From a8da73929a3d1cbcc69c5592f18b8226ab4800a5 Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Wed, 25 Feb 2015 14:01:27 +0300
Subject: [PATCH 01/35] 8043393: NullPointerException and no event received
 when clipboard data flavor changes

Reviewed-by: ant, azvegint
---
 .../sun/awt/datatransfer/SunClipboard.java    | 29 +++++++++----------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/jdk/src/java.desktop/share/classes/sun/awt/datatransfer/SunClipboard.java b/jdk/src/java.desktop/share/classes/sun/awt/datatransfer/SunClipboard.java
index 258a298adbe..7e73f3fb284 100644
--- a/jdk/src/java.desktop/share/classes/sun/awt/datatransfer/SunClipboard.java
+++ b/jdk/src/java.desktop/share/classes/sun/awt/datatransfer/SunClipboard.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import java.awt.datatransfer.UnsupportedFlavorException;
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
 
-import java.util.Objects;
+import java.util.Arrays;
 import java.util.Set;
 import java.util.HashSet;
 
@@ -74,12 +74,11 @@ public abstract class SunClipboard extends Clipboard
     private volatile int numberOfFlavorListeners = 0;
 
     /**
-     * A set of <code>DataFlavor</code>s that is available on
-     * this clipboard. It is used for tracking changes
-     * of <code>DataFlavor</code>s available on this clipboard.
+     * A set of {@code DataFlavor}s that is available on this clipboard. It is
+     * used for tracking changes of {@code DataFlavor}s available on this
+     * clipboard. Can be {@code null}.
      */
-    private volatile Set<DataFlavor> currentDataFlavors;
-
+    private volatile long[] currentFormats;
 
     public SunClipboard(String name) {
         super(name);
@@ -362,11 +361,11 @@ public abstract class SunClipboard extends Clipboard
             try {
                 openClipboard(null);
                 currentFormats = getClipboardFormats();
-            } catch (IllegalStateException exc) {
+            } catch (final IllegalStateException ignored) {
             } finally {
                 closeClipboard();
             }
-            currentDataFlavors = formatArrayAsDataFlavorSet(currentFormats);
+            this.currentFormats = currentFormats;
 
             registerClipboardViewerChecked();
         }
@@ -383,7 +382,7 @@ public abstract class SunClipboard extends Clipboard
         }
         if (flavorListeners.remove(listener) && --numberOfFlavorListeners == 0) {
             unregisterClipboardViewerChecked();
-            currentDataFlavors = null;
+            currentFormats = null;
         }
     }
 
@@ -416,18 +415,16 @@ public abstract class SunClipboard extends Clipboard
      * @param formats data formats that have just been retrieved from
      *        this clipboard
      */
-    public void checkChange(long[] formats) {
-        Set<DataFlavor> prevDataFlavors = currentDataFlavors;
-        currentDataFlavors = formatArrayAsDataFlavorSet(formats);
-
-        if (Objects.equals(prevDataFlavors, currentDataFlavors)) {
+    public final void checkChange(final long[] formats) {
+        if (Arrays.equals(formats, currentFormats)) {
             // we've been able to successfully get available on the clipboard
             // DataFlavors this and previous time and they are coincident;
             // don't notify
             return;
         }
+        currentFormats = formats;
 
-        for (AppContext appContext : AppContext.getAppContexts()) {
+        for (final AppContext appContext : AppContext.getAppContexts()) {
             if (appContext == null || appContext.isDisposed()) {
                 continue;
             }

From f2de6b3408244b0e94b042decbfbd855e911f853 Mon Sep 17 00:00:00 2001
From: Phil Race <prr@openjdk.org>
Date: Wed, 25 Feb 2015 13:45:09 -0800
Subject: [PATCH 02/35] 8073699: Memory leak in
 jdk/src/java/desktop/share/native/libjavajpeg/imageioJPEG.c

Reviewed-by: bae, serb
---
 .../java.desktop/share/native/libjavajpeg/imageioJPEG.c   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
index 2fb507c0f66..f0d5c019a8d 100644
--- a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
+++ b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
@@ -2778,6 +2778,14 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_writeImage
     pb = &data->pixelBuf;
 
     if (setPixelBuffer(env, pb, buffer) == NOT_OK) {
+        if (scale != NULL) {
+            for (i = 0; i < numBands; i++) {
+                if (scale[i] != NULL) {
+                    free(scale[i]);
+                }
+            }
+            free(scale);
+        }
         return data->abortFlag;  // We already threw an out of memory exception
     }
 

From b15e27a0b282ae2b7021850064d75613daa32cbb Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Thu, 26 Feb 2015 16:41:39 +0300
Subject: [PATCH 03/35] 8073795: JMenuBar looks bad under retina

Reviewed-by: alexsch, azvegint
---
 .../com/apple/laf/AquaMenuBarBorder.java      |  45 +++---
 .../javax/swing/plaf/basic/BasicBorders.java  |  10 +-
 .../javax/swing/plaf/metal/MetalBorders.java  |  26 ++--
 .../MisplacedBorder/MisplacedBorder.java      | 135 ++++++++++++++++++
 4 files changed, 169 insertions(+), 47 deletions(-)
 create mode 100644 jdk/test/javax/swing/JMenuBar/MisplacedBorder/MisplacedBorder.java

diff --git a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarBorder.java b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarBorder.java
index 389eb4cfeec..bd5ab2b6a8a 100644
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarBorder.java
+++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarBorder.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,46 +25,33 @@
 
 package com.apple.laf;
 
-import java.awt.*;
+import java.awt.Color;
+import java.awt.Component;
+import java.awt.Graphics;
+import java.awt.Insets;
 
 import javax.swing.border.Border;
 
+import sun.swing.SwingUtilities2;
+
+/**
+ * The class represents the border of a {@code JMenuBar}.
+ */
 public class AquaMenuBarBorder implements Border {
-    public AquaMenuBarBorder() {
-        super();
-    }
 
-    /**
-     * Paints the border for the specified component with the specified
-     * position and size.
-     * @param c the component for which this border is being painted
-     * @param g the paint graphics
-     * @param x the x position of the painted border
-     * @param y the y position of the painted border
-     * @param width the width of the painted border
-     * @param height the height of the painted border
-     */
-    public void paintBorder(final Component c, final Graphics g, final int x, final int y, final int width, final int height) {
-        // for now we don't paint a border. We let the button paint it since there
-        // needs to be a strict ordering for aqua components.
-        //paintButton(c, g, x, y, width, height);
+    @Override
+    public void paintBorder(final Component c, final Graphics g, final int x,
+                            final int y, final int width, final int height) {
         g.setColor(Color.gray);
-        g.drawLine(x, y + height - 1, x + width, y + height - 1);
+        SwingUtilities2.drawHLine(g, x, x + width - 1, y + height - 1);
     }
 
-    /**
-     * Returns the insets of the border.
-     * @param c the component for which this border insets value applies
-     */
+    @Override
     public Insets getBorderInsets(final Component c) {
         return new Insets(0, 0, 1, 0);
     }
 
-    /**
-     * Returns whether or not the border is opaque.  If the border
-     * is opaque, it is responsible for filling in it's own
-     * background when painting.
-     */
+    @Override
     public boolean isBorderOpaque() {
         return false;
     }
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/plaf/basic/BasicBorders.java b/jdk/src/java.desktop/share/classes/javax/swing/plaf/basic/BasicBorders.java
index 633b2f91ee4..949c3e35f4a 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/plaf/basic/BasicBorders.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/plaf/basic/BasicBorders.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,8 @@ import java.awt.Rectangle;
 import java.awt.Color;
 import java.awt.Graphics;
 
+import sun.swing.SwingUtilities2;
+
 /**
  * Factory object that can vend Borders appropriate for the basic L &amp; F.
  * @author Georges Saab
@@ -453,10 +455,10 @@ public class BasicBorders {
             Color oldColor = g.getColor();
             g.translate(x, y);
             g.setColor(shadow);
-            g.drawLine(0, height-2, width, height-2);
+            SwingUtilities2.drawHLine(g, 0, width - 1, height - 2);
             g.setColor(highlight);
-            g.drawLine(0, height-1, width, height-1);
-            g.translate(-x,-y);
+            SwingUtilities2.drawHLine(g, 0, width - 1, height - 1);
+            g.translate(-x, -y);
             g.setColor(oldColor);
         }
 
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/plaf/metal/MetalBorders.java b/jdk/src/java.desktop/share/classes/javax/swing/plaf/metal/MetalBorders.java
index a49a4a8bb48..edbd02bbbad 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/plaf/metal/MetalBorders.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/plaf/metal/MetalBorders.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,7 @@ import java.awt.Graphics;
 import java.awt.Window;
 
 import sun.swing.StringUIClientPropertyKey;
+import sun.swing.SwingUtilities2;
 
 
 /**
@@ -559,25 +560,22 @@ public class MetalBorders {
         protected static Insets borderInsets = new Insets( 1, 0, 1, 0 );
 
         public void paintBorder( Component c, Graphics g, int x, int y, int w, int h ) {
-            g.translate( x, y );
+            g.translate(x, y);
 
             if (MetalLookAndFeel.usingOcean()) {
-                // Only paint a border if we're not next to a horizontal
-                // toolbar
-                if ((c instanceof JMenuBar) && !MetalToolBarUI.doesMenuBarBorderToolBar((JMenuBar)c)) {
+                // Only paint a border if we're not next to a horizontal toolbar
+                if (c instanceof JMenuBar
+                        && !MetalToolBarUI.doesMenuBarBorderToolBar((JMenuBar)c)) {
                     g.setColor(MetalLookAndFeel.getControl());
-                    g.drawLine(0, h - 2, w, h - 2);
+                    SwingUtilities2.drawHLine(g, 0, w - 1, h - 2);
                     g.setColor(UIManager.getColor("MenuBar.borderColor"));
-                    g.drawLine(0, h - 1, w, h - 1);
+                    SwingUtilities2.drawHLine(g, 0, w - 1, h - 1);
                 }
+            } else {
+                g.setColor(MetalLookAndFeel.getControlShadow());
+                SwingUtilities2.drawHLine(g, 0, w - 1, h - 1);
             }
-            else {
-                g.setColor( MetalLookAndFeel.getControlShadow() );
-                g.drawLine( 0, h-1, w, h-1 );
-            }
-
-            g.translate( -x, -y );
-
+            g.translate(-x, -y);
         }
 
         public Insets getBorderInsets(Component c, Insets newInsets) {
diff --git a/jdk/test/javax/swing/JMenuBar/MisplacedBorder/MisplacedBorder.java b/jdk/test/javax/swing/JMenuBar/MisplacedBorder/MisplacedBorder.java
new file mode 100644
index 00000000000..43a7dc31533
--- /dev/null
+++ b/jdk/test/javax/swing/JMenuBar/MisplacedBorder/MisplacedBorder.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.Color;
+import java.awt.Graphics2D;
+import java.awt.image.BufferedImage;
+import java.io.File;
+import java.io.IOException;
+
+import javax.imageio.ImageIO;
+import javax.swing.JFrame;
+import javax.swing.JMenu;
+import javax.swing.JMenuBar;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
+
+import static java.awt.image.BufferedImage.TYPE_INT_ARGB_PRE;
+import static javax.swing.UIManager.getInstalledLookAndFeels;
+
+/**
+ * @test
+ * @bug 8073795
+ * @summary JMenuBar has incorrect border when the window is on retina display.
+ * @author Sergey Bylokhov
+ * @run main/othervm MisplacedBorder
+ * @run main/othervm -Dswing.metalTheme=steel MisplacedBorder
+ */
+public final class MisplacedBorder implements Runnable {
+
+    public static final int W = 400;
+    public static final int H = 400;
+
+    public static void main(final String[] args) throws Exception {
+        for (final UIManager.LookAndFeelInfo laf : getInstalledLookAndFeels()) {
+            SwingUtilities.invokeAndWait(() -> setLookAndFeel(laf));
+            SwingUtilities.invokeAndWait(new MisplacedBorder());
+        }
+        System.out.println("Test passed");
+    }
+
+    @Override
+    public void run() {
+        final JMenuBar menubar = new JMenuBar();
+        menubar.add(new JMenu(""));
+        menubar.add(new JMenu(""));
+        final JFrame frame = new JFrame();
+        frame.setUndecorated(true);
+        frame.setJMenuBar(menubar);
+        frame.setSize(W / 3, H / 3);
+        frame.setLocationRelativeTo(null);
+        frame.setVisible(true);
+
+        // draw menu bar using standard order.
+        final BufferedImage bi1 = step1(menubar);
+
+        // draw menu border on top of the menu bar, nothing should be changed.
+        final BufferedImage bi2 = step2(menubar);
+        frame.dispose();
+
+        for (int x = 0; x < W; ++x) {
+            for (int y = 0; y < H; ++y) {
+                if (bi1.getRGB(x, y) != bi2.getRGB(x, y)) {
+                    try {
+                        ImageIO.write(bi1, "png", new File("image1.png"));
+                        ImageIO.write(bi2, "png", new File("image2.png"));
+                    } catch (IOException e) {
+                        e.printStackTrace();
+                    }
+                    throw new RuntimeException("Failed: wrong color");
+                }
+            }
+        }
+    }
+
+    /**
+     * Draws standard JMenuBar.
+     */
+    private BufferedImage step1(final JMenuBar menubar) {
+        final BufferedImage bi1 = new BufferedImage(W, H, TYPE_INT_ARGB_PRE);
+        final Graphics2D g2d = bi1.createGraphics();
+        g2d.scale(2, 2);
+        g2d.setColor(Color.RED);
+        g2d.fillRect(0, 0, W, H);
+        menubar.paintAll(g2d);
+        g2d.dispose();
+        return bi1;
+    }
+
+    /**
+     * Draws standard JMenuBar and border on top of it.
+     */
+    private BufferedImage step2(final JMenuBar menubar) {
+        final BufferedImage bi2 = new BufferedImage(W, H, TYPE_INT_ARGB_PRE);
+        final Graphics2D g2d2 = bi2.createGraphics();
+        g2d2.scale(2, 2);
+        g2d2.setColor(Color.RED);
+        g2d2.fillRect(0, 0, W, H);
+        menubar.paintAll(g2d2);
+        menubar.getBorder().paintBorder(menubar, g2d2, menubar.getX(), menubar
+                .getX(), menubar.getWidth(), menubar.getHeight());
+        g2d2.dispose();
+        return bi2;
+    }
+
+    private static void setLookAndFeel(final UIManager.LookAndFeelInfo laf) {
+        try {
+            UIManager.setLookAndFeel(laf.getClassName());
+            System.out.println("LookAndFeel: " + laf.getClassName());
+        } catch (ClassNotFoundException | InstantiationException |
+                UnsupportedLookAndFeelException | IllegalAccessException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
\ No newline at end of file

From 104db62ecafd761dea22b3b625ca044a51911058 Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Fri, 27 Feb 2015 01:06:39 +0300
Subject: [PATCH 04/35] 4958064: JPGWriter does not throw UnsupportedException
 when canWriteSequence retuns false

Reviewed-by: prr, bae
---
 .../imageio/plugins/jpeg/JPEGImageWriter.java |  5 ++
 .../plugins/shared/CanWriteSequence.java      | 78 +++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java

diff --git a/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java b/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
index 0daa7d38b79..bc24343f9ba 100644
--- a/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
+++ b/jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
@@ -1104,6 +1104,11 @@ public class JPEGImageWriter extends ImageWriter {
         currentImage++;  // After a successful write
     }
 
+    @Override
+    public boolean canWriteSequence() {
+        return true;
+    }
+
     public void prepareWriteSequence(IIOMetadata streamMetadata)
         throws IOException {
         setThreadLock();
diff --git a/jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java b/jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
new file mode 100644
index 00000000000..54da1b77cb7
--- /dev/null
+++ b/jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.Iterator;
+
+import javax.imageio.ImageIO;
+import javax.imageio.ImageWriter;
+import javax.imageio.metadata.IIOMetadata;
+import javax.imageio.spi.IIORegistry;
+import javax.imageio.spi.ImageWriterSpi;
+import javax.imageio.stream.ImageOutputStream;
+
+/**
+ * @test
+ * @bug 4958064
+ * @author Sergey Bylokhov
+ */
+public final class CanWriteSequence {
+
+    public static void main(final String[] args) throws Exception {
+        final IIORegistry registry = IIORegistry.getDefaultInstance();
+        final Iterator<ImageWriterSpi> iter =
+                registry.getServiceProviders(ImageWriterSpi.class,
+                        provider -> true, true);
+        // Validates all supported ImageWriters
+        while (iter.hasNext()) {
+            final ImageWriter writer = iter.next().createWriterInstance();
+            System.out.println("ImageWriter = " + writer);
+            test(writer);
+        }
+        System.out.println("Test passed");
+    }
+
+    private static void test(final ImageWriter writer) throws Exception {
+        final File file = File.createTempFile("temp", ".img");
+        file.deleteOnExit();
+        final FileOutputStream fos = new FileOutputStream(file);
+        final ImageOutputStream ios = ImageIO.createImageOutputStream(fos);
+        writer.setOutput(ios);
+        final IIOMetadata data = writer.getDefaultStreamMetadata(null);
+
+        if (writer.canWriteSequence()) {
+            writer.prepareWriteSequence(data);
+        } else {
+            try {
+                writer.prepareWriteSequence(data);
+                throw new RuntimeException(
+                        "UnsupportedOperationException was not thrown");
+            } catch (final UnsupportedOperationException ignored) {
+                // expected
+            }
+        }
+        writer.dispose();
+        ios.close();
+    }
+}
\ No newline at end of file

From 307da40f99977566768d582aa2193e7882b17eec Mon Sep 17 00:00:00 2001
From: Prasanta Sadhukhan <prasanta.sadhukhan@oracle.com>
Date: Mon, 2 Mar 2015 16:34:44 +0300
Subject: [PATCH 05/35] 8048782: OpenJDK: PiscesCache : xmax/ymax rounding up
 can cause RasterFormatException

Reviewed-by: prr, flar
---
 .../sun/java2d/pisces/PiscesCache.java        |   9 +
 .../java2d/pisces/PiscesTileGenerator.java    |   5 +-
 .../sun/java2d/pisces/OpenJDKFillBug.java     | 173 ++++++++++++++++++
 3 files changed, 183 insertions(+), 4 deletions(-)
 create mode 100644 jdk/test/sun/java2d/pisces/OpenJDKFillBug.java

diff --git a/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesCache.java b/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesCache.java
index fd8cfa7917f..a26e7aa05f3 100644
--- a/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesCache.java
+++ b/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesCache.java
@@ -167,6 +167,15 @@ final class PiscesCache {
         rowAARLE[row][1] = end;
     }
 
