8233884: Avoid looking up standard charsets in security libraries
authorigerasim
Tue, 12 Nov 2019 01:36:17 -0800
changeset 59024 b046ba510bbc
parent 59023 f0dca628176c
child 59025 b398685dd029
8233884: Avoid looking up standard charsets in security libraries Reviewed-by: coffeys
src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java
src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java
src/java.base/share/classes/javax/crypto/CryptoPermissions.java
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
src/java.base/share/classes/sun/security/provider/ConfigFile.java
src/java.base/share/classes/sun/security/provider/DomainKeyStore.java
src/java.base/share/classes/sun/security/provider/JavaKeyStore.java
src/java.base/share/classes/sun/security/provider/KeyProtector.java
src/java.base/share/classes/sun/security/provider/PolicyFile.java
src/java.base/share/classes/sun/security/ssl/SSLLogger.java
src/java.base/share/classes/sun/security/util/DerInputStream.java
src/java.base/share/classes/sun/security/util/DerOutputStream.java
src/java.base/share/classes/sun/security/util/DerValue.java
src/java.base/share/classes/sun/security/util/DomainName.java
src/java.base/share/classes/sun/security/util/HexDumpEncoder.java
src/java.base/share/classes/sun/security/x509/AVA.java
src/java.base/share/classes/sun/security/x509/X509CertImpl.java
src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java
src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5NameElement.java
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java
src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/ETypeInfo.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/PAData.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/PAForUserEnc.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/DkCrypto.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabOutputStream.java
src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java
src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java
src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java
src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/Config.java
src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java
src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java
--- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java	Tue Nov 12 01:36:17 2019 -0800
@@ -45,6 +45,8 @@
 import java.security.cert.CertificateException;
 import javax.crypto.SealedObject;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This class provides the keystore implementation referred to as "jceks".
  * This implementation strongly protects the keystore private keys using
@@ -909,7 +911,8 @@
      * hash with a bit of whitener.
      */
     private MessageDigest getPreKeyedHash(char[] password)
-    throws NoSuchAlgorithmException, UnsupportedEncodingException {
+        throws NoSuchAlgorithmException
+    {
         int i, j;
 
         MessageDigest md = MessageDigest.getInstance("SHA");
@@ -921,7 +924,7 @@
         md.update(passwdBytes);
         for (i=0; i<passwdBytes.length; i++)
             passwdBytes[i] = 0;
-        md.update("Mighty Aphrodite".getBytes("UTF8"));
+        md.update("Mighty Aphrodite".getBytes(UTF_8));
         return md;
     }
 
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java	Tue Nov 12 01:36:17 2019 -0800
@@ -29,7 +29,6 @@
 import java.lang.ref.Reference;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
-import java.nio.charset.Charset;
 import java.util.Arrays;
 import java.util.Locale;
 import java.security.MessageDigest;
@@ -41,6 +40,8 @@
 import javax.crypto.SecretKey;
 import javax.crypto.spec.PBEKeySpec;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import jdk.internal.ref.CleanerFactory;
 
 /**
@@ -66,9 +67,8 @@
     private Mac prf;
 
     private static byte[] getPasswordBytes(char[] passwd) {
-        Charset utf8 = Charset.forName("UTF-8");
         CharBuffer cb = CharBuffer.wrap(passwd);
-        ByteBuffer bb = utf8.encode(cb);
+        ByteBuffer bb = UTF_8.encode(cb);
 
         int len = bb.limit();
         byte[] passwdBytes = new byte[len];
--- a/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,8 @@
 import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import javax.crypto.*;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -153,7 +155,7 @@
         SecretKey key = spec.getSecret();
         byte[] secret = (key == null) ? null : key.getEncoded();
         try {
-            byte[] labelBytes = spec.getLabel().getBytes("UTF8");
+            byte[] labelBytes = spec.getLabel().getBytes(UTF_8);
             int n = spec.getOutputLength();
             byte[] prfBytes = (tls12 ?
                 doTLS12PRF(secret, labelBytes, spec.getSeed(), n,
@@ -163,8 +165,6 @@
             return new SecretKeySpec(prfBytes, "TlsPrf");
         } catch (GeneralSecurityException e) {
             throw new ProviderException("Could not generate PRF", e);
-        } catch (java.io.UnsupportedEncodingException e) {
-            throw new ProviderException("Could not generate PRF", e);
         }
     }
 
--- a/src/java.base/share/classes/javax/crypto/CryptoPermissions.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/javax/crypto/CryptoPermissions.java	Tue Nov 12 01:36:17 2019 -0800
@@ -40,6 +40,8 @@
 import java.io.ObjectOutputStream;
 import java.io.IOException;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This class contains CryptoPermission objects, organized into
  * PermissionCollections according to algorithm names.
@@ -99,7 +101,7 @@
     void load(InputStream in)
         throws IOException, CryptoPolicyParser.ParsingException {
         CryptoPolicyParser parser = new CryptoPolicyParser();
-        parser.read(new BufferedReader(new InputStreamReader(in, "UTF-8")));
+        parser.read(new BufferedReader(new InputStreamReader(in, UTF_8)));
 
         CryptoPermission[] parsingResult = parser.getPermissions();
         for (int i = 0; i < parsingResult.length; i++) {
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java	Tue Nov 12 01:36:17 2019 -0800
@@ -51,6 +51,8 @@
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import java.security.AlgorithmParameters;
 import java.security.InvalidAlgorithmParameterException;
 import javax.crypto.spec.PBEParameterSpec;
@@ -687,12 +689,14 @@
                 entry.attributes.addAll(attributes);
             }
             // set the keyId to current date
-            entry.keyId = ("Time " + (entry.date).getTime()).getBytes("UTF8");
+            entry.keyId = ("Time " + (entry.date).getTime()).getBytes(UTF_8);
             // set the alias
             entry.alias = alias.toLowerCase(Locale.ENGLISH);
             // add the entry
             entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
 
+        } catch (KeyStoreException kse) {
+            throw kse;
         } catch (Exception nsae) {
             throw new KeyStoreException("Key protection" +
                        " algorithm not found: " + nsae, nsae);
@@ -746,12 +750,8 @@
                 alias + "'");
         }
 
-        try {
-            // set the keyId to current date
-            entry.keyId = ("Time " + (entry.date).getTime()).getBytes("UTF8");
-        } catch (UnsupportedEncodingException ex) {
-            // Won't happen
-        }
+        // set the keyId to current date
+        entry.keyId = ("Time " + (entry.date).getTime()).getBytes(UTF_8);
         // set the alias
         entry.alias = alias.toLowerCase(Locale.ENGLISH);
 
@@ -2499,18 +2499,18 @@
                        // attribute in pkcs12 with one private key entry and
                        // associated cert-chain
                        if (privateKeyCount == 1) {
-                            keyId = "01".getBytes("UTF8");
+                            keyId = "01".getBytes(UTF_8);
                        } else {
                             continue;
                        }
                     } else {
                         // keyId in a SecretKeyEntry is not significant
-                        keyId = "00".getBytes("UTF8");
+                        keyId = "00".getBytes(UTF_8);
                     }
                 }
                 entry.keyId = keyId;
                 // restore date if it exists
-                String keyIdStr = new String(keyId, "UTF8");
+                String keyIdStr = new String(keyId, UTF_8);
                 Date date = null;
                 if (keyIdStr.startsWith("Time ")) {
                     try {
@@ -2547,7 +2547,7 @@
                 if ((keyId == null) && (privateKeyCount == 1)) {
                     // insert localKeyID only for EE cert or self-signed cert
                     if (i == 0) {
-                        keyId = "01".getBytes("UTF8");
+                        keyId = "01".getBytes(UTF_8);
                     }
                 }
                 // Trusted certificate
--- a/src/java.base/share/classes/sun/security/provider/ConfigFile.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/provider/ConfigFile.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,6 +46,8 @@
 import sun.security.util.PropertyExpander;
 import sun.security.util.ResourcesMgr;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This class represents a default implementation for
  * {@code javax.security.auth.login.Configuration}.
@@ -325,7 +327,7 @@
                           throws IOException {
 
             try (InputStreamReader isr
-                    = new InputStreamReader(getInputStream(config), "UTF-8")) {
+                    = new InputStreamReader(getInputStream(config), UTF_8)) {
                 readConfig(isr, newConfig);
             } catch (FileNotFoundException fnfe) {
                 if (debugConfig != null) {
--- a/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/provider/DomainKeyStore.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@
 import java.security.cert.CertificateException;
 import java.util.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.util.PolicyUtil;
 
