6647452: Remove obfuscation, framework and provider self-verification checking
authorwetmore
Mon, 03 Aug 2009 18:06:51 -0700
changeset 3353 ddbd63234844
parent 3333 111dede48a15
child 3354 a02edc83f1b4
6647452: Remove obfuscation, framework and provider self-verification checking Reviewed-by: valeriep, vinnie
jdk/make/com/sun/crypto/provider/Makefile
jdk/make/javax/crypto/Defs-jce.gmk
jdk/make/javax/crypto/Makefile
jdk/make/sun/security/mscapi/Makefile
jdk/make/sun/security/pkcs11/Makefile
jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java
jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java
jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java
jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java
jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java
jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java
jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java
jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java
jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java
jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java
jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java
jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java
jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java
jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java
jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/JarVerifier.java
jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java
jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java
jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java
jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java
jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java
jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java
jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java
jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
jdk/src/share/classes/javax/crypto/JarVerifier.java
jdk/src/share/classes/javax/crypto/JceSecurity.java
jdk/src/share/classes/sun/security/pkcs11/JarVerifier.java
jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
jdk/src/windows/classes/sun/security/mscapi/JarVerifier.java
jdk/src/windows/classes/sun/security/mscapi/RSACipher.java
jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java
--- a/jdk/make/com/sun/crypto/provider/Makefile	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/com/sun/crypto/provider/Makefile	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -45,54 +45,49 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces.  We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development.  The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
-#
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing.  Developers working on JCE in JDK
+# must sign the JCE files before testing.  The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
+# 
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and then the resulting jar files MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries.  The "release" target should be
+# be built and signed, and the resulting jar files MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries.  The "release" target should be
 # used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
-#				    If OpenJDK, installs sunjce_provider.jar.
-#				    If JDK, installs prebuilt
-#				    sunjce_provider.jar.
+#     all/clobber/clean        The usual.
+#                                  If OpenJDK, installs sunjce_provider.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunjce_provider.jar.
 #
-#     jar			Builds/installs sunjce_provider.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunjce_provider.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunjce_provider.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunjce_provider.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunjce_provider.jar (no install)
-#
-#     obfus			Builds/obfuscates/signs sunjce_provider.jar
+#     sign                     Alias for sign-jar
+#         sign-jar             Builds/signs sunjce_provider.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -103,7 +98,7 @@
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -158,8 +153,8 @@
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area.  When files are signed in JDK, they will be
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -223,62 +218,15 @@
 endif
 	$(call sign-file, $(UNSIGNED_DIR)/sunjce_provider.jar)
 
+
 # =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
+# Create the Release Engineering files.  Signed builds, etc.
 #
 
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/sunjce
-
-CLOSED_DIR = $(BUILDDIR)/closed/com/sun/crypto/provider
-
-obfus: $(OBFUS_DIR)/sunjce_provider.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/sunjce_provider.jar: build-jar $(JCE_MANIFEST_FILE) \
-	    $(OBFUS_DIR)/sunjce.dox
-else
-$(OBFUS_DIR)/sunjce_provider.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/sunjce.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating SunJCE Provider..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv sunjce.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \
-	    -C $(OBFUS_DIR)/build com \
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/sunjce.dox: $(CLOSED_DIR)/obfus/sunjce.dox
-	@$(ECHO) ">>>Creating sunjce.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files.  Obfuscated builds, etc.
-#
-
-release: $(OBFUS_DIR)/sunjce_provider.jar
+release: $(SIGNED_DIR)/sunjce_provider.jar
 	$(RM) $(JCE_BUILD_DIR)/release/sunjce_provider.jar
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release
-	$(CP) $(OBFUS_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/sunjce_provider.jar $(JCE_BUILD_DIR)/release
 	$(release-warning)
 
 endif # OPENJDK
@@ -320,5 +268,5 @@
 
 .PHONY: build-jar jar install-jar
 ifndef OPENJDK
-.PHONY: sign sign-jar obfus release install-prebuilt
+.PHONY: sign sign-jar release install-prebuilt
 endif
--- a/jdk/make/javax/crypto/Defs-jce.gmk	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/javax/crypto/Defs-jce.gmk	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,7 @@
 SIGNING_ALIAS      = jce_rsa
 
