by the given alias from this keystore.
-     *
-     * @param alias the alias name
-     *
-     * @exception KeyStoreException if the entry cannot be removed.
-     */
-    public void engineDeleteEntry(String alias)
-        throws KeyStoreException
-    {
-        permissionCheck();
-
-        synchronized(entries) {
-            Object entry = entries.remove(alias.toLowerCase());
-            deletedEntries.put(alias.toLowerCase(), entry);
-        }
-    }
-
-    /**
-        * Lists all the alias names of this keystore.
-     *
-     * @return enumeration of the alias names
-     */
-    public Enumeration<String> engineAliases() {
-        permissionCheck();
-        return entries.keys();
-    }
-
-    /**
-        * Checks if the given alias exists in this keystore.
-     *
-     * @param alias the alias name
-     *
-     * @return true if the alias exists, false otherwise
-     */
-    public boolean engineContainsAlias(String alias) {
-        permissionCheck();
-        return entries.containsKey(alias.toLowerCase());
-    }
-
-    /**
-        * Retrieves the number of entries in this keystore.
-     *
-     * @return the number of entries in this keystore
-     */
-    public int engineSize() {
-        permissionCheck();
-        return entries.size();
-    }
-
-    /**
-        * Returns true if the entry identified by the given alias is a
-     * <i>key entry</i>, and false otherwise.
-     *
-     * @return true if the entry identified by the given alias is a
-     * <i>key entry</i>, false otherwise.
-     */
-    public boolean engineIsKeyEntry(String alias) {
-        permissionCheck();
-        Object entry = entries.get(alias.toLowerCase());
-        if ((entry != null) && (entry instanceof KeyEntry)) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    /**
-        * Returns true if the entry identified by the given alias is a
-     * <i>trusted certificate entry</i>, and false otherwise.
-     *
-     * @return true if the entry identified by the given alias is a
-     * <i>trusted certificate entry</i>, false otherwise.
-     */
-    public boolean engineIsCertificateEntry(String alias) {
-        permissionCheck();
-        Object entry = entries.get(alias.toLowerCase());
-        if ((entry != null) && (entry instanceof TrustedCertEntry)) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    /**
-        * Returns the (alias) name of the first keystore entry whose certificate
-     * matches the given certificate.
-     *
-     * <p>This method attempts to match the given certificate with each
-     * keystore entry. If the entry being considered
-     * is a <i>trusted certificate entry</i>, the given certificate is
-     * compared to that entry's certificate. If the entry being considered is
-     * a <i>key entry</i>, the given certificate is compared to the first
-     * element of that entry's certificate chain (if a chain exists).
-     *
-     * @param cert the certificate to match with.
-     *
-     * @return the (alias) name of the first entry with matching certificate,
-     * or null if no such entry exists in this keystore.
-     */
-    public String engineGetCertificateAlias(Certificate cert) {
-        permissionCheck();
-        Certificate certElem;
-
-        for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
-            String alias = e.nextElement();
-            Object entry = entries.get(alias);
-            if (entry instanceof TrustedCertEntry) {
-                certElem = ((TrustedCertEntry)entry).cert;
-            } else {
-                KeyEntry ke = (KeyEntry)entry;
-                if (ke.chain == null || ke.chain.length == 0) {
-                    continue;
-                }
-                certElem = ke.chain[0];
-            }
-            if (certElem.equals(cert)) {
-                return alias;
-            }
-        }
-        return null;
-    }
-
-    /**
-        * Stores this keystore to the given output stream, and protects its
-     * integrity with the given password.
-     *
-     * @param stream Ignored. the output stream to which this keystore is written.
-     * @param password the password to generate the keystore integrity check
-     *
-     * @exception IOException if there was an I/O problem with data
-     * @exception NoSuchAlgorithmException if the appropriate data integrity
-     * algorithm could not be found
-     * @exception CertificateException if any of the certificates included in
-     * the keystore data could not be stored
-     */
-    public void engineStore(OutputStream stream, char[] password)
-        throws IOException, NoSuchAlgorithmException, CertificateException
-    {
-        permissionCheck();
-
-        // Delete items that do have a keychain item ref.
