Merge

.hgtags

@@ -219,3 +219,5 @@ b72ae39e1329fefae50d4690db4fde43f3841a95 jdk8-b93
 49fe9c8049132647ad38837a877dd473e6c9b0e5 jdk8-b95
 ea73f01b9053e7165e7ba80f242bafecbc6af712 jdk8-b96
 0a85476a0b9cb876d5666d45097dac68bef3fce1 jdk8-b97
+711eb4aa87de68de78250e0549980936bab53d54 jdk8-b98
+2d3875b0d18b3ad1c2bebf385a697e309e4005a4 jdk8-b99

.hgtags-top-repo

@@ -219,3 +219,5 @@ cb51fb4789ac0b8be4056482077ddfb8f3bd3805 jdk8-b91
 785d07fe38901ecc1b7e0145e53e1c3da9361fee jdk8-b95
 c156084add486f941c12d886a0b1b2854795d557 jdk8-b96
 a1c1e8bf71f354f3aec0214cf13d6668811e021d jdk8-b97
+0d0c983a817bbe8518a5ff201306334a8de267f2 jdk8-b98
+59dc9da813794c924a0383c2a6241af94defdfed jdk8-b99

corba/.hgtags

@@ -219,3 +219,5 @@ c8286839d0df04aba819ec4bef12b86babccf30e jdk8-b90
 2cf36f43df36137980d9828cec27003ec10daeee jdk8-b95
 3357c2776431d51a8de326a85e0f41420e40774f jdk8-b96
 469995a8e97424f450c880606d689bf345277b19 jdk8-b97
+3370fb6146e47a6cc05a213fc213e12fc0a38d07 jdk8-b98
+3f67804ab61303782df57e54989ef5e0e4629beb jdk8-b99

hotspot/.hgtags

@@ -359,3 +359,5 @@ d197d377ab2e016d024e8c86cb06a57bd7eae590 jdk8-b97
 c9dd82da51ed34a28f7c6b3245163ee962e94572 hs25-b40
 30b5b75c42ac5174b640fbef8aa87527668e8400 jdk8-b98
 2b9946e10587f74ef75ae8145bea484df4a2738b hs25-b41
+81b6cb70717c66375846b78bb174594ec3aa998e jdk8-b99
+9f71e36a471ae4a668e08827d33035963ed10c08 hs25-b42

hotspot/make/hotspot_version

@@ -35,7 +35,7 @@ HOTSPOT_VM_COPYRIGHT=Copyright 2013
 
 HS_MAJOR_VER=25
 HS_MINOR_VER=0
-HS_BUILD_NUMBER=42
+HS_BUILD_NUMBER=43
 
 JDK_MAJOR_VER=1
 JDK_MINOR_VER=8

hotspot/make/linux/makefiles/vm.make

@@ -46,6 +46,7 @@ ifeq ($(findstring true, $(JVM_VARIANT_ZERO) $(JVM_VARIANT_ZEROSHARK)), true)
   include $(MAKEFILES_DIR)/zeroshark.make
 else
   include $(MAKEFILES_DIR)/$(BUILDARCH).make
+  -include $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make
 endif
 
 # set VPATH so make knows where to look for source files
@@ -380,4 +381,4 @@ build: $(LIBJVM) $(LAUNCHER) $(LIBJSIG) $(LIBJVM_DB) $(BUILDLIBSAPROC) dtraceChe
 
 install: install_jvm install_jsig install_saproc
 
-.PHONY: default build install install_jvm
+.PHONY: default build install install_jvm $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make

hotspot/src/cpu/sparc/vm/stubGenerator_sparc.cpp

@@ -410,6 +410,51 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   o0 = adr
+    //   o1 = errValue
+    //
+    // result:
+    //   o0  = *adr or errValue
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    __ align(CodeEntryAlignment);
+    *entry = __ pc();
+
+    __ mov(O0, G1);  // g1 = o0
+    __ mov(O1, O0);  // o0 = o1
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ ldsw(G1, 0, O0);  // o0 = [g1]
+        break;
+      case 8:
+        // int64_t
+        __ ldx(G1, 0, O0);   // o0 = [g1]
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    // By convention with the trap handler we ensure there is a non-CTI
+    // instruction in the trap shadow.
+    __ nop();
+    __ retl();
+    __ delayed()->nop();
+  }
 
   //------------------------------------------------------------------------------------------------------------------------
   // Continuation point for throwing of implicit exceptions that are not handled in
@@ -3315,6 +3360,14 @@ class StubGenerator: public StubCodeGenerator {
 
     // Don't initialize the platform math functions since sparc
     // doesn't have intrinsics for these operations.
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
 

hotspot/src/cpu/x86/vm/stubGenerator_x86_32.cpp

@@ -2766,6 +2766,39 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    __ movl(rax, Address(rsp, 0x8));
+    __ movl(rcx, Address(rsp, 0x4));
+    // Load *adr into eax, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(rax, Address(rcx, 0));
+        break;
+      case 8:
+        // int64_t
+        Unimplemented();
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // Return errValue or *adr.
+    *continuation_pc = __ pc();
+    __ ret(0);
+  }
 
  public:
   // Information about frame layout at time of blocking runtime call.
@@ -2978,6 +3011,14 @@ class StubGenerator: public StubCodeGenerator {
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int), &StubRoutines::_safefetch32_entry,
+                                                   &StubRoutines::_safefetch32_fault_pc,
+                                                   &StubRoutines::_safefetch32_continuation_pc);
+    StubRoutines::_safefetchN_entry           = StubRoutines::_safefetch32_entry;
+    StubRoutines::_safefetchN_fault_pc        = StubRoutines::_safefetch32_fault_pc;
+    StubRoutines::_safefetchN_continuation_pc = StubRoutines::_safefetch32_continuation_pc;
   }
 
 

hotspot/src/cpu/x86/vm/stubGenerator_x86_64.cpp

@@ -3357,7 +3357,45 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   c_rarg0 = adr
+    //   c_rarg1 = errValue
+    //
+    // result:
+    //   PPC_RET  = *adr or errValue
 
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(c_rarg1, Address(c_rarg0, 0));
+        break;
+      case 8:
+        // int64_t
+        __ movq(c_rarg1, Address(c_rarg0, 0));
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    __ movq(rax, c_rarg1);
+    __ ret(0);
+  }
 
   // This is a version of CBC/AES Decrypt which does 4 blocks in a loop at a time
   // to hide instruction latency
@@ -3833,6 +3871,14 @@ class StubGenerator: public StubCodeGenerator {
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt_Parallel();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
  public:

hotspot/src/os/windows/vm/os_windows.cpp

@@ -2323,6 +2323,11 @@ LONG WINAPI topLevelExceptionFilter(struct _EXCEPTION_POINTERS* exceptionInfo) {
 #endif
   Thread* t = ThreadLocalStorage::get_thread_slow();          // slow & steady
 
+  // Handle SafeFetch32 and SafeFetchN exceptions.
+  if (StubRoutines::is_safefetch_fault(pc)) {
+    return Handle_Exception(exceptionInfo, StubRoutines::continuation_for_safefetch_fault(pc));
+  }
+
 #ifndef _WIN64
   // Execution protection violation - win32 running on AMD64 only
   // Handled first to avoid misdiagnosis as a "normal" access violation;

hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_32.s

@@ -63,24 +63,6 @@ SYMBOL(fixcw):
         popl     %eax
         ret
 
-        .globl  SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .globl  SYMBOL(SafeFetchN)
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-        ELF_TYPE(SafeFetch32,@function)
-        .p2align 4,,15
-SYMBOL(SafeFetch32):
-SYMBOL(SafeFetchN):
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-SYMBOL(Fetch32PFI):
-         movl    (%ecx), %eax
-SYMBOL(Fetch32Resume):
-         ret
-
-
         .globl  SYMBOL(SpinPause)
         ELF_TYPE(SpinPause,@function)
         .p2align 4,,15

hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_64.s

@@ -46,28 +46,6 @@
 
 	.text
 
-        .globl SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetch32,@function)
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SYMBOL(SafeFetch32):
-        movl    %esi, %eax
-SYMBOL(Fetch32PFI):
-        movl    (%rdi), %eax
-SYMBOL(Fetch32Resume):
-        ret
-
-        .globl SYMBOL(SafeFetchN), SYMBOL(FetchNPFI), SYMBOL(FetchNResume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetchN,@function)
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SYMBOL(SafeFetchN):
-        movq    %rsi, %rax
-SYMBOL(FetchNPFI):
-        movq    (%rdi), %rax
-SYMBOL(FetchNResume):
-        ret
-
         .globl SYMBOL(SpinPause)
         .p2align 4,,15
         ELF_TYPE(SpinPause,@function)

hotspot/src/os_cpu/bsd_x86/vm/os_bsd_x86.cpp

@@ -385,13 +385,6 @@ enum {
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_bsd_signal(int sig,
                         siginfo_t* info,
@@ -458,16 +451,10 @@ JVM_handle_bsd_signal(int sig,
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Bsd::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
+    if (StubRoutines::is_safefetch_fault(pc)) {
-       uc->context_pc = intptr_t(Fetch32Resume) ;
+      uc->context_pc = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
       return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->context_pc = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV || sig == SIGBUS) {

hotspot/src/os_cpu/linux_sparc/vm/linux_sparc.s

@@ -21,42 +21,6 @@
 # questions.
 #
 
-    # Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    # The "ld" at Fetch32 is potentially faulting instruction.
-    # If the instruction traps the trap handler will arrange
-    # for control to resume at Fetch32Resume.  
-    # By convention with the trap handler we ensure there is a non-CTI
-    # instruction in the trap shadow.  
-        
-
-    .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-    .globl  SafeFetchN
-    .align  32
-    .type    SafeFetch32,@function
-SafeFetch32:        
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    # <-- Potentially faulting instruction
-    ld      [%g1], %o0         
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN, FetchNPFI, FetchNResume
-    .type    SafeFetchN,@function
-    .align  32
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     # Possibilities:
     # -- membar
     # -- CAS (SP + BIAS, G0, G0)

hotspot/src/os_cpu/linux_sparc/vm/os_linux_sparc.cpp

@@ -366,18 +366,9 @@ intptr_t* os::Linux::ucontext_get_fp(ucontext_t *uc) {
 
 // Utility functions
 
-extern "C" void Fetch32PFI();
-extern "C" void Fetch32Resume();
-extern "C" void FetchNPFI();
-extern "C" void FetchNResume();
-
 inline static bool checkPrefetch(sigcontext* uc, address pc) {
-  if (pc == (address) Fetch32PFI) {
+  if (StubRoutines::is_safefetch_fault(pc)) {
-    set_cont_address(uc, address(Fetch32Resume));
+    set_cont_address(uc, address(StubRoutines::continuation_for_safefetch_fault(pc)));
-    return true;
-  }
-  if (pc == (address) FetchNPFI) {
-    set_cont_address(uc, address(FetchNResume));
     return true;
   }
   return false;

hotspot/src/os_cpu/linux_x86/vm/linux_x86_32.s

@@ -42,24 +42,6 @@
 
 	.text
 
-        .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-        .globl  SafeFetchN
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-	.type    SafeFetch32,@function
-        .p2align 4,,15
-SafeFetch32:
-SafeFetchN:
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-Fetch32PFI:
-         movl    (%ecx), %eax
-Fetch32Resume:
-         ret
-
-
         .globl  SpinPause
 	.type   SpinPause,@function
         .p2align 4,,15

hotspot/src/os_cpu/linux_x86/vm/linux_x86_64.s

@@ -38,28 +38,6 @@
 
 	.text
 
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        .type   SafeFetch32,@function
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
-        ret
-
-        .globl SafeFetchN, FetchNPFI, FetchNResume
-        .align  16
-        .type   SafeFetchN,@function
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
-        ret
-
         .globl SpinPause
         .align 16
         .type  SpinPause,@function

hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp

@@ -209,13 +209,6 @@ enum {
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_linux_signal(int sig,
                         siginfo_t* info,
@@ -282,16 +275,10 @@ JVM_handle_linux_signal(int sig,
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Linux::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
+    if (StubRoutines::is_safefetch_fault(pc)) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
       return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
 #ifndef AMD64
     // Halt if SI_KERNEL before more crashes get misdiagnosed as Java bugs

hotspot/src/os_cpu/solaris_sparc/vm/os_solaris_sparc.cpp

@@ -303,11 +303,6 @@ bool os::is_allocatable(size_t bytes) {
 #endif
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -383,17 +378,10 @@ JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
     npc = (address) uc->uc_mcontext.gregs[REG_nPC];
 
     // SafeFetch() support
-    // Implemented with either a fixed set of addresses such
+    if (StubRoutines::is_safefetch_fault(pc)) {
-    // as Fetch32*, or with Thread._OnTrap.
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(Fetch32PFI)) {
+      uc->uc_mcontext.gregs[REG_nPC] = uc->uc_mcontext.gregs[REG_PC] + 4;
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(Fetch32Resume) ;
+      return 1;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(Fetch32Resume) + 4 ;
-      return true ;
-    }
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(FetchNPFI)) {
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(FetchNResume) ;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(FetchNResume) + 4 ;
-      return true ;
     }
 
     // Handle ALL stack overflow variations here

hotspot/src/os_cpu/solaris_sparc/vm/solaris_sparc.s

@@ -21,47 +21,6 @@
 !! questions.
 !!
 
-    !! Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    !! The "ld" at Fetch32 is potentially faulting instruction.
-    !! If the instruction traps the trap handler will arrange
-    !! for control to resume at Fetch32Resume.  
-    !! By convention with the trap handler we ensure there is a non-CTI
-    !! instruction in the trap shadow.  
-    !!
-    !! The reader might be tempted to move this service to .il.
-    !! Don't.  Sun's CC back-end reads and optimize code emitted 
-    !! by the .il "call", in some cases optimizing the code, completely eliding it,
-    !! or by moving the code from the "call site". 
-        
-     !! ASM better know we may use G6 for our own purposes
-    .register %g6, #ignore
-        
-    .globl  SafeFetch32
-    .align  32
-    .global Fetch32PFI, Fetch32Resume 
-SafeFetch32:
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    ld      [%g1], %o0          !! <-- Potentially faulting instruction
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN
-    .align  32
-    .globl  FetchNPFI, FetchNResume
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     !! Possibilities:
     !! -- membar
     !! -- CAS (SP + BIAS, G0, G0)

hotspot/src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp

@@ -352,13 +352,6 @@ bool os::is_allocatable(size_t bytes) {
 
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -440,17 +433,10 @@ JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
     // factor me: getPCfromContext
     pc = (address) uc->uc_mcontext.gregs[REG_PC];
 
-    // SafeFetch32() support
+    if (StubRoutines::is_safefetch_fault(pc)) {
-    if (pc == (address) Fetch32PFI) {
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-      uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
       return true;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs [REG_PC] = intptr_t(FetchNResume) ;
-       return true ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV && info->si_code == SEGV_ACCERR) {

hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_32.s

@@ -54,20 +54,6 @@ fixcw:
 	popl     %eax
 	ret
 
-       .align  16
-       .globl  SafeFetch32
-       .globl  SafeFetchN
-       .globl  Fetch32PFI, Fetch32Resume
-SafeFetch32:
-SafeFetchN:
-        movl    0x8(%esp), %eax
-        movl    0x4(%esp), %ecx
-Fetch32PFI:
-        movl    (%ecx), %eax
-Fetch32Resume:
-        ret
-
-
         .align  16
         .globl  SpinPause
 SpinPause:

hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_64.s

@@ -51,26 +51,6 @@ fs_thread:
         movq %fs:0x0,%rax
         ret
 
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
-        ret
-
-        .globl SafeFetchN, FetchNPFI, FetchNResume
-        .align  16
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
-        ret
-
         .globl  SpinPause
         .align  16
 SpinPause:

hotspot/src/os_cpu/windows_x86/vm/os_windows_x86.cpp

@@ -518,24 +518,6 @@ void os::print_register_info(outputStream *st, void *context) {
   st->cr();
 }
 
-extern "C" int SafeFetch32 (int * adr, int Err) {
-   int rv = Err ;
-   _try {
-       rv = *((volatile int *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t Err) {
-   intptr_t rv = Err ;
-   _try {
-       rv = *((volatile intptr_t *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
 extern "C" int SpinPause () {
 #ifdef AMD64
    return 0 ;

hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp

@@ -873,7 +873,7 @@ bool G1CollectorPolicy::need_to_start_conc_mark(const char* source, size_t alloc
   size_t alloc_byte_size = alloc_word_size * HeapWordSize;
 
   if ((cur_used_bytes + alloc_byte_size) > marking_initiating_used_threshold) {
-    if (gcs_are_young()) {
+    if (gcs_are_young() && !_last_young_gc) {
       ergo_verbose5(ErgoConcCycles,
         "request concurrent cycle initiation",
         ergo_format_reason("occupancy higher than threshold")
@@ -931,7 +931,7 @@ void G1CollectorPolicy::record_collection_pause_end(double pause_time_ms, Evacua
   last_pause_included_initial_mark = during_initial_mark_pause();
   if (last_pause_included_initial_mark) {
     record_concurrent_mark_init_end(0.0);
-  } else if (!_last_young_gc && need_to_start_conc_mark("end of GC")) {
+  } else if (need_to_start_conc_mark("end of GC")) {
     // Note: this might have already been set, if during the last
     // pause we decided to start a cycle but at the beginning of
     // this pause we decided to postpone it. That's OK.

hotspot/src/share/vm/runtime/os.hpp

@@ -924,7 +924,5 @@ class os: AllStatic {
 // It'd also be eligible for inlining on many platforms.
 
 extern "C" int SpinPause();
-extern "C" int SafeFetch32 (int * adr, int errValue) ;
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t errValue) ;
 
 #endif // SHARE_VM_RUNTIME_OS_HPP

hotspot/src/share/vm/runtime/stubRoutines.cpp

@@ -136,6 +136,13 @@ double (* StubRoutines::_intrinsic_sin   )(double) = NULL;
 double (* StubRoutines::_intrinsic_cos   )(double) = NULL;
 double (* StubRoutines::_intrinsic_tan   )(double) = NULL;
 
+address StubRoutines::_safefetch32_entry                 = NULL;
+address StubRoutines::_safefetch32_fault_pc              = NULL;
+address StubRoutines::_safefetch32_continuation_pc       = NULL;
+address StubRoutines::_safefetchN_entry                  = NULL;
+address StubRoutines::_safefetchN_fault_pc               = NULL;
+address StubRoutines::_safefetchN_continuation_pc        = NULL;
+
 // Initialization
 //
 // Note: to break cycle with universe initialization, stubs are generated in two phases.

hotspot/src/share/vm/runtime/stubRoutines.hpp

@@ -221,6 +221,14 @@ class StubRoutines: AllStatic {
   static double (*_intrinsic_cos)(double);
   static double (*_intrinsic_tan)(double);
 
