changeset 29455:e451c01a5747

Merge
author aph
date Fri, 13 Mar 2015 12:44:58 +0000
parents e5e9478e2ddb c97e2d1bad97
children 6637277d28cc
files jdk/make/launcher/Launcher-jdk.runtime.gmk jdk/make/lib/Lib-jdk.runtime.gmk jdk/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSigner.java jdk/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSignerParameters.java jdk/src/jdk.dev/share/classes/com/sun/jarsigner/package-info.java jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Main.java jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources.java jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_ja.java jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/PolicyTool.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_de.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_es.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_fr.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_it.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_ja.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_ko.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_pt_BR.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_sv.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_CN.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_HK.java jdk/src/jdk.dev/share/classes/sun/security/tools/policytool/Resources_zh_TW.java jdk/src/jdk.dev/share/classes/sun/tools/jar/CommandLine.java jdk/src/jdk.dev/share/classes/sun/tools/jar/JarException.java jdk/src/jdk.dev/share/classes/sun/tools/jar/Main.java jdk/src/jdk.dev/share/classes/sun/tools/jar/Manifest.java jdk/src/jdk.dev/share/classes/sun/tools/jar/SignatureFile.java jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_de.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_es.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_fr.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_it.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_ja.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_ko.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_pt_BR.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_sv.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_zh_CN.properties jdk/src/jdk.dev/share/classes/sun/tools/jar/resources/jar_zh_TW.properties jdk/src/jdk.runtime/share/native/common-unpack/bands.cpp jdk/src/jdk.runtime/share/native/common-unpack/bands.h jdk/src/jdk.runtime/share/native/common-unpack/bytes.cpp jdk/src/jdk.runtime/share/native/common-unpack/bytes.h jdk/src/jdk.runtime/share/native/common-unpack/coding.cpp jdk/src/jdk.runtime/share/native/common-unpack/coding.h jdk/src/jdk.runtime/share/native/common-unpack/constants.h jdk/src/jdk.runtime/share/native/common-unpack/defines.h jdk/src/jdk.runtime/share/native/common-unpack/unpack.cpp jdk/src/jdk.runtime/share/native/common-unpack/unpack.h jdk/src/jdk.runtime/share/native/common-unpack/utils.cpp jdk/src/jdk.runtime/share/native/common-unpack/utils.h jdk/src/jdk.runtime/share/native/common-unpack/zip.cpp jdk/src/jdk.runtime/share/native/common-unpack/zip.h jdk/src/jdk.runtime/share/native/libunpack/jni.cpp jdk/src/jdk.runtime/share/native/unpack200/main.cpp jdk/src/jdk.runtime/windows/native/unpack200/unpack200_proto.exe.manifest langtools/test/com/sun/javadoc/testNonFrameWarning/TestNonFrameWarning.java langtools/test/com/sun/javadoc/testNonFrameWarning/pkg/C.java
diffstat 473 files changed, 47088 insertions(+), 25424 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -296,3 +296,4 @@
 6efe265424e3f1ea596408a1f71baf2de316c772 jdk9-b51
 d6224d6021459ac8b3832e822f5acc849fa944af jdk9-b52
 874d76e4699dfcd61ae1826c9fe0ddc1610ad598 jdk9-b53
+82cd31c5d6ca8d4c1653f4eb1c09eb2d9a3b2813 jdk9-b54
--- a/.hgtags-top-repo	Fri Mar 13 12:44:28 2015 +0000
+++ b/.hgtags-top-repo	Fri Mar 13 12:44:58 2015 +0000
@@ -296,3 +296,4 @@
 6207b4b8731ca75c51b031c47daa813ab92ef558 jdk9-b51
 1822e59f17121b09e7899cf338cfb6e37fe5fceb jdk9-b52
 d6ed47125a76cd1cf8a100568507bfb5e9669d9f jdk9-b53
+cb7367141e910e265b8344a8facee740bd1e5467 jdk9-b54
--- a/common/autoconf/configure.ac	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/autoconf/configure.ac	Fri Mar 13 12:44:58 2015 +0000
@@ -195,6 +195,7 @@
 
 # Setup debug symbols (need objcopy from the toolchain for that)
 JDKOPT_SETUP_DEBUG_SYMBOLS
+JDKOPT_SETUP_CODE_COVERAGE
 
 ###############################################################################
 #
--- a/common/autoconf/flags.m4	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/autoconf/flags.m4	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -478,6 +478,8 @@
       CFLAGS_JDKLIB_EXTRA="${CFLAGS_JDKLIB_EXTRA} -xregs=no%appl"
       CXXFLAGS_JDKLIB_EXTRA="${CXXFLAGS_JDKLIB_EXTRA} -xregs=no%appl"
     fi
+    CFLAGS_JDKLIB_EXTRA="${CFLAGS_JDKLIB_EXTRA} -errtags=yes -errfmt"
+    CXXFLAGS_JDKLIB_EXTRA="${CXXFLAGS_JDKLIB_EXTRA} -errtags=yes -errfmt"
   elif test "x$TOOLCHAIN_TYPE" = xxlc; then
     LDFLAGS_JDK="${LDFLAGS_JDK} -q64 -brtl -bnolibpath -liconv -bexpall"
     CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
@@ -529,7 +531,7 @@
   #    CXXFLAGS_JDK  - C++ Compiler flags
   #    COMMON_CCXXFLAGS_JDK - common to C and C++
   if test "x$TOOLCHAIN_TYPE" = xgcc; then
-    COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -Wall -Wno-parentheses -Wextra -Wno-unused -Wno-unused-parameter -Wformat=2 \
+    COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -Wall -Wextra -Wno-unused -Wno-unused-parameter -Wformat=2 \
         -pipe -D_GNU_SOURCE -D_REENTRANT -D_LARGEFILE64_SOURCE"
     case $OPENJDK_TARGET_CPU_ARCH in
       arm )
@@ -549,7 +551,6 @@
     COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -DTRACING -DMACRO_MEMSYS_OPS -DBREAKPTS"
     if test "x$OPENJDK_TARGET_CPU_ARCH" = xx86; then
       COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS_JDK -DcpuIntel -Di586 -D$OPENJDK_TARGET_CPU_LEGACY_LIB"
-      CFLAGS_JDK="$CFLAGS_JDK -erroff=E_BAD_PRAGMA_PACK_VALUE"
     fi
 
     CFLAGS_JDK="$CFLAGS_JDK -xc99=%none -xCC -errshort=tags -Xa -v -mt -W0,-noglobal"
@@ -676,7 +677,7 @@
 
   # The shared libraries are compiled using the picflag.
   CFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK $PICFLAG $CFLAGS_JDKLIB_EXTRA"
-  CXXFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA "
+  CXXFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA"
 
   # Executable flags
   CFLAGS_JDKEXE="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK"
@@ -687,6 +688,19 @@
   AC_SUBST(CXXFLAGS_JDKLIB)
   AC_SUBST(CXXFLAGS_JDKEXE)
 
+  # Flags for compiling test libraries
+  CFLAGS_TESTLIB="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK $PICFLAG $CFLAGS_JDKLIB_EXTRA"
+  CXXFLAGS_TESTLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA"
+
+  # Flags for compiling test executables
+  CFLAGS_TESTEXE="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK"
+  CXXFLAGS_TESTEXE="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK"
+
+  AC_SUBST(CFLAGS_TESTLIB)
+  AC_SUBST(CFLAGS_TESTEXE)
+  AC_SUBST(CXXFLAGS_TESTLIB)
+  AC_SUBST(CXXFLAGS_TESTEXE)
+
   # Setup LDFLAGS et al.
   #
 
@@ -800,6 +814,16 @@
   AC_SUBST(LDFLAGS_JDKLIB_SUFFIX)
   AC_SUBST(LDFLAGS_JDKEXE_SUFFIX)
   AC_SUBST(LDFLAGS_CXX_JDK)
+
+  LDFLAGS_TESTLIB="$LDFLAGS_JDKLIB"
+  LDFLAGS_TESTEXE="$LDFLAGS_JDKEXE"
+  LDFLAGS_TESTLIB_SUFFIX="$LDFLAGS_JDKLIB_SUFFIX"
+  LDFLAGS_TESTEXE_SUFFIX="$LDFLAGS_JDKEXE_SUFFIX"
+
+  AC_SUBST(LDFLAGS_TESTLIB)
+  AC_SUBST(LDFLAGS_TESTEXE)
+  AC_SUBST(LDFLAGS_TESTLIB_SUFFIX)
+  AC_SUBST(LDFLAGS_TESTEXE_SUFFIX)
 ])
 
 # FLAGS_COMPILER_CHECK_ARGUMENTS([ARGUMENT], [RUN-IF-TRUE],
@@ -883,17 +907,31 @@
 
   case "${TOOLCHAIN_TYPE}" in
     microsoft)
+      DISABLE_WARNING_PREFIX="-wd"
       CFLAGS_WARNINGS_ARE_ERRORS="-WX"
       ;;
     solstudio)
+      DISABLE_WARNING_PREFIX="-erroff="
       CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all"
       ;;
     gcc)
+      # Prior to gcc 4.4, a -Wno-X where X is unknown for that version of gcc will cause an error
+      FLAGS_COMPILER_CHECK_ARGUMENTS([-Wno-this-is-a-warning-that-do-not-exist],
+          [GCC_CAN_DISABLE_WARNINGS=true],
+          [GCC_CAN_DISABLE_WARNINGS=false]
+      )
+      if test "x$GCC_CAN_DISABLE_WARNINGS" = "xtrue"; then
+        DISABLE_WARNING_PREFIX="-Wno-"
+      else
+        DISABLE_WARNING_PREFIX=
+      fi
       CFLAGS_WARNINGS_ARE_ERRORS="-Werror"
       ;;
     clang)
+      DISABLE_WARNING_PREFIX="-Wno-"
       CFLAGS_WARNINGS_ARE_ERRORS="-Werror"
       ;;
   esac
+  AC_SUBST(DISABLE_WARNING_PREFIX)
   AC_SUBST(CFLAGS_WARNINGS_ARE_ERRORS)
 ])
--- a/common/autoconf/generated-configure.sh	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/autoconf/generated-configure.sh	Fri Mar 13 12:44:58 2015 +0000
@@ -680,16 +680,26 @@
 X_CFLAGS
 XMKMF
 FIXPATH
+GCOV_ENABLED
 ZIP_DEBUGINFO_FILES
 ENABLE_DEBUG_SYMBOLS
 CFLAGS_WARNINGS_ARE_ERRORS
+DISABLE_WARNING_PREFIX
 COMPILER_SUPPORTS_TARGET_BITS_FLAG
 ZERO_ARCHFLAG
+LDFLAGS_TESTEXE_SUFFIX
+LDFLAGS_TESTLIB_SUFFIX
+LDFLAGS_TESTEXE
+LDFLAGS_TESTLIB
 LDFLAGS_CXX_JDK
 LDFLAGS_JDKEXE_SUFFIX
 LDFLAGS_JDKLIB_SUFFIX
 LDFLAGS_JDKEXE
 LDFLAGS_JDKLIB
+CXXFLAGS_TESTEXE
+CXXFLAGS_TESTLIB
+CFLAGS_TESTEXE
+CFLAGS_TESTLIB
 CXXFLAGS_JDKEXE
 CXXFLAGS_JDKLIB
 CFLAGS_JDKEXE
@@ -1084,6 +1094,7 @@
 with_extra_ldflags
 enable_debug_symbols
 enable_zip_debug_info
+enable_native_coverage
 with_x
 with_cups
 with_cups_include
@@ -1852,6 +1863,9 @@
   --disable-debug-symbols disable generation of debug symbols [enabled]
   --disable-zip-debug-info
                           disable zipping of debug-info files [enabled]
+  --enable-native-coverage
+                          enable native compilation with code coverage
+                          data[disabled]
   --disable-freetype-bundling
                           disable bundling of the freetype library with the
                           build result [enabled on Windows or when using
@@ -3736,7 +3750,7 @@
 
 
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -3993,6 +4007,12 @@
 
 
 
+################################################################################
+#
+# Gcov coverage data for hotspot
+#
+
+
 #
 # Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
@@ -4348,7 +4368,7 @@
 #CUSTOM_AUTOCONF_INCLUDE
 
 # Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1425490712
+DATE_WHEN_GENERATED=1425994551
 
 ###############################################################################
 #
@@ -42349,6 +42369,8 @@
       CFLAGS_JDKLIB_EXTRA="${CFLAGS_JDKLIB_EXTRA} -xregs=no%appl"
       CXXFLAGS_JDKLIB_EXTRA="${CXXFLAGS_JDKLIB_EXTRA} -xregs=no%appl"
     fi
+    CFLAGS_JDKLIB_EXTRA="${CFLAGS_JDKLIB_EXTRA} -errtags=yes -errfmt"
+    CXXFLAGS_JDKLIB_EXTRA="${CXXFLAGS_JDKLIB_EXTRA} -errtags=yes -errfmt"
   elif test "x$TOOLCHAIN_TYPE" = xxlc; then
     LDFLAGS_JDK="${LDFLAGS_JDK} -q64 -brtl -bnolibpath -liconv -bexpall"
     CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt"
@@ -42415,7 +42437,7 @@
   #    CXXFLAGS_JDK  - C++ Compiler flags
   #    COMMON_CCXXFLAGS_JDK - common to C and C++
   if test "x$TOOLCHAIN_TYPE" = xgcc; then
-    COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -Wall -Wno-parentheses -Wextra -Wno-unused -Wno-unused-parameter -Wformat=2 \
+    COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -Wall -Wextra -Wno-unused -Wno-unused-parameter -Wformat=2 \
         -pipe -D_GNU_SOURCE -D_REENTRANT -D_LARGEFILE64_SOURCE"
     case $OPENJDK_TARGET_CPU_ARCH in
       arm )
@@ -42435,7 +42457,6 @@
     COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS $COMMON_CCXXFLAGS_JDK -DTRACING -DMACRO_MEMSYS_OPS -DBREAKPTS"
     if test "x$OPENJDK_TARGET_CPU_ARCH" = xx86; then
       COMMON_CCXXFLAGS_JDK="$COMMON_CCXXFLAGS_JDK -DcpuIntel -Di586 -D$OPENJDK_TARGET_CPU_LEGACY_LIB"
-      CFLAGS_JDK="$CFLAGS_JDK -erroff=E_BAD_PRAGMA_PACK_VALUE"
     fi
 
     CFLAGS_JDK="$CFLAGS_JDK -xc99=%none -xCC -errshort=tags -Xa -v -mt -W0,-noglobal"
@@ -42562,7 +42583,7 @@
 
   # The shared libraries are compiled using the picflag.
   CFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK $PICFLAG $CFLAGS_JDKLIB_EXTRA"
-  CXXFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA "
+  CXXFLAGS_JDKLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA"
 
   # Executable flags
   CFLAGS_JDKEXE="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK"
@@ -42573,6 +42594,19 @@
 
 
 
+  # Flags for compiling test libraries
+  CFLAGS_TESTLIB="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK $PICFLAG $CFLAGS_JDKLIB_EXTRA"
+  CXXFLAGS_TESTLIB="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK $PICFLAG $CXXFLAGS_JDKLIB_EXTRA"
+
+  # Flags for compiling test executables
+  CFLAGS_TESTEXE="$COMMON_CCXXFLAGS_JDK $CFLAGS_JDK"
+  CXXFLAGS_TESTEXE="$COMMON_CCXXFLAGS_JDK $CXXFLAGS_JDK"
+
+
+
+
+
+
   # Setup LDFLAGS et al.
   #
 
@@ -42687,6 +42721,16 @@
 
 
 
+  LDFLAGS_TESTLIB="$LDFLAGS_JDKLIB"
+  LDFLAGS_TESTEXE="$LDFLAGS_JDKEXE"
+  LDFLAGS_TESTLIB_SUFFIX="$LDFLAGS_JDKLIB_SUFFIX"
+  LDFLAGS_TESTEXE_SUFFIX="$LDFLAGS_JDKEXE_SUFFIX"
+
+
+
+
+
+
 
   # Some Zero and Shark settings.
   # ZERO_ARCHFLAG tells the compiler which mode to build for
@@ -42835,21 +42879,97 @@
 
   case "${TOOLCHAIN_TYPE}" in
     microsoft)
+      DISABLE_WARNING_PREFIX="-wd"
       CFLAGS_WARNINGS_ARE_ERRORS="-WX"
       ;;
     solstudio)
+      DISABLE_WARNING_PREFIX="-erroff="
       CFLAGS_WARNINGS_ARE_ERRORS="-errtags -errwarn=%all"
       ;;
     gcc)
+      # Prior to gcc 4.4, a -Wno-X where X is unknown for that version of gcc will cause an error
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler supports \"-Wno-this-is-a-warning-that-do-not-exist\"" >&5
+$as_echo_n "checking if compiler supports \"-Wno-this-is-a-warning-that-do-not-exist\"... " >&6; }
+  supports=yes
+
+  saved_cflags="$CFLAGS"
+  CFLAGS="$CFLAGS -Wno-this-is-a-warning-that-do-not-exist"
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int i;
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  supports=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+  CFLAGS="$saved_cflags"
+
+  saved_cxxflags="$CXXFLAGS"
+  CXXFLAGS="$CXXFLAG -Wno-this-is-a-warning-that-do-not-exist"
+  ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int i;
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  supports=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+  CXXFLAGS="$saved_cxxflags"
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $supports" >&5
+$as_echo "$supports" >&6; }
+  if test "x$supports" = "xyes" ; then
+    GCC_CAN_DISABLE_WARNINGS=true
+  else
+    GCC_CAN_DISABLE_WARNINGS=false
+
+  fi
+
+      if test "x$GCC_CAN_DISABLE_WARNINGS" = "xtrue"; then
+        DISABLE_WARNING_PREFIX="-Wno-"
+      else
+        DISABLE_WARNING_PREFIX=
+      fi
       CFLAGS_WARNINGS_ARE_ERRORS="-Werror"
       ;;
     clang)
+      DISABLE_WARNING_PREFIX="-Wno-"
       CFLAGS_WARNINGS_ARE_ERRORS="-Werror"
       ;;
   esac
 
 
 
+
 # Setup debug symbols (need objcopy from the toolchain for that)
 
   #
@@ -42915,6 +43035,45 @@
 
 
 
+  # Check whether --enable-native-coverage was given.
+if test "${enable_native_coverage+set}" = set; then :
+  enableval=$enable_native_coverage;
+fi
+
+  GCOV_ENABLED="false"
+  if test "x$enable_native_coverage" = "xyes"; then
+    if test "x$TOOLCHAIN_TYPE" = "xgcc"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking if native coverage is enabled" >&5
+$as_echo_n "checking if native coverage is enabled... " >&6; }
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+      GCOV_CFLAGS="-fprofile-arcs -ftest-coverage -fno-inline"
+      GCOV_LDFLAGS="-fprofile-arcs"
+      LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS $GCOV_CFLAGS"
+      LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS $GCOV_CFLAGS"
+      LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS $GCOV_LDFLAGS"
+      CFLAGS_JDKLIB="$CFLAGS_JDKLIB $GCOV_CFLAGS"
+      CFLAGS_JDKEXE="$CFLAGS_JDKEXE $GCOV_CFLAGS"
+      CXXFLAGS_JDKLIB="$CXXFLAGS_JDKLIB $GCOV_CFLAGS"
+      CXXFLAGS_JDKEXE="$CXXFLAGS_JDKEXE $GCOV_CFLAGS"
+      LDFLAGS_JDKLIB="$LDFLAGS_JDKLIB $GCOV_LDFLAGS"
+      LDFLAGS_JDKEXE="$LDFLAGS_JDKEXE $GCOV_LDFLAGS"
+      GCOV_ENABLED="true"
+    else
+      as_fn_error $? "--enable-native-coverage only works with toolchain type gcc" "$LINENO" 5
+    fi
+  elif test "x$enable_native_coverage" = "xno"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if native coverage is enabled" >&5
+$as_echo_n "checking if native coverage is enabled... " >&6; }
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  elif test "x$enable_native_coverage" != "x"; then
+    as_fn_error $? "--enable-native-coverage can only be assigned \"yes\" or \"no\"" "$LINENO" 5
+  fi
+
+
+
+
 ###############################################################################
 #
 # Check dependencies for external and internal libraries.
--- a/common/autoconf/jdk-options.m4	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/autoconf/jdk-options.m4	Fri Mar 13 12:44:58 2015 +0000
@@ -640,3 +640,41 @@
   AC_SUBST(ENABLE_DEBUG_SYMBOLS)
   AC_SUBST(ZIP_DEBUGINFO_FILES)
 ])
+
+################################################################################
+#
+# Gcov coverage data for hotspot
+#
+AC_DEFUN_ONCE([JDKOPT_SETUP_CODE_COVERAGE],
+[
+  AC_ARG_ENABLE(native-coverage, [AS_HELP_STRING([--enable-native-coverage],
+      [enable native compilation with code coverage data@<:@disabled@:>@])])
+  GCOV_ENABLED="false"
+  if test "x$enable_native_coverage" = "xyes"; then
+    if test "x$TOOLCHAIN_TYPE" = "xgcc"; then
+      AC_MSG_CHECKING([if native coverage is enabled])
+      AC_MSG_RESULT([yes])
+      GCOV_CFLAGS="-fprofile-arcs -ftest-coverage -fno-inline"
+      GCOV_LDFLAGS="-fprofile-arcs"
+      LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS $GCOV_CFLAGS"
+      LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS $GCOV_CFLAGS"
+      LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS $GCOV_LDFLAGS"
+      CFLAGS_JDKLIB="$CFLAGS_JDKLIB $GCOV_CFLAGS"
+      CFLAGS_JDKEXE="$CFLAGS_JDKEXE $GCOV_CFLAGS"
+      CXXFLAGS_JDKLIB="$CXXFLAGS_JDKLIB $GCOV_CFLAGS"
+      CXXFLAGS_JDKEXE="$CXXFLAGS_JDKEXE $GCOV_CFLAGS"
+      LDFLAGS_JDKLIB="$LDFLAGS_JDKLIB $GCOV_LDFLAGS"
+      LDFLAGS_JDKEXE="$LDFLAGS_JDKEXE $GCOV_LDFLAGS"
+      GCOV_ENABLED="true"
+    else
+      AC_MSG_ERROR([--enable-native-coverage only works with toolchain type gcc])
+    fi
+  elif test "x$enable_native_coverage" = "xno"; then
+    AC_MSG_CHECKING([if native coverage is enabled])
+    AC_MSG_RESULT([no])
+  elif test "x$enable_native_coverage" != "x"; then
+    AC_MSG_ERROR([--enable-native-coverage can only be assigned "yes" or "no"])
+  fi
+
+  AC_SUBST(GCOV_ENABLED)
+])
--- a/common/autoconf/spec.gmk.in	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/autoconf/spec.gmk.in	Fri Mar 13 12:44:58 2015 +0000
@@ -292,6 +292,8 @@
 # Enable RMIConnector IIOP transport
 RMICONNECTOR_IIOP=@RMICONNECTOR_IIOP@
 
+GCOV_ENABLED=@GCOV_ENABLED@
+
 # Necessary additional compiler flags to compile X11
 X_CFLAGS:=@X_CFLAGS@
 X_LIBS:=@X_LIBS@
@@ -324,6 +326,7 @@
 C_FLAG_DEPS:=@C_FLAG_DEPS@
 CXX_FLAG_DEPS:=@CXX_FLAG_DEPS@
 
+DISABLE_WARNING_PREFIX := @DISABLE_WARNING_PREFIX@
 CFLAGS_WARNINGS_ARE_ERRORS:=@CFLAGS_WARNINGS_ARE_ERRORS@
 
 CFLAGS_CCACHE:=@CFLAGS_CCACHE@
@@ -379,6 +382,16 @@
 # Sometimes a different linker is needed for c++ executables
 LDEXECXX:=@FIXPATH@ @LDEXECXX@
 
+# Compiler and linker flags used when building native tests
+CFLAGS_TESTLIB:=@CFLAGS_TESTLIB@
+CXXFLAGS_TESTLIB:=@CXXFLAGS_TESTLIB@
+CFLAGS_TESTEXE:=@CFLAGS_TESTEXE@
+CXXFLAGS_TESTEXE:=@CXXFLAGS_TESTEXE@
+LDFLAGS_TESTLIB:=@LDFLAGS_TESTLIB@
+LDFLAGS_TESTLIB_SUFFIX:=@LDFLAGS_TESTLIB_SUFFIX@
+LDFLAGS_TESTEXE:=@LDFLAGS_TESTEXE@
+LDFLAGS_TESTEXE_SUFFIX:=@LDFLAGS_TESTEXE_SUFFIX@
+
 # BUILD_CC/BUILD_LD is a compiler/linker that generates code that is runnable on the
 # build platform.
 BUILD_CC:=@FIXPATH@ @BUILD_CC@
@@ -701,6 +714,10 @@
 TEST_IMAGE_SUBDIR:=test
 TEST_IMAGE_DIR=$(IMAGES_OUTPUTDIR)/$(TEST_IMAGE_SUBDIR)
 
+# Symbols image
+SYMBOLS_IMAGE_SUBDIR:=symbols
+SYMBOLS_IMAGE_DIR=$(IMAGES_OUTPUTDIR)/$(SYMBOLS_IMAGE_SUBDIR)
+
 # Macosx bundles directory definitions
 JDK_BUNDLE_SUBDIR=jdk-bundle/jdk$(JDK_VERSION).jdk/Contents
 JRE_BUNDLE_SUBDIR=jre-bundle/jre$(JDK_VERSION).jre/Contents
--- a/common/bin/hgforest.sh	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/bin/hgforest.sh	Fri Mar 13 12:44:58 2015 +0000
@@ -26,6 +26,9 @@
 
 usage() {
       echo "usage: $0 [-h|--help] [-q|--quiet] [-v|--verbose] [-s|--sequential] [--] <command> [commands...]" > ${status_output}
+      echo "command format : mercurial-command [ "jdk" ] [ extra-url ]"
+      echo "command option: jdk : used only with clone command to request just the extra repos for JDK-only builds"
+      echo "command option : extra-url : server hosting the extra repositories"
       echo "Environment variables which modify behaviour:"
       echo "   HGFOREST_QUIET      : (boolean) If 'true' then standard output is redirected to /dev/null"
       echo "   HGFOREST_VERBOSE    : (boolean) If 'true' then Mercurial asked to produce verbose output"
@@ -179,7 +182,8 @@
 trap 'nice_exit' EXIT
 
 subrepos="corba jaxp jaxws langtools jdk hotspot nashorn"
-subrepos_extra="closed jdk/src/closed jdk/make/closed jdk/test/closed hotspot/make/closed hotspot/src/closed hotspot/test/closed deploy install sponsors pubs"
+jdk_subrepos_extra="closed jdk/src/closed jdk/make/closed jdk/test/closed hotspot/make/closed hotspot/src/closed hotspot/test/closed"
+subrepos_extra="$jdk_subrepos_extra deploy install sponsors pubs"
 
 # Only look in specific locations for possible forests (avoids long searches)
 pull_default=""
@@ -209,6 +213,11 @@
   pull_default_tail=`echo ${pull_default} | sed -e 's@^.*://[^/]*/\(.*\)@\1@'`
 
   if [ $# -gt 0 ] ; then
+    if [ "x${1}" = "xjdk" ] ; then
+       subrepos_extra=$jdk_subrepos_extra
+       echo "subrepos being cloned are $subrepos_extra"
+       shift
+    fi
     # if there is an "extra sources" path then reparent "extra" repos to that path
     if [ "x${pull_default}" = "x${pull_default_tail}" ] ; then
       echo "ERROR: Need initial clone from non-local source" > ${status_output}
--- a/common/bin/unshuffle_list.txt	Fri Mar 13 12:44:28 2015 +0000
+++ b/common/bin/unshuffle_list.txt	Fri Mar 13 12:44:58 2015 +0000
@@ -1299,15 +1299,14 @@
 jdk/src/jdk.deploy.osx/macosx/native/libosx/Dispatch.m : jdk/src/macosx/native/com/apple/concurrent/Dispatch.m
 jdk/src/jdk.deploy.osx/macosx/native/libosx/JavaAppLauncher.m : jdk/src/macosx/native/apple/launcher/JavaAppLauncher.m
 jdk/src/jdk.deploy.osx/macosx/native/libosx/KeystoreImpl.m : jdk/src/macosx/native/apple/security/KeystoreImpl.m
-jdk/src/jdk.dev/share/classes/com/sun/jarsigner : jdk/src/share/classes/com/sun/jarsigner
 jdk/src/jdk.dev/share/classes/com/sun/tools/hat : jdk/src/share/classes/com/sun/tools/hat
-jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner : jdk/src/share/classes/sun/security/tools/jarsigner
-jdk/src/jdk.dev/share/classes/sun/security/tools/policytool : jdk/src/share/classes/sun/security/tools/policytool
-jdk/src/jdk.dev/share/classes/sun/tools/jar : jdk/src/share/classes/sun/tools/jar
 jdk/src/jdk.dev/share/classes/sun/tools/native2ascii : jdk/src/share/classes/sun/tools/native2ascii
 jdk/src/jdk.hprof.agent/share/classes/com/sun/demo/jvmti/hprof : jdk/src/share/classes/com/sun/demo/jvmti/hprof
 jdk/src/jdk.httpserver/share/classes/com/sun/net/httpserver : jdk/src/share/classes/com/sun/net/httpserver
 jdk/src/jdk.httpserver/share/classes/sun/net/httpserver : jdk/src/share/classes/sun/net/httpserver
+jdk/src/jdk.jartool/share/classes/com/sun/jarsigner : jdk/src/share/classes/com/sun/jarsigner
+jdk/src/jdk.jartool/share/classes/sun/security/tools/jarsigner : jdk/src/share/classes/sun/security/tools/jarsigner
+jdk/src/jdk.jartool/share/classes/sun/tools/jar : jdk/src/share/classes/sun/tools/jar
 jdk/src/jdk.jcmd/share/classes/sun/tools/jcmd : jdk/src/share/classes/sun/tools/jcmd
 jdk/src/jdk.jcmd/share/classes/sun/tools/jinfo : jdk/src/share/classes/sun/tools/jinfo
 jdk/src/jdk.jcmd/share/classes/sun/tools/jmap : jdk/src/share/classes/sun/tools/jmap
@@ -1433,6 +1432,27 @@
 jdk/src/jdk.naming.dns/share/classes/sun/net/spi/nameservice/dns : jdk/src/share/classes/sun/net/spi/nameservice/dns
 jdk/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry : jdk/src/share/classes/com/sun/jndi/rmi/registry
 jdk/src/jdk.naming.rmi/share/classes/com/sun/jndi/url/rmi : jdk/src/share/classes/com/sun/jndi/url/rmi
+jdk/src/jdk.pack200/share/native/common-unpack/bands.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/bands.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/bands.h : jdk/src/share/native/com/sun/java/util/jar/pack/bands.h
+jdk/src/jdk.pack200/share/native/common-unpack/bytes.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/bytes.h : jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
+jdk/src/jdk.pack200/share/native/common-unpack/coding.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/coding.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/coding.h : jdk/src/share/native/com/sun/java/util/jar/pack/coding.h
+jdk/src/jdk.pack200/share/native/common-unpack/constants.h : jdk/src/share/native/com/sun/java/util/jar/pack/constants.h
+jdk/src/jdk.pack200/share/native/common-unpack/defines.h : jdk/src/share/native/com/sun/java/util/jar/pack/defines.h
+jdk/src/jdk.pack200/share/native/common-unpack/unpack.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/unpack.h : jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
+jdk/src/jdk.pack200/share/native/common-unpack/utils.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/utils.h : jdk/src/share/native/com/sun/java/util/jar/pack/utils.h
+jdk/src/jdk.pack200/share/native/common-unpack/zip.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
+jdk/src/jdk.pack200/share/native/common-unpack/zip.h : jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
+jdk/src/jdk.pack200/share/native/libjsdt : jdk/src/share/native/sun/tracing/dtrace
+jdk/src/jdk.pack200/share/native/libunpack/jni.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+jdk/src/jdk.pack200/share/native/unpack200/main.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
+jdk/src/jdk.pack200/unix/native/libjsdt/jvm_symbols_md.c : jdk/src/solaris/native/sun/tracing/dtrace/jvm_symbols_md.c
+jdk/src/jdk.pack200/windows/native/libjsdt/jvm_symbols_md.c : jdk/src/windows/native/sun/tracing/dtrace/jvm_symbols_md.c
+jdk/src/jdk.pack200/windows/native/unpack200/unpack200_proto.exe.manifest : jdk/src/windows/resource/unpack200_proto.exe.manifest
+jdk/src/jdk.policytool/share/classes/sun/security/tools/policytool : jdk/src/share/classes/sun/security/tools/policytool
 jdk/src/jdk.rmic/share/classes/sun/rmi/rmic : jdk/src/share/classes/sun/rmi/rmic
 jdk/src/jdk.rmic/share/classes/sun/rmi/rmic/newrmic : jdk/src/share/classes/sun/rmi/rmic/newrmic
 jdk/src/jdk.rmic/share/classes/sun/rmi/rmic/newrmic/jrmp : jdk/src/share/classes/sun/rmi/rmic/newrmic/jrmp
@@ -1442,28 +1462,6 @@
 jdk/src/jdk.rmic/share/classes/sun/tools/java : jdk/src/share/classes/sun/tools/java
 jdk/src/jdk.rmic/share/classes/sun/tools/tree : jdk/src/share/classes/sun/tools/tree
 jdk/src/jdk.rmic/share/classes/sun/tools/util : jdk/src/share/classes/sun/tools/util
-jdk/src/jdk.runtime/share/classes/com/sun/tracing : jdk/src/share/classes/com/sun/tracing
-jdk/src/jdk.runtime/share/classes/sun/tracing : jdk/src/share/classes/sun/tracing
-jdk/src/jdk.runtime/share/native/common-unpack/bands.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/bands.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/bands.h : jdk/src/share/native/com/sun/java/util/jar/pack/bands.h
-jdk/src/jdk.runtime/share/native/common-unpack/bytes.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/bytes.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/bytes.h : jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
-jdk/src/jdk.runtime/share/native/common-unpack/coding.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/coding.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/coding.h : jdk/src/share/native/com/sun/java/util/jar/pack/coding.h
-jdk/src/jdk.runtime/share/native/common-unpack/constants.h : jdk/src/share/native/com/sun/java/util/jar/pack/constants.h
-jdk/src/jdk.runtime/share/native/common-unpack/defines.h : jdk/src/share/native/com/sun/java/util/jar/pack/defines.h
-jdk/src/jdk.runtime/share/native/common-unpack/unpack.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/unpack.h : jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
-jdk/src/jdk.runtime/share/native/common-unpack/utils.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/utils.h : jdk/src/share/native/com/sun/java/util/jar/pack/utils.h
-jdk/src/jdk.runtime/share/native/common-unpack/zip.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
-jdk/src/jdk.runtime/share/native/common-unpack/zip.h : jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
-jdk/src/jdk.runtime/share/native/libjsdt : jdk/src/share/native/sun/tracing/dtrace
-jdk/src/jdk.runtime/share/native/libunpack/jni.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
-jdk/src/jdk.runtime/share/native/unpack200/main.cpp : jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
-jdk/src/jdk.runtime/unix/native/libjsdt/jvm_symbols_md.c : jdk/src/solaris/native/sun/tracing/dtrace/jvm_symbols_md.c
-jdk/src/jdk.runtime/windows/native/libjsdt/jvm_symbols_md.c : jdk/src/windows/native/sun/tracing/dtrace/jvm_symbols_md.c
-jdk/src/jdk.runtime/windows/native/unpack200/unpack200_proto.exe.manifest : jdk/src/windows/resource/unpack200_proto.exe.manifest
 jdk/src/jdk.sctp/macosx/classes/sun/nio/ch/sctp : jdk/src/macosx/classes/sun/nio/ch/sctp
 jdk/src/jdk.sctp/share/classes/com/sun/nio/sctp : jdk/src/share/classes/com/sun/nio/sctp
 jdk/src/jdk.sctp/share/classes/sun/nio/ch/sctp : jdk/src/share/classes/sun/nio/ch/sctp
--- a/corba/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/corba/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -296,3 +296,4 @@
 2309c02386d1fa4ced5051873ffb9e04874f7a44 jdk9-b51
 b8538bbb6f224ab1dabba579137099c166ad4724 jdk9-b52
 aadc16ca5ab7d56f92ef9dbfa443595a939241b4 jdk9-b53
+d469c5ad0c763e325a78e0af3016878a57dfc5cc jdk9-b54
--- a/hotspot/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/hotspot/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -456,3 +456,4 @@
 403b9cbadb04d3d1201823591cf931dc93b38e3a jdk9-b51
 9fb7fdc554db5be5c5b10f88f529ec3b870c44e3 jdk9-b52
 effd5ef0c3eb4bb85aa975c489d6761dbf13ad6a jdk9-b53
+c3b117fa5bdedfafd9ed236403e6d406911195b1 jdk9-b54
--- a/jaxp/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -296,3 +296,4 @@
 7cb3674cbd8c06222851444285bb66b2952a2a5c jdk9-b51
 57b26c883d54f45912bc3885ccad3c6b80960b1f jdk9-b52
 d5b5a010a16688f188f5a9247ed873f5100b530c jdk9-b53
+542c0c855ad467624cbedf11bff08e44b86b068d jdk9-b54
--- a/jaxp/src/java.xml/share/classes/javax/xml/XMLConstants.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/XMLConstants.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -247,9 +247,11 @@
          * </p>
          *
          * <p>
-         * <b>${JAVA_HOME}/conf/jaxp.properties:</b> This configuration file is in standard
-         * {@link java.util.Properties} format. If the file exists and the system property is specified,
-         * its value will be used to override the default of the property.
+         * <b>jaxp.properties:</b> This configuration file is in standard
+         * {@link java.util.Properties} format and typically located in the {@code conf}
+         * directory of the Java installation. If the file exists and the system
+         * property is specified, its value will be used to override the default
+         * of the property.
          * </p>
          *
          * <p>
@@ -314,9 +316,11 @@
          * </p>
          *
          * <p>
-         * <b>${JAVA_HOME}/conf/jaxp.properties:</b> This configuration file is in standard
-         * java.util.Properties format. If the file exists and the system property is specified,
-         * its value will be used to override the default of the property.
+         * <b>jaxp.properties:</b> This configuration file is in standard
+         * {@link java.util.Properties} format and typically located in the {@code conf}
+         * directory of the Java installation. If the file exists and the system
+         * property is specified, its value will be used to override the default
+         * of the property.
          *
          * @since 1.7
          * </p>
@@ -380,9 +384,11 @@
          * </p>
          *
          * <p>
-         * <b>${JAVA_HOME}/conf/jaxp.properties: </b> This configuration file is in standard
-         * java.util.Properties format. If the file exists and the system property is specified,
-         * its value will be used to override the default of the property.
+         * <b>jaxp.properties:</b> This configuration file is in standard
+         * {@link java.util.Properties} format and typically located in the {@code conf}
+         * directory of the Java installation. If the file exists and the system
+         * property is specified, its value will be used to override the default
+         * of the property.
          *
          * @since 1.7
          */
--- a/jaxp/src/java.xml/share/classes/javax/xml/datatype/DatatypeFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/datatype/DatatypeFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,23 +32,34 @@
 import java.util.regex.Pattern;
 