-        for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) {
-            String alias = e.nextElement();
-            Object entry = deletedEntries.get(alias);
-            if (entry instanceof TrustedCertEntry) {
-                if (((TrustedCertEntry)entry).certRef != 0) {
-                    _removeItemFromKeychain(((TrustedCertEntry)entry).certRef);
-                    _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
-                }
-            } else {
-                Certificate certElem;
-                KeyEntry keyEntry = (KeyEntry)entry;
-
-                if (keyEntry.chain != null) {
-                    for (int i = 0; i < keyEntry.chain.length; i++) {
-                        if (keyEntry.chainRefs[i] != 0) {
-                            _removeItemFromKeychain(keyEntry.chainRefs[i]);
-                            _releaseKeychainItemRef(keyEntry.chainRefs[i]);
-                        }
-                    }
-
-                    if (keyEntry.keyRef != 0) {
-                        _removeItemFromKeychain(keyEntry.keyRef);
-                        _releaseKeychainItemRef(keyEntry.keyRef);
-                    }
-                }
-            }
-        }
-
-        // Add all of the certs or keys in the added entries.
-        // No need to check for 0 refs, as they are in the added list.
-        for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) {
-            String alias = e.nextElement();
-            Object entry = addedEntries.get(alias);
-            if (entry instanceof TrustedCertEntry) {
-                TrustedCertEntry tce = (TrustedCertEntry)entry;
-                Certificate certElem;
-                certElem = tce.cert;
-                tce.certRef = addCertificateToKeychain(alias, certElem);
-            } else {
-                KeyEntry keyEntry = (KeyEntry)entry;
-
-                if (keyEntry.chain != null) {
-                    for (int i = 0; i < keyEntry.chain.length; i++) {
-                        keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]);
-                    }
-
-                    keyEntry.keyRef = _addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password);
-                }
-            }
-        }
-
-        // Clear the added and deletedEntries hashtables here, now that we're done with the updates.
-        // For the deleted entries, we freed up the native references above.
-        deletedEntries.clear();
-        addedEntries.clear();
-    }
-
-    private long addCertificateToKeychain(String alias, Certificate cert) {
-        byte[] certblob = null;
-        long returnValue = 0;
-
-        try {
-            certblob = cert.getEncoded();
-            returnValue = _addItemToKeychain(alias, true, certblob, null);
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-
-        return returnValue;
-    }
-
-    private native long _addItemToKeychain(String alias, boolean isCertificate, byte[] datablob, char[] password);
-    private native int _removeItemFromKeychain(long certRef);
-    private native void _releaseKeychainItemRef(long keychainItemRef);
-
-    /**
-      * Loads the keystore from the Keychain.
-     *
-     * @param stream Ignored - here for API compatibility.
-     * @param password Ignored - if user needs to unlock keychain Security
-     * framework will post any dialogs.
-     *
-     * @exception IOException if there is an I/O or format problem with the
-     * keystore data
-     * @exception NoSuchAlgorithmException if the algorithm used to check
-     * the integrity of the keystore cannot be found
-     * @exception CertificateException if any of the certificates in the
-     * keystore could not be loaded
-     */
-    public void engineLoad(InputStream stream, char[] password)
-        throws IOException, NoSuchAlgorithmException, CertificateException
-    {
-        permissionCheck();
-
-        // Release any stray keychain references before clearing out the entries.
-        synchronized(entries) {
-            for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
-                String alias = e.nextElement();
-                Object entry = entries.get(alias);
-                if (entry instanceof TrustedCertEntry) {
-                    if (((TrustedCertEntry)entry).certRef != 0) {
-                        _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
-                    }
-                } else {
-                    KeyEntry keyEntry = (KeyEntry)entry;
-
-                    if (keyEntry.chain != null) {
-                        for (int i = 0; i < keyEntry.chain.length; i++) {
-                            if (keyEntry.chainRefs[i] != 0) {
-                                _releaseKeychainItemRef(keyEntry.chainRefs[i]);
-                            }
-                        }
-
-                        if (keyEntry.keyRef != 0) {
-                            _releaseKeychainItemRef(keyEntry.keyRef);
-                        }
-                    }
-                }
-            }
-
-            entries.clear();
-            _scanKeychain();
-        }
-    }
-
-    private native void _scanKeychain();
-
-    /**
-     * Callback method from _scanKeychain.  If a trusted certificate is found, this method will be called.
