changeset 20906:974d0f4d03e2

Merge
author chegar
date Mon, 22 Jul 2013 13:59:51 +0100
parents 7fc2eef82244 3d34036aae4e
children e6b679e732d5
files jdk/src/share/classes/com/sun/org/apache/xml/internal/security/resource/log4j.properties jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/implementations/FuncHereContext.java jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/CachedXPathAPIHolder.java jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/CachedXPathFuncHereAPI.java jdk/src/share/classes/com/sun/org/apache/xml/internal/security/utils/XPathFuncHereAPI.java jdk/src/share/classes/java/util/stream/StreamBuilder.java jdk/src/share/classes/javax/security/auth/callback/package.html jdk/src/share/classes/javax/security/auth/kerberos/package.html jdk/src/share/classes/javax/security/auth/login/package.html jdk/src/share/classes/javax/security/auth/package.html jdk/src/share/classes/javax/security/auth/spi/package.html jdk/src/share/classes/javax/security/auth/x500/package.html jdk/src/share/classes/javax/security/cert/package.html jdk/src/share/classes/javax/security/sasl/package.html jdk/test/java/util/Collections/EmptySortedSet.java langtools/test/tools/javac/generics/6723444/T6723444.out langtools/test/tools/javac/generics/7015430/T7015430.out nashorn/src/jdk/nashorn/internal/ir/ExecuteNode.java nashorn/test/script/currently-failing/JDK-8006529.js
diffstat 1012 files changed, 73160 insertions(+), 39133 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 ea73f01b9053e7165e7ba80f242bafecbc6af712 jdk8-b96
 0a85476a0b9cb876d5666d45097dac68bef3fce1 jdk8-b97
 711eb4aa87de68de78250e0549980936bab53d54 jdk8-b98
+2d3875b0d18b3ad1c2bebf385a697e309e4005a4 jdk8-b99
--- a/.hgtags-top-repo	Mon Jul 15 11:04:53 2013 +0100
+++ b/.hgtags-top-repo	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 c156084add486f941c12d886a0b1b2854795d557 jdk8-b96
 a1c1e8bf71f354f3aec0214cf13d6668811e021d jdk8-b97
 0d0c983a817bbe8518a5ff201306334a8de267f2 jdk8-b98
+59dc9da813794c924a0383c2a6241af94defdfed jdk8-b99
--- a/corba/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/corba/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 3357c2776431d51a8de326a85e0f41420e40774f jdk8-b96
 469995a8e97424f450c880606d689bf345277b19 jdk8-b97
 3370fb6146e47a6cc05a213fc213e12fc0a38d07 jdk8-b98
+3f67804ab61303782df57e54989ef5e0e4629beb jdk8-b99
--- a/hotspot/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -359,3 +359,5 @@
 c9dd82da51ed34a28f7c6b3245163ee962e94572 hs25-b40
 30b5b75c42ac5174b640fbef8aa87527668e8400 jdk8-b98
 2b9946e10587f74ef75ae8145bea484df4a2738b hs25-b41
+81b6cb70717c66375846b78bb174594ec3aa998e jdk8-b99
+9f71e36a471ae4a668e08827d33035963ed10c08 hs25-b42
--- a/hotspot/make/hotspot_version	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/make/hotspot_version	Mon Jul 22 13:59:51 2013 +0100
@@ -35,7 +35,7 @@
 
 HS_MAJOR_VER=25
 HS_MINOR_VER=0
-HS_BUILD_NUMBER=41
+HS_BUILD_NUMBER=42
 
 JDK_MAJOR_VER=1
 JDK_MINOR_VER=8
--- a/hotspot/make/linux/makefiles/vm.make	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/make/linux/makefiles/vm.make	Mon Jul 22 13:59:51 2013 +0100
@@ -46,6 +46,7 @@
   include $(MAKEFILES_DIR)/zeroshark.make
 else
   include $(MAKEFILES_DIR)/$(BUILDARCH).make
+  -include $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make
 endif
 
 # set VPATH so make knows where to look for source files
@@ -380,4 +381,4 @@
 
 install: install_jvm install_jsig install_saproc
 
-.PHONY: default build install install_jvm
+.PHONY: default build install install_jvm $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make
--- a/hotspot/src/cpu/sparc/vm/stubGenerator_sparc.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/cpu/sparc/vm/stubGenerator_sparc.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -410,6 +410,51 @@
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   o0 = adr
+    //   o1 = errValue
+    //
+    // result:
+    //   o0  = *adr or errValue
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    __ align(CodeEntryAlignment);
+    *entry = __ pc();
+
+    __ mov(O0, G1);  // g1 = o0
+    __ mov(O1, O0);  // o0 = o1
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ ldsw(G1, 0, O0);  // o0 = [g1]
+        break;
+      case 8:
+        // int64_t
+        __ ldx(G1, 0, O0);   // o0 = [g1]
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    // By convention with the trap handler we ensure there is a non-CTI
+    // instruction in the trap shadow.
+    __ nop();
+    __ retl();
+    __ delayed()->nop();
+  }
 
   //------------------------------------------------------------------------------------------------------------------------
   // Continuation point for throwing of implicit exceptions that are not handled in
@@ -3315,6 +3360,14 @@
 
     // Don't initialize the platform math functions since sparc
     // doesn't have intrinsics for these operations.
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
 
--- a/hotspot/src/cpu/x86/vm/stubGenerator_x86_32.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/cpu/x86/vm/stubGenerator_x86_32.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -2766,6 +2766,39 @@
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    __ movl(rax, Address(rsp, 0x8));
+    __ movl(rcx, Address(rsp, 0x4));
+    // Load *adr into eax, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(rax, Address(rcx, 0));
+        break;
+      case 8:
+        // int64_t
+        Unimplemented();
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // Return errValue or *adr.
+    *continuation_pc = __ pc();
+    __ ret(0);
+  }
 
  public:
   // Information about frame layout at time of blocking runtime call.
@@ -2978,6 +3011,14 @@
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int), &StubRoutines::_safefetch32_entry,
+                                                   &StubRoutines::_safefetch32_fault_pc,
+                                                   &StubRoutines::_safefetch32_continuation_pc);
+    StubRoutines::_safefetchN_entry           = StubRoutines::_safefetch32_entry;
+    StubRoutines::_safefetchN_fault_pc        = StubRoutines::_safefetch32_fault_pc;
+    StubRoutines::_safefetchN_continuation_pc = StubRoutines::_safefetch32_continuation_pc;
   }
 
 
--- a/hotspot/src/cpu/x86/vm/stubGenerator_x86_64.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/cpu/x86/vm/stubGenerator_x86_64.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -3357,7 +3357,45 @@
     return start;
   }
 
-
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   c_rarg0 = adr
+    //   c_rarg1 = errValue
+    //
+    // result:
+    //   PPC_RET  = *adr or errValue
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(c_rarg1, Address(c_rarg0, 0));
+        break;
+      case 8:
+        // int64_t
+        __ movq(c_rarg1, Address(c_rarg0, 0));
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    __ movq(rax, c_rarg1);
+    __ ret(0);
+  }
 
   // This is a version of CBC/AES Decrypt which does 4 blocks in a loop at a time
   // to hide instruction latency
@@ -3833,6 +3871,14 @@
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt_Parallel();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
  public:
--- a/hotspot/src/os/windows/vm/os_windows.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os/windows/vm/os_windows.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -2323,6 +2323,11 @@
 #endif
   Thread* t = ThreadLocalStorage::get_thread_slow();          // slow & steady
 
+  // Handle SafeFetch32 and SafeFetchN exceptions.
+  if (StubRoutines::is_safefetch_fault(pc)) {
+    return Handle_Exception(exceptionInfo, StubRoutines::continuation_for_safefetch_fault(pc));
+  }
+
 #ifndef _WIN64
   // Execution protection violation - win32 running on AMD64 only
   // Handled first to avoid misdiagnosis as a "normal" access violation;
--- a/hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_32.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_32.s	Mon Jul 22 13:59:51 2013 +0100
@@ -63,24 +63,6 @@
         popl     %eax
         ret
 
-        .globl  SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .globl  SYMBOL(SafeFetchN)
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-        ELF_TYPE(SafeFetch32,@function)
-        .p2align 4,,15
-SYMBOL(SafeFetch32):
-SYMBOL(SafeFetchN):
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-SYMBOL(Fetch32PFI):
-         movl    (%ecx), %eax
-SYMBOL(Fetch32Resume):
-         ret
-
-
         .globl  SYMBOL(SpinPause)
         ELF_TYPE(SpinPause,@function)
         .p2align 4,,15
--- a/hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_64.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_64.s	Mon Jul 22 13:59:51 2013 +0100
@@ -46,28 +46,6 @@
 
 	.text
 
-        .globl SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetch32,@function)
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SYMBOL(SafeFetch32):
-        movl    %esi, %eax
-SYMBOL(Fetch32PFI):
-        movl    (%rdi), %eax
-SYMBOL(Fetch32Resume):
-        ret
-
-        .globl SYMBOL(SafeFetchN), SYMBOL(FetchNPFI), SYMBOL(FetchNResume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetchN,@function)
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SYMBOL(SafeFetchN):
-        movq    %rsi, %rax
-SYMBOL(FetchNPFI):
-        movq    (%rdi), %rax
-SYMBOL(FetchNResume):
-        ret
-
         .globl SYMBOL(SpinPause)
         .p2align 4,,15
         ELF_TYPE(SpinPause,@function)
--- a/hotspot/src/os_cpu/bsd_x86/vm/os_bsd_x86.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/bsd_x86/vm/os_bsd_x86.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -385,13 +385,6 @@
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_bsd_signal(int sig,
                         siginfo_t* info,
@@ -454,16 +447,10 @@
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Bsd::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
-       uc->context_pc = intptr_t(Fetch32Resume) ;
-       return 1 ;
+    if (StubRoutines::is_safefetch_fault(pc)) {
+      uc->context_pc = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
+      return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->context_pc = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV || sig == SIGBUS) {
--- a/hotspot/src/os_cpu/linux_sparc/vm/linux_sparc.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/linux_sparc/vm/linux_sparc.s	Mon Jul 22 13:59:51 2013 +0100
@@ -21,42 +21,6 @@
 # questions.
 #
 
-    # Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    # The "ld" at Fetch32 is potentially faulting instruction.
-    # If the instruction traps the trap handler will arrange
-    # for control to resume at Fetch32Resume.  
-    # By convention with the trap handler we ensure there is a non-CTI
-    # instruction in the trap shadow.  
-        
-
-    .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-    .globl  SafeFetchN
-    .align  32
-    .type    SafeFetch32,@function
-SafeFetch32:        
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    # <-- Potentially faulting instruction
-    ld      [%g1], %o0         
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN, FetchNPFI, FetchNResume
-    .type    SafeFetchN,@function
-    .align  32
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     # Possibilities:
     # -- membar
     # -- CAS (SP + BIAS, G0, G0)
--- a/hotspot/src/os_cpu/linux_sparc/vm/os_linux_sparc.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/linux_sparc/vm/os_linux_sparc.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -366,18 +366,9 @@
 
 // Utility functions
 
-extern "C" void Fetch32PFI();
-extern "C" void Fetch32Resume();
-extern "C" void FetchNPFI();
-extern "C" void FetchNResume();
-
 inline static bool checkPrefetch(sigcontext* uc, address pc) {
-  if (pc == (address) Fetch32PFI) {
-    set_cont_address(uc, address(Fetch32Resume));
-    return true;
-  }
-  if (pc == (address) FetchNPFI) {
-    set_cont_address(uc, address(FetchNResume));
+  if (StubRoutines::is_safefetch_fault(pc)) {
+    set_cont_address(uc, address(StubRoutines::continuation_for_safefetch_fault(pc)));
     return true;
   }
   return false;
--- a/hotspot/src/os_cpu/linux_x86/vm/linux_x86_32.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/linux_x86/vm/linux_x86_32.s	Mon Jul 22 13:59:51 2013 +0100
@@ -42,24 +42,6 @@
 
 	.text
 
-        .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-        .globl  SafeFetchN
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-	.type    SafeFetch32,@function
-        .p2align 4,,15
-SafeFetch32:
-SafeFetchN:
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-Fetch32PFI:
-         movl    (%ecx), %eax
-Fetch32Resume:
-         ret
-
-
         .globl  SpinPause
 	.type   SpinPause,@function
         .p2align 4,,15
--- a/hotspot/src/os_cpu/linux_x86/vm/linux_x86_64.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/linux_x86/vm/linux_x86_64.s	Mon Jul 22 13:59:51 2013 +0100
@@ -38,28 +38,6 @@
 
 	.text
 
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        .type   SafeFetch32,@function
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
-        ret
-
-        .globl SafeFetchN, FetchNPFI, FetchNResume
-        .align  16
-        .type   SafeFetchN,@function
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
-        ret
-
         .globl SpinPause
         .align 16
         .type  SpinPause,@function
--- a/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -209,13 +209,6 @@
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_linux_signal(int sig,
                         siginfo_t* info,
@@ -278,16 +271,10 @@
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Linux::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
-       return 1 ;
+    if (StubRoutines::is_safefetch_fault(pc)) {
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
+      return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
 #ifndef AMD64
     // Halt if SI_KERNEL before more crashes get misdiagnosed as Java bugs
--- a/hotspot/src/os_cpu/solaris_sparc/vm/os_solaris_sparc.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/solaris_sparc/vm/os_solaris_sparc.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -303,11 +303,6 @@
 #endif
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -379,17 +374,10 @@
     npc = (address) uc->uc_mcontext.gregs[REG_nPC];
 
     // SafeFetch() support
-    // Implemented with either a fixed set of addresses such
-    // as Fetch32*, or with Thread._OnTrap.
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(Fetch32PFI)) {
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(Fetch32Resume) ;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(Fetch32Resume) + 4 ;
-      return true ;
-    }
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(FetchNPFI)) {
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(FetchNResume) ;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(FetchNResume) + 4 ;
-      return true ;
+    if (StubRoutines::is_safefetch_fault(pc)) {
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
+      uc->uc_mcontext.gregs[REG_nPC] = uc->uc_mcontext.gregs[REG_PC] + 4;
+      return 1;
     }
 
     // Handle ALL stack overflow variations here
--- a/hotspot/src/os_cpu/solaris_sparc/vm/solaris_sparc.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/solaris_sparc/vm/solaris_sparc.s	Mon Jul 22 13:59:51 2013 +0100
@@ -21,47 +21,6 @@
 !! questions.
 !!
 