 /**
- * <p>Factory that creates new <code>javax.xml.datatype</code> <code>Object</code>s that map XML to/from Java <code>Object</code>s.</p>
- *
- * <p>A new instance of the <code>DatatypeFactory</code> is created through the {@link #newInstance()} method
- * that uses the following implementation resolution mechanisms to determine an implementation:</p>
+ * Factory that creates new <code>javax.xml.datatype</code> <code>Object</code>s that map XML to/from Java <code>Object</code>s.
+ * <p>
+ * A new instance of the {@code DatatypeFactory} is created through the {@link #newInstance()} method
+ * that uses the following implementation resolution mechanisms to determine an implementation:
+ * <p>
  * <ol>
  *    <li>
- *      If the system property specified by {@link #DATATYPEFACTORY_PROPERTY}, "<code>javax.xml.datatype.DatatypeFactory</code>",
+ *      If the system property specified by {@link #DATATYPEFACTORY_PROPERTY}, "{@code javax.xml.datatype.DatatypeFactory}",
  *      exists, a class with the name of the property value is instantiated.
  *      Any Exception thrown during the instantiation process is wrapped as a {@link DatatypeConfigurationException}.
  *    </li>
  *    <li>
- *      If the file ${JAVA_HOME}/conf/jaxp.properties exists, it is loaded in a {@link java.util.Properties} <code>Object</code>.
- *      The <code>Properties</code> <code>Object </code> is then queried for the property as documented in the prior step
- *      and processed as documented in the prior step.
+ *      <p>
+ *      Use the configuration file "jaxp.properties". The file is in standard
+ *      {@link java.util.Properties} format and typically located in the
+ *      {@code conf} directory of the Java installation. It contains the fully qualified
+ *      name of the implementation class with the key being the system property
+ *      defined above.
+ *      <p>
+ *      The jaxp.properties file is read only once by the JAXP implementation
+ *      and its values are then cached for future use.  If the file does not exist
+ *      when the first attempt is made to read from it, no further attempts are
+ *      made to check for its existence.  It is not possible to change the value
+ *      of any property in jaxp.properties after it has been read for the first time.
  *    </li>
  *    <li>
- *     Uses the service-provider loading facilities, defined by the {@link java.util.ServiceLoader} class, to attempt
+ *     <p>
+ *     Use the service-provider loading facility, defined by the {@link java.util.ServiceLoader} class, to attempt
  *     to locate and load an implementation of the service using the {@linkplain
  *     java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
  *     the service-provider loading facility will use the {@linkplain
@@ -56,13 +67,14 @@
  *     to attempt to load the service. If the context class
  *     loader is null, the {@linkplain
  *     ClassLoader#getSystemClassLoader() system class loader} will be used.
- *     <br>
+ *     <p>
  *     In case of {@link java.util.ServiceConfigurationError service
- *     configuration error} a {@link javax.xml.datatype.DatatypeConfigurationException}
+ *     configuration error}, a {@link javax.xml.datatype.DatatypeConfigurationException}
  *     will be thrown.
  *    </li>
  *    <li>
- *      The final mechanism is to attempt to instantiate the <code>Class</code> specified by
+ *      <p>
+ *      The final mechanism is to attempt to instantiate the {@code Class} specified by
  *      {@link #DATATYPEFACTORY_IMPLEMENTATION_CLASS}.
  *      Any Exception thrown during the instantiation process is wrapped as a {@link DatatypeConfigurationException}.
  *    </li>
@@ -79,7 +91,7 @@
     /**
      * <p>Default property name as defined in JSR 206: Java(TM) API for XML Processing (JAXP) 1.3.</p>
      *
-     * <p>Default value is <code>javax.xml.datatype.DatatypeFactory</code>.</p>
+     * <p>Default value is {@code javax.xml.datatype.DatatypeFactory}.</p>
      */
     public static final String DATATYPEFACTORY_PROPERTY =
             // We use a String constant here, rather than calling
@@ -120,18 +132,18 @@
     /**
      * <p>Protected constructor to prevent instantiation outside of package.</p>
      *
-     * <p>Use {@link #newInstance()} to create a <code>DatatypeFactory</code>.</p>
+     * <p>Use {@link #newInstance()} to create a {@code DatatypeFactory}.</p>
      */
     protected DatatypeFactory() {
     }
 
     /**
-     * <p>Obtain a new instance of a <code>DatatypeFactory</code>.</p>
+     * <p>Obtain a new instance of a {@code DatatypeFactory}.</p>
      *
      * <p>The implementation resolution mechanisms are <a href="#DatatypeFactory.newInstance">defined</a> in this
      * <code>Class</code>'s documentation.</p>
      *
-     * @return New instance of a <code>DatatypeFactory</code>
+     * @return New instance of a {@code DatatypeFactory}
      *
      * @throws DatatypeConfigurationException If the implementation is not
      *   available or cannot be instantiated.
@@ -149,12 +161,12 @@
     }
 
     /**
-     * <p>Obtain a new instance of a <code>DatatypeFactory</code> from class name.
+     * <p>Obtain a new instance of a {@code DatatypeFactory} from class name.
      * This function is useful when there are multiple providers in the classpath.
      * It gives more control to the application as it can specify which provider
      * should be loaded.</p>
      *
-     * <p>Once an application has obtained a reference to a <code>DatatypeFactory</code>
+     * <p>Once an application has obtained a reference to a {@code DatatypeFactory}
      * it can use the factory to configure and obtain datatype instances.</P>
      *
      *
@@ -168,12 +180,12 @@
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
      *
-     * @param factoryClassName fully qualified factory class name that provides implementation of <code>javax.xml.datatype.DatatypeFactory</code>.
+     * @param factoryClassName fully qualified factory class name that provides implementation of {@code javax.xml.datatype.DatatypeFactory}.
      *
      * @param classLoader <code>ClassLoader</code> used to load the factory class. If <code>null</code>
      *                     current <code>Thread</code>'s context classLoader is used to load the factory class.
      *
-     * @return New instance of a <code>DatatypeFactory</code>
+     * @return New instance of a {@code DatatypeFactory}
      *
      * @throws DatatypeConfigurationException if <code>factoryClassName</code> is <code>null</code>, or
      *                                   the factory class cannot be loaded, instantiated.
--- a/jaxp/src/java.xml/share/classes/javax/xml/parsers/DocumentBuilderFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/parsers/DocumentBuilderFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,31 +55,34 @@
 
     /**
      * Obtain a new instance of a
-     * <code>DocumentBuilderFactory</code>. This static method creates
+     * {@code DocumentBuilderFactory}. This static method creates
      * a new factory instance.
      * This method uses the following ordered lookup procedure to determine
-     * the <code>DocumentBuilderFactory</code> implementation class to
+     * the {@code DocumentBuilderFactory} implementation class to
      * load:
+     * <p>
      * <ul>
      * <li>
-     * Use the <code>javax.xml.parsers.DocumentBuilderFactory</code> system
+     * Use the {@code javax.xml.parsers.DocumentBuilderFactory} system
      * property.
      * </li>
      * <li>
-     * Use the properties file "conf/jaxp.properties" in the JRE directory.
-     * This configuration file is in standard <code>java.util.Properties
-     * </code> format and contains the fully qualified name of the
-     * implementation class with the key being the system property defined
-     * above.
-     *
+     * <p>
+     * Use the configuration file "jaxp.properties". The file is in standard
+     * {@link java.util.Properties} format and typically located in the
+     * {@code conf} directory of the Java installation. It contains the fully qualified
+     * name of the implementation class with the key being the system property
+     * defined above.
+     * <p>
      * The jaxp.properties file is read only once by the JAXP implementation
-     * and it's values are then cached for future use.  If the file does not exist
+     * and its values are then cached for future use.  If the file does not exist
      * when the first attempt is made to read from it, no further attempts are
      * made to check for its existence.  It is not possible to change the value
      * of any property in jaxp.properties after it has been read for the first time.
      * </li>
      * <li>
-     * Uses the service-provider loading facilities, defined by the
+     * <p>
+     * Use the service-provider loading facility, defined by the
      * {@link java.util.ServiceLoader} class, to attempt to locate and load an
      * implementation of the service using the {@linkplain
      * java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -90,26 +93,30 @@
      * ClassLoader#getSystemClassLoader() system class loader} will be used.
      * </li>
      * <li>
+     * <p>
      * Otherwise, the system-default implementation is returned.
      * </li>
      * </ul>
      *
+     * <p>
      * Once an application has obtained a reference to a
-     * <code>DocumentBuilderFactory</code> it can use the factory to
+     * {@code DocumentBuilderFactory} it can use the factory to
      * configure and obtain parser instances.
      *
      *
      * <h2>Tip for Trouble-shooting</h2>
-     * <p>Setting the <code>jaxp.debug</code> system property will cause
+     * <p>
+     * Setting the {@code jaxp.debug} system property will cause
      * this method to print a lot of debug messages
-     * to <code>System.err</code> about what it is doing and where it is looking at.</p>
+     * to {@code System.err} about what it is doing and where it is looking at.
      *
-     * <p> If you have problems loading {@link DocumentBuilder}s, try:</p>
+     * <p>
+     * If you have problems loading {@link DocumentBuilder}s, try:
      * <pre>
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
      *
-     * @return New instance of a <code>DocumentBuilderFactory</code>
+     * @return New instance of a {@code DocumentBuilderFactory}
      *
      * @throws FactoryConfigurationError in case of {@linkplain
      * java.util.ServiceConfigurationError service configuration error} or if
@@ -124,31 +131,31 @@
     }
 
     /**
-     * <p>Obtain a new instance of a <code>DocumentBuilderFactory</code> from class name.
+     * <p>Obtain a new instance of a {@code DocumentBuilderFactory} from class name.
      * This function is useful when there are multiple providers in the classpath.
      * It gives more control to the application as it can specify which provider
-     * should be loaded.</p>
+     * should be loaded.
      *
-     * <p>Once an application has obtained a reference to a <code>DocumentBuilderFactory</code>
-     * it can use the factory to configure and obtain parser instances.</p>
+     * <p>Once an application has obtained a reference to a {@code DocumentBuilderFactory}
+     * it can use the factory to configure and obtain parser instances.
      *
      *
      * <h2>Tip for Trouble-shooting</h2>
-     * <p>Setting the <code>jaxp.debug</code> system property will cause
+     * <p>Setting the {@code jaxp.debug} system property will cause
      * this method to print a lot of debug messages
-     * to <code>System.err</code> about what it is doing and where it is looking at.</p>
+     * to {@code System.err} about what it is doing and where it is looking at.</p>
      *
      * <p> If you have problems try:</p>
      * <pre>
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
      *
-     * @param factoryClassName fully qualified factory class name that provides implementation of <code>javax.xml.parsers.DocumentBuilderFactory</code>.
+     * @param factoryClassName fully qualified factory class name that provides implementation of {@code javax.xml.parsers.DocumentBuilderFactory}.
      *
      * @param classLoader <code>ClassLoader</code> used to load the factory class. If <code>null</code>
      *                     current <code>Thread</code>'s context classLoader is used to load the factory class.
      *
-     * @return New instance of a <code>DocumentBuilderFactory</code>
+     * @return New instance of a {@code DocumentBuilderFactory}
      *
      * @throws FactoryConfigurationError if <code>factoryClassName</code> is <code>null</code>, or
      *                                   the factory class cannot be loaded, instantiated.
@@ -406,14 +413,14 @@
                 throws IllegalArgumentException;
 
     /**
-     * <p>Set a feature for this <code>DocumentBuilderFactory</code> and <code>DocumentBuilder</code>s created by this factory.</p>
+     * <p>Set a feature for this {@code DocumentBuilderFactory} and <code>DocumentBuilder</code>s created by this factory.</p>
      *
      * <p>
      * Feature names are fully qualified {@link java.net.URI}s.
      * Implementations may define their own features.
-     * A {@link ParserConfigurationException} is thrown if this <code>DocumentBuilderFactory</code> or the
+     * A {@link ParserConfigurationException} is thrown if this {@code DocumentBuilderFactory} or the
      * <code>DocumentBuilder</code>s it creates cannot support the feature.
-     * It is possible for a <code>DocumentBuilderFactory</code> to expose a feature value but be unable to change its state.
+     * It is possible for a {@code DocumentBuilderFactory} to expose a feature value but be unable to change its state.
      * </p>
      *
      * <p>
@@ -436,7 +443,7 @@
      * @param name Feature name.
      * @param value Is feature state <code>true</code> or <code>false</code>.
      *
-     * @throws ParserConfigurationException if this <code>DocumentBuilderFactory</code> or the <code>DocumentBuilder</code>s
+     * @throws ParserConfigurationException if this {@code DocumentBuilderFactory} or the <code>DocumentBuilder</code>s
      *   it creates cannot support this feature.
      * @throws NullPointerException If the <code>name</code> parameter is null.
      * @since 1.5
@@ -450,16 +457,16 @@
      * <p>
      * Feature names are fully qualified {@link java.net.URI}s.
      * Implementations may define their own features.
-     * An {@link ParserConfigurationException} is thrown if this <code>DocumentBuilderFactory</code> or the
+     * An {@link ParserConfigurationException} is thrown if this {@code DocumentBuilderFactory} or the
      * <code>DocumentBuilder</code>s it creates cannot support the feature.
-     * It is possible for an <code>DocumentBuilderFactory</code> to expose a feature value but be unable to change its state.
+     * It is possible for an {@code DocumentBuilderFactory} to expose a feature value but be unable to change its state.
      * </p>
      *
      * @param name Feature name.
      *
      * @return State of the named feature.
      *
-     * @throws ParserConfigurationException if this <code>DocumentBuilderFactory</code>
+     * @throws ParserConfigurationException if this {@code DocumentBuilderFactory}
      *   or the <code>DocumentBuilder</code>s it creates cannot support this feature.
      * @since 1.5
      */
--- a/jaxp/src/java.xml/share/classes/javax/xml/parsers/SAXParserFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/parsers/SAXParserFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,34 @@
     }
 
     /**
-     * Obtain a new instance of a <code>SAXParserFactory</code>. This
+     * Obtain a new instance of a {@code SAXParserFactory}. This
      * static method creates a new factory instance
      * This method uses the following ordered lookup procedure to determine
-     * the <code>SAXParserFactory</code> implementation class to
+     * the {@code SAXParserFactory} implementation class to
      * load:
+     * <p>
      * <ul>
      * <li>
-     * Use the <code>javax.xml.parsers.SAXParserFactory</code> system
+     * Use the {@code javax.xml.parsers.SAXParserFactory} system
      * property.
      * </li>
      * <li>
-     * Use the properties file "conf/jaxp.properties" in the JRE directory.
-     * This configuration file is in standard <code>java.util.Properties
-     * </code> format and contains the fully qualified name of the
-     * implementation class with the key being the system property defined
-     * above.
-     *
+     * <p>
+     * Use the configuration file "jaxp.properties". The file is in standard
+     * {@link java.util.Properties} format and typically located in the
+     * {@code conf} directory of the Java installation. It contains the fully qualified
+     * name of the implementation class with the key being the system property
+     * defined above.
+     * <p>
      * The jaxp.properties file is read only once by the JAXP implementation
-     * and it's values are then cached for future use.  If the file does not exist
+     * and its values are then cached for future use.  If the file does not exist
      * when the first attempt is made to read from it, no further attempts are
      * made to check for its existence.  It is not possible to change the value
      * of any property in jaxp.properties after it has been read for the first time.
      * </li>
      * <li>
-     * Use the service-provider loading facilities, defined by the
+     * <p>
+     * Use the service-provider loading facility, defined by the
      * {@link java.util.ServiceLoader} class, to attempt to locate and load an
      * implementation of the service using the {@linkplain
      * java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -94,22 +97,26 @@
      * ClassLoader#getSystemClassLoader() system class loader} will be used.
      * </li>
      * <li>
+     * <p>
      * Otherwise the system-default implementation is returned.
      * </li>
      * </ul>
      *
+     * <p>
      * Once an application has obtained a reference to a
-     * <code>SAXParserFactory</code> it can use the factory to
+     * {@code SAXParserFactory} it can use the factory to
      * configure and obtain parser instances.
      *
      *
      *
      * <h2>Tip for Trouble-shooting</h2>
-     * <p>Setting the <code>jaxp.debug</code> system property will cause
+     * <p>
+     * Setting the {@code jaxp.debug} system property will cause
      * this method to print a lot of debug messages
-     * to <code>System.err</code> about what it is doing and where it is looking at.</p>
+     * to {@code System.err} about what it is doing and where it is looking at.
      *
-     * <p> If you have problems loading {@link SAXParser}s, try:</p>
+     * <p>
+     * If you have problems loading {@link SAXParser}s, try:
      * <pre>
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
@@ -131,31 +138,32 @@
     }
 
     /**
-     * <p>Obtain a new instance of a <code>SAXParserFactory</code> from class name.
+     * <p>Obtain a new instance of a {@code SAXParserFactory} from class name.
      * This function is useful when there are multiple providers in the classpath.
      * It gives more control to the application as it can specify which provider
      * should be loaded.</p>
      *
-     * <p>Once an application has obtained a reference to a <code>SAXParserFactory</code>
+     * <p>Once an application has obtained a reference to a {@code SAXParserFactory}
      * it can use the factory to configure and obtain parser instances.</p>
      *
      *
      * <h2>Tip for Trouble-shooting</h2>
-     * <p>Setting the <code>jaxp.debug</code> system property will cause
+     * <p>Setting the {@code jaxp.debug} system property will cause
      * this method to print a lot of debug messages
-     * to <code>System.err</code> about what it is doing and where it is looking at.</p>
+     * to {@code System.err} about what it is doing and where it is looking at.</p>
      *
-     * <p> If you have problems, try:</p>
+     * <p>
+     * If you have problems, try:
      * <pre>
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
      *
-     * @param factoryClassName fully qualified factory class name that provides implementation of <code>javax.xml.parsers.SAXParserFactory</code>.
+     * @param factoryClassName fully qualified factory class name that provides implementation of {@code javax.xml.parsers.SAXParserFactory}.
      *
      * @param classLoader <code>ClassLoader</code> used to load the factory class. If <code>null</code>
      *                     current <code>Thread</code>'s context classLoader is used to load the factory class.
      *
-     * @return New instance of a <code>SAXParserFactory</code>
+     * @return New instance of a {@code SAXParserFactory}
      *
      * @throws FactoryConfigurationError if <code>factoryClassName</code> is <code>null</code>, or
      *                                   the factory class cannot be loaded, instantiated.
--- a/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLEventFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLEventFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -23,7 +23,7 @@
  */
 
 /*
- * Copyright (c) 2009, 2013, by Oracle Corporation. All Rights Reserved.
+ * Copyright (c) 2009, 2015, by Oracle Corporation. All Rights Reserved.
  */
 
 package javax.xml.stream;
@@ -70,19 +70,34 @@
    * This static method creates a new factory instance.
    * This method uses the following ordered lookup procedure to determine
    * the XMLEventFactory implementation class to load:
-   * </p>
+   * <p>
    * <ul>
    * <li>
    *   Use the javax.xml.stream.XMLEventFactory system property.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the system property defined above.
+   *   <p>
+   *   Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   {@code conf} directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>
+   *   The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
-   *   Use the service-provider loading facilities, defined by the
+   *   <p>
+   *   Use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to locate and load an
    *   implementation of the service using the {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -93,18 +108,18 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
+   *   <p>
    *   Otherwise, the system-default implementation is returned.
    * </li>
    * </ul>
    * <p>
    *   Once an application has obtained a reference to a XMLEventFactory it
    *   can use the factory to configure and obtain stream instances.
-   * </p>
    * <p>
    *   Note that this is a new method that replaces the deprecated newInstance() method.
    *     No changes in behavior are defined by this replacement method relative to
    *     the deprecated method.
-   * </p>
+   *
    * @throws FactoryConfigurationError in case of {@linkplain
    *   java.util.ServiceConfigurationError service configuration error} or if
    *   the implementation is not available or cannot be instantiated.
@@ -143,20 +158,35 @@
    * <p>
    * This method uses the following ordered lookup procedure to determine
    * the XMLEventFactory implementation class to load:
-   * </p>
+   * <p>
    * <ul>
    * <li>
    *   Use the value of the system property identified by {@code factoryId}.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the given {@code factoryId}.
+   *   <p>
+   *   Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   conf directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>
+   *   The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
+   *   <p>
    *   If {@code factoryId} is "javax.xml.stream.XMLEventFactory",
-   *   use the service-provider loading facilities, defined by the
+   *   use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class, java.lang.ClassLoader) locate and load}
    *   an implementation of the service using the specified {@code ClassLoader}.
@@ -169,6 +199,7 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
+   *   <p>
    *   Otherwise, throws a {@link FactoryConfigurationError}.
    * </li>
    * </ul>
@@ -179,7 +210,6 @@
    *   newInstance(String factoryId, ClassLoader classLoader)} method.
    * No changes in behavior are defined by this replacement method relative
    * to the deprecated method.
-   * </p>
    *
    * @apiNote The parameter factoryId defined here is inconsistent with that
    * of other JAXP factories where the first parameter is fully qualified
--- a/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLInputFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLInputFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -68,7 +68,7 @@
  *
  *
  * @version 1.2
- * @author Copyright (c) 2009 by Oracle Corporation. All Rights Reserved.
+ * @author Copyright (c) 2009, 2015 by Oracle Corporation. All Rights Reserved.
  * @see XMLOutputFactory
  * @see XMLEventReader
  * @see XMLStreamReader
@@ -163,16 +163,28 @@
    * </p>
    * <ul>
    * <li>
-   *   Use the javax.xml.stream.XMLInputFactory system property.
+   *   <p>Use the javax.xml.stream.XMLInputFactory system property.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the system property defined above.
+   *   <p>Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   {@code conf} directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
-   *   Use the service-provider loading facilities, defined by the
+   *   <p>Use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to locate and load an
    *   implementation of the service using the {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -183,7 +195,7 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
-   * Otherwise, the system-default implementation is returned.
+   * <p>Otherwise, the system-default implementation is returned.
    * </li>
    * </ul>
    * <p>
@@ -233,20 +245,36 @@
    * <p>
    * This method uses the following ordered lookup procedure to determine
    * the XMLInputFactory implementation class to load:
-   * </p>
+   * <p>
    * <ul>
    * <li>
+   *   <p>
    *   Use the value of the system property identified by {@code factoryId}.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the given {@code factoryId}.
+   *   <p>
+   *   Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   {@code conf} directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>
+   *   The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
+   *   <p>
    *   If {@code factoryId} is "javax.xml.stream.XMLInputFactory",
-   *   use the service-provider loading facilities, defined by the
+   *   use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class, java.lang.ClassLoader) locate and load}
    *   an implementation of the service using the specified {@code ClassLoader}.
@@ -259,6 +287,7 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
+   *   <p>
    *   Otherwise, throws a {@link FactoryConfigurationError}.
    * </li>
    * </ul>
@@ -269,7 +298,7 @@
    *   newInstance(String factoryId, ClassLoader classLoader)} method.
    * No changes in behavior are defined by this replacement method relative
    * to the deprecated method.
-   * </p>
+   *
    *
    * @apiNote The parameter factoryId defined here is inconsistent with that
    * of other JAXP factories where the first parameter is fully qualified
--- a/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLOutputFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/stream/XMLOutputFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -102,7 +102,7 @@
  * namespace URI of the element or attribute using that prefix.</p>
  *
  * @version 1.2
- * @author Copyright (c) 2009 by Oracle Corporation. All Rights Reserved.
+ * @author Copyright (c) 2009, 2015 by Oracle Corporation. All Rights Reserved.
  * @see XMLInputFactory
  * @see XMLEventWriter
  * @see XMLStreamWriter
@@ -136,19 +136,34 @@
    * This static method creates a new factory instance. This method uses the
    * following ordered lookup procedure to determine the XMLOutputFactory
    * implementation class to load:
-   * </p>
+   * <p>
    * <ul>
    * <li>
    *   Use the javax.xml.stream.XMLOutputFactory system property.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the system property defined above.
+   *   <p>
+   *   Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   {@code conf} directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>
+   *   The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
-   *   Use the service-provider loading facilities, defined by the
+   *   <p>
+   *   Use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to locate and load an
    *   implementation of the service using the {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -159,17 +174,17 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
+   *   <p>
    *   Otherwise, the system-default implementation is returned.
    * </li>
    * <p>
    * Once an application has obtained a reference to a XMLOutputFactory it
    * can use the factory to configure and obtain stream instances.
-   * </p>
    * <p>
    * Note that this is a new method that replaces the deprecated newInstance() method.
    *   No changes in behavior are defined by this replacement method relative to the
    *   deprecated method.
-   * </p>
+   *
    * @throws FactoryConfigurationError in case of {@linkplain
    *   java.util.ServiceConfigurationError service configuration error} or if
    *   the implementation is not available or cannot be instantiated.
@@ -207,20 +222,35 @@
    * <p>
    * This method uses the following ordered lookup procedure to determine
    * the XMLOutputFactory implementation class to load:
-   * </p>
+   * <p>
    * <ul>
    * <li>
    *   Use the value of the system property identified by {@code factoryId}.
    * </li>
    * <li>
-   *   Use the properties file "lib/stax.properties" in the JRE directory.
-   *     This configuration file is in standard java.util.Properties format
-   *     and contains the fully qualified name of the implementation class
-   *     with the key being the given {@code factoryId}.
+   *   <p>
+   *   Use the configuration file "stax.properties". The file is in standard
+   *   {@link java.util.Properties} format and typically located in the
+   *   {@code conf} directory of the Java installation. It contains the fully qualified
+   *   name of the implementation class with the key being the system property
+   *   defined above.
+   *
+   *   <p>
+   *   The stax.properties file is read only once by the implementation
+   *   and its values are then cached for future use.  If the file does not exist
+   *   when the first attempt is made to read from it, no further attempts are
+   *   made to check for its existence.  It is not possible to change the value
+   *   of any property in stax.properties after it has been read for the first time.
+   *
+   *   <p>
+   *   Use the jaxp configuration file "jaxp.properties". The file is in the same
+   *   format as stax.properties and will only be read if stax.properties does
+   *   not exist.
    * </li>
    * <li>
+   *   <p>
    *   If {@code factoryId} is "javax.xml.stream.XMLOutputFactory",
-   *   use the service-provider loading facilities, defined by the
+   *   use the service-provider loading facility, defined by the
    *   {@link java.util.ServiceLoader} class, to attempt to {@linkplain
    *   java.util.ServiceLoader#load(java.lang.Class, java.lang.ClassLoader) locate and load}
    *   an implementation of the service using the specified {@code ClassLoader}.
@@ -233,6 +263,7 @@
    *   ClassLoader#getSystemClassLoader() system class loader} will be used.
    * </li>
    * <li>
+   *   <p>
    *   Otherwise, throws a {@link FactoryConfigurationError}.
    * </li>
    * </ul>
@@ -246,7 +277,7 @@
    *   {@link #newInstance(java.lang.String, java.lang.ClassLoader)
    *   newInstance(String factoryId, ClassLoader classLoader)} method.
    *   The original method was incorrectly defined to return XMLInputFactory.
-   * </p>
+   *
    *
    * @param factoryId             Name of the factory to find, same as
    *                              a property name
--- a/jaxp/src/java.xml/share/classes/javax/xml/transform/TransformerFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/transform/TransformerFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,7 @@
  * <p>The system property that determines which Factory implementation
  * to create is named <code>"javax.xml.transform.TransformerFactory"</code>.
  * This property names a concrete subclass of the
- * <code>TransformerFactory</code> abstract class. If the property is not
+ * {@code TransformerFactory} abstract class. If the property is not
  * defined, a platform default is be used.</p>
  *
  * @author <a href="mailto:Jeff.Suttor@Sun.com">Jeff Suttor</a>
@@ -51,31 +51,36 @@
 