+  // Safefetch stubs.
+  static address _safefetch32_entry;
+  static address _safefetch32_fault_pc;
+  static address _safefetch32_continuation_pc;
+  static address _safefetchN_entry;
+  static address _safefetchN_fault_pc;
+  static address _safefetchN_continuation_pc;
+
  public:
   // Initialization/Testing
   static void    initialize1();                            // must happen before universe::genesis
@@ -381,6 +389,34 @@ class StubRoutines: AllStatic {
     return _intrinsic_tan(d);
   }
 
+  //
+  // Safefetch stub support
+  //
+
+  typedef int      (*SafeFetch32Stub)(int*      adr, int      errValue);
+  typedef intptr_t (*SafeFetchNStub) (intptr_t* adr, intptr_t errValue);
+
+  static SafeFetch32Stub SafeFetch32_stub() { return CAST_TO_FN_PTR(SafeFetch32Stub, _safefetch32_entry); }
+  static SafeFetchNStub  SafeFetchN_stub()  { return CAST_TO_FN_PTR(SafeFetchNStub,  _safefetchN_entry); }
+
+  static bool is_safefetch_fault(address pc) {
+    return pc != NULL &&
+          (pc == _safefetch32_fault_pc ||
+           pc == _safefetchN_fault_pc);
+  }
+
+  static address continuation_for_safefetch_fault(address pc) {
+    assert(_safefetch32_continuation_pc != NULL &&
+           _safefetchN_continuation_pc  != NULL,
+           "not initialized");
+
+    if (pc == _safefetch32_fault_pc) return _safefetch32_continuation_pc;
+    if (pc == _safefetchN_fault_pc)  return _safefetchN_continuation_pc;
+
+    ShouldNotReachHere();
+    return NULL;
+  }
+
   //
   // Default versions of the above arraycopy functions for platforms which do
   // not have specialized versions
@@ -400,4 +436,15 @@ class StubRoutines: AllStatic {
   static void arrayof_oop_copy_uninit(HeapWord* src, HeapWord* dest, size_t count);
 };
 
+// Safefetch allows to load a value from a location that's not known
+// to be valid. If the load causes a fault, the error value is returned.
+inline int SafeFetch32(int* adr, int errValue) {
+  assert(StubRoutines::SafeFetch32_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetch32_stub()(adr, errValue);
+}
+inline intptr_t SafeFetchN(intptr_t* adr, intptr_t errValue) {
+  assert(StubRoutines::SafeFetchN_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetchN_stub()(adr, errValue);
+}
+
 #endif // SHARE_VM_RUNTIME_STUBROUTINES_HPP

hotspot/src/share/vm/services/memTracker.cpp

@@ -81,13 +81,13 @@ void MemTracker::init_tracking_options(const char* option_line) {
   } else if (strcmp(option_line, "=detail") == 0) {
     // detail relies on a stack-walking ability that may not
     // be available depending on platform and/or compiler flags
-    if (PLATFORM_NMT_DETAIL_SUPPORTED) {
+#if PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
       _tracking_level = NMT_detail;
-    } else {
+#else
       jio_fprintf(defaultStream::error_stream(),
-        "NMT detail is not supported on this platform.  Using NMT summary instead.");
+        "NMT detail is not supported on this platform.  Using NMT summary instead.\n");
       _tracking_level = NMT_summary;
-    }
+#endif
   } else if (strcmp(option_line, "=off") != 0) {
     vm_exit_during_initialization("Syntax error, expecting -XX:NativeMemoryTracking=[off|summary|detail]", NULL);
   }

hotspot/src/share/vm/utilities/globalDefinitions.hpp

@@ -381,12 +381,12 @@ const uint64_t KlassEncodingMetaspaceMax = (uint64_t(max_juint) + 1) << LogKlass
 #endif
 
 /*
- * If a platform does not support NMT_detail
+ * If a platform does not support native stack walking
  * the platform specific globalDefinitions (above)
- * can set PLATFORM_NMT_DETAIL_SUPPORTED to false
+ * can set PLATFORM_NATIVE_STACK_WALKING_SUPPORTED to 0
  */
-#ifndef PLATFORM_NMT_DETAIL_SUPPORTED
+#ifndef PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
-#define PLATFORM_NMT_DETAIL_SUPPORTED true
+#define PLATFORM_NATIVE_STACK_WALKING_SUPPORTED 1
 #endif
 
 // The byte alignment to be used by Arena::Amalloc.  See bugid 4169348.

hotspot/test/runtime/8001071/Test8001071.sh

@@ -2,21 +2,21 @@
 
 # Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-
+#
 # This code is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License version 2 only, as
 # published by the Free Software Foundation.
-
+#
 # This code is distributed in the hope that it will be useful, but WITHOUT
 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # version 2 for more details (a copy is included in the LICENSE file that
 # accompanied this code).
-
+#
 # You should have received a copy of the GNU General Public License version
 # 2 along with this work; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-
+#
 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 # or visit www.oracle.com if you need additional information or have any
 # questions.

jaxp/.hgtags

@@ -219,3 +219,5 @@ c84658e1740df64931005a9bc4c8ecef38eb47c3 jdk8-b94
 b8c5f4b6f0fffb44618fc609a584953c4ed67c0b jdk8-b95
 6121efd299235b057f3de94b0a4158c388c2907c jdk8-b96
 6c830db28d21108f32af990ecf4d80a75887980d jdk8-b97
+15e5bb51bc0cd89304dc2f7f29b4c8002e632353 jdk8-b98
+adf49c3ef83c160d53ece623049b2cdccaf78fc7 jdk8-b99

jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java

@@ -73,13 +73,39 @@ public final class XalanConstants {
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
+
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is false by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 } // class Constants

jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java

@@ -229,7 +229,8 @@ public final class SecuritySupport {
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -262,6 +263,9 @@ public final class SecuritySupport {
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -273,18 +277,16 @@ public final class SecuritySupport {
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+    public static String getJAXPSystemProperty(String sysPropertyId) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }

jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java

@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xalan.internal.utils;
+
+
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                XalanConstants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java

@@ -27,6 +27,9 @@ import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC;
@@ -215,11 +218,13 @@ public class TransformerFactoryImpl
      * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
      */
     private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
      /**
      * protocols allowed for external DTD references in source file and/or stylesheet.
      */
     private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
 
+    private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
 
     /**
      * javax.xml.transform.sax.TransformerFactory implementation.
@@ -235,15 +240,16 @@ public class TransformerFactoryImpl
     private TransformerFactoryImpl(boolean useServicesMechanism) {
         this._useServicesMechanism = useServicesMechanism;
 
-        String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
         if (System.getSecurityManager() != null) {
             _isSecureMode = true;
             _isNotSecureProcessing = false;
         }
-        _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
+
-                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
+        _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        _accessExternalDTD =  SecuritySupport.getDefaultAccessProperty(
+        _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
-                XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
+                Property.ACCESS_EXTERNAL_DTD);
+        _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                Property.ACCESS_EXTERNAL_STYLESHEET);
     }
 
     /**
@@ -306,11 +312,10 @@ public class TransformerFactoryImpl
             else
               return Boolean.FALSE;
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+
-            return _accessExternalStylesheet;
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
-        }
+        if (index > -1) {
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            return _xmlSecurityPropertyMgr.getValueByIndex(index);
-            return _accessExternalDTD;
         }
 
         // Throw an exception for all other attributes
@@ -413,12 +418,15 @@ public class TransformerFactoryImpl
                 return;
             }
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+
-            _accessExternalStylesheet = (String)value;
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
-            return;
+        if (index > -1) {
-        }
+            _xmlSecurityPropertyMgr.setValue(index,
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+                    State.APIPROPERTY, (String)value);
-            _accessExternalDTD = (String)value;
+            _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_DTD);
+            _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_STYLESHEET);
             return;
         }
 
@@ -466,11 +474,18 @@ public class TransformerFactoryImpl
             }
             _isNotSecureProcessing = !value;
 
-            // set restriction, allowing no access to external stylesheet
+            // set external access restriction when FSP is explicitly set
-            if (value) {
+            if (value && XalanConstants.IS_JDK8_OR_ABOVE) {
-                _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
-                _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_STYLESHEET,
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_DTD);
+                _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_STYLESHEET);
             }
+
             return;
         }
         else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {

jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java

@@ -33,7 +33,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -156,13 +156,9 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD =
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-        XMLConstants.ACCESS_EXTERNAL_DTD;
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA =
-        XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     //
     // Data
@@ -283,8 +279,7 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
             JAXP_SCHEMA_LANGUAGE,
             DTD_VALIDATOR_FACTORY_PROPERTY,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
+            XML_SECURITY_PROPERTY_MANAGER
-            ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -318,14 +313,8 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
         fValidationManager = createValidationManager();
         setProperty(VALIDATION_MANAGER, fValidationManager);
 
-        //For DOM, the secure feature is set to true by default
+        setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                new XMLSecurityPropertyManager());
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {

jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java

@@ -184,6 +184,9 @@ public final class Constants {
     public static final String ORACLE_JAXP_PROPERTY_PREFIX =
         "http://www.oracle.com/xml/jaxp/properties/";
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
     //System Properties corresponding to ACCESS_EXTERNAL_* properties
     public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
     public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
@@ -194,16 +197,17 @@ public final class Constants {
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
 
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is true by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
     //
     // DOM features
     //
@@ -697,6 +701,27 @@ public final class Constants {
         ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
     } // getXercesProperties():Enumeration
 
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 
     //
     // Classes

jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java

@@ -25,10 +25,9 @@
 
 package com.sun.org.apache.xerces.internal.impl;
 
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
-import javax.xml.XMLConstants;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLResolver;
@@ -51,15 +50,14 @@ public class PropertyManager {
 
     private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
 
-
+    /** Property identifier: Security property manager. */
-    /** Property identifier: access to external dtd */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     HashMap supportedProps = new HashMap();
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     public static final int CONTEXT_READER = 1;
     public static final int CONTEXT_WRITER = 2;
 
@@ -84,6 +82,7 @@ public class PropertyManager {
 
         HashMap properties = propertyManager.getProperties();
         supportedProps.putAll(properties);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)getProperty(XML_SECURITY_PROPERTY_MANAGER);
     }
 
     private HashMap getProperties(){
@@ -125,14 +124,8 @@ public class PropertyManager {
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
 
-        //For DOM/SAX, the secure feature is set to true by default
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+        supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     private void initWriterProps(){
@@ -148,7 +141,8 @@ public class PropertyManager {
      * }
      */
     public boolean containsProperty(String property){
-        return supportedProps.containsKey(property) ;
+        return supportedProps.containsKey(property) ||
+                (fSecurityPropertyMgr!=null && fSecurityPropertyMgr.getIndex(property) > -1) ;
     }
 
     public Object getProperty(String property){
@@ -174,7 +168,15 @@ public class PropertyManager {
             //add internal stax property
             supportedProps.put( Constants.XERCES_PROPERTY_PREFIX + Constants.STAX_ENTITY_RESOLVER_PROPERTY , new StaxEntityResolverWrapper((XMLResolver)value)) ;
         }
+
+        int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(property) : -1;
+        if (index > -1) {
+            fSecurityPropertyMgr.setValue(index,
+                    XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+        } else {
             supportedProps.put(property, value);
+        }
+
         if(equivalentProperty != null){
             supportedProps.put(equivalentProperty, value ) ;
         }

jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java

@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.xml.internal.stream.Entity;
 import javax.xml.XMLConstants;
@@ -166,8 +167,9 @@ public class XMLDocumentFragmentScannerImpl
     protected static final String STANDARD_URI_CONFORMANT =
             Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol
      *  For DOM/SAX, the secure feature is set to true by default
@@ -199,7 +201,7 @@ public class XMLDocumentFragmentScannerImpl
         SYMBOL_TABLE,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -610,7 +612,10 @@ public class XMLDocumentFragmentScannerImpl
         dtdGrammarUtil = null;
 
         // JAXP 1.5 features and properties
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
         fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
 
         //fEntityManager.test();
@@ -662,9 +667,10 @@ public class XMLDocumentFragmentScannerImpl
 
         dtdGrammarUtil = null;
 
-        // Oracle jdk feature
+         // JAXP 1.5 features and properties
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
-
+                propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
     } // reset(XMLComponentManager)
 
     /**
@@ -762,11 +768,10 @@ public class XMLDocumentFragmentScannerImpl
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
         {
-                fAccessExternalDTD = (String)value;
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
-            }
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
         }
 
     } // setProperty(String,Object)

jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java

@@ -31,6 +31,7 @@ import com.sun.org.apache.xerces.internal.util.*;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
@@ -166,8 +167,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol */
     static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
@@ -203,7 +205,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
                 VALIDATION_MANAGER,
                 BUFFER_SIZE,
                 SECURITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -214,7 +216,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
                 null,
                 new Integer(DEFAULT_BUFFER_SIZE),
                 null,
-                EXTERNAL_ACCESS_DEFAULT
+                null
     };
 
     private static final String XMLEntity = "[xml]".intern();
@@ -1421,7 +1423,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         // initialize state
         //fStandalone = false;
@@ -1485,7 +1488,11 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        if (spm == null) {
+            spm = new XMLSecurityPropertyManager();
+        }
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         //reset general state
         reset();
@@ -1641,11 +1648,10 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
         {
-                fAccessExternalDTD = (String)value;
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
-            }
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
         }
     }
 

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java

@@ -54,6 +54,7 @@ import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -218,6 +219,10 @@ XSLoader, DOMConfiguration {
     protected static final String ENTITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: access to external dtd */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
@@ -238,8 +243,7 @@ XSLoader, DOMConfiguration {
         SECURITY_MANAGER,
         LOCALE,
         SCHEMA_DV_FACTORY,
-        ACCESS_EXTERNAL_DTD,
+        XML_SECURITY_PROPERTY_MANAGER
-        ACCESS_EXTERNAL_SCHEMA
     };
 
     // Data
@@ -270,7 +274,6 @@ XSLoader, DOMConfiguration {
     private final CMNodeFactory fNodeFactory = new CMNodeFactory(); //component mgr will be set later
     private CMBuilder fCMBuilder;
     private XSDDescription fXSDDescription = new XSDDescription();
-    private String faccessExternalDTD = Constants.EXTERNAL_ACCESS_DEFAULT;
     private String faccessExternalSchema = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     private Map fJAXPCache;
@@ -466,11 +469,9 @@ XSLoader, DOMConfiguration {
                 fErrorReporter.putMessageFormatter(XSMessageFormatter.SCHEMA_DOMAIN, new XSMessageFormatter());
             }
         }
-        else if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+        else if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
-            faccessExternalDTD = (String) state;
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)state;
-        }
+            faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
-        else if (propertyId.equals(ACCESS_EXTERNAL_SCHEMA)) {
-            faccessExternalSchema = (String) state;
         }
     } // setProperty(String, Object)
 
@@ -1066,8 +1067,8 @@ XSLoader, DOMConfiguration {
         fSchemaHandler.setGenerateSyntheticAnnotations(componentManager.getFeature(GENERATE_SYNTHETIC_ANNOTATIONS, false));
         fSchemaHandler.reset(componentManager);
 
-        faccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
-        faccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA);
+        faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
     }
 
     private void initGrammarBucket(){

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java

@@ -233,11 +233,9 @@ public class XMLSchemaValidator
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     protected static final String USE_SERVICE_MECHANISM = Constants.ORACLE_FEATURE_SERVICE_MECHANISM;
 
@@ -297,8 +295,7 @@ public class XMLSchemaValidator
             JAXP_SCHEMA_SOURCE,
             JAXP_SCHEMA_LANGUAGE,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
+            XML_SECURITY_PROPERTY_MANAGER
-            ACCESS_EXTERNAL_SCHEMA
             };
 
     /** Property defaults. */

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java

@@ -78,6 +78,7 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
@@ -112,6 +113,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
@@ -223,11 +225,9 @@ public class XSDHandler {
     protected static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
+        /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     protected static final boolean DEBUG_NODE_POOL = false;
 
@@ -260,6 +260,7 @@ public class XSDHandler {
     protected SecurityManager fSecureProcessing = null;
 
     private String fAccessExternalSchema;
+    private String fAccessExternalDTD;
 
     // These tables correspond to the symbol spaces defined in the
     // spec.
@@ -2249,6 +2250,13 @@ public class XSDHandler {
                         }
                     }
                     catch (SAXException se) {}
+
+                    try {
+                        parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                    } catch (SAXNotRecognizedException exc) {
+                        System.err.println("Warning: " + parser.getClass().getName() + ": " +
+                                exc.getMessage());
+                    }
                 }
                 // If XML names and Namespace URIs are already internalized we
                 // can avoid running them through the SymbolTable.
@@ -3580,11 +3588,17 @@ public class XSDHandler {
         } catch (XMLConfigurationException e) {
         }
 
-        //For Schema validation, the secure feature is set to true by default
+        XMLSecurityPropertyManager securityPropertyMgr = (XMLSecurityPropertyManager)
-        fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
-                componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
+        //Passing on the setting to the parser
-        fAccessExternalSchema = (String) componentManager.getProperty(
+        fSchemaParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, securityPropertyMgr);
-                ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+
+        fAccessExternalDTD = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
+        fAccessExternalSchema = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
+
     } // reset(XMLComponentManager)
 
 

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java

@@ -37,6 +37,9 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
 import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
 import com.sun.org.apache.xerces.internal.parsers.DOMParser;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -97,12 +100,17 @@ public class DocumentBuilderImpl extends DocumentBuilder
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** property identifier: access external dtd. */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
     /** Property identifier: access to external schema */
     public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
+
     private final DOMParser domParser;
     private final Schema grammar;
 
@@ -117,6 +125,8 @@ public class DocumentBuilderImpl extends DocumentBuilder
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     DocumentBuilderImpl(DocumentBuilderFactoryImpl dbf, Hashtable dbfAttrs, Hashtable features)
         throws SAXNotRecognizedException, SAXNotSupportedException {
         this(dbf, dbfAttrs, features, false);
@@ -160,23 +170,27 @@ public class DocumentBuilderImpl extends DocumentBuilder
             domParser.setFeature(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
 
             /**
-             * By default, secure processing is set, no external access is allowed.
+             * If secure processing is explicitly set on the factory, the
-             * However, we need to check if it is actively set on the factory since we
+             * access properties will be set unless the corresponding
-             * allow the use of the System Property or jaxp.properties to override
+             * System Properties or jaxp.properties are set
-             * the default value
              */
             if (features != null) {
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
-                        domParser.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
-                        domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_SCHEMA,
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
                     }
                 }
             }
@@ -220,7 +234,7 @@ public class DocumentBuilderImpl extends DocumentBuilder
             setFeatures(features);
         }
 
-        // Set attributes
+        //setAttribute override those that may be set by other means
         setDocumentBuilderFactoryAttributes(dbfAttrs);
 
