Merge

.hgtags-top-repo

@@ -220,3 +220,4 @@ cb51fb4789ac0b8be4056482077ddfb8f3bd3805 jdk8-b91
 c156084add486f941c12d886a0b1b2854795d557 jdk8-b96
 a1c1e8bf71f354f3aec0214cf13d6668811e021d jdk8-b97
 0d0c983a817bbe8518a5ff201306334a8de267f2 jdk8-b98
+59dc9da813794c924a0383c2a6241af94defdfed jdk8-b99

corba/.hgtags

@@ -220,3 +220,4 @@ c8286839d0df04aba819ec4bef12b86babccf30e jdk8-b90
 3357c2776431d51a8de326a85e0f41420e40774f jdk8-b96
 469995a8e97424f450c880606d689bf345277b19 jdk8-b97
 3370fb6146e47a6cc05a213fc213e12fc0a38d07 jdk8-b98
+3f67804ab61303782df57e54989ef5e0e4629beb jdk8-b99

hotspot/.hgtags

@@ -359,3 +359,5 @@ d197d377ab2e016d024e8c86cb06a57bd7eae590 jdk8-b97
 c9dd82da51ed34a28f7c6b3245163ee962e94572 hs25-b40
 30b5b75c42ac5174b640fbef8aa87527668e8400 jdk8-b98
 2b9946e10587f74ef75ae8145bea484df4a2738b hs25-b41
+81b6cb70717c66375846b78bb174594ec3aa998e jdk8-b99
+9f71e36a471ae4a668e08827d33035963ed10c08 hs25-b42

hotspot/make/hotspot_version

@@ -35,7 +35,7 @@ HOTSPOT_VM_COPYRIGHT=Copyright 2013
 
 HS_MAJOR_VER=25
 HS_MINOR_VER=0
-HS_BUILD_NUMBER=41
+HS_BUILD_NUMBER=42
 
 JDK_MAJOR_VER=1
 JDK_MINOR_VER=8

hotspot/make/linux/makefiles/vm.make

@@ -46,6 +46,7 @@ ifeq ($(findstring true, $(JVM_VARIANT_ZERO) $(JVM_VARIANT_ZEROSHARK)), true)
   include $(MAKEFILES_DIR)/zeroshark.make
 else
   include $(MAKEFILES_DIR)/$(BUILDARCH).make
+  -include $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make
 endif
 
 # set VPATH so make knows where to look for source files
@@ -380,4 +381,4 @@ build: $(LIBJVM) $(LAUNCHER) $(LIBJSIG) $(LIBJVM_DB) $(BUILDLIBSAPROC) dtraceChe
 
 install: install_jvm install_jsig install_saproc
 
-.PHONY: default build install install_jvm
+.PHONY: default build install install_jvm $(HS_ALT_MAKE)/$(Platform_os_family)/makefiles/$(BUILDARCH).make

hotspot/src/cpu/sparc/vm/stubGenerator_sparc.cpp

@@ -410,6 +410,51 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   o0 = adr
+    //   o1 = errValue
+    //
+    // result:
+    //   o0  = *adr or errValue
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    __ align(CodeEntryAlignment);
+    *entry = __ pc();
+
+    __ mov(O0, G1);  // g1 = o0
+    __ mov(O1, O0);  // o0 = o1
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ ldsw(G1, 0, O0);  // o0 = [g1]
+        break;
+      case 8:
+        // int64_t
+        __ ldx(G1, 0, O0);   // o0 = [g1]
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    // By convention with the trap handler we ensure there is a non-CTI
+    // instruction in the trap shadow.
+    __ nop();
+    __ retl();
+    __ delayed()->nop();
+  }
 
   //------------------------------------------------------------------------------------------------------------------------
   // Continuation point for throwing of implicit exceptions that are not handled in
@@ -3315,6 +3360,14 @@ class StubGenerator: public StubCodeGenerator {
 
     // Don't initialize the platform math functions since sparc
     // doesn't have intrinsics for these operations.
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
 

hotspot/src/cpu/x86/vm/stubGenerator_x86_32.cpp

@@ -2766,6 +2766,39 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    __ movl(rax, Address(rsp, 0x8));
+    __ movl(rcx, Address(rsp, 0x4));
+    // Load *adr into eax, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(rax, Address(rcx, 0));
+        break;
+      case 8:
+        // int64_t
+        Unimplemented();
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // Return errValue or *adr.
+    *continuation_pc = __ pc();
+    __ ret(0);
+  }
 
  public:
   // Information about frame layout at time of blocking runtime call.
@@ -2978,6 +3011,14 @@ class StubGenerator: public StubCodeGenerator {
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int), &StubRoutines::_safefetch32_entry,
+                                                   &StubRoutines::_safefetch32_fault_pc,
+                                                   &StubRoutines::_safefetch32_continuation_pc);
+    StubRoutines::_safefetchN_entry           = StubRoutines::_safefetch32_entry;
+    StubRoutines::_safefetchN_fault_pc        = StubRoutines::_safefetch32_fault_pc;
+    StubRoutines::_safefetchN_continuation_pc = StubRoutines::_safefetch32_continuation_pc;
   }
 
 

hotspot/src/cpu/x86/vm/stubGenerator_x86_64.cpp

@@ -3357,7 +3357,45 @@ class StubGenerator: public StubCodeGenerator {
     return start;
   }
 
+  // Safefetch stubs.
+  void generate_safefetch(const char* name, int size, address* entry,
+                          address* fault_pc, address* continuation_pc) {
+    // safefetch signatures:
+    //   int      SafeFetch32(int*      adr, int      errValue);
+    //   intptr_t SafeFetchN (intptr_t* adr, intptr_t errValue);
+    //
+    // arguments:
+    //   c_rarg0 = adr
+    //   c_rarg1 = errValue
+    //
+    // result:
+    //   PPC_RET  = *adr or errValue
 
+    StubCodeMark mark(this, "StubRoutines", name);
+
+    // Entry point, pc or function descriptor.
+    *entry = __ pc();
+
+    // Load *adr into c_rarg1, may fault.
+    *fault_pc = __ pc();
+    switch (size) {
+      case 4:
+        // int32_t
+        __ movl(c_rarg1, Address(c_rarg0, 0));
+        break;
+      case 8:
+        // int64_t
+        __ movq(c_rarg1, Address(c_rarg0, 0));
+        break;
+      default:
+        ShouldNotReachHere();
+    }
+
+    // return errValue or *adr
+    *continuation_pc = __ pc();
+    __ movq(rax, c_rarg1);
+    __ ret(0);
+  }
 
   // This is a version of CBC/AES Decrypt which does 4 blocks in a loop at a time
   // to hide instruction latency
@@ -3833,6 +3871,14 @@ class StubGenerator: public StubCodeGenerator {
       StubRoutines::_cipherBlockChaining_encryptAESCrypt = generate_cipherBlockChaining_encryptAESCrypt();
       StubRoutines::_cipherBlockChaining_decryptAESCrypt = generate_cipherBlockChaining_decryptAESCrypt_Parallel();
     }
+
+    // Safefetch stubs.
+    generate_safefetch("SafeFetch32", sizeof(int),     &StubRoutines::_safefetch32_entry,
+                                                       &StubRoutines::_safefetch32_fault_pc,
+                                                       &StubRoutines::_safefetch32_continuation_pc);
+    generate_safefetch("SafeFetchN", sizeof(intptr_t), &StubRoutines::_safefetchN_entry,
+                                                       &StubRoutines::_safefetchN_fault_pc,
+                                                       &StubRoutines::_safefetchN_continuation_pc);
   }
 
  public:

hotspot/src/os/windows/vm/os_windows.cpp

@@ -2323,6 +2323,11 @@ LONG WINAPI topLevelExceptionFilter(struct _EXCEPTION_POINTERS* exceptionInfo) {
 #endif
   Thread* t = ThreadLocalStorage::get_thread_slow();          // slow & steady
 
+  // Handle SafeFetch32 and SafeFetchN exceptions.
+  if (StubRoutines::is_safefetch_fault(pc)) {
+    return Handle_Exception(exceptionInfo, StubRoutines::continuation_for_safefetch_fault(pc));
+  }
+
 #ifndef _WIN64
   // Execution protection violation - win32 running on AMD64 only
   // Handled first to avoid misdiagnosis as a "normal" access violation;

hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_32.s

@@ -63,24 +63,6 @@ SYMBOL(fixcw):
         popl     %eax
         ret
 
-        .globl  SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .globl  SYMBOL(SafeFetchN)
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-        ELF_TYPE(SafeFetch32,@function)
-        .p2align 4,,15
-SYMBOL(SafeFetch32):
-SYMBOL(SafeFetchN):
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-SYMBOL(Fetch32PFI):
-         movl    (%ecx), %eax
-SYMBOL(Fetch32Resume):
-         ret
-
-
         .globl  SYMBOL(SpinPause)
         ELF_TYPE(SpinPause,@function)
         .p2align 4,,15

hotspot/src/os_cpu/bsd_x86/vm/bsd_x86_64.s

@@ -46,28 +46,6 @@
 
 	.text
 
-        .globl SYMBOL(SafeFetch32), SYMBOL(Fetch32PFI), SYMBOL(Fetch32Resume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetch32,@function)
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SYMBOL(SafeFetch32):
-        movl    %esi, %eax
-SYMBOL(Fetch32PFI):
-        movl    (%rdi), %eax
-SYMBOL(Fetch32Resume):
-        ret
-
-        .globl SYMBOL(SafeFetchN), SYMBOL(FetchNPFI), SYMBOL(FetchNResume)
-        .p2align 4,,15
-        ELF_TYPE(SafeFetchN,@function)
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SYMBOL(SafeFetchN):
-        movq    %rsi, %rax
-SYMBOL(FetchNPFI):
-        movq    (%rdi), %rax
-SYMBOL(FetchNResume):
-        ret
-
         .globl SYMBOL(SpinPause)
         .p2align 4,,15
         ELF_TYPE(SpinPause,@function)

hotspot/src/os_cpu/bsd_x86/vm/os_bsd_x86.cpp

@@ -385,13 +385,6 @@ enum {
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_bsd_signal(int sig,
                         siginfo_t* info,
@@ -454,16 +447,10 @@ JVM_handle_bsd_signal(int sig,
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Bsd::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
+    if (StubRoutines::is_safefetch_fault(pc)) {
-       uc->context_pc = intptr_t(Fetch32Resume) ;
+      uc->context_pc = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-       return 1 ;
+      return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->context_pc = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV || sig == SIGBUS) {

hotspot/src/os_cpu/linux_sparc/vm/linux_sparc.s

@@ -21,42 +21,6 @@
 # questions.
 #
 
-    # Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    # The "ld" at Fetch32 is potentially faulting instruction.
-    # If the instruction traps the trap handler will arrange
-    # for control to resume at Fetch32Resume.  
-    # By convention with the trap handler we ensure there is a non-CTI
-    # instruction in the trap shadow.  
-        
-
-    .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-    .globl  SafeFetchN
-    .align  32
-    .type    SafeFetch32,@function
-SafeFetch32:        
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    # <-- Potentially faulting instruction
-    ld      [%g1], %o0         
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN, FetchNPFI, FetchNResume
-    .type    SafeFetchN,@function
-    .align  32
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     # Possibilities:
     # -- membar
     # -- CAS (SP + BIAS, G0, G0)

hotspot/src/os_cpu/linux_sparc/vm/os_linux_sparc.cpp

@@ -366,18 +366,9 @@ intptr_t* os::Linux::ucontext_get_fp(ucontext_t *uc) {
 
 // Utility functions
 
-extern "C" void Fetch32PFI();
-extern "C" void Fetch32Resume();
-extern "C" void FetchNPFI();
-extern "C" void FetchNResume();
-
 inline static bool checkPrefetch(sigcontext* uc, address pc) {
-  if (pc == (address) Fetch32PFI) {
+  if (StubRoutines::is_safefetch_fault(pc)) {
-    set_cont_address(uc, address(Fetch32Resume));
+    set_cont_address(uc, address(StubRoutines::continuation_for_safefetch_fault(pc)));
-    return true;
-  }
-  if (pc == (address) FetchNPFI) {
-    set_cont_address(uc, address(FetchNResume));
     return true;
   }
   return false;

hotspot/src/os_cpu/linux_x86/vm/linux_x86_32.s

@@ -42,24 +42,6 @@
 
 	.text
 
-        .globl  SafeFetch32, Fetch32PFI, Fetch32Resume
-        .globl  SafeFetchN
-        ## TODO: avoid exposing Fetch32PFI and Fetch32Resume.
-        ## Instead, the signal handler would call a new SafeFetchTriage(FaultingEIP)
-        ## routine to vet the address.  If the address is the faulting LD then
-        ## SafeFetchTriage() would return the resume-at EIP, otherwise null.
-	.type    SafeFetch32,@function
-        .p2align 4,,15
-SafeFetch32:
-SafeFetchN:
-         movl    0x8(%esp), %eax
-         movl    0x4(%esp), %ecx
-Fetch32PFI:
-         movl    (%ecx), %eax
-Fetch32Resume:
-         ret
-
-
         .globl  SpinPause
 	.type   SpinPause,@function
         .p2align 4,,15

hotspot/src/os_cpu/linux_x86/vm/linux_x86_64.s

@@ -38,28 +38,6 @@
 
 	.text
 
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        .type   SafeFetch32,@function
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
-        ret
-
-        .globl SafeFetchN, FetchNPFI, FetchNResume
-        .align  16
-        .type   SafeFetchN,@function
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
-        ret
-
         .globl SpinPause
         .align 16
         .type  SpinPause,@function

hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp

@@ -209,13 +209,6 @@ enum {
   trap_page_fault = 0xE
 };
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_linux_signal(int sig,
                         siginfo_t* info,
@@ -278,16 +271,10 @@ JVM_handle_linux_signal(int sig,
   if (info != NULL && uc != NULL && thread != NULL) {
     pc = (address) os::Linux::ucontext_get_pc(uc);
 
-    if (pc == (address) Fetch32PFI) {
+    if (StubRoutines::is_safefetch_fault(pc)) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-       return 1 ;
+      return 1;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs[REG_PC] = intptr_t (FetchNResume) ;
-       return 1 ;
-    }
-#endif // AMD64
 
 #ifndef AMD64
     // Halt if SI_KERNEL before more crashes get misdiagnosed as Java bugs

hotspot/src/os_cpu/solaris_sparc/vm/os_solaris_sparc.cpp

@@ -303,11 +303,6 @@ bool os::is_allocatable(size_t bytes) {
 #endif
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -379,17 +374,10 @@ JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
     npc = (address) uc->uc_mcontext.gregs[REG_nPC];
 
     // SafeFetch() support
-    // Implemented with either a fixed set of addresses such
+    if (StubRoutines::is_safefetch_fault(pc)) {
-    // as Fetch32*, or with Thread._OnTrap.
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(Fetch32PFI)) {
+      uc->uc_mcontext.gregs[REG_nPC] = uc->uc_mcontext.gregs[REG_PC] + 4;
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(Fetch32Resume) ;
+      return 1;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(Fetch32Resume) + 4 ;
-      return true ;
-    }
-    if (uc->uc_mcontext.gregs[REG_PC] == intptr_t(FetchNPFI)) {
-      uc->uc_mcontext.gregs [REG_PC]  = intptr_t(FetchNResume) ;
-      uc->uc_mcontext.gregs [REG_nPC] = intptr_t(FetchNResume) + 4 ;
-      return true ;
     }
 
     // Handle ALL stack overflow variations here

hotspot/src/os_cpu/solaris_sparc/vm/solaris_sparc.s

@@ -21,47 +21,6 @@
 !! questions.
 !!
 
-    !! Prototype: int SafeFetch32 (int * adr, int ErrValue)
-    !! The "ld" at Fetch32 is potentially faulting instruction.
-    !! If the instruction traps the trap handler will arrange
-    !! for control to resume at Fetch32Resume.  
-    !! By convention with the trap handler we ensure there is a non-CTI
-    !! instruction in the trap shadow.  
-    !!
-    !! The reader might be tempted to move this service to .il.
-    !! Don't.  Sun's CC back-end reads and optimize code emitted 
-    !! by the .il "call", in some cases optimizing the code, completely eliding it,
-    !! or by moving the code from the "call site". 
-        
-     !! ASM better know we may use G6 for our own purposes
-    .register %g6, #ignore
-        
-    .globl  SafeFetch32
-    .align  32
-    .global Fetch32PFI, Fetch32Resume 
-SafeFetch32:
-    mov     %o0, %g1
-    mov     %o1, %o0
-Fetch32PFI:
-    ld      [%g1], %o0          !! <-- Potentially faulting instruction
-Fetch32Resume:
-    nop
-    retl
-    nop
-
-    .globl  SafeFetchN
-    .align  32
-    .globl  FetchNPFI, FetchNResume
-SafeFetchN:
-    mov     %o0, %g1
-    mov     %o1, %o0
-FetchNPFI:
-    ldn     [%g1], %o0
-FetchNResume:
-    nop
-    retl
-    nop
-
     !! Possibilities:
     !! -- membar
     !! -- CAS (SP + BIAS, G0, G0)

hotspot/src/os_cpu/solaris_x86/vm/os_solaris_x86.cpp

@@ -352,13 +352,6 @@ bool os::is_allocatable(size_t bytes) {
 
 }
 
-extern "C" void Fetch32PFI () ;
-extern "C" void Fetch32Resume () ;
-#ifdef AMD64
-extern "C" void FetchNPFI () ;
-extern "C" void FetchNResume () ;
-#endif // AMD64
-
 extern "C" JNIEXPORT int
 JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
                           int abort_if_unrecognized) {
@@ -436,17 +429,10 @@ JVM_handle_solaris_signal(int sig, siginfo_t* info, void* ucVoid,
     // factor me: getPCfromContext
     pc = (address) uc->uc_mcontext.gregs[REG_PC];
 
-    // SafeFetch32() support
+    if (StubRoutines::is_safefetch_fault(pc)) {
-    if (pc == (address) Fetch32PFI) {
+      uc->uc_mcontext.gregs[REG_PC] = intptr_t(StubRoutines::continuation_for_safefetch_fault(pc));
-      uc->uc_mcontext.gregs[REG_PC] = intptr_t(Fetch32Resume) ;
+      return true;
-      return true ;
     }
-#ifdef AMD64
-    if (pc == (address) FetchNPFI) {
-       uc->uc_mcontext.gregs [REG_PC] = intptr_t(FetchNResume) ;
-       return true ;
-    }
-#endif // AMD64
 
     // Handle ALL stack overflow variations here
     if (sig == SIGSEGV && info->si_code == SEGV_ACCERR) {

hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_32.s

@@ -54,20 +54,6 @@ fixcw:
 	popl     %eax
 	ret
 
-       .align  16
-       .globl  SafeFetch32
-       .globl  SafeFetchN
-       .globl  Fetch32PFI, Fetch32Resume
-SafeFetch32:
-SafeFetchN:
-        movl    0x8(%esp), %eax
-        movl    0x4(%esp), %ecx
-Fetch32PFI:
-        movl    (%ecx), %eax
-Fetch32Resume:
-        ret
-
-
         .align  16
         .globl  SpinPause
 SpinPause:

hotspot/src/os_cpu/solaris_x86/vm/solaris_x86_64.s

@@ -21,54 +21,34 @@
 / questions.
 /
 
-	.globl fs_load
+        .globl fs_load
-	.globl fs_thread
+        .globl fs_thread
 
         // NOTE WELL!  The _Copy functions are called directly
-	// from server-compiler-generated code via CallLeafNoFP,
+        // from server-compiler-generated code via CallLeafNoFP,
-	// which means that they *must* either not use floating
+        // which means that they *must* either not use floating
-	// point or use it in the same manner as does the server
+        // point or use it in the same manner as does the server
-	// compiler.
+        // compiler.
 