-    !! Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    !! The "ld" at Fetch32 is potentially faulting instruction.
-    !! If the instruction traps the trap handler will arrange
-    !! for control to resume at Fetch32Resume.  
-    !! By convention with the trap handler we ensure there is a non-CTI
-    !! instruction in the trap shadow.  
-    !!
-    !! The reader might be tempted to move this service to .il.
-    !! Don't.  Sun's CC back-end reads and optimize code emitted 
-    !! by the .il "call", in some cases optimizing the code, completely eliding it,
-    !! or by moving the code from the "call site". 
-        
-     !! ASM better know we may use G6 for our own purposes
-    .register %g6, #ignore
-        
-    .globl  SafeFetch32
-    .align  32
-    .global Fetch32PFI, Fetch32Resume 
-SafeFetch32:
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    ld      [%g1], %o0          !! <-- Potentially faulting instruction
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN
-    .align  32
-    .globl  FetchNPFI, FetchNResume
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     !! Possibilities:
     !! -- membar
     !! -- CAS (SP + BIAS, G0, G0)
--- a/hotspot/src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -352,13 +352,6 @@
 
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -436,17 +429,10 @@
     // factor me: getPCfromContext
     pc = (address) uc->uc_mcontext.gregs[REG_PC];
 
-    // SafeFetch32() support
-    if (pc == (address) Fetch32PFI) {
-      uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
-      return true ;
+    if (StubRoutines::is_safefetch_fault(pc)) {
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
+      return true;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs [REG_PC] = intptr_t(FetchNResume) ;
-       return true ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV && info->si_code == SEGV_ACCERR) {
--- a/hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_32.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_32.s	Mon Jul 22 13:59:51 2013 +0100
@@ -54,20 +54,6 @@
 	popl     %eax
 	ret
 
-       .align  16
-       .globl  SafeFetch32
-       .globl  SafeFetchN
-       .globl  Fetch32PFI, Fetch32Resume
-SafeFetch32:
-SafeFetchN:
-        movl    0x8(%esp), %eax
-        movl    0x4(%esp), %ecx
-Fetch32PFI:
-        movl    (%ecx), %eax
-Fetch32Resume:
-        ret
-
-
         .align  16
         .globl  SpinPause
 SpinPause:
--- a/hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_64.s	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_64.s	Mon Jul 22 13:59:51 2013 +0100
@@ -21,54 +21,34 @@
 / questions.
 /
 
-	.globl fs_load
-	.globl fs_thread
+        .globl fs_load
+        .globl fs_thread
 
         // NOTE WELL!  The _Copy functions are called directly
-	// from server-compiler-generated code via CallLeafNoFP,
-	// which means that they *must* either not use floating
-	// point or use it in the same manner as does the server
-	// compiler.
+        // from server-compiler-generated code via CallLeafNoFP,
+        // which means that they *must* either not use floating
+        // point or use it in the same manner as does the server
+        // compiler.
 
         .globl _Copy_arrayof_conjoint_bytes
         .globl _Copy_conjoint_jshorts_atomic
-	.globl _Copy_arrayof_conjoint_jshorts
+        .globl _Copy_arrayof_conjoint_jshorts
         .globl _Copy_conjoint_jints_atomic
         .globl _Copy_arrayof_conjoint_jints
-	.globl _Copy_conjoint_jlongs_atomic
+        .globl _Copy_conjoint_jlongs_atomic
         .globl _Copy_arrayof_conjoint_jlongs
 
-	.section .text,"ax"
+        .section .text,"ax"
 
         / Fast thread accessors, used by threadLS_solaris_amd64.cpp
-	.align   16
+        .align   16
 fs_load:
-	movq %fs:(%rdi),%rax
-	ret
-
-	.align   16
-fs_thread:
-	movq %fs:0x0,%rax
-	ret
-
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
+        movq %fs:(%rdi),%rax
         ret
 
-        .globl SafeFetchN, FetchNPFI, FetchNResume
-        .align  16
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
+        .align   16
+fs_thread:
+        movq %fs:0x0,%rax
         ret
 
         .globl  SpinPause
@@ -78,7 +58,7 @@
         nop
         movq    $1, %rax
         ret
-        
+
 
         / Support for void Copy::arrayof_conjoint_bytes(void* from,
         /                                               void* to,
@@ -340,7 +320,7 @@
         addq     $4,%rdx
         jg       1b
         ret
-	
+
         / Support for void Copy::arrayof_conjoint_jlongs(jlong* from,
         /                                                jlong* to,
         /                                                size_t count)
--- a/hotspot/src/os_cpu/windows_x86/vm/os_windows_x86.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/os_cpu/windows_x86/vm/os_windows_x86.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -518,24 +518,6 @@
   st->cr();
 }
 
-extern "C" int SafeFetch32 (int * adr, int Err) {
-   int rv = Err ;
-   _try {
-       rv = *((volatile int *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t Err) {
-   intptr_t rv = Err ;
-   _try {
-       rv = *((volatile intptr_t *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
 extern "C" int SpinPause () {
 #ifdef AMD64
    return 0 ;
--- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -873,7 +873,7 @@
   size_t alloc_byte_size = alloc_word_size * HeapWordSize;
 
   if ((cur_used_bytes + alloc_byte_size) > marking_initiating_used_threshold) {
-    if (gcs_are_young()) {
+    if (gcs_are_young() && !_last_young_gc) {
       ergo_verbose5(ErgoConcCycles,
         "request concurrent cycle initiation",
         ergo_format_reason("occupancy higher than threshold")
@@ -931,7 +931,7 @@
   last_pause_included_initial_mark = during_initial_mark_pause();
   if (last_pause_included_initial_mark) {
     record_concurrent_mark_init_end(0.0);
-  } else if (!_last_young_gc && need_to_start_conc_mark("end of GC")) {
+  } else if (need_to_start_conc_mark("end of GC")) {
     // Note: this might have already been set, if during the last
     // pause we decided to start a cycle but at the beginning of
     // this pause we decided to postpone it. That's OK.
--- a/hotspot/src/share/vm/runtime/os.hpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/runtime/os.hpp	Mon Jul 22 13:59:51 2013 +0100
@@ -915,8 +915,6 @@
 // of the global SpinPause() with C linkage.
 // It'd also be eligible for inlining on many platforms.
 
-extern "C" int SpinPause () ;
-extern "C" int SafeFetch32 (int * adr, int errValue) ;
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t errValue) ;
+extern "C" int SpinPause();
 
 #endif // SHARE_VM_RUNTIME_OS_HPP
--- a/hotspot/src/share/vm/runtime/stubRoutines.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/runtime/stubRoutines.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -136,6 +136,13 @@
 double (* StubRoutines::_intrinsic_cos   )(double) = NULL;
 double (* StubRoutines::_intrinsic_tan   )(double) = NULL;
 
+address StubRoutines::_safefetch32_entry                 = NULL;
+address StubRoutines::_safefetch32_fault_pc              = NULL;
+address StubRoutines::_safefetch32_continuation_pc       = NULL;
+address StubRoutines::_safefetchN_entry                  = NULL;
+address StubRoutines::_safefetchN_fault_pc               = NULL;
+address StubRoutines::_safefetchN_continuation_pc        = NULL;
+
 // Initialization
 //
 // Note: to break cycle with universe initialization, stubs are generated in two phases.
--- a/hotspot/src/share/vm/runtime/stubRoutines.hpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/runtime/stubRoutines.hpp	Mon Jul 22 13:59:51 2013 +0100
@@ -221,6 +221,14 @@
   static double (*_intrinsic_cos)(double);
   static double (*_intrinsic_tan)(double);
 
+  // Safefetch stubs.
+  static address _safefetch32_entry;
+  static address _safefetch32_fault_pc;
+  static address _safefetch32_continuation_pc;
+  static address _safefetchN_entry;
+  static address _safefetchN_fault_pc;
+  static address _safefetchN_continuation_pc;
+
  public:
   // Initialization/Testing
   static void    initialize1();                            // must happen before universe::genesis
@@ -382,6 +390,34 @@
   }
 
   //
+  // Safefetch stub support
+  //
+
+  typedef int      (*SafeFetch32Stub)(int*      adr, int      errValue);
+  typedef intptr_t (*SafeFetchNStub) (intptr_t* adr, intptr_t errValue);
+
+  static SafeFetch32Stub SafeFetch32_stub() { return CAST_TO_FN_PTR(SafeFetch32Stub, _safefetch32_entry); }
+  static SafeFetchNStub  SafeFetchN_stub()  { return CAST_TO_FN_PTR(SafeFetchNStub,  _safefetchN_entry); }
+
+  static bool is_safefetch_fault(address pc) {
+    return pc != NULL &&
+          (pc == _safefetch32_fault_pc ||
+           pc == _safefetchN_fault_pc);
+  }
+
+  static address continuation_for_safefetch_fault(address pc) {
+    assert(_safefetch32_continuation_pc != NULL &&
+           _safefetchN_continuation_pc  != NULL,
+           "not initialized");
+
+    if (pc == _safefetch32_fault_pc) return _safefetch32_continuation_pc;
+    if (pc == _safefetchN_fault_pc)  return _safefetchN_continuation_pc;
+
+    ShouldNotReachHere();
+    return NULL;
+  }
+
+  //
   // Default versions of the above arraycopy functions for platforms which do
   // not have specialized versions
   //
@@ -400,4 +436,15 @@
   static void arrayof_oop_copy_uninit(HeapWord* src, HeapWord* dest, size_t count);
 };
 
+// Safefetch allows to load a value from a location that's not known
+// to be valid. If the load causes a fault, the error value is returned.
+inline int SafeFetch32(int* adr, int errValue) {
+  assert(StubRoutines::SafeFetch32_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetch32_stub()(adr, errValue);
+}
+inline intptr_t SafeFetchN(intptr_t* adr, intptr_t errValue) {
+  assert(StubRoutines::SafeFetchN_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetchN_stub()(adr, errValue);
+}
+
 #endif // SHARE_VM_RUNTIME_STUBROUTINES_HPP
--- a/hotspot/src/share/vm/services/memTracker.cpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/services/memTracker.cpp	Mon Jul 22 13:59:51 2013 +0100
@@ -81,13 +81,13 @@
   } else if (strcmp(option_line, "=detail") == 0) {
     // detail relies on a stack-walking ability that may not
     // be available depending on platform and/or compiler flags
-    if (PLATFORM_NMT_DETAIL_SUPPORTED) {
+#if PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
       _tracking_level = NMT_detail;
-    } else {
+#else
       jio_fprintf(defaultStream::error_stream(),
-        "NMT detail is not supported on this platform.  Using NMT summary instead.");
+        "NMT detail is not supported on this platform.  Using NMT summary instead.\n");
       _tracking_level = NMT_summary;
-    }
+#endif
   } else if (strcmp(option_line, "=off") != 0) {
     vm_exit_during_initialization("Syntax error, expecting -XX:NativeMemoryTracking=[off|summary|detail]", NULL);
   }
--- a/hotspot/src/share/vm/utilities/globalDefinitions.hpp	Mon Jul 15 11:04:53 2013 +0100
+++ b/hotspot/src/share/vm/utilities/globalDefinitions.hpp	Mon Jul 22 13:59:51 2013 +0100
@@ -381,12 +381,12 @@
 #endif
 
 /*
- * If a platform does not support NMT_detail
+ * If a platform does not support native stack walking
  * the platform specific globalDefinitions (above)
- * can set PLATFORM_NMT_DETAIL_SUPPORTED to false
+ * can set PLATFORM_NATIVE_STACK_WALKING_SUPPORTED to 0
  */
-#ifndef PLATFORM_NMT_DETAIL_SUPPORTED
-#define PLATFORM_NMT_DETAIL_SUPPORTED true
+#ifndef PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
+#define PLATFORM_NATIVE_STACK_WALKING_SUPPORTED 1
 #endif
 
 // The byte alignment to be used by Arena::Amalloc.  See bugid 4169348.
--- a/jaxp/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 6121efd299235b057f3de94b0a4158c388c2907c jdk8-b96
 6c830db28d21108f32af990ecf4d80a75887980d jdk8-b97
 15e5bb51bc0cd89304dc2f7f29b4c8002e632353 jdk8-b98
+adf49c3ef83c160d53ece623049b2cdccaf78fc7 jdk8-b99
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Mon Jul 22 13:59:51 2013 +0100
@@ -73,13 +73,39 @@
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is false by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 } // class Constants
--- a/jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java	Mon Jul 22 13:59:51 2013 +0100
@@ -229,7 +229,8 @@
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -262,6 +263,9 @@
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -273,18 +277,16 @@
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+    public static String getJAXPSystemProperty(String sysPropertyId) {
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xalan.internal.utils;
+
+
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                XalanConstants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -27,6 +27,9 @@
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC;
@@ -215,11 +218,13 @@
      * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
      */
     private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
      /**
      * protocols allowed for external DTD references in source file and/or stylesheet.
      */
     private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
 
+    private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
 
     /**
      * javax.xml.transform.sax.TransformerFactory implementation.
@@ -235,15 +240,16 @@
     private TransformerFactoryImpl(boolean useServicesMechanism) {
         this._useServicesMechanism = useServicesMechanism;
 
-        String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
         if (System.getSecurityManager() != null) {
             _isSecureMode = true;
             _isNotSecureProcessing = false;
         }
-        _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
-                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
-        _accessExternalDTD =  SecuritySupport.getDefaultAccessProperty(
-                XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
+
+        _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                Property.ACCESS_EXTERNAL_DTD);
+        _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                Property.ACCESS_EXTERNAL_STYLESHEET);
     }
 
     /**
@@ -306,11 +312,10 @@
             else
               return Boolean.FALSE;
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
-            return _accessExternalStylesheet;
-        }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
-            return _accessExternalDTD;
+
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
+        if (index > -1) {
+            return _xmlSecurityPropertyMgr.getValueByIndex(index);
         }
 
         // Throw an exception for all other attributes
@@ -413,12 +418,15 @@
                 return;
             }
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
-            _accessExternalStylesheet = (String)value;
-            return;
-        }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
-            _accessExternalDTD = (String)value;
+
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
+        if (index > -1) {
+            _xmlSecurityPropertyMgr.setValue(index,
+                    State.APIPROPERTY, (String)value);
+            _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_DTD);
+            _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_STYLESHEET);
             return;
         }
 
@@ -466,11 +474,18 @@
             }
             _isNotSecureProcessing = !value;
 
-            // set restriction, allowing no access to external stylesheet
-            if (value) {
-                _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
-                _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+            // set external access restriction when FSP is explicitly set
+            if (value && XalanConstants.IS_JDK8_OR_ABOVE) {
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_STYLESHEET,
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_DTD);
+                _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_STYLESHEET);
             }
+
             return;
         }
         else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -33,7 +33,7 @@
 import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -156,13 +156,9 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
-    protected static final String ACCESS_EXTERNAL_DTD =
-        XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA =
-        XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     //
     // Data
@@ -283,8 +279,7 @@
             JAXP_SCHEMA_LANGUAGE,
             DTD_VALIDATOR_FACTORY_PROPERTY,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
-            ACCESS_EXTERNAL_SCHEMA
+            XML_SECURITY_PROPERTY_MANAGER
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -318,14 +313,8 @@
         fValidationManager = createValidationManager();
         setProperty(VALIDATION_MANAGER, fValidationManager);
 
-        //For DOM, the secure feature is set to true by default
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+        setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
+                new XMLSecurityPropertyManager());
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Mon Jul 22 13:59:51 2013 +0100
@@ -184,6 +184,9 @@
     public static final String ORACLE_JAXP_PROPERTY_PREFIX =
         "http://www.oracle.com/xml/jaxp/properties/";
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
     //System Properties corresponding to ACCESS_EXTERNAL_* properties
     public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
     public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
@@ -194,16 +197,17 @@
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
 
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is true by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
     //
     // DOM features
     //
@@ -697,6 +701,27 @@
         ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
     } // getXercesProperties():Enumeration
 
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 
     //
     // Classes
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -25,10 +25,9 @@
 
 package com.sun.org.apache.xerces.internal.impl;
 
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
-import javax.xml.XMLConstants;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLResolver;
@@ -51,15 +50,14 @@
 
     private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
 
-
-    /** Property identifier: access to external dtd */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     HashMap supportedProps = new HashMap();
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     public static final int CONTEXT_READER = 1;
     public static final int CONTEXT_WRITER = 2;
 
@@ -84,6 +82,7 @@
 
         HashMap properties = propertyManager.getProperties();
         supportedProps.putAll(properties);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)getProperty(XML_SECURITY_PROPERTY_MANAGER);
     }
 
     private HashMap getProperties(){
@@ -125,14 +124,8 @@
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
 