 
     /**
-     * <p>Obtain a new instance of a <code>TransformerFactory</code>.
-     * This static method creates a new factory instance.</p>
-     * <p>This method uses the following ordered lookup procedure to determine
-     * the <code>TransformerFactory</code> implementation class to
-     * load:</p>
+     * <p>
+     * Obtain a new instance of a {@code TransformerFactory}.
+     * This static method creates a new factory instance.
+     * <p>
+     * This method uses the following ordered lookup procedure to determine
+     * the {@code TransformerFactory} implementation class to
+     * load:
+     * <p>
      * <ul>
      * <li>
-     * Use the <code>javax.xml.transform.TransformerFactory</code> system
+     * Use the {@code javax.xml.transform.TransformerFactory} system
      * property.
      * </li>
      * <li>
-     * Use the properties file "conf/jaxp.properties" in the JRE directory.
-     * This configuration file is in standard <code>java.util.Properties
-     * </code> format and contains the fully qualified name of the
-     * implementation class with the key being the system property defined
-     * above.
-     * <br>
+     * <p>
+     * Use the configuration file "jaxp.properties". The file is in standard
+     * {@link java.util.Properties} format and typically located in the
+     * {@code conf} directory of the Java installation. It contains the fully qualified
+     * name of the implementation class with the key being the system property
+     * defined above.
+     * <p>
      * The jaxp.properties file is read only once by the JAXP implementation
-     * and it's values are then cached for future use.  If the file does not exist
+     * and its values are then cached for future use.  If the file does not exist
      * when the first attempt is made to read from it, no further attempts are
      * made to check for its existence.  It is not possible to change the value
      * of any property in jaxp.properties after it has been read for the first time.
      * </li>
      * <li>
-     *   Use the service-provider loading facilities, defined by the
+     * <p>
+     * Use the service-provider loading facility, defined by the
      *   {@link java.util.ServiceLoader} class, to attempt to locate and load an
      *   implementation of the service using the {@linkplain
      *   java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -86,13 +91,15 @@
      *   ClassLoader#getSystemClassLoader() system class loader} will be used.
      * </li>
      * <li>
+     * <p>
      *   Otherwise, the system-default implementation is returned.
      * </li>
      * </ul>
      *
-     * <p>Once an application has obtained a reference to a <code>
-     * TransformerFactory</code> it can use the factory to configure
-     * and obtain transformer instances.</p>
+     * <p>
+     * Once an application has obtained a reference to a
+     * {@code TransformerFactory} it can use the factory to configure
+     * and obtain transformer instances.
      *
      * @return new TransformerFactory instance, never null.
      *
@@ -111,13 +118,13 @@
     }
 
     /**
-     * <p>Obtain a new instance of a <code>TransformerFactory</code> from factory class name.
+     * <p>Obtain a new instance of a {@code TransformerFactory} from factory class name.
      * This function is useful when there are multiple providers in the classpath.
      * It gives more control to the application as it can specify which provider
      * should be loaded.</p>
      *
-     * <p>Once an application has obtained a reference to a <code>
-     * TransformerFactory</code> it can use the factory to configure
+     * <p>Once an application has obtained a reference to a
+     * {@code TransformerFactory} it can use the factory to configure
      * and obtain transformer instances.</p>
      *
      * <h2>Tip for Trouble-shooting</h2>
@@ -130,7 +137,7 @@
      * java -Djaxp.debug=1 YourProgram ....
      * </pre>
      *
-     * @param factoryClassName fully qualified factory class name that provides implementation of <code>javax.xml.transform.TransformerFactory</code>.
+     * @param factoryClassName fully qualified factory class name that provides implementation of {@code javax.xml.transform.TransformerFactory}.
      *
      * @param classLoader <code>ClassLoader</code> used to load the factory class. If <code>null</code>
      *                     current <code>Thread</code>'s context classLoader is used to load the factory class.
@@ -232,7 +239,7 @@
      * @param charset The value of the charset attribute to match.  May be null.
      *
      * @return A <code>Source</code> <code>Object</code> suitable for passing
-     *   to the <code>TransformerFactory</code>.
+     *   to the {@code TransformerFactory}.
      *
      * @throws TransformerConfigurationException An <code>Exception</code>
      *   is thrown if an error occurings during parsing of the
@@ -268,15 +275,15 @@
     //======= CONFIGURATION METHODS =======
 
         /**
-         * <p>Set a feature for this <code>TransformerFactory</code> and <code>Transformer</code>s
+         * <p>Set a feature for this {@code TransformerFactory} and <code>Transformer</code>s
          * or <code>Template</code>s created by this factory.</p>
          *
          * <p>
          * Feature names are fully qualified {@link java.net.URI}s.
          * Implementations may define their own features.
-         * An {@link TransformerConfigurationException} is thrown if this <code>TransformerFactory</code> or the
+         * An {@link TransformerConfigurationException} is thrown if this {@code TransformerFactory} or the
          * <code>Transformer</code>s or <code>Template</code>s it creates cannot support the feature.
-         * It is possible for an <code>TransformerFactory</code> to expose a feature value but be unable to change its state.
+         * It is possible for an {@code TransformerFactory} to expose a feature value but be unable to change its state.
          * </p>
          *
          * <p>All implementations are required to support the {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} feature.
@@ -299,7 +306,7 @@
          * @param name Feature name.
          * @param value Is feature state <code>true</code> or <code>false</code>.
          *
-         * @throws TransformerConfigurationException if this <code>TransformerFactory</code>
+         * @throws TransformerConfigurationException if this {@code TransformerFactory}
          *   or the <code>Transformer</code>s or <code>Template</code>s it creates cannot support this feature.
      * @throws NullPointerException If the <code>name</code> parameter is null.
          */
@@ -312,9 +319,9 @@
          * <p>
          * Feature names are fully qualified {@link java.net.URI}s.
          * Implementations may define their own features.
-         * <code>false</code> is returned if this <code>TransformerFactory</code> or the
+         * <code>false</code> is returned if this {@code TransformerFactory} or the
          * <code>Transformer</code>s or <code>Template</code>s it creates cannot support the feature.
-         * It is possible for an <code>TransformerFactory</code> to expose a feature value but be unable to change its state.
+         * It is possible for an {@code TransformerFactory} to expose a feature value but be unable to change its state.
          * </p>
          *
          * @param name Feature name.
--- a/jaxp/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -132,8 +132,9 @@
      * where "the class loader" refers to the context class loader:</p>
      * <ol>
      *  <li>
+     *     <p>
      *     If the system property
-     *     <code>"javax.xml.validation.SchemaFactory:<i>schemaLanguage</i>"</code>
+     *     {@code "javax.xml.validation.SchemaFactory:<i>schemaLanguage</i>"}
      *     is present (where <i>schemaLanguage</i> is the parameter
      *     to this method), then its value is read
      *     as a class name. The method will try to
@@ -141,12 +142,22 @@
      *     and returns it if it is successfully created.
      *   </li>
      *   <li>
-     *     <code>$java.home/conf/jaxp.properties</code> is read and
-     *     the value associated with the key being the system property above
-     *     is looked for. If present, the value is processed just like above.
+     *     <p>
+     *     Use the configuration file "jaxp.properties". The file is in standard
+     *     {@link java.util.Properties} format and typically located in the
+     *     conf directory of the Java installation. It contains the fully qualified
+     *     name of the implementation class with the key being the system property
+     *     defined above.
+     *     <p>
+     *     The jaxp.properties file is read only once by the JAXP implementation
+     *     and its values are then cached for future use.  If the file does not exist
+     *     when the first attempt is made to read from it, no further attempts are
+     *     made to check for its existence.  It is not possible to change the value
+     *     of any property in jaxp.properties after it has been read for the first time.
      *   </li>
      *   <li>
-     *   Use the service-provider loading facilities, defined by the
+     *   <p>
+     *   Use the service-provider loading facility, defined by the
      *   {@link java.util.ServiceLoader} class, to attempt to locate and load an
      *   implementation of the service using the {@linkplain
      *   java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -166,19 +177,20 @@
      *   {@link SchemaFactoryConfigurationError} will be thrown.
      *   </li>
      *   <li>
+     *     <p>
      *     Platform default <code>SchemaFactory</code> is located
      *     in a implementation specific way. There must be a platform default
      *     <code>SchemaFactory</code> for W3C XML Schema.
      *   </li>
      * </ol>
      *
-     * <p>If everything fails, {@link IllegalArgumentException} will be thrown.</p>
+     * <p>If everything fails, {@link IllegalArgumentException} will be thrown.
      *
-     * <p><strong>Tip for Trouble-shooting:</strong></p>
+     * <p><strong>Tip for Trouble-shooting:</strong>
      * <p>See {@link java.util.Properties#load(java.io.InputStream)} for
      * exactly how a property file is parsed. In particular, colons ':'
      * need to be escaped in a property file, so make sure schema language
-     * URIs are properly escaped in it. For example:</p>
+     * URIs are properly escaped in it. For example:
      * <pre>
      * http\://www.w3.org/2001/XMLSchema=org.acme.foo.XSSchemaFactory
      * </pre>
--- a/jaxp/src/java.xml/share/classes/javax/xml/xpath/XPathFactory.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxp/src/java.xml/share/classes/javax/xml/xpath/XPathFactory.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
 package javax.xml.xpath;
 
 /**
- * <p>An <code>XPathFactory</code> instance can be used to create
+ * <p>An {@code XPathFactory} instance can be used to create
  * {@link javax.xml.xpath.XPath} objects.</p>
  *
  *<p>See {@link #newInstance(String uri)} for lookup mechanism.</p>
@@ -68,13 +68,13 @@
     /**
      * <p>Protected constructor as {@link #newInstance()} or {@link #newInstance(String uri)}
      * or {@link #newInstance(String uri, String factoryClassName, ClassLoader classLoader)}
-     * should be used to create a new instance of an <code>XPathFactory</code>.</p>
+     * should be used to create a new instance of an {@code XPathFactory}.</p>
      */
     protected XPathFactory() {
     }
 
     /**
-     * <p>Get a new <code>XPathFactory</code> instance using the default object model,
+     * <p>Get a new {@code XPathFactory} instance using the default object model,
      * {@link #DEFAULT_OBJECT_MODEL_URI},
      * the W3C DOM.</p>
      *
@@ -85,10 +85,10 @@
      *
      * <p>Since the implementation for the W3C DOM is always available, this method will never fail.</p>
      *
-     * @return Instance of an <code>XPathFactory</code>.
+     * @return Instance of an {@code XPathFactory}.
      *
      * @throws RuntimeException When there is a failure in creating an
-     *   <code>XPathFactory</code> for the default object model.
+     *   {@code XPathFactory} for the default object model.
      */
     public static XPathFactory newInstance() {
 
@@ -105,23 +105,35 @@
     }
 
     /**
-    * <p>Get a new <code>XPathFactory</code> instance using the specified object model.</p>
+    * <p>Get a new {@code XPathFactory} instance using the specified object model.</p>
     *
-    * <p>To find a <code>XPathFactory</code> object,
+    * <p>To find a {@code XPathFactory} object,
     * this method looks the following places in the following order where "the class loader" refers to the context class loader:</p>
     * <ol>
     *   <li>
+    *     <p>
     *     If the system property {@link #DEFAULT_PROPERTY_NAME} + ":uri" is present,
     *     where uri is the parameter to this method, then its value is read as a class name.
     *     The method will try to create a new instance of this class by using the class loader,
     *     and returns it if it is successfully created.
     *   </li>
     *   <li>
-    *     ${java.home}/lib/jaxp.properties is read and the value associated with the key being the system property above is looked for.
-    *     If present, the value is processed just like above.
+    *     <p>
+    *     Use the configuration file "jaxp.properties". The file is in standard
+    *     {@link java.util.Properties} format and typically located in the
+    *     conf directory of the Java installation. It contains the fully qualified
+    *     name of the implementation class with the key being the system property
+    *     defined above.
+    *     <p>
+    *     The jaxp.properties file is read only once by the JAXP implementation
+    *     and its values are then cached for future use.  If the file does not exist
+    *     when the first attempt is made to read from it, no further attempts are
+    *     made to check for its existence.  It is not possible to change the value
+    *     of any property in jaxp.properties after it has been read for the first time.
     *   </li>
     *   <li>
-    *     Use the service-provider loading facilities, defined by the
+    *     <p>
+    *     Use the service-provider loading facility, defined by the
     *     {@link java.util.ServiceLoader} class, to attempt to locate and load an
     *     implementation of the service using the {@linkplain
     *     java.util.ServiceLoader#load(java.lang.Class) default loading mechanism}:
@@ -140,16 +152,17 @@
     *     {@link XPathFactoryConfigurationException} will be thrown.
     *   </li>
     *   <li>
-    *     Platform default <code>XPathFactory</code> is located in a platform specific way.
+    *     <p>
+    *     Platform default {@code XPathFactory} is located in a platform specific way.
     *     There must be a platform default XPathFactory for the W3C DOM, i.e. {@link #DEFAULT_OBJECT_MODEL_URI}.
     *   </li>
     * </ol>
-    * <p>If everything fails, an <code>XPathFactoryConfigurationException</code> will be thrown.</p>
+    * <p>If everything fails, an {@code XPathFactoryConfigurationException} will be thrown.
     *
-    * <p>Tip for Trouble-shooting:</p>
+    * <p>Tip for Trouble-shooting:
     * <p>See {@link java.util.Properties#load(java.io.InputStream)} for exactly how a property file is parsed.
     * In particular, colons ':' need to be escaped in a property file, so make sure the URIs are properly escaped in it.
-    * For example:</p>
+    * For example:
     * <pre>
     *   http\://java.sun.com/jaxp/xpath/dom=org.acme.DomXPathFactory
     * </pre>
@@ -159,7 +172,7 @@
     *   <code>http://java.sun.com/jaxp/xpath/dom</code> for the W3C DOM,
     *   the org.w3c.dom package, and implementations are free to introduce other URIs for other object models.
     *
-    * @return Instance of an <code>XPathFactory</code>.
+    * @return Instance of an {@code XPathFactory}.
     *
     * @throws XPathFactoryConfigurationException If the specified object model
     *      is unavailable, or if there is a configuration error.
@@ -199,7 +212,7 @@
     }
 
     /**
-     * <p>Obtain a new instance of a <code>XPathFactory</code> from a factory class name. <code>XPathFactory</code>
+     * <p>Obtain a new instance of a {@code XPathFactory} from a factory class name. {@code XPathFactory}
      * is returned if specified factory class supports the specified object model.
      * This function is useful when there are multiple providers in the classpath.
      * It gives more control to the application as it can specify which provider
@@ -227,7 +240,7 @@
      *                     current <code>Thread</code>'s context classLoader is used to load the factory class.
      *
      *
-     * @return New instance of a <code>XPathFactory</code>
+     * @return New instance of a {@code XPathFactory}
      *
      * @throws XPathFactoryConfigurationException
      *                   if <code>factoryClassName</code> is <code>null</code>, or
@@ -281,11 +294,11 @@
     }
 
     /**
-     * <p>Is specified object model supported by this <code>XPathFactory</code>?</p>
+     * <p>Is specified object model supported by this {@code XPathFactory}?</p>
      *
-     * @param objectModel Specifies the object model which the returned <code>XPathFactory</code> will understand.
+     * @param objectModel Specifies the object model which the returned {@code XPathFactory} will understand.
      *
-     * @return <code>true</code> if <code>XPathFactory</code> supports <code>objectModel</code>, else <code>false</code>.
+     * @return <code>true</code> if {@code XPathFactory} supports <code>objectModel</code>, else <code>false</code>.
      *
      * @throws NullPointerException If <code>objectModel</code> is <code>null</code>.
      * @throws IllegalArgumentException If <code>objectModel.length() == 0</code>.
@@ -293,16 +306,16 @@
     public abstract boolean isObjectModelSupported(String objectModel);
 
     /**
-     * <p>Set a feature for this <code>XPathFactory</code> and
+     * <p>Set a feature for this {@code XPathFactory} and
      * <code>XPath</code>s created by this factory.</p>
      *
      * <p>
      * Feature names are fully qualified {@link java.net.URI}s.
      * Implementations may define their own features.
      * An {@link XPathFactoryConfigurationException} is thrown if this
-     * <code>XPathFactory</code> or the <code>XPath</code>s
+     * {@code XPathFactory} or the <code>XPath</code>s
      * it creates cannot support the feature.
-     * It is possible for an <code>XPathFactory</code> to expose a feature value
+     * It is possible for an {@code XPathFactory} to expose a feature value
      * but be unable to change its state.
      * </p>
      *
@@ -316,7 +329,7 @@
      * @param name Feature name.
      * @param value Is feature state <code>true</code> or <code>false</code>.
      *
-     * @throws XPathFactoryConfigurationException if this <code>XPathFactory</code> or the <code>XPath</code>s
+     * @throws XPathFactoryConfigurationException if this {@code XPathFactory} or the <code>XPath</code>s
      *   it creates cannot support this feature.
      * @throws NullPointerException if <code>name</code> is <code>null</code>.
      */
@@ -330,9 +343,9 @@
      * Feature names are fully qualified {@link java.net.URI}s.
      * Implementations may define their own features.
      * An {@link XPathFactoryConfigurationException} is thrown if this
-     * <code>XPathFactory</code> or the <code>XPath</code>s
+     * {@code XPathFactory} or the <code>XPath</code>s
      * it creates cannot support the feature.
-     * It is possible for an <code>XPathFactory</code> to expose a feature value
+     * It is possible for an {@code XPathFactory} to expose a feature value
      * but be unable to change its state.
      * </p>
      *
@@ -341,7 +354,7 @@
      * @return State of the named feature.
      *
      * @throws XPathFactoryConfigurationException if this
-     *   <code>XPathFactory</code> or the <code>XPath</code>s
+     *   {@code XPathFactory} or the <code>XPath</code>s
      *   it creates cannot support this feature.
      * @throws NullPointerException if <code>name</code> is <code>null</code>.
      */
@@ -382,7 +395,7 @@
 
     /**
     * <p>Return a new <code>XPath</code> using the underlying object
-    * model determined when the <code>XPathFactory</code> was instantiated.</p>
+    * model determined when the {@code XPathFactory} was instantiated.</p>
     *
     * @return New instance of an <code>XPath</code>.
     */
--- a/jaxws/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/jaxws/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -299,3 +299,4 @@
 bb9cf97a5ac6aa1aa2a1034676d64413071f58ea jdk9-b51
 1d1e7704eca9c77ebe6a8705d17ac568801f7a3b jdk9-b52
 b8fbe40efa97fe0753076ccc6dfc50747c7877d0 jdk9-b53
+83a0cf0e08788c33872e1fe3e87bf9a0d1e59eaa jdk9-b54
--- a/jdk/.hgtags	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/.hgtags	Fri Mar 13 12:44:58 2015 +0000
@@ -296,3 +296,4 @@
 a0dad230aeb3b0d5cfd5b0715029e48d50573f8c jdk9-b51
 607ea68032cd4a4cf2c7a7a41fcb39602d6a75e2 jdk9-b52
 6cb5f5c34009630749a40cefe116d143f0b2583e jdk9-b53
+568a62ab7d764d7c74ac1d87387dbe500662b551 jdk9-b54
--- a/jdk/make/CompileDemos.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/CompileDemos.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -219,6 +219,9 @@
   # Param 7 = libs for solaris
   # Param 8 = libs for linux
   # Param 9 = extra directories with required sources
+  # Param 10 = DISABLED_WARNINGS_gcc
+  # Param 11 = DISABLED_WARNINGS_microsoft
+  # Param 12 = DISABLED_WARNINGS_clang
   BUILD_DEMO_JVMTI_$1_EXTRA_SRC := \
       $$(wildcard $(DEMO_OS_TYPE_SRC)/jvmti/$1) \
       $$(wildcard $$(addprefix $(DEMO_SHARE_SRC)/jvmti/, $2)) \
@@ -254,6 +257,9 @@
       LANG := $$(BUILD_DEMO_JVMTI_$1_LANG), \
       OPTIMIZATION := LOW, \
       CXXFLAGS := $$($1_CXXFLAGS), \
+      DISABLED_WARNINGS_gcc := $(10), \
+      DISABLED_WARNINGS_clang := $(12), \
+      DISABLED_WARNINGS_microsoft := $(11), \
       LDFLAGS := $(filter-out -incremental:no -opt:ref, $(LDFLAGS_JDKLIB)), \
       LDFLAGS_macosx := $(call SET_EXECUTABLE_ORIGIN), \
       LDFLAGS_SUFFIX := $$($1_EXTRA_CXX), \
--- a/jdk/make/gendata/GendataPolicyJars.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/gendata/GendataPolicyJars.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -77,7 +77,7 @@
     $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
 
 $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \
-    $(US_EXPORT_POLICY_JAR_DEPS), \
+    DEPENDENCIES := $(US_EXPORT_POLICY_JAR_DEPS), \
     SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
     SUFFIXES := .policy, \
     JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED), \
@@ -139,8 +139,8 @@
 	$(install-file)
 
 $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \
-    $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
-    $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
+    DEPENDENCIES := $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
+        $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
     SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \
     SUFFIXES := .policy, \
     JAR := $(LOCAL_POLICY_JAR_LIMITED), \
@@ -148,7 +148,7 @@
     SKIP_METAINF := true))
 
 $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_UNLIMITED, \
-    $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
+    DEPENDENCIES := $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
     SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \
     SUFFIXES := .policy, \
     JAR := $(LOCAL_POLICY_JAR_UNLIMITED), \
--- a/jdk/make/gensrc/Gensrc-jdk.dev.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/gensrc/Gensrc-jdk.dev.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -32,8 +32,7 @@
 $(eval $(call SetupCompileProperties,COMPILE_PROPERTIES, \
     $(filter %.properties, \
         $(call CacheFind, \
-            $(JDK_TOPDIR)/src/jdk.dev/share/classes/jdk/tools/jimage/resources \
-            $(JDK_TOPDIR)/src/jdk.dev/share/classes/sun/tools/jar/resources)), \
+            $(JDK_TOPDIR)/src/jdk.dev/share/classes/jdk/tools/jimage/resources)), \
     ListResourceBundle))
 
 TARGETS += $(COMPILE_PROPERTIES)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/gensrc/Gensrc-jdk.jartool.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -0,0 +1,44 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include GensrcCommon.gmk
+
+################################################################################
+
+include GensrcProperties.gmk
+
+$(eval $(call SetupCompileProperties,COMPILE_PROPERTIES, \
+    $(filter %.properties, \
+        $(call CacheFind, \
+            $(JDK_TOPDIR)/src/jdk.jartool/share/classes/sun/tools/jar/resources)), \
+    ListResourceBundle))
+
+TARGETS += $(COMPILE_PROPERTIES)
+
+################################################################################
+
+all: $(TARGETS)
+
+.PHONY: all
--- a/jdk/make/launcher/Launcher-jdk.dev.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/launcher/Launcher-jdk.dev.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -25,18 +25,6 @@
 
 include LauncherCommon.gmk
 
-$(eval $(call SetupLauncher,jar, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.tools.jar.Main"$(COMMA) }'))
-
-$(eval $(call SetupLauncher,jarsigner, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.jarsigner.Main"$(COMMA) }'))
-
-ifndef BUILD_HEADLESS_ONLY
-  $(eval $(call SetupLauncher,policytool, \
-      -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.policytool.PolicyTool"$(COMMA) }',, \
-      $(XLIBS)))
-endif
-
 $(eval $(call SetupLauncher,jdeps, \
     -DEXPAND_CLASSPATH_WILDCARDS \
     -DNEVER_ACT_AS_SERVER_CLASS_MACHINE \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/launcher/Launcher-jdk.jartool.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+$(eval $(call SetupLauncher,jar, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.tools.jar.Main"$(COMMA) }'))
+
+$(eval $(call SetupLauncher,jarsigner, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.jarsigner.Main"$(COMMA) }'))
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/launcher/Launcher-jdk.pack200.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -0,0 +1,112 @@
+#
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+$(eval $(call SetupLauncher,pack200, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "com.sun.java.util.jar.pack.Driver"$(COMMA) }'))
+
+################################################################################
+# The order of the object files on the link command line affects the size of the resulting
+# binary (at least on linux) which causes the size to differ between old and new build.
+
+UNPACKEXE_SRC := $(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+    $(JDK_TOPDIR)/src/jdk.pack200/share/native/unpack200
+UNPACKEXE_CFLAGS := -I$(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+    -I$(JDK_TOPDIR)/src/java.base/share/native/libjava \
+    -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava
+
+ifeq ($(USE_EXTERNAL_LIBZ), true)
+  UNPACKEXE_CFLAGS += -DSYSTEM_ZLIB
+  UNPACKEXE_ZIPOBJS := -lz
+else
+  UNPACKEXE_CFLAGS += -I$(JDK_TOPDIR)/src/java.base/share/native/libzip/zlib-1.2.8
+  UNPACKEXE_ZIPOBJS := $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zcrc32$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/deflate$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/trees$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zadler32$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/compress$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zutil$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inflate$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/infback$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inftrees$(OBJ_SUFFIX) \
+      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inffast$(OBJ_SUFFIX)
+
+endif
+
+UNPACKEXE_LANG := C
+ifeq ($(OPENJDK_TARGET_OS), solaris)
+  UNPACKEXE_LANG := C++
+endif
+
+# The linker on older SuSE distros (e.g. on SLES 10) complains with:
+# "Invalid version tag `SUNWprivate_1.1'. Only anonymous version tag is allowed in executable."
+# if feeded with a version script which contains named tags.
+ifeq ($(USING_BROKEN_SUSE_LD), yes)
+  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200.anonymous
+else
+  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200
+endif
+
+$(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \
+    SRC := $(UNPACKEXE_SRC), \
+    LANG := $(UNPACKEXE_LANG), \
+    OPTIMIZATION := LOW, \
+    CFLAGS := $(UNPACKEXE_CFLAGS) $(CXXFLAGS_JDKEXE) -DFULL, \
+    CFLAGS_release := -DPRODUCT, \
+    CFLAGS_linux := -fPIC, \
+    CFLAGS_solaris := -KPIC, \
+    CFLAGS_macosx := -fPIC, \
+    DISABLED_WARNINGS_gcc := sign-compare unused-result format-nonliteral \
+        format-security parentheses, \
+    DISABLED_WARNINGS_microsoft := 4267 4018, \
+    MAPFILE := $(UNPACK_MAPFILE),\
+    LDFLAGS := $(UNPACKEXE_ZIPOBJS) \
+        $(LDFLAGS_JDKEXE) $(LDFLAGS_CXX_JDK) \
+        $(call SET_SHARED_LIBRARY_NAME,$(LIBRARY_PREFIX)unpack$(SHARED_LIBRARY_SUFFIX)) \
+        $(call SET_SHARED_LIBRARY_ORIGIN), \
+    LDFLAGS_linux := -lc, \
+    LDFLAGS_solaris := $(UNPACKEXE_LDFLAGS_solaris) -lc, \
+    LDFLAGS_SUFFIX := $(LIBCXX), \
+    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpackexe$(OUTPUT_SUBDIR), \
+    OUTPUT_DIR := $(SUPPORT_OUTPUTDIR)/modules_cmds/$(MODULE), \
+    PROGRAM := unpack200, \
+    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
+    RC_FLAGS := $(RC_FLAGS) \
+        -D "JDK_FNAME=unpack200.exe" \
+        -D "JDK_INTERNAL_NAME=unpack200" \
+        -D "JDK_FTYPE=0x1L", \
+    DEBUG_SYMBOLS := true, \
+    MANIFEST := $(JDK_TOPDIR)/src/jdk.pack200/windows/native/unpack200/unpack200_proto.exe.manifest))
+
+ifneq ($(USE_EXTERNAL_LIBZ), true)
+
+  $(BUILD_UNPACKEXE): $(UNPACKEXE_ZIPOBJS)
+
+endif
+
+TARGETS += $(BUILD_UNPACKEXE)
+
+################################################################################
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/launcher/Launcher-jdk.policytool.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+ifndef BUILD_HEADLESS_ONLY
+  $(eval $(call SetupLauncher,policytool, \
+      -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "sun.security.tools.policytool.PolicyTool"$(COMMA) }',, \
+      $(XLIBS)))
+endif
--- a/jdk/make/launcher/Launcher-jdk.runtime.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LauncherCommon.gmk
-
-$(eval $(call SetupLauncher,pack200, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "com.sun.java.util.jar.pack.Driver"$(COMMA) }'))
-
-################################################################################
-# The order of the object files on the link command line affects the size of the resulting
-# binary (at least on linux) which causes the size to differ between old and new build.
-
-UNPACKEXE_SRC := $(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-    $(JDK_TOPDIR)/src/jdk.runtime/share/native/unpack200
-UNPACKEXE_CFLAGS := -I$(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-    -I$(JDK_TOPDIR)/src/java.base/share/native/libjava \
-    -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava
-
-ifeq ($(USE_EXTERNAL_LIBZ), true)
-  UNPACKEXE_CFLAGS += -DSYSTEM_ZLIB
-  UNPACKEXE_ZIPOBJS := -lz
-else
-  UNPACKEXE_CFLAGS += -I$(JDK_TOPDIR)/src/java.base/share/native/libzip/zlib-1.2.8
-  UNPACKEXE_ZIPOBJS := $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zcrc32$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/deflate$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/trees$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zadler32$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/compress$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/zutil$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inflate$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/infback$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inftrees$(OBJ_SUFFIX) \
-      $(SUPPORT_OUTPUTDIR)/native/java.base/libzip/inffast$(OBJ_SUFFIX)
-
-endif
-
-UNPACKEXE_LANG := C
-ifeq ($(OPENJDK_TARGET_OS), solaris)
-  UNPACKEXE_LANG := C++
-endif
-
-# The linker on older SuSE distros (e.g. on SLES 10) complains with:
-# "Invalid version tag `SUNWprivate_1.1'. Only anonymous version tag is allowed in executable."
-# if feeded with a version script which contains named tags.
-ifeq ($(USING_BROKEN_SUSE_LD), yes)
-  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200.anonymous
-else
-  UNPACK_MAPFILE = $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers-unpack200
-endif
-
-$(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \
-    SRC := $(UNPACKEXE_SRC), \
-    LANG := $(UNPACKEXE_LANG), \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(UNPACKEXE_CFLAGS) $(CXXFLAGS_JDKEXE) -DFULL, \
-    CFLAGS_release := -DPRODUCT, \
-    CFLAGS_linux := -fPIC, \
-    CFLAGS_solaris := -KPIC, \
-    CFLAGS_macosx := -fPIC, \
-    MAPFILE := $(UNPACK_MAPFILE),\
-    LDFLAGS := $(UNPACKEXE_ZIPOBJS) \
-        $(LDFLAGS_JDKEXE) $(LDFLAGS_CXX_JDK) \
-        $(call SET_SHARED_LIBRARY_NAME,$(LIBRARY_PREFIX)unpack$(SHARED_LIBRARY_SUFFIX)) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_linux := -lc, \
-    LDFLAGS_solaris := $(UNPACKEXE_LDFLAGS_solaris) -lc, \
-    LDFLAGS_SUFFIX := $(LIBCXX), \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpackexe$(OUTPUT_SUBDIR), \
-    OUTPUT_DIR := $(SUPPORT_OUTPUTDIR)/modules_cmds/$(MODULE), \
-    PROGRAM := unpack200, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=unpack200.exe" \
-        -D "JDK_INTERNAL_NAME=unpack200" \
-        -D "JDK_FTYPE=0x1L", \
-    DEBUG_SYMBOLS := true, \
-    MANIFEST := $(JDK_TOPDIR)/src/jdk.runtime/windows/native/unpack200/unpack200_proto.exe.manifest))
-
-ifneq ($(USE_EXTERNAL_LIBZ), true)
-
-  $(BUILD_UNPACKEXE): $(UNPACKEXE_ZIPOBJS)
-
-endif
-
-TARGETS += $(BUILD_UNPACKEXE)
-
-################################################################################
--- a/jdk/make/lib/Awt2dLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/Awt2dLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -55,6 +55,9 @@
     OPTIMIZATION := HIGHEST, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBMLIB_CFLAGS), \
+    DISABLED_WARNINGS_gcc := parentheses, \
+    DISABLED_WARNINGS_clang := parentheses, \
+    DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
     MAPFILE := $(BUILD_LIBMLIB_IMAGE_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -127,6 +130,7 @@
       CFLAGS := -xarch=sparcvis \
           $(LIBMLIB_IMAGE_V_CFLAGS) \
           $(CFLAGS_JDKLIB), \
+      DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
       MAPFILE := $(BUILD_LIBMLIB_IMAGE_MAPFILE), \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(BUILD_LIBMLIB_LDLIBS) -ljava -ljvm \
@@ -175,9 +179,6 @@
 
 LIBAWT_CFLAGS += -D__MEDIALIB_OLD_NAMES -D__USE_J2D_NAMES $(X_CFLAGS)
 
-ifeq ($(OPENJDK_TARGET_OS), macosx)
-endif
-
 ifeq ($(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH), solaris-sparc)
   LIBAWT_CFLAGS += -DMLIB_ADD_SUFF
   LIBAWT_CFLAGS += -xarch=sparcvis
@@ -253,6 +254,11 @@
     LANG := $(LIBAWT_LANG), \
     OPTIMIZATION := LOW, \
     CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_CFLAGS), \
+    DISABLED_WARNINGS_gcc := sign-compare unused-result maybe-uninitialized \
+        format-nonliteral parentheses, \
+    DISABLED_WARNINGS_clang := logical-op-parentheses, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4297 4244 4267, \
     ASFLAGS := $(LIBAWT_ASFLAGS), \
     MAPFILE := $(LIBAWT_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -361,6 +367,11 @@
         OPTIMIZATION := LOW, \
         CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_XAWT_CFLAGS) \
             $(X_CFLAGS), \
+        DISABLED_WARNINGS_gcc := type-limits pointer-to-int-cast \
+            deprecated-declarations unused-result maybe-uninitialized format \
+            format-security int-to-pointer-cast parentheses, \
+        DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE \
+            E_ASSIGNMENT_TYPE_MISMATCH E_NON_CONST_INIT, \
         MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_xawt/mapfile-vers, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(X_LIBS) $(LIBAWT_XAWT_LDFLAGS) \
@@ -417,6 +428,9 @@
         $(LCMS_CFLAGS), \
     CFLAGS_solaris := -xc99=no_lib, \
     CFLAGS_windows := -DCMS_IS_WINDOWS_, \
+    DISABLED_WARNINGS_gcc := format-nonliteral, \
+    DISABLED_WARNINGS_clang := tautological-compare, \
+    DISABLED_WARNINGS_solstudio := E_STATEMENT_NOT_REACHED, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -495,6 +509,9 @@
     CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJAVAJPEG_SRC)) \
         $(LIBJAVA_HEADER_FLAGS) \
         -I$(SUPPORT_OUTPUTDIR)/headers/java.desktop, \
+    DISABLED_WARNINGS_gcc := clobbered parentheses, \
+    DISABLED_WARNINGS_clang := logical-op-parentheses, \
+    DISABLED_WARNINGS_microsoft := 4267, \
     MAPFILE := $(BUILD_LIBJAVAJPEG_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(LIBJPEG_LIBS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -563,6 +580,9 @@
             $(CUPS_CFLAGS) \
             $(X_CFLAGS) \
             $(LIBAWT_HEADLESS_CFLAGS), \
+        DISABLED_WARNINGS_gcc := maybe-uninitialized int-to-pointer-cast, \
+        DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE \
+            E_EMPTY_TRANSLATION_UNIT, \
         MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_headless/mapfile-vers, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -644,6 +664,11 @@
     CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBFONTMANAGER_CFLAGS), \
     OPTIMIZATION := $(LIBFONTMANAGER_OPTIMIZATION), \
     CFLAGS_windows = -DCC_NOEX, \
+    DISABLED_WARNINGS_gcc := sign-compare int-to-pointer-cast reorder \
+        delete-non-virtual-dtor, \
+    DISABLED_WARNINGS_clang := unused-value incompatible-pointer-types, \
+    DISABLED_WARNINGS_solstudio := truncwarn, \
+    DISABLED_WARNINGS_microsoft := 4267 4244 4018 4090, \
     MAPFILE := $(BUILD_LIBFONTMANAGER_MAPFILE), \
     LDFLAGS := $(subst -Xlinker -z -Xlinker defs,,$(LDFLAGS_JDKLIB)) $(LDFLAGS_CXX_JDK) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -876,6 +901,10 @@
       OPTIMIZATION := LOW, \
       CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \
                 $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS) $(PNG_CFLAGS), \
+      DISABLED_WARNINGS_gcc := type-limits unused-result maybe-uninitialized, \
+      DISABLED_WARNINGS_clang := incompatible-pointer-types, \
+      DISABLED_WARNINGS_solstudio := E_NEWLINE_NOT_LAST, \
+      DISABLED_WARNINGS_microsoft := 4244 4267, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -946,6 +975,9 @@
           $(X_CFLAGS) \
           $(X_LIBS) \
           $(LIBAWT_LWAWT_CFLAGS), \
+      DISABLED_WARNINGS_clang := incomplete-implementation \
+          deprecated-declarations objc-method-access bitwise-op-parentheses \
+          incompatible-pointer-types parentheses-equality extra-tokens, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN) \
           -L$(INSTALL_LIBRARIES_HERE), \
--- a/jdk/make/lib/CoreLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/CoreLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
 WIN_VERIFY_LIB := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libverify/verify.lib
 
 ##########################################################################################
-# libfdlibm is statically linked with libjava below and not delivered into the 
+# libfdlibm is statically linked with libjava below and not delivered into the
 # product on its own.
 