@@ -768,7 +770,7 @@
 
         try (InputStreamReader configurationReader =
             new InputStreamReader(
-                PolicyUtil.getInputStream(configuration.toURL()), "UTF-8")) {
+                PolicyUtil.getInputStream(configuration.toURL()), UTF_8)) {
             parser.read(configurationReader);
             domains = parser.getDomainEntries();
 
--- a/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/provider/JavaKeyStore.java	Tue Nov 12 01:36:17 2019 -0800
@@ -32,6 +32,8 @@
 import java.security.cert.CertificateException;
 import java.util.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.pkcs12.PKCS12KeyStore;
 import sun.security.util.Debug;
@@ -805,14 +807,14 @@
      * hash with a bit of whitener.
      */
     private MessageDigest getPreKeyedHash(char[] password)
-        throws NoSuchAlgorithmException, UnsupportedEncodingException
+        throws NoSuchAlgorithmException
     {
 
         MessageDigest md = MessageDigest.getInstance("SHA");
         byte[] passwdBytes = convertToBytes(password);
         md.update(passwdBytes);
         Arrays.fill(passwdBytes, (byte) 0x00);
-        md.update("Mighty Aphrodite".getBytes("UTF8"));
+        md.update("Mighty Aphrodite".getBytes(UTF_8));
         return md;
     }
 
--- a/src/java.base/share/classes/sun/security/provider/KeyProtector.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/provider/KeyProtector.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package sun.security.provider;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import java.security.Key;
 import java.security.KeyStoreException;
 import java.security.MessageDigest;
--- a/src/java.base/share/classes/sun/security/provider/PolicyFile.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/provider/PolicyFile.java	Tue Nov 12 01:36:17 2019 -0800
@@ -42,12 +42,14 @@
 import java.net.NetPermission;
 import java.util.concurrent.ConcurrentHashMap;
 import jdk.internal.access.JavaSecurityAccess;
-import static jdk.internal.access.JavaSecurityAccess.ProtectionDomainCache;
 import jdk.internal.access.SharedSecrets;
 import jdk.internal.util.StaticProperty;
 import sun.security.util.*;
 import sun.net.www.ParseUtil;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static jdk.internal.access.JavaSecurityAccess.ProtectionDomainCache;
+
 /**
  * This class represents a default Policy implementation for the
  * "JavaPolicy" type.
@@ -559,8 +561,7 @@
         return false;
     }
 
-    private InputStreamReader getInputStreamReader(InputStream is)
-                              throws IOException {
+    private InputStreamReader getInputStreamReader(InputStream is) {
         /*
          * Read in policy using UTF-8 by default.
          *
@@ -569,7 +570,7 @@
          */
         return (notUtf8)
             ? new InputStreamReader(is)
-            : new InputStreamReader(is, "UTF-8");
+            : new InputStreamReader(is, UTF_8);
     }
 
     private void initStaticPolicy(final PolicyInfo newInfo) {
--- a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@
 import sun.security.util.HexDumpEncoder;
 import sun.security.x509.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * Implementation of SSL logger.
  *
@@ -229,7 +231,7 @@
                 try {
                     String formatted =
                         SSLSimpleFormatter.format(this, level, message, thrwbl);
-                    System.err.write(formatted.getBytes("UTF-8"));
+                    System.err.write(formatted.getBytes(UTF_8));
                 } catch (Exception exp) {
                     // ignore it, just for debugging.
                 }
@@ -243,7 +245,7 @@
                 try {
                     String formatted =
                         SSLSimpleFormatter.format(this, level, message, params);
-                    System.err.write(formatted.getBytes("UTF-8"));
+                    System.err.write(formatted.getBytes(UTF_8));
                 } catch (Exception exp) {
                     // ignore it, just for debugging.
                 }
--- a/src/java.base/share/classes/sun/security/util/DerInputStream.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/util/DerInputStream.java	Tue Nov 12 01:36:17 2019 -0800
@@ -27,9 +27,12 @@
 
 import java.io.InputStream;
 import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.util.Date;
 import java.util.Vector;
-import java.math.BigInteger;
+
+import static java.nio.charset.StandardCharsets.*;
 
 /**
  * A DER input stream, used for parsing ASN.1 DER-encoded data such as
@@ -457,7 +460,7 @@
      * Read a string that was encoded as a UTF8String DER value.
      */
     public String getUTF8String() throws IOException {
-        return readString(DerValue.tag_UTF8String, "UTF-8", "UTF8");
+        return readString(DerValue.tag_UTF8String, "UTF-8", UTF_8);
     }
 
     /**
@@ -465,7 +468,7 @@
      */
     public String getPrintableString() throws IOException {
         return readString(DerValue.tag_PrintableString, "Printable",
-                          "ASCII");
+                          US_ASCII);
     }
 
     /**
@@ -475,22 +478,21 @@
         /*
          * Works for common characters between T61 and ASCII.
          */
-        return readString(DerValue.tag_T61String, "T61", "ISO-8859-1");
+        return readString(DerValue.tag_T61String, "T61", ISO_8859_1);
     }
 
     /**
-     * Read a string that was encoded as a IA5tring DER value.
+     * Read a string that was encoded as a IA5String DER value.
      */
     public String getIA5String() throws IOException {
-        return readString(DerValue.tag_IA5String, "IA5", "ASCII");
+        return readString(DerValue.tag_IA5String, "IA5", US_ASCII);
     }
 
     /**
      * Read a string that was encoded as a BMPString DER value.
      */
     public String getBMPString() throws IOException {
-        return readString(DerValue.tag_BMPString, "BMP",
-                          "UnicodeBigUnmarked");
+        return readString(DerValue.tag_BMPString, "BMP", UTF_16BE);
     }
 
     /**
@@ -498,7 +500,7 @@
      */
     public String getGeneralString() throws IOException {
         return readString(DerValue.tag_GeneralString, "General",
-                          "ASCII");
+                          US_ASCII);
     }
 
     /**
@@ -510,7 +512,7 @@
      * correspond to the stringTag above.
      */
     private String readString(byte stringTag, String stringName,
-                              String enc) throws IOException {
+                              Charset charset) throws IOException {
 
         if (buffer.read() != stringTag)
             throw new IOException("DER input not a " +
@@ -522,7 +524,7 @@
             throw new IOException("Short read of DER " +
                                   stringName + " string");
 
-        return new String(retval, enc);
+        return new String(retval, charset);
     }
 
     /**
--- a/src/java.base/share/classes/sun/security/util/DerOutputStream.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/util/DerOutputStream.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,16 @@
 import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.TimeZone;
 import java.util.Comparator;
 import java.util.Arrays;
-import java.math.BigInteger;
 import java.util.Locale;
 
+import static java.nio.charset.StandardCharsets.*;
 
 /**
  * Output stream marshaling DER-encoded data.  This is eventually provided
@@ -398,14 +400,14 @@
      * Marshals a string as a DER encoded UTF8String.
      */
     public void putUTF8String(String s) throws IOException {
-        writeString(s, DerValue.tag_UTF8String, "UTF8");
+        writeString(s, DerValue.tag_UTF8String, UTF_8);
     }
 
     /**
      * Marshals a string as a DER encoded PrintableString.
      */
     public void putPrintableString(String s) throws IOException {
-        writeString(s, DerValue.tag_PrintableString, "ASCII");
+        writeString(s, DerValue.tag_PrintableString, US_ASCII);
     }
 