+    void getBBox(int bbox[]) {
+        // Since we add +1 to bboxX1,bboxY1 so when PTG asks for bbox,
+        // we will give after -1
+        bbox[0] = bboxX0;
+        bbox[1] = bboxY0;
+        bbox[2] = bboxX1 - 1;
+        bbox[3] = bboxY1 - 1;
+    }
+
     @Override
     public String toString() {
         String ret = "bbox = ["+
diff --git a/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesTileGenerator.java b/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesTileGenerator.java
index 2fc2e9c7e7c..7f1b49eca54 100644
--- a/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesTileGenerator.java
+++ b/jdk/src/java.desktop/share/classes/sun/java2d/pisces/PiscesTileGenerator.java
@@ -76,10 +76,7 @@ final class PiscesTileGenerator implements AATileGenerator {
     }
 
     public void getBbox(int bbox[]) {
-        bbox[0] = cache.bboxX0;
-        bbox[1] = cache.bboxY0;
-        bbox[2] = cache.bboxX1;
-        bbox[3] = cache.bboxY1;
+        cache.getBBox(bbox);
         //System.out.println("bbox["+bbox[0]+", "+bbox[1]+" => "+bbox[2]+", "+bbox[3]+"]");
     }
 
diff --git a/jdk/test/sun/java2d/pisces/OpenJDKFillBug.java b/jdk/test/sun/java2d/pisces/OpenJDKFillBug.java
new file mode 100644
index 00000000000..1c39583d922
--- /dev/null
+++ b/jdk/test/sun/java2d/pisces/OpenJDKFillBug.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.awt.Color;
+import java.awt.Composite;
+import java.awt.CompositeContext;
+import java.awt.Graphics2D;
+import java.awt.RenderingHints;
+import java.awt.geom.AffineTransform;
+import java.awt.geom.GeneralPath;
+import java.awt.image.BufferedImage;
+import java.awt.image.ColorModel;
+import java.awt.image.Raster;
+import java.awt.image.WritableRaster;
+import java.awt.image.RasterFormatException;
+
+/**
+ * @test
+ * @bug 8048782
+ * @summary Test program that demonstrates PiscesRendering bug in
+ * OpenJDK 1.7.0.60 (and probably in all other OpenJDK versions, too).
+ */
+
+public class OpenJDKFillBug
+{
+    /**
+     * Test program that demonstrates a bug in OpenJDK 1.7.0.60 (and
+     * probably in all other OpenJDK versions, too). To see the bug, simply run
+     * the 'main' program with OpenJDK. The bug makes the 'g2d.fill'
+     * method fail with the following exception:
+     *
+     * This bug is found in OpenJDK but also is present in OracleJDK
+     * if run with
+     * -Dsun.java2d.renderer=sun.java2d.pisces.PiscesRenderingEngine
+     *
+     * The bug is related to sun.java2d.pisces.PiscesCache constructor
+     * that accepts '(int minx,int miny,int maxx,int maxy)' arguments:
+     * the internal 'bboxX1' and 'bboxY1' are set to values one greater
+     * than given maximum X and Y values. Those maximum values are then
+     * later used in AAShapePipe' class 'renderTiles' method, where a
+     * Y/X loop eventually calls 'GeneralCompositePipe' class
+     * 'renderPathTile' method. In that method, the operation will
+     * eventually call 'IntegerInterleavedRaster' class
+     * 'createWritableChild' method with arguments:
+     *
+     * <UL>
+     * <LI>x=800
+     * <LI>y=0
+     * <LI>width=2 (this value is too high: should be 1)
+     * <LI>height=32
+     * <LI>x0=0
+     * <LI>y0=0
+     * <LI>bandList[]=null
+     * </UL>
+     *
+     * This calls for a sub-raster with bounds that fall outside the
+     * original raster, and therefore the 'createWritableChild' method
+     * correctly throws 'RasterFormatException'.
+     *
+     * The bug is closely related to the use of a custom Composite
+     * implementation, which are quite rare. The application where this
+     * bug was first detected implements a high-quality PDF rendering
+     * engine that needs custom Composite operations to properly
+     * implement PDF advanced color blending and masking operators.
+     */
+
+    public static void main(String args[])
+    {
+        BufferedImage bi = new BufferedImage(801,1202,
+                                             BufferedImage.TYPE_INT_ARGB);
+        Graphics2D g2d = bi.createGraphics();
+        GeneralPath gp = new GeneralPath();
+        AffineTransform m = new AffineTransform(2.483489907915543,
+                                                0.0,
+                                                0.0,
+                                                -2.4844977263331955,
+                                                0.0,
+                                                1202.0);
+        Composite c = new CustomComposite();
+
+        gp.moveTo(-4.511, -14.349);
+        gp.lineTo(327.489, -14.349);
+        gp.lineTo(327.489, 494.15);
+        gp.lineTo(-4.511, 494.15);
+        gp.closePath();
+
+        g2d.setRenderingHint(RenderingHints.KEY_ALPHA_INTERPOLATION,
+                             RenderingHints.VALUE_ALPHA_INTERPOLATION_QUALITY);
+        g2d.setRenderingHint(RenderingHints.KEY_RENDERING,
+                             RenderingHints.VALUE_RENDER_QUALITY);
+        g2d.setRenderingHint(RenderingHints.KEY_COLOR_RENDERING,
+                             RenderingHints.VALUE_COLOR_RENDER_QUALITY);
+        g2d.setRenderingHint(RenderingHints.KEY_TEXT_LCD_CONTRAST,
+                             Integer.valueOf(140));
+        g2d.setRenderingHint(RenderingHints.KEY_DITHERING,
+                             RenderingHints.VALUE_DITHER_ENABLE);
+        g2d.setRenderingHint(RenderingHints.KEY_TEXT_ANTIALIASING,
+                             RenderingHints.VALUE_TEXT_ANTIALIAS_DEFAULT);
+        g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING,
+                             RenderingHints.VALUE_ANTIALIAS_ON);
+        g2d.setRenderingHint(RenderingHints.KEY_STROKE_CONTROL,
+                             RenderingHints.VALUE_STROKE_NORMALIZE);
+        g2d.setPaint(Color.red);
+        g2d.setComposite(c);
+        g2d.setTransform(m);
+        try {
+            g2d.fill(gp);
+        } catch (RasterFormatException rfe) {
+            System.out.println("Test failed");
+            throw new RuntimeException("xmax/ymax rounding cause RasterFormatException: " + rfe);
+        }
+        g2d.dispose();
+        System.out.println("Test passed");
+    }
+
+    // === CustomComposite ===
+
+    /**
+     * Dummy custom Composite implementation.
+     */
+
+    public static class CustomComposite implements Composite
+    {
+        @Override
+        public CompositeContext createContext(ColorModel srcColorModel,
+                                              ColorModel dstColorModel,
+                                              RenderingHints hints)
+        {
+            return new CustomCompositeContext();
+        }
+
+        // === CustomCompositeContext ===
+
+        /**
+         * Dummy custom CompositeContext implementation.
+         */
+
+        public static class CustomCompositeContext implements CompositeContext
+        {
+
+            @Override
+            public void dispose()
+            {
+                // NOP
+            }
+
+            @Override
+            public void compose(Raster src,Raster dstIn,WritableRaster dstOut)
+            {
+                // NOP
+            }
+        }
+    }
+}

From 3ca192f3b3652902833530120d454ed76f0e9cf0 Mon Sep 17 00:00:00 2001
From: Prasanta Sadhukhan <prasanta.sadhukhan@oracle.com>
Date: Tue, 3 Mar 2015 17:50:01 +0300
Subject: [PATCH 06/35] 8039345: Strange behaviour of per-pixel translucency on
 linux

Reviewed-by: prr, azvegint
---
 .../classes/sun/java2d/xr/XRSurfaceData.java  |  14 ++-
 .../XRSurfaceData/ComponentResizeTest.java    | 100 ++++++++++++++++++
 2 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 jdk/test/sun/java2d/XRSurfaceData/ComponentResizeTest.java

diff --git a/jdk/src/java.desktop/unix/classes/sun/java2d/xr/XRSurfaceData.java b/jdk/src/java.desktop/unix/classes/sun/java2d/xr/XRSurfaceData.java
index 296bf4b62f2..dcfd6325b35 100644
--- a/jdk/src/java.desktop/unix/classes/sun/java2d/xr/XRSurfaceData.java
+++ b/jdk/src/java.desktop/unix/classes/sun/java2d/xr/XRSurfaceData.java
@@ -548,8 +548,18 @@ public abstract class XRSurfaceData extends XSurfaceData {
                   peer.getColorModel().getPixelSize(), Transparency.OPAQUE);
 
             if (isXRDrawableValid()) {
-                initXRender(XRUtils.
-                    getPictureFormatForTransparency(Transparency.OPAQUE));
+                // If we have a 32 bit color model for the window it needs
+                // alpha to support translucency of the window so we need
+                // to get the ARGB32 XRender picture format else for
+                // 24 bit colormodel we need RGB24 or OPAQUE pictureformat.
+                if (peer.getColorModel().getPixelSize() == 32) {
+                     initXRender(XRUtils.
+                      getPictureFormatForTransparency(Transparency.TRANSLUCENT));
+                 }
+                 else {
+                     initXRender(XRUtils.
+                       getPictureFormatForTransparency(Transparency.OPAQUE));
+                 }
                 makePipes();
             }
         }
diff --git a/jdk/test/sun/java2d/XRSurfaceData/ComponentResizeTest.java b/jdk/test/sun/java2d/XRSurfaceData/ComponentResizeTest.java
new file mode 100644
index 00000000000..db9e1e57147
--- /dev/null
+++ b/jdk/test/sun/java2d/XRSurfaceData/ComponentResizeTest.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.Color;
+import java.awt.FlowLayout;
+import javax.swing.JButton;
+import javax.swing.JCheckBox;
+import javax.swing.JFrame;
+import javax.swing.SwingUtilities;
+import java.awt.Component;
+import javax.swing.JOptionPane;
+
+/**
+ * @test
+ * @bug 8039345
+ * @author Prasanta Sadhukhan
+ * @run main/manual ComponentResizeTest
+ * @summary Resizes JFrame so that component drawn inside it gets repainted
+ * without leaving any trails
+ */
+public class ComponentResizeTest {
+
+    private static JFrame demoFrame;
+
+    public static void testresize() throws Exception {
+        Thread.sleep(5000);
+        for (int i = 0; i < 20; i++) {
+            SwingUtilities.invokeLater(() -> {
+                demoFrame.setSize(demoFrame.getWidth() + 5, demoFrame.getHeight() + 5);
+            });
+            Thread.sleep(1000);
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        SwingUtilities.invokeAndWait(() -> {
+            JOptionPane.showMessageDialog(
+                    (Component) null,
+                    "The test creates a transparent JFrame and resizes the JFrame. Please verify JFrame is transparent and components (like JButton, checkbox) move without leaving any trails",
+                    "information", JOptionPane.INFORMATION_MESSAGE);
+            createAndShowGUI();
+        });
+
+        try {
+            testresize();
+        } finally {
+            SwingUtilities.invokeLater(() -> {
+                demoFrame.dispose();
+            });
+        }
+
+        SwingUtilities.invokeAndWait(() -> {
+            int confirm = JOptionPane.showConfirmDialog(
+                    (Component) null,
+                    "Did the component resize work without leaving any trails?",
+                    "alert", JOptionPane.YES_NO_OPTION);
+            if (confirm == JOptionPane.YES_OPTION) {
+                System.out.println("Test passed");
+            } else {
+                System.out.println("Test failed");
+                throw new RuntimeException("Component resize leaves trail");
+            }
+        });
+    }
+
+    private static void createAndShowGUI() {
+        demoFrame = new JFrame();
+        demoFrame.setSize(300, 300);
+        demoFrame.setLayout(new FlowLayout());
+        demoFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+        demoFrame.setUndecorated(true);
+        demoFrame.setBackground(new Color(0f, 0, 0, 0.1f));
+        JCheckBox b = new JCheckBox("Whatever");
+        demoFrame.paintAll(null);
+        b.setOpaque(true);
+        demoFrame.add(b);
+        demoFrame.add(new JButton());
+        demoFrame.setVisible(true);
+    }
+}

From 8def2a3e453b99e6e51609a40f927f41d0b44587 Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Tue, 3 Mar 2015 20:23:34 +0300
Subject: [PATCH 07/35] 8073420: JFrame.EXIT_ON_CLOSE can be removed in favour
 of WindowConstants.EXIT_ON_CLOSE

Reviewed-by: art, azvegint, alexsch
---
 .../J2DBench/src/j2dbench/J2DBench.java       |  5 +++--
 .../demo/share/jfc/SampleTree/SampleTree.java |  4 ++--
 jdk/src/demo/share/management/JTop/JTop.java  |  4 ++--
 .../share/classes/javax/swing/JFrame.java     | 20 ++++++-------------
 .../share/classes/javax/swing/JLayer.java     |  4 ++--
 5 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/jdk/src/demo/share/java2d/J2DBench/src/j2dbench/J2DBench.java b/jdk/src/demo/share/java2d/J2DBench/src/j2dbench/J2DBench.java
index 2294e7f01be..053908ca8d8 100644
--- a/jdk/src/demo/share/java2d/J2DBench/src/j2dbench/J2DBench.java
+++ b/jdk/src/demo/share/java2d/J2DBench/src/j2dbench/J2DBench.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -61,6 +61,7 @@ import javax.swing.BoxLayout;
 import javax.swing.JFileChooser;
 import javax.swing.JOptionPane;
 import javax.swing.SwingUtilities;
+import javax.swing.WindowConstants;
 
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -698,7 +699,7 @@ public class J2DBench {
             }
         };
         guiFrame = f;
-        f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+        f.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
         f.getContentPane().setLayout(new BorderLayout());
         f.getContentPane().add(Group.root.getJComponent(), BorderLayout.CENTER);
         JPanel p = new JPanel();
diff --git a/jdk/src/demo/share/jfc/SampleTree/SampleTree.java b/jdk/src/demo/share/jfc/SampleTree/SampleTree.java
index efde28fd6f0..c7093a157ae 100644
--- a/jdk/src/demo/share/jfc/SampleTree/SampleTree.java
+++ b/jdk/src/demo/share/jfc/SampleTree/SampleTree.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -135,7 +135,7 @@ public final class SampleTree {
         panel.add("Center", sp);
         panel.add("South", constructOptionsPanel());
 
-        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+        frame.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
         frame.pack();
         frame.setVisible(true);
     }
diff --git a/jdk/src/demo/share/management/JTop/JTop.java b/jdk/src/demo/share/management/JTop/JTop.java
index ab0cd94e33d..c1d48cc3716 100644
--- a/jdk/src/demo/share/management/JTop/JTop.java
+++ b/jdk/src/demo/share/management/JTop/JTop.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -410,7 +410,7 @@ public class JTop extends JPanel {
     private static void createAndShowGUI(JPanel jtop) {
         // Create and set up the window.
         JFrame frame = new JFrame("JTop");
-        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+        frame.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
 
         // Create and set up the content pane.
         JComponent contentPane = (JComponent) frame.getContentPane();
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/JFrame.java b/jdk/src/java.desktop/share/classes/javax/swing/JFrame.java
index 68d81f602a4..be6b5ba96ba 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/JFrame.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/JFrame.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -127,16 +127,6 @@ public class JFrame  extends Frame implements WindowConstants,
                                               RootPaneContainer,
                               TransferHandler.HasGetTransferHandler
 {
-    /**
-     * The exit application default window close operation. If a window
-     * has this set as the close operation and is closed in an applet,
-     * a <code>SecurityException</code> may be thrown.
-     * It is recommended you only use this in an application.
-     *
-     * @since 1.3
-     */
-    public static final int EXIT_ON_CLOSE = 3;
-
     /**
      * Key into the AppContext, used to check if should provide decorations
      * by default.
@@ -352,7 +342,7 @@ public class JFrame  extends Frame implements WindowConstants,
      * objects.
      *
      * <li><code>EXIT_ON_CLOSE</code>
-     * (defined in <code>JFrame</code>):
+     * (defined in <code>WindowConstants</code>):
      * Exit the application using the <code>System</code>
      * <code>exit</code> method.  Use this only in applications.
      * </ul>
@@ -393,7 +383,9 @@ public class JFrame  extends Frame implements WindowConstants,
             operation != HIDE_ON_CLOSE &&
             operation != DISPOSE_ON_CLOSE &&
             operation != EXIT_ON_CLOSE) {
-            throw new IllegalArgumentException("defaultCloseOperation must be one of: DO_NOTHING_ON_CLOSE, HIDE_ON_CLOSE, DISPOSE_ON_CLOSE, or EXIT_ON_CLOSE");
+            throw new IllegalArgumentException("defaultCloseOperation must be"
+                    + " one of: DO_NOTHING_ON_CLOSE, HIDE_ON_CLOSE,"
+                    + " DISPOSE_ON_CLOSE, or EXIT_ON_CLOSE");
         }
 
         if (operation == EXIT_ON_CLOSE) {
@@ -861,7 +853,7 @@ public class JFrame  extends Frame implements WindowConstants,
             defaultCloseOperationString = "DISPOSE_ON_CLOSE";
         } else if (defaultCloseOperation == DO_NOTHING_ON_CLOSE) {
             defaultCloseOperationString = "DO_NOTHING_ON_CLOSE";
-        } else if (defaultCloseOperation == 3) {
+        } else if (defaultCloseOperation == EXIT_ON_CLOSE) {
             defaultCloseOperationString = "EXIT_ON_CLOSE";
         } else defaultCloseOperationString = "";
         String rootPaneString = (rootPane != null ?
diff --git a/jdk/src/java.desktop/share/classes/javax/swing/JLayer.java b/jdk/src/java.desktop/share/classes/javax/swing/JLayer.java
index 9c22489f5b6..833b09e6e73 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/JLayer.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/JLayer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -103,7 +103,7 @@ import java.security.PrivilegedAction;
  *
  *     private static void createAndShowGUI() {
  *         final JFrame frame = new JFrame();
- *         frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+ *         frame.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
  *
  *         // work with the layer as with any other Swing component
  *         frame.add(createLayer());

From 08af89e08e2e00a0407b6d57cebb7ee20afc3c8d Mon Sep 17 00:00:00 2001
From: Roman Kennke <rkennke@openjdk.org>
Date: Wed, 4 Mar 2015 15:42:02 +0100
Subject: [PATCH 08/35] 8072436: Refactor X11FontManager

Factor fontconfig related code out of X11FontManager into its own superclass FcFontManager.

Reviewed-by: prr, serb
---
 jdk/make/mapfiles/libawt/mapfile-mawt-vers    |   2 +-
 jdk/make/mapfiles/libawt/mapfile-vers-linux   |   2 +-
 .../mapfiles/libawt_headless/mapfile-vers     |   2 +-
 jdk/make/mapfiles/libawt_xawt/mapfile-vers    |   2 +-
 .../unix/classes/sun/awt/FcFontManager.java   | 108 ++++++++++++++++++
 .../unix/classes/sun/awt/X11FontManager.java  |  48 +-------
 .../classes/sun/font/FcFontConfiguration.java |  12 +-
 .../unix/native/common/awt/fontpath.c         |  10 +-
 8 files changed, 126 insertions(+), 60 deletions(-)
 create mode 100644 jdk/src/java.desktop/unix/classes/sun/awt/FcFontManager.java

diff --git a/jdk/make/mapfiles/libawt/mapfile-mawt-vers b/jdk/make/mapfiles/libawt/mapfile-mawt-vers
index 06d3ff802e1..195ba1cbc50 100644
--- a/jdk/make/mapfiles/libawt/mapfile-mawt-vers
+++ b/jdk/make/mapfiles/libawt/mapfile-mawt-vers
@@ -243,7 +243,7 @@ SUNWprivate_1.1 {
 		getDefaultConfig;
                 Java_sun_font_FontConfigManager_getFontConfig;
                 Java_sun_font_FontConfigManager_getFontConfigAASettings;
-		Java_sun_awt_X11FontManager_getFontPathNative;
+		Java_sun_awt_FcFontManager_getFontPathNative;
 		Java_sun_font_SunFontManager_populateFontFileNameMap;
 
 		# CDE private entry point
diff --git a/jdk/make/mapfiles/libawt/mapfile-vers-linux b/jdk/make/mapfiles/libawt/mapfile-vers-linux
index 922b015c68c..5624693fcca 100644
--- a/jdk/make/mapfiles/libawt/mapfile-vers-linux
+++ b/jdk/make/mapfiles/libawt/mapfile-vers-linux
@@ -270,7 +270,7 @@ SUNWprivate_1.1 {
 		getDefaultConfig;
                 Java_sun_font_FontConfigManager_getFontConfig;
                 Java_sun_font_FontConfigManager_getFontConfigAASettings;
-		Java_sun_awt_X11FontManager_getFontPathNative;
+		Java_sun_awt_FcFontManager_getFontPathNative;
 		Java_sun_font_SunFontManager_populateFontFileNameMap;
 
 		# CDE private entry point
diff --git a/jdk/make/mapfiles/libawt_headless/mapfile-vers b/jdk/make/mapfiles/libawt_headless/mapfile-vers
index df24e4505db..5ea1745e296 100644
--- a/jdk/make/mapfiles/libawt_headless/mapfile-vers
+++ b/jdk/make/mapfiles/libawt_headless/mapfile-vers
@@ -65,7 +65,7 @@ SUNWprivate_1.1 {
                 Java_sun_font_FontConfigManager_getFontConfig;
                 Java_sun_font_FontConfigManager_getFontConfigAASettings;
                 Java_sun_font_FontConfigManager_getFontConfigVersion;
-                Java_sun_awt_X11FontManager_getFontPathNative;
+                Java_sun_awt_FcFontManager_getFontPathNative;
 
 		Java_sun_awt_FontDescriptor_initIDs;
 		Java_sun_awt_PlatformFont_initIDs;
diff --git a/jdk/make/mapfiles/libawt_xawt/mapfile-vers b/jdk/make/mapfiles/libawt_xawt/mapfile-vers
index 4a891077b76..a2f75efcd0b 100644
--- a/jdk/make/mapfiles/libawt_xawt/mapfile-vers
+++ b/jdk/make/mapfiles/libawt_xawt/mapfile-vers
@@ -188,7 +188,7 @@ SUNWprivate_1.1 {
         Java_sun_font_FontConfigManager_getFontConfig;
         Java_sun_font_FontConfigManager_getFontConfigAASettings;
         Java_sun_font_FontConfigManager_getFontConfigVersion;
-	Java_sun_awt_X11FontManager_getFontPathNative;
+	Java_sun_awt_FcFontManager_getFontPathNative;
         Java_sun_awt_X11GraphicsEnvironment_initDisplay;
         Java_sun_awt_X11GraphicsEnvironment_initGLX;
 	Java_sun_awt_X11GraphicsEnvironment_initXRender;
diff --git a/jdk/src/java.desktop/unix/classes/sun/awt/FcFontManager.java b/jdk/src/java.desktop/unix/classes/sun/awt/FcFontManager.java
new file mode 100644
index 00000000000..5ffa3490db6
--- /dev/null
+++ b/jdk/src/java.desktop/unix/classes/sun/awt/FcFontManager.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2015 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.awt;
+
+import sun.font.FcFontConfiguration;
+import sun.font.FontConfigManager;
+import sun.font.SunFontManager;
+
+/**
+ * A {@link sun.font.FontManager} that uses fontconfig to find system fonts.
+ */
+public class FcFontManager extends SunFontManager {
+
+    private FontConfigManager fcManager = null;
+
+    public synchronized FontConfigManager getFontConfigManager() {
+
+        if (fcManager == null) {
+            fcManager = new FontConfigManager();
+        }
+
+        return fcManager;
+    }
+
+    @Override
+    protected FontConfiguration createFontConfiguration() {
+        FcFontConfiguration fcFontConfig = new FcFontConfiguration(this);
+        if (fcFontConfig.init()) {
+            return fcFontConfig;
+        } else {
+            throw new InternalError("failed to initialize fontconfig");
+        }
+    }
+
+    @Override
+    public FontConfiguration createFontConfiguration(boolean preferLocaleFonts,
+                                                     boolean preferPropFonts) {
+        FcFontConfiguration fcFontConfig =
+            new FcFontConfiguration(this, preferLocaleFonts, preferPropFonts);
+        if (fcFontConfig.init()) {
+            return fcFontConfig;
+        } else {
+            throw new InternalError("failed to initialize fontconfig");
+        }
+    }
+
+    @Override
+    protected String[] getDefaultPlatformFont() {
+        final String[] info = new String[2];
+        getFontConfigManager().initFontConfigFonts(false);
+        FontConfigManager.FcCompFont[] fontConfigFonts =
+            getFontConfigManager().getFontConfigFonts();
+        for (int i=0; i<fontConfigFonts.length; i++) {
+            if ("sans".equals(fontConfigFonts[i].fcFamily) &&
+                0 == fontConfigFonts[i].style) {
+                info[0] = fontConfigFonts[i].firstFont.familyName;
+                info[1] = fontConfigFonts[i].firstFont.fontFile;
+                break;
+            }
+        }
+        /* Absolute last ditch attempt in the face of fontconfig problems.
+         * If we didn't match, pick the first, or just make something
+         * up so we don't NPE.
+         */
+        if (info[0] == null) {
+            if (fontConfigFonts.length > 0 &&
+                fontConfigFonts[0].firstFont.fontFile != null) {
+                info[0] = fontConfigFonts[0].firstFont.familyName;
+                info[1] = fontConfigFonts[0].firstFont.fontFile;
+            } else {
+                info[0] = "Dialog";
+                info[1] = "/dialog.ttf";
+            }
+        }
+        return info;
+    }
+
+    protected native String getFontPathNative(boolean noType1Fonts,
+                                              boolean isX11GE);
+
+    protected synchronized String getFontPath(boolean noType1Fonts) {
+        return getFontPathNative(noType1Fonts, false);
+    }
+
+}
diff --git a/jdk/src/java.desktop/unix/classes/sun/awt/X11FontManager.java b/jdk/src/java.desktop/unix/classes/sun/awt/X11FontManager.java
index 179adeb97eb..5a2771cd90b 100644
--- a/jdk/src/java.desktop/unix/classes/sun/awt/X11FontManager.java
+++ b/jdk/src/java.desktop/unix/classes/sun/awt/X11FontManager.java
@@ -54,7 +54,7 @@ import sun.util.logging.PlatformLogger;
 /**
  * The X11 implementation of {@link FontManager}.
  */
-public final class X11FontManager extends SunFontManager {
+public final class X11FontManager extends FcFontManager {
 