 #
-# Defines for signing/obfuscating the various jar files.
+# Defines for signing the various jar files.
 #
 
 define presign
@@ -100,19 +100,4 @@
 	$(sign-target)
 endef
 
-#
-# Location for the Obfuscation product.  JDK currently has
-# the requirement that we obfuscate our JCE jars.
-#
-OBFUSCATOR = /security/tools/bin/obfus
-OBFUS_DIR = $(TEMPDIR)/obfus
-
-define preobfus
-    @if [ ! -f $(OBFUSCATOR) ]; then \
-	$(ECHO) "\n$(OBFUSCATOR): Obfuscator *NOT* available..." \
-	    $(README-MAKEFILE_WARNING); \
-	exit 2; \
-    fi
-endef
-
 endif  # !OPENJDK
--- a/jdk/make/javax/crypto/Makefile	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/javax/crypto/Makefile	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2007-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,64 +44,65 @@
 # For OpenJDK, the jar files built here are installed directly into the
 # OpenJDK.
 #
-# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
-# files stored in the closed workspace that are not shipped in the
-# OpenJDK workspaces.  We still build the JDK files here to verify the
-# files compile, and in preparation for possible signing and
-# obfuscation.  Developers working on JCE in JDK must sign the JCE files
-# before testing: obfuscation is optional during development.  The JCE
-# signing key is kept separate from the JDK workspace to prevent its
-# disclosure.  The obfuscation tool has not been licensed for general
-# usage.
+# For JDK, the binaries use pre-built/pre-signed binary files stored in
+# the closed workspace that are not shipped in the OpenJDK workspaces.
+# We still build the JDK files here to verify the files compile, and in
+# preparation for possible signing.  Developers working on JCE in JDK
+# must sign the JCE files before testing.  The JCE signing key is kept
+# separate from the JDK workspace to prevent its disclosure.
 #
 # SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
-# be built, obfuscated, signed, and the resulting jar files *MUST BE
-# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
-# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
-# not be reflected in the shipped binaries.  The "release" target should
-# be used to generate the required files.
+# be built and signed, and the resulting jar files *MUST BE CHECKED INTO
+# THE CLOSED PART OF THE WORKSPACE*.  This separate step *MUST NOT BE
+# FORGOTTEN*, otherwise a bug fixed in the source code will not be
+# reflected in the shipped binaries.  The "release" target should be
+# used to generate the required files.
 #
 # There are a number of targets to help both JDK/OpenJDK developers.
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual.
-#				    If OpenJDK, installs
-#					jce.jar/limited policy files.
-#				    If JDK, installs prebuilt
-#					jce.jar/limited policy files.
+#     all/clobber/clean        The usual.
+#                                  If OpenJDK: builds/installs the
+#                                      jce.jar/limited policy files.
+#                                  If JDK: builds but does not install.
+#                                     During full tops-down builds,
+#                                     prebuilt/presigned jce.jar &
+#                                     limited policy files are copied
+#                                     in by make/java/redist/Makefile.
+#                                     If you are working in this directory
+#                                     and want to install the prebuilts,
+#                                     use the "install-prebuilt" target.
 #
-#     jar			Builds/installs jce.jar
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#     jar                      Builds/installs jce.jar
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds jce.jar (does not sign/install)
+#     build-jar                Builds jce.jar (does not sign/install)
 #
-#     build-policy		Builds policy files (does not sign/install)
+#     build-policy             Builds policy files (does not sign/install)
 #
-#     install-jar		Alias for "jar" above
+#     install-jar              Alias for "jar" above
 #
-#     install-limited		Builds/installs limited policy files
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
-#     install-unlimited		Builds/nstalls unlimited policy files
-#				    If OpenJDK, does not sign
-#				    If JDK, tries to sign
+#     install-limited          Builds/installs limited policy files
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
+#     install-unlimited        Builds/nstalls unlimited policy files
+#                                  If OpenJDK, does not sign
+#                                  If JDK, tries to sign
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar and sign-policy
-#	  sign-jar		Builds/signs jce.jar file (no install)
-#	  sign-policy		Builds/signs policy files (no install)
+#     sign                     Alias for sign-jar and sign-policy
+#          sign-jar            Builds/signs jce.jar file (no install)
+#          sign-policy         Builds/signs policy files (no install)
 #
-#     obfus			Builds/obfuscates/signs jce.jar
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
-#
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
@@ -112,7 +113,7 @@
 