         .globl _Copy_arrayof_conjoint_bytes
         .globl _Copy_conjoint_jshorts_atomic
-	.globl _Copy_arrayof_conjoint_jshorts
+        .globl _Copy_arrayof_conjoint_jshorts
         .globl _Copy_conjoint_jints_atomic
         .globl _Copy_arrayof_conjoint_jints
-	.globl _Copy_conjoint_jlongs_atomic
+        .globl _Copy_conjoint_jlongs_atomic
         .globl _Copy_arrayof_conjoint_jlongs
 
-	.section .text,"ax"
+        .section .text,"ax"
 
         / Fast thread accessors, used by threadLS_solaris_amd64.cpp
-	.align   16
+        .align   16
 fs_load:
-	movq %fs:(%rdi),%rax
+        movq %fs:(%rdi),%rax
-	ret
-
-	.align   16
-fs_thread:
-	movq %fs:0x0,%rax
-	ret
-
-        .globl SafeFetch32, Fetch32PFI, Fetch32Resume
-        .align  16
-        // Prototype: int SafeFetch32 (int * Adr, int ErrValue) 
-SafeFetch32:
-        movl    %esi, %eax
-Fetch32PFI:
-        movl    (%rdi), %eax
-Fetch32Resume:
         ret
 
-        .globl SafeFetchN, FetchNPFI, FetchNResume
+        .align   16
-        .align  16
+fs_thread:
-        // Prototype: intptr_t SafeFetchN (intptr_t * Adr, intptr_t ErrValue) 
+        movq %fs:0x0,%rax
-SafeFetchN:
-        movq    %rsi, %rax
-FetchNPFI:
-        movq    (%rdi), %rax
-FetchNResume:
         ret
 
         .globl  SpinPause
@@ -78,7 +58,7 @@ SpinPause:
         nop
         movq    $1, %rax
         ret
-        
+
 
         / Support for void Copy::arrayof_conjoint_bytes(void* from,
         /                                               void* to,
@@ -340,7 +320,7 @@ aci_CopyLeft:
         addq     $4,%rdx
         jg       1b
         ret
-	
+
         / Support for void Copy::arrayof_conjoint_jlongs(jlong* from,
         /                                                jlong* to,
         /                                                size_t count)

hotspot/src/os_cpu/windows_x86/vm/os_windows_x86.cpp

@@ -518,24 +518,6 @@ void os::print_register_info(outputStream *st, void *context) {
   st->cr();
 }
 
-extern "C" int SafeFetch32 (int * adr, int Err) {
-   int rv = Err ;
-   _try {
-       rv = *((volatile int *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t Err) {
-   intptr_t rv = Err ;
-   _try {
-       rv = *((volatile intptr_t *) adr) ;
-   } __except(EXCEPTION_EXECUTE_HANDLER) {
-   }
-   return rv ;
-}
-
 extern "C" int SpinPause () {
 #ifdef AMD64
    return 0 ;

hotspot/src/share/vm/gc_implementation/g1/g1CollectorPolicy.cpp

@@ -873,7 +873,7 @@ bool G1CollectorPolicy::need_to_start_conc_mark(const char* source, size_t alloc
   size_t alloc_byte_size = alloc_word_size * HeapWordSize;
 
   if ((cur_used_bytes + alloc_byte_size) > marking_initiating_used_threshold) {
-    if (gcs_are_young()) {
+    if (gcs_are_young() && !_last_young_gc) {
       ergo_verbose5(ErgoConcCycles,
         "request concurrent cycle initiation",
         ergo_format_reason("occupancy higher than threshold")
@@ -931,7 +931,7 @@ void G1CollectorPolicy::record_collection_pause_end(double pause_time_ms, Evacua
   last_pause_included_initial_mark = during_initial_mark_pause();
   if (last_pause_included_initial_mark) {
     record_concurrent_mark_init_end(0.0);
-  } else if (!_last_young_gc && need_to_start_conc_mark("end of GC")) {
+  } else if (need_to_start_conc_mark("end of GC")) {
     // Note: this might have already been set, if during the last
     // pause we decided to start a cycle but at the beginning of
     // this pause we decided to postpone it. That's OK.

hotspot/src/share/vm/runtime/os.hpp

@@ -915,8 +915,6 @@ class os: AllStatic {
 // of the global SpinPause() with C linkage.
 // It'd also be eligible for inlining on many platforms.
 
-extern "C" int SpinPause () ;
+extern "C" int SpinPause();
-extern "C" int SafeFetch32 (int * adr, int errValue) ;
-extern "C" intptr_t SafeFetchN (intptr_t * adr, intptr_t errValue) ;
 
 #endif // SHARE_VM_RUNTIME_OS_HPP

hotspot/src/share/vm/runtime/stubRoutines.cpp

@@ -136,6 +136,13 @@ double (* StubRoutines::_intrinsic_sin   )(double) = NULL;
 double (* StubRoutines::_intrinsic_cos   )(double) = NULL;
 double (* StubRoutines::_intrinsic_tan   )(double) = NULL;
 
+address StubRoutines::_safefetch32_entry                 = NULL;
+address StubRoutines::_safefetch32_fault_pc              = NULL;
+address StubRoutines::_safefetch32_continuation_pc       = NULL;
+address StubRoutines::_safefetchN_entry                  = NULL;
+address StubRoutines::_safefetchN_fault_pc               = NULL;
+address StubRoutines::_safefetchN_continuation_pc        = NULL;
+
 // Initialization
 //
 // Note: to break cycle with universe initialization, stubs are generated in two phases.

hotspot/src/share/vm/runtime/stubRoutines.hpp

@@ -221,6 +221,14 @@ class StubRoutines: AllStatic {
   static double (*_intrinsic_cos)(double);
   static double (*_intrinsic_tan)(double);
 
+  // Safefetch stubs.
+  static address _safefetch32_entry;
+  static address _safefetch32_fault_pc;
+  static address _safefetch32_continuation_pc;
+  static address _safefetchN_entry;
+  static address _safefetchN_fault_pc;
+  static address _safefetchN_continuation_pc;
+
  public:
   // Initialization/Testing
   static void    initialize1();                            // must happen before universe::genesis
@@ -381,6 +389,34 @@ class StubRoutines: AllStatic {
     return _intrinsic_tan(d);
   }
 
+  //
+  // Safefetch stub support
+  //
+
+  typedef int      (*SafeFetch32Stub)(int*      adr, int      errValue);
+  typedef intptr_t (*SafeFetchNStub) (intptr_t* adr, intptr_t errValue);
+
+  static SafeFetch32Stub SafeFetch32_stub() { return CAST_TO_FN_PTR(SafeFetch32Stub, _safefetch32_entry); }
+  static SafeFetchNStub  SafeFetchN_stub()  { return CAST_TO_FN_PTR(SafeFetchNStub,  _safefetchN_entry); }
+
+  static bool is_safefetch_fault(address pc) {
+    return pc != NULL &&
+          (pc == _safefetch32_fault_pc ||
+           pc == _safefetchN_fault_pc);
+  }
+
+  static address continuation_for_safefetch_fault(address pc) {
+    assert(_safefetch32_continuation_pc != NULL &&
+           _safefetchN_continuation_pc  != NULL,
+           "not initialized");
+
+    if (pc == _safefetch32_fault_pc) return _safefetch32_continuation_pc;
+    if (pc == _safefetchN_fault_pc)  return _safefetchN_continuation_pc;
+
+    ShouldNotReachHere();
+    return NULL;
+  }
+
   //
   // Default versions of the above arraycopy functions for platforms which do
   // not have specialized versions
@@ -400,4 +436,15 @@ class StubRoutines: AllStatic {
   static void arrayof_oop_copy_uninit(HeapWord* src, HeapWord* dest, size_t count);
 };
 
+// Safefetch allows to load a value from a location that's not known
+// to be valid. If the load causes a fault, the error value is returned.
+inline int SafeFetch32(int* adr, int errValue) {
+  assert(StubRoutines::SafeFetch32_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetch32_stub()(adr, errValue);
+}
+inline intptr_t SafeFetchN(intptr_t* adr, intptr_t errValue) {
+  assert(StubRoutines::SafeFetchN_stub(), "stub not yet generated");
+  return StubRoutines::SafeFetchN_stub()(adr, errValue);
+}
+
 #endif // SHARE_VM_RUNTIME_STUBROUTINES_HPP

hotspot/src/share/vm/services/memTracker.cpp

@@ -81,13 +81,13 @@ void MemTracker::init_tracking_options(const char* option_line) {
   } else if (strcmp(option_line, "=detail") == 0) {
     // detail relies on a stack-walking ability that may not
     // be available depending on platform and/or compiler flags
-    if (PLATFORM_NMT_DETAIL_SUPPORTED) {
+#if PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
       _tracking_level = NMT_detail;
-    } else {
+#else
       jio_fprintf(defaultStream::error_stream(),
-        "NMT detail is not supported on this platform.  Using NMT summary instead.");
+        "NMT detail is not supported on this platform.  Using NMT summary instead.\n");
       _tracking_level = NMT_summary;
-    }
+#endif
   } else if (strcmp(option_line, "=off") != 0) {
     vm_exit_during_initialization("Syntax error, expecting -XX:NativeMemoryTracking=[off|summary|detail]", NULL);
   }

hotspot/src/share/vm/utilities/globalDefinitions.hpp

@@ -381,12 +381,12 @@ const uint64_t KlassEncodingMetaspaceMax = (uint64_t(max_juint) + 1) << LogKlass
 #endif
 
 /*
- * If a platform does not support NMT_detail
+ * If a platform does not support native stack walking
  * the platform specific globalDefinitions (above)
- * can set PLATFORM_NMT_DETAIL_SUPPORTED to false
+ * can set PLATFORM_NATIVE_STACK_WALKING_SUPPORTED to 0
  */
-#ifndef PLATFORM_NMT_DETAIL_SUPPORTED
+#ifndef PLATFORM_NATIVE_STACK_WALKING_SUPPORTED
-#define PLATFORM_NMT_DETAIL_SUPPORTED true
+#define PLATFORM_NATIVE_STACK_WALKING_SUPPORTED 1
 #endif
 
 // The byte alignment to be used by Arena::Amalloc.  See bugid 4169348.

jaxp/.hgtags

@@ -220,3 +220,4 @@ b8c5f4b6f0fffb44618fc609a584953c4ed67c0b jdk8-b95
 6121efd299235b057f3de94b0a4158c388c2907c jdk8-b96
 6c830db28d21108f32af990ecf4d80a75887980d jdk8-b97
 15e5bb51bc0cd89304dc2f7f29b4c8002e632353 jdk8-b98
+adf49c3ef83c160d53ece623049b2cdccaf78fc7 jdk8-b99

jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java

@@ -73,13 +73,39 @@ public final class XalanConstants {
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
+
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is false by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 } // class Constants

jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java

@@ -229,7 +229,8 @@ public final class SecuritySupport {
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -262,6 +263,9 @@ public final class SecuritySupport {
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -273,18 +277,16 @@ public final class SecuritySupport {
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+    public static String getJAXPSystemProperty(String sysPropertyId) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }

jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java

@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xalan.internal.utils;
+
+
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                XalanConstants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET,
+                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java

@@ -27,6 +27,9 @@ import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC;
@@ -215,11 +218,13 @@ public class TransformerFactoryImpl
      * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
      */
     private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
      /**
      * protocols allowed for external DTD references in source file and/or stylesheet.
      */
     private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
 
+    private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
 
     /**
      * javax.xml.transform.sax.TransformerFactory implementation.
@@ -235,15 +240,16 @@ public class TransformerFactoryImpl
     private TransformerFactoryImpl(boolean useServicesMechanism) {
         this._useServicesMechanism = useServicesMechanism;
 
-        String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
         if (System.getSecurityManager() != null) {
             _isSecureMode = true;
             _isNotSecureProcessing = false;
         }
-        _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
+
-                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
+        _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        _accessExternalDTD =  SecuritySupport.getDefaultAccessProperty(
+        _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
-                XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
+                Property.ACCESS_EXTERNAL_DTD);
+        _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                Property.ACCESS_EXTERNAL_STYLESHEET);
     }
 
     /**
@@ -306,11 +312,10 @@ public class TransformerFactoryImpl
             else
               return Boolean.FALSE;
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+
-            return _accessExternalStylesheet;
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
-        }
+        if (index > -1) {
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+            return _xmlSecurityPropertyMgr.getValueByIndex(index);
-            return _accessExternalDTD;
         }
 
         // Throw an exception for all other attributes
@@ -413,12 +418,15 @@ public class TransformerFactoryImpl
                 return;
             }
         }
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
+
-            _accessExternalStylesheet = (String)value;
+        int index = _xmlSecurityPropertyMgr.getIndex(name);
-            return;
+        if (index > -1) {
-        }
+            _xmlSecurityPropertyMgr.setValue(index,
-        else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
+                    State.APIPROPERTY, (String)value);
-            _accessExternalDTD = (String)value;
+            _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_DTD);
+            _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                    Property.ACCESS_EXTERNAL_STYLESHEET);
             return;
         }
 
@@ -466,11 +474,18 @@ public class TransformerFactoryImpl
             }
             _isNotSecureProcessing = !value;
 
-            // set restriction, allowing no access to external stylesheet
+            // set external access restriction when FSP is explicitly set
-            if (value) {
+            if (value && XalanConstants.IS_JDK8_OR_ABOVE) {
-                _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
-                _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_STYLESHEET,
+                        State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_DTD);
+                _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+                        Property.ACCESS_EXTERNAL_STYLESHEET);
             }
+
             return;
         }
         else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {

jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java

@@ -33,7 +33,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -156,13 +156,9 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD =
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-        XMLConstants.ACCESS_EXTERNAL_DTD;
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA =
-        XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     //
     // Data
@@ -283,8 +279,7 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
             JAXP_SCHEMA_LANGUAGE,
             DTD_VALIDATOR_FACTORY_PROPERTY,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
+            XML_SECURITY_PROPERTY_MANAGER
-            ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -318,14 +313,8 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
         fValidationManager = createValidationManager();
         setProperty(VALIDATION_MANAGER, fValidationManager);
 
-        //For DOM, the secure feature is set to true by default
+        setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                new XMLSecurityPropertyManager());
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {

jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java

@@ -184,6 +184,9 @@ public final class Constants {
     public static final String ORACLE_JAXP_PROPERTY_PREFIX =
         "http://www.oracle.com/xml/jaxp/properties/";
 
+    public static final String XML_SECURITY_PROPERTY_MANAGER =
+            ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
+
     //System Properties corresponding to ACCESS_EXTERNAL_* properties
     public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
     public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
@@ -194,16 +197,17 @@ public final class Constants {
      * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
      */
     public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
-    /**
-     * JDK version by which the default is to restrict external connection
-     */
-    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
 
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is true by default
      */
     public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
+    /**
+     * Check if we're in jdk8 or above
+     */
+    public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
+
     //
     // DOM features
     //
@@ -697,6 +701,27 @@ public final class Constants {
         ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
     } // getXercesProperties():Enumeration
 
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJavaVersionAtLeast(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
 
     //
     // Classes

jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java

@@ -25,10 +25,9 @@
 
 package com.sun.org.apache.xerces.internal.impl;
 
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
-import javax.xml.XMLConstants;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLResolver;
@@ -51,15 +50,14 @@ public class PropertyManager {
 
     private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
 
-
+    /** Property identifier: Security property manager. */
-    /** Property identifier: access to external dtd */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-
-    /** Property identifier: access to external schema  */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     HashMap supportedProps = new HashMap();
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     public static final int CONTEXT_READER = 1;
     public static final int CONTEXT_WRITER = 2;
 
@@ -84,6 +82,7 @@ public class PropertyManager {
 
         HashMap properties = propertyManager.getProperties();
         supportedProps.putAll(properties);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)getProperty(XML_SECURITY_PROPERTY_MANAGER);
     }
 
     private HashMap getProperties(){
@@ -125,14 +124,8 @@ public class PropertyManager {
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
 
-        //For DOM/SAX, the secure feature is set to true by default
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+        supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     private void initWriterProps(){
@@ -148,7 +141,8 @@ public class PropertyManager {
      * }
      */
     public boolean containsProperty(String property){
-        return supportedProps.containsKey(property) ;
+        return supportedProps.containsKey(property) ||
+                (fSecurityPropertyMgr!=null && fSecurityPropertyMgr.getIndex(property) > -1) ;
     }
 
     public Object getProperty(String property){
@@ -174,7 +168,15 @@ public class PropertyManager {
             //add internal stax property
             supportedProps.put( Constants.XERCES_PROPERTY_PREFIX + Constants.STAX_ENTITY_RESOLVER_PROPERTY , new StaxEntityResolverWrapper((XMLResolver)value)) ;
         }
-        supportedProps.put(property, value ) ;
+
+        int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(property) : -1;
+        if (index > -1) {
+            fSecurityPropertyMgr.setValue(index,
+                    XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+        } else {
+            supportedProps.put(property, value);
+        }
+
         if(equivalentProperty != null){
             supportedProps.put(equivalentProperty, value ) ;
         }

jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java

@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.xml.internal.stream.Entity;
 import javax.xml.XMLConstants;
@@ -166,8 +167,9 @@ public class XMLDocumentFragmentScannerImpl
     protected static final String STANDARD_URI_CONFORMANT =
             Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol
      *  For DOM/SAX, the secure feature is set to true by default
@@ -199,7 +201,7 @@ public class XMLDocumentFragmentScannerImpl
         SYMBOL_TABLE,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -610,7 +612,10 @@ public class XMLDocumentFragmentScannerImpl
         dtdGrammarUtil = null;
 
         // JAXP 1.5 features and properties
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
         fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
 
         //fEntityManager.test();
@@ -662,9 +667,10 @@ public class XMLDocumentFragmentScannerImpl
 
         dtdGrammarUtil = null;
 
-        // Oracle jdk feature
+         // JAXP 1.5 features and properties
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
-
+                propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
     } // reset(XMLComponentManager)
 
     /**
@@ -762,11 +768,10 @@ public class XMLDocumentFragmentScannerImpl
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
+        {
-            {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
-                fAccessExternalDTD = (String)value;
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
-            }
         }
 
     } // setProperty(String,Object)

jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java

@@ -31,6 +31,7 @@ import com.sun.org.apache.xerces.internal.util.*;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
@@ -166,8 +167,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
     /** access external dtd: file protocol */
     static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
@@ -203,7 +205,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
                 VALIDATION_MANAGER,
                 BUFFER_SIZE,
                 SECURITY_MANAGER,
-                ACCESS_EXTERNAL_DTD
+                XML_SECURITY_PROPERTY_MANAGER
     };
 
     /** Property defaults. */
@@ -214,7 +216,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
                 null,
                 new Integer(DEFAULT_BUFFER_SIZE),
                 null,
-                EXTERNAL_ACCESS_DEFAULT
+                null
     };
 
     private static final String XMLEntity = "[xml]".intern();
@@ -1421,7 +1423,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         // initialize state
         //fStandalone = false;
@@ -1485,7 +1488,11 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
 
         // JAXP 1.5 feature
-        fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
+        if (spm == null) {
+            spm = new XMLSecurityPropertyManager();
+        }
+        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
 