-     */
-    private void createTrustedCertEntry(String alias, long keychainItemRef, long creationDate, byte[] derStream) {
-        TrustedCertEntry tce = new TrustedCertEntry();
-
-        try {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            InputStream input = new ByteArrayInputStream(derStream);
-            X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
-            input.close();
-            tce.cert = cert;
-            tce.certRef = keychainItemRef;
-
-            // Make a creation date.
-            if (creationDate != 0)
-                tce.date = new Date(creationDate);
-            else
-                tce.date = new Date();
-
-            int uniqueVal = 1;
-            String originalAlias = alias;
-
-            while (entries.containsKey(alias.toLowerCase())) {
-                alias = originalAlias + " " + uniqueVal;
-                uniqueVal++;
-            }
-
-            entries.put(alias.toLowerCase(), tce);
-        } catch (Exception e) {
-            // The certificate will be skipped.
-            System.err.println("KeychainStore Ignored Exception: " + e);
-        }
-    }
-
-    /**
-     * Callback method from _scanKeychain.  If an identity is found, this method will be called to create Java certificate
-     * and private key objects from the keychain data.
-     */
-    private void createKeyEntry(String alias, long creationDate, long secKeyRef, long[] secCertificateRefs, byte[][] rawCertData)
-        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
-        KeyEntry ke = new KeyEntry();
-
-        // First, store off the private key information.  This is the easy part.
-        ke.protectedPrivKey = null;
-        ke.keyRef = secKeyRef;
-
-        // Make a creation date.
-        if (creationDate != 0)
-            ke.date = new Date(creationDate);
-        else
-            ke.date = new Date();
-
-        // Next, create X.509 Certificate objects from the raw data.  This is complicated
-        // because a certificate's public key may be too long for Java's default encryption strength.
-        List<CertKeychainItemPair> createdCerts = new ArrayList<>();
-
-        try {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-            for (int i = 0; i < rawCertData.length; i++) {
-                try {
-                    InputStream input = new ByteArrayInputStream(rawCertData[i]);
-                    X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
-                    input.close();
-
-                    // We successfully created the certificate, so track it and its corresponding SecCertificateRef.
-                    createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
-                } catch (CertificateException e) {
-                    // The certificate will be skipped.
-                    System.err.println("KeychainStore Ignored Exception: " + e);
-                }
-            }
-        } catch (CertificateException e) {
-            e.printStackTrace();
-        } catch (IOException ioe) {
-            ioe.printStackTrace();  // How would this happen?
-        }
-
-        // We have our certificates in the List, so now extract them into an array of
-        // Certificates and SecCertificateRefs.
-        CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
-        Certificate[] certArray = new Certificate[objArray.length];
-        long[] certRefArray = new long[objArray.length];
-
-        for (int i = 0; i < objArray.length; i++) {
-            CertKeychainItemPair addedItem = objArray[i];
-            certArray[i] = addedItem.mCert;
-            certRefArray[i] = addedItem.mCertificateRef;
-        }
-
-        ke.chain = certArray;
-        ke.chainRefs = certRefArray;
-
-        // If we don't have already have an item with this item's alias
-        // create a new one for it.
-        int uniqueVal = 1;
-        String originalAlias = alias;
-
-        while (entries.containsKey(alias.toLowerCase())) {
-            alias = originalAlias + " " + uniqueVal;
-            uniqueVal++;
-        }
-
-        entries.put(alias.toLowerCase(), ke);
-    }
-
-    private class CertKeychainItemPair {
-        long mCertificateRef;
-        Certificate mCert;
-
-        CertKeychainItemPair(long inCertRef, Certificate cert) {
-            mCertificateRef = inCertRef;
-            mCert = cert;
-        }
-    }
-
-    /*
-     * Validate Certificate Chain
-     */
-    private boolean validateChain(Certificate[] certChain)
-    {
-        for (int i = 0; i < certChain.length-1; i++) {
-            X500Principal issuerDN =
-            ((X509Certificate)certChain[i]).getIssuerX500Principal();
-            X500Principal subjectDN =
-                ((X509Certificate)certChain[i+1]).getSubjectX500Principal();
-            if (!(issuerDN.equals(subjectDN)))
-                return false;
-        }
-        return true;
-    }
-
-    @SuppressWarnings("deprecation")
-    private byte[] fetchPrivateKeyFromBag(byte[] privateKeyInfo) throws IOException, NoSuchAlgorithmException, CertificateException
-    {
-        byte[] returnValue = null;
-        DerValue val = new DerValue(new ByteArrayInputStream(privateKeyInfo));
-        DerInputStream s = val.toDerInputStream();
-        int version = s.getInteger();
-
-        if (version != 3) {
-            throw new IOException("PKCS12 keystore not in version 3 format");
-        }
-
-        /*
-            * Read the authSafe.
