Merge
authorlana
Thu, 30 Mar 2017 17:23:52 +0000
changeset 44420 ae0000fbbb2c
parent 44413 f53dbdea3fc4 (current diff)
parent 44419 c29f26282ba0 (diff)
child 44421 3ab80e087775
child 44428 e8db842f5496
Merge
--- a/jdk/make/GenerateModuleSummary.gmk	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/GenerateModuleSummary.gmk	Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
 include ModuleTools.gmk
 
 GENGRAPHS_DIR := $(IMAGES_OUTPUTDIR)/gengraphs
-SPEC_DOTFILES_DIR := $(IMAGES_OUTPUTDIR)/spec-dotfiles
+SPEC_DOTFILES_DIR := $(GENGRAPHS_DIR)/spec-dotfiles
 TOOLS_MODULE_SRCDIR := $(JDK_TOPDIR)/make/src/classes/build/tools/jigsaw
 
 $(GENGRAPHS_DIR)/jdk.dot: $(BUILD_JIGSAW_TOOLS)
--- a/jdk/make/ModuleTools.gmk	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/ModuleTools.gmk	Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -23,8 +23,9 @@
 # questions.
 #
 
-include $(SPEC)
-include MakeBase.gmk
+ifndef _MODULE_TOOLS_GMK
+_MODULE_TOOLS_GMK := 1
+
 include JavaCompilation.gmk
 
 TOOLS_CLASSES_DIR := $(BUILDTOOLS_OUTPUTDIR)/tools_jigsaw_classes
@@ -32,7 +33,7 @@
 # To avoid reevaluating the compilation setup for the tools each time this file
 # is included, the actual compilation is handled by CompileModuleTools.gmk. The
 # following trick is used to be able to declare a dependency on the built tools.
-BUILD_TOOLS_JDK := $(call SetupJavaCompilationCompileTarget, \
+BUILD_JIGSAW_TOOLS := $(call SetupJavaCompilationCompileTarget, \
     BUILD_JIGSAW_TOOLS, $(TOOLS_CLASSES_DIR))
 
 TOOL_GENGRAPHS := $(BUILD_JAVA) -esa -ea -cp $(TOOLS_CLASSES_DIR) \
@@ -47,3 +48,5 @@
     -cp $(TOOLS_CLASSES_DIR) \
     --add-exports java.base/jdk.internal.module=ALL-UNNAMED \
     build.tools.jigsaw.AddPackagesAttribute
+
+endif # _MODULE_TOOLS_GMK
--- a/jdk/make/src/classes/build/tools/jigsaw/GenGraphs.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/src/classes/build/tools/jigsaw/GenGraphs.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,7 +26,6 @@
 package build.tools.jigsaw;
 
 import com.sun.tools.jdeps.ModuleDotGraph;
-import com.sun.tools.jdeps.ModuleDotGraph.DotGraphBuilder;
 
 import java.io.IOException;
 import java.lang.module.Configuration;
@@ -36,10 +35,15 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
 
 /**
  * Generate the DOT file for a module graph for each module in the JDK
@@ -50,13 +54,19 @@
     public static void main(String[] args) throws Exception {
         Path dir = null;
         boolean spec = false;
+        Properties props = null;
         for (int i=0; i < args.length; i++) {
             String arg = args[i];
             if (arg.equals("--spec")) {
                 spec = true;
+            } else if (arg.equals("--dot-attributes")) {
+                if (i++ == args.length) {
+                    throw new IllegalArgumentException("Missing argument: --dot-attributes option");
+                }
+                props = new Properties();
+                props.load(Files.newInputStream(Paths.get(args[i])));
             } else if (arg.equals("--output")) {
-                i++;
-                dir = i < args.length ? Paths.get(args[i]) : null;
+                dir = ++i < args.length ? Paths.get(args[i]) : null;
             } else if (arg.startsWith("-")) {
                 throw new IllegalArgumentException("Invalid option: " + arg);
             }
@@ -67,11 +77,14 @@
             System.exit(1);
         }
 
-        // setup and configure the dot graph attributes
-        initDotGraphAttributes();
         Files.createDirectories(dir);
-
-        GenGraphs genGraphs = new GenGraphs(dir, spec);
+        ModuleGraphAttributes attributes;
+        if (props != null) {
+            attributes = new ModuleGraphAttributes(props);
+        } else {
+            attributes = new ModuleGraphAttributes();
+        }
+        GenGraphs genGraphs = new GenGraphs(dir, spec, attributes);
 
         // print dot file for each module
         Map<String, Configuration> configurations = new HashMap<>();
@@ -99,49 +112,149 @@
         genGraphs.genDotFiles(configurations);
     }
 