 #
 # The following is for when we need to do postprocessing
-# (signing/obfuscation) against a read-only build.  If the OUTPUTDIR
+# (signing) against a read-only build.  If the OUTPUTDIR
 # isn't writable, the build currently crashes out.
 #
 ifndef OPENJDK
@@ -169,8 +170,8 @@
 #
 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
 # part of the build we're doing.  Both OPENJDK/JDK builds are initially
-# done in the unsigned area.  When files are signed or obfuscated in JDK,
-# they will be placed in the appropriate areas.
+# done in the unsigned area.  When files are signed in JDK, they will be
+# placed in the appropriate areas.
 #
 UNSIGNED_DIR = $(TEMPDIR)/unsigned
 
@@ -178,7 +179,7 @@
 
 
 # =====================================================
-# Build the unsigned jce.jar file.  Signing/obfuscation comes later.
+# Build the unsigned jce.jar file.  Signing comes later.
 #
 
 JAR_DESTFILE = $(LIBDIR)/jce.jar
@@ -363,69 +364,13 @@
 
 
 # =====================================================
-# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
+# Create the Release Engineering files.  Signed builds,
+# unlimited policy file distribution, etc.
 #
 
-OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/jce
-
 CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
 
-obfus: $(OBFUS_DIR)/jce.jar
-	$(release-warning)
-
-ifndef ALT_JCE_BUILD_DIR
-$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-else
-#
-# We have to remove the build dependency, otherwise, we'll try to rebuild it
-# which we can't do on a read-only filesystem.
-#
-$(OBFUS_DIR)/jce.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox
-	@if [ ! -d $(CLASSDESTDIR) ] ; then \
-	    $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \
-	    exit 1; \
-	fi
-endif
-	@$(ECHO) ">>>Obfuscating JCE framework..."
-	$(presign)
-	$(preobfus)
-	$(prep-target)
-	$(CD) $(OBFUS_DIR); \
-	$(OBFUSCATOR) -fv framework.dox
-	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
-	@#
-	@# The sun.security.internal classes are currently not obfuscated
-	@# due to an obfus problem. Manually copy them to the build directory
-	@# so that they are included in the jce.jar file.
-	@#
-	$(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build
-	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@	\
-	    -C $(OBFUS_DIR)/build javax			\
-	    -C $(OBFUS_DIR)/build sun			\
-	    $(BOOT_JAR_JFLAGS)
-	$(sign-target)
-	@$(java-vm-cleanup)
-
-$(OBFUS_DIR)/framework.dox: $(CLOSED_DIR)/obfus/framework.dox
-	@$(ECHO) ">>>Creating framework.dox"
-	$(prep-target)
-	$(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@
-
-#
-# The current obfuscator has a limitation in that it currently only
-# supports up to v49 class file format.  Force v49 classfiles in our
-# builds for now.
-#
-SOURCE_LANGUAGE_VERSION = 5
-TARGET_CLASS_VERSION = 5
-
-
-# =====================================================
-# Create the Release Engineering files.  Obfuscated builds,
-# unlimited policy file distribution, etc.
-#
-
-release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
+release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
          $(CLOSED_DIR)/doc/README.txt
 	$(RM) -r \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy              \
@@ -434,7 +379,7 @@
 	    $(JCE_BUILD_DIR)/release/local_policy.jar                \
 	    $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip
 	$(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
-	$(CP) $(OBFUS_DIR)/jce.jar $(JCE_BUILD_DIR)/release
+	$(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release
 	$(CP) \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar   \
 	    $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar       \
@@ -530,5 +475,5 @@
 .PHONY: build-jar jar build-policy unlimited limited install-jar \
 	install-limited install-unlimited
 ifndef OPENJDK
-.PHONY: sign sign-jar sign-policy obfus release install-prebuilt
+.PHONY: sign sign-jar sign-policy release install-prebuilt
 endif
--- a/jdk/make/sun/security/mscapi/Makefile	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/sun/security/mscapi/Makefile	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
-#				    If OpenJDK, installs sunmscapi.jar.
-#				    If JDK, installs prebuilt
-#				    sunmscapi.jar.
+#     all/clobber/clean        The usual, plus the native libraries.
+#                                  If OpenJDK, installs sunmscapi.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunmscapi.jar.
 #
-#     jar			Builds/installs sunmscapi.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunmscapi.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunmscapi.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunmscapi.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunmscapi.jar (no install)
+#     sign                     Alias for sign-jar
+#          sign-jar            Builds/signs sunmscapi.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
--- a/jdk/make/sun/security/pkcs11/Makefile	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/make/sun/security/pkcs11/Makefile	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+# Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -59,31 +59,31 @@
 #
 # Main Targets (JDK/OPENJDK):
 #
-#     all/clobber/clean		The usual, plus the native libraries.
-#				    If OpenJDK, installs sunpkcs11.jar.
-#				    If JDK, installs prebuilt
-#				    sunpkcs11.jar.
+#     all/clobber/clean        The usual, plus the native libraries.
+#                                  If OpenJDK, installs sunpkcs11.jar.
+#                                  If JDK, installs prebuilt
+#                                      sunpkcs11.jar.
 #
-#     jar			Builds/installs sunpkcs11.jar
-#				    If OpenJDK, does not sign.
-#				    If JDK, tries to sign.
+#     jar                      Builds/installs sunpkcs11.jar
+#                                  If OpenJDK, does not sign.
+#                                  If JDK, tries to sign.
 #
 # Other lesser-used Targets (JDK/OPENJDK):
 #
-#     build-jar			Builds sunpkcs11.jar
-#				    (does not sign/install)
+#     build-jar                Builds sunpkcs11.jar
+#                                  (does not sign/install)
 #
-#     install-jar		Alias for "jar" above.
+#     install-jar              Alias for "jar" above.
 #
 # Other targets (JDK only):
 #
-#     sign			Alias for sign-jar
-#	  sign-jar		Builds/signs sunpkcs11.jar (no install)
+#     sign                     Alias for sign-jar
+#          sign-jar            Builds/signs sunpkcs11.jar (no install)
 #
-#     release			Builds all targets in preparation
-#				for workspace integration.
+#     release                  Builds all targets in preparation
+#                              for workspace integration.
 #
-#     install-prebuilt		Installs the pre-built jar files
+#     install-prebuilt         Installs the pre-built jar files
 #
 # This makefile was written to support parallel target execution.
 #
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@
     /**
      * Creates an instance of AES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE);
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESKeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,16 +48,9 @@
     private int keySize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor.
      */
     public AESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,12 +65,8 @@
     /**
      * Creates an instance of AES KeyWrap cipher with default
      * mode, i.e. "ECB" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public AESWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new AESCrypt();
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/ARCFOURCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,7 +62,6 @@
 