         // Initial EntityResolver
@@ -288,6 +302,11 @@ public class DocumentBuilderImpl extends DocumentBuilder
                                 new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
                         }
                      }
+                  } else {
+                    int index = fSecurityPropertyMgr.getIndex(name);
+                    if (index > -1) {
+                        fSecurityPropertyMgr.setValue(index,
+                                XMLSecurityPropertyManager.State.APIPROPERTY, (String)val);
                     } else {
                         // Let Xerces code handle the property
                         domParser.setProperty(name, val);
@@ -295,6 +314,7 @@ public class DocumentBuilderImpl extends DocumentBuilder
                   }
              }
         }
+    }
 
     /**
      * Non-preferred: use the getDOMImplementation() method instead of this

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java

@@ -36,6 +36,7 @@ import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -92,11 +93,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     private final JAXPSAXParser xmlReader;
     private String schemaLanguage = null;     // null means DTD
@@ -113,6 +112,8 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /**
      * Create a SAX parser with the associated features
      * @param features Hashtable of SAX features, may be null
@@ -149,6 +150,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
             xmlReader.setFeature0(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
@@ -162,9 +166,12 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
                     }
                 }
             }
@@ -530,15 +537,22 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                     return;
                 }
             }
-            if (!fInitProperties.containsKey(name)) {
-                fInitProperties.put(name, super.getProperty(name));
-            }
             /** Forward property to the schema validator if there is one. **/
             if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
                 setSchemaValidatorProperty(name, value);
             }
+            /** Check to see if the property is managed by the property manager **/
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSAXParser.fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            } else {
+                if (!fInitProperties.containsKey(name)) {
+                    fInitProperties.put(name, super.getProperty(name));
+                }
                 super.setProperty(name, value);
             }
+        }
 
         public synchronized Object getProperty(String name)
             throws SAXNotRecognizedException, SAXNotSupportedException {
@@ -550,6 +564,11 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                 // JAXP 1.2 support
                 return fSAXParser.schemaLanguage;
             }
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
+            }
+
             return super.getProperty(name);
         }
 

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java

@@ -177,11 +177,11 @@ final class StreamValidatorHelper implements ValidatorHelper {
         }
         config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
         config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
-        config.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
         config.setDocumentHandler(fSchemaValidator);
         config.setDTDHandler(null);
         config.setDTDContentModelHandler(null);
+        config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
+                fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
         fConfiguration = new SoftReference(config);
         return config;
     }

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java

@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.QName;
@@ -134,6 +135,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
     private static final String VALIDATION_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     //
     // Data
     //
@@ -686,8 +691,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
                                catch (SAXException exc) {}
                            }
                            try {
+                               XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                                       fComponentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
                                reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                                      fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
+                                       spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD));
                            } catch (SAXException exc) {
                                System.err.println("Warning: " + reader.getClass().getName() + ": " +
                                       exc.getMessage());

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java

@@ -45,7 +45,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.StAXInputSource;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -83,11 +83,10 @@ public final class XMLSchemaFactory extends SchemaFactory {
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema  */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     //
     // Data
@@ -111,6 +110,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
     /** The SecurityManager. */
     private SecurityManager fSecurityManager;
 
+    /** The Security property manager. */
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /** The container for the real grammar pool. */
     private XMLGrammarPoolWrapper fXMLGrammarPoolWrapper;
 
@@ -120,6 +122,8 @@ public final class XMLSchemaFactory extends SchemaFactory {
      * Note the default value (false) is the safe option..
      */
     private final boolean fUseServicesMechanism;
+
+
     public XMLSchemaFactory() {
         this(true);
     }
@@ -140,13 +144,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
         fSecurityManager = new SecurityManager();
         fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
 
-        //by default, the secure feature is set to true, otherwise the default would have been 'file'
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        String accessExternal = SecuritySupport.getDefaultAccessProperty(
+        fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+                fSecurityPropertyMgr);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-        accessExternal = SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     /**
@@ -282,6 +282,7 @@ public final class XMLSchemaFactory extends SchemaFactory {
             schema = new EmptyXMLSchema();
         }
         propagateFeatures(schema);
+        propagateProperties(schema);
         return schema;
     }
 
@@ -366,8 +367,13 @@ public final class XMLSchemaFactory extends SchemaFactory {
             }
             if (value) {
                 fSecurityManager = new SecurityManager();
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                if (Constants.IS_JDK8_OR_ABOVE) {
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                }
             } else {
                 fSecurityManager = null;
             }
@@ -414,8 +420,14 @@ public final class XMLSchemaFactory extends SchemaFactory {
                     "property-not-supported", new Object [] {name}));
         }
         try {
+            int index = fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)object);
+            } else {
                 fXMLSchemaLoader.setProperty(name, object);
             }
+        }
         catch (XMLConfigurationException e) {
             String identifier = e.getIdentifier();
             if (e.getType() == Status.NOT_RECOGNIZED) {

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java

@@ -42,6 +42,7 @@ import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
@@ -107,6 +108,10 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: symbol table. */
     private static final String SYMBOL_TABLE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY;
@@ -123,12 +128,6 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     private static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema  */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
-
     //
     // Data
     //
@@ -184,6 +183,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     /** Stores the initial security manager. */
     private final SecurityManager fInitSecurityManager;
 
+    /** Stores the initial security property manager. */
+    private final XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     //
     // User Objects
     //
@@ -250,8 +252,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
         fComponents.put(SECURITY_MANAGER, fInitSecurityManager);
 
         //pass on properties set on SchemaFactory
-        setProperty(ACCESS_EXTERNAL_DTD, grammarContainer.getProperty(ACCESS_EXTERNAL_DTD));
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
-        setProperty(ACCESS_EXTERNAL_SCHEMA, grammarContainer.getProperty(ACCESS_EXTERNAL_SCHEMA));
+                grammarContainer.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
+        setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
     }
 
     /**
@@ -309,6 +312,15 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
                 throw new XMLConfigurationException(Status.NOT_ALLOWED, XMLConstants.FEATURE_SECURE_PROCESSING);
             }
             setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
+
+            if (value && Constants.IS_JDK8_OR_ABOVE) {
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+            }
+
             return;
         }
         fConfigUpdated = true;

jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java

@@ -29,6 +29,7 @@ import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper;
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
@@ -74,6 +75,10 @@ public class DOMParser
     protected static final String REPORT_WHITESPACE =
             Constants.SUN_SCHEMA_FEATURE_PREFIX + Constants.SUN_REPORT_IGNORED_ELEMENT_CONTENT_WHITESPACE;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     // recognized features:
     private static final String[] RECOGNIZED_FEATURES = {
         REPORT_WHITESPACE
@@ -579,6 +584,13 @@ public class DOMParser
        }
 
         try {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                    fConfiguration.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+            int index = spm.getIndex(propertyId);
+            if (index > -1) {
+                return spm.getValueByIndex(index);
+            }
+
             return fConfiguration.getProperty(propertyId);
         }
         catch (XMLConfigurationException e) {

jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java

@@ -22,8 +22,11 @@ package com.sun.org.apache.xerces.internal.parsers;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
 
 /**
  * This is the main Xerces SAX parser class. It uses the abstract SAX
@@ -120,4 +123,24 @@ public class SAXParser
 
     } // <init>(SymbolTable,XMLGrammarPool)
 
+    /**
+     * Sets the particular property in the underlying implementation of
+     * org.xml.sax.XMLReader.
+     */
+    public void setProperty(String name, Object value)
+        throws SAXNotRecognizedException, SAXNotSupportedException {
+        XMLSecurityPropertyManager spm = new XMLSecurityPropertyManager();
+        int index = spm.getIndex(name);
+        if (index > -1) {
+            /**
+             * this is a direct call to this parser, not a subclass since
+             * internally the support of this property is done through
+             * XMLSecurityPropertyManager
+             */
+            spm.setValue(index, XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, spm);
+        } else {
+            super.setProperty(name, value);
+        }
+    }
 } // class SAXParser

jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java

@@ -20,12 +20,10 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
-import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Locale;
-import java.util.Properties;
 import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
@@ -53,9 +51,8 @@ import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.FeatureState;
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -278,11 +275,10 @@ public class XML11Configuration extends ParserConfigurationSettings
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     // debugging
 
@@ -535,8 +531,7 @@ public class XML11Configuration extends ParserConfigurationSettings
                 SCHEMA_NONS_LOCATION,
                 LOCALE,
                 SCHEMA_DV_FACTORY,
-                ACCESS_EXTERNAL_DTD,
+                XML_SECURITY_PROPERTY_MANAGER
-                ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -584,14 +579,7 @@ public class XML11Configuration extends ParserConfigurationSettings
 
         fVersionDetector = new XMLVersionDetector();
 
-        //FEATURE_SECURE_PROCESSING is true, see the feature above
+        fProperties.put(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {

jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java

@@ -223,7 +223,8 @@ public final class SecuritySupport {
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -256,6 +257,9 @@ public final class SecuritySupport {
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -267,18 +271,16 @@ public final class SecuritySupport {
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+    public static String getJAXPSystemProperty(String sysPropertyId) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }

jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java

@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xerces.internal.utils;
+
+import com.sun.org.apache.xerces.internal.impl.Constants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                Constants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA,
+                Constants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                Constants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA,
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}

jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java

@@ -68,6 +68,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerHandler;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerProcessor;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import java.util.Objects;
 
 /**
@@ -231,13 +232,9 @@ public class XIncludeHandler
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
+    /** property identifier: XML security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    protected static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** access external dtd: file protocol
-     *  For DOM/SAX, the secure feature is set to true by default
-     */
-    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     /** Recognized features. */
     private static final String[] RECOGNIZED_FEATURES =
@@ -293,12 +290,7 @@ public class XIncludeHandler
     protected XMLErrorReporter fErrorReporter;
     protected XMLEntityResolver fEntityResolver;
     protected SecurityManager fSecurityManager;
-    /**
+    protected XMLSecurityPropertyManager fSecurityPropertyMgr;
-     * comma-delimited list of protocols that are allowed for the purpose
-     * of accessing external dtd or entity references
-     */
-    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
-
 
     // these are needed for text include processing
     protected XIncludeTextReader fXInclude10TextReader;
@@ -540,7 +532,8 @@ public class XIncludeHandler
             fSecurityManager = null;
         }
 
-        fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
+                componentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
 
         // Get buffer size.
         try {
@@ -687,11 +680,13 @@ public class XIncludeHandler
             }
             return;
         }
-        if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
-            fAccessExternalDTD = (String)value;
+            fSecurityPropertyMgr = (XMLSecurityPropertyManager)value;
+
             if (fChildConfig != null) {
-                fChildConfig.setProperty(propertyId, value);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, value);
             }
+
             return;
         }
 
@@ -1652,7 +1647,7 @@ public class XIncludeHandler
                 if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
                 if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
                 fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
-                fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
                 fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
 
                 // features must be copied to child configuration

jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java

@@ -140,12 +140,6 @@ public class XMLReaderManager {
                     // Try to carry on if we've got a parser that
                     // doesn't know about namespace prefixes.
                 }
-                try {
-                    reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
-                } catch (SAXException se) {
-                    System.err.println("Warning:  " + reader.getClass().getName() + ": "
-                                + se.getMessage());
-                }
             } catch (ParserConfigurationException ex) {
                 throw new SAXException(ex);
             } catch (FactoryConfigurationError ex1) {
@@ -162,6 +156,14 @@ public class XMLReaderManager {
             }
         }
 
+        try {
+            //reader is cached, but this property might have been reset
+            reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
+        } catch (SAXException se) {
+            System.err.println("Warning:  " + reader.getClass().getName() + ": "
+                        + se.getMessage());
+        }
+
         return reader;
     }
 

jaxws/.hgtags

@@ -219,3 +219,5 @@ a0f604766ca14818e2a7b1558cc399499caabf75 jdk8-b92
 1468c94135f978dd29d03bce2f7d7e952154d144 jdk8-b95
 690d34b326bc78a6f5f225522695b41c7f7f70e8 jdk8-b96
 dcde7f049111353ad23175f54985a4f6bfea720c jdk8-b97
+b1fb4612a2caea52b5661b87509e560fa044b194 jdk8-b98
+8ef83d4b23c933935e28f59b282cea920b1b1f5f jdk8-b99

jdk/.hgtags

@@ -219,3 +219,5 @@ a2a2a91075ad85becbe10a39d7fd04ef9bea8df5 jdk8-b92
 42aa9f1828852bb8b77e98ec695211493ae0759d jdk8-b95
 4a5d3cf2b3af1660db0237e8da324c140e534fa4 jdk8-b96
 978a95239044f26dcc8a6d59246be07ad6ca6be2 jdk8-b97
+c4908732fef5235f1b98cafe0ce507771ef7892c jdk8-b98
+6a099a36589bd933957272ba63e5263bede29971 jdk8-b99

jdk/make/sun/security/pkcs11/mapfile-vers

@@ -102,7 +102,7 @@ SUNWprivate_1.1 {
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:

jdk/makefiles/mapfiles/libj2pkcs11/mapfile-vers

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -102,7 +102,7 @@ SUNWprivate_1.1 {
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:

jdk/src/macosx/classes/com/apple/eawt/FullScreenHandler.java

@@ -32,6 +32,7 @@ import java.util.List;
 import javax.swing.RootPaneContainer;
 
 import com.apple.eawt.AppEvent.FullScreenEvent;
+import sun.awt.SunToolkit;
 
 import java.lang.annotation.Native;
 
@@ -75,7 +76,7 @@ final class FullScreenHandler {
     static void handleFullScreenEventFromNative(final Window window, final int type) {
         if (!(window instanceof RootPaneContainer)) return; // handles null
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final FullScreenHandler handler = getHandlerFor((RootPaneContainer)window);
                 if (handler != null) handler.notifyListener(new FullScreenEvent(window), type);

jdk/src/macosx/classes/com/apple/eawt/_AppEventHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@ import java.io.File;
 import java.net.*;
 import java.util.*;
 import java.util.List;
+import sun.awt.AppContext;
+import sun.awt.SunToolkit;
 
 import com.apple.eawt.AppEvent.*;
 
@@ -269,13 +271,11 @@ class _AppEventHandler {
     }
 
     class _AppReOpenedDispatcher extends _AppEventMultiplexor<AppReOpenedListener> {
-        void performOnListeners(final List<AppReOpenedListener> listeners, final _NativeEvent event) {
+        void performOnListener(AppReOpenedListener listener, final _NativeEvent event) {
             final AppReOpenedEvent e = new AppReOpenedEvent();
-            for (final AppReOpenedListener listener : listeners) {
             listener.appReOpened(e);
         }
     }
-    }
 
     class _AppForegroundDispatcher extends _BooleanAppEventMultiplexor<AppForegroundListener, AppForegroundEvent> {
         AppForegroundEvent createEvent(final boolean isTrue) { return new AppForegroundEvent(); }
@@ -415,50 +415,67 @@ class _AppEventHandler {
     }
 
     abstract class _AppEventMultiplexor<L> {
-        final List<L> _listeners = new ArrayList<L>(0);
+        private final Map<L, AppContext> listenerToAppContext =
+                new IdentityHashMap<L, AppContext>();
         boolean nativeListenerRegistered;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event, final Object... args) {
-            // grab a local ref to the listeners
+            // grab a local ref to the listeners and its contexts as an array of the map's entries
-            final List<L> localListeners;
+            final ArrayList<Map.Entry<L, AppContext>> localEntries;
             synchronized (this) {
-                if (_listeners.size() == 0) return;
+                if (listenerToAppContext.size() == 0) {
-                localListeners = new ArrayList<L>(_listeners);
+                    return;
+                }
+                localEntries = new ArrayList<Map.Entry<L, AppContext>>(listenerToAppContext.size());
+                localEntries.addAll(listenerToAppContext.entrySet());
             }
 
-            EventQueue.invokeLater(new Runnable() {
+            for (final Map.Entry<L, AppContext> e : localEntries) {
+                final L listener = e.getKey();
+                final AppContext listenerContext = e.getValue();
+                SunToolkit.invokeLaterOnAppContext(listenerContext, new Runnable() {
                     public void run() {
-                    performOnListeners(localListeners, event);
+                        performOnListener(listener, event);
                     }
                 });
             }
+        }
 
         synchronized void addListener(final L listener) {
+            setListenerContext(listener, AppContext.getAppContext());
+
             if (!nativeListenerRegistered) {
                 registerNativeListener();
                 nativeListenerRegistered = true;
             }
-            _listeners.add(listener);
         }
 
         synchronized void removeListener(final L listener) {
-            _listeners.remove(listener);
+            listenerToAppContext.remove(listener);
         }
 
-        abstract void performOnListeners(final List<L> listeners, final _NativeEvent event);
+        abstract void performOnListener(L listener, final _NativeEvent event);
         void registerNativeListener() { }
+
+        private void setListenerContext(L listener, AppContext listenerContext) {
+            if (listenerContext == null) {
+                throw new RuntimeException(
+                        "Attempting to add a listener from a thread group without AppContext");
+            }
+            listenerToAppContext.put(listener, AppContext.getAppContext());
+        }
     }
 
     abstract class _BooleanAppEventMultiplexor<L, E> extends _AppEventMultiplexor<L> {
         @Override
-        void performOnListeners(final List<L> listeners, final _NativeEvent event) {
+        void performOnListener(L listener, final _NativeEvent event) {
             final boolean isTrue = Boolean.TRUE.equals(event.get(0));
             final E e = createEvent(isTrue);
             if (isTrue) {
-                for (final L listener : listeners) performTrueEventOn(listener, e);
+                performTrueEventOn(listener, e);
             } else {
-                for (final L listener : listeners) performFalseEventOn(listener, e);
+                performFalseEventOn(listener, e);
             }
         }
 
@@ -479,30 +496,34 @@ class _AppEventHandler {
      */
     abstract class _AppEventDispatcher<H> {
         H _handler;
+        AppContext handlerContext;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event) {
-            EventQueue.invokeLater(new Runnable() {
-                public void run() {
             // grab a local ref to the handler
             final H localHandler;
+            final AppContext localHandlerContext;
             synchronized (_AppEventDispatcher.this) {
                 localHandler = _handler;
+                localHandlerContext = handlerContext;
             }
 
-                    // invoke the handler outside of the synchronized block
             if (localHandler == null) {
                 performDefaultAction(event);
             } else {
+                SunToolkit.invokeLaterOnAppContext(localHandlerContext, new Runnable() {
+                    public void run() {
                         performUsing(localHandler, event);
                     }
-                }
                 });
             }
+        }
 