-    static void initDotGraphAttributes() {
-        int h = 1000;
-        DotGraphBuilder.weight("java.se", "java.sql.rowset", h * 10);
-        DotGraphBuilder.weight("java.sql.rowset", "java.sql", h * 10);
-        DotGraphBuilder.weight("java.sql", "java.xml", h * 10);
-        DotGraphBuilder.weight("java.xml", "java.base", h * 10);
+    /**
+     * Custom dot file attributes.
+     */
+    static class ModuleGraphAttributes implements ModuleDotGraph.Attributes {
+        static Map<String, String> DEFAULT_ATTRIBUTES = Map.of(
+            "ranksep", "0.6",
+            "fontsize", "12",
+            "fontcolor", BLACK,
+            "fontname", "DejaVuSans",
+            "arrowsize", "1",
+            "arrowwidth", "2",
+            "arrowcolor", DARK_GRAY,
+            // custom
+            "requiresMandatedColor", LIGHT_GRAY,
+            "javaSubgraphColor", ORANGE,
+            "jdkSubgraphColor", BLUE
+        );
+
+        final Map<String, Integer> weights = new HashMap<>();
+        final List<Set<String>> ranks = new ArrayList<>();
+        final Map<String, String> attrs;
+        ModuleGraphAttributes(Map<String, String> attrs) {
+            int h = 1000;
+            weight("java.se", "java.sql.rowset", h * 10);
+            weight("java.sql.rowset", "java.sql", h * 10);
+            weight("java.sql", "java.xml", h * 10);
+            weight("java.xml", "java.base", h * 10);
+
+            ranks.add(Set.of("java.logging", "java.scripting", "java.xml"));
+            ranks.add(Set.of("java.sql"));
+            ranks.add(Set.of("java.compiler", "java.instrument"));
+            ranks.add(Set.of("java.desktop", "java.management"));
+            ranks.add(Set.of("java.corba", "java.xml.ws"));
+            ranks.add(Set.of("java.xml.bind", "java.xml.ws.annotation"));
+
+            this.attrs = attrs;
+        }
+
+        ModuleGraphAttributes() {
+            this(DEFAULT_ATTRIBUTES);
+        }
+        ModuleGraphAttributes(Properties props) {
+            this(toAttributes(props));
+        }
+
+        @Override
+        public double rankSep() {
+            return Double.valueOf(attrs.get("ranksep"));
+        }
+
+        @Override
+        public int fontSize() {
+            return Integer.valueOf(attrs.get("fontsize"));
+        }
+
+        @Override
+        public String fontName() {
+            return attrs.get("fontname");
+        }
 
-        DotGraphBuilder.sameRankNodes(Set.of("java.logging", "java.scripting", "java.xml"));
-        DotGraphBuilder.sameRankNodes(Set.of("java.sql"));
-        DotGraphBuilder.sameRankNodes(Set.of("java.compiler", "java.instrument"));
-        DotGraphBuilder.sameRankNodes(Set.of("java.desktop", "java.management"));
-        DotGraphBuilder.sameRankNodes(Set.of("java.corba", "java.xml.ws"));
-        DotGraphBuilder.sameRankNodes(Set.of("java.xml.bind", "java.xml.ws.annotation"));
-        DotGraphBuilder.setRankSep(0.7);
-        DotGraphBuilder.setFontSize(12);
-        DotGraphBuilder.setArrowSize(1);
-        DotGraphBuilder.setArrowWidth(2);
+        @Override
+        public String fontColor() {
+            return attrs.get("fontcolor");
+        }
+
+        @Override
+        public int arrowSize() {
+            return Integer.valueOf(attrs.get("arrowsize"));
+        }
+
+        @Override
+        public int arrowWidth() {
+            return Integer.valueOf(attrs.get("arrowwidth"));
+        }
+
+        @Override
+        public String arrowColor() {
+            return attrs.get("arrowcolor");
+        }
+
+        @Override
+        public List<Set<String>> ranks() {
+            return ranks;
+        }
+
+        @Override
+        public String requiresMandatedColor() {
+            return attrs.get("requiresMandatedColor");
+        }
+
+        @Override
+        public String javaSubgraphColor() {
+            return attrs.get("javaSubgraphColor");
+        }
+
+        @Override
+        public String jdkSubgraphColor() {
+            return attrs.get("jdkSubgraphColor");
+        }
+
+        @Override
+        public int weightOf(String s, String t) {
+            int w = weights.getOrDefault(s + ":" + t, 1);
+            if (w != 1)
+                return w;
+            if (s.startsWith("java.") && t.startsWith("java."))
+                return 10;
+            return 1;
+        }
+
+        public void weight(String s, String t, int w) {
+            weights.put(s + ":" + t, w);
+        }
+
+        static Map<String, String> toAttributes(Properties props) {
+            return DEFAULT_ATTRIBUTES.keySet().stream()
+                .collect(Collectors.toMap(Function.identity(),
+                    k -> props.getProperty(k, DEFAULT_ATTRIBUTES.get(k))));
+        }
     }
 
