--- a/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java	Fri Sep 26 22:24:50 2014 +0100
+++ b/jdk/src/java.base/share/classes/javax/crypto/JceSecurity.java	Fri Sep 26 17:05:05 2014 -0700
@@ -76,12 +76,14 @@
     static {
         try {
             AccessController.doPrivileged(
-                new PrivilegedExceptionAction<Object>() {
-                    public Object run() throws Exception {
+                new PrivilegedExceptionAction<Void> () {
+                    @Override
+                    public Void run() throws Exception {
                         setupJurisdictionPolicies();
                         return null;
                     }
-                });
+                }
+            );
 
             isRestricted = defaultPolicy.implies(
                 CryptoAllPermission.INSTANCE) ? false : true;
@@ -143,9 +145,9 @@
      * @throws Exception on error
      */
     static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception {
-        JarVerifier jv = new JarVerifier(codeBase, true);
-        jv.verify();
-        return jv.getPermissions();
+        ProviderVerifier pv = new ProviderVerifier(codeBase, true);
+        pv.verify();
+        return pv.getPermissions();
     }
 
     /**
@@ -153,11 +155,11 @@
      *
      * @throws Exception on error
      */
-    static void verifyProviderJar(URL codeBase) throws Exception {
+    static void verifyProvider(URL codeBase, Provider p) throws Exception {
         // Verify the provider JAR file and all
         // supporting JAR files if there are any.
-        JarVerifier jv = new JarVerifier(codeBase, false);
-        jv.verify();
+        ProviderVerifier pv = new ProviderVerifier(codeBase, p, false);
+        pv.verify();
     }
 
     private final static Object PROVIDER_VERIFIED = Boolean.TRUE;
@@ -183,7 +185,7 @@
         try {
             verifyingProviders.put(p, Boolean.FALSE);
             URL providerURL = getCodeBase(p.getClass());
-            verifyProviderJar(providerURL);
+            verifyProvider(providerURL, p);
             // Verified ok, cache result
             verificationResults.put(p, PROVIDER_VERIFIED);
             return null;
@@ -222,18 +224,20 @@
         synchronized (codeBaseCacheRef) {
             URL url = codeBaseCacheRef.get(clazz);
             if (url == null) {
-                url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
-                    public URL run() {
-                        ProtectionDomain pd = clazz.getProtectionDomain();
-                        if (pd != null) {
-                            CodeSource cs = pd.getCodeSource();
-                            if (cs != null) {
-                                return cs.getLocation();
+                url = AccessController.doPrivileged(
+                    new PrivilegedAction<URL>() {
+                        @Override
+                        public URL run() {
+                            ProtectionDomain pd = clazz.getProtectionDomain();
+                            if (pd != null) {
+                                CodeSource cs = pd.getCodeSource();
+                                if (cs != null) {
+                                    return cs.getLocation();
+                                }
                             }
+                            return NULL_URL;
                         }
-                        return NULL_URL;
-                    }
-                });
+                    });
                 codeBaseCacheRef.put(clazz, url);
             }
             return (url == NULL_URL) ? null : url;
@@ -315,7 +319,7 @@
             // Enforce the signer restraint, i.e. signer of JCE framework
             // jar should also be the signer of the two jurisdiction policy
             // jar files.
-            JarVerifier.verifyPolicySigned(je.getCertificates());
+            ProviderVerifier.verifyPolicySigned(je.getCertificates());
         }
         // Close and nullify the JarFile reference to help GC.
         jf.close();