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // if a new handler is installed, block addition of legacy ApplicationListeners
             if (handler == legacyHandler) return;
             legacyHandler.blockLegacyAPI();
@@ -510,6 +531,15 @@ class _AppEventHandler {
 
         void performDefaultAction(final _NativeEvent event) { } // by default, do nothing
         abstract void performUsing(final H handler, final _NativeEvent event);
+
+        protected void setHandlerContext(AppContext ctx) {
+            if (ctx == null) {
+                throw new RuntimeException(
+                        "Attempting to set a handler from a thread group without AppContext");
+            }
+
+            handlerContext = ctx;
+        }
     }
 
     abstract class _QueuingAppEventDispatcher<H> extends _AppEventDispatcher<H> {
@@ -531,6 +561,8 @@ class _AppEventHandler {
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // dispatch any events in the queue
             if (queuedEvents != null) {
                 // grab a local ref to the queue, so the real one can be nulled out

jdk/src/macosx/classes/com/apple/eawt/event/GestureHandler.java

@@ -25,6 +25,8 @@
 
 package com.apple.eawt.event;
 
+import sun.awt.SunToolkit;
+
 import java.awt.*;
 import java.util.*;
 import java.util.List;
@@ -70,7 +72,7 @@ final class GestureHandler {
     static void handleGestureFromNative(final Window window, final int type, final double x, final double y, final double a, final double b) {
         if (window == null) return; // should never happen...
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final Component component = SwingUtilities.getDeepestComponentAt(window, (int)x, (int)y);
 

jdk/src/macosx/classes/com/apple/laf/ScreenMenu.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.util.Hashtable;
 
 import javax.swing.*;
 
+import sun.awt.SunToolkit;
 import sun.lwawt.LWToolkit;
 import sun.lwawt.macosx.*;
 
@@ -144,7 +145,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
                     updateItems();
                     fItemBounds = new Rectangle[invoker.getMenuComponentCount()];
                 }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             System.err.println(e);
             e.printStackTrace();
@@ -172,7 +173,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
 
             fItemBounds = null;
     }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             e.printStackTrace();
         }
@@ -200,7 +201,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
         if (kind == 0) return;
         if (fItemBounds == null) return;
 
-        SwingUtilities.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(fInvoker, new Runnable() {
             @Override
             public void run() {
                 Component target = null;

jdk/src/macosx/classes/sun/lwawt/macosx/CCheckboxMenuItem.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@ public class CCheckboxMenuItem extends CMenuItem implements CheckboxMenuItemPeer
 
     public void handleAction(final boolean state) {
         final CheckboxMenuItem target = (CheckboxMenuItem)getTarget();
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(target, new Runnable() {
             public void run() {
                 target.setState(state);
             }

jdk/src/macosx/classes/sun/lwawt/macosx/CDragSourceContextPeer.java

@@ -107,10 +107,6 @@ public final class CDragSourceContextPeer extends SunDragSourceContextPeer {
             loc = rootComponent.getLocation();
         }
 
-        //It sure will be LWComponentPeer instance as rootComponent is a Window
-        PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
-        long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
-
         // If there isn't any drag image make one of default appearance:
         if (fDragImage == null)
             this.setDefaultDragImage(component);
@@ -137,6 +133,11 @@ public final class CDragSourceContextPeer extends SunDragSourceContextPeer {
         }
 
         try {
+            //It sure will be LWComponentPeer instance as rootComponent is a Window
+            PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
+            long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
+            if (nativeViewPtr == 0L) throw new InvalidDnDOperationException("Unsupported platform window implementation");
+
             // Create native dragging source:
             final long nativeDragSource = createNativeDragSource(component, nativeViewPtr, transferable, triggerEvent,
                 (int) (dragOrigin.getX()), (int) (dragOrigin.getY()), extModifiers,

jdk/src/macosx/classes/sun/lwawt/macosx/CDropTarget.java

@@ -52,6 +52,8 @@ public final class CDropTarget {
         fPeer = peer;
 
         long nativePeer = CPlatformWindow.getNativeViewPtr(((LWComponentPeer) peer).getPlatformWindow());
+        if (nativePeer == 0L) return; // Unsupported for a window without a native view (plugin)
+
         // Create native dragging destination:
         fNativeDropTarget = this.createNativeDropTarget(dropTarget, component, peer, nativePeer);
         if (fNativeDropTarget == 0) {

jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java

@@ -479,12 +479,14 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
             deliverZoom(true);
 
             this.normalBounds = peer.getBounds();
-            long screen = CWrapper.NSWindow.screen(getNSWindowPtr());
+
-            Rectangle toBounds = CWrapper.NSScreen.visibleFrame(screen).getBounds();
+            GraphicsConfiguration config = getPeer().getGraphicsConfiguration();
-            // Flip the y coordinate
+            Insets i = ((CGraphicsDevice)config.getDevice()).getScreenInsets();
-            Rectangle frame = CWrapper.NSScreen.frame(screen).getBounds();
+            Rectangle toBounds = config.getBounds();
-            toBounds.y = frame.height - toBounds.y - toBounds.height;
+            setBounds(toBounds.x + i.left,
-            setBounds(toBounds.x, toBounds.y, toBounds.width, toBounds.height);
+                      toBounds.y + i.top,
+                      toBounds.width - i.left - i.right,
+                      toBounds.height - i.top - i.bottom);
         }
     }
 
@@ -751,13 +753,7 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
         // the move/size notification from the underlying system comes
         // but it contains a bounds smaller than the whole screen
         // and therefore we need to create the synthetic notifications
-        Rectangle screenBounds;
+        Rectangle screenBounds = getPeer().getGraphicsConfiguration().getBounds();
-        final long screenPtr = CWrapper.NSWindow.screen(getNSWindowPtr());
-        try {
-            screenBounds = CWrapper.NSScreen.frame(screenPtr).getBounds();
-        } finally {
-            CWrapper.NSObject.release(screenPtr);
-        }
         peer.notifyReshape(screenBounds.x, screenBounds.y, screenBounds.width,
                            screenBounds.height);
     }
@@ -900,8 +896,6 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
             nativePeer = ((CPlatformWindow) platformWindow).getContentView().getAWTView();
         } else if (platformWindow instanceof CViewPlatformEmbeddedFrame){
             nativePeer = ((CViewPlatformEmbeddedFrame) platformWindow).getNSViewPtr();
-        } else {
-            throw new IllegalArgumentException("Unsupported platformWindow implementation");
         }
         return nativePeer;
     }
@@ -932,27 +926,21 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
 
         final Rectangle oldB = nativeBounds;
         nativeBounds = new Rectangle(x, y, width, height);
-        final GraphicsConfiguration oldGC = peer.getGraphicsConfiguration();
-
-        final GraphicsConfiguration newGC = peer.getGraphicsConfiguration();
-        // System-dependent appearance optimization.
         if (peer != null) {
             peer.notifyReshape(x, y, width, height);
-        }
+            // System-dependent appearance optimization.
-
             if ((byUser && !oldB.getSize().equals(nativeBounds.getSize()))
-            || isFullScreenAnimationOn || !Objects.equals(newGC, oldGC)) {
+                    || isFullScreenAnimationOn) {
                 flushBuffers();
             }
         }
+    }
 
     private void deliverWindowClosingEvent() {
-        if (peer != null) {
+        if (peer != null && peer.getBlocker() == null) {
-            if (peer.getBlocker() == null)  {
             peer.postEvent(new WindowEvent(target, WindowEvent.WINDOW_CLOSING));
         }
     }
-    }
 
     private void deliverIconify(final boolean iconify) {
         if (peer != null) {

jdk/src/macosx/classes/sun/lwawt/macosx/CViewEmbeddedFrame.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,7 +96,7 @@ public class CViewEmbeddedFrame extends EmbeddedFrame {
                     validate();
                     setVisible(true);
                 }
-            }, null);
+            }, this);
         } catch (InterruptedException | InvocationTargetException ex) {}
     }
 }

jdk/src/macosx/classes/sun/lwawt/macosx/CWrapper.java

@@ -71,8 +71,6 @@ public final class CWrapper {
         public static native void zoom(long window);
 
         public static native void makeFirstResponder(long window, long responder);
-
-        public static native long screen(long window);
     }
 
     public static final class NSView {
@@ -95,12 +93,6 @@ public final class CWrapper {
         public static native void release(long object);
     }
 
-    public static final class NSScreen {
-        public static native Rectangle2D frame(long screen);
-        public static native Rectangle2D visibleFrame(long screen);
-        public static native long screenByDisplayId(int displayID);
-    }
-
     public static final class NSColor {
         public static native long clearColor();
     }

jdk/src/macosx/native/sun/awt/CMenuItem.m

@@ -82,8 +82,13 @@ JNF_COCOA_ENTER(env);
         // keys, so we need to do the same translation here that we do
         // for the regular key down events
         if ([eventKey length] == 1) {
-            unichar ch =  NsCharToJavaChar([eventKey characterAtIndex:0], 0);
+            unichar origChar = [eventKey characterAtIndex:0];
-            eventKey = [NSString stringWithCharacters: &ch length: 1];
+            unichar newChar =  NsCharToJavaChar(origChar, 0);
+            if (newChar == java_awt_event_KeyEvent_CHAR_UNDEFINED) {
+                newChar = origChar;
+            }
+
+            eventKey = [NSString stringWithCharacters: &newChar length: 1];
         }
 
         if ([menuKey isEqualToString:eventKey]) {

jdk/src/macosx/native/sun/awt/CWrapper.m

@@ -396,31 +396,6 @@ JNF_COCOA_ENTER(env);
 JNF_COCOA_EXIT(env);
 }
 
-/*
- * Class:     sun_lwawt_macosx_CWrapper$NSWindow
- * Method:    screen
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSWindow_screen
-(JNIEnv *env, jclass cls, jlong windowPtr)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env);
-
-    AWTWindow *window = (AWTWindow *)jlong_to_ptr(windowPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        const NSScreen *screen = [window screen];
-        CFRetain(screen); // GC
-        screenPtr = ptr_to_jlong(screen);
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
 /*
  * Method:    miniaturize
  * Signature: (J)V
@@ -690,92 +665,6 @@ JNF_COCOA_ENTER(env);
 JNF_COCOA_EXIT(env);
 }
 
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper$NSScreen
- * Method:    frame
- * Signature: (J)Ljava/awt/Rectangle;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_frame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen frame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    visibleFrame
- * Signature: (J)Ljava/awt/geom/Rectangle2D;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_visibleFrame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen visibleFrame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    screenByDisplayId
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_screenByDisplayId
-(JNIEnv *env, jclass cls, jint displayID)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env); 
-
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        NSArray *screens = [NSScreen screens];
-        for (NSScreen *screen in screens) {
-            NSDictionary *screenInfo = [screen deviceDescription];
-            NSNumber *screenID = [screenInfo objectForKey:@"NSScreenNumber"];
-            if ([screenID intValue] == displayID){
-                CFRetain(screen); // GC
-                screenPtr = ptr_to_jlong(screen);
-                break;
-            }
-        }
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
 /*
  * Class:     sun_lwawt_macosx_CWrapper$NSColor
  * Method:    clearColor

jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import javax.crypto.spec.DESKeySpec;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES key factory of the Sun provider.
@@ -60,20 +61,22 @@ public final class DESKeyFactory extends SecretKeyFactorySpi {
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESKey desKey = null;
 
         try {
-            if (!(keySpec instanceof DESKeySpec)) {
+            if (keySpec instanceof DESKeySpec) {
-                throw new InvalidKeySpecException
+                return new DESKey(((DESKeySpec)keySpec).getKey());
-                    ("Inappropriate key specification");
             }
-            else {
+
-                DESKeySpec desKeySpec = (DESKeySpec)keySpec;
+            if (keySpec instanceof SecretKeySpec) {
-                desKey = new DESKey(desKeySpec.getKey());
+                return new DESKey(((SecretKeySpec)keySpec).getEncoded());
             }
+
+            throw new InvalidKeySpecException(
+                    "Inappropriate key specification");
+
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desKey;
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import javax.crypto.spec.DESedeKeySpec;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES-EDE key factory of the Sun provider.
@@ -60,20 +61,20 @@ public final class DESedeKeyFactory extends SecretKeyFactorySpi {
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESedeKey desEdeKey = null;
 
         try {
             if (keySpec instanceof DESedeKeySpec) {
-                DESedeKeySpec desEdeKeySpec = (DESedeKeySpec)keySpec;
+                return new DESedeKey(((DESedeKeySpec)keySpec).getKey());
-                desEdeKey = new DESedeKey(desEdeKeySpec.getKey());
+            }
+            if (keySpec instanceof SecretKeySpec) {
+                return new DESedeKey(((SecretKeySpec)keySpec).getEncoded());
 
-            } else {
+            }
             throw new InvalidKeySpecException
                 ("Inappropriate key specification");
-            }
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desEdeKey;
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -83,7 +83,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -118,7 +118,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -227,7 +227,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
 
         } catch (InvalidKeySpecException e) {
-            throw new InvalidKeyException("Cannot translate key");
+            throw new InvalidKeyException("Cannot translate key", e);
         }
     }
 }

jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java

@@ -167,15 +167,16 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
         BigInteger pMinus2 = p.subtract(BigInteger.valueOf(2));
 
         //
-        // Handbook of Applied Cryptography:  Menezes, et.al.
+        // PKCS#3 section 7.1 "Private-value generation"
-        // Repeat if the following does not hold:
+        // Repeat if either of the followings does not hold:
-        //     1 <= x <= p-2
+        //     0 < x < p-1
+        //     2^(lSize-1) <= x < 2^(lSize)
         //
         do {
             // generate random x up to 2^lSize bits long
             x = new BigInteger(lSize, random);
         } while ((x.compareTo(BigInteger.ONE) < 0) ||
-            ((x.compareTo(pMinus2) > 0)));
+            ((x.compareTo(pMinus2) > 0)) || (x.bitLength() != lSize));
 
         // calculate public value y
         BigInteger y = g.modPow(x, p);

jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.PrivateKey;
@@ -67,7 +68,7 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -179,20 +180,9 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
             this.key = val.data.getOctetString();
             parseKeyBits();
 
-            // ignore OPTIONAL attributes
-
             this.encodedKey = encodedKey.clone();
-
+        } catch (IOException | NumberFormatException e) {
-        } catch (NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
-            InvalidKeyException ike = new InvalidKeyException(
-                "Private-value length too big");
-            ike.initCause(e);
-            throw ike;
-        } catch (IOException e) {
-            InvalidKeyException ike = new InvalidKeyException(
-                "Error parsing key encoding: " + e.getMessage());
-            ike.initCause(e);
-            throw ike;
         }
     }
 
@@ -234,8 +224,9 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -273,11 +264,12 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
         }
+    }
 
     public String toString() {
         String LINE_SEP = System.getProperty("line.separator");
@@ -312,26 +304,21 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
+        return Objects.hash(x, p, g);
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
+        if (this == obj) return true;
-            return true;
 
-        if (!(obj instanceof PrivateKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPrivateKey)) {
             return false;
-
+        }
-        byte[] thisEncoded = this.getEncoded();
+        javax.crypto.interfaces.DHPrivateKey other =
-        byte[] thatEncoded = ((PrivateKey)obj).getEncoded();
+                (javax.crypto.interfaces.DHPrivateKey) obj;
-
+        DHParameterSpec otherParams = other.getParams();
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        return ((this.x.compareTo(other.getX()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -64,7 +65,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -173,13 +174,8 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
             }
 
             this.encodedKey = encodedKey.clone();
-
+        } catch (IOException | NumberFormatException e) {
-        } catch (NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
-            throw new InvalidKeyException("Private-value length too big");
-
-        } catch (IOException e) {
-            throw new InvalidKeyException(
-                "Error parsing key encoding: " + e.toString());
         }
     }
 
@@ -212,8 +208,9 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -253,11 +250,12 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
         }
+    }
 
     public String toString() {
         String LINE_SEP = System.getProperty("line.separator");
@@ -290,26 +288,22 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
+        return Objects.hash(y, p, g);
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
+        if (this == obj) return true;
-            return true;
 
-        if (!(obj instanceof PublicKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPublicKey)) {
             return false;
+        }
 
-        byte[] thisEncoded = this.getEncoded();
+        javax.crypto.interfaces.DHPublicKey other =
-        byte[] thatEncoded = ((PublicKey)obj).getEncoded();
+            (javax.crypto.interfaces.DHPublicKey) obj;
-
+        DHParameterSpec otherParams = other.getParams();
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        return ((this.y.compareTo(other.getY()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**

jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java

@@ -134,7 +134,7 @@ public class UnpackerImpl extends TLGlobals implements Pack200.Unpacker {
             } else {
                 try {
                     (new NativeUnpack(this)).run(in0, out);
-                } catch (UnsatisfiedLinkError ule) {
+                } catch (UnsatisfiedLinkError | NoClassDefFoundError ex) {
                     // failover to java implementation
                     (new DoUnpack()).run(in0, out);
                 }

jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java

@@ -52,6 +52,7 @@ import javax.management.NotCompliantMBeanException;
 import com.sun.jmx.remote.util.EnvHelp;
 import java.lang.reflect.Array;
 import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
 import javax.management.AttributeNotFoundException;
 import javax.management.openmbean.CompositeData;
 import sun.reflect.misc.MethodUtil;
@@ -64,7 +65,11 @@ import sun.reflect.misc.ReflectUtil;
  * @since 1.5
  */
 public class Introspector {
-
+    final public static boolean ALLOW_NONPUBLIC_MBEAN;
+    static {
+        String val = AccessController.doPrivileged(new GetPropertyAction("jdk.jmx.mbeans.allowNonPublic"));
+        ALLOW_NONPUBLIC_MBEAN = Boolean.parseBoolean(val);
+    }
 
      /*
      * ------------------------------------------
@@ -223,11 +228,27 @@ public class Introspector {
         return testCompliance(baseClass, null);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MXBean interface.
+     * A compliant MXBean interface is any publicly accessible interface
+     * following the {@link MXBean} conventions.
+     * @param interfaceClass An interface class to test for the MXBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@link MXBean} conventions.
+     */
     public static void testComplianceMXBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException {
         MXBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MBean interface.
+     * A compliant MBean interface is any publicly accessible interface
+     * following the {@code MBean} conventions.
+     * @param interfaceClass An interface class to test for the MBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@code MBean} conventions.
+     */
     public static void testComplianceMBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException{
         StandardMBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
@@ -507,9 +528,12 @@ public class Introspector {
         }
         Class<?>[] interfaces = c.getInterfaces();
         for (int i = 0;i < interfaces.length; i++) {
-            if (interfaces[i].getName().equals(clMBeanName))
+            if (interfaces[i].getName().equals(clMBeanName) &&
+                (Modifier.isPublic(interfaces[i].getModifiers()) ||
+                 ALLOW_NONPUBLIC_MBEAN)) {
                 return Util.cast(interfaces[i]);
             }
+        }
 
         return null;
     }

jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanAnalyzer.java

@@ -28,6 +28,8 @@ package com.sun.jmx.mbeanserver;
 import static com.sun.jmx.mbeanserver.Util.*;
 
 import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.security.AccessController;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.List;
@@ -50,7 +52,6 @@ import javax.management.NotCompliantMBeanException;
  * @since 1.6
  */
 class MBeanAnalyzer<M> {
-
     static interface MBeanVisitor<M> {
         public void visitAttribute(String attributeName,
                 M getter,
@@ -107,6 +108,10 @@ class MBeanAnalyzer<M> {
         if (!mbeanType.isInterface()) {
             throw new NotCompliantMBeanException("Not an interface: " +
                     mbeanType.getName());
+        } else if (!Modifier.isPublic(mbeanType.getModifiers()) &&
+                   !Introspector.ALLOW_NONPUBLIC_MBEAN) {
+            throw new NotCompliantMBeanException("Interface is not public: " +
+                mbeanType.getName());
         }
 
         try {

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java

@@ -2,36 +2,34 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  * The Algorithm class which stores the Algorithm URI as a string.
- *
  */
 public abstract class Algorithm extends SignatureElementProxy {
 