     private final Path dir;
     private final boolean spec;
-    GenGraphs(Path dir, boolean spec) {
+    private final ModuleGraphAttributes attributes;
+    GenGraphs(Path dir, boolean spec, ModuleGraphAttributes attributes) {
         this.dir = dir;
         this.spec = spec;
+        this.attributes = attributes;
     }
 
     void genDotFiles(Map<String, Configuration> configurations) throws IOException {
         ModuleDotGraph dotGraph = new ModuleDotGraph(configurations, spec);
-        dotGraph.genDotFiles(dir);
+        dotGraph.genDotFiles(dir, attributes);
     }
 
+    /**
+     * Returns true for any name if generating graph for non-spec;
+     * otherwise, returns true except "jdk" and name with "jdk.internal." prefix
+     */
     boolean accept(String name, ModuleDescriptor descriptor) {
-        if (!spec) return true;
-
-        if (name.equals("jdk"))
-            return false;
-
-        if (name.equals("java.se") || name.equals("java.se.ee"))
+        if (!spec)
             return true;
 
-        // only the module that has exported API
-        return descriptor.exports().stream()
-                         .filter(e -> !e.isQualified())
-                         .findAny().isPresent();
+        return !name.equals("jdk") && !name.startsWith("jdk.internal.");
     }
-}
\ No newline at end of file
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/src/classes/build/tools/jigsaw/javadoc-graphs.properties	Thu Mar 30 17:23:52 2017 +0000
@@ -0,0 +1,2 @@
+arrowcolor=#999999
+requiresMandatedColor=#999999
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/src/classes/build/tools/taglet/ModuleGraph.java	Thu Mar 30 17:23:52 2017 +0000
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package build.tools.taglet;
+
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+import javax.lang.model.element.Element;
+import com.sun.source.doctree.DocTree;
+import jdk.javadoc.doclet.Taglet;
+import static jdk.javadoc.doclet.Taglet.Location.*;
+
+/**
+ * A block tag to optionally insert a reference to a module graph.
+ */
+public class ModuleGraph implements Taglet {
+    private static final boolean enableModuleGraph =
+        Boolean.getBoolean("enableModuleGraph");
+
+    /** Returns the set of locations in which a taglet may be used. */
+    @Override
+    public Set<Location> getAllowedLocations() {
+        return EnumSet.of(MODULE);
+    }
+
+    @Override
+    public boolean isInlineTag() {
+        return false;
+    }
+
+    @Override
+    public String getName() {
+        return "moduleGraph";
+    }
+
+    @Override
+    public String toString(List<? extends DocTree> tags, Element element) {
+        if (!enableModuleGraph) {
+            return "";
+        }
+
+        String moduleName = element.getSimpleName().toString();
+        String imageFile = moduleName + "-graph.png";
+        int thumbnailHeight = -1;
+        String hoverImage = "";
+        if (!moduleName.equals("java.base")) {
+            thumbnailHeight = 100; // also appears in the stylesheet
+            hoverImage = "<span>"
+                + getImage(moduleName, imageFile, -1, true)
+                + "</span>";
+        }
+        return "<dt>"
+            + "<span class=\"simpleTagLabel\">Module Graph:</span>\n"
+            + "</dt>"
+            + "<dd>"
+            + "<a class=moduleGraph href=\"" + imageFile + "\">"
+            + getImage(moduleName, imageFile, thumbnailHeight, false)
+            + hoverImage
+            + "</a>"
+            + "</dd>";
+    }
+
+    private static final String VERTICAL_ALIGN = "vertical-align:top";
+    private static final String BORDER = "border: solid lightgray 1px;";
+
+    private String getImage(String moduleName, String file, int height, boolean useBorder) {
+        return String.format("<img style=\"%s\" alt=\"Module graph for %s\" src=\"%s\"%s>",
+                             useBorder ? BORDER + " " + VERTICAL_ALIGN : VERTICAL_ALIGN,
+                             moduleName,
+                             file,
+                             (height <= 0 ? "" : " height=\"" + height + "\""));
+    }
+}
--- a/jdk/src/java.base/share/classes/java/lang/System.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/lang/System.java	Thu Mar 30 17:23:52 2017 +0000
@@ -1568,6 +1568,14 @@
      * obtained by calling {@link LoggerFinder#getLogger(java.lang.String,
      * java.lang.reflect.Module) LoggerFinder.getLogger(name, module)}, where
      * {@code module} is the caller's module.
+     * In cases where {@code System.getLogger} is called from a context where
+     * there is no caller frame on the stack (e.g when called directly
+     * from a JNI attached thread), {@code IllegalCallerException} is thrown.
+     * To obtain a logger in such a context, use an auxiliary class that will
+     * implicitly be identified as the caller, or use the system {@link
+     * LoggerFinder#getLoggerFinder() LoggerFinder} to obtain a logger instead.
+     * Note that doing the latter may eagerly initialize the underlying
+     * logging system.
      *
      * @apiNote
      * This method may defer calling the {@link
@@ -1580,6 +1588,8 @@
      * @return an instance of {@link Logger} that can be used by the calling
      *         class.
      * @throws NullPointerException if {@code name} is {@code null}.
+     * @throws IllegalCallerException if there is no Java caller frame on the
+     *         stack.
      *
      * @since 9
      */
@@ -1587,6 +1597,9 @@
     public static Logger getLogger(String name) {
         Objects.requireNonNull(name);
         final Class<?> caller = Reflection.getCallerClass();
+        if (caller == null) {
+            throw new IllegalCallerException("no caller frame");
+        }
         return LazyLoggers.getLogger(name, caller.getModule());
     }
 