         //reset general state
         reset();
@@ -1641,11 +1648,10 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
         }
 
         //JAXP 1.5 properties
-        if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER))
-            if (propertyId.equals(ACCESS_EXTERNAL_DTD))
+        {
-            {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value;
-                fAccessExternalDTD = (String)value;
+            fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
-            }
         }
     }
 

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java

@@ -54,6 +54,7 @@ import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -218,6 +219,10 @@ XSLoader, DOMConfiguration {
     protected static final String ENTITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: access to external dtd */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
@@ -238,8 +243,7 @@ XSLoader, DOMConfiguration {
         SECURITY_MANAGER,
         LOCALE,
         SCHEMA_DV_FACTORY,
-        ACCESS_EXTERNAL_DTD,
+        XML_SECURITY_PROPERTY_MANAGER
-        ACCESS_EXTERNAL_SCHEMA
     };
 
     // Data
@@ -270,7 +274,6 @@ XSLoader, DOMConfiguration {
     private final CMNodeFactory fNodeFactory = new CMNodeFactory(); //component mgr will be set later
     private CMBuilder fCMBuilder;
     private XSDDescription fXSDDescription = new XSDDescription();
-    private String faccessExternalDTD = Constants.EXTERNAL_ACCESS_DEFAULT;
     private String faccessExternalSchema = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     private Map fJAXPCache;
@@ -466,11 +469,9 @@ XSLoader, DOMConfiguration {
                 fErrorReporter.putMessageFormatter(XSMessageFormatter.SCHEMA_DOMAIN, new XSMessageFormatter());
             }
         }
-        else if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+        else if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
-            faccessExternalDTD = (String) state;
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)state;
-        }
+            faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
-        else if (propertyId.equals(ACCESS_EXTERNAL_SCHEMA)) {
-            faccessExternalSchema = (String) state;
         }
     } // setProperty(String, Object)
 
@@ -1066,8 +1067,8 @@ XSLoader, DOMConfiguration {
         fSchemaHandler.setGenerateSyntheticAnnotations(componentManager.getFeature(GENERATE_SYNTHETIC_ANNOTATIONS, false));
         fSchemaHandler.reset(componentManager);
 
-        faccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
-        faccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA);
+        faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
     }
 
     private void initGrammarBucket(){

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java

@@ -233,11 +233,9 @@ public class XMLSchemaValidator
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     protected static final String USE_SERVICE_MECHANISM = Constants.ORACLE_FEATURE_SERVICE_MECHANISM;
 
@@ -297,8 +295,7 @@ public class XMLSchemaValidator
             JAXP_SCHEMA_SOURCE,
             JAXP_SCHEMA_LANGUAGE,
             SCHEMA_DV_FACTORY,
-            ACCESS_EXTERNAL_DTD,
+            XML_SECURITY_PROPERTY_MANAGER
-            ACCESS_EXTERNAL_SCHEMA
             };
 
     /** Property defaults. */

jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java

@@ -78,6 +78,7 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
@@ -112,6 +113,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
@@ -223,11 +225,9 @@ public class XSDHandler {
     protected static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
+        /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     protected static final boolean DEBUG_NODE_POOL = false;
 
@@ -260,6 +260,7 @@ public class XSDHandler {
     protected SecurityManager fSecureProcessing = null;
 
     private String fAccessExternalSchema;
+    private String fAccessExternalDTD;
 
     // These tables correspond to the symbol spaces defined in the
     // spec.
@@ -2249,6 +2250,13 @@ public class XSDHandler {
                         }
                     }
                     catch (SAXException se) {}
+
+                    try {
+                        parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                    } catch (SAXNotRecognizedException exc) {
+                        System.err.println("Warning: " + parser.getClass().getName() + ": " +
+                                exc.getMessage());
+                    }
                 }
                 // If XML names and Namespace URIs are already internalized we
                 // can avoid running them through the SymbolTable.
@@ -3580,11 +3588,17 @@ public class XSDHandler {
         } catch (XMLConfigurationException e) {
         }
 
-        //For Schema validation, the secure feature is set to true by default
+        XMLSecurityPropertyManager securityPropertyMgr = (XMLSecurityPropertyManager)
-        fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
+                componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
-                componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
+        //Passing on the setting to the parser
-        fAccessExternalSchema = (String) componentManager.getProperty(
+        fSchemaParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, securityPropertyMgr);
-                ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+
+        fAccessExternalDTD = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
+
+        fAccessExternalSchema = securityPropertyMgr.getValue(
+                XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
+
     } // reset(XMLComponentManager)
 
 

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java

@@ -37,6 +37,9 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
 import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
 import com.sun.org.apache.xerces.internal.parsers.DOMParser;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -97,12 +100,17 @@ public class DocumentBuilderImpl extends DocumentBuilder
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** property identifier: access external dtd. */
     public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
 
     /** Property identifier: access to external schema */
     public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
+
     private final DOMParser domParser;
     private final Schema grammar;
 
@@ -117,6 +125,8 @@ public class DocumentBuilderImpl extends DocumentBuilder
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     DocumentBuilderImpl(DocumentBuilderFactoryImpl dbf, Hashtable dbfAttrs, Hashtable features)
         throws SAXNotRecognizedException, SAXNotSupportedException {
         this(dbf, dbfAttrs, features, false);
@@ -160,23 +170,27 @@ public class DocumentBuilderImpl extends DocumentBuilder
             domParser.setFeature(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
 
             /**
-             * By default, secure processing is set, no external access is allowed.
+             * If secure processing is explicitly set on the factory, the
-             * However, we need to check if it is actively set on the factory since we
+             * access properties will be set unless the corresponding
-             * allow the use of the System Property or jaxp.properties to override
+             * System Properties or jaxp.properties are set
-             * the default value
              */
             if (features != null) {
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
-                        domParser.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
-                        domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_SCHEMA,
+                                State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
                     }
                 }
             }
@@ -220,7 +234,7 @@ public class DocumentBuilderImpl extends DocumentBuilder
             setFeatures(features);
         }
 
-        // Set attributes
+        //setAttribute override those that may be set by other means
         setDocumentBuilderFactoryAttributes(dbfAttrs);
 
         // Initial EntityResolver
@@ -275,26 +289,32 @@ public class DocumentBuilderImpl extends DocumentBuilder
                             // spec when schema validation is enabled
                             domParser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
                         }
-                    }
+                     }
-                        } else if(JAXP_SCHEMA_SOURCE.equals(name)){
+                 } else if(JAXP_SCHEMA_SOURCE.equals(name)){
-                        if( isValidating() ) {
+                    if( isValidating() ) {
-                                                String value=(String)dbfAttrs.get(JAXP_SCHEMA_LANGUAGE);
+                        String value=(String)dbfAttrs.get(JAXP_SCHEMA_LANGUAGE);
-                                                if(value !=null && W3C_XML_SCHEMA.equals(value)){
+                        if(value !=null && W3C_XML_SCHEMA.equals(value)){
-                                        domParser.setProperty(name, val);
+                            domParser.setProperty(name, val);
-                                                }else{
+                        }else{
                             throw new IllegalArgumentException(
                                 DOMMessageFormatter.formatMessage(DOMMessageFormatter.DOM_DOMAIN,
                                 "jaxp-order-not-supported",
                                 new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
-                                                }
-                                        }
-                } else {
-                    // Let Xerces code handle the property
-                    domParser.setProperty(name, val);
-                                }
                         }
-                }
+                     }
+                  } else {
+                    int index = fSecurityPropertyMgr.getIndex(name);
+                    if (index > -1) {
+                        fSecurityPropertyMgr.setValue(index,
+                                XMLSecurityPropertyManager.State.APIPROPERTY, (String)val);
+                    } else {
+                        // Let Xerces code handle the property
+                        domParser.setProperty(name, val);
+                    }
+                  }
+             }
         }
+    }
 
     /**
      * Non-preferred: use the getDOMImplementation() method instead of this

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java

@@ -36,6 +36,7 @@ import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -92,11 +93,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     private final JAXPSAXParser xmlReader;
     private String schemaLanguage = null;     // null means DTD
@@ -113,6 +112,8 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /**
      * Create a SAX parser with the associated features
      * @param features Hashtable of SAX features, may be null
@@ -149,6 +150,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
             xmlReader.setFeature0(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
@@ -162,9 +166,12 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
                     }
                 }
             }
@@ -530,14 +537,21 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                     return;
                 }
             }
-            if (!fInitProperties.containsKey(name)) {
-                fInitProperties.put(name, super.getProperty(name));
-            }
             /** Forward property to the schema validator if there is one. **/
             if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
                 setSchemaValidatorProperty(name, value);
             }
-            super.setProperty(name, value);
+            /** Check to see if the property is managed by the property manager **/
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSAXParser.fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            } else {
+                if (!fInitProperties.containsKey(name)) {
+                    fInitProperties.put(name, super.getProperty(name));
+                }
+                super.setProperty(name, value);
+            }
         }
 
         public synchronized Object getProperty(String name)
@@ -550,6 +564,11 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
                 // JAXP 1.2 support
                 return fSAXParser.schemaLanguage;
             }
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
+            }
+
             return super.getProperty(name);
         }
 

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java

@@ -177,11 +177,11 @@ final class StreamValidatorHelper implements ValidatorHelper {
         }
         config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
         config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
-        config.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
         config.setDocumentHandler(fSchemaValidator);
         config.setDTDHandler(null);
         config.setDTDContentModelHandler(null);
+        config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
+                fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
         fConfiguration = new SoftReference(config);
         return config;
     }

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java

@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.URI;
 import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.QName;
@@ -134,6 +135,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
     private static final String VALIDATION_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     //
     // Data
     //
@@ -686,8 +691,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
                                catch (SAXException exc) {}
                            }
                            try {
+                               XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                                       fComponentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
                                reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
-                                      fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
+                                       spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD));
                            } catch (SAXException exc) {
                                System.err.println("Warning: " + reader.getClass().getName() + ": " +
                                       exc.getMessage());

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java

@@ -45,7 +45,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.StAXInputSource;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@@ -83,11 +83,10 @@ public final class XMLSchemaFactory extends SchemaFactory {
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
+    /** Property identifier: Security property manager. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema  */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     //
     // Data
@@ -111,6 +110,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
     /** The SecurityManager. */
     private SecurityManager fSecurityManager;
 
+    /** The Security property manager. */
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /** The container for the real grammar pool. */
     private XMLGrammarPoolWrapper fXMLGrammarPoolWrapper;
 
@@ -120,6 +122,8 @@ public final class XMLSchemaFactory extends SchemaFactory {
      * Note the default value (false) is the safe option..
      */
     private final boolean fUseServicesMechanism;
+
+
     public XMLSchemaFactory() {
         this(true);
     }
@@ -140,13 +144,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
         fSecurityManager = new SecurityManager();
         fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
 
-        //by default, the secure feature is set to true, otherwise the default would have been 'file'
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
-        String accessExternal = SecuritySupport.getDefaultAccessProperty(
+        fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+                fSecurityPropertyMgr);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
-        accessExternal = SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     /**
@@ -282,6 +282,7 @@ public final class XMLSchemaFactory extends SchemaFactory {
             schema = new EmptyXMLSchema();
         }
         propagateFeatures(schema);
+        propagateProperties(schema);
         return schema;
     }
 
@@ -366,8 +367,13 @@ public final class XMLSchemaFactory extends SchemaFactory {
             }
             if (value) {
                 fSecurityManager = new SecurityManager();
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
-                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                if (Constants.IS_JDK8_OR_ABOVE) {
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                            XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                }
             } else {
                 fSecurityManager = null;
             }
@@ -414,7 +420,13 @@ public final class XMLSchemaFactory extends SchemaFactory {
                     "property-not-supported", new Object [] {name}));
         }
         try {
-            fXMLSchemaLoader.setProperty(name, object);
+            int index = fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSecurityPropertyMgr.setValue(index,
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)object);
+            } else {
+                fXMLSchemaLoader.setProperty(name, object);
+            }
         }
         catch (XMLConfigurationException e) {
             String identifier = e.getIdentifier();

jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java

@@ -42,6 +42,7 @@ import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
@@ -107,6 +108,10 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
+    /** Property identifier: security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     /** Property identifier: symbol table. */
     private static final String SYMBOL_TABLE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY;
@@ -123,12 +128,6 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     private static final String LOCALE =
         Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
-    /** Property identifier: access to external schema  */
-    private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
-
     //
     // Data
     //
@@ -184,6 +183,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
     /** Stores the initial security manager. */
     private final SecurityManager fInitSecurityManager;
 
+    /** Stores the initial security property manager. */
+    private final XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     //
     // User Objects
     //
@@ -250,8 +252,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
         fComponents.put(SECURITY_MANAGER, fInitSecurityManager);
 
         //pass on properties set on SchemaFactory
-        setProperty(ACCESS_EXTERNAL_DTD, grammarContainer.getProperty(ACCESS_EXTERNAL_DTD));
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
-        setProperty(ACCESS_EXTERNAL_SCHEMA, grammarContainer.getProperty(ACCESS_EXTERNAL_SCHEMA));
+                grammarContainer.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
+        setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
     }
 
     /**
@@ -309,6 +312,15 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
                 throw new XMLConfigurationException(Status.NOT_ALLOWED, XMLConstants.FEATURE_SECURE_PROCESSING);
             }
             setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
+
+            if (value && Constants.IS_JDK8_OR_ABOVE) {
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+                        XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+            }
+
             return;
         }
         fConfigUpdated = true;

jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java

@@ -29,6 +29,7 @@ import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper;
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
@@ -74,6 +75,10 @@ public class DOMParser
     protected static final String REPORT_WHITESPACE =
             Constants.SUN_SCHEMA_FEATURE_PREFIX + Constants.SUN_REPORT_IGNORED_ELEMENT_CONTENT_WHITESPACE;
 
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
+
     // recognized features:
     private static final String[] RECOGNIZED_FEATURES = {
         REPORT_WHITESPACE
@@ -579,6 +584,13 @@ public class DOMParser
        }
 
         try {
+            XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
+                    fConfiguration.getProperty(XML_SECURITY_PROPERTY_MANAGER);
+            int index = spm.getIndex(propertyId);
+            if (index > -1) {
+                return spm.getValueByIndex(index);
+            }
+
             return fConfiguration.getProperty(propertyId);
         }
         catch (XMLConfigurationException e) {

jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java

@@ -22,8 +22,11 @@ package com.sun.org.apache.xerces.internal.parsers;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
 
 /**
  * This is the main Xerces SAX parser class. It uses the abstract SAX
@@ -120,4 +123,24 @@ public class SAXParser
 
     } // <init>(SymbolTable,XMLGrammarPool)
 
+    /**
+     * Sets the particular property in the underlying implementation of
+     * org.xml.sax.XMLReader.
+     */
+    public void setProperty(String name, Object value)
+        throws SAXNotRecognizedException, SAXNotSupportedException {
+        XMLSecurityPropertyManager spm = new XMLSecurityPropertyManager();
+        int index = spm.getIndex(name);
+        if (index > -1) {
+            /**
+             * this is a direct call to this parser, not a subclass since
+             * internally the support of this property is done through
+             * XMLSecurityPropertyManager
+             */
+            spm.setValue(index, XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+            super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, spm);
+        } else {
+            super.setProperty(name, value);
+        }
+    }
 } // class SAXParser

jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java

@@ -20,12 +20,10 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
-import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Locale;
-import java.util.Properties;
 import javax.xml.XMLConstants;
 
 import com.sun.org.apache.xerces.internal.impl.Constants;
@@ -53,9 +51,8 @@ import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.FeatureState;
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
-import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@@ -278,11 +275,10 @@ public class XML11Configuration extends ParserConfigurationSettings
     protected static final String SCHEMA_DV_FACTORY =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
 
-    /** Property identifier: access to external dtd */
+    /** Property identifier: Security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema */
-    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
 
     // debugging
 
@@ -535,8 +531,7 @@ public class XML11Configuration extends ParserConfigurationSettings
                 SCHEMA_NONS_LOCATION,
                 LOCALE,
                 SCHEMA_DV_FACTORY,
-                ACCESS_EXTERNAL_DTD,
+                XML_SECURITY_PROPERTY_MANAGER
-                ACCESS_EXTERNAL_SCHEMA
         };
         addRecognizedProperties(recognizedProperties);
 
@@ -584,14 +579,7 @@ public class XML11Configuration extends ParserConfigurationSettings
 
         fVersionDetector = new XMLVersionDetector();
 
-        //FEATURE_SECURE_PROCESSING is true, see the feature above
+        fProperties.put(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
-        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_DTD, accessExternal);
-
-        accessExternal =  SecuritySupport.getDefaultAccessProperty(
-                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
-        fProperties.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
 
         // add message formatters
         if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {

jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java

@@ -223,7 +223,8 @@ public final class SecuritySupport {
      * @return the name of the protocol if rejected, null otherwise
      */
     public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
-        if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+        if (systemId == null || (allowedProtocols != null &&
+                allowedProtocols.equalsIgnoreCase(accessAny))) {
             return null;
         }
 
@@ -256,6 +257,9 @@ public final class SecuritySupport {
      * @return true if the protocol is in the list
      */
     private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+         if (allowedProtocols == null) {
+             return false;
+         }
          String temp[] = allowedProtocols.split(",");
          for (String t : temp) {
              t = t.trim();
@@ -267,18 +271,16 @@ public final class SecuritySupport {
      }
 
     /**
-     * Read from $java.home/lib/jaxp.properties for the specified property
+     * Read JAXP system property in this order: system property,
+     * $java.home/lib/jaxp.properties if the system property is not specified
      *
      * @param propertyId the Id of the property
      * @return the value of the property
      */
-    public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
+    public static String getJAXPSystemProperty(String sysPropertyId) {
-        String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+        String accessExternal = getSystemProperty(sysPropertyId);
         if (accessExternal == null) {
             accessExternal = readJAXPProperty(sysPropertyId);
-            if (accessExternal == null) {
-                accessExternal = defaultVal;
-            }
         }
         return accessExternal;
     }

jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java

@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xerces.internal.utils;
+
+import com.sun.org.apache.xerces.internal.impl.Constants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+    /**
+     * States of the settings of a property, in the order: default value, value
+     * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+     * properties, and jaxp api properties
+     */
+    public static enum State {
+        //this order reflects the overriding order
+        DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+    }
+
+    /**
+     * Limits managed by the security manager
+     */
+    public static enum Property {
+        ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+                Constants.EXTERNAL_ACCESS_DEFAULT),
+        ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA,
+                Constants.EXTERNAL_ACCESS_DEFAULT);
+
+        final String name;
+        final String defaultValue;
+
+        Property(String name, String value) {
+            this.name = name;
+            this.defaultValue = value;
+        }
+
+        public boolean equalsName(String propertyName) {
+            return (propertyName == null) ? false : name.equals(propertyName);
+        }
+
+        String defaultValue() {
+            return defaultValue;
+        }
+    }
+
+    /**
+     * Values of the properties as defined in enum Properties
+     */
+    private final String[] values;
+    /**
+     * States of the settings for each property in Properties above
+     */
+    private State[] states = {State.DEFAULT, State.DEFAULT};
+
+    /**
+     * Default constructor. Establishes default values
+     */
+    public XMLSecurityPropertyManager() {
+        values = new String[Property.values().length];
+        for (Property property : Property.values()) {
+            values[property.ordinal()] = property.defaultValue();
+        }
+        //read system properties or jaxp.properties
+        readSystemProperties();
+    }
+
+    /**
+     * Set the value for a specific property.
+     *
+     * @param property the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(Property property, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[property.ordinal()]) >= 0) {
+            values[property.ordinal()] = value;
+            states[property.ordinal()] = state;
+        }
+    }
+
+    /**
+     * Set the value of a property by its index
+     * @param index the index of the property
+     * @param state the state of the property
+     * @param value the value of the property
+     */
+    public void setValue(int index, State state, String value) {
+        //only update if it shall override
+        if (state.compareTo(states[index]) >= 0) {
+            values[index] = value;
+            states[index] = state;
+        }
+    }
+    /**
+     * Return the value of the specified property
+     *
+     * @param property the property
+     * @return the value of the property
+     */
+    public String getValue(Property property) {
+        return values[property.ordinal()];
+    }
+
+    /**
+     * Return the value of a property by its ordinal
+     * @param index the index of a property
+     * @return value of a property
+     */
+    public String getValueByIndex(int index) {
+        return values[index];
+    }
+
+    /**
+     * Get the index by property name
+     * @param propertyName property name
+     * @return the index of the property if found; return -1 if not
+     */
+    public int getIndex(String propertyName){
+        for (Property property : Property.values()) {
+            if (property.equalsName(propertyName)) {
+                //internally, ordinal is used as index
+                return property.ordinal();
+            }
+        }
+        return -1;
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     */
+    private void readSystemProperties() {
+        getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+                Constants.SP_ACCESS_EXTERNAL_DTD);
+        getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA,
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA);
+    }
+
+    /**
+     * Read from system properties, or those in jaxp.properties
+     *
+     * @param property the property
+     * @param systemProperty the name of the system property
+     */
+    private void getSystemProperty(Property property, String systemProperty) {
+        try {
+            String value = SecuritySupport.getSystemProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.SYSTEMPROPERTY;
+                return;
+            }
+
+            value = SecuritySupport.readJAXPProperty(systemProperty);
+            if (value != null) {
+                values[property.ordinal()] = value;
+                states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+            }
+        } catch (NumberFormatException e) {
+            //invalid setting ignored
+        }
+    }
+}

jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java

@@ -68,6 +68,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerHandler;
 import com.sun.org.apache.xerces.internal.xpointer.XPointerProcessor;
 import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import java.util.Objects;
 