 BUILD_LIBFDLIBM_OPTIMIZATION := HIGH
@@ -48,6 +48,8 @@
       CFLAGS := $(CFLAGS_JDKLIB) $(LIBFDLIBM_CFLAGS), \
       CFLAGS_windows_debug := -DLOGGING, \
       CFLAGS_aix := -qfloat=nomaf, \
+      DISABLED_WARNINGS_gcc := sign-compare, \
+      DISABLED_WARNINGS_microsoft := 4146 4244 4018, \
       ARFLAGS := $(ARFLAGS), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libfdlibm, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -94,6 +96,7 @@
     LANG := C, \
     OPTIMIZATION := $(LIBVERIFY_OPTIMIZATION), \
     CFLAGS := $(CFLAGS_JDKLIB), \
+    DISABLED_WARNINGS_microsoft := 4244 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libverify/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -147,6 +150,10 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(LIBJAVA_CFLAGS), \
+    DISABLED_WARNINGS_gcc := type-limits format-nonliteral, \
+    DISABLED_WARNINGS_clang := int-conversion, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4022 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjava/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -209,6 +216,9 @@
         -I$(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS_TYPE)/native/libjava \
         -I$(SUPPORT_OUTPUTDIR)/headers/java.base, \
     CFLAGS_unix := $(BUILD_LIBZIP_MMAP) -UDEBUG, \
+    DISABLED_WARNINGS_gcc := parentheses, \
+    DISABLED_WARNINGS_clang := dangling-else, \
+    DISABLED_WARNINGS_microsoft := 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libzip/mapfile-vers, \
     REORDER := $(BUILD_LIBZIP_REORDER), \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
@@ -307,6 +317,12 @@
     LANG := C, \
     OPTIMIZATION := HIGH, \
     CFLAGS := $(LIBJLI_CFLAGS), \
+    DISABLED_WARNINGS_gcc := pointer-to-int-cast sign-compare format-nonliteral \
+        parentheses, \
+    DISABLED_WARNINGS_clang := implicit-function-declaration parentheses \
+        int-conversion, \
+    DISABLED_WARNINGS_solstudio := E_ASM_DISABLES_OPTIMIZATION E_NEWLINE_NOT_LAST, \
+    DISABLED_WARNINGS_microsoft := 4244 4047 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjli/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -355,6 +371,7 @@
       LANG := C, \
       OPTIMIZATION := HIGH, \
       CFLAGS := $(STATIC_LIBRARY_FLAGS) $(LIBJLI_CFLAGS), \
+      DISABLED_WARNINGS_microsoft := 4244 4047 4267, \
       ARFLAGS := $(ARFLAGS), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjli_static, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -375,6 +392,8 @@
       LANG := C, \
       OPTIMIZATION := HIGH, \
       CFLAGS := $(CFLAGS_JDKLIB) $(LIBJLI_CFLAGS), \
+      DISABLED_WARNINGS_clang := implicit-function-declaration parentheses \
+          int-conversion, \
       LDFLAGS := -nostdlib -r, \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjli_static, \
       DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
@@ -401,4 +420,3 @@
   TARGETS += $(BUILD_LIBJLI_STATIC)
 
 endif
-
--- a/jdk/make/lib/Lib-java.security.jgss.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/Lib-java.security.jgss.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2GSS_SRC)) \
           $(LIBJAVA_HEADER_FLAGS) \
           -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
+      DISABLED_WARNINGS_gcc := pointer-to-int-cast, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2gss/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -82,6 +83,7 @@
         CFLAGS := $(CFLAGS_JDKLIB) \
             $(addprefix -I, $(BUILD_LIBKRB5_SRC)) \
             -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
+        DISABLED_WARNINGS_clang := implicit-function-declaration, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(call SET_SHARED_LIBRARY_ORIGIN), \
         LDFLAGS_SUFFIX := $(BUILD_LIBKRB5_LIBS), \
--- a/jdk/make/lib/Lib-jdk.crypto.ec.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/Lib-jdk.crypto.ec.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -54,6 +54,8 @@
           -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
       CXXFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CXXFLAGS_JDKLIB)) \
           $(BUILD_LIBSUNEC_FLAGS), \
+      DISABLED_WARNINGS_gcc := sign-compare, \
+      DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsunec/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
       LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/jdk/make/lib/Lib-jdk.crypto.pkcs11.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/Lib-jdk.crypto.pkcs11.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
     CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2PKCS11_SRC)) \
         $(LIBJAVA_HEADER_FLAGS) \
         -I$(SUPPORT_OUTPUTDIR)/headers/jdk.crypto.pkcs11, \
+    DISABLED_WARNINGS_solstudio := E_DECLARATION_IN_CODE, \
+    DISABLED_WARNINGS_microsoft := 4013 4267, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2pkcs11/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/jdk/make/lib/Lib-jdk.deploy.osx.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/Lib-jdk.deploy.osx.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) \
           -I$(LIBAPPLESCRIPTENGINE_SRC) \
           -I$(SUPPORT_OUTPUTDIR)/headers/jdk.deploy.osx, \
+      DISABLED_WARNINGS_clang := implicit-function-declaration format, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
       LDFLAGS_SUFFIX := -framework Cocoa \
@@ -71,6 +72,7 @@
       OPTIMIZATION := LOW, \
       CFLAGS := $(CFLAGS_JDKLIB) \
           $(LIBOSX_CFLAGS), \
+      DISABLED_WARNINGS_clang := deprecated-declarations, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           -L$(SUPPORT_OUTPUTDIR)/modules_libs/java.desktop \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/lib/Lib-jdk.pack200.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LibCommon.gmk
+
+################################################################################
+
+$(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \
+    LIBRARY := unpack, \
+    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
+    SRC := $(JDK_TOPDIR)/src/jdk.pack200/share/native/libunpack \
+        $(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack, \
+    LANG := C++, \
+    OPTIMIZATION := LOW, \
+    CFLAGS := $(CXXFLAGS_JDKLIB) \
+        -DNO_ZLIB -DUNPACK_JNI -DFULL \
+        -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
+        -I$(JDK_TOPDIR)/src/jdk.pack200/share/native/common-unpack \
+        $(LIBJAVA_HEADER_FLAGS), \
+    CFLAGS_release := -DPRODUCT, \
+    DISABLED_WARNINGS_gcc := conversion-null sign-compare format-security \
+        format-nonliteral parentheses, \
+    DISABLED_WARNINGS_solstudio := truncwarn, \
+    DISABLED_WARNINGS_microsoft := 4267 4018, \
+    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \
+    LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK) \
+        $(call SET_SHARED_LIBRARY_ORIGIN), \
+    LDFLAGS_windows := -map:$(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpack.map -debug \
+        jvm.lib $(WIN_JAVA_LIB), \
+    LDFLAGS_SUFFIX_unix := -ljvm $(LIBCXX) -ljava -lc, \
+    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libunpack, \
+    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
+    RC_FLAGS := $(RC_FLAGS) \
+        -D "JDK_FNAME=unpack.dll" \
+        -D "JDK_INTERNAL_NAME=unpack" \
+        -D "JDK_FTYPE=0x2L", \
+    DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
+
+$(BUILD_LIBUNPACK): $(call FindLib, java.base, java)
+
+TARGETS += $(BUILD_LIBUNPACK)
+
+################################################################################
--- a/jdk/make/lib/Lib-jdk.runtime.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LibCommon.gmk
-
-################################################################################
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \
-    LIBRARY := unpack, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(JDK_TOPDIR)/src/jdk.runtime/share/native/libunpack \
-        $(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack, \
-    LANG := C++, \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(CXXFLAGS_JDKLIB) \
-        -DNO_ZLIB -DUNPACK_JNI -DFULL \
-        -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
-        -I$(JDK_TOPDIR)/src/jdk.runtime/share/native/common-unpack \
-        $(LIBJAVA_HEADER_FLAGS), \
-    CFLAGS_release := -DPRODUCT, \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_windows := -map:$(SUPPORT_OUTPUTDIR)/native/$(MODULE)/unpack.map -debug \
-        jvm.lib $(WIN_JAVA_LIB), \
-    LDFLAGS_SUFFIX_unix := -ljvm $(LIBCXX) -ljava -lc, \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libunpack, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=unpack.dll" \
-        -D "JDK_INTERNAL_NAME=unpack" \
-        -D "JDK_FTYPE=0x2L", \
-    DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
-
-$(BUILD_LIBUNPACK): $(call FindLib, java.base, java)
-
-TARGETS += $(BUILD_LIBUNPACK)
-
-################################################################################
--- a/jdk/make/lib/NetworkingLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/NetworkingLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,9 @@
     OPTIMIZATION := LOW, \
     CFLAGS := $(CFLAGS_JDKLIB) -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
         $(LIBJAVA_HEADER_FLAGS) $(addprefix -I, $(LIBNET_SRC_DIRS)), \
+    DISABLED_WARNINGS_gcc := format-nonliteral, \
+    DISABLED_WARNINGS_clang := parentheses-equality constant-logical-operand, \
+    DISABLED_WARNINGS_microsoft := 4244 4047 4133, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libnet/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/jdk/make/lib/NioLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/NioLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,9 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBNIO_CFLAGS), \
+    DISABLED_WARNINGS_gcc := type-limits, \
+    DISABLED_WARNINGS_clang := tautological-compare, \
+    DISABLED_WARNINGS_microsoft := 4244, \
     MAPFILE := $(BUILD_LIBNIO_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(BUILD_LIBNIO_LDFLAGS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -92,4 +95,3 @@
 TARGETS += $(BUILD_LIBNIO)
 
 $(BUILD_LIBNIO): $(BUILD_LIBNET)
-
--- a/jdk/make/lib/PlatformLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/PlatformLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@
       CFLAGS := $(CFLAGS_JDKLIB) \
           $(addprefix -I, $(LIBOSXAPP_SRC)) \
           -I$(SUPPORT_OUTPUTDIR)/headers/java.desktop, \
+      DISABLED_WARNINGS_clang := objc-method-access objc-root-class, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
       LDFLAGS_SUFFIX_macosx := \
@@ -59,4 +60,3 @@
   TARGETS += $(BUILD_LIBOSXAPP)
 
 endif
-
--- a/jdk/make/lib/SoundLibraries.gmk	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/make/lib/SoundLibraries.gmk	Fri Mar 13 12:44:58 2015 +0000
@@ -129,6 +129,8 @@
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(LIBJSOUND_CFLAGS), \
     CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBJSOUND_CFLAGS), \
+    DISABLED_WARNINGS_clang := implicit-function-declaration \
+        deprecated-writable-strings, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjsound/mapfile-vers, \
     LDFLAGS := $(LDFLAGS_JDKLIB) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -175,6 +177,7 @@
           -DUSE_PORTS=TRUE \
           -DUSE_PLATFORM_MIDI_OUT=TRUE \
           -DUSE_PLATFORM_MIDI_IN=TRUE, \
+      DISABLED_WARNINGS_gcc := parentheses, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjsoundalsa/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
--- a/jdk/src/demo/share/jvmti/compiledMethodLoad/compiledMethodLoad.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/demo/share/jvmti/compiledMethodLoad/compiledMethodLoad.c	Fri Mar 13 12:44:58 2015 +0000
@@ -143,7 +143,7 @@
 
         for (i = 0; i < numpcs; i++) {
             PCStackInfo pcrecord = (record->pcinfo[i]);
-            fprintf(fp, "PcDescriptor(pc=0x%lx):\n", (jint)(pcrecord.pc));
+            fprintf(fp, "PcDescriptor(pc=%p):\n", pcrecord.pc);
             print_stack_frames(&pcrecord, jvmti, fp);
         }
     }
--- a/jdk/src/demo/share/jvmti/waiters/Agent.cpp	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/demo/share/jvmti/waiters/Agent.cpp	Fri Mar 13 12:44:58 2015 +0000
@@ -111,8 +111,6 @@
 /* VM initialization and VM death calls to Agent */
 Agent::Agent(jvmtiEnv *jvmti, JNIEnv *env, jthread thread)
 {
-    jvmtiError err;
-
     stdout_message("Agent created..\n");
     stdout_message("VMInit...\n");
     /* Start monitor list */
@@ -129,8 +127,6 @@
 
 void Agent::vm_death(jvmtiEnv *jvmti, JNIEnv *env)
 {
-    jvmtiError err;
-
     /* Delete all Monitors we allocated */
     for ( int i = 0; i < (int)monitor_count; i++ ) {
         delete monitor_list[i];
--- a/jdk/src/java.base/share/classes/com/sun/security/cert/internal/x509/X509V1CertImpl.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/com/sun/security/cert/internal/x509/X509V1CertImpl.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,8 +45,13 @@
  * The X509V1CertImpl class is used as a conversion wrapper around
  * sun.security.x509.X509Cert certificates when running under JDK1.1.x.
  *
+ * @deprecated This is the implementation class for the deprecated
+ *  {@code javax.security.cert.X509Certificate} class. The classes in the
+ *  {@code java.security.cert} package should be used instead.
+ *
  * @author Jeff Nisewanger
  */
+@Deprecated
 public class X509V1CertImpl extends X509Certificate implements Serializable {
     static final long serialVersionUID = -2048442350420423405L;
     private java.security.cert.X509Certificate wrappedCert;
--- a/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java	Fri Mar 13 12:44:58 2015 +0000
@@ -171,6 +171,11 @@
  * variables, first call {@link java.util.Map#clear() Map.clear()}
  * before adding environment variables.
  *
+ * <p>
+ * Unless otherwise noted, passing a {@code null} argument to a constructor
+ * or method in this class will cause a {@link NullPointerException} to be
+ * thrown.
+ *
  * @author Martin Buchholz
  * @since 1.5
  */
@@ -193,7 +198,6 @@
      * command.
      *
      * @param  command the list containing the program and its arguments
-     * @throws NullPointerException if the argument is null
      */
     public ProcessBuilder(List<String> command) {
         if (command == null)
@@ -228,8 +232,6 @@
      *
      * @param  command the list containing the program and its arguments
      * @return this process builder
-     *
-     * @throws NullPointerException if the argument is null
      */
     public ProcessBuilder command(List<String> command) {
         if (command == null)
@@ -554,7 +556,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to read from the specified file
          */
         public static Redirect from(final File file) {
@@ -581,7 +582,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to write to the specified file
          */
         public static Redirect to(final File file) {
@@ -612,7 +612,6 @@
          * }</pre>
          *
          * @param file The {@code File} for the {@code Redirect}.
-         * @throws NullPointerException if the specified file is null
          * @return a redirect to append to the specified file
          */
         public static Redirect appendTo(final File file) {
--- a/jdk/src/java.base/share/classes/java/nio/charset/Charset-X-Coder.java.template	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/nio/charset/Charset-X-Coder.java.template	Fri Mar 13 12:44:58 2015 +0000
@@ -266,16 +266,15 @@
      * method, passing the new replacement, after checking that the new
      * replacement is acceptable.  </p>
      *
-     * @param  newReplacement  The replacement value
-     *
+     * @param  newReplacement  The new replacement; must not be
+     *         <tt>null</tt>, must have non-zero length,
 #if[decoder]
-     *         The new replacement; must not be <tt>null</tt>
-     *         and must have non-zero length
+     *         and must not be longer than the value returned by the
+     *         {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method
 #end[decoder]
 #if[encoder]
-     *         The new replacement; must not be <tt>null</tt>, must have
-     *         non-zero length, must not be longer than the value returned by
-     *         the {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method, and
+     *         must not be longer than the value returned by the
+     *         {@link #max$ItypesPerOtype$() max$ItypesPerOtype$} method, and
      *         must be {@link #isLegalReplacement legal}
 #end[encoder]
      *
--- a/jdk/src/java.base/share/classes/java/security/acl/Acl.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Acl.java	Fri Mar 13 12:44:58 2015 +0000
@@ -82,8 +82,12 @@
  * @see java.security.acl.Acl#getPermissions
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
 
+@Deprecated
 public interface Acl extends Owner {
 
     /**
--- a/jdk/src/java.base/share/classes/java/security/acl/AclEntry.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/AclEntry.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,7 +50,11 @@
  * @see java.security.acl.Acl
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface AclEntry extends Cloneable {
 
     /**
--- a/jdk/src/java.base/share/classes/java/security/acl/AclNotFoundException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/AclNotFoundException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,11 @@
  * non-existent ACL (Access Control List).
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class AclNotFoundException extends Exception {
 
     private static final long serialVersionUID = 5684295034092681791L;
--- a/jdk/src/java.base/share/classes/java/security/acl/Group.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Group.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,11 @@
  * Principal or Group.
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Group extends Principal {
 
     /**
--- a/jdk/src/java.base/share/classes/java/security/acl/LastOwnerException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/LastOwnerException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,11 @@
  * @see java.security.acl.Owner#deleteOwner
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class LastOwnerException extends Exception {
 
     private static final long serialVersionUID = -5141997548211140359L;
--- a/jdk/src/java.base/share/classes/java/security/acl/NotOwnerException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/NotOwnerException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,11 @@
  * the object, but the Principal attempting the modification is not an owner.
  *
  * @author      Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public class NotOwnerException extends Exception {
 
     private static final long serialVersionUID = -5555597911163362399L;
--- a/jdk/src/java.base/share/classes/java/security/acl/Owner.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Owner.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,10 @@
  *
  * @see java.security.acl.Acl
  *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Owner {
 
     /**
--- a/jdk/src/java.base/share/classes/java/security/acl/Permission.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/Permission.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,11 @@
  * a particular type of access to a resource.
  *
  * @author Satish Dharmaraj
+ *
+ * @deprecated This package has been replaced by {@code java.security.Policy}
+ *      and related classes since 1.2.
  */
+@Deprecated
 public interface Permission {
 
     /**
--- a/jdk/src/java.base/share/classes/java/security/acl/package-info.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/acl/package-info.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,10 +24,12 @@
  */
 
 /**
- * The classes and interfaces in this package have been
- * superseded by classes in the java.security package.
- * See that package and, for example, java.security.Permission for details.
+ * The classes and interfaces in this package have been deprecated.
+ * The {@code java.security} package contains suitable replacements.
+ * See that package and, for example, {@code java.security.Permission}
+ * for details.
  *
  * @since 1.1
  */
+@Deprecated
 package java.security.acl;
--- a/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/security/spec/PKCS8EncodedKeySpec.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -89,7 +89,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      * @throws NullPointerException if {@code encodedKey}
-     * or {@algorithm} is null.
+     * or {@code algorithm} is null.
      * @throws IllegalArgumentException if {@code algorithm} is
      * the empty string {@code ""}
      * @since 1.9
--- a/jdk/src/java.base/share/classes/java/time/format/Parsed.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/time/format/Parsed.java	Fri Mar 13 12:44:58 2015 +0000
@@ -216,7 +216,16 @@
             return (R) (date != null ? LocalDate.from(date) : null);
         } else if (query == TemporalQueries.localTime()) {
             return (R) time;
-        } else if (query == TemporalQueries.zone() || query == TemporalQueries.offset()) {
+        } else if (query == TemporalQueries.offset()) {
+            Long offsetSecs = fieldValues.get(OFFSET_SECONDS);
+            if (offsetSecs != null) {
+                return (R) ZoneOffset.ofTotalSeconds(offsetSecs.intValue());
+            }
+            if (zone instanceof ZoneOffset) {
+                return (R)zone;
+            }
+            return query.queryFrom(this);
+        } else if (query == TemporalQueries.zone()) {
             return query.queryFrom(this);
         } else if (query == TemporalQueries.precision()) {
             return null;  // not a complete date/time
--- a/jdk/src/java.base/share/classes/java/util/regex/Matcher.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/java/util/regex/Matcher.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1183,7 +1183,7 @@
      *
      * <p> Given the regular expression <tt>dog</tt>, the input
      * <tt>"zzzdogzzzdogzzz"</tt>, and the function
-     * <tt>mr -> mr.group().toUpperCase()</tt>, an invocation of this method on
+     * {@code mr -> mr.group().toUpperCase()}, an invocation of this method on
      * a matcher for that expression would yield the string
      * <tt>"zzzDOGzzzDOGzzz"</tt>.
      *
@@ -1405,7 +1405,7 @@
      *
      * <p> Given the regular expression <tt>dog</tt>, the input
      * <tt>"zzzdogzzzdogzzz"</tt>, and the function
-     * <tt>mr -> mr.group().toUpperCase()</tt>, an invocation of this method on
+     * {@code mr -> mr.group().toUpperCase()}, an invocation of this method on
      * a matcher for that expression would yield the string
      * <tt>"zzzDOGzzzdogzzz"</tt>.
      *
--- a/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/HandshakeCompletedEvent.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -152,7 +152,11 @@
      *          {@link javax.security.cert.X509Certificate} format).
      * @exception SSLPeerUnverifiedException if the peer is not verified.
      * @see #getPeerPrincipal()
+     * @deprecated The {@link #getPeerCertificates()} method that returns an
+     *               array of {@code java.security.cert.Certificate} should
+     *               be used instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate [] getPeerCertificateChain()
             throws SSLPeerUnverifiedException
     {
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSession.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -272,7 +272,11 @@
      * @exception SSLPeerUnverifiedException if the peer's identity
      *          has not been verified
      * @see #getPeerPrincipal()
+     * @deprecated The {@link #getPeerCertificates()} method that returns an
+     *               array of {@code java.security.cert.Certificate} should
+     *               be used instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate [] getPeerCertificateChain()
             throws SSLPeerUnverifiedException;
 
--- a/jdk/src/java.base/share/classes/javax/security/cert/Certificate.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/Certificate.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,11 @@
  *
  * @since 1.4
  * @see X509Certificate
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  *
  * @author Hemma Prafullchandra
  */
+@Deprecated
 public abstract class Certificate {
 
     /**
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateEncodingException extends CertificateException {
 
     private static final long serialVersionUID = -8187642723048403470L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,9 @@
  * @author Hemma Prafullchandra
  * @since 1.4
  * @see Certificate
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateException extends Exception {
 
     private static final long serialVersionUID = -5757213374030785290L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateExpiredException extends CertificateException {
 
     private static final long serialVersionUID = 5091601212177261883L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateNotYetValidException extends CertificateException {
 
     private static final long serialVersionUID = -8976172474266822818L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,9 @@
  *
  * @since 1.4
  * @author Hemma Prafullchandra
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public class CertificateParsingException extends CertificateException {
 
     private static final long serialVersionUID = -8449352422951136229L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/X509Certificate.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -124,7 +124,9 @@
  * @see Certificate
  * @see java.security.cert.X509Extension
  * @see java.security.Security security properties
+ * @deprecated Use the classes in {@code java.security.cert} instead.
  */
+@Deprecated
 public abstract class X509Certificate extends Certificate {
 
     /*
--- a/jdk/src/java.base/share/classes/javax/security/cert/package-info.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/javax/security/cert/package-info.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,15 +26,16 @@
 /**
  * Provides classes for public key certificates.
  *
- * These classes include a simplified version of the
- * java.security.cert package.  These classes were developed
- * as part of the Java Secure Socket
+ * This package has been deprecated. These classes include a simplified
+ * version of the {@code java.security.cert} package.  These classes were
+ * developed as part of the Java Secure Socket
  * Extension (JSSE).  When JSSE was added to the J2SE version 1.4, this
  * package was added for backward-compatibility reasons only.
  *
  * New applications should not use this package, but rather
- * java.security.cert.
+ * {@code java.security.cert}.
  *
  * @since 1.4
  */
+@Deprecated
 package javax.security.cert;
--- a/jdk/src/java.base/share/classes/sun/misc/Unsafe.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/misc/Unsafe.java	Fri Mar 13 12:44:58 2015 +0000
@@ -57,31 +57,29 @@
      * Provides the caller with the capability of performing unsafe
      * operations.
      *
-     * <p> The returned <code>Unsafe</code> object should be carefully guarded
+     * <p>The returned {@code Unsafe} object should be carefully guarded
      * by the caller, since it can be used to read and write data at arbitrary
      * memory addresses.  It must never be passed to untrusted code.
      *
-     * <p> Most methods in this class are very low-level, and correspond to a
+     * <p>Most methods in this class are very low-level, and correspond to a
      * small number of hardware instructions (on typical machines).  Compilers
      * are encouraged to optimize these methods accordingly.
      *
-     * <p> Here is a suggested idiom for using unsafe operations:
+     * <p>Here is a suggested idiom for using unsafe operations:
      *
-     * <blockquote><pre>
+     * <pre> {@code
      * class MyTrustedClass {
      *   private static final Unsafe unsafe = Unsafe.getUnsafe();
      *   ...
      *   private long myCountAddress = ...;
      *   public int getCount() { return unsafe.getByte(myCountAddress); }
-     * }
-     * </pre></blockquote>
+     * }}</pre>
      *
-     * (It may assist compilers to make the local variable be
-     * <code>final</code>.)
+     * (It may assist compilers to make the local variable {@code final}.)
      *
-     * @exception  SecurityException  if a security manager exists and its
-     *             <code>checkPropertiesAccess</code> method doesn't allow
-     *             access to the system properties.
+     * @throws  SecurityException  if a security manager exists and its
+     *          {@code checkPropertiesAccess} method doesn't allow
+     *          access to the system properties.
      */
     @CallerSensitive
     public static Unsafe getUnsafe() {
@@ -100,28 +98,27 @@
     /**
      * Fetches a value from a given Java variable.
      * More specifically, fetches a field or array element within the given
-     * object <code>o</code> at the given offset, or (if <code>o</code> is
-     * null) from the memory address whose numerical value is the given
-     * offset.
+     * object {@code o} at the given offset, or (if {@code o} is null)
+     * from the memory address whose numerical value is the given offset.
      * <p>
      * The results are undefined unless one of the following cases is true:
      * <ul>
      * <li>The offset was obtained from {@link #objectFieldOffset} on
      * the {@link java.lang.reflect.Field} of some Java field and the object
-     * referred to by <code>o</code> is of a class compatible with that
+     * referred to by {@code o} is of a class compatible with that
      * field's class.
      *
-     * <li>The offset and object reference <code>o</code> (either null or
+     * <li>The offset and object reference {@code o} (either null or
      * non-null) were both obtained via {@link #staticFieldOffset}
      * and {@link #staticFieldBase} (respectively) from the
      * reflective {@link Field} representation of some Java field.
      *
-     * <li>The object referred to by <code>o</code> is an array, and the offset
-     * is an integer of the form <code>B+N*S</code>, where <code>N</code> is
-     * a valid index into the array, and <code>B</code> and <code>S</code> are
+     * <li>The object referred to by {@code o} is an array, and the offset
+     * is an integer of the form {@code B+N*S}, where {@code N} is
+     * a valid index into the array, and {@code B} and {@code S} are
      * the values obtained by {@link #arrayBaseOffset} and {@link
      * #arrayIndexScale} (respectively) from the array's class.  The value
-     * referred to is the <code>N</code><em>th</em> element of the array.
+     * referred to is the {@code N}<em>th</em> element of the array.
      *
      * </ul>
      * <p>
@@ -162,7 +159,7 @@
      * is stored into that variable.
      * <p>
      * The variable must be of the same type as the method
-     * parameter <code>x</code>.
+     * parameter {@code x}.
      *
      * @param o Java heap object in which the variable resides, if any, else
      *        null
@@ -184,9 +181,9 @@
     /**
      * Stores a reference value into a given Java variable.
      * <p>
-     * Unless the reference <code>x</code> being stored is either null
+     * Unless the reference {@code x} being stored is either null
      * or matches the field type, the results are undefined.
-     * If the reference <code>o</code> is non-null, car marks or
+     * If the reference {@code o} is non-null, car marks or
      * other store barriers for that object (if the VM requires them)
      * are updated.
      * @see #putInt(Object, long, int)
@@ -272,11 +269,11 @@
      * zero, or does not point into a block obtained from {@link
      * #allocateMemory}, the results are undefined.
      *
-     * <p> If the native pointer is less than 64 bits wide, it is extended as
+     * <p>If the native pointer is less than 64 bits wide, it is extended as
      * an unsigned number to a Java long.  The pointer may be indexed by any
      * given byte offset, simply by adding that offset (as a simple integer) to
      * the long representing the pointer.  The number of bytes actually read
-     * from the target address maybe determined by consulting {@link
+     * from the target address may be determined by consulting {@link
      * #addressSize}.
      *
      * @see #allocateMemory
@@ -288,7 +285,7 @@
      * zero, or does not point into a block obtained from {@link
      * #allocateMemory}, the results are undefined.
      *
-     * <p> The number of bytes actually written at the target address maybe
+     * <p>The number of bytes actually written at the target address may be
      * determined by consulting {@link #addressSize}.
      *
      * @see #getAddress(long)
@@ -357,7 +354,7 @@
      * (usually zero).  This provides a <em>single-register</em> addressing mode,
      * as discussed in {@link #getInt(Object,long)}.
      *
-     * <p>Equivalent to <code>setMemory(null, address, bytes, value)</code>.
+     * <p>Equivalent to {@code setMemory(null, address, bytes, value)}.
      */
     public void setMemory(long address, long bytes, byte value) {
         setMemory(null, address, bytes, value);
@@ -388,7 +385,7 @@
      * block.  This provides a <em>single-register</em> addressing mode,
      * as discussed in {@link #getInt(Object,long)}.
      *
-     * Equivalent to <code>copyMemory(null, srcAddress, null, destAddress, bytes)</code>.
+     * Equivalent to {@code copyMemory(null, srcAddress, null, destAddress, bytes)}.
      */
     public void copyMemory(long srcAddress, long destAddress, long bytes) {
         copyMemory(null, srcAddress, null, destAddress, bytes);
@@ -413,7 +410,7 @@
     public static final int INVALID_FIELD_OFFSET   = -1;
 
     /**
-     * Report the location of a given field in the storage allocation of its
+     * Reports the location of a given field in the storage allocation of its
      * class.  Do not expect to perform any sort of arithmetic on this offset;
      * it is just a cookie which is passed to the unsafe heap memory accessors.
      *
@@ -433,7 +430,7 @@
     public native long objectFieldOffset(Field f);
 
     /**
-     * Report the location of a given static field, in conjunction with {@link
+     * Reports the location of a given static field, in conjunction with {@link
      * #staticFieldBase}.
      * <p>Do not expect to perform any sort of arithmetic on this offset;
      * it is just a cookie which is passed to the unsafe heap memory accessors.
@@ -452,7 +449,7 @@
     public native long staticFieldOffset(Field f);
 
     /**
-     * Report the location of a given static field, in conjunction with {@link
+     * Reports the location of a given static field, in conjunction with {@link
      * #staticFieldOffset}.
      * <p>Fetch the base "Object", if any, with which static fields of the
      * given class can be accessed via methods like {@link #getInt(Object,
@@ -464,7 +461,7 @@
     public native Object staticFieldBase(Field f);
 
     /**
-     * Detect if the given class may need to be initialized. This is often
+     * Detects if the given class may need to be initialized. This is often
      * needed in conjunction with obtaining the static field base of a
      * class.
      * @return false only if a call to {@code ensureClassInitialized} would have no effect
@@ -472,14 +469,14 @@
     public native boolean shouldBeInitialized(Class<?> c);
 
     /**
-     * Ensure the given class has been initialized. This is often
+     * Ensures the given class has been initialized. This is often
      * needed in conjunction with obtaining the static field base of a
      * class.
      */
     public native void ensureClassInitialized(Class<?> c);
 