     /**
@@ -416,28 +418,28 @@
          * Works for characters that are defined in both ASCII and
          * T61.
          */
-        writeString(s, DerValue.tag_T61String, "ISO-8859-1");
+        writeString(s, DerValue.tag_T61String, ISO_8859_1);
     }
 
     /**
      * Marshals a string as a DER encoded IA5String.
      */
     public void putIA5String(String s) throws IOException {
-        writeString(s, DerValue.tag_IA5String, "ASCII");
+        writeString(s, DerValue.tag_IA5String, US_ASCII);
     }
 
     /**
      * Marshals a string as a DER encoded BMPString.
      */
     public void putBMPString(String s) throws IOException {
-        writeString(s, DerValue.tag_BMPString, "UnicodeBigUnmarked");
+        writeString(s, DerValue.tag_BMPString, UTF_16BE);
     }
 
     /**
      * Marshals a string as a DER encoded GeneralString.
      */
     public void putGeneralString(String s) throws IOException {
-        writeString(s, DerValue.tag_GeneralString, "ASCII");
+        writeString(s, DerValue.tag_GeneralString, US_ASCII);
     }
 
     /**
@@ -448,10 +450,10 @@
      * @param enc the name of the encoder that should be used corresponding
      * to the above tag.
      */
-    private void writeString(String s, byte stringTag, String enc)
+    private void writeString(String s, byte stringTag, Charset charset)
         throws IOException {
 
-        byte[] data = s.getBytes(enc);
+        byte[] data = s.getBytes(charset);
         write(stringTag);
         putLength(data.length);
         write(data);
@@ -502,7 +504,7 @@
 
         SimpleDateFormat sdf = new SimpleDateFormat(pattern, Locale.US);
         sdf.setTimeZone(tz);
-        byte[] time = (sdf.format(d)).getBytes("ISO-8859-1");
+        byte[] time = (sdf.format(d)).getBytes(ISO_8859_1);
 
         /*
          * Write the formatted date.
--- a/src/java.base/share/classes/sun/security/util/DerValue.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/util/DerValue.java	Tue Nov 12 01:36:17 2019 -0800
@@ -27,8 +27,11 @@
 
 import java.io.*;
 import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.util.Date;
 
+import static java.nio.charset.StandardCharsets.*;
+
 /**
  * Represents a single DER-encoded value.  DER encoding rules are a subset
  * of the "Basic" Encoding Rules (BER), but they only support a single way
@@ -204,7 +207,7 @@
     /**
      * Creates a PrintableString or UTF8string DER value from a string
      */
-    public DerValue(String value) throws IOException {
+    public DerValue(String value) {
         boolean isPrintableString = true;
         for (int i = 0; i < value.length(); i++) {
             if (!isPrintableStringChar(value.charAt(i))) {
@@ -221,7 +224,7 @@
      * @param stringTag the tag for the DER value to create
      * @param value the String object to use for the DER value
      */
-    public DerValue(byte stringTag, String value) throws IOException {
+    public DerValue(byte stringTag, String value) {
         data = init(stringTag, value);
     }
 
@@ -337,9 +340,8 @@
         this(in, true);
     }
 
-    private DerInputStream init(byte stringTag, String value)
-        throws IOException {
-        String enc = null;
+    private DerInputStream init(byte stringTag, String value) {
+        final Charset charset;
 
         tag = stringTag;
 
@@ -347,16 +349,16 @@
         case tag_PrintableString:
         case tag_IA5String:
         case tag_GeneralString:
-            enc = "ASCII";
+            charset = US_ASCII;
             break;
         case tag_T61String:
-            enc = "ISO-8859-1";
+            charset = ISO_8859_1;
             break;
         case tag_BMPString:
-            enc = "UnicodeBigUnmarked";
+            charset = UTF_16BE;
             break;
         case tag_UTF8String:
-            enc = "UTF8";
+            charset = UTF_8;
             break;
             // TBD: Need encoder for UniversalString before it can
             // be handled.
@@ -364,7 +366,7 @@
             throw new IllegalArgumentException("Unsupported DER string type");
         }
 
-        byte[] buf = value.getBytes(enc);
+        byte[] buf = value.getBytes(charset);
         length = buf.length;
         buffer = new DerInputBuffer(buf, true);
         DerInputStream result = new DerInputStream(buffer);
@@ -665,7 +667,7 @@
             throw new IOException(
                 "DerValue.getPrintableString, not a string " + tag);
 
-        return new String(getDataBytes(), "ASCII");
+        return new String(getDataBytes(), US_ASCII);
     }
 
     /**
@@ -678,7 +680,7 @@
             throw new IOException(
                 "DerValue.getT61String, not T61 " + tag);
 
-        return new String(getDataBytes(), "ISO-8859-1");
+        return new String(getDataBytes(), ISO_8859_1);
     }
 
     /**
@@ -691,7 +693,7 @@
             throw new IOException(
                 "DerValue.getIA5String, not IA5 " + tag);
 
-        return new String(getDataBytes(), "ASCII");
+        return new String(getDataBytes(), US_ASCII);
     }
 
     /**
@@ -707,7 +709,7 @@
 
         // BMPString is the same as Unicode in big endian, unmarked
         // format.
-        return new String(getDataBytes(), "UnicodeBigUnmarked");
+        return new String(getDataBytes(), UTF_16BE);
     }
 
     /**
@@ -721,7 +723,7 @@
             throw new IOException(
                 "DerValue.getUTF8String, not UTF-8 " + tag);
 
-        return new String(getDataBytes(), "UTF8");
+        return new String(getDataBytes(), UTF_8);
     }
 
     /**
@@ -735,7 +737,7 @@
             throw new IOException(
                 "DerValue.getGeneralString, not GeneralString " + tag);
 
-        return new String(getDataBytes(), "ASCII");
+        return new String(getDataBytes(), US_ASCII);
     }
 
     /**
--- a/src/java.base/share/classes/sun/security/util/DomainName.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/util/DomainName.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.ssl.SSLLogger;
 
 /**
@@ -151,7 +153,7 @@
         private final boolean hasExceptions;
 
         private Rules(InputStream is) throws IOException {
-            InputStreamReader isr = new InputStreamReader(is, "UTF-8");
+            InputStreamReader isr = new InputStreamReader(is, UTF_8);
             BufferedReader reader = new BufferedReader(isr);
             boolean hasExceptions = false;
 
--- a/src/java.base/share/classes/sun/security/util/HexDumpEncoder.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/util/HexDumpEncoder.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,8 @@
 import java.io.IOException;
 import java.nio.ByteBuffer;
 
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
+
 /**
  * This class encodes a buffer into the classic: "Hexadecimal Dump" format of
  * the past. It is useful for analyzing the contents of binary buffers.
@@ -183,17 +185,15 @@
      */
     public String encode(byte aBuffer[]) {
         ByteArrayOutputStream outStream = new ByteArrayOutputStream();
-        ByteArrayInputStream    inStream = new ByteArrayInputStream(aBuffer);
-        String retVal = null;
+        ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer);
         try {
             encode(inStream, outStream);
             // explicit ascii->unicode conversion
-            retVal = outStream.toString("ISO-8859-1");
-        } catch (Exception IOException) {
+            return outStream.toString(ISO_8859_1);
+        } catch (IOException ignore) {
             // This should never happen.
             throw new Error("CharacterEncoder.encode internal error");
         }
-        return (retVal);
     }
 
     /**
--- a/src/java.base/share/classes/sun/security/x509/AVA.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/x509/AVA.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@
 import java.text.Normalizer;
 import java.util.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.action.GetBooleanAction;
 import sun.security.util.*;
 import sun.security.pkcs.PKCS9Attribute;
@@ -525,14 +527,13 @@
         return null;
     }
 