 /**
@@ -231,13 +232,9 @@ public class XIncludeHandler
     protected static final String PARSER_SETTINGS =
         Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
 
-    /** property identifier: access external dtd. */
+    /** property identifier: XML security property manager. */
-    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    protected static final String XML_SECURITY_PROPERTY_MANAGER =
-
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
-    /** access external dtd: file protocol
-     *  For DOM/SAX, the secure feature is set to true by default
-     */
-    final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
 
     /** Recognized features. */
     private static final String[] RECOGNIZED_FEATURES =
@@ -293,12 +290,7 @@ public class XIncludeHandler
     protected XMLErrorReporter fErrorReporter;
     protected XMLEntityResolver fEntityResolver;
     protected SecurityManager fSecurityManager;
-    /**
+    protected XMLSecurityPropertyManager fSecurityPropertyMgr;
-     * comma-delimited list of protocols that are allowed for the purpose
-     * of accessing external dtd or entity references
-     */
-    protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
-
 
     // these are needed for text include processing
     protected XIncludeTextReader fXInclude10TextReader;
@@ -540,7 +532,8 @@ public class XIncludeHandler
             fSecurityManager = null;
         }
 
-        fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+        fSecurityPropertyMgr = (XMLSecurityPropertyManager)
+                componentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER);
 
         // Get buffer size.
         try {
@@ -687,11 +680,13 @@ public class XIncludeHandler
             }
             return;
         }
-        if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+        if (propertyId.equals(XML_SECURITY_PROPERTY_MANAGER)) {
-            fAccessExternalDTD = (String)value;
+            fSecurityPropertyMgr = (XMLSecurityPropertyManager)value;
+
             if (fChildConfig != null) {
-                fChildConfig.setProperty(propertyId, value);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, value);
             }
+
             return;
         }
 
@@ -1652,7 +1647,7 @@ public class XIncludeHandler
                 if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
                 if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
                 fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
-                fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
+                fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
                 fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
 
                 // features must be copied to child configuration

jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java

@@ -140,12 +140,6 @@ public class XMLReaderManager {
                     // Try to carry on if we've got a parser that
                     // doesn't know about namespace prefixes.
                 }
-                try {
-                    reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
-                } catch (SAXException se) {
-                    System.err.println("Warning:  " + reader.getClass().getName() + ": "
-                                + se.getMessage());
-                }
             } catch (ParserConfigurationException ex) {
                 throw new SAXException(ex);
             } catch (FactoryConfigurationError ex1) {
@@ -162,6 +156,14 @@ public class XMLReaderManager {
             }
         }
 
+        try {
+            //reader is cached, but this property might have been reset
+            reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
+        } catch (SAXException se) {
+            System.err.println("Warning:  " + reader.getClass().getName() + ": "
+                        + se.getMessage());
+        }
+
         return reader;
     }
 

jaxws/.hgtags

@@ -220,3 +220,4 @@ a0f604766ca14818e2a7b1558cc399499caabf75 jdk8-b92
 690d34b326bc78a6f5f225522695b41c7f7f70e8 jdk8-b96
 dcde7f049111353ad23175f54985a4f6bfea720c jdk8-b97
 b1fb4612a2caea52b5661b87509e560fa044b194 jdk8-b98
+8ef83d4b23c933935e28f59b282cea920b1b1f5f jdk8-b99

jdk/.hgtags

@@ -220,3 +220,4 @@ a2a2a91075ad85becbe10a39d7fd04ef9bea8df5 jdk8-b92
 4a5d3cf2b3af1660db0237e8da324c140e534fa4 jdk8-b96
 978a95239044f26dcc8a6d59246be07ad6ca6be2 jdk8-b97
 c4908732fef5235f1b98cafe0ce507771ef7892c jdk8-b98
+6a099a36589bd933957272ba63e5263bede29971 jdk8-b99

jdk/make/sun/security/pkcs11/mapfile-vers

@@ -102,7 +102,7 @@ SUNWprivate_1.1 {
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:

jdk/makefiles/mapfiles/libj2pkcs11/mapfile-vers

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -102,7 +102,7 @@ SUNWprivate_1.1 {
 		Java_sun_security_pkcs11_Secmod_nssGetLibraryHandle;
 		Java_sun_security_pkcs11_Secmod_nssLoadLibrary;
 		Java_sun_security_pkcs11_Secmod_nssVersionCheck;
-		Java_sun_security_pkcs11_Secmod_nssInit;
+		Java_sun_security_pkcs11_Secmod_nssInitialize;
 		Java_sun_security_pkcs11_Secmod_nssGetModuleList;
 
 	local:

jdk/src/macosx/classes/com/apple/eawt/FullScreenHandler.java

@@ -32,6 +32,7 @@ import java.util.List;
 import javax.swing.RootPaneContainer;
 
 import com.apple.eawt.AppEvent.FullScreenEvent;
+import sun.awt.SunToolkit;
 
 import java.lang.annotation.Native;
 
@@ -75,7 +76,7 @@ final class FullScreenHandler {
     static void handleFullScreenEventFromNative(final Window window, final int type) {
         if (!(window instanceof RootPaneContainer)) return; // handles null
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final FullScreenHandler handler = getHandlerFor((RootPaneContainer)window);
                 if (handler != null) handler.notifyListener(new FullScreenEvent(window), type);

jdk/src/macosx/classes/com/apple/eawt/_AppEventHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,8 @@ import java.io.File;
 import java.net.*;
 import java.util.*;
 import java.util.List;
+import sun.awt.AppContext;
+import sun.awt.SunToolkit;
 
 import com.apple.eawt.AppEvent.*;
 
@@ -269,11 +271,9 @@ class _AppEventHandler {
     }
 
     class _AppReOpenedDispatcher extends _AppEventMultiplexor<AppReOpenedListener> {
-        void performOnListeners(final List<AppReOpenedListener> listeners, final _NativeEvent event) {
+        void performOnListener(AppReOpenedListener listener, final _NativeEvent event) {
             final AppReOpenedEvent e = new AppReOpenedEvent();
-            for (final AppReOpenedListener listener : listeners) {
+            listener.appReOpened(e);
-                listener.appReOpened(e);
-            }
         }
     }
 
@@ -415,50 +415,67 @@ class _AppEventHandler {
     }
 
     abstract class _AppEventMultiplexor<L> {
-        final List<L> _listeners = new ArrayList<L>(0);
+        private final Map<L, AppContext> listenerToAppContext =
+                new IdentityHashMap<L, AppContext>();
         boolean nativeListenerRegistered;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event, final Object... args) {
-            // grab a local ref to the listeners
+            // grab a local ref to the listeners and its contexts as an array of the map's entries
-            final List<L> localListeners;
+            final ArrayList<Map.Entry<L, AppContext>> localEntries;
             synchronized (this) {
-                if (_listeners.size() == 0) return;
+                if (listenerToAppContext.size() == 0) {
-                localListeners = new ArrayList<L>(_listeners);
+                    return;
+                }
+                localEntries = new ArrayList<Map.Entry<L, AppContext>>(listenerToAppContext.size());
+                localEntries.addAll(listenerToAppContext.entrySet());
             }
 
-            EventQueue.invokeLater(new Runnable() {
+            for (final Map.Entry<L, AppContext> e : localEntries) {
-                public void run() {
+                final L listener = e.getKey();
-                    performOnListeners(localListeners, event);
+                final AppContext listenerContext = e.getValue();
-                }
+                SunToolkit.invokeLaterOnAppContext(listenerContext, new Runnable() {
-            });
+                    public void run() {
+                        performOnListener(listener, event);
+                    }
+                });
+            }
         }
 
         synchronized void addListener(final L listener) {
+            setListenerContext(listener, AppContext.getAppContext());
+
             if (!nativeListenerRegistered) {
                 registerNativeListener();
                 nativeListenerRegistered = true;
             }
-            _listeners.add(listener);
         }
 
         synchronized void removeListener(final L listener) {
-            _listeners.remove(listener);
+            listenerToAppContext.remove(listener);
         }
 
-        abstract void performOnListeners(final List<L> listeners, final _NativeEvent event);
+        abstract void performOnListener(L listener, final _NativeEvent event);
         void registerNativeListener() { }
+
+        private void setListenerContext(L listener, AppContext listenerContext) {
+            if (listenerContext == null) {
+                throw new RuntimeException(
+                        "Attempting to add a listener from a thread group without AppContext");
+            }
+            listenerToAppContext.put(listener, AppContext.getAppContext());
+        }
     }
 
     abstract class _BooleanAppEventMultiplexor<L, E> extends _AppEventMultiplexor<L> {
         @Override
-        void performOnListeners(final List<L> listeners, final _NativeEvent event) {
+        void performOnListener(L listener, final _NativeEvent event) {
             final boolean isTrue = Boolean.TRUE.equals(event.get(0));
             final E e = createEvent(isTrue);
             if (isTrue) {
-                for (final L listener : listeners) performTrueEventOn(listener, e);
+                performTrueEventOn(listener, e);
             } else {
-                for (final L listener : listeners) performFalseEventOn(listener, e);
+                performFalseEventOn(listener, e);
             }
         }
 
@@ -479,30 +496,34 @@ class _AppEventHandler {
      */
     abstract class _AppEventDispatcher<H> {
         H _handler;
+        AppContext handlerContext;
 
         // called from AppKit Thread-0
         void dispatch(final _NativeEvent event) {
-            EventQueue.invokeLater(new Runnable() {
+            // grab a local ref to the handler
-                public void run() {
+            final H localHandler;
-                    // grab a local ref to the handler
+            final AppContext localHandlerContext;
-                    final H localHandler;
+            synchronized (_AppEventDispatcher.this) {
-                    synchronized (_AppEventDispatcher.this) {
+                localHandler = _handler;
-                        localHandler = _handler;
+                localHandlerContext = handlerContext;
-                    }
+            }
 
-                    // invoke the handler outside of the synchronized block
+            if (localHandler == null) {
-                    if (localHandler == null) {
+                performDefaultAction(event);
-                        performDefaultAction(event);
+            } else {
-                    } else {
+                SunToolkit.invokeLaterOnAppContext(localHandlerContext, new Runnable() {
+                    public void run() {
                         performUsing(localHandler, event);
                     }
-                }
+                });
-            });
+            }
         }
 
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // if a new handler is installed, block addition of legacy ApplicationListeners
             if (handler == legacyHandler) return;
             legacyHandler.blockLegacyAPI();
@@ -510,6 +531,15 @@ class _AppEventHandler {
 
         void performDefaultAction(final _NativeEvent event) { } // by default, do nothing
         abstract void performUsing(final H handler, final _NativeEvent event);
+
+        protected void setHandlerContext(AppContext ctx) {
+            if (ctx == null) {
+                throw new RuntimeException(
+                        "Attempting to set a handler from a thread group without AppContext");
+            }
+
+            handlerContext = ctx;
+        }
     }
 
     abstract class _QueuingAppEventDispatcher<H> extends _AppEventDispatcher<H> {
@@ -531,6 +561,8 @@ class _AppEventHandler {
         synchronized void setHandler(final H handler) {
             this._handler = handler;
 
+            setHandlerContext(AppContext.getAppContext());
+
             // dispatch any events in the queue
             if (queuedEvents != null) {
                 // grab a local ref to the queue, so the real one can be nulled out

jdk/src/macosx/classes/com/apple/eawt/event/GestureHandler.java

@@ -25,6 +25,8 @@
 
 package com.apple.eawt.event;
 
+import sun.awt.SunToolkit;
+
 import java.awt.*;
 import java.util.*;
 import java.util.List;
@@ -70,7 +72,7 @@ final class GestureHandler {
     static void handleGestureFromNative(final Window window, final int type, final double x, final double y, final double a, final double b) {
         if (window == null) return; // should never happen...
 
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(window, new Runnable() {
             public void run() {
                 final Component component = SwingUtilities.getDeepestComponentAt(window, (int)x, (int)y);
 

jdk/src/macosx/classes/com/apple/laf/ScreenMenu.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.util.Hashtable;
 
 import javax.swing.*;
 
+import sun.awt.SunToolkit;
 import sun.lwawt.LWToolkit;
 import sun.lwawt.macosx.*;
 
@@ -144,7 +145,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
                     updateItems();
                     fItemBounds = new Rectangle[invoker.getMenuComponentCount()];
                 }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             System.err.println(e);
             e.printStackTrace();
@@ -172,7 +173,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
 
             fItemBounds = null;
     }
-            }, null);
+            }, invoker);
         } catch (final Exception e) {
             e.printStackTrace();
         }
@@ -200,7 +201,7 @@ class ScreenMenu extends Menu implements ContainerListener, ComponentListener, S
         if (kind == 0) return;
         if (fItemBounds == null) return;
 
-        SwingUtilities.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(fInvoker, new Runnable() {
             @Override
             public void run() {
                 Component target = null;

jdk/src/macosx/classes/sun/lwawt/macosx/CCheckboxMenuItem.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@ public class CCheckboxMenuItem extends CMenuItem implements CheckboxMenuItemPeer
 
     public void handleAction(final boolean state) {
         final CheckboxMenuItem target = (CheckboxMenuItem)getTarget();
-        EventQueue.invokeLater(new Runnable() {
+        SunToolkit.executeOnEventHandlerThread(target, new Runnable() {
             public void run() {
                 target.setState(state);
             }

jdk/src/macosx/classes/sun/lwawt/macosx/CDragSourceContextPeer.java

@@ -107,10 +107,6 @@ public final class CDragSourceContextPeer extends SunDragSourceContextPeer {
             loc = rootComponent.getLocation();
         }
 
-        //It sure will be LWComponentPeer instance as rootComponent is a Window
-        PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
-        long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
-
         // If there isn't any drag image make one of default appearance:
         if (fDragImage == null)
             this.setDefaultDragImage(component);
@@ -137,6 +133,11 @@ public final class CDragSourceContextPeer extends SunDragSourceContextPeer {
         }
 
         try {
+            //It sure will be LWComponentPeer instance as rootComponent is a Window
+            PlatformWindow platformWindow = ((LWComponentPeer)rootComponent.getPeer()).getPlatformWindow();
+            long nativeViewPtr = CPlatformWindow.getNativeViewPtr(platformWindow);
+            if (nativeViewPtr == 0L) throw new InvalidDnDOperationException("Unsupported platform window implementation");
+
             // Create native dragging source:
             final long nativeDragSource = createNativeDragSource(component, nativeViewPtr, transferable, triggerEvent,
                 (int) (dragOrigin.getX()), (int) (dragOrigin.getY()), extModifiers,

jdk/src/macosx/classes/sun/lwawt/macosx/CDropTarget.java

@@ -52,6 +52,8 @@ public final class CDropTarget {
         fPeer = peer;
 
         long nativePeer = CPlatformWindow.getNativeViewPtr(((LWComponentPeer) peer).getPlatformWindow());
+        if (nativePeer == 0L) return; // Unsupported for a window without a native view (plugin)
+
         // Create native dragging destination:
         fNativeDropTarget = this.createNativeDropTarget(dropTarget, component, peer, nativePeer);
         if (fNativeDropTarget == 0) {

jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java

@@ -479,12 +479,14 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
             deliverZoom(true);
 
             this.normalBounds = peer.getBounds();
-            long screen = CWrapper.NSWindow.screen(getNSWindowPtr());
+
-            Rectangle toBounds = CWrapper.NSScreen.visibleFrame(screen).getBounds();
+            GraphicsConfiguration config = getPeer().getGraphicsConfiguration();
-            // Flip the y coordinate
+            Insets i = ((CGraphicsDevice)config.getDevice()).getScreenInsets();
-            Rectangle frame = CWrapper.NSScreen.frame(screen).getBounds();
+            Rectangle toBounds = config.getBounds();
-            toBounds.y = frame.height - toBounds.y - toBounds.height;
+            setBounds(toBounds.x + i.left,
-            setBounds(toBounds.x, toBounds.y, toBounds.width, toBounds.height);
+                      toBounds.y + i.top,
+                      toBounds.width - i.left - i.right,
+                      toBounds.height - i.top - i.bottom);
         }
     }
 