     // called by the JCE framework
     public ARCFOURCipher() {
-        SunJCE.ensureIntegrity(getClass());
         S = new int[256];
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/BlowfishCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,12 +60,8 @@
     /**
      * Creates an instance of Blowfish cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public BlowfishCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new BlowfishCrypt(),
                               BlowfishConstants.BLOWFISH_BLOCK_SIZE);
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/BlowfishKeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
     private int keysize = 16; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public BlowfishKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,8 @@
     /**
      * Creates an instance of DES cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,17 +42,11 @@
 public final class DESKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
+
     /**
      * Generates a <code>SecretKey</code> object from the provided key
      * specification (key material).
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESKeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
     private SecureRandom random = null;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,8 @@
     /**
      * Creates an instance of DESede cipher with default ECB mode and
      * PKCS5Padding.
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public DESedeCipher() {
-        SunJCE.ensureIntegrity(getClass());
         core = new CipherCore(new DESedeCrypt(), DESConstants.DES_BLOCK_SIZE);
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,16 +42,9 @@
 public final class DESedeKeyFactory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESedeKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,16 +47,9 @@
     private int keysize = 168;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DESedeKeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2004-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,12 +74,8 @@
     /**
      * Creates an instance of CMS DESede KeyWrap cipher with default
      * mode, i.e. "CBC" and padding scheme, i.e. "NoPadding".
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity.
      */
     public DESedeWrapCipher() {
-        SunJCE.ensureIntegrity(getClass());
         cipher = new CipherBlockChaining(new DESedeCrypt());
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,16 +58,9 @@
     private BigInteger y = BigInteger.ZERO;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DHKeyAgreement() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have been " +
-                                        "tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@
 public final class DHKeyFactory extends KeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public DHKeyFactory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,7 +241,6 @@
     public static final class HmacSHA256 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA256() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-256", 64);
         }
         private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
@@ -278,7 +277,6 @@
     public static final class HmacSHA384 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA384() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-384", 128);
         }
         private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
@@ -315,7 +313,6 @@
     public static final class HmacSHA512 extends MacSpi implements Cloneable {
         private final HmacCore core;
         public HmacSHA512() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(getClass());
             core = new HmacCore("SHA-512", 128);
         }
         private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@
 