     // constants identifying XLFD and font ID fields
     private static final int FOUNDRY_FIELD = 1;
@@ -154,8 +154,6 @@ public final class X11FontManager extends SunFontManager {
       */
      private static String[] fontdirs = null;
 
-    private FontConfigManager fcManager = null;
-
     public static X11FontManager getInstance() {
         return (X11FontManager) SunFontManager.getInstance();
     }
@@ -784,51 +782,9 @@ public final class X11FontManager extends SunFontManager {
                                       preferLocaleFonts, preferPropFonts);
     }
 
-    public synchronized native String getFontPathNative(boolean noType1Fonts);
-
     protected synchronized String getFontPath(boolean noType1Fonts) {
         isHeadless(); // make sure GE is inited, as its the X11 lock.
-        return getFontPathNative(noType1Fonts);
-    }
-
-    @Override
-    protected String[] getDefaultPlatformFont() {
-        final String[] info = new String[2];
-        getFontConfigManager().initFontConfigFonts(false);
-        FontConfigManager.FcCompFont[] fontConfigFonts =
-            getFontConfigManager().getFontConfigFonts();
-        for (int i=0; i<fontConfigFonts.length; i++) {
-            if ("sans".equals(fontConfigFonts[i].fcFamily) &&
-                0 == fontConfigFonts[i].style) {
-                info[0] = fontConfigFonts[i].firstFont.familyName;
-                info[1] = fontConfigFonts[i].firstFont.fontFile;
-                break;
-            }
-        }
-        /* Absolute last ditch attempt in the face of fontconfig problems.
-         * If we didn't match, pick the first, or just make something
-         * up so we don't NPE.
-         */
-        if (info[0] == null) {
-            if (fontConfigFonts.length > 0 &&
-                fontConfigFonts[0].firstFont.fontFile != null) {
-                info[0] = fontConfigFonts[0].firstFont.familyName;
-                info[1] = fontConfigFonts[0].firstFont.fontFile;
-            } else {
-                info[0] = "Dialog";
-                info[1] = "/dialog.ttf";
-            }
-        }
-        return info;
-    }
-
-    public synchronized FontConfigManager getFontConfigManager() {
-
-        if (fcManager == null) {
-            fcManager = new FontConfigManager();
-        }
-
-        return fcManager;
+        return getFontPathNative(noType1Fonts, true);
     }
 
     @Override
diff --git a/jdk/src/java.desktop/unix/classes/sun/font/FcFontConfiguration.java b/jdk/src/java.desktop/unix/classes/sun/font/FcFontConfiguration.java
index f5fd8cc996b..567e8bea83f 100644
--- a/jdk/src/java.desktop/unix/classes/sun/font/FcFontConfiguration.java
+++ b/jdk/src/java.desktop/unix/classes/sun/font/FcFontConfiguration.java
@@ -39,10 +39,10 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Properties;
 import java.util.Scanner;
+import sun.awt.FcFontManager;
 import sun.awt.FontConfiguration;
 import sun.awt.FontDescriptor;
 import sun.awt.SunToolkit;
-import sun.awt.X11FontManager;
 import sun.font.CompositeFontDescriptor;
 import sun.font.FontManager;
 import sun.font.FontConfigManager.FontConfigInfo;
@@ -92,7 +92,7 @@ public class FcFontConfiguration extends FontConfiguration {
 
         setFontConfiguration();
         readFcInfo();
-        X11FontManager fm = (X11FontManager) fontManager;
+        FcFontManager fm = (FcFontManager) fontManager;
         FontConfigManager fcm = fm.getFontConfigManager();
         if (fcCompFonts == null) {
             fcCompFonts = fcm.loadFontConfig();
@@ -194,7 +194,7 @@ public class FcFontConfiguration extends FontConfiguration {
     @Override
     public String[] getPlatformFontNames() {
         HashSet<String> nameSet = new HashSet<String>();
-        X11FontManager fm = (X11FontManager) fontManager;
+        FcFontManager fm = (FcFontManager) fontManager;
         FontConfigManager fcm = fm.getFontConfigManager();
         FcCompFont[] fcCompFonts = fcm.loadFontConfig();
         for (int i=0; i<fcCompFonts.length; i++) {
@@ -235,7 +235,7 @@ public class FcFontConfiguration extends FontConfiguration {
     @Override
     public CompositeFontDescriptor[] get2DCompositeFontInfo() {
 
-        X11FontManager fm = (X11FontManager) fontManager;
+        FcFontManager fm = (FcFontManager) fontManager;
         FontConfigManager fcm = fm.getFontConfigManager();
         FcCompFont[] fcCompFonts = fcm.loadFontConfig();
 
@@ -368,7 +368,7 @@ public class FcFontConfiguration extends FontConfiguration {
     private void writeFcInfo() {
         Properties props = new Properties();
         props.setProperty("version", fileVersion);
-        X11FontManager fm = (X11FontManager) fontManager;
+        FcFontManager fm = (FcFontManager) fontManager;
         FontConfigManager fcm = fm.getFontConfigManager();
         FontConfigInfo fcInfo = fcm.getFontConfigInfo();
         props.setProperty("fcversion", Integer.toString(fcInfo.fcVersion));
@@ -427,7 +427,7 @@ public class FcFontConfiguration extends FontConfiguration {
             return;
         }
         Properties props = new Properties();
-        X11FontManager fm = (X11FontManager) fontManager;
+        FcFontManager fm = (FcFontManager) fontManager;
         FontConfigManager fcm = fm.getFontConfigManager();
         try {
             FileInputStream fis = new FileInputStream(fcFile);
diff --git a/jdk/src/java.desktop/unix/native/common/awt/fontpath.c b/jdk/src/java.desktop/unix/native/common/awt/fontpath.c
index ba1931731b9..cc317cdb10e 100644
--- a/jdk/src/java.desktop/unix/native/common/awt/fontpath.c
+++ b/jdk/src/java.desktop/unix/native/common/awt/fontpath.c
@@ -497,7 +497,7 @@ static char* mergePaths(char **p1, char **p2, char **p3, jboolean noType1) {
  * This also frees us from X11 APIs as JRE is required to function in
  * a "headless" mode where there is no Xserver.
  */
-static char *getPlatformFontPathChars(JNIEnv *env, jboolean noType1) {
+static char *getPlatformFontPathChars(JNIEnv *env, jboolean noType1, jboolean isX11) {
 
     char **fcdirs = NULL, **x11dirs = NULL, **knowndirs = NULL, *path = NULL;
 
@@ -519,6 +519,7 @@ static char *getPlatformFontPathChars(JNIEnv *env, jboolean noType1) {
      * be initialised.
      */
 #ifndef HEADLESS
+    if (isX11) { // The following only works in an x11 environment.
 #if defined(__linux__)
     /* There's no headless build on linux ... */
     if (!AWTIsHeadless()) { /* .. so need to call a function to check */
@@ -538,6 +539,7 @@ static char *getPlatformFontPathChars(JNIEnv *env, jboolean noType1) {
 #if defined(__linux__)
     }
 #endif
+    }
 #endif /* !HEADLESS */
     path = mergePaths(fcdirs, x11dirs, knowndirs, noType1);
     if (fcdirs != NULL) {
@@ -555,13 +557,13 @@ static char *getPlatformFontPathChars(JNIEnv *env, jboolean noType1) {
     return path;
 }
 
-JNIEXPORT jstring JNICALL Java_sun_awt_X11FontManager_getFontPathNative
-(JNIEnv *env, jobject thiz, jboolean noType1) {
+JNIEXPORT jstring JNICALL Java_sun_awt_FcFontManager_getFontPathNative
+(JNIEnv *env, jobject thiz, jboolean noType1, jboolean isX11) {
     jstring ret;
     static char *ptr = NULL; /* retain result across calls */
 
     if (ptr == NULL) {
-        ptr = getPlatformFontPathChars(env, noType1);
+        ptr = getPlatformFontPathChars(env, noType1, isX11);
     }
     ret = (*env)->NewStringUTF(env, ptr);
     return ret;

From 0803af98c7f332e4a8e10239fe00b7dcf58a90e2 Mon Sep 17 00:00:00 2001
From: Yuri Nesterenko <yan@openjdk.org>
Date: Thu, 5 Mar 2015 11:07:48 +0300
Subject: [PATCH 09/35] 8074092: Newly introduced unnecessary dependencies on
 internal API in client regtests

Reviewed-by: serb, azvegint
---
 .../Choice/ItemStateChangeTest/ItemStateChangeTest.java   | 4 +++-
 jdk/test/java/awt/Desktop/8064934/bug8064934.java         | 5 +++--
 .../java/awt/Menu/OpensWithNoGrab/OpensWithNoGrab.java    | 4 +++-
 .../FullscreenAfterSplash/FullScreenAfterSplash.java      | 5 +++--
 .../event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java | 5 ++++-
 jdk/test/javax/swing/JButton/4796987/bug4796987.java      | 8 ++++----
 jdk/test/javax/swing/JFileChooser/8062561/bug8062561.java | 6 ++++--
 jdk/test/javax/swing/JPopupMenu/6827786/bug6827786.java   | 5 ++++-
 8 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/jdk/test/java/awt/Choice/ItemStateChangeTest/ItemStateChangeTest.java b/jdk/test/java/awt/Choice/ItemStateChangeTest/ItemStateChangeTest.java
index 45ccef0262b..9dd36dda9e3 100644
--- a/jdk/test/java/awt/Choice/ItemStateChangeTest/ItemStateChangeTest.java
+++ b/jdk/test/java/awt/Choice/ItemStateChangeTest/ItemStateChangeTest.java
@@ -27,15 +27,17 @@
   @summary awt Choice doesn't fire ItemStateChange when selecting item after select() call
   @author Oleg Pekhovskiy: area=awt-choice
   @library ../../regtesthelpers
+  @library ../../../../lib/testlibrary
   @build Util
+  @build jdk.testlibrary.OSInfo
   @run main ItemStateChangeTest
 */
 
 import test.java.awt.regtesthelpers.Util;
+import jdk.testlibrary.OSInfo;
 
 import java.awt.*;
 import java.awt.event.*;
-import sun.awt.OSInfo;
 
 public class ItemStateChangeTest extends Frame {
 
diff --git a/jdk/test/java/awt/Desktop/8064934/bug8064934.java b/jdk/test/java/awt/Desktop/8064934/bug8064934.java
index 8824f883cf5..ca1c451ccc1 100644
--- a/jdk/test/java/awt/Desktop/8064934/bug8064934.java
+++ b/jdk/test/java/awt/Desktop/8064934/bug8064934.java
@@ -25,10 +25,11 @@
  * @bug 8064934
  * @summary Incorrect Exception message from java.awt.Desktop.open()
  * @author Dmitry Markov
+ * @library ../../../../lib/testlibrary
+ * @build jdk.testlibrary.OSInfo
  * @run main bug8064934
  */
-import sun.awt.OSInfo;
-
+import jdk.testlibrary.OSInfo;
 import java.awt.*;
 import java.io.File;
 import java.io.IOException;
diff --git a/jdk/test/java/awt/Menu/OpensWithNoGrab/OpensWithNoGrab.java b/jdk/test/java/awt/Menu/OpensWithNoGrab/OpensWithNoGrab.java
index c8b47366542..dcfb8ca16a9 100644
--- a/jdk/test/java/awt/Menu/OpensWithNoGrab/OpensWithNoGrab.java
+++ b/jdk/test/java/awt/Menu/OpensWithNoGrab/OpensWithNoGrab.java
@@ -27,6 +27,8 @@
   @summary REG: Menu does not disappear when clicked, keeping Choice's drop-down open, XToolkit
   @author andrei.dmitriev: area=awt.menu
   @library ../../regtesthelpers
+  @library ../../../../lib/testlibrary
+  @build jdk.testlibrary.OSInfo
   @build Util
   @run main OpensWithNoGrab
 */
@@ -34,7 +36,7 @@
 import java.awt.*;
 import java.awt.event.*;
 
-import sun.awt.OSInfo;
+import jdk.testlibrary.OSInfo;
 import test.java.awt.regtesthelpers.Util;
 
 public class OpensWithNoGrab
diff --git a/jdk/test/java/awt/SplashScreen/FullscreenAfterSplash/FullScreenAfterSplash.java b/jdk/test/java/awt/SplashScreen/FullscreenAfterSplash/FullScreenAfterSplash.java
index b5e019ec772..6cecf964a72 100644
--- a/jdk/test/java/awt/SplashScreen/FullscreenAfterSplash/FullScreenAfterSplash.java
+++ b/jdk/test/java/awt/SplashScreen/FullscreenAfterSplash/FullScreenAfterSplash.java
@@ -21,8 +21,7 @@
 * questions.
 */
 
-import sun.awt.OSInfo;
-
+import jdk.testlibrary.OSInfo;
 import java.awt.*;
 import java.awt.Robot;
 import java.awt.event.InputEvent;
@@ -38,6 +37,8 @@ import javax.swing.*;
  * @bug 8024185
  * @summary Native Mac OS X full screen does not work after showing the splash
  * @library ../
+ * @library ../../../../lib/testlibrary
+ * @build jdk.testlibrary.OSInfo
  * @build GenerateTestImage
  * @run main GenerateTestImage
  * @author Petr Pchelko area=awt.event
diff --git a/jdk/test/java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java b/jdk/test/java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java
index 310e78f9ff8..6878c3f42a8 100644
--- a/jdk/test/java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java
+++ b/jdk/test/java/awt/event/KeyEvent/SwallowKeyEvents/SwallowKeyEvents.java
@@ -27,10 +27,13 @@
   @summary   Tests that key events with modifiers are not swallowed.
   @author    anton.tarasov: area=awt.focus
   @library   ../../../regtesthelpers
+  @library ../../../../../lib/testlibrary
+  @build jdk.testlibrary.OSInfo
   @build     Util
   @run       main SwallowKeyEvents
 */
 
+import jdk.testlibrary.OSInfo;
 import java.awt.AWTException;
 import java.awt.Frame;
 import java.awt.Robot;
@@ -49,7 +52,7 @@ public class SwallowKeyEvents {
     static Robot r;
 
     public static void main(String[] args) {
-        if (sun.awt.OSInfo.getOSType() == sun.awt.OSInfo.OSType.WINDOWS) {
+        if (OSInfo.getOSType() == OSInfo.OSType.WINDOWS) {
             System.out.println("Skipped. Test not for MS Windows.");
             return;
         }
diff --git a/jdk/test/javax/swing/JButton/4796987/bug4796987.java b/jdk/test/javax/swing/JButton/4796987/bug4796987.java
index ac41799da61..a206ff7b931 100644
--- a/jdk/test/javax/swing/JButton/4796987/bug4796987.java
+++ b/jdk/test/javax/swing/JButton/4796987/bug4796987.java
@@ -27,14 +27,15 @@
  * @summary XP Only: JButton.setBorderPainted() does not work with XP L&F
  * @author Alexander Scherbatiy
  * @library ../../regtesthelpers
+ * @library ../../../../lib/testlibrary
+ * @build jdk.testlibrary.OSInfo
  * @build Util
  * @run main bug4796987
  */
 
+import jdk.testlibrary.OSInfo;
 import java.awt.*;
 import javax.swing.*;
-import sun.awt.OSInfo;
-import sun.awt.SunToolkit;
 import com.sun.java.swing.plaf.windows.WindowsLookAndFeel;
 
 public class bug4796987 {
@@ -51,7 +52,6 @@ public class bug4796987 {
     }
 
     private static void testButtonBorder() throws Exception {
-        SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit();
         Robot robot = new Robot();
         robot.setAutoDelay(50);
 
@@ -62,7 +62,7 @@ public class bug4796987 {
             }
         });
 
-        toolkit.realSync();
+        robot.waitForIdle();
         Thread.sleep(500);
 
         Point p1 = Util.getCenterPoint(button1);
diff --git a/jdk/test/javax/swing/JFileChooser/8062561/bug8062561.java b/jdk/test/javax/swing/JFileChooser/8062561/bug8062561.java
index 3802de38b22..cf00665d61f 100644
--- a/jdk/test/javax/swing/JFileChooser/8062561/bug8062561.java
+++ b/jdk/test/javax/swing/JFileChooser/8062561/bug8062561.java
@@ -21,6 +21,7 @@
  * questions.
  */
 
+import jdk.testlibrary.OSInfo;
 import java.awt.Robot;
 import java.awt.event.KeyEvent;
 import java.io.File;
@@ -31,12 +32,13 @@ import java.util.concurrent.TimeUnit;
 import javax.swing.JFileChooser;
 import javax.swing.SwingUtilities;
 import javax.swing.filechooser.FileSystemView;
-import sun.awt.OSInfo;
 
 /**
  * @test
  * @bug 8062561
  * @summary File system view returns null default directory
+ * @library ../../../../lib/testlibrary
+ * @build jdk.testlibrary.OSInfo
  * @run main/othervm bug8062561 GENERATE_POLICY
  * @run main/othervm/policy=security.policy bug8062561 CHECK_DEFAULT_DIR run
  */
@@ -72,7 +74,7 @@ public class bug8062561 {
         File defaultDirectory = FileSystemView.getFileSystemView().
                 getDefaultDirectory();
         if (defaultDirectory != null) {
-            throw new RuntimeException("File system default directory is null!");
+            throw new RuntimeException("File system default directory must be null! (FilePermission has not been granted in our policy file).");
         }
     }
     private static volatile JFileChooser fileChooser;
diff --git a/jdk/test/javax/swing/JPopupMenu/6827786/bug6827786.java b/jdk/test/javax/swing/JPopupMenu/6827786/bug6827786.java
index 77c05fe206e..1cacce868bf 100644
--- a/jdk/test/javax/swing/JPopupMenu/6827786/bug6827786.java
+++ b/jdk/test/javax/swing/JPopupMenu/6827786/bug6827786.java
@@ -27,9 +27,12 @@
  * @summary Tests duplicate mnemonics
  * @author Peter Zhelezniakov
  * @library ../../regtesthelpers
+ * @library ../../../../lib/testlibrary
+ * @build jdk.testlibrary.OSInfo
  * @build Util
  * @run main bug6827786
  */
+import jdk.testlibrary.OSInfo;
 import java.awt.*;
 import java.awt.event.KeyEvent;
 import javax.swing.*;
@@ -63,7 +66,7 @@ public class bug6827786 {
         checkfocus();
 
         // select menu
-        if (sun.awt.OSInfo.getOSType() == sun.awt.OSInfo.OSType.MACOSX) {
+        if (OSInfo.getOSType() == OSInfo.OSType.MACOSX) {
             Util.hitKeys(robot, KeyEvent.VK_CONTROL, KeyEvent.VK_ALT, KeyEvent.VK_F);
         } else {
             Util.hitKeys(robot, KeyEvent.VK_ALT, KeyEvent.VK_F);

From 2bb83340149c470140985f2cf35f5f1a6234be20 Mon Sep 17 00:00:00 2001
From: Anton Nashatyrev <anashaty@openjdk.org>
Date: Fri, 6 Mar 2015 16:38:54 +0300
Subject: [PATCH 10/35] 8072900: Mouse events are captured by the wrong menu in
 OS X

Reviewed-by: serb, alexp
---
 .../classes/com/apple/laf/AquaMenuUI.java     |  14 +-
 .../8072900/WrongSelectionOnMouseOver.java    | 198 ++++++++++++++++++
 2 files changed, 207 insertions(+), 5 deletions(-)
 create mode 100644 jdk/test/javax/swing/JMenu/8072900/WrongSelectionOnMouseOver.java

diff --git a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuUI.java b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuUI.java
index 450bf547644..f56a3c6f7f1 100644
--- a/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuUI.java
+++ b/jdk/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuUI.java
@@ -148,11 +148,15 @@ public class AquaMenuUI extends BasicMenuUI implements AquaMenuPainter.Client {
 