@@ -751,13 +753,7 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
         // the move/size notification from the underlying system comes
         // but it contains a bounds smaller than the whole screen
         // and therefore we need to create the synthetic notifications
-        Rectangle screenBounds;
+        Rectangle screenBounds = getPeer().getGraphicsConfiguration().getBounds();
-        final long screenPtr = CWrapper.NSWindow.screen(getNSWindowPtr());
-        try {
-            screenBounds = CWrapper.NSScreen.frame(screenPtr).getBounds();
-        } finally {
-            CWrapper.NSObject.release(screenPtr);
-        }
         peer.notifyReshape(screenBounds.x, screenBounds.y, screenBounds.width,
                            screenBounds.height);
     }
@@ -900,8 +896,6 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
             nativePeer = ((CPlatformWindow) platformWindow).getContentView().getAWTView();
         } else if (platformWindow instanceof CViewPlatformEmbeddedFrame){
             nativePeer = ((CViewPlatformEmbeddedFrame) platformWindow).getNSViewPtr();
-        } else {
-            throw new IllegalArgumentException("Unsupported platformWindow implementation");
         }
         return nativePeer;
     }
@@ -932,25 +926,19 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
 
         final Rectangle oldB = nativeBounds;
         nativeBounds = new Rectangle(x, y, width, height);
-        final GraphicsConfiguration oldGC = peer.getGraphicsConfiguration();
-
-        final GraphicsConfiguration newGC = peer.getGraphicsConfiguration();
-        // System-dependent appearance optimization.
         if (peer != null) {
             peer.notifyReshape(x, y, width, height);
-        }
+            // System-dependent appearance optimization.
-
+            if ((byUser && !oldB.getSize().equals(nativeBounds.getSize()))
-        if ((byUser && !oldB.getSize().equals(nativeBounds.getSize()))
+                    || isFullScreenAnimationOn) {
-            || isFullScreenAnimationOn || !Objects.equals(newGC, oldGC)) {
+                flushBuffers();
-            flushBuffers();
+            }
         }
     }
 
     private void deliverWindowClosingEvent() {
-        if (peer != null) {
+        if (peer != null && peer.getBlocker() == null) {
-            if (peer.getBlocker() == null)  {
+            peer.postEvent(new WindowEvent(target, WindowEvent.WINDOW_CLOSING));
-                peer.postEvent(new WindowEvent(target, WindowEvent.WINDOW_CLOSING));
-            }
         }
     }
 

jdk/src/macosx/classes/sun/lwawt/macosx/CViewEmbeddedFrame.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,7 +96,7 @@ public class CViewEmbeddedFrame extends EmbeddedFrame {
                     validate();
                     setVisible(true);
                 }
-            }, null);
+            }, this);
         } catch (InterruptedException | InvocationTargetException ex) {}
     }
 }

jdk/src/macosx/classes/sun/lwawt/macosx/CWrapper.java

@@ -71,8 +71,6 @@ public final class CWrapper {
         public static native void zoom(long window);
 
         public static native void makeFirstResponder(long window, long responder);
-
-        public static native long screen(long window);
     }
 
     public static final class NSView {
@@ -95,12 +93,6 @@ public final class CWrapper {
         public static native void release(long object);
     }
 
-    public static final class NSScreen {
-        public static native Rectangle2D frame(long screen);
-        public static native Rectangle2D visibleFrame(long screen);
-        public static native long screenByDisplayId(int displayID);
-    }
-
     public static final class NSColor {
         public static native long clearColor();
     }

jdk/src/macosx/native/sun/awt/CMenuItem.m

@@ -82,8 +82,13 @@ JNF_COCOA_ENTER(env);
         // keys, so we need to do the same translation here that we do
         // for the regular key down events
         if ([eventKey length] == 1) {
-            unichar ch =  NsCharToJavaChar([eventKey characterAtIndex:0], 0);
+            unichar origChar = [eventKey characterAtIndex:0];
-            eventKey = [NSString stringWithCharacters: &ch length: 1];
+            unichar newChar =  NsCharToJavaChar(origChar, 0);
+            if (newChar == java_awt_event_KeyEvent_CHAR_UNDEFINED) {
+                newChar = origChar;
+            }
+
+            eventKey = [NSString stringWithCharacters: &newChar length: 1];
         }
 
         if ([menuKey isEqualToString:eventKey]) {

jdk/src/macosx/native/sun/awt/CWrapper.m

@@ -396,31 +396,6 @@ JNF_COCOA_ENTER(env);
 JNF_COCOA_EXIT(env);
 }
 
-/*
- * Class:     sun_lwawt_macosx_CWrapper$NSWindow
- * Method:    screen
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSWindow_screen
-(JNIEnv *env, jclass cls, jlong windowPtr)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env);
-
-    AWTWindow *window = (AWTWindow *)jlong_to_ptr(windowPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        const NSScreen *screen = [window screen];
-        CFRetain(screen); // GC
-        screenPtr = ptr_to_jlong(screen);
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
 /*
  * Method:    miniaturize
  * Signature: (J)V
@@ -690,92 +665,6 @@ JNF_COCOA_ENTER(env);
 JNF_COCOA_EXIT(env);
 }
 
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper$NSScreen
- * Method:    frame
- * Signature: (J)Ljava/awt/Rectangle;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_frame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen frame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    visibleFrame
- * Signature: (J)Ljava/awt/geom/Rectangle2D;
- */
-JNIEXPORT jobject JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_visibleFrame
-(JNIEnv *env, jclass cls, jlong screenPtr)
-{
-    jobject jRect = NULL;
-
-JNF_COCOA_ENTER(env);
-
-    __block NSRect rect = NSZeroRect;
-
-    NSScreen *screen = (NSScreen *)jlong_to_ptr(screenPtr);
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        rect = [screen visibleFrame];
-    }];
-
-    jRect = NSToJavaRect(env, rect);
-
-JNF_COCOA_EXIT(env);
-
-    return jRect;
-}
-
-/*
- * Class:     sun_lwawt_macosx_CWrapper_NSScreen
- * Method:    screenByDisplayId
- * Signature: (J)J
- */
-JNIEXPORT jlong JNICALL
-Java_sun_lwawt_macosx_CWrapper_00024NSScreen_screenByDisplayId
-(JNIEnv *env, jclass cls, jint displayID)
-{
-    __block jlong screenPtr = 0L;
-
-JNF_COCOA_ENTER(env); 
-
-    [ThreadUtilities performOnMainThreadWaiting:YES block:^(){
-        NSArray *screens = [NSScreen screens];
-        for (NSScreen *screen in screens) {
-            NSDictionary *screenInfo = [screen deviceDescription];
-            NSNumber *screenID = [screenInfo objectForKey:@"NSScreenNumber"];
-            if ([screenID intValue] == displayID){
-                CFRetain(screen); // GC
-                screenPtr = ptr_to_jlong(screen);
-                break;
-            }
-        }
-    }];
-
-JNF_COCOA_EXIT(env);
-
-    return screenPtr;
-}
-
 /*
  * Class:     sun_lwawt_macosx_CWrapper$NSColor
  * Method:    clearColor

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility.properties

@@ -102,7 +102,7 @@ horizontal=horizontal
 #
 # accessible actions
 #
-toggle expand=toggle expand
+toggleexpand=toggle expand
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_de.properties

@@ -102,7 +102,7 @@ horizontal=horizontal
 #
 # accessible actions
 #
-toggle expand=ein-/ausblenden
+toggleexpand=ein-/ausblenden
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_es.properties

@@ -102,7 +102,7 @@ horizontal=horizontal
 #
 # accessible actions
 #
-toggle expand=activar/desactivar ampliaci\u00F3n
+toggleexpand=activar/desactivar ampliaci\u00F3n
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_fr.properties

@@ -102,7 +102,7 @@ horizontal=horizontal
 #
 # accessible actions
 #
-toggle expand=basculer le d\u00E9veloppement
+toggleexpand=basculer le d\u00E9veloppement
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_it.properties

@@ -102,7 +102,7 @@ horizontal=orizzontale
 #
 # accessible actions
 #
-toggle expand=abilita/disabilita espansione
+toggleexpand=abilita/disabilita espansione
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ja.properties

@@ -102,7 +102,7 @@ horizontal=\u6C34\u5E73
 #
 # accessible actions
 #
-toggle expand=\u5C55\u958B\u306E\u30C8\u30B0\u30EB
+toggleexpand=\u5C55\u958B\u306E\u30C8\u30B0\u30EB
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_ko.properties

@@ -102,7 +102,7 @@ horizontal=\uAC00\uB85C
 #
 # accessible actions
 #
-toggle expand=\uD1A0\uAE00 \uD655\uC7A5
+toggleexpand=\uD1A0\uAE00 \uD655\uC7A5
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_pt_BR.properties

@@ -102,7 +102,7 @@ horizontal=horizontal
 #
 # accessible actions
 #
-toggle expand=alternar expans\u00E3o
+toggleexpand=alternar expans\u00E3o
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_sv.properties

@@ -102,7 +102,7 @@ horizontal=horisontell
 #
 # accessible actions
 #
-toggle expand=v\u00E4xla ut\u00F6ka
+toggleexpand=v\u00E4xla ut\u00F6ka
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_CN.properties

@@ -102,7 +102,7 @@ horizontal=\u6C34\u5E73
 #
 # accessible actions
 #
-toggle expand=\u5207\u6362\u5C55\u5F00
+toggleexpand=\u5207\u6362\u5C55\u5F00
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/accessibility/internal/resources/accessibility_zh_TW.properties

@@ -102,7 +102,7 @@ horizontal=\u6C34\u5E73
 #
 # accessible actions
 #
-toggle expand=\u5207\u63DB\u64F4\u5C55
+toggleexpand=\u5207\u63DB\u64F4\u5C55
 
 # new relations, roles and states for J2SE 1.5.0
 

jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import javax.crypto.spec.DESKeySpec;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES key factory of the Sun provider.
@@ -60,20 +61,22 @@ public final class DESKeyFactory extends SecretKeyFactorySpi {
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESKey desKey = null;
 
         try {
-            if (!(keySpec instanceof DESKeySpec)) {
+            if (keySpec instanceof DESKeySpec) {
-                throw new InvalidKeySpecException
+                return new DESKey(((DESKeySpec)keySpec).getKey());
-                    ("Inappropriate key specification");
             }
-            else {
+
-                DESKeySpec desKeySpec = (DESKeySpec)keySpec;
+            if (keySpec instanceof SecretKeySpec) {
-                desKey = new DESKey(desKeySpec.getKey());
+                return new DESKey(((SecretKeySpec)keySpec).getEncoded());
             }
+
+            throw new InvalidKeySpecException(
+                    "Inappropriate key specification");
+
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desKey;
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import javax.crypto.spec.DESedeKeySpec;
 import java.security.InvalidKeyException;
 import java.security.spec.KeySpec;
 import java.security.spec.InvalidKeySpecException;
+import javax.crypto.spec.SecretKeySpec;
 
 /**
  * This class implements the DES-EDE key factory of the Sun provider.
@@ -60,20 +61,20 @@ public final class DESedeKeyFactory extends SecretKeyFactorySpi {
      */
     protected SecretKey engineGenerateSecret(KeySpec keySpec)
         throws InvalidKeySpecException {
-        DESedeKey desEdeKey = null;
 
         try {
             if (keySpec instanceof DESedeKeySpec) {
-                DESedeKeySpec desEdeKeySpec = (DESedeKeySpec)keySpec;
+                return new DESedeKey(((DESedeKeySpec)keySpec).getKey());
-                desEdeKey = new DESedeKey(desEdeKeySpec.getKey());
-
-            } else {
-                throw new InvalidKeySpecException
-                    ("Inappropriate key specification");
             }
+            if (keySpec instanceof SecretKeySpec) {
+                return new DESedeKey(((SecretKeySpec)keySpec).getEncoded());
+
+            }
+            throw new InvalidKeySpecException
+                ("Inappropriate key specification");
         } catch (InvalidKeyException e) {
+            throw new InvalidKeySpecException(e.getMessage());
         }
-        return desEdeKey;
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -83,7 +83,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -118,7 +118,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
         } catch (InvalidKeyException e) {
             throw new InvalidKeySpecException
-                ("Inappropriate key specification");
+                ("Inappropriate key specification", e);
         }
     }
 
@@ -227,7 +227,7 @@ public final class DHKeyFactory extends KeyFactorySpi {
             }
 
         } catch (InvalidKeySpecException e) {
-            throw new InvalidKeyException("Cannot translate key");
+            throw new InvalidKeyException("Cannot translate key", e);
         }
     }
 }

jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java

@@ -167,15 +167,16 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
         BigInteger pMinus2 = p.subtract(BigInteger.valueOf(2));
 
         //
-        // Handbook of Applied Cryptography:  Menezes, et.al.
+        // PKCS#3 section 7.1 "Private-value generation"
-        // Repeat if the following does not hold:
+        // Repeat if either of the followings does not hold:
-        //     1 <= x <= p-2
+        //     0 < x < p-1
+        //     2^(lSize-1) <= x < 2^(lSize)
         //
         do {
             // generate random x up to 2^lSize bits long
             x = new BigInteger(lSize, random);
         } while ((x.compareTo(BigInteger.ONE) < 0) ||
-            ((x.compareTo(pMinus2) > 0)));
+            ((x.compareTo(pMinus2) > 0)) || (x.bitLength() != lSize));
 
         // calculate public value y
         BigInteger y = g.modPow(x, p);

jdk/src/share/classes/com/sun/crypto/provider/DHPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.PrivateKey;
@@ -67,7 +68,7 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -179,20 +180,9 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
             this.key = val.data.getOctetString();
             parseKeyBits();
 
-            // ignore OPTIONAL attributes
-
             this.encodedKey = encodedKey.clone();
-
+        } catch (IOException | NumberFormatException e) {
-        } catch (NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
-            InvalidKeyException ike = new InvalidKeyException(
-                "Private-value length too big");
-            ike.initCause(e);
-            throw ike;
-        } catch (IOException e) {
-            InvalidKeyException ike = new InvalidKeyException(
-                "Error parsing key encoding: " + e.getMessage());
-            ike.initCause(e);
-            throw ike;
         }
     }
 
@@ -234,8 +224,9 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -273,10 +264,11 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
+        }
     }
 
     public String toString() {
@@ -312,26 +304,21 @@ javax.crypto.interfaces.DHPrivateKey, Serializable {
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
+        return Objects.hash(x, p, g);
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
+        if (this == obj) return true;
-            return true;
 
-        if (!(obj instanceof PrivateKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPrivateKey)) {
             return false;
-
+        }
-        byte[] thisEncoded = this.getEncoded();
+        javax.crypto.interfaces.DHPrivateKey other =
-        byte[] thatEncoded = ((PrivateKey)obj).getEncoded();
+                (javax.crypto.interfaces.DHPrivateKey) obj;
-
+        DHParameterSpec otherParams = other.getParams();
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        return ((this.x.compareTo(other.getX()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**

jdk/src/share/classes/com/sun/crypto/provider/DHPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.io.*;
+import java.util.Objects;
 import java.math.BigInteger;
 import java.security.KeyRep;
 import java.security.InvalidKeyException;
@@ -64,7 +65,7 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
     // the base generator
     private BigInteger g;
 
-    // the private-value length
+    // the private-value length (optional)
     private int l;
 
     private int DH_data[] = { 1, 2, 840, 113549, 1, 3, 1 };
@@ -173,13 +174,8 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
             }
 
             this.encodedKey = encodedKey.clone();
-
+        } catch (IOException | NumberFormatException e) {
-        } catch (NumberFormatException e) {
+            throw new InvalidKeyException("Error parsing key encoding", e);
-            throw new InvalidKeyException("Private-value length too big");
-
-        } catch (IOException e) {
-            throw new InvalidKeyException(
-                "Error parsing key encoding: " + e.toString());
         }
     }
 
@@ -212,8 +208,9 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
                 DerOutputStream params = new DerOutputStream();
                 params.putInteger(this.p);
                 params.putInteger(this.g);
-                if (this.l != 0)
+                if (this.l != 0) {
                     params.putInteger(this.l);
+                }
                 // wrap parameters into SEQUENCE
                 DerValue paramSequence = new DerValue(DerValue.tag_Sequence,
                                                       params.toByteArray());
@@ -253,10 +250,11 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
      * @return the key parameters
      */
     public DHParameterSpec getParams() {
-        if (this.l != 0)
+        if (this.l != 0) {
             return new DHParameterSpec(this.p, this.g, this.l);
-        else
+        } else {
             return new DHParameterSpec(this.p, this.g);
+        }
     }
 
     public String toString() {
@@ -290,26 +288,22 @@ javax.crypto.interfaces.DHPublicKey, Serializable {
      * Objects that are equal will also have the same hashcode.
      */
     public int hashCode() {
-        int retval = 0;
+        return Objects.hash(y, p, g);
-        byte[] enc = getEncoded();
-
-        for (int i = 1; i < enc.length; i++) {
-            retval += enc[i] * i;
-        }
-        return(retval);
     }
 
     public boolean equals(Object obj) {
-        if (this == obj)
+        if (this == obj) return true;
-            return true;
 
-        if (!(obj instanceof PublicKey))
+        if (!(obj instanceof javax.crypto.interfaces.DHPublicKey)) {
             return false;
+        }
 
-        byte[] thisEncoded = this.getEncoded();
+        javax.crypto.interfaces.DHPublicKey other =
-        byte[] thatEncoded = ((PublicKey)obj).getEncoded();
+            (javax.crypto.interfaces.DHPublicKey) obj;
-
+        DHParameterSpec otherParams = other.getParams();
-        return java.util.Arrays.equals(thisEncoded, thatEncoded);
+        return ((this.y.compareTo(other.getY()) == 0) &&
+                (this.p.compareTo(otherParams.getP()) == 0) &&
+                (this.g.compareTo(otherParams.getG()) == 0));
     }
 
     /**

jdk/src/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java

@@ -134,7 +134,7 @@ public class UnpackerImpl extends TLGlobals implements Pack200.Unpacker {
             } else {
                 try {
                     (new NativeUnpack(this)).run(in0, out);
-                } catch (UnsatisfiedLinkError ule) {
+                } catch (UnsatisfiedLinkError | NoClassDefFoundError ex) {
                     // failover to java implementation
                     (new DoUnpack()).run(in0, out);
                 }

jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java

@@ -52,6 +52,7 @@ import javax.management.NotCompliantMBeanException;
 import com.sun.jmx.remote.util.EnvHelp;
 import java.lang.reflect.Array;
 import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
 import javax.management.AttributeNotFoundException;
 import javax.management.openmbean.CompositeData;
 import sun.reflect.misc.MethodUtil;
@@ -64,7 +65,11 @@ import sun.reflect.misc.ReflectUtil;
  * @since 1.5
  */
 public class Introspector {
-
+    final public static boolean ALLOW_NONPUBLIC_MBEAN;
+    static {
+        String val = AccessController.doPrivileged(new GetPropertyAction("jdk.jmx.mbeans.allowNonPublic"));
+        ALLOW_NONPUBLIC_MBEAN = Boolean.parseBoolean(val);
+    }
 
      /*
      * ------------------------------------------
@@ -223,11 +228,27 @@ public class Introspector {
         return testCompliance(baseClass, null);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MXBean interface.
+     * A compliant MXBean interface is any publicly accessible interface
+     * following the {@link MXBean} conventions.
+     * @param interfaceClass An interface class to test for the MXBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@link MXBean} conventions.
+     */
     public static void testComplianceMXBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException {
         MXBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
     }
 