     /**
      * Standard constructor, creates a new HmacMD5 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacMD5() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         hmac = new HmacCore(MessageDigest.getInstance("MD5"),
                             MD5_BLOCK_LENGTH);
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public HmacMD5KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,13 +48,8 @@
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
-        SunJCE.ensureIntegrity(this.getClass());
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,16 +44,8 @@
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public HmacSHA1() throws NoSuchAlgorithmException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
                                  SHA1_BLOCK_LENGTH);
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,16 +46,9 @@
     private int keysize = 64; // default keysize (in number of bytes)
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public HmacSHA1KeyGenerator() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/JarVerifier.java	Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package com.sun.crypto.provider;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
-    private static final boolean debug = false;
-
-    /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
-     */
-    static boolean verify(final Class c) {
-        return true;
-    }
-}
--- a/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@
     public static final class HmacSHA256KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA256KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA256", 256);
         }
         protected void engineInit(SecureRandom random) {
@@ -131,7 +130,6 @@
     public static final class HmacSHA384KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA384KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA384", 384);
         }
         protected void engineInit(SecureRandom random) {
@@ -153,7 +151,6 @@
     public static final class HmacSHA512KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public HmacSHA512KG() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("HmacSHA512", 512);
         }
         protected void engineInit(SecureRandom random) {
@@ -175,7 +172,6 @@
     public static final class RC2KeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public RC2KeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("RC2", 128);
         }
         protected void engineInit(SecureRandom random) {
@@ -201,7 +197,6 @@
     public static final class ARCFOURKeyGenerator extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
         public ARCFOURKeyGenerator() {
-            SunJCE.ensureIntegrity(getClass());
             core = new KeyGeneratorCore("ARCFOUR", 128);
         }
         protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,16 +49,9 @@
     private static HashSet<String> validTypes;
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Simple constructor
      */
     private PBEKeyFactory(String keytype) {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         type = keytype;
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,16 +55,9 @@
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     *
-     * @exception SecurityException if this constructor fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
         core = new PBECipherCore("DES");
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1998-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -61,23 +61,14 @@
      * Creates an instance of this cipher, and initializes its mode (CBC) and
      * padding (PKCS5).
      *
-     * Verify the SunJCE provider in the constructor.
-     *
      * @exception NoSuchAlgorithmException if the required cipher mode (CBC) is
      * unavailable
      * @exception NoSuchPaddingException if the required padding mechanism
      * (PKCS5Padding) is unavailable
-     * @exception SecurityException if fails to verify
-     * its own integrity
      */
     public PBEWithMD5AndTripleDESCipher()
         throws NoSuchAlgorithmException, NoSuchPaddingException
     {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-
         // set the encapsulated cipher to do triple DES
         core = new PBECipherCore("DESede");
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,16 +45,9 @@
 public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi {
 
     /**
-     * Verify the SunJCE provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
+     * Empty constructor
      */
     public PBKDF2HmacSHA1Factory() {
-        if (!SunJCE.verifySelfIntegrity(this.getClass())) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
     }
 
     /**
--- a/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -370,7 +370,6 @@
     public static final class PBEWithSHA1AndDESede extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndDESede() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("DESede", 24);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
@@ -446,7 +445,6 @@
     public static final class PBEWithSHA1AndRC2_40 extends CipherSpi {
         private final PKCS12PBECipherCore core;
         public PBEWithSHA1AndRC2_40() throws NoSuchAlgorithmException {
-            SunJCE.ensureIntegrity(this.getClass());
             core = new PKCS12PBECipherCore("RC2", 5);
         }
         protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
--- a/jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/RC2Cipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,6 @@
     private final RC2Crypt embeddedCipher;
 
     public RC2Cipher() {
-        SunJCE.ensureIntegrity(getClass());
         embeddedCipher = new RC2Crypt();
         core = new CipherCore(embeddedCipher, 8);
     }
--- a/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,6 @@
     private String oaepHashAlgorithm = "SHA-1";
 
     public RSACipher() {
-        SunJCE.ensureIntegrity(getClass());
         paddingType = PAD_PKCS1;
     }
 