-    private static String getEmbeddedHexString(List<Byte> hexList)
-                                                throws IOException {
+    private static String getEmbeddedHexString(List<Byte> hexList) {
         int n = hexList.size();
         byte[] hexBytes = new byte[n];
         for (int i = 0; i < n; i++) {
-                hexBytes[i] = hexList.get(i).byteValue();
+            hexBytes[i] = hexList.get(i).byteValue();
         }
-        return new String(hexBytes, "UTF8");
+        return new String(hexBytes, UTF_8);
     }
 
     private static boolean isTerminator(int ch, int format) {
@@ -752,7 +753,7 @@
              */
             String valStr = null;
             try {
-                valStr = new String(value.getDataBytes(), "UTF8");
+                valStr = new String(value.getDataBytes(), UTF_8);
             } catch (IOException ie) {
                 throw new IllegalArgumentException("DER Value conversion");
             }
@@ -804,13 +805,7 @@
 
                     // embed non-printable/non-escaped char
                     // as escaped hex pairs for debugging
-                    byte[] valueBytes = null;
-                    try {
-                        valueBytes = Character.toString(c).getBytes("UTF8");
-                    } catch (IOException ie) {
-                        throw new IllegalArgumentException
-                                        ("DER Value conversion");
-                    }
+                    byte[] valueBytes = Character.toString(c).getBytes(UTF_8);
                     for (int j = 0; j < valueBytes.length; j++) {
                         sbuffer.append('\\');
                         char hexChar = Character.forDigit
@@ -905,7 +900,7 @@
              */
             String valStr = null;
             try {
-                valStr = new String(value.getDataBytes(), "UTF8");
+                valStr = new String(value.getDataBytes(), UTF_8);
             } catch (IOException ie) {
                 throw new IllegalArgumentException("DER Value conversion");
             }
@@ -966,13 +961,7 @@
 
                     previousWhite = false;
 
-                    byte[] valueBytes = null;
-                    try {
-                        valueBytes = Character.toString(c).getBytes("UTF8");
-                    } catch (IOException ie) {
-                        throw new IllegalArgumentException
-                                        ("DER Value conversion");
-                    }
+                    byte[] valueBytes = Character.toString(c).getBytes(UTF_8);
                     for (int j = 0; j < valueBytes.length; j++) {
                         sbuffer.append('\\');
                         sbuffer.append(Character.forDigit
@@ -1116,7 +1105,7 @@
 
                         // embed escaped hex pairs
                         byte[] valueBytes =
-                                Character.toString(c).getBytes("UTF8");
+                                Character.toString(c).getBytes(UTF_8);
                         for (int j = 0; j < valueBytes.length; j++) {
                             sbuffer.append('\\');
                             char hexChar = Character.forDigit
--- a/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.base/share/classes/sun/security/x509/X509CertImpl.java	Tue Nov 12 01:36:17 2019 -0800
@@ -45,6 +45,8 @@
 import sun.security.util.*;
 import sun.security.provider.X509Factory;
 
+import static java.nio.charset.StandardCharsets.US_ASCII;
+
 /**
  * The X509CertImpl class represents an X.509 certificate. These certificates
  * are widely used to support authentication and other functionality in
@@ -250,7 +252,7 @@
         DerValue der = null;
         String line = null;
         BufferedReader certBufferedReader =
-            new BufferedReader(new InputStreamReader(in, "ASCII"));
+            new BufferedReader(new InputStreamReader(in, US_ASCII));
         try {
             line = certBufferedReader.readLine();
         } catch (IOException ioe1) {
--- a/src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/GSSNameImpl.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,11 +32,12 @@
 import java.util.HashSet;
 import java.util.Arrays;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import sun.security.util.ObjectIdentifier;
 import sun.security.util.DerInputStream;
 import sun.security.util.DerOutputStream;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This is the implementation class for GSSName. Conceptually the
  * GSSName is a container with mechanism specific name elements. Each
@@ -227,13 +228,10 @@
         byte[] bytes = null;
 
         if (appName instanceof String) {
-            try {
-                bytes = ((String) appName).getBytes("UTF-8");
-            } catch (UnsupportedEncodingException e) {
-                // Won't happen
-            }
-        } else
+            bytes = ((String) appName).getBytes(UTF_8);
+        } else {
             bytes = (byte[]) appName;
+        }
 
         if ((bytes[pos++] != 0x04) ||
             (bytes[pos++] != 0x01))
@@ -320,21 +318,14 @@
             if (!this.appNameType.equals(that.appNameType)) {
                 return false;
             }
-            byte[] myBytes = null;
-            byte[] bytes = null;
-            try {
-                myBytes =
+            byte[] myBytes =
                     (this.appNameStr != null ?
-                     this.appNameStr.getBytes("UTF-8") :
+                     this.appNameStr.getBytes(UTF_8) :
                      this.appNameBytes);
-                bytes =
+            byte[] bytes =
                     (that.appNameStr != null ?
-                     that.appNameStr.getBytes("UTF-8") :
+                     that.appNameStr.getBytes(UTF_8) :
                      that.appNameBytes);
-            } catch (UnsupportedEncodingException e) {
-                // Won't happen
-            }
-
             return Arrays.equals(myBytes, bytes);
         }
 
--- a/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5NameElement.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5NameElement.java	Tue Nov 12 01:36:17 2019 -0800
@@ -32,12 +32,13 @@
 import sun.security.krb5.KrbException;
 
 import javax.security.auth.kerberos.ServicePermission;
-import java.io.UnsupportedEncodingException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.Provider;
 import java.util.Locale;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * Implements the GSSNameSpi for the krb5 mechanism.
  *
@@ -51,9 +52,6 @@
     private String gssNameStr = null;
     private Oid gssNameType = null;
 
-    // XXX Move this concept into PrincipalName's asn1Encode() sometime
-    private static String CHAR_ENCODING = "UTF-8";
-
     private Krb5NameElement(PrincipalName principalName,
                             String gssNameStr,
                             Oid gssNameType) {
@@ -285,13 +283,7 @@
      */
     public byte[] export() throws GSSException {
         // XXX Apply the above constraints.
-        byte[] retVal = null;
-        try {
-            retVal = krb5PrincipalName.getName().getBytes(CHAR_ENCODING);
-        } catch (UnsupportedEncodingException e) {
-            // Can't happen
-        }
-        return retVal;
+        return krb5PrincipalName.getName().getBytes(UTF_8);
     }
 
     /**
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Tue Nov 12 01:36:17 2019 -0800
@@ -29,7 +29,6 @@
 import java.security.Provider;
 import java.security.Security;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import sun.security.krb5.Realm;
 import sun.security.jgss.GSSUtil;
 import sun.security.util.ObjectIdentifier;
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/NativeGSSFactory.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package sun.security.jgss.wrapper;
 
-import java.io.UnsupportedEncodingException;
 import java.security.Provider;
 import java.util.Vector;
 import org.ietf.jgss.*;
@@ -34,6 +33,8 @@
 import sun.security.jgss.GSSExceptionImpl;
 import sun.security.jgss.spi.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * JGSS plugin for generic mechanisms provided through native GSS framework.
  *
@@ -80,14 +81,9 @@
 
     public GSSNameSpi getNameElement(String nameStr, Oid nameType)
         throws GSSException {
-        try {
-            byte[] nameBytes =
-                (nameStr == null ? null : nameStr.getBytes("UTF-8"));
-            return new GSSNameElement(nameBytes, nameType, cStub);
-        } catch (UnsupportedEncodingException uee) {
-            // Shouldn't happen
-            throw new GSSExceptionImpl(GSSException.FAILURE, uee);
-        }
+        byte[] nameBytes =
+                (nameStr == null ? null : nameStr.getBytes(UTF_8));
+        return new GSSNameElement(nameBytes, nameType, cStub);
     }
 
     public GSSNameSpi getNameElement(byte[] name, Oid nameType)
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ETypeInfo.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ETypeInfo.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,13 @@
 
 package sun.security.krb5.internal;
 
-import sun.security.util.*;
+import java.io.IOException;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.krb5.Asn1Exception;
-import java.io.IOException;
 import sun.security.krb5.internal.util.KerberosString;
+import sun.security.util.*;
 
 /**
  * Implements the ASN.1 ETYPE-INFO-ENTRY type.
@@ -99,7 +102,7 @@
                 // KerberosString in most implementations.
 