+    /**
+     * Tests the given interface class for being a compliant MBean interface.
+     * A compliant MBean interface is any publicly accessible interface
+     * following the {@code MBean} conventions.
+     * @param interfaceClass An interface class to test for the MBean compliance
+     * @throws NotCompliantMBeanException Thrown when the tested interface
+     * is not public or contradicts the {@code MBean} conventions.
+     */
     public static void testComplianceMBeanInterface(Class<?> interfaceClass)
             throws NotCompliantMBeanException{
         StandardMBeanIntrospector.getInstance().getAnalyzer(interfaceClass);
@@ -299,18 +320,18 @@ public class Introspector {
      * not a JMX compliant Standard MBean.
      */
     public static <T> Class<? super T> getStandardMBeanInterface(Class<T> baseClass)
-    throws NotCompliantMBeanException {
+        throws NotCompliantMBeanException {
-        Class<? super T> current = baseClass;
+            Class<? super T> current = baseClass;
-        Class<? super T> mbeanInterface = null;
+            Class<? super T> mbeanInterface = null;
-        while (current != null) {
+            while (current != null) {
-            mbeanInterface =
+                mbeanInterface =
-                findMBeanInterface(current, current.getName());
+                    findMBeanInterface(current, current.getName());
-            if (mbeanInterface != null) break;
+                if (mbeanInterface != null) break;
-            current = current.getSuperclass();
+                current = current.getSuperclass();
-        }
+            }
-        if (mbeanInterface != null) {
+                if (mbeanInterface != null) {
-            return mbeanInterface;
+                    return mbeanInterface;
-        } else {
+            } else {
             final String msg =
                 "Class " + baseClass.getName() +
                 " is not a JMX compliant Standard MBean";
@@ -507,8 +528,11 @@ public class Introspector {
         }
         Class<?>[] interfaces = c.getInterfaces();
         for (int i = 0;i < interfaces.length; i++) {
-            if (interfaces[i].getName().equals(clMBeanName))
+            if (interfaces[i].getName().equals(clMBeanName) &&
+                (Modifier.isPublic(interfaces[i].getModifiers()) ||
+                 ALLOW_NONPUBLIC_MBEAN)) {
                 return Util.cast(interfaces[i]);
+            }
         }
 
         return null;

jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanAnalyzer.java

@@ -28,6 +28,8 @@ package com.sun.jmx.mbeanserver;
 import static com.sun.jmx.mbeanserver.Util.*;
 
 import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.security.AccessController;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.List;
@@ -50,7 +52,6 @@ import javax.management.NotCompliantMBeanException;
  * @since 1.6
  */
 class MBeanAnalyzer<M> {
-
     static interface MBeanVisitor<M> {
         public void visitAttribute(String attributeName,
                 M getter,
@@ -107,6 +108,10 @@ class MBeanAnalyzer<M> {
         if (!mbeanType.isInterface()) {
             throw new NotCompliantMBeanException("Not an interface: " +
                     mbeanType.getName());
+        } else if (!Modifier.isPublic(mbeanType.getModifiers()) &&
+                   !Introspector.ALLOW_NONPUBLIC_MBEAN) {
+            throw new NotCompliantMBeanException("Interface is not public: " +
+                mbeanType.getName());
         }
 
         try {

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/Algorithm.java

@@ -2,82 +2,78 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
-
-
 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 /**
  * The Algorithm class which stores the Algorithm URI as a string.
- *
  */
 public abstract class Algorithm extends SignatureElementProxy {
 
-   /**
+    /**
-    *
+     *
-    * @param doc
+     * @param doc
-    * @param algorithmURI is the URI of the algorithm as String
+     * @param algorithmURI is the URI of the algorithm as String
-    */
+     */
-   public Algorithm(Document doc, String algorithmURI) {
+    public Algorithm(Document doc, String algorithmURI) {
+        super(doc);
 
-      super(doc);
+        this.setAlgorithmURI(algorithmURI);
+    }
 
-      this.setAlgorithmURI(algorithmURI);
+    /**
-   }
+     * Constructor Algorithm
+     *
+     * @param element
+     * @param BaseURI
+     * @throws XMLSecurityException
+     */
+    public Algorithm(Element element, String BaseURI) throws XMLSecurityException {
+        super(element, BaseURI);
+    }
 
-   /**
+    /**
-    * Constructor Algorithm
+     * Method getAlgorithmURI
-    *
+     *
-    * @param element
+     * @return The URI of the algorithm
-    * @param BaseURI
+     */
-    * @throws XMLSecurityException
+    public String getAlgorithmURI() {
-    */
+        return this.constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
-   public Algorithm(Element element, String BaseURI)
+    }
-           throws XMLSecurityException {
-      super(element, BaseURI);
-   }
 
-   /**
+    /**
-    * Method getAlgorithmURI
+     * Sets the algorithm's URI as used in the signature.
-    *
+     *
-    * @return The URI of the alogrithm
+     * @param algorithmURI is the URI of the algorithm as String
-    */
+     */
-   public String getAlgorithmURI() {
+    protected void setAlgorithmURI(String algorithmURI) {
-      return this._constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        if (algorithmURI != null) {
-   }
+            this.constructionElement.setAttributeNS(
-
+                null, Constants._ATT_ALGORITHM, algorithmURI
-   /**
+            );
-    * Sets the algorithm's URI as used in the signature.
+        }
-    *
+    }
-    * @param algorithmURI is the URI of the algorithm as String
-    */
-   protected void setAlgorithmURI(String algorithmURI) {
-
-      if ( (algorithmURI != null)) {
-         this._constructionElement.setAttributeNS(null, Constants._ATT_ALGORITHM,
-                                                algorithmURI);
-      }
-   }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/JCEMapper.java

@@ -114,6 +114,18 @@ public class JCEMapper {
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1,
             new Algorithm("", "SHA1withECDSA", "Signature")
         );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256,
+            new Algorithm("", "SHA256withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384,
+            new Algorithm("", "SHA384withECDSA", "Signature")
+        );
+        algorithmsMap.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512,
+            new Algorithm("", "SHA512withECDSA", "Signature")
+        );
         algorithmsMap.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5,
             new Algorithm("", "HmacMD5", "Mac")
@@ -154,6 +166,18 @@ public class JCEMapper {
             XMLCipher.AES_256,
             new Algorithm("AES", "AES/CBC/ISO10126Padding", "BlockEncryption", 256)
         );
+        algorithmsMap.put(
+            XMLCipher.AES_128_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 128)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_192_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 192)
+        );
+        algorithmsMap.put(
+            XMLCipher.AES_256_GCM,
+            new Algorithm("AES", "AES/GCM/NoPadding", "BlockEncryption", 256)
+        );
         algorithmsMap.put(
             XMLCipher.RSA_v1dot5,
             new Algorithm("RSA", "RSA/ECB/PKCS1Padding", "KeyTransport")
@@ -162,6 +186,10 @@ public class JCEMapper {
             XMLCipher.RSA_OAEP,
             new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
         );
+        algorithmsMap.put(
+            XMLCipher.RSA_OAEP_11,
+            new Algorithm("RSA", "RSA/ECB/OAEPPadding", "KeyTransport")
+        );
         algorithmsMap.put(
             XMLCipher.DIFFIE_HELLMAN,
             new Algorithm("", "", "KeyAgreement")

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/MessageDigestAlgorithm.java

@@ -2,265 +2,254 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
-import java.util.HashMap;
-import java.util.Map;
 
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 import com.sun.org.apache.xml.internal.security.utils.EncryptionConstants;
 import org.w3c.dom.Document;
 
-
 /**
  * Digest Message wrapper & selector class.
  *
  * <pre>
  * MessageDigestAlgorithm.getInstance()
  * </pre>
- *
  */
 public class MessageDigestAlgorithm extends Algorithm {
 
     /** Message Digest - NOT RECOMMENDED MD5*/
-   public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "md5";
+    public static final String ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5 =
-   /** Digest - Required SHA1*/
+        Constants.MoreAlgorithmsSpecNS + "md5";
-   public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
+    /** Digest - Required SHA1*/
-   /** Message Digest - RECOMMENDED SHA256*/
+    public static final String ALGO_ID_DIGEST_SHA1 = Constants.SignatureSpecNS + "sha1";
-   public static final String ALGO_ID_DIGEST_SHA256 = EncryptionConstants.EncryptionSpecNS + "sha256";
+    /** Message Digest - RECOMMENDED SHA256*/
-   /** Message Digest - OPTIONAL SHA384*/
+    public static final String ALGO_ID_DIGEST_SHA256 =
-   public static final String ALGO_ID_DIGEST_SHA384 = Constants.MoreAlgorithmsSpecNS + "sha384";
+        EncryptionConstants.EncryptionSpecNS + "sha256";
-   /** Message Digest - OPTIONAL SHA512*/
+    /** Message Digest - OPTIONAL SHA384*/
-   public static final String ALGO_ID_DIGEST_SHA512 = EncryptionConstants.EncryptionSpecNS + "sha512";
+    public static final String ALGO_ID_DIGEST_SHA384 =
-   /** Message Digest - OPTIONAL RIPEMD-160*/
+        Constants.MoreAlgorithmsSpecNS + "sha384";
-   public static final String ALGO_ID_DIGEST_RIPEMD160 = EncryptionConstants.EncryptionSpecNS + "ripemd160";
+    /** Message Digest - OPTIONAL SHA512*/
+    public static final String ALGO_ID_DIGEST_SHA512 =
+        EncryptionConstants.EncryptionSpecNS + "sha512";
+    /** Message Digest - OPTIONAL RIPEMD-160*/
+    public static final String ALGO_ID_DIGEST_RIPEMD160 =
+        EncryptionConstants.EncryptionSpecNS + "ripemd160";
 
-   /** Field algorithm stores the actual {@link java.security.MessageDigest} */
+    /** Field algorithm stores the actual {@link java.security.MessageDigest} */
-   java.security.MessageDigest algorithm = null;
+    private final MessageDigest algorithm;
 
-   /**
+    /**
-    * Constructor for the brave who pass their own message digest algorithms and the corresponding URI.
+     * Constructor for the brave who pass their own message digest algorithms and the
-    * @param doc
+     * corresponding URI.
-    * @param messageDigest
+     * @param doc
-    * @param algorithmURI
+     * @param algorithmURI
-    */
+     */
-   private MessageDigestAlgorithm(Document doc, MessageDigest messageDigest,
+    private MessageDigestAlgorithm(Document doc, String algorithmURI)
-                                  String algorithmURI) {
+        throws XMLSignatureException {
+        super(doc, algorithmURI);
 
-      super(doc, algorithmURI);
+        algorithm = getDigestInstance(algorithmURI);
+    }
 
-      this.algorithm = messageDigest;
+    /**
-   }
+     * Factory method for constructing a message digest algorithm by name.
+     *
+     * @param doc
+     * @param algorithmURI
+     * @return The MessageDigestAlgorithm element to attach in document and to digest
+     * @throws XMLSignatureException
+     */
+    public static MessageDigestAlgorithm getInstance(
+        Document doc, String algorithmURI
+    ) throws XMLSignatureException {
+        return new MessageDigestAlgorithm(doc, algorithmURI);
+    }
 
-   static ThreadLocal<Map<String, MessageDigest>> instances=new
+    private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
-       ThreadLocal<Map<String, MessageDigest>>() {
+        String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
-           protected Map<String, MessageDigest> initialValue() {
-               return new HashMap<String, MessageDigest>();
-           };
-   };
 
-   /**
+        if (algorithmID == null) {
-    * Factory method for constructing a message digest algorithm by name.
+            Object[] exArgs = { algorithmURI };
-    *
+            throw new XMLSignatureException("algorithms.NoSuchMap", exArgs);
-    * @param doc
-    * @param algorithmURI
-    * @return The MessageDigestAlgorithm element to attach in document and to digest
-    * @throws XMLSignatureException
-    */
-   public static MessageDigestAlgorithm getInstance(
-           Document doc, String algorithmURI) throws XMLSignatureException {
-          MessageDigest md = getDigestInstance(algorithmURI);
-      return new MessageDigestAlgorithm(doc, md, algorithmURI);
-   }
-
-private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
-        MessageDigest result= instances.get().get(algorithmURI);
-        if (result!=null)
-                return result;
-    String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
-
-          if (algorithmID == null) {
-                  Object[] exArgs = { algorithmURI };
-                  throw new XMLSignatureException("algorithms.NoSuchMap", exArgs);
-          }
-
-      MessageDigest md;
-      String provider=JCEMapper.getProviderId();
-      try {
-         if (provider==null) {
-                md = MessageDigest.getInstance(algorithmID);
-         } else {
-                md = MessageDigest.getInstance(algorithmID,provider);
-         }
-      } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
-      } catch (NoSuchProviderException ex) {
-        Object[] exArgs = { algorithmID,
-                                                ex.getLocalizedMessage() };
-
-        throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
-        instances.get().put(algorithmURI, md);
+
+        MessageDigest md;
+        String provider = JCEMapper.getProviderId();
+        try {
+            if (provider == null) {
+                md = MessageDigest.getInstance(algorithmID);
+            } else {
+                md = MessageDigest.getInstance(algorithmID, provider);
+            }
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        } catch (NoSuchProviderException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
+
         return md;
-}
+    }
-
+
-   /**
+    /**
-    * Returns the actual {@link java.security.MessageDigest} algorithm object
+     * Returns the actual {@link java.security.MessageDigest} algorithm object
-    *
+     *
-    * @return the actual {@link java.security.MessageDigest} algorithm object
+     * @return the actual {@link java.security.MessageDigest} algorithm object
-    */
+     */
-   public java.security.MessageDigest getAlgorithm() {
+    public java.security.MessageDigest getAlgorithm() {
-      return this.algorithm;
+        return algorithm;
-   }
+    }
-
+
-   /**
+    /**
-    * Proxy method for {@link java.security.MessageDigest#isEqual}
+     * Proxy method for {@link java.security.MessageDigest#isEqual}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
+     *
-    * @param digesta
+     * @param digesta
-    * @param digestb
+     * @param digestb
-    * @return the result of the {@link java.security.MessageDigest#isEqual} method
+     * @return the result of the {@link java.security.MessageDigest#isEqual} method
-    */
+     */
-   public static boolean isEqual(byte[] digesta, byte[] digestb) {
+    public static boolean isEqual(byte[] digesta, byte[] digestb) {
-      return java.security.MessageDigest.isEqual(digesta, digestb);
+        return java.security.MessageDigest.isEqual(digesta, digestb);
-   }
+    }
-
+
-   /**
+    /**
-    * Proxy method for {@link java.security.MessageDigest#digest()}
+     * Proxy method for {@link java.security.MessageDigest#digest()}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
+     *
-    * @return the result of the {@link java.security.MessageDigest#digest()} method
+     * @return the result of the {@link java.security.MessageDigest#digest()} method
-    */
+     */
-   public byte[] digest() {
+    public byte[] digest() {
-      return this.algorithm.digest();
+        return algorithm.digest();
-   }
+    }
-
+
-   /**
+    /**
-    * Proxy method for {@link java.security.MessageDigest#digest(byte[])}
+     * Proxy method for {@link java.security.MessageDigest#digest(byte[])}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
+     *
-    * @param input
+     * @param input
-    * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
+     * @return the result of the {@link java.security.MessageDigest#digest(byte[])} method
-    */
+     */
-   public byte[] digest(byte input[]) {
+    public byte[] digest(byte input[]) {
-      return this.algorithm.digest(input);
+        return algorithm.digest(input);
-   }
+    }
-
+
-   /**
+    /**
-    * Proxy method for {@link java.security.MessageDigest#digest(byte[], int, int)}
+     * Proxy method for {@link java.security.MessageDigest#digest(byte[], int, int)}
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    *
+     *
-    * @param buf
+     * @param buf
-    * @param offset
+     * @param offset
-    * @param len
+     * @param len
-    * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
+     * @return the result of the {@link java.security.MessageDigest#digest(byte[], int, int)} method
-    * @throws java.security.DigestException
+     * @throws java.security.DigestException
-    */
+     */
-   public int digest(byte buf[], int offset, int len)
+    public int digest(byte buf[], int offset, int len) throws java.security.DigestException {
-           throws java.security.DigestException {
+        return algorithm.digest(buf, offset, len);
-      return this.algorithm.digest(buf, offset, len);
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#getAlgorithm}
-    * Proxy method for {@link java.security.MessageDigest#getAlgorithm}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
-    * @return the result of the {@link java.security.MessageDigest#getAlgorithm} method
+     */
-    */
+    public String getJCEAlgorithmString() {
-   public String getJCEAlgorithmString() {
+        return algorithm.getAlgorithm();
-      return this.algorithm.getAlgorithm();
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#getProvider}
-    * Proxy method for {@link java.security.MessageDigest#getProvider}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @return the result of the {@link java.security.MessageDigest#getProvider} method
-    * @return the result of the {@link java.security.MessageDigest#getProvider} method
+     */
-    */
+    public java.security.Provider getJCEProvider() {
-   public java.security.Provider getJCEProvider() {
+        return algorithm.getProvider();
-      return this.algorithm.getProvider();
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#getDigestLength}
-    * Proxy method for {@link java.security.MessageDigest#getDigestLength}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
-    * @return the result of the {@link java.security.MessageDigest#getDigestLength} method
+     */
-    */
+    public int getDigestLength() {
-   public int getDigestLength() {
+        return algorithm.getDigestLength();
-      return this.algorithm.getDigestLength();
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#reset}
-    * Proxy method for {@link java.security.MessageDigest#reset}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     */
-    */
+    public void reset() {
-   public void reset() {
+        algorithm.reset();
-      this.algorithm.reset();
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte[])}
-    * Proxy method for {@link java.security.MessageDigest#update(byte[])}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @param input
-    * @param input
+     */
-    */
+    public void update(byte[] input) {
-   public void update(byte[] input) {
+        algorithm.update(input);
-      this.algorithm.update(input);
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte)}
-    * Proxy method for {@link java.security.MessageDigest#update(byte)}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @param input
-    * @param input
+     */
-    */
+    public void update(byte input) {
-   public void update(byte input) {
+        algorithm.update(input);
-      this.algorithm.update(input);
+    }
-   }
+
-
+    /**
-   /**
+     * Proxy method for {@link java.security.MessageDigest#update(byte[], int, int)}
-    * Proxy method for {@link java.security.MessageDigest#update(byte[], int, int)}
+     * which is executed on the internal {@link java.security.MessageDigest} object.
-    * which is executed on the internal {@link java.security.MessageDigest} object.
+     *
-    *
+     * @param buf
-    * @param buf
+     * @param offset
-    * @param offset
+     * @param len
-    * @param len
+     */
-    */
+    public void update(byte buf[], int offset, int len) {
-   public void update(byte buf[], int offset, int len) {
+        algorithm.update(buf, offset, len);
-      this.algorithm.update(buf, offset, len);
+    }
-   }
+
-
+    /** @inheritDoc */
-   /** @inheritDoc */
+    public String getBaseNamespace() {
-   public String getBaseNamespace() {
+        return Constants.SignatureSpecNS;
-      return Constants.SignatureSpecNS;
+    }
-   }
+
-
+    /** @inheritDoc */
-   /** @inheritDoc */
+    public String getBaseLocalName() {
-   public String getBaseLocalName() {
+        return Constants._TAG_DIGESTMETHOD;
-      return Constants._TAG_DIGESTMETHOD;
+    }
-   }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithm.java

@@ -74,7 +74,7 @@ public class SignatureAlgorithm extends Algorithm {
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -92,10 +92,10 @@ public class SignatureAlgorithm extends Algorithm {
         this.algorithmURI = algorithmURI;
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
 
         signatureAlgorithm.engineSetHMACOutputLength(hmacOutputLength);
-        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(_constructionElement);
+        ((IntegrityHmac)signatureAlgorithm).engineAddContextToElement(constructionElement);
     }
 
     /**
@@ -136,7 +136,7 @@ public class SignatureAlgorithm extends Algorithm {
         }
 
         signatureAlgorithm = getSignatureAlgorithmSpi(algorithmURI);
-        signatureAlgorithm.engineGetContextFromElement(this._constructionElement);
+        signatureAlgorithm.engineGetContextFromElement(this.constructionElement);
     }
 
     /**
@@ -310,7 +310,7 @@ public class SignatureAlgorithm extends Algorithm {
      * @return the URI representation of Transformation algorithm
      */
     public final String getURI() {
-        return _constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
+        return constructionElement.getAttributeNS(null, Constants._ATT_ALGORITHM);
     }
 