-        //For DOM/SAX, the secure feature is set to true by default
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
     }
 
     private void initWriterProps(){
@@ -148,7 +141,8 @@
      * }
      */
     public boolean containsProperty(String property){
-        return supportedProps.containsKey(property) ;
+        return supportedProps.containsKey(property) ||
+                (fSecurityPropertyMgr!=null && fSecurityPropertyMgr.getIndex(property) > -1) ;
     }
 
     public Object getProperty(String property){
@@ -174,7 +168,15 @@
             //add internal stax property
             supportedProps.put( Constants.XERCES_PROPERTY_PREFIX + Constants.STAX_ENTITY_RESOLVER_PROPERTY , new StaxEntityResolverWrapper((XMLResolver)value)) ;
         }
-        supportedProps.put(property, value ) ;
+
+        int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(property) : -1;
+        if (index > -1) {
+            fSecurityPropertyMgr.setValue(index,
+                    XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+        } else {
+            supportedProps.put(property, value);
+        }
+
         if(equivalentProperty != null){
             supportedProps.put(equivalentProperty, value ) ;
         }
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -53,6 +53,7 @@
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.xml.internal.stream.Entity;
 import javax.xml.XMLConstants;
@@ -166,8 +167,9 @@
     protected static final String STANDARD_URI_CONFORMANT =
             Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
 
-    /** property identifier: access external dtd. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol
      *  For DOM/SAX, the secure feature is set to true by default
@@ -199,7 +201,7 @@
         SYMBOL_TABLE,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -610,7 +612,10 @@
         dtdGrammarUtil = null;
 
         // JAXP 1.5 features and properties
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
         fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
 
         //fEntityManager.test();
@@ -662,9 +667,10 @@
 
         dtdGrammarUtil = null;
 
-        // Oracle jdk feature
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
-
+         // JAXP 1.5 features and properties
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
     } // reset(XMLComponentManager)
 
     /**
@@ -762,11 +768,10 @@
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
-            {
-                fAccessExternalDTD = (String)value;
-            }
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
+        {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
         }
 
     } // setProperty(String,Object)
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -31,6 +31,7 @@
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
@@ -166,8 +167,9 @@
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol */
     static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
@@ -203,7 +205,7 @@
                 VALIDATION_MANAGER,
                 BUFFER_SIZE,
                 SECURITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -214,7 +216,7 @@
                 null,
                 new Integer(DEFAULT_BUFFER_SIZE),
                 null,
-                EXTERNAL_ACCESS_DEFAULT
+                null
     };
 
     private static final String XMLEntity = "[xml]".intern();
@@ -1421,7 +1423,8 @@
         fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         // initialize state
         //fStandalone = false;
@@ -1485,7 +1488,11 @@
         fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        if (spm == null) {
+            spm = new XMLSecurityPropertyManager();
+        }
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         //reset general state
         reset();
@@ -1641,11 +1648,10 @@
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
-            {
-                fAccessExternalDTD = (String)value;
-            }
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
+        {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
         }
     }
 
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java	Mon Jul 22 13:59:51 2013 +0100
@@ -54,6 +54,7 @@
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -218,6 +219,10 @@
     protected static final String ENTITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: access to external dtd */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
@@ -238,8 +243,7 @@
         SECURITY_MANAGER,
         LOCALE,
         SCHEMA_DV_FACTORY,
-        ACCESS_EXTERNAL_DTD,
-        ACCESS_EXTERNAL_SCHEMA
+        XML_SECURITY_PROPERTY_MANAGER
     };
 
     // Data
@@ -270,7 +274,6 @@
     private final CMNodeFactory fNodeFactory = new CMNodeFactory(); //component mgr will be set later
     private CMBuilder fCMBuilder;
     private XSDDescription fXSDDescription = new XSDDescription();
-    private String faccessExternalDTD = Constants.EXTERNAL_ACCESS_DEFAULT;
     private String faccessExternalSchema = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     private Map fJAXPCache;
@@ -466,11 +469,9 @@
                 fErrorReporter.putMessageFormatter(XSMessageFormatter.SCHEMA_DOMAIN, new XSMessageFormatter());
             }
         }
-        else if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
-            faccessExternalDTD = (String) state;
-        }
-        else if (propertyId.equals(ACCESS_EXTERNAL_SCHEMA)) {
-            faccessExternalSchema = (String) state;
+        else if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)state;
+            faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
         }
     } // setProperty(String, Object)
 
@@ -1066,8 +1067,8 @@
         fSchemaHandler.setGenerateSyntheticAnnotations(componentManager.getFeature(GENERATE_SYNTHETIC_ANNOTATIONS, false));
         fSchemaHandler.reset(componentManager);
 
-        faccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD);
-        faccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
     }
 
     private void initGrammarBucket(){
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java	Mon Jul 22 13:59:51 2013 +0100
@@ -233,11 +233,9 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     protected static final String USE_SERVICE_MECHANISM = Constants.ORACLE_FEATURE_SERVICE_MECHANISM;
 
@@ -297,8 +295,7 @@
             JAXP_SCHEMA_SOURCE,
             JAXP_SCHEMA_LANGUAGE,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
-            ACCESS_EXTERNAL_SCHEMA
+            XML_SECURITY_PROPERTY_MANAGER
             };
 
     /** Property defaults. */
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Mon Jul 22 13:59:51 2013 +0100
@@ -78,6 +78,7 @@
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
@@ -112,6 +113,7 @@
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
@@ -223,11 +225,9 @@
     protected static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+        /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     protected static final boolean DEBUG_NODE_POOL = false;
 
@@ -260,6 +260,7 @@
     protected SecurityManager fSecureProcessing = null;
 
     private String fAccessExternalSchema;
+    private String fAccessExternalDTD;
 
     // These tables correspond to the symbol spaces defined in the
     // spec.
@@ -2249,6 +2250,13 @@
                         }
                     }
                     catch (SAXException se) {}
+
+                    try {
+                        parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                    } catch (SAXNotRecognizedException exc) {
+                        System.err.println("Warning: " + parser.getClass().getName() + ": " +
+                                exc.getMessage());
+                    }
                 }
                 // If XML names and Namespace URIs are already internalized we
                 // can avoid running them through the SymbolTable.
@@ -3580,11 +3588,17 @@
         } catch (XMLConfigurationException e) {
         }
 
-        //For Schema validation, the secure feature is set to true by default
-        fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
-                componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
-        fAccessExternalSchema = (String) componentManager.getProperty(
-                ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager securityPropertyMgr = (XMLSecurityPropertyManager)
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        //Passing on the setting to the parser
+        fSchemaParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, securityPropertyMgr);
+
+        fAccessExternalDTD = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
+        fAccessExternalSchema = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
+
     } // reset(XMLComponentManager)
 
 
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -37,6 +37,9 @@
 import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
 import com.sun.org.apache.xerces.internal.parsers.DOMParser;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -97,12 +100,17 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** property identifier: access external dtd. */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
     /** Property identifier: access to external schema */
     public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
+
     private final DOMParser domParser;
     private final Schema grammar;
 
@@ -117,6 +125,8 @@
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     DocumentBuilderImpl(DocumentBuilderFactoryImpl dbf, Hashtable dbfAttrs, Hashtable features)
         throws SAXNotRecognizedException, SAXNotSupportedException {
         this(dbf, dbfAttrs, features, false);
@@ -160,23 +170,27 @@
             domParser.setFeature(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
 
             /**
-             * By default, secure processing is set, no external access is allowed.
-             * However, we need to check if it is actively set on the factory since we
-             * allow the use of the System Property or jaxp.properties to override
-             * the default value
+             * If secure processing is explicitly set on the factory, the
+             * access properties will be set unless the corresponding
+             * System Properties or jaxp.properties are set
              */
             if (features != null) {
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
-                        domParser.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-                        domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_SCHEMA,
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
                     }
                 }
             }
@@ -220,7 +234,7 @@
             setFeatures(features);
         }
 
-        // Set attributes
+        //setAttribute override those that may be set by other means
         setDocumentBuilderFactoryAttributes(dbfAttrs);
 
         // Initial EntityResolver
@@ -275,26 +289,32 @@
                             // spec when schema validation is enabled
                             domParser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
                         }
-                    }
-                        } else if(JAXP_SCHEMA_SOURCE.equals(name)){
-                        if( isValidating() ) {
-                                                String value=(String)dbfAttrs.get(JAXP_SCHEMA_LANGUAGE);
-                                                if(value !=null && W3C_XML_SCHEMA.equals(value)){
-                                        domParser.setProperty(name, val);
-                                                }else{
+                     }
+                 } else if(JAXP_SCHEMA_SOURCE.equals(name)){
+                    if( isValidating() ) {
+                        String value=(String)dbfAttrs.get(JAXP_SCHEMA_LANGUAGE);
+                        if(value !=null && W3C_XML_SCHEMA.equals(value)){
+                            domParser.setProperty(name, val);
+                        }else{
                             throw new IllegalArgumentException(
                                 DOMMessageFormatter.formatMessage(DOMMessageFormatter.DOM_DOMAIN,
                                 "jaxp-order-not-supported",
                                 new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
-                                                }
-                                        }
-                } else {
-                    // Let Xerces code handle the property
-                    domParser.setProperty(name, val);
-                                }
                         }
-                }
+                     }
+                  } else {
+                    int index = fSecurityPropertyMgr.getIndex(name);
+                    if (index > -1) {
+                        fSecurityPropertyMgr.setValue(index,
+                                XMLSecurityPropertyManager.State.APIPROPERTY, (String)val);
+                    } else {
+                        // Let Xerces code handle the property
+                        domParser.setProperty(name, val);
+                    }
+                  }
+             }
         }
+    }
 
     /**
      * Non-preferred: use the getDOMImplementation() method instead of this
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -36,6 +36,7 @@
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -92,11 +93,9 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     private final JAXPSAXParser xmlReader;
     private String schemaLanguage = null;     // null means DTD
@@ -113,6 +112,8 @@
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /**
      * Create a SAX parser with the associated features
      * @param features Hashtable of SAX features, may be null
@@ -149,6 +150,9 @@
             xmlReader.setFeature0(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
@@ -162,9 +166,12 @@
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
                     }
                 }
             }
@@ -530,14 +537,21 @@
                     return;
                 }
             }
-            if (!fInitProperties.containsKey(name)) {
-                fInitProperties.put(name, super.getProperty(name));
-            }
             /** Forward property to the schema validator if there is one. **/
             if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
                 setSchemaValidatorProperty(name, value);
             }
-            super.setProperty(name, value);
+            /** Check to see if the property is managed by the property manager **/
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSAXParser.fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            } else {
+                if (!fInitProperties.containsKey(name)) {
+                    fInitProperties.put(name, super.getProperty(name));
+                }
+                super.setProperty(name, value);
+            }
         }
 
         public synchronized Object getProperty(String name)
@@ -550,6 +564,11 @@
                 // JAXP 1.2 support
                 return fSAXParser.schemaLanguage;
             }
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
+            }
+
             return super.getProperty(name);
         }
 
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Mon Jul 22 13:59:51 2013 +0100
@@ -177,11 +177,11 @@
         }
         config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
         config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
-        config.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
         config.setDocumentHandler(fSchemaValidator);
         config.setDTDHandler(null);
         config.setDTDContentModelHandler(null);
+        config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
+                fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
         fConfiguration = new SoftReference(config);
         return config;
     }
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -53,6 +53,7 @@
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.QName;
@@ -134,6 +135,10 @@
     private static final String VALIDATION_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     //
     // Data
     //
@@ -686,8 +691,10 @@
                                catch (SAXException exc) {}
                            }
                            try {
+                               XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                                       fComponentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
                                reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                                      fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
+                                       spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD));
                            } catch (SAXException exc) {
                                System.err.println("Warning: " + reader.getClass().getName() + ": " +
                                       exc.getMessage());
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Mon Jul 22 13:59:51 2013 +0100
@@ -45,7 +45,7 @@
 import com.sun.org.apache.xerces.internal.util.StAXInputSource;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -83,11 +83,10 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema  */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     //
     // Data
@@ -111,6 +110,9 @@
     /** The SecurityManager. */
     private SecurityManager fSecurityManager;
 
+    /** The Security property manager. */
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /** The container for the real grammar pool. */
     private XMLGrammarPoolWrapper fXMLGrammarPoolWrapper;
 
@@ -120,6 +122,8 @@
      * Note the default value (false) is the safe option..
      */
     private final boolean fUseServicesMechanism;
+
+
     public XMLSchemaFactory() {
         this(true);
     }
@@ -140,13 +144,9 @@
         fSecurityManager = new SecurityManager();
         fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
 
-        //by default, the secure feature is set to true, otherwise the default would have been 'file'
-        String accessExternal = SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-        accessExternal = SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
+                fSecurityPropertyMgr);
     }
 
     /**
@@ -282,6 +282,7 @@
             schema = new EmptyXMLSchema();
         }
         propagateFeatures(schema);
+        propagateProperties(schema);
         return schema;
     }
 
@@ -366,8 +367,13 @@
             }
             if (value) {
                 fSecurityManager = new SecurityManager();
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
+                if (Constants.IS_JDK8_OR_ABOVE) {
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                }
             } else {
                 fSecurityManager = null;
             }
@@ -414,7 +420,13 @@
                     "property-not-supported", new Object [] {name}));
         }
         try {
-            fXMLSchemaLoader.setProperty(name, object);
+            int index = fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)object);
+            } else {
+                fXMLSchemaLoader.setProperty(name, object);
+            }
         }
         catch (XMLConfigurationException e) {
             String identifier = e.getIdentifier();
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -42,6 +42,7 @@
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
@@ -107,6 +108,10 @@
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: symbol table. */
     private static final String SYMBOL_TABLE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY;
@@ -123,12 +128,6 @@
     private static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema  */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
-
     //
     // Data
     //
@@ -184,6 +183,9 @@
     /** Stores the initial security manager. */
     private final SecurityManager fInitSecurityManager;
 
+    /** Stores the initial security property manager. */
+    private final XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     //
     // User Objects
     //
@@ -250,8 +252,9 @@
         fComponents.put(SECURITY_MANAGER, fInitSecurityManager);
 
         //pass on properties set on SchemaFactory
-        setProperty(ACCESS_EXTERNAL_DTD, grammarContainer.getProperty(ACCESS_EXTERNAL_DTD));
-        setProperty(ACCESS_EXTERNAL_SCHEMA, grammarContainer.getProperty(ACCESS_EXTERNAL_SCHEMA));
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
+                grammarContainer.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
+        setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
     }
 
     /**
@@ -309,6 +312,15 @@
                 throw new XMLConfigurationException(Status.NOT_ALLOWED, XMLConstants.FEATURE_SECURE_PROCESSING);
             }
             setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
+
+            if (value && Constants.IS_JDK8_OR_ABOVE) {
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+            }
+
             return;
         }
         fConfigUpdated = true;
--- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java	Mon Jul 22 13:59:51 2013 +0100
@@ -29,6 +29,7 @@
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
@@ -74,6 +75,10 @@
     protected static final String REPORT_WHITESPACE =
             Constants.SUN_SCHEMA_FEATURE_PREFIX + Constants.SUN_REPORT_IGNORED_ELEMENT_CONTENT_WHITESPACE;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     // recognized features:
     private static final String[] RECOGNIZED_FEATURES = {
         REPORT_WHITESPACE
@@ -579,6 +584,13 @@
        }
 
         try {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                    fConfiguration.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+            int index = spm.getIndex(propertyId);
+            if (index > -1) {
+                return spm.getValueByIndex(index);
+            }
+
             return fConfiguration.getProperty(propertyId);
         }
         catch (XMLConfigurationException e) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java	Mon Jul 22 13:59:51 2013 +0100
@@ -22,8 +22,11 @@
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
 