                 if (KerberosString.MSNAME) {
-                    this.salt = new String(saltBytes, "UTF8");
+                    this.salt = new String(saltBytes, UTF_8);
                 } else {
                     this.salt = new String(saltBytes);
                 }
@@ -129,7 +132,7 @@
         if (salt != null) {
             temp = new DerOutputStream();
             if (KerberosString.MSNAME) {
-                temp.putOctetString(salt.getBytes("UTF8"));
+                temp.putOctetString(salt.getBytes(UTF_8));
             } else {
                 temp.putOctetString(salt.getBytes());
             }
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/PAData.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/PAData.java	Tue Nov 12 01:36:17 2019 -0800
@@ -31,13 +31,15 @@
 
 package sun.security.krb5.internal;
 
-import sun.security.krb5.internal.crypto.EType;
-import sun.security.util.*;
-import sun.security.krb5.Asn1Exception;
 import java.io.IOException;
 import java.util.Vector;
 
+import static java.nio.charset.StandardCharsets.*;
+
+import sun.security.krb5.Asn1Exception;
 import sun.security.krb5.internal.util.KerberosString;
+import sun.security.krb5.internal.crypto.EType;
+import sun.security.util.*;
 
 /**
  * Implements the ASN.1 PA-DATA type.
@@ -263,7 +265,7 @@
             switch (p.getType()) {
                 case Krb5.PA_PW_SALT:
                     paPwSalt = new String(p.getValue(),
-                            KerberosString.MSNAME?"UTF8":"8859_1");
+                            KerberosString.MSNAME ? UTF_8 : ISO_8859_1);
                     break;
                 case Krb5.PA_ETYPE_INFO:
                     d = new DerValue(p.getValue());
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/PAForUserEnc.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/PAForUserEnc.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,8 @@
 import sun.security.util.DerOutputStream;
 import sun.security.util.DerValue;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * Implements the ASN.1 PA-FOR-USER type.
  *
@@ -163,25 +165,20 @@
      * 4. the string value of auth-package field
      */
     public byte[] getS4UByteArray() {
-        try {
-            ByteArrayOutputStream ba = new ByteArrayOutputStream();
-            ba.write(new byte[4]);
-            for (String s: name.getNameStrings()) {
-                ba.write(s.getBytes("UTF-8"));
-            }
-            ba.write(name.getRealm().toString().getBytes("UTF-8"));
-            ba.write(AUTH_PACKAGE.getBytes("UTF-8"));
-            byte[] output = ba.toByteArray();
-            int pnType = name.getNameType();
-            output[0] = (byte)(pnType & 0xff);
-            output[1] = (byte)((pnType>>8) & 0xff);
-            output[2] = (byte)((pnType>>16) & 0xff);
-            output[3] = (byte)((pnType>>24) & 0xff);
-            return output;
-        } catch (IOException ioe) {
-            // not possible
-            throw new AssertionError("Cannot write ByteArrayOutputStream", ioe);
+        ByteArrayOutputStream ba = new ByteArrayOutputStream();
+        ba.writeBytes(new byte[4]);
+        for (String s: name.getNameStrings()) {
+            ba.writeBytes(s.getBytes(UTF_8));
         }
+        ba.writeBytes(name.getRealm().toString().getBytes(UTF_8));
+        ba.writeBytes(AUTH_PACKAGE.getBytes(UTF_8));
+        byte[] output = ba.toByteArray();
+        int pnType = name.getNameType();
+        output[0] = (byte)(pnType & 0xff);
+        output[1] = (byte)((pnType>>8) & 0xff);
+        output[2] = (byte)((pnType>>16) & 0xff);
+        output[3] = (byte)((pnType>>24) & 0xff);
+        return output;
     }
 
     public String toString() {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ccache/FileCredentialsCache.java	Tue Nov 12 01:36:17 2019 -0800
@@ -51,6 +51,8 @@
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
+
 /**
  * CredentialsCache stores credentials(tickets, session keys, etc) in a
  * semi-permanent store
@@ -594,7 +596,7 @@
 
             BufferedReader commandResult =
                 new BufferedReader
-                    (new InputStreamReader(p.getInputStream(), "8859_1"));
+                    (new InputStreamReader(p.getInputStream(), ISO_8859_1));
             String s1 = null;
             if ((command.length == 1) &&
                 (command[0].equals("/usr/bin/env"))) {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,8 @@
 import sun.security.krb5.internal.crypto.KeyUsage;
 import java.util.Arrays;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This class provides the implementation of AES Encryption for Kerberos
  * as defined RFC 3962.
@@ -104,7 +106,7 @@
 
         byte[] saltUtf8 = null;
         try {
-            saltUtf8 = salt.getBytes("UTF-8");
+            saltUtf8 = salt.getBytes(UTF_8);
             return stringToKey(password, saltUtf8, s2kparams);
         } catch (Exception e) {
             return null;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,8 @@
 import sun.security.krb5.internal.crypto.KeyUsage;
 import java.util.Arrays;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
  * This class provides the implementation of AES Encryption with
  * HMAC-SHA2 for Kerberos 5
@@ -107,7 +109,7 @@
 
         byte[] saltUtf8 = null;
         try {
-            saltUtf8 = salt.getBytes("UTF-8");
+            saltUtf8 = salt.getBytes(UTF_8);
             return stringToKey(password, saltUtf8, s2kparams);
         } catch (Exception e) {
             return null;
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/DkCrypto.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/DkCrypto.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -33,7 +33,6 @@
 import javax.crypto.Cipher;
 import javax.crypto.Mac;
 import java.security.GeneralSecurityException;
-import java.io.UnsupportedEncodingException;
 import java.util.Arrays;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -45,6 +44,8 @@
 import sun.security.krb5.internal.crypto.KeyUsage;
 import sun.security.krb5.KrbCryptoException;
 
+import static java.nio.charset.StandardCharsets.*;
+
 /**
  * Implements Derive Key cryptography functionality as defined in RFC 3961.
  * http://www.ietf.org/rfc/rfc3961.txt
@@ -672,13 +673,11 @@
         }
     }
 
-// String.getBytes("UTF-8");
+// String.getBytes(UTF_8);
 // Do this instead of using String to avoid making password immutable
     static byte[] charToUtf8(char[] chars) {
-        Charset utf8 = Charset.forName("UTF-8");
-
         CharBuffer cb = CharBuffer.wrap(chars);
-        ByteBuffer bb = utf8.encode(cb);
+        ByteBuffer bb = UTF_8.encode(cb);
         int len = bb.limit();
         byte[] answer = new byte[len];
         bb.get(answer, 0, len);
@@ -686,10 +685,8 @@
     }
 
     static byte[] charToUtf16(char[] chars) {
-        Charset utf8 = Charset.forName("UTF-16LE");
-
         CharBuffer cb = CharBuffer.wrap(chars);
-        ByteBuffer bb = utf8.encode(cb);
+        ByteBuffer bb = UTF_16LE.encode(cb);
         int len = bb.limit();
         byte[] answer = new byte[len];
         bb.get(answer, 0, len);
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabEntry.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +33,8 @@
 
 import sun.security.krb5.*;
 import sun.security.krb5.internal.*;
-import java.io.UnsupportedEncodingException;
+
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
 
 /**
  * This class represents a Key Table entry. Each entry contains the service principal of
@@ -83,17 +85,10 @@
         int totalPrincipalLength = 0;
         String[] names = service.getNameStrings();
         for (int i = 0; i < names.length; i++) {
-            try {
-                totalPrincipalLength += principalSize + names[i].getBytes("8859_1").length;
-            } catch (UnsupportedEncodingException exc) {
-            }
+            totalPrincipalLength += principalSize + names[i].getBytes(ISO_8859_1).length;
         }
 
-        int realmLen = 0;
-        try {
-            realmLen = realm.toString().getBytes("8859_1").length;
-        } catch (UnsupportedEncodingException exc) {
-        }
+        int realmLen = realm.toString().getBytes(ISO_8859_1).length;
 
         int size = principalComponentSize +  realmSize + realmLen
             + totalPrincipalLength + principalTypeSize
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabOutputStream.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/ktab/KeyTabOutputStream.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,7 +36,8 @@
 import java.io.IOException;
 import java.io.FileOutputStream;
 import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
+
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
 