     /**
@@ -380,9 +380,7 @@ public class SignatureAlgorithm extends Algorithm {
      * This method registers the default algorithms.
      */
     public static void registerDefaultAlgorithms() {
-        algorithmHash.put(
+        algorithmHash.put(SignatureDSA.URI, SignatureDSA.class);
-            XMLSignature.ALGO_ID_SIGNATURE_DSA, SignatureDSA.class
-        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1, SignatureBaseRSA.SignatureRSASHA1.class
         );
@@ -409,6 +407,15 @@ public class SignatureAlgorithm extends Algorithm {
         algorithmHash.put(
             XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1, SignatureECDSA.SignatureECDSASHA1.class
         );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256, SignatureECDSA.SignatureECDSASHA256.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384, SignatureECDSA.SignatureECDSASHA384.class
+        );
+        algorithmHash.put(
+            XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512, SignatureECDSA.SignatureECDSASHA512.class
+        );
         algorithmHash.put(
             XMLSignature.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5, IntegrityHmac.IntegrityHmacMD5.class
         );

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/SignatureAlgorithmSpi.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms;
 
@@ -27,157 +29,149 @@ import java.security.spec.AlgorithmParameterSpec;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import org.w3c.dom.Element;
 
-
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureAlgorithmSpi {
 
-   /**
+    /**
-    * Returns the URI representation of <code>Transformation algorithm</code>
+     * Returns the URI representation of <code>Transformation algorithm</code>
-    *
+     *
-    * @return the URI representation of <code>Transformation algorithm</code>
+     * @return the URI representation of <code>Transformation algorithm</code>
-    */
+     */
-   protected abstract String engineGetURI();
+    protected abstract String engineGetURI();
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#getAlgorithm}
+     * Proxy method for {@link java.security.Signature#getAlgorithm}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @return the result of the {@link java.security.Signature#getAlgorithm} method
+     * @return the result of the {@link java.security.Signature#getAlgorithm} method
-    */
+     */
-   protected abstract String engineGetJCEAlgorithmString();
+    protected abstract String engineGetJCEAlgorithmString();
 
-   /**
+    /**
-    * Method engineGetJCEProviderName
+     * Method engineGetJCEProviderName
-    *
+     *
-    * @return the JCE ProviderName
+     * @return the JCE ProviderName
-    */
+     */
-   protected abstract String engineGetJCEProviderName();
+    protected abstract String engineGetJCEProviderName();
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#update(byte[])}
+     * Proxy method for {@link java.security.Signature#update(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @param input
+     * @param input
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract void engineUpdate(byte[] input)
+    protected abstract void engineUpdate(byte[] input) throws XMLSignatureException;
-      throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#update(byte[])}
+     * Proxy method for {@link java.security.Signature#update(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @param input
+     * @param input
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract void engineUpdate(byte input)
+    protected abstract void engineUpdate(byte input) throws XMLSignatureException;
-      throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
+     * Proxy method for {@link java.security.Signature#update(byte[], int, int)}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @param buf
+     * @param buf
-    * @param offset
+     * @param offset
-    * @param len
+     * @param len
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract void engineUpdate(byte buf[], int offset, int len)
+    protected abstract void engineUpdate(byte buf[], int offset, int len)
-      throws XMLSignatureException;
+        throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
+     * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey)}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @param signingKey
+     * @param signingKey
-    * @throws XMLSignatureException if this method is called on a MAC
+     * @throws XMLSignatureException if this method is called on a MAC
-    */
+     */
-   protected abstract void engineInitSign(Key signingKey)
+    protected abstract void engineInitSign(Key signingKey) throws XMLSignatureException;
-      throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey, java.security.SecureRandom)}
+     * Proxy method for {@link java.security.Signature#initSign(java.security.PrivateKey,
-    * which is executed on the internal {@link java.security.Signature} object.
+     * java.security.SecureRandom)}
-    *
+     * which is executed on the internal {@link java.security.Signature} object.
-    * @param signingKey
+     *
-    * @param secureRandom
+     * @param signingKey
-    * @throws XMLSignatureException if this method is called on a MAC
+     * @param secureRandom
-    */
+     * @throws XMLSignatureException if this method is called on a MAC
-   protected abstract void engineInitSign(
+     */
-      Key signingKey, SecureRandom secureRandom) throws XMLSignatureException;
+    protected abstract void engineInitSign(Key signingKey, SecureRandom secureRandom)
+        throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link javax.crypto.Mac}
+     * Proxy method for {@link javax.crypto.Mac}
-    * which is executed on the internal {@link javax.crypto.Mac#init(Key)} object.
+     * which is executed on the internal {@link javax.crypto.Mac#init(Key)} object.
-    *
+     *
-    * @param signingKey
+     * @param signingKey
-    * @param algorithmParameterSpec
+     * @param algorithmParameterSpec
-    * @throws XMLSignatureException if this method is called on a Signature
+     * @throws XMLSignatureException if this method is called on a Signature
-    */
+     */
-   protected abstract void engineInitSign(
+    protected abstract void engineInitSign(
-      Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-         throws XMLSignatureException;
+    ) throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#sign()}
+     * Proxy method for {@link java.security.Signature#sign()}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @return the result of the {@link java.security.Signature#sign()} method
+     * @return the result of the {@link java.security.Signature#sign()} method
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract byte[] engineSign() throws XMLSignatureException;
+    protected abstract byte[] engineSign() throws XMLSignatureException;
 
-   /**
+    /**
-    * Method engineInitVerify
+     * Method engineInitVerify
-    *
+     *
-    * @param verificationKey
+     * @param verificationKey
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract void engineInitVerify(Key verificationKey)
+    protected abstract void engineInitVerify(Key verificationKey) throws XMLSignatureException;
-      throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#verify(byte[])}
+     * Proxy method for {@link java.security.Signature#verify(byte[])}
-    * which is executed on the internal {@link java.security.Signature} object.
+     * which is executed on the internal {@link java.security.Signature} object.
-    *
+     *
-    * @param signature
+     * @param signature
-    * @return true if the signature is correct
+     * @return true if the signature is correct
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract boolean engineVerify(byte[] signature)
+    protected abstract boolean engineVerify(byte[] signature) throws XMLSignatureException;
-      throws XMLSignatureException;
 
-   /**
+    /**
-    * Proxy method for {@link java.security.Signature#setParameter(java.security.spec.AlgorithmParameterSpec)}
+     * Proxy method for {@link java.security.Signature#setParameter(
-    * which is executed on the internal {@link java.security.Signature} object.
+     * java.security.spec.AlgorithmParameterSpec)}
-    *
+     * which is executed on the internal {@link java.security.Signature} object.
-    * @param params
+     *
-    * @throws XMLSignatureException
+     * @param params
-    */
+     * @throws XMLSignatureException
-   protected abstract void engineSetParameter(AlgorithmParameterSpec params)
+     */
-      throws XMLSignatureException;
+    protected abstract void engineSetParameter(AlgorithmParameterSpec params)
+        throws XMLSignatureException;
 
 
-   /**
+    /**
-    * Method engineGetContextFromElement
+     * Method engineGetContextFromElement
-    *
+     *
-    * @param element
+     * @param element
-    */
+     */
-   protected void engineGetContextFromElement(Element element) {
+    protected void engineGetContextFromElement(Element element) {
-   }
+    }
 
-   /**
+    /**
-    * Method engineSetHMACOutputLength
+     * Method engineSetHMACOutputLength
-    *
+     *
-    * @param HMACOutputLength
+     * @param HMACOutputLength
-    * @throws XMLSignatureException
+     * @throws XMLSignatureException
-    */
+     */
-   protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
+    protected abstract void engineSetHMACOutputLength(int HMACOutputLength)
-      throws XMLSignatureException;
+        throws XMLSignatureException;
 
     public void reset() {
-        }
+    }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureBaseRSA.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2007 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
@@ -36,22 +38,17 @@ import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithmSpi
 import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 
-/**
- *
- * @author $Author: mullan $
- */
 public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
-    /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
-        java.util.logging.Logger.getLogger
+        java.util.logging.Logger.getLogger(SignatureBaseRSA.class.getName());
-        (SignatureBaseRSA.class.getName());
 
     /** @inheritDoc */
     public abstract String engineGetURI();
 
     /** Field algorithm */
-    private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Constructor SignatureRSA
@@ -59,17 +56,17 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     public SignatureBaseRSA() throws XMLSignatureException {
-
         String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
 
-        if (log.isLoggable(java.util.logging.Level.FINE))
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
             log.log(java.util.logging.Level.FINE, "Created SignatureRSA using " + algorithmID);
-        String provider=JCEMapper.getProviderId();
+        }
+        String provider = JCEMapper.getProviderId();
         try {
-            if (provider==null) {
+            if (provider == null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
             Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
@@ -85,20 +82,17 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-            this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected boolean engineVerify(byte[] signature)
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
-        throws XMLSignatureException {
-
         try {
-            return this._signatureAlgorithm.verify(signature);
+            return this.signatureAlgorithm.verify(signature);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -106,32 +100,29 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
         if (!(publicKey instanceof PublicKey)) {
             String supplied = publicKey.getClass().getName();
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -140,7 +131,7 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected byte[] engineSign() throws XMLSignatureException {
         try {
-            return this._signatureAlgorithm.sign();
+            return this.signatureAlgorithm.sign();
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -149,19 +140,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
         throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-                ((PrivateKey) privateKey, secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -169,18 +157,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -189,7 +175,7 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -198,17 +184,16 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
     /** @inheritDoc */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
     }
 
     /** @inheritDoc */
-    protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-        throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -216,34 +201,29 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /** @inheritDoc */
     protected String engineGetJCEAlgorithmString() {
-        return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /** @inheritDoc */
     protected String engineGetJCEProviderName() {
-        return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /** @inheritDoc */
     protected void engineSetHMACOutputLength(int HMACOutputLength)
         throws XMLSignatureException {
-        throw new XMLSignatureException
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
-            ("algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /** @inheritDoc */
     protected void engineInitSign(
-        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-        throws XMLSignatureException {
+    ) throws XMLSignatureException {
-        throw new XMLSignatureException(
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
-            "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
     }
 
     /**
      * Class SignatureRSASHA1
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA1 extends SignatureBaseRSA {
 
@@ -264,9 +244,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA256
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA256 extends SignatureBaseRSA {
 
@@ -287,9 +264,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA384
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA384 extends SignatureBaseRSA {
 
@@ -310,9 +284,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSASHA512
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSASHA512 extends SignatureBaseRSA {
 
@@ -333,9 +304,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSARIPEMD160
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSARIPEMD160 extends SignatureBaseRSA {
 
@@ -356,9 +324,6 @@ public abstract class SignatureBaseRSA extends SignatureAlgorithmSpi {
 
     /**
      * Class SignatureRSAMD5
-     *
-     * @author $Author: mullan $
-     * @version $Revision: 1.5 $
      */
     public static class SignatureRSAMD5 extends SignatureBaseRSA {
 

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureDSA.java

@@ -2,21 +2,23 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
@@ -37,21 +39,17 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Base64;
 import com.sun.org.apache.xml.internal.security.utils.Constants;
 
-/**
- *
- * @author $Author: mullan $
- */
 public class SignatureDSA extends SignatureAlgorithmSpi {
 
-    /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(SignatureDSA.class.getName());
 
-    /** Field _URI */
+    /** Field URI */
-    public static final String _URI = Constants.SignatureSpecNS + "dsa-sha1";
+    public static final String URI = Constants.SignatureSpecNS + "dsa-sha1";
 
     /** Field algorithm */
-    private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
     /**
      * Method engineGetURI
@@ -59,7 +57,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetURI() {
-        return SignatureDSA._URI;
+        return SignatureDSA.URI;
     }
 
     /**
@@ -68,17 +66,17 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     public SignatureDSA() throws XMLSignatureException {
-
+        String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA.URI);
-        String algorithmID = JCEMapper.translateURItoJCEID(SignatureDSA._URI);
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
-        if (log.isLoggable(java.util.logging.Level.FINE))
             log.log(java.util.logging.Level.FINE, "Created SignatureDSA using " + algorithmID);
+        }
 
         String provider = JCEMapper.getProviderId();
         try {
             if (provider == null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
             } else {
-                this._signatureAlgorithm =
+                this.signatureAlgorithm =
                     Signature.getInstance(algorithmID, provider);
             }
         } catch (java.security.NoSuchAlgorithmException ex) {
@@ -95,9 +93,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineSetParameter(AlgorithmParameterSpec params)
         throws XMLSignatureException {
-
         try {
-            this._signatureAlgorithm.setParameter(params);
+            this.signatureAlgorithm.setParameter(params);
         } catch (InvalidAlgorithmParameterException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -107,15 +104,15 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected boolean engineVerify(byte[] signature)
-           throws XMLSignatureException {
+        throws XMLSignatureException {
-
         try {
-            if (log.isLoggable(java.util.logging.Level.FINE))
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
                 log.log(java.util.logging.Level.FINE, "Called DSA.verify() on " + Base64.encode(signature));
+            }
 
             byte[] jcebytes = SignatureDSA.convertXMLDSIGtoASN1(signature);
 
-            return this._signatureAlgorithm.verify(jcebytes);
+            return this.signatureAlgorithm.verify(jcebytes);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         } catch (IOException ex) {
@@ -127,32 +124,29 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
-
         if (!(publicKey instanceof PublicKey)) {
             String supplied = publicKey.getClass().getName();
             String needed = PublicKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
         } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
         }
@@ -162,9 +156,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected byte[] engineSign() throws XMLSignatureException {
-
         try {
-            byte jcebytes[] = this._signatureAlgorithm.sign();
+            byte jcebytes[] = this.signatureAlgorithm.sign();
 
             return SignatureDSA.convertASN1toXMLDSIG(jcebytes);
         } catch (IOException ex) {
@@ -178,20 +171,17 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
-           throws XMLSignatureException {
+        throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-                                           secureRandom);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -201,18 +191,16 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-
         if (!(privateKey instanceof PrivateKey)) {
             String supplied = privateKey.getClass().getName();
             String needed = PrivateKey.class.getName();
             Object exArgs[] = { supplied, needed };
 
-            throw new XMLSignatureException
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-                ("algorithms.WrongKeyForThisOperation", exArgs);
         }
 
         try {
-            this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
         } catch (InvalidKeyException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -223,7 +211,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineUpdate(byte[] input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -234,7 +222,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      */
     protected void engineUpdate(byte input) throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(input);
+            this.signatureAlgorithm.update(input);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -243,10 +231,9 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
     /**
      * @inheritDoc
      */
-    protected void engineUpdate(byte buf[], int offset, int len)
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-        throws XMLSignatureException {
         try {
-            this._signatureAlgorithm.update(buf, offset, len);
+            this.signatureAlgorithm.update(buf, offset, len);
         } catch (SignatureException ex) {
             throw new XMLSignatureException("empty", ex);
         }
@@ -258,7 +245,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetJCEAlgorithmString() {
-        return this._signatureAlgorithm.getAlgorithm();
+        return this.signatureAlgorithm.getAlgorithm();
     }
 
     /**
@@ -267,7 +254,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @inheritDoc
      */
     protected String engineGetJCEProviderName() {
-        return this._signatureAlgorithm.getProvider().getName();
+        return this.signatureAlgorithm.getProvider().getName();
     }
 
     /**
@@ -282,8 +269,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws IOException
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      */
-    private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+    private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-           throws IOException {
 
         byte rLength = asn1Bytes[3];
         int i;
@@ -294,19 +280,18 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
         int j;
 
         for (j = sLength;
-              (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+            (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
 
         if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
-              || (asn1Bytes[2] != 2) || (i > 20)
+            || (asn1Bytes[2] != 2) || (i > 20)
-              || (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
+            || (asn1Bytes[4 + rLength] != 2) || (j > 20)) {
             throw new IOException("Invalid ASN.1 format of DSA signature");
         }
         byte xmldsigBytes[] = new byte[40];
 
-        System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i,
+        System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 20 - i, i);
-                          i);
         System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
-                          40 - j, j);
+                         40 - j, j);
 
         return xmldsigBytes;
     }
@@ -323,8 +308,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws IOException
      * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
      */
-    private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
+    private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
-           throws IOException {
 
         if (xmldsigBytes.length != 40) {
             throw new IOException("Invalid XMLDSIG format of DSA signature");
@@ -337,7 +321,7 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
         int j = i;
 
         if (xmldsigBytes[20 - i] < 0) {
-         j += 1;
+            j += 1;
         }
 
         int k;
@@ -373,10 +357,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @param HMACOutputLength
      * @throws XMLSignatureException
      */
-    protected void engineSetHMACOutputLength(int HMACOutputLength)
+    protected void engineSetHMACOutputLength(int HMACOutputLength) throws XMLSignatureException {
-            throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
-        throw new XMLSignatureException(
-            "algorithms.HMACOutputLengthOnlyForHMAC");
     }
 
     /**
@@ -387,9 +369,8 @@ public class SignatureDSA extends SignatureAlgorithmSpi {
      * @throws XMLSignatureException
      */
     protected void engineInitSign(
-        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-            throws XMLSignatureException {
+    ) throws XMLSignatureException {
-        throw new XMLSignatureException(
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnDSA");
-            "algorithms.CannotUseAlgorithmParameterSpecOnDSA");
     }
 }

jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java

@@ -2,26 +2,26 @@
  * reserved comment block
  * DO NOT REMOVE OR ALTER!
  */
-/*
+/**
- * Copyright  1999-2004 The Apache Software Foundation.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * http://www.apache.org/licenses/LICENSE-2.0
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
  */
 package com.sun.org.apache.xml.internal.security.algorithms.implementations;
 
-
-
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -40,345 +40,417 @@ import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
 import com.sun.org.apache.xml.internal.security.signature.XMLSignatureException;
 import com.sun.org.apache.xml.internal.security.utils.Base64;
 
-
 /**
  *
- * @author $Author: mullan $
+ * @author $Author: raul $
+ * @author Alex Dupre
  */
 public abstract class SignatureECDSA extends SignatureAlgorithmSpi {
 
-   /** {@link java.util.logging} logging facility */
+    /** {@link org.apache.commons.logging} logging facility */
-    static java.util.logging.Logger log =
+    private static java.util.logging.Logger log =
         java.util.logging.Logger.getLogger(SignatureECDSA.class.getName());
 
     /** @inheritDoc */
-   public abstract String engineGetURI();
+    public abstract String engineGetURI();
 
-   /** Field algorithm */
+    /** Field algorithm */
-   private java.security.Signature _signatureAlgorithm = null;
+    private java.security.Signature signatureAlgorithm = null;
 
-   /**
+    /**
-    * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
+     * Converts an ASN.1 ECDSA value to a XML Signature ECDSA Value.
-    *
+     *
-    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
-    * pairs; the XML Signature requires the core BigInteger values.
+     * pairs; the XML Signature requires the core BigInteger values.
-    *
+     *
-    * @param asn1Bytes
+     * @param asn1Bytes
-    * @return the decode bytes
+     * @return the decode bytes
-    *
+     *
-    * @throws IOException
+     * @throws IOException
-    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
-    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
-    */
+     */
-   private static byte[] convertASN1toXMLDSIG(byte asn1Bytes[])
+    public static byte[] convertASN1toXMLDSIG(byte asn1Bytes[]) throws IOException {
-           throws IOException {
 