@@ -41,7 +39,6 @@ public abstract class Algorithm extends SignatureElementProxy {
      * @param algorithmURI is the URI of the algorithm as String
      */
     public Algorithm(Document doc, String algorithmURI) {
-
         super(doc);
 
         this.setAlgorithmURI(algorithmURI);
@@ -54,18 +51,17 @@ public abstract class Algorithm extends SignatureElementProxy {
      * @param BaseURI
      * @throws XMLSecurityException
      */
-   public Algorithm(Element element, String BaseURI)
+    public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
-           throws XMLSecurityException {
         super(element, BaseURI);
     }
 
     /**
      * Method getAlgorithmURI
      *
-    * @return The URI of the alogrithm
+     * @return The URI of the algorithm
      */
     public String getAlgorithmURI() {
-      return this._constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -74,10 +70,10 @@ public abstract class Algorithm extends SignatureElementProxy {
      * @param algorithmURI is the URI of the algorithm as String
      */
     protected void setAlgorithmURI(String algorithmURI) {
-
+        if (algorithmURI != null) {
-      if ( (algorithmURI != null)) {
+            this.constructionElement.setAttributeNS(
-         this._constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM,
+                null, Constants._ATT_ALGORITHM, algorithmURI
-                                                algorithmURI);
+            );
         }
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java

@@ -114,6 +114,18 @@ public class JCEMapper {
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
             new Algorithm("", "SHA1withECDSA", "Signature")
         );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
+            new Algorithm("", "SHA256withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
+            new Algorithm("", "SHA384withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
+            new Algorithm("", "SHA512withECDSA", "Signature")
+        );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
             new Algorithm("", "HmacMD5", "Mac")
@@ -154,6 +166,18 @@ public class JCEMapper {
             XMLCipher.AES_256,
             new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
         );
+        algorithmsMap.put(
+            XMLCipher.AES_128_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_192_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_256_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
+        );
         algorithmsMap.put(
             XMLCipher.RSA_v1dot5,
             new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
@@ -162,6 +186,10 @@ public class JCEMapper {
             XMLCipher.RSA_OAEP,
             new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
         );
+        algorithmsMap.put(
+            XMLCipher.RSA_OAEP_11,
+            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
+        );
         algorithmsMap.put(
             XMLCipher.DIFFIE_HELLMAN,
             new Algorithm("", "", "KeyAgreement")

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java

@@ -2,82 +2,77 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
-import java.util.HashMap;
-import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
 import org.w3c.dom.Document;
 
-
 /**
  * Digest Message wrapper & selector class.
  *
  * <pre>
  * MessageDigestAlgorithm.getInstance()
  * </pre>
- *
  */
 public class MessageDigestAlgorithm extends Algorithm {
 
     /** Message Digest - NOT RECOMMENDED MD5*/
-   public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "md5";
+    public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 =
+        Constants.MoreAlgorithmsSpecNS + "md5";
     /** Digest - Required SHA1*/
     public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
     /** Message Digest - RECOMMENDED SHA256*/
-   public static final String ALGO_ID_DIGEST_SHA256 = EncryptionConstants.EncryptionSpecNS + "sha256";
+    public static final String ALGO_ID_DIGEST_SHA256 =
+        EncryptionConstants.EncryptionSpecNS + "sha256";
     /** Message Digest - OPTIONAL SHA384*/
-   public static final String ALGO_ID_DIGEST_SHA384 = Constants.MoreAlgorithmsSpecNS + "sha384";
+    public static final String ALGO_ID_DIGEST_SHA384 =
+        Constants.MoreAlgorithmsSpecNS + "sha384";
     /** Message Digest - OPTIONAL SHA512*/
-   public static final String ALGO_ID_DIGEST_SHA512 = EncryptionConstants.EncryptionSpecNS + "sha512";
+    public static final String ALGO_ID_DIGEST_SHA512 =
+        EncryptionConstants.EncryptionSpecNS + "sha512";
     /** Message Digest - OPTIONAL RIPEMD-160*/
-   public static final String ALGO_ID_DIGEST_RIPEMD160 = EncryptionConstants.EncryptionSpecNS + "ripemd160";
+    public static final String ALGO_ID_DIGEST_RIPEMD160 =
+        EncryptionConstants.EncryptionSpecNS + "ripemd160";
 
     /** Field algorithm stores the actual {@link java.security.MessageDigest} */
-   java.security.MessageDigest algorithm = null;
+    private final MessageDigest algorithm;
 
     /**
-    * Constructor for the brave who pass their own message digest algorithms and the corresponding URI.
+     * Constructor for the brave who pass their own message digest algorithms and the
+     * corresponding URI.
      * @param doc
-    * @param messageDigest
      * @param algorithmURI
      */
-   private MessageDigestAlgorithm(Document doc, MessageDigest messageDigest,
+    private MessageDigestAlgorithm(Document doc, String algorithmURI)
-                                  String algorithmURI) {
+        throws XMLSignatureException {
-
         super(doc, algorithmURI);
 
-      this.algorithm = messageDigest;
+        algorithm = getDigestInstance(algorithmURI);
     }
 
-   static ThreadLocal<Map<String, MessageDigest>> instances=new
-       ThreadLocal<Map<String, MessageDigest>>() {
-           protected Map<String, MessageDigest> initialValue() {
-               return new HashMap<String, MessageDigest>();
-           };
-   };
-
     /**
      * Factory method for constructing a message digest algorithm by name.
      *
@@ -87,15 +82,12 @@ public class MessageDigestAlgorithm extends Algorithm {
      * @throws XMLSignatureException
      */
     public static MessageDigestAlgorithm getInstance(
-           Document doc, String algorithmURI) throws XMLSignatureException {
+        Document doc, String algorithmURI
-          MessageDigest md = getDigestInstance(algorithmURI);
+    ) throws XMLSignatureException {
-      return new MessageDigestAlgorithm(doc, md, algorithmURI);
+        return new MessageDigestAlgorithm(doc, algorithmURI);
     }
 
     private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
-        MessageDigest result= instances.get().get(algorithmURI);
-        if (result!=null)
-                return result;
         String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
 
         if (algorithmID == null) {
@@ -112,17 +104,15 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
                 md = MessageDigest.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-                             ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         } catch (NoSuchProviderException ex) {
-        Object[] exArgs = { algorithmID,
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-                                                ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
-        instances.get().put(algorithmURI, md);
+
         return md;
     }
 
@@ -132,7 +122,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the actual {@link java.security.MessageDigest} algorithm object
      */
     public java.security.MessageDigest getAlgorithm() {
-      return this.algorithm;
+        return algorithm;
     }
 
     /**
@@ -154,7 +144,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#digest()} method
      */
     public byte[] digest() {
-      return this.algorithm.digest();
+        return algorithm.digest();
     }
 
     /**
@@ -165,7 +155,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
      */
     public byte[] digest(byte input[]) {
-      return this.algorithm.digest(input);
+        return algorithm.digest(input);
     }
 
     /**
@@ -178,9 +168,8 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
      * @throws java.security.DigestException
      */
-   public int digest(byte buf[], int offset, int len)
+    public int digest(byte buf[], int offset, int len) throws java.security.DigestException {
-           throws java.security.DigestException {
+        return algorithm.digest(buf, offset, len);
-      return this.algorithm.digest(buf, offset, len);
     }
 
     /**
@@ -190,7 +179,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
      */
     public String getJCEAlgorithmString() {
-      return this.algorithm.getAlgorithm();
+        return algorithm.getAlgorithm();
     }
 
     /**
@@ -200,7 +189,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#getProvider} method
      */
     public java.security.Provider getJCEProvider() {
-      return this.algorithm.getProvider();
+        return algorithm.getProvider();
     }
 
     /**
@@ -210,7 +199,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
      */
     public int getDigestLength() {
-      return this.algorithm.getDigestLength();
+        return algorithm.getDigestLength();
     }
 
     /**
@@ -219,7 +208,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      *
      */
     public void reset() {
-      this.algorithm.reset();
+        algorithm.reset();
     }
 
     /**
@@ -229,7 +218,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @param input
      */
     public void update(byte[] input) {
-      this.algorithm.update(input);
+        algorithm.update(input);
     }
 
     /**
@@ -239,7 +228,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @param input
      */
     public void update(byte input) {
-      this.algorithm.update(input);
+        algorithm.update(input);
     }
 
     /**
@@ -251,7 +240,7 @@ private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSi
      * @param len
      */
     public void update(byte buf[], int offset, int len) {
-      this.algorithm.update(buf, offset, len);
+        algorithm.update(buf, offset, len);
     }
 
     /** @inheritDoc */

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java

@@ -74,7 +74,7 @@ public class SignatureAlgorithm extends Algorithm {
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -92,10 +92,10 @@ public class SignatureAlgorithm extends Algorithm {
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
 
         signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
-        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(_constructionElement);
+        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
     }
 
     /**
@@ -136,7 +136,7 @@ public class SignatureAlgorithm extends Algorithm {
         }
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -310,7 +310,7 @@ public class SignatureAlgorithm extends Algorithm {
      * @return the URI representation of Transformation algorithm
      */
     public final String getURI() {
-        return _constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -380,9 +380,7 @@ public class SignatureAlgorithm extends Algorithm {
      * This method registers the default algorithms.
      */
     public static void registerDefaultAlgorithms() {
-        algorithmHash.put(
+        algorithmHash.put(SignatureDSA.URI, SignatureDSA.class);
-            XMLSignature.ALGO_ID_SIGNATURE_DSA, SignatureDSA.class
-        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, SignatureBaseRSA.SignatureRSASHA1.class
         );
@@ -409,6 +407,15 @@ public class SignatureAlgorithm extends Algorithm {
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
         );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureECDSA.SignatureECDSASHA384.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
+        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
@@ -27,11 +29,6 @@ import java.security.spec.AlgorithmParameterSpec;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import org.w3c.dom.Element;
 
-
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureAlgorithmSpi {
 
     /**
@@ -63,8 +60,7 @@ public abstract class SignatureAlgorithmSpi {
      * @param input
      * @throws XMLSignatureException
      */
-   protected abstract void engineUpdate(byte[] input)
+    protected abstract void engineUpdate(byte[] input) throws XMLSignatureException;
-      throws XMLSignatureException;
 
     /**
      * Proxy method for {@link java.security.Signature#update(byte[])}
@@ -73,8 +69,7 @@ public abstract class SignatureAlgorithmSpi {
      * @param input
      * @throws XMLSignatureException
      */
-   protected abstract void engineUpdate(byte input)
+    protected abstract void engineUpdate(byte input) throws XMLSignatureException;
-      throws XMLSignatureException;
 
     /**
      * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
@@ -95,19 +90,19 @@ public abstract class SignatureAlgorithmSpi {
      * @param signingKey
      * @throws XMLSignatureException if this method is called on a MAC
      */
-   protected abstract void engineInitSign(Key signingKey)
+    protected abstract void engineInitSign(Key signingKey) throws XMLSignatureException;
-      throws XMLSignatureException;
 
     /**
-    * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey, java.security.SecureRandom)}
+     * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
+     * java.security.SecureRandom)}
      * which is executed on the internal {@link java.security.Signature} object.
      *
      * @param signingKey
      * @param secureRandom
      * @throws XMLSignatureException if this method is called on a MAC
      */
-   protected abstract void engineInitSign(
+    protected abstract void engineInitSign(Key signingKey, SecureRandom secureRandom)
-      Key signingKey, SecureRandom secureRandom) throws XMLSignatureException;
+        throws XMLSignatureException;
 
     /**
      * Proxy method for {@link javax.crypto.Mac}
@@ -118,8 +113,8 @@ public abstract class SignatureAlgorithmSpi {
      * @throws XMLSignatureException if this method is called on a Signature
      */
     protected abstract void engineInitSign(
-      Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-         throws XMLSignatureException;
+    ) throws XMLSignatureException;
 
     /**
      * Proxy method for {@link java.security.Signature#sign()}
@@ -136,8 +131,7 @@ public abstract class SignatureAlgorithmSpi {
      * @param verificationKey
      * @throws XMLSignatureException
      */
-   protected abstract void engineInitVerify(Key verificationKey)
+    protected abstract void engineInitVerify(Key verificationKey) throws XMLSignatureException;
-      throws XMLSignatureException;
 
     /**
      * Proxy method for {@link java.security.Signature#verify(byte[])}
@@ -147,11 +141,11 @@ public abstract class SignatureAlgorithmSpi {
      * @return true if the signature is correct
      * @throws XMLSignatureException
      */
-   protected abstract boolean engineVerify(byte[] signature)
+    protected abstract boolean engineVerify(byte[] signature) throws XMLSignatureException;
-      throws XMLSignatureException;
 
     /**
-    * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
+     * Proxy method for {@link java.security.Signature#setParameter(
+     * java.security.spec.AlgorithmParameterSpec)}
      * which is executed on the internal {@link java.security.Signature} object.
      *
      * @param params

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java

@@ -2,26 +2,26 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
@@ -42,16 +42,18 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
-
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
-   /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger(IntegrityHmacSHA1.class.getName());
+        java.util.logging.Logger.getLogger(IntegrityHmac.class.getName());
+
+    /** Field macAlgorithm */
+    private Mac macAlgorithm = null;
+
+    /** Field HMACOutputLength */
+    private int HMACOutputLength = 0;
+    private boolean HMACOutputLengthSet = false;
 
     /**
      * Method engineGetURI
@@ -65,50 +67,42 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      */
     abstract int getDigestLength();
 
-   /** Field _macAlgorithm */
-   private Mac _macAlgorithm = null;
-   private boolean _HMACOutputLengthSet = false;
-
-   /** Field _HMACOutputLength */
-   int _HMACOutputLength = 0;
-
     /**
-    * Method IntegrityHmacSHA1das
+     * Method IntegrityHmac
      *
      * @throws XMLSignatureException
      */
     public IntegrityHmac() throws XMLSignatureException {
-
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-      if (log.isLoggable(java.util.logging.Level.FINE))
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Created IntegrityHmacSHA1 using " + algorithmID);
+        }
 
         try {
-         this._macAlgorithm = Mac.getInstance(algorithmID);
+            this.macAlgorithm = Mac.getInstance(algorithmID);
         } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-                             ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
     }
 
     /**
-    * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
+     * Proxy method for {@link java.security.Signature#setParameter(
+     * java.security.spec.AlgorithmParameterSpec)}
      * which is executed on the internal {@link java.security.Signature} object.
      *
      * @param params
      * @throws XMLSignatureException
      */
-   protected void engineSetParameter(AlgorithmParameterSpec params)
+    protected void engineSetParameter(AlgorithmParameterSpec params) throws XMLSignatureException {
-           throws XMLSignatureException {
         throw new XMLSignatureException("empty");
     }
 
     public void reset() {
-       _HMACOutputLength=0;
+        HMACOutputLength = 0;
-       _HMACOutputLengthSet = false;
+        HMACOutputLengthSet = false;
-       _macAlgorithm.reset();
+        this.macAlgorithm.reset();
     }
 
     /**
@@ -119,18 +113,16 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @return true if the signature is correct
      * @throws XMLSignatureException
      */
-   protected boolean engineVerify(byte[] signature)
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
-           throws XMLSignatureException {
-
         try {
-         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
+            if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE,
+                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                    "HMACOutputLength must not be less than " + getDigestLength());
                 }
-            throw new XMLSignatureException("errorMessages.XMLSignatureException");
+                Object[] exArgs = { String.valueOf(getDigestLength()) };
+                throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
-            byte[] completeResult = this._macAlgorithm.doFinal();
+                byte[] completeResult = this.macAlgorithm.doFinal();
                 return MessageDigestAlgorithm.isEqual(completeResult, signature);
             }
         } catch (IllegalStateException ex) {
@@ -146,31 +138,28 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineInitVerify(Key secretKey) throws XMLSignatureException {
-
         if (!(secretKey instanceof SecretKey)) {
             String supplied = secretKey.getClass().getName();
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._macAlgorithm.init(secretKey);
+            this.macAlgorithm.init(secretKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Mac object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Mac mac = this._macAlgorithm;
+            Mac mac = this.macAlgorithm;
             try {
-                this._macAlgorithm = Mac.getInstance
+                this.macAlgorithm = Mac.getInstance(macAlgorithm.getAlgorithm());
-                    (_macAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous Mac
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Mac:" + e);
                 }
-                this._macAlgorithm = mac;
+                this.macAlgorithm = mac;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -184,50 +173,21 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected byte[] engineSign() throws XMLSignatureException {
-
         try {
-         if (this._HMACOutputLengthSet && this._HMACOutputLength < getDigestLength()) {
+            if (this.HMACOutputLengthSet && this.HMACOutputLength < getDigestLength()) {
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
-                log.log(java.util.logging.Level.FINE,
+                    log.log(java.util.logging.Level.FINE, "HMACOutputLength must not be less than " + getDigestLength());
-                    "HMACOutputLength must not be less than " + getDigestLength());
                 }
-            throw new XMLSignatureException("errorMessages.XMLSignatureException");
+                Object[] exArgs = { String.valueOf(getDigestLength()) };
+                throw new XMLSignatureException("algorithms.HMACOutputLengthMin", exArgs);
             } else {
-            return this._macAlgorithm.doFinal();
+                return this.macAlgorithm.doFinal();
             }
         } catch (IllegalStateException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
-   /**
-    * Method reduceBitLength
-    *
-    * @param completeResult
-    * @return the reduced bits.
-    * @param length
-    *
-    */
-   private static byte[] reduceBitLength(byte completeResult[], int length) {
-
-      int bytes = length / 8;
-      int abits = length % 8;
-      byte[] strippedResult = new byte[bytes + ((abits == 0)
-                                                ? 0
-                                                : 1)];
-
-      System.arraycopy(completeResult, 0, strippedResult, 0, bytes);
-
-      if (abits > 0) {
-         byte[] MASK = { (byte) 0x00, (byte) 0x80, (byte) 0xC0, (byte) 0xE0,
-                         (byte) 0xF0, (byte) 0xF8, (byte) 0xFC, (byte) 0xFE };
-
-         strippedResult[bytes] = (byte) (completeResult[bytes] & MASK[abits]);
-      }
-
-      return strippedResult;
-   }
-
     /**
      * Method engineInitSign
      *
@@ -235,18 +195,16 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineInitSign(Key secretKey) throws XMLSignatureException {
-
         if (!(secretKey instanceof SecretKey)) {
             String supplied = secretKey.getClass().getName();
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._macAlgorithm.init(secretKey);
+            this.macAlgorithm.init(secretKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -260,20 +218,18 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineInitSign(
-           Key secretKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key secretKey, AlgorithmParameterSpec algorithmParameterSpec
-              throws XMLSignatureException {
+    ) throws XMLSignatureException {
-
         if (!(secretKey instanceof SecretKey)) {
             String supplied = secretKey.getClass().getName();
             String needed = SecretKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._macAlgorithm.init(secretKey, algorithmParameterSpec);
+            this.macAlgorithm.init(secretKey, algorithmParameterSpec);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         } catch (InvalidAlgorithmParameterException ex) {
@@ -301,9 +257,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
         try {
-         this._macAlgorithm.update(input);
+            this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -317,9 +272,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
-
         try {
-         this._macAlgorithm.update(input);
+            this.macAlgorithm.update(input);
         } catch (IllegalStateException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -334,11 +288,9 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @param len
      * @throws XMLSignatureException
      */
-   protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-           throws XMLSignatureException {
-
         try {
-         this._macAlgorithm.update(buf, offset, len);
+            this.macAlgorithm.update(buf, offset, len);
         } catch (IllegalStateException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -350,10 +302,7 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      *
      */
     protected String engineGetJCEAlgorithmString() {
-
+        return this.macAlgorithm.getAlgorithm();
-      log.log(java.util.logging.Level.FINE, "engineGetJCEAlgorithmString()");
-
-      return this._macAlgorithm.getAlgorithm();
     }
 