             // In Aqua, we always have a menu delay, regardless of where the menu is.
             if (!(selectedPath.length > 0 && selectedPath[selectedPath.length - 1] == menu.getPopupMenu())) {
-                if (menu.getDelay() == 0) {
-                    appendPath(getPath(), menu.getPopupMenu());
-                } else {
-                    manager.setSelectedPath(getPath());
-                    setupPostTimer(menu);
+                // the condition below prevents from activating menu in other frame
+                if (!menu.isTopLevelMenu() || (selectedPath.length > 0 &&
+                        selectedPath[0] == menu.getParent())) {
+                    if (menu.getDelay() == 0) {
+                        appendPath(getPath(), menu.getPopupMenu());
+                    } else {
+                        manager.setSelectedPath(getPath());
+                        setupPostTimer(menu);
+                    }
                 }
             }
         }
diff --git a/jdk/test/javax/swing/JMenu/8072900/WrongSelectionOnMouseOver.java b/jdk/test/javax/swing/JMenu/8072900/WrongSelectionOnMouseOver.java
new file mode 100644
index 00000000000..cf02f6f2126
--- /dev/null
+++ b/jdk/test/javax/swing/JMenu/8072900/WrongSelectionOnMouseOver.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+@test
+@bug 8072900
+@summary Mouse events are captured by the wrong menu in OS X
+@author Anton Nashatyrev
+@run main WrongSelectionOnMouseOver
+*/
+
+import javax.swing.*;
+import javax.swing.event.MenuEvent;
+import javax.swing.event.MenuListener;
+import java.awt.*;
+import java.awt.event.MouseAdapter;
+import java.awt.event.MouseEvent;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+import static javax.swing.UIManager.getInstalledLookAndFeels;
+
+public class WrongSelectionOnMouseOver implements Runnable {
+
+    CountDownLatch firstMenuSelected = new CountDownLatch(1);
+    CountDownLatch secondMenuMouseEntered = new CountDownLatch(1);
+    CountDownLatch secondMenuSelected = new CountDownLatch(1);
+
+    JMenu m1, m2;
+
+    private UIManager.LookAndFeelInfo laf;
+    JFrame frame1;
+    JFrame frame2;
+
+    public WrongSelectionOnMouseOver(UIManager.LookAndFeelInfo laf) throws Exception {
+        this.laf = laf;
+    }
+
+    private void createUI() throws Exception {
+        System.out.println("Testing UI: " + laf);
+        UIManager.setLookAndFeel(laf.getClassName());
+
+        {
+            frame1 = new JFrame("Frame1");
+            JMenuBar mb = new JMenuBar();
+            m1 = new JMenu("File");
+            JMenuItem i1 = new JMenuItem("Save");
+            JMenuItem i2 = new JMenuItem("Load");
+
+            m1.addMenuListener(new MenuListener() {
+                @Override
+                public void menuSelected(MenuEvent e) {
+                    firstMenuSelected.countDown();
+                    System.out.println("Menu1: menuSelected");
+                }
+
+                @Override
+                public void menuDeselected(MenuEvent e) {
+                    System.out.println("Menu1: menuDeselected");
+                }
+
+                @Override
+                public void menuCanceled(MenuEvent e) {
+                    System.out.println("Menu1: menuCanceled");
+                }
+            });
+
+            frame1.setJMenuBar(mb);
+            mb.add(m1);
+            m1.add(i1);
+            m1.add(i2);
+
+            frame1.setLayout(new FlowLayout());
+            frame1.setBounds(200, 200, 200, 200);
+
+            frame1.setVisible(true);
+        }
+
+        {
+            frame2 = new JFrame("Frame2");
+            JMenuBar mb = new JMenuBar();
+            m2 = new JMenu("File");
+            JMenuItem i1 = new JMenuItem("Save");
+            JMenuItem i2 = new JMenuItem("Load");
+
+            m2.addMouseListener(new MouseAdapter() {
+                @Override
+                public void mouseEntered(MouseEvent e) {
+                    secondMenuMouseEntered.countDown();
+                    System.out.println("WrongSelectionOnMouseOver.mouseEntered");
+                }
+            });
+
+            m2.addMenuListener(new MenuListener() {
+                @Override
+                public void menuSelected(MenuEvent e) {
+                    secondMenuSelected.countDown();
+                    System.out.println("Menu2: menuSelected");
+                }
+
+                @Override
+                public void menuDeselected(MenuEvent e) {
+                    System.out.println("Menu2: menuDeselected");
+                }
+
+                @Override
+                public void menuCanceled(MenuEvent e) {
+                    System.out.println("Menu2: menuCanceled");
+                }
+            });
+
+            frame2.setJMenuBar(mb);
+            mb.add(m2);
+            m2.add(i1);
+            m2.add(i2);
+
+            frame2.setLayout(new FlowLayout());
+            frame2.setBounds(400, 200, 200, 200);
+
+            frame2.setVisible(true);
+        }
+    }
+
+    public void disposeUI() {
+        frame1.dispose();
+        frame2.dispose();
+    }
+
+    @Override
+    public void run() {
+        try {
+            if (frame1 == null) {
+                createUI();
+            } else {
+                disposeUI();
+            }
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public void test() throws Exception {
+        Robot robot = new Robot();
+        robot.setAutoDelay(100);
+
+        robot.waitForIdle();
+
+        robot.mouseMove((int) m1.getLocationOnScreen().getX() + 5,
+                (int) m1.getLocationOnScreen().getY() + 5);
+        robot.mousePress(MouseEvent.BUTTON1_MASK);
+        robot.mouseRelease(MouseEvent.BUTTON1_MASK);
+
+        if (!firstMenuSelected.await(5, TimeUnit.SECONDS)) {
+            throw new RuntimeException("Menu has not been selected.");
+        };
+
+        robot.mouseMove((int) m2.getLocationOnScreen().getX() + 5,
+                (int) m2.getLocationOnScreen().getY() + 5);
+
+        if (!secondMenuMouseEntered.await(5, TimeUnit.SECONDS)) {
+            throw new RuntimeException("MouseEntered event missed for the second menu");
+        };
+
+        if (secondMenuSelected.await(1, TimeUnit.SECONDS)) {
+            throw new RuntimeException("The second menu has been selected");
+        };
+    }
+
+    public static void main(final String[] args) throws Exception {
+        for (final UIManager.LookAndFeelInfo laf : getInstalledLookAndFeels()) {
+            WrongSelectionOnMouseOver test = new WrongSelectionOnMouseOver(laf);
+            SwingUtilities.invokeAndWait(test);
+            test.test();
+            SwingUtilities.invokeAndWait(test);
+        }
+        System.out.println("Test passed");
+    }
+}
\ No newline at end of file

From 71bacd69b022e98933ddb85aa0266979939e99e6 Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Mon, 9 Mar 2015 08:53:34 -0700
Subject: [PATCH 11/35] 4849595: Erroneous javadoc for
 TableColumn.addPropertyChangeListener

Reviewed-by: azvegint, alexsch
---
 .../javax/swing/table/TableColumn.java        | 45 ++++++++++---------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/jdk/src/java.desktop/share/classes/javax/swing/table/TableColumn.java b/jdk/src/java.desktop/share/classes/javax/swing/table/TableColumn.java
index a2d8f1eac20..8facbc82057 100644
--- a/jdk/src/java.desktop/share/classes/javax/swing/table/TableColumn.java
+++ b/jdk/src/java.desktop/share/classes/javax/swing/table/TableColumn.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,15 +25,14 @@
 
 package javax.swing.table;
 
-import javax.swing.*;
-import javax.swing.border.*;
-import javax.swing.event.SwingPropertyChangeSupport;
-import java.lang.Integer;
-import java.awt.Color;
 import java.awt.Component;
-import java.io.Serializable;
-import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
+import java.io.Serializable;
+
+import javax.swing.JLabel;
+import javax.swing.JTable;
+import javax.swing.UIManager;
+import javax.swing.event.SwingPropertyChangeSupport;
 
 /**
  *  A <code>TableColumn</code> represents all the attributes of a column in a
@@ -744,19 +743,25 @@ public class TableColumn extends Object implements Serializable {
 //
 
     /**
-     * Adds a <code>PropertyChangeListener</code> to the listener list.
-     * The listener is registered for all properties.
-     * <p>
-     * A <code>PropertyChangeEvent</code> will get fired in response to an
-     * explicit call to <code>setFont</code>, <code>setBackground</code>,
-     * or <code>setForeground</code> on the
-     * current component.  Note that if the current component is
-     * inheriting its foreground, background, or font from its
-     * container, then no event will be fired in response to a
-     * change in the inherited property.
-     *
-     * @param listener  the listener to be added
+     * Adds a {@code PropertyChangeListener} to the listener list. The listener
+     * is registered for all bound properties of this class, including the
+     * following:
+     * <ul>
+     *    <li>this TableColumn's modelIndex ("modelIndex")</li>
+     *    <li>this TableColumn's identifier ("identifier")</li>
+     *    <li>this TableColumn's header value ("headerValue")</li>
+     *    <li>this TableColumn's header renderer ("headerRenderer")</li>
+     *    <li>this TableColumn's cell renderer ("cellRenderer")</li>
+     *    <li>this TableColumn's cell editor ("cellEditor")</li>
+     *    <li>this TableColumn's width ("width")</li>
+     *    <li>this TableColumn's preferred width ("preferredWidth")</li>
+     *    <li>this TableColumn's minimum width ("minWidth")</li>
+     *    <li>this TableColumn's maximum width ("maxWidth")</li>
+     *    <li>this TableColumn's resizable state ("isResizable")</li>
+     * </ul>
      *
+     * @param  listener the listener to be added
+     * @see #removePropertyChangeListener(PropertyChangeListener)
      */
     public synchronized void addPropertyChangeListener(
                                 PropertyChangeListener listener) {

From 1c5857f8dddb09330f28f42762e407b43296e100 Mon Sep 17 00:00:00 2001
From: Jaroslav Bachorik <jbachorik@openjdk.org>
Date: Tue, 10 Mar 2015 09:37:56 +0100
Subject: [PATCH 12/35] 6712222: Race condition in
 java/lang/management/ThreadMXBean/AllThreadIds.java

Reviewed-by: dholmes, dfuchs
---
 .../management/ThreadMXBean/AllThreadIds.java | 99 +++++++++----------
 1 file changed, 49 insertions(+), 50 deletions(-)

diff --git a/jdk/test/java/lang/management/ThreadMXBean/AllThreadIds.java b/jdk/test/java/lang/management/ThreadMXBean/AllThreadIds.java
index 05547b78001..aa80c746cf2 100644
--- a/jdk/test/java/lang/management/ThreadMXBean/AllThreadIds.java
+++ b/jdk/test/java/lang/management/ThreadMXBean/AllThreadIds.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,21 +27,19 @@
  * @summary Basic unit test of ThreadMXBean.getAllThreadIds()
  * @author  Alexei Guibadoulline and Mandy Chung
  *
- * @run build Barrier
  * @run main/othervm AllThreadIds
  */
 
 import java.lang.management.*;
-import java.util.*;
+import java.util.concurrent.Phaser;
 
 public class AllThreadIds {
     final static int DAEMON_THREADS = 20;
     final static int USER_THREADS = 5;
     final static int ALL_THREADS = DAEMON_THREADS + USER_THREADS;
-    private static volatile boolean live[] = new boolean[ALL_THREADS];
-    private static Thread allThreads[] = new Thread[ALL_THREADS];
-    private static ThreadMXBean mbean
-        = ManagementFactory.getThreadMXBean();
+    private static final boolean live[] = new boolean[ALL_THREADS];
+    private static final Thread allThreads[] = new Thread[ALL_THREADS];
+    private static final ThreadMXBean mbean = ManagementFactory.getThreadMXBean();
     private static boolean testFailed = false;
     private static boolean trace = false;
 
@@ -52,8 +50,7 @@ public class AllThreadIds {
     private static int curLiveThreadCount = 0;
     private static int curPeakThreadCount = 0;
 
-    // barrier for threads communication
-    private static Barrier barrier = new Barrier(ALL_THREADS);
+    private static final Phaser startupCheck = new Phaser(ALL_THREADS + 1);
 
     private static void printThreadList() {
         if (!trace) return;
@@ -124,18 +121,15 @@ public class AllThreadIds {
         curPeakThreadCount = mbean.getPeakThreadCount();
         checkThreadCount(0, 0);
 
-
         // Start all threads and wait to be sure they all are alive
-        barrier.set(ALL_THREADS);
         for (int i = 0; i < ALL_THREADS; i++) {
-            live[i] = true;
+            setLive(i, true);
             allThreads[i] = new MyThread(i);
-            allThreads[i].setDaemon( (i < DAEMON_THREADS) ? true : false);
+            allThreads[i].setDaemon(i < DAEMON_THREADS);
             allThreads[i].start();
         }
         // wait until all threads are started.
-        barrier.await();
-
+        startupCheck.arriveAndAwaitAdvance();
 
         checkThreadCount(ALL_THREADS, 0);
         printThreadList();
@@ -173,15 +167,14 @@ public class AllThreadIds {
 
         // Stop daemon threads, wait to be sure they all are dead, and check
         // that they disappeared from getAllThreadIds() list
-        barrier.set(DAEMON_THREADS);
         for (int i = 0; i < DAEMON_THREADS; i++) {
-            live[i] = false;
+            setLive(i, false);
         }
-        // wait until daemon threads are terminated.
-        barrier.await();
 
-        // give chance to threads to terminate
-        pause();
+        // make sure the daemon threads are completely dead
+        joinDaemonThreads();
+
+        // and check the reported thread count
         checkThreadCount(0, DAEMON_THREADS);
 
         // Check mbean now
@@ -190,11 +183,11 @@ public class AllThreadIds {
         for (int i = 0; i < ALL_THREADS; i++) {
             long expectedId = allThreads[i].getId();
             boolean found = false;
-            boolean live = (i >= DAEMON_THREADS);
+            boolean alive = (i >= DAEMON_THREADS);
 
             if (trace) {
                 System.out.print("Looking for thread with id " + expectedId +
-                    (live ? " expected alive." : " expected terminated."));
+                    (alive ? " expected alive." : " expected terminated."));
             }
             for (int j = 0; j < list.length; j++) {
                 if (expectedId == list[j]) {
@@ -203,11 +196,11 @@ public class AllThreadIds {
                 }
             }
 
-            if (live != found) {
+            if (alive != found) {
                 testFailed = true;
             }
             if (trace) {
-                if (live != found) {
+                if (alive != found) {
                     System.out.println(" TEST FAILED.");
                 } else {
                     System.out.println();
@@ -216,15 +209,14 @@ public class AllThreadIds {
         }
 
         // Stop all threads and wait to be sure they all are dead
-        barrier.set(ALL_THREADS - DAEMON_THREADS);
         for (int i = DAEMON_THREADS; i < ALL_THREADS; i++) {
-            live[i] = false;
+            setLive(i, false);
         }
-        // wait until daemon threads are terminated .
-        barrier.await();
 
-        // give chance to threads to terminate
-        pause();
+        // make sure the non-daemon threads are completely dead
+        joinNonDaemonThreads();
+
+        // and check the thread count
         checkThreadCount(0, ALL_THREADS - DAEMON_THREADS);
 
         if (testFailed)
@@ -233,6 +225,30 @@ public class AllThreadIds {
         System.out.println("Test passed.");
     }
 
+    private static void joinDaemonThreads() throws InterruptedException {
+        for (int i = 0; i < DAEMON_THREADS; i++) {
+            allThreads[i].join();
+        }
+    }
+
+    private static void joinNonDaemonThreads() throws InterruptedException {
+        for (int i = DAEMON_THREADS; i < ALL_THREADS; i++) {
+            allThreads[i].join();
+        }
+    }
+
+    private static void setLive(int i, boolean val) {
+        synchronized(live) {
+            live[i] = val;
+        }
+    }
+
+    private static boolean isLive(int i) {
+        synchronized(live) {
+            return live[i];
+        }
+    }
+
     // The MyThread thread lives as long as correspondent live[i] value is true
     private static class MyThread extends Thread {
         int id;
@@ -243,8 +259,8 @@ public class AllThreadIds {
 
         public void run() {
             // signal started
-            barrier.signal();
-            while (live[id]) {
+            startupCheck.arrive();
+            while (isLive(id)) {
                 try {
                     sleep(100);
                 } catch (InterruptedException e) {
@@ -253,23 +269,6 @@ public class AllThreadIds {
                     testFailed = true;
                 }
             }
-            // signal about to exit
-            barrier.signal();
         }
     }
-
-    private static Object pauseObj = new Object();
-    private static void pause() {
-        // Enter lock a without blocking
-        synchronized (pauseObj) {
-            try {
-                // may need to tune this timeout for different platforms
-                pauseObj.wait(50);
-            } catch (Exception e) {
-                System.err.println("Unexpected exception.");
-                e.printStackTrace(System.err);
-            }
-        }
-    }
-
 }

From 8bc60ff868295a48a7e1d38c63f051eefe17e32f Mon Sep 17 00:00:00 2001
From: Alexander Zvegintsev <azvegint@openjdk.org>
Date: Tue, 10 Mar 2015 15:39:26 +0300
Subject: [PATCH 13/35] 8056151: Switching to GTK L&F on-the-fly leads to X
 Window System error RenderBadPicture

Reviewed-by: alexsch, serb
---
 .../unix/classes/sun/awt/UNIXToolkit.java     | 28 +++++----
 .../plaf/gtk/crash/RenderBadPictureCrash.java | 59 +++++++++++++++++++
 2 files changed, 76 insertions(+), 11 deletions(-)
 create mode 100644 jdk/test/javax/swing/plaf/gtk/crash/RenderBadPictureCrash.java

diff --git a/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java b/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
index 2fad1b6b4a7..bf6f87d4a6e 100644
--- a/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
+++ b/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,11 +29,10 @@ import static java.awt.RenderingHints.*;
 import java.awt.color.ColorSpace;
 import java.awt.image.*;
 import java.security.AccessController;
-import java.security.PrivilegedAction;
 import sun.security.action.GetIntegerAction;
 import com.sun.java.swing.plaf.gtk.GTKConstants.TextDirection;
+import sun.awt.X11.XToolkit;
 import sun.java2d.opengl.OGLRenderQueue;
-import java.lang.reflect.InvocationTargetException;
 
 public abstract class UNIXToolkit extends SunToolkit
 {
@@ -73,16 +72,16 @@ public abstract class UNIXToolkit extends SunToolkit
             if (nativeGTKLoaded != null) {
                 // We've already attempted to load GTK, so just return the
                 // status of that attempt.
-                return nativeGTKLoaded.booleanValue();
+                return nativeGTKLoaded;
 
             } else if (nativeGTKAvailable != null) {
                 // We've already checked the availability of the native GTK
                 // libraries, so just return the status of that attempt.
-                return nativeGTKAvailable.booleanValue();
+                return nativeGTKAvailable;
 
             } else {
                 boolean success = check_gtk();
-                nativeGTKAvailable = Boolean.valueOf(success);
+                nativeGTKAvailable = success;
                 return success;
             }
         }
@@ -99,11 +98,15 @@ public abstract class UNIXToolkit extends SunToolkit
     public boolean loadGTK() {
         synchronized (GTK_LOCK) {
             if (nativeGTKLoaded == null) {
-                boolean success = load_gtk();
-                nativeGTKLoaded = Boolean.valueOf(success);
+                XToolkit.awtLock();
+                try {
+                    nativeGTKLoaded = load_gtk();
+                } finally {
+                    XToolkit.awtUnlock();
+                }
             }
         }
-        return nativeGTKLoaded.booleanValue();
+        return nativeGTKLoaded;
     }
 
     /**
@@ -252,6 +255,7 @@ public abstract class UNIXToolkit extends SunToolkit
 
     private native void nativeSync();
 
+    @Override
     public void sync() {
         // flush the X11 buffer
         nativeSync();
@@ -266,6 +270,8 @@ public abstract class UNIXToolkit extends SunToolkit
      * This requires that the Gnome properties have already been gathered.
      */
     public static final String FONTCONFIGAAHINT = "fontconfig/Antialias";
+
+    @Override
     protected RenderingHints getDesktopAAHints() {
 
         Object aaValue = getDesktopProperty("gnome.Xft/Antialias");
@@ -288,8 +294,8 @@ public abstract class UNIXToolkit extends SunToolkit
          * us to default to "OFF". I don't think that's the best guess.
          * So if its !=0 then lets assume AA.
          */
-        boolean aa = Boolean.valueOf(((aaValue instanceof Number) &&
-                                      ((Number)aaValue).intValue() != 0));
+        boolean aa = ((aaValue instanceof Number)
+                        && ((Number) aaValue).intValue() != 0);
         Object aaHint;
         if (aa) {
             String subpixOrder =
diff --git a/jdk/test/javax/swing/plaf/gtk/crash/RenderBadPictureCrash.java b/jdk/test/javax/swing/plaf/gtk/crash/RenderBadPictureCrash.java
new file mode 100644
index 00000000000..0ef16996cf5
--- /dev/null
+++ b/jdk/test/javax/swing/plaf/gtk/crash/RenderBadPictureCrash.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ @test
+ @bug 8056151
+ @summary Switching to GTK L&F on-the-fly leads to X Window System error RenderBadPicture
+ @run main/othervm -Dswing.defaultlaf=javax.swing.plaf.metal.MetalLookAndFeel -Dsun.java2d.xrender=T RenderBadPictureCrash
+ */
+
+import java.awt.Color;
+import java.lang.reflect.InvocationTargetException;
+import javax.swing.JFrame;
+import javax.swing.SwingUtilities;
+
+import javax.swing.UIManager;
+
+public class RenderBadPictureCrash {
+
+    public static void main(String[] args) throws InterruptedException, InvocationTargetException {
+        SwingUtilities.invokeAndWait(() -> {
+            JFrame f = new JFrame();
+            f.setUndecorated(true);
+            f.setBackground(new Color(0, 0, 0, 0));
+            f.setSize(200, 300);
+            f.setVisible(true);
+
+            try {
+                UIManager.setLookAndFeel("com.sun.java.swing.plaf.gtk.GTKLookAndFeel");
+            } catch (Exception e) {
+                System.err.println(e);
+                System.err.println("Could not set GTKLookAndFeel, skipping this test");
+            } finally {
+                f.dispose();
+            }
+        });
+    }
+
+}