@@ -1600,8 +1613,16 @@
      * The returned logger will perform message localization as specified
      * by {@link LoggerFinder#getLocalizedLogger(java.lang.String,
      * java.util.ResourceBundle, java.lang.reflect.Module)
-     * LoggerFinder.getLocalizedLogger(name, bundle, module}, where
+     * LoggerFinder.getLocalizedLogger(name, bundle, module)}, where
      * {@code module} is the caller's module.
+     * In cases where {@code System.getLogger} is called from a context where
+     * there is no caller frame on the stack (e.g when called directly
+     * from a JNI attached thread), {@code IllegalCallerException} is thrown.
+     * To obtain a logger in such a context, use an auxiliary class that
+     * will implicitly be identified as the caller, or use the system {@link
+     * LoggerFinder#getLoggerFinder() LoggerFinder} to obtain a logger instead.
+     * Note that doing the latter may eagerly initialize the underlying
+     * logging system.
      *
      * @apiNote
      * This method is intended to be used after the system is fully initialized.
@@ -1620,6 +1641,8 @@
      * resource bundle for message localization.
      * @throws NullPointerException if {@code name} is {@code null} or
      *         {@code bundle} is {@code null}.
+     * @throws IllegalCallerException if there is no Java caller frame on the
+     *         stack.
      *
      * @since 9
      */
@@ -1628,6 +1651,9 @@
         final ResourceBundle rb = Objects.requireNonNull(bundle);
         Objects.requireNonNull(name);
         final Class<?> caller = Reflection.getCallerClass();
+        if (caller == null) {
+            throw new IllegalCallerException("no caller frame");
+        }
         final SecurityManager sm = System.getSecurityManager();
         // We don't use LazyLoggers if a resource bundle is specified.
         // Bootstrap sensitive classes in the JDK do not use resource bundles
--- a/jdk/src/java.base/share/classes/java/util/jar/Pack200.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/util/jar/Pack200.java	Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -452,13 +452,13 @@
         String CODE_ATTRIBUTE_PFX       = "pack.code.attribute.";
 
         /**
-         * The unpacker's progress as a percentage, as periodically
-         * updated by the unpacker.
+         * The packer's progress as a percentage, as periodically
+         * updated by the packer.
          * Values of 0 - 100 are normal, and -1 indicates a stall.
          * Progress can be monitored by polling the value of this
          * property.
          * <p>
-         * At a minimum, the unpacker must set progress to 0
+         * At a minimum, the packer must set progress to 0
          * at the beginning of a packing operation, and to 100
          * at the end.
          */
@@ -623,7 +623,7 @@
          * property.
          * <p>
          * At a minimum, the unpacker must set progress to 0
-         * at the beginning of a packing operation, and to 100
+         * at the beginning of an unpacking operation, and to 100
          * at the end.
          */
         String PROGRESS         = "unpack.progress";
@@ -631,7 +631,7 @@
         /**
          * Get the set of this engine's properties. This set is
          * a "live view", so that changing its
-         * contents immediately affects the Packer engine, and
+         * contents immediately affects the Unpacker engine, and
          * changes from the engine (such as progress indications)
          * are immediately visible in the map.
          *
--- a/jdk/src/java.base/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the foundational APIs of the Java SE Platform.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.base {
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java	Thu Mar 30 17:23:52 2017 +0000
@@ -1025,6 +1025,13 @@
             cf = CertificateFactory.getInstance("X509");
         }
 
+        // -trustcacerts can only be specified on -importcert.
+        // Reset it so that warnings on CA cert will remain for
+        // -printcert, etc.
+        if (command != IMPORTCERT) {
+            trustcacerts = false;
+        }
+
         if (trustcacerts) {
             caks = KeyStoreUtil.getCacertsKeyStore();
         }
@@ -1758,9 +1765,8 @@
         if (keyPass == null) {
             keyPass = promptForKeyPass(alias, null, storePass);
         }
+        checkWeak(rb.getString("the.generated.certificate"), chain[0]);
         keyStore.setKeyEntry(alias, privKey, keyPass, chain);
-
-        checkWeak(rb.getString("the.generated.certificate"), chain[0]);
     }
 