     /**
-     * Report the offset of the first element in the storage allocation of a
+     * Reports the offset of the first element in the storage allocation of a
      * given array class.  If {@link #arrayIndexScale} returns a non-zero value
      * for the same class, you may use that scale factor, together with this
      * base offset, to form new offsets to access elements of arrays of the
@@ -527,7 +524,7 @@
             = theUnsafe.arrayBaseOffset(Object[].class);
 
     /**
-     * Report the scale factor for addressing elements in the storage
+     * Reports the scale factor for addressing elements in the storage
      * allocation of a given array class.  However, arrays of "narrow" types
      * will generally not work properly with accessors like {@link
      * #getByte(Object, long)}, so the scale factor for such classes is reported
@@ -576,7 +573,7 @@
             = theUnsafe.arrayIndexScale(Object[].class);
 
     /**
-     * Report the size in bytes of a native pointer, as stored via {@link
+     * Reports the size in bytes of a native pointer, as stored via {@link
      * #putAddress}.  This value will be either 4 or 8.  Note that the sizes of
      * other primitive types (as stored in native memory blocks) is determined
      * fully by their information content.
@@ -587,7 +584,7 @@
     public static final int ADDRESS_SIZE = theUnsafe.addressSize();
 
     /**
-     * Report the size in bytes of a native memory page (whatever that is).
+     * Reports the size in bytes of a native memory page (whatever that is).
      * This value will always be a power of two.
      */
     public native int pageSize();
@@ -596,7 +593,7 @@
     /// random trusted operations from JNI:
 
     /**
-     * Tell the VM to define a class, without security checks.  By default, the
+     * Tells the VM to define a class, without security checks.  By default, the
      * class loader and protection domain come from the caller's class.
      */
     public native Class<?> defineClass(String name, byte[] b, int off, int len,
@@ -604,7 +601,7 @@
                                        ProtectionDomain protectionDomain);
 
     /**
-     * Define a class but do not make it known to the class loader or system dictionary.
+     * Defines a class but does not make it known to the class loader or system dictionary.
      * <p>
      * For each CP entry, the corresponding CP patch must either be null or have
      * the a format that matches its tag:
@@ -621,38 +618,38 @@
      */
     public native Class<?> defineAnonymousClass(Class<?> hostClass, byte[] data, Object[] cpPatches);
 
-
-    /** Allocate an instance but do not run any constructor.
-        Initializes the class if it has not yet been. */
+    /**
+     * Allocates an instance but does not run any constructor.
+     * Initializes the class if it has not yet been.
+     */
     public native Object allocateInstance(Class<?> cls)
         throws InstantiationException;
 
-    /** Throw the exception without telling the verifier. */
+    /** Throws the exception without telling the verifier. */
     public native void throwException(Throwable ee);
 
-
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapObject(Object o, long offset,
                                                      Object expected,
                                                      Object x);
 
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapInt(Object o, long offset,
                                                   int expected,
                                                   int x);
 
     /**
-     * Atomically update Java variable to <tt>x</tt> if it is currently
-     * holding <tt>expected</tt>.
-     * @return <tt>true</tt> if successful
+     * Atomically updates Java variable to {@code x} if it is currently
+     * holding {@code expected}.
+     * @return {@code true} if successful
      */
     public final native boolean compareAndSwapLong(Object o, long offset,
                                                    long expected,
@@ -736,28 +733,28 @@
     public native void    putOrderedLong(Object o, long offset, long x);
 
     /**
-     * Unblock the given thread blocked on <tt>park</tt>, or, if it is
-     * not blocked, cause the subsequent call to <tt>park</tt> not to
+     * Unblocks the given thread blocked on {@code park}, or, if it is
+     * not blocked, causes the subsequent call to {@code park} not to
      * block.  Note: this operation is "unsafe" solely because the
      * caller must somehow ensure that the thread has not been
      * destroyed. Nothing special is usually required to ensure this
      * when called from Java (in which there will ordinarily be a live
      * reference to the thread) but this is not nearly-automatically
      * so when calling from native code.
+     *
      * @param thread the thread to unpark.
-     *
      */
     public native void unpark(Object thread);
 
     /**
-     * Block current thread, returning when a balancing
-     * <tt>unpark</tt> occurs, or a balancing <tt>unpark</tt> has
+     * Blocks current thread, returning when a balancing
+     * {@code unpark} occurs, or a balancing {@code unpark} has
      * already occurred, or the thread is interrupted, or, if not
      * absolute and time is not zero, the given time nanoseconds have
      * elapsed, or if absolute, the given deadline in milliseconds
      * since Epoch has passed, or spuriously (i.e., returning for no
      * "reason"). Note: This operation is in the Unsafe class only
-     * because <tt>unpark</tt> is, so it would be strange to place it
+     * because {@code unpark} is, so it would be strange to place it
      * elsewhere.
      */
     public native void park(boolean isAbsolute, long time);
@@ -765,8 +762,8 @@
     /**
      * Gets the load average in the system run queue assigned
      * to the available processors averaged over various periods of time.
-     * This method retrieves the given <tt>nelem</tt> samples and
-     * assigns to the elements of the given <tt>loadavg</tt> array.
+     * This method retrieves the given {@code nelem} samples and
+     * assigns to the elements of the given {@code loadavg} array.
      * The system imposes a maximum of 3 samples, representing
      * averages over the last 1,  5,  and  15 minutes, respectively.
      *
@@ -784,8 +781,8 @@
 
     /**
      * Atomically adds the given value to the current value of a field
-     * or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -803,8 +800,8 @@
 
     /**
      * Atomically adds the given value to the current value of a field
-     * or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -822,8 +819,8 @@
 
     /**
      * Atomically exchanges the given value with the current value of
-     * a field or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * a field or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -841,8 +838,8 @@
 
     /**
      * Atomically exchanges the given value with the current value of
-     * a field or array element within the given object <code>o</code>
-     * at the given <code>offset</code>.
+     * a field or array element within the given object {@code o}
+     * at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
@@ -861,7 +858,7 @@
     /**
      * Atomically exchanges the given reference value with the current
      * reference value of a field or array element within the given
-     * object <code>o</code> at the given <code>offset</code>.
+     * object {@code o} at the given {@code offset}.
      *
      * @param o object/array to update the field/element in
      * @param offset field/element offset
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -244,7 +244,9 @@
     public java.security.cert.Certificate[] getServerCertificates()
             throws SSLPeerUnverifiedException {
         if (cachedResponse != null) {
-            List<java.security.cert.Certificate> l = ((SecureCacheResponse)cachedResponse).getServerCertificateChain();
+            List<java.security.cert.Certificate> l =
+                    ((SecureCacheResponse)cachedResponse)
+                            .getServerCertificateChain();
             if (l == null) {
                 return null;
             } else {
@@ -262,7 +264,12 @@
     /**
      * Returns the server's X.509 certificate chain, or null if
      * the server did not authenticate.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate[] getServerCertificateChain()
             throws SSLPeerUnverifiedException {
         if (cachedResponse != null) {
@@ -271,7 +278,7 @@
         if (http == null) {
             throw new IllegalStateException("connection not yet open");
         } else {
-            return ((HttpsClient)http).getServerCertificateChain ();
+            return ((HttpsClient)http).getServerCertificateChain();
         }
     }
 
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -699,7 +699,12 @@
     /**
      * Returns the X.509 certificate chain with which the server
      * authenticated itself, or null if the server did not authenticate.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     javax.security.cert.X509Certificate [] getServerCertificateChain()
             throws SSLPeerUnverifiedException
     {
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -204,7 +204,12 @@
      * NOTE: This method is not necessary for the version of this class
      * implementing javax.net.ssl.HttpsURLConnection, but provided for
      * compatibility with the com.sun.net.ssl.HttpsURLConnection version.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getServerCertificates()} instead.
      */
+    @Deprecated
     public javax.security.cert.X509Certificate[] getServerCertificateChain() {
         try {
             return delegate.getServerCertificateChain();
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1569,6 +1569,9 @@
     /*
      * Returns the subject alternative name of the specified type in the
      * subjectAltNames extension of a certificate.
+     *
+     * Note that only those subjectAltName types that use String data
+     * should be passed into this function.
      */
     private static Collection<String> getSubjectAltNames(
             Collection<List<?>> subjectAltNames, int type) {
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -464,8 +464,13 @@
      *
      * @return array of peer X.509 certs, with the peer's own cert
      *  first in the chain, and with the "root" CA last.
+     *
+     * @deprecated This method returns the deprecated
+     *  {@code javax.security.cert.X509Certificate} type.
+     *  Use {@code getPeerCertificates()} instead.
      */
     @Override
+    @Deprecated
     public javax.security.cert.X509Certificate[] getPeerCertificateChain()
             throws SSLPeerUnverifiedException {
         //
--- a/jdk/src/java.base/share/native/libjli/java.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/native/libjli/java.c	Fri Mar 13 12:44:58 2015 +0000
@@ -661,15 +661,24 @@
          * arguments are for the application (i.e. the main class name, or
          * the -jar argument).
          */
-        if ((i > 0 && *arg != '-')
-                || JLI_StrCmp(arg, "-version") == 0
-                || JLI_StrCmp(arg, "-fullversion") == 0
-                || JLI_StrCmp(arg, "-help") == 0
-                || JLI_StrCmp(arg, "-?") == 0
-                || JLI_StrCmp(arg, "-jar") == 0
-                || JLI_StrCmp(arg, "-X") == 0
-                ) {
-            return;
+        if (i > 0) {
+            char *prev = argv[i - 1];
+            // skip non-dash arg preceded by class path specifiers
+            if (*arg != '-' &&
+                    ((JLI_StrCmp(prev, "-cp") == 0
+                    || JLI_StrCmp(prev, "-classpath") == 0))) {
+                continue;
+            }
+
+            if (*arg != '-'
+                    || JLI_StrCmp(arg, "-version") == 0
+                    || JLI_StrCmp(arg, "-fullversion") == 0
+                    || JLI_StrCmp(arg, "-help") == 0
+                    || JLI_StrCmp(arg, "-?") == 0
+                    || JLI_StrCmp(arg, "-jar") == 0
+                    || JLI_StrCmp(arg, "-X") == 0) {
+                return;
+            }
         }
         /*
          * The following case checks for "-XX:NativeMemoryTracking=value".
--- a/jdk/src/java.base/share/native/libjli/manifest_info.h	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/native/libjli/manifest_info.h	Fri Mar 13 12:44:58 2015 +0000
@@ -32,13 +32,16 @@
  * Zip file header signatures
  */
 #define SIGSIZ 4                    /* size of all header signatures */
-#define LOCSIG 0x04034b50L          /* "PK\003\004" */
-#define EXTSIG 0x08074b50L          /* "PK\007\008" */
-#define CENSIG 0x02014b50L          /* "PK\001\002" */
-#define ENDSIG 0x06054b50L          /* "PK\005\006" */
 
-#define ZIP64_ENDSIG 0x06064b50L    /* "PK\006\006" */
-#define ZIP64_LOCSIG 0x07064b50L    /* "PK\006\007" */
+#define PKZIP_SIGNATURE_AT(p, b2, b3) \
+  (((p)[0] == 'P') & ((p)[1] == 'K') & ((p)[2] == b2) & ((p)[3] == b3))
+#define CENSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 1, 2)
+#define LOCSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 3, 4)
+#define ENDSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 5, 6)
+#define EXTSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 7, 8)
+#define ZIP64_ENDSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 6)
+#define ZIP64_LOCSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 7)
+
 /*
  * Header sizes including signatures
  */
--- a/jdk/src/java.base/share/native/libjli/parse_manifest.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/native/libjli/parse_manifest.c	Fri Mar 13 12:44:58 2015 +0000
@@ -138,7 +138,7 @@
         return -1;
     if ((bytes = read(fd, ep, ZIP64_LOCHDR)) < 0)
         return -1;
-    if (GETSIG(ep) == ZIP64_LOCSIG)
+    if (ZIP64_LOCSIG_AT(ep))
        return end64pos;
     return -1;
 }
@@ -176,7 +176,7 @@
         return (-1);
     if ((bytes = read(fd, eb, ENDHDR)) < 0)
         return (-1);
-    if (GETSIG(eb) == ENDSIG) {
+    if (ENDSIG_AT(eb)) {
         return haveZIP64(eb) ? find_end64(fd, eb, pos) : pos;
     }
 
@@ -200,14 +200,11 @@
 
     /*
      * Search backwards from the end of file stopping when the END header
-     * signature is found. (The first condition of the "if" is just a
-     * fast fail, because the GETSIG macro isn't always cheap.  The
-     * final condition protects against false positives.)
+     * signature is found.
      */
     endpos = &buffer[bytes];
     for (cp = &buffer[bytes - ENDHDR]; cp >= &buffer[0]; cp--)
-        if ((*cp == (ENDSIG & 0xFF)) && (GETSIG(cp) == ENDSIG) &&
-          (cp + ENDHDR + ENDCOM(cp) == endpos)) {
+        if (ENDSIG_AT(cp) && (cp + ENDHDR + ENDCOM(cp) == endpos)) {
             (void) memcpy(eb, cp, ENDHDR);
             free(buffer);
             pos = flen - (endpos - cp);
@@ -267,7 +264,7 @@
         if ((bytes = read(fd, buffer, MINREAD)) < 0) {
             return (-1);
         }
-        if (GETSIG(buffer) != ZIP64_ENDSIG) {
+        if (!ZIP64_ENDSIG_AT(buffer)) {
             return -1;
         }
         if ((offset = ZIP64_ENDOFF(buffer)) < (jlong)0) {
@@ -356,7 +353,7 @@
      * Loop through the Central Directory Headers. Note that a valid zip/jar
      * must have an ENDHDR (with ENDSIG) after the Central Directory.
      */
-    while (GETSIG(p) == CENSIG) {
+    while (CENSIG_AT(p)) {
 
         /*
          * If a complete header isn't in the buffer, shift the contents
@@ -403,7 +400,7 @@
                 free(buffer);
                 return (-1);
             }
-            if (GETSIG(locbuf) != LOCSIG) {
+            if (!LOCSIG_AT(locbuf)) {
                 free(buffer);
                 return (-1);
             }
--- a/jdk/src/java.base/share/native/libzip/zip_util.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/native/libzip/zip_util.c	Fri Mar 13 12:44:58 2015 +0000
@@ -281,9 +281,9 @@
     return (cenpos >= 0 &&
             locpos >= 0 &&
             readFullyAt(zip->zfd, buf, sizeof(buf), cenpos) != -1 &&
-            GETSIG(buf) == CENSIG &&
+            CENSIG_AT(buf) &&
             readFullyAt(zip->zfd, buf, sizeof(buf), locpos) != -1 &&
-            GETSIG(buf) == LOCSIG);
+            LOCSIG_AT(buf));
 }
 
 /*
@@ -674,7 +674,7 @@
         method = CENHOW(cp);
         nlen   = CENNAM(cp);
 
-        if (GETSIG(cp) != CENSIG)
+        if (!CENSIG_AT(cp))
             ZIP_FORMAT_ERROR("invalid CEN header (bad signature)");
         if (CENFLG(cp) & 1)
             ZIP_FORMAT_ERROR("invalid CEN header (encrypted entry)");
@@ -827,10 +827,7 @@
 
     // Assumption, zfd refers to start of file. Trivially, reuse errbuf.
     if (readFully(zfd, errbuf, 4) != -1) {  // errors will be handled later
-        if (GETSIG(errbuf) == LOCSIG)
-            zip->locsig = JNI_TRUE;
-        else
-            zip->locsig = JNI_FALSE;
+        zip->locsig = LOCSIG_AT(errbuf) ? JNI_TRUE : JNI_FALSE;
     }
 
     len = zip->len = IO_Lseek(zfd, 0, SEEK_END);
@@ -1284,7 +1281,7 @@
             zip->msg = "error reading zip file";
             return -1;
         }
-        if (GETSIG(loc) != LOCSIG) {
+        if (!LOCSIG_AT(loc)) {
             zip->msg = "invalid LOC header (bad signature)";
             return -1;
         }
--- a/jdk/src/java.base/share/native/libzip/zip_util.h	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/share/native/libzip/zip_util.h	Fri Mar 13 12:44:58 2015 +0000
@@ -33,13 +33,14 @@
 /*
  * Header signatures
  */
-#define LOCSIG 0x04034b50L          /* "PK\003\004" */
-#define EXTSIG 0x08074b50L          /* "PK\007\008" */
-#define CENSIG 0x02014b50L          /* "PK\001\002" */
-#define ENDSIG 0x06054b50L          /* "PK\005\006" */
-
-#define ZIP64_ENDSIG 0x06064b50L    /* "PK\006\006" */
-#define ZIP64_LOCSIG 0x07064b50L    /* "PK\006\007" */
+#define PKZIP_SIGNATURE_AT(p, b2, b3) \
+  (((p)[0] == 'P') & ((p)[1] == 'K') & ((p)[2] == b2) & ((p)[3] == b3))
+#define CENSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 1, 2)
+#define LOCSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 3, 4)
+#define ENDSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 5, 6)
+#define EXTSIG_AT(p)       PKZIP_SIGNATURE_AT(p, 7, 8)
+#define ZIP64_ENDSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 6)
+#define ZIP64_LOCSIG_AT(p) PKZIP_SIGNATURE_AT(p, 6, 7)
 
 /*
  * Header sizes including signatures
--- a/jdk/src/java.base/unix/native/launcher/jexec.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/unix/native/launcher/jexec.c	Fri Mar 13 12:44:58 2015 +0000
@@ -323,7 +323,7 @@
             result = BAD_MAGIC_MSG;
 
             // be sure the file is at least a ZIP file
-            if (GETSIG(buf) == LOCSIG) {
+            if (LOCSIG_AT(buf)) {
 
                 off_t flen  = LOCNAM(buf);
                 off_t xlen  = LOCEXT(buf);
--- a/jdk/src/java.base/windows/native/libnet/NetworkInterface_winXP.c	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.base/windows/native/libnet/NetworkInterface_winXP.c	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
 #include <winsock2.h>           /* needed for htonl */
 #include <iprtrmib.h>
 #include <assert.h>
+#include <limits.h>
 
 #include "java_net_NetworkInterface.h"
 #include "jni_util.h"
@@ -70,7 +71,7 @@
 
 #endif
 
-static int bufsize = 1024;
+static int bufsize = 4096;
 
 /*
  * return an array of IP_ADAPTER_ADDRESSES containing one element
@@ -102,7 +103,11 @@
     ret = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
 
     if (ret == ERROR_BUFFER_OVERFLOW) {
-        IP_ADAPTER_ADDRESSES * newAdapterInfo =
+        IP_ADAPTER_ADDRESSES * newAdapterInfo = NULL;
+        if (len  < (ULONG_MAX - bufsize)) {
+            len = len + bufsize;
+        }
+        newAdapterInfo =
             (IP_ADAPTER_ADDRESSES *) realloc (adapterInfo, len);
         if (newAdapterInfo == NULL) {
             free(adapterInfo);
@@ -113,7 +118,6 @@
 
         adapterInfo = newAdapterInfo;
 
-        bufsize = len;
         ret = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     }
 
@@ -176,7 +180,11 @@
     flags |= GAA_FLAG_INCLUDE_PREFIX;
     val = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     if (val == ERROR_BUFFER_OVERFLOW) {
-        IP_ADAPTER_ADDRESSES * newAdapterInfo =
+        IP_ADAPTER_ADDRESSES * newAdapterInfo = NULL;
+        if (len  < (ULONG_MAX - bufsize)) {
+            len = len + bufsize;
+        }
+        newAdapterInfo =
                 (IP_ADAPTER_ADDRESSES *) realloc (adapterInfo, len);
         if (newAdapterInfo == NULL) {
             free(adapterInfo);
@@ -187,7 +195,6 @@
 
         adapterInfo = newAdapterInfo;
 
-        bufsize = len;
         val = GetAdaptersAddresses(AF_UNSPEC, flags, NULL, adapterInfo, &len);
     }
 
--- a/jdk/src/java.prefs/share/classes/java/util/prefs/Preferences.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.prefs/share/classes/java/util/prefs/Preferences.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -489,6 +489,8 @@
      *       <tt>MAX_VALUE_LENGTH</tt>.
      * @throws IllegalStateException if this node (or an ancestor) has been
      *         removed with the {@link #removeNode()} method.
+     * @throws IllegalArgumentException if either the key or the value contain
+     *         the null control character, code point U+0000.
      */
     public abstract void put(String key, String value);
 
--- a/jdk/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java	Fri Mar 13 12:44:58 2015 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,13 @@
  */
 class FileSystemPreferences extends AbstractPreferences {
 
+    /**
+     * The code point U+0000, assigned to the null control character, is the
+     * only character encoded in Unicode and ISO/IEC 10646 that is always
+     * invalid in any XML 1.0 and 1.1 document.
+     */
+    private static final String CODE_POINT_U0000 = String.valueOf('\u0000');
+
     static {
         PrivilegedAction<Void> load = () -> {
             System.loadLibrary("prefs");
@@ -525,6 +532,11 @@
     }
 