     /**
@@ -362,7 +311,7 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetJCEProviderName() {
-      return this._macAlgorithm.getProvider().getName();
+        return this.macAlgorithm.getProvider().getName();
     }
 
     /**
@@ -371,8 +320,8 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @param HMACOutputLength
      */
     protected void engineSetHMACOutputLength(int HMACOutputLength) {
-      this._HMACOutputLength = HMACOutputLength;
+        this.HMACOutputLength = HMACOutputLength;
-      this._HMACOutputLengthSet = true;
+        this.HMACOutputLengthSet = true;
     }
 
     /**
@@ -381,21 +330,19 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @param element
      */
     protected void engineGetContextFromElement(Element element) {
-
         super.engineGetContextFromElement(element);
 
         if (element == null) {
             throw new IllegalArgumentException("element null");
         }
 
-      Text hmaclength =XMLUtils.selectDsNodeText(element.getFirstChild(),
+        Text hmaclength =
-         Constants._TAG_HMACOUTPUTLENGTH,0);
+            XMLUtils.selectDsNodeText(element.getFirstChild(), Constants._TAG_HMACOUTPUTLENGTH, 0);
 
         if (hmaclength != null) {
-         this._HMACOutputLength = Integer.parseInt(hmaclength.getData());
+            this.HMACOutputLength = Integer.parseInt(hmaclength.getData());
-         this._HMACOutputLengthSet = true;
+            this.HMACOutputLengthSet = true;
         }
-
     }
 
     /**
@@ -404,17 +351,16 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
      * @param element
      */
     public void engineAddContextToElement(Element element) {
-
         if (element == null) {
             throw new IllegalArgumentException("null element");
         }
 
-      if (this._HMACOutputLengthSet) {
+        if (this.HMACOutputLengthSet) {
             Document doc = element.getOwnerDocument();
-         Element HMElem = XMLUtils.createElementInSignatureSpace(doc,
+            Element HMElem =
-                             Constants._TAG_HMACOUTPUTLENGTH);
+                XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_HMACOUTPUTLENGTH);
             Text HMText =
-            doc.createTextNode(new Integer(this._HMACOutputLength).toString());
+                doc.createTextNode(Integer.valueOf(this.HMACOutputLength).toString());
 
             HMElem.appendChild(HMText);
             XMLUtils.addReturnToElement(element);
@@ -425,9 +371,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacSHA1
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacSHA1 extends IntegrityHmac {
 
@@ -456,9 +399,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacSHA256
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacSHA256 extends IntegrityHmac {
 
@@ -487,9 +427,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacSHA384
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacSHA384 extends IntegrityHmac {
 
@@ -518,9 +455,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacSHA512
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacSHA512 extends IntegrityHmac {
 
@@ -549,9 +483,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacRIPEMD160
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacRIPEMD160 extends IntegrityHmac {
 
@@ -580,9 +511,6 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
 
     /**
      * Class IntegrityHmacMD5
-    *
-    * @author $Author: mullan $
-    * @version $Revision: 1.5 $
      */
     public static class IntegrityHmacMD5 extends IntegrityHmac {
 

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2007 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
@@ -36,22 +38,17 @@ import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
-    /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger
+        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
-        (SignatureBaseRSA.class.getName());
 
     /** @inheritDoc */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Constructor SignatureRSA
@@ -59,17 +56,17 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     public SignatureBaseRSA() throws XMLSignatureException {
-
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE))
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
+        }
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -85,20 +82,17 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-            this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected boolean engineVerify(byte[] signature)
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
-        throws XMLSignatureException {
-
         try {
-            return this._signatureAlgorithm.verify(signature);
+            return this.signatureAlgorithm.verify(signature);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -106,32 +100,29 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
         if (!(publicKey instanceof PublicKey)) {
             String supplied = publicKey.getClass().getName();
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -140,7 +131,7 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
-            return this._signatureAlgorithm.sign();
+            return this.signatureAlgorithm.sign();
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -149,19 +140,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-                ((PrivateKey) privateKey, secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -169,18 +157,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -189,7 +175,7 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -198,17 +184,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-        throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -216,34 +201,29 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected String engineGetJCEAlgorithmString() {
-        return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /** @inheritDoc */
     protected String engineGetJCEProviderName() {
-        return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /** @inheritDoc */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
-        throw new XMLSignatureException
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
-            ("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /** @inheritDoc */
     protected void engineInitSign(
-        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-        throws XMLSignatureException {
+    ) throws XMLSignatureException {
-        throw new XMLSignatureException(
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
-            "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
     }
 
     /**
      * Class SignatureRSASHA1
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA1 extends SignatureBaseRSA {
 
@@ -264,9 +244,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA256
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
 
@@ -287,9 +264,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA384
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA384 extends SignatureBaseRSA {
 
@@ -310,9 +284,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA512
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA512 extends SignatureBaseRSA {
 
@@ -333,9 +304,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSARIPEMD160
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
 
@@ -356,9 +324,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSAMD5
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSAMD5 extends SignatureBaseRSA {
 

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
@@ -37,21 +39,17 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 
-/**
- *
- * @author $Author: mullan $
- */
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
-    /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
 
-    /** Field _URI */
+    /** Field URI */
-    public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
+    public static final String URI = Constants.SignatureSpecNS + "dsa-sha1";
 
     /** Field algorithm */
-    private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Method engineGetURI
@@ -59,7 +57,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetURI() {
-        return SignatureDSA._URI;
+        return SignatureDSA.URI;
     }
 
     /**
@@ -68,17 +66,17 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     public SignatureDSA() throws XMLSignatureException {
-
+        String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA.URI);
-        String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
-        if (log.isLoggable(java.util.logging.Level.FINE))
             log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+        }
 
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm =
+                this.signatureAlgorithm =
                     Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
@@ -95,9 +93,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-            this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -108,14 +105,14 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected boolean engineVerify(byte[] signature)
         throws XMLSignatureException {
-
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE))
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
                 log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+            }
 
             byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
 
-            return this._signatureAlgorithm.verify(jcebytes);
+            return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         } catch (IOException ex) {
@@ -127,32 +124,29 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
         if (!(publicKey instanceof PublicKey)) {
             String supplied = publicKey.getClass().getName();
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -162,9 +156,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected byte[] engineSign() throws XMLSignatureException {
-
         try {
-            byte jcebytes[] = this._signatureAlgorithm.sign();
+            byte jcebytes[] = this.signatureAlgorithm.sign();
 
             return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
         } catch (IOException ex) {
@@ -179,19 +172,16 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-                                           secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -201,18 +191,16 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -223,7 +211,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -234,7 +222,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -243,10 +231,9 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
     /**
      * @inheritDoc
      */
-    protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-        throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -258,7 +245,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetJCEAlgorithmString() {
-        return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /**
@@ -267,7 +254,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetJCEProviderName() {
-        return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /**
@@ -282,8 +269,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws IOException
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      */
-    private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+    private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-           throws IOException {
 
         byte rLength = asn1Bytes[3];
         int i;
@@ -303,8 +289,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
         }
         byte xmldsigBytes[] = new byte[40];
 
-        System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
+        System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i, i);
-                          i);
         System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
                          40 - j, j);
 
@@ -323,8 +308,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws IOException
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      */
-    private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+    private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-           throws IOException {
 
         if (xmldsigBytes.length != 40) {
             throw new IOException("Invalid XMLDSIG format of DSA signature");
@@ -373,10 +357,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @param HMACOutputLength
      * @throws XMLSignatureException
      */
-    protected void engineSetHMACOutputLength(int HMACOutputLength)
+    protected void engineSetHMACOutputLength(int HMACOutputLength) throws XMLSignatureException {
-            throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
-        throw new XMLSignatureException(
-            "algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /**
@@ -387,9 +369,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineInitSign(
-        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-            throws XMLSignatureException {
+    ) throws XMLSignatureException {
-        throw new XMLSignatureException(
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnDSA");
-            "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java

@@ -2,26 +2,26 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -40,22 +40,22 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Base64;
 
-
 /**
  *
- * @author $Author: mullan $
+ * @author $Author: raul $
+ * @author Alex Dupre
  */
 public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
-   /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
 
     /** @inheritDoc */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-   private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
@@ -70,31 +70,44 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
-   private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+    public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-           throws IOException {
 
-      byte rLength = asn1Bytes[3];
+        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+        int offset;
+        if (asn1Bytes[1] > 0) {
+            offset = 2;
+        } else if (asn1Bytes[1] == (byte) 0x81) {
+            offset = 3;
+        } else {
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
+        }
+
+        byte rLength = asn1Bytes[offset + 1];
         int i;
 
-      for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+        for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
 
-      byte sLength = asn1Bytes[5 + rLength];
+        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
         int j;
 
         for (j = sLength;
-              (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+            (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
 
-      if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
+        int rawLen = Math.max(i, j);
-              || (asn1Bytes[2] != 2) || (i > 24)
+
-              || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
+        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
+            || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
+            || asn1Bytes[offset] != 2
+            || asn1Bytes[offset + 2 + rLength] != 2) {
             throw new IOException("Invalid ASN.1 format of ECDSA signature");
         }
-      byte xmldsigBytes[] = new byte[48];
+        byte xmldsigBytes[] = new byte[2*rawLen];
 
-      System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
+        System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, i);
-                          i);
+        System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
-      System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
+                         2*rawLen - j, j);
-                          48 - j, j);
 
         return xmldsigBytes;
     }
@@ -112,46 +125,57 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
      */
-   private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+    public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-           throws IOException {
 
-      if (xmldsigBytes.length != 48) {
+        int rawLen = xmldsigBytes.length/2;
-         throw new IOException("Invalid XMLDSIG format of ECDSA signature");
-      }
 
         int i;
 
-      for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
+        for (i = rawLen; (i > 0) && (xmldsigBytes[rawLen - i] == 0); i--);
 
         int j = i;
 
-      if (xmldsigBytes[24 - i] < 0) {
+        if (xmldsigBytes[rawLen - i] < 0) {
             j += 1;
         }
 
         int k;
 
-      for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
+        for (k = rawLen; (k > 0) && (xmldsigBytes[2*rawLen - k] == 0); k--);
 
         int l = k;
 
-      if (xmldsigBytes[48 - k] < 0) {
+        if (xmldsigBytes[2*rawLen - k] < 0) {
             l += 1;
         }
 
-      byte asn1Bytes[] = new byte[6 + j + l];
+        int len = 2 + j + 2 + l;
-
+        if (len > 255) {
+            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+        }
+        int offset;
+        byte asn1Bytes[];
+        if (len < 128) {
+            asn1Bytes = new byte[2 + 2 + j + 2 + l];
+            offset = 1;
+        } else {
+            asn1Bytes = new byte[3 + 2 + j + 2 + l];
+            asn1Bytes[1] = (byte) 0x81;
+            offset = 2;
+        }
         asn1Bytes[0] = 48;
-      asn1Bytes[1] = (byte) (4 + j + l);
+        asn1Bytes[offset++] = (byte) len;
-      asn1Bytes[2] = 2;
+        asn1Bytes[offset++] = 2;
-      asn1Bytes[3] = (byte) j;
+        asn1Bytes[offset++] = (byte) j;
 
-      System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
+        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
 
-      asn1Bytes[4 + j] = 2;
+        offset += j;
-      asn1Bytes[5 + j] = (byte) l;
 
-      System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) l;
+
+        System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
 
         return asn1Bytes;
     }
@@ -165,23 +189,22 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-      if (log.isLoggable(java.util.logging.Level.FINE))
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
+        }
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-                             ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         } catch (NoSuchProviderException ex) {
-         Object[] exArgs = { algorithmID,
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
-                                                 ex.getLocalizedMessage() };
 
             throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
@@ -190,25 +213,23 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-         this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-   protected boolean engineVerify(byte[] signature)
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
-           throws XMLSignatureException {
-
         try {
             byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
 
-         if (log.isLoggable(java.util.logging.Level.FINE))
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
                 log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+            }
 
-         return this._signatureAlgorithm.verify(jcebytes);
+            return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         } catch (IOException ex) {
@@ -224,26 +245,24 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -251,9 +270,8 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected byte[] engineSign() throws XMLSignatureException {
-
         try {
-         byte jcebytes[] = this._signatureAlgorithm.sign();
+            byte jcebytes[] = this.signatureAlgorithm.sign();
 
             return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
         } catch (SignatureException ex) {
@@ -266,19 +284,16 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-                                           secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -286,18 +301,16 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                                         exArgs);
         }
 
         try {
-         this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -305,9 +318,8 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
-
         try {
-         this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -315,20 +327,17 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineUpdate(byte input) throws XMLSignatureException {
-
         try {
-         this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-   protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-           throws XMLSignatureException {
-
         try {
-         this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -336,12 +345,12 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected String engineGetJCEAlgorithmString() {
-      return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /** @inheritDoc */
     protected String engineGetJCEProviderName() {
-      return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /** @inheritDoc */
@@ -352,20 +361,17 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitSign(
-           Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-              throws XMLSignatureException {
+    ) throws XMLSignatureException {
-      throw new XMLSignatureException(
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
-         "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
     }
 
     /**
      * Class SignatureRSASHA1
      *
-    * @author $Author: mullan $
+     * @author $Author: marcx $
-    * @version $Revision: 1.2 $
      */
     public static class SignatureECDSASHA1 extends SignatureECDSA {
-
         /**
          * Constructor SignatureRSASHA1
          *
@@ -381,4 +387,70 @@ public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
         }
     }
 
+    /**
+     * Class SignatureRSASHA256
+     *
+     * @author Alex Dupre
+     */
+    public static class SignatureECDSASHA256 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureRSASHA256
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA256() throws XMLSignatureException {
+            super();
+        }
+
+        /** @inheritDoc */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA384
+     *
+     * @author Alex Dupre
+     */
+    public static class SignatureECDSASHA384 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureRSASHA384
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA384() throws XMLSignatureException {
+            super();
+        }
+
+        /** @inheritDoc */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
+        }
+    }
+
+    /**
+     * Class SignatureRSASHA512
+     *
+     * @author Alex Dupre
+     */
+    public static class SignatureECDSASHA512 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureRSASHA512
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA512() throws XMLSignatureException {
+            super();
+        }
+
+        /** @inheritDoc */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
+        }
+    }
+
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizationException.java

@@ -2,29 +2,28 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 
-
 /**
  * Class CanonicalizationException
  *
@@ -48,41 +47,42 @@ public class CanonicalizationException extends XMLSecurityException {
     /**
      * Constructor CanonicalizationException
      *
-    * @param _msgID
+     * @param msgID
      */
-   public CanonicalizationException(String _msgID) {
+    public CanonicalizationException(String msgID) {
-      super(_msgID);
+        super(msgID);
     }
 
     /**
      * Constructor CanonicalizationException
      *
-    * @param _msgID
+     * @param msgID
      * @param exArgs
      */
-   public CanonicalizationException(String _msgID, Object exArgs[]) {
+    public CanonicalizationException(String msgID, Object exArgs[]) {
-      super(_msgID, exArgs);
+        super(msgID, exArgs);
     }
 
     /**
      * Constructor CanonicalizationException
      *
-    * @param _msgID
+     * @param msgID
-    * @param _originalException
+     * @param originalException
      */
-   public CanonicalizationException(String _msgID, Exception _originalException) {
+    public CanonicalizationException(String msgID, Exception originalException) {
-      super(_msgID, _originalException);
+        super(msgID, originalException);
     }
 
     /**
      * Constructor CanonicalizationException
      *
-    * @param _msgID
+     * @param msgID
      * @param exArgs
-    * @param _originalException
+     * @param originalException
      */
-   public CanonicalizationException(String _msgID, Object exArgs[],
+    public CanonicalizationException(
-                                    Exception _originalException) {
+        String msgID, Object exArgs[], Exception originalException
-      super(_msgID, exArgs, _originalException);
+    ) {
+        super(msgID, exArgs, originalException);
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/Canonicalizer.java

@@ -39,6 +39,7 @@ import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicaliz
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315ExclWithComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315OmitComments;
 import com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315WithComments;
+import com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerPhysical;
 import com.sun.org.apache.xml.internal.security.exceptions.AlgorithmAlreadyRegisteredException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
@@ -91,6 +92,11 @@ public class Canonicalizer {
      */
     public static final String ALGO_ID_C14N11_WITH_COMMENTS =
         ALGO_ID_C14N11_OMIT_COMMENTS + "#WithComments";
+    /**
+     * Non-standard algorithm to serialize the physical representation for XML Encryption
+     */
+    public static final String ALGO_ID_C14N_PHYSICAL =
+        "http://santuario.apache.org/c14n/physical";
 
     private static Map<String, Class<? extends CanonicalizerSpi>> canonicalizerHash =
         new ConcurrentHashMap<String, Class<? extends CanonicalizerSpi>>();
@@ -202,6 +208,10 @@ public class Canonicalizer {
             Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS,
             Canonicalizer11_WithComments.class
         );
+        canonicalizerHash.put(
+            Canonicalizer.ALGO_ID_C14N_PHYSICAL,
+            CanonicalizerPhysical.class
+        );
     }
 