-         */
-        byte[] authSafeData;
-        ContentInfo authSafe = new ContentInfo(s);
-        ObjectIdentifier contentType = authSafe.getContentType();
-
-        if (contentType.equals(ContentInfo.DATA_OID)) {
-            authSafeData = authSafe.getData();
-        } else /* signed data */ {
-            throw new IOException("public key protected PKCS12 not supported");
-        }
-
-        DerInputStream as = new DerInputStream(authSafeData);
-        DerValue[] safeContentsArray = as.getSequence(2);
-        int count = safeContentsArray.length;
-
-        /*
-         * Spin over the ContentInfos.
-         */
-        for (int i = 0; i < count; i++) {
-            byte[] safeContentsData;
-            ContentInfo safeContents;
-            DerInputStream sci;
-            byte[] eAlgId = null;
-
-            sci = new DerInputStream(safeContentsArray[i].toByteArray());
-            safeContents = new ContentInfo(sci);
-            contentType = safeContents.getContentType();
-            safeContentsData = null;
-
-            if (contentType.equals(ContentInfo.DATA_OID)) {
-                safeContentsData = safeContents.getData();
-            } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
-                // The password was used to export the private key from the keychain.
-                // The Keychain won't export the key with encrypted data, so we don't need
-                // to worry about it.
-                continue;
-            } else {
-                throw new IOException("public key protected PKCS12" +
-                                      " not supported");
-            }
-            DerInputStream sc = new DerInputStream(safeContentsData);
-            returnValue = extractKeyData(sc);
-        }
-
-        return returnValue;
-    }
-
-    @SuppressWarnings("deprecation")
-    private byte[] extractKeyData(DerInputStream stream)
-        throws IOException, NoSuchAlgorithmException, CertificateException
-    {
-        byte[] returnValue = null;
-        DerValue[] safeBags = stream.getSequence(2);
-        int count = safeBags.length;
-
-        /*
-         * Spin over the SafeBags.
-         */
-        for (int i = 0; i < count; i++) {
-            ObjectIdentifier bagId;
-            DerInputStream sbi;
-            DerValue bagValue;
-            Object bagItem = null;
-
-            sbi = safeBags[i].toDerInputStream();
-            bagId = sbi.getOID();
-            bagValue = sbi.getDerValue();
-            if (!bagValue.isContextSpecific((byte)0)) {
-                throw new IOException("unsupported PKCS12 bag value type "
-                                      + bagValue.tag);
-            }
-            bagValue = bagValue.data.getDerValue();
-            if (bagId.equals(PKCS8ShroudedKeyBag_OID)) {
-                // got what we were looking for.  Return it.
-                returnValue = bagValue.toByteArray();
-            } else {
-                // log error message for "unsupported PKCS12 bag type"
-                System.out.println("Unsupported bag type '" + bagId + "'");
-            }
-        }
-
-        return returnValue;
-    }
-
-    /*
-        * Generate PBE Algorithm Parameters
-     */
-    private AlgorithmParameters getAlgorithmParameters(String algorithm)
-        throws IOException
-    {
-        AlgorithmParameters algParams = null;
-
-        // create PBE parameters from salt and iteration count
-        PBEParameterSpec paramSpec =
-            new PBEParameterSpec(getSalt(), iterationCount);
-        try {
-            algParams = AlgorithmParameters.getInstance(algorithm);
-            algParams.init(paramSpec);
-        } catch (Exception e) {
-            IOException ioe =
-            new IOException("getAlgorithmParameters failed: " +
-                            e.getMessage());
-            ioe.initCause(e);
-            throw ioe;
-        }
-        return algParams;
-    }
-
-    // the source of randomness
-    private SecureRandom random;
-
-    /*
-     * Generate random salt
-     */
-    private byte[] getSalt()
-    {
-        // Generate a random salt.