From 741e72173c32cb9c32f234c4d640f7940fc6fcd9 Mon Sep 17 00:00:00 2001
From: Nakul Natu <nakul.natu@oracle.com>
Date: Tue, 10 Mar 2015 21:48:37 +0300
Subject: [PATCH 14/35] 8066436: Minimize can cause window to disappear on osx

Reviewed-by: serb, azvegint
---
 .../sun/lwawt/macosx/CPlatformWindow.java     |  3 +
 .../classes/sun/lwawt/macosx/LWCToolkit.java  |  2 +-
 .../MaximizedNormalBoundsUndecoratedTest.java | 76 +++++++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 jdk/test/java/awt/Frame/MaximizedNormalBoundsUndecoratedTest/MaximizedNormalBoundsUndecoratedTest.java

diff --git a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java
index dd59cf11365..888e89cd11c 100644
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java
+++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java
@@ -488,6 +488,9 @@ public class CPlatformWindow extends CFRetainedResource implements PlatformWindo
         } else {
             deliverZoom(true);
 
+            // We need an up to date size of the peer, so we flush the native events
+            // to be sure that there are no setBounds requests in the queue.
+            LWCToolkit.flushNativeSelectors();
             this.normalBounds = peer.getBounds();
 
             GraphicsConfiguration config = getPeer().getGraphicsConfiguration();
diff --git a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
index 9d01af03eaf..da01ed005e0 100644
--- a/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
+++ b/jdk/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
@@ -843,7 +843,7 @@ public final class LWCToolkit extends LWToolkit {
     /**
      * Just spin a single empty block synchronously.
      */
-    private static native void flushNativeSelectors();
+    static native void flushNativeSelectors();
 
     @Override
     public Clipboard createPlatformClipboard() {
diff --git a/jdk/test/java/awt/Frame/MaximizedNormalBoundsUndecoratedTest/MaximizedNormalBoundsUndecoratedTest.java b/jdk/test/java/awt/Frame/MaximizedNormalBoundsUndecoratedTest/MaximizedNormalBoundsUndecoratedTest.java
new file mode 100644
index 00000000000..119224ac299
--- /dev/null
+++ b/jdk/test/java/awt/Frame/MaximizedNormalBoundsUndecoratedTest/MaximizedNormalBoundsUndecoratedTest.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.Frame;
+import java.awt.Toolkit;
+import java.awt.Dimension;
+/*
+ * @test
+ * @bug 8066436
+ * @summary Set the size of frame. Set extendedState Frame.MAXIMIZED_BOTH and Frame.NORMAL
+ *          sequentially for undecorated Frame and .
+ *          Check if resulted size is equal to original frame size.
+ * @run main MaximizedNormalBoundsUndecoratedTest
+ */
+
+
+public class MaximizedNormalBoundsUndecoratedTest {
+    private Frame frame;
+    public static void main(String args[]) {
+        if (!Toolkit.getDefaultToolkit().isFrameStateSupported(Frame.MAXIMIZED_BOTH)
+                && !Toolkit.getDefaultToolkit().isFrameStateSupported(Frame.NORMAL)) {
+            return;
+        }
+        MaximizedNormalBoundsUndecoratedTest test = new MaximizedNormalBoundsUndecoratedTest();
+        boolean doPass = true;
+        if( !test.doTest() ) {
+            System.out.println("Maximizing frame not saving correct normal bounds");
+            doPass = false;
+        }
+
+        if(!doPass) {
+            throw new RuntimeException("Maximizing frame not saving correct normal bounds");
+        }
+    }
+
+    boolean doTest() {
+        Dimension beforeMaximizeCalled = new Dimension(300,300);
+
+        frame = new Frame("Test Frame");
+        frame.setUndecorated(true);
+        frame.setFocusable(true);
+        frame.setSize(beforeMaximizeCalled);
+        frame.setVisible(true);
+        frame.setExtendedState(Frame.MAXIMIZED_BOTH);
+        frame.setExtendedState(Frame.NORMAL);
+
+        Dimension afterMaximizedCalled= frame.getBounds().getSize();
+
+        frame.dispose();
+
+        if (beforeMaximizeCalled.equals(afterMaximizedCalled)) {
+            return true;
+        }
+        return false;
+    }
+}

From 996a61cf68a28190d1ec90bd1fa50b7d8199bfa4 Mon Sep 17 00:00:00 2001
From: Jaroslav Bachorik <jbachorik@openjdk.org>
Date: Tue, 10 Mar 2015 20:25:48 +0100
Subject: [PATCH 15/35] 8049696: com/sun/jdi/RunToExit fails with
 "ConnectException: Connection refused"

Reviewed-by: sla
---
 jdk/test/com/sun/jdi/RunToExit.java           | 117 +++++++-----------
 .../jdk/testlibrary/ProcessTools.java         |  62 +++++++---
 2 files changed, 91 insertions(+), 88 deletions(-)

diff --git a/jdk/test/com/sun/jdi/RunToExit.java b/jdk/test/com/sun/jdi/RunToExit.java
index 01a15c85697..f76f4b0b9fa 100644
--- a/jdk/test/com/sun/jdi/RunToExit.java
+++ b/jdk/test/com/sun/jdi/RunToExit.java
@@ -24,74 +24,29 @@
 /* @test
  * @bug 4997445
  * @summary Test that with server=y, when VM runs to System.exit() no error happens
- *
- * @build VMConnection RunToExit Exit0
+ * @library /lib/testlibrary
+ * @build jdk.testlibrary.* VMConnection RunToExit Exit0
  * @run driver RunToExit
  */
-import java.io.InputStream;
-import java.io.IOException;
-import java.io.File;
-import java.io.BufferedInputStream;
 import java.net.ServerSocket;
 import com.sun.jdi.Bootstrap;
 import com.sun.jdi.VirtualMachine;
 import com.sun.jdi.event.*;
 import com.sun.jdi.connect.Connector;
 import com.sun.jdi.connect.AttachingConnector;
+import java.net.ConnectException;
 import java.util.Map;
 import java.util.List;
 import java.util.Iterator;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
+import jdk.testlibrary.ProcessTools;
 
 public class RunToExit {
 
     /* Increment this when ERROR: seen */
-    static int error_seen = 0;
+    static volatile int error_seen = 0;
     static volatile boolean ready = false;
-    /*
-     * Helper class to direct process output to a StringBuffer
-     */
-    static class IOHandler implements Runnable {
-        private String              name;
-        private BufferedInputStream in;
-        private StringBuffer        buffer;
-
-        IOHandler(String name, InputStream in) {
-            this.name = name;
-            this.in = new BufferedInputStream(in);
-            this.buffer = new StringBuffer();
-        }
-
-        static void handle(String name, InputStream in) {
-            IOHandler handler = new IOHandler(name, in);
-            Thread thr = new Thread(handler);
-            thr.setDaemon(true);
-            thr.start();
-        }
-
-        public void run() {
-            try {
-                byte b[] = new byte[100];
-                for (;;) {
-                    int n = in.read(b, 0, 100);
-                    // The first thing that will get read is
-                    //    Listening for transport dt_socket at address: xxxxx
-                    // which shows the debuggee is ready to accept connections.
-                    ready = true;
-                    if (n < 0) {
-                        break;
-                    }
-                    buffer.append(new String(b, 0, n));
-                }
-            } catch (IOException ioe) { }
-
-            String str = buffer.toString();
-            if ( str.contains("ERROR:") ) {
-                error_seen++;
-            }
-            System.out.println(name + ": " + str);
-        }
-
-    }
 
     /*
      * Find a connector by name
@@ -111,24 +66,40 @@ public class RunToExit {
     /*
      * Launch a server debuggee with the given address
      */
-    private static Process launch(String address, String class_name) throws IOException {
-        String exe =   System.getProperty("java.home")
-                     + File.separator + "bin" + File.separator + "java";
-        String cmd = exe + " " + VMConnection.getDebuggeeVMOptions() +
-            " -agentlib:jdwp=transport=dt_socket" +
-            ",server=y" + ",suspend=y" + ",address=" + address +
-            " " + class_name;
+    private static Process launch(String address, String class_name) throws Exception {
+        String args[] = new String[]{
+            "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address="
+                + address,
+            class_name
+        };
+        args = VMConnection.insertDebuggeeVMOptions(args);
 
-        System.out.println("Starting: " + cmd);
+        ProcessBuilder launcher = ProcessTools.createJavaProcessBuilder(args);
 
-        Process p = Runtime.getRuntime().exec(cmd);
+        System.out.println(launcher.command().stream().collect(Collectors.joining(" ", "Starting: ", "")));
 
-        IOHandler.handle("Input Stream", p.getInputStream());
-        IOHandler.handle("Error Stream", p.getErrorStream());
+        Process p = ProcessTools.startProcess(
+            class_name,
+            launcher,
+            RunToExit::checkForError,
+            RunToExit::isTransportListening,
+            0,
+            TimeUnit.NANOSECONDS
+        );
 
         return p;
     }
 
+    private static boolean isTransportListening(String line) {
+        return line.startsWith("Listening for transport dt_socket");
+    }
+
+    private static void checkForError(String line) {
+        if (line.contains("ERROR:")) {
+            error_seen++;
+        }
+    }
+
     /*
      * - pick a TCP port
      * - Launch a server debuggee: server=y,suspend=y,address=${port}
@@ -146,15 +117,6 @@ public class RunToExit {
         // launch the server debuggee
         Process process = launch(address, "Exit0");
 
-        // wait for the debugge to be ready
-        while (!ready) {
-            try {
-                Thread.sleep(1000);
-            } catch(Exception ee) {
-                throw ee;
-            }
-        }
-
         // attach to server debuggee and resume it so it can exit
         AttachingConnector conn = (AttachingConnector)findConnector("com.sun.jdi.SocketAttach");
         Map conn_args = conn.defaultArguments();
@@ -164,7 +126,16 @@ public class RunToExit {
 
         System.out.println("Connection arguments: " + conn_args);
 
-        VirtualMachine vm = conn.attach(conn_args);
+        VirtualMachine vm = null;
+        while (vm == null) {
+            try {
+                vm = conn.attach(conn_args);
+            } catch (ConnectException e) {
+                e.printStackTrace(System.out);
+                System.out.println("--- Debugee not ready. Retrying in 500ms. ---");
+                Thread.sleep(500);
+            }
+        }
 
         // The first event is always a VMStartEvent, and it is always in
         // an EventSet by itself.  Wait for it.
diff --git a/jdk/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java b/jdk/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java
index fedcd91f796..3e88f8887df 100644
--- a/jdk/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java
+++ b/jdk/test/lib/testlibrary/jdk/testlibrary/ProcessTools.java
@@ -88,24 +88,12 @@ public final class ProcessTools {
                                        ProcessBuilder processBuilder,
                                        Consumer<String> consumer)
     throws IOException {
-        Process p = null;
         try {
-            p = startProcess(
-                name,
-                processBuilder,
-                line -> {
-                    if (consumer != null) {
-                        consumer.accept(line);
-                    }
-                    return false;
-                },
-                -1,
-                TimeUnit.NANOSECONDS
-            );
+            return startProcess(name, processBuilder, consumer, null, -1, TimeUnit.NANOSECONDS);
         } catch (InterruptedException | TimeoutException e) {
-            // can't ever happen
+            // will never happen
+            throw new RuntimeException(e);
         }
-        return p;
     }
 
     /**
@@ -133,6 +121,38 @@ public final class ProcessTools {
                                        final Predicate<String> linePredicate,
                                        long timeout,
                                        TimeUnit unit)
+    throws IOException, InterruptedException, TimeoutException {
+        return startProcess(name, processBuilder, null, linePredicate, timeout, unit);
+    }
+
+    /**
+     * <p>Starts a process from its builder.</p>
+     * <span>The default redirects of STDOUT and STDERR are started</span>
+     * <p>
+     * It is possible to wait for the process to get to a warmed-up state
+     * via {@linkplain Predicate} condition on the STDOUT and monitor the
+     * in-streams via the provided {@linkplain Consumer}
+     * </p>
+     * @param name The process name
+     * @param processBuilder The process builder
+     * @param lineConsumer  The {@linkplain Consumer} the lines will be forwarded to
+     * @param linePredicate The {@linkplain Predicate} to use on the STDOUT
+     *                      Used to determine the moment the target app is
+     *                      properly warmed-up.
+     *                      It can be null - in that case the warmup is skipped.
+     * @param timeout The timeout for the warmup waiting; -1 = no wait; 0 = wait forever
+     * @param unit The timeout {@linkplain TimeUnit}
+     * @return Returns the initialized {@linkplain Process}
+     * @throws IOException
+     * @throws InterruptedException
+     * @throws TimeoutException
+     */
+    public static Process startProcess(String name,
+                                       ProcessBuilder processBuilder,
+                                       final Consumer<String> lineConsumer,
+                                       final Predicate<String> linePredicate,
+                                       long timeout,
+                                       TimeUnit unit)
     throws IOException, InterruptedException, TimeoutException {
         System.out.println("["+name+"]:" + processBuilder.command().stream().collect(Collectors.joining(" ")));
         Process p = processBuilder.start();
@@ -141,6 +161,18 @@ public final class ProcessTools {
 
         stdout.addPump(new LineForwarder(name, System.out));
         stderr.addPump(new LineForwarder(name, System.err));
+        if (lineConsumer != null) {
+            StreamPumper.LinePump pump = new StreamPumper.LinePump() {
+                @Override
+                protected void processLine(String line) {
+                    lineConsumer.accept(line);
+                }
+            };
+            stdout.addPump(pump);
+            stderr.addPump(pump);
+        }
+
+
         CountDownLatch latch = new CountDownLatch(1);
         if (linePredicate != null) {
             StreamPumper.LinePump pump = new StreamPumper.LinePump() {

From d24e1db13aa4871eded32742dc5a3536e6c49994 Mon Sep 17 00:00:00 2001
From: Alexander Kulyakhtin <alexander.kulyakhtin@oracle.com>
Date: Wed, 11 Mar 2015 00:45:02 +0300
Subject: [PATCH 16/35] 8072754: com/sun/jdi/NativeInstanceFilter.java requires
 adjustments to work with module boundaries

The tests uses sun.misc.Version to check if the JVM version is greater than a certain version. For the JDK 9 the condition is always true and the usage of sun.misc.Version thus can be eliminated.

Reviewed-by: alanb, sla
---
 .../com/sun/jdi/NativeInstanceFilterTarg.java | 24 +++----------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/jdk/test/com/sun/jdi/NativeInstanceFilterTarg.java b/jdk/test/com/sun/jdi/NativeInstanceFilterTarg.java
index a3179da7078..5b81fc8e0b1 100644
--- a/jdk/test/com/sun/jdi/NativeInstanceFilterTarg.java
+++ b/jdk/test/com/sun/jdi/NativeInstanceFilterTarg.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,36 +21,18 @@
  * questions.
  */
 
-import sun.misc.Version;
-
 public class NativeInstanceFilterTarg {
 
     public static void main(String args[]) {
-        boolean runTest = jvmSupportsJVMTI_12x();
         String s1 = "abc";
         String s2 = "def";
         latch(s1);
         s1.intern();
-        if (runTest) {
-            s2.intern(); // this is the call that generates events that ought
-                         // to be filtered out.
-        } else {
-            System.out.println("Neutering test since JVMTI 1.2 not supported");
-        }
+        s2.intern(); // this is the call that generates events that ought
+                     // to be filtered out.
     }
 
     // Used by debugger to get an instance to filter with
     public static String latch(String s) { return s; }
 
-    public static boolean jvmSupportsJVMTI_12x() {
-        // This fix requires the JVM to support JVMTI 1.2, which doesn't
-        // happen until HSX 20.0, build 05.
-        int major = Version.jvmMajorVersion();
-        int minor = Version.jvmMinorVersion();
-        int micro = Version.jvmMicroVersion();
-        int build = Version.jvmBuildNumber();
-
-        return (major > 20 || major == 20 &&
-                   (minor > 0 || micro > 0 || build >= 5));
-    }
 }

From 465abe9cfd9ba53dc318b35269cb09cd6e62c2bc Mon Sep 17 00:00:00 2001
From: Alexander Zvegintsev <azvegint@openjdk.org>
Date: Wed, 11 Mar 2015 16:48:43 +0300
Subject: [PATCH 17/35] 8074921: OS X build broken by reference to XToolkit

Reviewed-by: alexsch, serb
---
 .../java.desktop/unix/classes/sun/awt/UNIXToolkit.java    | 8 +-------
 .../unix/native/libawt_xawt/awt/gtk2_interface.c          | 5 ++++-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java b/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
index bf6f87d4a6e..702bccb3d43 100644
--- a/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
+++ b/jdk/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java
@@ -31,7 +31,6 @@ import java.awt.image.*;
 import java.security.AccessController;
 import sun.security.action.GetIntegerAction;
 import com.sun.java.swing.plaf.gtk.GTKConstants.TextDirection;
-import sun.awt.X11.XToolkit;
 import sun.java2d.opengl.OGLRenderQueue;
 
 public abstract class UNIXToolkit extends SunToolkit
@@ -98,12 +97,7 @@ public abstract class UNIXToolkit extends SunToolkit
     public boolean loadGTK() {
         synchronized (GTK_LOCK) {
             if (nativeGTKLoaded == null) {
-                XToolkit.awtLock();
-                try {
-                    nativeGTKLoaded = load_gtk();
-                } finally {
-                    XToolkit.awtUnlock();
-                }
+                nativeGTKLoaded = load_gtk();
             }
         }
         return nativeGTKLoaded;
diff --git a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
index 8204b8d4836..2e35e5ea43a 100644
--- a/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
+++ b/jdk/src/java.desktop/unix/native/libawt_xawt/awt/gtk2_interface.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
 #include "jvm_md.h"
 #include "sizecalc.h"
 #include <jni_util.h>
+#include "awt.h"
 
 #define GTK2_LIB_VERSIONED VERSIONED_JNI_LIB_NAME("gtk-x11-2.0", "0")
 #define GTK2_LIB JNI_LIB_NAME("gtk-x11-2.0")
@@ -890,6 +891,7 @@ gboolean gtk2_load(JNIEnv *env)
      * BadMatch errors which we would normally ignore. The IO error handler
      * is preserved here, too, just for consistency.
     */
+    AWT_LOCK();
     handler = XSetErrorHandler(NULL);
     io_handler = XSetIOErrorHandler(NULL);
 
@@ -926,6 +928,7 @@ gboolean gtk2_load(JNIEnv *env)
 
     XSetErrorHandler(handler);
     XSetIOErrorHandler(io_handler);
+    AWT_UNLOCK();
 
     /* Initialize widget array. */
     for (i = 0; i < _GTK_WIDGET_TYPE_SIZE; i++)

From 827d9d39285738e0dc35807dae3330ec657f2032 Mon Sep 17 00:00:00 2001
From: Frank Yuan <fyuan@openjdk.org>
Date: Fri, 13 Mar 2015 15:50:39 +0300
Subject: [PATCH 18/35] 8061293: Update javax/xml tests to remove references of
 jre dir

Reviewed-by: lancea, mkos
---
 jdk/test/javax/xml/ws/8033113/WsImportTest.java       | 3 ---
 jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java | 3 ---
 jdk/test/javax/xml/ws/clientjar/TestWsImport.java     | 3 ---
 jdk/test/javax/xml/ws/ebcdic/WsImportTest.java        | 3 ---
 4 files changed, 12 deletions(-)

diff --git a/jdk/test/javax/xml/ws/8033113/WsImportTest.java b/jdk/test/javax/xml/ws/8033113/WsImportTest.java
index aa1cf860ab4..ac1b13e3949 100644
--- a/jdk/test/javax/xml/ws/8033113/WsImportTest.java
+++ b/jdk/test/javax/xml/ws/8033113/WsImportTest.java
@@ -140,9 +140,6 @@ public class WsImportTest {
 
     private static String getWsImport() {
         String javaHome = System.getProperty("java.home");
-        if (javaHome.endsWith("jre")) {
-            javaHome = new File(javaHome).getParent();
-        }
         String wsimport = javaHome + File.separator + "bin" + File.separator + "wsimport";
         if (System.getProperty("os.name").startsWith("Windows")) {
             wsimport = wsimport.concat(".exe");
diff --git a/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java b/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java
index cb70d2247ae..1edd3c23907 100644
--- a/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java
+++ b/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java
@@ -86,9 +86,6 @@ public class GenerateEnumSchema {
 
     private static String getSchemagen() {
         String javaHome = System.getProperty("java.home");
-        if (javaHome.endsWith("jre")) {
-            javaHome = new File(javaHome).getParent();
-        }
         String schemagen = javaHome + File.separator + "bin" + File.separator + "schemagen";
         if (System.getProperty("os.name").startsWith("Windows")) {
             schemagen = schemagen.concat(".exe");
diff --git a/jdk/test/javax/xml/ws/clientjar/TestWsImport.java b/jdk/test/javax/xml/ws/clientjar/TestWsImport.java
index 422f4f5f045..dadceb34295 100644
--- a/jdk/test/javax/xml/ws/clientjar/TestWsImport.java
+++ b/jdk/test/javax/xml/ws/clientjar/TestWsImport.java
@@ -55,9 +55,6 @@ public class TestWsImport {
     public static void main(String[] args) throws IOException {
 