     protected void putSpi(String key, String value) {
+        if (key.indexOf(CODE_POINT_U0000) != -1) {
+            throw new IllegalArgumentException("Key contains code point U+0000");
+        } else if (value.indexOf(CODE_POINT_U0000) != -1) {
+            throw new IllegalArgumentException("Value contains code point U+0000");
+        }
         initCacheIfNecessary();
         changeLog.add(new Put(key, value));
         prefsCache.put(key, value);
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Manifest.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/Manifest.java	Fri Mar 13 12:44:58 2015 +0000
@@ -52,7 +52,7 @@
  * <pre>
  *   XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");
  *   Reference ref = factory.newReference("#reference-1", DigestMethod.SHA1);
- *   List<Reference> references = Collections.singletonList(ref);
+ *   List&lt;Reference&gt; references = Collections.singletonList(ref);
  *   Manifest manifest = factory.newManifest(references, "manifest-1");
  * </pre>
  *
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLObject.java	Fri Mar 13 12:44:28 2015 +0000
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLObject.java	Fri Mar 13 12:44:58 2015 +0000
@@ -65,7 +65,7 @@
  * <pre>
  *   XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
  *   Manifest manifest = fac.newManifest(references);
- *   List<XMLStructure> content = Collections.singletonList(manifest);
+ *   List&lt;XMLStructure&gt; content = Collections.singletonList(manifest);
  *   XMLObject object = factory.newXMLObject(content, "object-1", null, null);
  * </pre>
  *
--- a/jdk/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSigner.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-
-/**
- * This class defines a content signing service.
- * Implementations must be instantiable using a zero-argument constructor.
- *
- * @since 1.5
- * @author Vincent Ryan
- */
-
-@jdk.Exported
-public abstract class ContentSigner {
-
-    /**
-     * Generates a PKCS #7 signed data message.
-     * This method is used when the signature has already been generated.
-     * The signature, the signer's details, and optionally a signature
-     * timestamp and the content that was signed, are all packaged into a
-     * signed data message.
-     *
-     * @param parameters The non-null input parameters.
-     * @param omitContent true if the content should be omitted from the
-     *         signed data message. Otherwise the content is included.
-     * @param applyTimestamp true if the signature should be timestamped.
-     *         Otherwise timestamping is not performed.
-     * @return A PKCS #7 signed data message.
-     * @throws NoSuchAlgorithmException The exception is thrown if the signature
-     *         algorithm is unrecognised.
-     * @throws CertificateException The exception is thrown if an error occurs
-     *         while processing the signer's certificate or the TSA's
-     *         certificate.
-     * @throws IOException The exception is thrown if an error occurs while
-     *         generating the signature timestamp or while generating the signed
-     *         data message.
-     * @throws NullPointerException The exception is thrown if parameters is
-     *         null.
-     */
-    public abstract byte[] generateSignedData(
-        ContentSignerParameters parameters, boolean omitContent,
-        boolean applyTimestamp)
-            throws NoSuchAlgorithmException, CertificateException, IOException;
-}
--- a/jdk/src/jdk.dev/share/classes/com/sun/jarsigner/ContentSignerParameters.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.jarsigner;
-
-import java.net.URI;
-import java.security.cert.X509Certificate;
-import java.util.zip.ZipFile;
-
-/**
- * This interface encapsulates the parameters for a ContentSigner object.
- *
- * @since 1.5
- * @author Vincent Ryan
- */
-@jdk.Exported
-public interface ContentSignerParameters {
-
-    /**
-     * Retrieves the command-line arguments passed to the jarsigner tool.
-     *
-     * @return The command-line arguments. May be null.
-     */
-    public String[] getCommandLine();
-
-    /**
-     * Retrieves the identifier for a Timestamping Authority (TSA).
-     *
-     * @return The TSA identifier. May be null.
-     */
-    public URI getTimestampingAuthority();
-
-    /**
-     * Retrieves the certificate for a Timestamping Authority (TSA).
-     *
-     * @return The TSA certificate. May be null.
-     */
-    public X509Certificate getTimestampingAuthorityCertificate();
-
-    /**
-     * Retrieves the TSAPolicyID for a Timestamping Authority (TSA).
-     *
-     * @return The TSAPolicyID. May be null.
-     */
-    public default String getTSAPolicyID() {
-        return null;
-    }
-
-    /**
-     * Retreives the message digest algorithm that is used to generate
-     * the message imprint to be sent to the TSA server.
-     *
-     * @since 1.9
-     * @return The non-null string of the message digest algorithm name.
-     */
-    public default String getTSADigestAlg() {
-        return "SHA-256";
-    }
-
-    /**
-     * Retrieves the JAR file's signature.
-     *
-     * @return The non-null array of signature bytes.
-     */
-    public byte[] getSignature();
-
-    /**
-     * Retrieves the name of the signature algorithm.
-     *
-     * @return The non-null string name of the signature algorithm.
-     */
-    public String getSignatureAlgorithm();
-
-    /**
-     * Retrieves the signer's X.509 certificate chain.
-     *
-     * @return The non-null array of X.509 public-key certificates.
-     */
-    public X509Certificate[] getSignerCertificateChain();
-
-    /**
-     * Retrieves the content that was signed.
-     * The content is the JAR file's signature file.
-     *
-     * @return The content bytes. May be null.
-     */
-    public byte[] getContent();
-
-    /**
-     * Retrieves the original source ZIP file before it was signed.
-     *
-     * @return The original ZIP file. May be null.
-     */
-    public ZipFile getSource();
-}
--- a/jdk/src/jdk.dev/share/classes/com/sun/jarsigner/package-info.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-/**
- * This package comprises the interfaces and classes used to define the
- * signing mechanism used by the <tt>jarsigner</tt> tool.
- * <p>
- * Clients may override the default signing mechanism of the <tt>jarsigner</tt>
- * tool by supplying an alternative implementation of
- * {@link com.sun.jarsigner.ContentSigner}.
- */
-
-@jdk.Exported
-package com.sun.jarsigner;
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Main.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2571 +0,0 @@
-/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-import java.io.*;
-import java.util.*;
-import java.util.zip.*;
-import java.util.jar.*;
-import java.math.BigInteger;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.text.Collator;
-import java.text.MessageFormat;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateException;
-import java.security.*;
-import java.lang.reflect.Constructor;
-
-import com.sun.jarsigner.ContentSigner;
-import com.sun.jarsigner.ContentSignerParameters;
-import java.net.SocketTimeoutException;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathValidator;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.PKIXParameters;
-import java.security.cert.TrustAnchor;
-import java.util.Map.Entry;
-import sun.security.tools.KeyStoreUtil;
-import sun.security.tools.PathList;
-import sun.security.x509.*;
-import sun.security.util.*;
-import java.util.Base64;
-
-
-/**
- * <p>The jarsigner utility.
- *
- * The exit codes for the main method are:
- *
- * 0: success
- * 1: any error that the jar cannot be signed or verified, including:
- *      keystore loading error
- *      TSP communication error
- *      jarsigner command line error...
- * otherwise: error codes from -strict
- *
- * @author Roland Schemers
- * @author Jan Luehe
- */
-
-public class Main {
-
-    // for i18n
-    private static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle
-        ("sun.security.tools.jarsigner.Resources");
-    private static final Collator collator = Collator.getInstance();
-    static {
-        // this is for case insensitive string comparisions
-        collator.setStrength(Collator.PRIMARY);
-    }
-
-    private static final String META_INF = "META-INF/";
-
-    private static final Class<?>[] PARAM_STRING = { String.class };
-
-    private static final String NONE = "NONE";
-    private static final String P11KEYSTORE = "PKCS11";
-
-    private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
-
-    // Attention:
-    // This is the entry that get launched by the security tool jarsigner.
-    public static void main(String args[]) throws Exception {
-        Main js = new Main();
-        js.run(args);
-    }
-
-    static final String VERSION = "1.0";
-
-    static final int IN_KEYSTORE = 0x01;        // signer is in keystore
-    static final int IN_SCOPE = 0x02;
-    static final int NOT_ALIAS = 0x04;          // alias list is NOT empty and
-                                                // signer is not in alias list
-    static final int SIGNED_BY_ALIAS = 0x08;    // signer is in alias list
-
-    X509Certificate[] certChain;    // signer's cert chain (when composing)
-    PrivateKey privateKey;          // private key
-    KeyStore store;                 // the keystore specified by -keystore
-                                    // or the default keystore, never null
-
-    String keystore; // key store file
-    boolean nullStream = false; // null keystore input stream (NONE)
-    boolean token = false; // token-based keystore
-    String jarfile;  // jar files to sign or verify
-    String alias;    // alias to sign jar with
-    List<String> ckaliases = new ArrayList<>(); // aliases in -verify
-    char[] storepass; // keystore password
-    boolean protectedPath; // protected authentication path
-    String storetype; // keystore type
-    String providerName; // provider name
-    Vector<String> providers = null; // list of providers
-    // arguments for provider constructors
-    HashMap<String,String> providerArgs = new HashMap<>();
-    char[] keypass; // private key password
-    String sigfile; // name of .SF file
-    String sigalg; // name of signature algorithm
-    String digestalg = "SHA-256"; // name of digest algorithm
-    String signedjar; // output filename
-    String tsaUrl; // location of the Timestamping Authority
-    String tsaAlias; // alias for the Timestamping Authority's certificate
-    String altCertChain; // file to read alternative cert chain from
-    String tSAPolicyID;
-    String tSADigestAlg = "SHA-256";
-    boolean verify = false; // verify the jar
-    String verbose = null; // verbose output when signing/verifying
-    boolean showcerts = false; // show certs when verifying
-    boolean debug = false; // debug
-    boolean signManifest = true; // "sign" the whole manifest
-    boolean externalSF = true; // leave the .SF out of the PKCS7 block
-    boolean strict = false;  // treat warnings as error
-
-    // read zip entry raw bytes
-    private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
-    private byte[] buffer = new byte[8192];
-    private ContentSigner signingMechanism = null;
-    private String altSignerClass = null;
-    private String altSignerClasspath = null;
-    private ZipFile zipFile = null;
-
-    // Informational warnings
-    private boolean hasExpiringCert = false;
-    private boolean noTimestamp = false;
-    private Date expireDate = new Date(0L);     // used in noTimestamp warning
-
-    // Severe warnings
-    private boolean hasExpiredCert = false;
-    private boolean notYetValidCert = false;
-    private boolean chainNotValidated = false;
-    private boolean notSignedByAlias = false;
-    private boolean aliasNotInStore = false;
-    private boolean hasUnsignedEntry = false;
-    private boolean badKeyUsage = false;
-    private boolean badExtendedKeyUsage = false;
-    private boolean badNetscapeCertType = false;
-
-    CertificateFactory certificateFactory;
-    CertPathValidator validator;
-    PKIXParameters pkixParameters;
-
-    public void run(String args[]) {
-        try {
-            args = parseArgs(args);
-
-            // Try to load and install the specified providers
-            if (providers != null) {
-                ClassLoader cl = ClassLoader.getSystemClassLoader();
-                Enumeration<String> e = providers.elements();
-                while (e.hasMoreElements()) {
-                    String provName = e.nextElement();
-                    Class<?> provClass;
-                    if (cl != null) {
-                        provClass = cl.loadClass(provName);
-                    } else {
-                        provClass = Class.forName(provName);
-                    }
-
-                    String provArg = providerArgs.get(provName);
-                    Object obj;
-                    if (provArg == null) {
-                        obj = provClass.newInstance();
-                    } else {
-                        Constructor<?> c =
-                                provClass.getConstructor(PARAM_STRING);
-                        obj = c.newInstance(provArg);
-                    }
-
-                    if (!(obj instanceof Provider)) {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("provName.not.a.provider"));
-                        Object[] source = {provName};
-                        throw new Exception(form.format(source));
-                    }
-                    Security.addProvider((Provider)obj);
-                }
-            }
-
-            if (verify) {
-                try {
-                    loadKeyStore(keystore, false);
-                } catch (Exception e) {
-                    if ((keystore != null) || (storepass != null)) {
-                        System.out.println(rb.getString("jarsigner.error.") +
-                                        e.getMessage());
-                        System.exit(1);
-                    }
-                }
-                /*              if (debug) {
-                    SignatureFileVerifier.setDebug(true);
-                    ManifestEntryVerifier.setDebug(true);
-                }
-                */
-                verifyJar(jarfile);
-            } else {
-                loadKeyStore(keystore, true);
-                getAliasInfo(alias);
-
-                // load the alternative signing mechanism
-                if (altSignerClass != null) {
-                    signingMechanism = loadSigningMechanism(altSignerClass,
-                        altSignerClasspath);
-                }
-                signJar(jarfile, alias, args);
-            }
-        } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner.error.") + e);
-            if (debug) {
-                e.printStackTrace();
-            }
-            System.exit(1);
-        } finally {
-            // zero-out private key password
-            if (keypass != null) {
-                Arrays.fill(keypass, ' ');
-                keypass = null;
-            }
-            // zero-out keystore password
-            if (storepass != null) {
-                Arrays.fill(storepass, ' ');
-                storepass = null;
-            }
-        }
-
-        if (strict) {
-            int exitCode = 0;
-            if (chainNotValidated || hasExpiredCert || notYetValidCert) {
-                exitCode |= 4;
-            }
-            if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
-                exitCode |= 8;
-            }
-            if (hasUnsignedEntry) {
-                exitCode |= 16;
-            }
-            if (notSignedByAlias || aliasNotInStore) {
-                exitCode |= 32;
-            }
-            if (exitCode != 0) {
-                System.exit(exitCode);
-            }
-        }
-    }
-
-    /*
-     * Parse command line arguments.
-     */
-    String[] parseArgs(String args[]) throws Exception {
-        /* parse flags */
-        int n = 0;
-
-        if (args.length == 0) fullusage();
-
-        String confFile = null;
-        String command = "-sign";
-        for (n=0; n < args.length; n++) {
-            if (collator.compare(args[n], "-verify") == 0) {
-                command = "-verify";
-            } else if (collator.compare(args[n], "-conf") == 0) {
-                if (n == args.length - 1) {
-                    usageNoArg();
-                }
-                confFile = args[++n];
-            }
-        }
-
-        if (confFile != null) {
-            args = KeyStoreUtil.expandArgs(
-                    "jarsigner", confFile, command, null, args);
-        }
-
-        debug = Arrays.stream(args).anyMatch(
-                x -> collator.compare(x, "-debug") == 0);
-
-        if (debug) {
-            // No need to localize debug output
-            System.out.println("Command line args: " +
-                    Arrays.toString(args));
-        }
-
-        for (n=0; n < args.length; n++) {
-
-            String flags = args[n];
-            String modifier = null;
-
-            if (flags.startsWith("-")) {
-                int pos = flags.indexOf(':');
-                if (pos > 0) {
-                    modifier = flags.substring(pos+1);
-                    flags = flags.substring(0, pos);
-                }
-            }
-
-            if (!flags.startsWith("-")) {
-                if (jarfile == null) {
-                    jarfile = flags;
-                } else {
-                    alias = flags;
-                    ckaliases.add(alias);
-                }
-            } else if (collator.compare(flags, "-conf") == 0) {
-                if (++n == args.length) usageNoArg();
-            } else if (collator.compare(flags, "-keystore") == 0) {
-                if (++n == args.length) usageNoArg();
-                keystore = args[n];
-            } else if (collator.compare(flags, "-storepass") ==0) {
-                if (++n == args.length) usageNoArg();
-                storepass = getPass(modifier, args[n]);
-            } else if (collator.compare(flags, "-storetype") ==0) {
-                if (++n == args.length) usageNoArg();
-                storetype = args[n];
-            } else if (collator.compare(flags, "-providerName") ==0) {
-                if (++n == args.length) usageNoArg();
-                providerName = args[n];
-            } else if ((collator.compare(flags, "-provider") == 0) ||
-                        (collator.compare(flags, "-providerClass") == 0)) {
-                if (++n == args.length) usageNoArg();
-                if (providers == null) {
-                    providers = new Vector<String>(3);
-                }
-                providers.add(args[n]);
-
-                if (args.length > (n+1)) {
-                    flags = args[n+1];
-                    if (collator.compare(flags, "-providerArg") == 0) {
-                        if (args.length == (n+2)) usageNoArg();
-                        providerArgs.put(args[n], args[n+2]);
-                        n += 2;
-                    }
-                }
-            } else if (collator.compare(flags, "-protected") ==0) {
-                protectedPath = true;
-            } else if (collator.compare(flags, "-certchain") ==0) {
-                if (++n == args.length) usageNoArg();
-                altCertChain = args[n];
-            } else if (collator.compare(flags, "-tsapolicyid") ==0) {
-                if (++n == args.length) usageNoArg();
-                tSAPolicyID = args[n];
-            } else if (collator.compare(flags, "-tsadigestalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                tSADigestAlg = args[n];
-            } else if (collator.compare(flags, "-debug") ==0) {
-                // Already processed
-            } else if (collator.compare(flags, "-keypass") ==0) {
-                if (++n == args.length) usageNoArg();
-                keypass = getPass(modifier, args[n]);
-            } else if (collator.compare(flags, "-sigfile") ==0) {
-                if (++n == args.length) usageNoArg();
-                sigfile = args[n];
-            } else if (collator.compare(flags, "-signedjar") ==0) {
-                if (++n == args.length) usageNoArg();
-                signedjar = args[n];
-            } else if (collator.compare(flags, "-tsa") ==0) {
-                if (++n == args.length) usageNoArg();
-                tsaUrl = args[n];
-            } else if (collator.compare(flags, "-tsacert") ==0) {
-                if (++n == args.length) usageNoArg();
-                tsaAlias = args[n];
-            } else if (collator.compare(flags, "-altsigner") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClass = args[n];
-            } else if (collator.compare(flags, "-altsignerpath") ==0) {
-                if (++n == args.length) usageNoArg();
-                altSignerClasspath = args[n];
-            } else if (collator.compare(flags, "-sectionsonly") ==0) {
-                signManifest = false;
-            } else if (collator.compare(flags, "-internalsf") ==0) {
-                externalSF = false;
-            } else if (collator.compare(flags, "-verify") ==0) {
-                verify = true;
-            } else if (collator.compare(flags, "-verbose") ==0) {
-                verbose = (modifier != null) ? modifier : "all";
-            } else if (collator.compare(flags, "-sigalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                sigalg = args[n];
-            } else if (collator.compare(flags, "-digestalg") ==0) {
-                if (++n == args.length) usageNoArg();
-                digestalg = args[n];
-            } else if (collator.compare(flags, "-certs") ==0) {
-                showcerts = true;
-            } else if (collator.compare(flags, "-strict") ==0) {
-                strict = true;
-            } else if (collator.compare(flags, "-h") == 0 ||
-                        collator.compare(flags, "-help") == 0) {
-                fullusage();
-            } else {
-                System.err.println(
-                        rb.getString("Illegal.option.") + flags);
-                usage();
-            }
-        }
-
-        // -certs must always be specified with -verbose
-        if (verbose == null) showcerts = false;
-
-        if (jarfile == null) {
-            System.err.println(rb.getString("Please.specify.jarfile.name"));
-            usage();
-        }
-        if (!verify && alias == null) {
-            System.err.println(rb.getString("Please.specify.alias.name"));
-            usage();
-        }
-        if (!verify && ckaliases.size() > 1) {
-            System.err.println(rb.getString("Only.one.alias.can.be.specified"));
-            usage();
-        }
-
-        if (storetype == null) {
-            storetype = KeyStore.getDefaultType();
-        }
-        storetype = KeyStoreUtil.niceStoreTypeName(storetype);
-
-        try {
-            if (signedjar != null && new File(signedjar).getCanonicalPath().equals(
-                    new File(jarfile).getCanonicalPath())) {
-                signedjar = null;
-            }
-        } catch (IOException ioe) {
-            // File system error?
-            // Just ignore it.
-        }
-
-        if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
-                KeyStoreUtil.isWindowsKeyStore(storetype)) {
-            token = true;
-            if (keystore == null) {
-                keystore = NONE;
-            }
-        }
-
-        if (NONE.equals(keystore)) {
-            nullStream = true;
-        }
-
-        if (token && !nullStream) {
-            System.err.println(MessageFormat.format(rb.getString
-                (".keystore.must.be.NONE.if.storetype.is.{0}"), storetype));
-            usage();
-        }
-
-        if (token && keypass != null) {
-            System.err.println(MessageFormat.format(rb.getString
-                (".keypass.can.not.be.specified.if.storetype.is.{0}"), storetype));
-            usage();
-        }
-
-        if (protectedPath) {
-            if (storepass != null || keypass != null) {
-                System.err.println(rb.getString
-                        ("If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified"));
-                usage();
-            }
-        }
-        if (KeyStoreUtil.isWindowsKeyStore(storetype)) {
-            if (storepass != null || keypass != null) {
-                System.err.println(rb.getString
-                        ("If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified"));
-                usage();
-            }
-        }
-        return args;
-    }
-
-    static char[] getPass(String modifier, String arg) {
-        char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
-        if (output != null) return output;
-        usage();
-        return null;    // Useless, usage() already exit
-    }
-
-    static void usageNoArg() {
-        System.out.println(rb.getString("Option.lacks.argument"));
-        usage();
-    }
-
-    static void usage() {
-        System.out.println();
-        System.out.println(rb.getString("Please.type.jarsigner.help.for.usage"));
-        System.exit(1);
-    }
-
-    static void fullusage() {
-        System.out.println(rb.getString
-                ("Usage.jarsigner.options.jar.file.alias"));
-        System.out.println(rb.getString
-                (".jarsigner.verify.options.jar.file.alias."));
-        System.out.println();
-        System.out.println(rb.getString
-                (".keystore.url.keystore.location"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".storepass.password.password.for.keystore.integrity"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".storetype.type.keystore.type"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".keypass.password.password.for.private.key.if.different."));
-        System.out.println();
-        System.out.println(rb.getString
-                (".certchain.file.name.of.alternative.certchain.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sigfile.file.name.of.SF.DSA.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".signedjar.file.name.of.signed.JAR.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".digestalg.algorithm.name.of.digest.algorithm"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sigalg.algorithm.name.of.signature.algorithm"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".verify.verify.a.signed.JAR.file"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".verbose.suboptions.verbose.output.when.signing.verifying."));
-        System.out.println(rb.getString
-                (".suboptions.can.be.all.grouped.or.summary"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".certs.display.certificates.when.verbose.and.verifying"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsa.url.location.of.the.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsacert.alias.public.key.certificate.for.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsapolicyid.tsapolicyid.for.Timestamping.Authority"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".tsadigestalg.algorithm.of.digest.data.in.timestamping.request"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".altsigner.class.class.name.of.an.alternative.signing.mechanism"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".internalsf.include.the.SF.file.inside.the.signature.block"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".sectionsonly.don.t.compute.hash.of.entire.manifest"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".protected.keystore.has.protected.authentication.path"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".providerName.name.provider.name"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".providerClass.class.name.of.cryptographic.service.provider.s"));
-        System.out.println(rb.getString
-                (".providerArg.arg.master.class.file.and.constructor.argument"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".strict.treat.warnings.as.errors"));
-        System.out.println();
-        System.out.println(rb.getString
-                (".conf.url.specify.a.pre.configured.options.file"));
-        System.out.println();
-
-        System.exit(0);
-    }
-
-    void verifyJar(String jarName)
-        throws Exception
-    {
-        boolean anySigned = false;  // if there exists entry inside jar signed
-        JarFile jf = null;
-
-        try {
-            jf = new JarFile(jarName, true);
-            Vector<JarEntry> entriesVec = new Vector<>();
-            byte[] buffer = new byte[8192];
-
-            Enumeration<JarEntry> entries = jf.entries();
-            while (entries.hasMoreElements()) {
-                JarEntry je = entries.nextElement();
-                entriesVec.addElement(je);
-                InputStream is = null;
-                try {
-                    is = jf.getInputStream(je);
-                    int n;
-                    while ((n = is.read(buffer, 0, buffer.length)) != -1) {
-                        // we just read. this will throw a SecurityException
-                        // if  a signature/digest check fails.
-                    }
-                } finally {
-                    if (is != null) {
-                        is.close();
-                    }
-                }
-            }
-
-            Manifest man = jf.getManifest();
-
-            // The map to record display info, only used when -verbose provided
-            //      key: signer info string
-            //      value: the list of files with common key
-            Map<String,List<String>> output = new LinkedHashMap<>();
-
-            if (man != null) {
-                if (verbose != null) System.out.println();
-                Enumeration<JarEntry> e = entriesVec.elements();
-
-                String tab = rb.getString("6SPACE");
-
-                while (e.hasMoreElements()) {
-                    JarEntry je = e.nextElement();
-                    String name = je.getName();
-                    CodeSigner[] signers = je.getCodeSigners();
-                    boolean isSigned = (signers != null);
-                    anySigned |= isSigned;
-                    hasUnsignedEntry |= !je.isDirectory() && !isSigned
-                                        && !signatureRelated(name);
-
-                    int inStoreOrScope = inKeyStore(signers);
-
-                    boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0;
-                    boolean inScope = (inStoreOrScope & IN_SCOPE) != 0;
-
-                    notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0;
-                    if (keystore != null) {
-                        aliasNotInStore |= isSigned && (!inStore && !inScope);
-                    }
-
-                    // Only used when -verbose provided
-                    StringBuffer sb = null;
-                    if (verbose != null) {
-                        sb = new StringBuffer();
-                        boolean inManifest =
-                            ((man.getAttributes(name) != null) ||
-                             (man.getAttributes("./"+name) != null) ||
-                             (man.getAttributes("/"+name) != null));
-                        sb.append(isSigned ? rb.getString("s") : rb.getString("SPACE"))
-                                .append(inManifest ? rb.getString("m") : rb.getString("SPACE"))
-                                .append(inStore ? rb.getString("k") : rb.getString("SPACE"))
-                                .append(inScope ? rb.getString("i") : rb.getString("SPACE"))
-                                .append((inStoreOrScope & NOT_ALIAS) != 0 ? 'X' : ' ')
-                                .append(rb.getString("SPACE"));
-                        sb.append('|');
-                    }
-
-                    // When -certs provided, display info has extra empty
-                    // lines at the beginning and end.
-                    if (isSigned) {
-                        if (showcerts) sb.append('\n');
-                        for (CodeSigner signer: signers) {
-                            // signerInfo() must be called even if -verbose
-                            // not provided. The method updates various
-                            // warning flags.
-                            String si = signerInfo(signer, tab);
-                            if (showcerts) {
-                                sb.append(si);
-                                sb.append('\n');
-                            }
-                        }
-                    } else if (showcerts && !verbose.equals("all")) {
-                        // Print no info for unsigned entries when -verbose:all,
-                        // to be consistent with old behavior.
-                        if (signatureRelated(name)) {
-                            sb.append('\n')
-                                    .append(tab)
-                                    .append(rb
-                                            .getString(".Signature.related.entries."))
-                                    .append("\n\n");
-                        } else {
-                            sb.append('\n').append(tab)
-                                    .append(rb.getString(".Unsigned.entries."))
-                                    .append("\n\n");
-                        }
-                    }
-
-                    if (verbose != null) {
-                        String label = sb.toString();
-                        if (signatureRelated(name)) {
-                            // Entries inside META-INF and other unsigned
-                            // entries are grouped separately.
-                            label = "-" + label;
-                        }
-
-                        // The label finally contains 2 parts separated by '|':
-                        // The legend displayed before the entry names, and
-                        // the cert info (if -certs specified).
-
-                        if (!output.containsKey(label)) {
-                            output.put(label, new ArrayList<String>());
-                        }
-
-                        StringBuilder fb = new StringBuilder();
-                        String s = Long.toString(je.getSize());
-                        for (int i = 6 - s.length(); i > 0; --i) {
-                            fb.append(' ');
-                        }
-                        fb.append(s).append(' ').
-                                append(new Date(je.getTime()).toString());
-                        fb.append(' ').append(name);
-
-                        output.get(label).add(fb.toString());
-                    }
-                }
-            }
-            if (verbose != null) {
-                for (Entry<String,List<String>> s: output.entrySet()) {
-                    List<String> files = s.getValue();
-                    String key = s.getKey();
-                    if (key.charAt(0) == '-') { // the signature-related group
-                        key = key.substring(1);
-                    }
-                    int pipe = key.indexOf('|');
-                    if (verbose.equals("all")) {
-                        for (String f: files) {
-                            System.out.println(key.substring(0, pipe) + f);
-                            System.out.printf(key.substring(pipe+1));
-                        }
-                    } else {
-                        if (verbose.equals("grouped")) {
-                            for (String f: files) {
-                                System.out.println(key.substring(0, pipe) + f);
-                            }
-                        } else if (verbose.equals("summary")) {
-                            System.out.print(key.substring(0, pipe));
-                            if (files.size() > 1) {
-                                System.out.println(files.get(0) + " " +
-                                        String.format(rb.getString(
-                                        ".and.d.more."), files.size()-1));
-                            } else {
-                                System.out.println(files.get(0));
-                            }
-                        }
-                        System.out.printf(key.substring(pipe+1));
-                    }
-                }
-                System.out.println();
-                System.out.println(rb.getString(
-                    ".s.signature.was.verified."));
-                System.out.println(rb.getString(
-                    ".m.entry.is.listed.in.manifest"));
-                System.out.println(rb.getString(
-                    ".k.at.least.one.certificate.was.found.in.keystore"));
-                System.out.println(rb.getString(
-                    ".i.at.least.one.certificate.was.found.in.identity.scope"));
-                if (ckaliases.size() > 0) {
-                    System.out.println(rb.getString(
-                        ".X.not.signed.by.specified.alias.es."));
-                }
-                System.out.println();
-            }
-            if (man == null)
-                System.out.println(rb.getString("no.manifest."));
-
-            if (!anySigned) {
-                System.out.println(rb.getString(
-                      "jar.is.unsigned.signatures.missing.or.not.parsable."));
-            } else {
-                boolean warningAppeared = false;
-                boolean errorAppeared = false;
-                if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
-                        notYetValidCert || chainNotValidated || hasExpiredCert ||
-                        hasUnsignedEntry ||
-                        aliasNotInStore || notSignedByAlias) {
-
-                    if (strict) {
-                        System.out.println(rb.getString("jar.verified.with.signer.errors."));
-                        System.out.println();
-                        System.out.println(rb.getString("Error."));
-                        errorAppeared = true;
-                    } else {
-                        System.out.println(rb.getString("jar.verified."));
-                        System.out.println();
-                        System.out.println(rb.getString("Warning."));
-                        warningAppeared = true;
-                    }
-
-                    if (badKeyUsage) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (badExtendedKeyUsage) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (badNetscapeCertType) {
-                        System.out.println(
-                            rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
-                    }
-
-                    if (hasUnsignedEntry) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked."));
-                    }
-                    if (hasExpiredCert) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.entries.whose.signer.certificate.has.expired."));
-                    }
-                    if (notYetValidCert) {
-                        System.out.println(rb.getString(
-                            "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
-                    }
-
-                    if (chainNotValidated) {
-                        System.out.println(
-                                rb.getString("This.jar.contains.entries.whose.certificate.chain.is.not.validated."));
-                    }
-
-                    if (notSignedByAlias) {
-                        System.out.println(
-                                rb.getString("This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es."));
-                    }
-
-                    if (aliasNotInStore) {
-                        System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
-                    }
-                } else {
-                    System.out.println(rb.getString("jar.verified."));
-                }
-                if (hasExpiringCert || noTimestamp) {
-                    if (!warningAppeared) {
-                        System.out.println();
-                        System.out.println(rb.getString("Warning."));
-                        warningAppeared = true;
-                    }
-                    if (hasExpiringCert) {
-                        System.out.println(rb.getString(
-                                "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
-                    }
-                    if (noTimestamp) {
-                        System.out.println(
-                                String.format(rb.getString("no.timestamp.verifying"), expireDate));
-                    }
-                }
-                if (warningAppeared || errorAppeared) {
-                    if (! (verbose != null && showcerts)) {
-                        System.out.println();
-                        System.out.println(rb.getString(
-                                "Re.run.with.the.verbose.and.certs.options.for.more.details."));
-                    }
-                }
-            }
-            return;
-        } catch (Exception e) {
-            System.out.println(rb.getString("jarsigner.") + e);
-            if (debug) {
-                e.printStackTrace();
-            }
-        } finally { // close the resource
-            if (jf != null) {
-                jf.close();
-            }
-        }
-
-        System.exit(1);
-    }
-
-    private static MessageFormat validityTimeForm = null;
-    private static MessageFormat notYetTimeForm = null;
-    private static MessageFormat expiredTimeForm = null;
-    private static MessageFormat expiringTimeForm = null;
-
-    /*
-     * Display some details about a certificate:
-     *
-     * [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"]
-     * [<validity-period> | <expiry-warning>]
-     *
-     * Note: no newline character at the end
-     */
-    String printCert(String tab, Certificate c, boolean checkValidityPeriod,
-        Date timestamp, boolean checkUsage) {
-
-        StringBuilder certStr = new StringBuilder();
-        String space = rb.getString("SPACE");
-        X509Certificate x509Cert = null;
-
-        if (c instanceof X509Certificate) {
-            x509Cert = (X509Certificate) c;
-            certStr.append(tab).append(x509Cert.getType())
-                .append(rb.getString("COMMA"))
-                .append(x509Cert.getSubjectDN().getName());
-        } else {
-            certStr.append(tab).append(c.getType());
-        }
-
-        String alias = storeHash.get(c);
-        if (alias != null) {
-            certStr.append(space).append(alias);
-        }
-
-        if (checkValidityPeriod && x509Cert != null) {
-
-            certStr.append("\n").append(tab).append("[");
-            Date notAfter = x509Cert.getNotAfter();
-            try {
-                boolean printValidity = true;
-                if (timestamp == null) {
-                    if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
-                        expireDate = notAfter;
-                    }
-                    x509Cert.checkValidity();
-                    // test if cert will expire within six months
-                    if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
-                        hasExpiringCert = true;
-                        if (expiringTimeForm == null) {
-                            expiringTimeForm = new MessageFormat(
-                                rb.getString("certificate.will.expire.on"));
-                        }
-                        Object[] source = { notAfter };
-                        certStr.append(expiringTimeForm.format(source));
-                        printValidity = false;
-                    }
-                } else {
-                    x509Cert.checkValidity(timestamp);
-                }
-                if (printValidity) {
-                    if (validityTimeForm == null) {
-                        validityTimeForm = new MessageFormat(
-                            rb.getString("certificate.is.valid.from"));
-                    }
-                    Object[] source = { x509Cert.getNotBefore(), notAfter };
-                    certStr.append(validityTimeForm.format(source));
-                }
-            } catch (CertificateExpiredException cee) {
-                hasExpiredCert = true;
-
-                if (expiredTimeForm == null) {
-                    expiredTimeForm = new MessageFormat(
-                        rb.getString("certificate.expired.on"));
-                }
-                Object[] source = { notAfter };
-                certStr.append(expiredTimeForm.format(source));
-
-            } catch (CertificateNotYetValidException cnyve) {
-                notYetValidCert = true;
-
-                if (notYetTimeForm == null) {
-                    notYetTimeForm = new MessageFormat(
-                        rb.getString("certificate.is.not.valid.until"));
-                }
-                Object[] source = { x509Cert.getNotBefore() };
-                certStr.append(notYetTimeForm.format(source));
-            }
-            certStr.append("]");
-
-            if (checkUsage) {
-                boolean[] bad = new boolean[3];
-                checkCertUsage(x509Cert, bad);
-                if (bad[0] || bad[1] || bad[2]) {
-                    String x = "";
-                    if (bad[0]) {
-                        x ="KeyUsage";
-                    }
-                    if (bad[1]) {
-                        if (x.length() > 0) x = x + ", ";
-                        x = x + "ExtendedKeyUsage";
-                    }
-                    if (bad[2]) {
-                        if (x.length() > 0) x = x + ", ";