     /**

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/CanonicalizerSpi.java

@@ -2,26 +2,26 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n;
 
-
-
 import java.io.ByteArrayInputStream;
 import java.io.OutputStream;
 import java.util.Set;
@@ -29,7 +29,6 @@ import java.util.Set;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.xpath.XPath;
 
 import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
 import org.w3c.dom.Document;
@@ -37,72 +36,43 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 
-
 /**
- * Base class which all Caninicalization algorithms extend.
+ * Base class which all Canonicalization algorithms extend.
  *
- * $todo$ cange JavaDoc
  * @author Christian Geuer-Pollmann
  */
 public abstract class CanonicalizerSpi {
 
+    /** Reset the writer after a c14n */
+    protected boolean reset = false;
+
     /**
      * Method canonicalize
      *
-    *
      * @param inputBytes
      * @return the c14n bytes.
      *
-    *
      * @throws CanonicalizationException
      * @throws java.io.IOException
      * @throws javax.xml.parsers.ParserConfigurationException
      * @throws org.xml.sax.SAXException
-    *
      */
     public byte[] engineCanonicalize(byte[] inputBytes)
-           throws javax.xml.parsers.ParserConfigurationException,
+        throws javax.xml.parsers.ParserConfigurationException, java.io.IOException,
-                  java.io.IOException, org.xml.sax.SAXException,
+        org.xml.sax.SAXException, CanonicalizationException {
-                  CanonicalizationException {
 
-      java.io.ByteArrayInputStream bais = new ByteArrayInputStream(inputBytes);
+        java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
         InputSource in = new InputSource(bais);
         DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
         dfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
 
-      // needs to validate for ID attribute nomalization
+        // needs to validate for ID attribute normalization
         dfactory.setNamespaceAware(true);
 
         DocumentBuilder db = dfactory.newDocumentBuilder();
 
-      /*
-       * for some of the test vectors from the specification,
-       * there has to be a validatin parser for ID attributes, default
-       * attribute values, NMTOKENS, etc.
-       * Unfortunaltely, the test vectors do use different DTDs or
-       * even no DTD. So Xerces 1.3.1 fires many warnings about using
-       * ErrorHandlers.
-       *
-       * Text from the spec:
-       *
-       * The input octet stream MUST contain a well-formed XML document,
-       * but the input need not be validated. However, the attribute
-       * value normalization and entity reference resolution MUST be
-       * performed in accordance with the behaviors of a validating
-       * XML processor. As well, nodes for default attributes (declared
-       * in the ATTLIST with an AttValue but not specified) are created
-       * in each element. Thus, the declarations in the document type
-       * declaration are used to help create the canonical form, even
-       * though the document type declaration is not retained in the
-       * canonical form.
-       *
-       */
-
-      // ErrorHandler eh = new C14NErrorHandler();
-      // db.setErrorHandler(eh);
         Document document = db.parse(in);
-      byte result[] = this.engineCanonicalizeSubTree(document);
+        return this.engineCanonicalizeSubTree(document);
-      return result;
     }
 
     /**
@@ -114,10 +84,9 @@ public abstract class CanonicalizerSpi {
      */
     public byte[] engineCanonicalizeXPathNodeSet(NodeList xpathNodeSet)
         throws CanonicalizationException {
-
+        return this.engineCanonicalizeXPathNodeSet(
-      return this
+            XMLUtils.convertNodelistToSet(xpathNodeSet)
-         .engineCanonicalizeXPathNodeSet(XMLUtils
+        );
-            .convertNodelistToSet(xpathNodeSet));
     }
 
     /**
@@ -130,20 +99,20 @@ public abstract class CanonicalizerSpi {
      */
     public byte[] engineCanonicalizeXPathNodeSet(NodeList xpathNodeSet, String inclusiveNamespaces)
         throws CanonicalizationException {
-
+        return this.engineCanonicalizeXPathNodeSet(
-      return this
+            XMLUtils.convertNodelistToSet(xpathNodeSet), inclusiveNamespaces
-         .engineCanonicalizeXPathNodeSet(XMLUtils
+        );
-            .convertNodelistToSet(xpathNodeSet), inclusiveNamespaces);
     }
 
-   //J-
+    /**
-   /** Returns the URI of this engine.
+     * Returns the URI of this engine.
      * @return the URI
      */
     public abstract String engineGetURI();
 
-   /** Returns the URI if include comments
+    /**
-    * @return true if include.
+     * Returns true if comments are included
+     * @return true if comments are included
      */
     public abstract boolean engineGetIncludeComments();
 
@@ -165,8 +134,9 @@ public abstract class CanonicalizerSpi {
      * @return the c14n bytes
      * @throws CanonicalizationException
      */
-   public abstract byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet, String inclusiveNamespaces)
+    public abstract byte[] engineCanonicalizeXPathNodeSet(
-      throws CanonicalizationException;
+        Set<Node> xpathNodeSet, String inclusiveNamespaces
+    ) throws CanonicalizationException;
 
     /**
      * C14n a node tree.
@@ -190,13 +160,10 @@ public abstract class CanonicalizerSpi {
         throws CanonicalizationException;
 
     /**
-    * Sets the writter where the cannocalization ends. ByteArrayOutputStream if
+     * Sets the writer where the canonicalization ends. ByteArrayOutputStream if
-    * none is setted.
+     * none is set.
      * @param os
      */
     public abstract void setWriter(OutputStream os);
 
-   /** Reset the writter after a c14n */
-   protected boolean reset=false;
-   //J+
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/InvalidCanonicalizerException.java

@@ -2,33 +2,28 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 
-
-/**
- *
- * @author Christian Geuer-Pollmann
- */
 public class InvalidCanonicalizerException extends XMLSecurityException {
 
     /**
@@ -47,42 +42,42 @@ public class InvalidCanonicalizerException extends XMLSecurityException {
     /**
      * Constructor InvalidCanonicalizerException
      *
-    * @param _msgID
+     * @param msgID
      */
-   public InvalidCanonicalizerException(String _msgID) {
+    public InvalidCanonicalizerException(String msgID) {
-      super(_msgID);
+        super(msgID);
     }
 
     /**
      * Constructor InvalidCanonicalizerException
      *
-    * @param _msgID
+     * @param msgID
      * @param exArgs
      */
-   public InvalidCanonicalizerException(String _msgID, Object exArgs[]) {
+    public InvalidCanonicalizerException(String msgID, Object exArgs[]) {
-      super(_msgID, exArgs);
+        super(msgID, exArgs);
     }
 
     /**
      * Constructor InvalidCanonicalizerException
      *
-    * @param _msgID
+     * @param msgID
-    * @param _originalException
+     * @param originalException
      */
-   public InvalidCanonicalizerException(String _msgID,
+    public InvalidCanonicalizerException(String msgID, Exception originalException) {
-                                        Exception _originalException) {
+        super(msgID, originalException);
-      super(_msgID, _originalException);
     }
 
     /**
      * Constructor InvalidCanonicalizerException
      *
-    * @param _msgID
+     * @param msgID
      * @param exArgs
-    * @param _originalException
+     * @param originalException
      */
-   public InvalidCanonicalizerException(String _msgID, Object exArgs[],
+    public InvalidCanonicalizerException(
-                                        Exception _originalException) {
+        String msgID, Object exArgs[], Exception originalException
-      super(_msgID, exArgs, _originalException);
+    ) {
+        super(msgID, exArgs, originalException);
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/AttrCompare.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n.helper;
 
@@ -43,10 +45,10 @@ import java.util.Comparator;
  */
 public class AttrCompare implements Comparator<Attr>, Serializable {
 
-    private final static long serialVersionUID = -7113259629930576230L;
+    private static final long serialVersionUID = -7113259629930576230L;
-    private final static int ATTR0_BEFORE_ATTR1 = -1;
+    private static final int ATTR0_BEFORE_ATTR1 = -1;
-    private final static int ATTR1_BEFORE_ATTR0 = 1;
+    private static final int ATTR1_BEFORE_ATTR0 = 1;
-    private final static String XMLNS=Constants.NamespaceSpecNS;
+    private static final String XMLNS = Constants.NamespaceSpecNS;
 
     /**
      * Compares two attributes based on the C14n specification.
@@ -69,12 +71,11 @@ public class AttrCompare implements Comparator<Attr>, Serializable {
      *
      */
     public int compare(Attr attr0, Attr attr1) {
-
         String namespaceURI0 = attr0.getNamespaceURI();
         String namespaceURI1 = attr1.getNamespaceURI();
 
-        boolean isNamespaceAttr0 = XMLNS==namespaceURI0;
+        boolean isNamespaceAttr0 = XMLNS.equals(namespaceURI0);
-        boolean isNamespaceAttr1 = XMLNS==namespaceURI1;
+        boolean isNamespaceAttr1 = XMLNS.equals(namespaceURI1);
 
         if (isNamespaceAttr0) {
             if (isNamespaceAttr1) {
@@ -82,11 +83,11 @@ public class AttrCompare implements Comparator<Attr>, Serializable {
                 String localname0 = attr0.getLocalName();
                 String localname1 = attr1.getLocalName();
 
-                if (localname0.equals("xmlns")) {
+                if ("xmlns".equals(localname0)) {
                     localname0 = "";
                 }
 
-                if (localname1.equals("xmlns")) {
+                if ("xmlns".equals(localname1)) {
                     localname1 = "";
                 }
 
@@ -94,9 +95,7 @@ public class AttrCompare implements Comparator<Attr>, Serializable {
             }
             // attr0 is a namespace, attr1 is not
             return ATTR0_BEFORE_ATTR1;
-        }
+        } else if (isNamespaceAttr1) {
-
-        if (isNamespaceAttr1) {
             // attr1 is a namespace, attr0 is not
             return ATTR1_BEFORE_ATTR0;
         }
@@ -109,9 +108,7 @@ public class AttrCompare implements Comparator<Attr>, Serializable {
                 return name0.compareTo(name1);
             }
             return ATTR0_BEFORE_ATTR1;
-        }
+        } else if (namespaceURI1 == null) {
-
-        if (namespaceURI1 == null) {
             return ATTR1_BEFORE_ATTR0;
         }
 

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/helper/C14nHelper.java

@@ -2,33 +2,32 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n.helper;
 
-
-
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 
-
 /**
  * Temporary swapped static functions from the normalizer Section
  *
@@ -41,7 +40,6 @@ public class C14nHelper {
      *
      */
     private C14nHelper() {
-
         // don't allow instantiation
     }
 
@@ -82,7 +80,6 @@ public class C14nHelper {
      * @return true if the given namespace is absolute.
      */
     public static boolean namespaceIsAbsolute(String namespaceValue) {
-
         // assume empty namespaces are absolute
         if (namespaceValue.length() == 0) {
             return true;
@@ -97,9 +94,7 @@ public class C14nHelper {
      * @param attr
      * @throws CanonicalizationException
      */
-   public static void assertNotRelativeNS(Attr attr)
+    public static void assertNotRelativeNS(Attr attr) throws CanonicalizationException {
-           throws CanonicalizationException {
-
         if (attr == null) {
             return;
         }
@@ -108,15 +103,14 @@ public class C14nHelper {
         boolean definesDefaultNS = nodeAttrName.equals("xmlns");
         boolean definesNonDefaultNS = nodeAttrName.startsWith("xmlns:");
 
-      if (definesDefaultNS || definesNonDefaultNS) {
+        if ((definesDefaultNS || definesNonDefaultNS) && namespaceIsRelative(attr)) {
-         if (namespaceIsRelative(attr)) {
             String parentName = attr.getOwnerElement().getTagName();
             String attrValue = attr.getValue();
             Object exArgs[] = { parentName, nodeAttrName, attrValue };
 
             throw new CanonicalizationException(
-               "c14n.Canonicalizer.RelativeNamespace", exArgs);
+                "c14n.Canonicalizer.RelativeNamespace", exArgs
-         }
+            );
         }
     }
 
@@ -129,13 +123,12 @@ public class C14nHelper {
      */
     public static void checkTraversability(Document document)
         throws CanonicalizationException {
-
         if (!document.isSupported("Traversal", "2.0")) {
-         Object exArgs[] = {
+            Object exArgs[] = {document.getImplementation().getClass().getName() };
-            document.getImplementation().getClass().getName() };
 
             throw new CanonicalizationException(
-            "c14n.Canonicalizer.TraversalNotSupported", exArgs);
+                "c14n.Canonicalizer.TraversalNotSupported", exArgs
+            );
         }
     }
 
@@ -149,7 +142,6 @@ public class C14nHelper {
      */
     public static void checkForRelativeNamespace(Element ctxNode)
         throws CanonicalizationException {
-
         if (ctxNode != null) {
             NamedNodeMap attributes = ctxNode.getAttributes();
 
@@ -157,8 +149,7 @@ public class C14nHelper {
                 C14nHelper.assertNotRelativeNS((Attr) attributes.item(i));
             }
         } else {
-         throw new CanonicalizationException(
+            throw new CanonicalizationException("Called checkForRelativeNamespace() on null");
-            "Called checkForRelativeNamespace() on null");
         }
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright 2008 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 
@@ -25,7 +27,6 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Comparator;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -34,7 +35,6 @@ import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.xpath.XPath;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -42,8 +42,6 @@ import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.xml.sax.SAXException;
 
-import java.util.logging.Logger;
-import java.util.logging.Logger;
 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException;
 import com.sun.org.apache.xml.internal.security.c14n.helper.C14nHelper;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
@@ -57,40 +55,46 @@ import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
  *
  * @author Sean Mullan
  * @author Raul Benito
- * @version $Revision: 1.2 $
  */
 public abstract class Canonicalizer11 extends CanonicalizerBase {
-    boolean firstCall = true;
-    final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
-    static final String XMLNS_URI = Constants.NamespaceSpecNS;
-    static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
 
-    static Logger log = Logger.getLogger(Canonicalizer11.class.getName());
+    private static final String XMLNS_URI = Constants.NamespaceSpecNS;
+    private static final String XML_LANG_URI = Constants.XML_LANG_SPACE_SpecNS;
+    private static java.util.logging.Logger log =
+        java.util.logging.Logger.getLogger(Canonicalizer11.class.getName());
+    private final SortedSet<Attr> result = new TreeSet<Attr>(COMPARE);
 
-    static class XmlAttrStack {
+    private boolean firstCall = true;
-        int currentLevel = 0;
+
-        int lastlevel = 0;
+    private static class XmlAttrStack {
-        XmlsStackElement cur;
         static class XmlsStackElement {
             int level;
             boolean rendered = false;
             List<Attr> nodes = new ArrayList<Attr>();
         };
+
+        int currentLevel = 0;
+        int lastlevel = 0;
+        XmlsStackElement cur;
         List<XmlsStackElement> levels = new ArrayList<XmlsStackElement>();
+
         void push(int level) {
             currentLevel = level;
-            if (currentLevel == -1)
+            if (currentLevel == -1) {
                 return;
+            }
             cur = null;
             while (lastlevel >= currentLevel) {
                 levels.remove(levels.size() - 1);
-                if (levels.size() == 0) {
+                int newSize = levels.size();
+                if (newSize == 0) {
                     lastlevel = 0;
                     return;
                 }
-                lastlevel=(levels.get(levels.size()-1)).level;
+                lastlevel = (levels.get(newSize - 1)).level;
             }
         }
+
         void addXmlnsAttr(Attr n) {
             if (cur == null) {
                 cur = new XmlsStackElement();
@@ -100,23 +104,25 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
             }
             cur.nodes.add(n);
         }
+
         void getXmlnsAttr(Collection<Attr> col) {
+            int size = levels.size() - 1;
             if (cur == null) {
                 cur = new XmlsStackElement();
                 cur.level = currentLevel;
                 lastlevel = currentLevel;
                 levels.add(cur);
             }
-            int size = levels.size() - 2;
             boolean parentRendered = false;
             XmlsStackElement e = null;
             if (size == -1) {
                 parentRendered = true;
             } else {
                 e = levels.get(size);
-                if (e.rendered && e.level+1 == currentLevel)
+                if (e.rendered && e.level + 1 == currentLevel) {
                     parentRendered = true;
                 }
+            }
             if (parentRendered) {
                 col.addAll(cur.nodes);
                 cur.rendered = true;
@@ -134,16 +140,15 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
                 Iterator<Attr> it = e.nodes.iterator();
                 while (it.hasNext() && successiveOmitted) {
                     Attr n = it.next();
-                    if (n.getLocalName().equals("base")) {
+                    if (n.getLocalName().equals("base") && !e.rendered) {
-                        if (!e.rendered) {
                         baseAttrs.add(n);
-                        }
+                    } else if (!loa.containsKey(n.getName())) {
-                    } else if (!loa.containsKey(n.getName()))
                         loa.put(n.getName(), n);
                     }
                 }
+            }
             if (!baseAttrs.isEmpty()) {
-                Iterator<Attr> it = cur.nodes.iterator();
+                Iterator<Attr> it = col.iterator();
                 String base = null;
                 Attr baseAttr = null;
                 while (it.hasNext()) {
@@ -164,7 +169,9 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
                         try {
                             base = joinURI(n.getValue(), base);
                         } catch (URISyntaxException ue) {
-                            ue.printStackTrace();
+                            if (log.isLoggable(java.util.logging.Level.FINE)) {
+                                log.log(java.util.logging.Level.FINE, ue.getMessage(), ue);
+                            }
                         }
                     }
                 }
@@ -178,7 +185,8 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
             col.addAll(loa.values());
         }
     };
-    XmlAttrStack xmlattrStack = new XmlAttrStack();
+
+    private XmlAttrStack xmlattrStack = new XmlAttrStack();
 
     /**
      * Constructor Canonicalizer11
@@ -189,194 +197,6 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
         super(includeComments);
     }
 