 /**
  * This class implements a buffered input stream. It is used for parsing key table
@@ -68,21 +70,16 @@
         }
         else write16(comp_num);
 
-        byte[] realm = null;
-        try {
-            realm = entry.service.getRealmString().getBytes("8859_1");
-        } catch (UnsupportedEncodingException exc) {
-        }
-
+        byte[] realm = entry.service.getRealmString().getBytes(ISO_8859_1);
         write16(realm.length);
         write(realm);
+
         for (int i = 0; i < comp_num; i++) {
-            try {
-                write16(serviceNames[i].getBytes("8859_1").length);
-                write(serviceNames[i].getBytes("8859_1"));
-            } catch (UnsupportedEncodingException exc) {
-            }
+            byte[] serviceName = serviceNames[i].getBytes(ISO_8859_1);
+            write16(serviceName.length);
+            write(serviceName);
         }
+
         write32(entry.service.getNameType());
         //time is long, but we only use 4 bytes to store the data.
         write32((int)(entry.timestamp.getTime()/1000));
--- a/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/internal/util/KerberosString.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@
 import sun.security.action.GetPropertyAction;
 import sun.security.util.DerValue;
 
+import static java.nio.charset.StandardCharsets.*;
+
 /**
  * Implements the ASN.1 KerberosString type.
  *
@@ -71,17 +73,17 @@
             throw new IOException(
                 "KerberosString's tag is incorrect: " + der.tag);
         }
-        s = new String(der.getDataBytes(), MSNAME?"UTF8":"ASCII");
+        s = new String(der.getDataBytes(), MSNAME ? UTF_8 : US_ASCII);
     }
 
     public String toString() {
         return s;
     }
 
-    public DerValue toDerValue() throws IOException {
+    public DerValue toDerValue() {
         // No need to cache the result since this method is
         // only called once.
         return new DerValue(DerValue.tag_GeneralString,
-                s.getBytes(MSNAME?"UTF8":"ASCII"));
+                s.getBytes(MSNAME ? UTF_8 : US_ASCII));
     }
 }
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,8 @@
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
   * Client factory for EXTERNAL, CRAM-MD5, PLAIN.
   *
@@ -141,7 +143,7 @@
             String authId;
 
             if (pw != null) {
-                bytepw = new String(pw).getBytes("UTF8");
+                bytepw = new String(pw).getBytes(UTF_8);
                 pcb.clearPassword();
             } else {
                 bytepw = null;
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
 import java.util.logging.Logger;
 import java.util.logging.Level;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
   * Implements the CRAM-MD5 SASL client-side mechanism.
   * (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
@@ -82,8 +84,8 @@
      *        data from the server.
      * @return A non-null byte array containing the response to be sent to
      *        the server.
-     * @throws SaslException If platform does not have MD5 support
-     * @throw IllegalStateException if this method is invoked more than once.
+     * @throws SaslException if platform does not have MD5 support
+     * @throws IllegalStateException if this method is invoked more than once.
      */
     public byte[] evaluateChallenge(byte[] challengeData)
         throws SaslException {
@@ -103,7 +105,7 @@
         try {
             if (logger.isLoggable(Level.FINE)) {
                 logger.log(Level.FINE, "CRAMCLNT01:Received challenge: {0}",
-                    new String(challengeData, "UTF8"));
+                    new String(challengeData, UTF_8));
             }
 
             String digest = HMAC_MD5(pw, challengeData);
@@ -118,13 +120,10 @@
 
             completed = true;
 
-            return resp.getBytes("UTF8");
+            return resp.getBytes(UTF_8);
         } catch (java.security.NoSuchAlgorithmException e) {
             aborted = true;
             throw new SaslException("MD5 algorithm not available on platform", e);
-        } catch (java.io.UnsupportedEncodingException e) {
-            aborted = true;
-            throw new SaslException("UTF8 not available on platform", e);
         }
     }
 }
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,15 +25,15 @@
 
 package com.sun.security.sasl;
 
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.util.logging.Level;
+import java.util.Map;
+import java.util.Random;
 import javax.security.sasl.*;
 import javax.security.auth.callback.*;
-import java.util.Random;
-import java.util.Map;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 
-import java.util.logging.Level;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 /**
   * Implements the CRAM-MD5 SASL server-side mechanism.
@@ -130,7 +130,7 @@
                 logger.log(Level.FINE,
                     "CRAMSRV01:Generated challenge: {0}", challengeStr);
 
-                challengeData = challengeStr.getBytes("UTF8");
+                challengeData = challengeStr.getBytes(UTF_8);
                 return challengeData.clone();
 
             } else {
@@ -138,7 +138,7 @@
                 if(logger.isLoggable(Level.FINE)) {
                     logger.log(Level.FINE,
                         "CRAMSRV02:Received response: {0}",
-                        new String(responseData, "UTF8"));
+                        new String(responseData, UTF_8));
                 }
 
                 // Extract username from response
@@ -154,7 +154,7 @@
                     throw new SaslException(
                         "CRAM-MD5: Invalid response; space missing");
                 }
-                String username = new String(responseData, 0, ulen, "UTF8");
+                String username = new String(responseData, 0, ulen, UTF_8);
 
                 logger.log(Level.FINE,
                     "CRAMSRV03:Extracted username: {0}", username);
@@ -177,7 +177,7 @@
                 for (int i = 0; i < pwChars.length; i++) {
                     pwChars[i] = 0;
                 }
-                pw = pwStr.getBytes("UTF8");
+                pw = pwStr.getBytes(UTF_8);
 
                 // Generate a keyed-MD5 digest from the user's password and
                 // original challenge.
@@ -190,7 +190,7 @@
                 clearPassword();
 
                 // Check whether digest is as expected
-                byte[] expectedDigest = digest.getBytes("UTF8");
+                byte[] expectedDigest = digest.getBytes(UTF_8);
                 int digestLen = responseData.length - ulen - 1;
                 if (expectedDigest.length != digestLen) {
                     aborted = true;
@@ -222,9 +222,6 @@
                 completed = true;
                 return null;
             }
-        } catch (UnsupportedEncodingException e) {
-            aborted = true;
-            throw new SaslException("UTF8 not available on platform", e);
         } catch (NoSuchAlgorithmException e) {
             aborted = true;
             throw new SaslException("MD5 algorithm not available on platform", e);
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import javax.security.sasl.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
   * Implements the EXTERNAL SASL client mechanism.
   * (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
@@ -43,17 +45,10 @@
      * Constructs an External mechanism with optional authorization ID.
      *
      * @param authorizationID If non-null, used to specify authorization ID.
-     * @throws SaslException if cannot convert authorizationID into UTF-8
-     *     representation.
      */
-    ExternalClient(String authorizationID) throws SaslException {
+    ExternalClient(String authorizationID) {
         if (authorizationID != null) {
-            try {
-                username = authorizationID.getBytes("UTF8");
-            } catch (java.io.UnsupportedEncodingException e) {
-                throw new SaslException("Cannot convert " + authorizationID +
-                    " into UTF-8", e);
-            }
+            username = authorizationID.getBytes(UTF_8);
         } else {
             username = new byte[0];
         }
@@ -88,10 +83,9 @@
      *
      * @param challengeData Ignored.
      * @return The possible empty initial response.
-     * @throws SaslException If authentication has already been called.
+     * @throws IllegalStateException If authentication has already been called.
      */
-    public byte[] evaluateChallenge(byte[] challengeData)
-        throws SaslException {
+    public byte[] evaluateChallenge(byte[] challengeData) {
         if (completed) {
             throw new IllegalStateException(
                 "EXTERNAL authentication already completed");
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 
 import javax.security.sasl.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 /**
   * Implements the PLAIN SASL client mechanism.
   * (<A
@@ -89,43 +91,37 @@
      *
      * @param challengeData Ignored
      * @return A non-null byte array containing the response to be sent to the server.
-     * @throws SaslException If cannot encode ids in UTF-8
-     * @throw IllegalStateException if authentication already completed
+     * @throws IllegalStateException if authentication already completed
      */
-    public byte[] evaluateChallenge(byte[] challengeData) throws SaslException {
+    public byte[] evaluateChallenge(byte[] challengeData) {
         if (completed) {
             throw new IllegalStateException(
                 "PLAIN authentication already completed");
         }
         completed = true;
+        byte[] authz = (authorizationID != null)
+            ? authorizationID.getBytes(UTF_8)
+            : null;
+        byte[] auth = authenticationID.getBytes(UTF_8);
 