-                        x = x + "NetscapeCertType";
-                    }
-                    certStr.append("\n").append(tab)
-                        .append(MessageFormat.format(rb.getString(
-                        ".{0}.extension.does.not.support.code.signing."), x));
-                }
-            }
-        }
-        return certStr.toString();
-    }
-
-    private static MessageFormat signTimeForm = null;
-
-    private String printTimestamp(String tab, Timestamp timestamp) {
-
-        if (signTimeForm == null) {
-            signTimeForm =
-                new MessageFormat(rb.getString("entry.was.signed.on"));
-        }
-        Object[] source = { timestamp.getTimestamp() };
-
-        return new StringBuilder().append(tab).append("[")
-            .append(signTimeForm.format(source)).append("]").toString();
-    }
-
-    private Map<CodeSigner,Integer> cacheForInKS = new IdentityHashMap<>();
-
-    private int inKeyStoreForOneSigner(CodeSigner signer) {
-        if (cacheForInKS.containsKey(signer)) {
-            return cacheForInKS.get(signer);
-        }
-
-        boolean found = false;
-        int result = 0;
-        List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
-        for (Certificate c : certs) {
-            String alias = storeHash.get(c);
-            if (alias != null) {
-                if (alias.startsWith("(")) {
-                    result |= IN_KEYSTORE;
-                } else if (alias.startsWith("[")) {
-                    result |= IN_SCOPE;
-                }
-                if (ckaliases.contains(alias.substring(1, alias.length() - 1))) {
-                    result |= SIGNED_BY_ALIAS;
-                }
-            } else {
-                if (store != null) {
-                    try {
-                        alias = store.getCertificateAlias(c);
-                    } catch (KeyStoreException kse) {
-                        // never happens, because keystore has been loaded
-                    }
-                    if (alias != null) {
-                        storeHash.put(c, "(" + alias + ")");
-                        found = true;
-                        result |= IN_KEYSTORE;
-                    }
-                }
-                if (ckaliases.contains(alias)) {
-                    result |= SIGNED_BY_ALIAS;
-                }
-            }
-        }
-        cacheForInKS.put(signer, result);
-        return result;
-    }
-
-    Hashtable<Certificate, String> storeHash = new Hashtable<>();
-
-    int inKeyStore(CodeSigner[] signers) {
-
-        if (signers == null)
-            return 0;
-
-        int output = 0;
-
-        for (CodeSigner signer: signers) {
-            int result = inKeyStoreForOneSigner(signer);
-            output |= result;
-        }
-        if (ckaliases.size() > 0 && (output & SIGNED_BY_ALIAS) == 0) {
-            output |= NOT_ALIAS;
-        }
-        return output;
-    }
-
-    void signJar(String jarName, String alias, String[] args)
-        throws Exception {
-        boolean aliasUsed = false;
-        X509Certificate tsaCert = null;
-
-        if (sigfile == null) {
-            sigfile = alias;
-            aliasUsed = true;
-        }
-
-        if (sigfile.length() > 8) {
-            sigfile = sigfile.substring(0, 8).toUpperCase(Locale.ENGLISH);
-        } else {
-            sigfile = sigfile.toUpperCase(Locale.ENGLISH);
-        }
-
-        StringBuilder tmpSigFile = new StringBuilder(sigfile.length());
-        for (int j = 0; j < sigfile.length(); j++) {
-            char c = sigfile.charAt(j);
-            if (!
-                ((c>= 'A' && c<= 'Z') ||
-                (c>= '0' && c<= '9') ||
-                (c == '-') ||
-                (c == '_'))) {
-                if (aliasUsed) {
-                    // convert illegal characters from the alias to be _'s
-                    c = '_';
-                } else {
-                 throw new
-                   RuntimeException(rb.getString
-                        ("signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or."));
-                }
-            }
-            tmpSigFile.append(c);
-        }
-
-        sigfile = tmpSigFile.toString();
-
-        String tmpJarName;
-        if (signedjar == null) tmpJarName = jarName+".sig";
-        else tmpJarName = signedjar;
-
-        File jarFile = new File(jarName);
-        File signedJarFile = new File(tmpJarName);
-
-        // Open the jar (zip) file
-        try {
-            zipFile = new ZipFile(jarName);
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.open.jar.file.")+jarName, ioe);
-        }
-
-        FileOutputStream fos = null;
-        try {
-            fos = new FileOutputStream(signedJarFile);
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.create.")+tmpJarName, ioe);
-        }
-
-        PrintStream ps = new PrintStream(fos);
-        ZipOutputStream zos = new ZipOutputStream(ps);
-
-        /* First guess at what they might be - we don't xclude RSA ones. */
-        String sfFilename = (META_INF + sigfile + ".SF").toUpperCase(Locale.ENGLISH);
-        String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase(Locale.ENGLISH);
-
-        Manifest manifest = new Manifest();
-        Map<String,Attributes> mfEntries = manifest.getEntries();
-
-        // The Attributes of manifest before updating
-        Attributes oldAttr = null;
-
-        boolean mfModified = false;
-        boolean mfCreated = false;
-        byte[] mfRawBytes = null;
-
-        try {
-            MessageDigest digests[] = { MessageDigest.getInstance(digestalg) };
-
-            // Check if manifest exists
-            ZipEntry mfFile;
-            if ((mfFile = getManifestFile(zipFile)) != null) {
-                // Manifest exists. Read its raw bytes.
-                mfRawBytes = getBytes(zipFile, mfFile);
-                manifest.read(new ByteArrayInputStream(mfRawBytes));
-                oldAttr = (Attributes)(manifest.getMainAttributes().clone());
-            } else {
-                // Create new manifest
-                Attributes mattr = manifest.getMainAttributes();
-                mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(),
-                               "1.0");
-                String javaVendor = System.getProperty("java.vendor");
-                String jdkVersion = System.getProperty("java.version");
-                mattr.putValue("Created-By", jdkVersion + " (" +javaVendor
-                               + ")");
-                mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
-                mfCreated = true;
-            }
-
-            /*
-             * For each entry in jar
-             * (except for signature-related META-INF entries),
-             * do the following:
-             *
-             * - if entry is not contained in manifest, add it to manifest;
-             * - if entry is contained in manifest, calculate its hash and
-             *   compare it with the one in the manifest; if they are
-             *   different, replace the hash in the manifest with the newly
-             *   generated one. (This may invalidate existing signatures!)
-             */
-            Vector<ZipEntry> mfFiles = new Vector<>();
-
-            boolean wasSigned = false;
-
-            for (Enumeration<? extends ZipEntry> enum_=zipFile.entries();
-                        enum_.hasMoreElements();) {
-                ZipEntry ze = enum_.nextElement();
-
-                if (ze.getName().startsWith(META_INF)) {
-                    // Store META-INF files in vector, so they can be written
-                    // out first
-                    mfFiles.addElement(ze);
-
-                    if (SignatureFileVerifier.isBlockOrSF(
-                            ze.getName().toUpperCase(Locale.ENGLISH))) {
-                        wasSigned = true;
-                    }
-
-                    if (signatureRelated(ze.getName())) {
-                        // ignore signature-related and manifest files
-                        continue;
-                    }
-                }
-
-                if (manifest.getAttributes(ze.getName()) != null) {
-                    // jar entry is contained in manifest, check and
-                    // possibly update its digest attributes
-                    if (updateDigests(ze, zipFile, digests,
-                                      manifest) == true) {
-                        mfModified = true;
-                    }
-                } else if (!ze.isDirectory()) {
-                    // Add entry to manifest
-                    Attributes attrs = getDigestAttributes(ze, zipFile,
-                                                           digests);
-                    mfEntries.put(ze.getName(), attrs);
-                    mfModified = true;
-                }
-            }
-
-            // Recalculate the manifest raw bytes if necessary
-            if (mfModified) {
-                ByteArrayOutputStream baos = new ByteArrayOutputStream();
-                manifest.write(baos);
-                if (wasSigned) {
-                    byte[] newBytes = baos.toByteArray();
-                    if (mfRawBytes != null
-                            && oldAttr.equals(manifest.getMainAttributes())) {
-
-                        /*
-                         * Note:
-                         *
-                         * The Attributes object is based on HashMap and can handle
-                         * continuation columns. Therefore, even if the contents are
-                         * not changed (in a Map view), the bytes that it write()
-                         * may be different from the original bytes that it read()
-                         * from. Since the signature on the main attributes is based
-                         * on raw bytes, we must retain the exact bytes.
-                         */
-
-                        int newPos = findHeaderEnd(newBytes);
-                        int oldPos = findHeaderEnd(mfRawBytes);
-
-                        if (newPos == oldPos) {
-                            System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos);
-                        } else {
-                            // cat oldHead newTail > newBytes
-                            byte[] lastBytes = new byte[oldPos +
-                                    newBytes.length - newPos];
-                            System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos);
-                            System.arraycopy(newBytes, newPos, lastBytes, oldPos,
-                                    newBytes.length - newPos);
-                            newBytes = lastBytes;
-                        }
-                    }
-                    mfRawBytes = newBytes;
-                } else {
-                    mfRawBytes = baos.toByteArray();
-                }
-            }
-
-            // Write out the manifest
-            if (mfModified) {
-                // manifest file has new length
-                mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
-            }
-            if (verbose != null) {
-                if (mfCreated) {
-                    System.out.println(rb.getString(".adding.") +
-                                        mfFile.getName());
-                } else if (mfModified) {
-                    System.out.println(rb.getString(".updating.") +
-                                        mfFile.getName());
-                }
-            }
-            zos.putNextEntry(mfFile);
-            zos.write(mfRawBytes);
-
-            // Calculate SignatureFile (".SF") and SignatureBlockFile
-            ManifestDigester manDig = new ManifestDigester(mfRawBytes);
-            SignatureFile sf = new SignatureFile(digests, manifest, manDig,
-                                                 sigfile, signManifest);
-
-            if (tsaAlias != null) {
-                tsaCert = getTsaCert(tsaAlias);
-            }
-
-            if (tsaUrl == null && tsaCert == null) {
-                noTimestamp = true;
-            }
-
-            SignatureFile.Block block = null;
-
-            try {
-                block =
-                    sf.generateBlock(privateKey, sigalg, certChain,
-                        externalSF, tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg,
-                        signingMechanism, args, zipFile);
-            } catch (SocketTimeoutException e) {
-                // Provide a helpful message when TSA is beyond a firewall
-                error(rb.getString("unable.to.sign.jar.") +
-                rb.getString("no.response.from.the.Timestamping.Authority.") +
-                "\n  -J-Dhttp.proxyHost=<hostname>" +
-                "\n  -J-Dhttp.proxyPort=<portnumber>\n" +
-                rb.getString("or") +
-                "\n  -J-Dhttps.proxyHost=<hostname> " +
-                "\n  -J-Dhttps.proxyPort=<portnumber> ", e);
-            }
-
-            sfFilename = sf.getMetaName();
-            bkFilename = block.getMetaName();
-
-            ZipEntry sfFile = new ZipEntry(sfFilename);
-            ZipEntry bkFile = new ZipEntry(bkFilename);
-
-            long time = System.currentTimeMillis();
-            sfFile.setTime(time);
-            bkFile.setTime(time);
-
-            // signature file
-            zos.putNextEntry(sfFile);
-            sf.write(zos);
-            if (verbose != null) {
-                if (zipFile.getEntry(sfFilename) != null) {
-                    System.out.println(rb.getString(".updating.") +
-                                sfFilename);
-                } else {
-                    System.out.println(rb.getString(".adding.") +
-                                sfFilename);
-                }
-            }
-
-            if (verbose != null) {
-                if (tsaUrl != null || tsaCert != null) {
-                    System.out.println(
-                        rb.getString("requesting.a.signature.timestamp"));
-                }
-                if (tsaUrl != null) {
-                    System.out.println(rb.getString("TSA.location.") + tsaUrl);
-                }
-                if (tsaCert != null) {
-                    URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert);
-                    if (tsaURI != null) {
-                        System.out.println(rb.getString("TSA.location.") +
-                            tsaURI);
-                    }
-                    System.out.println(rb.getString("TSA.certificate.") +
-                        printCert("", tsaCert, false, null, false));
-                }
-                if (signingMechanism != null) {
-                    System.out.println(
-                        rb.getString("using.an.alternative.signing.mechanism"));
-                }
-            }
-
-            // signature block file
-            zos.putNextEntry(bkFile);
-            block.write(zos);
-            if (verbose != null) {
-                if (zipFile.getEntry(bkFilename) != null) {
-                    System.out.println(rb.getString(".updating.") +
-                        bkFilename);
-                } else {
-                    System.out.println(rb.getString(".adding.") +
-                        bkFilename);
-                }
-            }
-
-            // Write out all other META-INF files that we stored in the
-            // vector
-            for (int i=0; i<mfFiles.size(); i++) {
-                ZipEntry ze = mfFiles.elementAt(i);
-                if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME)
-                    && !ze.getName().equalsIgnoreCase(sfFilename)
-                    && !ze.getName().equalsIgnoreCase(bkFilename)) {
-                    writeEntry(zipFile, zos, ze);
-                }
-            }
-
-            // Write out all other files
-            for (Enumeration<? extends ZipEntry> enum_=zipFile.entries();
-                        enum_.hasMoreElements();) {
-                ZipEntry ze = enum_.nextElement();
-
-                if (!ze.getName().startsWith(META_INF)) {
-                    if (verbose != null) {
-                        if (manifest.getAttributes(ze.getName()) != null)
-                          System.out.println(rb.getString(".signing.") +
-                                ze.getName());
-                        else
-                          System.out.println(rb.getString(".adding.") +
-                                ze.getName());
-                    }
-                    writeEntry(zipFile, zos, ze);
-                }
-            }
-        } catch(IOException ioe) {
-            error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
-        } finally {
-            // close the resouces
-            if (zipFile != null) {
-                zipFile.close();
-                zipFile = null;
-            }
-
-            if (zos != null) {
-                zos.close();
-            }
-        }
-
-        // no IOException thrown in the follow try clause, so disable
-        // the try clause.
-        // try {
-            if (signedjar == null) {
-                // attempt an atomic rename. If that fails,
-                // rename the original jar file, then the signed
-                // one, then delete the original.
-                if (!signedJarFile.renameTo(jarFile)) {
-                    File origJar = new File(jarName+".orig");
-
-                    if (jarFile.renameTo(origJar)) {
-                        if (signedJarFile.renameTo(jarFile)) {
-                            origJar.delete();
-                        } else {
-                            MessageFormat form = new MessageFormat(rb.getString
-                        ("attempt.to.rename.signedJarFile.to.jarFile.failed"));
-                            Object[] source = {signedJarFile, jarFile};
-                            error(form.format(source));
-                        }
-                    } else {
-                        MessageFormat form = new MessageFormat(rb.getString
-                            ("attempt.to.rename.jarFile.to.origJar.failed"));
-                        Object[] source = {jarFile, origJar};
-                        error(form.format(source));
-                    }
-                }
-            }
-
-            boolean warningAppeared = false;
-            if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
-                    notYetValidCert || chainNotValidated || hasExpiredCert) {
-                if (strict) {
-                    System.out.println(rb.getString("jar.signed.with.signer.errors."));
-                    System.out.println();
-                    System.out.println(rb.getString("Error."));
-                } else {
-                    System.out.println(rb.getString("jar.signed."));
-                    System.out.println();
-                    System.out.println(rb.getString("Warning."));
-                    warningAppeared = true;
-                }
-
-                if (badKeyUsage) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (badExtendedKeyUsage) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (badNetscapeCertType) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
-                }
-
-                if (hasExpiredCert) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.has.expired."));
-                } else if (notYetValidCert) {
-                    System.out.println(
-                        rb.getString("The.signer.certificate.is.not.yet.valid."));
-                }
-
-                if (chainNotValidated) {
-                    System.out.println(
-                            rb.getString("The.signer.s.certificate.chain.is.not.validated."));
-                }
-            } else {
-                System.out.println(rb.getString("jar.signed."));
-            }
-            if (hasExpiringCert || noTimestamp) {
-                if (!warningAppeared) {
-                    System.out.println();
-                    System.out.println(rb.getString("Warning."));
-                }
-
-                if (hasExpiringCert) {
-                    System.out.println(
-                            rb.getString("The.signer.certificate.will.expire.within.six.months."));
-                }
-
-                if (noTimestamp) {
-                    System.out.println(
-                            String.format(rb.getString("no.timestamp.signing"), expireDate));
-                }
-            }
-
-        // no IOException thrown in the above try clause, so disable
-        // the catch clause.
-        // } catch(IOException ioe) {
-        //     error(rb.getString("unable.to.sign.jar.")+ioe, ioe);
-        // }
-    }
-
-    /**
-     * Find the length of header inside bs. The header is a multiple (>=0)
-     * lines of attributes plus an empty line. The empty line is included
-     * in the header.
-     */
-    @SuppressWarnings("fallthrough")
-    private int findHeaderEnd(byte[] bs) {
-        // Initial state true to deal with empty header
-        boolean newline = true;     // just met a newline
-        int len = bs.length;
-        for (int i=0; i<len; i++) {
-            switch (bs[i]) {
-                case '\r':
-                    if (i < len - 1 && bs[i+1] == '\n') i++;
-                    // fallthrough
-                case '\n':
-                    if (newline) return i+1;    //+1 to get length
-                    newline = true;
-                    break;
-                default:
-                    newline = false;
-            }
-        }
-        // If header end is not found, it means the MANIFEST.MF has only
-        // the main attributes section and it does not end with 2 newlines.
-        // Returns the whole length so that it can be completely replaced.
-        return len;
-    }
-
-    /**
-     * signature-related files include:
-     * . META-INF/MANIFEST.MF
-     * . META-INF/SIG-*
-     * . META-INF/*.SF
-     * . META-INF/*.DSA
-     * . META-INF/*.RSA
-     * . META-INF/*.EC
-     */
-    private boolean signatureRelated(String name) {
-        return SignatureFileVerifier.isSigningRelated(name);
-    }
-
-    Map<CodeSigner,String> cacheForSignerInfo = new IdentityHashMap<>();
-
-    /**
-     * Returns a string of singer info, with a newline at the end
-     */
-    private String signerInfo(CodeSigner signer, String tab) {
-        if (cacheForSignerInfo.containsKey(signer)) {
-            return cacheForSignerInfo.get(signer);
-        }
-        StringBuilder sb = new StringBuilder();
-        List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
-        // display the signature timestamp, if present
-        Date timestamp;
-        Timestamp ts = signer.getTimestamp();
-        if (ts != null) {
-            sb.append(printTimestamp(tab, ts));
-            sb.append('\n');
-            timestamp = ts.getTimestamp();
-        } else {
-            timestamp = null;
-            noTimestamp = true;
-        }
-        // display the certificate(sb). The first one is end-entity cert and
-        // its KeyUsage should be checked.
-        boolean first = true;
-        for (Certificate c : certs) {
-            sb.append(printCert(tab, c, true, timestamp, first));
-            sb.append('\n');
-            first = false;
-        }
-        try {
-            validateCertChain(certs);
-        } catch (Exception e) {
-            if (debug) {
-                e.printStackTrace();
-            }
-            if (e.getCause() != null &&
-                    (e.getCause() instanceof CertificateExpiredException ||
-                     e.getCause() instanceof CertificateNotYetValidException)) {
-                // No more warning, we alreay have hasExpiredCert or notYetValidCert
-            } else {
-                chainNotValidated = true;
-                sb.append(tab).append(rb.getString(".CertPath.not.validated."))
-                        .append(e.getLocalizedMessage()).append("]\n"); // TODO
-            }
-        }
-        String result = sb.toString();
-        cacheForSignerInfo.put(signer, result);
-        return result;
-    }
-
-    private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
-    throws IOException
-    {
-        ZipEntry ze2 = new ZipEntry(ze.getName());
-        ze2.setMethod(ze.getMethod());
-        ze2.setTime(ze.getTime());
-        ze2.setComment(ze.getComment());
-        ze2.setExtra(ze.getExtra());
-        if (ze.getMethod() == ZipEntry.STORED) {
-            ze2.setSize(ze.getSize());
-            ze2.setCrc(ze.getCrc());
-        }
-        os.putNextEntry(ze2);
-        writeBytes(zf, ze, os);
-    }
-
-    /**
-     * Writes all the bytes for a given entry to the specified output stream.
-     */
-    private synchronized void writeBytes
-        (ZipFile zf, ZipEntry ze, ZipOutputStream os) throws IOException {
-        int n;
-
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            long left = ze.getSize();
-
-            while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                os.write(buffer, 0, n);
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-    }
-
-    void loadKeyStore(String keyStoreName, boolean prompt) {
-
-        if (!nullStream && keyStoreName == null) {
-            keyStoreName = System.getProperty("user.home") + File.separator
-                + ".keystore";
-        }
-
-        try {
-
-            certificateFactory = CertificateFactory.getInstance("X.509");
-            validator = CertPathValidator.getInstance("PKIX");
-            Set<TrustAnchor> tas = new HashSet<>();
-            try {
-                KeyStore caks = KeyStoreUtil.getCacertsKeyStore();
-                if (caks != null) {
-                    Enumeration<String> aliases = caks.aliases();
-                    while (aliases.hasMoreElements()) {
-                        String a = aliases.nextElement();
-                        try {
-                            tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
-                        } catch (Exception e2) {
-                            // ignore, when a SecretkeyEntry does not include a cert
-                        }
-                    }
-                }
-            } catch (Exception e) {
-                // Ignore, if cacerts cannot be loaded
-            }
-
-            if (providerName == null) {
-                store = KeyStore.getInstance(storetype);
-            } else {
-                store = KeyStore.getInstance(storetype, providerName);
-            }
-
-            // Get pass phrase
-            // XXX need to disable echo; on UNIX, call getpass(char *prompt)Z
-            // and on NT call ??
-            if (token && storepass == null && !protectedPath
-                    && !KeyStoreUtil.isWindowsKeyStore(storetype)) {
-                storepass = getPass
-                        (rb.getString("Enter.Passphrase.for.keystore."));
-            } else if (!token && storepass == null && prompt) {
-                storepass = getPass
-                        (rb.getString("Enter.Passphrase.for.keystore."));
-            }
-
-            try {
-                if (nullStream) {
-                    store.load(null, storepass);
-                } else {
-                    keyStoreName = keyStoreName.replace(File.separatorChar, '/');
-                    URL url = null;
-                    try {
-                        url = new URL(keyStoreName);
-                    } catch (java.net.MalformedURLException e) {
-                        // try as file
-                        url = new File(keyStoreName).toURI().toURL();
-                    }
-                    InputStream is = null;
-                    try {
-                        is = url.openStream();
-                        store.load(is, storepass);
-                    } finally {
-                        if (is != null) {
-                            is.close();
-                        }
-                    }
-                }
-                Enumeration<String> aliases = store.aliases();
-                while (aliases.hasMoreElements()) {
-                    String a = aliases.nextElement();
-                    try {
-                        X509Certificate c = (X509Certificate)store.getCertificate(a);
-                        // Only add TrustedCertificateEntry and self-signed
-                        // PrivateKeyEntry
-                        if (store.isCertificateEntry(a) ||
-                                c.getSubjectDN().equals(c.getIssuerDN())) {
-                            tas.add(new TrustAnchor(c, null));
-                        }
-                    } catch (Exception e2) {
-                        // ignore, when a SecretkeyEntry does not include a cert
-                    }
-                }
-            } finally {
-                try {
-                    pkixParameters = new PKIXParameters(tas);
-                    pkixParameters.setRevocationEnabled(false);
-                } catch (InvalidAlgorithmParameterException ex) {
-                    // Only if tas is empty
-                }
-            }
-        } catch (IOException ioe) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        ioe.getMessage());
-        } catch (java.security.cert.CertificateException ce) {
-            throw new RuntimeException(rb.getString("certificate.exception.") +
-                                        ce.getMessage());
-        } catch (NoSuchProviderException pe) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        pe.getMessage());
-        } catch (NoSuchAlgorithmException nsae) {
-            throw new RuntimeException(rb.getString("keystore.load.") +
-                                        nsae.getMessage());
-        } catch (KeyStoreException kse) {
-            throw new RuntimeException
-                (rb.getString("unable.to.instantiate.keystore.class.") +
-                kse.getMessage());
-        }
-    }
-
-    X509Certificate getTsaCert(String alias) {
-
-        java.security.cert.Certificate cs = null;
-
-        try {
-            cs = store.getCertificate(alias);
-        } catch (KeyStoreException kse) {
-            // this never happens, because keystore has been loaded
-        }
-        if (cs == null || (!(cs instanceof X509Certificate))) {
-            MessageFormat form = new MessageFormat(rb.getString
-                ("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the"));
-            Object[] source = {alias, alias};
-            error(form.format(source));
-        }
-        return (X509Certificate) cs;
-    }
-
-    /**
-     * Check if userCert is designed to be a code signer
-     * @param userCert the certificate to be examined
-     * @param bad 3 booleans to show if the KeyUsage, ExtendedKeyUsage,
-     *            NetscapeCertType has codeSigning flag turned on.
-     *            If null, the class field badKeyUsage, badExtendedKeyUsage,
-     *            badNetscapeCertType will be set.
-     */
-    void checkCertUsage(X509Certificate userCert, boolean[] bad) {
-
-        // Can act as a signer?
-        // 1. if KeyUsage, then [0:digitalSignature] or
-        //    [1:nonRepudiation] should be true
-        // 2. if ExtendedKeyUsage, then should contains ANY or CODE_SIGNING
-        // 3. if NetscapeCertType, then should contains OBJECT_SIGNING
-        // 1,2,3 must be true
-
-        if (bad != null) {
-            bad[0] = bad[1] = bad[2] = false;
-        }
-
-        boolean[] keyUsage = userCert.getKeyUsage();
-        if (keyUsage != null) {
-            keyUsage = Arrays.copyOf(keyUsage, 9);
-            if (!keyUsage[0] && !keyUsage[1]) {
-                if (bad != null) {
-                    bad[0] = true;
-                    badKeyUsage = true;
-                }
-            }
-        }
-
-        try {
-            List<String> xKeyUsage = userCert.getExtendedKeyUsage();
-            if (xKeyUsage != null) {
-                if (!xKeyUsage.contains("2.5.29.37.0") // anyExtendedKeyUsage
-                        && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) {  // codeSigning
-                    if (bad != null) {
-                        bad[1] = true;
-                        badExtendedKeyUsage = true;
-                    }
-                }
-            }
-        } catch (java.security.cert.CertificateParsingException e) {
-            // shouldn't happen
-        }
-
-        try {
-            // OID_NETSCAPE_CERT_TYPE
-            byte[] netscapeEx = userCert.getExtensionValue
-                    ("2.16.840.1.113730.1.1");
-            if (netscapeEx != null) {
-                DerInputStream in = new DerInputStream(netscapeEx);
-                byte[] encoded = in.getOctetString();
-                encoded = new DerValue(encoded).getUnalignedBitString()
-                        .toByteArray();
-
-                NetscapeCertTypeExtension extn =
-                        new NetscapeCertTypeExtension(encoded);
-
-                Boolean val = extn.get(NetscapeCertTypeExtension.OBJECT_SIGNING);
-                if (!val) {
-                    if (bad != null) {
-                        bad[2] = true;
-                        badNetscapeCertType = true;
-                    }
-                }
-            }
-        } catch (IOException e) {
-            //
-        }
-    }
-
-    void getAliasInfo(String alias) {
-
-        Key key = null;
-
-        try {
-            java.security.cert.Certificate[] cs = null;
-            if (altCertChain != null) {
-                try (FileInputStream fis = new FileInputStream(altCertChain)) {
-                    cs = CertificateFactory.getInstance("X.509").
-                            generateCertificates(fis).
-                            toArray(new Certificate[0]);
-                } catch (FileNotFoundException ex) {
-                    error(rb.getString("File.specified.by.certchain.does.not.exist"));
-                } catch (CertificateException | IOException ex) {
-                    error(rb.getString("Cannot.restore.certchain.from.file.specified"));
-                }
-            } else {
-                try {
-                    cs = store.getCertificateChain(alias);
-                } catch (KeyStoreException kse) {
-                    // this never happens, because keystore has been loaded
-                }
-            }
-            if (cs == null || cs.length == 0) {
-                if (altCertChain != null) {
-                    error(rb.getString
-                            ("Certificate.chain.not.found.in.the.file.specified."));
-                } else {
-                    MessageFormat form = new MessageFormat(rb.getString
-                        ("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and"));
-                    Object[] source = {alias, alias};
-                    error(form.format(source));
-                }
-            }
-
-            certChain = new X509Certificate[cs.length];
-            for (int i=0; i<cs.length; i++) {
-                if (!(cs[i] instanceof X509Certificate)) {
-                    error(rb.getString
-                        ("found.non.X.509.certificate.in.signer.s.chain"));
-                }
-                certChain[i] = (X509Certificate)cs[i];
-            }
-
-            // We don't meant to print anything, the next call
-            // checks validity and keyUsage etc
-            printCert("", certChain[0], true, null, true);
-
-            try {
-                validateCertChain(Arrays.asList(certChain));
-            } catch (Exception e) {
-                if (debug) {
-                    e.printStackTrace();
-                }
-                if (e.getCause() != null &&
-                        (e.getCause() instanceof CertificateExpiredException ||
-                        e.getCause() instanceof CertificateNotYetValidException)) {
-                    // No more warning, we alreay have hasExpiredCert or notYetValidCert
-                } else {
-                    chainNotValidated = true;
-                }
-            }
-
-            try {
-                if (!token && keypass == null)
-                    key = store.getKey(alias, storepass);
-                else
-                    key = store.getKey(alias, keypass);
-            } catch (UnrecoverableKeyException e) {
-                if (token) {
-                    throw e;
-                } else if (keypass == null) {
-                    // Did not work out, so prompt user for key password
-                    MessageFormat form = new MessageFormat(rb.getString
-                        ("Enter.key.password.for.alias."));
-                    Object[] source = {alias};
-                    keypass = getPass(form.format(source));
-                    key = store.getKey(alias, keypass);
-                }
-            }
-        } catch (NoSuchAlgorithmException e) {
-            error(e.getMessage());
-        } catch (UnrecoverableKeyException e) {
-            error(rb.getString("unable.to.recover.key.from.keystore"));
-        } catch (KeyStoreException kse) {
-            // this never happens, because keystore has been loaded
-        }
-
-        if (!(key instanceof PrivateKey)) {
-            MessageFormat form = new MessageFormat(rb.getString
-                ("key.associated.with.alias.not.a.private.key"));
-            Object[] source = {alias};
-            error(form.format(source));
-        } else {
-            privateKey = (PrivateKey)key;
-        }
-    }
-
-    void error(String message)
-    {
-        System.out.println(rb.getString("jarsigner.")+message);
-        System.exit(1);
-    }
-
-
-    void error(String message, Exception e)
-    {
-        System.out.println(rb.getString("jarsigner.")+message);
-        if (debug) {
-            e.printStackTrace();
-        }
-        System.exit(1);
-    }
-
-    void validateCertChain(List<? extends Certificate> certs) throws Exception {
-        int cpLen = 0;
-        out: for (; cpLen<certs.size(); cpLen++) {
-            for (TrustAnchor ta: pkixParameters.getTrustAnchors()) {
-                if (ta.getTrustedCert().equals(certs.get(cpLen))) {
-                    break out;
-                }
-            }
-        }
-        if (cpLen > 0) {
-            CertPath cp = certificateFactory.generateCertPath(
-                    (cpLen == certs.size())? certs: certs.subList(0, cpLen));
-            validator.validate(cp, pkixParameters);
-        }
-    }
-
-    char[] getPass(String prompt)
-    {
-        System.err.print(prompt);
-        System.err.flush();
-        try {
-            char[] pass = Password.readPassword(System.in);
-
-            if (pass == null) {
-                error(rb.getString("you.must.enter.key.password"));
-            } else {
-                return pass;
-            }
-        } catch (IOException ioe) {
-            error(rb.getString("unable.to.read.password.")+ioe.getMessage());
-        }
-        // this shouldn't happen
-        return null;
-    }
-
-    /*
-     * Reads all the bytes for a given zip entry.
-     */
-    private synchronized byte[] getBytes(ZipFile zf,
-                                         ZipEntry ze) throws IOException {
-        int n;
-
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            baos.reset();
-            long left = ze.getSize();
-
-            while((left > 0) && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                baos.write(buffer, 0, n);
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-
-        return baos.toByteArray();
-    }
-
-    /*
-     * Returns manifest entry from given jar file, or null if given jar file
-     * does not have a manifest entry.
-     */
-    private ZipEntry getManifestFile(ZipFile zf) {
-        ZipEntry ze = zf.getEntry(JarFile.MANIFEST_NAME);
-        if (ze == null) {
-            // Check all entries for matching name
-            Enumeration<? extends ZipEntry> enum_ = zf.entries();
-            while (enum_.hasMoreElements() && ze == null) {
-                ze = enum_.nextElement();
-                if (!JarFile.MANIFEST_NAME.equalsIgnoreCase
-                    (ze.getName())) {
-                    ze = null;
-                }
-            }
-        }
-        return ze;
-    }
-
-    /*
-     * Computes the digests of a zip entry, and returns them as an array
-     * of base64-encoded strings.
-     */
-    private synchronized String[] getDigests(ZipEntry ze, ZipFile zf,
-                                             MessageDigest[] digests)
-        throws IOException {
-
-        int n, i;
-        InputStream is = null;
-        try {
-            is = zf.getInputStream(ze);
-            long left = ze.getSize();
-            while((left > 0)
-                && (n = is.read(buffer, 0, buffer.length)) != -1) {
-                for (i=0; i<digests.length; i++) {
-                    digests[i].update(buffer, 0, n);
-                }
-                left -= n;
-            }
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-
-        // complete the digests
-        String[] base64Digests = new String[digests.length];
-        for (i=0; i<digests.length; i++) {
-            base64Digests[i] = Base64.getEncoder().encodeToString(digests[i].digest());
-        }
-        return base64Digests;
-    }
-
-    /*
-     * Computes the digests of a zip entry, and returns them as a list of
-     * attributes
-     */
-    private Attributes getDigestAttributes(ZipEntry ze, ZipFile zf,
-                                           MessageDigest[] digests)
-        throws IOException {
-
-        String[] base64Digests = getDigests(ze, zf, digests);
-        Attributes attrs = new Attributes();
-
-        for (int i=0; i<digests.length; i++) {
-            attrs.putValue(digests[i].getAlgorithm()+"-Digest",
-                           base64Digests[i]);
-        }
-        return attrs;
-    }
-
-    /*
-     * Updates the digest attributes of a manifest entry, by adding or
-     * replacing digest values.
-     * A digest value is added if the manifest entry does not contain a digest
-     * for that particular algorithm.
-     * A digest value is replaced if it is obsolete.
-     *
-     * Returns true if the manifest entry has been changed, and false
-     * otherwise.
-     */
-    private boolean updateDigests(ZipEntry ze, ZipFile zf,
-                                  MessageDigest[] digests,
-                                  Manifest mf) throws IOException {
-        boolean update = false;
-
-        Attributes attrs = mf.getAttributes(ze.getName());
-        String[] base64Digests = getDigests(ze, zf, digests);
-
-        for (int i=0; i<digests.length; i++) {
-            // The entry name to be written into attrs
-            String name = null;
-            try {
-                // Find if the digest already exists
-                AlgorithmId aid = AlgorithmId.get(digests[i].getAlgorithm());
-                for (Object key: attrs.keySet()) {
-                    if (key instanceof Attributes.Name) {
-                        String n = ((Attributes.Name)key).toString();
-                        if (n.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) {
-                            String tmp = n.substring(0, n.length() - 7);
-                            if (AlgorithmId.get(tmp).equals(aid)) {
-                                name = n;
-                                break;
-                            }
-                        }
-                    }
-                }
-            } catch (NoSuchAlgorithmException nsae) {
-                // Ignored. Writing new digest entry.
-            }
-
-            if (name == null) {
-                name = digests[i].getAlgorithm()+"-Digest";
-                attrs.putValue(name, base64Digests[i]);
-                update=true;
-            } else {
-                // compare digests, and replace the one in the manifest
-                // if they are different
-                String mfDigest = attrs.getValue(name);
-                if (!mfDigest.equalsIgnoreCase(base64Digests[i])) {
-                    attrs.putValue(name, base64Digests[i]);
-                    update=true;
-                }
-            }
-        }
-        return update;
-    }
-
-    /*
-     * Try to load the specified signing mechanism.
-     * The URL class loader is used.
-     */
-    private ContentSigner loadSigningMechanism(String signerClassName,
-        String signerClassPath) throws Exception {
-
-        // construct class loader
-        String cpString = null;   // make sure env.class.path defaults to dot
-
-        // do prepends to get correct ordering
-        cpString = PathList.appendPath(System.getProperty("env.class.path"), cpString);
-        cpString = PathList.appendPath(System.getProperty("java.class.path"), cpString);
-        cpString = PathList.appendPath(signerClassPath, cpString);
-        URL[] urls = PathList.pathToURLs(cpString);
-        ClassLoader appClassLoader = new URLClassLoader(urls);
-
-        // attempt to find signer
-        Class<?> signerClass = appClassLoader.loadClass(signerClassName);
-
-        // Check that it implements ContentSigner
-        Object signer = signerClass.newInstance();
-        if (!(signer instanceof ContentSigner)) {
-            MessageFormat form = new MessageFormat(
-                rb.getString("signerClass.is.not.a.signing.mechanism"));
-            Object[] source = {signerClass.getName()};
-            throw new IllegalArgumentException(form.format(source));
-        }
-        return (ContentSigner)signer;
-    }
-}
-
-class SignatureFile {
-
-    /** SignatureFile */
-    Manifest sf;