-        byte[] salt = new byte[SALT_LEN];
-        if (random == null) {
-            random = new SecureRandom();
-        }
-        salt = random.generateSeed(SALT_LEN);
-        return salt;
-    }
-
-    /*
-     * parse Algorithm Parameters
-     */
-    private AlgorithmParameters parseAlgParameters(DerInputStream in)
-        throws IOException
-    {
-        AlgorithmParameters algParams = null;
-        try {
-            DerValue params;
-            if (in.available() == 0) {
-                params = null;
-            } else {
-                params = in.getDerValue();
-                if (params.tag == DerValue.tag_Null) {
-                    params = null;
-                }
-            }
-            if (params != null) {
-                algParams = AlgorithmParameters.getInstance("PBE");
-                algParams.init(params.toByteArray());
-            }
-        } catch (Exception e) {
-            IOException ioe =
-            new IOException("parseAlgParameters failed: " +
-                            e.getMessage());
-            ioe.initCause(e);
-            throw ioe;
-        }
-        return algParams;
-    }
-
-    /*
-     * Generate PBE key
-     */
-    private SecretKey getPBEKey(char[] password) throws IOException
-    {
-        SecretKey skey = null;
-
-        try {
-            PBEKeySpec keySpec = new PBEKeySpec(password);
-            SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
-            skey = skFac.generateSecret(keySpec);
-        } catch (Exception e) {
-            IOException ioe = new IOException("getSecretKey failed: " +
-                                              e.getMessage());
-            ioe.initCause(e);
-            throw ioe;
-        }
-        return skey;
-    }
-
-    /*
-     * Encrypt private key using Password-based encryption (PBE)
-     * as defined in PKCS#5.
-     *
-     * NOTE: Currently pbeWithSHAAnd3-KeyTripleDES-CBC algorithmID is
-     *       used to derive the key and IV.
-     *
-     * @return encrypted private key encoded as EncryptedPrivateKeyInfo
-     */
-    private byte[] encryptPrivateKey(byte[] data, char[] password)
-        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException
-    {
-        byte[] key = null;
-
-        try {
-            // create AlgorithmParameters
-            AlgorithmParameters algParams =
-            getAlgorithmParameters("PBEWithSHA1AndDESede");
-
-            // Use JCE
-            SecretKey skey = getPBEKey(password);
-            Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
-            cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
-            byte[] encryptedKey = cipher.doFinal(data);
-
-            // wrap encrypted private key in EncryptedPrivateKeyInfo
-            // as defined in PKCS#8
-            AlgorithmId algid =
-                new AlgorithmId(pbeWithSHAAnd3KeyTripleDESCBC_OID, algParams);
-            EncryptedPrivateKeyInfo encrInfo =
-                new EncryptedPrivateKeyInfo(algid, encryptedKey);
-            key = encrInfo.getEncoded();
-        } catch (Exception e) {
-            UnrecoverableKeyException uke =
-            new UnrecoverableKeyException("Encrypt Private Key failed: "
-                                          + e.getMessage());
-            uke.initCause(e);
-            throw uke;
-        }
-
-        return key;
-    }
-
-
-}
-
--- a/src/jdk.deploy.osx/macosx/native/libosx/KeystoreImpl.m	Thu Aug 20 11:38:21 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,589 +0,0 @@
-/*
- * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-#import "apple_security_KeychainStore.h"
-
-#import <Security/Security.h>
-#import <Security/SecImportExport.h>
-#import <CoreServices/CoreServices.h>  // (for require() macros)
-#import <JavaNativeFoundation/JavaNativeFoundation.h>
-
-
-static JNF_CLASS_CACHE(jc_KeychainStore, "apple/security/KeychainStore");
-static JNF_MEMBER_CACHE(jm_createTrustedCertEntry, jc_KeychainStore, "createTrustedCertEntry", "(Ljava/lang/String;JJ[B)V");
-static JNF_MEMBER_CACHE(jm_createKeyEntry, jc_KeychainStore, "createKeyEntry", "(Ljava/lang/String;JJ[J[[B)V");