-      byte rLength = asn1Bytes[3];
+        if (asn1Bytes.length < 8 || asn1Bytes[0] != 48) {
-      int i;
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-
+        }
-      for (i = rLength; (i > 0) && (asn1Bytes[(4 + rLength) - i] == 0); i--);
+        int offset;
-
+        if (asn1Bytes[1] > 0) {
-      byte sLength = asn1Bytes[5 + rLength];
+            offset = 2;
-      int j;
+        } else if (asn1Bytes[1] == (byte) 0x81) {
-
+            offset = 3;
-      for (j = sLength;
+        } else {
-              (j > 0) && (asn1Bytes[(6 + rLength + sLength) - j] == 0); j--);
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-
-      if ((asn1Bytes[0] != 48) || (asn1Bytes[1] != asn1Bytes.length - 2)
-              || (asn1Bytes[2] != 2) || (i > 24)
-              || (asn1Bytes[4 + rLength] != 2) || (j > 24)) {
-         throw new IOException("Invalid ASN.1 format of ECDSA signature");
-      }
-      byte xmldsigBytes[] = new byte[48];
-
-      System.arraycopy(asn1Bytes, (4 + rLength) - i, xmldsigBytes, 24 - i,
-                          i);
-      System.arraycopy(asn1Bytes, (6 + rLength + sLength) - j, xmldsigBytes,
-                          48 - j, j);
-
-       return xmldsigBytes;
-   }
-
-   /**
-    * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
-    *
-    * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
-    * pairs; the XML Signature requires the core BigInteger values.
-    *
-    * @param xmldsigBytes
-    * @return the encoded ASN.1 bytes
-    *
-    * @throws IOException
-    * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
-    * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
-    */
-   private static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[])
-           throws IOException {
-
-      if (xmldsigBytes.length != 48) {
-         throw new IOException("Invalid XMLDSIG format of ECDSA signature");
-      }
-
-      int i;
-
-      for (i = 24; (i > 0) && (xmldsigBytes[24 - i] == 0); i--);
-
-      int j = i;
-
-      if (xmldsigBytes[24 - i] < 0) {
-         j += 1;
-      }
-
-      int k;
-
-      for (k = 24; (k > 0) && (xmldsigBytes[48 - k] == 0); k--);
-
-      int l = k;
-
-      if (xmldsigBytes[48 - k] < 0) {
-         l += 1;
-      }
-
-      byte asn1Bytes[] = new byte[6 + j + l];
-
-      asn1Bytes[0] = 48;
-      asn1Bytes[1] = (byte) (4 + j + l);
-      asn1Bytes[2] = 2;
-      asn1Bytes[3] = (byte) j;
-
-      System.arraycopy(xmldsigBytes, 24 - i, asn1Bytes, (4 + j) - i, i);
-
-      asn1Bytes[4 + j] = 2;
-      asn1Bytes[5 + j] = (byte) l;
-
-      System.arraycopy(xmldsigBytes, 48 - k, asn1Bytes, (6 + j + l) - k, k);
-
-      return asn1Bytes;
-   }
-
-   /**
-    * Constructor SignatureRSA
-    *
-    * @throws XMLSignatureException
-    */
-   public SignatureECDSA() throws XMLSignatureException {
-
-      String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
-
-      if (log.isLoggable(java.util.logging.Level.FINE))
-        log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
-      String provider=JCEMapper.getProviderId();
-      try {
-         if (provider==null) {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID);
-         } else {
-                this._signatureAlgorithm = Signature.getInstance(algorithmID,provider);
-         }
-      } catch (java.security.NoSuchAlgorithmException ex) {
-         Object[] exArgs = { algorithmID,
-                             ex.getLocalizedMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
-      } catch (NoSuchProviderException ex) {
-         Object[] exArgs = { algorithmID,
-                                                 ex.getLocalizedMessage() };
-
-         throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
         }
-   }
 
-   /** @inheritDoc */
+        byte rLength = asn1Bytes[offset + 1];
-   protected void engineSetParameter(AlgorithmParameterSpec params)
+        int i;
-           throws XMLSignatureException {
 
-      try {
+        for (i = rLength; (i > 0) && (asn1Bytes[(offset + 2 + rLength) - i] == 0); i--);
-         this._signatureAlgorithm.setParameter(params);
-      } catch (InvalidAlgorithmParameterException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
 
-   /** @inheritDoc */
+        byte sLength = asn1Bytes[offset + 2 + rLength + 1];
-   protected boolean engineVerify(byte[] signature)
+        int j;
-           throws XMLSignatureException {
 
-      try {
+        for (j = sLength;
-         byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
+            (j > 0) && (asn1Bytes[(offset + 2 + rLength + 2 + sLength) - j] == 0); j--);
 
-         if (log.isLoggable(java.util.logging.Level.FINE))
+        int rawLen = Math.max(i, j);
-            log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
 
-         return this._signatureAlgorithm.verify(jcebytes);
+        if ((asn1Bytes[offset - 1] & 0xff) != asn1Bytes.length - offset
-      } catch (SignatureException ex) {
+            || (asn1Bytes[offset - 1] & 0xff) != 2 + rLength + 2 + sLength
-         throw new XMLSignatureException("empty", ex);
+            || asn1Bytes[offset] != 2
-      } catch (IOException ex) {
+            || asn1Bytes[offset + 2 + rLength] != 2) {
-         throw new XMLSignatureException("empty", ex);
+            throw new IOException("Invalid ASN.1 format of ECDSA signature");
-      }
+        }
-   }
+        byte xmldsigBytes[] = new byte[2*rawLen];
 
-   /** @inheritDoc */
+        System.arraycopy(asn1Bytes, (offset + 2 + rLength) - i, xmldsigBytes, rawLen - i, i);
-   protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+        System.arraycopy(asn1Bytes, (offset + 2 + rLength + 2 + sLength) - j, xmldsigBytes,
+                         2*rawLen - j, j);
 
-      if (!(publicKey instanceof PublicKey)) {
+        return xmldsigBytes;
-         String supplied = publicKey.getClass().getName();
+    }
-         String needed = PublicKey.class.getName();
-         Object exArgs[] = { supplied, needed };
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+    /**
-                                         exArgs);
+     * Converts a XML Signature ECDSA Value to an ASN.1 DSA value.
-      }
+     *
+     * The JAVA JCE ECDSA Signature algorithm creates ASN.1 encoded (r,s) value
+     * pairs; the XML Signature requires the core BigInteger values.
+     *
+     * @param xmldsigBytes
+     * @return the encoded ASN.1 bytes
+     *
+     * @throws IOException
+     * @see <A HREF="http://www.w3.org/TR/xmldsig-core/#dsa-sha1">6.4.1 DSA</A>
+     * @see <A HREF="ftp://ftp.rfc-editor.org/in-notes/rfc4050.txt">3.3. ECDSA Signatures</A>
+     */
+    public static byte[] convertXMLDSIGtoASN1(byte xmldsigBytes[]) throws IOException {
 
-      try {
+        int rawLen = xmldsigBytes.length/2;
-         this._signatureAlgorithm.initVerify((PublicKey) publicKey);
+
-      } catch (InvalidKeyException ex) {
+        int i;
+
+        for (i = rawLen; (i > 0) && (xmldsigBytes[rawLen - i] == 0); i--);
+
+        int j = i;
+
+        if (xmldsigBytes[rawLen - i] < 0) {
+            j += 1;
+        }
+
+        int k;
+
+        for (k = rawLen; (k > 0) && (xmldsigBytes[2*rawLen - k] == 0); k--);
+
+        int l = k;
+
+        if (xmldsigBytes[2*rawLen - k] < 0) {
+            l += 1;
+        }
+
+        int len = 2 + j + 2 + l;
+        if (len > 255) {
+            throw new IOException("Invalid XMLDSIG format of ECDSA signature");
+        }
+        int offset;
+        byte asn1Bytes[];
+        if (len < 128) {
+            asn1Bytes = new byte[2 + 2 + j + 2 + l];
+            offset = 1;
+        } else {
+            asn1Bytes = new byte[3 + 2 + j + 2 + l];
+            asn1Bytes[1] = (byte) 0x81;
+            offset = 2;
+        }
+        asn1Bytes[0] = 48;
+        asn1Bytes[offset++] = (byte) len;
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) j;
+
+        System.arraycopy(xmldsigBytes, rawLen - i, asn1Bytes, (offset + j) - i, i);
+
+        offset += j;
+
+        asn1Bytes[offset++] = 2;
+        asn1Bytes[offset++] = (byte) l;
+
+        System.arraycopy(xmldsigBytes, 2*rawLen - k, asn1Bytes, (offset + l) - k, k);
+
+        return asn1Bytes;
+    }
+
+    /**
+     * Constructor SignatureRSA
+     *
+     * @throws XMLSignatureException
+     */
+    public SignatureECDSA() throws XMLSignatureException {
+
+        String algorithmID = JCEMapper.translateURItoJCEID(this.engineGetURI());
+
+        if (log.isLoggable(java.util.logging.Level.FINE)) {
+            log.log(java.util.logging.Level.FINE, "Created SignatureECDSA using " + algorithmID);
+        }
+        String provider = JCEMapper.getProviderId();
+        try {
+            if (provider == null) {
+                this.signatureAlgorithm = Signature.getInstance(algorithmID);
+            } else {
+                this.signatureAlgorithm = Signature.getInstance(algorithmID,provider);
+            }
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        } catch (NoSuchProviderException ex) {
+            Object[] exArgs = { algorithmID, ex.getLocalizedMessage() };
+
+            throw new XMLSignatureException("algorithms.NoSuchAlgorithm", exArgs);
+        }
+    }
+
+    /** @inheritDoc */
+    protected void engineSetParameter(AlgorithmParameterSpec params)
+        throws XMLSignatureException {
+        try {
+            this.signatureAlgorithm.setParameter(params);
+        } catch (InvalidAlgorithmParameterException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
+
+    /** @inheritDoc */
+    protected boolean engineVerify(byte[] signature) throws XMLSignatureException {
+        try {
+            byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
+
+            if (log.isLoggable(java.util.logging.Level.FINE)) {
+                log.log(java.util.logging.Level.FINE, "Called ECDSA.verify() on " + Base64.encode(signature));
+            }
+
+            return this.signatureAlgorithm.verify(jcebytes);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException("empty", ex);
+        } catch (IOException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
+
+    /** @inheritDoc */
+    protected void engineInitVerify(Key publicKey) throws XMLSignatureException {
+
+        if (!(publicKey instanceof PublicKey)) {
+            String supplied = publicKey.getClass().getName();
+            String needed = PublicKey.class.getName();
+            Object exArgs[] = { supplied, needed };
+
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
+        }
+
+        try {
+            this.signatureAlgorithm.initVerify((PublicKey) publicKey);
+        } catch (InvalidKeyException ex) {
             // reinstantiate Signature object to work around bug in JDK
             // see: http://bugs.sun.com/view_bug.do?bug_id=4953555
-            Signature sig = this._signatureAlgorithm;
+            Signature sig = this.signatureAlgorithm;
             try {
-                this._signatureAlgorithm = Signature.getInstance
+                this.signatureAlgorithm = Signature.getInstance(signatureAlgorithm.getAlgorithm());
-                    (_signatureAlgorithm.getAlgorithm());
             } catch (Exception e) {
                 // this shouldn't occur, but if it does, restore previous
                 // Signature
                 if (log.isLoggable(java.util.logging.Level.FINE)) {
                     log.log(java.util.logging.Level.FINE, "Exception when reinstantiating Signature:" + e);
                 }
-                this._signatureAlgorithm = sig;
+                this.signatureAlgorithm = sig;
             }
             throw new XMLSignatureException("empty", ex);
-      }
+        }
-   }
+    }
 
-   /** @inheritDoc */
+    /** @inheritDoc */
-   protected byte[] engineSign() throws XMLSignatureException {
+    protected byte[] engineSign() throws XMLSignatureException {
+        try {
+            byte jcebytes[] = this.signatureAlgorithm.sign();
 
-      try {
+            return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
-         byte jcebytes[] = this._signatureAlgorithm.sign();
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException("empty", ex);
+        } catch (IOException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-         return SignatureECDSA.convertASN1toXMLDSIG(jcebytes);
+    /** @inheritDoc */
-      } catch (SignatureException ex) {
+    protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
-         throw new XMLSignatureException("empty", ex);
+        throws XMLSignatureException {
-      } catch (IOException ex) {
+        if (!(privateKey instanceof PrivateKey)) {
-          throw new XMLSignatureException("empty", ex);
+            String supplied = privateKey.getClass().getName();
-      }
+            String needed = PrivateKey.class.getName();
-   }
+            Object exArgs[] = { supplied, needed };
 
-   /** @inheritDoc */
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-   protected void engineInitSign(Key privateKey, SecureRandom secureRandom)
+        }
-           throws XMLSignatureException {
 
-      if (!(privateKey instanceof PrivateKey)) {
+        try {
-         String supplied = privateKey.getClass().getName();
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey, secureRandom);
-         String needed = PrivateKey.class.getName();
+        } catch (InvalidKeyException ex) {
-         Object exArgs[] = { supplied, needed };
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+    /** @inheritDoc */
-                                         exArgs);
+    protected void engineInitSign(Key privateKey) throws XMLSignatureException {
-      }
+        if (!(privateKey instanceof PrivateKey)) {
+            String supplied = privateKey.getClass().getName();
+            String needed = PrivateKey.class.getName();
+            Object exArgs[] = { supplied, needed };
 
-      try {
+            throw new XMLSignatureException("algorithms.WrongKeyForThisOperation", exArgs);
-         this._signatureAlgorithm.initSign((PrivateKey) privateKey,
+        }
-                                           secureRandom);
-      } catch (InvalidKeyException ex) {
-         throw new XMLSignatureException("empty", ex);
-      }
-   }
 
-   /** @inheritDoc */
+        try {
-   protected void engineInitSign(Key privateKey) throws XMLSignatureException {
+            this.signatureAlgorithm.initSign((PrivateKey) privateKey);
+        } catch (InvalidKeyException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      if (!(privateKey instanceof PrivateKey)) {
+    /** @inheritDoc */
-         String supplied = privateKey.getClass().getName();
+    protected void engineUpdate(byte[] input) throws XMLSignatureException {
-         String needed = PrivateKey.class.getName();
+        try {
-         Object exArgs[] = { supplied, needed };
+            this.signatureAlgorithm.update(input);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-         throw new XMLSignatureException("algorithms.WrongKeyForThisOperation",
+    /** @inheritDoc */
-                                         exArgs);
+    protected void engineUpdate(byte input) throws XMLSignatureException {
-      }
+        try {
+            this.signatureAlgorithm.update(input);
+        } catch (SignatureException ex) {
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-      try {
+    /** @inheritDoc */
-         this._signatureAlgorithm.initSign((PrivateKey) privateKey);
+    protected void engineUpdate(byte buf[], int offset, int len) throws XMLSignatureException {
-      } catch (InvalidKeyException ex) {
+        try {
-         throw new XMLSignatureException("empty", ex);
+            this.signatureAlgorithm.update(buf, offset, len);
-      }
+        } catch (SignatureException ex) {
-   }
+            throw new XMLSignatureException("empty", ex);
+        }
+    }
 
-   /** @inheritDoc */
+    /** @inheritDoc */
-   protected void engineUpdate(byte[] input) throws XMLSignatureException {
+    protected String engineGetJCEAlgorithmString() {
+        return this.signatureAlgorithm.getAlgorithm();
+    }
 
-      try {
+    /** @inheritDoc */
-         this._signatureAlgorithm.update(input);
+    protected String engineGetJCEProviderName() {
-      } catch (SignatureException ex) {
+        return this.signatureAlgorithm.getProvider().getName();
-         throw new XMLSignatureException("empty", ex);
+    }
-      }
-   }
 
-   /** @inheritDoc */
+    /** @inheritDoc */
-   protected void engineUpdate(byte input) throws XMLSignatureException {
+    protected void engineSetHMACOutputLength(int HMACOutputLength)
+        throws XMLSignatureException {
+        throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+    }
 
-      try {
+    /** @inheritDoc */
-         this._signatureAlgorithm.update(input);
+    protected void engineInitSign(
-      } catch (SignatureException ex) {
+        Key signingKey, AlgorithmParameterSpec algorithmParameterSpec
-         throw new XMLSignatureException("empty", ex);
+    ) throws XMLSignatureException {
-      }
+        throw new XMLSignatureException("algorithms.CannotUseAlgorithmParameterSpecOnRSA");
-   }
+    }
 
-   /** @inheritDoc */
+    /**
-   protected void engineUpdate(byte buf[], int offset, int len)
+     * Class SignatureRSASHA1
-           throws XMLSignatureException {
+     *
+     * @author $Author: marcx $
+     */
+    public static class SignatureECDSASHA1 extends SignatureECDSA {
+        /**
+         * Constructor SignatureRSASHA1
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA1() throws XMLSignatureException {
+            super();
+        }
 
-      try {
+        /** @inheritDoc */
-         this._signatureAlgorithm.update(buf, offset, len);
+        public String engineGetURI() {
-      } catch (SignatureException ex) {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
-         throw new XMLSignatureException("empty", ex);
+        }
-      }
+    }
-   }
 
-   /** @inheritDoc */
+    /**
-   protected String engineGetJCEAlgorithmString() {
+     * Class SignatureRSASHA256
-      return this._signatureAlgorithm.getAlgorithm();
+     *
-   }
+     * @author Alex Dupre
+     */
+    public static class SignatureECDSASHA256 extends SignatureECDSA {
 
-   /** @inheritDoc */
+        /**
-   protected String engineGetJCEProviderName() {
+         * Constructor SignatureRSASHA256
-      return this._signatureAlgorithm.getProvider().getName();
+         *
-   }
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA256() throws XMLSignatureException {
+            super();
+        }
 
-   /** @inheritDoc */
+        /** @inheritDoc */
-   protected void engineSetHMACOutputLength(int HMACOutputLength)
+        public String engineGetURI() {
-           throws XMLSignatureException {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA256;
-      throw new XMLSignatureException("algorithms.HMACOutputLengthOnlyForHMAC");
+        }
-   }
+    }
 
-   /** @inheritDoc */
+    /**
-   protected void engineInitSign(
+     * Class SignatureRSASHA384
-           Key signingKey, AlgorithmParameterSpec algorithmParameterSpec)
+     *
-              throws XMLSignatureException {
+     * @author Alex Dupre
-      throw new XMLSignatureException(
+     */
-         "algorithms.CannotUseAlgorithmParameterSpecOnRSA");
+    public static class SignatureECDSASHA384 extends SignatureECDSA {
-   }
 
-   /**
+        /**
-    * Class SignatureRSASHA1
+         * Constructor SignatureRSASHA384
-    *
+         *
-    * @author $Author: mullan $
+         * @throws XMLSignatureException
-    * @version $Revision: 1.2 $
+         */
-    */
+        public SignatureECDSASHA384() throws XMLSignatureException {
-   public static class SignatureECDSASHA1 extends SignatureECDSA {
+            super();
+        }
 
-      /**
+        /** @inheritDoc */
-       * Constructor SignatureRSASHA1
+        public String engineGetURI() {
-       *
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA384;
-       * @throws XMLSignatureException
+        }
-       */
+    }
-      public SignatureECDSASHA1() throws XMLSignatureException {
-         super();
-      }
 
-      /** @inheritDoc */
+    /**
-      public String engineGetURI() {
+     * Class SignatureRSASHA512
-         return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+     *
-      }
+     * @author Alex Dupre
-   }
+     */
+    public static class SignatureECDSASHA512 extends SignatureECDSA {
+
+        /**
+         * Constructor SignatureRSASHA512
+         *
+         * @throws XMLSignatureException
+         */
+        public SignatureECDSASHA512() throws XMLSignatureException {
+            super();
+        }
+
+        /** @inheritDoc */
+        public String engineGetURI() {
+            return XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512;
+        }
+    }
 
 }