 /**
  * This is the main Xerces SAX parser class. It uses the abstract SAX
@@ -120,4 +123,24 @@
 
     } // <init>(SymbolTable,XMLGrammarPool)
 
+    /**
+     * Sets the particular property in the underlying implementation of
+     * org.xml.sax.XMLReader.
+     */
+    public void setProperty(String name, Object value)
+        throws SAXNotRecognizedException, SAXNotSupportedException {
+        XMLSecurityPropertyManager spm = new XMLSecurityPropertyManager();
+        int index = spm.getIndex(name);
+        if (index > -1) {
+            /**
+             * this is a direct call to this parser, not a subclass since
+             * internally the support of this property is done through
+             * XMLSecurityPropertyManager
+             */
+            spm.setValue(index, XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, spm);
+        } else {
+            super.setProperty(name, value);
+        }
+    }
 } // class SAXParser
--- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Mon Jul 22 13:59:51 2013 +0100
@@ -20,12 +20,10 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
-import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Locale;
-import java.util.Properties;
 import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
@@ -53,9 +51,8 @@
 import com.sun.org.apache.xerces.internal.util.FeatureState;
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -278,11 +275,10 @@
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     // debugging
 
@@ -535,8 +531,7 @@
                 SCHEMA_NONS_LOCATION,
                 LOCALE,
                 SCHEMA_DV_FACTORY,
-                ACCESS_EXTERNAL_DTD,
-                ACCESS_EXTERNAL_SCHEMA
+                XML_SECURITY_PROPERTY_MANAGER
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -584,14 +579,7 @@
 
         fVersionDetector = new XMLVersionDetector();
 
-        //FEATURE_SECURE_PROCESSING is true, see the feature above
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+        fProperties.put(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java	Mon Jul 22 13:59:51 2013 +0100
@@ -223,7 +223,8 @@
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -256,6 +257,9 @@
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -267,18 +271,16 @@
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+    public static String getJAXPSystemProperty(String sysPropertyId) {
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xerces.internal.utils;
+
+import com.sun.org.apache.xerces.internal.impl.Constants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                Constants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA,
+                Constants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                Constants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA,
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}
--- a/jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java	Mon Jul 22 13:59:51 2013 +0100
@@ -68,6 +68,7 @@
 import com.sun.org.apache.xerces.internal.xpointer.XPointerHandler;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerProcessor;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import java.util.Objects;
 
 /**
@@ -231,13 +232,9 @@
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** access external dtd: file protocol
-     *  For DOM/SAX, the secure feature is set to true by default
-     */
-    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+    /** property identifier: XML security property manager. */
+    protected static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** Recognized features. */
     private static final String[] RECOGNIZED_FEATURES =
@@ -293,12 +290,7 @@
     protected XMLErrorReporter fErrorReporter;
     protected XMLEntityResolver fEntityResolver;
     protected SecurityManager fSecurityManager;
-    /**
-     * comma-delimited list of protocols that are allowed for the purpose
-     * of accessing external dtd or entity references
-     */
-    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
-
+    protected XMLSecurityPropertyManager fSecurityPropertyMgr;
 
     // these are needed for text include processing
     protected XIncludeTextReader fXInclude10TextReader;
@@ -540,7 +532,8 @@
             fSecurityManager = null;
         }
 
-        fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
+                componentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
 
         // Get buffer size.
         try {
@@ -687,11 +680,13 @@
             }
             return;
         }
-        if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
-            fAccessExternalDTD = (String)value;
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
+            fSecurityPropertyMgr = (XMLSecurityPropertyManager)value;
+
             if (fChildConfig != null) {
-                fChildConfig.setProperty(propertyId, value);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, value);
             }
+
             return;
         }
 
@@ -1652,7 +1647,7 @@
                 if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
                 if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
                 fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
-                fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
                 fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
 
                 // features must be copied to child configuration
--- a/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Mon Jul 22 13:59:51 2013 +0100
@@ -140,12 +140,6 @@
                     // Try to carry on if we've got a parser that
                     // doesn't know about namespace prefixes.
                 }
-                try {
-                    reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
-                } catch (SAXException se) {
-                    System.err.println("Warning:  " + reader.getClass().getName() + ": "
-                                + se.getMessage());
-                }
             } catch (ParserConfigurationException ex) {
                 throw new SAXException(ex);
             } catch (FactoryConfigurationError ex1) {
@@ -162,6 +156,14 @@
             }
         }
 
+        try {
+            //reader is cached, but this property might have been reset
+            reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
+        } catch (SAXException se) {
+            System.err.println("Warning:  " + reader.getClass().getName() + ": "
+                        + se.getMessage());
+        }
+
         return reader;
     }
 
--- a/jaxws/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/jaxws/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 690d34b326bc78a6f5f225522695b41c7f7f70e8 jdk8-b96
 dcde7f049111353ad23175f54985a4f6bfea720c jdk8-b97
 b1fb4612a2caea52b5661b87509e560fa044b194 jdk8-b98
+8ef83d4b23c933935e28f59b282cea920b1b1f5f jdk8-b99
--- a/jdk/.hgtags	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/.hgtags	Mon Jul 22 13:59:51 2013 +0100
@@ -220,3 +220,4 @@
 4a5d3cf2b3af1660db0237e8da324c140e534fa4 jdk8-b96
 978a95239044f26dcc8a6d59246be07ad6ca6be2 jdk8-b97
 c4908732fef5235f1b98cafe0ce507771ef7892c jdk8-b98
+6a099a36589bd933957272ba63e5263bede29971 jdk8-b99
--- a/jdk/make/sun/security/pkcs11/mapfile-vers	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/make/sun/security/pkcs11/mapfile-vers	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:
--- a/jdk/makefiles/mapfiles/libj2pkcs11/mapfile-vers	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/makefiles/mapfiles/libj2pkcs11/mapfile-vers	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -102,7 +102,7 @@
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:
--- a/jdk/src/macosx/classes/com/apple/eawt/FullScreenHandler.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/com/apple/eawt/FullScreenHandler.java	Mon Jul 22 13:59:51 2013 +0100
@@ -32,6 +32,7 @@
 import javax.swing.RootPaneContainer;
 
 import com.apple.eawt.AppEvent.FullScreenEvent;
+import sun.awt.SunToolkit;
 
 import java.lang.annotation.Native;
 
@@ -75,7 +76,7 @@
     static void handleFullScreenEventFromNative(final Window window, final int type) {
         if (!(window instanceof RootPaneContainer)) return; // handles null
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final FullScreenHandler handler = getHandlerFor((RootPaneContainer)window);
                 if (handler != null) handler.notifyListener(new FullScreenEvent(window), type);
--- a/jdk/src/macosx/classes/com/apple/eawt/_AppEventHandler.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/com/apple/eawt/_AppEventHandler.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
 import java.net.*;
 import java.util.*;
 import java.util.List;
+import sun.awt.AppContext;
+import sun.awt.SunToolkit;
 
 import com.apple.eawt.AppEvent.*;
 
@@ -269,11 +271,9 @@
     }
 
     class _AppReOpenedDispatcher extends _AppEventMultiplexor<AppReOpenedListener> {
-        void performOnListeners(final List<AppReOpenedListener> listeners, final _NativeEvent event) {
+        void performOnListener(AppReOpenedListener listener, final _NativeEvent event) {
             final AppReOpenedEvent e = new AppReOpenedEvent();
-            for (final AppReOpenedListener listener : listeners) {
-                listener.appReOpened(e);
-            }
+            listener.appReOpened(e);
         }
     }
 
@@ -415,50 +415,67 @@
     }
 
     abstract class _AppEventMultiplexor<L> {
-        final List<L> _listeners = new ArrayList<L>(0);
+        private final Map<L, AppContext> listenerToAppContext =
+                new IdentityHashMap<L, AppContext>();
         boolean nativeListenerRegistered;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event, final Object... args) {
-            // grab a local ref to the listeners
-            final List<L> localListeners;
+            // grab a local ref to the listeners and its contexts as an array of the map's entries
+            final ArrayList<Map.Entry<L, AppContext>> localEntries;
             synchronized (this) {
-                if (_listeners.size() == 0) return;
-                localListeners = new ArrayList<L>(_listeners);
+                if (listenerToAppContext.size() == 0) {
+                    return;
+                }
+                localEntries = new ArrayList<Map.Entry<L, AppContext>>(listenerToAppContext.size());
+                localEntries.addAll(listenerToAppContext.entrySet());
             }
 
-            EventQueue.invokeLater(new Runnable() {
-                public void run() {
-                    performOnListeners(localListeners, event);
-                }
-            });
+            for (final Map.Entry<L, AppContext> e : localEntries) {
+                final L listener = e.getKey();
+                final AppContext listenerContext = e.getValue();
+                SunToolkit.invokeLaterOnAppContext(listenerContext, new Runnable() {
+                    public void run() {
+                        performOnListener(listener, event);
+                    }
+                });
+            }
         }
 
         synchronized void addListener(final L listener) {
+            setListenerContext(listener, AppContext.getAppContext());
+
             if (!nativeListenerRegistered) {
                 registerNativeListener();
                 nativeListenerRegistered = true;
             }
-            _listeners.add(listener);
         }
 
         synchronized void removeListener(final L listener) {
-            _listeners.remove(listener);
+            listenerToAppContext.remove(listener);
         }
 
-        abstract void performOnListeners(final List<L> listeners, final _NativeEvent event);
+        abstract void performOnListener(L listener, final _NativeEvent event);
         void registerNativeListener() { }
+
+        private void setListenerContext(L listener, AppContext listenerContext) {
+            if (listenerContext == null) {
+                throw new RuntimeException(
+                        "Attempting to add a listener from a thread group without AppContext");
+            }
+            listenerToAppContext.put(listener, AppContext.getAppContext());
+        }
     }
 
     abstract class _BooleanAppEventMultiplexor<L, E> extends _AppEventMultiplexor<L> {
         @Override
-        void performOnListeners(final List<L> listeners, final _NativeEvent event) {
+        void performOnListener(L listener, final _NativeEvent event) {
             final boolean isTrue = Boolean.TRUE.equals(event.get(0));
             final E e = createEvent(isTrue);
             if (isTrue) {
-                for (final L listener : listeners) performTrueEventOn(listener, e);
+                performTrueEventOn(listener, e);
             } else {
-                for (final L listener : listeners) performFalseEventOn(listener, e);
+                performFalseEventOn(listener, e);
             }
         }
 
@@ -479,30 +496,34 @@
      */
     abstract class _AppEventDispatcher<H> {
         H _handler;
+        AppContext handlerContext;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event) {
-            EventQueue.invokeLater(new Runnable() {
-                public void run() {
-                    // grab a local ref to the handler
-                    final H localHandler;
-                    synchronized (_AppEventDispatcher.this) {
-                        localHandler = _handler;
-                    }
+            // grab a local ref to the handler
+            final H localHandler;
+            final AppContext localHandlerContext;
+            synchronized (_AppEventDispatcher.this) {
+                localHandler = _handler;
+                localHandlerContext = handlerContext;
+            }
 
-                    // invoke the handler outside of the synchronized block
-                    if (localHandler == null) {
-                        performDefaultAction(event);
-                    } else {
+            if (localHandler == null) {
+                performDefaultAction(event);
+            } else {
+                SunToolkit.invokeLaterOnAppContext(localHandlerContext, new Runnable() {
+                    public void run() {
                         performUsing(localHandler, event);
                     }
-                }
-            });
+                });
+            }
         }
 
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // if a new handler is installed, block addition of legacy ApplicationListeners
             if (handler == legacyHandler) return;
             legacyHandler.blockLegacyAPI();
@@ -510,6 +531,15 @@
 
         void performDefaultAction(final _NativeEvent event) { } // by default, do nothing
         abstract void performUsing(final H handler, final _NativeEvent event);
+
+        protected void setHandlerContext(AppContext ctx) {
+            if (ctx == null) {
+                throw new RuntimeException(
+                        "Attempting to set a handler from a thread group without AppContext");
+            }
+
+            handlerContext = ctx;
+        }
     }
 
     abstract class _QueuingAppEventDispatcher<H> extends _AppEventDispatcher<H> {
@@ -531,6 +561,8 @@
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // dispatch any events in the queue
             if (queuedEvents != null) {
                 // grab a local ref to the queue, so the real one can be nulled out
--- a/jdk/src/macosx/classes/com/apple/eawt/event/GestureHandler.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/com/apple/eawt/event/GestureHandler.java	Mon Jul 22 13:59:51 2013 +0100
@@ -25,6 +25,8 @@
 
 package com.apple.eawt.event;
 
+import sun.awt.SunToolkit;
+
 import java.awt.*;
 import java.util.*;
 import java.util.List;
@@ -70,7 +72,7 @@
     static void handleGestureFromNative(final Window window, final int type, final double x, final double y, final double a, final double b) {
         if (window == null) return; // should never happen...
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final Component component = SwingUtilities.getDeepestComponentAt(window, (int)x, (int)y);
 
--- a/jdk/src/macosx/classes/com/apple/laf/ScreenMenu.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/com/apple/laf/ScreenMenu.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
 
 import javax.swing.*;
 
+import sun.awt.SunToolkit;
 import sun.lwawt.LWToolkit;
 import sun.lwawt.macosx.*;
 
@@ -144,7 +145,7 @@
                     updateItems();
                     fItemBounds = new Rectangle[invoker.getMenuComponentCount()];
                 }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             System.err.println(e);
             e.printStackTrace();
@@ -172,7 +173,7 @@
 
             fItemBounds = null;
     }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             e.printStackTrace();
         }
@@ -200,7 +201,7 @@
         if (kind == 0) return;
         if (fItemBounds == null) return;
 
-        SwingUtilities.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(fInvoker, new Runnable() {
             @Override
             public void run() {
                 Component target = null;
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CCheckboxMenuItem.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CCheckboxMenuItem.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@
 
     public void handleAction(final boolean state) {
         final CheckboxMenuItem target = (CheckboxMenuItem)getTarget();
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(target, new Runnable() {
             public void run() {
                 target.setState(state);
             }
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CDragSourceContextPeer.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CDragSourceContextPeer.java	Mon Jul 22 13:59:51 2013 +0100
@@ -107,10 +107,6 @@
             loc = rootComponent.getLocation();
         }
 
-        //It sure will be LWComponentPeer instance as rootComponent is a Window
-        PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
-        long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
-
         // If there isn't any drag image make one of default appearance:
         if (fDragImage == null)
             this.setDefaultDragImage(component);
@@ -137,6 +133,11 @@
         }
 
         try {
+            //It sure will be LWComponentPeer instance as rootComponent is a Window
+            PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
+            long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
+            if (nativeViewPtr == 0L) throw new InvalidDnDOperationException("Unsupported platform window implementation");
+
             // Create native dragging source:
             final long nativeDragSource = createNativeDragSource(component, nativeViewPtr, transferable, triggerEvent,
                 (int) (dragOrigin.getX()), (int) (dragOrigin.getY()), extModifiers,
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CDropTarget.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CDropTarget.java	Mon Jul 22 13:59:51 2013 +0100
@@ -52,6 +52,8 @@
         fPeer = peer;
 
         long nativePeer = CPlatformWindow.getNativeViewPtr(((LWComponentPeer) peer).getPlatformWindow());
+        if (nativePeer == 0L) return; // Unsupported for a window without a native view (plugin)
+
         // Create native dragging destination:
         fNativeDropTarget = this.createNativeDropTarget(dropTarget, component, peer, nativePeer);
         if (fNativeDropTarget == 0) {
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java	Mon Jul 22 13:59:51 2013 +0100
@@ -479,12 +479,14 @@
             deliverZoom(true);
 
             this.normalBounds = peer.getBounds();
-            long screen = CWrapper.NSWindow.screen(getNSWindowPtr());
-            Rectangle toBounds = CWrapper.NSScreen.visibleFrame(screen).getBounds();
-            // Flip the y coordinate
-            Rectangle frame = CWrapper.NSScreen.frame(screen).getBounds();
-            toBounds.y = frame.height - toBounds.y - toBounds.height;
-            setBounds(toBounds.x, toBounds.y, toBounds.width, toBounds.height);
+
+            GraphicsConfiguration config = getPeer().getGraphicsConfiguration();
+            Insets i = ((CGraphicsDevice)config.getDevice()).getScreenInsets();
+            Rectangle toBounds = config.getBounds();
+            setBounds(toBounds.x + i.left,
+                      toBounds.y + i.top,
+                      toBounds.width - i.left - i.right,
+                      toBounds.height - i.top - i.bottom);
         }
     }
 