     /**
@@ -2118,6 +2124,10 @@
         }
 
         try {
+            Certificate c = srckeystore.getCertificate(alias);
+            if (c != null) {
+                checkWeak("<" + newAlias + ">", c);
+            }
             keyStore.setEntry(newAlias, entry, pp);
             // Place the check so that only successful imports are blocked.
             // For example, we don't block a failed SecretEntry import.
@@ -2127,10 +2137,6 @@
                             "The.destination.pkcs12.keystore.has.different.storepass.and.keypass.Please.retry.with.destkeypass.specified."));
                 }
             }
-            Certificate c = srckeystore.getCertificate(alias);
-            if (c != null) {
-                checkWeak("<" + newAlias + ">", c);
-            }
             return 1;
         } catch (KeyStoreException kse) {
             Object[] source2 = {alias, kse.toString()};
@@ -2814,8 +2820,8 @@
         }
 
         if (noprompt) {
+            checkWeak(rb.getString("the.input"), cert);
             keyStore.setCertificateEntry(alias, cert);
-            checkWeak(rb.getString("the.input"), cert);
             return true;
         }
 
@@ -3049,6 +3055,11 @@
         MessageFormat form = new MessageFormat
                 (rb.getString(".PATTERN.printX509Cert.with.weak"));
         PublicKey pkey = cert.getPublicKey();
+        String sigName = cert.getSigAlgName();
+        // No need to warn about sigalg of a trust anchor
+        if (!isTrustedCert(cert)) {
+            sigName = withWeak(sigName);
+        }
         Object[] source = {cert.getSubjectDN().toString(),
                         cert.getIssuerDN().toString(),
                         cert.getSerialNumber().toString(16),
@@ -3056,7 +3067,7 @@
                         cert.getNotAfter().toString(),
                         getCertFingerPrint("SHA-1", cert),
                         getCertFingerPrint("SHA-256", cert),
-                        withWeak(cert.getSigAlgName()),
+                        sigName,
                         withWeak(pkey),
                         cert.getVersion()
                         };
@@ -3111,7 +3122,7 @@
      * or null otherwise. A label is added.
      */
     private static Pair<String,Certificate>
-            getTrustedSigner(Certificate cert, KeyStore ks) throws Exception {
+            getSigner(Certificate cert, KeyStore ks) throws Exception {
         if (ks.getCertificateAlias(cert) != null) {
             return new Pair<>("", cert);
         }
@@ -3467,9 +3478,9 @@
         // do we trust the cert at the top?
         Certificate topCert = replyCerts[replyCerts.length-1];
         boolean fromKeyStore = true;
-        Pair<String,Certificate> root = getTrustedSigner(topCert, keyStore);
+        Pair<String,Certificate> root = getSigner(topCert, keyStore);
         if (root == null && trustcacerts && caks != null) {
-            root = getTrustedSigner(topCert, caks);
+            root = getSigner(topCert, caks);
             fromKeyStore = false;
         }
         if (root == null) {
@@ -4301,9 +4312,19 @@
         return result;
     }
 
+    private boolean isTrustedCert(Certificate cert) throws KeyStoreException {
+        if (caks != null && caks.getCertificateAlias(cert) != null) {
+            return true;
+        } else {
+            String inKS = keyStore.getCertificateAlias(cert);
+            return inKS != null && keyStore.isCertificateEntry(inKS);
+        }
+    }
+
     private void checkWeak(String label, String sigAlg, Key key) {
 
-        if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) {
+        if (sigAlg != null && !DISABLED_CHECK.permits(
+                SIG_PRIMITIVE_SET, sigAlg, null)) {
             weakWarnings.add(String.format(
                     rb.getString("whose.sigalg.risk"), label, sigAlg));
         }
@@ -4316,7 +4337,8 @@
         }
     }
 
-    private void checkWeak(String label, Certificate[] certs) {
+    private void checkWeak(String label, Certificate[] certs)
+            throws KeyStoreException {
         for (int i = 0; i < certs.length; i++) {
             Certificate cert = certs[i];
             if (cert instanceof X509Certificate) {
@@ -4325,15 +4347,18 @@
                 if (certs.length > 1) {
                     fullLabel = oneInMany(label, i, certs.length);
                 }
-                checkWeak(fullLabel, xc.getSigAlgName(), xc.getPublicKey());
+                checkWeak(fullLabel, xc);
             }
         }
     }
 