--- a/jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SslMacCore.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -226,9 +226,6 @@
 
         static final byte[] md5Pad1 = genPad((byte)0x36, 48);
         static final byte[] md5Pad2 = genPad((byte)0x5c, 48);
-        static {
-            SunJCE.ensureIntegrity(SslMacMD5.class);
-        }
     }
 
     // nested static class for the SslMacMD5 implementation
@@ -262,9 +259,6 @@
 
         static final byte[] shaPad1 = genPad((byte)0x36, 40);
         static final byte[] shaPad2 = genPad((byte)0x5c, 40);
-        static {
-            SunJCE.ensureIntegrity(SslMacSHA1.class);
-        }
     }
 
 }
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -93,10 +93,6 @@
 
     static final SecureRandom RANDOM = new SecureRandom();
 
-    // After the SunJCE passed self-integrity checking,
-    // verifiedSelfIntegrity will be set to true.
-    private static boolean verifiedSelfIntegrity = false;
-
     public SunJCE() {
         /* We are the "SunJCE" provider */
         super("SunJCE", 1.7d, info);
@@ -441,21 +437,4 @@
             }
         });
     }
-
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void ensureIntegrity(Class c) {
-        if (verifySelfIntegrity(c) == false) {
-            throw new SecurityException("The SunJCE provider may have " +
-                                        "been tampered.");
-        }
-    }
-
-    static final boolean verifySelfIntegrity(Class c) {
-        if (verifiedSelfIntegrity) {
-            return true;
-        }
-        return (integrityVerified = JarVerifier.verify(c));
-    }
 }
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,6 @@
     private int protocolVersion;
 
     public TlsKeyMaterialGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,6 @@
     private int protocolVersion;
 
     public TlsMasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -109,7 +109,6 @@
     private TlsPrfParameterSpec spec;
 
     public TlsPrfGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,6 @@
     private SecureRandom random;
 
     public TlsRsaPremasterSecretGenerator() {
-        SunJCE.ensureIntegrity(getClass());
     }
 
     protected void engineInit(SecureRandom random) {
--- a/jdk/src/share/classes/javax/crypto/JarVerifier.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/javax/crypto/JarVerifier.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2007-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,7 @@
 import java.io.*;
 import java.net.*;
 import java.security.*;
-import java.util.*;
 import java.util.jar.*;
-import javax.crypto.CryptoPolicyParser.ParsingException;
 
 /**
  * This class verifies JAR files (and any supporting JAR files), and
@@ -135,17 +133,6 @@
     }
 
     /**
-     * Verify that the provided JarEntry was indeed signed by the
-     * framework signing certificate.
-     *
-     * @param je the URL of the jar entry to be checked.
-     * @throws Exception if the jar entry was not signed by
-     *          the proper certificate
-     */
-    static void verifyFrameworkSigned(URL je) throws Exception {
-    }
-
-    /**
      * Verify that the provided certs include the
      * framework signing certificate.
      *
--- a/jdk/src/share/classes/javax/crypto/JceSecurity.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 1997-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 
 package javax.crypto;
 
-import java.lang.ref.*;
 import java.util.*;
 import java.util.jar.*;
 import java.io.*;
@@ -256,11 +255,6 @@
                                 ("Cannot locate policy or framework files!");
         }
 
-        // Enforce the signer restraint, i.e. signer of JCE framework
-        // jar should also be the signer of the two jurisdiction policy
-        // jar files.
-        JarVerifier.verifyFrameworkSigned(jceCipherURL);
-
         // Read jurisdiction policies.
         CryptoPermissions defaultExport = new CryptoPermissions();
         CryptoPermissions exemptExport = new CryptoPermissions();
--- a/jdk/src/share/classes/sun/security/pkcs11/JarVerifier.java	Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-package sun.security.pkcs11;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
-    private static final boolean debug = false;
-
-    /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
-     */
-    static boolean verify(final Class c) {
-        return true;
-    }
-}
--- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -390,24 +390,6 @@
         return sb.toString();
     }
 