-
-    /** .SF base name */
-    String baseName;
-
-    public SignatureFile(MessageDigest digests[],
-                         Manifest mf,
-                         ManifestDigester md,
-                         String baseName,
-                         boolean signManifest)
-
-    {
-        this.baseName = baseName;
-
-        String version = System.getProperty("java.version");
-        String javaVendor = System.getProperty("java.vendor");
-
-        sf = new Manifest();
-        Attributes mattr = sf.getMainAttributes();
-
-        mattr.putValue(Attributes.Name.SIGNATURE_VERSION.toString(), "1.0");
-        mattr.putValue("Created-By", version + " (" + javaVendor + ")");
-
-        if (signManifest) {
-            // sign the whole manifest
-            for (int i=0; i < digests.length; i++) {
-                mattr.putValue(digests[i].getAlgorithm()+"-Digest-Manifest",
-                               Base64.getEncoder().encodeToString(md.manifestDigest(digests[i])));
-            }
-        }
-
-        // create digest of the manifest main attributes
-        ManifestDigester.Entry mde =
-                md.get(ManifestDigester.MF_MAIN_ATTRS, false);
-        if (mde != null) {
-            for (int i=0; i < digests.length; i++) {
-                mattr.putValue(digests[i].getAlgorithm() +
-                        "-Digest-" + ManifestDigester.MF_MAIN_ATTRS,
-                        Base64.getEncoder().encodeToString(mde.digest(digests[i])));
-            }
-        } else {
-            throw new IllegalStateException
-                ("ManifestDigester failed to create " +
-                "Manifest-Main-Attribute entry");
-        }
-
-        /* go through the manifest entries and create the digests */
-
-        Map<String,Attributes> entries = sf.getEntries();
-        Iterator<Map.Entry<String,Attributes>> mit =
-                                mf.getEntries().entrySet().iterator();
-        while(mit.hasNext()) {
-            Map.Entry<String,Attributes> e = mit.next();
-            String name = e.getKey();
-            mde = md.get(name, false);
-            if (mde != null) {
-                Attributes attr = new Attributes();
-                for (int i=0; i < digests.length; i++) {
-                    attr.putValue(digests[i].getAlgorithm()+"-Digest",
-                                  Base64.getEncoder().encodeToString(mde.digest(digests[i])));
-                }
-                entries.put(name, attr);
-            }
-        }
-    }
-
-    /**
-     * Writes the SignatureFile to the specified OutputStream.
-     *
-     * @param out the output stream
-     * @exception IOException if an I/O error has occurred
-     */
-
-    public void write(OutputStream out) throws IOException
-    {
-        sf.write(out);
-    }
-
-    /**
-     * get .SF file name
-     */
-    public String getMetaName()
-    {
-        return "META-INF/"+ baseName + ".SF";
-    }
-
-    /**
-     * get base file name
-     */
-    public String getBaseName()
-    {
-        return baseName;
-    }
-
-    /*
-     * Generate a signed data block.
-     * If a URL or a certificate (containing a URL) for a Timestamping
-     * Authority is supplied then a signature timestamp is generated and
-     * inserted into the signed data block.
-     *
-     * @param sigalg signature algorithm to use, or null to use default
-     * @param tsaUrl The location of the Timestamping Authority. If null
-     *               then no timestamp is requested.
-     * @param tsaCert The certificate for the Timestamping Authority. If null
-     *               then no timestamp is requested.
-     * @param signingMechanism The signing mechanism to use.
-     * @param args The command-line arguments to jarsigner.
-     * @param zipFile The original source Zip file.
-     */
-    public Block generateBlock(PrivateKey privateKey,
-                               String sigalg,
-                               X509Certificate[] certChain,
-                               boolean externalSF, String tsaUrl,
-                               X509Certificate tsaCert,
-                               String tSAPolicyID,
-                               String tSADigestAlg,
-                               ContentSigner signingMechanism,
-                               String[] args, ZipFile zipFile)
-        throws NoSuchAlgorithmException, InvalidKeyException, IOException,
-            SignatureException, CertificateException
-    {
-        return new Block(this, privateKey, sigalg, certChain, externalSF,
-                tsaUrl, tsaCert, tSAPolicyID, tSADigestAlg, signingMechanism, args, zipFile);
-    }
-
-
-    public static class Block {
-
-        private byte[] block;
-        private String blockFileName;
-
-        /*
-         * Construct a new signature block.
-         */
-        Block(SignatureFile sfg, PrivateKey privateKey, String sigalg,
-            X509Certificate[] certChain, boolean externalSF, String tsaUrl,
-            X509Certificate tsaCert, String tSAPolicyID, String tSADigestAlg,
-            ContentSigner signingMechanism, String[] args, ZipFile zipFile)
-            throws NoSuchAlgorithmException, InvalidKeyException, IOException,
-            SignatureException, CertificateException {
-
-            Principal issuerName = certChain[0].getIssuerDN();
-            if (!(issuerName instanceof X500Name)) {
-                // must extract the original encoded form of DN for subsequent
-                // name comparison checks (converting to a String and back to
-                // an encoded DN could cause the types of String attribute
-                // values to be changed)
-                X509CertInfo tbsCert = new
-                    X509CertInfo(certChain[0].getTBSCertificate());
-                issuerName = (Principal)
-                    tbsCert.get(X509CertInfo.ISSUER + "." +
-                                X509CertInfo.DN_NAME);
-                }
-            BigInteger serial = certChain[0].getSerialNumber();
-
-            String signatureAlgorithm;
-            String keyAlgorithm = privateKey.getAlgorithm();
-            /*
-             * If no signature algorithm was specified, we choose a
-             * default that is compatible with the private key algorithm.
-             */
-            if (sigalg == null) {
-
-                if (keyAlgorithm.equalsIgnoreCase("DSA"))
-                    signatureAlgorithm = "SHA256withDSA";
-                else if (keyAlgorithm.equalsIgnoreCase("RSA"))
-                    signatureAlgorithm = "SHA256withRSA";
-                else if (keyAlgorithm.equalsIgnoreCase("EC"))
-                    signatureAlgorithm = "SHA256withECDSA";
-                else
-                    throw new RuntimeException("private key is not a DSA or "
-                                               + "RSA key");
-            } else {
-                signatureAlgorithm = sigalg;
-            }
-
-            // check common invalid key/signature algorithm combinations
-            String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
-            if ((sigAlgUpperCase.endsWith("WITHRSA") &&
-                !keyAlgorithm.equalsIgnoreCase("RSA")) ||
-                (sigAlgUpperCase.endsWith("WITHECDSA") &&
-                !keyAlgorithm.equalsIgnoreCase("EC")) ||
-                (sigAlgUpperCase.endsWith("WITHDSA") &&
-                !keyAlgorithm.equalsIgnoreCase("DSA"))) {
-                throw new SignatureException
-                    ("private key algorithm is not compatible with signature algorithm");
-            }
-
-            blockFileName = "META-INF/"+sfg.getBaseName()+"."+keyAlgorithm;
-
-            AlgorithmId sigAlg = AlgorithmId.get(signatureAlgorithm);
-            AlgorithmId digEncrAlg = AlgorithmId.get(keyAlgorithm);
-
-            Signature sig = Signature.getInstance(signatureAlgorithm);
-            sig.initSign(privateKey);
-
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            sfg.write(baos);
-
-            byte[] content = baos.toByteArray();
-
-            sig.update(content);
-            byte[] signature = sig.sign();
-
-            // Timestamp the signature and generate the signature block file
-            if (signingMechanism == null) {
-                signingMechanism = new TimestampedSigner();
-            }
-            URI tsaUri = null;
-            try {
-                if (tsaUrl != null) {
-                    tsaUri = new URI(tsaUrl);
-                }
-            } catch (URISyntaxException e) {
-                throw new IOException(e);
-            }
-
-            // Assemble parameters for the signing mechanism
-            ContentSignerParameters params =
-                new JarSignerParameters(args, tsaUri, tsaCert, tSAPolicyID,
-                        tSADigestAlg, signature,
-                    signatureAlgorithm, certChain, content, zipFile);
-
-            // Generate the signature block
-            block = signingMechanism.generateSignedData(
-                    params, externalSF, (tsaUrl != null || tsaCert != null));
-        }
-
-        /*
-         * get block file name.
-         */
-        public String getMetaName()
-        {
-            return blockFileName;
-        }
-
-        /**
-         * Writes the block file to the specified OutputStream.
-         *
-         * @param out the output stream
-         * @exception IOException if an I/O error has occurred
-         */
-
-        public void write(OutputStream out) throws IOException
-        {
-            out.write(block);
-        }
-    }
-}
-
-
-/*
- * This object encapsulates the parameters used to perform content signing.
- */
-class JarSignerParameters implements ContentSignerParameters {
-
-    private String[] args;
-    private URI tsa;
-    private X509Certificate tsaCertificate;
-    private byte[] signature;
-    private String signatureAlgorithm;
-    private X509Certificate[] signerCertificateChain;
-    private byte[] content;
-    private ZipFile source;
-    private String tSAPolicyID;
-    private String tSADigestAlg;
-
-    /**
-     * Create a new object.
-     */
-    JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate,
-        String tSAPolicyID, String tSADigestAlg,
-        byte[] signature, String signatureAlgorithm,
-        X509Certificate[] signerCertificateChain, byte[] content,
-        ZipFile source) {
-
-        if (signature == null || signatureAlgorithm == null ||
-            signerCertificateChain == null || tSADigestAlg == null) {
-            throw new NullPointerException();
-        }
-        this.args = args;
-        this.tsa = tsa;
-        this.tsaCertificate = tsaCertificate;
-        this.tSAPolicyID = tSAPolicyID;
-        this.tSADigestAlg = tSADigestAlg;
-        this.signature = signature;
-        this.signatureAlgorithm = signatureAlgorithm;
-        this.signerCertificateChain = signerCertificateChain;
-        this.content = content;
-        this.source = source;
-    }
-
-    /**
-     * Retrieves the command-line arguments.
-     *
-     * @return The command-line arguments. May be null.
-     */
-    public String[] getCommandLine() {
-        return args;
-    }
-
-    /**
-     * Retrieves the identifier for a Timestamping Authority (TSA).
-     *
-     * @return The TSA identifier. May be null.
-     */
-    public URI getTimestampingAuthority() {
-        return tsa;
-    }
-
-    /**
-     * Retrieves the certificate for a Timestamping Authority (TSA).
-     *
-     * @return The TSA certificate. May be null.
-     */
-    public X509Certificate getTimestampingAuthorityCertificate() {
-        return tsaCertificate;
-    }
-
-    public String getTSAPolicyID() {
-        return tSAPolicyID;
-    }
-
-    public String getTSADigestAlg() {
-        return tSADigestAlg;
-    }
-
-    /**
-     * Retrieves the signature.
-     *
-     * @return The non-null signature bytes.
-     */
-    public byte[] getSignature() {
-        return signature;
-    }
-
-    /**
-     * Retrieves the name of the signature algorithm.
-     *
-     * @return The non-null string name of the signature algorithm.
-     */
-    public String getSignatureAlgorithm() {
-        return signatureAlgorithm;
-    }
-
-    /**
-     * Retrieves the signer's X.509 certificate chain.
-     *
-     * @return The non-null array of X.509 public-key certificates.
-     */
-    public X509Certificate[] getSignerCertificateChain() {
-        return signerCertificateChain;
-    }
-
-    /**
-     * Retrieves the content that was signed.
-     *
-     * @return The content bytes. May be null.
-     */
-    public byte[] getContent() {
-        return content;
-    }
-
-    /**
-     * Retrieves the original source ZIP file before it was signed.
-     *
-     * @return The original ZIP file. May be null.
-     */
-    public ZipFile getSource() {
-        return source;
-    }
-}
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,261 +0,0 @@
-/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0} not a provider"},
-        {"signerClass.is.not.a.signing.mechanism", "{0} is not a signing mechanism"},
-        {"jarsigner.error.", "jarsigner error: "},
-        {"Illegal.option.", "Illegal option: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "-keystore must be NONE if -storetype is {0}"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "-keypass can not be specified if -storetype is {0}"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "If -protected is specified, then -storepass and -keypass must not be specified"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "If keystore is not password protected, then -storepass and -keypass must not be specified"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "Usage: jarsigner [options] jar-file alias"},
-        {".jarsigner.verify.options.jar.file.alias.",
-                "       jarsigner -verify [options] jar-file [alias...]"},
-        {".keystore.url.keystore.location",
-                "[-keystore <url>]           keystore location"},
-        {".storepass.password.password.for.keystore.integrity",
-            "[-storepass <password>]     password for keystore integrity"},
-        {".storetype.type.keystore.type",
-                "[-storetype <type>]         keystore type"},
-        {".keypass.password.password.for.private.key.if.different.",
-                "[-keypass <password>]       password for private key (if different)"},
-        {".certchain.file.name.of.alternative.certchain.file",
-                "[-certchain <file>]         name of alternative certchain file"},
-        {".sigfile.file.name.of.SF.DSA.file",
-                "[-sigfile <file>]           name of .SF/.DSA file"},
-        {".signedjar.file.name.of.signed.JAR.file",
-                "[-signedjar <file>]         name of signed JAR file"},
-        {".digestalg.algorithm.name.of.digest.algorithm",
-                "[-digestalg <algorithm>]    name of digest algorithm"},
-        {".sigalg.algorithm.name.of.signature.algorithm",
-                "[-sigalg <algorithm>]       name of signature algorithm"},
-        {".verify.verify.a.signed.JAR.file",
-                "[-verify]                   verify a signed JAR file"},
-        {".verbose.suboptions.verbose.output.when.signing.verifying.",
-                "[-verbose[:suboptions]]     verbose output when signing/verifying."},
-        {".suboptions.can.be.all.grouped.or.summary",
-                "                            suboptions can be all, grouped or summary"},
-        {".certs.display.certificates.when.verbose.and.verifying",
-                "[-certs]                    display certificates when verbose and verifying"},
-        {".tsa.url.location.of.the.Timestamping.Authority",
-                "[-tsa <url>]                location of the Timestamping Authority"},
-        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
-                "[-tsacert <alias>]          public key certificate for Timestamping Authority"},
-        {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
-                "[-tsapolicyid <oid>]        TSAPolicyID for Timestamping Authority"},
-        {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
-                "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        class name of an alternative signing mechanism"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] location of an alternative signing mechanism"},
-        {".internalsf.include.the.SF.file.inside.the.signature.block",
-                "[-internalsf]               include the .SF file inside the signature block"},
-        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
-                "[-sectionsonly]             don't compute hash of entire manifest"},
-        {".protected.keystore.has.protected.authentication.path",
-                "[-protected]                keystore has protected authentication path"},
-        {".providerName.name.provider.name",
-                "[-providerName <name>]      provider name"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <class>     name of cryptographic service provider's"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <arg>]] ... master class file and constructor argument"},
-        {".strict.treat.warnings.as.errors",
-                "[-strict]                   treat warnings as errors"},
-        {".conf.url.specify.a.pre.configured.options.file",
-                "[-conf <url>]               specify a pre-configured options file"},
-        {"Option.lacks.argument", "Option lacks argument"},
-        {"Please.type.jarsigner.help.for.usage", "Please type jarsigner -help for usage"},
-        {"Please.specify.jarfile.name", "Please specify jarfile name"},
-        {"Please.specify.alias.name", "Please specify alias name"},
-        {"Only.one.alias.can.be.specified", "Only one alias can be specified"},
-        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
-                 "This jar contains signed entries which are not signed by the specified alias(es)."},
-        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
-                  "This jar contains signed entries that are not signed by alias in this keystore."},
-        {"s", "s"},
-        {"m", "m"},
-        {"k", "k"},
-        {"i", "i"},
-        {".and.d.more.", "(and %d more)"},
-        {".s.signature.was.verified.",
-                "  s = signature was verified "},
-        {".m.entry.is.listed.in.manifest",
-                "  m = entry is listed in manifest"},
-        {".k.at.least.one.certificate.was.found.in.keystore",
-                "  k = at least one certificate was found in keystore"},
-        {".i.at.least.one.certificate.was.found.in.identity.scope",
-                "  i = at least one certificate was found in identity scope"},
-        {".X.not.signed.by.specified.alias.es.",
-                "  X = not signed by specified alias(es)"},
-        {"no.manifest.", "no manifest."},
-        {".Signature.related.entries.","(Signature related entries)"},
-        {".Unsigned.entries.", "(Unsigned entries)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar is unsigned. (signatures missing or not parsable)"},
-        {"jar.signed.", "jar signed."},
-        {"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
-        {"jar.verified.", "jar verified."},
-        {"jar.verified.with.signer.errors.", "jar verified, with signer errors."},
-        {"jarsigner.", "jarsigner: "},
-        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
-                "signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
-        {"unable.to.open.jar.file.", "unable to open jar file: "},
-        {"unable.to.create.", "unable to create: "},
-        {".adding.", "   adding: "},
-        {".updating.", " updating: "},
-        {".signing.", "  signing: "},
-        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
-                "attempt to rename {0} to {1} failed"},
-        {"attempt.to.rename.jarFile.to.origJar.failed",
-                "attempt to rename {0} to {1} failed"},
-        {"unable.to.sign.jar.", "unable to sign jar: "},
-        {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "},
-        {"keystore.load.", "keystore load: "},
-        {"certificate.exception.", "certificate exception: "},
-        {"unable.to.instantiate.keystore.class.",
-                "unable to instantiate keystore class: "},
-        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
-                "Certificate chain not found for: {0}.  {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."},
-        {"File.specified.by.certchain.does.not.exist",
-                "File specified by -certchain does not exist"},
-        {"Cannot.restore.certchain.from.file.specified",
-                "Cannot restore certchain from file specified"},
-        {"Certificate.chain.not.found.in.the.file.specified.",
-                "Certificate chain not found in the file specified."},
-        {"found.non.X.509.certificate.in.signer.s.chain",
-                "found non-X.509 certificate in signer's chain"},
-        {"incomplete.certificate.chain", "incomplete certificate chain"},
-        {"Enter.key.password.for.alias.", "Enter key password for {0}: "},
-        {"unable.to.recover.key.from.keystore",
-                "unable to recover key from keystore"},
-        {"key.associated.with.alias.not.a.private.key",
-                "key associated with {0} not a private key"},
-        {"you.must.enter.key.password", "you must enter key password"},
-        {"unable.to.read.password.", "unable to read password: "},
-        {"certificate.is.valid.from", "certificate is valid from {0} to {1}"},
-        {"certificate.expired.on", "certificate expired on {0}"},
-        {"certificate.is.not.valid.until",
-                "certificate is not valid until {0}"},
-        {"certificate.will.expire.on", "certificate will expire on {0}"},
-        {".CertPath.not.validated.", "[CertPath not validated: "},
-        {"requesting.a.signature.timestamp",
-                "requesting a signature timestamp"},
-        {"TSA.location.", "TSA location: "},
-        {"TSA.certificate.", "TSA certificate: "},
-        {"no.response.from.the.Timestamping.Authority.",
-                "no response from the Timestamping Authority. When connecting"
-                + " from behind a firewall an HTTP or HTTPS proxy may need to"
-                + " be specified. Supply the following options to jarsigner:"},
-        {"or", "or"},
-        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
-                "Certificate not found for: {0}.  {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."},
-        {"using.an.alternative.signing.mechanism",
-                "using an alternative signing mechanism"},
-        {"entry.was.signed.on", "entry was signed on {0}"},
-        {"Warning.", "Warning: "},
-        {"Error.", "Error: "},
-        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
-                "This jar contains unsigned entries which have not been integrity-checked. "},
-        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
-                "This jar contains entries whose signer certificate has expired. "},
-        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
-                "This jar contains entries whose signer certificate will expire within six months. "},
-        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
-                "This jar contains entries whose signer certificate is not yet valid. "},
-        {"Re.run.with.the.verbose.option.for.more.details.",
-                "Re-run with the -verbose option for more details."},
-        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
-                "Re-run with the -verbose and -certs options for more details."},
-        {"The.signer.certificate.has.expired.",
-                "The signer certificate has expired."},
-        {"The.signer.certificate.will.expire.within.six.months.",
-                "The signer certificate will expire within six months."},
-        {"The.signer.certificate.is.not.yet.valid.",
-                "The signer certificate is not yet valid."},
-        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "The signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
-        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."},
-        {".{0}.extension.does.not.support.code.signing.",
-                 "[{0} extension does not support code signing]"},
-        {"The.signer.s.certificate.chain.is.not.validated.",
-                "The signer's certificate chain is not validated."},
-        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
-                 "This jar contains entries whose certificate chain is not validated."},
-        {"no.timestamp.signing",
-                "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
-        {"no.timestamp.verifying",
-                "This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
-        {"Unknown.password.type.", "Unknown password type: "},
-        {"Cannot.find.environment.variable.",
-                "Cannot find environment variable: "},
-        {"Cannot.find.file.", "Cannot find file: "},
-    };
-
-    /**
-     * Returns the contents of this <code>ResourceBundle</code>.
-     *
-     * <p>
-     *
-     * @return the contents of this <code>ResourceBundle</code>.
-     */
-    @Override
-    public Object[][] getContents() {
-        return contents;
-    }
-}
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_ja.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources_ja extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0}\u306F\u30D7\u30ED\u30D0\u30A4\u30C0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"signerClass.is.not.a.signing.mechanism", "{0}\u306F\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"jarsigner.error.", "jarsigner\u30A8\u30E9\u30FC: "},
-        {"Illegal.option.", "\u4E0D\u6B63\u306A\u30AA\u30D7\u30B7\u30E7\u30F3: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keystore\u306FNONE\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "-storetype\u304C{0}\u306E\u5834\u5408\u3001-keypass\u306F\u6307\u5B9A\u3067\u304D\u307E\u305B\u3093"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "-protected\u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u306F\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "\u30AD\u30FC\u30B9\u30C8\u30A2\u304C\u30D1\u30B9\u30EF\u30FC\u30C9\u3067\u4FDD\u8B77\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u3001-storepass\u304A\u3088\u3073-keypass\u3092\u6307\u5B9A\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "\u4F7F\u7528\u65B9\u6CD5: jarsigner [options] jar-file alias"},
-        {".jarsigner.verify.options.jar.file.alias.",
-                "       jarsigner -verify [options] jar-file [alias...]"},
-        {".keystore.url.keystore.location",
-                "[-keystore <url>]           \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u4F4D\u7F6E"},
-        {".storepass.password.password.for.keystore.integrity",
-            "[-storepass <password>]     \u30AD\u30FC\u30B9\u30C8\u30A2\u6574\u5408\u6027\u306E\u305F\u3081\u306E\u30D1\u30B9\u30EF\u30FC\u30C9"},
-        {".storetype.type.keystore.type",
-                "[-storetype <type>]         \u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u578B"},
-        {".keypass.password.password.for.private.key.if.different.",
-                "[-keypass <password>]       \u79D8\u5BC6\u9375\u306E\u30D1\u30B9\u30EF\u30FC\u30C9(\u7570\u306A\u308B\u5834\u5408)"},
-        {".certchain.file.name.of.alternative.certchain.file",
-                "[-certchain <file>]         \u4EE3\u66FF\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u30FB\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".sigfile.file.name.of.SF.DSA.file",
-                "[-sigfile <file>]           .SF/.DSA\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".signedjar.file.name.of.signed.JAR.file",
-                "[-signedjar <file>]         \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u540D\u524D"},
-        {".digestalg.algorithm.name.of.digest.algorithm",
-                "[-digestalg <algorithm>]    \u30C0\u30A4\u30B8\u30A7\u30B9\u30C8\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"},
-        {".sigalg.algorithm.name.of.signature.algorithm",
-                "[-sigalg <algorithm>]       \u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30A2\u30EB\u30B4\u30EA\u30BA\u30E0\u306E\u540D\u524D"},
-        {".verify.verify.a.signed.JAR.file",
-                "[-verify]                   \u7F72\u540D\u4ED8\u304DJAR\u30D5\u30A1\u30A4\u30EB\u306E\u691C\u8A3C"},
-        {".verbose.suboptions.verbose.output.when.signing.verifying.",
-                "[-verbose[:suboptions]]     \u7F72\u540D/\u691C\u8A3C\u6642\u306E\u8A73\u7D30\u51FA\u529B\u3002"},
-        {".suboptions.can.be.all.grouped.or.summary",
-                "                            \u30B5\u30D6\u30AA\u30D7\u30B7\u30E7\u30F3\u3068\u3057\u3066\u3001all\u3001grouped\u307E\u305F\u306Fsummary\u3092\u4F7F\u7528\u3067\u304D\u307E\u3059"},
-        {".certs.display.certificates.when.verbose.and.verifying",
-                "[-certs]                    \u8A73\u7D30\u51FA\u529B\u304A\u3088\u3073\u691C\u8A3C\u6642\u306B\u8A3C\u660E\u66F8\u3092\u8868\u793A"},
-        {".tsa.url.location.of.the.Timestamping.Authority",
-                "[-tsa <url>]                \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u5834\u6240"},
-        {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
-                "[-tsacert <alias>]          \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306E\u516C\u958B\u9375\u8A3C\u660E\u66F8"},
-        {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
-                "[-tsapolicyid <oid>]        \u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306ETSAPolicyID"},
-        {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
-                "[-altsigner <class>]        \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u30AF\u30E9\u30B9\u540D"},
-        {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
-                "[-altsignerpath <pathlist>] \u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u5834\u6240"},
-        {".internalsf.include.the.SF.file.inside.the.signature.block",
-                "[-internalsf]               \u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30D6\u30ED\u30C3\u30AF\u306B.SF\u30D5\u30A1\u30A4\u30EB\u3092\u542B\u3081\u308B"},
-        {".sectionsonly.don.t.compute.hash.of.entire.manifest",
-                "[-sectionsonly]             \u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5168\u4F53\u306E\u30CF\u30C3\u30B7\u30E5\u306F\u8A08\u7B97\u3057\u306A\u3044"},
-        {".protected.keystore.has.protected.authentication.path",
-                "[-protected]                \u30AD\u30FC\u30B9\u30C8\u30A2\u306B\u306F\u4FDD\u8B77\u3055\u308C\u305F\u8A8D\u8A3C\u30D1\u30B9\u304C\u3042\u308B"},
-        {".providerName.name.provider.name",
-                "[-providerName <name>]      \u30D7\u30ED\u30D0\u30A4\u30C0\u540D"},
-        {".providerClass.class.name.of.cryptographic.service.provider.s",
-                "[-providerClass <class>     \u6697\u53F7\u5316\u30B5\u30FC\u30D3\u30B9\u30FB\u30D7\u30ED\u30D0\u30A4\u30C0\u306E\u540D\u524D"},
-        {".providerArg.arg.master.class.file.and.constructor.argument",
-                "  [-providerArg <arg>]] ... \u30DE\u30B9\u30BF\u30FC\u30FB\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3068\u30B3\u30F3\u30B9\u30C8\u30E9\u30AF\u30BF\u306E\u5F15\u6570"},
-        {".strict.treat.warnings.as.errors",
-                "[-strict]                   \u8B66\u544A\u3092\u30A8\u30E9\u30FC\u3068\u3057\u3066\u51E6\u7406"},
-        {"Option.lacks.argument", "\u30AA\u30D7\u30B7\u30E7\u30F3\u306B\u5F15\u6570\u304C\u3042\u308A\u307E\u305B\u3093"},
-        {"Please.type.jarsigner.help.for.usage", "\u4F7F\u7528\u65B9\u6CD5\u306B\u3064\u3044\u3066\u306Fjarsigner -help\u3068\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Please.specify.jarfile.name", "jarfile\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Please.specify.alias.name", "\u5225\u540D\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"},
-        {"Only.one.alias.can.be.specified", "\u5225\u540D\u306F1\u3064\u306E\u307F\u6307\u5B9A\u3067\u304D\u307E\u3059"},
-        {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
-                 "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u6307\u5B9A\u3055\u308C\u305F\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
-                  "\u3053\u306Ejar\u306B\u542B\u307E\u308C\u308B\u7F72\u540D\u6E08\u30A8\u30F3\u30C8\u30EA\u306F\u3001\u3053\u306E\u30AD\u30FC\u30B9\u30C8\u30A2\u5185\u306E\u5225\u540D\u306B\u3088\u3063\u3066\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"s", "s"},
-        {"m", "m"},
-        {"k", "k"},
-        {"i", "i"},
-        {".and.d.more.", "(\u4ED6\u306B\u3082%d\u500B)"},
-        {".s.signature.was.verified.",
-                "  s=\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F "},
-        {".m.entry.is.listed.in.manifest",
-                "  m=\u30A8\u30F3\u30C8\u30EA\u304C\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u5185\u306B\u30EA\u30B9\u30C8\u3055\u308C\u307E\u3059"},
-        {".k.at.least.one.certificate.was.found.in.keystore",
-                "  k=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30AD\u30FC\u30B9\u30C8\u30A2\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {".i.at.least.one.certificate.was.found.in.identity.scope",
-                "  i=1\u3064\u4EE5\u4E0A\u306E\u8A3C\u660E\u66F8\u304C\u30A2\u30A4\u30C7\u30F3\u30C6\u30A3\u30C6\u30A3\u30FB\u30B9\u30B3\u30FC\u30D7\u3067\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {".X.not.signed.by.specified.alias.es.",
-                "  X =\u6307\u5B9A\u3057\u305F\u5225\u540D\u3067\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093"},
-        {"no.manifest.", "\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002"},
-        {".Signature.related.entries.","(\u30B7\u30B0\u30CD\u30C1\u30E3\u95A2\u9023\u30A8\u30F3\u30C8\u30EA)"},
-        {".Unsigned.entries.", "(\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA)"},
-        {"jar.is.unsigned.signatures.missing.or.not.parsable.",
-                "jar\u306F\u7F72\u540D\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002(\u30B7\u30B0\u30CD\u30C1\u30E3\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u304B\u3001\u69CB\u6587\u89E3\u6790\u3067\u304D\u307E\u305B\u3093)"},
-        {"jar.verified.", "jar\u304C\u691C\u8A3C\u3055\u308C\u307E\u3057\u305F\u3002"},
-        {"jarsigner.", "jarsigner: "},
-        {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
-                "\u30B7\u30B0\u30CD\u30C1\u30E3\u306E\u30D5\u30A1\u30A4\u30EB\u540D\u306B\u4F7F\u7528\u3067\u304D\u308B\u6587\u5B57\u306F\u3001A-Z\u30010-9\u3001_\u3001- \u306E\u307F\u3067\u3059\u3002"},
-        {"unable.to.open.jar.file.", "\u6B21\u306Ejar\u30D5\u30A1\u30A4\u30EB\u3092\u958B\u304F\u3053\u3068\u304C\u3067\u304D\u307E\u305B\u3093: "},
-        {"unable.to.create.", "\u4F5C\u6210\u3067\u304D\u307E\u305B\u3093: "},
-        {".adding.", "   \u8FFD\u52A0\u4E2D: "},
-        {".updating.", " \u66F4\u65B0\u4E2D: "},
-        {".signing.", "  \u7F72\u540D\u4E2D: "},
-        {"attempt.to.rename.signedJarFile.to.jarFile.failed",
-                "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"},
-        {"attempt.to.rename.jarFile.to.origJar.failed",
-                "{0}\u306E\u540D\u524D\u3092{1}\u306B\u5909\u66F4\u3057\u3088\u3046\u3068\u3057\u307E\u3057\u305F\u304C\u5931\u6557\u3057\u307E\u3057\u305F"},
-        {"unable.to.sign.jar.", "jar\u306B\u7F72\u540D\u3067\u304D\u307E\u305B\u3093: "},
-        {"Enter.Passphrase.for.keystore.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "},
-        {"keystore.load.", "\u30AD\u30FC\u30B9\u30C8\u30A2\u306E\u30ED\u30FC\u30C9: "},
-        {"certificate.exception.", "\u8A3C\u660E\u66F8\u4F8B\u5916: "},
-        {"unable.to.instantiate.keystore.class.",
-                "\u30AD\u30FC\u30B9\u30C8\u30A2\u30FB\u30AF\u30E9\u30B9\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u3092\u751F\u6210\u3067\u304D\u307E\u305B\u3093: "},
-        {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
-                "\u6B21\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: {0}\u3002{1}\u306F\u3001\u79D8\u5BC6\u9375\u304A\u3088\u3073\u5BFE\u5FDC\u3059\u308B\u516C\u958B\u9375\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u542B\u3080\u6709\u52B9\u306AKeyStore\u9375\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
-        {"File.specified.by.certchain.does.not.exist",
-                "-certchain\u3067\u6307\u5B9A\u3055\u308C\u3066\u3044\u308B\u30D5\u30A1\u30A4\u30EB\u306F\u5B58\u5728\u3057\u307E\u305B\u3093"},
-        {"Cannot.restore.certchain.from.file.specified",
-                "\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"},
-        {"Certificate.chain.not.found.in.the.file.specified.",
-                "\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u306F\u6307\u5B9A\u3055\u308C\u305F\u30D5\u30A1\u30A4\u30EB\u306B\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3002"},
-        {"found.non.X.509.certificate.in.signer.s.chain",
-                "\u7F72\u540D\u8005\u306E\u9023\u9396\u5185\u3067\u975EX.509\u8A3C\u660E\u66F8\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F"},
-        {"incomplete.certificate.chain", "\u4E0D\u5B8C\u5168\u306A\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3"},
-        {"Enter.key.password.for.alias.", "{0}\u306E\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044: "},
-        {"unable.to.recover.key.from.keystore",
-                "\u30AD\u30FC\u30B9\u30C8\u30A2\u304B\u3089\u9375\u3092\u5FA9\u5143\u3067\u304D\u307E\u305B\u3093"},
-        {"key.associated.with.alias.not.a.private.key",
-                "{0}\u3068\u95A2\u9023\u4ED8\u3051\u3089\u308C\u305F\u9375\u306F\u3001\u79D8\u5BC6\u9375\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"you.must.enter.key.password", "\u9375\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u5165\u529B\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059"},
-        {"unable.to.read.password.", "\u30D1\u30B9\u30EF\u30FC\u30C9\u3092\u8AAD\u307F\u8FBC\u3081\u307E\u305B\u3093: "},
-        {"certificate.is.valid.from", "\u8A3C\u660E\u66F8\u306F{0}\u304B\u3089{1}\u307E\u3067\u6709\u52B9\u3067\u3059"},
-        {"certificate.expired.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3057\u305F"},
-        {"certificate.is.not.valid.until",
-                "\u8A3C\u660E\u66F8\u306F{0}\u307E\u3067\u6709\u52B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093"},
-        {"certificate.will.expire.on", "\u8A3C\u660E\u66F8\u306F{0}\u306B\u5931\u52B9\u3057\u307E\u3059"},
-        {".CertPath.not.validated.", "[CertPath\u304C\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093: "},
-        {"requesting.a.signature.timestamp",
-                "\u30B7\u30B0\u30CD\u30C1\u30E3\u30FB\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u306E\u30EA\u30AF\u30A8\u30B9\u30C8"},
-        {"TSA.location.", "TSA\u306E\u5834\u6240: "},
-        {"TSA.certificate.", "TSA\u8A3C\u660E\u66F8: "},
-        {"no.response.from.the.Timestamping.Authority.",
-                "\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u304B\u3089\u306E\u30EC\u30B9\u30DD\u30F3\u30B9\u304C\u3042\u308A\u307E\u305B\u3093\u3002\u30D5\u30A1\u30A4\u30A2\u30A6\u30A9\u30FC\u30EB\u3092\u4ECB\u3057\u3066\u63A5\u7D9A\u3059\u308B\u3068\u304D\u306F\u3001\u5FC5\u8981\u306B\u5FDC\u3058\u3066HTTP\u307E\u305F\u306FHTTPS\u30D7\u30ED\u30AD\u30B7\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002jarsigner\u306B\u6B21\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044:"},
-        {"or", "\u307E\u305F\u306F"},
-        {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
-                "\u8A3C\u660E\u66F8\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F: {0}\u3002{1}\u306F\u30BF\u30A4\u30E0\u30B9\u30BF\u30F3\u30D7\u5C40\u306EX.509\u516C\u958B\u9375\u8A3C\u660E\u66F8\u304C\u542B\u307E\u308C\u3066\u3044\u308B\u6709\u52B9\u306AKeyStore\u30A8\u30F3\u30C8\u30EA\u3092\u53C2\u7167\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002"},
-        {"using.an.alternative.signing.mechanism",
-                "\u4EE3\u66FF\u7F72\u540D\u30E1\u30AB\u30CB\u30BA\u30E0\u306E\u4F7F\u7528"},
-        {"entry.was.signed.on", "\u30A8\u30F3\u30C8\u30EA\u306F{0}\u306B\u7F72\u540D\u3055\u308C\u307E\u3057\u305F"},
-        {"Warning.", "\u8B66\u544A: "},
-        {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u6574\u5408\u6027\u30C1\u30A7\u30C3\u30AF\u3092\u3057\u3066\u3044\u306A\u3044\u672A\u7F72\u540D\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u671F\u9650\u5207\u308C\u306E\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u3068\u306A\u308B\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
-                "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u304C\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002 "},
-        {"Re.run.with.the.verbose.option.for.more.details.",
-                "\u8A73\u7D30\u306F\u3001-verbose\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
-        {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
-                "\u8A73\u7D30\u306F\u3001-verbose\u304A\u3088\u3073-certs\u30AA\u30D7\u30B7\u30E7\u30F3\u3092\u4F7F\u7528\u3057\u3066\u518D\u5B9F\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002"},
-        {"The.signer.certificate.has.expired.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u671F\u9650\u5207\u308C\u3067\u3059\u3002"},
-        {"The.signer.certificate.will.expire.within.six.months.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F6\u304B\u6708\u4EE5\u5185\u306B\u671F\u9650\u5207\u308C\u306B\u306A\u308A\u307E\u3059\u3002"},
-        {"The.signer.certificate.is.not.yet.valid.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u306F\u307E\u3060\u6709\u52B9\u306B\u306A\u3063\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u3067\u306F\u3001\u30B3\u30FC\u30C9\u7F72\u540D\u306F\u8A31\u53EF\u3055\u308C\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306EExtendedKeyUsage\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u7F72\u540D\u8005\u8A3C\u660E\u66F8\u306ENetscapeCertType\u62E1\u5F35\u6A5F\u80FD\u304C\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u8A31\u53EF\u3057\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {".{0}.extension.does.not.support.code.signing.",
-                 "[{0}\u62E1\u5F35\u6A5F\u80FD\u306F\u30B3\u30FC\u30C9\u7F72\u540D\u3092\u30B5\u30DD\u30FC\u30C8\u3057\u3066\u3044\u307E\u305B\u3093]"},
-        {"The.signer.s.certificate.chain.is.not.validated.",
-                "\u7F72\u540D\u8005\u306E\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002"},
-        {"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
-                 "\u3053\u306Ejar\u306B\u306F\u3001\u8A3C\u660E\u66F8\u30C1\u30A7\u30FC\u30F3\u304C\u307E\u3060\u691C\u8A3C\u3055\u308C\u3066\u3044\u306A\u3044\u30A8\u30F3\u30C8\u30EA\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u3059\u3002"},
-        {"Unknown.password.type.", "\u4E0D\u660E\u306A\u30D1\u30B9\u30EF\u30FC\u30C9\u30FB\u30BF\u30A4\u30D7: "},
-        {"Cannot.find.environment.variable.",
-                "\u74B0\u5883\u5909\u6570\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
-        {"Cannot.find.file.", "\u30D5\u30A1\u30A4\u30EB\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093: "},
-    };
-
-    /**
-     * Returns the contents of this <code>ResourceBundle</code>.
-     *
-     * <p>
-     *
-     * @return the contents of this <code>ResourceBundle</code>.
-     */
-    @Override
-    public Object[][] getContents() {
-        return contents;
-    }
-}
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/Resources_zh_CN.java	Fri Mar 13 12:44:28 2015 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.tools.jarsigner;
-
-/**
- * <p> This class represents the <code>ResourceBundle</code>
- * for JarSigner.
- *
- */
-public class Resources_zh_CN extends java.util.ListResourceBundle {
-
-    private static final Object[][] contents = {
-
-        // shared (from jarsigner)
-        {"SPACE", " "},
-        {"2SPACE", "  "},
-        {"6SPACE", "      "},
-        {"COMMA", ", "},
-
-        {"provName.not.a.provider", "{0}\u4E0D\u662F\u63D0\u4F9B\u65B9"},
-        {"signerClass.is.not.a.signing.mechanism", "{0}\u4E0D\u662F\u7B7E\u540D\u673A\u5236"},
-        {"jarsigner.error.", "jarsigner \u9519\u8BEF: "},
-        {"Illegal.option.", "\u975E\u6CD5\u9009\u9879: "},
-        {".keystore.must.be.NONE.if.storetype.is.{0}",
-                "\u5982\u679C -storetype \u4E3A {0}, \u5219 -keystore \u5FC5\u987B\u4E3A NONE"},
-        {".keypass.can.not.be.specified.if.storetype.is.{0}",
-                "\u5982\u679C -storetype \u4E3A {0}, \u5219\u4E0D\u80FD\u6307\u5B9A -keypass"},
-        {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
-                "\u5982\u679C\u6307\u5B9A\u4E86 -protected, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"},
-        {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
-                 "\u5982\u679C\u5BC6\u94A5\u5E93\u672A\u53D7\u53E3\u4EE4\u4FDD\u62A4, \u5219\u4E0D\u80FD\u6307\u5B9A -storepass \u548C -keypass"},
-        {"Usage.jarsigner.options.jar.file.alias",
-                "\u7528\u6CD5: jarsigner [\u9009\u9879] jar-file \u522B\u540D"},
-