-    private void checkWeak(String label, Certificate cert) {
+    private void checkWeak(String label, Certificate cert)
+            throws KeyStoreException {
         if (cert instanceof X509Certificate) {
             X509Certificate xc = (X509Certificate)cert;
-            checkWeak(label, xc.getSigAlgName(), xc.getPublicKey());
+            // No need to check the sigalg of a trust anchor
+            String sigAlg = isTrustedCert(cert) ? null : xc.getSigAlgName();
+            checkWeak(label, sigAlg, xc.getPublicKey());
         }
     }
 
--- a/jdk/src/java.datatransfer/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.datatransfer/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -24,8 +24,9 @@
  */
 
 /**
- * Defines an API for transferring data between and within applications.
+ * Defines the API for transferring data between and within applications.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.datatransfer {
--- a/jdk/src/java.desktop/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.desktop/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
  * Defines the AWT and Swing user interface toolkits, plus APIs for
  * accessibility, audio, imaging, printing, and JavaBeans.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.desktop {
--- a/jdk/src/java.instrument/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.instrument/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
  * Defines services that allow agents to
  * instrument programs running on the JVM.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.instrument {
--- a/jdk/src/java.logging/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.logging/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Java Logging API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.logging {
--- a/jdk/src/java.management.rmi/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.management.rmi/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -46,6 +46,7 @@
  *           and load the appropriate {@code JMXConnectorServerProvider} service
  *           implementation for the given protocol.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.management.rmi {
--- a/jdk/src/java.management/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.management/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
  * The JMX API consists of interfaces for monitoring and management of the
  * JVM and other components in the Java runtime.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.management {
--- a/jdk/src/java.naming/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.naming/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Java Naming and Directory Interface (JNDI) API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.naming {
--- a/jdk/src/java.prefs/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.prefs/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Preferences API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.prefs {
--- a/jdk/src/java.rmi/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.rmi/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Remote Method Invocation (RMI) API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.rmi {
--- a/jdk/src/java.scripting/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.scripting/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Scripting API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.scripting {
--- a/jdk/src/java.se.ee/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.se.ee/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
  * This module requires {@code java.se} and supplements it with modules
  * that define CORBA and Java EE APIs. These modules are upgradeable.
  *
+ * @moduleGraph
  * @since 9
  */
 @SuppressWarnings("deprecation")
--- a/jdk/src/java.se/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.se/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
  * The modules defining CORBA and Java EE APIs are not required by
  * this module, but they are required by {@code java.se.ee}.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.se {
--- a/jdk/src/java.security.jgss/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.security.jgss/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -28,6 +28,7 @@
  * <P>
  * This module also contains GSS-API mechanisms including Kerberos v5 and SPNEGO.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.security.jgss {
--- a/jdk/src/java.security.sasl/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.security.sasl/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -30,6 +30,7 @@
  * This module also contains SASL mechanisms including DIGEST-MD5,
  * CRAM-MD5, and NTLM.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.security.sasl {
--- a/jdk/src/java.smartcardio/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.smartcardio/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Java Smart Card I/O API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.smartcardio {
--- a/jdk/src/java.sql.rowset/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.sql.rowset/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the JDBC RowSet API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.sql.rowset {
--- a/jdk/src/java.sql/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.sql/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the JDBC API.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.sql {
--- a/jdk/src/java.transaction/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.transaction/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
  * The subset consists of RMI exception types which are mapped to CORBA system
  * exceptions by the 'Java Language to IDL Mapping Specification'.
  *
+ * @moduleGraph
  * @since 9
  */
 @Deprecated(since="9", forRemoval=true)
--- a/jdk/src/java.xml.crypto/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.xml.crypto/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -24,8 +24,9 @@
  */
 
 /**
- * Defines an API for XML cryptography.
+ * Defines the API for XML cryptography.
  *
+ * @moduleGraph
  * @since 9
  */
 module java.xml.crypto {
--- a/jdk/src/jdk.attach/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.attach/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the attach API.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.attach {
--- a/jdk/src/jdk.charsets/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.charsets/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
  * questions.
  */
 
+/**
+ * {@link java.nio.charset.Charset Charset} provider for the charsets that
+ * are not in {@code java.base} (mostly double byte and IBM charsets).
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.charsets {
     provides java.nio.charset.spi.CharsetProvider
         with sun.nio.cs.ext.ExtendedCharsets;
--- a/jdk/src/jdk.crypto.cryptoki/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.cryptoki/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * The SunPKCS11 security provider.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.crypto.cryptoki {
--- a/jdk/src/jdk.crypto.ec/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.ec/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * The SunEC security provider.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.crypto.ec {
--- a/jdk/src/jdk.crypto.mscapi/windows/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.mscapi/windows/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * The SunMSCAPI security provider.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.crypto.mscapi {
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * The OracleUCrypto security provider.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.crypto.ucrypto {
--- a/jdk/src/jdk.httpserver/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.httpserver/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the JDK-specific API for HTTP server.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.httpserver {
 
     exports com.sun.net.httpserver;
--- a/jdk/src/jdk.jartool/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jartool/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
  * questions.
  */
 