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void verifySelfIntegrity(Class c) {
-        if (integrityVerified) {
-            return;
-        }
-        doVerifySelfIntegrity(c);
-    }
-
-    private static synchronized void doVerifySelfIntegrity(Class c) {
-        integrityVerified = JarVerifier.verify(c);
-        if (integrityVerified == false) {
-            throw new ProviderException
-                ("The SunPKCS11 provider may have been tampered with.");
-        }
-    }
-
     public boolean equals(Object obj) {
         return this == obj;
     }
@@ -923,7 +905,6 @@
             if (type == MD) {
                 return new P11Digest(token, algorithm, mechanism);
             } else if (type == CIP) {
-                verifySelfIntegrity(getClass());
                 if (algorithm.startsWith("RSA")) {
                     return new P11RSACipher(token, algorithm, mechanism);
                 } else {
@@ -932,12 +913,10 @@
             } else if (type == SIG) {
                 return new P11Signature(token, algorithm, mechanism);
             } else if (type == MAC) {
-                verifySelfIntegrity(getClass());
                 return new P11Mac(token, algorithm, mechanism);
             } else if (type == KPG) {
                 return new P11KeyPairGenerator(token, algorithm, mechanism);
             } else if (type == KA) {
-                verifySelfIntegrity(getClass());
                 if (algorithm.equals("ECDH")) {
                     return new P11ECDHKeyAgreement(token, algorithm, mechanism);
                 } else {
@@ -946,11 +925,8 @@
             } else if (type == KF) {
                 return token.getKeyFactory(algorithm);
             } else if (type == SKF) {
-                verifySelfIntegrity(getClass());
                 return new P11SecretKeyFactory(token, algorithm);
             } else if (type == KG) {
-                verifySelfIntegrity(getClass());
-
                 // reference equality
                 if (algorithm == "SunTlsRsaPremasterSecret") {
                     return new P11TlsRsaPremasterSecretGenerator(
--- a/jdk/src/windows/classes/sun/security/mscapi/JarVerifier.java	Thu Jul 30 23:40:15 2009 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-/*
- * Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Sun designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Sun in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
- */
-
-
-package sun.security.mscapi;
-
-// NOTE: this class is duplicated amongst SunJCE, SunPKCS11, and SunMSCAPI.
-// All files should be kept in sync.
-
-import java.io.*;
-import java.util.*;
-import java.util.jar.*;
-import java.net.URL;
-import java.net.JarURLConnection;
-import java.net.MalformedURLException;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-/**
- * This class verifies JAR files (and any supporting JAR files), and
- * determines whether they may be used in this implementation.
- *
- * The JCE in OpenJDK has an open cryptographic interface, meaning it
- * does not restrict which providers can be used.  Compliance with
- * United States export controls and with local law governing the
- * import/export of products incorporating the JCE in the OpenJDK is
- * the responsibility of the licensee.
- *
- * @since 1.7
- */
-final class JarVerifier {
-
-    private static final boolean debug = false;
-
-    /**
-     * Verify the JAR file is signed by an entity which has a certificate
-     * issued by a trusted CA.
-     *
-     * Note: this is a temporary method and will change soon to use the
-     * exception chaining mechanism, which can provide more details
-     * as to why the verification failed.
-     *
-     * @param c the class to be verified.
-     * @return true if verification is successful.
-     */
-    static boolean verify(final Class c) {
-        return true;
-    }
-}
--- a/jdk/src/windows/classes/sun/security/mscapi/RSACipher.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/windows/classes/sun/security/mscapi/RSACipher.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -93,7 +93,6 @@
     private sun.security.mscapi.Key privateKey;
 
     public RSACipher() {
-        SunMSCAPI.verifySelfIntegrity(getClass());
         paddingType = PAD_PKCS1;
     }
 
--- a/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java	Thu Jul 30 23:40:15 2009 -0700
+++ b/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java	Mon Aug 03 18:06:51 2009 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2005-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,22 +117,4 @@
             AccessController.doPrivileged(new PutAllAction(this, map));
         }
     }
-
-    // set to true once self verification is complete
-    private static volatile boolean integrityVerified;
-
-    static void verifySelfIntegrity(Class c) {
-        if (integrityVerified) {
-            return;
-        }
-        doVerifySelfIntegrity(c);
-    }
-
-    private static synchronized void doVerifySelfIntegrity(Class c) {
-        integrityVerified = JarVerifier.verify(c);
-        if (integrityVerified == false) {
-            throw new ProviderException
-                ("The SunMSCAPI provider may have been tampered with.");
-        }
-    }
 }