-        try {
-            byte[] authz = (authorizationID != null)?
-                authorizationID.getBytes("UTF8") :
-                null;
-            byte[] auth = authenticationID.getBytes("UTF8");
-
-            byte[] answer = new byte[pw.length + auth.length + 2 +
+        byte[] answer = new byte[pw.length + auth.length + 2 +
                 (authz == null ? 0 : authz.length)];
 
-            int pos = 0;
-            if (authz != null) {
-                System.arraycopy(authz, 0, answer, 0, authz.length);
-                pos = authz.length;
-            }
-            answer[pos++] = SEP;
-            System.arraycopy(auth, 0, answer, pos, auth.length);
+        int pos = 0;
+        if (authz != null) {
+            System.arraycopy(authz, 0, answer, 0, authz.length);
+            pos = authz.length;
+        }
+        answer[pos++] = SEP;
+        System.arraycopy(auth, 0, answer, pos, auth.length);
 
-            pos += auth.length;
-            answer[pos++] = SEP;
-
-            System.arraycopy(pw, 0, answer, pos, pw.length);
+        pos += auth.length;
+        answer[pos++] = SEP;
 
-            clearPassword();
-            return answer;
-        } catch (java.io.UnsupportedEncodingException e) {
-            throw new SaslException("Cannot get UTF-8 encoding of ids", e);
-        }
+        System.arraycopy(pw, 0, answer, pos, pw.length);
+
+        clearPassword();
+        return answer;
     }
 
     /**
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Base.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,17 +25,15 @@
 
 package com.sun.security.sasl.digest;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.charset.Charset;
 import java.util.Map;
 import java.util.Arrays;
 import java.util.List;
 import java.util.logging.Level;
-import java.math.BigInteger;
 import java.util.Random;
-
-import java.io.ByteArrayOutputStream;
-import java.io.UnsupportedEncodingException;
-import java.io.IOException;
-
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.InvalidKeyException;
@@ -43,6 +41,8 @@
 import java.security.spec.InvalidKeySpecException;
 import java.security.InvalidAlgorithmParameterException;
 
+import static java.nio.charset.StandardCharsets.*;
+
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.Mac;
@@ -54,11 +54,11 @@
 import javax.crypto.spec.DESKeySpec;
 import javax.crypto.spec.DESedeKeySpec;
 
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.sasl.*;
+
 import com.sun.security.sasl.util.AbstractSaslImpl;
 
-import javax.security.auth.callback.CallbackHandler;
-
 /**
  * Utility class for DIGEST-MD5 mechanism. Provides utility methods
  * and contains two inner classes which implement the SecurityCtx
@@ -151,7 +151,7 @@
     protected String negotiatedQop;
     protected String negotiatedRealm;
     protected boolean useUTF8 = false;
-    protected String encoding = "8859_1";  // default unless server specifies utf-8
+    protected Charset encoding = ISO_8859_1;  // default unless server specifies utf-8
 
     protected String digestUri;
     protected String authzid;       // authzid or canonicalized authzid
@@ -384,8 +384,7 @@
      * @param a non-null byte array
      * @return a non-null String contain the HEX value
      */
-    protected byte[] binaryToHex(byte[] digest) throws
-    UnsupportedEncodingException {
+    protected byte[] binaryToHex(byte[] digest) {
 
         StringBuilder digestString = new StringBuilder();
 
@@ -405,26 +404,21 @@
      * if all chars in string are within the 8859_1 (Latin 1) encoding range.
      *
      * @param a non-null String
-     * @return a non-nuill byte array containing the correct character encoding
+     * @return a non-null byte array containing the correct character encoding
      * for username, paswd or realm.
      */
-    protected byte[] stringToByte_8859_1(String str) throws SaslException {
+    protected byte[] stringToByte_8859_1(String str) {
 
         char[] buffer = str.toCharArray();
 
-        try {
-            if (useUTF8) {
-                for( int i = 0; i< buffer.length; i++ ) {
-                    if( buffer[i] > '\u00FF' ) {
-                        return str.getBytes("UTF8");
-                    }
+        if (useUTF8) {
+            for (int i = 0; i < buffer.length; i++) {
+                if (buffer[i] > '\u00FF') {
+                    return str.getBytes(UTF_8);
                 }
             }
-            return str.getBytes("8859_1");
-        } catch (UnsupportedEncodingException e) {
-            throw new SaslException(
-                "cannot encode string in UTF8 or 8859-1 (Latin-1)", e);
         }
+        return str.getBytes(ISO_8859_1);
     }
 
     protected static byte[] getPlatformCiphers() {
@@ -461,8 +455,6 @@
      * @return A non-null byte array containing the repsonse-value.
      * @throws NoSuchAlgorithmException if the platform does not have MD5
      * digest support.
-     * @throws UnsupportedEncodingException if a an error occurs
-     * encoding a string into either Latin-1 or UTF-8.
      * @throws IOException if an error occurs writing to the output
      * byte array buffer.
      */
@@ -478,7 +470,6 @@
         int nonceCount,
         byte[] authzidValue
         ) throws NoSuchAlgorithmException,
-            UnsupportedEncodingException,
             IOException {
 
         MessageDigest md5 = MessageDigest.getInstance("MD5");
@@ -845,14 +836,9 @@
             try {
                 generateIntegrityKeyPair(clientMode);
 
-            } catch (UnsupportedEncodingException e) {
-                throw new SaslException(
-                    "DIGEST-MD5: Error encoding strings into UTF-8", e);
-
             } catch (IOException e) {
                 throw new SaslException("DIGEST-MD5: Error accessing buffers " +
                     "required to create integrity key pairs", e);
-
             } catch (NoSuchAlgorithmException e) {
                 throw new SaslException("DIGEST-MD5: Unsupported digest " +
                     "algorithm used to create integrity key pairs", e);
@@ -866,16 +852,13 @@
          * Generate client-server, server-client key pairs for DIGEST-MD5
          * integrity checking.
          *
-         * @throws UnsupportedEncodingException if the UTF-8 encoding is not
-         * supported on the platform.
          * @throws IOException if an error occurs when writing to or from the
          * byte array output buffers.
          * @throws NoSuchAlgorithmException if the MD5 message digest algorithm
          * cannot loaded.
          */
         private void generateIntegrityKeyPair(boolean clientMode)
-            throws UnsupportedEncodingException, IOException,
-                NoSuchAlgorithmException {
+            throws IOException, NoSuchAlgorithmException {
 
             byte[] cimagic = CLIENT_INT_MAGIC.getBytes(encoding);
             byte[] simagic = SVR_INT_MAGIC.getBytes(encoding);
@@ -1130,11 +1113,6 @@
 
             } catch (SaslException e) {
                 throw e;
-
-            } catch (UnsupportedEncodingException e) {
-                throw new SaslException(
-                    "DIGEST-MD5: Error encoding string value into UTF-8", e);
-
             } catch (IOException e) {
                 throw new SaslException("DIGEST-MD5: Error accessing " +
                     "buffers required to generate cipher keys", e);
@@ -1152,14 +1130,11 @@
          * byte array output buffers.
          * @throws NoSuchAlgorithmException if the MD5 message digest algorithm
          * cannot loaded.
-         * @throws UnsupportedEncodingException if an UTF-8 encoding is not
-         * supported on the platform.
-         * @throw SaslException if an error occurs initializing the keys and
+         * @throws SaslException if an error occurs initializing the keys and
          * IVs for the chosen cipher.
          */
         private void generatePrivacyKeyPair(boolean clientMode)
-            throws IOException, UnsupportedEncodingException,
-            NoSuchAlgorithmException, SaslException {
+            throws IOException, NoSuchAlgorithmException, SaslException {
 
             byte[] ccmagic = CLIENT_CONF_MAGIC.getBytes(encoding);
             byte[] scmagic = SVR_CONF_MAGIC.getBytes(encoding);
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,14 @@
 import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Arrays;
+import java.util.logging.Level;
 