@@ -751,13 +753,7 @@
         // the move/size notification from the underlying system comes
         // but it contains a bounds smaller than the whole screen
         // and therefore we need to create the synthetic notifications
-        Rectangle screenBounds;
-        final long screenPtr = CWrapper.NSWindow.screen(getNSWindowPtr());
-        try {
-            screenBounds = CWrapper.NSScreen.frame(screenPtr).getBounds();
-        } finally {
-            CWrapper.NSObject.release(screenPtr);
-        }
+        Rectangle screenBounds = getPeer().getGraphicsConfiguration().getBounds();
         peer.notifyReshape(screenBounds.x, screenBounds.y, screenBounds.width,
                            screenBounds.height);
     }
@@ -900,8 +896,6 @@
             nativePeer = ((CPlatformWindow) platformWindow).getContentView().getAWTView();
         } else if (platformWindow instanceof CViewPlatformEmbeddedFrame){
             nativePeer = ((CViewPlatformEmbeddedFrame) platformWindow).getNSViewPtr();
-        } else {
-            throw new IllegalArgumentException("Unsupported platformWindow implementation");
         }
         return nativePeer;
     }
@@ -932,25 +926,19 @@
 
         final Rectangle oldB = nativeBounds;
         nativeBounds = new Rectangle(x, y, width, height);
-        final GraphicsConfiguration oldGC = peer.getGraphicsConfiguration();
-
-        final GraphicsConfiguration newGC = peer.getGraphicsConfiguration();
-        // System-dependent appearance optimization.
         if (peer != null) {
             peer.notifyReshape(x, y, width, height);
-        }
-
-        if ((byUser && !oldB.getSize().equals(nativeBounds.getSize()))
-            || isFullScreenAnimationOn || !Objects.equals(newGC, oldGC)) {
-            flushBuffers();
+            // System-dependent appearance optimization.
+            if ((byUser && !oldB.getSize().equals(nativeBounds.getSize()))
+                    || isFullScreenAnimationOn) {
+                flushBuffers();
+            }
         }
     }
 
     private void deliverWindowClosingEvent() {
-        if (peer != null) {
-            if (peer.getBlocker() == null)  {
-                peer.postEvent(new WindowEvent(target, WindowEvent.WINDOW_CLOSING));
-            }
+        if (peer != null && peer.getBlocker() == null) {
+            peer.postEvent(new WindowEvent(target, WindowEvent.WINDOW_CLOSING));
         }
     }
 
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CViewEmbeddedFrame.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CViewEmbeddedFrame.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,7 +96,7 @@
                     validate();
                     setVisible(true);
                 }
-            }, null);
+            }, this);
         } catch (InterruptedException | InvocationTargetException ex) {}
     }
 }
--- a/jdk/src/macosx/classes/sun/lwawt/macosx/CWrapper.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/classes/sun/lwawt/macosx/CWrapper.java	Mon Jul 22 13:59:51 2013 +0100
@@ -71,8 +71,6 @@
         public static native void zoom(long window);
 
         public static native void makeFirstResponder(long window, long responder);
-
-        public static native long screen(long window);
     }
 
     public static final class NSView {
@@ -95,12 +93,6 @@
         public static native void release(long object);
     }
 
-    public static final class NSScreen {
-        public static native Rectangle2D frame(long screen);
-        public static native Rectangle2D visibleFrame(long screen);
-        public static native long screenByDisplayId(int displayID);
-    }
-
     public static final class NSColor {
         public static native long clearColor();
     }
--- a/jdk/src/macosx/native/sun/awt/CMenuItem.m	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/native/sun/awt/CMenuItem.m	Mon Jul 22 13:59:51 2013 +0100
@@ -82,8 +82,13 @@
         // keys, so we need to do the same translation here that we do
         // for the regular key down events
         if ([eventKey length] == 1) {
-            unichar ch =  NsCharToJavaChar([eventKey characterAtIndex:0], 0);
-            eventKey = [NSString stringWithCharacters: &ch length: 1];
+            unichar origChar = [eventKey characterAtIndex:0];
+            unichar newChar =  NsCharToJavaChar(origChar, 0);
+            if (newChar == java_awt_event_KeyEvent_CHAR_UNDEFINED) {
+                newChar = origChar;
+            }
+
+            eventKey = [NSString stringWithCharacters: &newChar length: 1];
         }
 
         if ([menuKey isEqualToString:eventKey]) {
--- a/jdk/src/macosx/native/sun/awt/CWrapper.m	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/macosx/native/sun/awt/CWrapper.m	Mon Jul 22 13:59:51 2013 +0100
@@ -397,31 +397,6 @@
 }
 
 /*
- * Class:     sun_lwawt_macosx_CWrapper$NSWindow
- * Method:    screen
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSWindow_screen
-(JNIEnv *env, jclass cls, jlong windowPtr)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env);
-
-    AWTWindow *window = (AWTWindow *)jlong_to_ptr(windowPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        const NSScreen *screen = [window screen];
-        CFRetain(screen); // GC
-        screenPtr = ptr_to_jlong(screen);
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
-/*
  * Method:    miniaturize
  * Signature: (J)V
  */
@@ -690,92 +665,6 @@
 JNF_COCOA_EXIT(env);
 }
 
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper$NSScreen
- * Method:    frame
- * Signature: (J)Ljava/awt/Rectangle;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_frame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen frame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    visibleFrame
- * Signature: (J)Ljava/awt/geom/Rectangle2D;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_visibleFrame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen visibleFrame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    screenByDisplayId
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_screenByDisplayId
-(JNIEnv *env, jclass cls, jint displayID)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env); 
-
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        NSArray *screens = [NSScreen screens];
-        for (NSScreen *screen in screens) {
-            NSDictionary *screenInfo = [screen deviceDescription];
-            NSNumber *screenID = [screenInfo objectForKey:@"NSScreenNumber"];
-            if ([screenID intValue] == displayID){
-                CFRetain(screen); // GC
-                screenPtr = ptr_to_jlong(screen);
-                break;
-            }
-        }
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
 /*
  * Class:     sun_lwawt_macosx_CWrapper$NSColor
  * Method:    clearColor
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=toggle expand
+toggleexpand=toggle expand
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_de.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_de.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=ein-/ausblenden
+toggleexpand=ein-/ausblenden
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_es.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_es.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=activar/desactivar ampliaci\u00F3n
+toggleexpand=activar/desactivar ampliaci\u00F3n
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_fr.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_fr.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=basculer le d\u00E9veloppement
+toggleexpand=basculer le d\u00E9veloppement
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_it.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_it.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=abilita/disabilita espansione
+toggleexpand=abilita/disabilita espansione
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ja.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ja.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=\u5C55\u958B\u306E\u30C8\u30B0\u30EB
+toggleexpand=\u5C55\u958B\u306E\u30C8\u30B0\u30EB
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=\uD1A0\uAE00 \uD655\uC7A5
+toggleexpand=\uD1A0\uAE00 \uD655\uC7A5
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_pt_BR.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_pt_BR.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=alternar expans\u00E3o
+toggleexpand=alternar expans\u00E3o
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_sv.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_sv.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=v\u00E4xla ut\u00F6ka
+toggleexpand=v\u00E4xla ut\u00F6ka
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_CN.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_CN.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=\u5207\u6362\u5C55\u5F00
+toggleexpand=\u5207\u6362\u5C55\u5F00
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_TW.properties	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_TW.properties	Mon Jul 22 13:59:51 2013 +0100
@@ -102,7 +102,7 @@
 #
 # accessible actions
 #
-toggle expand=\u5207\u63DB\u64F4\u5C55
+toggleexpand=\u5207\u63DB\u64F4\u5C55
 
 # new relations, roles and states for J2SE 1.5.0
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES key factory of the Sun provider.
@@ -60,20 +61,22 @@
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESKey desKey = null;
 
         try {
-            if (!(keySpec instanceof DESKeySpec)) {
-                throw new InvalidKeySpecException
-                    ("Inappropriate key specification");
+            if (keySpec instanceof DESKeySpec) {
+                return new DESKey(((DESKeySpec)keySpec).getKey());
             }
-            else {
-                DESKeySpec desKeySpec = (DESKeySpec)keySpec;
-                desKey = new DESKey(desKeySpec.getKey());
+
+            if (keySpec instanceof SecretKeySpec) {
+                return new DESKey(((SecretKeySpec)keySpec).getEncoded());
             }
+
+            throw new InvalidKeySpecException(
+                    "Inappropriate key specification");
+
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desKey;
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES-EDE key factory of the Sun provider.
@@ -60,20 +61,20 @@
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESedeKey desEdeKey = null;
 
         try {
             if (keySpec instanceof DESedeKeySpec) {
-                DESedeKeySpec desEdeKeySpec = (DESedeKeySpec)keySpec;
-                desEdeKey = new DESedeKey(desEdeKeySpec.getKey());
+                return new DESedeKey(((DESedeKeySpec)keySpec).getKey());
+            }
+            if (keySpec instanceof SecretKeySpec) {
+                return new DESedeKey(((SecretKeySpec)keySpec).getEncoded());
 
-            } else {
-                throw new InvalidKeySpecException
-                    ("Inappropriate key specification");
             }
+            throw new InvalidKeySpecException
+                ("Inappropriate key specification");
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desEdeKey;
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -83,7 +83,7 @@
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -118,7 +118,7 @@
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -227,7 +227,7 @@
             }
 
         } catch (InvalidKeySpecException e) {
-            throw new InvalidKeyException("Cannot translate key");
+            throw new InvalidKeyException("Cannot translate key", e);
         }
     }
 }
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Mon Jul 22 13:59:51 2013 +0100
@@ -167,15 +167,16 @@
         BigInteger pMinus2 = p.subtract(BigInteger.valueOf(2));
 
         //
-        // Handbook of Applied Cryptography:  Menezes, et.al.
-        // Repeat if the following does not hold:
-        //     1 <= x <= p-2
+        // PKCS#3 section 7.1 "Private-value generation"
+        // Repeat if either of the followings does not hold:
+        //     0 < x < p-1
+        //     2^(lSize-1) <= x < 2^(lSize)
         //
         do {
             // generate random x up to 2^lSize bits long
             x = new BigInteger(lSize, random);
         } while ((x.compareTo(BigInteger.ONE) < 0) ||
-            ((x.compareTo(pMinus2) > 0)));
+            ((x.compareTo(pMinus2) > 0)) || (x.bitLength() != lSize));
 
         // calculate public value y
         BigInteger y = g.modPow(x, p);
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.PrivateKey;
@@ -67,7 +68,7 @@
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -179,20 +180,9 @@
             this.key = val.data.getOctetString();
             parseKeyBits();
 
-            // ignore OPTIONAL attributes
-
             this.encodedKey = encodedKey.clone();
-
-        } catch (NumberFormatException e) {
-            InvalidKeyException ike = new InvalidKeyException(
-                "Private-value length too big");
-            ike.initCause(e);
-            throw ike;
-        } catch (IOException e) {
-            InvalidKeyException ike = new InvalidKeyException(
-                "Error parsing key encoding: " + e.getMessage());
-            ike.initCause(e);
-            throw ike;
+        } catch (IOException | NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
         }
     }
 
@@ -234,8 +224,9 @@
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -273,10 +264,11 @@
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
+        }
     }
 
     public String toString() {
@@ -312,26 +304,21 @@
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
+        return Objects.hash(x, p, g);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
-            return true;
+        if (this == obj) return true;
 
-        if (!(obj instanceof PrivateKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPrivateKey)) {
             return false;
-
-        byte[] thisEncoded = this.getEncoded();
-        byte[] thatEncoded = ((PrivateKey)obj).getEncoded();
-
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        }
+        javax.crypto.interfaces.DHPrivateKey other =
+                (javax.crypto.interfaces.DHPrivateKey) obj;
+        DHParameterSpec otherParams = other.getParams();
+        return ((this.x.compareTo(other.getX()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java	Mon Jul 22 13:59:51 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -64,7 +65,7 @@
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -173,13 +174,8 @@
             }
 
             this.encodedKey = encodedKey.clone();
-
-        } catch (NumberFormatException e) {
-            throw new InvalidKeyException("Private-value length too big");
-
-        } catch (IOException e) {
-            throw new InvalidKeyException(
-                "Error parsing key encoding: " + e.toString());
+        } catch (IOException | NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
         }
     }
 
@@ -212,8 +208,9 @@
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -253,10 +250,11 @@
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
+        }
     }
 
     public String toString() {
@@ -290,26 +288,22 @@
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
+        return Objects.hash(y, p, g);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
-            return true;
+        if (this == obj) return true;
 
-        if (!(obj instanceof PublicKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPublicKey)) {
             return false;
+        }
 
-        byte[] thisEncoded = this.getEncoded();
-        byte[] thatEncoded = ((PublicKey)obj).getEncoded();
-
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        javax.crypto.interfaces.DHPublicKey other =
+            (javax.crypto.interfaces.DHPublicKey) obj;
+        DHParameterSpec otherParams = other.getParams();
+        return ((this.y.compareTo(other.getY()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java	Mon Jul 22 13:59:51 2013 +0100
@@ -134,7 +134,7 @@
             } else {
                 try {
                     (new NativeUnpack(this)).run(in0, out);
-                } catch (UnsatisfiedLinkError ule) {
+                } catch (UnsatisfiedLinkError | NoClassDefFoundError ex) {
                     // failover to java implementation
                     (new DoUnpack()).run(in0, out);
                 }
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Mon Jul 22 13:59:51 2013 +0100
@@ -52,6 +52,7 @@
 import com.sun.jmx.remote.util.EnvHelp;
 import java.lang.reflect.Array;
 import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
 import javax.management.AttributeNotFoundException;
 import javax.management.openmbean.CompositeData;
 import sun.reflect.misc.MethodUtil;
@@ -64,7 +65,11 @@
  * @since 1.5
  */
 public class Introspector {
-
+    final public static boolean ALLOW_NONPUBLIC_MBEAN;
+    static {
+        String val = AccessController.doPrivileged(new GetPropertyAction("jdk.jmx.mbeans.allowNonPublic"));
+        ALLOW_NONPUBLIC_MBEAN = Boolean.parseBoolean(val);
+    }
 