         String javaHome = System.getProperty("java.home");
-        if (javaHome.endsWith("jre")) {
-            javaHome = new File(javaHome).getParent();
-        }
         String wsimport = javaHome + File.separator + "bin" + File.separator + "wsimport";
         if (System.getProperty("os.name").startsWith("Windows")) {
             wsimport = wsimport.concat(".exe");
diff --git a/jdk/test/javax/xml/ws/ebcdic/WsImportTest.java b/jdk/test/javax/xml/ws/ebcdic/WsImportTest.java
index 7977cf98730..21a9fd874cc 100644
--- a/jdk/test/javax/xml/ws/ebcdic/WsImportTest.java
+++ b/jdk/test/javax/xml/ws/ebcdic/WsImportTest.java
@@ -133,9 +133,6 @@ public class WsImportTest {
 
     private static String getWsImport() {
         String javaHome = System.getProperty("java.home");
-        if (javaHome.endsWith("jre")) {
-            javaHome = new File(javaHome).getParent();
-        }
         String wsimport = javaHome + File.separator + "bin" + File.separator + "wsimport";
         if (System.getProperty("os.name").startsWith("Windows")) {
             wsimport = wsimport.concat(".exe");

From a55dd41fc7ad4987f699778f206e48686b0f437b Mon Sep 17 00:00:00 2001
From: Jamil Nimeh <jnimeh@openjdk.org>
Date: Fri, 13 Mar 2015 09:32:54 -0700
Subject: [PATCH 19/35] 8074064: OCSPResponse.SingleResponse objects do not
 parse singleExtensions

Reviewed-by: mullan, vinnie
---
 .../provider/certpath/OCSPResponse.java       | 134 +++++---
 .../certpath/OCSP/OCSPSingleExtensions.java   | 185 ++++++++++
 .../provider/certpath/OCSP/TEST.properties    |   1 +
 .../security/provider/certpath/OCSP/int.crt   | 121 +++++++
 .../certpath/OCSP/ocsp-good-nonext.resp       | 316 +++++++++++++++++
 .../certpath/OCSP/ocsp-good-witharchcut.resp  | 320 +++++++++++++++++
 .../certpath/OCSP/ocsp-good-withnext.resp     | 317 +++++++++++++++++
 .../certpath/OCSP/ocsp-rev-bad-sr-tag.resp    |  60 ++++
 .../certpath/OCSP/ocsp-rev-nocerts.resp       |  53 +++
 .../certpath/OCSP/ocsp-rev-nonext-noinv.resp  | 317 +++++++++++++++++
 .../OCSP/ocsp-rev-nonext-withinv.resp         | 323 ++++++++++++++++++
 .../OCSP/ocsp-rev-sr-cont-reverse.resp        |  61 ++++
 .../certpath/OCSP/ocsp-rev-twonext.resp       |  58 ++++
 .../OCSP/ocsp-rev-withnext-noinv.resp         | 319 +++++++++++++++++
 .../OCSP/ocsp-rev-withnext-withinv.resp       | 323 ++++++++++++++++++
 15 files changed, 2861 insertions(+), 47 deletions(-)
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/OCSPSingleExtensions.java
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/TEST.properties
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/int.crt
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-nonext.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-witharchcut.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-withnext.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-bad-sr-tag.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nocerts.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-noinv.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-withinv.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-sr-cont-reverse.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-twonext.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-noinv.resp
 create mode 100644 jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-withinv.resp

diff --git a/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java b/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
index 8075d73fd81..f8e72abebc0 100644
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -670,6 +670,38 @@ public final class OCSPResponse {
         return signerCert; // set in verify()
     }
 
+    /**
+     * Build a String-Extension map from DER encoded data.
+     * @param derVal A {@code DerValue} object built from a SEQUENCE of
+     *      extensions
+     *
+     * @return A {@code Map} using the OID in string form as the keys.  If no
+     *      extensions are found or an empty SEQUENCE is passed in, then
+     *      an empty {@code Map} will be returned.
+     *
+     * @throws IOException if any decoding errors occur.
+     */
+    private static Map<String, java.security.cert.Extension>
+        parseExtensions(DerValue derVal) throws IOException {
+        DerValue[] extDer = derVal.data.getSequence(3);
+        Map<String, java.security.cert.Extension> extMap =
+                new HashMap<>(extDer.length);
+
+        for (DerValue extDerVal : extDer) {
+            Extension ext = new Extension(extDerVal);
+            // We don't support any extensions yet. Therefore, if it
+            // is critical we must throw an exception because we
+            // don't know how to process it.
+            if (ext.isCritical()) {
+                throw new IOException("Unsupported OCSP critical extension: " +
+                        ext.getExtensionId());
+            }
+            extMap.put(ext.getId(), ext);
+        }
+
+        return extMap;
+    }
+
     /*
      * A class representing a single OCSP response.
      */
@@ -718,7 +750,7 @@ public final class OCSPResponse {
                 }
             } else {
                 revocationTime = null;
-                revocationReason = CRLReason.UNSPECIFIED;
+                revocationReason = null;
                 if (tag == CERT_STATUS_GOOD) {
                     certStatus = CertStatus.GOOD;
                 } else if (tag == CERT_STATUS_UNKNOWN) {
@@ -729,55 +761,59 @@ public final class OCSPResponse {
             }
 
             thisUpdate = tmp.getGeneralizedTime();
-
-            if (tmp.available() == 0)  {
-                // we are done
-                nextUpdate = null;
-            } else {
-                derVal = tmp.getDerValue();
-                tag = (byte)(derVal.tag & 0x1f);
-                if (tag == 0) {
-                    // next update
-                    nextUpdate = derVal.data.getGeneralizedTime();
-
-                    if (tmp.available() == 0)  {
-                        // we are done
-                    } else {
-                        derVal = tmp.getDerValue();
-                        tag = (byte)(derVal.tag & 0x1f);
-                    }
-                } else {
-                    nextUpdate = null;
-                }
+            if (debug != null) {
+                debug.println("thisUpdate: " + thisUpdate);
             }
-            // singleExtensions
+
+            // Parse optional fields like nextUpdate and singleExtensions
+            Date tmpNextUpdate = null;
+            Map<String, java.security.cert.Extension> tmpMap = null;
+
+            // Check for the first optional item, it could be nextUpdate
+            // [CONTEXT 0] or singleExtensions [CONTEXT 1]
             if (tmp.available() > 0) {
                 derVal = tmp.getDerValue();
-                if (derVal.isContextSpecific((byte)1)) {
-                    DerValue[] singleExtDer = derVal.data.getSequence(3);
-                    singleExtensions =
-                        new HashMap<String, java.security.cert.Extension>
-                            (singleExtDer.length);
-                    for (int i = 0; i < singleExtDer.length; i++) {
-                        Extension ext = new Extension(singleExtDer[i]);
-                        if (debug != null) {
-                            debug.println("OCSP single extension: " + ext);
-                        }
-                        // We don't support any extensions yet. Therefore, if it
-                        // is critical we must throw an exception because we
-                        // don't know how to process it.
-                        if (ext.isCritical()) {
-                            throw new IOException(
-                                "Unsupported OCSP critical extension: " +
-                                ext.getExtensionId());
-                        }
-                        singleExtensions.put(ext.getId(), ext);
+
+                // nextUpdate processing
+                if (derVal.isContextSpecific((byte)0)) {
+                    tmpNextUpdate = derVal.data.getGeneralizedTime();
+                    if (debug != null) {
+                        debug.println("nextUpdate: " + tmpNextUpdate);
                     }
-                } else {
-                    singleExtensions = Collections.emptyMap();
+
+                    // If more data exists in the singleResponse, it
+                    // can only be singleExtensions.  Get this DER value
+                    // for processing in the next block
+                    derVal = tmp.available() > 0 ? tmp.getDerValue() : null;
+                }
+
+                // singleExtensions processing
+                if (derVal != null) {
+                    if (derVal.isContextSpecific((byte)1)) {
+                        tmpMap = parseExtensions(derVal);
+
+                        // There should not be any other items in the
+                        // singleResponse at this point.
+                        if (tmp.available() > 0) {
+                            throw new IOException(tmp.available() +
+                                " bytes of additional data in singleResponse");
+                        }
+                    } else {
+                        // Unknown item in the singleResponse
+                        throw new IOException("Unsupported singleResponse " +
+                            "item, tag = " + String.format("%02X", derVal.tag));
+                    }
+                }
+            }
+
+            nextUpdate = tmpNextUpdate;
+            singleExtensions = (tmpMap != null) ? tmpMap :
+                    Collections.emptyMap();
+            if (debug != null) {
+                for (java.security.cert.Extension ext :
+                        singleExtensions.values()) {
+                   debug.println("singleExtension: " + ext);
                 }
-            } else {
-                singleExtensions = Collections.emptyMap();
             }
         }
 
@@ -793,7 +829,8 @@ public final class OCSPResponse {
         }
 
         @Override public Date getRevocationTime() {
-            return (Date) revocationTime.clone();
+            return (revocationTime != null ? (Date) revocationTime.clone() :
+                    null);
         }
 