-    /**
-     * Returns the Attr[]s to be outputted for the given element.
-     * <br>
-     * The code of this method is a copy of {@link #handleAttributes(Element,
-     * NameSpaceSymbTable)},
-     * whereas it takes into account that subtree-c14n is -- well --
-     * subtree-based.
-     * So if the element in question isRoot of c14n, it's parent is not in the
-     * node set, as well as all other ancestors.
-     *
-     * @param E
-     * @param ns
-     * @return the Attr[]s to be outputted
-     * @throws CanonicalizationException
-     */
-    Iterator<Attr> handleAttributesSubtree(Element E, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        if (!E.hasAttributes() && !firstCall) {
-            return null;
-        }
-        // result will contain the attrs which have to be outputted
-        final SortedSet<Attr> result = this.result;
-        result.clear();
-        NamedNodeMap attrs = E.getAttributes();
-        int attrsLength = attrs.getLength();
-
-        for (int i = 0; i < attrsLength; i++) {
-            Attr N = (Attr) attrs.item(i);
-            String NUri = N.getNamespaceURI();
-
-            if (XMLNS_URI != NUri) {
-                // It's not a namespace attr node. Add to the result and
-                // continue.
-                result.add(N);
-                continue;
-            }
-
-            String NName = N.getLocalName();
-            String NValue = N.getValue();
-            if (XML.equals(NName)
-                && XML_LANG_URI.equals(NValue)) {
-                // The default mapping for xml must not be output.
-                continue;
-            }
-
-            Node n = ns.addMappingAndRender(NName, NValue, N);
-
-            if (n != null) {
-                // Render the ns definition
-                result.add((Attr)n);
-                if (C14nHelper.namespaceIsRelative(N)) {
-                    Object exArgs[] = {E.getTagName(), NName, N.getNodeValue()};
-                    throw new CanonicalizationException(
-                        "c14n.Canonicalizer.RelativeNamespace", exArgs);
-                }
-            }
-        }
-
-        if (firstCall) {
-            // It is the first node of the subtree
-            // Obtain all the namespaces defined in the parents, and added
-            // to the output.
-            ns.getUnrenderedNodes(result);
-            // output the attributes in the xml namespace.
-            xmlattrStack.getXmlnsAttr(getSortedSetAsCollection(result));
-            firstCall = false;
-        }
-
-        return result.iterator();
-    }
-
-
-
-    /**
-     * Returns the Attr[]s to be outputted for the given element.
-     * <br>
-     * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
-     * DOM which has been prepared using
-     * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
-     * org.w3c.dom.Document)}.
-     *
-     * @param E
-     * @param ns
-     * @return the Attr[]s to be outputted
-     * @throws CanonicalizationException
-     */
-    Iterator<Attr> handleAttributes(Element E, NameSpaceSymbTable ns)
-        throws CanonicalizationException {
-        // result will contain the attrs which have to be output
-        xmlattrStack.push(ns.getLevel());
-        boolean isRealVisible = isVisibleDO(E, ns.getLevel()) == 1;
-        NamedNodeMap attrs = null;
-        int attrsLength = 0;
-        if (E.hasAttributes()) {
-            attrs = E.getAttributes();
-            attrsLength = attrs.getLength();
-        }
-
-        SortedSet<Attr> result = this.result;
-        result.clear();
-
-        for (int i = 0; i < attrsLength; i++) {
-            Attr N = (Attr)attrs.item(i);
-            String NUri = N.getNamespaceURI();
-
-            if (XMLNS_URI != NUri) {
-                // A non namespace definition node.
-                if (XML_LANG_URI == NUri) {
-                    if (N.getLocalName().equals("id")) {
-                        if (isRealVisible) {
-                            // treat xml:id like any other attribute
-                            // (emit it, but don't inherit it)
-                            result.add(N);
-                        }
-                    } else {
-                        xmlattrStack.addXmlnsAttr(N);
-                    }
-                } else if (isRealVisible) {
-                    // The node is visible add the attribute to the list of
-                    // output attributes.
-                    result.add(N);
-                }
-                // keep working
-                continue;
-            }
-
-            String NName = N.getLocalName();
-            String NValue = N.getValue();
-            if ("xml".equals(NName)
-                && XML_LANG_URI.equals(NValue)) {
-                /* except omit namespace node with local name xml, which defines
-                 * the xml prefix, if its string value is
-                 * http://www.w3.org/XML/1998/namespace.
-                 */
-                continue;
-            }
-            // add the prefix binding to the ns symb table.
-            // ns.addInclusiveMapping(NName,NValue,N,isRealVisible);
-            if (isVisible(N))  {
-                if (!isRealVisible && ns.removeMappingIfRender(NName)) {
-                    continue;
-                }
-                // The xpath select this node output it if needed.
-                // Node n = ns.addMappingAndRenderXNodeSet
-                //      (NName, NValue, N, isRealVisible);
-                Node n = ns.addMappingAndRender(NName, NValue, N);
-                if (n != null) {
-                    result.add((Attr)n);
-                    if (C14nHelper.namespaceIsRelative(N)) {
-                        Object exArgs[] =
-                            { E.getTagName(), NName, N.getNodeValue() };
-                        throw new CanonicalizationException(
-                            "c14n.Canonicalizer.RelativeNamespace", exArgs);
-                    }
-                }
-            } else {
-                if (isRealVisible && NName != XMLNS) {
-                    ns.removeMapping(NName);
-                } else {
-                    ns.addMapping(NName, NValue, N);
-                }
-            }
-        }
-        if (isRealVisible) {
-            // The element is visible, handle the xmlns definition
-            Attr xmlns = E.getAttributeNodeNS(XMLNS_URI, XMLNS);
-            Node n = null;
-            if (xmlns == null) {
-                // No xmlns def just get the already defined.
-                n = ns.getMapping(XMLNS);
-            } else if (!isVisible(xmlns)) {
-                // There is a defn but the xmlns is not selected by the xpath.
-                // then xmlns=""
-                n = ns.addMappingAndRender(XMLNS, "", nullNode);
-            }
-            // output the xmlns def if needed.
-            if (n != null) {
-                result.add((Attr)n);
-            }
-            // Float all xml:* attributes of the unselected parent elements to
-            // this one. addXmlAttributes(E,result);
-            xmlattrStack.getXmlnsAttr(result);
-            ns.getUnrenderedNodes(result);
-        }
-
-        return result.iterator();
-    }
-
     /**
      * Always throws a CanonicalizationException because this is inclusive c14n.
      *
@@ -385,10 +205,10 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
      * @return none it always fails
      * @throws CanonicalizationException always
      */
-    public byte[] engineCanonicalizeXPathNodeSet(Set<Node> xpathNodeSet,
+    public byte[] engineCanonicalizeXPathNodeSet(
-        String inclusiveNamespaces) throws CanonicalizationException {
+        Set<Node> xpathNodeSet, String inclusiveNamespaces
-        throw new CanonicalizationException(
+    ) throws CanonicalizationException {
-         "c14n.Canonicalizer.UnsupportedOperation");
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
     }
 
     /**
@@ -399,17 +219,189 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
      * @return none it always fails
      * @throws CanonicalizationException
      */
-    public byte[] engineCanonicalizeSubTree(Node rootNode,
+    public byte[] engineCanonicalizeSubTree(
-        String inclusiveNamespaces) throws CanonicalizationException {
+        Node rootNode, String inclusiveNamespaces
-        throw new CanonicalizationException(
+    ) throws CanonicalizationException {
-            "c14n.Canonicalizer.UnsupportedOperation");
+        throw new CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation");
     }
 
-    void circumventBugIfNeeded(XMLSignatureInput input)
+    /**
+     * Returns the Attr[]s to be output for the given element.
+     * <br>
+     * The code of this method is a copy of {@link #handleAttributes(Element,
+     * NameSpaceSymbTable)},
+     * whereas it takes into account that subtree-c14n is -- well --
+     * subtree-based.
+     * So if the element in question isRoot of c14n, it's parent is not in the
+     * node set, as well as all other ancestors.
+     *
+     * @param element
+     * @param ns
+     * @return the Attr[]s to be output
+     * @throws CanonicalizationException
+     */
+    @Override
+    protected Iterator<Attr> handleAttributesSubtree(Element element, NameSpaceSymbTable ns)
+        throws CanonicalizationException {
+        if (!element.hasAttributes() && !firstCall) {
+            return null;
+        }
+        // result will contain the attrs which have to be output
+        final SortedSet<Attr> result = this.result;
+        result.clear();
+
+        if (element.hasAttributes()) {
+            NamedNodeMap attrs = element.getAttributes();
+            int attrsLength = attrs.getLength();
+
+            for (int i = 0; i < attrsLength; i++) {
+                Attr attribute = (Attr) attrs.item(i);
+                String NUri = attribute.getNamespaceURI();
+                String NName = attribute.getLocalName();
+                String NValue = attribute.getValue();
+
+                if (!XMLNS_URI.equals(NUri)) {
+                    // It's not a namespace attr node. Add to the result and continue.
+                    result.add(attribute);
+                } else if (!(XML.equals(NName) && XML_LANG_URI.equals(NValue))) {
+                    // The default mapping for xml must not be output.
+                    Node n = ns.addMappingAndRender(NName, NValue, attribute);
+
+                    if (n != null) {
+                        // Render the ns definition
+                        result.add((Attr)n);
+                        if (C14nHelper.namespaceIsRelative(attribute)) {
+                            Object exArgs[] = {element.getTagName(), NName, attribute.getNodeValue()};
+                            throw new CanonicalizationException(
+                                "c14n.Canonicalizer.RelativeNamespace", exArgs
+                            );
+                        }
+                    }
+                }
+            }
+        }
+
+        if (firstCall) {
+            // It is the first node of the subtree
+            // Obtain all the namespaces defined in the parents, and added to the output.
+            ns.getUnrenderedNodes(result);
+            // output the attributes in the xml namespace.
+            xmlattrStack.getXmlnsAttr(result);
+            firstCall = false;
+        }
+
+        return result.iterator();
+    }
+
+    /**
+     * Returns the Attr[]s to be output for the given element.
+     * <br>
+     * IMPORTANT: This method expects to work on a modified DOM tree, i.e. a
+     * DOM which has been prepared using
+     * {@link com.sun.org.apache.xml.internal.security.utils.XMLUtils#circumventBug2650(
+     * org.w3c.dom.Document)}.
+     *
+     * @param element
+     * @param ns
+     * @return the Attr[]s to be output
+     * @throws CanonicalizationException
+     */
+    @Override
+    protected Iterator<Attr> handleAttributes(Element element, NameSpaceSymbTable ns)
+        throws CanonicalizationException {
+        // result will contain the attrs which have to be output
+        xmlattrStack.push(ns.getLevel());
+        boolean isRealVisible = isVisibleDO(element, ns.getLevel()) == 1;
+        final SortedSet<Attr> result = this.result;
+        result.clear();
+
+        if (element.hasAttributes()) {
+            NamedNodeMap attrs = element.getAttributes();
+            int attrsLength = attrs.getLength();
+
+            for (int i = 0; i < attrsLength; i++) {
+                Attr attribute = (Attr) attrs.item(i);
+                String NUri = attribute.getNamespaceURI();
+                String NName = attribute.getLocalName();
+                String NValue = attribute.getValue();
+
+                if (!XMLNS_URI.equals(NUri)) {
+                    //A non namespace definition node.
+                    if (XML_LANG_URI.equals(NUri)) {
+                        if (NName.equals("id")) {
+                            if (isRealVisible) {
+                                // treat xml:id like any other attribute
+                                // (emit it, but don't inherit it)
+                                result.add(attribute);
+                            }
+                        } else {
+                            xmlattrStack.addXmlnsAttr(attribute);
+                        }
+                    } else if (isRealVisible) {
+                        //The node is visible add the attribute to the list of output attributes.
+                        result.add(attribute);
+                    }
+                } else if (!XML.equals(NName) || !XML_LANG_URI.equals(NValue)) {
+                    /* except omit namespace node with local name xml, which defines
+                     * the xml prefix, if its string value is
+                     * http://www.w3.org/XML/1998/namespace.
+                     */
+                    // add the prefix binding to the ns symb table.
+                    if (isVisible(attribute))  {
+                        if (isRealVisible || !ns.removeMappingIfRender(NName)) {
+                            // The xpath select this node output it if needed.
+                            Node n = ns.addMappingAndRender(NName, NValue, attribute);
+                            if (n != null) {
+                                result.add((Attr)n);
+                                if (C14nHelper.namespaceIsRelative(attribute)) {
+                                    Object exArgs[] = { element.getTagName(), NName, attribute.getNodeValue() };
+                                    throw new CanonicalizationException(
+                                        "c14n.Canonicalizer.RelativeNamespace", exArgs
+                                    );
+                                }
+                            }
+                        }
+                    } else {
+                        if (isRealVisible && !XMLNS.equals(NName)) {
+                            ns.removeMapping(NName);
+                        } else {
+                            ns.addMapping(NName, NValue, attribute);
+                        }
+                    }
+                }
+            }
+        }
+
+        if (isRealVisible) {
+            //The element is visible, handle the xmlns definition
+            Attr xmlns = element.getAttributeNodeNS(XMLNS_URI, XMLNS);
+            Node n = null;
+            if (xmlns == null) {
+                //No xmlns def just get the already defined.
+                n = ns.getMapping(XMLNS);
+            } else if (!isVisible(xmlns)) {
+                //There is a definition but the xmlns is not selected by the xpath.
+                //then xmlns=""
+                n = ns.addMappingAndRender(XMLNS, "", nullNode);
+            }
+            //output the xmlns def if needed.
+            if (n != null) {
+                result.add((Attr)n);
+            }
+            //Float all xml:* attributes of the unselected parent elements to this one.
+            xmlattrStack.getXmlnsAttr(result);
+            ns.getUnrenderedNodes(result);
+        }
+
+        return result.iterator();
+    }
+
+    protected void circumventBugIfNeeded(XMLSignatureInput input)
         throws CanonicalizationException, ParserConfigurationException,
         IOException, SAXException {
-        if (!input.isNeedsToBeExpanded())
+        if (!input.isNeedsToBeExpanded()) {
             return;
+        }
         Document doc = null;
         if (input.getSubNode() != null) {
             doc = XMLUtils.getOwnerDocument(input.getSubNode());
@@ -419,40 +411,47 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
         XMLUtils.circumventBug2650(doc);
     }
 
-    void handleParent(Element e, NameSpaceSymbTable ns) {
+    protected void handleParent(Element e, NameSpaceSymbTable ns) {
-        if (!e.hasAttributes()) {
+        if (!e.hasAttributes() && e.getNamespaceURI() == null) {
             return;
         }
         xmlattrStack.push(-1);
         NamedNodeMap attrs = e.getAttributes();
         int attrsLength = attrs.getLength();
         for (int i = 0; i < attrsLength; i++) {
-            Attr N = (Attr) attrs.item(i);
+            Attr attribute = (Attr) attrs.item(i);
-            if (Constants.NamespaceSpecNS != N.getNamespaceURI()) {
+            String NName = attribute.getLocalName();
-                // Not a namespace definition, ignore.
+            String NValue = attribute.getNodeValue();
-                if (XML_LANG_URI == N.getNamespaceURI()) {
-                    xmlattrStack.addXmlnsAttr(N);
-                }
-                continue;
-            }
 
-            String NName = N.getLocalName();
+            if (Constants.NamespaceSpecNS.equals(attribute.getNamespaceURI())) {
-            String NValue = N.getNodeValue();
+                if (!XML.equals(NName) || !Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
-            if (XML.equals(NName)
+                    ns.addMapping(NName, NValue, attribute);
-                && Constants.XML_LANG_SPACE_SpecNS.equals(NValue)) {
-                continue;
                 }
-            ns.addMapping(NName,NValue,N);
+            } else if (!"id".equals(NName) && XML_LANG_URI.equals(attribute.getNamespaceURI())) {
+                xmlattrStack.addXmlnsAttr(attribute);
+            }
+        }
+        if (e.getNamespaceURI() != null) {
+            String NName = e.getPrefix();
+            String NValue = e.getNamespaceURI();
+            String Name;
+            if (NName == null || NName.equals("")) {
+                NName = "xmlns";
+                Name = "xmlns";
+            } else {
+                Name = "xmlns:" + NName;
+            }
+            Attr n = e.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", Name);
+            n.setValue(NValue);
+            ns.addMapping(NName, NValue, n);
         }
     }
 
-    private static String joinURI(String baseURI, String relativeURI)
+    private static String joinURI(String baseURI, String relativeURI) throws URISyntaxException {
-        throws URISyntaxException {
         String bscheme = null;
         String bauthority = null;
         String bpath = "";
         String bquery = null;
-        String bfragment = null; // Is this correct?
 
         // pre-parse the baseURI
         if (baseURI != null) {
@@ -464,7 +463,6 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
             bauthority = base.getAuthority();
             bpath = base.getPath();
             bquery = base.getQuery();
-            bfragment = base.getFragment();
         }
 
         URI r = new URI(relativeURI);
@@ -472,9 +470,8 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
         String rauthority = r.getAuthority();
         String rpath = r.getPath();
         String rquery = r.getQuery();
-        String rfragment = null;
 
-        String tscheme, tauthority, tpath, tquery, tfragment;
+        String tscheme, tauthority, tpath, tquery;
         if (rscheme != null && rscheme.equals(bscheme)) {
             rscheme = null;
         }
@@ -518,13 +515,13 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
             }
             tscheme = bscheme;
         }
-        tfragment = rfragment;
+        return new URI(tscheme, tauthority, tpath, tquery, null).toString();
-        return new URI(tscheme, tauthority, tpath, tquery, tfragment).toString();
     }
 
     private static String removeDotSegments(String path) {
-
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "STEP   OUTPUT BUFFER\t\tINPUT BUFFER");
+        }
 
         // 1. The input buffer is initialized with the now-appended path
         // components then replace occurrences of "//" in the input buffer
@@ -535,7 +532,7 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
         }
 
         // Initialize the output buffer with the empty string.
-        StringBuffer output = new StringBuffer();
+        StringBuilder output = new StringBuilder();
 
         // If the input buffer starts with a root slash "/" then move this
         // character to the output buffer.
@@ -594,7 +591,7 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
                 } else {
                     int index = output.lastIndexOf("/");
                     if (index == -1) {
-                        output = new StringBuffer();
+                        output = new StringBuilder();
                         if (input.charAt(0) == '/') {
                             input = input.substring(1);
                         }
@@ -615,7 +612,7 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
                 } else {
                     int index = output.lastIndexOf("/");
                     if (index == -1) {
-                        output = new StringBuffer();
+                        output = new StringBuilder();
                         if (input.charAt(0) == '/') {
                             input = input.substring(1);
                         }
@@ -633,8 +630,9 @@ public abstract class Canonicalizer11 extends CanonicalizerBase {
                 input = "";
                 printStep("2D", output.toString(), input);
             } else if (input.equals("..")) {
-                if (!output.toString().equals("/"))
+                if (!output.toString().equals("/")) {
                     output.append("..");
+                }
                 input = "";
                 printStep("2D", output.toString(), input);
                 // 2E. move the first path segment (if any) in the input buffer

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_OmitComments.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright 2008 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n.implementations;
 

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/Canonicalizer11_WithComments.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright 2008 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
- *
+ * or more contributor license agreements. See the NOTICE file
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * distributed with this work for additional information
- *  you may not use this file except in compliance with the License.
+ * regarding copyright ownership. The ASF licenses this file
- *  You may obtain a copy of the License at
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
- *  Unless required by applicable law or agreed to in writing, software
+ * Unless required by applicable law or agreed to in writing,
- *  distributed under the License is distributed on an "AS IS" BASIS,
+ * software distributed under the License is distributed on an
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  See the License for the specific language governing permissions and
+ * KIND, either express or implied. See the License for the
- *  limitations under the License.
+ * specific language governing permissions and limitations
- *
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.c14n.implementations;