      /*
      * ------------------------------------------
@@ -223,11 +228,27 @@
         return testCompliance(baseClass, null);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MXBean interface.
+     * A compliant MXBean interface is any publicly accessible interface
+     * following the {@link MXBean} conventions.
+     * @param interfaceClass An interface class to test for the MXBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@link MXBean} conventions.
+     */
     public static void testComplianceMXBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException {
         MXBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MBean interface.
+     * A compliant MBean interface is any publicly accessible interface
+     * following the {@code MBean} conventions.
+     * @param interfaceClass An interface class to test for the MBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@code MBean} conventions.
+     */
     public static void testComplianceMBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException{
         StandardMBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
@@ -299,18 +320,18 @@
      * not a JMX compliant Standard MBean.
      */
     public static <T> Class<? super T> getStandardMBeanInterface(Class<T> baseClass)
-    throws NotCompliantMBeanException {
-        Class<? super T> current = baseClass;
-        Class<? super T> mbeanInterface = null;
-        while (current != null) {
-            mbeanInterface =
-                findMBeanInterface(current, current.getName());
-            if (mbeanInterface != null) break;
-            current = current.getSuperclass();
-        }
-        if (mbeanInterface != null) {
-            return mbeanInterface;
-        } else {
+        throws NotCompliantMBeanException {
+            Class<? super T> current = baseClass;
+            Class<? super T> mbeanInterface = null;
+            while (current != null) {
+                mbeanInterface =
+                    findMBeanInterface(current, current.getName());
+                if (mbeanInterface != null) break;
+                current = current.getSuperclass();
+            }
+                if (mbeanInterface != null) {
+                    return mbeanInterface;
+            } else {
             final String msg =
                 "Class " + baseClass.getName() +
                 " is not a JMX compliant Standard MBean";
@@ -507,8 +528,11 @@
         }
         Class<?>[] interfaces = c.getInterfaces();
         for (int i = 0;i < interfaces.length; i++) {
-            if (interfaces[i].getName().equals(clMBeanName))
+            if (interfaces[i].getName().equals(clMBeanName) &&
+                (Modifier.isPublic(interfaces[i].getModifiers()) ||
+                 ALLOW_NONPUBLIC_MBEAN)) {
                 return Util.cast(interfaces[i]);
+            }
         }
 
         return null;
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanAnalyzer.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanAnalyzer.java	Mon Jul 22 13:59:51 2013 +0100
@@ -28,6 +28,8 @@
 import static com.sun.jmx.mbeanserver.Util.*;
 
 import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.security.AccessController;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.List;
@@ -50,7 +52,6 @@
  * @since 1.6
  */
 class MBeanAnalyzer<M> {
-
     static interface MBeanVisitor<M> {
         public void visitAttribute(String attributeName,
                 M getter,
@@ -107,6 +108,10 @@
         if (!mbeanType.isInterface()) {
             throw new NotCompliantMBeanException("Not an interface: " +
                     mbeanType.getName());
+        } else if (!Modifier.isPublic(mbeanType.getModifiers()) &&
+                   !Introspector.ALLOW_NONPUBLIC_MBEAN) {
+            throw new NotCompliantMBeanException("Interface is not public: " +
+                mbeanType.getName());
         }
 
         try {
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,82 +2,78 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  * The Algorithm class which stores the Algorithm URI as a string.
- *
  */
 public abstract class Algorithm extends SignatureElementProxy {
 
-   /**
-    *
-    * @param doc
-    * @param algorithmURI is the URI of the algorithm as String
-    */
-   public Algorithm(Document doc, String algorithmURI) {
+    /**
+     *
+     * @param doc
+     * @param algorithmURI is the URI of the algorithm as String
+     */
+    public Algorithm(Document doc, String algorithmURI) {
+        super(doc);
 
-      super(doc);
+        this.setAlgorithmURI(algorithmURI);
+    }
 
-      this.setAlgorithmURI(algorithmURI);
-   }
+    /**
+     * Constructor Algorithm
+     *
+     * @param element
+     * @param BaseURI
+     * @throws XMLSecurityException
+     */
+    public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
+        super(element, BaseURI);
+    }
 
-   /**
-    * Constructor Algorithm
-    *
-    * @param element
-    * @param BaseURI
-    * @throws XMLSecurityException
-    */
-   public Algorithm(Element element, String BaseURI)
-           throws XMLSecurityException {
-      super(element, BaseURI);
-   }
+    /**
+     * Method getAlgorithmURI
+     *
+     * @return The URI of the algorithm
+     */
+    public String getAlgorithmURI() {
+        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+    }
 
-   /**
-    * Method getAlgorithmURI
-    *
-    * @return The URI of the alogrithm
-    */
-   public String getAlgorithmURI() {
-      return this._constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
-   }
-
-   /**
-    * Sets the algorithm's URI as used in the signature.
-    *
-    * @param algorithmURI is the URI of the algorithm as String
-    */
-   protected void setAlgorithmURI(String algorithmURI) {
-
-      if ( (algorithmURI != null)) {
-         this._constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM,
-                                                algorithmURI);
-      }
-   }
+    /**
+     * Sets the algorithm's URI as used in the signature.
+     *
+     * @param algorithmURI is the URI of the algorithm as String
+     */
+    protected void setAlgorithmURI(String algorithmURI) {
+        if (algorithmURI != null) {
+            this.constructionElement.setAttributeNS(
+                null, Constants._ATT_ALGORITHM, algorithmURI
+            );
+        }
+    }
 }
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java	Mon Jul 22 13:59:51 2013 +0100
@@ -115,6 +115,18 @@
             new Algorithm("", "SHA1withECDSA", "Signature")
         );
         algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
+            new Algorithm("", "SHA256withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
+            new Algorithm("", "SHA384withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
+            new Algorithm("", "SHA512withECDSA", "Signature")
+        );
+        algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
             new Algorithm("", "HmacMD5", "Mac")
         );
@@ -155,6 +167,18 @@
             new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
         );
         algorithmsMap.put(
+            XMLCipher.AES_128_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_192_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_256_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
+        );
+        algorithmsMap.put(
             XMLCipher.RSA_v1dot5,
             new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
         );
@@ -163,6 +187,10 @@
             new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
         );
         algorithmsMap.put(
+            XMLCipher.RSA_OAEP_11,
+            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
+        );
+        algorithmsMap.put(
             XMLCipher.DIFFIE_HELLMAN,
             new Algorithm("", "", "KeyAgreement")
         );
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,265 +2,254 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
-import java.util.HashMap;
-import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
 import org.w3c.dom.Document;
 
-
 /**
  * Digest Message wrapper & selector class.
  *
  * <pre>
  * MessageDigestAlgorithm.getInstance()
  * </pre>
- *
  */
 public class MessageDigestAlgorithm extends Algorithm {
 
     /** Message Digest - NOT RECOMMENDED MD5*/
-   public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "md5";
-   /** Digest - Required SHA1*/
-   public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
-   /** Message Digest - RECOMMENDED SHA256*/
-   public static final String ALGO_ID_DIGEST_SHA256 = EncryptionConstants.EncryptionSpecNS + "sha256";
-   /** Message Digest - OPTIONAL SHA384*/
-   public static final String ALGO_ID_DIGEST_SHA384 = Constants.MoreAlgorithmsSpecNS + "sha384";
-   /** Message Digest - OPTIONAL SHA512*/
-   public static final String ALGO_ID_DIGEST_SHA512 = EncryptionConstants.EncryptionSpecNS + "sha512";
-   /** Message Digest - OPTIONAL RIPEMD-160*/
-   public static final String ALGO_ID_DIGEST_RIPEMD160 = EncryptionConstants.EncryptionSpecNS + "ripemd160";
+    public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 =
+        Constants.MoreAlgorithmsSpecNS + "md5";
+    /** Digest - Required SHA1*/
+    public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
+    /** Message Digest - RECOMMENDED SHA256*/
+    public static final String ALGO_ID_DIGEST_SHA256 =
+        EncryptionConstants.EncryptionSpecNS + "sha256";
+    /** Message Digest - OPTIONAL SHA384*/
+    public static final String ALGO_ID_DIGEST_SHA384 =
+        Constants.MoreAlgorithmsSpecNS + "sha384";
+    /** Message Digest - OPTIONAL SHA512*/
+    public static final String ALGO_ID_DIGEST_SHA512 =
+        EncryptionConstants.EncryptionSpecNS + "sha512";
+    /** Message Digest - OPTIONAL RIPEMD-160*/
+    public static final String ALGO_ID_DIGEST_RIPEMD160 =
+        EncryptionConstants.EncryptionSpecNS + "ripemd160";
 
-   /** Field algorithm stores the actual {@link java.security.MessageDigest} */
-   java.security.MessageDigest algorithm = null;
+    /** Field algorithm stores the actual {@link java.security.MessageDigest} */
+    private final MessageDigest algorithm;
 
-   /**
-    * Constructor for the brave who pass their own message digest algorithms and the corresponding URI.
-    * @param doc
-    * @param messageDigest
-    * @param algorithmURI
-    */
-   private MessageDigestAlgorithm(Document doc, MessageDigest messageDigest,
-                                  String algorithmURI) {
+    /**
+     * Constructor for the brave who pass their own message digest algorithms and the
+     * corresponding URI.
+     * @param doc
+     * @param algorithmURI
+     */
+    private MessageDigestAlgorithm(Document doc, String algorithmURI)
+        throws XMLSignatureException {
+        super(doc, algorithmURI);
 
-      super(doc, algorithmURI);
+        algorithm = getDigestInstance(algorithmURI);
+    }
 
-      this.algorithm = messageDigest;
-   }
+    /**
+     * Factory method for constructing a message digest algorithm by name.
+     *
+     * @param doc
+     * @param algorithmURI
+     * @return The MessageDigestAlgorithm element to attach in document and to digest
+     * @throws XMLSignatureException
+     */
+    public static MessageDigestAlgorithm getInstance(
+        Document doc, String algorithmURI
+    ) throws XMLSignatureException {
+        return new MessageDigestAlgorithm(doc, algorithmURI);
+    }
 
-   static ThreadLocal<Map<String, MessageDigest>> instances=new
-       ThreadLocal<Map<String, MessageDigest>>() {
-           protected Map<String, MessageDigest> initialValue() {
-               return new HashMap<String, MessageDigest>();
-           };
-   };
+    private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+        String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
 
-   /**
-    * Factory method for constructing a message digest algorithm by name.
-    *
-    * @param doc
-    * @param algorithmURI
-    * @return The MessageDigestAlgorithm element to attach in document and to digest
-    * @throws XMLSignatureException
-    */
-   public static MessageDigestAlgorithm getInstance(
-           Document doc, String algorithmURI) throws XMLSignatureException {
-          MessageDigest md = getDigestInstance(algorithmURI);
-      return new MessageDigestAlgorithm(doc, md, algorithmURI);
-   }
+        if (algorithmID == null) {
+            Object[] exArgs = { algorithmURI };
+            throw new XMLSignatureException("algorithms.NoSuchMap", exArgs);
+        }
 
-private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
-        MessageDigest result= instances.get().get(algorithmURI);
-        if (result!=null)
-                return result;
-    String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
+        MessageDigest md;
+        String provider = JCEMapper.getProviderId();
+        try {
+            if (provider == null) {
+                md = MessageDigest.getInstance(algorithmID);
+            } else {
+                md = MessageDigest.getInstance(algorithmID, provider);
+            }
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
 
-          if (algorithmID == null) {
-                  Object[] exArgs = { algorithmURI };
-                  throw new XMLSignatureException("algorithms.NoSuchMap", exArgs);
-          }
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        } catch (NoSuchProviderException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
 
-      MessageDigest md;
-      String provider=JCEMapper.getProviderId();
-      try {
-         if (provider==null) {
-                md = MessageDigest.getInstance(algorithmID);
-         } else {
-                md = MessageDigest.getInstance(algorithmID,provider);
-         }
-      } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
 
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
-      } catch (NoSuchProviderException ex) {
-        Object[] exArgs = { algorithmID,
-                                                ex.getLocalizedMessage() };
+        return md;
+    }
 
-        throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
-        }
-        instances.get().put(algorithmURI, md);
-        return md;
+    /**
+     * Returns the actual {@link java.security.MessageDigest} algorithm object
+     *
+     * @return the actual {@link java.security.MessageDigest} algorithm object
+     */
+    public java.security.MessageDigest getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#isEqual}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param digesta
+     * @param digestb
+     * @return the result of the {@link java.security.MessageDigest#isEqual} method
+     */
+    public static boolean isEqual(byte[] digesta, byte[] digestb) {
+        return java.security.MessageDigest.isEqual(digesta, digestb);
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#digest()}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @return the result of the {@link java.security.MessageDigest#digest()} method
+     */
+    public byte[] digest() {
+        return algorithm.digest();
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#digest(byte[])}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param input
+     * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
+     */
+    public byte[] digest(byte input[]) {
+        return algorithm.digest(input);
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#digest(byte[], int, int)}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param buf
+     * @param offset
+     * @param len
+     * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
+     * @throws java.security.DigestException
+     */
+    public int digest(byte buf[], int offset, int len) throws java.security.DigestException {
+        return algorithm.digest(buf, offset, len);
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#getAlgorithm}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
+     */
+    public String getJCEAlgorithmString() {
+        return algorithm.getAlgorithm();
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#getProvider}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @return the result of the {@link java.security.MessageDigest#getProvider} method
+     */
+    public java.security.Provider getJCEProvider() {
+        return algorithm.getProvider();
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#getDigestLength}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
+     */
+    public int getDigestLength() {
+        return algorithm.getDigestLength();
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#reset}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     */
+    public void reset() {
+        algorithm.reset();
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte[])}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param input
+     */
+    public void update(byte[] input) {
+        algorithm.update(input);
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte)}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param input
+     */
+    public void update(byte input) {
+        algorithm.update(input);
+    }
+
+    /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte[], int, int)}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
+     * @param buf
+     * @param offset
+     * @param len
+     */
+    public void update(byte buf[], int offset, int len) {
+        algorithm.update(buf, offset, len);
+    }
+
+    /** @inheritDoc */
+    public String getBaseNamespace() {
+        return Constants.SignatureSpecNS;
+    }
+
+    /** @inheritDoc */
+    public String getBaseLocalName() {
+        return Constants._TAG_DIGESTMETHOD;
+    }
 }
-
-   /**
-    * Returns the actual {@link java.security.MessageDigest} algorithm object
-    *
-    * @return the actual {@link java.security.MessageDigest} algorithm object
-    */
-   public java.security.MessageDigest getAlgorithm() {
-      return this.algorithm;
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#isEqual}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param digesta
-    * @param digestb
-    * @return the result of the {@link java.security.MessageDigest#isEqual} method
-    */
-   public static boolean isEqual(byte[] digesta, byte[] digestb) {
-      return java.security.MessageDigest.isEqual(digesta, digestb);
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#digest()}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @return the result of the {@link java.security.MessageDigest#digest()} method
-    */
-   public byte[] digest() {
-      return this.algorithm.digest();
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#digest(byte[])}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param input
-    * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
-    */
-   public byte[] digest(byte input[]) {
-      return this.algorithm.digest(input);
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#digest(byte[], int, int)}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param buf
-    * @param offset
-    * @param len
-    * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
-    * @throws java.security.DigestException
-    */
-   public int digest(byte buf[], int offset, int len)
-           throws java.security.DigestException {
-      return this.algorithm.digest(buf, offset, len);
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#getAlgorithm}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
-    */
-   public String getJCEAlgorithmString() {
-      return this.algorithm.getAlgorithm();
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#getProvider}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @return the result of the {@link java.security.MessageDigest#getProvider} method
-    */
-   public java.security.Provider getJCEProvider() {
-      return this.algorithm.getProvider();
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#getDigestLength}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
-    */
-   public int getDigestLength() {
-      return this.algorithm.getDigestLength();
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#reset}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    */
-   public void reset() {
-      this.algorithm.reset();
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#update(byte[])}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param input
-    */
-   public void update(byte[] input) {
-      this.algorithm.update(input);
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#update(byte)}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param input
-    */
-   public void update(byte input) {
-      this.algorithm.update(input);
-   }
-
-   /**
-    * Proxy method for {@link java.security.MessageDigest#update(byte[], int, int)}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
-    * @param buf
-    * @param offset
-    * @param len
-    */
-   public void update(byte buf[], int offset, int len) {
-      this.algorithm.update(buf, offset, len);
-   }
-
-   /** @inheritDoc */
-   public String getBaseNamespace() {
-      return Constants.SignatureSpecNS;
-   }
-
-   /** @inheritDoc */
-   public String getBaseLocalName() {
-      return Constants._TAG_DIGESTMETHOD;
-   }
-}
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java	Mon Jul 22 13:59:51 2013 +0100
@@ -74,7 +74,7 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -92,10 +92,10 @@
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
 
         signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
-        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(_constructionElement);
+        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
     }
 