         @Override public CRLReason getRevocationReason() {
@@ -821,6 +858,9 @@ public final class OCSPResponse {
             if (nextUpdate != null) {
                 sb.append("nextUpdate is " + nextUpdate + "\n");
             }
+            for (java.security.cert.Extension ext : singleExtensions.values()) {
+                sb.append("singleExtension: " + ext + "\n");
+            }
             return sb.toString();
         }
     }
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/OCSPSingleExtensions.java b/jdk/test/sun/security/provider/certpath/OCSP/OCSPSingleExtensions.java
new file mode 100644
index 00000000000..3e518375800
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/OCSPSingleExtensions.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8074064
+ * @summary OCSPResponse.SingleResponse objects do not parse singleExtensions
+ * @run main/othervm sun.security.provider.certpath.OCSPSingleExtensions
+ */
+
+package sun.security.provider.certpath;
+
+import java.io.*;
+import java.util.*;
+import java.security.cert.*;
+
+import sun.security.x509.SerialNumber;
+
+/*
+ * Tester note:
+ * For this test, all input files should be co-located with the test source
+ * code.  All test input data should be in PEM format, and may be commented
+ * with the '#' character at the beginning of any comment line.  Most tests were
+ * generated using the "openssl ocsp" utility in server mode and used the same
+ * utility as a client to drive the responses.  In rare cases
+ * (ocsp-good-witharchcut.resp, etc.) the test input was manually modified
+ * because openssl's ocsp could not generate data in that format (e.g. a
+ * "good" response with singleExtensions in the SingleResponse structure.)
+ * These tests were created to force the code to walk codepaths reached only
+ * with invalid OCSP data or legal formats that are not easily generated using
+ * the tools at hand.  These hand-modified test cases will not verify.
+ */
+
+public class OCSPSingleExtensions {
+    public static CertificateFactory CF;
+    public static final File testDir =
+            new File(System.getProperty("test.src", "."));
+    public static final Base64.Decoder B64D = Base64.getMimeDecoder();
+
+    public static void main(String [] args) throws Exception {
+        // Get a CertificateFactory for various tests
+        CF = CertificateFactory.getInstance("X509");
+        ByteArrayInputStream bais =
+                new ByteArrayInputStream(readFile("int.crt").getBytes());
+        X509Certificate intCA = (X509Certificate)CF.generateCertificate(bais);
+        System.out.println("Successfully instantiated CA cert \"" +
+                intCA.getSubjectX500Principal() + "\"");
+
+        CertId cid0x1500 = new CertId(intCA, new SerialNumber(0x1500));
+        boolean noFailures = true;
+
+        OCSPResponse.SingleResponse sr =
+                getSRByFilename("ocsp-good-nonext.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 0);
+
+        if (sr.getRevocationTime() != null) {
+            throw new RuntimeException("Oops. revocationTime is non-null " +
+                    sr.getRevocationTime());
+        } else if (sr.getRevocationReason() != null) {
+            throw new RuntimeException("Oops. revocationReason is non-null " +
+                    sr.getRevocationReason());
+        }
+
+        sr = getSRByFilename("ocsp-good-withnext.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 0);
+
+        sr = getSRByFilename("ocsp-good-witharchcut.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 1);
+
+        sr = getSRByFilename("ocsp-rev-nocerts.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 1);
+
+        sr = getSRByFilename("ocsp-rev-nonext-noinv.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 0);
+
+        sr = getSRByFilename("ocsp-rev-withnext-noinv.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 0);
+
+        sr = getSRByFilename("ocsp-rev-nonext-withinv.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 1);
+
+        sr = getSRByFilename("ocsp-rev-withnext-withinv.resp", cid0x1500);
+        noFailures &= checkSingleExts(sr, 1);
+
+        try {
+            sr = getSRByFilename("ocsp-rev-twonext.resp", cid0x1500);
+            System.out.println("FAIL: Allowed two nextUpdate fields");
+            noFailures = false;
+        } catch (IOException ioe) {
+            System.out.println("Caught expected exception: " + ioe);
+        }
+
+        try {
+            sr = getSRByFilename("ocsp-rev-bad-sr-tag.resp", cid0x1500);
+            System.out.println("FAIL: Allowed invalid singleResponse item");
+            noFailures = false;
+        } catch (IOException ioe) {
+            System.out.println("Caught expected exception: " + ioe);
+        }
+
+        try {
+            sr = getSRByFilename("ocsp-rev-sr-cont-reverse.resp", cid0x1500);
+            System.out.println("FAIL: Allowed reversed " +
+                    "nextUpdate/singleExtensions");
+            noFailures = false;
+        } catch (IOException ioe) {
+            System.out.println("Caught expected exception: " + ioe);
+        }
+
+        if (!noFailures) {
+            throw new RuntimeException("One or more tests failed");
+        }
+    }
+
+    private static OCSPResponse.SingleResponse getSRByFilename(String fileName,
+            CertId cid) throws IOException {
+        byte[] respDER = B64D.decode(readFile(fileName));
+        OCSPResponse or = new OCSPResponse(respDER);
+        OCSPResponse.SingleResponse sr = or.getSingleResponse(cid);
+        return sr;
+    }
+
+    private static String readFile(String fileName) throws IOException {
+        String filePath = testDir + "/" + fileName;
+        StringBuilder sb = new StringBuilder();
+
+        try (FileReader fr = new FileReader(filePath);
+                BufferedReader br = new BufferedReader(fr)) {
+            String line;
+            while ((line = br.readLine()) != null) {
+                if (!line.trim().startsWith("#")) {
+                    sb.append(line).append("\n");
+                }
+            }
+        }
+
+        System.out.println("Successfully read " + fileName);
+        return sb.toString();
+    }
+
+    private static boolean checkSingleExts(OCSPResponse.SingleResponse sr,
+            int singleExtCount) {
+        Map<String, Extension> singleExts;
+        try {
+            singleExts = sr.getSingleExtensions();
+        } catch (NullPointerException npe) {
+            System.out.println(
+                    "Warning: Sent null singleResponse into checkSingleExts");
+            return false;
+        }
+
+        for (String key : singleExts.keySet()) {
+            System.out.println("singleExtension: " + singleExts.get(key));
+        }
+
+        if (singleExts.size() != singleExtCount) {
+            System.out.println("Single Extension count mismatch, " +
+                    "expected " + singleExtCount + ", got " +
+                    singleExts.size());
+            return false;
+        } else {
+            return true;
+        }
+    }
+}
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/TEST.properties b/jdk/test/sun/security/provider/certpath/OCSP/TEST.properties
new file mode 100644
index 00000000000..72f8b4cfd43
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/TEST.properties
@@ -0,0 +1 @@
+bootclasspath.dirs=.
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/int.crt b/jdk/test/sun/security/provider/certpath/OCSP/int.crt
new file mode 100644
index 00000000000..7922392f300
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/int.crt
@@ -0,0 +1,121 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=Test, CN=TestRoot
+        Validity
+            Not Before: Feb 24 00:59:51 2015 GMT
+            Not After : Feb 13 00:59:51 2017 GMT
+        Subject: O=Test, CN=TestIntCA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+                    f9:cf:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+            X509v3 Authority Key Identifier: 
+                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+         e6:56:87:80:bf:95:20:c5
+
+-----BEGIN CERTIFICATE-----
+MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+EATpJX3DuxDgEVUp5laHgL+VIMU=
+-----END CERTIFICATE-----
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-nonext.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-nonext.resp
new file mode 100644
index 00000000000..173164acc18
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-nonext.resp
@@ -0,0 +1,316 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:44:43 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: good
+#    This Update: Feb 28 00:44:43 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            0410AC8B4F37A9FC4A780725B40C10737187
+#    Signature Algorithm: sha1WithRSAEncryption
+#         34:89:04:55:0d:5d:78:0a:ad:19:50:11:eb:34:dc:49:9a:a8:
+#         5d:e6:c1:ff:a9:83:54:6f:3e:30:87:6a:78:c9:d1:09:e9:b9:
+#         af:27:08:a9:9e:57:62:ab:b7:27:f2:81:61:f4:44:df:46:01:
+#         32:e7:eb:c6:f2:8d:fc:55:a4:58:84:60:ac:e2:f2:f1:de:05:
+#         f2:5f:b3:bc:9e:83:7d:e3:d4:58:71:01:b8:c0:ae:cf:e3:07:
+#         23:7a:88:03:d2:c8:45:cd:07:ee:d6:81:31:81:7e:bd:e3:f4:
+#         7a:fe:c1:49:99:b1:d9:0d:73:d4:47:b7:2d:14:63:d0:87:23:
+#         ec:a6:46:86:f6:98:4e:97:d7:93:dc:77:9f:a0:b5:0d:1a:14:
+#         08:33:4c:70:34:ba:d5:1c:21:31:fb:3b:e0:78:33:32:11:70:
+#         d2:7a:3c:e4:62:3c:50:cd:d5:11:5f:cc:99:52:2b:6b:75:43:
+#         aa:e2:42:a5:d6:a7:4d:09:43:61:13:5b:b7:6a:eb:85:e1:9f:
+#         3b:bf:49:fe:b0:54:4c:16:3a:3b:cc:3c:6c:82:08:08:2f:bf:
+#         dc:e6:7e:d3:58:41:1d:2c:cd:a7:f7:64:30:66:0c:b8:06:e6:
+#         df:99:10:37:fc:3a:ff:9a:05:37:01:ee:75:6a:ff:58:04:c7:
+#         85:19:e6:48
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILTgoBAKCCC0cwggtDBgkrBgEFBQcwAQEEggs0MIILMDCBsKEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDQ0M1owUjBQ
+MDswCQYFKw4DAhoFAAQUEFZXi3QYEyYf2XEq2mAHf/fGHo8EFJv5hAZq/NLrCJP7
+5O4v2MHCiXqnAgIVAIAAGA8yMDE1MDIyODAwNDQ0M1qhIzAhMB8GCSsGAQUFBzAB
+AgQSBBCsi083qfxKeAcltAwQc3GHMA0GCSqGSIb3DQEBBQUAA4IBAQA0iQRVDV14
+Cq0ZUBHrNNxJmqhd5sH/qYNUbz4wh2p4ydEJ6bmvJwipnldiq7cn8oFh9ETfRgEy
+5+vG8o38VaRYhGCs4vLx3gXyX7O8noN949RYcQG4wK7P4wcjeogD0shFzQfu1oEx
+gX694/R6/sFJmbHZDXPUR7ctFGPQhyPspkaG9phOl9eT3HefoLUNGhQIM0xwNLrV
+HCEx+zvgeDMyEXDSejzkYjxQzdURX8yZUitrdUOq4kKl1qdNCUNhE1u3auuF4Z87
+v0n+sFRMFjo7zDxsgggIL7/c5n7TWEEdLM2n92QwZgy4BubfmRA3/Dr/mgU3Ae51
+av9YBMeFGeZIoIIJZTCCCWEwggQ5MIICIaADAgECAgIBATANBgkqhkiG9w0BAQsF
+ADAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwHhcNMTUwMjI0
+MDEyMjI0WhcNMTYwMjI0MDEyMjI0WjAiMQ0wCwYDVQQKDARUZXN0MREwDwYDVQQD
+DAhUZXN0T0NTUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJcrhH2
+xq6XujHtK7bhx1gD5ZvueFPLM6UV/cZJFoMOyCF9z6jrGDEyCmIMTselpXWd23KQ
+41quUwobWT+9Omexv5hkpIXwlxCLDn57XtQyq7Xvw94iwBGQyDfkSLBe/BoseoUr
+pr0YZAjT47jYqy612OgSLlhFaaxWlGLjwsQ8COqzu6SJfvuEXpVJb7kzZhrCfzZV
+GKch5Bt1wOjJAhuc8YuxWLCM2lwkpfSlNlIcdtNace7wyEtlWAvW1mwjO9CP9Tpm
+1PT9NJDCNaFtcEk5pnE9DXyF09H1bjAFQqGIq5QfJfJ2hVfLd7aeowMm/7FHcWcg
+dY2DEBdsmpNL9jECAwEAAaN4MHYwHQYDVR0OBBYEFFh4gw5HYcLJ4Hen/q2cpF8A
+6KZsMB8GA1UdIwQYMBaAFJv5hAZq/NLrCJP75O4v2MHCiXqnMA4GA1UdDwEB/wQE
+AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG
+SIb3DQEBCwUAA4ICAQBVEwwLSjUUJe82SFmGB+jAzdCcGdE2Y4XR8Eb/rzk3gL0+
+xIj6Zi1XCJcbIAA3MDgUz/9dAcTgBqqCyWQ/7Yke2ioCxR1Pi9AV8yZDsagJ9x7U
+Dze9UGzNsYundxrplez8RTE25CPGY15kYaypo6h8JvWRV6oNUdPfrSnT71irdC+B
+3J6XNQ2UiA80XbeA7UkqOfTJUbiNjdvm7AQ5umlVZyT+jybxHGIMrZXc3lx7bA7p
+1P7jz57RXdqq+ReNkqstVGcFwnpRhHLJq/Aya4bzH8STO5uNcxJPWC1ZQzIdCgyl
+WFnazp0StNNPKZjcpUS9kyNlrRkwq3JEFUigep7q1fWanvpwMqpRswS2kcS412Gu
+wEHsWpO0YrwJxATY1DMJ+WMg1QHtuWBHFHfR98VBOzvnXXPZra2VIJxAH+RHCvZU
+u7gJYwBJ2y58KnmWhhuWO1SXSLQ5RvIn74yWRs2vjlVwnWyP0RpM+uiQpCkQBNG/
+st4EKCqvrt3fpvlKZhl2eqrPsGjD74M7e+lvEpcd2x4q2gcD0LrBhwLNWb60ISI7
+2F19tKPHKlY+CWxrb1QiA7uy15iKL1Hs+n0+3Mhv2ypvRlYuCLlBgdhYpG4qyEbb
+Y1I4xkUaaqMEPkgOhD0pR4uA/O60yBLwA+97SC2UgKJRwxSSfleDzVZ+m43FwjCC
+BSAwggMIoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwIjENMAsGA1UECgwEVGVzdDER
+MA8GA1UEAwwIVGVzdFJvb3QwHhcNMTUwMjI0MDA1OTUxWhcNMTcwMjEzMDA1OTUx
+WjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/CikCVACXw4HmM4l0A8yn9I1UFzZIl2oy
+TriHbWKOh3+RZDt11T2TGRfSANjbw5F8NSNZ1Cmj4dooZiiFa9NECTiCQi8jq+Yb
+L4zDEkCZjS6mlRacdbEHvXb2F7ykk4+fzettHIxcDCqNuHEs7a3+e+0+w+ck1K5T
+QjTFgvn6FXG6nhanHsVcp0izJvSpNHGEuHt3p/GijvXozSX5Y4mxmCqOTdqeLdKl
+lsoyHuIisQu5D5gKrggvqP6QL9gNFnktyGIiafMYK6nH0YX3XdWrRG+RmhqGIgt+
+V5eYar27VR7mRGIYC6+kPrqnX/GmKFz+3xmazTnjml68qkkMIiS3HNQhmQvESJW4
+3q1M4TnoNF3GDE8sIsjozRm304/TzXZ2D7G7CkW+nV8qXVEcR3m8ydG8MDOuLdsn
+uRv/LMuyr33lpptvI5h+dnRFX0EVc8Gc9YjGj8qbeHDui7rRvGBPKXZtKC87CeZH
+U0kEFWcdrw1R+EOSyKvq8AmeR4cuYtiRbkDerBvhakdBw33PkODpNIDQVpqSgxgK
+xGG3YD2aTNthCtDQcfHu3hGt+u5Lj/4V7W3ksLpwnDDqUk0xpJU1oRzZFZ+cqwZQ
+667Uuxd0J0S5NfoVYeET9h5GiJzTZ8q8pXzbuX4jHCR3+oSPOH8qQtVJ4DMJXSko
+L5MzIPnPIQIDAQABo2AwXjAdBgNVHQ4EFgQUm/mEBmr80usIk/vk7i/YwcKJeqcw
+HwYDVR0jBBgwFoAUErnDSHntfTDJeHhhlFg3B0B2OBgwDwYDVR0TAQH/BAUwAwEB
+/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHko1UaSH2sl3rAe4kTT
+e6NKbgVD3YVHTcrQ2UNlNDigwmz7SYVt89wQjHM3SSLDh90oirCyLKOc9hVNmDmV
+oSFyNv8EZ+W6Pr1e1IGs9Bz1q43dc+k32dKAOVv17P6cVuwQ94ZCF9HxS8U4/g6F
+LG6sb1LlqLn+r/XcNQp0+HJPUdWV9P6P+j/V0h9EO2NgSuKZN78JQDJs6jxhhXe8
+Y24R+UFfy0yZOSo3ZnlNWn6TkVMzzrHAHGiXLlrhZllBUgfPSgIkVN0Bly/xhdtQ
+nDsWldIIyvaTmgEzNkB8OePf+HuntepgBqV0OtzqNghrwVkDAXcXDmvhmkhoBjED
+KAvL3WGTgAzxFuSHJoZytBIye/eFWZrjHMTYblWpfsXOi77Sv1c0YoPx0Dpz4XXh
+9Hdbo6M1evu2hWjVrSaVcWBikjDTXHuOQhToeycT5qrLNUIs2+kf//1Mj/wE2AUW
+2qiT2zvyURf/3McRlxSs2FrnrTj6F7+9S5KEDZYgfRfuMaZWV16kDdLLR+hFFORq
+SqFA2re86KpgWUxKOwzvJjn8y4z+ecM1NPU6EdPm5/79vIlqxdBbormEnbRT0R/A
+9v2Aioj4qgSPXYNKke2Q8PYKuxoB16S7PMTB4TjKA4th2BirvO9+GKrfYdEfZBAE
+6SV9w7sQ4BFVKeZWh4C/lSDF
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-witharchcut.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-witharchcut.resp
new file mode 100644
index 00000000000..610c63a9bc7
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-witharchcut.resp
@@ -0,0 +1,320 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:44:43 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: good
+#    This Update: Feb 28 00:44:43 2015 GMT
+#        Response Single Extensions:
+#            OCSP Archive Cutoff: 
+#                Feb 19 14:00:00 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            0410AC8B4F37A9FC4A780725B40C10737187
+#    Signature Algorithm: sha1WithRSAEncryption
+#         34:89:04:55:0d:5d:78:0a:ad:19:50:11:eb:34:dc:49:9a:a8:
+#         5d:e6:c1:ff:a9:83:54:6f:3e:30:87:6a:78:c9:d1:09:e9:b9:
+#         af:27:08:a9:9e:57:62:ab:b7:27:f2:81:61:f4:44:df:46:01:
+#         32:e7:eb:c6:f2:8d:fc:55:a4:58:84:60:ac:e2:f2:f1:de:05:
+#         f2:5f:b3:bc:9e:83:7d:e3:d4:58:71:01:b8:c0:ae:cf:e3:07:
+#         23:7a:88:03:d2:c8:45:cd:07:ee:d6:81:31:81:7e:bd:e3:f4:
+#         7a:fe:c1:49:99:b1:d9:0d:73:d4:47:b7:2d:14:63:d0:87:23:
+#         ec:a6:46:86:f6:98:4e:97:d7:93:dc:77:9f:a0:b5:0d:1a:14:
+#         08:33:4c:70:34:ba:d5:1c:21:31:fb:3b:e0:78:33:32:11:70:
+#         d2:7a:3c:e4:62:3c:50:cd:d5:11:5f:cc:99:52:2b:6b:75:43:
+#         aa:e2:42:a5:d6:a7:4d:09:43:61:13:5b:b7:6a:eb:85:e1:9f:
+#         3b:bf:49:fe:b0:54:4c:16:3a:3b:cc:3c:6c:82:08:08:2f:bf:
+#         dc:e6:7e:d3:58:41:1d:2c:cd:a7:f7:64:30:66:0c:b8:06:e6:
+#         df:99:10:37:fc:3a:ff:9a:05:37:01:ee:75:6a:ff:58:04:c7:
+#         85:19:e6:48
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILcgoBAKCCC2swggtnBgkrBgEFBQcwAQEEggtYMIILVDCB1KEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDQ0M1owdjB0
+MDswCQYFKw4DAhoFAAQUEFZXi3QYEyYf2XEq2mAHf/fGHo8EFJv5hAZq/NLrCJP7
+5O4v2MHCiXqnAgIVAIAAGA8yMDE1MDIyODAwNDQ0M1qhIjAgMB4GCSsGAQUFBzAB
+BgQRGA8yMDE1MDIxOTE0MDAwMFqhIzAhMB8GCSsGAQUFBzABAgQSBBCsi083qfxK
+eAcltAwQc3GHMA0GCSqGSIb3DQEBBQUAA4IBAQA0iQRVDV14Cq0ZUBHrNNxJmqhd
+5sH/qYNUbz4wh2p4ydEJ6bmvJwipnldiq7cn8oFh9ETfRgEy5+vG8o38VaRYhGCs
+4vLx3gXyX7O8noN949RYcQG4wK7P4wcjeogD0shFzQfu1oExgX694/R6/sFJmbHZ
+DXPUR7ctFGPQhyPspkaG9phOl9eT3HefoLUNGhQIM0xwNLrVHCEx+zvgeDMyEXDS
+ejzkYjxQzdURX8yZUitrdUOq4kKl1qdNCUNhE1u3auuF4Z87v0n+sFRMFjo7zDxs
+gggIL7/c5n7TWEEdLM2n92QwZgy4BubfmRA3/Dr/mgU3Ae51av9YBMeFGeZIoIIJ
+ZTCCCWEwggQ5MIICIaADAgECAgIBATANBgkqhkiG9w0BAQsFADAjMQ0wCwYDVQQK
+DARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwHhcNMTUwMjI0MDEyMjI0WhcNMTYw
+MjI0MDEyMjI0WjAiMQ0wCwYDVQQKDARUZXN0MREwDwYDVQQDDAhUZXN0T0NTUDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJcrhH2xq6XujHtK7bhx1gD
+5ZvueFPLM6UV/cZJFoMOyCF9z6jrGDEyCmIMTselpXWd23KQ41quUwobWT+9Omex
+v5hkpIXwlxCLDn57XtQyq7Xvw94iwBGQyDfkSLBe/BoseoUrpr0YZAjT47jYqy61
+2OgSLlhFaaxWlGLjwsQ8COqzu6SJfvuEXpVJb7kzZhrCfzZVGKch5Bt1wOjJAhuc
+8YuxWLCM2lwkpfSlNlIcdtNace7wyEtlWAvW1mwjO9CP9Tpm1PT9NJDCNaFtcEk5
+pnE9DXyF09H1bjAFQqGIq5QfJfJ2hVfLd7aeowMm/7FHcWcgdY2DEBdsmpNL9jEC
+AwEAAaN4MHYwHQYDVR0OBBYEFFh4gw5HYcLJ4Hen/q2cpF8A6KZsMB8GA1UdIwQY
+MBaAFJv5hAZq/NLrCJP75O4v2MHCiXqnMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
+DDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBCwUAA4IC
+AQBVEwwLSjUUJe82SFmGB+jAzdCcGdE2Y4XR8Eb/rzk3gL0+xIj6Zi1XCJcbIAA3
+MDgUz/9dAcTgBqqCyWQ/7Yke2ioCxR1Pi9AV8yZDsagJ9x7UDze9UGzNsYundxrp
+lez8RTE25CPGY15kYaypo6h8JvWRV6oNUdPfrSnT71irdC+B3J6XNQ2UiA80XbeA
+7UkqOfTJUbiNjdvm7AQ5umlVZyT+jybxHGIMrZXc3lx7bA7p1P7jz57RXdqq+ReN
+kqstVGcFwnpRhHLJq/Aya4bzH8STO5uNcxJPWC1ZQzIdCgylWFnazp0StNNPKZjc
+pUS9kyNlrRkwq3JEFUigep7q1fWanvpwMqpRswS2kcS412GuwEHsWpO0YrwJxATY
+1DMJ+WMg1QHtuWBHFHfR98VBOzvnXXPZra2VIJxAH+RHCvZUu7gJYwBJ2y58KnmW
+hhuWO1SXSLQ5RvIn74yWRs2vjlVwnWyP0RpM+uiQpCkQBNG/st4EKCqvrt3fpvlK
+Zhl2eqrPsGjD74M7e+lvEpcd2x4q2gcD0LrBhwLNWb60ISI72F19tKPHKlY+CWxr
+b1QiA7uy15iKL1Hs+n0+3Mhv2ypvRlYuCLlBgdhYpG4qyEbbY1I4xkUaaqMEPkgO
+hD0pR4uA/O60yBLwA+97SC2UgKJRwxSSfleDzVZ+m43FwjCCBSAwggMIoAMCAQIC
+AQIwDQYJKoZIhvcNAQELBQAwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVz
+dFJvb3QwHhcNMTUwMjI0MDA1OTUxWhcNMTcwMjEzMDA1OTUxWjAjMQ0wCwYDVQQK
+DARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQC/CikCVACXw4HmM4l0A8yn9I1UFzZIl2oyTriHbWKOh3+RZDt1
+1T2TGRfSANjbw5F8NSNZ1Cmj4dooZiiFa9NECTiCQi8jq+YbL4zDEkCZjS6mlRac
+dbEHvXb2F7ykk4+fzettHIxcDCqNuHEs7a3+e+0+w+ck1K5TQjTFgvn6FXG6nhan
+HsVcp0izJvSpNHGEuHt3p/GijvXozSX5Y4mxmCqOTdqeLdKllsoyHuIisQu5D5gK
+rggvqP6QL9gNFnktyGIiafMYK6nH0YX3XdWrRG+RmhqGIgt+V5eYar27VR7mRGIY
+C6+kPrqnX/GmKFz+3xmazTnjml68qkkMIiS3HNQhmQvESJW43q1M4TnoNF3GDE8s
+IsjozRm304/TzXZ2D7G7CkW+nV8qXVEcR3m8ydG8MDOuLdsnuRv/LMuyr33lpptv
+I5h+dnRFX0EVc8Gc9YjGj8qbeHDui7rRvGBPKXZtKC87CeZHU0kEFWcdrw1R+EOS
+yKvq8AmeR4cuYtiRbkDerBvhakdBw33PkODpNIDQVpqSgxgKxGG3YD2aTNthCtDQ
+cfHu3hGt+u5Lj/4V7W3ksLpwnDDqUk0xpJU1oRzZFZ+cqwZQ667Uuxd0J0S5NfoV
+YeET9h5GiJzTZ8q8pXzbuX4jHCR3+oSPOH8qQtVJ4DMJXSkoL5MzIPnPIQIDAQAB
+o2AwXjAdBgNVHQ4EFgQUm/mEBmr80usIk/vk7i/YwcKJeqcwHwYDVR0jBBgwFoAU
+ErnDSHntfTDJeHhhlFg3B0B2OBgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggIBAHko1UaSH2sl3rAe4kTTe6NKbgVD3YVHTcrQ
+2UNlNDigwmz7SYVt89wQjHM3SSLDh90oirCyLKOc9hVNmDmVoSFyNv8EZ+W6Pr1e
+1IGs9Bz1q43dc+k32dKAOVv17P6cVuwQ94ZCF9HxS8U4/g6FLG6sb1LlqLn+r/Xc
+NQp0+HJPUdWV9P6P+j/V0h9EO2NgSuKZN78JQDJs6jxhhXe8Y24R+UFfy0yZOSo3
+ZnlNWn6TkVMzzrHAHGiXLlrhZllBUgfPSgIkVN0Bly/xhdtQnDsWldIIyvaTmgEz