+/**
+ * Defines tools for manipulating Java Archive (JAR) files,
+ * including the jar and jarsigner tools.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jartool {
     exports com.sun.jarsigner;
     exports jdk.security.jarsigner;
--- a/jdk/src/jdk.jcmd/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jcmd/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
  * questions.
  */
 
+/**
+ * Defines tools for diagnostics and troubleshooting a JVM,
+ * including the jcmd, jps, jstat and other diagnostics tools.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jcmd {
     requires jdk.attach;
     requires jdk.internal.jvmstat;
--- a/jdk/src/jdk.jconsole/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jconsole/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
  * questions.
  */
 
+/**
+ * Defines the JMX graphical tool, jconsole, for monitoring and managing
+ * a running application.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jconsole {
     requires transitive java.desktop;
     requires transitive java.management;
--- a/jdk/src/jdk.jdi/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jdi/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Defines the Java Debugger Interface.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.jdi {
--- a/jdk/src/jdk.jdwp.agent/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jdwp.agent/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
 /**
  * Java Debug Wire Protocol.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.jdwp.agent {
--- a/jdk/src/jdk.jlink/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jlink/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the Java linker tool, jlink.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jlink {
     requires jdk.internal.opt;
     requires jdk.jdeps;
--- a/jdk/src/jdk.jsobject/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jsobject/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the API for the JavaScript Object.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jsobject {
     requires java.desktop;
     exports netscape.javascript;
--- a/jdk/src/jdk.jstatd/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jstatd/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
  * questions.
  */
 
+/**
+ * Defines the tool for starting a daemon for the jstat tool to monitor
+ * JVM statistics remotely.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.jstatd {
     requires java.rmi;
     requires jdk.internal.jvmstat;
@@ -32,4 +39,3 @@
 
     provides sun.jvmstat.monitor.MonitoredHostService with sun.jvmstat.perfdata.monitor.protocol.rmi.MonitoredHostRmiService;
 }
-
--- a/jdk/src/jdk.localedata/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.localedata/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Locale data provider for locales other than {@linkplain java.util.Locale#US US locale}.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.localedata {
     provides sun.util.locale.provider.LocaleDataMetaInfo with
         sun.util.resources.cldr.provider.CLDRLocaleDataMetaInfo,
--- a/jdk/src/jdk.management.agent/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.management.agent/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Define the JMX management agent.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.management.agent {
     requires java.management;
     requires java.management.rmi;
--- a/jdk/src/jdk.management/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.management/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the JDK-specific Management Interfaces for JVM.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.management {
     requires transitive java.management;
 
--- a/jdk/src/jdk.naming.dns/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.naming.dns/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * DNS Java Naming provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.naming.dns {
     requires java.naming;
 
--- a/jdk/src/jdk.naming.rmi/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.naming.rmi/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * RMI Java Naming provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.naming.rmi {
     requires java.naming;
     requires java.rmi;
--- a/jdk/src/jdk.net/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.net/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the JDK-specific Networking API.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.net {
     exports jdk.net;
 }
--- a/jdk/src/jdk.sctp/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.sctp/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Defines the JDK-specific API for SCTP.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.sctp {
     exports com.sun.nio.sctp;
 }
--- a/jdk/src/jdk.security.auth/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.security.auth/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
  * Contains the implementation of the javax.security.auth.* interfaces and
  * various authentication modules.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.security.auth {
--- a/jdk/src/jdk.security.jgss/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.security.jgss/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
  * Defines Java extensions to the GSS-API and an implementation of the SASL
  * GSSAPI mechanism.
  *
+ * @moduleGraph
  * @since 9
  */
 module jdk.security.jgss {
--- a/jdk/src/jdk.zipfs/share/classes/module-info.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.zipfs/share/classes/module-info.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
  * questions.
  */
 
+/**
+ * Zip file system provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
 module jdk.zipfs {
     provides java.nio.file.spi.FileSystemProvider with jdk.nio.zipfs.ZipFileSystemProvider;
 }
--- a/jdk/test/ProblemList.txt	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/ProblemList.txt	Thu Mar 30 17:23:52 2017 +0000
@@ -180,8 +180,6 @@
 
 java/nio/channels/DatagramChannel/ChangingAddress.java          7141822 macosx-all
 
-java/nio/channels/Selector/OutOfBand.java                       7132677 macosx-all
-
 java/nio/file/WatchService/Basic.java                           7158947 solaris-all Solaris 11
 java/nio/file/WatchService/MayFlies.java                        7158947 solaris-all Solaris 11
 java/nio/file/WatchService/LotsOfEvents.java                    7158947 solaris-all Solaris 11
--- a/jdk/test/TEST.groups	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/TEST.groups	Thu Mar 30 17:23:52 2017 +0000
@@ -73,6 +73,7 @@
     jdk/internal/misc \
     jdk/internal/ref \
     jdk/internal/jimage \
+    jdk/internal/math \
     jdk/modules \
     vm
 