     /**
@@ -136,7 +136,7 @@
         }
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -310,7 +310,7 @@
      * @return the URI representation of Transformation algorithm
      */
     public final String getURI() {
-        return _constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -380,9 +380,7 @@
      * This method registers the default algorithms.
      */
     public static void registerDefaultAlgorithms() {
-        algorithmHash.put(
-            XMLSignature.ALGO_ID_SIGNATURE_DSA, SignatureDSA.class
-        );
+        algorithmHash.put(SignatureDSA.URI, SignatureDSA.class);
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, SignatureBaseRSA.SignatureRSASHA1.class
         );
@@ -410,6 +408,15 @@
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
         );
         algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureECDSA.SignatureECDSASHA384.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
+        );
+        algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );
         algorithmHash.put(
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
@@ -27,157 +29,149 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import org.w3c.dom.Element;
 
-
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureAlgorithmSpi {
 
-   /**
-    * Returns the URI representation of <code>Transformation algorithm</code>
-    *
-    * @return the URI representation of <code>Transformation algorithm</code>
-    */
-   protected abstract String engineGetURI();
+    /**
+     * Returns the URI representation of <code>Transformation algorithm</code>
+     *
+     * @return the URI representation of <code>Transformation algorithm</code>
+     */
+    protected abstract String engineGetURI();
 
-   /**
-    * Proxy method for {@link java.security.Signature#getAlgorithm}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @return the result of the {@link java.security.Signature#getAlgorithm} method
-    */
-   protected abstract String engineGetJCEAlgorithmString();
+    /**
+     * Proxy method for {@link java.security.Signature#getAlgorithm}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @return the result of the {@link java.security.Signature#getAlgorithm} method
+     */
+    protected abstract String engineGetJCEAlgorithmString();
 
-   /**
-    * Method engineGetJCEProviderName
-    *
-    * @return the JCE ProviderName
-    */
-   protected abstract String engineGetJCEProviderName();
+    /**
+     * Method engineGetJCEProviderName
+     *
+     * @return the JCE ProviderName
+     */
+    protected abstract String engineGetJCEProviderName();
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param input
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineUpdate(byte[] input)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte[])}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param input
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineUpdate(byte[] input) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param input
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineUpdate(byte input)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte[])}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param input
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineUpdate(byte input) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param buf
-    * @param offset
-    * @param len
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineUpdate(byte buf[], int offset, int len)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param buf
+     * @param offset
+     * @param len
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineUpdate(byte buf[], int offset, int len)
+        throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param signingKey
-    * @throws XMLSignatureException if this method is called on a MAC
-    */
-   protected abstract void engineInitSign(Key signingKey)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param signingKey
+     * @throws XMLSignatureException if this method is called on a MAC
+     */
+    protected abstract void engineInitSign(Key signingKey) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey, java.security.SecureRandom)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param signingKey
-    * @param secureRandom
-    * @throws XMLSignatureException if this method is called on a MAC
-    */
-   protected abstract void engineInitSign(
-      Key signingKey, SecureRandom secureRandom) throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
+     * java.security.SecureRandom)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param signingKey
+     * @param secureRandom
+     * @throws XMLSignatureException if this method is called on a MAC
+     */
+    protected abstract void engineInitSign(Key signingKey, SecureRandom secureRandom)
+        throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link javax.crypto.Mac}
-    * which is executed on the internal {@link javax.crypto.Mac#init(Key)} object.
-    *
-    * @param signingKey
-    * @param algorithmParameterSpec
-    * @throws XMLSignatureException if this method is called on a Signature
-    */
-   protected abstract void engineInitSign(
-      Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
-         throws XMLSignatureException;
+    /**
+     * Proxy method for {@link javax.crypto.Mac}
+     * which is executed on the internal {@link javax.crypto.Mac#init(Key)} object.
+     *
+     * @param signingKey
+     * @param algorithmParameterSpec
+     * @throws XMLSignatureException if this method is called on a Signature
+     */
+    protected abstract void engineInitSign(
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
+    ) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#sign()}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @return the result of the {@link java.security.Signature#sign()} method
-    * @throws XMLSignatureException
-    */
-   protected abstract byte[] engineSign() throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#sign()}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @return the result of the {@link java.security.Signature#sign()} method
+     * @throws XMLSignatureException
+     */
+    protected abstract byte[] engineSign() throws XMLSignatureException;
 
-   /**
-    * Method engineInitVerify
-    *
-    * @param verificationKey
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineInitVerify(Key verificationKey)
-      throws XMLSignatureException;
+    /**
+     * Method engineInitVerify
+     *
+     * @param verificationKey
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineInitVerify(Key verificationKey) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#verify(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param signature
-    * @return true if the signature is correct
-    * @throws XMLSignatureException
-    */
-   protected abstract boolean engineVerify(byte[] signature)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#verify(byte[])}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param signature
+     * @return true if the signature is correct
+     * @throws XMLSignatureException
+     */
+    protected abstract boolean engineVerify(byte[] signature) throws XMLSignatureException;
 
-   /**
-    * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param params
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineSetParameter(AlgorithmParameterSpec params)
-      throws XMLSignatureException;
+    /**
+     * Proxy method for {@link java.security.Signature#setParameter(
+     * java.security.spec.AlgorithmParameterSpec)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param params
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineSetParameter(AlgorithmParameterSpec params)
+        throws XMLSignatureException;
 
 
-   /**
-    * Method engineGetContextFromElement
-    *
-    * @param element
-    */
-   protected void engineGetContextFromElement(Element element) {
-   }
+    /**
+     * Method engineGetContextFromElement
+     *
+     * @param element
+     */
+    protected void engineGetContextFromElement(Element element) {
+    }
 
-   /**
-    * Method engineSetHMACOutputLength
-    *
-    * @param HMACOutputLength
-    * @throws XMLSignatureException
-    */
-   protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
-      throws XMLSignatureException;
+    /**
+     * Method engineSetHMACOutputLength
+     *
+     * @param HMACOutputLength
+     * @throws XMLSignatureException
+     */
+    protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
+        throws XMLSignatureException;
 
     public void reset() {
-        }
+    }
 }
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,26 +2,26 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
@@ -42,570 +42,498 @@
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
-
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
-   /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(IntegrityHmacSHA1.class.getName());
+    /** {@link org.apache.commons.logging} logging facility */
+    private static java.util.logging.Logger log =
+        java.util.logging.Logger.getLogger(IntegrityHmac.class.getName());
 
-   /**
-    * Method engineGetURI
-    *
-    *@inheritDoc
-    */
-   public abstract String engineGetURI();
+    /** Field macAlgorithm */
+    private Mac macAlgorithm = null;
 
-   /**
-    * Returns the output length of the hash/digest.
-    */
-   abstract int getDigestLength();
+    /** Field HMACOutputLength */
+    private int HMACOutputLength = 0;
+    private boolean HMACOutputLengthSet = false;
 
-   /** Field _macAlgorithm */
-   private Mac _macAlgorithm = null;
-   private boolean _HMACOutputLengthSet = false;
+    /**
+     * Method engineGetURI
+     *
+     *@inheritDoc
+     */
+    public abstract String engineGetURI();
 
-   /** Field _HMACOutputLength */
-   int _HMACOutputLength = 0;
+    /**
+     * Returns the output length of the hash/digest.
+     */
+    abstract int getDigestLength();
 
-   /**
-    * Method IntegrityHmacSHA1das
-    *
-    * @throws XMLSignatureException
-    */
-   public IntegrityHmac() throws XMLSignatureException {
+    /**
+     * Method IntegrityHmac
+     *
+     * @throws XMLSignatureException
+     */
+    public IntegrityHmac() throws XMLSignatureException {
+        String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
+            log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+        }
 
-      String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-      if (log.isLoggable(java.util.logging.Level.FINE))
-        log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+        try {
+            this.macAlgorithm = Mac.getInstance(algorithmID);
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
 
-      try {
-         this._macAlgorithm = Mac.getInstance(algorithmID);
-      } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
+    }
 
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
-      }
-   }
+    /**
+     * Proxy method for {@link java.security.Signature#setParameter(
+     * java.security.spec.AlgorithmParameterSpec)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param params
+     * @throws XMLSignatureException
+     */
+    protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
+        throw new XMLSignatureException("empty");
+    }
 
-   /**
-    * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param params
-    * @throws XMLSignatureException
-    */
-   protected void engineSetParameter(AlgorithmParameterSpec params)
-           throws XMLSignatureException {
-      throw new XMLSignatureException("empty");
-   }
+    public void reset() {
+        HMACOutputLength = 0;
+        HMACOutputLengthSet = false;
+        this.macAlgorithm.reset();
+    }
 
-   public void reset() {
-       _HMACOutputLength=0;
-       _HMACOutputLengthSet = false;
-       _macAlgorithm.reset();
-   }
+    /**
+     * Proxy method for {@link java.security.Signature#verify(byte[])}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param signature
+     * @return true if the signature is correct
+     * @throws XMLSignatureException
+     */
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
+        try {
+            if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
+                }
+                Object[] exArgs = { String.valueOf(getDigestLength()) };
+                throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
+            } else {
+                byte[] completeResult = this.macAlgorithm.doFinal();
+                return MessageDigestAlgorithm.isEqual(completeResult, signature);
+            }
+        } catch (IllegalStateException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-   /**
-    * Proxy method for {@link java.security.Signature#verify(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param signature
-    * @return true if the signature is correct
-    * @throws XMLSignatureException
-    */
-   protected boolean engineVerify(byte[] signature)
-           throws XMLSignatureException {
+    /**
+     * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param secretKey
+     * @throws XMLSignatureException
+     */
+    protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
+        if (!(secretKey instanceof SecretKey)) {
+            String supplied = secretKey.getClass().getName();
+            String needed = SecretKey.class.getName();
+            Object exArgs[] = { supplied, needed };
 
-      try {
-         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE,
-                    "HMACOutputLength must not be less than " + getDigestLength());
-            }
-            throw new XMLSignatureException("errorMessages.XMLSignatureException");
-         } else {
-            byte[] completeResult = this._macAlgorithm.doFinal();
-            return MessageDigestAlgorithm.isEqual(completeResult, signature);
-         }
-      } catch (IllegalStateException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
+        }
 
-   /**
-    * Proxy method for {@link java.security.Signature#initVerify(java.security.PublicKey)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param secretKey
-    * @throws XMLSignatureException
-    */
-   protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
-
-      if (!(secretKey instanceof SecretKey)) {
-         String supplied = secretKey.getClass().getName();
-         String needed = SecretKey.class.getName();
-         Object exArgs[] = { supplied, needed };
-
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
-      }
-
-      try {
-         this._macAlgorithm.init(secretKey);
-      } catch (InvalidKeyException ex) {
+        try {
+            this.macAlgorithm.init(secretKey);
+        } catch (InvalidKeyException ex) {
             // reinstantiate Mac object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Mac mac = this._macAlgorithm;
+            Mac mac = this.macAlgorithm;
             try {
-                this._macAlgorithm = Mac.getInstance
-                    (_macAlgorithm.getAlgorithm());
+                this.macAlgorithm = Mac.getInstance(macAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous Mac
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
                 }
-                this._macAlgorithm = mac;
+                this.macAlgorithm = mac;
             }
             throw new XMLSignatureException("empty", ex);
-      }
-   }
+        }
+    }
 
-   /**
-    * Proxy method for {@link java.security.Signature#sign()}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @return the result of the {@link java.security.Signature#sign()} method
-    * @throws XMLSignatureException
-    */
-   protected byte[] engineSign() throws XMLSignatureException {
+    /**
+     * Proxy method for {@link java.security.Signature#sign()}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @return the result of the {@link java.security.Signature#sign()} method
+     * @throws XMLSignatureException
+     */
+    protected byte[] engineSign() throws XMLSignatureException {
+        try {
+            if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
+                if (log.isLoggable(java.util.logging.Level.FINE)) {
+                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
+                }
+                Object[] exArgs = { String.valueOf(getDigestLength()) };
+                throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
+            } else {
+                return this.macAlgorithm.doFinal();
+            }
+        } catch (IllegalStateException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      try {
-         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
-            if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE,
-                    "HMACOutputLength must not be less than " + getDigestLength());
-            }
-            throw new XMLSignatureException("errorMessages.XMLSignatureException");
-         } else {
-            return this._macAlgorithm.doFinal();
-         }
-      } catch (IllegalStateException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+    /**
+     * Method engineInitSign
+     *
+     * @param secretKey
+     * @throws XMLSignatureException
+     */
+    protected void engineInitSign(Key secretKey) throws XMLSignatureException {
+        if (!(secretKey instanceof SecretKey)) {
+            String supplied = secretKey.getClass().getName();
+            String needed = SecretKey.class.getName();
+            Object exArgs[] = { supplied, needed };
 
-   /**
-    * Method reduceBitLength
-    *
-    * @param completeResult
-    * @return the reduced bits.
-    * @param length
-    *
-    */
-   private static byte[] reduceBitLength(byte completeResult[], int length) {
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
+        }
 
-      int bytes = length / 8;
-      int abits = length % 8;
-      byte[] strippedResult = new byte[bytes + ((abits == 0)
-                                                ? 0
-                                                : 1)];
+        try {
+            this.macAlgorithm.init(secretKey);
+        } catch (InvalidKeyException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      System.arraycopy(completeResult, 0, strippedResult, 0, bytes);
+    /**
+     * Method engineInitSign
+     *
+     * @param secretKey
+     * @param algorithmParameterSpec
+     * @throws XMLSignatureException
+     */
+    protected void engineInitSign(
+        Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
+    ) throws XMLSignatureException {
+        if (!(secretKey instanceof SecretKey)) {
+            String supplied = secretKey.getClass().getName();
+            String needed = SecretKey.class.getName();
+            Object exArgs[] = { supplied, needed };
 
-      if (abits > 0) {
-         byte[] MASK = { (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0,
-                         (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE };
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
+        }
 
-         strippedResult[bytes] = (byte) (completeResult[bytes] & MASK[abits]);
-      }
+        try {
+            this.macAlgorithm.init(secretKey, algorithmParameterSpec);
+        } catch (InvalidKeyException ex) {
+            throw new XMLSignatureException("empty", ex);
+        } catch (InvalidAlgorithmParameterException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      return strippedResult;
-   }
+    /**
+     * Method engineInitSign
+     *
+     * @param secretKey
+     * @param secureRandom
+     * @throws XMLSignatureException
+     */
+    protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
+        throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.CannotUseSecureRandomOnMAC");
+    }
 