-import java.util.logging.Level;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 import javax.security.sasl.*;
 import javax.security.auth.callback.CallbackHandler;
@@ -155,13 +155,7 @@
         // authzID can only be encoded in UTF8 - RFC 2222
         if (authzid != null) {
             this.authzid = authzid;
-            try {
-                authzidBytes = authzid.getBytes("UTF8");
-
-            } catch (UnsupportedEncodingException e) {
-                throw new SaslException(
-                    "DIGEST-MD5: Error encoding authzid value into UTF-8", e);
-            }
+            authzidBytes = authzid.getBytes(UTF_8);
         }
 
         if (props != null) {
@@ -272,7 +266,7 @@
     * digest challenge format is detected.
     */
     private void processChallenge(byte[][] challengeVal, List<byte[]> realmChoices)
-        throws SaslException, UnsupportedEncodingException {
+        throws SaslException {
 
         /* CHARSET: optional atmost once */
         if (challengeVal[CHARSET] != null) {
@@ -281,7 +275,7 @@
                     "violation. Unrecognised charset value: " +
                     new String(challengeVal[CHARSET]));
             } else {
-                encoding = "UTF8";
+                encoding = UTF_8;
                 useUTF8 = true;
             }
         }
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java	Tue Nov 12 01:36:17 2019 -0800
@@ -25,10 +25,9 @@
 
 package com.sun.security.sasl.digest;
 
-import java.security.NoSuchAlgorithmException;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.security.NoSuchAlgorithmException;
 import java.util.StringTokenizer;
 import java.util.ArrayList;
 import java.util.List;
@@ -40,6 +39,8 @@
 import javax.security.sasl.*;
 import javax.security.auth.callback.*;
 
+import static java.nio.charset.StandardCharsets.*;
+
 /**
   * An implementation of the DIGEST-MD5 server SASL mechanism.
   * (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
@@ -171,7 +172,7 @@
             }
         }
 
-        encoding = (useUTF8 ? "UTF8" : "8859_1");
+        encoding = (useUTF8 ? UTF_8 : ISO_8859_1);
 
         // By default, use server name as realm
         if (serverRealms.isEmpty()) {
@@ -229,9 +230,6 @@
 
                 step = 3;
                 return challenge;
-            } catch (UnsupportedEncodingException e) {
-                throw new SaslException(
-                    "DIGEST-MD5: Error encoding challenge", e);
             } catch (IOException e) {
                 throw new SaslException(
                     "DIGEST-MD5: Error generating challenge", e);
@@ -247,11 +245,6 @@
                 byte[][] responseVal = parseDirectives(response, DIRECTIVE_KEY,
                     null, REALM);
                 challenge = validateClientResponse(responseVal);
-            } catch (SaslException e) {
-                throw e;
-            } catch (UnsupportedEncodingException e) {
-                throw new SaslException(
-                    "DIGEST-MD5: Error validating client response", e);
             } finally {
                 step = 0;  // Set to invalid state
             }
@@ -298,7 +291,7 @@
      *        auth-param        = token "=" ( token | quoted-string )
      */
     private byte[] generateChallenge(List<String> realms, String qopStr,
-        String cipherStr) throws UnsupportedEncodingException, IOException {
+        String cipherStr) throws IOException {
         ByteArrayOutputStream out = new ByteArrayOutputStream();
 
         // Realms (>= 0)
@@ -389,7 +382,7 @@
      * @return response-value ('rspauth') for client to validate
      */
     private byte[] validateClientResponse(byte[][] responseVal)
-        throws SaslException, UnsupportedEncodingException {
+        throws SaslException {
 
         /* CHARSET: optional atmost once */
         if (responseVal[CHARSET] != null) {
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java	Tue Nov 12 01:36:17 2019 -0800
@@ -31,7 +31,8 @@
 import java.io.OutputStream;
 import java.io.IOException;
 import java.io.ByteArrayInputStream;
-import java.io.UnsupportedEncodingException;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -2154,11 +2155,7 @@
         if (!printable) {
             return "0x" + Functions.toHexString(bytes);
         } else {
-            try {
-                return new String(bytes, "UTF-8");
-            } catch (UnsupportedEncodingException uee) {
-                return "0x" + Functions.toHexString(bytes);
-            }
+            return new String(bytes, UTF_8);
         }
     }
 
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@
 import javax.crypto.*;
 import javax.crypto.spec.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 import sun.security.internal.spec.TlsPrfParameterSpec;
 
 import static sun.security.pkcs11.TemplateManager.*;
@@ -167,7 +169,7 @@
             }
         }
 
-        byte[] label = P11Util.getBytesUTF8(spec.getLabel());
+        byte[] label = spec.getLabel().getBytes(UTF_8);
 
         if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
             Session session = null;
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -143,14 +143,6 @@
         return b;
     }
 
-    static byte[] getBytesUTF8(String s) {
-        try {
-            return s.getBytes("UTF8");
-        } catch (java.io.UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
     static byte[] sha1(byte[] data) {
         try {
             MessageDigest md = MessageDigest.getInstance("SHA-1");
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/Config.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/Config.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,15 +26,17 @@
 package com.oracle.security.ucrypto;
 
 import java.io.*;
-import static java.io.StreamTokenizer.*;
 import java.math.BigInteger;
 import java.util.*;
+import java.security.*;
 
-import java.security.*;
+import static java.io.StreamTokenizer.*;
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
 
 import sun.security.action.GetPropertyAction;
 import sun.security.util.PropertyExpander;
 
+
 /**
  * Configuration container and file parsing.
  *
@@ -66,8 +68,8 @@
 
     Config(String filename) throws IOException {
         FileInputStream in = new FileInputStream(expand(filename));
-        reader = new BufferedReader(new InputStreamReader(in, "ISO-8859-1"));
-        parsedKeywords = new HashSet<String>();
+        reader = new BufferedReader(new InputStreamReader(in, ISO_8859_1));
+        parsedKeywords = new HashSet<>();
         st = new StreamTokenizer(reader);
         setupTokenizer();
         parse();
--- a/src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,8 @@
 import java.util.logging.Level;
 import javax.security.sasl.*;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 // JAAS
 import javax.security.auth.callback.CallbackHandler;
 
@@ -150,11 +152,7 @@
         }
 
         if (authzID != null && authzID.length() > 0) {
-            try {
-                this.authzID = authzID.getBytes("UTF8");
-            } catch (IOException e) {
-                throw new SaslException("Cannot encode authorization ID", e);
-            }
+            this.authzID = authzID.getBytes(UTF_8);
         }
     }
 
--- a/src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Tue Nov 12 10:19:04 2019 +0100
+++ b/src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Server.java	Tue Nov 12 01:36:17 2019 -0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,8 @@
 import java.util.Map;
 import java.util.logging.Level;
 
+import static java.nio.charset.StandardCharsets.UTF_8;
+
 // JAAS
 import javax.security.auth.callback.*;
 
@@ -300,12 +302,8 @@
 
             // Get authorization identity, if any
             if (gssOutToken.length > 4) {
-                try {
-                    authzid = new String(gssOutToken, 4,
-                        gssOutToken.length - 4, "UTF-8");
-                } catch (UnsupportedEncodingException uee) {
-                    throw new SaslException ("Cannot decode authzid", uee);
-                }
+                authzid = new String(gssOutToken, 4,
+                        gssOutToken.length - 4, UTF_8);
             } else {
                 authzid = peer;
             }