@@ -141,8 +142,7 @@
     java/util/stream
 
 jdk_math = \
-    java/math \
-    jdk/internal/math
+    java/math
 
 jdk_io = \
     java/io
--- a/jdk/test/java/nio/channels/Selector/OutOfBand.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/java/nio/channels/Selector/OutOfBand.java	Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,9 @@
 
 /* @test
  * @bug 6213702
+ * @requires (os.family != "mac") | (os.version == "10.10.5")
+ *    | (os.simpleVersion != "10.8" & os.simpleVersion != "10.9"
+ *        & os.simpleVersion != "10.10")
  * @summary OOB data causes a SocketChannel, with OOBINLINE disabled, to be
  *    selected
  */
--- a/jdk/test/sun/security/tools/keytool/WeakAlg.java	Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/sun/security/tools/keytool/WeakAlg.java	Thu Mar 30 17:23:52 2017 +0000
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8171319
+ * @bug 8171319 8177569
  * @summary keytool should print out warnings when reading or generating
   *         cert/cert req using weak algorithms
  * @library /test/lib
@@ -78,7 +78,8 @@
                 .shouldMatch("<b>.*512-bit RSA key.*risk")
                 .shouldContain("512-bit RSA key (weak)");
 
-        // Multiple warnings for multiple cert in -printcert or -list or -exportcert
+        // Multiple warnings for multiple cert in -printcert
+        // or -list or -exportcert
 
         // -certreq, -printcertreq, -gencert
         checkCertReq("a", "", null);
@@ -184,7 +185,7 @@
                 .shouldMatch("The input.*MD5withRSA.*risk")
                 .shouldNotContain("[no]");
 
-        // cert is self-signed cacerts
+        // JDK-8177569: no warning for sigalg of trusted cert
         String weakSigAlgCA = null;
         KeyStore ks = KeyStoreUtil.getCacertsKeyStore();
         if (ks != null) {
@@ -208,12 +209,40 @@
             }
         }
         if (weakSigAlgCA != null) {
+            // The following 2 commands still have a warning on why not using
+            // the -cacerts option directly.
+            kt("-list -keystore " + KeyStoreUtil.getCacerts())
+                    .shouldNotContain("risk");
+            kt("-list -v -keystore " + KeyStoreUtil.getCacerts())
+                    .shouldNotContain("risk");
+
+            // -printcert will always show warnings
+            kt("-printcert -file ca.cert")
+                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
+                    .shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+            kt("-printcert -file ca.cert -trustcacerts") // -trustcacerts useless
+                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
+                    .shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+
+            // Importing with -trustcacerts ignore CA cert's sig alg
             kt("-delete -alias d");
             kt("-importcert -alias d -trustcacerts -file ca.cert", "no")
                     .shouldContain("Certificate already exists in system-wide CA")
+                    .shouldNotContain("risk")
+                    .shouldContain("Do you still want to add it to your own keystore?");
+            kt("-importcert -alias d -trustcacerts -file ca.cert -noprompt")
+                    .shouldNotContain("risk")
+                    .shouldNotContain("[no]");
+
+            // but not without -trustcacerts
+            kt("-delete -alias d");
+            kt("-importcert -alias d -file ca.cert", "no")
+                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
                     .shouldContain("Warning")
                     .shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
-                    .shouldContain("Do you still want to add it to your own keystore?");
+                    .shouldContain("Trust this certificate?");
             kt("-importcert -alias d -file ca.cert -noprompt")
                     .shouldContain("Warning")
                     .shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
@@ -266,6 +295,26 @@
         // install reply
 
         reStore();
+        certreq("c", "");
+        gencert("a-c", "");
+        kt("-importcert -alias c -file a-c.cert")
+                .shouldContain("Warning")
+                .shouldMatch("Issuer <a>.*MD5withRSA.*risk");
+
+        // JDK-8177569: no warning for sigalg of trusted cert
+        reStore();
+        // Change a into a TrustedCertEntry
+        kt("-exportcert -alias a -file a.cert");
+        kt("-delete -alias a");
+        kt("-importcert -alias a -file a.cert -noprompt");
+        kt("-list -alias a -v")
+                .shouldNotContain("weak")
+                .shouldNotContain("Warning");
+        // This time a is trusted and no warning on its weak sig alg
+        kt("-importcert -alias c -file a-c.cert")
+                .shouldNotContain("Warning");
+
+        reStore();
 
         gencert("a-b", "");
         gencert("b-c", "");