-   /**
-    * Method engineInitSign
-    *
-    * @param secretKey
-    * @throws XMLSignatureException
-    */
-   protected void engineInitSign(Key secretKey) throws XMLSignatureException {
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte[])}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param input
+     * @throws XMLSignatureException
+     */
+    protected void engineUpdate(byte[] input) throws XMLSignatureException {
+        try {
+            this.macAlgorithm.update(input);
+        } catch (IllegalStateException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      if (!(secretKey instanceof SecretKey)) {
-         String supplied = secretKey.getClass().getName();
-         String needed = SecretKey.class.getName();
-         Object exArgs[] = { supplied, needed };
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param input
+     * @throws XMLSignatureException
+     */
+    protected void engineUpdate(byte input) throws XMLSignatureException {
+        try {
+            this.macAlgorithm.update(input);
+        } catch (IllegalStateException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
-      }
+    /**
+     * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
+     * which is executed on the internal {@link java.security.Signature} object.
+     *
+     * @param buf
+     * @param offset
+     * @param len
+     * @throws XMLSignatureException
+     */
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
+        try {
+            this.macAlgorithm.update(buf, offset, len);
+        } catch (IllegalStateException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      try {
-         this._macAlgorithm.init(secretKey);
-      } catch (InvalidKeyException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+    /**
+     * Method engineGetJCEAlgorithmString
+     * @inheritDoc
+     *
+     */
+    protected String engineGetJCEAlgorithmString() {
+        return this.macAlgorithm.getAlgorithm();
+    }
 
-   /**
-    * Method engineInitSign
-    *
-    * @param secretKey
-    * @param algorithmParameterSpec
-    * @throws XMLSignatureException
-    */
-   protected void engineInitSign(
-           Key secretKey, AlgorithmParameterSpec algorithmParameterSpec)
-              throws XMLSignatureException {
+    /**
+     * Method engineGetJCEAlgorithmString
+     *
+     * @inheritDoc
+     */
+    protected String engineGetJCEProviderName() {
+        return this.macAlgorithm.getProvider().getName();
+    }
 
-      if (!(secretKey instanceof SecretKey)) {
-         String supplied = secretKey.getClass().getName();
-         String needed = SecretKey.class.getName();
-         Object exArgs[] = { supplied, needed };
+    /**
+     * Method engineSetHMACOutputLength
+     *
+     * @param HMACOutputLength
+     */
+    protected void engineSetHMACOutputLength(int HMACOutputLength) {
+        this.HMACOutputLength = HMACOutputLength;
+        this.HMACOutputLengthSet = true;
+    }
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
-                                         exArgs);
-      }
+    /**
+     * Method engineGetContextFromElement
+     *
+     * @param element
+     */
+    protected void engineGetContextFromElement(Element element) {
+        super.engineGetContextFromElement(element);
 
-      try {
-         this._macAlgorithm.init(secretKey, algorithmParameterSpec);
-      } catch (InvalidKeyException ex) {
-         throw new XMLSignatureException("empty", ex);
-      } catch (InvalidAlgorithmParameterException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+        if (element == null) {
+            throw new IllegalArgumentException("element null");
+        }
 
-   /**
-    * Method engineInitSign
-    *
-    * @param secretKey
-    * @param secureRandom
-    * @throws XMLSignatureException
-    */
-   protected void engineInitSign(Key secretKey, SecureRandom secureRandom)
-           throws XMLSignatureException {
-      throw new XMLSignatureException("algorithms.CannotUseSecureRandomOnMAC");
-   }
+        Text hmaclength =
+            XMLUtils.selectDsNodeText(element.getFirstChild(), Constants._TAG_HMACOUTPUTLENGTH, 0);
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param input
-    * @throws XMLSignatureException
-    */
-   protected void engineUpdate(byte[] input) throws XMLSignatureException {
+        if (hmaclength != null) {
+            this.HMACOutputLength = Integer.parseInt(hmaclength.getData());
+            this.HMACOutputLengthSet = true;
+        }
+    }
 
-      try {
-         this._macAlgorithm.update(input);
-      } catch (IllegalStateException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+    /**
+     * Method engineAddContextToElement
+     *
+     * @param element
+     */
+    public void engineAddContextToElement(Element element) {
+        if (element == null) {
+            throw new IllegalArgumentException("null element");
+        }
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param input
-    * @throws XMLSignatureException
-    */
-   protected void engineUpdate(byte input) throws XMLSignatureException {
+        if (this.HMACOutputLengthSet) {
+            Document doc = element.getOwnerDocument();
+            Element HMElem =
+                XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_HMACOUTPUTLENGTH);
+            Text HMText =
+                doc.createTextNode(Integer.valueOf(this.HMACOutputLength).toString());
 
-      try {
-         this._macAlgorithm.update(input);
-      } catch (IllegalStateException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+            HMElem.appendChild(HMText);
+            XMLUtils.addReturnToElement(element);
+            element.appendChild(HMElem);
+            XMLUtils.addReturnToElement(element);
+        }
+    }
 
-   /**
-    * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
-    * which is executed on the internal {@link java.security.Signature} object.
-    *
-    * @param buf
-    * @param offset
-    * @param len
-    * @throws XMLSignatureException
-    */
-   protected void engineUpdate(byte buf[], int offset, int len)
-           throws XMLSignatureException {
+    /**
+     * Class IntegrityHmacSHA1
+     */
+    public static class IntegrityHmacSHA1 extends IntegrityHmac {
 
-      try {
-         this._macAlgorithm.update(buf, offset, len);
-      } catch (IllegalStateException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
+        /**
+         * Constructor IntegrityHmacSHA1
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA1() throws XMLSignatureException {
+            super();
+        }
 
-   /**
-    * Method engineGetJCEAlgorithmString
-    * @inheritDoc
-    *
-    */
-   protected String engineGetJCEAlgorithmString() {
+        /**
+         * Method engineGetURI
+         * @inheritDoc
+         *
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
+        }
 
-      log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
+        int getDigestLength() {
+            return 160;
+        }
+    }
 
-      return this._macAlgorithm.getAlgorithm();
-   }
+    /**
+     * Class IntegrityHmacSHA256
+     */
+    public static class IntegrityHmacSHA256 extends IntegrityHmac {
 
-   /**
-    * Method engineGetJCEAlgorithmString
-    *
-    * @inheritDoc
-    */
-   protected String engineGetJCEProviderName() {
-      return this._macAlgorithm.getProvider().getName();
-   }
+        /**
+         * Constructor IntegrityHmacSHA256
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA256() throws XMLSignatureException {
+            super();
+        }
 
-   /**
-    * Method engineSetHMACOutputLength
-    *
-    * @param HMACOutputLength
-    */
-   protected void engineSetHMACOutputLength(int HMACOutputLength) {
-      this._HMACOutputLength = HMACOutputLength;
-      this._HMACOutputLengthSet = true;
-   }
+        /**
+         * Method engineGetURI
+         *
+         * @inheritDoc
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
+        }
 
-   /**
-    * Method engineGetContextFromElement
-    *
-    * @param element
-    */
-   protected void engineGetContextFromElement(Element element) {
+        int getDigestLength() {
+            return 256;
+        }
+    }
 
-      super.engineGetContextFromElement(element);
+    /**
+     * Class IntegrityHmacSHA384
+     */
+    public static class IntegrityHmacSHA384 extends IntegrityHmac {
 
-      if (element == null) {
-         throw new IllegalArgumentException("element null");
-      }
+        /**
+         * Constructor IntegrityHmacSHA384
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA384() throws XMLSignatureException {
+            super();
+        }
 
-      Text hmaclength =XMLUtils.selectDsNodeText(element.getFirstChild(),
-         Constants._TAG_HMACOUTPUTLENGTH,0);
+        /**
+         * Method engineGetURI
+         * @inheritDoc
+         *
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA384;
+        }
 
-      if (hmaclength != null) {
-         this._HMACOutputLength = Integer.parseInt(hmaclength.getData());
-         this._HMACOutputLengthSet = true;
-      }
+        int getDigestLength() {
+            return 384;
+        }
+    }
 
-   }
+    /**
+     * Class IntegrityHmacSHA512
+     */
+    public static class IntegrityHmacSHA512 extends IntegrityHmac {
 
-   /**
-    * Method engineAddContextToElement
-    *
-    * @param element
-    */
-   public void engineAddContextToElement(Element element) {
+        /**
+         * Constructor IntegrityHmacSHA512
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacSHA512() throws XMLSignatureException {
+            super();
+        }
 
-      if (element == null) {
-         throw new IllegalArgumentException("null element");
-      }
+        /**
+         * Method engineGetURI
+         * @inheritDoc
+         *
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_SHA512;
+        }
 
-      if (this._HMACOutputLengthSet) {
-         Document doc = element.getOwnerDocument();
-         Element HMElem = XMLUtils.createElementInSignatureSpace(doc,
-                             Constants._TAG_HMACOUTPUTLENGTH);
-         Text HMText =
-            doc.createTextNode(new Integer(this._HMACOutputLength).toString());
+        int getDigestLength() {
+            return 512;
+        }
+    }
 
-         HMElem.appendChild(HMText);
-         XMLUtils.addReturnToElement(element);
-         element.appendChild(HMElem);
-         XMLUtils.addReturnToElement(element);
-      }
-   }
+    /**
+     * Class IntegrityHmacRIPEMD160
+     */
+    public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
 
-   /**
-    * Class IntegrityHmacSHA1
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacSHA1 extends IntegrityHmac {
+        /**
+         * Constructor IntegrityHmacRIPEMD160
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacRIPEMD160() throws XMLSignatureException {
+            super();
+        }
 
-      /**
-       * Constructor IntegrityHmacSHA1
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacSHA1() throws XMLSignatureException {
-         super();
-      }
+        /**
+         * Method engineGetURI
+         *
+         * @inheritDoc
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
+        }
 
-      /**
-       * Method engineGetURI
-       * @inheritDoc
-       *
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_SHA1;
-      }
+        int getDigestLength() {
+            return 160;
+        }
+    }
 
-      int getDigestLength() {
-          return 160;
-      }
-   }
+    /**
+     * Class IntegrityHmacMD5
+     */
+    public static class IntegrityHmacMD5 extends IntegrityHmac {
 
-   /**
-    * Class IntegrityHmacSHA256
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacSHA256 extends IntegrityHmac {
+        /**
+         * Constructor IntegrityHmacMD5
+         *
+         * @throws XMLSignatureException
+         */
+        public IntegrityHmacMD5() throws XMLSignatureException {
+            super();
+        }
 
-      /**
-       * Constructor IntegrityHmacSHA256
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacSHA256() throws XMLSignatureException {
-         super();
-      }
+        /**
+         * Method engineGetURI
+         *
+         * @inheritDoc
+         */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
+        }
 
-      /**
-       * Method engineGetURI
-       *
-       * @inheritDoc
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_SHA256;
-      }
-
-      int getDigestLength() {
-          return 256;
-      }
-   }
-
-   /**
-    * Class IntegrityHmacSHA384
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacSHA384 extends IntegrityHmac {
-
-      /**
-       * Constructor IntegrityHmacSHA384
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacSHA384() throws XMLSignatureException {
-         super();
-      }
-
-      /**
-       * Method engineGetURI
-       * @inheritDoc
-       *
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_SHA384;
-      }
-
-      int getDigestLength() {
-          return 384;
-      }
-   }
-
-   /**
-    * Class IntegrityHmacSHA512
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacSHA512 extends IntegrityHmac {
-
-      /**
-       * Constructor IntegrityHmacSHA512
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacSHA512() throws XMLSignatureException {
-         super();
-      }
-
-      /**
-       * Method engineGetURI
-       * @inheritDoc
-       *
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_SHA512;
-      }
-
-      int getDigestLength() {
-          return 512;
-      }
-   }
-
-   /**
-    * Class IntegrityHmacRIPEMD160
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
-
-      /**
-       * Constructor IntegrityHmacRIPEMD160
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacRIPEMD160() throws XMLSignatureException {
-         super();
-      }
-
-      /**
-       * Method engineGetURI
-       *
-       * @inheritDoc
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_RIPEMD160;
-      }
-
-      int getDigestLength() {
-          return 160;
-      }
-   }
-
-   /**
-    * Class IntegrityHmacMD5
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
-    */
-   public static class IntegrityHmacMD5 extends IntegrityHmac {
-
-      /**
-       * Constructor IntegrityHmacMD5
-       *
-       * @throws XMLSignatureException
-       */
-      public IntegrityHmacMD5() throws XMLSignatureException {
-         super();
-      }
-
-      /**
-       * Method engineGetURI
-       *
-       * @inheritDoc
-       */
-      public String engineGetURI() {
-         return XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5;
-      }
-
-      int getDigestLength() {
-          return 128;
-      }
-   }
+        int getDigestLength() {
+            return 128;
+        }
+    }
 }
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2007 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
@@ -36,22 +38,17 @@
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
-    /** {@link java.util.logging} logging facility */
-    static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger
-        (SignatureBaseRSA.class.getName());
+    /** {@link org.apache.commons.logging} logging facility */
+    private static java.util.logging.Logger log =
+        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
 
     /** @inheritDoc */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Constructor SignatureRSA
@@ -59,17 +56,17 @@
      * @throws XMLSignatureException
      */
     public SignatureBaseRSA() throws XMLSignatureException {
-
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE))
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
-        String provider=JCEMapper.getProviderId();
+        }
+        String provider = JCEMapper.getProviderId();
         try {
-            if (provider==null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+            if (provider == null) {
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -85,20 +82,17 @@
     /** @inheritDoc */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-            this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected boolean engineVerify(byte[] signature)
-        throws XMLSignatureException {
-
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
         try {
-            return this._signatureAlgorithm.verify(signature);
+            return this.signatureAlgorithm.verify(signature);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -106,32 +100,29 @@
 
     /** @inheritDoc */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
         if (!(publicKey instanceof PublicKey)) {
             String supplied = publicKey.getClass().getName();
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
-                ("algorithms.WrongKeyForThisOperation", exArgs);
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
-                    (_signatureAlgorithm.getAlgorithm());
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -140,7 +131,7 @@
     /** @inheritDoc */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
-            return this._signatureAlgorithm.sign();
+            return this.signatureAlgorithm.sign();
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -149,19 +140,16 @@
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
-                ("algorithms.WrongKeyForThisOperation", exArgs);
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign
-                ((PrivateKey) privateKey, secureRandom);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -169,18 +157,16 @@
 
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
-                ("algorithms.WrongKeyForThisOperation", exArgs);
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -189,7 +175,7 @@
     /** @inheritDoc */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -198,17 +184,16 @@
     /** @inheritDoc */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected void engineUpdate(byte buf[], int offset, int len)
-        throws XMLSignatureException {
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -216,34 +201,29 @@
 
     /** @inheritDoc */
     protected String engineGetJCEAlgorithmString() {
-        return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /** @inheritDoc */
     protected String engineGetJCEProviderName() {
-        return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /** @inheritDoc */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
-        throw new XMLSignatureException
-            ("algorithms.HMACOutputLengthOnlyForHMAC");
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /** @inheritDoc */
     protected void engineInitSign(
-        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
-        throws XMLSignatureException {
-        throw new XMLSignatureException(
-            "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
+    ) throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
     }
 
     /**
      * Class SignatureRSASHA1
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA1 extends SignatureBaseRSA {
 
@@ -264,9 +244,6 @@
 
     /**
      * Class SignatureRSASHA256
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
 
@@ -287,9 +264,6 @@
 
     /**
      * Class SignatureRSASHA384
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA384 extends SignatureBaseRSA {
 
@@ -310,9 +284,6 @@
 
     /**
      * Class SignatureRSASHA512
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA512 extends SignatureBaseRSA {
 
@@ -333,9 +304,6 @@
 
     /**
      * Class SignatureRSARIPEMD160
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
 
@@ -356,9 +324,6 @@
 
     /**
      * Class SignatureRSAMD5
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSAMD5 extends SignatureBaseRSA {
 
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Mon Jul 15 11:04:53 2013 +0100
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java	Mon Jul 22 13:59:51 2013 +0100
@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
- * Copyright  1999-2004 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOU