Merge
authorlana
Fri, 09 Nov 2012 14:46:34 -0800
changeset 14423 3a57240fa374
parent 14400 cc3a992b4081 (current diff)
parent 14422 ecbc54a46e8b (diff)
child 14430 3afebf1aaea2
child 14495 358de9aebab7
child 14497 e2413038bfbc
Merge
--- a/jdk/make/common/shared/Defs-control.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/common/shared/Defs-control.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,9 @@
 dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
 
 # The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=7
+SOURCE_LANGUAGE_VERSION=8
 # The class version we want for this jdk build
-TARGET_CLASS_VERSION=7
+TARGET_CLASS_VERSION=8
 
 # The MESSAGE, WARNING and ERROR files are used to store sanity check and 
 # source check messages, warnings and errors. 
--- a/jdk/make/common/shared/Defs-java.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/common/shared/Defs-java.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -143,12 +143,12 @@
 endif
 
 # Add the source level
-SOURCE_LANGUAGE_VERSION = 7
+SOURCE_LANGUAGE_VERSION = 8
 LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
 JAVACFLAGS  += $(LANGUAGE_VERSION)
 
 # Add the class version we want
-TARGET_CLASS_VERSION = 7
+TARGET_CLASS_VERSION = 8
 CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
 JAVACFLAGS  += $(CLASS_VERSION)
 JAVACFLAGS  += -encoding ascii
--- a/jdk/make/java/invoke/Makefile	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/java/invoke/Makefile	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@
 
 # The sources built here use new language syntax to generate
 # method handle calls.  Let's be sure we are using that format.
-LANGUAGE_VERSION = -source 7
-CLASS_VERSION = -target 7
+LANGUAGE_VERSION = -source 8
+CLASS_VERSION = -target 8
 
 include $(BUILDDIR)/common/Classes.gmk
--- a/jdk/make/sun/javazic/tzdata/VERSION	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/VERSION	Fri Nov 09 14:46:34 2012 -0800
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2012c
+tzdata2012i
--- a/jdk/make/sun/javazic/tzdata/africa	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/africa	Fri Nov 09 14:46:34 2012 -0800
@@ -260,7 +260,7 @@
 # I received a mail from an airline which says that the daylight
 # saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
 # From Jesper Norgaard Welen (2007-08-15): [The following agree:]
-# http://www.nentjes.info/Bill/bill5.htm 
+# http://www.nentjes.info/Bill/bill5.htm
 # http://www.timeanddate.com/worldclock/city.html?n=53
 # From Steffen Thorsen (2007-09-04): The official information...:
 # http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@@ -314,18 +314,18 @@
 # in September.
 
 # From Steffen Thorsen (2009-08-11):
-# We have been able to confirm the August change with the Egyptian Cabinet 
+# We have been able to confirm the August change with the Egyptian Cabinet
 # Information and Decision Support Center:
 # <a href="http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html">
 # http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
 # </a>
-# 
+#
 # The Middle East News Agency
 # <a href="http://www.mena.org.eg/index.aspx">
 # http://www.mena.org.eg/index.aspx
 # </a>
 # also reports "Egypt starts winter time on August 21"
-# today in article numbered "71, 11/08/2009 12:25 GMT." 
+# today in article numbered "71, 11/08/2009 12:25 GMT."
 # Only the title above is available without a subscription to their service,
 # and can be found by searching for "winter" in their search engine
 # (at least today).
@@ -504,7 +504,7 @@
 # From Steffen Thorsen (2008-06-25):
 # Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
 # basis....
-# It seems that Mauritius observed daylight saving time from 1982-10-10 to 
+# It seems that Mauritius observed daylight saving time from 1982-10-10 to
 # 1983-03-20 as well, but that was not successful....
 # http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
 
@@ -528,12 +528,12 @@
 # than previously announced (2008-11-01 to 2009-03-31).  The new start
 # date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
 # given, but it is probably at either 2 or 3 wall clock time).
-# 
-# A little strange though, since the article says that they moved the date 
-# to align itself with Europe and USA which also change time on that date, 
-# but that means they have not paid attention to what happened in 
-# USA/Canada last year (DST ends first Sunday in November). I also wonder 
-# why that they end on a Friday, instead of aligning with Europe which 
+#
+# A little strange though, since the article says that they moved the date
+# to align itself with Europe and USA which also change time on that date,
+# but that means they have not paid attention to what happened in
+# USA/Canada last year (DST ends first Sunday in November). I also wonder
+# why that they end on a Friday, instead of aligning with Europe which
 # changes two days later.
 
 # From Alex Krivenyshev (2008-07-11):
@@ -592,7 +592,7 @@
 # </a>
 
 # From Arthur David Olson (2009-07-11):
-# The "mauritius-dst-will-not-repeat" wrapup includes this: 
+# The "mauritius-dst-will-not-repeat" wrapup includes this:
 # "The trial ended on March 29, 2009, when the clocks moved back by one hour
 # at 2am (or 02:00) local time..."
 
@@ -686,8 +686,8 @@
 # XXX--guess that it is only Morocco for now; guess only 2008 for now.
 
 # From Steffen Thorsen (2008-08-27):
-# Morocco will change the clocks back on the midnight between August 31 
-# and September 1. They originally planned to observe DST to near the end 
+# Morocco will change the clocks back on the midnight between August 31
+# and September 1. They originally planned to observe DST to near the end
 # of September:
 #
 # One article about it (in French):
@@ -821,6 +821,23 @@
 # "...&agrave; partir du dernier dimance d'avril et non fins mars,
 # comme annonc&eacute; pr&eacute;c&eacute;demment."
 
+# From Milamber Space Network (2012-07-17):
+# The official return to GMT is announced by the Moroccan government:
+# <a href="http://www.mmsp.gov.ma/fr/actualites.aspx?id=288">
+# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
+# </a>
+#
+# Google translation, lightly edited:
+# Back to the standard time of the Kingdom (GMT)
+# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
+# 2012) and in accordance with the order of Mr. President of the
+# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
+# of Public Service and Administration Modernization announces the return
+# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
+# Monday, August 20, 2012.  So the time will be delayed by 60 minutes from
+# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
+# August 20, 2012 from 2:00 am.
+
 # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 
 Rule	Morocco	1939	only	-	Sep	12	 0:00	1:00	S
@@ -848,6 +865,8 @@
 Rule	Morocco	2011	only	-	Jul	 31	 0	0	-
 Rule	Morocco	2012	max	-	Apr	 lastSun 2:00	1:00	S
 Rule	Morocco	2012	max	-	Sep	 lastSun 3:00	0	-
+Rule	Morocco	2012	only	-	Jul	 20	 3:00	0	-
+Rule	Morocco	2012	only	-	Aug	 20	 2:00	1:00	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Africa/Casablanca	-0:30:20 -	LMT	1913 Oct 26
@@ -876,7 +895,7 @@
 # Forecasting Riaan van Zyl explained that the far eastern parts of
 # the country are close to 40 minutes earlier in sunrise than the rest
 # of the country.
-# 
+#
 # From Paul Eggert (2007-03-31):
 # Apparently the Caprivi Strip informally observes Botswana time, but
 # we have no details.  In the meantime people there can use Africa/Gaborone.
--- a/jdk/make/sun/javazic/tzdata/asia	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/asia	Fri Nov 09 14:46:34 2012 -0800
@@ -124,7 +124,7 @@
 # From Alexander Krivenyshev (2012-02-10):
 # According to News Armenia, on Feb 9, 2012,
 # http://newsarmenia.ru/society/20120209/42609695.html
-# 
+#
 # The Armenia National Assembly adopted final reading of Amendments to the
 # Law "On procedure of calculation time on the territory of the Republic of
 # Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@@ -204,15 +204,15 @@
 # </a>
 
 # From A. N. M. Kamrus Saadat (2009-06-15):
-# Finally we've got the official mail regarding DST start time where DST start 
-# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh 
-# Telecommunication Regulatory Commission). 
+# Finally we've got the official mail regarding DST start time where DST start
+# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
+# Telecommunication Regulatory Commission).
 #
 # No DST end date has been announced yet.
 
 # From Alexander Krivenyshev (2009-09-25):
-# Bangladesh won't go back to Standard Time from October 1, 2009, 
-# instead it will continue DST measure till the cabinet makes a fresh decision. 
+# Bangladesh won't go back to Standard Time from October 1, 2009,
+# instead it will continue DST measure till the cabinet makes a fresh decision.
 #
 # Following report by same newspaper-"The Daily Star Friday":
 # "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@@ -226,8 +226,8 @@
 
 # From Steffen Thorsen (2009-10-13):
 # IANS (Indo-Asian News Service) now reports:
-# Bangladesh has decided that the clock advanced by an hour to make 
-# maximum use of daylight hours as an energy saving measure would 
+# Bangladesh has decided that the clock advanced by an hour to make
+# maximum use of daylight hours as an energy saving measure would
 # "continue for an indefinite period."
 #
 # One of many places where it is published:
@@ -255,7 +255,7 @@
 
 # From Alexander Krivenyshev (2010-03-22):
 # According to Bangladesh newspaper "The Daily Star,"
-# Cabinet cancels Daylight Saving Time 
+# Cabinet cancels Daylight Saving Time
 # <a href="http://www.thedailystar.net/newDesign/latest_news.php?nid=22817">
 # http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
 # </a>
@@ -383,11 +383,11 @@
 # observing daylight saving time in 1986.
 #
 # From Thomas S. Mullaney (2008-02-11):
-# I think you're combining two subjects that need to treated 
-# separately: daylight savings (which, you're correct, wasn't 
-# implemented until the 1980s) and the unified time zone centered near 
-# Beijing (which was implemented in 1949). Briefly, there was also a 
-# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was 
+# I think you're combining two subjects that need to treated
+# separately: daylight savings (which, you're correct, wasn't
+# implemented until the 1980s) and the unified time zone centered near
+# Beijing (which was implemented in 1949). Briefly, there was also a
+# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
 # ceased, and the second eventually recognized (again, in the 1980s).
 #
 # From Paul Eggert (2008-06-30):
@@ -524,7 +524,7 @@
 # as of 2009-10-28:
 # Year        Period
 # 1941        1 Apr to 30 Sep
-# 1942        Whole year 
+# 1942        Whole year
 # 1943        Whole year
 # 1944        Whole year
 # 1945        Whole year
@@ -615,16 +615,16 @@
 # From Arthur David Olson (2010-04-07):
 # Here's Google's translation of the table at the bottom of the "summert.htm" page:
 # Decade 	                                                    Name                      Start and end date
-# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30 
-# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31 
-# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31 
-# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30 
-# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30 
-# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30 
-# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time 
-# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30 
-# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time 
-# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30 
+# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time               May 1 to September 30
+# 41 years of the Republic of China (AD 1952)                 Daylight Saving Time      March 1 to October 31
+# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time      April 1 to October 31
+# In the 44 years to 45 years (AD 1955-1956 years)            Daylight Saving Time      April 1 to September 30
+# Republic of China 46 years to 48 years (AD 1957-1959)       Summer Time               April 1 to September 30
+# Republic of China 49 years to 50 years (AD 1960-1961)       Summer Time               June 1 to September 30
+# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
+# Republic of China 63 years to 64 years (1974-1975 AD)       Daylight Saving Time      April 1 to September 30
+# Republic of China 65 years to 67 years (1976-1978 AD)       Stop Daylight Saving Time
+# Republic of China 68 years (AD 1979)                        Daylight Saving Time      July 1 to September 30
 # Republic of China since 69 years (AD 1980)                  Stop Daylight Saving Time
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1193,15 +1193,15 @@
 #
 #	ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
 
-# From Paul Eggert (2005-02-22):
+# From Paul Eggert (2012-10-26):
 # I used Ephraim Silverberg's dst-israel.el program
 # <ftp://ftp.cs.huji.ac.il/pub/tz/software/dst-israel.el> (2005-02-20)
 # along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
-# to generate the transitions in this list.
+# to generate the transitions from 2005 through 2012.
 # (I replaced "lastFri" with "Fri>=26" by hand.)
-# The spring transitions below all correspond to the following Rule:
+# The spring transitions all correspond to the following Rule:
 #
-# Rule	Zion	2005	max	-	Mar	Fri>=26	2:00	1:00	D
+# Rule	Zion	2005	2012	-	Mar	Fri>=26	2:00	1:00	D
 #
 # but older zic implementations (e.g., Solaris 8) do not support
 # "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@@ -1218,39 +1218,36 @@
 Rule	Zion	2010	only	-	Sep	12	2:00	0	S
 Rule	Zion	2011	only	-	Apr	 1	2:00	1:00	D
 Rule	Zion	2011	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2012	2015	-	Mar	Fri>=26	2:00	1:00	D
+Rule	Zion	2012	only	-	Mar	Fri>=26	2:00	1:00	D
 Rule	Zion	2012	only	-	Sep	23	2:00	0	S
-Rule	Zion	2013	only	-	Sep	 8	2:00	0	S
-Rule	Zion	2014	only	-	Sep	28	2:00	0	S
-Rule	Zion	2015	only	-	Sep	20	2:00	0	S
-Rule	Zion	2016	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2016	only	-	Oct	 9	2:00	0	S
-Rule	Zion	2017	2021	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2017	only	-	Sep	24	2:00	0	S
-Rule	Zion	2018	only	-	Sep	16	2:00	0	S
-Rule	Zion	2019	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2020	only	-	Sep	27	2:00	0	S
-Rule	Zion	2021	only	-	Sep	12	2:00	0	S
-Rule	Zion	2022	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2022	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2023	2032	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2023	only	-	Sep	24	2:00	0	S
-Rule	Zion	2024	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2025	only	-	Sep	28	2:00	0	S
-Rule	Zion	2026	only	-	Sep	20	2:00	0	S
-Rule	Zion	2027	only	-	Oct	10	2:00	0	S
-Rule	Zion	2028	only	-	Sep	24	2:00	0	S
-Rule	Zion	2029	only	-	Sep	16	2:00	0	S
-Rule	Zion	2030	only	-	Oct	 6	2:00	0	S
-Rule	Zion	2031	only	-	Sep	21	2:00	0	S
-Rule	Zion	2032	only	-	Sep	12	2:00	0	S
-Rule	Zion	2033	only	-	Apr	 1	2:00	1:00	D
-Rule	Zion	2033	only	-	Oct	 2	2:00	0	S
-Rule	Zion	2034	2037	-	Mar	Fri>=26	2:00	1:00	D
-Rule	Zion	2034	only	-	Sep	17	2:00	0	S
-Rule	Zion	2035	only	-	Oct	 7	2:00	0	S
-Rule	Zion	2036	only	-	Sep	28	2:00	0	S
-Rule	Zion	2037	only	-	Sep	13	2:00	0	S
+
+# From Ephraim Silverberg (2012-10-18):
+
+# Yesterday, the Interior Ministry Committee, after more than a year
+# past, approved sending the proposed June 2011 changes to the Time
+# Decree Law back to the Knesset for second and third (final) votes
+# before the upcoming elections on Jan. 22, 2013.  Hence, although the
+# changes are not yet law, they are expected to be so before February 2013.
+#
+# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
+# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
+# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
+# later (i.e. at 02:00 the first Monday after October 2).
+# [Rosh Hashana holidays are factored in until 2100.]
+
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	Zion	2013	max	-	Mar	Fri>=23	2:00	1:00	D
+Rule	Zion	2013	2026	-	Oct	Sun>=2	2:00	0	S
+Rule	Zion	2027	only	-	Oct	Mon>=3	2:00	0	S
+Rule	Zion	2028	max	-	Oct	Sun>=2	2:00	0	S
+# The following rules are commented out for now, as they break older
+# versions of zic that support only signed 32-bit timestamps, i.e.,
+# through 2038-01-19 03:14:07 UTC.
+#Rule	Zion	2028	2053	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2054	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2055	2080	-	Oct	Sun>=2	2:00	0	S
+#Rule	Zion	2081	only	-	Oct	Mon>=3	2:00	0	S
+#Rule	Zion	2082	max	-	Oct	Sun>=2	2:00	0	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Jerusalem	2:20:56 -	LMT	1880
@@ -1385,6 +1382,16 @@
 # From Arthur David Olson (2009-04-06):
 # We still have Jordan switching to DST on Thursdays in 2000 and 2001.
 
+# From Steffen Thorsen (2012-10-25):
+# Yesterday the government in Jordan announced that they will not
+# switch back to standard time this winter, so the will stay on DST
+# until about the same time next year (at least).
+# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
+#
+# From Paul Eggert (2012-10-25):
+# For now, assume this is just a one-year measure.  If it becomes
+# permanent, we should move Jordan from EET to AST effective tomorrow.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Jordan	1973	only	-	Jun	6	0:00	1:00	S
 Rule	Jordan	1973	1975	-	Oct	1	0:00	0	-
@@ -1413,7 +1420,8 @@
 Rule	Jordan	2003	only	-	Oct	24	0:00s	0	-
 Rule	Jordan	2004	only	-	Oct	15	0:00s	0	-
 Rule	Jordan	2005	only	-	Sep	lastFri	0:00s	0	-
-Rule	Jordan	2006	max	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2006	2011	-	Oct	lastFri	0:00s	0	-
+Rule	Jordan	2013	max	-	Oct	lastFri	0:00s	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Amman	2:23:44 -	LMT	1931
 			2:00	Jordan	EE%sT
@@ -1858,15 +1866,15 @@
 # shown 8 per cent higher consumption of electricity.
 
 # From Alex Krivenyshev (2008-05-15):
-# 
-# Here is an article that Pakistan plan to introduce Daylight Saving Time 
+#
+# Here is an article that Pakistan plan to introduce Daylight Saving Time
 # on June 1, 2008 for 3 months.
-# 
-# "... The federal cabinet on Wednesday announced a new conservation plan to help 
-# reduce load shedding by approving the closure of commercial centres at 9pm and 
-# moving clocks forward by one hour for the next three months. 
+#
+# "... The federal cabinet on Wednesday announced a new conservation plan to help
+# reduce load shedding by approving the closure of commercial centres at 9pm and
+# moving clocks forward by one hour for the next three months.
 # ...."
-# 
+#
 # <a href="http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html">
 # http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
 # </a>
@@ -1926,7 +1934,7 @@
 # Government has decided to restore the previous time by moving the
 # clocks backward by one hour from October 1. A formal announcement to
 # this effect will be made after the Prime Minister grants approval in
-# this regard." 
+# this regard."
 # <a href="http://www.thenews.com.pk/updates.asp?id=87168">
 # http://www.thenews.com.pk/updates.asp?id=87168
 # </a>
@@ -2222,7 +2230,7 @@
 # <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=306795">
 # http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
 # </a>
-# the clocks were set back one hour at 2010-08-11 00:00:00 local time in 
+# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
 # Gaza and the West Bank.
 # Some more background info:
 # <a href="http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html">
@@ -2261,7 +2269,7 @@
 # The rules for Egypt are stolen from the `africa' file.
 
 # From Steffen Thorsen (2011-09-30):
-# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30 
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
 # 00:00).
 # So West Bank and Gaza now have the same time again.
 #
@@ -2316,6 +2324,8 @@
 
 # From Arthur David Olson (2011-09-20):
 # 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+# From Paul Eggert (2012-10-12):
+# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
@@ -2326,7 +2336,7 @@
 			2:00 Palestine	EE%sT	2011 Apr  2 12:01
 			2:00	1:00	EEST	2011 Aug  1
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 Zone	Asia/Hebron	2:20:23	-	LMT	1900 Oct
@@ -2341,7 +2351,7 @@
 			2:00	-	EET	2011 Aug 30
 			2:00	1:00	EEST	2011 Sep 30 3:00
 			2:00	-	EET	2012 Mar 30
-			2:00	1:00	EEST	2012 Sep 28 3:00
+			2:00	1:00	EEST	2012 Sep 21 1:00
 			2:00	-	EET
 
 # Paracel Is
@@ -2535,19 +2545,19 @@
 # having it between Wednesday and Thursday (two workdays in Syria) since the
 # weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
 # it is implemented at midnight of the last workday before weekend...
-# 
+#
 # From Steffen Thorsen (2007-10-27):
 # Jesper Norgaard Welen wrote:
-# 
+#
 # > "Winter local time in Syria will be observed at midnight of Thursday 1
 # > November 2007, and the clock will be put back 1 hour."
-# 
+#
 # I found confirmation on this in this gov.sy-article (Arabic):
 # http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
-# 
+#
 # which using Google's translate tools says:
-# Council of Ministers also approved the commencement of work on 
-# identifying the winter time as of Friday, 2/11/2007 where the 60th 
+# Council of Ministers also approved the commencement of work on
+# identifying the winter time as of Friday, 2/11/2007 where the 60th
 # minute delay at midnight Thursday 1/11/2007.
 Rule	Syria	2007	only	-	Nov	 Fri>=1	0:00	0	-
 
@@ -2613,8 +2623,8 @@
 # </a>
 
 # From Steffen Thorsen (2009-10-27):
-# The Syrian Arab News Network on 2009-09-29 reported that Syria will 
-# revert back to winter (standard) time on midnight between Thursday 
+# The Syrian Arab News Network on 2009-09-29 reported that Syria will
+# revert back to winter (standard) time on midnight between Thursday
 # 2009-10-29 and Friday 2009-10-30:
 # <a href="http://www.sana.sy/ara/2/2009/09/29/247012.htm">
 # http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)
--- a/jdk/make/sun/javazic/tzdata/australasia	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/australasia	Fri Nov 09 14:46:34 2012 -0800
@@ -306,9 +306,9 @@
 # </a>
 
 # From Alexander Krivenyshev (2010-10-24):
-# According to Radio Fiji and Fiji Times online, Fiji will end DST 3 
+# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
 # weeks earlier than expected - on March 6, 2011, not March 27, 2011...
-# Here is confirmation from Government of the Republic of the Fiji Islands, 
+# Here is confirmation from Government of the Republic of the Fiji Islands,
 # Ministry of Information (fiji.gov.fj) web site:
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155">
 # http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@@ -319,15 +319,15 @@
 # </a>
 
 # From Steffen Thorsen (2011-10-03):
-# Now the dates have been confirmed, and at least our start date 
+# Now the dates have been confirmed, and at least our start date
 # assumption was correct (end date was one week wrong).
 #
 # <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
 # www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
 # </a>
 # which says
-# Members of the public are reminded to change their time to one hour in 
-# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to 
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
 # 2am on February 26 next year.
 
 # From Ken Rylander (2011-10-24)
@@ -344,15 +344,23 @@
 # The commencement of daylight saving will remain unchanged and start
 # on the  23rd of October, 2011.
 
+# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
+# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
+# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
+# October 2012 and end at 3 am on Sunday 20th January 2013.
+# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
+#
+# From Paul Eggert (2012-08-31):
+# For now, guess a pattern of the penultimate Sundays in October and January.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Fiji	1998	1999	-	Nov	Sun>=1	2:00	1:00	S
 Rule	Fiji	1999	2000	-	Feb	lastSun	3:00	0	-
 Rule	Fiji	2009	only	-	Nov	29	2:00	1:00	S
 Rule	Fiji	2010	only	-	Mar	lastSun	3:00	0	-
-Rule	Fiji	2010	only	-	Oct	24	2:00	1:00	S
+Rule	Fiji	2010	max	-	Oct	Sun>=18	2:00	1:00	S
 Rule	Fiji	2011	only	-	Mar	Sun>=1	3:00	0	-
-Rule	Fiji	2011	only	-	Oct	23	2:00	1:00	S
-Rule	Fiji	2012	only	-	Jan	22	3:00	0	-
+Rule	Fiji	2012	max	-	Jan	Sun>=18	3:00	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fiji	11:53:40 -	LMT	1915 Oct 26	# Suva
 			12:00	Fiji	FJ%sT	# Fiji Time
@@ -581,7 +589,7 @@
 
 # From David Zuelke (2011-05-09):
 # Subject: Samoa to move timezone from east to west of international date line
-# 
+#
 # <a href="http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963">
 # http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
 # </a>
@@ -643,6 +651,23 @@
 # Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
 # seasons, there is not yet any indication that this trend will continue on
 # a regular basis. For now, we have explicitly listed the transitions below.
+#
+# From Nicky (2012-09-10):
+# Daylight Saving Time commences on Sunday 30th September 2012 and
+# ends on Sunday 7th of April 2013.
+#
+# Please find link below for more information.
+# http://www.mcil.gov.ws/mcil_publications.html
+#
+# That publication also includes dates for Summer of 2013/4 as well
+# which give the impression of a pattern in selecting dates for the
+# future, so for now, we will guess this will continue.
+
+# Western Samoa
+# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+Rule	WS	2012	max	-	Sep	lastSun	3:00	1	D
+Rule	WS	2012	max	-	Apr	Sun>=1	4:00	0	-
+# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone Pacific/Apia	 12:33:04 -	LMT	1879 Jul  5
 			-11:26:56 -	LMT	1911
 			-11:30	-	SAMT	1950		# Samoa Time
@@ -650,8 +675,8 @@
 			-11:00	1:00	WSDT	2011 Apr 2 4:00
 			-11:00	-	WST	2011 Sep 24 3:00
 			-11:00	1:00	WSDT	2011 Dec 30
-			 13:00	1:00	WSDT	2012 Apr 1 4:00
-			 13:00	-	WST
+			 13:00	1:00	WSDT	2012 Apr Sun>=1 4:00
+			 13:00	WS	WS%sT
 
 # Solomon Is
 # excludes Bougainville, for which see Papua New Guinea
@@ -663,25 +688,25 @@
 #
 # From Gwillim Law (2011-12-29)
 # A correspondent informed me that Tokelau, like Samoa, will be skipping
-# December 31 this year, thereby changing its time zone from UTC-10 to
-# UTC+14. When I tried to verify this statement, I found a confirming
-# article in Time magazine online
-# <a href="http://www.time.com/time/world/article/0,8599,2103243,00.html">
-# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
-# </a>
+# December 31 this year ...
 #
-# From Jonathan Leffler (2011-12-29)
-# Information from the BBC to the same effect:
-# <a href="http://www.bbc.co.uk/news/world-asia-16351377">
-# http://www.bbc.co.uk/news/world-asia-16351377
-# </a>
+# From Steffen Thorsen (2012-07-25)
+# ... we double checked by calling hotels and offices based in Tokelau asking
+# about the time there, and they all told a time that agrees with UTC+13....
+# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
+# actually was to UTC-11 back then.
 #
-# Patch supplied by Tim Parenti (2011-12-29)
+# From Paul Eggert (2012-07-25)
+# A Google Books snippet of Appendix to the Journals of the House of
+# Representatives of New Zealand, Session 1948,
+# <http://books.google.com/books?id=ZaVCAQAAIAAJ>, page 65, says Tokelau
+# was "11 hours slow on G.M.T."  Go with Thorsen and assume Shanks & Pottenger
+# are off by an hour starting in 1901.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Pacific/Fakaofo	-11:24:56 -	LMT	1901
-			-10:00	-	TKT 2011 Dec 30	# Tokelau Time
-			14:00	-	TKT
+			-11:00	-	TKT 2011 Dec 30	# Tokelau Time
+			13:00	-	TKT
 
 # Tonga
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
@@ -1362,22 +1387,22 @@
 # See "southeast Australia" above for 2008 and later.
 
 # From Steffen Thorsen (2009-04-28):
-# According to the official press release, South Australia's extended daylight 
-# saving period will continue with the same rules as used during the 2008-2009 
+# According to the official press release, South Australia's extended daylight
+# saving period will continue with the same rules as used during the 2008-2009
 # summer (southern hemisphere).
-# 
+#
 # From
 # <a href="http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf">
 # http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
 # </a>
-# The extended daylight saving period that South Australia has been trialling 
+# The extended daylight saving period that South Australia has been trialling
 # for over the last year is now set to be ongoing.
-# Daylight saving will continue to start on the first Sunday in October each 
+# Daylight saving will continue to start on the first Sunday in October each
 # year and finish on the first Sunday in April the following year.
-# Industrial Relations Minister, Paul Caica, says this provides South Australia 
-# with a consistent half hour time difference with NSW, Victoria, Tasmania and 
+# Industrial Relations Minister, Paul Caica, says this provides South Australia
+# with a consistent half hour time difference with NSW, Victoria, Tasmania and
 # the ACT for all 52 weeks of the year...
-# 
+#
 # We have a wrap-up here:
 # <a href="http://www.timeanddate.com/news/time/south-australia-extends-dst.html">
 # http://www.timeanddate.com/news/time/south-australia-extends-dst.html
--- a/jdk/make/sun/javazic/tzdata/europe	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/europe	Fri Nov 09 14:46:34 2012 -0800
@@ -597,12 +597,12 @@
 # According to Kremlin press service, Russian President Dmitry Medvedev
 # signed a federal law "On calculation of time" on June 9, 2011.
 # According to the law Russia is abolishing daylight saving time.
-# 
-# Medvedev signed a law "On the Calculation of Time" (in russian): 
+#
+# Medvedev signed a law "On the Calculation of Time" (in russian):
 # <a href="http://bmockbe.ru/events/?ID=7583">
 # http://bmockbe.ru/events/?ID=7583
 # </a>
-# 
+#
 # Medvedev signed a law on the calculation of the time (in russian):
 # <a href="http://www.regnum.ru/news/polit/1413906.html">
 # http://www.regnum.ru/news/polit/1413906.html
@@ -1710,7 +1710,7 @@
 # From Alexander Krivenyshev (2011-10-26)
 # NO need to divide Moldova into two timezones at this point.
 # As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
-# decision to abolish DST this winter. 
+# decision to abolish DST this winter.
 # Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
 # Tiraspol will go back to winter time on October 30, 2011.
 # News from Moldova (in russian):
@@ -2600,11 +2600,11 @@
 # http://www.alomaliye.com/bkk_2002_3769.htm
 
 # From G&ouml;kdeniz Karada&#x011f; (2011-03-10):
-# 
+#
 # According to the articles linked below, Turkey will change into summer
 # time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
 # This change is due to a nationwide exam on 27th.
-# 
+#
 # <a href="http://www.worldbulletin.net/?aType=haber&ArticleID=70872">
 # http://www.worldbulletin.net/?aType=haber&ArticleID=70872
 # </a>
@@ -2721,7 +2721,7 @@
 # time this year after all.
 #
 # From Udo Schwedt (2011-10-18):
-# As far as I understand, the recent change to the Ukranian time zone 
+# As far as I understand, the recent change to the Ukranian time zone
 # (Europe/Kiev) to introduce permanent daylight saving time (similar
 # to Russia) was reverted today:
 #
--- a/jdk/make/sun/javazic/tzdata/leapseconds	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/leapseconds	Fri Nov 09 14:46:34 2012 -0800
@@ -100,8 +100,8 @@
 #
 #
 # A positive leap second will be introduced at the end of June 2012.
-# The sequence of dates of the UTC second markers will be:		
-# 		
+# The sequence of dates of the UTC second markers will be:
+#
 #                          2012 June 30,     23h 59m 59s
 #                          2012 June 30,     23h 59m 60s
 #                          2012 July  1,      0h  0m  0s
@@ -118,6 +118,6 @@
 #
 #
 # Daniel GAMBIS
-# Head		
+# Head
 # Earth Orientation Center of IERS
 # Observatoire de Paris, France
--- a/jdk/make/sun/javazic/tzdata/northamerica	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/northamerica	Fri Nov 09 14:46:34 2012 -0800
@@ -501,7 +501,7 @@
 			 -8:00	US	P%sT	1946
 			 -8:00	-	PST	1969
 			 -8:00	US	P%sT	1980 Apr 27 2:00
-			 -9:00	US	Y%sT	1980 Oct 26 2:00	
+			 -9:00	US	Y%sT	1980 Oct 26 2:00
 			 -8:00	US	P%sT	1983 Oct 30 2:00
 			 -9:00	US	Y%sT	1983 Nov 30
 			 -9:00	US	AK%sT
@@ -1866,7 +1866,7 @@
 # Here is a summary of the three clock change events in Creston's history:
 # 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
 # Exact date unknown
-# 2. Oct 1916: switch to Pacific Standard Time (GMT-8) 
+# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
 # Exact date in October unknown;  Sunday October 1 is a reasonable guess.
 # 3. June 1918: switch to Pacific Daylight Time (GMT-7)
 # Exact date in June unknown; Sunday June 2 is a reasonable guess.
@@ -2696,20 +2696,20 @@
 # except that it switches at midnight standard time as usual.
 #
 # From Steffen Thorsen (2007-10-25):
-# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week 
+# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
 # earlier - on the last Sunday of October, just like in 2006.
-# 
+#
 # He supplied these references:
-# 
+#
 # http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
 # http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
-# 
+#
 # From Alex Kryvenishev (2007-10-25):
 # Here is also article from Granma (Cuba):
-# 
+#
 # [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
 # http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
-# 
+#
 # http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
 
 # From Arthur David Olson (2008-03-09):
@@ -2793,7 +2793,7 @@
 # </a>
 #
 # From Steffen Thorsen (2011-10-30)
-# Cuba will end DST two weeks later this year. Instead of going back 
+# Cuba will end DST two weeks later this year. Instead of going back
 # tonight, it has been delayed to 2011-11-13 at 01:00.
 #
 # One source (Spanish)
@@ -2805,11 +2805,11 @@
 # <a href="http://www.timeanddate.com/news/time/cuba-time-changes-2011.html">
 # http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
 # </a>
-# 
+#
 # From Steffen Thorsen (2012-03-01)
-# According to Radio Reloj, Cuba will start DST on Midnight between March 
+# According to Radio Reloj, Cuba will start DST on Midnight between March
 # 31 and April 1.
-# 
+#
 # Radio Reloj has the following info (Spanish):
 # <a href="http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril">
 # http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@@ -2820,6 +2820,13 @@
 # http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
 # </a>
 
+# From Steffen Thorsen (2012-11-03):
+# Radio Reloj and many other sources report that Cuba is changing back
+# to standard time on 2012-11-04:
+# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
+# From Paul Eggert (2012-11-03):
+# For now, assume the future rule is first Sunday in November.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Cuba	1928	only	-	Jun	10	0:00	1:00	D
 Rule	Cuba	1928	only	-	Oct	10	0:00	0	S
@@ -2857,7 +2864,7 @@
 Rule	Cuba	2011	only	-	Mar	Sun>=15	0:00s	1:00	D
 Rule	Cuba	2011	only	-	Nov	13	0:00s	0	S
 Rule	Cuba	2012	only	-	Apr	1	0:00s	1:00	D
-Rule	Cuba	2012	max	-	Oct	lastSun	0:00s	0	S
+Rule	Cuba	2012	max	-	Nov	Sun>=1	0:00s	0	S
 Rule	Cuba	2013	max	-	Mar	Sun>=8	0:00s	1:00	D
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
--- a/jdk/make/sun/javazic/tzdata/southamerica	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/sun/javazic/tzdata/southamerica	Fri Nov 09 14:46:34 2012 -0800
@@ -254,7 +254,7 @@
 Rule	Arg	2007	only	-	Dec	30	0:00	1:00	S
 Rule	Arg	2008	2009	-	Mar	Sun>=15	0:00	0	-
 Rule	Arg	2008	only	-	Oct	Sun>=15	0:00	1:00	S
- 
+
 # From Mariano Absatz (2004-05-21):
 # Today it was officially published that the Province of Mendoza is changing
 # its timezone this winter... starting tomorrow night....
@@ -344,9 +344,9 @@
 # confirms what Alex Krivenyshev has earlier sent to the tz
 # emailing list about that San Luis plans to return to standard
 # time much earlier than the rest of the country. It also
-# confirms that upon request the provinces San Juan and Mendoza 
-# refused to follow San Luis in this change. 
-# 
+# confirms that upon request the provinces San Juan and Mendoza
+# refused to follow San Luis in this change.
+#
 # The change is supposed to take place Monday the 21.st at 0:00
 # hours. As far as I understand it if this goes ahead, we need
 # a new timezone for San Luis (although there are also documented
@@ -408,7 +408,7 @@
 # <a href="http://www.lanacion.com.ar/nota.asp?nota_id=1107912">
 # http://www.lanacion.com.ar/nota.asp?nota_id=1107912
 # </a>
-# 
+#
 # The press release says:
 #  (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
 # atrasar una hora sus relojes.
@@ -822,8 +822,8 @@
 #
 # From Alexander Krivenyshev (2011-10-04):
 # State Bahia will return to Daylight savings time this year after 8 years off.
-# The announcement was made by Governor Jaques Wagner in an interview to a 
-# television station in Salvador. 
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
 
 # In Portuguese:
 # <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
@@ -852,6 +852,15 @@
 # http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
 # </a>
 
+# From Kelley Cook (2012-10-16):
+# The governor of state of Bahia in Brazil announced on Thursday that
+# due to public pressure, he is reversing the DST policy they implemented
+# last year and will not be going to Summer Time on October 21st....
+# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
+
+# From Rodrigo Severo (2012-10-16):
+# Tocantins state will have DST.
+# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@@ -1071,7 +1080,8 @@
 			-3:00	Brazil	BR%sT	1990 Sep 17
 			-3:00	-	BRT	1995 Sep 14
 			-3:00	Brazil	BR%sT	2003 Sep 24
-			-3:00	-	BRT
+			-3:00	-	BRT	2012 Oct 21
+			-3:00	Brazil	BR%sT
 #
 # Alagoas (AL), Sergipe (SE)
 Zone America/Maceio	-2:22:52 -	LMT	1914
@@ -1090,7 +1100,8 @@
 Zone America/Bahia	-2:34:04 -	LMT	1914
 			-3:00	Brazil	BR%sT	2003 Sep 24
 			-3:00	-	BRT	2011 Oct 16
-			-3:00	Brazil	BR%sT
+			-3:00	Brazil	BR%sT	2012 Oct 21
+			-3:00	-	BRT
 #
 # Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
 # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@@ -1182,7 +1193,7 @@
 # Due to drought, Chile extends Daylight Time in three weeks.  This
 # is one-time change (Saturday 3/29 at 24:00 for America/Santiago
 # and Saturday 3/29 at 22:00 for Pacific/Easter)
-# The Supreme Decree is located at 
+# The Supreme Decree is located at
 # <a href="http://www.shoa.cl/servicios/supremo316.pdf">
 # http://www.shoa.cl/servicios/supremo316.pdf
 # </a>
@@ -1193,7 +1204,7 @@
 
 # From Jose Miguel Garrido (2008-03-05):
 # ...
-# You could see the announces of the change on 
+# You could see the announces of the change on
 # <a href="http://www.shoa.cl/noticias/2008/04hora/hora.htm">
 # http://www.shoa.cl/noticias/2008/04hora/hora.htm
 # </a>.
--- a/jdk/make/tools/GenerateCharacter/CharacterData01.java.template	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/GenerateCharacter/CharacterData01.java.template	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -311,6 +311,8 @@
             case 0x011063: retval = 90; break;     // BRAHMI NUMBER NINETY
             case 0x011064: retval = 100; break;    // BRAHMI NUMBER ONE HUNDRED
             case 0x011065: retval = 1000; break;   // BRAHMI NUMBER ONE THOUSAND
+            case 0x012432: retval = 216000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
+            case 0x012433: retval = 432000; break;   // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
             case 0x01D36C: retval = 40; break;     // COUNTING ROD TENS DIGIT FOUR
             case 0x01D36D: retval = 50; break;     // COUNTING ROD TENS DIGIT FIVE
             case 0x01D36E: retval = 60; break;     // COUNTING ROD TENS DIGIT SIX
--- a/jdk/make/tools/UnicodeData/PropList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/UnicodeData/PropList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
--- a/jdk/make/tools/UnicodeData/Scripts.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/UnicodeData/Scripts.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
@@ -146,7 +146,7 @@
 208A..208C    ; Common # Sm   [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
 208D          ; Common # Ps       SUBSCRIPT LEFT PARENTHESIS
 208E          ; Common # Pe       SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9    ; Common # Sc  [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA    ; Common # Sc  [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
 2100..2101    ; Common # So   [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
 2102          ; Common # L&       DOUBLE-STRUCK CAPITAL C
 2103..2106    ; Common # So   [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
 E0001         ; Common # Cf       LANGUAGE TAG
 E0020..E007F  ; Common # Cf  [96] TAG SPACE..CANCEL TAG
 
-# Total code points: 6412
+# Total code points: 6413
 
 # ================================================
 
@@ -760,7 +760,7 @@
 061E          ; Arabic # Po       ARABIC TRIPLE DOT PUNCTUATION MARK
 0620..063F    ; Arabic # Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
 0641..064A    ; Arabic # Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E    ; Arabic # Mn   [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F    ; Arabic # Mn  [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
 066A..066D    ; Arabic # Po   [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
 066E..066F    ; Arabic # Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
 0671..06D3    ; Arabic # Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
 1EEAB..1EEBB  ; Arabic # Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
 1EEF0..1EEF1  ; Arabic # Sm   [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
 
-# Total code points: 1234
+# Total code points: 1235
 
 # ================================================
 
@@ -1477,7 +1477,6 @@
 0300..036F    ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
 0485..0486    ; Inherited # Mn   [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
 064B..0655    ; Inherited # Mn  [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F          ; Inherited # Mn       ARABIC WAVY HAMZA BELOW
 0670          ; Inherited # Mn       ARABIC LETTER SUPERSCRIPT ALEF
 0951..0952    ; Inherited # Mn   [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
 1CD0..1CD2    ; Inherited # Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
 1D1AA..1D1AD  ; Inherited # Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
 E0100..E01EF  ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
 
-# Total code points: 524
+# Total code points: 523
 
 # ================================================
 
--- a/jdk/make/tools/UnicodeData/SpecialCasing.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/UnicodeData/SpecialCasing.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# SpecialCasing-6.1.0.txt
-# Date: 2011-11-27, 05:10:51 GMT [MD]
+# SpecialCasing-6.2.0.txt
+# Date: 2012-05-23, 20:35:15 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 #
--- a/jdk/make/tools/UnicodeData/UnicodeData.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/UnicodeData/UnicodeData.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -7190,6 +7190,7 @@
 20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
 20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
 20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
 20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
 20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
 20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@@ -18703,8 +18704,8 @@
 1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
 12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
 12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
-12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
-12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
+12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
+12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
 12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
 12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
 12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@@ -18739,8 +18740,8 @@
 12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
 12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
 12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
-12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
-12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
+12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
+12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
 12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
 12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
 1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;
--- a/jdk/make/tools/UnicodeData/VERSION	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/make/tools/UnicodeData/VERSION	Fri Nov 09 14:46:34 2012 -0800
@@ -1,1 +1,1 @@
-6.1.0
+6.2.0
--- a/jdk/makefiles/GendataTimeZone.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/makefiles/GendataTimeZone.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 GENDATA_TIMEZONE :=
 
 # TODO: read from make/sun/javazic/tzdata/VERSION
-GENDATA_TIMEZONE_VERSION := tzdata2012c
+GENDATA_TIMEZONE_VERSION := tzdata2012i
 
 GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
 GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone
--- a/jdk/makefiles/Setup.gmk	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/makefiles/Setup.gmk	Fri Nov 09 14:46:34 2012 -0800
@@ -45,7 +45,7 @@
      JVM:=$(JAVA),\
      JAVAC:=$(JAVAC_JARS),\
      JAVAH:=$(JAVAH_JARS),\
-     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
+     FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
      SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
      SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,12 +55,25 @@
     }
 
     static {
-        validTypes = new HashSet<String>(4);
+        validTypes = new HashSet<String>(17);
         validTypes.add("PBEWithMD5AndDES".toUpperCase());
         validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
         validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
+        validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
         // Proprietary algorithm.
         validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
+        validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
+        validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
     }
 
     public static final class PBEWithMD5AndDES
@@ -84,6 +97,27 @@
         }
     }
 
+    public static final class PBEWithSHA1AndRC2_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC2_128()  {
+            super("PBEWithSHA1AndRC2_128");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_40()  {
+            super("PBEWithSHA1AndRC4_40");
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128
+            extends PBEKeyFactory {
+        public PBEWithSHA1AndRC4_128()  {
+            super("PBEWithSHA1AndRC4_128");
+        }
+    }
+
     /*
      * Private proprietary algorithm for supporting JCEKS.
      */
@@ -94,6 +128,75 @@
         }
     }
 
+    public static final class PBEWithHmacSHA1AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_128()  {
+            super("PBEWithHmacSHA1AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_128()  {
+            super("PBEWithHmacSHA224AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_128()  {
+            super("PBEWithHmacSHA256AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_128()  {
+            super("PBEWithHmacSHA384AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_128
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_128()  {
+            super("PBEWithHmacSHA512AndAES_128");
+        }
+    }
+
+    public static final class PBEWithHmacSHA1AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA1AndAES_256()  {
+            super("PBEWithHmacSHA1AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA224AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA224AndAES_256()  {
+            super("PBEWithHmacSHA224AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA256AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA256AndAES_256()  {
+            super("PBEWithHmacSHA256AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA384AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA384AndAES_256()  {
+            super("PBEWithHmacSHA384AndAES_256");
+        }
+    }
+
+    public static final class PBEWithHmacSHA512AndAES_256
+            extends PBEKeyFactory {
+        public PBEWithHmacSHA512AndAES_256()  {
+            super("PBEWithHmacSHA512AndAES_256");
+        }
+    }
 
     /**
      * Generates a <code>SecretKey</code> object from the provided key
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEParameters.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,9 @@
     // the iteration count
     private int iCount = 0;
 
+    // the cipher parameter
+    private AlgorithmParameterSpec cipherParam = null;
+
     protected void engineInit(AlgorithmParameterSpec paramSpec)
         throws InvalidParameterSpecException
    {
@@ -66,6 +69,7 @@
        }
        this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
        this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+       this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
     }
 
     protected void engineInit(byte[] encoded)
@@ -102,7 +106,8 @@
         throws InvalidParameterSpecException
     {
         if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
-            return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
+            return paramSpec.cast(
+                new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
         } else {
             throw new InvalidParameterSpecException
                 ("Inappropriate parameter specification");
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+final class PBES1Core {
+
+    // the encapsulated DES cipher
+    private CipherCore cipher;
+    private MessageDigest md;
+    private int blkSize;
+    private String algo = null;
+    private byte[] salt = null;
+    private int iCount = 10;
+
+    /**
+     * Creates an instance of PBE Cipher using the specified CipherSpi
+     * instance.
+     *
+     */
+    PBES1Core(String cipherAlg) throws NoSuchAlgorithmException,
+        NoSuchPaddingException {
+        algo = cipherAlg;
+        if (algo.equals("DES")) {
+            cipher = new CipherCore(new DESCrypt(),
+                                    DESConstants.DES_BLOCK_SIZE);
+        } else if (algo.equals("DESede")) {
+
+            cipher = new CipherCore(new DESedeCrypt(),
+                                    DESConstants.DES_BLOCK_SIZE);
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation " +
+                                               "for PBEWithMD5And" + algo);
+        }
+        cipher.setMode("CBC");
+        cipher.setPadding("PKCS5Padding");
+        // get instance of MD5
+        md = MessageDigest.getInstance("MD5");
+    }
+
+    /**
+     * Sets the mode of this cipher. This algorithm can only be run in CBC
+     * mode.
+     *
+     * @param mode the cipher mode
+     *
+     * @exception NoSuchAlgorithmException if the requested cipher mode is
+     * invalid
+     */
+    void setMode(String mode) throws NoSuchAlgorithmException {
+        cipher.setMode(mode);
+    }
+
+     /**
+     * Sets the padding mechanism of this cipher. This algorithm only uses
+     * PKCS #5 padding.
+     *
+     * @param padding the padding mechanism
+     *
+     * @exception NoSuchPaddingException if the requested padding mechanism
+     * is invalid
+     */
+    void setPadding(String paddingScheme) throws NoSuchPaddingException {
+        cipher.setPadding(paddingScheme);
+    }
+
+    /**
+     * Returns the block size (in bytes).
+     *
+     * @return the block size (in bytes)
+     */
+    int getBlockSize() {
+        return DESConstants.DES_BLOCK_SIZE;
+    }
+
+    /**
+     * Returns the length in bytes that an output buffer would need to be in
+     * order to hold the result of the next <code>update</code> or
+     * <code>doFinal</code> operation, given the input length
+     * <code>inputLen</code> (in bytes).
+     *
+     * <p>This call takes into account any unprocessed (buffered) data from a
+     * previous <code>update</code> call, and padding.
+     *
+     * <p>The actual output length of the next <code>update</code> or
+     * <code>doFinal</code> call may be smaller than the length returned by
+     * this method.
+     *
+     * @param inputLen the input length (in bytes)
+     *
+     * @return the required output buffer size (in bytes)
+     *
+     */
+    int getOutputSize(int inputLen) {
+        return cipher.getOutputSize(inputLen);
+    }
+
+    /**
+     * Returns the initialization vector (IV) in a new buffer.
+     *
+     * <p> This is useful in the case where a random IV has been created
+     * (see <a href = "#init">init</a>),
+     * or in the context of password-based encryption or
+     * decryption, where the IV is derived from a user-supplied password.
+     *
+     * @return the initialization vector in a new buffer, or null if the
+     * underlying algorithm does not use an IV, or if the IV has not yet
+     * been set.
+     */
+    byte[] getIV() {
+        return cipher.getIV();
+    }
+
+    /**
+     * Returns the parameters used with this cipher.
+     *
+     * <p>The returned parameters may be the same that were used to initialize
+     * this cipher, or may contain the default set of parameters or a set of
+     * randomly generated parameters used by the underlying cipher
+     * implementation (provided that the underlying cipher implementation
+     * uses a default set of parameters or creates new parameters if it needs
+     * parameters but was not initialized with any).
+     *
+     * @return the parameters used with this cipher, or null if this cipher
+     * does not use any parameters.
+     */
+    AlgorithmParameters getParameters() {
+        AlgorithmParameters params = null;
+        if (salt == null) {
+            salt = new byte[8];
+            SunJCE.RANDOM.nextBytes(salt);
+        }
+        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
+        try {
+            params = AlgorithmParameters.getInstance("PBEWithMD5And" +
+                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        } catch (NoSuchProviderException nspe) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        }
+        try {
+            params.init(pbeSpec);
+        } catch (InvalidParameterSpecException ipse) {
+            // should never happen
+            throw new RuntimeException("PBEParameterSpec not supported");
+        }
+        return params;
+    }
+
+    /**
+     * Initializes this cipher with a key, a set of
+     * algorithm parameters, and a source of randomness.
+     * The cipher is initialized for one of the following four operations:
+     * encryption, decryption, key wrapping or key unwrapping, depending on
+     * the value of <code>opmode</code>.
+     *
+     * <p>If this cipher (including its underlying feedback or padding scheme)
+     * requires any random bytes, it will get them from <code>random</code>.
+     *
+     * @param opmode the operation mode of this cipher (this is one of
+     * the following:
+     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
+     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * @param key the encryption key
+     * @param params the algorithm parameters
+     * @param random the source of randomness
+     *
+     * @exception InvalidKeyException if the given key is inappropriate for
+     * initializing this cipher
+     * @exception InvalidAlgorithmParameterException if the given algorithm
+     * parameters are inappropriate for this cipher
+     */
+    void init(int opmode, Key key, AlgorithmParameterSpec params,
+              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (((opmode == Cipher.DECRYPT_MODE) ||
+             (opmode == Cipher.UNWRAP_MODE)) && (params == null)) {
+            throw new InvalidAlgorithmParameterException("Parameters "
+                                                         + "missing");
+        }
+        if ((key == null) ||
+            (key.getEncoded() == null) ||
+            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+            throw new InvalidKeyException("Missing password");
+        }
+
+        if (params == null) {
+            // create random salt and use default iteration count
+            salt = new byte[8];
+            random.nextBytes(salt);
+        } else {
+            if (!(params instanceof PBEParameterSpec)) {
+                throw new InvalidAlgorithmParameterException
+                    ("Wrong parameter type: PBE expected");
+            }
+            salt = ((PBEParameterSpec) params).getSalt();
+            // salt must be 8 bytes long (by definition)
+            if (salt.length != 8) {
+                throw new InvalidAlgorithmParameterException
+                    ("Salt must be 8 bytes long");
+            }
+            iCount = ((PBEParameterSpec) params).getIterationCount();
+            if (iCount <= 0) {
+                throw new InvalidAlgorithmParameterException
+                    ("IterationCount must be a positive number");
+            }
+        }
+
+        byte[] derivedKey = deriveCipherKey(key);
+        // use all but the last 8 bytes as the key value
+        SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
+                                                    derivedKey.length-8, algo);
+        // use the last 8 bytes as the IV
+        IvParameterSpec ivSpec = new IvParameterSpec(derivedKey,
+                                                     derivedKey.length-8,
+                                                     8);
+        // initialize the underlying cipher
+        cipher.init(opmode, cipherKey, ivSpec, random);
+    }
+
+    private byte[] deriveCipherKey(Key key) {
+
+        byte[] result = null;
+        byte[] passwdBytes = key.getEncoded();
+
+        if (algo.equals("DES")) {
+            // P || S (password concatenated with salt)
+            byte[] concat = new byte[passwdBytes.length + salt.length];
+            System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
+            java.util.Arrays.fill(passwdBytes, (byte)0x00);
+            System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
+
+            // digest P || S with c iterations
+            byte[] toBeHashed = concat;
+            for (int i = 0; i < iCount; i++) {
+                md.update(toBeHashed);
+                toBeHashed = md.digest(); // this resets the digest
+            }
+            java.util.Arrays.fill(concat, (byte)0x00);
+            result = toBeHashed;
+        } else if (algo.equals("DESede")) {
+            // if the 2 salt halves are the same, invert one of them
+            int i;
+            for (i=0; i<4; i++) {
+                if (salt[i] != salt[i+4])
+                    break;
+            }
+            if (i==4) { // same, invert 1st half
+                for (i=0; i<2; i++) {
+                    byte tmp = salt[i];
+                    salt[i] = salt[3-i];
+                    salt[3-1] = tmp;
+                }
+            }
+
+            // Now digest each half (concatenated with password). For each
+            // half, go through the loop as many times as specified by the
+            // iteration count parameter (inner for loop).
+            // Concatenate the output from each digest round with the
+            // password, and use the result as the input to the next digest
+            // operation.
+            byte[] kBytes = null;
+            IvParameterSpec iv = null;
+            byte[] toBeHashed = null;
+            result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
+                              DESConstants.DES_BLOCK_SIZE];
+            for (i = 0; i < 2; i++) {
+                toBeHashed = new byte[salt.length/2];
+                System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0,
+                                 toBeHashed.length);
+                for (int j=0; j < iCount; j++) {
+                    md.update(toBeHashed);
+                    md.update(passwdBytes);
+                    toBeHashed = md.digest(); // this resets the digest
+                }
+                System.arraycopy(toBeHashed, 0, result, i*16,
+                                 toBeHashed.length);
+            }
+        }
+        return result;
+    }
+
+    void init(int opmode, Key key, AlgorithmParameters params,
+              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        PBEParameterSpec pbeSpec = null;
+        if (params != null) {
+            try {
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+            } catch (InvalidParameterSpecException ipse) {
+                throw new InvalidAlgorithmParameterException("Wrong parameter "
+                                                             + "type: PBE "
+                                                             + "expected");
+            }
+        }
+        init(opmode, key, pbeSpec, random);
+    }
+
+    /**
+     * Continues a multiple-part encryption or decryption operation
+     * (depending on how this cipher was initialized), processing another data
+     * part.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, are processed, and the
+     * result is stored in a new buffer.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     *
+     * @return the new buffer with the result
+     *
+     */
+    byte[] update(byte[] input, int inputOffset, int inputLen) {
+        return cipher.update(input, inputOffset, inputLen);
+    }
+
+    /**
+     * Continues a multiple-part encryption or decryption operation
+     * (depending on how this cipher was initialized), processing another data
+     * part.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, are processed, and the
+     * result is stored in the <code>output</code> buffer, starting at
+     * <code>outputOffset</code>.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     * @param output the buffer for the result
+     * @param outputOffset the offset in <code>output</code> where the result
+     * is stored
+     *
+     * @return the number of bytes stored in <code>output</code>
+     *
+     * @exception ShortBufferException if the given output buffer is too small
+     * to hold the result
+     */
+    int update(byte[] input, int inputOffset, int inputLen,
+               byte[] output, int outputOffset)
+        throws ShortBufferException {
+        return cipher.update(input, inputOffset, inputLen,
+                             output, outputOffset);
+    }
+
+    /**
+     * Encrypts or decrypts data in a single-part operation,
+     * or finishes a multiple-part operation.
+     * The data is encrypted or decrypted, depending on how this cipher was
+     * initialized.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, and any input bytes that
+     * may have been buffered during a previous <code>update</code> operation,
+     * are processed, with padding (if requested) being applied.
+     * The result is stored in a new buffer.
+     *
+     * <p>The cipher is reset to its initial state (uninitialized) after this
+     * call.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     *
+     * @return the new buffer with the result
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block cipher,
+     * no padding has been requested (only in encryption mode), and the total
+     * input length of the data processed by this cipher is not a multiple of
+     * block size
+     * @exception BadPaddingException if decrypting and padding is choosen,
+     * but the last input data does not have proper padding bytes.
+     */
+    byte[] doFinal(byte[] input, int inputOffset, int inputLen)
+        throws IllegalBlockSizeException, BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen);
+    }
+
+    /**
+     * Encrypts or decrypts data in a single-part operation,
+     * or finishes a multiple-part operation.
+     * The data is encrypted or decrypted, depending on how this cipher was
+     * initialized.
+     *
+     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+     * buffer, starting at <code>inputOffset</code>, and any input bytes that
+     * may have been buffered during a previous <code>update</code> operation,
+     * are processed, with padding (if requested) being applied.
+     * The result is stored in the <code>output</code> buffer, starting at
+     * <code>outputOffset</code>.
+     *
+     * <p>The cipher is reset to its initial state (uninitialized) after this
+     * call.
+     *
+     * @param input the input buffer
+     * @param inputOffset the offset in <code>input</code> where the input
+     * starts
+     * @param inputLen the input length
+     * @param output the buffer for the result
+     * @param outputOffset the offset in <code>output</code> where the result
+     * is stored
+     *
+     * @return the number of bytes stored in <code>output</code>
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block cipher,
+     * no padding has been requested (only in encryption mode), and the total
+     * input length of the data processed by this cipher is not a multiple of
+     * block size
+     * @exception ShortBufferException if the given output buffer is too small
+     * to hold the result
+     * @exception BadPaddingException if decrypting and padding is choosen,
+     * but the last input data does not have proper padding bytes.
+     */
+    int doFinal(byte[] input, int inputOffset, int inputLen,
+                byte[] output, int outputOffset)
+        throws ShortBufferException, IllegalBlockSizeException,
+               BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen,
+                                    output, outputOffset);
+    }
+
+    /**
+     * Wrap a key.
+     *
+     * @param key the key to be wrapped.
+     *
+     * @return the wrapped key.
+     *
+     * @exception IllegalBlockSizeException if this cipher is a block
+     * cipher, no padding has been requested, and the length of the
+     * encoding of the key to be wrapped is not a
+     * multiple of the block size.
+     *
+     * @exception InvalidKeyException if it is impossible or unsafe to
+     * wrap the key with this cipher (e.g., a hardware protected key is
+     * being passed to a software only cipher).
+     */
+    byte[] wrap(Key key)
+        throws IllegalBlockSizeException, InvalidKeyException {
+        byte[] result = null;
+
+        try {
+            byte[] encodedKey = key.getEncoded();
+            if ((encodedKey == null) || (encodedKey.length == 0)) {
+                throw new InvalidKeyException("Cannot get an encoding of " +
+                                              "the key to be wrapped");
+            }
+
+            result = doFinal(encodedKey, 0, encodedKey.length);
+        } catch (BadPaddingException e) {
+            // Should never happen
+        }
+
+        return result;
+    }
+
+    /**
+     * Unwrap a previously wrapped key.
+     *
+     * @param wrappedKey the key to be unwrapped.
+     *
+     * @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
+     *
+     * @param wrappedKeyType the type of the wrapped key.
+     * This is one of <code>Cipher.SECRET_KEY</code>,
+     * <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>.
+     *
+     * @return the unwrapped key.
+     *
+     * @exception NoSuchAlgorithmException if no installed providers
+     * can create keys of type <code>wrappedKeyType</code> for the
+     * <code>wrappedKeyAlgorithm</code>.
+     *
+     * @exception InvalidKeyException if <code>wrappedKey</code> does not
+     * represent a wrapped key of type <code>wrappedKeyType</code> for
+     * the <code>wrappedKeyAlgorithm</code>.
+     */
+    Key unwrap(byte[] wrappedKey,
+               String wrappedKeyAlgorithm,
+               int wrappedKeyType)
+        throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] encodedKey;
+        try {
+            encodedKey = doFinal(wrappedKey, 0, wrappedKey.length);
+        } catch (BadPaddingException ePadding) {
+            throw new InvalidKeyException("The wrapped key is not padded " +
+                                          "correctly");
+        } catch (IllegalBlockSizeException eBlockSize) {
+            throw new InvalidKeyException("The wrapped key does not have " +
+                                          "the correct length");
+        }
+        return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm,
+                                          wrappedKeyType);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.interfaces.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ * These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
+ * Padding is done as described in PKCS #5.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+abstract class PBES2Core extends CipherSpi {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    // the encapsulated cipher
+    private final CipherCore cipher;
+    private final int keyLength; // in bits
+    private final int blkSize; // in bits
+    private final PBKDF2Core kdf;
+    private final String pbeAlgo;
+    private final String cipherAlgo;
+    private int iCount = DEFAULT_COUNT;
+    private byte[] salt = null;
+    private IvParameterSpec ivSpec = null;
+
+    /**
+     * Creates an instance of PBE Scheme 2 according to the selected
+     * password-based key derivation function and encryption scheme.
+     */
+    PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
+        throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+        this.cipherAlgo = cipherAlgo;
+        keyLength = keySize * 8;
+        pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
+
+        if (cipherAlgo.equals("AES")) {
+            blkSize = AESConstants.AES_BLOCK_SIZE;
+            cipher = new CipherCore(new AESCrypt(), blkSize);
+
+            switch(kdfAlgo) {
+            case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+            case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+            case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+            case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+            case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+            default:
+                throw new NoSuchAlgorithmException(
+                    "No Cipher implementation for " + kdfAlgo);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation for " +
+                                               pbeAlgo);
+        }
+        cipher.setMode("CBC");
+        cipher.setPadding("PKCS5Padding");
+    }
+
+    protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+        if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
+            throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
+        }
+    }
+
+    protected void engineSetPadding(String paddingScheme)
+        throws NoSuchPaddingException {
+        if ((paddingScheme != null) &&
+            (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
+            throw new NoSuchPaddingException("Invalid padding scheme: " +
+                                             paddingScheme);
+        }
+    }
+
+    protected int engineGetBlockSize() {
+        return blkSize;
+    }
+
+    protected int engineGetOutputSize(int inputLen) {
+        return cipher.getOutputSize(inputLen);
+    }
+
+    protected byte[] engineGetIV() {
+        return cipher.getIV();
+    }
+
+    protected AlgorithmParameters engineGetParameters() {
+        AlgorithmParameters params = null;
+        if (salt == null) {
+            // generate random salt and use default iteration count
+            salt = new byte[DEFAULT_SALT_LENGTH];
+            SunJCE.RANDOM.nextBytes(salt);
+            iCount = DEFAULT_COUNT;
+        }
+        if (ivSpec == null) {
+            // generate random IV
+            byte[] ivBytes = new byte[blkSize];
+            SunJCE.RANDOM.nextBytes(ivBytes);
+            ivSpec = new IvParameterSpec(ivBytes);
+        }
+        PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
+        try {
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        } catch (NoSuchProviderException nspe) {
+            // should never happen
+            throw new RuntimeException("SunJCE called, but not configured");
+        }
+        try {
+            params.init(pbeSpec);
+        } catch (InvalidParameterSpecException ipse) {
+            // should never happen
+            throw new RuntimeException("PBEParameterSpec not supported");
+        }
+        return params;
+    }
+
+    protected void engineInit(int opmode, Key key, SecureRandom random)
+        throws InvalidKeyException {
+        try {
+            engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+        } catch (InvalidAlgorithmParameterException ie) {
+            InvalidKeyException ike =
+                new InvalidKeyException("requires PBE parameters");
+            ike.initCause(ie);
+            throw ike;
+        }
+    }
+
+    protected void engineInit(int opmode, Key key,
+                              AlgorithmParameterSpec params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+        if ((key == null) ||
+            (key.getEncoded() == null) ||
+            !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+            throw new InvalidKeyException("Missing password");
+        }
+
+        // TBD: consolidate the salt, ic and IV parameter checks below
+
+        // Extract salt and iteration count from the key, if present
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+            if (salt != null && salt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+            if (iCount == 0) {
+                iCount = DEFAULT_COUNT;
+            } else if (iCount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+        }
+
+        // Extract salt, iteration count and IV from the params, if present
+        if (params == null) {
+            if (salt == null) {
+                // generate random salt and use default iteration count
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                random.nextBytes(salt);
+                iCount = DEFAULT_COUNT;
+            }
+            if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            }
+        } else {
+            if (!(params instanceof PBEParameterSpec)) {
+                throw new InvalidAlgorithmParameterException
+                    ("Wrong parameter type: PBE expected");
+            }
+            // salt and iteration count from the params take precedence
+            byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+            if (specSalt != null && specSalt.length < 8) {
+                throw new InvalidAlgorithmParameterException(
+                    "Salt must be at least 8 bytes long");
+            }
+            salt = specSalt;
+            int specICount = ((PBEParameterSpec) params).getIterationCount();
+            if (specICount == 0) {
+                specICount = DEFAULT_COUNT;
+            } else if (specICount < 0) {
+                throw new InvalidAlgorithmParameterException(
+                    "Iteration count must be a positive number");
+            }
+            iCount = specICount;
+
+            AlgorithmParameterSpec specParams =
+                ((PBEParameterSpec) params).getParameterSpec();
+            if (specParams != null) {
+                if (specParams instanceof IvParameterSpec) {
+                    ivSpec = (IvParameterSpec)specParams;
+                } else {
+                    throw new InvalidAlgorithmParameterException(
+                        "Wrong parameter type: IV expected");
+                }
+            } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+                        (opmode == Cipher.WRAP_MODE)) {
+                // generate random IV
+                byte[] ivBytes = new byte[blkSize];
+                random.nextBytes(ivBytes);
+                ivSpec = new IvParameterSpec(ivBytes);
+            } else {
+                throw new InvalidAlgorithmParameterException(
+                    "Missing parameter type: IV expected");
+            }
+        }
+
+        SecretKeySpec cipherKey = null;
+        byte[] derivedKey = null;
+        byte[] passwdBytes = key.getEncoded();
+        char[] passwdChars = new char[passwdBytes.length];
+
+        for (int i=0; i<passwdChars.length; i++)
+            passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+        java.util.Arrays.fill(passwdBytes, (byte)0x00);
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        derivedKey = s.getEncoded();
+        cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
+
+        // initialize the underlying cipher
+        cipher.init(opmode, cipherKey, ivSpec, random);
+    }
+
+    protected void engineInit(int opmode, Key key, AlgorithmParameters params,
+                              SecureRandom random)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        AlgorithmParameterSpec pbeSpec = null;
+        if (params != null) {
+            try {
+                pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+            } catch (InvalidParameterSpecException ipse) {
+                throw new InvalidAlgorithmParameterException(
+                    "Wrong parameter type: PBE expected");
+            }
+        }
+        engineInit(opmode, key, pbeSpec, random);
+    }
+
+    protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+        return cipher.update(input, inputOffset, inputLen);
+    }
+
+    protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+                               byte[] output, int outputOffset)
+        throws ShortBufferException {
+        return cipher.update(input, inputOffset, inputLen,
+                             output, outputOffset);
+    }
+
+    protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+        throws IllegalBlockSizeException, BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen);
+    }
+
+    protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+                                byte[] output, int outputOffset)
+        throws ShortBufferException, IllegalBlockSizeException,
+               BadPaddingException {
+        return cipher.doFinal(input, inputOffset, inputLen,
+                              output, outputOffset);
+    }
+
+    protected int engineGetKeySize(Key key) throws InvalidKeyException {
+        return keyLength;
+    }
+
+    protected byte[] engineWrap(Key key)
+        throws IllegalBlockSizeException, InvalidKeyException {
+        return cipher.wrap(key);
+    }
+
+    protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+                               int wrappedKeyType)
+        throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] encodedKey;
+        return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
+                             wrappedKeyType);
+    }
+
+    public static final class HmacSHA1AndAES_128 extends PBES2Core {
+        public HmacSHA1AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_128 extends PBES2Core {
+        public HmacSHA224AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_128 extends PBES2Core {
+        public HmacSHA256AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_128 extends PBES2Core {
+        public HmacSHA384AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_128 extends PBES2Core {
+        public HmacSHA512AndAES_128()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 16);
+        }
+    }
+
+    public static final class HmacSHA1AndAES_256 extends PBES2Core {
+        public HmacSHA1AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA1", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA224AndAES_256 extends PBES2Core {
+        public HmacSHA224AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA224", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA256AndAES_256 extends PBES2Core {
+        public HmacSHA256AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA256", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA384AndAES_256 extends PBES2Core {
+        public HmacSHA384AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA384", "AES", 32);
+        }
+    }
+
+    public static final class HmacSHA512AndAES_256 extends PBES2Core {
+        public HmacSHA512AndAES_256()
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+            super("HmacSHA512", "AES", 32);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,522 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.*;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+import java.security.AlgorithmParametersSpi;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+import sun.misc.HexDumpEncoder;
+import sun.security.util.*;
+
+/**
+ * This class implements the parameter set used with password-based
+ * encryption scheme 2 (PBES2), which is defined in PKCS#5 as follows:
+ *
+ * <pre>
+ * -- PBES2
+ *
+ * PBES2Algorithms ALGORITHM-IDENTIFIER ::=
+ *   { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
+ *
+ * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+ *
+ * PBES2-params ::= SEQUENCE {
+ *   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+ *   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
+ *
+ * PBES2-KDFs ALGORITHM-IDENTIFIER ::=
+ *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * -- PBKDF2
+ *
+ * PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+ *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+ *
+ * id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+ *
+ * PBKDF2-params ::= SEQUENCE {
+ *     salt CHOICE {
+ *       specified OCTET STRING,
+ *       otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+ *     },
+ *     iterationCount INTEGER (1..MAX),
+ *     keyLength INTEGER (1..MAX) OPTIONAL,
+ *     prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+ * }
+ *
+ * PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+ *     {NULL IDENTIFIED BY id-hmacWithSHA1} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA224} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA256} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA384} |
+ *     {NULL IDENTIFIED BY id-hmacWithSHA512}, ... }
+ *
+ * algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+ *     {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+ *
+ * id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * </pre>
+ */
+
+abstract class PBES2Parameters extends AlgorithmParametersSpi {
+
+    private static final int pkcs5PBKDF2[] =
+                                        {1, 2, 840, 113549, 1, 5, 12};
+    private static final int pkcs5PBES2[] =
+                                        {1, 2, 840, 113549, 1, 5, 13};
+    private static final int hmacWithSHA1[] =
+                                        {1, 2, 840, 113549, 2, 7};
+    private static final int hmacWithSHA224[] =
+                                        {1, 2, 840, 113549, 2, 8};
+    private static final int hmacWithSHA256[] =
+                                        {1, 2, 840, 113549, 2, 9};
+    private static final int hmacWithSHA384[] =
+                                        {1, 2, 840, 113549, 2, 10};
+    private static final int hmacWithSHA512[] =
+                                        {1, 2, 840, 113549, 2, 11};
+    private static final int aes128CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 2};
+    private static final int aes192CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 22};
+    private static final int aes256CBC[] =
+                                        {2, 16, 840, 1, 101, 3, 4, 1, 42};
+
+    private static ObjectIdentifier pkcs5PBKDF2_OID;
+    private static ObjectIdentifier pkcs5PBES2_OID;
+    private static ObjectIdentifier hmacWithSHA1_OID;
+    private static ObjectIdentifier hmacWithSHA224_OID;
+    private static ObjectIdentifier hmacWithSHA256_OID;
+    private static ObjectIdentifier hmacWithSHA384_OID;
+    private static ObjectIdentifier hmacWithSHA512_OID;
+    private static ObjectIdentifier aes128CBC_OID;
+    private static ObjectIdentifier aes192CBC_OID;
+    private static ObjectIdentifier aes256CBC_OID;
+
+    static {
+        try {
+            pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
+            pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
+            hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
+            hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
+            hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
+            hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
+            hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
+            aes128CBC_OID = new ObjectIdentifier(aes128CBC);
+            aes192CBC_OID = new ObjectIdentifier(aes192CBC);
+            aes256CBC_OID = new ObjectIdentifier(aes256CBC);
+        } catch (IOException ioe) {
+            // should not happen
+        }
+    }
+
+    // the PBES2 algorithm name
+    private String pbes2AlgorithmName = null;
+
+    // the salt
+    private byte[] salt = null;
+
+    // the iteration count
+    private int iCount = 0;
+
+    // the cipher parameter
+    private AlgorithmParameterSpec cipherParam = null;
+
+    // the key derivation function (default is HmacSHA1)
+    private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+
+    // the encryption function
+    private ObjectIdentifier cipherAlgo_OID = null;
+
+    // the cipher keysize (in bits)
+    private int keysize = -1;
+
+    PBES2Parameters() {
+        // KDF, encryption & keysize values are set later, in engineInit(byte[])
+    }
+
+    PBES2Parameters(String pbes2AlgorithmName) throws NoSuchAlgorithmException {
+        int and;
+        String kdfAlgo = null;
+        String cipherAlgo = null;
+
+        // Extract the KDF and encryption algorithm names
+        this.pbes2AlgorithmName = pbes2AlgorithmName;
+        if (pbes2AlgorithmName.startsWith("PBEWith") &&
+            (and = pbes2AlgorithmName.indexOf("And", 7 + 1)) > 0) {
+            kdfAlgo = pbes2AlgorithmName.substring(7, and);
+            cipherAlgo = pbes2AlgorithmName.substring(and + 3);
+
+            // Check for keysize
+            int underscore;
+            if ((underscore = cipherAlgo.indexOf('_')) > 0) {
+                int slash;
+                if ((slash = cipherAlgo.indexOf('/', underscore + 1)) > 0) {
+                    keysize =
+                        Integer.parseInt(cipherAlgo.substring(underscore + 1,
+                            slash));
+                } else {
+                    keysize =
+                        Integer.parseInt(cipherAlgo.substring(underscore + 1));
+                }
+                cipherAlgo = cipherAlgo.substring(0, underscore);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No crypto implementation for " +
+                pbes2AlgorithmName);
+        }
+
+        switch (kdfAlgo) {
+        case "HmacSHA1":
+            kdfAlgo_OID = hmacWithSHA1_OID;
+            break;
+        case "HmacSHA224":
+            kdfAlgo_OID = hmacWithSHA224_OID;
+            break;
+        case "HmacSHA256":
+            kdfAlgo_OID = hmacWithSHA256_OID;
+            break;
+        case "HmacSHA384":
+            kdfAlgo_OID = hmacWithSHA384_OID;
+            break;
+        case "HmacSHA512":
+            kdfAlgo_OID = hmacWithSHA512_OID;
+            break;
+        default:
+            throw new NoSuchAlgorithmException(
+                "No crypto implementation for " + kdfAlgo);
+        }
+
+        if (cipherAlgo.equals("AES")) {
+            this.keysize = keysize;
+            switch (keysize) {
+            case 128:
+                cipherAlgo_OID = aes128CBC_OID;
+                break;
+            case 256:
+                cipherAlgo_OID = aes256CBC_OID;
+                break;
+            default:
+                throw new NoSuchAlgorithmException(
+                    "No Cipher implementation for " + keysize + "-bit " +
+                        cipherAlgo);
+            }
+        } else {
+            throw new NoSuchAlgorithmException("No Cipher implementation for " +
+                cipherAlgo);
+        }
+    }
+
+    protected void engineInit(AlgorithmParameterSpec paramSpec)
+        throws InvalidParameterSpecException
+    {
+       if (!(paramSpec instanceof PBEParameterSpec)) {
+           throw new InvalidParameterSpecException
+               ("Inappropriate parameter specification");
+       }
+       this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
+       this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+       this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
+    }
+
+    protected void engineInit(byte[] encoded)
+        throws IOException
+    {
+        String kdfAlgo = null;
+        String cipherAlgo = null;
+
+        DerValue pBES2Algorithms = new DerValue(encoded);
+        if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                                  + "not an ASN.1 SEQUENCE tag");
+        }
+        if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for PBES2");
+        }
+        if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+
+        DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
+        if (pBES2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
+
+        if (pBES2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        cipherAlgo = parseES(pBES2_params.data.getDerValue());
+
+        pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+            .append(kdfAlgo).append("And").append(cipherAlgo).toString();
+    }
+
+    private String parseKDF(DerValue keyDerivationFunc) throws IOException {
+        String kdfAlgo = null;
+
+        if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for PBKDF2");
+        }
+        if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
+        if (pBKDF2_params.tag != DerValue.tag_Sequence) {
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 SEQUENCE tag");
+        }
+        DerValue specified = pBKDF2_params.data.getDerValue();
+        // the 'specified' ASN.1 CHOICE for 'salt' is supported
+        if (specified.tag == DerValue.tag_OctetString) {
+            salt = specified.getOctetString();
+        } else {
+            // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
+            throw new IOException("PBE parameter parsing error: "
+                + "not an ASN.1 OCTET STRING tag");
+        }
+        iCount = pBKDF2_params.data.getInteger();
+        DerValue keyLength = pBKDF2_params.data.getDerValue();
+        if (keyLength.tag == DerValue.tag_Integer) {
+            keysize = keyLength.getInteger() * 8; // keysize (in bits)
+        }
+        if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+            DerValue prf = pBKDF2_params.data.getDerValue();
+            kdfAlgo_OID = prf.data.getOID();
+            if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA1";
+            } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA224";
+            } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA256";
+            } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA384";
+            } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
+                kdfAlgo = "HmacSHA512";
+            } else {
+                throw new IOException("PBE parameter parsing error: "
+                    + "expecting the object identifier for a HmacSHA key "
+                    + "derivation function");
+            }
+            if (prf.data.available() != 0) {
+                // parameter is 'NULL' for all HmacSHA KDFs
+                DerValue parameter = prf.data.getDerValue();
+                if (parameter.tag != DerValue.tag_Null) {
+                    throw new IOException("PBE parameter parsing error: "
+                        + "not an ASN.1 NULL tag");
+                }
+            }
+        }
+
+        return kdfAlgo;
+    }
+
+    private String parseES(DerValue encryptionScheme) throws IOException {
+        String cipherAlgo = null;
+
+        cipherAlgo_OID = encryptionScheme.data.getOID();
+        if (aes128CBC_OID.equals(cipherAlgo_OID)) {
+            cipherAlgo = "AES_128";
+            // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+            cipherParam =
+                new IvParameterSpec(encryptionScheme.data.getOctetString());
+            keysize = 128;
+        } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
+            cipherAlgo = "AES_256";
+            // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+            cipherParam =
+                new IvParameterSpec(encryptionScheme.data.getOctetString());
+            keysize = 256;
+        } else {
+            throw new IOException("PBE parameter parsing error: "
+                + "expecting the object identifier for AES cipher");
+        }
+
+        return cipherAlgo;
+    }
+
+    protected void engineInit(byte[] encoded, String decodingMethod)
+        throws IOException
+    {
+        engineInit(encoded);
+    }
+
+    protected <T extends AlgorithmParameterSpec>
+            T engineGetParameterSpec(Class<T> paramSpec)
+        throws InvalidParameterSpecException
+    {
+        if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
+            return paramSpec.cast(
+                new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
+        } else {
+            throw new InvalidParameterSpecException
+                ("Inappropriate parameter specification");
+        }
+    }
+
+    protected byte[] engineGetEncoded() throws IOException {
+        DerOutputStream out = new DerOutputStream();
+        DerOutputStream pBES2Algorithms = new DerOutputStream();
+        pBES2Algorithms.putOID(pkcs5PBES2_OID);
+
+        DerOutputStream pBES2_params = new DerOutputStream();
+
+        DerOutputStream keyDerivationFunc = new DerOutputStream();
+        keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
+
+        DerOutputStream pBKDF2_params = new DerOutputStream();
+        pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
+        pBKDF2_params.putInteger(iCount);
+        pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+
+        DerOutputStream prf = new DerOutputStream();
+        // algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
+        prf.putOID(kdfAlgo_OID);
+        // parameters is 'NULL'
+        prf.putNull();
+        pBKDF2_params.write(DerValue.tag_Sequence, prf);
+
+        keyDerivationFunc.write(DerValue.tag_Sequence, pBKDF2_params);
+        pBES2_params.write(DerValue.tag_Sequence, keyDerivationFunc);
+
+        DerOutputStream encryptionScheme = new DerOutputStream();
+        // algorithm is id-aes128-CBC or id-aes256-CBC
+        encryptionScheme.putOID(cipherAlgo_OID);
+        // parameters is 'AES-IV ::= OCTET STRING (SIZE(16))'
+        if (cipherParam != null && cipherParam instanceof IvParameterSpec) {
+            encryptionScheme.putOctetString(
+                ((IvParameterSpec)cipherParam).getIV());
+        } else {
+            throw new IOException("Wrong parameter type: IV expected");
+        }
+        pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
+
+        pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
+        out.write(DerValue.tag_Sequence, pBES2Algorithms);
+
+        return out.toByteArray();
+    }
+
+    protected byte[] engineGetEncoded(String encodingMethod)
+        throws IOException
+    {
+        return engineGetEncoded();
+    }
+
+    /*
+     * Returns a formatted string describing the parameters.
+     *
+     * The algorithn name pattern is: "PBEWith<prf>And<encryption>"
+     * where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
+     * or HmacSHA512, and <encryption> is AES with a keysize suffix.
+     */
+    protected String engineToString() {
+        return pbes2AlgorithmName;
+    }
+
+    public static final class General extends PBES2Parameters {
+        public General() throws NoSuchAlgorithmException {
+            super();
+        }
+    }
+
+    public static final class HmacSHA1AndAES_128 extends PBES2Parameters {
+        public HmacSHA1AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA1AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA224AndAES_128 extends PBES2Parameters {
+        public HmacSHA224AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA224AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA256AndAES_128 extends PBES2Parameters {
+        public HmacSHA256AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA256AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA384AndAES_128 extends PBES2Parameters {
+        public HmacSHA384AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA384AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA512AndAES_128 extends PBES2Parameters {
+        public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA512AndAES_128");
+        }
+    }
+
+    public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
+        public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA1AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA224AndAES_256 extends PBES2Parameters {
+        public HmacSHA224AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA224AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA256AndAES_256 extends PBES2Parameters {
+        public HmacSHA256AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA256AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA384AndAES_256 extends PBES2Parameters {
+        public HmacSHA384AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA384AndAES_256");
+        }
+    }
+
+    public static final class HmacSHA512AndAES_256 extends PBES2Parameters {
+        public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
+            super("PBEWithHmacSHA512AndAES_256");
+        }
+    }
+}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
 public final class PBEWithMD5AndDESCipher extends CipherSpi {
 
     // the encapsulated DES cipher
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -58,7 +58,7 @@
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        core = new PBECipherCore("DES");
+        core = new PBES1Core("DES");
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@
  */
 public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
 
-    private PBECipherCore core;
+    private PBES1Core core;
 
     /**
      * Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -70,7 +70,7 @@
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
         // set the encapsulated cipher to do triple DES
-        core = new PBECipherCore("DESede");
+        core = new PBES1Core("DESede");
     }
 
     /**
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * This class implements a key factory for PBE keys derived using
+ * PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
+ * pseudo random function (PRF) as defined in PKCS#5 v2.1.
+ *
+ * @author Valerie Peng
+ *
+ */
+abstract class PBKDF2Core extends SecretKeyFactorySpi {
+
+    private final String prfAlgo;
+
+    PBKDF2Core(String prfAlgo) {
+        this.prfAlgo = prfAlgo;
+    }
+
+    /**
+     * Generates a <code>SecretKey</code> object from the provided key
+     * specification (key material).
+     *
+     * @param keySpec the specification (key material) of the secret key
+     *
+     * @return the secret key
+     *
+     * @exception InvalidKeySpecException if the given key specification
+     * is inappropriate for this key factory to produce a public key.
+     */
+    protected SecretKey engineGenerateSecret(KeySpec keySpec)
+        throws InvalidKeySpecException
+    {
+        if (!(keySpec instanceof PBEKeySpec)) {
+            throw new InvalidKeySpecException("Invalid key spec");
+        }
+        PBEKeySpec ks = (PBEKeySpec) keySpec;
+        return new PBKDF2KeyImpl(ks, prfAlgo);
+    }
+
+    /**
+     * Returns a specification (key material) of the given key
+     * in the requested format.
+     *
+     * @param key the key
+     *
+     * @param keySpec the requested format in which the key material shall be
+     * returned
+     *
+     * @return the underlying key specification (key material) in the
+     * requested format
+     *
+     * @exception InvalidKeySpecException if the requested key
+     * specification is inappropriate for the given key, or the
+     * given key cannot be processed (e.g., the given key has an
+     * unrecognized algorithm or format).
+     */
+    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
+        throws InvalidKeySpecException {
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            // Check if requested key spec is amongst the valid ones
+            if ((keySpecCl != null)
+                && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                return new PBEKeySpec
+                    (pKey.getPassword(), pKey.getSalt(),
+                     pKey.getIterationCount(), pKey.getEncoded().length*8);
+            } else {
+                throw new InvalidKeySpecException("Invalid key spec");
+            }
+        } else {
+            throw new InvalidKeySpecException("Invalid key " +
+                                               "format/algorithm");
+        }
+    }
+
+    /**
+     * Translates a <code>SecretKey</code> object, whose provider may be
+     * unknown or potentially untrusted, into a corresponding
+     * <code>SecretKey</code> object of this key factory.
+     *
+     * @param key the key whose provider is unknown or untrusted
+     *
+     * @return the translated key
+     *
+     * @exception InvalidKeyException if the given key cannot be processed by
+     * this key factory.
+     */
+    protected SecretKey engineTranslateKey(SecretKey key)
+        throws InvalidKeyException {
+        if ((key != null) &&
+            (key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
+            (key.getFormat().equalsIgnoreCase("RAW"))) {
+
+            // Check if key originates from this factory
+            if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
+                return key;
+            }
+            // Check if key implements the PBEKey
+            if (key instanceof javax.crypto.interfaces.PBEKey) {
+                javax.crypto.interfaces.PBEKey pKey =
+                    (javax.crypto.interfaces.PBEKey) key;
+                try {
+                    PBEKeySpec spec =
+                        new PBEKeySpec(pKey.getPassword(),
+                                       pKey.getSalt(),
+                                       pKey.getIterationCount(),
+                                       pKey.getEncoded().length*8);
+                    return new PBKDF2KeyImpl(spec, prfAlgo);
+                } catch (InvalidKeySpecException re) {
+                    InvalidKeyException ike = new InvalidKeyException
+                        ("Invalid key component(s)");
+                    ike.initCause(re);
+                    throw ike;
+                }
+            }
+        }
+        throw new InvalidKeyException("Invalid key format/algorithm");
+    }
+
+    public static final class HmacSHA1 extends PBKDF2Core {
+        public HmacSHA1() {
+            super("HmacSHA1");
+        }
+    }
+
+    public static final class HmacSHA224 extends PBKDF2Core {
+        public HmacSHA224() {
+            super("HmacSHA224");
+        }
+    }
+
+    public static final class HmacSHA256 extends PBKDF2Core {
+        public HmacSHA256() {
+            super("HmacSHA256");
+        }
+    }
+
+    public static final class HmacSHA384 extends PBKDF2Core {
+        public HmacSHA384() {
+            super("HmacSHA384");
+        }
+    }
+
+    public static final class HmacSHA512 extends PBKDF2Core {
+        public HmacSHA512() {
+            super("HmacSHA512");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.util.Arrays;
+import java.nio.ByteBuffer;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This is an implementation of the PBMAC1 algorithms as defined
+ * in PKCS#5 v2.1 standard.
+ */
+abstract class PBMAC1Core extends HmacCore {
+
+    private static final int DEFAULT_SALT_LENGTH = 20;
+    private static final int DEFAULT_COUNT = 4096;
+
+    private final String kdfAlgo;
+    private final String hashAlgo;
+    private final PBKDF2Core kdf;
+    private final int blockLength; // in octets
+
+    /**
+     * Creates an instance of PBMAC1 according to the selected
+     * password-based key derivation function.
+     */
+    PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
+        throws NoSuchAlgorithmException {
+
+        super(hashAlgo, blockLength);
+        this.kdfAlgo = kdfAlgo;
+        this.hashAlgo = hashAlgo;
+        this.blockLength = blockLength;
+
+        switch(kdfAlgo) {
+        case "HmacSHA1":
+                kdf = new PBKDF2Core.HmacSHA1();
+                break;
+        case "HmacSHA224":
+                kdf = new PBKDF2Core.HmacSHA224();
+                break;
+        case "HmacSHA256":
+                kdf = new PBKDF2Core.HmacSHA256();
+                break;
+        case "HmacSHA384":
+                kdf = new PBKDF2Core.HmacSHA384();
+                break;
+        case "HmacSHA512":
+                kdf = new PBKDF2Core.HmacSHA512();
+                break;
+        default:
+                throw new NoSuchAlgorithmException(
+                    "No MAC implementation for " + kdfAlgo);
+        }
+    }
+
+    /**
+     * Initializes the HMAC with the given secret key and algorithm parameters.
+     *
+     * @param key the secret key.
+     * @param params the algorithm parameters.
+     *
+     * @exception InvalidKeyException if the given key is inappropriate for
+     * initializing this MAC.
+     * @exception InvalidAlgorithmParameterException if the given algorithm
+     * parameters are inappropriate for this MAC.
+     */
+    protected void engineInit(Key key, AlgorithmParameterSpec params)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
+        char[] passwdChars;
+        byte[] salt = null;
+        int iCount = 0;
+        if (key instanceof javax.crypto.interfaces.PBEKey) {
+            javax.crypto.interfaces.PBEKey pbeKey =
+                (javax.crypto.interfaces.PBEKey) key;
+            passwdChars = pbeKey.getPassword();
+            salt = pbeKey.getSalt(); // maybe null if unspecified
+            iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
+        } else if (key instanceof SecretKey) {
+            byte[] passwdBytes = key.getEncoded();
+            if ((passwdBytes == null) ||
+                !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+                throw new InvalidKeyException("Missing password");
+            }
+            passwdChars = new char[passwdBytes.length];
+            for (int i=0; i<passwdChars.length; i++) {
+                passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+            }
+        } else {
+            throw new InvalidKeyException("SecretKey of PBE type required");
+        }
+        if (params == null) {
+            // generate default for salt and iteration count if necessary
+            if (salt == null) {
+                salt = new byte[DEFAULT_SALT_LENGTH];
+                SunJCE.RANDOM.nextBytes(salt);
+            }
+            if (iCount == 0) iCount = DEFAULT_COUNT;
+        } else if (!(params instanceof PBEParameterSpec)) {
+            throw new InvalidAlgorithmParameterException
+                ("PBEParameterSpec type required");
+        } else {
+            PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+            // make sure the parameter values are consistent
+            if (salt != null) {
+                if (!Arrays.equals(salt, pbeParams.getSalt())) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Inconsistent value of salt between key and params");
+                }
+            } else {
+                salt = pbeParams.getSalt();
+            }
+            if (iCount != 0) {
+                if (iCount != pbeParams.getIterationCount()) {
+                    throw new InvalidAlgorithmParameterException
+                        ("Different iteration count between key and params");
+                }
+            } else {
+                iCount = pbeParams.getIterationCount();
+            }
+        }
+        // For security purpose, we need to enforce a minimum length
+        // for salt; just require the minimum salt length to be 8-byte
+        // which is what PKCS#5 recommends and openssl does.
+        if (salt.length < 8) {
+            throw new InvalidAlgorithmParameterException
+                ("Salt must be at least 8 bytes long");
+        }
+        if (iCount <= 0) {
+            throw new InvalidAlgorithmParameterException
+                ("IterationCount must be a positive number");
+        }
+
+        PBEKeySpec pbeSpec =
+            new PBEKeySpec(passwdChars, salt, iCount, blockLength);
+            // password char[] was cloned in PBEKeySpec constructor,
+            // so we can zero it out here
+        java.util.Arrays.fill(passwdChars, ' ');
+
+        SecretKey s = null;
+
+        try {
+            s = kdf.engineGenerateSecret(pbeSpec);
+
+        } catch (InvalidKeySpecException ikse) {
+            InvalidKeyException ike =
+                new InvalidKeyException("Cannot construct PBE key");
+            ike.initCause(ikse);
+            throw ike;
+        }
+        byte[] derivedKey = s.getEncoded();
+        SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
+
+        super.engineInit(cipherKey, null);
+    }
+
+    public static final class HmacSHA1 extends PBMAC1Core {
+        public HmacSHA1() throws NoSuchAlgorithmException {
+            super("HmacSHA1", "SHA1", 64);
+        }
+    }
+
+    public static final class HmacSHA224 extends PBMAC1Core {
+        public HmacSHA224() throws NoSuchAlgorithmException {
+            super("HmacSHA224", "SHA-224", 64);
+        }
+    }
+
+    public static final class HmacSHA256 extends PBMAC1Core {
+        public HmacSHA256() throws NoSuchAlgorithmException {
+            super("HmacSHA256", "SHA-256", 64);
+        }
+    }
+
+    public static final class HmacSHA384 extends PBMAC1Core {
+        public HmacSHA384() throws NoSuchAlgorithmException {
+            super("HmacSHA384", "SHA-384", 128);
+        }
+    }
+
+    public static final class HmacSHA512 extends PBMAC1Core {
+        public HmacSHA512() throws NoSuchAlgorithmException {
+            super("HmacSHA512", "SHA-512", 128);
+        }
+    }
+}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,19 +35,24 @@
 
 /**
  * This class implements password-base encryption algorithm with
- * SHA1 digest and the following Ciphers in CBC mode
+ * SHA1 digest and the following Ciphers (in CBC mode, where applicable):
  * - DESede cipher and
- * - RC2 Cipher with 40-bit effective key length
+ * - RC2 Cipher with 40-bit or 128-bit effective key length and
+ * - RC4 Cipher with 40-bit or 128-bit effective key length
  * as defined by PKCS #12 version 1.0 standard.
  *
  * @author Valerie Peng
  * @see javax.crypto.CipherSpi
  */
 final class PKCS12PBECipherCore {
+
+    // TBD: replace CipherCore with a CipherSpi object to simplify maintenance
+
     private CipherCore cipher;
     private int blockSize;
     private int keySize;
     private String algo = null;
+    private String pbeAlgo = null;
     private byte[] salt = null;
     private int iCount = 0;
 
@@ -58,8 +63,16 @@
     static final int CIPHER_IV = 2;
     static final int MAC_KEY = 3;
 
+    // Uses default hash algorithm (SHA-1)
     static byte[] derive(char[] chars, byte[] salt,
                          int ic, int n, int type) {
+        return derive(chars, salt, ic, n, type, "SHA-1", 64);
+    }
+
+    // Uses supplied hash algorithm
+    static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
+        String hashAlgo, int blockLength) {
+
         // Add in trailing NULL terminator.  Special case:
         // no terminator if password is "\0".
         int length = chars.length*2;
@@ -75,21 +88,23 @@
             passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
             passwd[j+1] = (byte) (chars[i] & 0xFF);
         }
-        int v = 512 / 8;
-        int u = 160 / 8;
-        int c = roundup(n, u) / u;
-        byte[] D = new byte[v];
-        int s = roundup(salt.length, v);
-        int p = roundup(passwd.length, v);
-        byte[] I = new byte[s + p];
         byte[] key = new byte[n];
 
-        Arrays.fill(D, (byte)type);
-        concat(salt, I, 0, s);
-        concat(passwd, I, s, p);
+        try {
+            MessageDigest sha = MessageDigest.getInstance(hashAlgo);
 
-        try {
-            MessageDigest sha = MessageDigest.getInstance("SHA1");
+            int v = blockLength;
+            int u = sha.getDigestLength();
+            int c = roundup(n, u) / u;
+            byte[] D = new byte[v];
+            int s = roundup(salt.length, v);
+            int p = roundup(passwd.length, v);
+            byte[] I = new byte[s + p];
+
+            Arrays.fill(D, (byte)type);
+            concat(salt, I, 0, s);
+            concat(passwd, I, s, p);
+
             byte[] Ai;
             byte[] B = new byte[v];
             byte[] tmp = new byte[v];
@@ -150,23 +165,30 @@
 
     PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
         throws NoSuchAlgorithmException {
+
         algo = symmCipherAlg;
-        SymmetricCipher symmCipher = null;
-        if (algo.equals("DESede")) {
-            symmCipher = new DESedeCrypt();
-        } else if (algo.equals("RC2")) {
-            symmCipher = new RC2Crypt();
+        if (algo.equals("RC4")) {
+            pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
         } else {
-            throw new NoSuchAlgorithmException("No Cipher implementation " +
+            SymmetricCipher symmCipher = null;
+            if (algo.equals("DESede")) {
+                symmCipher = new DESedeCrypt();
+                pbeAlgo = "PBEWithSHA1AndDESede";
+            } else if (algo.equals("RC2")) {
+                symmCipher = new RC2Crypt();
+                pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
+            } else {
+                throw new NoSuchAlgorithmException("No Cipher implementation " +
                        "for PBEWithSHA1And" + algo);
-        }
-        blockSize = symmCipher.getBlockSize();
-        cipher = new CipherCore(symmCipher, blockSize);
-        cipher.setMode("CBC");
-        try {
-            cipher.setPadding("PKCS5Padding");
-        } catch (NoSuchPaddingException nspe) {
-            // should not happen
+            }
+            blockSize = symmCipher.getBlockSize();
+            cipher = new CipherCore(symmCipher, blockSize);
+            cipher.setMode("CBC");
+            try {
+                cipher.setPadding("PKCS5Padding");
+            } catch (NoSuchPaddingException nspe) {
+                // should not happen
+            }
         }
         keySize = defKeySize;
     }
@@ -210,8 +232,7 @@
         }
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
-            params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
-                (algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
+            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
         } catch (GeneralSecurityException gse) {
             // should never happen
             throw new RuntimeException(
@@ -229,6 +250,13 @@
     void implInit(int opmode, Key key, AlgorithmParameterSpec params,
                   SecureRandom random) throws InvalidKeyException,
         InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameterSpec params,
+                  SecureRandom random, CipherSpi cipherImpl)
+                      throws InvalidKeyException,
+        InvalidAlgorithmParameterException {
         char[] passwdChars = null;
         salt = null;
         iCount = 0;
@@ -309,17 +337,29 @@
         byte[] derivedKey = derive(passwdChars, salt, iCount,
                                    keySize, CIPHER_KEY);
         SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
-        byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+
+        if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+            ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
+        } else {
+            byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
                                   CIPHER_IV);
-        IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+            IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
 
-        // initialize the underlying cipher
-        cipher.init(opmode, cipherKey, ivSpec, random);
+            // initialize the underlying cipher
+            cipher.init(opmode, cipherKey, ivSpec, random);
+        }
     }
 
     void implInit(int opmode, Key key, AlgorithmParameters params,
                   SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
+        implInit(opmode, key, params, random, null);
+    }
+
+    void implInit(int opmode, Key key, AlgorithmParameters params,
+                  SecureRandom random, CipherSpi cipherImpl)
+        throws InvalidKeyException, InvalidAlgorithmParameterException {
         AlgorithmParameterSpec paramSpec = null;
         if (params != null) {
             try {
@@ -329,13 +369,19 @@
                     "requires PBE parameters");
             }
         }
-        implInit(opmode, key, paramSpec, random);
+        implInit(opmode, key, paramSpec, random, cipherImpl);
     }
 
     void implInit(int opmode, Key key, SecureRandom random)
         throws InvalidKeyException {
+        implInit(opmode, key, random, null);
+    }
+
+    void implInit(int opmode, Key key, SecureRandom random,
+        CipherSpi cipherImpl) throws InvalidKeyException {
         try {
-            implInit(opmode, key, (AlgorithmParameterSpec) null, random);
+            implInit(opmode, key, (AlgorithmParameterSpec) null, random,
+                cipherImpl);
         } catch (InvalidAlgorithmParameterException iape) {
             throw new InvalidKeyException("requires PBE parameters");
         }
@@ -526,4 +572,245 @@
             return core.implWrap(key);
         }
     }
+
+    public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
+        private final PKCS12PBECipherCore core;
+        public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC2", 16);
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return core.implDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return core.implGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return core.implGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return core.implGetKeySize(key);
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return core.implGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            core.implSetMode(mode);
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            core.implSetPadding(paddingScheme);
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return core.implUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return core.implUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return core.implWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 5;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
+
+    public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
+        private static final int RC4_KEYSIZE = 16;
+        private final PKCS12PBECipherCore core;
+        private final ARCFOURCipher cipher;
+
+        public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
+            core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+            cipher = new ARCFOURCipher();
+        }
+        protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen);
+        }
+        protected int engineDoFinal(byte[] in, int inOff, int inLen,
+                                    byte[] out, int outOff)
+            throws ShortBufferException, IllegalBlockSizeException,
+                   BadPaddingException {
+            return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+        }
+        protected int engineGetBlockSize() {
+            return cipher.engineGetBlockSize();
+        }
+        protected byte[] engineGetIV() {
+            return cipher.engineGetIV();
+        }
+        protected int engineGetKeySize(Key key) throws InvalidKeyException {
+            return RC4_KEYSIZE;
+        }
+        protected int engineGetOutputSize(int inLen) {
+            return cipher.engineGetOutputSize(inLen);
+        }
+        protected AlgorithmParameters engineGetParameters() {
+            return core.implGetParameters();
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameterSpec params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key,
+                                  AlgorithmParameters params,
+                                  SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+            core.implInit(opmode, key, params, random, cipher);
+        }
+        protected void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+            core.implInit(opmode, key, random, cipher);
+        }
+        protected void engineSetMode(String mode)
+            throws NoSuchAlgorithmException {
+            if (mode.equalsIgnoreCase("ECB") == false) {
+                throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+            }
+        }
+        protected void engineSetPadding(String paddingScheme)
+            throws NoSuchPaddingException {
+            if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+                throw new NoSuchPaddingException("Padding must be NoPadding");
+            }
+        }
+        protected Key engineUnwrap(byte[] wrappedKey,
+                                   String wrappedKeyAlgorithm,
+                                   int wrappedKeyType)
+            throws InvalidKeyException, NoSuchAlgorithmException {
+            return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                                   wrappedKeyType);
+        }
+        protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+            return cipher.engineUpdate(in, inOff, inLen);
+        }
+        protected int engineUpdate(byte[] in, int inOff, int inLen,
+                                   byte[] out, int outOff)
+            throws ShortBufferException {
+            return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+        }
+        protected byte[] engineWrap(Key key)
+            throws IllegalBlockSizeException, InvalidKeyException {
+            return cipher.engineWrap(key);
+        }
+    }
 }
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java	Fri Nov 09 14:46:34 2012 -0800
@@ -77,10 +77,14 @@
     "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
     + "Diffie-Hellman, HMAC)";
 
+    private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+    private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
+    private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+    private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
     private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
-    private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
     private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
     private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+    private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
     private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
 
     /* Are we debugging? -- for developers */
@@ -138,14 +142,26 @@
                     put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
                     put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
 
+                    // PBES1
+
                     put("Cipher.PBEWithMD5AndDES",
                         "com.sun.crypto.provider.PBEWithMD5AndDESCipher");
                     put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
                     put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
                         "PBEWithMD5AndDES");
+
                     put("Cipher.PBEWithMD5AndTripleDES",
                         "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+
+                    put("Cipher.PBEWithSHA1AndDESede",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
+                        "PBEWithSHA1AndDESede");
+
                     put("Cipher.PBEWithSHA1AndRC2_40",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
                         "PBEWithSHA1AndRC2_40");
@@ -153,13 +169,70 @@
                         "PBEWithSHA1AndRC2_40");
                     put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
-                    put("Cipher.PBEWithSHA1AndDESede",
+
+                    put("Cipher.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("Cipher.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("Cipher.PBEWithSHA1AndRC4_128",
                         "com.sun.crypto.provider.PKCS12PBECipherCore$" +
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
-                    put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
-                        "PBEWithSHA1AndDESede");
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    //PBES2
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_128");
+
+                    put("Cipher.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA224AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA256AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA384AndAES_256");
+
+                    put("Cipher.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Core$" +
+                            "HmacSHA512AndAES_256");
 
                     put("Cipher.Blowfish",
                         "com.sun.crypto.provider.BlowfishCipher");
@@ -301,6 +374,7 @@
                         "DiffieHellman");
                     put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
                         "DiffieHellman");
+
                     /*
                      * Algorithm parameter generation engines
                      */
@@ -371,6 +445,64 @@
                     put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEParameters");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("AlgorithmParameters.PBES2",
+                        "com.sun.crypto.provider.PBES2Parameters$General");
+                    put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
+                        "PBES2");
+                    put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
+                        "PBES2");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+
+                    put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+
                     put("AlgorithmParameters.Blowfish",
                         "com.sun.crypto.provider.BlowfishParameters");
 
@@ -378,6 +510,7 @@
                         "com.sun.crypto.provider.AESParameters");
                     put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
+
                     put("AlgorithmParameters.RC2",
                         "com.sun.crypto.provider.RC2Parameters");
 
@@ -393,6 +526,7 @@
                     put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
                         "DiffieHellman");
                     put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+
                     /*
                      * Secret-key factories
                      */
@@ -441,13 +575,90 @@
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
                         "PBEWithSHA1AndRC2_40");
 
+                    put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
+                        );
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
+                        "PBEWithSHA1AndRC2_128");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
+                        "PBEWithSHA1AndRC4_40");
+
+                    put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
+                        );
+
+                    put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+                    put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
+                        "PBEWithSHA1AndRC4_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_128");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA1AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA224AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA256AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA384AndAES_256");
+
+                    put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
+                        "com.sun.crypto.provider.PBEKeyFactory$" +
+                        "PBEWithHmacSHA512AndAES_256");
+
+                    // PBKDF2
+
                     put("SecretKeyFactory.PBKDF2WithHmacSHA1",
-                        "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
                     put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
                     put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
                         "PBKDF2WithHmacSHA1");
 
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA224",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA256",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA384",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+                    put("SecretKeyFactory.PBKDF2WithHmacSHA512",
+                        "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
                     /*
                      * MAC
                      */
@@ -475,6 +686,19 @@
                     put("Mac.HmacPBESHA1",
                         "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
+                    // PBMAC1
+
+                    put("Mac.PBEWithHmacSHA1",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
+                    put("Mac.PBEWithHmacSHA224",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
+                    put("Mac.PBEWithHmacSHA256",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
+                    put("Mac.PBEWithHmacSHA384",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
+                    put("Mac.PBEWithHmacSHA512",
+                        "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
+
                     put("Mac.SslMacMD5",
                         "com.sun.crypto.provider.SslMacCore$SslMacMD5");
                     put("Mac.SslMacSHA1",
@@ -487,6 +711,10 @@
                     put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
                     put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
                     put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
+                    put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
                     put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
 
--- a/jdk/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/java/util/jar/pack/Constants.java	Fri Nov 09 14:46:34 2012 -0800
@@ -59,6 +59,9 @@
     public final static Package.Version JAVA7_MAX_CLASS_VERSION =
             Package.Version.of(51, 00);
 
+    public final static Package.Version JAVA8_MAX_CLASS_VERSION =
+            Package.Version.of(52, 00);
+
     public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
 
     public final static Package.Version JAVA5_PACKAGE_VERSION =
@@ -72,7 +75,7 @@
 
     // upper limit, should point to the latest class version
     public final static Package.Version JAVA_MAX_CLASS_VERSION =
-            JAVA7_MAX_CLASS_VERSION;
+            JAVA8_MAX_CLASS_VERSION;
 
     // upper limit should point to the latest package version, for version info!.
     public final static Package.Version MAX_PACKAGE_VERSION =
--- a/jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/com/sun/naming/internal/ResourceManager.java	Fri Nov 09 14:46:34 2012 -0800
@@ -542,14 +542,26 @@
             try {
                 NamingEnumeration<InputStream> resources =
                     helper.getResources(cl, APP_RESOURCE_FILE_NAME);
-                while (resources.hasMore()) {
-                    Properties props = new Properties();
-                    props.load(resources.next());
+                try {
+                    while (resources.hasMore()) {
+                        Properties props = new Properties();
+                        InputStream istream = resources.next();
+                        try {
+                            props.load(istream);
+                        } finally {
+                            istream.close();
+                        }
 
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    }
+                } finally {
+                    while (resources.hasMore()) {
+                        InputStream istream = (InputStream)resources.next();
+                        istream.close();
                     }
                 }
 
@@ -557,13 +569,17 @@
                 InputStream istream =
                     helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
                 if (istream != null) {
-                    Properties props = new Properties();
-                    props.load(istream);
+                    try {
+                        Properties props = new Properties();
+                        props.load(istream);
 
-                    if (result == null) {
-                        result = props;
-                    } else {
-                        mergeTables(result, props);
+                        if (result == null) {
+                            result = props;
+                        } else {
+                            mergeTables(result, props);
+                        }
+                    } finally {
+                        istream.close();
                     }
                 }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSCredential interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
+ * @since 1.8
+ */
+public interface ExtendedGSSCredential extends GSSCredential {
+    /**
+     * Impersonates a principal. In Kerberos, this can be implemented
+     * using the Microsoft S4U2self extension.
+     * <p>
+     * A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
+     * impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
+     * will be  thrown if the impersonation method is not available to this
+     * credential object.
+     * @param name the name of the principal to impersonate
+     * @return a credential for that principal
+     * @throws GSSException  containing the following
+     * major error codes:
+     *   {@link GSSException#NO_CRED GSSException.NO_CRED}
+     *   {@link GSSException#FAILURE GSSException.FAILURE}
+     */
+    public GSSCredential impersonate(GSSName name) throws GSSException;
+}
--- a/jdk/src/share/classes/java/lang/Character.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/lang/Character.java	Fri Nov 09 14:46:34 2012 -0800
@@ -40,7 +40,7 @@
  * a character's category (lowercase letter, digit, etc.) and for converting
  * characters from uppercase to lowercase and vice versa.
  * <p>
- * Character information is based on the Unicode Standard, version 6.1.0.
+ * Character information is based on the Unicode Standard, version 6.2.0.
  * <p>
  * The methods and data of class {@code Character} are defined by
  * the information in the <i>UnicodeData</i> file that is part of the
@@ -3758,8 +3758,7 @@
             0x0640,   // 0640..0640; COMMON
             0x0641,   // 0641..064A; ARABIC
             0x064B,   // 064B..0655; INHERITED
-            0x0656,   // 0656..065E; ARABIC
-            0x065F,   // 065F..065F; INHERITED
+            0x0656,   // 0656..065F; ARABIC
             0x0660,   // 0660..0669; COMMON
             0x066A,   // 066A..066F; ARABIC
             0x0670,   // 0670..0670; INHERITED
@@ -4081,7 +4080,6 @@
             ARABIC,
             INHERITED,
             ARABIC,
-            INHERITED,
             COMMON,
             ARABIC,
             INHERITED,
--- a/jdk/src/share/classes/java/lang/Math.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/lang/Math.java	Fri Nov 09 14:46:34 2012 -0800
@@ -742,6 +742,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int addExact(int x, int y) {
         int r = x + y;
@@ -760,6 +761,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long addExact(long x, long y) {
         long r = x + y;
@@ -778,6 +780,7 @@
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int subtractExact(int x, int y) {
         int r = x - y;
@@ -797,6 +800,7 @@
      * @param y the second value to subtract from the first
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long subtractExact(long x, long y) {
         long r = x - y;
@@ -816,6 +820,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows an int
+     * @since 1.8
      */
     public static int multiplyExact(int x, int y) {
         long r = (long)x * (long)y;
@@ -833,6 +838,7 @@
      * @param y the second value
      * @return the result
      * @throws ArithmeticException if the result overflows a long
+     * @since 1.8
      */
     public static long multiplyExact(long x, long y) {
         long r = x * y;
@@ -857,6 +863,7 @@
      * @param value the long value
      * @return the argument as an int
      * @throws ArithmeticException if the {@code argument} overflows an int
+     * @since 1.8
      */
     public static int toIntExact(long value) {
         if ((int)value != value) {
@@ -866,6 +873,159 @@
     }
 
     /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results of
+     *       {@code floorDiv} and the {@code /} operator are the same.  <br>
+     *       For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.</li>
+     *   <li>If the signs of the arguments are different,  the quotient is negative and
+     *       {@code floorDiv} returns the integer less than or equal to the quotient
+     *       and the {@code /} operator returns the integer closest to zero.<br>
+     *       For example, {@code floorDiv(-4, 3) == -2},
+     *       whereas {@code (-4 / 3) == -1}.
+     *   </li>
+     * </ul>
+     * <p>
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(int, int)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        int r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * Normal integer division operates under the round to zero rounding mode
+     * (truncation).  This operation instead acts under the round toward
+     * negative infinity (floor) rounding mode.
+     * The floor rounding mode gives different results than truncation
+     * when the exact result is negative.
+     * <p>
+     * For examples, see {@link #floorDiv(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorMod(long, long)
+     * @see #floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        long r = x / y;
+        // if the signs are different and modulo not zero, round down
+        if ((x ^ y) < 0 && (r * y != x)) {
+            r--;
+        }
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * The difference in values between {@code floorMod} and
+     * the {@code %} operator is due to the difference between
+     * {@code floorDiv} that returns the integer less than or equal to the quotient
+     * and the {@code /} operator that returns the integer closest to zero.
+     * <p>
+     * Examples:
+     * <ul>
+     *   <li>If the signs of the arguments are the same, the results
+     *       of {@code floorMod} and the {@code %} operator are the same.  <br>
+     *       <ul>
+     *       <li>{@code floorMod(4, 3) == 1}; &nbsp; and {@code (4 % 3) == 1}</li>
+     *       </ul>
+     *   <li>If the signs of the arguments are different, the results differ from the {@code %} operator.<br>
+     *      <ul>
+     *      <li>{@code floorMod(+4, -3) == -2}; &nbsp; and {@code (+4 % -3) == +1} </li>
+     *      <li>{@code floorMod(-4, +3) == +2}; &nbsp; and {@code (-4 % +3) == -1} </li>
+     *      <li>{@code floorMod(-4, -3) == -1}; &nbsp; and {@code (-4 % -3) == -1 } </li>
+     *      </ul>
+     *   </li>
+     * </ul>
+     * <p>
+     * If the signs of arguments are unknown and a positive modulus
+     * is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        int r = x - floorDiv(x, y) * y;
+        return r;
+    }
+
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     *
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * For examples, see {@link #floorMod(int, int)}.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see #floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return x - floorDiv(x, y) * y;
+    }
+
+    /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.
      * If the argument is negative, the negation of the argument is returned.
--- a/jdk/src/share/classes/java/lang/StrictMath.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/lang/StrictMath.java	Fri Nov 09 14:46:34 2012 -0800
@@ -365,7 +365,7 @@
      * @param a the value to be floored or ceiled
      * @param negativeBoundary result for values in (-1, 0)
      * @param positiveBoundary result for values in (0, 1)
-     * @param sign the sign of the result
+     * @param increment value to add when the argument is non-integral
      */
     private static double floorOrCeil(double a,
                                       double negativeBoundary,
@@ -702,7 +702,7 @@
      * <p>This method is properly synchronized to allow correct use by
      * more than one thread. However, if many threads need to generate
      * pseudorandom numbers at a great rate, it may reduce contention
-     * for each thread to have its own pseudorandom number generator.
+     * for each thread to have its own pseudorandom-number generator.
      *
      * @return  a pseudorandom {@code double} greater than or equal
      * to {@code 0.0} and less than {@code 1.0}.
@@ -745,7 +745,7 @@
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -760,7 +760,7 @@
     }
 
     /**
-     * Return the difference of the arguments,
+     * Returns the difference of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -775,7 +775,7 @@
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows an {@code int}.
      *
      * @param x the first value
@@ -790,7 +790,7 @@
     }
 
     /**
-     * Return the product of the arguments,
+     * Returns the product of the arguments,
      * throwing an exception if the result overflows a {@code long}.
      *
      * @param x the first value
@@ -805,7 +805,7 @@
     }
 
     /**
-     * Return the value of the {@code long} argument;
+     * Returns the value of the {@code long} argument;
      * throwing an exception if the value overflows an {@code int}.
      *
      * @param value the long value
@@ -819,6 +819,107 @@
     }
 
     /**
+     * Returns the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Integer.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code int} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(int, int)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static int floorDiv(int x, int y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * There is one special case, if the dividend is the
+     * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+     * then integer overflow occurs and
+     * the result is equal to the {@code Long.MIN_VALUE}.
+     * <p>
+     * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+     * a comparison to the integer division {@code /} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the largest (closest to positive infinity)
+     * {@code long} value that is less than or equal to the algebraic quotient.
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorDiv(long, long)
+     * @see Math#floor(double)
+     * @since 1.8
+     */
+    public static long floorDiv(long x, long y) {
+        return Math.floorDiv(x, y);
+    }
+
+    /**
+     * Returns the floor modulus of the {@code int} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(int, int)
+     * @see StrictMath#floorDiv(int, int)
+     * @since 1.8
+     */
+    public static int floorMod(int x, int y) {
+        return Math.floorMod(x , y);
+    }
+    /**
+     * Returns the floor modulus of the {@code long} arguments.
+     * <p>
+     * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+     * has the same sign as the divisor {@code y}, and
+     * is in the range of {@code -abs(y) < r < +abs(y)}.
+     * <p>
+     * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+     * <ul>
+     *   <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+     * </ul>
+     * <p>
+     * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+     * a comparison to the {@code %} operator.
+     *
+     * @param x the dividend
+     * @param y the divisor
+     * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+     * @throws ArithmeticException if the divisor {@code y} is zero
+     * @see Math#floorMod(long, long)
+     * @see StrictMath#floorDiv(long, long)
+     * @since 1.8
+     */
+    public static long floorMod(long x, long y) {
+        return Math.floorMod(x, y);
+    }
+
+    /**
      * Returns the absolute value of an {@code int} value.
      * If the argument is not negative, the argument is returned.
      * If the argument is negative, the negation of the argument is returned.
@@ -1543,7 +1644,7 @@
     }
 
     /**
-     * Return {@code d} &times;
+     * Returns {@code d} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the double value set.  See the Java
@@ -1577,7 +1678,7 @@
     }
 
     /**
-     * Return {@code f} &times;
+     * Returns {@code f} &times;
      * 2<sup>{@code scaleFactor}</sup> rounded as if performed
      * by a single correctly rounded floating-point multiply to a
      * member of the float value set.  See the Java
--- a/jdk/src/share/classes/java/lang/annotation/ElementType.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/lang/annotation/ElementType.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@
     /** Method declaration */
     METHOD,
 
-    /** Parameter declaration */
+    /** Formal parameter declaration */
     PARAMETER,
 
     /** Constructor declaration */
@@ -59,5 +59,19 @@
     ANNOTATION_TYPE,
 
     /** Package declaration */
-    PACKAGE
+    PACKAGE,
+
+    /**
+     * Type parameter declaration
+     *
+     * @since 1.8
+     */
+    TYPE_PARAMETER,
+
+    /**
+     * Use of a type
+     *
+     * @since 1.8
+     */
+    TYPE_USE
 }
--- a/jdk/src/share/classes/java/security/cert/CertPathBuilder.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/security/cert/CertPathBuilder.java	Fri Nov 09 14:46:34 2012 -0800
@@ -315,12 +315,14 @@
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathBuilderSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8
--- a/jdk/src/share/classes/java/security/cert/CertPathValidator.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/security/cert/CertPathValidator.java	Fri Nov 09 14:46:34 2012 -0800
@@ -327,12 +327,14 @@
      * Returns a {@code CertPathChecker} that the encapsulated
      * {@code CertPathValidatorSpi} implementation uses to check the revocation
      * status of certificates. A PKIX implementation returns objects of
-     * type {@code PKIXRevocationChecker}.
+     * type {@code PKIXRevocationChecker}. Each invocation of this method
+     * returns a new instance of {@code CertPathChecker}.
      *
      * <p>The primary purpose of this method is to allow callers to specify
      * additional input parameters and options specific to revocation checking.
      * See the class description for an example.
      *
+     * @return a {@code CertPathChecker}
      * @throws UnsupportedOperationException if the service provider does not
      *         support this method
      * @since 1.8
--- a/jdk/src/share/classes/java/security/cert/PKIXRevocationChecker.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/java/security/cert/PKIXRevocationChecker.java	Fri Nov 09 14:46:34 2012 -0800
@@ -63,8 +63,8 @@
  * and then the {@code PKIXParameters} is passed along with the {@code CertPath}
  * to be validated to the {@link CertPathValidator#validate validate} method
  * of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
- * this manner, do not enable the default revocation checking mechanism (by
- * calling {@link PKIXParameters#setRevocationEnabled}.
+ * this manner, it will be used to check revocation irrespective of the setting
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
  *
  * <p>Note that when a {@code PKIXRevocationChecker} is added to
  * {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@@ -88,7 +88,7 @@
     private URI ocspResponder;
     private X509Certificate ocspResponderCert;
     private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
-    private Map<X509Certificate, byte[]> ocspStapled = Collections.emptyMap();
+    private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
     private Set<Option> options = Collections.emptySet();
 
     protected PKIXRevocationChecker() {}
@@ -169,40 +169,40 @@
     }
 
     /**
-     * Sets the stapled OCSP responses. These responses are used to determine
+     * Sets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @param responses a map of stapled OCSP responses. Each key is an
+     * @param responses a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is performed to protect against subsequent modification.
      */
-    public void setOCSPStapledResponses(Map<X509Certificate, byte[]> responses)
+    public void setOCSPResponses(Map<X509Certificate, byte[]> responses)
     {
         if (responses == null) {
-            this.ocspStapled = Collections.<X509Certificate, byte[]>emptyMap();
+            this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
         } else {
             Map<X509Certificate, byte[]> copy = new HashMap<>(responses.size());
             for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
                 copy.put(e.getKey(), e.getValue().clone());
             }
-            this.ocspStapled = copy;
+            this.ocspResponses = copy;
         }
     }
 
     /**
-     * Gets the stapled OCSP responses. These responses are used to determine
+     * Gets the OCSP responses. These responses are used to determine
      * the revocation status of the specified certificates when OCSP is used.
      *
-     * @return a map of stapled OCSP responses. Each key is an
+     * @return a map of OCSP responses. Each key is an
      *        {@code X509Certificate} that maps to the corresponding
      *        DER-encoded OCSP response for that certificate. A deep copy of
      *        the map is returned to protect against subsequent modification.
      *        Returns an empty map if no responses have been specified.
      */
-    public Map<X509Certificate, byte[]> getOCSPStapledResponses() {
-        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspStapled.size());
-        for (Map.Entry<X509Certificate, byte[]> e : ocspStapled.entrySet()) {
+    public Map<X509Certificate, byte[]> getOCSPResponses() {
+        Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
+        for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
             copy.put(e.getKey(), e.getValue().clone());
         }
         return copy;
@@ -234,10 +234,10 @@
     public Object clone() {
         PKIXRevocationChecker copy = (PKIXRevocationChecker)super.clone();
         copy.ocspExtensions = new ArrayList<>(ocspExtensions);
-        copy.ocspStapled = new HashMap<>(ocspStapled);
-        // deep-copy the encoded stapled responses, since they are mutable
+        copy.ocspResponses = new HashMap<>(ocspResponses);
+        // deep-copy the encoded responses, since they are mutable
         for (Map.Entry<X509Certificate, byte[]> entry :
-                 copy.ocspStapled.entrySet())
+                 copy.ocspResponses.entrySet())
         {
             byte[] encoded = entry.getValue();
             entry.setValue(encoded.clone());
--- a/jdk/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/crypto/spec/PBEParameterSpec.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
 
     private byte[] salt;
     private int iterationCount;
+    private AlgorithmParameterSpec paramSpec = null;
 
     /**
      * Constructs a parameter set for password-based encryption as defined in
@@ -57,6 +58,25 @@
     }
 
     /**
+     * Constructs a parameter set for password-based encryption as defined in
+     * the PKCS #5 standard.
+     *
+     * @param salt the salt. The contents of <code>salt</code> are copied
+     * to protect against subsequent modification.
+     * @param iterationCount the iteration count.
+     * @param paramSpec the cipher algorithm parameter specification.
+     * @exception NullPointerException if <code>salt</code> is null.
+     *
+     * @since 1.8
+     */
+    public PBEParameterSpec(byte[] salt, int iterationCount,
+            AlgorithmParameterSpec paramSpec) {
+        this.salt = salt.clone();
+        this.iterationCount = iterationCount;
+        this.paramSpec = paramSpec;
+    }
+
+    /**
      * Returns the salt.
      *
      * @return the salt. Returns a new array
@@ -74,4 +94,15 @@
     public int getIterationCount() {
         return this.iterationCount;
     }
+
+    /**
+     * Returns the cipher algorithm parameter specification.
+     *
+     * @return the parameter specification, or null if none was set.
+     *
+     * @since 1.8
+     */
+    public AlgorithmParameterSpec getParameterSpec() {
+        return this.paramSpec;
+    }
 }
--- a/jdk/src/share/classes/javax/sql/rowset/serial/SerialArray.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/sql/rowset/serial/SerialArray.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
 import java.io.*;
 import java.util.Map;
 import java.net.URL;
-
+import java.util.Arrays;
 
 /**
  * A serialized version of an <code>Array</code>
@@ -525,6 +525,97 @@
     }
 
     /**
+     * Compares this SerialArray to the specified object.  The result is {@code
+     * true} if and only if the argument is not {@code null} and is a {@code
+     * SerialArray} object whose elements are identical to this object's elements
+     *
+     * @param  obj The object to compare this {@code SerialArray} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialArray}
+     *          equivalent to this SerialArray, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+
+        if (obj instanceof SerialArray) {
+            SerialArray sa = (SerialArray)obj;
+            return baseType == sa.baseType &&
+                    baseTypeName.equals(sa.baseTypeName) &&
+                    Arrays.equals(elements, sa.elements);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialArray. The hash code for a
+     * {@code SerialArray} object is computed using the hash codes
+     * of the elements of the  {@code SerialArray} object
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return (((31 + Arrays.hashCode(elements)) * 31 + len)  * 31 +
+                baseType) * 31 + baseTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialArray}. The copy will contain a
+     * reference to a clone of the underlying objects array, not a reference
+     * to the original underlying object array of this {@code SerialArray} object.
+     *
+     * @return  a clone of this SerialArray
+     */
+    public Object clone() {
+        try {
+            SerialArray sa = (SerialArray) super.clone();
+            sa.elements = Arrays.copyOf(elements, len);
+            return sa;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialArray} from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+       ObjectInputStream.GetField fields = s.readFields();
+       Object[] tmp = (Object[])fields.get("elements", null);
+       if (tmp == null)
+           throw new InvalidObjectException("elements is null and should not be!");
+       elements = tmp.clone();
+       len = fields.get("len", 0);
+       if(elements.length != len)
+           throw new InvalidObjectException("elements is not the expected size");
+
+       baseType = fields.get("baseType", 0);
+       baseTypeName = (String)fields.get("baseTypeName", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialArray}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("elements", elements);
+        fields.put("len", len);
+        fields.put("baseType", baseType);
+        fields.put("baseTypeName", baseTypeName);
+        s.writeFields();
+    }
+
+    /**
      * The identifier that assists in the serialization of this <code>SerialArray</code>
      * object.
      */
--- a/jdk/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -100,10 +100,64 @@
         return aURL;
     }
 
+    /**
+     * Compares this {@code SerialDatalink} to the specified object.
+     * The result is {@code true} if and only if the argument is not
+     * {@code null} and is a {@code SerialDatalink} object whose URL is
+     * identical to this object's URL
+     *
+     * @param  obj The object to compare this {@code SerialDatalink} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialDatalink}
+     *          equivalent to this SerialDatalink, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SerialDatalink) {
+            SerialDatalink sdl = (SerialDatalink) obj;
+            return url.equals(sdl.url);
+        }
+        return false;
+    }
 
     /**
-         * The identifier that assists in the serialization of this <code>SerialDatalink</code>
-     * object.
+     * Returns a hash code for this {@code SerialDatalink}. The hash code for a
+     * {@code SerialDatalink} object is taken as the hash code of
+     * the {@code URL} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + url.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialDatalink}.
+     *
+     * @return  a clone of this SerialDatalink
+     */
+    public Object clone() {
+        try {
+            SerialDatalink sdl = (SerialDatalink) super.clone();
+            return sdl;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
+
+    /**
+     * readObject and writeObject are called to restore the state
+     * of the {@code SerialDatalink}
+     * from a stream. Note: we leverage the default Serialized form
+     */
+
+    /**
+     * The identifier that assists in the serialization of this
+     *  {@code SerialDatalink} object.
      */
     static final long serialVersionUID = 2826907821828733626L;
 }
--- a/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import java.io.*;
 import java.lang.reflect.*;
+import java.util.Arrays;
+import java.util.Vector;
 import javax.sql.rowset.RowSetWarning;
 
 /**
@@ -49,7 +51,7 @@
     /**
      * Placeholder for object to be serialized.
      */
-    private final Object obj;
+    private Object obj;
 
 
    /**
@@ -82,18 +84,9 @@
         // any of these are static, this should invalidate
         // the action of attempting to persist these fields
         // in a serialized form
-
-        boolean anyStaticFields = false;
         fields = c.getFields();
 
-        for (int i = 0; i < fields.length; i++ ) {
-            if ( fields[i].getModifiers() == Modifier.STATIC ) {
-                anyStaticFields = true;
-            }
-        }
-
-
-        if (anyStaticFields) {
+        if (hasStaticFields(fields)) {
             throw new SerialException("Located static fields in " +
                 "object instance. Cannot serialize");
         }
@@ -132,7 +125,7 @@
     }
 
     /**
-         * The identifier that assists in the serialization of this
+     * The identifier that assists in the serialization of this
      * <code>SerialJavaObject</code> object.
      */
     static final long serialVersionUID = -1465795139032831023L;
@@ -142,15 +135,117 @@
      * object. When there are multiple warnings, each warning is chained to the
      * previous warning.
      */
-    java.util.Vector<RowSetWarning> chain;
+    Vector<RowSetWarning> chain;
+
+    /**
+     * Compares this SerialJavaObject to the specified object.
+     * The result is {@code true} if and only if the argument
+     * is not {@code null} and is a {@code SerialJavaObject}
+     * object that is identical to this object
+     *
+     * @param  o The object to compare this {@code SerialJavaObject} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialJavaObject}
+     *          equivalent to this SerialJavaObject, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o instanceof SerialJavaObject) {
+            SerialJavaObject sjo = (SerialJavaObject) o;
+            return obj.equals(sjo.obj);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this SerialJavaObject. The hash code for a
+     * {@code SerialJavaObject} object is taken as the hash code of
+     * the {@code Object} it stores
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return 31 + obj.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialJavaObject}.
+     *
+     * @return  a clone of this SerialJavaObject
+     */
+
+    public Object clone() {
+        try {
+            SerialJavaObject sjo = (SerialJavaObject) super.clone();
+            sjo.fields = Arrays.copyOf(fields, fields.length);
+            if (chain != null)
+                sjo.chain = new Vector<>(chain);
+            return sjo;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+    }
 
     /**
      * Registers the given warning.
      */
     private void setWarning(RowSetWarning e) {
         if (chain == null) {
-            chain = new java.util.Vector<>();
+            chain = new Vector<>();
         }
         chain.add(e);
     }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialJavaObject}
+     * from a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectInputStream.GetField fields1 = s.readFields();
+        @SuppressWarnings("unchecked")
+        Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
+        if (tmp != null)
+            chain = new Vector<>(tmp);
+
+        obj = fields1.get("obj", null);
+        if (obj != null) {
+            fields = obj.getClass().getFields();
+            if(hasStaticFields(fields))
+                throw new IOException("Located static fields in " +
+                "object instance. Cannot serialize");
+        } else {
+            throw new IOException("Object cannot be null!");
+        }
+
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialJavaObject}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException {
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("obj", obj);
+        fields.put("chain", chain);
+        s.writeFields();
+    }
+
+    /*
+     * Check to see if there are any Static Fields in this object
+     */
+    private static boolean hasStaticFields(Field[] fields) {
+        for (Field field : fields) {
+            if ( field.getModifiers() == Modifier.STATIC) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
--- a/jdk/src/share/classes/javax/sql/rowset/serial/SerialRef.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/sql/rowset/serial/SerialRef.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,85 @@
     }
 
     /**
-         * The identifier that assists in the serialization of this <code>SerialRef</code>
+     * Compares this SerialRef to the specified object.  The result is {@code
+     * true} if and only if the argument is not {@code null} and is a {@code
+     * SerialRef} object that represents the same object as this
+     * object.
+     *
+     * @param  obj The object to compare this {@code SerialRef} against
+     *
+     * @return  {@code true} if the given object represents a {@code SerialRef}
+     *          equivalent to this SerialRef, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if(obj instanceof SerialRef) {
+            SerialRef ref = (SerialRef)obj;
+            return baseTypeName.equals(ref.baseTypeName) &&
+                    object.equals(ref.object);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this {@code SerialRef}.
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return (31 + object.hashCode()) * 31 + baseTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialRef}. .
+     * The underlying {@code Ref} object will be set to null.
+     *
+     * @return  a clone of this SerialRef
+     */
+    public Object clone() {
+        try {
+            SerialRef ref = (SerialRef) super.clone();
+            ref.reference = null;
+            return ref;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the SerialRef from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+        ObjectInputStream.GetField fields = s.readFields();
+        object = fields.get("object", null);
+        baseTypeName = (String) fields.get("baseTypeName", null);
+        reference = (Ref) fields.get("reference", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the SerialRef
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("baseTypeName", baseTypeName);
+        fields.put("object", object);
+        // Note: this check to see if it is an instance of Serializable
+        // is for backwards compatibiity
+        fields.put("reference", reference instanceof Serializable ? reference : null);
+        s.writeFields();
+    }
+
+    /**
+     * The identifier that assists in the serialization of this <code>SerialRef</code>
      * object.
      */
     static final long serialVersionUID = -4727123500609662274L;
--- a/jdk/src/share/classes/javax/sql/rowset/serial/SerialStruct.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/javax/sql/rowset/serial/SerialStruct.java	Fri Nov 09 14:46:34 2012 -0800
@@ -250,6 +250,88 @@
     }
 
     /**
+     * Compares this SerialStruct to the specified object.  The result is
+     * {@code true} if and only if the argument is not {@code null} and is a
+     * {@code SerialStruct} object whose attributes are identical to this
+     * object's attributes
+     *
+     * @param  obj The object to compare this {@code SerialStruct} against
+     *
+     * @return {@code true} if the given object represents a {@code SerialStruct}
+     *          equivalent to this SerialStruct, {@code false} otherwise
+     *
+     */
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj instanceof SerialStruct) {
+            SerialStruct ss = (SerialStruct)obj;
+            return SQLTypeName.equals(ss.SQLTypeName) &&
+                    Arrays.equals(attribs, ss.attribs);
+        }
+        return false;
+    }
+
+    /**
+     * Returns a hash code for this {@code SerialStruct}. The hash code for a
+     * {@code SerialStruct} object is computed using the hash codes
+     * of the attributes of the {@code SerialStruct} object and its
+     * {@code SQLTypeName}
+     *
+     * @return  a hash code value for this object.
+     */
+    public int hashCode() {
+        return ((31 + Arrays.hashCode(attribs)) * 31) * 31
+                + SQLTypeName.hashCode();
+    }
+
+    /**
+     * Returns a clone of this {@code SerialStruct}. The copy will contain a
+     * reference to a clone of the underlying attribs array, not a reference
+     * to the original underlying attribs array of this {@code SerialStruct} object.
+     *
+     * @return  a clone of this SerialStruct
+     */
+    public Object clone() {
+        try {
+            SerialStruct ss = (SerialStruct) super.clone();
+            ss.attribs = Arrays.copyOf(attribs, attribs.length);
+            return ss;
+        } catch (CloneNotSupportedException ex) {
+            // this shouldn't happen, since we are Cloneable
+            throw new InternalError();
+        }
+
+    }
+
+    /**
+     * readObject is called to restore the state of the {@code SerialStruct} from
+     * a stream.
+     */
+    private void readObject(ObjectInputStream s)
+            throws IOException, ClassNotFoundException {
+
+       ObjectInputStream.GetField fields = s.readFields();
+       Object[] tmp = (Object[])fields.get("attribs", null);
+       attribs = tmp == null ? null : tmp.clone();
+       SQLTypeName = (String)fields.get("SQLTypeName", null);
+    }
+
+    /**
+     * writeObject is called to save the state of the {@code SerialStruct}
+     * to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+            throws IOException, ClassNotFoundException {
+
+        ObjectOutputStream.PutField fields = s.putFields();
+        fields.put("attribs", attribs);
+        fields.put("SQLTypeName", SQLTypeName);
+        s.writeFields();
+    }
+
+    /**
      * The identifier that assists in the serialization of this
      * <code>SerialStruct</code> object.
      */
--- a/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/nio/ch/FileChannelImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -302,12 +302,10 @@
         }
     }
 
-    public FileChannel truncate(long size) throws IOException {
+    public FileChannel truncate(long newSize) throws IOException {
         ensureOpen();
-        if (size < 0)
-            throw new IllegalArgumentException();
-        if (size > size())
-            return this;
+        if (newSize < 0)
+            throw new IllegalArgumentException("Negative size");
         if (!writable)
             throw new NonWritableChannelException();
         synchronized (positionLock) {
@@ -320,6 +318,14 @@
                 if (!isOpen())
                     return null;
 
+                // get current size
+                long size;
+                do {
+                    size = nd.size(fd);
+                } while ((size == IOStatus.INTERRUPTED) && isOpen());
+                if (!isOpen())
+                    return null;
+
                 // get current position
                 do {
                     p = position0(fd, -1);
@@ -328,16 +334,18 @@
                     return null;
                 assert p >= 0;
 
-                // truncate file
-                do {
-                    rv = nd.truncate(fd, size);
-                } while ((rv == IOStatus.INTERRUPTED) && isOpen());
-                if (!isOpen())
-                    return null;
+                // truncate file if given size is less than the current size
+                if (newSize < size) {
+                    do {
+                        rv = nd.truncate(fd, newSize);
+                    } while ((rv == IOStatus.INTERRUPTED) && isOpen());
+                    if (!isOpen())
+                        return null;
+                }
 
-                // set position to size if greater than size
-                if (p > size)
-                    p = size;
+                // if position is beyond new size then adjust it
+                if (p > newSize)
+                    p = newSize;
                 do {
                     rv = (int)position0(fd, p);
                 } while ((rv == IOStatus.INTERRUPTED) && isOpen());
@@ -779,6 +787,8 @@
         throws IOException
     {
         ensureOpen();
+        if (mode == null)
+            throw new NullPointerException("Mode is null");
         if (position < 0L)
             throw new IllegalArgumentException("Negative position");
         if (size < 0L)
@@ -787,6 +797,7 @@
             throw new IllegalArgumentException("Position + size overflow");
         if (size > Integer.MAX_VALUE)
             throw new IllegalArgumentException("Size exceeds Integer.MAX_VALUE");
+
         int imode = -1;
         if (mode == MapMode.READ_ONLY)
             imode = MAP_RO;
--- a/jdk/src/share/classes/sun/security/jgss/GSSCaller.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/GSSCaller.java	Fri Nov 09 14:46:34 2012 -0800
@@ -31,10 +31,19 @@
  * different callers.
  */
 public class GSSCaller {
-    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller();
-    public static final GSSCaller CALLER_INITIATE = new GSSCaller();
-    public static final GSSCaller CALLER_ACCEPT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller();
-    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller();
+    public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
+    public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
+    public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
+    public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
+    public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
+
+    private String name;
+    GSSCaller(String s) {
+        name = s;
+    }
+    @Override
+    public String toString() {
+        return "GSSCaller{" + name + '}';
+    }
 }
 
--- a/jdk/src/share/classes/sun/security/jgss/GSSCredentialImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/GSSCredentialImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,8 +28,9 @@
 import org.ietf.jgss.*;
 import sun.security.jgss.spi.*;
 import java.util.*;
+import com.sun.security.jgss.*;
 
-public class GSSCredentialImpl implements GSSCredential {
+public class GSSCredentialImpl implements ExtendedGSSCredential {
 
     private GSSManagerImpl gssManager = null;
     private boolean destroyed = false;
@@ -122,6 +123,19 @@
         }
     }
 
+    public GSSCredential impersonate(GSSName name) throws GSSException {
+        if (destroyed) {
+            throw new IllegalStateException("This credential is " +
+                                        "no longer valid");
+        }
+        Oid mech = tempCred.getMechanism();
+        GSSNameSpi nameElement = (name == null ? null :
+                                  ((GSSNameImpl)name).getElement(mech));
+        GSSCredentialSpi cred = tempCred.impersonate(nameElement);
+        return (cred == null ?
+            null : new GSSCredentialImpl(gssManager, cred));
+    }
+
     public GSSName getName() throws GSSException {
         if (destroyed) {
             throw new IllegalStateException("This credential is " +
--- a/jdk/src/share/classes/sun/security/jgss/HttpCaller.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/HttpCaller.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,6 +35,7 @@
     final private HttpCallerInfo hci;
 
     public HttpCaller(HttpCallerInfo hci) {
+        super("HTTP_CLIENT");
         this.hci = hci;
     }
 
--- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -25,6 +25,7 @@
 
 package sun.security.jgss.krb5;
 
+import java.io.IOException;
 import org.ietf.jgss.*;
 import sun.security.jgss.GSSCaller;
 import sun.security.jgss.spi.*;
@@ -177,4 +178,21 @@
     public void destroy() throws DestroyFailedException {
         screds.destroy();
     }
+
+    /**
+     * Impersonation is only available on the initiator side. The
+     * service must starts as an initiator to get an initial TGT to complete
+     * the S4U2self protocol.
+     */
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        Credentials cred = screds.getInitCred();
+        if (cred != null) {
+            return Krb5InitCredential.getInstance(this.name, cred)
+                    .impersonate(name);
+        } else {
+            throw new GSSException(GSSException.FAILURE, -1,
+                "Only an initiate credentials can impersonate");
+        }
+    }
 }
--- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java	Fri Nov 09 14:46:34 2012 -0800
@@ -45,6 +45,7 @@
 import javax.crypto.Cipher;
 import javax.security.auth.Subject;
 import javax.security.auth.kerberos.*;
+import sun.security.krb5.internal.Ticket;
 
 /**
  * Implements the mechanism specific context class for the Kerberos v5
@@ -76,7 +77,7 @@
      * values.
      */
 
-    private boolean credDelegState  = false;
+    private boolean credDelegState  = false;    // now only useful at client
     private boolean mutualAuthState  = true;
     private boolean replayDetState  = true;
     private boolean sequenceDetState  = true;
@@ -84,6 +85,8 @@
     private boolean integState  = true;
     private boolean delegPolicyState = false;
 
+    private boolean isConstrainedDelegationTried = false;
+
     private int mySeqNumber;
     private int peerSeqNumber;
     private int keySrc;
@@ -113,13 +116,11 @@
     private Krb5CredElement myCred;
     private Krb5CredElement delegatedCred; // Set only on acceptor side
 
-    /* DESCipher instance used by the corresponding GSSContext */
-    private Cipher desCipher = null;
-
     // XXX See if the required info from these can be extracted and
     // stored elsewhere
     private Credentials serviceCreds;
     private KrbApReq apReq;
+    Ticket serviceTicket;
     final private GSSCaller caller;
     private static final boolean DEBUG = Krb5Util.DEBUG;
 
@@ -248,7 +249,14 @@
      * Is credential delegation enabled?
      */
     public final boolean getCredDelegState() {
-        return credDelegState;
+        if (isInitiator()) {
+            return credDelegState;
+        } else {
+            // Server side deleg state is not flagged by credDelegState.
+            // It can use constrained delegation.
+            tryConstrainedDelegation();
+            return delegatedCred != null;
+        }
     }
 
     /**
@@ -498,7 +506,8 @@
      * Returns the delegated credential for the context. This
      * is an optional feature of contexts which not all
      * mechanisms will support. A context can be requested to
-     * support credential delegation by using the <b>CRED_DELEG</b>.
+     * support credential delegation by using the <b>CRED_DELEG</b>,
+     * or it can request for a constrained delegation.
      * This is only valid on the acceptor side of the context.
      * @return GSSCredentialSpi object for the delegated credential
      * @exception GSSException
@@ -507,11 +516,41 @@
     public final GSSCredentialSpi getDelegCred() throws GSSException {
         if (state != STATE_IN_PROCESS && state != STATE_DONE)
             throw new GSSException(GSSException.NO_CONTEXT);
-        if (delegatedCred == null)
+        if (isInitiator()) {
             throw new GSSException(GSSException.NO_CRED);
+        }
+        tryConstrainedDelegation();
+        if (delegatedCred == null) {
+            throw new GSSException(GSSException.NO_CRED);
+        }
         return delegatedCred;
     }
 
+    private void tryConstrainedDelegation() {
+        if (state != STATE_IN_PROCESS && state != STATE_DONE) {
+            return;
+        }
+        // We will only try constrained delegation once (if necessary).
+        if (!isConstrainedDelegationTried) {
+            if (delegatedCred == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Constrained deleg from " + caller);
+                }
+                // The constrained delegation part. The acceptor needs to have
+                // isInitiator=true in order to get a TGT, either earlier at
+                // logon stage, if useSubjectCredsOnly, or now.
+                try {
+                    delegatedCred = new Krb5ProxyCredential(
+                        Krb5InitCredential.getInstance(
+                            GSSCaller.CALLER_ACCEPT, myName, lifetime),
+                        peerName, serviceTicket);
+                } catch (GSSException gsse) {
+                    // OK, delegatedCred is null then
+                }
+            }
+            isConstrainedDelegationTried = true;
+        }
+    }
     /**
      * Tests if this is the initiator side of the context.
      *
@@ -577,8 +616,15 @@
                                            "No TGT available");
                     }
                     myName = (Krb5NameElement) myCred.getName();
-                    Credentials tgt =
-                    ((Krb5InitCredential) myCred).getKrb5Credentials();
+                    Credentials tgt;
+                    final Krb5ProxyCredential second;
+                    if (myCred instanceof Krb5InitCredential) {
+                        second = null;
+                        tgt = ((Krb5InitCredential) myCred).getKrb5Credentials();
+                    } else {
+                        second = (Krb5ProxyCredential) myCred;
+                        tgt = second.self.getKrb5Credentials();
+                    }
 
                     checkPermission(peerName.getKrb5PrincipalName().getName(),
                                     "initiate");
@@ -607,7 +653,9 @@
                                         GSSCaller.CALLER_UNKNOWN,
                                         // since it's useSubjectCredsOnly here,
                                         // don't worry about the null
-                                        myName.getKrb5PrincipalName().getName(),
+                                        second == null ?
+                                            myName.getKrb5PrincipalName().getName():
+                                            second.getName().getKrb5PrincipalName().getName(),
                                         peerName.getKrb5PrincipalName().getName(),
                                         acc);
                                 }});
@@ -638,9 +686,17 @@
                                                "the subject");
                         }
                         // Get Service ticket using the Kerberos protocols
-                        serviceCreds = Credentials.acquireServiceCreds(
+                        if (second == null) {
+                            serviceCreds = Credentials.acquireServiceCreds(
                                      peerName.getKrb5PrincipalName().getName(),
                                      tgt);
+                        } else {
+                            serviceCreds = Credentials.acquireS4U2proxyCreds(
+                                    peerName.getKrb5PrincipalName().getName(),
+                                    second.tkt,
+                                    second.getName().getKrb5PrincipalName(),
+                                    tgt);
+                        }
                         if (GSSUtil.useSubjectCredsOnly(caller)) {
                             final Subject subject =
                                 AccessController.doPrivileged(
@@ -776,6 +832,7 @@
                         retVal = new AcceptSecContextToken(this,
                                           token.getKrbApReq()).encode();
                 }
+                serviceTicket = token.getKrbApReq().getCreds().getTicket();
                 myCred = null;
                 state = STATE_DONE;
             } else  {
@@ -802,8 +859,6 @@
         return retVal;
     }
 
-
-
     /**
      * Queries the context for largest data size to accomodate
      * the specified protection and be <= maxTokSize.
--- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -309,8 +309,7 @@
                                                  int initLifetime)
         throws GSSException {
 
-        String realm = null;
-        final String clientPrincipal, tgsPrincipal = null;
+        final String clientPrincipal;
 
         /*
          * Find the TGT for the realm that the client is in. If the client
@@ -318,20 +317,8 @@
          */
         if (name != null) {
             clientPrincipal = (name.getKrb5PrincipalName()).getName();
-            realm = (name.getKrb5PrincipalName()).getRealmAsString();
         } else {
             clientPrincipal = null;
-            try {
-                Config config = Config.getInstance();
-                realm = config.getDefaultRealm();
-            } catch (KrbException e) {
-                GSSException ge =
-                        new GSSException(GSSException.NO_CRED, -1,
-                            "Attempt to obtain INITIATE credentials failed!" +
-                            " (" + e.getMessage() + ")");
-                ge.initCause(e);
-                throw ge;
-            }
         }
 
         final AccessControlContext acc = AccessController.getContext();
@@ -343,9 +330,11 @@
             return AccessController.doPrivileged(
                 new PrivilegedExceptionAction<KerberosTicket>() {
                 public KerberosTicket run() throws Exception {
+                    // It's OK to use null as serverPrincipal. TGT is almost
+                    // the first ticket for a principal and we use list.
                     return Krb5Util.getTicket(
                         realCaller,
-                        clientPrincipal, tgsPrincipal, acc);
+                        clientPrincipal, null, acc);
                         }});
         } catch (PrivilegedActionException e) {
             GSSException ge =
@@ -356,4 +345,20 @@
             throw ge;
         }
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        try {
+            Krb5NameElement kname = (Krb5NameElement)name;
+            Credentials newCred = Credentials.acquireS4U2selfCreds(
+                    kname.getKrb5PrincipalName(), krb5Credentials);
+            return new Krb5ProxyCredential(this, kname, newCred.getTicket());
+        } catch (IOException | KrbException ke) {
+            GSSException ge =
+                new GSSException(GSSException.FAILURE, -1,
+                    "Attempt to obtain S4U2self credentials failed!");
+            ge.initCause(ke);
+            throw ge;
+        }
+    }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.jgss.krb5;
+
+import org.ietf.jgss.*;
+import sun.security.jgss.spi.*;
+import java.util.Date;
+import sun.security.krb5.internal.Ticket;
+
+/**
+ * Implements the krb5 proxy credential element used in constrained
+ * delegation. It is used in both impersonation (where there is no Kerberos 5
+ * communication between the middle server and the client) and normal
+ * constrained delegation (where there is, but client has not called
+ * requestCredDeleg(true)).
+ * @since 1.8
+ */
+
+public class Krb5ProxyCredential
+    implements Krb5CredElement {
+
+    public final Krb5InitCredential self;   // the middle server
+    private final Krb5NameElement client;     // the client
+
+    // The ticket with cname=client and sname=self. This can be a normal
+    // service ticket or an S4U2self ticket.
+    public final Ticket tkt;
+
+    Krb5ProxyCredential(Krb5InitCredential self, Krb5NameElement client,
+            Ticket tkt) {
+        this.self = self;
+        this.tkt = tkt;
+        this.client = client;
+    }
+
+    // The client name behind the proxy
+    @Override
+    public final Krb5NameElement getName() throws GSSException {
+        return client;
+    }
+
+    @Override
+    public int getInitLifetime() throws GSSException {
+        // endTime of tkt is not used by KDC, and it's also not
+        // available in the case of kerberos constr deleg
+        return self.getInitLifetime();
+    }
+
+    @Override
+    public int getAcceptLifetime() throws GSSException {
+        return 0;
+    }
+
+    @Override
+    public boolean isInitiatorCredential() throws GSSException {
+        return true;
+    }
+
+    @Override
+    public boolean isAcceptorCredential() throws GSSException {
+        return false;
+    }
+
+    @Override
+    public final Oid getMechanism() {
+        return Krb5MechFactory.GSS_KRB5_MECH_OID;
+    }
+
+    @Override
+    public final java.security.Provider getProvider() {
+        return Krb5MechFactory.PROVIDER;
+    }
+
+    @Override
+    public void dispose() throws GSSException {
+        try {
+            self.destroy();
+        } catch (javax.security.auth.DestroyFailedException e) {
+            GSSException gssException =
+                new GSSException(GSSException.FAILURE, -1,
+                 "Could not destroy credentials - " + e.getMessage());
+            gssException.initCause(e);
+        }
+    }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        // Cannot impersonate multiple levels without the impersonatee's TGT.
+        throw new GSSException(GSSException.FAILURE, -1,
+                "Only an initiate credentials can impersonate");
+    }
+}
--- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Util.java	Fri Nov 09 14:46:34 2012 -0800
@@ -206,7 +206,7 @@
      * identity, which can be:
      *   1. Some KerberosKeys (generated from password)
      *   2. A KeyTab (for a typical service)
-     *   3. A TGT (for a user2user service. Not supported yet)
+     *   3. A TGT (for S4U2proxy extension)
      *
      * Note that some creds can coexist. For example, a user2user service
      * can use its keytab (or keys) if the client can successfully obtain a
@@ -219,7 +219,7 @@
         private List<KeyTab> ktabs;
         private List<KerberosKey> kk;
         private Subject subj;
-        //private KerberosTicket tgt;   // user2user, not supported yet
+        private KerberosTicket tgt;
 
         private static ServiceCreds getInstance(
                 Subject subj, String serverPrincipal) {
@@ -255,6 +255,8 @@
                         subj, null, null, KeyTab.class);
             sc.kk = SubjectComber.findMany(
                         subj, serverPrincipal, null, KerberosKey.class);
+            sc.tgt = SubjectComber.find(subj, null, null, KerberosTicket.class);
+
             if (sc.ktabs.isEmpty() && sc.kk.isEmpty()) {
                 return null;
             }
@@ -310,10 +312,22 @@
             return ekeys;
         }
 
+        public Credentials getInitCred() {
+            if (tgt == null) {
+                return null;
+            }
+            try {
+                return ticketToCreds(tgt);
+            } catch (KrbException | IOException e) {
+                return null;
+            }
+        }
+
         public void destroy() {
             kp = null;
             ktabs = null;
             kk = null;
+            tgt = null;
         }
     }
     /**
@@ -357,7 +371,7 @@
     };
 
     public static Credentials ticketToCreds(KerberosTicket kerbTicket)
-        throws KrbException, IOException {
+            throws KrbException, IOException {
         return new Credentials(
             kerbTicket.getEncoded(),
             kerbTicket.getClient().getName(),
--- a/jdk/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java	Fri Nov 09 14:46:34 2012 -0800
@@ -96,4 +96,13 @@
      * @exception GSSException may be thrown
      */
     public Oid getMechanism();
+
+    /**
+     * Impersonates another client.
+     *
+     * @param name the client to impersonate
+     * @return the new credential
+     * @exception GSSException may be thrown
+     */
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
 }
--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1059,6 +1059,9 @@
         if (mechContext != null) {
             GSSCredentialImpl delegCred =
                         (GSSCredentialImpl)mechContext.getDelegCred();
+            if (delegCred == null) {
+                return null;
+            }
             // determine delegated cred element usage
             boolean initiate = false;
             if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {
--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java	Fri Nov 09 14:46:34 2012 -0800
@@ -88,4 +88,9 @@
     public Oid getMechanism() {
         return GSSUtil.GSS_SPNEGO_MECH_OID;
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        return cred.impersonate(name);
+    }
 }
--- a/jdk/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,6 +28,7 @@
 import java.security.Provider;
 import sun.security.jgss.GSSUtil;
 import sun.security.jgss.spi.GSSCredentialSpi;
+import sun.security.jgss.spi.GSSNameSpi;
 
 /**
  * This class is essentially a wrapper class for the gss_cred_id_t
@@ -132,4 +133,10 @@
     protected void finalize() throws Throwable {
         dispose();
     }
+
+    @Override
+    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+        throw new GSSException(GSSException.FAILURE, -1,
+                "Not supported yet");
+    }
 }
--- a/jdk/src/share/classes/sun/security/krb5/Credentials.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/Credentials.java	Fri Nov 09 14:46:34 2012 -0800
@@ -449,6 +449,18 @@
         return CredentialsUtil.acquireServiceCreds(service, ccreds);
     }
 
+    public static Credentials acquireS4U2selfCreds(PrincipalName user,
+            Credentials ccreds) throws KrbException, IOException {
+        return CredentialsUtil.acquireS4U2selfCreds(user, ccreds);
+    }
+
+    public static Credentials acquireS4U2proxyCreds(String service,
+            Ticket second, PrincipalName client, Credentials ccreds)
+        throws KrbException, IOException {
+        return CredentialsUtil.acquireS4U2proxyCreds(
+                service, second, client, ccreds);
+    }
+
     public CredentialsCache getCache() {
         return cache;
     }
@@ -490,18 +502,19 @@
 
     public String toString() {
         StringBuffer buffer = new StringBuffer("Credentials:");
-        buffer.append("\nclient=").append(client);
-        buffer.append("\nserver=").append(server);
+        buffer.append(    "\n      client=").append(client);
+        buffer.append(    "\n      server=").append(server);
         if (authTime != null) {
-            buffer.append("\nauthTime=").append(authTime);
+            buffer.append("\n    authTime=").append(authTime);
         }
         if (startTime != null) {
-            buffer.append("\nstartTime=").append(startTime);
+            buffer.append("\n   startTime=").append(startTime);
         }
-        buffer.append("\nendTime=").append(endTime);
-        buffer.append("\nrenewTill=").append(renewTill);
-        buffer.append("\nflags: ").append(flags);
-        buffer.append("\nEType (int): ").append(key.getEType());
+        buffer.append(    "\n     endTime=").append(endTime);
+        buffer.append(    "\n   renewTill=").append(renewTill);
+        buffer.append(    "\n       flags=").append(flags);
+        buffer.append(    "\nEType (skey)=").append(key.getEType());
+        buffer.append(    "\n   (tkt key)=").append(ticket.encPart.eType);
         return buffer.toString();
     }
 
--- a/jdk/src/share/classes/sun/security/krb5/EncryptedData.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/EncryptedData.java	Fri Nov 09 14:46:34 2012 -0800
@@ -160,8 +160,6 @@
         kvno = key.getKeyVersionNumber();
     }
     */
-
-    // currently destructive on cipher
     public byte[] decrypt(
                           EncryptionKey key, int usage)
         throws KdcErrException, KrbApErrException, KrbCryptoException {
@@ -175,7 +173,9 @@
 
             EType etypeEngine = EType.getInstance(eType);
             plain = etypeEngine.decrypt(cipher, key.getBytes(), usage);
-            cipher = null;
+            // The service ticket will be used in S4U2proxy request. Therefore
+            // the raw ticket is still needed.
+            //cipher = null;
             return etypeEngine.decryptedData(plain);
         }
 
--- a/jdk/src/share/classes/sun/security/krb5/KrbApReq.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/KrbApReq.java	Fri Nov 09 14:46:34 2012 -0800
@@ -287,8 +287,9 @@
         cusec = authenticator.cusec;
         authenticator.ctime.setMicroSeconds(authenticator.cusec);
 
-        if (!authenticator.cname.equals(enc_ticketPart.cname))
+        if (!authenticator.cname.equals(enc_ticketPart.cname)) {
             throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
+        }
 
         KerberosTime currTime = new KerberosTime(KerberosTime.NOW);
         if (!authenticator.ctime.inClockSkew(currTime))
--- a/jdk/src/share/classes/sun/security/krb5/KrbKdcRep.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/KrbKdcRep.java	Fri Nov 09 14:46:34 2012 -0800
@@ -64,7 +64,12 @@
 
         for (int i = 1; i < 6; i++) {
             if (req.reqBody.kdcOptions.get(i) !=
-                rep.encKDCRepPart.flags.get(i)) {
+                   rep.encKDCRepPart.flags.get(i)) {
+                if (Krb5.DEBUG) {
+                    System.out.println("> KrbKdcRep.check: at #" + i
+                            + ". request for " + req.reqBody.kdcOptions.get(i)
+                            + ", received " + rep.encKDCRepPart.flags.get(i));
+                }
                 throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
             }
         }
--- a/jdk/src/share/classes/sun/security/krb5/KrbTgsRep.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/KrbTgsRep.java	Fri Nov 09 14:46:34 2012 -0800
@@ -87,7 +87,7 @@
         check(false, req, rep);
 
         this.creds = new Credentials(rep.ticket,
-                                req.reqBody.cname,
+                                rep.cname,
                                 rep.ticket.sname,
                                 enc_part.key,
                                 enc_part.flags,
--- a/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,6 +35,7 @@
 import sun.security.krb5.internal.crypto.*;
 import java.io.IOException;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 
 /**
  * This class encapsulates a Kerberos TGS-REQ that is sent from the
@@ -55,7 +56,7 @@
     private byte[] obuf;
     private byte[] ibuf;
 
-     // Used in CredentialsUtil
+    // Used in CredentialsUtil
     public KrbTgsReq(Credentials asCreds,
                      PrincipalName sname)
         throws KrbException, IOException {
@@ -72,6 +73,45 @@
             null); // EncryptionKey subSessionKey
     }
 
+    // S4U2proxy
+    public KrbTgsReq(Credentials asCreds,
+                     Ticket second,
+                     PrincipalName sname)
+            throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
+                KDCOptions.FORWARDABLE),
+            asCreds,
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            new Ticket[] {second}, // the service ticket
+            null);
+    }
+
+    // S4U2user
+    public KrbTgsReq(Credentials asCreds,
+                     PrincipalName sname,
+                     PAData extraPA)
+        throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.FORWARDABLE),
+            asCreds,
+            asCreds.getClient(),
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            extraPA); // the PA-FOR-USER
+    }
+
     // Called by Credentials, KrbCred
     KrbTgsReq(
             KDCOptions options,
@@ -85,14 +125,42 @@
             AuthorizationData authorizationData,
             Ticket[] additionalTickets,
             EncryptionKey subKey) throws KrbException, IOException {
+        this(options, asCreds, asCreds.getClient(), sname,
+                from, till, rtime, eTypes, addresses,
+                authorizationData, additionalTickets, subKey, null);
+    }
 
-        princName = asCreds.client;
+    private KrbTgsReq(
+            KDCOptions options,
+            Credentials asCreds,
+            PrincipalName cname,
+            PrincipalName sname,
+            KerberosTime from,
+            KerberosTime till,
+            KerberosTime rtime,
+            int[] eTypes,
+            HostAddresses addresses,
+            AuthorizationData authorizationData,
+            Ticket[] additionalTickets,
+            EncryptionKey subKey,
+            PAData extraPA) throws KrbException, IOException {
+
+        princName = cname;
         servName = sname;
         ctime = new KerberosTime(KerberosTime.NOW);
 
 
         // check if they are valid arguments. The optional fields
         // should be  consistent with settings in KDCOptions.
+
+        // TODO: Is this necessary? If the TGT is not FORWARDABLE,
+        // you can still request for a FORWARDABLE ticket, just the
+        // KDC will give you a non-FORWARDABLE one. Even if you
+        // cannot use the ticket expected, it still contains info.
+        // This means there will be problem later. We already have
+        // flags check in KrbTgsRep. Of course, sometimes the KDC
+        // will not issue the ticket at all.
+
         if (options.get(KDCOptions.FORWARDABLE) &&
                 (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
             throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
@@ -130,13 +198,13 @@
         } else {
             if (rtime != null)  rtime = null;
         }
-        if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
+        if (options.get(KDCOptions.ENC_TKT_IN_SKEY) || options.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
             if (additionalTickets == null)
                 throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
             // in TGS_REQ there could be more than one additional
             // tickets,  but in file-based credential cache,
             // there is only one additional ticket field.
-                secondTicket = additionalTickets[0];
+            secondTicket = additionalTickets[0];
         } else {
             if (additionalTickets != null)
                 additionalTickets = null;
@@ -156,7 +224,8 @@
                 addresses,
                 authorizationData,
                 additionalTickets,
-                subKey);
+                subKey,
+                extraPA);
         obuf = tgsReqMessg.asn1Encode();
 
         // XXX We need to revisit this to see if can't move it
@@ -221,7 +290,8 @@
                          HostAddresses addresses,
                          AuthorizationData authorizationData,
                          Ticket[] additionalTickets,
-                         EncryptionKey subKey)
+                         EncryptionKey subKey,
+                         PAData extraPA)
         throws Asn1Exception, IOException, KdcErrException, KrbApErrException,
                UnknownHostException, KrbCryptoException {
         KerberosTime req_till = null;
@@ -318,10 +388,12 @@
                                          null,
                                          null).getMessage();
 
-        PAData[] tgsPAData = new PAData[1];
-        tgsPAData[0] = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
-
-        return new TGSReq(tgsPAData, reqBody);
+        PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
+        return new TGSReq(
+                extraPA != null ?
+                    new PAData[] {extraPA, tgsPAData } :
+                    new PAData[] {tgsPAData},
+                reqBody);
     }
 
     TGSReq getMessage() {
--- a/jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Fri Nov 09 14:46:34 2012 -0800
@@ -32,17 +32,7 @@
 package sun.security.krb5.internal;
 
 import sun.security.krb5.*;
-import sun.security.krb5.internal.ccache.CredentialsCache;
-import java.util.StringTokenizer;
-import sun.security.krb5.internal.ktab.*;
-import java.io.File;
 import java.io.IOException;
-import java.util.Date;
-import java.util.Vector;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
 
 /**
  * This class is a utility that contains much of the TGS-Exchange
@@ -53,77 +43,158 @@
 
     private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
 
-   /**
-    * Acquires credentials for a specified service using initial credential. Wh
-en the service has a different realm
-    * from the initial credential, we do cross-realm authentication - first, we
- use the current credential to get
-    * a cross-realm credential from the local KDC, then use that cross-realm cr
-edential to request service credential
-    * from the foreigh KDC.
-    *
-    * @param service the name of service principal using format components@real
-m
-    * @param ccreds client's initial credential.
-    * @exception Exception general exception will be thrown when any error occu
-rs.
-    * @return a <code>Credentials</code> object.
-    */
+    /**
+     * Used by a middle server to acquire credentials on behalf of a
+     * client to itself using the S4U2self extension.
+     * @param client the client to impersonate
+     * @param ccreds the TGT of the middle service
+     * @return the new creds (cname=client, sname=middle)
+     */
+    public static Credentials acquireS4U2selfCreds(PrincipalName client,
+            Credentials ccreds) throws KrbException, IOException {
+        String uRealm = client.getRealmString();
+        String localRealm = ccreds.getClient().getRealmString();
+        if (!uRealm.equals(localRealm)) {
+            // TODO: we do not support kerberos referral now
+            throw new KrbException("Cross realm impersonation not supported");
+        }
+        KrbTgsReq req = new KrbTgsReq(
+                ccreds,
+                ccreds.getClient(),
+                new PAData(Krb5.PA_FOR_USER,
+                    new PAForUserEnc(client,
+                        ccreds.getSessionKey()).asn1Encode()));
+        Credentials creds = req.sendAndGetCreds();
+        if (!creds.getClient().equals(client)) {
+            throw new KrbException("S4U2self request not honored by KDC");
+        }
+        return creds;
+    }
+
+    /**
+     * Used by a middle server to acquire a service ticket to a backend
+     * server using the S4U2proxy extension.
+     * @param backend the name of the backend service
+     * @param second the client's service ticket to the middle server
+     * @param ccreds the TGT of the middle server
+     * @return the creds (cname=client, sname=backend)
+     */
+    public static Credentials acquireS4U2proxyCreds(
+                String backend, Ticket second,
+                PrincipalName client, Credentials ccreds)
+            throws KrbException, IOException {
+        KrbTgsReq req = new KrbTgsReq(
+                ccreds,
+                second,
+                new PrincipalName(backend));
+        Credentials creds = req.sendAndGetCreds();
+        if (!creds.getClient().equals(client)) {
+            throw new KrbException("S4U2proxy request not honored by KDC");
+        }
+        return creds;
+    }
+
+    /**
+     * Acquires credentials for a specified service using initial
+     * credential. When the service has a different realm from the initial
+     * credential, we do cross-realm authentication - first, we use the
+     * current credential to get a cross-realm credential from the local KDC,
+     * then use that cross-realm credential to request service credential
+     * from the foreign KDC.
+     *
+     * @param service the name of service principal
+     * @param ccreds client's initial credential
+     */
     public static Credentials acquireServiceCreds(
                 String service, Credentials ccreds)
-    throws KrbException, IOException {
+            throws KrbException, IOException {
         PrincipalName sname = new PrincipalName(service);
         String serviceRealm = sname.getRealmString();
         String localRealm = ccreds.getClient().getRealmString();
 
-        /*
-          if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
-          if (DEBUG) {
-          System.out.println(">>>DEBUG: Credentails request cross realm ticket for " + "krbtgt/" + serviceRealm + "@" + localRealm);
-          }
-          Credentials crossCreds = serviceCreds(new ServiceName("krbtgt/" + serviceRealm + "@" + localRealm), ccreds);
-          if (DEBUG) {
-          printDebug(crossCreds);
-          }
-          Credentials result = serviceCreds(sname, crossCreds);
-          if (DEBUG) {
-          printDebug(result);
-          }
-          return result;
-          }
-          else return serviceCreds(sname, ccreds);
-        */
-
-        if (localRealm.equals(serviceRealm))
-        {
-            if (DEBUG)
-                System.out.println(">>> Credentials acquireServiceCreds: same realm");
+        if (localRealm.equals(serviceRealm)) {
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: same realm");
+            }
             return serviceCreds(sname, ccreds);
         }
+        Credentials theCreds = null;
+
+        boolean[] okAsDelegate = new boolean[1];
+        Credentials theTgt = getTGTforRealm(localRealm, serviceRealm,
+                ccreds, okAsDelegate);
+        if (theTgt != null) {
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "got right tgt");
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "obtaining service creds for " + sname);
+            }
+
+            try {
+                theCreds = serviceCreds(sname, theTgt);
+            } catch (Exception exc) {
+                if (DEBUG) {
+                    System.out.println(exc);
+                }
+                theCreds = null;
+            }
+        }
+
+        if (theCreds != null) {
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "returning creds:");
+                Credentials.printDebug(theCreds);
+            }
+            if (!okAsDelegate[0]) {
+                theCreds.resetDelegate();
+            }
+            return theCreds;
+        }
+        throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
+                                    "No service creds");
+    }
+
+    /**
+     * Gets a TGT to another realm
+     * @param localRealm this realm
+     * @param serviceRealm the other realm
+     * @param ccreds TGT in this realm
+     * @param okAsDelegate an [out] argument to receive the okAsDelegate
+     * property. True only if all realms allow delegation.
+     * @return the TGT for the other realm, null if cannot find a path
+     * @throws KrbException if something goes wrong
+     */
+    private static Credentials getTGTforRealm(String localRealm,
+            String serviceRealm, Credentials ccreds, boolean[] okAsDelegate)
+            throws KrbException {
 
         // Get a list of realms to traverse
         String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
-        boolean okAsDelegate = true;
 
-        if (realms == null || realms.length == 0)
-        {
-            if (DEBUG)
-                System.out.println(">>> Credentials acquireServiceCreds: no realms list");
+        if (realms == null || realms.length == 0) {
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: no realms list");
+            }
             return null;
         }
 
         int i = 0, k = 0;
         Credentials cTgt = null, newTgt = null, theTgt = null;
         PrincipalName tempService = null;
-        String realm = null, newTgtRealm = null, theTgtRealm = null;
+        String newTgtRealm = null;
 
-        for (cTgt = ccreds, i = 0; i < realms.length;)
-        {
+        okAsDelegate[0] = true;
+        for (cTgt = ccreds, i = 0; i < realms.length;) {
             tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
 
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: main loop: [" + i +"] tempService=" + tempService);
+            if (DEBUG) {
+                System.out.println(
+                        ">>> Credentials acquireServiceCreds: main loop: ["
+                        + i +"] tempService=" + tempService);
             }
 
             try {
@@ -132,11 +203,10 @@
                 newTgt = null;
             }
 
-            if (newTgt == null)
-            {
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: no tgt; searching backwards");
+            if (newTgt == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "no tgt; searching backwards");
                 }
 
                 /*
@@ -144,17 +214,15 @@
                  * realm as close to the target as possible.
                  * That means traversing the realms list backwards.
                  */
-
                 for (newTgt = null, k = realms.length - 1;
-                     newTgt == null && k > i; k--)
-                {
-
+                        newTgt == null && k > i; k--) {
                     tempService = PrincipalName.tgsService(realms[k], realms[i]);
-                    if (DEBUG)
-                    {
-                        System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
+                    if (DEBUG) {
+                        System.out.println(
+                                ">>> Credentials acquireServiceCreds: "
+                                + "inner loop: [" + k
+                                + "] tempService=" + tempService);
                     }
-
                     try {
                         newTgt = serviceCreds(tempService, cTgt);
                     } catch (Exception exc) {
@@ -163,11 +231,10 @@
                 }
             } // Ends 'if (newTgt == null)'
 
-            if (newTgt == null)
-            {
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: no tgt; cannot get creds");
+            if (newTgt == null) {
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "no tgt; cannot get creds");
                 }
                 break;
             }
@@ -176,29 +243,24 @@
              * We have a tgt. It may or may not be for the target.
              * If it's for the target realm, we're done looking for a tgt.
              */
-
             newTgtRealm = newTgt.getServer().getInstanceComponent();
-            if (okAsDelegate && !newTgt.checkDelegate()) {
-                if (DEBUG)
-                {
+            if (okAsDelegate[0] && !newTgt.checkDelegate()) {
+                if (DEBUG) {
                     System.out.println(">>> Credentials acquireServiceCreds: " +
                             "global OK-AS-DELEGATE turned off at " +
                             newTgt.getServer());
                 }
-                okAsDelegate = false;
+                okAsDelegate[0] = false;
             }
 
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: got tgt");
-                //printDebug(newTgt);
+            if (DEBUG) {
+                System.out.println(">>> Credentials acquireServiceCreds: "
+                        + "got tgt");
             }
 
-            if (newTgtRealm.equals(serviceRealm))
-            {
+            if (newTgtRealm.equals(serviceRealm)) {
                 /* We got the right tgt */
                 theTgt = newTgt;
-                theTgtRealm = newTgtRealm;
                 break;
             }
 
@@ -207,17 +269,13 @@
              * See if the realm of the new tgt is in the list of realms
              * and continue looking from there.
              */
-
-            for (k = i+1; k < realms.length; k++)
-            {
-                if (newTgtRealm.equals(realms[k]))
-                {
+            for (k = i+1; k < realms.length; k++) {
+                if (newTgtRealm.equals(realms[k])) {
                     break;
                 }
             }
 
-            if (k < realms.length)
-            {
+            if (k < realms.length) {
                 /*
                  * (re)set the counter so we start looking
                  * from the realm we just obtained a tgt for.
@@ -225,64 +283,24 @@
                 i = k;
                 cTgt = newTgt;
 
-                if (DEBUG)
-                {
-                    System.out.println(">>> Credentials acquireServiceCreds: continuing with main loop counter reset to " + i);
+                if (DEBUG) {
+                    System.out.println(">>> Credentials acquireServiceCreds: "
+                            + "continuing with main loop counter reset to " + i);
                 }
-
                 continue;
             }
-            else
-            {
+            else {
                 /*
                  * The new tgt's realm is not in the heirarchy of realms.
                  * It's probably not safe to get a tgt from
                  * a tgs that is outside the known list of realms.
                  * Give up now.
                  */
-
                 break;
             }
         } // Ends outermost/main 'for' loop
 
-        Credentials theCreds = null;
-
-        if (theTgt != null)
-        {
-            /* We have the right tgt. Let's get the service creds */
-
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: got right tgt");
-
-                //printDebug(theTgt);
-
-                System.out.println(">>> Credentials acquireServiceCreds: obtaining service creds for " + sname);
-            }
-
-            try {
-                theCreds = serviceCreds(sname, theTgt);
-            } catch (Exception exc) {
-              if (DEBUG)
-                System.out.println(exc);
-              theCreds = null;
-            }
-        }
-
-        if (theCreds != null)
-        {
-            if (DEBUG)
-            {
-                System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
-                Credentials.printDebug(theCreds);
-            }
-            if (!okAsDelegate) {
-                theCreds.resetDelegate();
-            }
-            return theCreds;
-        }
-        throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
-                                    "No service creds");
+        return theTgt;
     }
 
    /*
--- a/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java	Fri Nov 09 14:46:34 2012 -0800
@@ -160,9 +160,10 @@
         if (der.getData().available() > 0) {
             caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
         }
-        if (der.getData().available() > 0) {
+        // We observe extra data from MSAD
+        /*if (der.getData().available() > 0) {
             throw new Asn1Exception(Krb5.ASN1_BAD_ID);
-        }
+        }*/
     }
 
     /**
--- a/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCOptions.java	Fri Nov 09 14:46:34 2012 -0800
@@ -139,13 +139,45 @@
     public static final int UNUSED9         = 9;
     public static final int UNUSED10        = 10;
     public static final int UNUSED11        = 11;
+    public static final int CNAME_IN_ADDL_TKT = 14;
     public static final int RENEWABLE_OK    = 27;
     public static final int ENC_TKT_IN_SKEY = 28;
     public static final int RENEW           = 30;
     public static final int VALIDATE        = 31;
 
+    private static final String[] names = {
+        "RESERVED",         //0
+        "FORWARDABLE",      //1;
+        "FORWARDED",        //2;
+        "PROXIABLE",        //3;
+        "PROXY",            //4;
+        "ALLOW_POSTDATE",   //5;
+        "POSTDATED",        //6;
+        "UNUSED7",          //7;
+        "RENEWABLE",        //8;
+        "UNUSED9",          //9;
+        "UNUSED10",         //10;
+        "UNUSED11",         //11;
+        null,null,
+        "CNAME_IN_ADDL_TKT",//14;
+        null,null,null,null,null,null,null,null,null,null,null,null,
+        "RENEWABLE_OK",     //27;
+        "ENC_TKT_IN_SKEY",  //28;
+        null,
+        "RENEW",            //30;
+        "VALIDATE",         //31;
+    };
+
     private boolean DEBUG = Krb5.DEBUG;
 
+    public static KDCOptions with(int... flags) {
+        KDCOptions options = new KDCOptions();
+        for (int flag: flags) {
+            options.set(flag, true);
+        }
+        return options;
+    }
+
     public KDCOptions() {
         super(Krb5.KDC_OPTS_MAX + 1);
         setDefault();
@@ -238,6 +270,20 @@
         return super.get(option);
     }
 
+    @Override public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("KDCOptions: ");
+        for (int i=0; i<Krb5.KDC_OPTS_MAX+1; i++) {
+            if (get(i)) {
+                if (names[i] != null) {
+                    sb.append(names[i]).append(",");
+                } else {
+                    sb.append(i).append(",");
+                }
+            }
+        }
+        return sb.toString();
+    }
 
     private void setDefault() {
         try {
--- a/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/Krb5.java	Fri Nov 09 14:46:34 2012 -0800
@@ -158,6 +158,9 @@
     public static final int PA_ETYPE_INFO    = 11;
     public static final int PA_ETYPE_INFO2   = 19;
 
+    // S4U2user info
+    public static final int PA_FOR_USER      = 129;
+
     //-------------------------------+-------------
     //authorization data type        |ad-type value
     //-------------------------------+-------------
--- a/jdk/src/share/classes/sun/security/krb5/internal/PAData.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/PAData.java	Fri Nov 09 14:46:34 2012 -0800
@@ -312,6 +312,9 @@
                     }
                 }
                 break;
+            case Krb5.PA_FOR_USER:
+                sb.append("\t PA-FOR-USER\n");
+                break;
             default:
                 // Unknown Pre-auth type
                 break;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.krb5.internal;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import sun.security.krb5.*;
+import sun.security.krb5.internal.crypto.KeyUsage;
+import sun.security.krb5.internal.util.KerberosString;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+/**
+ * Implements the ASN.1 PA-FOR-USER type.
+ *
+ * <xmp>
+ * padata-type  ::= PA-FOR-USER
+ *                  -- value 129
+ * padata-value ::= EncryptedData
+ *                  -- PA-FOR-USER-ENC
+ * PA-FOR-USER-ENC ::= SEQUENCE {
+ *     userName[0] PrincipalName,
+ *     userRealm[1] Realm,
+ *     cksum[2] Checksum,
+ *     auth-package[3] KerberosString
+ * }
+ * </xmp>
+ *
+ * <p>
+ * This definition reflects MS-SFU.
+ */
+
+public class PAForUserEnc {
+    final public PrincipalName name;
+    final private EncryptionKey key;
+    final public static String AUTH_PACKAGE = "Kerberos";
+
+    public PAForUserEnc(PrincipalName name, EncryptionKey key) {
+        this.name = name;
+        this.key = key;
+    }
+
+    /**
+     * Constructs a PA-FOR-USER object from a DER encoding.
+     * @param encoding the input object
+     * @param key the key to verify the checksum inside encoding
+     * @throws KrbException if the verification fails.
+     * Note: this method is now only used by test KDC, therefore
+     * the verification is ignored (at the moment).
+     */
+    public PAForUserEnc(DerValue encoding, EncryptionKey key)
+            throws Asn1Exception, KrbException, IOException {
+        DerValue der = null;
+        this.key = key;
+
+        if (encoding.getTag() != DerValue.tag_Sequence) {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        // Realm after name? Quite abnormal.
+        PrincipalName tmpName = null;
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x00) {
+            try {
+                tmpName = new PrincipalName(der.getData().getDerValue(),
+                    new Realm("PLACEHOLDER"));
+            } catch (RealmException re) {
+                // Impossible
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x01) {
+            try {
+                Realm realm = new Realm(der.getData().getDerValue());
+                name = new PrincipalName(
+                        tmpName.getNameType(), tmpName.getNameStrings(), realm);
+            } catch (RealmException re) {
+                throw new IOException(re);
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x02) {
+            // Deal with the checksum
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+
+        der = encoding.getData().getDerValue();
+        if ((der.getTag() & 0x1F) == 0x03) {
+            String authPackage = new KerberosString(der.getData().getDerValue()).toString();
+            if (!authPackage.equalsIgnoreCase(AUTH_PACKAGE)) {
+                throw new IOException("Incorrect auth-package");
+            }
+        } else {
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+        }
+        if (encoding.getData().available() > 0)
+            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+    }
+
+    public byte[] asn1Encode() throws Asn1Exception, IOException {
+        DerOutputStream bytes = new DerOutputStream();
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), name.asn1Encode());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode());
+
+        try {
+            Checksum cks = new Checksum(
+                    Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR,
+                    getS4UByteArray(),
+                    key,
+                    KeyUsage.KU_PA_FOR_USER_ENC_CKSUM);
+            bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cks.asn1Encode());
+        } catch (KrbException ke) {
+            throw new IOException(ke);
+        }
+
+        DerOutputStream temp = new DerOutputStream();
+        temp.putDerValue(new KerberosString(AUTH_PACKAGE).toDerValue());
+        bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
+
+        temp = new DerOutputStream();
+        temp.write(DerValue.tag_Sequence, bytes);
+        return temp.toByteArray();
+    }
+
+    /**
+     * Returns S4UByteArray, the block to calculate checksum inside a
+     * PA-FOR-USER-ENC data structure. It includes:
+     * 1. userName.name-type encoded as a 4-byte integer in little endian
+     *    byte order
+     * 2. all string values in the sequence of strings contained in the
+     *    userName.name-string field
+     * 3. the string value of the userRealm field
+     * 4. the string value of auth-package field
+     */
+    public byte[] getS4UByteArray() {
+        try {
+            ByteArrayOutputStream ba = new ByteArrayOutputStream();
+            ba.write(new byte[4]);
+            for (String s: name.getNameStrings()) {
+                ba.write(s.getBytes("UTF-8"));
+            }
+            ba.write(name.getRealm().toString().getBytes("UTF-8"));
+            ba.write(AUTH_PACKAGE.getBytes("UTF-8"));
+            byte[] output = ba.toByteArray();
+            int pnType = name.getNameType();
+            output[0] = (byte)(pnType & 0xff);
+            output[1] = (byte)((pnType>>8) & 0xff);
+            output[2] = (byte)((pnType>>16) & 0xff);
+            output[3] = (byte)((pnType>>24) & 0xff);
+            return output;
+        } catch (IOException ioe) {
+            // not possible
+            throw new AssertionError("Cannot write ByteArrayOutputStream", ioe);
+        }
+    }
+
+    public String toString() {
+        return "PA-FOR-USER: " + name;
+    }
+}
--- a/jdk/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java	Fri Nov 09 14:46:34 2012 -0800
@@ -54,6 +54,7 @@
     public static final int KU_ENC_KRB_PRIV_PART = 13;          // KrbPriv
     public static final int KU_ENC_KRB_CRED_PART = 14;          // KrbCred
     public static final int KU_KRB_SAFE_CKSUM = 15;             // KrbSafe
+    public static final int KU_PA_FOR_USER_ENC_CKSUM = 17;      // S4U2user
     public static final int KU_AD_KDC_ISSUED_CKSUM = 19;
 
     public static final boolean isValid(int usage) {
--- a/jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java	Fri Nov 09 14:46:34 2012 -0800
@@ -279,6 +279,9 @@
         EncryptionKey key;
         int size = entries.size();
         ArrayList<EncryptionKey> keys = new ArrayList<>(size);
+        if (DEBUG) {
+            System.out.println("Looking for keys for: " + service);
+        }
         for (int i = size-1; i >= 0; i--) {
             entry = entries.elementAt(i);
             if (entry.service.match(service)) {
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java	Fri Nov 09 14:46:34 2012 -0800
@@ -39,7 +39,6 @@
 import sun.security.timestamp.*;
 import sun.security.util.*;
 import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateIssuerName;
 import sun.security.x509.X509CertImpl;
 import sun.security.x509.X509CertInfo;
 import sun.security.x509.X509CRLImpl;
@@ -712,8 +711,8 @@
                     X509CertInfo tbsCert =
                         new X509CertInfo(cert.getTBSCertificate());
                     certIssuerName = (Principal)
-                        tbsCert.get(CertificateIssuerName.NAME + "." +
-                                    CertificateIssuerName.DN_NAME);
+                        tbsCert.get(X509CertInfo.ISSUER + "." +
+                                    X509CertInfo.DN_NAME);
                 } catch (Exception e) {
                     // error generating X500Name object from the cert's
                     // issuer DN, leave name as is.
--- a/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/provider/certpath/RevocationChecker.java	Fri Nov 09 14:46:34 2012 -0800
@@ -67,7 +67,7 @@
     private URI responderURI;
     private X509Certificate responderCert;
     private List<CertStore> certStores;
-    private Map<X509Certificate, byte[]> ocspStapled;
+    private Map<X509Certificate, byte[]> ocspResponses;
     private List<Extension> ocspExtensions;
     private boolean legacy;
 
@@ -140,7 +140,7 @@
         } else {
             crlDP = true;
         }
-        ocspStapled = getOCSPStapledResponses();
+        ocspResponses = getOCSPResponses();
         ocspExtensions = getOCSPExtensions();
 
         this.anchor = anchor;
@@ -645,11 +645,11 @@
         try {
             certId = new CertId(issuerCert, currCert.getSerialNumberObject());
 
-            // check if there is a stapled OCSP response available
-            byte[] responseBytes = ocspStapled.get(cert);
+            // check if there is a cached OCSP response available
+            byte[] responseBytes = ocspResponses.get(cert);
             if (responseBytes != null) {
                 if (debug != null) {
-                    debug.println("Found stapled OCSP response");
+                    debug.println("Found cached OCSP response");
                 }
                 response = new OCSPResponse(responseBytes);
 
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java	Fri Nov 09 14:46:34 2012 -0800
@@ -2259,9 +2259,9 @@
                 X509CertInfo tbsCert = new
                     X509CertInfo(certChain[0].getTBSCertificate());
                 issuerName = (Principal)
-                    tbsCert.get(CertificateIssuerName.NAME + "." +
-                                CertificateIssuerName.DN_NAME);
-            }
+                    tbsCert.get(X509CertInfo.ISSUER + "." +
+                                X509CertInfo.DN_NAME);
+                }
             BigInteger serial = certChain[0].getSerialNumber();
 
             String signatureAlgorithm;
--- a/jdk/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java	Fri Nov 09 14:46:34 2012 -0800
@@ -258,10 +258,10 @@
             AlgorithmId algID = AlgorithmId.get(sigAlg);
             info.set(X509CertInfo.ALGORITHM_ID,
                      new CertificateAlgorithmId(algID));
-            info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+            info.set(X509CertInfo.SUBJECT, myname);
             info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
             info.set(X509CertInfo.VALIDITY, interval);
-            info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+            info.set(X509CertInfo.ISSUER, myname);
             if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
 
             cert = new X509CertImpl(info);
--- a/jdk/src/share/classes/sun/security/tools/keytool/Main.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/tools/keytool/Main.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1145,7 +1145,7 @@
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
         X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
 
         Date firstDate = getStartDate(startDate);
         Date lastDate = new Date();
@@ -1170,7 +1170,7 @@
         info.set(X509CertInfo.ALGORITHM_ID,
                     new CertificateAlgorithmId(
                         AlgorithmId.get(sigAlgName)));
-        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
+        info.set(X509CertInfo.ISSUER, issuer);
 
         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
         boolean canRead = false;
@@ -1193,8 +1193,8 @@
         PKCS10 req = new PKCS10(rawReq);
 
         info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
-        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
-                dname==null?req.getSubjectName():new X500Name(dname)));
+        info.set(X509CertInfo.SUBJECT,
+                    dname==null?req.getSubjectName():new X500Name(dname));
         CertificateExtensions reqex = null;
         Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
         while (attrs.hasNext()) {
@@ -1234,7 +1234,7 @@
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
         X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                                      X509CertInfo.DN_NAME);
 
         Date firstDate = getStartDate(startDate);
         Date lastDate = (Date) firstDate.clone();
@@ -2405,16 +2405,16 @@
         if (dname == null) {
             // Get the owner name from the certificate
             owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
-                                           CertificateSubjectName.DN_NAME);
+                                           X509CertInfo.DN_NAME);
         } else {
             // Use the owner name specified at the command line
             owner = new X500Name(dname);
             certInfo.set(X509CertInfo.SUBJECT + "." +
-                         CertificateSubjectName.DN_NAME, owner);
+                         X509CertInfo.DN_NAME, owner);
         }
         // Make issuer same as owner (self-signed!)
         certInfo.set(X509CertInfo.ISSUER + "." +
-                     CertificateIssuerName.DN_NAME, owner);
+                     X509CertInfo.DN_NAME, owner);
 
         // The inner and outer signature algorithms have to match.
         // The way we achieve that is really ugly, but there seems to be no
--- a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java	Fri Nov 09 14:46:34 2012 -0800
@@ -96,12 +96,10 @@
      */
     // x509.info.subject.dname
     public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.SUBJECT + DOT +
-                               CertificateSubjectName.DN_NAME;
+                               X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
     // x509.info.issuer.dname
     public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
-                               X509CertInfo.ISSUER + DOT +
-                               CertificateIssuerName.DN_NAME;
+                               X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
     // x509.info.serialNumber.number
     public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
                                X509CertInfo.SERIAL_NUMBER + DOT +
@@ -890,9 +888,8 @@
         if (info == null)
             return null;
         try {
-            Principal subject = (Principal)info.get(
-                                 CertificateSubjectName.NAME + DOT +
-                                 CertificateSubjectName.DN_NAME);
+            Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
+                                                    X509CertInfo.DN_NAME);
             return subject;
         } catch (Exception e) {
             return null;
@@ -910,8 +907,8 @@
         }
         try {
             X500Principal subject = (X500Principal)info.get(
-                                CertificateSubjectName.NAME + DOT +
-                                CertificateSubjectName.DN_PRINCIPAL);
+                                            X509CertInfo.SUBJECT + DOT +
+                                            "x500principal");
             return subject;
         } catch (Exception e) {
             return null;
@@ -927,9 +924,8 @@
         if (info == null)
             return null;
         try {
-            Principal issuer = (Principal)info.get(
-                                CertificateIssuerName.NAME + DOT +
-                                CertificateIssuerName.DN_NAME);
+            Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
+                                                   X509CertInfo.DN_NAME);
             return issuer;
         } catch (Exception e) {
             return null;
@@ -947,8 +943,8 @@
         }
         try {
             X500Principal issuer = (X500Principal)info.get(
-                                CertificateIssuerName.NAME + DOT +
-                                CertificateIssuerName.DN_PRINCIPAL);
+                                            X509CertInfo.ISSUER + DOT +
+                                            "x500principal");
             return issuer;
         } catch (Exception e) {
             return null;
--- a/jdk/src/share/classes/sun/security/x509/X509CertInfo.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/X509CertInfo.java	Fri Nov 09 14:46:34 2012 -0800
@@ -68,12 +68,13 @@
     public static final String IDENT = "x509.info";
     // Certificate attribute names
     public static final String NAME = "info";
+    public static final String DN_NAME = "dname";
     public static final String VERSION = CertificateVersion.NAME;
     public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
     public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
-    public static final String ISSUER = CertificateIssuerName.NAME;
+    public static final String ISSUER = "issuer";
+    public static final String SUBJECT = "subject";
     public static final String VALIDITY = CertificateValidity.NAME;
-    public static final String SUBJECT = CertificateSubjectName.NAME;
     public static final String KEY = CertificateX509Key.NAME;
     public static final String ISSUER_ID = "issuerID";
     public static final String SUBJECT_ID = "subjectID";
@@ -83,9 +84,9 @@
     protected CertificateVersion version = new CertificateVersion();
     protected CertificateSerialNumber   serialNum = null;
     protected CertificateAlgorithmId    algId = null;
-    protected CertificateIssuerName     issuer = null;
+    protected X500Name                  issuer = null;
+    protected X500Name                  subject = null;
     protected CertificateValidity       interval = null;
-    protected CertificateSubjectName    subject = null;
     protected CertificateX509Key        pubKey = null;
 
     // X509.v2 & v3 extensions
@@ -399,11 +400,7 @@
             break;
 
         case ATTR_ISSUER:
-            if (suffix == null) {
-                setIssuer(val);
-            } else {
-                issuer.set(suffix, val);
-            }
+            setIssuer(val);
             break;
 
         case ATTR_VALIDITY:
@@ -415,11 +412,7 @@
             break;
 
         case ATTR_SUBJECT:
-            if (suffix == null) {
-                setSubject(val);
-            } else {
-                subject.set(suffix, val);
-            }
+            setSubject(val);
             break;
 
         case ATTR_KEY:
@@ -493,11 +486,7 @@
             }
             break;
         case (ATTR_ISSUER):
-            if (suffix == null) {
-                issuer = null;
-            } else {
-                issuer.delete(suffix);
-            }
+            issuer = null;
             break;
         case (ATTR_VALIDITY):
             if (suffix == null) {
@@ -507,11 +496,7 @@
             }
             break;
         case (ATTR_SUBJECT):
-            if (suffix == null) {
-                subject = null;
-            } else {
-                subject.delete(suffix);
-            }
+            subject = null;
             break;
         case (ATTR_KEY):
             if (suffix == null) {
@@ -571,13 +556,13 @@
             if (suffix == null) {
                 return(subject);
             } else {
-                return(subject.get(suffix));
+                return(getX500Name(suffix, false));
             }
         case (ATTR_ISSUER):
             if (suffix == null) {
                 return(issuer);
             } else {
-                return(issuer.get(suffix));
+                return(getX500Name(suffix, true));
             }
         case (ATTR_KEY):
             if (suffix == null) {
@@ -618,6 +603,21 @@
     }
 
     /*
+     * Get the Issuer or Subject name
+     */
+    private Object getX500Name(String name, boolean getIssuer)
+        throws IOException {
+        if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
+            return getIssuer ? issuer : subject;
+        } else if (name.equalsIgnoreCase("x500principal")) {
+            return getIssuer ? issuer.asX500Principal()
+                             : subject.asX500Principal();
+        } else {
+            throw new IOException("Attribute name not recognized.");
+        }
+    }
+
+    /*
      * This routine unmarshals the certificate information.
      */
     private void parse(DerValue val)
@@ -646,9 +646,8 @@
         algId = new CertificateAlgorithmId(in);
 
         // Issuer name
-        issuer = new CertificateIssuerName(in);
-        X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
-        if (issuerDN.isEmpty()) {
+        issuer = new X500Name(in);
+        if (issuer.isEmpty()) {
             throw new CertificateParsingException(
                 "Empty issuer DN not allowed in X509Certificates");
         }
@@ -657,10 +656,9 @@
         interval = new CertificateValidity(in);
 
         // subject name
-        subject = new CertificateSubjectName(in);
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
+        subject = new X500Name(in);
         if ((version.compare(CertificateVersion.V1) == 0) &&
-                subjectDN.isEmpty()) {
+                subject.isEmpty()) {
             throw new CertificateParsingException(
                       "Empty subject DN not allowed in v1 certificate");
         }
@@ -712,13 +710,12 @@
     /*
      * Verify if X.509 V3 Certificate is compliant with RFC 3280.
      */
-    private void verifyCert(CertificateSubjectName subject,
+    private void verifyCert(X500Name subject,
         CertificateExtensions extensions)
         throws CertificateParsingException, IOException {
 
         // if SubjectName is empty, check for SubjectAlternativeNameExtension
-        X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
-        if (subjectDN.isEmpty()) {
+        if (subject.isEmpty()) {
             if (extensions == null) {
                 throw new CertificateParsingException("X.509 Certificate is " +
                         "incomplete: subject field is empty, and certificate " +
@@ -859,11 +856,11 @@
      * @exception CertificateException on invalid data.
      */
     private void setIssuer(Object val) throws CertificateException {
-        if (!(val instanceof CertificateIssuerName)) {
+        if (!(val instanceof X500Name)) {
             throw new CertificateException(
                              "Issuer class type invalid.");
         }
-        issuer = (CertificateIssuerName)val;
+        issuer = (X500Name)val;
     }
 
     /**
@@ -887,11 +884,11 @@
      * @exception CertificateException on invalid data.
      */
     private void setSubject(Object val) throws CertificateException {
-        if (!(val instanceof CertificateSubjectName)) {
+        if (!(val instanceof X500Name)) {
             throw new CertificateException(
                              "Subject class type invalid.");
         }
-        subject = (CertificateSubjectName)val;
+        subject = (X500Name)val;
     }
 
     /**
--- a/jdk/src/share/classes/sun/security/x509/certAttributes.html	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/security/x509/certAttributes.html	Fri Nov 09 14:46:34 2012 -0800
@@ -6,7 +6,7 @@
 <h2><center>Certificate Attributes</center></h2>
 <font size=3><center>July 1998</font></center>
 <p>
-In JDK1.2 we provide an implementation of X.509 (version 3). 
+In JDK1.2 we provide an implementation of X.509 (version 3).
 The X509CertImpl class supports the following methods to
 manipulate the various attributes of a certificate:
 <pre>
@@ -86,9 +86,9 @@
 <td>issuer</td>
 <td>x509.info.issuer<br>
 x509.info.issuer.dname</td>
-<td>CertificateIssuerName.IDENT<br>
+<td>none<br>
 X509CertImpl.ISSUER_DN</td>
-<td>CertificateIssuerName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -109,9 +109,9 @@
 <td>subject</td>
 <td>x509.info.subject<br>
 x509.info.subject.dname</td>
-<td>CertificateSubjectName.IDENT<br>
+<td>none<br>
 X509CertImpl.SUBJECT_DN</td>
-<td>CertificateSubjectName<br>
+<td>X500Name<br>
 X500Name</td>
 </tr>
 <tr>
@@ -127,18 +127,18 @@
 <td>issuerUniqueID</td>
 <td>x509.info.issuerID<br>
 x509.info.issuerID.id</td>
-<td>CertificateIssuerUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateIssuerUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>
 <td>subjectUniqueID</td>
 <td>x509.info.subjectID<br>
 x509.info.subjectID.id</td>
-<td>CertificateSubjectUniqueIdentity.IDENT<br>
+<td>none<br>
 none</td>
-<td>CertificateSubjectUniqueIdentity<br>
+<td>UniqueIdentity<br>
 UniqueIdentity</td>
 </tr>
 <tr>
--- a/jdk/src/share/classes/sun/tools/java/RuntimeConstants.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/tools/java/RuntimeConstants.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
     /* Class File Constants */
     int JAVA_MAGIC                   = 0xcafebabe;
     int JAVA_MIN_SUPPORTED_VERSION   = 45;
-    int JAVA_MAX_SUPPORTED_VERSION   = 51;
+    int JAVA_MAX_SUPPORTED_VERSION   = 52;
     int JAVA_MAX_SUPPORTED_MINOR_VERSION = 0;
 
     /* Generate class file version for 1.1  by default */
--- a/jdk/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java	Fri Nov 09 14:46:34 2012 -0800
@@ -329,9 +329,6 @@
             tagset.add(token);
         }
 
-        // ensure en-US is there (mandated by the spec, e.g. Collator.getAvailableLocales())
-        tagset.add("en-US");
-
         return tagset;
     }
 
--- a/jdk/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,6 +26,7 @@
 package sun.util.locale.provider;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.IllformedLocaleException;
@@ -177,7 +178,7 @@
             for (Class<? extends LocaleServiceProvider> c : spiClasses) {
                 LocaleServiceProviderPool pool =
                     LocaleServiceProviderPool.getPool(c);
-                all.addAll(pool.getAvailableLocaleList());
+                all.addAll(pool.getAvailableLocaleSet());
             }
 
             allAvailableLocales = all.toArray(new Locale[0]);
@@ -207,13 +208,23 @@
      * @return an array of the available locales
      */
     public Locale[] getAvailableLocales() {
-        Set<Locale> locList = getAvailableLocaleList();
+        Set<Locale> locList = new HashSet<>();
+        locList.addAll(getAvailableLocaleSet());
+        // Make sure it all contains JRE's locales for compatibility.
+        locList.addAll(Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales()));
         Locale[] tmp = new Locale[locList.size()];
         locList.toArray(tmp);
         return tmp;
     }
 
-    private synchronized Set<Locale> getAvailableLocaleList() {
+    /**
+     * Returns the union of locale sets that are available from
+     * each service provider. This method does NOT return the
+     * defensive copy.
+     *
+     * @return a set of available locales
+     */
+    private synchronized Set<Locale> getAvailableLocaleSet() {
         if (availableLocales == null) {
             availableLocales = new HashSet<>();
             for (LocaleServiceProvider lsp : providers.values()) {
@@ -222,9 +233,6 @@
                     availableLocales.add(getLookupLocale(locale));
                 }
             }
-
-            // Remove Locale.ROOT for the compatibility.
-            availableLocales.remove(Locale.ROOT);
         }
 
         return availableLocales;
@@ -295,7 +303,7 @@
 
         List<Locale> lookupLocales = getLookupLocales(locale);
 
-        Set<Locale> available = getAvailableLocaleList();
+        Set<Locale> available = getAvailableLocaleSet();
         for (Locale current : lookupLocales) {
             if (available.contains(current)) {
                 S providersObj;
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/constants.h	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/constants.h	Fri Nov 09 14:46:34 2012 -0800
@@ -35,12 +35,19 @@
 #define JAVA_MAGIC 0xCAFEBABE
 #define JAVA_MIN_MAJOR_VERSION 45
 #define JAVA_MIN_MINOR_VERSION 3
+
 #define JAVA5_MAX_MAJOR_VERSION 49
 #define JAVA5_MAX_MINOR_VERSION 0
-// NOTE: Assume for now
+
 #define JAVA6_MAX_MAJOR_VERSION 50
 #define JAVA6_MAX_MINOR_VERSION 0
 
+#define JAVA7_MAX_MAJOR_VERSION 51
+#define JAVA7_MAX_MINOR_VERSION 0
+
+#define JAVA8_MAX_MAJOR_VERSION 52
+#define JAVA8_MAX_MINOR_VERSION 0
+
 // package file constants
 #define JAVA_PACKAGE_MAGIC 0xCAFED00D
 #define JAVA5_PACKAGE_MAJOR_VERSION 150
--- a/jdk/src/share/native/java/lang/System.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/java/lang/System.c	Fri Nov 09 14:46:34 2012 -0800
@@ -102,7 +102,7 @@
 #define VENDOR_URL_BUG "http://bugreport.sun.com/bugreport/"
 #endif
 
-#define JAVA_MAX_SUPPORTED_VERSION 51
+#define JAVA_MAX_SUPPORTED_VERSION 52
 #define JAVA_MAX_SUPPORTED_MINOR_VERSION 0
 
 #ifdef JAVA_SPECIFICATION_VENDOR /* Third party may NOT overwrite this. */
--- a/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c	Fri Nov 09 14:46:34 2012 -0800
@@ -26,6 +26,7 @@
 #include "sun_security_jgss_wrapper_GSSLibStub.h"
 #include "NativeUtil.h"
 #include "NativeFunc.h"
+#include "jlong.h"
 
 /* Constants for indicating what type of info is needed for inqueries */
 const int TYPE_CRED_NAME = 10;
@@ -75,14 +76,14 @@
                                                      jclass jcls,
                                                      jbyteArray jbytes) {
   gss_OID cOid;
-  int i, len;
+  unsigned int i, len;
   jbyte* bytes;
   jthrowable gssEx;
   jboolean found;
 
   if (jbytes != NULL) {
     found = JNI_FALSE;
-    len = (*env)->GetArrayLength(env, jbytes) - 2;
+    len = (unsigned int)((*env)->GetArrayLength(env, jbytes) - 2);
     bytes = (*env)->GetByteArrayElements(env, jbytes, NULL);
     if (bytes != NULL) {
       for (i = 0; i < ftab->mechs->count; i++) {
@@ -98,9 +99,9 @@
     }
     if (found != JNI_TRUE) {
       checkStatus(env, NULL, GSS_S_BAD_MECH, 0, "[GSSLibStub_getMechPtr]");
-      return NULL;
-    } else return cOid;
-  } else return GSS_C_NO_OID;
+      return ptr_to_jlong(NULL);
+    } else return ptr_to_jlong(cOid);
+  } else return ptr_to_jlong(GSS_C_NO_OID);
 }
 
 
@@ -244,7 +245,7 @@
 
   if (ftab->inquireNamesForMech != NULL) {
 
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech = (gss_OID)jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   nameTypes = GSS_C_NO_OID_SET;
 
   /* gss_inquire_names_for_mech(...) => N/A */
@@ -273,7 +274,7 @@
   OM_uint32 minor, major;
   gss_name_t nameHdl;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
 
   sprintf(debugBuf, "[GSSLibStub_releaseName] %ld", (long) pName);
   debug(env, debugBuf);
@@ -319,7 +320,7 @@
   resetGSSBuffer(env, jnameVal, &nameVal);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_importName]");
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 
@@ -339,8 +340,8 @@
   int isEqual;
 
   isEqual = 0;
-  nameHdl1 = (gss_name_t) pName1;
-  nameHdl2 = (gss_name_t) pName2;
+  nameHdl1 = (gss_name_t) jlong_to_ptr(pName1);
+  nameHdl2 = (gss_name_t) jlong_to_ptr(pName2);
 
   sprintf(debugBuf, "[GSSLibStub_compareName] %ld %ld", (long) pName1,
     (long) pName2);
@@ -370,12 +371,12 @@
   gss_name_t nameHdl, mnNameHdl;
   gss_OID mech;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_canonicalizeName] %ld", (long) pName);
   debug(env, debugBuf);
 
   if (nameHdl != GSS_C_NO_NAME) {
-    mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+    mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
     mnNameHdl = GSS_C_NO_NAME;
 
     /* gss_canonicalize_name(...) may return GSS_S_BAD_NAMETYPE,
@@ -391,7 +392,7 @@
     checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]");
   } else mnNameHdl = GSS_C_NO_NAME;
 
-  return (jlong) mnNameHdl;
+  return ptr_to_jlong(mnNameHdl);
 }
 
 /*
@@ -408,7 +409,7 @@
   gss_buffer_desc outBuf;
   jbyteArray jresult;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_exportName] %ld", (long) pName);
   debug(env, debugBuf);
 
@@ -420,16 +421,16 @@
   if (major == GSS_S_NAME_NOT_MN) {
     debug(env, "[GSSLibStub_exportName] canonicalize and re-try");
 
-    mNameHdl = (gss_name_t)
+    mNameHdl = (gss_name_t)jlong_to_ptr(
         Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName
-                                        (env, jobj, pName);
+                                        (env, jobj, pName));
     /* return immediately if an exception has occurred */
     if ((*env)->ExceptionCheck(env)) {
       return NULL;
     }
     major = (*ftab->exportName)(&minor, mNameHdl, &outBuf);
     Java_sun_security_jgss_wrapper_GSSLibStub_releaseName
-                                        (env, jobj, (jlong) mNameHdl);
+                                        (env, jobj, ptr_to_jlong(mNameHdl));
     /* return immediately if an exception has occurred */
     if ((*env)->ExceptionCheck(env)) {
       return NULL;
@@ -460,7 +461,7 @@
   jobject jtype;
   jobjectArray jresult;
 
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   sprintf(debugBuf, "[GSSLibStub_displayName] %ld", (long) pName);
   debug(env, debugBuf);
 
@@ -512,10 +513,10 @@
   debug(env, "[GSSLibStub_acquireCred]");
 
 
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   mechs = newGSSOIDSet(env, mech);
   credUsage = (gss_cred_usage_t) usage;
-  nameHdl = (gss_name_t) pName;
+  nameHdl = (gss_name_t) jlong_to_ptr(pName);
   credHdl = GSS_C_NO_CREDENTIAL;
 
   sprintf(debugBuf, "[GSSLibStub_acquireCred] pName=%ld, usage=%d",
@@ -534,7 +535,7 @@
   debug(env, debugBuf);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_acquireCred]");
-  return (jlong) credHdl;
+  return ptr_to_jlong(credHdl);
 }
 
 /*
@@ -550,9 +551,9 @@
   OM_uint32 minor, major;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   if (credHdl != GSS_C_NO_CREDENTIAL) {
@@ -562,7 +563,7 @@
 
     checkStatus(env, jobj, major, minor, "[GSSLibStub_releaseCred]");
   }
-  return (jlong) credHdl;
+  return ptr_to_jlong(credHdl);
 }
 
 /*
@@ -570,7 +571,7 @@
  */
 void inquireCred(JNIEnv *env, jobject jobj, gss_cred_id_t pCred,
                  jint type, void *result) {
-  OM_uint32 minor, major;
+  OM_uint32 minor, major=GSS_C_QOP_DEFAULT;
   OM_uint32 routineErr;
   gss_cred_id_t credHdl;
 
@@ -617,9 +618,9 @@
   gss_name_t nameHdl;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   nameHdl = GSS_C_NO_NAME;
@@ -633,7 +634,7 @@
   sprintf(debugBuf, "[GSSLibStub_getCredName] pName=%ld", (long) nameHdl);
   debug(env, debugBuf);
 
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 /*
@@ -649,9 +650,9 @@
   gss_cred_id_t credHdl;
   OM_uint32 lifetime;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   lifetime = 0;
@@ -677,9 +678,9 @@
   gss_cred_usage_t usage;
   gss_cred_id_t credHdl;
 
-  credHdl = (gss_cred_id_t) pCred;
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
 
-  sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", pCred);
+  sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", (long int)pCred);
   debug(env, debugBuf);
 
   inquireCred(env, jobj, credHdl, TYPE_CRED_USAGE, &usage);
@@ -738,13 +739,13 @@
     return NULL;
   }
 
-  mech2 = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  mech2 = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
 
   if (sameMech(env, mech, mech2) == JNI_TRUE) {
     /* mech match - return the context object */
     return (*env)->NewObject(env, CLS_NativeGSSContext,
                                  MID_NativeGSSContext_ctor,
-                                 (jlong) contextHdl, jobj);
+                                 ptr_to_jlong(contextHdl), jobj);
   } else {
     /* mech mismatch - clean up then return null */
     major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
@@ -784,11 +785,11 @@
 */
   debug(env, "[GSSLibStub_initContext]");
 
-  credHdl = (gss_cred_id_t) pCred;
-  contextHdl = (gss_ctx_id_t)
-    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
-  targetName = (gss_name_t) pName;
-  mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(
+    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+  targetName = (gss_name_t) jlong_to_ptr(pName);
+  mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
   flags = (OM_uint32) (*env)->GetIntField(env, jcontextSpi,
                                           FID_NativeGSSContext_flags);
   time = getGSSTime((*env)->GetIntField(env, jcontextSpi,
@@ -821,7 +822,7 @@
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
     (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        (jlong) contextHdl);
+                        ptr_to_jlong(contextHdl));
     (*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
     sprintf(debugBuf, "[GSSLibStub_initContext] set flags=0x%x", aFlags);
     debug(env, debugBuf);
@@ -879,7 +880,7 @@
   OM_uint32 aFlags;
   OM_uint32 aTime;
   gss_cred_id_t delCred;
-  jobject jsrcName;
+  jobject jsrcName=GSS_C_NO_NAME;
   jobject jdelCred;
   jobject jMech;
   jbyteArray jresult;
@@ -889,9 +890,9 @@
 
   debug(env, "[GSSLibStub_acceptContext]");
 
-  contextHdl = (gss_ctx_id_t)
-    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
-  credHdl = (gss_cred_id_t) pCred;
+  contextHdl = (gss_ctx_id_t)jlong_to_ptr(
+    (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+  credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
   initGSSBuffer(env, jinToken, &inToken);
   cb = getGSSCB(env, jcb);
   srcName = GSS_C_NO_NAME;
@@ -922,7 +923,7 @@
   if (GSS_ERROR(major) == GSS_S_COMPLETE) {
     /* update member values if needed */
     (*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
-                        (jlong) contextHdl);
+                        ptr_to_jlong(contextHdl));
     sprintf(debugBuf, "[GSSLibStub_acceptContext] set pContext=%ld",
             (long)contextHdl);
     debug(env, debugBuf);
@@ -940,7 +941,7 @@
                               NULL, NULL);
       jtargetName = (*env)->NewObject(env, CLS_GSSNameElement,
                                 MID_GSSNameElement_ctor,
-                                (jlong) targetName, jobj);
+                                ptr_to_jlong(targetName), jobj);
 
       /* return immediately if an exception has occurred */
       if ((*env)->ExceptionCheck(env)) {
@@ -955,7 +956,7 @@
     if (srcName != GSS_C_NO_NAME) {
       jsrcName = (*env)->NewObject(env, CLS_GSSNameElement,
                                    MID_GSSNameElement_ctor,
-                                   (jlong) srcName, jobj);
+                                   ptr_to_jlong(srcName), jobj);
       /* return immediately if an exception has occurred */
       if ((*env)->ExceptionCheck(env)) {
         return NULL;
@@ -981,7 +982,7 @@
       if (delCred != GSS_C_NO_CREDENTIAL) {
         jdelCred = (*env)->NewObject(env, CLS_GSSCredElement,
                                      MID_GSSCredElement_ctor,
-                                     (jlong) delCred, jsrcName, jMech);
+                                     ptr_to_jlong(delCred), jsrcName, jMech);
         /* return immediately if an exception has occurred */
         if ((*env)->ExceptionCheck(env)) {
           return NULL;
@@ -1031,7 +1032,7 @@
   jlong result[6];
   jlongArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
   sprintf(debugBuf, "[GSSLibStub_inquireContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
@@ -1051,8 +1052,8 @@
                                                 (long)targetName);
   debug(env, debugBuf);
 
-  result[0] = (jlong) srcName;
-  result[1] = (jlong) targetName;
+  result[0] = ptr_to_jlong(srcName);
+  result[1] = ptr_to_jlong(targetName);
   result[2] = (jlong) isInitiator;
   result[3] = (jlong) isEstablished;
   result[4] = (jlong) flags;
@@ -1081,9 +1082,9 @@
   gss_OID mech;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
-  sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", pContext);
+  sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", (long int)pContext);
   debug(env, debugBuf);
 
   major = (*ftab->inquireContext)(&minor, contextHdl, NULL, NULL,
@@ -1111,7 +1112,7 @@
   gss_name_t nameHdl;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
 
   sprintf(debugBuf, "[GSSLibStub_getContextName] %ld, isSrc=%d",
           (long)contextHdl, isSrc);
@@ -1129,13 +1130,13 @@
   checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContextAll]");
   /* return immediately if an exception has occurred */
   if ((*env)->ExceptionCheck(env)) {
-    return (long)NULL;
+    return ptr_to_jlong(NULL);
   }
 
   sprintf(debugBuf, "[GSSLibStub_getContextName] pName=%ld", (long) nameHdl);
   debug(env, debugBuf);
 
-  return (jlong) nameHdl;
+  return ptr_to_jlong(nameHdl);
 }
 
 /*
@@ -1151,7 +1152,7 @@
   gss_ctx_id_t contextHdl;
   OM_uint32 time;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_getContextTime] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1180,17 +1181,17 @@
   OM_uint32 minor, major;
   gss_ctx_id_t contextHdl;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_deleteContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
-  if (contextHdl == GSS_C_NO_CONTEXT) return GSS_C_NO_CONTEXT;
+  if (contextHdl == GSS_C_NO_CONTEXT) return ptr_to_jlong(GSS_C_NO_CONTEXT);
 
   /* gss_delete_sec_context(...) => GSS_S_NO_CONTEXT(!) */
   major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
 
   checkStatus(env, jobj, major, minor, "[GSSLibStub_deleteContext]");
-  return (jlong) contextHdl;
+  return (jlong) ptr_to_jlong(contextHdl);
 }
 
 /*
@@ -1211,7 +1212,7 @@
   OM_uint32 outSize, maxInSize;
   gss_qop_t qop;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_wrapSizeLimit] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1244,7 +1245,7 @@
   gss_buffer_desc interProcToken;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_exportContext] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1281,7 +1282,7 @@
   gss_buffer_desc msgToken;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_getMic] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1290,7 +1291,7 @@
     checkStatus(env, jobj, GSS_S_CONTEXT_EXPIRED, 0, "[GSSLibStub_getMic]");
     return NULL;
   }
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   qop = (gss_qop_t) jqop;
   initGSSBuffer(env, jmsg, &msg);
 
@@ -1326,7 +1327,7 @@
   gss_buffer_desc msgToken;
   gss_qop_t qop;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_verifyMic] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1376,7 +1377,7 @@
   gss_ctx_id_t contextHdl;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_wrap] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
@@ -1427,7 +1428,7 @@
   gss_qop_t qop;
   jbyteArray jresult;
 
-  contextHdl = (gss_ctx_id_t) pContext;
+  contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
   sprintf(debugBuf, "[GSSLibStub_unwrap] %ld", (long)contextHdl);
   debug(env, debugBuf);
 
--- a/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/jgss/wrapper/NativeUtil.c	Fri Nov 09 14:46:34 2012 -0800
@@ -25,6 +25,7 @@
 
 #include "NativeUtil.h"
 #include "NativeFunc.h"
+#include "jlong.h"
 
 const int JAVA_DUPLICATE_TOKEN_CODE = 19; /* DUPLICATE_TOKEN */
 const int JAVA_OLD_TOKEN_CODE = 20; /* OLD_TOKEN */
@@ -412,7 +413,7 @@
   OM_uint32 result;
 
   /* special handle values equal to JAVA_MAX */
-  if (jtime == JAVA_MAX) {
+  if (jtime == (jint)JAVA_MAX) {
     result = GSS_C_INDEFINITE;
   } else {
     result = jtime;
@@ -482,7 +483,7 @@
 
   messageContext = 0;
   if (jstub != NULL) {
-    mech = (gss_OID) (*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech);
+    mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech));
   } else {
     mech = GSS_C_NO_OID;
   }
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c	Fri Nov 09 14:46:34 2012 -0800
@@ -422,6 +422,7 @@
     jfieldID jFieldID;
     jlong jType;
     jobject jPValue;
+    memset(&ckAttribute, 0, sizeof(CK_ATTRIBUTE));
 
     // TBD: what if jAttribute == NULL?!
 
@@ -1577,6 +1578,7 @@
     CK_RSA_PKCS_PSS_PARAMS ckParam;
     jfieldID fieldID;
     jlong jHashAlg, jMgf, jSLen;
+    memset(&ckParam, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
 
     /* get hashAlg */
     jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS);
@@ -1617,6 +1619,7 @@
     jfieldID fieldID;
     jlong jLong;
     jobject jSharedData, jPublicData;
+    memset(&ckParam, 0, sizeof(CK_ECDH1_DERIVE_PARAMS));
 
     /* get kdf */
     jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS);
@@ -1663,6 +1666,7 @@
     jfieldID fieldID;
     jlong jKdf, jPrivateDataLen, jPrivateData;
     jobject jSharedData, jPublicData, jPublicData2;
+    memset(&ckParam, 0, sizeof(CK_ECDH2_DERIVE_PARAMS));
 
     /* get kdf */
     jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c	Fri Nov 09 14:46:34 2012 -0800
@@ -180,14 +180,14 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-      inBufP = (CK_BYTE_PTR) directIn;
+      inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
     } else {
       inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
       if (inBufP == NULL) { return 0; }
     }
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) {
@@ -249,7 +249,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) { return 0; }
@@ -401,14 +401,14 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-      inBufP = (CK_BYTE_PTR) directIn;
+      inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
     } else {
       inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
       if (inBufP == NULL) { return 0; }
     }
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) {
@@ -465,7 +465,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directOut != 0) {
-      outBufP = (CK_BYTE_PTR) directOut;
+      outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
     } else {
       outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
       if (outBufP == NULL) { return 0; }
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c	Fri Nov 09 14:46:34 2012 -0800
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include "jlong.h"
 
 #include "sun_security_pkcs11_wrapper_PKCS11.h"
 
@@ -178,7 +179,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c	Fri Nov 09 14:46:34 2012 -0800
@@ -253,10 +253,12 @@
 (JNIEnv *env, jobject obj)
 {
     CK_INFO ckLibInfo;
-    jobject jInfoObject;
+    jobject jInfoObject=NULL;
     CK_RV rv;
+    CK_FUNCTION_LIST_PTR ckpFunctions;
+    memset(&ckLibInfo, 0, sizeof(CK_INFO));
 
-    CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
+    ckpFunctions = getFunctionList(env, obj);
     if (ckpFunctions == NULL) { return NULL; }
 
     rv = (*ckpFunctions->C_GetInfo)(&ckLibInfo);
@@ -384,7 +386,7 @@
 {
     CK_SLOT_ID ckSlotID;
     CK_SLOT_INFO ckSlotInfo;
-    jobject jSlotInfoObject;
+    jobject jSlotInfoObject=NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
@@ -396,7 +398,7 @@
     if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
         jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo);
     }
-    return jSlotInfoObject ;
+    return jSlotInfoObject;
 }
 
 /*
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c	Fri Nov 09 14:46:34 2012 -0800
@@ -256,7 +256,7 @@
 {
     CK_SESSION_HANDLE ckSessionHandle;
     CK_SESSION_INFO ckSessionInfo;
-    jobject jSessionInfo;
+    jobject jSessionInfo=NULL;
     CK_RV rv;
 
     CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c	Fri Nov 09 14:46:34 2012 -0800
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include "jlong.h"
 
 #include "sun_security_pkcs11_wrapper_PKCS11.h"
 
@@ -198,7 +199,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR) jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
@@ -262,7 +263,7 @@
 
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
-    if ((jExpectedLength > 0) && (jExpectedLength < ckSignatureLength)) {
+    if ((jExpectedLength > 0) && ((CK_ULONG)jExpectedLength < ckSignatureLength)) {
         ckSignatureLength = jExpectedLength;
     }
 
@@ -496,7 +497,7 @@
     ckSessionHandle = jLongToCKULong(jSessionHandle);
 
     if (directIn != 0) {
-        rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+        rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
         ckAssertReturnValueOK(env, rv);
         return;
     }
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c	Fri Nov 09 14:46:34 2012 -0800
@@ -106,7 +106,7 @@
     if (moduleData == NULL) {
         return ;
     }
-    (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, (jlong)moduleData);
+    (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, ptr_to_jlong(moduleData));
 }
 
 
@@ -120,7 +120,7 @@
         return NULL;
     }
     jData = (*env)->GetLongField(env, pkcs11Implementation, pNativeDataID);
-    return (ModuleData*)jData;
+    return (ModuleData*)jlong_to_ptr(jData);
 }
 
 CK_FUNCTION_LIST_PTR getFunctionList(JNIEnv *env, jobject pkcs11Implementation) {
--- a/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c	Fri Nov 09 14:46:34 2012 -0800
@@ -34,7 +34,7 @@
 #include "j2secmod.h"
 
 void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) {
-    void *hModule = (void*)jHandle;
+    void *hModule = (void*)jlong_to_ptr(jHandle);
     void *fAddress = dlsym(hModule, functionName);
     if (fAddress == NULL) {
         char errorMessage[256];
@@ -53,7 +53,7 @@
     void *hModule = dlopen(libName, RTLD_NOLOAD);
     dprintf2("-handle for %s: %u\n", libName, hModule);
     (*env)->ReleaseStringUTFChars(env, jLibName, libName);
-    return (jlong)hModule;
+    return ptr_to_jlong(hModule);
 }
 
 JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary
@@ -72,5 +72,5 @@
         return 0;
     }
 
-    return (jlong)hModule;
+    return ptr_to_jlong(hModule);
 }
--- a/jdk/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c	Fri Nov 09 14:46:34 2012 -0800
@@ -79,7 +79,7 @@
 {
     void *hModule;
     char *error;
-    CK_C_GetFunctionList C_GetFunctionList;
+    CK_C_GetFunctionList C_GetFunctionList=NULL;
     CK_RV rv;
     ModuleData *moduleData;
     jobject globalPKCS11ImplementationReference;
--- a/jdk/test/ProblemList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/ProblemList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -137,11 +137,6 @@
 # 7196801
 java/lang/management/MemoryMXBean/LowMemoryTest2.sh		generic-all
 
-# Exclude until hotspot/jdk repos are sync'd w.r.t. JAVA_MAX_SUPPORTED_VERSION
-# Needed when hotspot fix 7054345 is present.  Remove when the JDK source is 
-# updated accordingly.
-java/lang/System/Versions.java   generic-all
-
 ############################################################################
 
 # jdk_management
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6209660
+ * @bug 6209660 6383200
  * @summary Ensure that InvalidAlgorithmParameterException is
  * thrown as javadoc specified when parameters of the wrong
  * type are used.
@@ -38,9 +38,21 @@
 
     private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
     private static final String[] PBE_ALGOS = {
-        "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+        "PBEWithMD5AndDES",
+        "PBEWithSHA1AndDESede",
+        "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         // skip "PBEWithMD5AndTripleDES" since it requires Unlimited
         // version of JCE jurisdiction policy files.
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+        // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+        // version of JCE jurisdiction policy files.
     };
 
     private static final IvParameterSpec INVALID_PARAMS =
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6341599
+ * @bug 6341599 6383200
  * @summary JCE Reference Guide has recommendations, not requirements,
  * for algorithm names
  * @author Brad R. Wetmore
@@ -38,8 +38,15 @@
         "PBEWithMD5AndDES",
         "PBEWithSHA1AndDESede",
         "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithMD5AndTripleDES",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         "PBKDF2WithHmacSHA1",
-        "PBEWithMD5AndTripleDES"
+        "PBKDF2WithHmacSHA224",
+        "PBKDF2WithHmacSHA256",
+        "PBKDF2WithHmacSHA384",
+        "PBKDF2WithHmacSHA512"
     };
 
     public static void main(String[] argv) throws Exception {
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4944783
+ * @bug 4944783 6383200
  * @summary ensure that the AlgorithmParameters object returned by
  * PBE ciphers have the matching algorithm name.
  * @author Valerie Peng
@@ -37,9 +37,21 @@
 
     private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
     private static final String[] PBE_ALGOS = {
-        "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+        "PBEWithMD5AndDES",
+        "PBEWithSHA1AndDESede",
+        "PBEWithSHA1AndRC2_40",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithSHA1AndRC4_128",
         // skip "PBEWithMD5AndTripleDES" since it requires Unlimited
         // version of JCE jurisdiction policy files.
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+        // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+        // version of JCE jurisdiction policy files.
     };
     public static void main(String[] args) throws Exception {
         PBEKeySpec ks = new PBEKeySpec(PASSWORD);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6383200
+ * @summary PBE: need new algorithm support in password based encryption
+ */
+import java.security.*;
+import java.util.Arrays;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class PBES2Test {
+
+    private static final String[] algos = {
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128"
+    };
+    private static final byte[] ivBytes = {
+        0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
+        0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+    };
+
+    public static final void main(String[] args) throws Exception {
+        for (String algo : algos) {
+            test(algo, true);  // salt, ic, IV supplied by the application
+            test(algo, false); // salt, ic, IV generated by the implementation
+        }
+    }
+
+    private static final void test(String algo, boolean suppliedParams)
+        throws Exception {
+
+        System.out.println("***********************************************");
+        System.out.println(algo +
+            (suppliedParams ? "  [algorithm parameters are supplied]\n"
+                            : "  [algorithm parameters are generated]\n"));
+        int iterationCount = 1000;
+        byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
+
+        // Create PBE key
+        PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray());
+        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algo);
+        SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
+        byte[] pbeKeyBytes = pbeKey.getEncoded();
+        System.out.println("   key[" + pbeKeyBytes.length + "]: " +
+            String.format("0x%0" + (pbeKeyBytes.length * 2) + "x",
+                new java.math.BigInteger(1, pbeKeyBytes)));
+
+        // Create PBE cipher
+        System.out.println("Encrypting...");
+        Cipher pbeCipher = Cipher.getInstance(algo);
+        if (suppliedParams) {
+            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey,
+                new PBEParameterSpec(salt, iterationCount,
+                    new IvParameterSpec(ivBytes)));
+        } else {
+            pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey);
+        }
+
+        // Encrypt
+        byte[] cleartext = "This is just an example".getBytes();
+        System.out.println("  text[" + cleartext.length + "]: " +
+            String.format("0x%0" + (cleartext.length * 2) + "x",
+                new java.math.BigInteger(1, cleartext)));
+
+        byte[] ciphertext = pbeCipher.doFinal(cleartext);
+        System.out.println("c'text[" + ciphertext.length + "]: " +
+            String.format("0x%0" + (ciphertext.length * 2) + "x",
+                new java.math.BigInteger(1, ciphertext)));
+
+        AlgorithmParameters aps = pbeCipher.getParameters();
+
+        byte[] iv;
+        if (suppliedParams) {
+            iv = ivBytes;
+        } else {
+            PBEParameterSpec pbeSpec =
+                aps.getParameterSpec(PBEParameterSpec.class);
+            salt = pbeSpec.getSalt();
+            iterationCount = pbeSpec.getIterationCount();
+            IvParameterSpec ivSpec =
+                (IvParameterSpec) pbeSpec.getParameterSpec();
+            iv = ivSpec.getIV();
+        }
+        System.out.println("  salt[" + salt.length + "]: " +
+            String.format("0x%0" + (salt.length * 2) + "x",
+                new java.math.BigInteger(1, salt)));
+        System.out.println("iterationCount=" + iterationCount);
+        System.out.println("    iv[" + iv.length + "]: " +
+            String.format("0x%0" + (iv.length * 2) + "x",
+                new java.math.BigInteger(1, iv)));
+
+        // Decrypt
+        System.out.println("Decrypting...");
+        Cipher pbeCipher2 = Cipher.getInstance(algo);
+        pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps);
+        byte[] cleartext2 = pbeCipher2.doFinal(ciphertext);
+        System.out.println("  text[" + cleartext2.length + "]: " +
+            String.format("0x%0" + (cleartext2.length * 2) + "x",
+                new java.math.BigInteger(1, cleartext2)));
+
+        if (Arrays.equals(cleartext, cleartext2)) {
+            System.out.println(
+                "\nPass: decrypted ciphertext matches the original text\n");
+        } else {
+            throw new Exception(
+                "Fail: decrypted ciphertext does NOT match the original text");
+        }
+    }
+}
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
 
 /**
  * @test
- * @bug 4893959
- * @summary basic test for PBEWithSHA1AndDESede and
- * PBEWithSHA1AndRC2_40
+ * @bug 4893959 6383200
+ * @summary basic test for PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ *          and PBEWithSHA1AndRC4_40/128
  * @author Valerie Peng
  */
 
@@ -87,6 +87,9 @@
         System.out.println("Testing provider " + p.getName() + "...");
         runTest("PBEWithSHA1AndDESede", input, PASSWD, p);
         runTest("PBEWithSHA1AndRC2_40", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC2_128", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC4_40", input, PASSWD, p);
+        runTest("PBEWithSHA1AndRC4_128", input, PASSWD, p);
         System.out.println("All tests passed");
         long stop = System.currentTimeMillis();
         System.out.println("Done (" + (stop - start) + " ms).");
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
 
 /**
  * @test
- * @bug 4898810
- * @summary ensure PBEWithSHA1AndDESede and PBEWithSHA1AndRC2_40
- * is registered under correct OID.
+ * @bug 4898810 6383200
+ * @summary ensure PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ *          and PBEWithSHA1AndRC4_40/128 are registered under correct OID.
  * @author Valerie Peng
  */
 
@@ -37,12 +37,20 @@
 import javax.crypto.interfaces.PBEKey;
 
 public class PKCS12Oid {
-    private static String OID_PBEWithSHAAnd40BitRC2CBC = "1.2.840.113549.1.12.1.6";
-    private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = "1.2.840.113549.1.12.1.3";
+    private static String OID_PKCS12 = "1.2.840.113549.1.12.1.";
+    private static String OID_PBEWithSHAAnd128BitRC4 = OID_PKCS12 + "1";
+    private static String OID_PBEWithSHAAnd40BitRC4 = OID_PKCS12 + "2";
+    private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = OID_PKCS12 + "3";
+    private static String OID_PBEWithSHAAnd128BitRC2CBC = OID_PKCS12 + "5";
+    private static String OID_PBEWithSHAAnd40BitRC2CBC = OID_PKCS12 + "6";
 
     public static void main(String[] argv) throws Exception {
         Cipher c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC2CBC, "SunJCE");
         c = Cipher.getInstance(OID_PBEWithSHAAnd3KeyTripleDESCBC, "SunJCE");
+
+        c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC4, "SunJCE");
+        c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC4, "SunJCE");
+        c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC2CBC, "SunJCE");
         System.out.println("All tests passed");
     }
 }
--- a/jdk/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,34 +36,45 @@
 import javax.crypto.spec.*;
 
 public class HmacPBESHA1 {
-    private static final String MAC_ALGO = "HmacPBESHA1";
+    private static final String[] MAC_ALGOS = {
+        "HmacPBESHA1",
+        "PBEWithHmacSHA1",
+        "PBEWithHmacSHA224",
+        "PBEWithHmacSHA256",
+        "PBEWithHmacSHA384",
+        "PBEWithHmacSHA512"
+    };
+    private static final int[] MAC_LENGTHS = { 20, 20, 28, 32, 48, 64 };
     private static final String KEY_ALGO = "PBE";
     private static final String PROVIDER = "SunJCE";
 
-    private SecretKey key = null;
+    private static SecretKey key = null;
 
     public static void main(String argv[]) throws Exception {
-        HmacPBESHA1 test = new HmacPBESHA1();
-        test.run();
-        System.out.println("Test Passed");
+        for (int i = 0; i < MAC_ALGOS.length; i++) {
+            runtest(MAC_ALGOS[i], MAC_LENGTHS[i]);
+        }
+        System.out.println("\nTest Passed");
     }
 
-    public void run() throws Exception {
+    private static void runtest(String algo, int length) throws Exception {
+        System.out.println("Testing: " + algo);
         if (key == null) {
             char[] password = { 't', 'e', 's', 't' };
             PBEKeySpec keySpec = new PBEKeySpec(password);
-            SecretKeyFactory kf = SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
+            SecretKeyFactory kf =
+                SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
             key = kf.generateSecret(keySpec);
         }
-        Mac mac = Mac.getInstance(MAC_ALGO, PROVIDER);
+        Mac mac = Mac.getInstance(algo, PROVIDER);
         byte[] plainText = new byte[30];
 
         mac.init(key);
         mac.update(plainText);
         byte[] value1 = mac.doFinal();
-        if (value1.length != 20) {
-            throw new Exception("incorrect MAC output length, " +
-                                "expected 20, got " + value1.length);
+        if (value1.length != length) {
+            throw new Exception("incorrect MAC output length, expected " +
+                length + ", got " + value1.length);
         }
         mac.update(plainText);
         byte[] value2 = mac.doFinal();
--- a/jdk/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,15 @@
 
 public class HmacSaltLengths {
 
+    private static final String[] ALGOS = {
+        "HmacPBESHA1",
+        "PBEWithHmacSHA1",
+        "PBEWithHmacSHA224",
+        "PBEWithHmacSHA256",
+        "PBEWithHmacSHA384",
+        "PBEWithHmacSHA512"
+    };
+
     private static void runTest(String alg, byte[] plaintext,
                                 char[] password, Provider p)
         throws Exception {
@@ -81,7 +90,9 @@
         long start = System.currentTimeMillis();
         Provider p = Security.getProvider("SunJCE");
         System.out.println("Testing provider " + p.getName() + "...");
-        runTest("HmacPBESHA1", input, PASSWD, p);
+        for (String algo : ALGOS) {
+            runTest(algo, input, PASSWD, p);
+        }
         System.out.println("All tests passed");
         long stop = System.currentTimeMillis();
         System.out.println("Done (" + (stop - start) + " ms).");
--- a/jdk/test/java/lang/Character/CheckProp.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/Character/CheckProp.java	Fri Nov 09 14:46:34 2012 -0800
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 7037261 7070436
+ * @bug 7037261 7070436 7198195
  * @summary  Check j.l.Character.isLowerCase/isUppercase/isAlphabetic/isIdeographic
  */
 
--- a/jdk/test/java/lang/Character/CheckScript.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/Character/CheckScript.java	Fri Nov 09 14:46:34 2012 -0800
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 6945564 6959267 7033561 7070436
+ * @bug 6945564 6959267 7033561 7070436 7198195
  * @summary  Check that the j.l.Character.UnicodeScript
  */
 
--- a/jdk/test/java/lang/Character/PropList.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/Character/PropList.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
--- a/jdk/test/java/lang/Character/PropertyValueAliases.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/Character/PropertyValueAliases.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# PropertyValueAliases-6.1.0.txt
-# Date: 2011-12-07, 23:40:57 GMT [MD]
+# PropertyValueAliases-6.2.0.txt
+# Date: 2012-08-14, 16:05:11 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 #
@@ -73,6 +73,7 @@
 age; 5.2                              ; V5_2
 age; 6.0                              ; V6_0
 age; 6.1                              ; V6_1
+age; 6.2                              ; V6_2
 age; NA                               ; Unassigned
 
 # Alphabetic (Alpha)
@@ -382,7 +383,8 @@
 ccc; 122; CCC122                     ; CCC122
 ccc; 129; CCC129                     ; CCC129
 ccc; 130; CCC130                     ; CCC130
-ccc; 132; CCC133                     ; CCC133
+ccc; 132; CCC132                     ; CCC132
+ccc; 133; CCC133                     ; CCC133 # RESERVED
 ccc; 200; ATBL                       ; Attached_Below_Left
 ccc; 202; ATB                        ; Attached_Below
 ccc; 214; ATA                        ; Attached_Above
@@ -592,6 +594,7 @@
 GCB; LV                               ; LV
 GCB; LVT                              ; LVT
 GCB; PP                               ; Prepend
+GCB; RI                               ; Regional_Indicator
 GCB; SM                               ; SpacingMark
 GCB; T                                ; T
 GCB; V                                ; V
@@ -862,6 +865,7 @@
 lb ; PO                               ; Postfix_Numeric
 lb ; PR                               ; Prefix_Numeric
 lb ; QU                               ; Quotation
+lb ; RI                               ; Regional_Indicator
 lb ; SA                               ; Complex_Context
 lb ; SG                               ; Surrogate
 lb ; SP                               ; Space
@@ -880,10 +884,6 @@
 Lower; N                              ; No                               ; F                                ; False
 Lower; Y                              ; Yes                              ; T                                ; True
 
-# Lowercase_Mapping (lc)
-
-# @missing: 0000..10FFFF; Lowercase_Mapping; <code point>
-
 # Math (Math)
 
 Math; N                               ; No                               ; F                                ; False
@@ -1159,10 +1159,6 @@
 Term; N                               ; No                               ; F                                ; False
 Term; Y                               ; Yes                              ; T                                ; True
 
-# Titlecase_Mapping (tc)
-
-# @missing: 0000..10FFFF; Titlecase_Mapping; <code point>
-
 # Unicode_1_Name (na1)
 
 # @missing: 0000..10FFFF; Unicode_1_Name; <none>
@@ -1177,10 +1173,6 @@
 Upper; N                              ; No                               ; F                                ; False
 Upper; Y                              ; Yes                              ; T                                ; True
 
-# Uppercase_Mapping (uc)
-
-# @missing: 0000..10FFFF; Uppercase_Mapping; <code point>
-
 # Variation_Selector (VS)
 
 VS ; N                                ; No                               ; F                                ; False
@@ -1205,6 +1197,7 @@
 WB ; MN                               ; MidNum
 WB ; NL                               ; Newline
 WB ; NU                               ; Numeric
+WB ; RI                               ; Regional_Indicator
 WB ; XX                               ; Other
 
 # XID_Continue (XIDC)
--- a/jdk/test/java/lang/Character/Scripts.txt	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/Character/Scripts.txt	Fri Nov 09 14:46:34 2012 -0800
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
 #
 # Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
 # For terms of use, see http://www.unicode.org/terms_of_use.html
 # For documentation, see http://www.unicode.org/reports/tr44/
 
@@ -146,7 +146,7 @@
 208A..208C    ; Common # Sm   [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
 208D          ; Common # Ps       SUBSCRIPT LEFT PARENTHESIS
 208E          ; Common # Pe       SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9    ; Common # Sc  [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA    ; Common # Sc  [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
 2100..2101    ; Common # So   [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
 2102          ; Common # L&       DOUBLE-STRUCK CAPITAL C
 2103..2106    ; Common # So   [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
 E0001         ; Common # Cf       LANGUAGE TAG
 E0020..E007F  ; Common # Cf  [96] TAG SPACE..CANCEL TAG
 
-# Total code points: 6412
+# Total code points: 6413
 
 # ================================================
 
@@ -760,7 +760,7 @@
 061E          ; Arabic # Po       ARABIC TRIPLE DOT PUNCTUATION MARK
 0620..063F    ; Arabic # Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
 0641..064A    ; Arabic # Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E    ; Arabic # Mn   [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F    ; Arabic # Mn  [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
 066A..066D    ; Arabic # Po   [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
 066E..066F    ; Arabic # Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
 0671..06D3    ; Arabic # Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
 1EEAB..1EEBB  ; Arabic # Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
 1EEF0..1EEF1  ; Arabic # Sm   [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
 
-# Total code points: 1234
+# Total code points: 1235
 
 # ================================================
 
@@ -1477,7 +1477,6 @@
 0300..036F    ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
 0485..0486    ; Inherited # Mn   [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
 064B..0655    ; Inherited # Mn  [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F          ; Inherited # Mn       ARABIC WAVY HAMZA BELOW
 0670          ; Inherited # Mn       ARABIC LETTER SUPERSCRIPT ALEF
 0951..0952    ; Inherited # Mn   [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
 1CD0..1CD2    ; Inherited # Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
 1D1AA..1D1AD  ; Inherited # Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
 E0100..E01EF  ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
 
-# Total code points: 524
+# Total code points: 523
 
 # ================================================
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/lang/Math/DivModTests.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+
+/**
+ * @test Test Math and StrictMath Floor Div / Modulo operations.
+ * @bug 6282196
+ * @summary Basic tests for Floor division and modulo methods for both Math
+ * and StrictMath for int and long datatypes.
+ */
+public class DivModTests {
+
+    /**
+     * The count of test errors.
+     */
+    private static int errors = 0;
+
+    /**
+     * @param args the command line arguments are unused
+     */
+    public static void main(String[] args) {
+        errors = 0;
+        testIntFloorDivMod();
+        testLongFloorDivMod();
+
+        if (errors > 0) {
+            throw new RuntimeException(errors + " errors found in DivMod methods.");
+        }
+    }
+
+    /**
+     * Report a test failure and increment the error count.
+     * @param message the formatting string
+     * @param args the variable number of arguments for the message.
+     */
+    static void fail(String message, Object... args) {
+        errors++;
+        System.out.printf(message, args);
+    }
+
+    /**
+     * Test the integer floorDiv and floorMod methods.
+     * Math and StrictMath tested and the same results are expected for both.
+     */
+    static void testIntFloorDivMod() {
+        testIntFloorDivMod(4, 0, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+        testIntFloorDivMod(4, 3, 1, 1);
+        testIntFloorDivMod(3, 3, 1, 0);
+        testIntFloorDivMod(2, 3, 0, 2);
+        testIntFloorDivMod(1, 3, 0, 1);
+        testIntFloorDivMod(0, 3, 0, 0);
+        testIntFloorDivMod(4, -3, -2, -2);
+        testIntFloorDivMod(3, -3, -1, 0);
+        testIntFloorDivMod(2, -3, -1, -1);
+        testIntFloorDivMod(1, -3, -1, -2);
+        testIntFloorDivMod(0, -3, 0, 0);
+        testIntFloorDivMod(-1, 3, -1, 2);
+        testIntFloorDivMod(-2, 3, -1, 1);
+        testIntFloorDivMod(-3, 3, -1, 0);
+        testIntFloorDivMod(-4, 3, -2, 2);
+        testIntFloorDivMod(-1, -3, 0, -1);
+        testIntFloorDivMod(-2, -3, 0, -2);
+        testIntFloorDivMod(-3, -3, 1, 0);
+        testIntFloorDivMod(-4, -3, 1, -1);
+        testIntFloorDivMod(Integer.MAX_VALUE, 1, Integer.MAX_VALUE, 0);
+        testIntFloorDivMod(Integer.MAX_VALUE, -1, -Integer.MAX_VALUE, 0);
+        testIntFloorDivMod(Integer.MAX_VALUE, 3, 715827882, 1);
+        testIntFloorDivMod(Integer.MAX_VALUE - 1, 3, 715827882, 0);
+        testIntFloorDivMod(Integer.MIN_VALUE, 3, -715827883, 1);
+        testIntFloorDivMod(Integer.MIN_VALUE + 1, 3, -715827883, 2);
+        testIntFloorDivMod(Integer.MIN_VALUE + 1, -1, Integer.MAX_VALUE, 0);
+        // Special case of integer overflow
+        testIntFloorDivMod(Integer.MIN_VALUE, -1, Integer.MIN_VALUE, 0);
+    }
+
+    /**
+     * Test FloorDiv and then FloorMod with int data.
+     */
+    static void testIntFloorDivMod(int x, int y, Object divExpected, Object modExpected) {
+        testIntFloorDiv(x, y, divExpected);
+        testIntFloorMod(x, y, modExpected);
+    }
+
+    /**
+     * Test FloorDiv with int data.
+     */
+    static void testIntFloorDiv(int x, int y, Object expected) {
+        Object result = doFloorDiv(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorDiv(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+    }
+
+    /**
+     * Test FloorMod with int data.
+     */
+    static void testIntFloorMod(int x, int y, Object expected) {
+        Object result = doFloorMod(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorMod(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+
+        try {
+            // Verify result against double precision floor function
+            int tmp = x / y;     // Force ArithmeticException for divide by zero
+            double ff = x - Math.floor((double)x / (double)y) * y;
+            int fr = (int)ff;
+            if (fr != result) {
+                fail("FAIL: Math.floorMod(%d, %d) = %s differs from Math.floor(x, y): %d%n", x, y, result, fr);
+            }
+        } catch (ArithmeticException ae) {
+            if (y != 0) {
+                fail("FAIL: Math.floorMod(%d, %d); unexpected %s%n", x, y, ae);
+            }
+        }
+    }
+
+    /**
+     * Test the floorDiv and floorMod methods for primitive long.
+     */
+    static void testLongFloorDivMod() {
+        testLongFloorDivMod(4L, 0L, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+        testLongFloorDivMod(4L, 3L, 1L, 1L);
+        testLongFloorDivMod(3L, 3L, 1L, 0L);
+        testLongFloorDivMod(2L, 3L, 0L, 2L);
+        testLongFloorDivMod(1L, 3L, 0L, 1L);
+        testLongFloorDivMod(0L, 3L, 0L, 0L);
+        testLongFloorDivMod(4L, -3L, -2L, -2L);
+        testLongFloorDivMod(3L, -3L, -1L, 0l);
+        testLongFloorDivMod(2L, -3L, -1L, -1L);
+        testLongFloorDivMod(1L, -3L, -1L, -2L);
+        testLongFloorDivMod(0L, -3L, 0L, 0L);
+        testLongFloorDivMod(-1L, 3L, -1L, 2L);
+        testLongFloorDivMod(-2L, 3L, -1L, 1L);
+        testLongFloorDivMod(-3L, 3L, -1L, 0L);
+        testLongFloorDivMod(-4L, 3L, -2L, 2L);
+        testLongFloorDivMod(-1L, -3L, 0L, -1L);
+        testLongFloorDivMod(-2L, -3L, 0L, -2L);
+        testLongFloorDivMod(-3L, -3L, 1L, 0L);
+        testLongFloorDivMod(-4L, -3L, 1L, -1L);
+
+        testLongFloorDivMod(Long.MAX_VALUE, 1, Long.MAX_VALUE, 0L);
+        testLongFloorDivMod(Long.MAX_VALUE, -1, -Long.MAX_VALUE, 0L);
+        testLongFloorDivMod(Long.MAX_VALUE, 3L, Long.MAX_VALUE / 3L, 1L);
+        testLongFloorDivMod(Long.MAX_VALUE - 1L, 3L, (Long.MAX_VALUE - 1L) / 3L, 0L);
+        testLongFloorDivMod(Long.MIN_VALUE, 3L, Long.MIN_VALUE / 3L - 1L, 1L);
+        testLongFloorDivMod(Long.MIN_VALUE + 1L, 3L, Long.MIN_VALUE / 3L - 1L, 2L);
+        testLongFloorDivMod(Long.MIN_VALUE + 1, -1, Long.MAX_VALUE, 0L);
+        // Special case of integer overflow
+        testLongFloorDivMod(Long.MIN_VALUE, -1, Long.MIN_VALUE, 0L);
+    }
+
+    /**
+     * Test the integer floorDiv and floorMod methods.
+     * Math and StrictMath are tested and the same results are expected for both.
+     */
+    static void testLongFloorDivMod(long x, long y, Object divExpected, Object modExpected) {
+        testLongFloorDiv(x, y, divExpected);
+        testLongFloorMod(x, y, modExpected);
+    }
+
+    /**
+     * Test FloorDiv with long arguments against expected value.
+     * The expected value is usually a Long but in some cases  is
+     * an ArithmeticException.
+     *
+     * @param x dividend
+     * @param y modulus
+     * @param expected expected value,
+     */
+    static void testLongFloorDiv(long x, long y, Object expected) {
+        Object result = doFloorDiv(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: long Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorDiv(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: long StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+    }
+
+    /**
+     * Test FloorMod of long arguments against expected value.
+     * The expected value is usually a Long but in some cases  is
+     * an ArithmeticException.
+     *
+     * @param x dividend
+     * @param y modulus
+     * @param expected expected value
+     */
+    static void testLongFloorMod(long x, long y, Object expected) {
+        Object result = doFloorMod(x, y);
+        if (!resultEquals(result, expected)) {
+            fail("FAIL: long Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+        }
+
+        Object strict_result = doStrictFloorMod(x, y);
+        if (!resultEquals(strict_result, expected)) {
+            fail("FAIL: long StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+        }
+
+        try {
+            // Verify the result against BigDecimal rounding mode.
+            BigDecimal xD = new BigDecimal(x);
+            BigDecimal yD = new BigDecimal(y);
+            BigDecimal resultD = xD.divide(yD, RoundingMode.FLOOR);
+            resultD = resultD.multiply(yD);
+            resultD = xD.subtract(resultD);
+            long fr = resultD.longValue();
+            if (fr != result) {
+                fail("FAIL: Long.floorMod(%d, %d) = %d is different than BigDecimal result: %d%n",x, y, result, fr);
+
+            }
+        } catch (ArithmeticException ae) {
+            if (y != 0) {
+                fail("FAIL: long Math.floorMod(%d, %d); unexpected ArithmeticException from bigdecimal");
+            }
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorDiv(int x, int y) {
+        try {
+            return Math.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorDiv(long x, long y) {
+        try {
+            return Math.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorMod(int x, int y) {
+        try {
+            return Math.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doFloorMod(long x, long y) {
+        try {
+            return Math.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorDiv(int x, int y) {
+        try {
+            return StrictMath.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorDiv(long x, long y) {
+        try {
+            return StrictMath.floorDiv(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorMod(int x, int y) {
+        try {
+            return StrictMath.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Invoke floorDiv and return the result or any exception.
+     * @param x the x value
+     * @param y the y value
+     * @return the result Integer or an exception.
+     */
+    static Object doStrictFloorMod(long x, long y) {
+        try {
+            return StrictMath.floorMod(x, y);
+        } catch (ArithmeticException ae) {
+            return ae;
+        }
+    }
+
+    /**
+     * Returns a boolean by comparing the result and the expected value.
+     * The equals method is not defined for ArithmeticException but it is
+     * desirable to have equals return true if the expected and the result
+     * both threw the same exception (class and message.)
+     *
+     * @param result the result from testing the method
+     * @param expected the expected value
+     * @return true if the result is equal to the expected values; false otherwise.
+     */
+    static boolean resultEquals(Object result, Object expected) {
+        if (result.getClass() != expected.getClass()) {
+            fail("FAIL: Result type mismatch, %s; expected: %s%n",
+                    result.getClass().getName(), expected.getClass().getName());
+            return false;
+        }
+
+        if (result.equals(expected)) {
+            return true;
+        }
+        // Handle special case to compare ArithmeticExceptions
+        if (result instanceof ArithmeticException && expected instanceof ArithmeticException) {
+            ArithmeticException ae1 = (ArithmeticException)result;
+            ArithmeticException ae2 = (ArithmeticException)expected;
+            return ae1.getMessage().equals(ae2.getMessage());
+        }
+        return false;
+    }
+
+}
--- a/jdk/test/java/lang/invoke/BigArityTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/invoke/BigArityTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 /* @test
  * @summary High arity invocations, up to the maximum of 255 arguments
  * @compile BigArityTest.java
- * @run junit/othervm -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
  */
 
 package test.java.lang.invoke;
--- a/jdk/test/java/lang/invoke/CallSiteTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/invoke/CallSiteTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -28,7 +28,7 @@
  *
  * @build indify.Indify
  * @compile CallSiteTest.java
- * @run main/othervm
+ * @run main/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies
  *      indify.Indify
  *      --expand-properties --classpath ${test.classes}
  *      --java test.java.lang.invoke.CallSiteTest
--- a/jdk/test/java/lang/invoke/MethodHandlesTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/invoke/MethodHandlesTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -26,7 +26,7 @@
 /* @test
  * @summary unit tests for java.lang.invoke.MethodHandles
  * @compile MethodHandlesTest.java remote/RemoteExample.java
- * @run junit/othervm test.java.lang.invoke.MethodHandlesTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa test.java.lang.invoke.MethodHandlesTest
  */
 
 package test.java.lang.invoke;
--- a/jdk/test/java/lang/invoke/RicochetTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/lang/invoke/RicochetTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -25,7 +25,7 @@
 
 /* @test
  * @summary unit tests for recursive method handles
- * @run junit/othervm -DRicochetTest.MAX_ARITY=50 test.java.lang.invoke.RicochetTest
+ * @run junit/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -DRicochetTest.MAX_ARITY=10 test.java.lang.invoke.RicochetTest
  */
 /*
  * @ignore The following test creates an unreasonable number of adapters in -Xcomp mode (7049122)
--- a/jdk/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,29 +27,16 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
-import java.nio.charset.*;
 import java.util.*;
 
 
 public class AdaptDatagramSocket {
 
     static java.io.PrintStream out = System.out;
-
     static Random rand = new Random();
 
-    static final int ECHO_PORT = 7;
-    static final int DISCARD_PORT = 9;
-    static final String REMOTE_HOST = TestUtil.HOST;
-
-    static final InetSocketAddress echoAddress
-        = new InetSocketAddress(REMOTE_HOST, ECHO_PORT);
-    static final InetSocketAddress discardAddress
-        = new InetSocketAddress(REMOTE_HOST, DISCARD_PORT);
-
     static String toString(DatagramPacket dp) {
         return ("DatagramPacket[off=" + dp.getOffset()
                 + ", len=" + dp.getLength()
@@ -88,10 +75,11 @@
         out.println("rtt: " + (System.currentTimeMillis() - start));
         out.println("post op: " + toString(op) + "  ip: " + toString(ip));
 
-        for (int i = 0; i < ip.getLength(); i++)
+        for (int i = 0; i < ip.getLength(); i++) {
             if (ip.getData()[ip.getOffset() + i]
                 != op.getData()[op.getOffset() + i])
                 throw new Exception("Incorrect data received");
+        }
 
         if (!(ip.getSocketAddress().equals(dst))) {
             throw new Exception("Incorrect sender address, expected: " + dst
@@ -130,8 +118,9 @@
             ds.setSoTimeout(timeout);
         out.println("timeout: " + ds.getSoTimeout());
 
-        for (int i = 0; i < 5; i++)
+        for (int i = 0; i < 5; i++) {
             test(ds, dst, shouldTimeout);
+        }
 
         // Leave the socket open so that we don't reuse the old src address
         //ds.close();
@@ -139,10 +128,23 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test(echoAddress, 0, false, false);
-        test(echoAddress, 0, false, true);
-        test(echoAddress, 5000, false, false);
-        test(discardAddress, 10, true, false);
+        // need an UDP echo server
+        try (TestServers.UdpEchoServer echoServer
+                = TestServers.UdpEchoServer.startNewServer(100)) {
+            final InetSocketAddress address
+                = new InetSocketAddress(echoServer.getAddress(),
+                                        echoServer.getPort());
+            test(address, 0, false, false);
+            test(address, 0, false, true);
+            test(address, 5000, false, false);
+        }
+        try (TestServers.UdpDiscardServer discardServer
+                = TestServers.UdpDiscardServer.startNewServer()) {
+            final InetSocketAddress address
+                = new InetSocketAddress(discardServer.getAddress(),
+                                        discardServer.getPort());
+            test(address, 10, true, false);
+        }
     }
 
 }
--- a/jdk/test/java/nio/channels/DatagramChannel/IsBound.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/DatagramChannel/IsBound.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,21 +34,25 @@
 
 public class IsBound {
     public static void main(String argv[]) throws Exception {
-        InetSocketAddress isa = new InetSocketAddress(
-            InetAddress.getByName(TestUtil.HOST), 13);
-        ByteBuffer bb = ByteBuffer.allocateDirect(256);
-        bb.put("hello".getBytes());
-        bb.flip();
+        try (TestServers.UdpDayTimeServer daytimeServer
+                = TestServers.UdpDayTimeServer.startNewServer(100)) {
+            InetSocketAddress isa = new InetSocketAddress(
+                daytimeServer.getAddress(),
+                daytimeServer.getPort());
+            ByteBuffer bb = ByteBuffer.allocateDirect(256);
+            bb.put("hello".getBytes());
+            bb.flip();
 
-        DatagramChannel dc = DatagramChannel.open();
-        dc.send(bb, isa);
-        if(!dc.socket().isBound())
-            throw new Exception("Test failed");
-        dc.close();
+            DatagramChannel dc = DatagramChannel.open();
+            dc.send(bb, isa);
+            if(!dc.socket().isBound())
+                throw new Exception("Test failed");
+            dc.close();
 
-        dc = DatagramChannel.open();
-        if(dc.socket().isBound())
-            throw new Exception("Test failed");
-        dc.close();
+            dc = DatagramChannel.open();
+            if(dc.socket().isBound())
+                throw new Exception("Test failed");
+            dc.close();
+        }
     }
 }
--- a/jdk/test/java/nio/channels/DatagramChannel/IsConnected.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/DatagramChannel/IsConnected.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,23 @@
  */
 
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
 
 
 public class IsConnected {
     public static void main(String argv[]) throws Exception {
-        InetSocketAddress isa = new InetSocketAddress(
-            InetAddress.getByName(TestUtil.HOST), 13);
-        DatagramChannel dc = DatagramChannel.open();
-        dc.configureBlocking(true);
-        dc.connect(isa);
-        if  (!dc.isConnected())
-            throw new RuntimeException("channel.isConnected inconsistent");
-        if (!dc.socket().isConnected())
-            throw new RuntimeException("socket.isConnected inconsistent");
-        dc.close();
+        try (TestServers.UdpDayTimeServer daytimeServer
+                = TestServers.UdpDayTimeServer.startNewServer(100)) {
+            InetSocketAddress isa = new InetSocketAddress(
+                daytimeServer.getAddress(), daytimeServer.getPort());
+            DatagramChannel dc = DatagramChannel.open();
+            dc.configureBlocking(true);
+            dc.connect(isa);
+            if  (!dc.isConnected())
+                throw new RuntimeException("channel.isConnected inconsistent");
+            if (!dc.socket().isConnected())
+                throw new RuntimeException("socket.isConnected inconsistent");
+            dc.close();
+        }
     }
 }
--- a/jdk/test/java/nio/channels/FileChannel/MapTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/FileChannel/MapTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
  */
 
 /* @test
+ * @bug 4429043 8002180
  * @summary Test file mapping with FileChannel
  * @run main/othervm MapTest
  */
@@ -29,7 +30,10 @@
 import java.io.*;
 import java.nio.MappedByteBuffer;
 import java.nio.channels.*;
-import java.nio.channels.FileChannel;
+import java.nio.channels.FileChannel.MapMode;
+import java.nio.file.Files;
+import static java.nio.file.StandardOpenOption.*;
+import static java.nio.charset.StandardCharsets.*;
 import java.util.Random;
 
 
@@ -39,6 +43,7 @@
 
 public class MapTest {
 
+    private static PrintStream out = System.out;
     private static PrintStream err = System.err;
 
     private static Random generator = new Random();
@@ -51,15 +56,21 @@
         blah = File.createTempFile("blah", null);
         blah.deleteOnExit();
         initTestFile(blah);
-        err.println("Test file " + blah + " initialized");
-        testZero();
-        err.println("Zero size: OK");
-        testRead();
-        err.println("Read: OK");
-        testWrite();
-        err.println("Write: OK");
-        testHighOffset();
-        err.println("High offset: OK");
+        try {
+            out.println("Test file " + blah + " initialized");
+            testZero();
+            out.println("Zero size: OK");
+            testRead();
+            out.println("Read: OK");
+            testWrite();
+            out.println("Write: OK");
+            testHighOffset();
+            out.println("High offset: OK");
+            testExceptions();
+            out.println("Exceptions: OK");
+        } finally {
+            blah.delete();
+        }
     }
 
     /**
@@ -77,30 +88,25 @@
      * ability to index into a file of multiple pages is tested.
      */
     private static void initTestFile(File blah) throws Exception {
-        FileOutputStream fos = new FileOutputStream(blah);
-        BufferedWriter awriter
-            = new BufferedWriter(new OutputStreamWriter(fos, "8859_1"));
-
-        for(int i=0; i<4000; i++) {
-            String number = new Integer(i).toString();
-            for (int h=0; h<4-number.length(); h++)
-                awriter.write("0");
-            awriter.write(""+i);
-            awriter.newLine();
+        try (BufferedWriter writer = Files.newBufferedWriter(blah.toPath(), ISO_8859_1)) {
+            for (int i=0; i<4000; i++) {
+                String number = new Integer(i).toString();
+                for (int h=0; h<4-number.length(); h++)
+                    writer.write("0");
+                writer.write(""+i);
+                writer.newLine();
+            }
         }
-       awriter.flush();
-       awriter.close();
     }
 
     /**
      * Tests zero size file mapping
      */
     private static void testZero() throws Exception {
-        FileInputStream fis = new FileInputStream(blah);
-        FileChannel c = fis.getChannel();
-        MappedByteBuffer b = c.map(FileChannel.MapMode.READ_ONLY, 0, 0);
-        c.close();
-        fis.close();
+        try (FileInputStream fis = new FileInputStream(blah)) {
+            FileChannel fc = fis.getChannel();
+            MappedByteBuffer b = fc.map(MapMode.READ_ONLY, 0, 0);
+        }
     }
 
     /**
@@ -108,33 +114,32 @@
      * from the ByteBuffer gets the right line number
      */
     private static void testRead() throws Exception {
-        StringBuffer sb = new StringBuffer();
+        StringBuilder sb = new StringBuilder();
         sb.setLength(4);
 
         for (int x=0; x<1000; x++) {
-            FileInputStream fis = new FileInputStream(blah);
-            FileChannel c = fis.getChannel();
+            try (FileInputStream fis = new FileInputStream(blah)) {
+                FileChannel fc = fis.getChannel();
 
-            long offset = generator.nextInt(10000);
-            long expectedResult = offset / CHARS_PER_LINE;
-            offset = expectedResult * CHARS_PER_LINE;
+                long offset = generator.nextInt(10000);
+                long expectedResult = offset / CHARS_PER_LINE;
+                offset = expectedResult * CHARS_PER_LINE;
 
-            MappedByteBuffer b = c.map(FileChannel.MapMode.READ_ONLY,
-                                       offset, 100);
+                MappedByteBuffer b = fc.map(MapMode.READ_ONLY,
+                                            offset, 100);
 
-            for (int i=0; i<4; i++) {
-                byte aByte = b.get(i);
-                sb.setCharAt(i, (char)aByte);
-            }
+                for (int i=0; i<4; i++) {
+                    byte aByte = b.get(i);
+                    sb.setCharAt(i, (char)aByte);
+                }
 
-            int result = Integer.parseInt(sb.toString());
-            if (result != expectedResult) {
-                err.println("I expected "+expectedResult);
-                err.println("I got "+result);
-                throw new Exception("Read test failed");
+                int result = Integer.parseInt(sb.toString());
+                if (result != expectedResult) {
+                    err.println("I expected "+expectedResult);
+                    err.println("I got "+result);
+                    throw new Exception("Read test failed");
+                }
             }
-            c.close();
-            fis.close();
         }
     }
 
@@ -143,46 +148,159 @@
      * written out to the file can be read back in
      */
     private static void testWrite() throws Exception {
-        StringBuffer sb = new StringBuffer();
+        StringBuilder sb = new StringBuilder();
         sb.setLength(4);
 
         for (int x=0; x<1000; x++) {
-            RandomAccessFile raf = new RandomAccessFile(blah, "rw");
-            FileChannel c = raf.getChannel();
+            try (RandomAccessFile raf = new RandomAccessFile(blah, "rw")) {
+                FileChannel fc = raf.getChannel();
+
+                long offset = generator.nextInt(1000);
+                MappedByteBuffer b = fc.map(MapMode.READ_WRITE,
+                                            offset, 100);
 
-            long offset = generator.nextInt(1000);
-            MappedByteBuffer b = c.map(FileChannel.MapMode.READ_WRITE,
-                                       offset, 100);
+                for (int i=0; i<4; i++) {
+                    b.put(i, (byte)('0' + i));
+                }
 
-            for (int i=0; i<4; i++) {
-                b.put(i, (byte)('0' + i));
+                for (int i=0; i<4; i++) {
+                    byte aByte = b.get(i);
+                    sb.setCharAt(i, (char)aByte);
+                }
+                if (!sb.toString().equals("0123"))
+                    throw new Exception("Write test failed");
             }
-
-            for (int i=0; i<4; i++) {
-                byte aByte = b.get(i);
-                sb.setCharAt(i, (char)aByte);
-            }
-            if (!sb.toString().equals("0123"))
-                throw new Exception("Write test failed");
-            c.close();
-            raf.close();
         }
     }
 
     private static void testHighOffset() throws Exception {
-        StringBuffer sb = new StringBuffer();
+        StringBuilder sb = new StringBuilder();
         sb.setLength(4);
 
         for (int x=0; x<1000; x++) {
-            RandomAccessFile raf = new RandomAccessFile(blah, "rw");
-            FileChannel fc = raf.getChannel();
-            long offset = 66000;
-            MappedByteBuffer b = fc.map(FileChannel.MapMode.READ_WRITE,
-                                        offset, 100);
+            try (RandomAccessFile raf = new RandomAccessFile(blah, "rw")) {
+                FileChannel fc = raf.getChannel();
+                long offset = 66000;
+                MappedByteBuffer b = fc.map(MapMode.READ_WRITE,
+                                            offset, 100);
+            }
+        }
+    }
+
+    /**
+     * Test exceptions specified by map method
+     */
+    private static void testExceptions() throws Exception {
+        // check exceptions when channel opened for read access
+        try (FileChannel fc = FileChannel.open(blah.toPath(), READ)) {
+            testExceptions(fc);
+
+            checkException(fc, MapMode.READ_WRITE, 0L, fc.size(),
+                           NonWritableChannelException.class);
+
+            checkException(fc, MapMode.READ_WRITE, -1L, fc.size(),
+                           NonWritableChannelException.class, IllegalArgumentException.class);
+
+            checkException(fc, MapMode.READ_WRITE, 0L, -1L,
+                           NonWritableChannelException.class, IllegalArgumentException.class);
+
+            checkException(fc, MapMode.PRIVATE, 0L, fc.size(),
+                           NonWritableChannelException.class);
 
-            fc.close();
-            raf.close();
+            checkException(fc, MapMode.PRIVATE, -1L, fc.size(),
+                           NonWritableChannelException.class, IllegalArgumentException.class);
+
+            checkException(fc, MapMode.PRIVATE, 0L, -1L,
+                           NonWritableChannelException.class, IllegalArgumentException.class);
+        }
+
+        // check exceptions when channel opened for write access
+        try (FileChannel fc = FileChannel.open(blah.toPath(), WRITE)) {
+            testExceptions(fc);
+
+            checkException(fc, MapMode.READ_ONLY, 0L, fc.size(),
+                           NonReadableChannelException.class);
+
+            checkException(fc, MapMode.READ_ONLY, -1L, fc.size(),
+                           NonReadableChannelException.class, IllegalArgumentException.class);
+
+            /*
+             * implementation/spec mismatch, these tests disabled for now
+             */
+            //checkException(fc, MapMode.READ_WRITE, 0L, fc.size(),
+            //               NonWritableChannelException.class);
+            //checkException(fc, MapMode.PRIVATE, 0L, fc.size(),
+            //               NonWritableChannelException.class);
+        }
+
+        // check exceptions when channel opened for read and write access
+        try (FileChannel fc = FileChannel.open(blah.toPath(), READ, WRITE)) {
+            testExceptions(fc);
         }
     }
 
+    private static void testExceptions(FileChannel fc) throws IOException {
+        checkException(fc, null, 0L, fc.size(),
+                       NullPointerException.class);
+
+        checkException(fc, MapMode.READ_ONLY, -1L, fc.size(),
+                       IllegalArgumentException.class);
+
+        checkException(fc, null, -1L, fc.size(),
+                       IllegalArgumentException.class, NullPointerException.class);
+
+        checkException(fc, MapMode.READ_ONLY, 0L, -1L,
+                       IllegalArgumentException.class);
+
+        checkException(fc, null, 0L, -1L,
+                       IllegalArgumentException.class, NullPointerException.class);
+
+        checkException(fc, MapMode.READ_ONLY, 0L, Integer.MAX_VALUE + 1L,
+                       IllegalArgumentException.class);
+
+        checkException(fc, null, 0L, Integer.MAX_VALUE + 1L,
+                       IllegalArgumentException.class, NullPointerException.class);
+
+        checkException(fc, MapMode.READ_ONLY, Long.MAX_VALUE, 1L,
+                       IllegalArgumentException.class);
+
+        checkException(fc, null, Long.MAX_VALUE, 1L,
+                       IllegalArgumentException.class, NullPointerException.class);
+
+    }
+
+    /**
+     * Checks that FileChannel map throws one of the expected exceptions
+     * when invoked with the given inputs.
+     */
+    private static void checkException(FileChannel fc,
+                                       MapMode mode,
+                                       long position,
+                                       long size,
+                                       Class<?>... expected)
+        throws IOException
+    {
+        Exception exc = null;
+        try {
+            fc.map(mode, position, size);
+        } catch (Exception actual) {
+            exc = actual;
+        }
+        if (exc != null) {
+            for (Class<?> clazz: expected) {
+                if (clazz.isInstance(exc)) {
+                    return;
+                }
+            }
+        }
+        System.err.println("Expected one of");
+        for (Class<?> clazz: expected) {
+            System.out.println(clazz);
+        }
+        if (exc == null) {
+            throw new RuntimeException("No expection thrown");
+        } else {
+            throw new RuntimeException("Unexpected exception thrown", exc);
+        }
+    }
 }
--- a/jdk/test/java/nio/channels/FileChannel/Truncate.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/FileChannel/Truncate.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,14 +22,16 @@
  */
 
 /* @test
- * @bug 6191269 6709457
+ * @bug 6191269 6709457 8000330
  * @summary Test truncate method of FileChannel
  */
 
 import java.io.*;
 import java.nio.ByteBuffer;
-import java.nio.channels.FileChannel;
+import java.nio.channels.*;
+import java.nio.file.Files;
 import static java.nio.file.StandardOpenOption.*;
+import static java.nio.charset.StandardCharsets.*;
 import java.util.Random;
 
 
@@ -46,6 +48,7 @@
         try {
             basicTest(blah);
             appendTest(blah);
+            exceptionTests(blah);
         } finally {
             blah.delete();
         }
@@ -66,15 +69,22 @@
                     if (fc.size() != testSize)
                         throw new RuntimeException("Size failed");
 
-                    long position = generator.nextInt((int)testSize);
+                    long position = generator.nextInt((int)testSize*2);
                     fc.position(position);
 
-                    long newSize = generator.nextInt((int)testSize);
+                    long newSize = generator.nextInt((int)testSize*2);
                     fc.truncate(newSize);
 
-                    if (fc.size() != newSize)
-                        throw new RuntimeException("Truncate failed");
+                    // check new size
+                    if (newSize > testSize) {
+                        if (fc.size() != testSize)
+                            throw new RuntimeException("Attempt to expand file changed size");
+                    } else {
+                        if (fc.size() != newSize)
+                            throw new RuntimeException("Unexpected size after truncate");
+                    }
 
+                    // check new position
                     if (position > newSize) {
                         if (fc.position() != newSize)
                             throw new RuntimeException("Position greater than size");
@@ -115,20 +125,90 @@
     }
 
     /**
+     * Test exceptions specified by truncate method
+     */
+    static void exceptionTests(File blah) throws Exception {
+        // check exceptions when channel opened for read access
+        try (FileChannel fc = FileChannel.open(blah.toPath(), READ)) {
+            long size = fc.size();
+
+            // open channel
+            checkException(fc, 0L, NonWritableChannelException.class);
+
+            checkException(fc, -1L, NonWritableChannelException.class,
+                           IllegalArgumentException.class);
+
+            checkException(fc, size+1L, NonWritableChannelException.class);
+
+            // closed channel
+            fc.close();
+
+            checkException(fc, 0L, ClosedChannelException.class);
+
+            checkException(fc, -1L, ClosedChannelException.class,
+                           IllegalArgumentException.class);
+
+            checkException(fc, size+1L, ClosedChannelException.class);
+        }
+
+        // check exceptions when channel opened for write access
+        try (FileChannel fc = FileChannel.open(blah.toPath(), WRITE)) {
+            long size = fc.size();
+
+            // open channel
+            checkException(fc, -1L, IllegalArgumentException.class);
+
+            // closed channel
+            fc.close();
+
+            checkException(fc, 0L, ClosedChannelException.class);
+
+            checkException(fc, -1L, ClosedChannelException.class,
+                           IllegalArgumentException.class);
+
+            checkException(fc, size+1L, ClosedChannelException.class);
+        }
+    }
+
+    /**
+     * Checks that FileChannel truncate throws one of the expected exceptions
+     * when invoked with the given size.
+     */
+    private static void checkException(FileChannel fc, long size, Class<?>... expected)
+        throws IOException
+    {
+        Exception exc = null;
+        try {
+            fc.truncate(size);
+        } catch (Exception actual) {
+            exc = actual;
+        }
+        if (exc != null) {
+            for (Class<?> clazz: expected) {
+                if (clazz.isInstance(exc)) {
+                    return;
+                }
+            }
+        }
+        System.err.println("Expected one of");
+        for (Class<?> clazz: expected) {
+            System.err.println(clazz);
+        }
+        if (exc == null) {
+            throw new RuntimeException("No expection thrown");
+        } else {
+            throw new RuntimeException("Unexpected exception thrown", exc);
+        }
+    }
+
+    /**
      * Creates file blah of specified size in bytes.
-     *
      */
     private static void initTestFile(File blah, long size) throws Exception {
-        if (blah.exists())
-            blah.delete();
-        FileOutputStream fos = new FileOutputStream(blah);
-        BufferedWriter awriter
-            = new BufferedWriter(new OutputStreamWriter(fos, "8859_1"));
-
-        for(int i=0; i<size; i++) {
-            awriter.write("e");
+        try (BufferedWriter writer = Files.newBufferedWriter(blah.toPath(), ISO_8859_1)) {
+            for(int i=0; i<size; i++) {
+                writer.write("e");
+            }
         }
-        awriter.flush();
-        awriter.close();
     }
 }
--- a/jdk/test/java/nio/channels/Selector/Alias.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/Selector/Alias.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,11 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
 import java.nio.*;
 import java.nio.channels.*;
+import java.nio.channels.spi.SelectorProvider;
 import java.util.*;
-import java.nio.channels.spi.SelectorProvider;
 
 public class Alias {
 
@@ -40,18 +39,26 @@
     static int LIMIT = 20; // Hangs after just 1 if problem is present
 
     public static void main(String[] args) throws Exception {
-        test1();
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            test1(daytimeServer);
+        }
     }
 
-    public static void test1() throws Exception {
+    static void test1(TestServers.DayTimeServer daytimeServer) throws Exception {
         Selector selector = SelectorProvider.provider().openSelector();
-        InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
-        InetSocketAddress isa = new InetSocketAddress(myAddress,13);
+        InetAddress myAddress = daytimeServer.getAddress();
+        InetSocketAddress isa
+            = new InetSocketAddress(myAddress,
+                                    daytimeServer.getPort());
 
         for (int j=0; j<LIMIT; j++) {
             SocketChannel sc = SocketChannel.open();
             sc.configureBlocking(false);
             boolean result = sc.connect(isa);
+
+            // On some platforms - given that we're using a local server,
+            // we may not enter into the if () { } statement below...
             if (!result) {
                 SelectionKey key = sc.register(selector,
                                                SelectionKey.OP_CONNECT);
--- a/jdk/test/java/nio/channels/Selector/BasicConnect.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/Selector/BasicConnect.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,10 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
 import java.nio.*;
 import java.nio.channels.*;
 import java.nio.channels.spi.SelectorProvider;
-import java.nio.charset.*;
 import java.util.*;
 
 
@@ -44,52 +42,57 @@
 
 public class BasicConnect {
 
-    static final int PORT = 7;          // echo
-    static final String HOST = TestUtil.HOST;
-
     public static void main(String[] args) throws Exception {
         Selector connectSelector =
             SelectorProvider.provider().openSelector();
-        InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(HOST), PORT);
-        SocketChannel sc = SocketChannel.open();
-        sc.configureBlocking(false);
-        boolean result = sc.connect(isa);
-        while (!result) {
-            SelectionKey connectKey = sc.register(connectSelector,
-                                                  SelectionKey.OP_CONNECT);
-            int keysAdded = connectSelector.select();
-            if (keysAdded > 0) {
-                Set readyKeys = connectSelector.selectedKeys();
-                Iterator i = readyKeys.iterator();
-                while (i.hasNext()) {
-                    SelectionKey sk = (SelectionKey)i.next();
-                    i.remove();
-                    SocketChannel nextReady = (SocketChannel)sk.channel();
-                    result = nextReady.finishConnect();
-                    if (result)
-                        sk.cancel();
+        try (TestServers.EchoServer echoServer
+                = TestServers.EchoServer.startNewServer(100)) {
+            InetSocketAddress isa
+                = new InetSocketAddress(echoServer.getAddress(),
+                                        echoServer.getPort());
+            SocketChannel sc = SocketChannel.open();
+            sc.configureBlocking(false);
+            boolean result = sc.connect(isa);
+            if (result) {
+                System.out.println("Socket immediately connected on "
+                        + System.getProperty("os.name")
+                        + ": " + sc);
+            }
+            while (!result) {
+                SelectionKey connectKey = sc.register(connectSelector,
+                                                      SelectionKey.OP_CONNECT);
+                int keysAdded = connectSelector.select();
+                if (keysAdded > 0) {
+                    Set readyKeys = connectSelector.selectedKeys();
+                    Iterator i = readyKeys.iterator();
+                    while (i.hasNext()) {
+                        SelectionKey sk = (SelectionKey)i.next();
+                        i.remove();
+                        SocketChannel nextReady = (SocketChannel)sk.channel();
+                        result = nextReady.finishConnect();
+                        if (result)
+                            sk.cancel();
+                    }
                 }
             }
-        }
 
-        byte[] bs = new byte[] { (byte)0xca, (byte)0xfe,
-                                 (byte)0xba, (byte)0xbe };
-        ByteBuffer bb = ByteBuffer.wrap(bs);
-        sc.configureBlocking(true);
-        sc.write(bb);
-        bb.rewind();
+            byte[] bs = new byte[] { (byte)0xca, (byte)0xfe,
+                                     (byte)0xba, (byte)0xbe };
+            ByteBuffer bb = ByteBuffer.wrap(bs);
+            sc.configureBlocking(true);
+            sc.write(bb);
+            bb.rewind();
 
-        ByteBuffer bb2 = ByteBuffer.allocateDirect(100);
-        int n = sc.read(bb2);
-        bb2.flip();
+            ByteBuffer bb2 = ByteBuffer.allocateDirect(100);
+            int n = sc.read(bb2);
+            bb2.flip();
 
-        sc.close();
-        connectSelector.close();
+            sc.close();
+            connectSelector.close();
 
-        if (!bb.equals(bb2))
-            throw new Exception("Echoed bytes incorrect: Sent "
-                                + bb + ", got " + bb2);
+            if (!bb.equals(bb2))
+                throw new Exception("Echoed bytes incorrect: Sent "
+                                    + bb + ", got " + bb2);
+        }
     }
-
 }
--- a/jdk/test/java/nio/channels/Selector/Connect.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/Selector/Connect.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,11 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
 import java.nio.*;
 import java.nio.channels.*;
+import java.nio.channels.spi.SelectorProvider;
 import java.util.*;
-import java.nio.channels.spi.SelectorProvider;
 
 public class Connect {
 
@@ -40,12 +39,18 @@
     static int LIMIT = 100;
 
     public static void main(String[] args) throws Exception {
-        scaleTest();
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(50)) {
+            scaleTest(daytimeServer);
+        }
     }
 
-    public static void scaleTest() throws Exception {
-        InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
-        InetSocketAddress isa = new InetSocketAddress(myAddress,13);
+    static void scaleTest(TestServers.DayTimeServer daytimeServer)
+        throws Exception
+    {
+        InetAddress myAddress = daytimeServer.getAddress();
+        InetSocketAddress isa
+            = new InetSocketAddress(myAddress, daytimeServer.getPort());
 
         for (int j=0; j<LIMIT; j++) {
             SocketChannel sc = SocketChannel.open();
--- a/jdk/test/java/nio/channels/Selector/ConnectWrite.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/Selector/ConnectWrite.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,23 +27,25 @@
  * @library ..
  */
 
-import java.io.*;
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
+import java.nio.channels.spi.SelectorProvider;
 import java.util.*;
-import java.nio.channels.spi.SelectorProvider;
 
 public class ConnectWrite {
 
     public static void main(String[] args) throws Exception {
-        test1(13);
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(25)) {
+            test1(daytimeServer);
+        }
     }
 
-    public static void test1(int port) throws Exception {
+    static void test1(TestServers.DayTimeServer daytimeServer) throws Exception {
         Selector selector = SelectorProvider.provider().openSelector();
-        InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
-        InetSocketAddress isa = new InetSocketAddress(myAddress, port);
+        InetAddress myAddress = daytimeServer.getAddress();
+        InetSocketAddress isa
+            = new InetSocketAddress(myAddress, daytimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         try {
             sc.configureBlocking(false);
--- a/jdk/test/java/nio/channels/Selector/KeysReady.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/Selector/KeysReady.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,15 @@
  */
 
 import java.net.*;
-import java.io.*;
-import java.nio.*;
 import java.nio.channels.*;
-import java.nio.charset.*;
 import java.nio.channels.spi.SelectorProvider;
 
 public class KeysReady {
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
-    static void test() throws Exception {
+    static void test(TestServers.DayTimeServer dayTimeServer) throws Exception {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(dayTimeServer.getAddress(),
+                                    dayTimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         sc.configureBlocking(false);
         sc.connect(isa);
@@ -64,7 +58,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test();
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(50)) {
+            test(daytimeServer);
+        }
     }
 
 }
--- a/jdk/test/java/nio/channels/SocketChannel/AdaptSocket.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/AdaptSocket.java	Fri Nov 09 14:46:34 2012 -0800
@@ -35,19 +35,16 @@
 
     static java.io.PrintStream out = System.out;
 
-    static final int ECHO_PORT = 7;
-    static final int DAYTIME_PORT = 13;
-    static final String REMOTE_HOST = TestUtil.HOST;
-    static final String VERY_REMOTE_HOST = TestUtil.FAR_HOST;
-
-    static void test(String hn, int timeout, boolean shouldTimeout)
+    static void test(TestServers.DayTimeServer dayTimeServer,
+                     int timeout,
+                     boolean shouldTimeout)
         throws Exception
     {
         out.println();
 
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(hn),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(dayTimeServer.getAddress(),
+                                    dayTimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         Socket so = sc.socket();
         out.println("opened: " + so);
@@ -116,13 +113,16 @@
         }
     }
 
-    static void testRead(String hn, int timeout, boolean shouldTimeout)
+    static void testRead(TestServers.EchoServer echoServer,
+                         int timeout,
+                         boolean shouldTimeout)
         throws Exception
     {
         out.println();
 
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(hn), ECHO_PORT);
+            = new InetSocketAddress(echoServer.getAddress(),
+                                    echoServer.getPort());
         SocketChannel sc = SocketChannel.open();
         sc.connect(isa);
         Socket so = sc.socket();
@@ -134,22 +134,38 @@
         out.println("timeout: " + so.getSoTimeout());
 
         testRead(so, shouldTimeout);
-        for (int i = 0; i < 4; i++)
+        for (int i = 0; i < 4; i++) {
             testRead(so, shouldTimeout);
+        }
 
         sc.close();
     }
 
     public static void main(String[] args) throws Exception {
 
-        test(REMOTE_HOST, 0, false);
-        test(REMOTE_HOST, 1000, false);
-        test(VERY_REMOTE_HOST, 10, true);
+        try (TestServers.DayTimeServer dayTimeServer
+                = TestServers.DayTimeServer.startNewServer()) {
+            test(dayTimeServer, 0, false);
+            test(dayTimeServer, 1000, false);
+        }
 
-        testRead(REMOTE_HOST, 0, false);
-        testRead(REMOTE_HOST, 8000, false);
-        testRead(VERY_REMOTE_HOST, 10, true);
+        try (TestServers.DayTimeServer lingerDayTimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            // this test no longer really test the connection timeout
+            // since there is no way to prevent the server from eagerly
+            // accepting connection...
+            test(lingerDayTimeServer, 10, true);
+        }
 
-    }
+        try (TestServers.EchoServer echoServer
+                = TestServers.EchoServer.startNewServer()) {
+            testRead(echoServer, 0, false);
+            testRead(echoServer, 8000, false);
+        }
 
+        try (TestServers.EchoServer lingerEchoServer
+                = TestServers.EchoServer.startNewServer(100)) {
+            testRead(lingerEchoServer, 10, true);
+        }
+    }
 }
--- a/jdk/test/java/nio/channels/SocketChannel/Basic.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/Basic.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,13 +36,10 @@
 
     static java.io.PrintStream out = System.out;
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
-    static void test() throws Exception {
+    static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
         SocketChannel sc = SocketChannel.open(isa);
         out.println("opened: " + sc);
         /*
@@ -76,7 +73,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test();
+        try (TestServers.DayTimeServer dayTimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            test(dayTimeServer);
+        }
     }
 
 }
--- a/jdk/test/java/nio/channels/SocketChannel/BufferSize.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/BufferSize.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,10 @@
  */
 
 import java.nio.channels.*;
-import java.net.*;
 
 public class BufferSize {
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
     public static void main(String[] args) throws Exception {
-        InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
         ServerSocketChannel sc = ServerSocketChannel.open();
         try {
             sc.socket().setReceiveBufferSize(-1);
--- a/jdk/test/java/nio/channels/SocketChannel/Connect.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/Connect.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,9 +27,9 @@
  * @library ..
  */
 
+import java.net.*;
 import java.nio.*;
 import java.nio.channels.*;
-import java.net.*;
 import java.util.*;
 
 public class Connect {
@@ -37,21 +37,26 @@
     private static final long INCREMENTAL_DELAY = 30L * 1000L;
 
     public static void main(String args[]) throws Exception {
-        test1(TestUtil.HOST);
+        try (TestServers.EchoServer echoServer
+                = TestServers.EchoServer.startNewServer(1000)) {
+            test1(echoServer);
+        }
         try {
-            test1(TestUtil.REFUSING_HOST);
+            TestServers.RefusingServer refusingServer
+                = TestServers.RefusingServer.startNewServer();
+            test1(refusingServer);
             throw new Exception("Refused connection throws no exception");
         } catch (ConnectException ce) {
             // Correct result
         }
     }
 
-    static void test1(String hostname) throws Exception {
+    static void test1(TestServers.AbstractServer server) throws Exception {
         Selector selector;
         SocketChannel sc;
         SelectionKey sk;
         InetSocketAddress isa = new InetSocketAddress(
-            InetAddress.getByName (hostname), 80);
+            server.getAddress(), server.getPort());
         sc = SocketChannel.open();
         sc.configureBlocking(false);
 
--- a/jdk/test/java/nio/channels/SocketChannel/ConnectState.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/ConnectState.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,20 +30,39 @@
 import java.net.*;
 import java.nio.*;
 import java.nio.channels.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
 
 
 public class ConnectState {
 
     static PrintStream log = System.err;
 
-    static String REMOTE_HOST = TestUtil.HOST;
-    static int REMOTE_PORT = 7;                         // echo
     static InetSocketAddress remote;
 
     final static int ST_UNCONNECTED = 0;
     final static int ST_PENDING = 1;
     final static int ST_CONNECTED = 2;
     final static int ST_CLOSED = 3;
+    final static int ST_PENDING_OR_CONNECTED = 4;
+    // NO exceptions expected
+    final static Collection<Class<?>> NONE = Collections.emptySet();
+
+    // make a set of expected exception.
+    static Collection<Class<?>> expectedExceptions(Class<?>... expected) {
+        final Collection<Class<?>> exceptions;
+        if (expected.length == 0) {
+            exceptions = NONE;
+        } else if (expected.length == 1) {
+            assert expected[0] != null;
+            exceptions = Collections.<Class<?>>singleton(expected[0]);
+        } else {
+            exceptions = new HashSet<>(Arrays.asList(expected));
+        }
+        return exceptions;
+    }
 
     static abstract class Test {
 
@@ -76,37 +95,65 @@
                 check(!sc.isConnectionPending(), "!isConnectionPending");
                 check(sc.isOpen(), "isOpen");
                 break;
+            case ST_PENDING_OR_CONNECTED:
+                check(sc.isConnected() || sc.isConnectionPending(),
+                        "isConnected || isConnectionPending");
+                check(sc.isOpen(), "isOpen");
+                break;
             }
         }
 
-        Test(String name, Class exception, int state) throws Exception {
+        Test(String name, Class<?> exception, int state) throws Exception {
+            this(name, expectedExceptions(exception), state);
+        }
+
+        // On some architecture we may need to accept several exceptions.
+        // For instance on Solaris, when using a server colocated on the
+        // machine we cannot guarantee that we will get a
+        // ConnectionPendingException when connecting twice on the same
+        // non-blocking socket. We may instead get a an
+        // AlreadyConnectedException, which is also valid: it simply means
+        // that the first connection has been immediately accepted.
+        Test(String name, Collection<Class<?>> exceptions, int state)
+                throws Exception {
             SocketChannel sc = SocketChannel.open();
-            String note = null;
+            String note;
             try {
                 try {
                     note = go(sc);
                 } catch (Exception x) {
-                    if (exception != null) {
+                    Class<?> expectedExceptionClass = null;
+                    for (Class<?> exception : exceptions) {
                         if (exception.isInstance(x)) {
                             log.println(name + ": As expected: "
                                         + x);
+                            expectedExceptionClass = exception;
                             check(sc, state);
-                            return;
-                        } else {
-                            throw new Exception(name
+                            break;
+                        }
+                    }
+                    if (expectedExceptionClass == null
+                            && !exceptions.isEmpty()) {
+                        // we had an exception, but it's not of the set of
+                        // exceptions we expected.
+                        throw new Exception(name
                                                 + ": Incorrect exception",
                                                 x);
-                        }
-                    } else {
+                    } else if (exceptions.isEmpty()) {
+                        // we didn't expect any exception
                         throw new Exception(name
                                             + ": Unexpected exception",
                                             x);
                     }
+                    // if we reach here, we have our expected exception
+                    assert expectedExceptionClass != null;
+                    return;
                 }
-                if (exception != null)
+                if (!exceptions.isEmpty()) {
                     throw new Exception(name
                                         + ": Expected exception not thrown: "
-                                        + exception);
+                                        + exceptions.iterator().next());
+                }
                 check(sc, state);
                 log.println(name + ": Returned normally"
                             + ((note != null) ? ": " + note : ""));
@@ -123,6 +170,7 @@
 
         new Test("Read unconnected", NotYetConnectedException.class,
                  ST_UNCONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     ByteBuffer b = ByteBuffer.allocateDirect(1024);
                     sc.read(b);
@@ -131,19 +179,22 @@
 
         new Test("Write unconnected", NotYetConnectedException.class,
                  ST_UNCONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     ByteBuffer b = ByteBuffer.allocateDirect(1024);
                     sc.write(b);
                     return null;
                 }};
 
-        new Test("Simple connect", null, ST_CONNECTED) {
+        new Test("Simple connect", NONE, ST_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.connect(remote);
                     return null;
                 }};
 
-        new Test("Simple connect & finish", null, ST_CONNECTED) {
+        new Test("Simple connect & finish", NONE, ST_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.connect(remote);
                     if (!sc.finishConnect())
@@ -153,6 +204,7 @@
 
         new Test("Double connect",
                  AlreadyConnectedException.class, ST_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.connect(remote);
                     sc.connect(remote);
@@ -161,12 +213,16 @@
 
         new Test("Finish w/o start",
                  NoConnectionPendingException.class, ST_UNCONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.finishConnect();
                     return null;
                 }};
 
-        new Test("NB simple connect", null, ST_CONNECTED) {
+        // Note: using our local EchoServer rather than echo on a distant
+        //       host - we see that Tries to finish = 0 (instead of ~ 18).
+        new Test("NB simple connect", NONE, ST_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.configureBlocking(false);
                     sc.connect(remote);
@@ -179,8 +235,15 @@
                     return ("Tries to finish = " + n);
                 }};
 
+        // Note: using our local EchoServer rather than echo on a distant
+        //       host - we cannot guarantee that this test will get a
+        //       a ConnectionPendingException: it may get an
+        //       AlreadyConnectedException, so we should allow for both.
         new Test("NB double connect",
-                 ConnectionPendingException.class, ST_PENDING) {
+                 expectedExceptions(ConnectionPendingException.class,
+                                    AlreadyConnectedException.class),
+                 ST_PENDING_OR_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.configureBlocking(false);
                     sc.connect(remote);
@@ -190,13 +253,15 @@
 
         new Test("NB finish w/o start",
                  NoConnectionPendingException.class, ST_UNCONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.configureBlocking(false);
                     sc.finishConnect();
                     return null;
                 }};
 
-        new Test("NB connect, B finish", null, ST_CONNECTED) {
+        new Test("NB connect, B finish", NONE, ST_CONNECTED) {
+                @Override
                 String go(SocketChannel sc) throws Exception {
                     sc.configureBlocking(false);
                     sc.connect(remote);
@@ -208,9 +273,12 @@
     }
 
     public static void main(String[] args) throws Exception {
-        remote = new InetSocketAddress(InetAddress.getByName(REMOTE_HOST),
-                                       REMOTE_PORT);
-        tests();
+        try (TestServers.EchoServer echoServer
+                = TestServers.EchoServer.startNewServer(500)) {
+            remote = new InetSocketAddress(echoServer.getAddress(),
+                                           echoServer.getPort());
+            tests();
+        }
     }
 
 }
--- a/jdk/test/java/nio/channels/SocketChannel/FinishConnect.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/FinishConnect.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,21 +36,25 @@
 
 public class FinishConnect {
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
     public static void main(String[] args) throws Exception {
-        test1(true, true);
-        test1(true, false);
-        test1(false, true);
-        test1(false, false);
-        test2();
+        try (TestServers.DayTimeServer dayTimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            test1(dayTimeServer, true, true);
+            test1(dayTimeServer, true, false);
+            test1(dayTimeServer, false, true);
+            test1(dayTimeServer, false, false);
+            test2(dayTimeServer);
+        }
     }
 
-    static void test1(boolean select, boolean setBlocking) throws Exception {
+    static void test1(TestServers.DayTimeServer daytimeServer,
+                      boolean select,
+                      boolean setBlocking)
+        throws Exception
+    {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         sc.configureBlocking(false);
         boolean connected = sc.connect(isa);
@@ -109,15 +113,27 @@
         sc.close();
     }
 
-    static void test2() throws Exception {
+    static void test2(TestServers.DayTimeServer daytimeServer) throws Exception {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
         boolean done = false;
         int globalAttempts = 0;
+        int connectSuccess = 0;
         while (!done) {
-            if (globalAttempts++ > 50)
+            // When using a local daytime server it is not always possible
+            // to get a pending connection, as sc.connect(isa) may always
+            // return true.
+            // So we're going to throw the exception only if there was
+            // at least 1 case where we did not manage to connect.
+            if (globalAttempts++ > 50) {
+                if (globalAttempts == connectSuccess + 1) {
+                    System.out.println("Can't fully test on "
+                            + System.getProperty("os.name"));
+                    break;
+                }
                 throw new RuntimeException("Failed to connect");
+            }
             SocketChannel sc = SocketChannel.open();
             sc.configureBlocking(false);
             boolean connected = sc.connect(isa);
@@ -132,6 +148,9 @@
                 }
                 Thread.sleep(10);
             }
+            if (connected) {
+                connectSuccess++;
+            }
             sc.close();
         }
     }
--- a/jdk/test/java/nio/channels/SocketChannel/IsConnectable.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/IsConnectable.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,24 +28,19 @@
  */
 
 import java.net.*;
-import java.io.*;
-import java.nio.*;
 import java.nio.channels.*;
 import java.nio.channels.spi.SelectorProvider;
 import java.util.*;
 
 public class IsConnectable {
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
-    static void test() throws Exception {
+    static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         sc.configureBlocking(false);
-        sc.connect(isa);
+        final boolean immediatelyConnected = sc.connect(isa);
 
         Selector selector = SelectorProvider.provider().openSelector();
         try {
@@ -67,7 +62,12 @@
                         throw new Exception("Test failed: 4737146 detected");
                 }
             } else {
-                throw new Exception("Select failed");
+                if (!immediatelyConnected) {
+                    throw new Exception("Select failed");
+                } else {
+                    System.out.println("IsConnectable couldn't be fully tested for "
+                            + System.getProperty("os.name"));
+                }
             }
         } finally {
             sc.close();
@@ -76,7 +76,10 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test();
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            test(daytimeServer);
+        }
     }
 
 }
--- a/jdk/test/java/nio/channels/SocketChannel/LocalAddress.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/LocalAddress.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,20 @@
  */
 
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
 
 public class LocalAddress {
     public static void main(String[] args) throws Exception {
-        test1();
+        try (TestServers.EchoServer echoServer
+                = TestServers.EchoServer.startNewServer()) {
+            test1(echoServer);
+        }
     }
 
-    static void test1() throws Exception {
+    static void test1(TestServers.AbstractServer server) throws Exception {
         InetAddress bogus = InetAddress.getByName("0.0.0.0");
         InetSocketAddress saddr = new InetSocketAddress(
-            InetAddress.getByName(TestUtil.HOST), 23);
+            server.getAddress(), server.getPort());
 
         //Test1: connect only
         SocketChannel sc = SocketChannel.open();
--- a/jdk/test/java/nio/channels/SocketChannel/Stream.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/Stream.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,22 +27,17 @@
  * @library ..
  */
 
+import java.io.*;
 import java.net.*;
-import java.io.*;
-import java.nio.*;
 import java.nio.channels.*;
-import java.nio.charset.*;
 
 
 public class Stream {
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
-
-    static void test() throws Exception {
+    static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
         InetSocketAddress isa
-            = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+            = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
         SocketChannel sc = SocketChannel.open();
         sc.connect(isa);
         sc.configureBlocking(false);
@@ -58,7 +53,9 @@
     }
 
     public static void main(String[] args) throws Exception {
-        test();
+        try (TestServers.DayTimeServer dayTimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            test(dayTimeServer);
+        }
     }
-
 }
--- a/jdk/test/java/nio/channels/SocketChannel/VectorParams.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/SocketChannel/VectorParams.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,31 +27,31 @@
  * @library ..
  */
 
+import java.io.*;
 import java.net.*;
-import java.io.*;
 import java.nio.*;
 import java.nio.channels.*;
-import java.nio.charset.*;
 
 public class VectorParams {
 
     static java.io.PrintStream out = System.out;
 
-    static final int DAYTIME_PORT = 13;
-    static final String DAYTIME_HOST = TestUtil.HOST;
     static final int testSize = 10;
     static ByteBuffer[] bufs = null;
     static InetSocketAddress isa = null;
 
     public static void main(String[] args) throws Exception {
-        initBufs();
-        testSocketChannelVectorParams();
-        testDatagramChannelVectorParams();
-        testPipeVectorParams();
-        testFileVectorParams();
+        try (TestServers.DayTimeServer daytimeServer
+                = TestServers.DayTimeServer.startNewServer(100)) {
+            initBufs(daytimeServer);
+            testSocketChannelVectorParams();
+            testDatagramChannelVectorParams();
+            testPipeVectorParams();
+            testFileVectorParams();
+        }
     }
 
-    static void initBufs() throws Exception {
+    static void initBufs(TestServers.DayTimeServer daytimeServer) throws Exception {
         bufs = new ByteBuffer[testSize];
         for(int i=0; i<testSize; i++) {
             String source = "buffer" + i;
@@ -59,8 +59,8 @@
             bufs[i].put(source.getBytes("8859_1"));
             bufs[i].flip();
         }
-        isa =  new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
-                                    DAYTIME_PORT);
+        isa = new InetSocketAddress(daytimeServer.getAddress(),
+                                    daytimeServer.getPort());
     }
 
     static void testSocketChannelVectorParams() throws Exception {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/nio/channels/TestServers.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,849 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* Test utility classes
+ *
+ */
+
+import java.io.*;
+import java.net.*;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+
+public class TestServers {
+
+    private TestServers() { }
+
+    /**
+     * An abstract server identifies a server which listens on a port on on a
+     * given machine.
+     */
+    static abstract class AbstractServer {
+
+        private AbstractServer() {
+        }
+
+        public abstract int getPort();
+
+        public abstract InetAddress getAddress();
+    }
+
+    /**
+     * A downgraded type of AbstractServer which will refuse connections. Note:
+     * use it once and throw it away - this implementation opens an anonymous
+     * socket and closes it, returning the address of the closed socket. If
+     * other servers are started afterwards, the address/port might get reused
+     * and become connectable again - so it's not a good idea to assume that
+     * connections using this address/port will always be refused. Connections
+     * will be refused as long as the address/port of the refusing server has
+     * not been reused.
+     */
+    static class RefusingServer extends AbstractServer {
+
+        final InetAddress address;
+        final int port;
+
+        private RefusingServer(InetAddress address, int port) {
+            this.address = address;
+            this.port = port;
+        }
+
+        @Override
+        public int getPort() {
+            return port;
+        }
+
+        @Override
+        public InetAddress getAddress() {
+            return address;
+        }
+
+        public static RefusingServer startNewServer() throws IOException {
+            ServerSocket socket = new ServerSocket(0, 100,
+                    InetAddress.getLocalHost());
+            RefusingServer server = new RefusingServer(socket.getInetAddress(),
+                    socket.getLocalPort());
+            socket.close();
+            return server;
+        }
+    }
+
+    /**
+     * An abstract class for implementing small TCP servers for the nio tests
+     * purposes. Disclaimer: This is a naive implementation that uses the old
+     * networking APIs (not those from {@code java.nio.*}) and shamelessly
+     * extends/creates Threads instead of using an executor service.
+     */
+    static abstract class AbstractTcpServer extends AbstractServer
+            implements Runnable, Closeable {
+
+        protected final long linger; // #of ms to wait before responding
+        private Thread acceptThread; // thread waiting for accept
+        // list of opened connections that should be closed on close.
+        private List<TcpConnectionThread> connections = new ArrayList<>();
+        private ServerSocket serverSocket; // the server socket
+        private boolean started = false; // whether the server is started
+        Throwable error = null;
+
+        /**
+         * Creates a new abstract TCP server.
+         *
+         * @param linger the amount of time the server should wait before
+         * responding to requests.
+         */
+        protected AbstractTcpServer(long linger) {
+            this.linger = linger;
+        }
+
+        /**
+         * The local port to which the server is bound.
+         *
+         * @return The local port to which the server is bound.
+         * @exception IllegalStateException is thrown if the server is not
+         * started.
+         */
+        @Override
+        public final synchronized int getPort() {
+            if (!started) {
+                throw new IllegalStateException("Not started");
+            }
+            return serverSocket.getLocalPort();
+        }
+
+        /**
+         * The local address to which the server is bound.
+         *
+         * @return The local address to which the server is bound.
+         * @exception IllegalStateException is thrown if the server is not
+         * started.
+         */
+        @Override
+        public final synchronized InetAddress getAddress() {
+            if (!started) {
+                throw new IllegalStateException("Not started");
+            }
+            return serverSocket.getInetAddress();
+        }
+
+        /**
+         * Tells whether the server is started.
+         *
+         * @return true if the server is started.
+         */
+        public final synchronized boolean isStarted() {
+            return started;
+        }
+
+        /**
+         * Creates a new server socket.
+         *
+         * @param port local port to bind to.
+         * @param backlog requested maximum length of the queue of incoming
+         * connections.
+         * @param address local address to bind to.
+         * @return a new bound server socket ready to accept connections.
+         * @throws IOException if the socket cannot be created or bound.
+         */
+        protected ServerSocket newServerSocket(int port, int backlog,
+                InetAddress address)
+                throws IOException {
+            return new ServerSocket(port, backlog, address);
+        }
+
+        /**
+         * Starts listening for connections.
+         *
+         * @throws IOException if the server socket cannot be created or bound.
+         */
+        public final synchronized void start() throws IOException {
+            if (started) {
+                return;
+            }
+            final ServerSocket socket =
+                    newServerSocket(0, 100, InetAddress.getLocalHost());
+            serverSocket = socket;
+            acceptThread = new Thread(this);
+            acceptThread.setDaemon(true);
+            acceptThread.start();
+            started = true;
+        }
+
+        /**
+         * Calls {@code Thread.sleep(linger);}
+         */
+        protected final void lingerIfRequired() {
+            if (linger > 0) {
+                try {
+                    Thread.sleep(linger);
+                } catch (InterruptedException x) {
+                    Thread.interrupted();
+                    final ServerSocket socket = serverSocket();
+                    if (socket != null && !socket.isClosed()) {
+                        System.err.println("Thread interrupted...");
+                    }
+                }
+            }
+        }
+
+        final synchronized ServerSocket serverSocket() {
+            return this.serverSocket;
+        }
+
+        /**
+         * The main accept loop.
+         */
+        @Override
+        public final void run() {
+            final ServerSocket sSocket = serverSocket();
+            try {
+                Socket s;
+                while (isStarted() && !Thread.interrupted()
+                        && (s = sSocket.accept()) != null) {
+                    lingerIfRequired();
+                    listen(s);
+                }
+            } catch (Exception x) {
+                error = x;
+            } finally {
+                synchronized (this) {
+                    if (!sSocket.isClosed()) {
+                        try {
+                            sSocket.close();
+                        } catch (IOException x) {
+                            System.err.println("Failed to close server socket");
+                        }
+                    }
+                    if (started && this.serverSocket == sSocket) {
+                        started = false;
+                        this.serverSocket = null;
+                        this.acceptThread = null;
+                    }
+                }
+            }
+        }
+
+        /**
+         * Represents a connection accepted by the server.
+         */
+        protected abstract class TcpConnectionThread extends Thread {
+
+            protected final Socket socket;
+
+            protected TcpConnectionThread(Socket socket) {
+                this.socket = socket;
+                this.setDaemon(true);
+            }
+
+            public void close() throws IOException {
+                socket.close();
+                interrupt();
+            }
+        }
+
+        /**
+         * Creates a new TcpConnnectionThread to handle the connection through
+         * an accepted socket.
+         *
+         * @param s the socket returned by {@code serverSocket.accept()}.
+         * @return a new TcpConnnectionThread to handle the connection through
+         * an accepted socket.
+         */
+        protected abstract TcpConnectionThread createConnection(Socket s);
+
+        /**
+         * Creates and starts a new TcpConnectionThread to handle the accepted
+         * socket.
+         *
+         * @param s the socket returned by {@code serverSocket.accept()}.
+         */
+        private synchronized void listen(Socket s) {
+            TcpConnectionThread c = createConnection(s);
+            c.start();
+            addConnection(c);
+        }
+
+        /**
+         * Add the connection to the list of accepted connections.
+         *
+         * @param connection an accepted connection.
+         */
+        protected synchronized void addConnection(
+                TcpConnectionThread connection) {
+            connections.add(connection);
+        }
+
+        /**
+         * Remove the connection from the list of accepted connections.
+         *
+         * @param connection an accepted connection.
+         */
+        protected synchronized void removeConnection(
+                TcpConnectionThread connection) {
+            connections.remove(connection);
+        }
+
+        /**
+         * Close the server socket and all the connections present in the list
+         * of accepted connections.
+         *
+         * @throws IOException
+         */
+        @Override
+        public synchronized void close() throws IOException {
+            if (serverSocket != null && !serverSocket.isClosed()) {
+                serverSocket.close();
+            }
+            if (acceptThread != null) {
+                acceptThread.interrupt();
+            }
+            int failed = 0;
+            for (TcpConnectionThread c : connections) {
+                try {
+                    c.close();
+                } catch (IOException x) {
+                    // no matter - we're closing.
+                    failed++;
+                }
+            }
+            connections.clear();
+            if (failed > 0) {
+                throw new IOException("Failed to close some connections");
+            }
+        }
+    }
+
+    /**
+     * A small TCP Server that emulates the echo service for tests purposes. See
+     * http://en.wikipedia.org/wiki/Echo_Protocol This server uses an anonymous
+     * port - NOT the standard port 7. We don't guarantee that its behavior
+     * exactly matches the RFC - the only purpose of this server is to have
+     * something that responds to nio tests...
+     */
+    static final class EchoServer extends AbstractTcpServer {
+
+        public EchoServer() {
+            this(0L);
+        }
+
+        public EchoServer(long linger) {
+            super(linger);
+        }
+
+        @Override
+        protected TcpConnectionThread createConnection(Socket s) {
+            return new EchoConnection(s);
+        }
+
+        private final class EchoConnection extends TcpConnectionThread {
+
+            public EchoConnection(Socket socket) {
+                super(socket);
+            }
+
+            @Override
+            public void run() {
+                try {
+                    final InputStream is = socket.getInputStream();
+                    final OutputStream out = socket.getOutputStream();
+                    byte[] b = new byte[255];
+                    int n;
+                    while ((n = is.read(b)) > 0) {
+                        lingerIfRequired();
+                        out.write(b, 0, n);
+                    }
+                } catch (IOException io) {
+                    // fall through to finally
+                } finally {
+                    if (!socket.isClosed()) {
+                        try {
+                            socket.close();
+                        } catch (IOException x) {
+                            System.err.println(
+                                    "Failed to close echo connection socket");
+                        }
+                    }
+                    removeConnection(this);
+                }
+            }
+        }
+
+        public static EchoServer startNewServer() throws IOException {
+            return startNewServer(0);
+        }
+
+        public static EchoServer startNewServer(long linger) throws IOException {
+            final EchoServer echoServer = new EchoServer(linger);
+            echoServer.start();
+            return echoServer;
+        }
+    }
+
+    /**
+     * A small TCP server that emulates the Day & Time service for tests
+     * purposes. See http://en.wikipedia.org/wiki/Daytime_Protocol This server
+     * uses an anonymous port - NOT the standard port 13. We don't guarantee
+     * that its behavior exactly matches the RFC - the only purpose of this
+     * server is to have something that responds to nio tests...
+     */
+    static final class DayTimeServer extends AbstractTcpServer {
+
+        public DayTimeServer() {
+            this(0L);
+        }
+
+        public DayTimeServer(long linger) {
+            super(linger);
+        }
+
+        @Override
+        protected TcpConnectionThread createConnection(Socket s) {
+            return new DayTimeServerConnection(s);
+        }
+
+        @Override
+        protected void addConnection(TcpConnectionThread connection) {
+            // do nothing - the connection just write the date and terminates.
+        }
+
+        @Override
+        protected void removeConnection(TcpConnectionThread connection) {
+            // do nothing - we're not adding connections to the list...
+        }
+
+        private final class DayTimeServerConnection extends TcpConnectionThread {
+
+            public DayTimeServerConnection(Socket socket) {
+                super(socket);
+            }
+
+            @Override
+            public void run() {
+                try {
+                    final OutputStream out = socket.getOutputStream();
+                    lingerIfRequired();
+                    out.write(new Date(System.currentTimeMillis())
+                            .toString().getBytes("US-ASCII"));
+                    out.flush();
+                } catch (IOException io) {
+                    // fall through to finally
+                } finally {
+                    if (!socket.isClosed()) {
+                        try {
+                            socket.close();
+                        } catch (IOException x) {
+                            System.err.println(
+                                    "Failed to close echo connection socket");
+                        }
+                    }
+                }
+            }
+        }
+
+        public static DayTimeServer startNewServer()
+                throws IOException {
+            return startNewServer(0);
+        }
+
+        public static DayTimeServer startNewServer(long linger)
+                throws IOException {
+            final DayTimeServer daytimeServer = new DayTimeServer(linger);
+            daytimeServer.start();
+            return daytimeServer;
+        }
+    }
+
+    /**
+     * An abstract class for implementing small UDP Servers for the nio tests
+     * purposes. Disclaimer: This is a naive implementation that uses the old
+     * networking APIs (not those from {@code java.nio.*}) and shamelessly
+     * extends/creates Threads instead of using an executor service.
+     */
+    static abstract class AbstractUdpServer extends AbstractServer
+            implements Runnable, Closeable {
+
+        protected final long linger; // #of ms to wait before responding
+        private Thread acceptThread; // thread waiting for packets
+        private DatagramSocket serverSocket; // the server socket
+        private boolean started = false; // whether the server is started
+        Throwable error = null;
+
+        /**
+         * Creates a new abstract UDP server.
+         *
+         * @param linger the amount of time the server should wait before
+         * responding to requests.
+         */
+        protected AbstractUdpServer(long linger) {
+            this.linger = linger;
+        }
+
+        /**
+         * The local port to which the server is bound.
+         *
+         * @return The local port to which the server is bound.
+         * @exception IllegalStateException is thrown if the server is not
+         * started.
+         */
+        @Override
+        public final synchronized int getPort() {
+            if (!started) {
+                throw new IllegalStateException("Not started");
+            }
+            return serverSocket.getLocalPort();
+        }
+
+        /**
+         * The local address to which the server is bound.
+         *
+         * @return The local address to which the server is bound.
+         * @exception IllegalStateException is thrown if the server is not
+         * started.
+         */
+        @Override
+        public final synchronized InetAddress getAddress() {
+            if (!started) {
+                throw new IllegalStateException("Not started");
+            }
+            return serverSocket.getLocalAddress();
+        }
+
+        /**
+         * Tells whether the server is started.
+         *
+         * @return true if the server is started.
+         */
+        public final synchronized boolean isStarted() {
+            return started;
+        }
+
+        /**
+         * Creates a new datagram socket.
+         *
+         * @param port local port to bind to.
+         * @param address local address to bind to.
+         * @return a new bound server socket ready to listen for packets.
+         * @throws IOException if the socket cannot be created or bound.
+         */
+        protected DatagramSocket newDatagramSocket(int port,
+                InetAddress address)
+                throws IOException {
+            return new DatagramSocket(port, address);
+        }
+
+        /**
+         * Starts listening for connections.
+         *
+         * @throws IOException if the server socket cannot be created or bound.
+         */
+        public final synchronized void start() throws IOException {
+            if (started) {
+                return;
+            }
+            final DatagramSocket socket =
+                    newDatagramSocket(0, InetAddress.getLocalHost());
+            serverSocket = socket;
+            acceptThread = new Thread(this);
+            acceptThread.setDaemon(true);
+            acceptThread.start();
+            started = true;
+        }
+
+        /**
+         * Calls {@code Thread.sleep(linger);}
+         */
+        protected final void lingerIfRequired() {
+            if (linger > 0) {
+                try {
+                    Thread.sleep(linger);
+                } catch (InterruptedException x) {
+                    Thread.interrupted();
+                    final DatagramSocket socket = serverSocket();
+                    if (socket != null && !socket.isClosed()) {
+                        System.err.println("Thread interrupted...");
+                    }
+                }
+            }
+        }
+
+        final synchronized DatagramSocket serverSocket() {
+            return this.serverSocket;
+        }
+
+        final synchronized boolean send(DatagramSocket socket,
+                DatagramPacket response) throws IOException {
+            if (!socket.isClosed()) {
+                socket.send(response);
+                return true;
+            } else {
+                return false;
+            }
+        }
+
+        /**
+         * The main receive loop.
+         */
+        @Override
+        public final void run() {
+            final DatagramSocket sSocket = serverSocket();
+            try {
+                final int size = Math.max(1024, sSocket.getReceiveBufferSize());
+                if (size > sSocket.getReceiveBufferSize()) {
+                    sSocket.setReceiveBufferSize(size);
+                }
+                while (isStarted() && !Thread.interrupted() && !sSocket.isClosed()) {
+                    final byte[] buf = new byte[size];
+                    final DatagramPacket packet =
+                            new DatagramPacket(buf, buf.length);
+                    lingerIfRequired();
+                    sSocket.receive(packet);
+                    //System.out.println("Received packet from: "
+                    //        + packet.getAddress()+":"+packet.getPort());
+                    handle(sSocket, packet);
+                }
+            } catch (Exception x) {
+                error = x;
+            } finally {
+                synchronized (this) {
+                    if (!sSocket.isClosed()) {
+                        sSocket.close();
+                    }
+                    if (started && this.serverSocket == sSocket) {
+                        started = false;
+                        this.serverSocket = null;
+                        this.acceptThread = null;
+                    }
+                }
+            }
+        }
+
+        /**
+         * Represents an UDP request received by the server.
+         */
+        protected abstract class UdpRequestThread extends Thread {
+
+            protected final DatagramPacket request;
+            protected final DatagramSocket socket;
+
+            protected UdpRequestThread(DatagramSocket socket, DatagramPacket request) {
+                this.socket = socket;
+                this.request = request;
+                this.setDaemon(true);
+            }
+        }
+
+        /**
+         * Creates a new UdpRequestThread to handle a DatagramPacket received
+         * through a DatagramSocket.
+         *
+         * @param socket the socket through which the request was received.
+         * @param request the datagram packet received through the socket.
+         * @return a new UdpRequestThread to handle the request received through
+         * a DatagramSocket.
+         */
+        protected abstract UdpRequestThread createConnection(DatagramSocket socket,
+                DatagramPacket request);
+
+        /**
+         * Creates and starts a new UdpRequestThread to handle the received
+         * datagram packet.
+         *
+         * @param socket the socket through which the request was received.
+         * @param request the datagram packet received through the socket.
+         */
+        private synchronized void handle(DatagramSocket socket,
+                DatagramPacket request) {
+            UdpRequestThread c = createConnection(socket, request);
+            // c can be null if the request requires no response.
+            if (c != null) {
+                c.start();
+            }
+        }
+
+        /**
+         * Close the server socket.
+         *
+         * @throws IOException
+         */
+        @Override
+        public synchronized void close() throws IOException {
+            if (serverSocket != null && !serverSocket.isClosed()) {
+                serverSocket.close();
+            }
+            if (acceptThread != null) {
+                acceptThread.interrupt();
+            }
+        }
+    }
+
+    /**
+     * A small UDP Server that emulates the discard service for tests purposes.
+     * See http://en.wikipedia.org/wiki/Discard_Protocol This server uses an
+     * anonymous port - NOT the standard port 9. We don't guarantee that its
+     * behavior exactly matches the RFC - the only purpose of this server is to
+     * have something that responds to nio tests...
+     */
+    static final class UdpDiscardServer extends AbstractUdpServer {
+
+        public UdpDiscardServer() {
+            this(0L);
+        }
+
+        public UdpDiscardServer(long linger) {
+            super(linger);
+        }
+
+        @Override
+        protected UdpRequestThread createConnection(DatagramSocket socket,
+                DatagramPacket request) {
+            // no response required
+            return null;
+        }
+
+        public static UdpDiscardServer startNewServer() throws IOException {
+            return startNewServer(0);
+        }
+
+        public static UdpDiscardServer startNewServer(long linger) throws IOException {
+            final UdpDiscardServer discardServer = new UdpDiscardServer(linger);
+            discardServer.start();
+            return discardServer;
+        }
+    }
+
+    /**
+     * A small UDP Server that emulates the echo service for tests purposes. See
+     * http://en.wikipedia.org/wiki/Echo_Protocol This server uses an anonymous
+     * port - NOT the standard port 7. We don't guarantee that its behavior
+     * exactly matches the RFC - the only purpose of this server is to have
+     * something that responds to nio tests...
+     */
+    static final class UdpEchoServer extends AbstractUdpServer {
+
+        public UdpEchoServer() {
+            this(0L);
+        }
+
+        public UdpEchoServer(long linger) {
+            super(linger);
+        }
+
+        @Override
+        protected UdpEchoRequest createConnection(DatagramSocket socket,
+                DatagramPacket request) {
+            return new UdpEchoRequest(socket, request);
+        }
+
+        private final class UdpEchoRequest extends UdpRequestThread {
+
+            public UdpEchoRequest(DatagramSocket socket, DatagramPacket request) {
+                super(socket, request);
+            }
+
+            @Override
+            public void run() {
+                try {
+                    lingerIfRequired();
+                    final DatagramPacket response =
+                            new DatagramPacket(request.getData(),
+                                    request.getOffset(), request.getLength(),
+                                    request.getAddress(), request.getPort());
+                    send(socket, response);
+                } catch (IOException io) {
+                    System.err.println("Failed to send response: " + io);
+                    io.printStackTrace(System.err);
+                }
+            }
+        }
+
+        public static UdpEchoServer startNewServer() throws IOException {
+            return startNewServer(0);
+        }
+
+        public static UdpEchoServer startNewServer(long linger) throws IOException {
+            final UdpEchoServer echoServer = new UdpEchoServer(linger);
+            echoServer.start();
+            return echoServer;
+        }
+    }
+
+    /**
+     * A small UDP server that emulates the Day & Time service for tests
+     * purposes. See http://en.wikipedia.org/wiki/Daytime_Protocol This server
+     * uses an anonymous port - NOT the standard port 13. We don't guarantee
+     * that its behavior exactly matches the RFC - the only purpose of this
+     * server is to have something that responds to nio tests...
+     */
+    static final class UdpDayTimeServer extends AbstractUdpServer {
+
+        public UdpDayTimeServer() {
+            this(0L);
+        }
+
+        public UdpDayTimeServer(long linger) {
+            super(linger);
+        }
+
+        @Override
+        protected UdpDayTimeRequestThread createConnection(DatagramSocket socket,
+                DatagramPacket request) {
+            return new UdpDayTimeRequestThread(socket, request);
+        }
+
+        private final class UdpDayTimeRequestThread extends UdpRequestThread {
+
+            public UdpDayTimeRequestThread(DatagramSocket socket,
+                    DatagramPacket request) {
+                super(socket, request);
+            }
+
+            @Override
+            public void run() {
+                try {
+                    lingerIfRequired();
+                    final byte[] data = new Date(System.currentTimeMillis())
+                            .toString().getBytes("US-ASCII");
+                    final DatagramPacket response =
+                            new DatagramPacket(data, 0, data.length,
+                                    request.getAddress(), request.getPort());
+                    send(socket, response);
+                } catch (IOException io) {
+                    System.err.println("Failed to send response: " + io);
+                    io.printStackTrace(System.err);
+                }
+            }
+        }
+
+        public static UdpDayTimeServer startNewServer() throws IOException {
+            return startNewServer(0);
+        }
+
+        public static UdpDayTimeServer startNewServer(long linger)
+                throws IOException {
+            final UdpDayTimeServer echoServer = new UdpDayTimeServer(linger);
+            echoServer.start();
+            return echoServer;
+        }
+    }
+}
--- a/jdk/test/java/nio/channels/TestUtil.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/nio/channels/TestUtil.java	Fri Nov 09 14:46:34 2012 -0800
@@ -27,7 +27,6 @@
 
 import java.io.*;
 import java.net.*;
-import java.nio.*;
 import java.nio.channels.*;
 import java.util.Random;
 
@@ -36,9 +35,6 @@
 
     // Test hosts used by the channels tests - change these when
     // executing in a different network.
-    public static final String HOST = "javaweb.sfbay.sun.com";
-    public static final String REFUSING_HOST = "jano1.sfbay.sun.com";
-    public static final String FAR_HOST = "irejano.ireland.sun.com";
     public static final String UNRESOLVABLE_HOST = "blah-blah.blah-blah.blah";
 
     private TestUtil() { }
--- a/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/security/cert/PKIXRevocationChecker/UnitTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6854712
+ * @bug 6854712 7171570
  * @summary Basic unit test for PKIXRevocationChecker
  */
 
@@ -33,6 +33,7 @@
 import java.io.OutputStream;
 import java.net.URI;
 import java.security.cert.CertificateFactory;
+import java.security.cert.CertPathBuilder;
 import java.security.cert.CertPathChecker;
 import java.security.cert.CertPathValidator;
 import java.security.cert.Extension;
@@ -58,8 +59,7 @@
         requireNull(prc.getOCSPResponder(), "getOCSPResponder()");
         requireNull(prc.getOCSPResponderCert(), "getOCSPResponderCert()");
         requireEmpty(prc.getOCSPExtensions(), "getOCSPExtensions()");
-        requireEmpty(prc.getOCSPStapledResponses(),
-                     "getOCSPStapledResponses()");
+        requireEmpty(prc.getOCSPResponses(), "getOCSPResponses()");
         requireEmpty(prc.getOptions(), "getOptions()");
 
         System.out.println("Testing that get methods return same parameters " +
@@ -94,11 +94,24 @@
         requireNull(prc.getOCSPResponderCert(), "getOCSPResponderCert()");
         prc.setOCSPExtensions(null);
         requireEmpty(prc.getOCSPExtensions(), "getOCSPExtensions()");
-        prc.setOCSPStapledResponses(null);
-        requireEmpty(prc.getOCSPStapledResponses(),
-                     "getOCSPStapledResponses()");
+        prc.setOCSPResponses(null);
+        requireEmpty(prc.getOCSPResponses(), "getOCSPResponses()");
         prc.setOptions(null);
         requireEmpty(prc.getOptions(), "getOptions()");
+
+        System.out.println("Testing that getRevocationChecker returns new " +
+                           "instance each time");
+        CertPathChecker first = cpv.getRevocationChecker();
+        CertPathChecker second = cpv.getRevocationChecker();
+        if (first == second) {
+            throw new Exception("FAILED: CertPathCheckers not new instances");
+        }
+        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
+        first = cpb.getRevocationChecker();
+        second = cpb.getRevocationChecker();
+        if (first == second) {
+            throw new Exception("FAILED: CertPathCheckers not new instances");
+        }
     }
 
     static void requireNull(Object o, String msg) throws Exception {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/util/Locale/Bug8001562.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8001562
+ * @summary Verify that getAvailableLocales() in locale sensitive services
+ *     classes return compatible set of locales as in JDK7.
+ * @run main Bug8001562
+ */
+
+import java.text.*;
+import java.util.*;
+
+public class Bug8001562 {
+
+    static final String[] jdk7availTags = {
+        "ar", "ar-AE", "ar-BH", "ar-DZ", "ar-EG", "ar-IQ", "ar-JO", "ar-KW",
+        "ar-LB", "ar-LY", "ar-MA", "ar-OM", "ar-QA", "ar-SA", "ar-SD", "ar-SY",
+        "ar-TN", "ar-YE", "be", "be-BY", "bg", "bg-BG", "ca", "ca-ES", "cs",
+        "cs-CZ", "da", "da-DK", "de", "de-AT", "de-CH", "de-DE", "de-LU", "el",
+        "el-CY", "el-GR", "en", "en-AU", "en-CA", "en-GB", "en-IE", "en-IN",
+        "en-MT", "en-NZ", "en-PH", "en-SG", "en-US", "en-ZA", "es", "es-AR",
+        "es-BO", "es-CL", "es-CO", "es-CR", "es-DO", "es-EC", "es-ES", "es-GT",
+        "es-HN", "es-MX", "es-NI", "es-PA", "es-PE", "es-PR", "es-PY", "es-SV",
+        "es-US", "es-UY", "es-VE", "et", "et-EE", "fi", "fi-FI", "fr", "fr-BE",
+        "fr-CA", "fr-CH", "fr-FR", "fr-LU", "ga", "ga-IE", "he", "he-IL",
+        "hi-IN", "hr", "hr-HR", "hu", "hu-HU", "id", "id-ID", "is", "is-IS",
+        "it", "it-CH", "it-IT", "ja", "ja-JP",
+        "ja-JP-u-ca-japanese-x-lvariant-JP", "ko", "ko-KR", "lt", "lt-LT", "lv",
+        "lv-LV", "mk", "mk-MK", "ms", "ms-MY", "mt", "mt-MT", "nl", "nl-BE",
+        "nl-NL", "no", "no-NO", "no-NO-x-lvariant-NY", "pl", "pl-PL", "pt",
+        "pt-BR", "pt-PT", "ro", "ro-RO", "ru", "ru-RU", "sk", "sk-SK", "sl",
+        "sl-SI", "sq", "sq-AL", "sr", "sr-BA", "sr-CS", "sr-Latn", "sr-Latn-BA",
+        "sr-Latn-ME", "sr-Latn-RS", "sr-ME", "sr-RS", "sv", "sv-SE", "th",
+        "th-TH", "th-TH-u-nu-thai-x-lvariant-TH", "tr", "tr-TR", "uk", "uk-UA",
+        "vi", "vi-VN", "zh", "zh-CN", "zh-HK", "zh-SG", "zh-TW", };
+    static List<Locale> jdk7availLocs = new ArrayList<>();
+    static {
+        for (String locStr : jdk7availTags) {
+            jdk7availLocs.add(Locale.forLanguageTag(locStr));
+        }
+    }
+
+    public static void main(String[] args) {
+        List<Locale> avail = Arrays.asList(BreakIterator.getAvailableLocales());
+        diffLocale(BreakIterator.class, avail);
+
+        avail = Arrays.asList(Collator.getAvailableLocales());
+        diffLocale(Collator.class, avail);
+
+        avail = Arrays.asList(DateFormat.getAvailableLocales());
+        diffLocale(DateFormat.class, avail);
+
+        avail = Arrays.asList(DateFormatSymbols.getAvailableLocales());
+        diffLocale(DateFormatSymbols.class, avail);
+
+        avail = Arrays.asList(DecimalFormatSymbols.getAvailableLocales());
+        diffLocale(DecimalFormatSymbols.class, avail);
+
+        avail = Arrays.asList(NumberFormat.getAvailableLocales());
+        diffLocale(NumberFormat.class, avail);
+
+        avail = Arrays.asList(Locale.getAvailableLocales());
+        diffLocale(Locale.class, avail);
+    }
+
+    static void diffLocale(Class c, List<Locale> locs) {
+        String diff = "";
+
+        System.out.printf("Only in target locales (%s.getAvailableLocales()): ", c.getSimpleName());
+        for (Locale l : locs) {
+            if (!jdk7availLocs.contains(l)) {
+                diff += "\""+l.toLanguageTag()+"\", ";
+            }
+        }
+        System.out.println(diff);
+        diff = "";
+
+        System.out.printf("Only in JDK7 (%s.getAvailableLocales()): ", c.getSimpleName());
+        for (Locale l : jdk7availLocs) {
+            if (!locs.contains(l)) {
+                diff += "\""+l.toLanguageTag()+"\", ";
+            }
+        }
+        System.out.println(diff);
+
+        if (diff.length() > 0) {
+            throw new RuntimeException("Above locale(s) were not included in the target available locales");
+        }
+    }
+}
--- a/jdk/test/java/util/PluggableLocale/BreakIteratorProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/BreakIteratorProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -53,9 +53,8 @@
     }
 
     void availableLocalesTest() {
-        Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
-        Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
-        localesExpected.remove(Locale.ROOT);
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
         localesExpected.addAll(providerloc);
         if (localesFromAPI.equals(localesExpected)) {
             System.out.println("availableLocalesTest passed.");
--- a/jdk/test/java/util/PluggableLocale/CollatorProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/CollatorProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -47,9 +47,8 @@
     }
 
     void availableLocalesTest() {
-        Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
-        Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
-        localesExpected.remove(Locale.ROOT);
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
         localesExpected.addAll(providerloc);
         if (localesFromAPI.equals(localesExpected)) {
             System.out.println("availableLocalesTest passed.");
--- a/jdk/test/java/util/PluggableLocale/DateFormatProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/DateFormatProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -34,6 +34,7 @@
     com.foo.DateFormatProviderImpl dfp = new com.foo.DateFormatProviderImpl();
     List<Locale> availloc = Arrays.asList(DateFormat.getAvailableLocales());
     List<Locale> providerloc = Arrays.asList(dfp.getAvailableLocales());
+    List<Locale> jreloc = Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales());
     List<Locale> jreimplloc = Arrays.asList(LocaleProviderAdapter.forJRE().getDateFormatProvider().getAvailableLocales());
 
     public static void main(String[] s) {
@@ -41,11 +42,23 @@
     }
 
     DateFormatProviderTest() {
+        availableLocalesTest();
         objectValidityTest();
         extendedVariantTest();
         messageFormatTest();
     }
 
+    void availableLocalesTest() {
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
+        localesExpected.addAll(providerloc);
+        if (localesFromAPI.equals(localesExpected)) {
+            System.out.println("availableLocalesTest passed.");
+        } else {
+            throw new RuntimeException("availableLocalesTest failed");
+        }
+    }
+
     void objectValidityTest() {
 
         for (Locale target: availloc) {
--- a/jdk/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -48,9 +48,8 @@
     }
 
     void availableLocalesTest() {
-        Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
-        Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
-        localesExpected.remove(Locale.ROOT);
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
         localesExpected.addAll(providerloc);
         if (localesFromAPI.equals(localesExpected)) {
             System.out.println("availableLocalesTest passed.");
--- a/jdk/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -47,9 +47,8 @@
     }
 
     void availableLocalesTest() {
-        Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
-        Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
-        localesExpected.remove(Locale.ROOT);
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
         localesExpected.addAll(providerloc);
         if (localesFromAPI.equals(localesExpected)) {
             System.out.println("availableLocalesTest passed.");
--- a/jdk/test/java/util/PluggableLocale/GenericTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/GenericTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -73,7 +73,6 @@
         expected.addAll(Arrays.asList(localeNP.getAvailableLocales()));
         expected.addAll(Arrays.asList(tzNP.getAvailableLocales()));
         expected.addAll(Arrays.asList(calDataP.getAvailableLocales()));
-        expected.remove(Locale.ROOT);
         if (!result.equals(expected)) {
             throw new RuntimeException("Locale.getAvailableLocales() does not return the union of locales: diff="
                                        + getDiff(result, expected));
--- a/jdk/test/java/util/PluggableLocale/NumberFormatProviderTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/java/util/PluggableLocale/NumberFormatProviderTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -50,9 +50,8 @@
     }
 
     void availableLocalesTest() {
-        Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
-        Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
-        localesExpected.remove(Locale.ROOT);
+        Set<Locale> localesFromAPI = new HashSet<>(availloc);
+        Set<Locale> localesExpected = new HashSet<>(jreloc);
         localesExpected.addAll(providerloc);
         if (localesFromAPI.equals(localesExpected)) {
             System.out.println("availableLocalesTest passed.");
--- a/jdk/test/sun/net/www/protocol/http/StackTraceTest.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/net/www/protocol/http/StackTraceTest.java	Fri Nov 09 14:46:34 2012 -0800
@@ -32,26 +32,28 @@
 import java.io.IOException;
 
 public class StackTraceTest {
-    public static void main(String[] args) {
-        try {
-            URL url = new URL("http://localhost:8080/");
-            URLConnection uc = url.openConnection();
-            System.out.println("key = "+uc.getHeaderFieldKey(20));
-            uc.getInputStream();
-        } catch (IOException ioe) {
-            ioe.printStackTrace();
+    public static void main(String[] args) throws Exception {
+        URL url;
+        try (ServerSocket ss = new ServerSocket(0)) {  // refusing socket
+            url = new URL("http://localhost:" + ss.getLocalPort() + "/");
+        }
+        URLConnection uc = url.openConnection();
+
+        // Trigger implicit connection by trying to retrieve bogus
+        // response header, and force remembered exception
+        uc.getHeaderFieldKey(20);
 
-            if (!(ioe instanceof ConnectException)) {
-                throw new RuntimeException("Expect ConnectException, got "+ioe);
-            }
-            if (ioe.getMessage() == null) {
+        try {
+            uc.getInputStream();  // expect to throw
+            throw new RuntimeException("Expected getInputStream to throw");
+        } catch (IOException ioe) {
+            if (!(ioe instanceof ConnectException))
+                throw new RuntimeException("Expect ConnectException, got " + ioe);
+            if (ioe.getMessage() == null)
                 throw new RuntimeException("Exception message is null");
-            }
-
-            // this exception should be a chained exception
-            if (ioe.getCause() == null) {
-                throw new RuntimeException("Excepting a chained exception, but got: ", ioe);
-            }
+            if (ioe.getCause() == null)
+                throw new RuntimeException("Excepting a chained exception, but got: ",
+                                           ioe);
         }
     }
 }
--- a/jdk/test/sun/security/krb5/auto/Basic.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/krb5/auto/Basic.java	Fri Nov 09 14:46:34 2012 -0800
@@ -38,11 +38,13 @@
 
         new OneKDC(null).writeJAASConf();
 
-        Context c, s;
+        Context c, s, s2, b;
         c = Context.fromJAAS("client");
         s = Context.fromJAAS("server");
+        b = Context.fromJAAS("backend");
 
         c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+        c.x().requestCredDeleg(true);
         s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
 
         Context.handshake(c, s);
@@ -50,7 +52,13 @@
         Context.transmit("i say high --", c, s);
         Context.transmit("   you say low", s, c);
 
+        s2 = s.delegated();
         s.dispose();
         c.dispose();
+
+        s2.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID);
+        b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+        Context.handshake(s2, b);
     }
 }
--- a/jdk/test/sun/security/krb5/auto/Context.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/krb5/auto/Context.java	Fri Nov 09 14:46:34 2012 -0800
@@ -42,9 +42,10 @@
 import com.sun.security.jgss.ExtendedGSSContext;
 import com.sun.security.jgss.InquireType;
 import com.sun.security.jgss.AuthorizationDataEntry;
+import com.sun.security.jgss.ExtendedGSSCredential;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
-import javax.security.auth.kerberos.KeyTab;
+import java.security.Principal;
 
 /**
  * Context of a JGSS subject, encapsulating Subject and GSSContext.
@@ -90,7 +91,21 @@
     public Context delegated() throws Exception {
         Context out = new Context();
         out.s = s;
-        out.cred = x.getDelegCred();
+        try {
+            out.cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
+                @Override
+                public GSSCredential run() throws Exception {
+                    GSSCredential cred = x.getDelegCred();
+                    if (cred == null && x.getCredDelegState() ||
+                            cred != null && !x.getCredDelegState()) {
+                        throw new Exception("getCredDelegState not match");
+                    }
+                    return cred;
+                }
+            });
+        } catch (PrivilegedActionException pae) {
+            throw pae.getException();
+        }
         out.name = name + " as " + out.cred.getName().toString();
         return out;
     }
@@ -212,28 +227,34 @@
      * @throws java.lang.Exception
      */
     public void startAsServer(final Oid mech) throws Exception {
-        startAsServer(null, mech);
+        startAsServer(null, mech, false);
     }
 
+    public void startAsServer(final String name, final Oid mech) throws Exception {
+        startAsServer(name, mech, false);
+    }
     /**
      * Starts as a server with the specified service name
      * @param name the service name
      * @param mech GSS mech
      * @throws java.lang.Exception
      */
-    public void startAsServer(final String name, final Oid mech) throws Exception {
+    public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
         doAs(new Action() {
             @Override
             public byte[] run(Context me, byte[] dummy) throws Exception {
                 GSSManager m = GSSManager.getInstance();
-                me.x = (ExtendedGSSContext)m.createContext(m.createCredential(
+                me.cred = m.createCredential(
                         name == null ? null :
                           (name.indexOf('@') < 0 ?
                             m.createName(name, null) :
                             m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                         GSSCredential.INDEFINITE_LIFETIME,
                         mech,
-                        GSSCredential.ACCEPT_ONLY));
+                        asInitiator?
+                                GSSCredential.INITIATE_AND_ACCEPT:
+                                GSSCredential.ACCEPT_ONLY);
+                me.x = (ExtendedGSSContext)m.createContext(me.cred);
                 return null;
             }
         }, null);
@@ -331,27 +352,38 @@
         } catch (Exception e) {
             ;// Don't care
         }
-        System.out.println("====== Private Credentials Set ======");
-        for (Object o : s.getPrivateCredentials()) {
-            System.out.println("    " + o.getClass());
-            if (o instanceof KerberosTicket) {
-                KerberosTicket kt = (KerberosTicket) o;
-                System.out.println("        " + kt.getServer() + " for " + kt.getClient());
-            } else if (o instanceof KerberosKey) {
-                KerberosKey kk = (KerberosKey) o;
-                System.out.print("        " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
-                for (byte b : kk.getEncoded()) {
-                    System.out.printf("%02X", b & 0xff);
-                }
-                System.out.println();
-            } else if (o instanceof Map) {
-                Map map = (Map) o;
-                for (Object k : map.keySet()) {
-                    System.out.println("        " + k + ": " + map.get(k));
-                }
-            } else {
+        if (s != null) {
+            System.out.println("====== START SUBJECT CONTENT =====");
+            for (Principal p: s.getPrincipals()) {
+                System.out.println("    Principal: " + p);
+            }
+            for (Object o : s.getPublicCredentials()) {
+                System.out.println("    " + o.getClass());
                 System.out.println("        " + o);
             }
+            System.out.println("====== Private Credentials Set ======");
+            for (Object o : s.getPrivateCredentials()) {
+                System.out.println("    " + o.getClass());
+                if (o instanceof KerberosTicket) {
+                    KerberosTicket kt = (KerberosTicket) o;
+                    System.out.println("        " + kt.getServer() + " for " + kt.getClient());
+                } else if (o instanceof KerberosKey) {
+                    KerberosKey kk = (KerberosKey) o;
+                    System.out.print("        " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
+                    for (byte b : kk.getEncoded()) {
+                        System.out.printf("%02X", b & 0xff);
+                    }
+                    System.out.println();
+                } else if (o instanceof Map) {
+                    Map map = (Map) o;
+                    for (Object k : map.keySet()) {
+                        System.out.println("        " + k + ": " + map.get(k));
+                    }
+                } else {
+                    System.out.println("        " + o);
+                }
+            }
+            System.out.println("====== END SUBJECT CONTENT =====");
         }
         if (x != null && x instanceof ExtendedGSSContext) {
             if (x.isEstablished()) {
@@ -510,6 +542,29 @@
         return sb.toString();
     }
 
+    public Context impersonate(final String someone) throws Exception {
+        try {
+            GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
+                @Override
+                public GSSCredential run() throws Exception {
+                    GSSManager m = GSSManager.getInstance();
+                    GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
+                    if (Context.this.cred == null) {
+                        Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
+                    }
+                    return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
+                }
+            });
+            Context out = new Context();
+            out.s = s;
+            out.cred = creds;
+            out.name = name + " as " + out.cred.getName().toString();
+            return out;
+        } catch (PrivilegedActionException pae) {
+            throw pae.getException();
+        }
+    }
+
     public byte[] take(final byte[] in) throws Exception {
         return doAs(new Action() {
             @Override
@@ -522,10 +577,11 @@
                     }
                     return null;
                 } else {
-                    System.out.println(name + " call initSecContext");
                     if (me.x.isInitiator()) {
+                        System.out.println(name + " call initSecContext");
                         return me.x.initSecContext(input, 0, input.length);
                     } else {
+                        System.out.println(name + " call acceptSecContext");
                         return me.x.acceptSecContext(input, 0, input.length);
                     }
                 }
--- a/jdk/test/sun/security/krb5/auto/CrossRealm.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/krb5/auto/CrossRealm.java	Fri Nov 09 14:46:34 2012 -0800
@@ -24,6 +24,7 @@
 /*
  * @test
  * @bug 6706974
+ * @compile -XDignore.symbol.file CrossRealm.java
  * @run main/othervm CrossRealm
  * @summary Add krb5 test infrastructure
  */
--- a/jdk/test/sun/security/krb5/auto/KDC.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java	Fri Nov 09 14:46:34 2012 -0800
@@ -178,6 +178,20 @@
          * What backend server can be delegated to
          */
         OK_AS_DELEGATE,
+        /**
+         * Allow S4U2self, List<String> of middle servers.
+         * If not set, means KDC does not understand S4U2self at all, therefore
+         * would ignore any PA-FOR-USER request and send a ticket using the
+         * cname of teh requestor. If set, it returns FORWARDABLE tickets to
+         * a server with its name in the list
+         */
+        ALLOW_S4U2SELF,
+        /**
+         * Allow S4U2proxy, Map<String,List<String>> of middle servers to
+         * backends. If not set or a backend not in a server's list,
+         * Krb5.KDC_ERR_POLICY will be send for S4U2proxy request.
+         */
+        ALLOW_S4U2PROXY,
     };
 
     static {
@@ -618,13 +632,18 @@
             int e2 = eTypes[0];     // etype for outgoing session key
             int e3 = eTypes[0];     // etype for outgoing ticket
 
-            PAData[] pas = kDCReqDotPAData(tgsReq);
+            PAData[] pas = KDCReqDotPAData(tgsReq);
 
             Ticket tkt = null;
             EncTicketPart etp = null;
+
+            PrincipalName cname = null;
+            boolean allowForwardable = true;
+
             if (pas == null || pas.length == 0) {
                 throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
             } else {
+                PrincipalName forUserCName = null;
                 for (PAData pa: pas) {
                     if (pa.getType() == Krb5.PA_TGS_REQ) {
                         APReq apReq = new APReq(pa.getValue());
@@ -636,8 +655,31 @@
                         DerInputStream derIn = new DerInputStream(bb);
                         DerValue der = derIn.getDerValue();
                         etp = new EncTicketPart(der.toByteArray());
+                        // Finally, cname will be overwritten by PA-FOR-USER
+                        // if it exists.
+                        cname = etp.cname;
+                        System.out.println(realm + "> presenting a ticket of "
+                                + etp.cname + " to " + tkt.sname);
+                    } else if (pa.getType() == Krb5.PA_FOR_USER) {
+                        if (options.containsKey(Option.ALLOW_S4U2SELF)) {
+                            PAForUserEnc p4u = new PAForUserEnc(
+                                    new DerValue(pa.getValue()), null);
+                            forUserCName = p4u.name;
+                            System.out.println(realm + "> presenting a PA_FOR_USER "
+                                    + " in the name of " + p4u.name);
+                        }
                     }
                 }
+                if (forUserCName != null) {
+                    List<String> names = (List<String>)options.get(Option.ALLOW_S4U2SELF);
+                    if (!names.contains(cname.toString())) {
+                        // Mimic the normal KDC behavior. When a server is not
+                        // allowed to send S4U2self, do not send an error.
+                        // Instead, send a ticket which is useless later.
+                        allowForwardable = false;
+                    }
+                    cname = forUserCName;
+                }
                 if (tkt == null) {
                     throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
                 }
@@ -658,7 +700,8 @@
             }
 
             boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
-            if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
+            if (body.kdcOptions.get(KDCOptions.FORWARDABLE)
+                    && allowForwardable) {
                 bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
             }
             if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
@@ -678,6 +721,37 @@
             if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
                 bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
             }
+            if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
+                if (!options.containsKey(Option.ALLOW_S4U2PROXY)) {
+                    // Don't understand CNAME_IN_ADDL_TKT
+                    throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+                } else {
+                    Map<String,List<String>> map = (Map<String,List<String>>)
+                            options.get(Option.ALLOW_S4U2PROXY);
+                    Ticket second = KDCReqBodyDotFirstAdditionalTicket(body);
+                    EncryptionKey key2 = keyForUser(second.sname, second.encPart.getEType(), true);
+                    byte[] bb = second.encPart.decrypt(key2, KeyUsage.KU_TICKET);
+                    DerInputStream derIn = new DerInputStream(bb);
+                    DerValue der = derIn.getDerValue();
+                    EncTicketPart tktEncPart = new EncTicketPart(der.toByteArray());
+                    if (!tktEncPart.flags.get(Krb5.TKT_OPTS_FORWARDABLE)) {
+                        //throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+                    }
+                    PrincipalName client = tktEncPart.cname;
+                    System.out.println(realm + "> and an additional ticket of "
+                            + client + " to " + second.sname);
+                    if (map.containsKey(cname.toString())) {
+                        if (map.get(cname.toString()).contains(service.toString())) {
+                            System.out.println(realm + "> S4U2proxy OK");
+                        } else {
+                            throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+                        }
+                    } else {
+                        throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+                    }
+                    cname = client;
+                }
+            }
 
             String okAsDelegate = (String)options.get(Option.OK_AS_DELEGATE);
             if (okAsDelegate != null && (
@@ -691,7 +765,7 @@
             EncTicketPart enc = new EncTicketPart(
                     tFlags,
                     key,
-                    etp.cname,
+                    cname,
                     new TransitedEncoding(1, new byte[0]),  // TODO
                     new KerberosTime(new Date()),
                     body.from,
@@ -729,7 +803,7 @@
                     );
             EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
             TGSRep tgsRep = new TGSRep(null,
-                    etp.cname,
+                    cname,
                     t,
                     edata);
             System.out.println("     Return " + tgsRep.cname
@@ -942,7 +1016,7 @@
                 outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray()));
             }
 
-            PAData[] inPAs = kDCReqDotPAData(asReq);
+            PAData[] inPAs = KDCReqDotPAData(asReq);
             if (inPAs == null || inPAs.length == 0) {
                 Object preauth = options.get(Option.PREAUTH_REQUIRED);
                 if (preauth == null || preauth.equals(Boolean.TRUE)) {
@@ -1252,6 +1326,7 @@
     private static final Field getEType;
     private static final Constructor<EncryptedData> ctorEncryptedData;
     private static final Method stringToKey;
+    private static final Field getAddlTkt;
 
     static {
         try {
@@ -1265,6 +1340,8 @@
                     "stringToKey",
                     char[].class, String.class, byte[].class, Integer.TYPE);
             stringToKey.setAccessible(true);
+            getAddlTkt = KDCReqBody.class.getDeclaredField("additionalTickets");
+            getAddlTkt.setAccessible(true);
         } catch (NoSuchFieldException nsfe) {
             throw new AssertionError(nsfe);
         } catch (NoSuchMethodException nsme) {
@@ -1278,7 +1355,7 @@
             throw new AssertionError(e);
         }
     }
-    private static PAData[] kDCReqDotPAData(KDCReq req) {
+    private static PAData[] KDCReqDotPAData(KDCReq req) {
         try {
             return (PAData[])getPADataField.get(req);
         } catch (Exception e) {
@@ -1303,4 +1380,11 @@
             throw new AssertionError(e);
         }
     }
+    private static Ticket KDCReqBodyDotFirstAdditionalTicket(KDCReqBody body) {
+        try {
+            return ((Ticket[])getAddlTkt.get(body))[0];
+        } catch (Exception e) {
+            throw new AssertionError(e);
+        }
+    }
 }
--- a/jdk/test/sun/security/krb5/auto/OkAsDelegate.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/krb5/auto/OkAsDelegate.java	Fri Nov 09 14:46:34 2012 -0800
@@ -91,7 +91,7 @@
 
         Context c, s;
         c = Context.fromJAAS("client");
-        s = Context.fromJAAS("server");
+        s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
 
         Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
         if (System.getProperty("test.spnego") != null) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2proxy.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2proxy.java
+ * @run main/othervm S4U2proxy krb5
+ * @run main/othervm S4U2proxy spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2proxy {
+
+    public static void main(String[] args) throws Exception {
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+        Map<String,List<String>> map = new HashMap<>();
+        map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+                new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+        kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+        Context c, s, b;
+        c = Context.fromJAAS("client");
+        s = Context.fromJAAS("server");
+        b = Context.fromJAAS("backend");
+
+        c.startAsClient(OneKDC.SERVER, mech);
+        s.startAsServer(null, mech, false);
+
+        Context.handshake(c, s);
+        Context p = s.delegated();
+
+        p.startAsClient(OneKDC.BACKEND, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+
+        p.startAsClient(OneKDC.BACKEND, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2proxyGSS.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2proxyGSS.java
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS krb5
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS spnego
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2proxyGSS {
+
+    public static void main(String[] args) throws Exception {
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+        Map<String,List<String>> map = new HashMap<>();
+        map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+                new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+        kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+        Context c, s, b;
+        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+        System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
+        File f = new File(OneKDC.JAAS_CONF);
+        FileOutputStream fos = new FileOutputStream(f);
+        fos.write((
+                "com.sun.security.jgss.krb5.initiate {\n" +
+                "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
+                "com.sun.security.jgss.krb5.accept {\n" +
+                "    com.sun.security.auth.module.Krb5LoginModule required\n" +
+                "    principal=\"" + OneKDC.SERVER + "\"\n" +
+                "    useKeyTab=true\n" +
+                "    storeKey=true;\n};\n"
+                ).getBytes());
+        fos.close();
+        Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
+        c = Context.fromThinAir();
+        s = Context.fromThinAir();
+        b = Context.fromThinAir();
+        c.startAsClient(OneKDC.SERVER, mech);
+        c.x().requestCredDeleg(false);
+        s.startAsServer(mech);
+
+        Context.handshake(c, s);
+        Context p = s.delegated();
+        p.startAsClient(OneKDC.SERVER, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+
+        String n1 = p.x().getSrcName().toString().split("@")[0];
+        String n2 = b.x().getSrcName().toString().split("@")[0];
+        if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
+            throw new Exception("Delegation failed");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2self.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2self.java
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2self krb5 0
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 1
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 2
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 3
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 4
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 5
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2self spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2self {
+
+    public static void main(String[] args) throws Exception {
+        // Test case, different policy settings in KDC:
+        //                   |     ALLOW_S4U2SELF on
+        //                   |   USER    USER2    none
+        // ALLOW_S4U2PORXY   |-------------------------
+        // USER to BACKEND   |   0       1        2
+        // USER2 to BACKEND  |   3
+        // USER to SERVER    |   4
+        //      none         |   5
+        //
+        // 0 should succeed, all other fail
+        int test = 0;
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+            test = Integer.parseInt(args[1]);
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+
+        switch (test) {
+            case 1:
+                kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+                        new String[]{OneKDC.USER2 + "@" + OneKDC.REALM}));
+                break;
+            case 2:
+                // No S4U2self
+                break;
+            default:
+                kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+                        new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
+                break;
+        }
+
+        Map<String,List<String>> map = new HashMap<>();
+        switch (test) {
+            case 3:
+                map.put(OneKDC.USER2 + "@" + OneKDC.REALM, Arrays.asList(
+                        new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+                kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+                break;
+            case 4:
+                map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+                        new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+                kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+                break;
+            case 5:
+                // No S4U2proxy set
+                break;
+            default:
+                map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+                        new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+                kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+                break;
+        }
+
+        Context c, s;
+        c = Context.fromJAAS("client");
+
+        c = c.impersonate(OneKDC.USER2);
+        c.status();
+
+        c.startAsClient(OneKDC.BACKEND, mech);
+
+        s = Context.fromJAAS("backend");
+        s.startAsServer(mech);
+
+        Context.handshake(c, s);
+
+        Context.transmit("i say high --", c, s);
+        Context.transmit("   you say low", s, c);
+
+        c.status();
+        s.status();
+
+        String n1 = c.x().getSrcName().toString().split("@")[0];
+        String n2 = s.x().getSrcName().toString().split("@")[0];
+        if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
+            throw new Exception("Impersonate failed");
+        }
+
+        s.dispose();
+        c.dispose();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2selfAsServer.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfAsServer.java
+ * @run main/othervm S4U2selfAsServer krb5
+ * @run main/othervm S4U2selfAsServer spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfAsServer {
+
+    public static void main(String[] args) throws Exception {
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+        Map<String,List<String>> map = new HashMap<>();
+        map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+                new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+        kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+        kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+                new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+
+        Context s, b;
+        s = Context.fromJAAS("server");
+        b = Context.fromJAAS("backend");
+
+        s.startAsServer(null, mech, false);
+
+        Context p = s.impersonate(OneKDC.USER);
+
+        p.startAsClient(OneKDC.BACKEND, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+
+        p.startAsClient(OneKDC.BACKEND, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfAsServerGSS.java
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS krb5
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS spnego
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfAsServerGSS {
+
+    public static void main(String[] args) throws Exception {
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+        Map<String,List<String>> map = new HashMap<>();
+        map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+                new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+        kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+        kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+                new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+
+        Context s, b;
+        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+        System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
+        File f = new File(OneKDC.JAAS_CONF);
+        FileOutputStream fos = new FileOutputStream(f);
+        fos.write((
+                "com.sun.security.jgss.krb5.accept {\n" +
+                "    com.sun.security.auth.module.Krb5LoginModule required\n" +
+                "    principal=\"" + OneKDC.SERVER + "\"\n" +
+                "    useKeyTab=true\n" +
+                "    storeKey=true;\n};\n"
+                ).getBytes());
+        fos.close();
+        Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
+        s = Context.fromThinAir();
+        b = Context.fromThinAir();
+        s.startAsServer(mech);
+
+        Context p = s.impersonate(OneKDC.USER);
+
+        p.startAsClient(OneKDC.SERVER, mech);
+        b.startAsServer(mech);
+        Context.handshake(p, b);
+
+        String n1 = p.x().getSrcName().toString().split("@")[0];
+        String n2 = b.x().getSrcName().toString().split("@")[0];
+        if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
+            throw new Exception("Delegation failed");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/S4U2selfGSS.java	Fri Nov 09 14:46:34 2012 -0800
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfGSS.java
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS krb5
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfGSS {
+
+    public static void main(String[] args) throws Exception {
+        Oid mech;
+        if (args[0].equals("spnego")) {
+            mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+        } else if (args[0].contains("krb5")) {
+            mech = GSSUtil.GSS_KRB5_MECH_OID;
+        } else {
+            throw new Exception("Unknown mech");
+        }
+
+        OneKDC kdc = new OneKDC(null);
+        kdc.writeJAASConf();
+        kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+                new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
+        Map<String,List<String>> map = new HashMap<>();
+        map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+                new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+        kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+        Context c, s;
+        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+        c = Context.fromThinAir();
+        s = Context.fromThinAir();
+
+        c = c.impersonate(OneKDC.USER2);
+
+        c.startAsClient(OneKDC.SERVER, mech);
+        s.startAsServer(mech);
+
+        Context.handshake(c, s);
+
+        String n1 = c.x().getSrcName().toString().split("@")[0];
+        String n2 = s.x().getSrcName().toString().split("@")[0];
+        if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
+            throw new Exception("Impersonate failed");
+        }
+
+        s.dispose();
+        c.dispose();
+    }
+}
--- a/jdk/test/sun/security/pkcs11/rsa/GenKeyStore.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/pkcs11/rsa/GenKeyStore.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
         certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
         certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
         certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
-        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
-        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+        certInfo.set(X509CertInfo.SUBJECT, name);
+        certInfo.set(X509CertInfo.ISSUER, name);
         certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
         certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
 
--- a/jdk/test/sun/security/provider/X509Factory/BigCRL.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/provider/X509Factory/BigCRL.java	Fri Nov 09 14:46:34 2012 -0800
@@ -57,7 +57,7 @@
         X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
                 X509CertImpl.NAME + "." + X509CertImpl.INFO);
         X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
-                + CertificateSubjectName.DN_NAME);
+                + X509CertInfo.DN_NAME);
 
         Date date = new Date();
         PrivateKey privateKey = (PrivateKey)
--- a/jdk/test/sun/security/rsa/GenKeyStore.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/rsa/GenKeyStore.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
         certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
         certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
         certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
-        certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
-        certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+        certInfo.set(X509CertInfo.SUBJECT, name);
+        certInfo.set(X509CertInfo.ISSUER, name);
         certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
         certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
 
--- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
  * questions.
  */
 
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
 /**
  * @test
  * @bug 4302026
  * @run main/othervm GetPeerHost
- *
- *     SunJSSE does not support dynamic system properties, no way to re-use
- *     system properties in samevm/agentvm mode.
  * @summary make sure the server side doesn't do DNS lookup.
  */
 import javax.net.*;
@@ -41,7 +43,8 @@
                             + "/../../../../../../../etc/truststore");
         GetPeerHostServer server = new GetPeerHostServer();
         server.start();
-        GetPeerHostClient client = new GetPeerHostClient();
+        GetPeerHostClient client =
+            new GetPeerHostClient(server.getServerPort());
         client.start();
         server.join ();
         if (!server.getPassStatus ()) {
--- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,13 +38,13 @@
     SSLSocket s;
     String server;
 
-    public GetPeerHostClient ()
+    public GetPeerHostClient (int serverPort)
     {
         try {
             SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory
                                         .getDefault();
             server = InetAddress.getLocalHost().getHostName();
-            s = (SSLSocket) factory.createSocket(server, 9999);
+            s = (SSLSocket) factory.createSocket(server, serverPort);
             System.out.println("CLIENT: connected to the server- " + server);
         } catch (Exception e) {
                 System.err.println("Unexpected exceptions: " + e);
--- a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java	Thu Nov 08 11:52:26 2012 -0800
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java	Fri Nov 09 14:46:34 2012 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
     private String host;
     ServerSocket ss;
     boolean isHostIPAddr = false;
+    int serverPort = 0;
 
     public GetPeerHostServer ()
     {
@@ -57,7 +58,8 @@
             kmf.init(ks, passphrase);
             ctx.init(kmf.getKeyManagers(), null, null);
             ServerSocketFactory ssf = ctx.getServerSocketFactory();
-            ss = ssf.createServerSocket(9999);
+            ss = ssf.createServerSocket(serverPort);
+            serverPort = ss.getLocalPort();
         }catch (Exception e) {
             System.err.println("Unexpected exceptions: " + e);
             e.printStackTrace();
@@ -90,4 +92,8 @@
     boolean getPassStatus () {
         return isHostIPAddr;
     }
+
+    int getServerPort() {
+        return serverPort;
+    }
 }