-
-static jstring getLabelFromItem(JNIEnv *env, SecKeychainItemRef inItem)
-{
-    OSStatus status;
-    jstring returnValue = NULL;
-    char *attribCString = NULL;
-
-    SecKeychainAttribute itemAttrs[] = { { kSecLabelItemAttr, 0, NULL } };
-    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
-
-    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
-
-    if(status) {
-        cssmPerror("getLabelFromItem: SecKeychainItemCopyContent", status);
-        goto errOut;
-    }
-
-    attribCString = malloc(itemAttrs[0].length + 1);
-    strncpy(attribCString, itemAttrs[0].data, itemAttrs[0].length);
-    attribCString[itemAttrs[0].length] = '\0';
-    returnValue = (*env)->NewStringUTF(env, attribCString);
-
-errOut:
-    SecKeychainItemFreeContent(&attrList, NULL);
-    if (attribCString) free(attribCString);
-    return returnValue;
-}
-
-static jlong getModDateFromItem(JNIEnv *env, SecKeychainItemRef inItem)
-{
-    OSStatus status;
-    SecKeychainAttribute itemAttrs[] = { { kSecModDateItemAttr, 0, NULL } };
-    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
-    jlong returnValue = 0;
-
-    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
-
-    if(status) {
-        // This is almost always missing, so don't dump an error.
-        // cssmPerror("getModDateFromItem: SecKeychainItemCopyContent", status);
-        goto errOut;
-    }
-
-    memcpy(&returnValue, itemAttrs[0].data, itemAttrs[0].length);
-
-errOut:
-    SecKeychainItemFreeContent(&attrList, NULL);
-    return returnValue;
-}
-
-static void setLabelForItem(NSString *inLabel, SecKeychainItemRef inItem)
-{
-    OSStatus status;
-    const char *labelCString = [inLabel UTF8String];
-
-    // Set up attribute vector (each attribute consists of {tag, length, pointer}):
-    SecKeychainAttribute attrs[] = {
-        { kSecLabelItemAttr, strlen(labelCString), (void *)labelCString }
-    };
-
-    const SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs };
-
-    // Not changing data here, just attributes.
-    status = SecKeychainItemModifyContent(inItem, &attributes, 0, NULL);
-
-    if(status) {
-        cssmPerror("setLabelForItem: SecKeychainItemModifyContent", status);
-    }
-}
-
-/*
- * Given a SecIdentityRef, do our best to construct a complete, ordered, and
- * verified cert chain, returning the result in a CFArrayRef. The result is
- * can be passed back to Java as a chain for a private key.
- */
-static OSStatus completeCertChain(
-                                     SecIdentityRef         identity,
-                                     SecCertificateRef    trustedAnchor,    // optional additional trusted anchor
-                                     bool                 includeRoot,     // include the root in outArray
-                                     CFArrayRef            *outArray)        // created and RETURNED
-{
-    SecTrustRef                    secTrust = NULL;
-    SecPolicyRef                policy = NULL;
-    SecPolicySearchRef            policySearch = NULL;
-    SecTrustResultType            secTrustResult;
-    CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv;            // not used
-    CFArrayRef                    certChain = NULL;   // constructed chain, CERTS ONLY
-    CFMutableArrayRef             subjCerts;            // passed to SecTrust
-    CFMutableArrayRef             certArray;            // returned array starting with
-                                                    //   identity
-    CFIndex                     numResCerts;
-    CFIndex                     dex;
-    OSStatus                     ortn;
-      SecCertificateRef             certRef;
-
-    /* First element in out array is the SecIdentity */
-    certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
-    CFArrayAppendValue(certArray, identity);
-
-    /* the single element in certs-to-be-evaluated comes from the identity */
-       ortn = SecIdentityCopyCertificate(identity, &certRef);
-    if(ortn) {
-        /* should never happen */
-        cssmPerror("SecIdentityCopyCertificate", ortn);
-        return ortn;
-    }
-
-    /*
-     * Now use SecTrust to get a complete cert c