+NkB8OePf+HuntepgBqV0OtzqNghrwVkDAXcXDmvhmkhoBjEDKAvL3WGTgAzxFuSH
+JoZytBIye/eFWZrjHMTYblWpfsXOi77Sv1c0YoPx0Dpz4XXh9Hdbo6M1evu2hWjV
+rSaVcWBikjDTXHuOQhToeycT5qrLNUIs2+kf//1Mj/wE2AUW2qiT2zvyURf/3McR
+lxSs2FrnrTj6F7+9S5KEDZYgfRfuMaZWV16kDdLLR+hFFORqSqFA2re86KpgWUxK
+OwzvJjn8y4z+ecM1NPU6EdPm5/79vIlqxdBbormEnbRT0R/A9v2Aioj4qgSPXYNK
+ke2Q8PYKuxoB16S7PMTB4TjKA4th2BirvO9+GKrfYdEfZBAE6SV9w7sQ4BFVKeZW
+h4C/lSDF
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-withnext.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-withnext.resp
new file mode 100644
index 00000000000..eebbd219486
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-good-withnext.resp
@@ -0,0 +1,317 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:42:58 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: good
+#    This Update: Feb 28 00:42:58 2015 GMT
+#    Next Update: Mar  1 00:42:58 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            04100F63A02D306A7951078F9E6F4C7A8A53
+#    Signature Algorithm: sha1WithRSAEncryption
+#         49:b4:7f:24:29:9a:31:30:16:7d:23:74:53:83:e9:4c:db:08:
+#         09:20:c9:78:ea:3d:a5:df:25:fd:4e:de:88:24:35:0b:fa:6f:
+#         88:b0:6f:6a:92:c6:73:29:4d:1e:70:8c:e3:b2:42:df:f5:d2:
+#         0a:a1:4b:bb:77:af:97:07:05:d6:ec:6b:87:8d:ff:23:95:22:
+#         58:41:9f:15:70:44:33:4a:1e:0a:50:bb:17:56:dc:19:ef:a8:
+#         20:3f:71:8e:f2:04:4c:80:22:01:0b:ab:34:df:3d:ff:2e:04:
+#         0f:80:66:b2:bf:d0:9c:bf:73:39:18:06:bd:46:0e:0e:78:f1:
+#         40:bb:8c:59:23:0c:67:3c:bb:a9:bb:14:d9:39:fe:e8:44:87:
+#         ae:39:98:a3:36:83:8f:20:ad:35:c7:36:58:c7:03:78:37:6d:
+#         6a:a0:5f:7d:87:6f:4f:37:04:3f:d1:fd:e4:c1:e1:70:07:4a:
+#         c6:69:fa:7f:1d:82:1b:1d:b1:fa:d3:9c:82:42:f5:38:cf:4b:
+#         85:9b:fd:f2:4b:d1:81:7e:fc:70:41:f4:3a:7d:66:40:6b:c5:
+#         76:47:2a:f1:79:ff:a0:6f:13:6b:13:fe:86:c3:cd:6b:08:28:
+#         1f:64:c1:b1:23:1d:01:b0:aa:15:81:23:5b:ee:65:00:1d:ef:
+#         46:45:9c:1f
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILYQoBAKCCC1owggtWBgkrBgEFBQcwAQEEggtHMIILQzCBw6EkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDI1OFowZTBj
+MDswCQYFKw4DAhoFAAQUEFZXi3QYEyYf2XEq2mAHf/fGHo8EFJv5hAZq/NLrCJP7
+5O4v2MHCiXqnAgIVAIAAGA8yMDE1MDIyODAwNDI1OFqgERgPMjAxNTAzMDEwMDQy
+NThaoSMwITAfBgkrBgEFBQcwAQIEEgQQD2OgLTBqeVEHj55vTHqKUzANBgkqhkiG
+9w0BAQUFAAOCAQEASbR/JCmaMTAWfSN0U4PpTNsICSDJeOo9pd8l/U7eiCQ1C/pv
+iLBvapLGcylNHnCM47JC3/XSCqFLu3evlwcF1uxrh43/I5UiWEGfFXBEM0oeClC7
+F1bcGe+oID9xjvIETIAiAQurNN89/y4ED4Bmsr/QnL9zORgGvUYODnjxQLuMWSMM
+Zzy7qbsU2Tn+6ESHrjmYozaDjyCtNcc2WMcDeDdtaqBffYdvTzcEP9H95MHhcAdK
+xmn6fx2CGx2x+tOcgkL1OM9LhZv98kvRgX78cEH0On1mQGvFdkcq8Xn/oG8TaxP+
+hsPNawgoH2TBsSMdAbCqFYEjW+5lAB3vRkWcH6CCCWUwgglhMIIEOTCCAiGgAwIB
+AgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVzdDESMBAGA1UEAwwJ
+VGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAxMjIyNFowIjENMAsG
+A1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhTyzOlFf3GSRaDDsgh
+fc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF8JcQiw5+e17UMqu1
+78PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5YRWmsVpRi48LEPAjq
+s7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViwjNpcJKX0pTZSHHbT
+WnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18hdPR9W4wBUKhiKuU
+HyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGjeDB2MB0GA1UdDgQW
+BBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb+YQGavzS6wiT++Tu
+L9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJ
+KwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMMC0o1FCXvNkhZhgfo
+wM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//XQHE4AaqgslkP+2J
+HtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUxNuQjxmNeZGGsqaOo
+fCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0yVG4jY3b5uwEObpp
+VWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRnBcJ6UYRyyavwMmuG
+8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMjZa0ZMKtyRBVIoHqe
+6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCfljINUB7blgRxR30ffF
+QTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtUl0i0OUbyJ++MlkbN
+r45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqqz7Bow++DO3vpbxKX
+HdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7steYii9R7Pp9PtzI
+b9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeLgPzutMgS8APve0gt
+lICiUcMUkn5Xg81WfpuNxcIwggUgMIIDCKADAgECAgECMA0GCSqGSIb3DQEBCwUA
+MCIxDTALBgNVBAoMBFRlc3QxETAPBgNVBAMMCFRlc3RSb290MB4XDTE1MDIyNDAw
+NTk1MVoXDTE3MDIxMzAwNTk1MVowIzENMAsGA1UECgwEVGVzdDESMBAGA1UEAwwJ
+VGVzdEludENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvwopAlQA
+l8OB5jOJdAPMp/SNVBc2SJdqMk64h21ijod/kWQ7ddU9kxkX0gDY28ORfDUjWdQp
+o+HaKGYohWvTRAk4gkIvI6vmGy+MwxJAmY0uppUWnHWxB7129he8pJOPn83rbRyM
+XAwqjbhxLO2t/nvtPsPnJNSuU0I0xYL5+hVxup4Wpx7FXKdIsyb0qTRxhLh7d6fx
+oo716M0l+WOJsZgqjk3ani3SpZbKMh7iIrELuQ+YCq4IL6j+kC/YDRZ5LchiImnz
+GCupx9GF913Vq0RvkZoahiILfleXmGq9u1Ue5kRiGAuvpD66p1/xpihc/t8Zms05
+45pevKpJDCIktxzUIZkLxEiVuN6tTOE56DRdxgxPLCLI6M0Zt9OP0812dg+xuwpF
+vp1fKl1RHEd5vMnRvDAzri3bJ7kb/yzLsq995aabbyOYfnZ0RV9BFXPBnPWIxo/K
+m3hw7ou60bxgTyl2bSgvOwnmR1NJBBVnHa8NUfhDksir6vAJnkeHLmLYkW5A3qwb
+4WpHQcN9z5Dg6TSA0FaakoMYCsRht2A9mkzbYQrQ0HHx7t4RrfruS4/+Fe1t5LC6
+cJww6lJNMaSVNaEc2RWfnKsGUOuu1LsXdCdEuTX6FWHhE/YeRoic02fKvKV827l+
+Ixwkd/qEjzh/KkLVSeAzCV0pKC+TMyD5zyECAwEAAaNgMF4wHQYDVR0OBBYEFJv5
+hAZq/NLrCJP75O4v2MHCiXqnMB8GA1UdIwQYMBaAFBK5w0h57X0wyXh4YZRYNwdA
+djgYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA
+A4ICAQB5KNVGkh9rJd6wHuJE03ujSm4FQ92FR03K0NlDZTQ4oMJs+0mFbfPcEIxz
+N0kiw4fdKIqwsiyjnPYVTZg5laEhcjb/BGfluj69XtSBrPQc9auN3XPpN9nSgDlb
+9ez+nFbsEPeGQhfR8UvFOP4OhSxurG9S5ai5/q/13DUKdPhyT1HVlfT+j/o/1dIf
+RDtjYErimTe/CUAybOo8YYV3vGNuEflBX8tMmTkqN2Z5TVp+k5FTM86xwBxoly5a
+4WZZQVIHz0oCJFTdAZcv8YXbUJw7FpXSCMr2k5oBMzZAfDnj3/h7p7XqYAaldDrc
+6jYIa8FZAwF3Fw5r4ZpIaAYxAygLy91hk4AM8RbkhyaGcrQSMnv3hVma4xzE2G5V
+qX7Fzou+0r9XNGKD8dA6c+F14fR3W6OjNXr7toVo1a0mlXFgYpIw01x7jkIU6Hsn
+E+aqyzVCLNvpH//9TI/8BNgFFtqok9s78lEX/9zHEZcUrNha5604+he/vUuShA2W
+IH0X7jGmVldepA3Sy0foRRTkakqhQNq3vOiqYFlMSjsM7yY5/MuM/nnDNTT1OhHT
+5uf+/byJasXQW6K5hJ20U9EfwPb9gIqI+KoEj12DSpHtkPD2CrsaAdekuzzEweE4
+ygOLYdgYq7zvfhiq32HRH2QQBOklfcO7EOARVSnmVoeAv5UgxQ==
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-bad-sr-tag.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-bad-sr-tag.resp
new file mode 100644
index 00000000000..3244266e5c4
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-bad-sr-tag.resp
@@ -0,0 +1,60 @@
+# This is an invalid OCSP response and cannot be displayed using openssl's
+# ocsp utility.  Below is an asn1parse of the BasicOCSPResponse.  The bytes
+# normally corresponding to a nextUpdate field have been changed from
+# [CONTEXT 0] to an OCTET_STRING (see offset 170 below)
+#
+#    0:d=0  hl=4 l= 528 cons: SEQUENCE          
+#    4:d=1  hl=3 l= 249 cons: SEQUENCE          
+#    7:d=2  hl=2 l=  36 cons: cont [ 1 ]        
+#    9:d=3  hl=2 l=  34 cons: SEQUENCE          
+#   11:d=4  hl=2 l=  13 cons: SET               
+#   13:d=5  hl=2 l=  11 cons: SEQUENCE          
+#   15:d=6  hl=2 l=   3 prim: OBJECT            :organizationName
+#   20:d=6  hl=2 l=   4 prim: UTF8STRING        :Test
+#   26:d=4  hl=2 l=  17 cons: SET               
+#   28:d=5  hl=2 l=  15 cons: SEQUENCE          
+#   30:d=6  hl=2 l=   3 prim: OBJECT            :commonName
+#   35:d=6  hl=2 l=   8 prim: UTF8STRING        :TestOCSP
+#   45:d=2  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#   62:d=2  hl=3 l= 154 cons: SEQUENCE          
+#   65:d=3  hl=3 l= 151 cons: SEQUENCE          
+#   68:d=4  hl=2 l=  59 cons: SEQUENCE          
+#   70:d=5  hl=2 l=   9 cons: SEQUENCE          
+#   72:d=6  hl=2 l=   5 prim: OBJECT            :sha1
+#   79:d=6  hl=2 l=   0 prim: NULL              
+#   81:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:1056578B741813261FD9712ADA60077FF7C61E8F
+#  103:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#  125:d=5  hl=2 l=   2 prim: INTEGER           :1500
+#  129:d=4  hl=2 l=  22 cons: cont [ 1 ]        
+#  131:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150219155030Z
+#  148:d=5  hl=2 l=   3 cons: cont [ 0 ]        
+#  150:d=6  hl=2 l=   1 prim: ENUMERATED        :01
+#  153:d=4  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#  170:d=4  hl=2 l=  17 prim: OCTET STRING      [HEX DUMP]:180F32303135303330343136353534345A
+#  189:d=4  hl=2 l=  28 cons: cont [ 1 ]        
+#  191:d=5  hl=2 l=  26 cons: SEQUENCE          
+#  193:d=6  hl=2 l=  24 cons: SEQUENCE          
+#  195:d=7  hl=2 l=   3 prim: OBJECT            :Invalidity Date
+#  200:d=7  hl=2 l=  17 prim: OCTET STRING      [HEX DUMP]:180F32303135303231393134303030305A
+#  219:d=2  hl=2 l=  35 cons: cont [ 1 ]        
+#  221:d=3  hl=2 l=  33 cons: SEQUENCE          
+#  223:d=4  hl=2 l=  31 cons: SEQUENCE          
+#  225:d=5  hl=2 l=   9 prim: OBJECT            :OCSP Nonce
+#  236:d=5  hl=2 l=  18 prim: OCTET STRING      [HEX DUMP]:0410381EF873C4A3B4C64B22873751071B53
+#  256:d=1  hl=2 l=  13 cons: SEQUENCE          
+#  258:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
+#  269:d=2  hl=2 l=   0 prim: NULL              
+#  271:d=1  hl=4 l= 257 prim: BIT STRING        
+
+MIICLgoBAKCCAicwggIjBgkrBgEFBQcwAQEEggIUMIICEDCB+aEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDMwMzE2NTU0NFowgZow
+gZcwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDMw
+MzE2NTU0NFoEERgPMjAxNTAzMDQxNjU1NDRaoRwwGjAYBgNVHRgEERgPMjAxNTAy
+MTkxNDAwMDBaoSMwITAfBgkrBgEFBQcwAQIEEgQQOB74c8SjtMZLIoc3UQcbUzAN
+BgkqhkiG9w0BAQUFAAOCAQEAbcY28K9+oXtDfNb2yxlzauMaeEoD477ouC7DIwCb
+TgpkcjGCTjmvwg4A3sG95Z02x1xuW48XK2YkFytsBmdcfZvEnoK/WqG+qd9Aiytf
+NoecsMjF8MyatHcJdQ+jq59jPWAqMGWCPmPVZ6TxHF5Ag2DAU5aL5sAjY2zvxYnl
+Uc+FShl4K6Nk+mSSfu6ji8hkUEPx5rU1H0jBomMm4GMyNkxVj3NkOKSCxNWi/1Oe
+utUk8Eir8Krqfd7yOn0flfroHZ2I0zf95VduxvVCsN7pgAf8Q1BAkbuq/8JRNrDr
+a0kHSpO7QAv6iE7YT/SsHN5MDjtRJ780VEggV3td56R37g==
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nocerts.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nocerts.resp
new file mode 100644
index 00000000000..5f41b69d4d3
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nocerts.resp
@@ -0,0 +1,53 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Mar  3 16:55:44 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: revoked
+#    Revocation Time: Feb 19 15:50:30 2015 GMT
+#    Revocation Reason: keyCompromise (0x1)
+#    This Update: Mar  3 16:55:44 2015 GMT
+#    Next Update: Mar  4 16:55:44 2015 GMT
+#        Response Single Extensions:
+#            Invalidity Date: 
+#                Feb 19 14:00:00 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            0410381EF873C4A3B4C64B22873751071B53
+#    Signature Algorithm: sha1WithRSAEncryption
+#         6d:c6:36:f0:af:7e:a1:7b:43:7c:d6:f6:cb:19:73:6a:e3:1a:
+#         78:4a:03:e3:be:e8:b8:2e:c3:23:00:9b:4e:0a:64:72:31:82:
+#         4e:39:af:c2:0e:00:de:c1:bd:e5:9d:36:c7:5c:6e:5b:8f:17:
+#         2b:66:24:17:2b:6c:06:67:5c:7d:9b:c4:9e:82:bf:5a:a1:be:
+#         a9:df:40:8b:2b:5f:36:87:9c:b0:c8:c5:f0:cc:9a:b4:77:09:
+#         75:0f:a3:ab:9f:63:3d:60:2a:30:65:82:3e:63:d5:67:a4:f1:
+#         1c:5e:40:83:60:c0:53:96:8b:e6:c0:23:63:6c:ef:c5:89:e5:
+#         51:cf:85:4a:19:78:2b:a3:64:fa:64:92:7e:ee:a3:8b:c8:64:
+#         50:43:f1:e6:b5:35:1f:48:c1:a2:63:26:e0:63:32:36:4c:55:
+#         8f:73:64:38:a4:82:c4:d5:a2:ff:53:9e:ba:d5:24:f0:48:ab:
+#         f0:aa:ea:7d:de:f2:3a:7d:1f:95:fa:e8:1d:9d:88:d3:37:fd:
+#         e5:57:6e:c6:f5:42:b0:de:e9:80:07:fc:43:50:40:91:bb:aa:
+#         ff:c2:51:36:b0:eb:6b:49:07:4a:93:bb:40:0b:fa:88:4e:d8:
+#         4f:f4:ac:1c:de:4c:0e:3b:51:27:bf:34:54:48:20:57:7b:5d:
+#         e7:a4:77:ee
+
+MIICLgoBAKCCAicwggIjBgkrBgEFBQcwAQEEggIUMIICEDCB+aEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDMwMzE2NTU0NFowgZow
+gZcwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDMw
+MzE2NTU0NFqgERgPMjAxNTAzMDQxNjU1NDRaoRwwGjAYBgNVHRgEERgPMjAxNTAy
+MTkxNDAwMDBaoSMwITAfBgkrBgEFBQcwAQIEEgQQOB74c8SjtMZLIoc3UQcbUzAN
+BgkqhkiG9w0BAQUFAAOCAQEAbcY28K9+oXtDfNb2yxlzauMaeEoD477ouC7DIwCb
+TgpkcjGCTjmvwg4A3sG95Z02x1xuW48XK2YkFytsBmdcfZvEnoK/WqG+qd9Aiytf
+NoecsMjF8MyatHcJdQ+jq59jPWAqMGWCPmPVZ6TxHF5Ag2DAU5aL5sAjY2zvxYnl
+Uc+FShl4K6Nk+mSSfu6ji8hkUEPx5rU1H0jBomMm4GMyNkxVj3NkOKSCxNWi/1Oe
+utUk8Eir8Krqfd7yOn0flfroHZ2I0zf95VduxvVCsN7pgAf8Q1BAkbuq/8JRNrDr
+a0kHSpO7QAv6iE7YT/SsHN5MDjtRJ780VEggV3td56R37g==
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-noinv.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-noinv.resp
new file mode 100644
index 00000000000..7a1563bf7e0
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-noinv.resp
@@ -0,0 +1,317 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:45:34 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: revoked
+#    Revocation Time: Feb 19 15:50:30 2015 GMT
+#    This Update: Feb 28 00:45:34 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            04103E7008EC23A3AF6407E2DBADF1824550
+#    Signature Algorithm: sha1WithRSAEncryption
+#         80:e7:3c:82:51:51:30:56:7c:9b:10:a3:14:62:86:b7:48:5f:
+#         c7:18:3a:d6:a1:63:f4:8b:83:dc:87:0f:41:39:89:b6:60:40:
+#         11:5e:71:2a:dd:f0:c2:3d:bb:9a:9e:d5:05:c5:6a:6b:a1:02:
+#         ab:1d:24:94:ae:70:77:19:ba:08:87:05:39:1a:73:82:77:bd:
+#         f2:58:5b:a6:94:05:2e:2d:62:99:2d:ec:0a:cc:0c:89:5b:5d:
+#         94:dc:08:b4:79:96:18:4e:79:13:cd:2e:44:02:b3:af:b2:1f:
+#         66:99:2a:37:0a:7d:fb:1b:60:94:97:7a:68:dd:75:15:d3:97:
+#         00:6e:dc:45:b4:92:06:38:26:ce:71:e4:5a:5c:cd:67:1d:f6:
+#         4f:19:b1:51:83:8a:db:9a:cd:6b:63:a1:1f:ea:e5:23:62:20:
+#         73:41:28:bd:e8:51:c7:8a:79:8e:6b:dd:33:a0:a0:db:e5:23:
+#         59:a3:1d:84:48:f5:b2:20:1a:04:a2:ec:07:f6:1d:e5:06:1c:
+#         ab:81:49:f1:ea:69:f8:34:8f:59:2a:ee:7a:97:f8:cf:c5:55:
+#         37:2b:fb:ab:8d:76:4f:48:94:16:34:3c:81:61:9a:ae:4b:b5:
+#         2c:39:df:d8:77:d0:02:0c:0c:51:99:1b:37:8e:6b:3f:9d:96:
+#         5a:09:4c:ae
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILXwoBAKCCC1gwggtUBgkrBgEFBQcwAQEEggtFMIILQTCBwaEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDUzNFowYzBh
+MDswCQYFKw4DAhoFAAQUEFZXi3QYEyYf2XEq2mAHf/fGHo8EFJv5hAZq/NLrCJP7
+5O4v2MHCiXqnAgIVAKERGA8yMDE1MDIxOTE1NTAzMFoYDzIwMTUwMjI4MDA0NTM0
+WqEjMCEwHwYJKwYBBQUHMAECBBIEED5wCOwjo69kB+LbrfGCRVAwDQYJKoZIhvcN
+AQEFBQADggEBAIDnPIJRUTBWfJsQoxRihrdIX8cYOtahY/SLg9yHD0E5ibZgQBFe
+cSrd8MI9u5qe1QXFamuhAqsdJJSucHcZugiHBTkac4J3vfJYW6aUBS4tYpkt7ArM
+DIlbXZTcCLR5lhhOeRPNLkQCs6+yH2aZKjcKffsbYJSXemjddRXTlwBu3EW0kgY4
+Js5x5FpczWcd9k8ZsVGDituazWtjoR/q5SNiIHNBKL3oUceKeY5r3TOgoNvlI1mj
+HYRI9bIgGgSi7Af2HeUGHKuBSfHqafg0j1kq7nqX+M/FVTcr+6uNdk9IlBY0PIFh
+mq5LtSw539h30AIMDFGZGzeOaz+dlloJTK6gggllMIIJYTCCBDkwggIhoAMCAQIC
+AgEBMA0GCSqGSIb3DQEBCwUAMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRl
+c3RJbnRDQTAeFw0xNTAyMjQwMTIyMjRaFw0xNjAyMjQwMTIyMjRaMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA0lyuEfbGrpe6Me0rtuHHWAPlm+54U8szpRX9xkkWgw7IIX3P
+qOsYMTIKYgxOx6WldZ3bcpDjWq5TChtZP706Z7G/mGSkhfCXEIsOfnte1DKrte/D
+3iLAEZDIN+RIsF78Gix6hSumvRhkCNPjuNirLrXY6BIuWEVprFaUYuPCxDwI6rO7
+pIl++4RelUlvuTNmGsJ/NlUYpyHkG3XA6MkCG5zxi7FYsIzaXCSl9KU2Uhx201px
+7vDIS2VYC9bWbCM70I/1OmbU9P00kMI1oW1wSTmmcT0NfIXT0fVuMAVCoYirlB8l
+8naFV8t3tp6jAyb/sUdxZyB1jYMQF2yak0v2MQIDAQABo3gwdjAdBgNVHQ4EFgQU
+WHiDDkdhwsngd6f+rZykXwDopmwwHwYDVR0jBBgwFoAUm/mEBmr80usIk/vk7i/Y
+wcKJeqcwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
+AQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggIBAFUTDAtKNRQl7zZIWYYH6MDN
+0JwZ0TZjhdHwRv+vOTeAvT7EiPpmLVcIlxsgADcwOBTP/10BxOAGqoLJZD/tiR7a
+KgLFHU+L0BXzJkOxqAn3HtQPN71QbM2xi6d3GumV7PxFMTbkI8ZjXmRhrKmjqHwm
+9ZFXqg1R09+tKdPvWKt0L4Hcnpc1DZSIDzRdt4DtSSo59MlRuI2N2+bsBDm6aVVn
+JP6PJvEcYgytldzeXHtsDunU/uPPntFd2qr5F42Sqy1UZwXCelGEcsmr8DJrhvMf
+xJM7m41zEk9YLVlDMh0KDKVYWdrOnRK0008pmNylRL2TI2WtGTCrckQVSKB6nurV
+9Zqe+nAyqlGzBLaRxLjXYa7AQexak7RivAnEBNjUMwn5YyDVAe25YEcUd9H3xUE7
+O+ddc9mtrZUgnEAf5EcK9lS7uAljAEnbLnwqeZaGG5Y7VJdItDlG8ifvjJZGza+O
+VXCdbI/RGkz66JCkKRAE0b+y3gQoKq+u3d+m+UpmGXZ6qs+waMPvgzt76W8Slx3b
+HiraBwPQusGHAs1ZvrQhIjvYXX20o8cqVj4JbGtvVCIDu7LXmIovUez6fT7cyG/b
+Km9GVi4IuUGB2FikbirIRttjUjjGRRpqowQ+SA6EPSlHi4D87rTIEvAD73tILZSA
+olHDFJJ+V4PNVn6bjcXCMIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAi
+MQ0wCwYDVQQKDARUZXN0MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5
+NTFaFw0xNzAyMTMwMDU5NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRl
+c3RJbnRDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfD
+geYziXQDzKf0jVQXNkiXajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh
+2ihmKIVr00QJOIJCLyOr5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwM
+Ko24cSztrf577T7D5yTUrlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO
+9ejNJfljibGYKo5N2p4t0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgr
+qcfRhfdd1atEb5GaGoYiC35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOa
+XryqSQwiJLcc1CGZC8RIlbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6d
+XypdURxHebzJ0bwwM64t2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4
+cO6LutG8YE8pdm0oLzsJ5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+Fq
+R0HDfc+Q4Ok0gNBWmpKDGArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCc
+MOpSTTGklTWhHNkVn5yrBlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMc
+JHf6hI84fypC1UngMwldKSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQG
+avzS6wiT++TuL9jBwol6pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4
+GDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOC
+AgEAeSjVRpIfayXesB7iRNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJ
+IsOH3SiKsLIso5z2FU2YOZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs
+/pxW7BD3hkIX0fFLxTj+DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7
+Y2BK4pk3vwlAMmzqPGGFd7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFm
+WUFSB89KAiRU3QGXL/GF21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2
+CGvBWQMBdxcOa+GaSGgGMQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+
+xc6LvtK/VzRig/HQOnPhdeH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPm
+qss1Qizb6R///UyP/ATYBRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9
+F+4xplZXXqQN0stH6EUU5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn
+/v28iWrF0FuiuYSdtFPRH8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoD
+i2HYGKu8734Yqt9h0R9kEATpJX3DuxDgEVUp5laHgL+VIMU=
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-withinv.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-withinv.resp
new file mode 100644
index 00000000000..a4d12fc7d05
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-nonext-withinv.resp
@@ -0,0 +1,323 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:47:40 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: revoked
+#    Revocation Time: Feb 19 15:50:30 2015 GMT
+#    Revocation Reason: keyCompromise (0x1)
+#    This Update: Feb 28 00:47:40 2015 GMT
+#        Response Single Extensions:
+#            Invalidity Date: 
+#                Feb 19 14:00:00 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            0410DB5B1C50F6601DC4533D159DB197D8AE
+#    Signature Algorithm: sha1WithRSAEncryption
+#         c0:41:55:17:3d:df:31:a4:f6:9b:2a:24:cd:05:43:b2:e5:15:
+#         fb:95:cf:19:a9:70:3b:58:d0:41:14:7d:b8:53:f3:ec:d5:ba:
+#         e1:de:f8:a0:f8:3a:0e:b0:5c:50:81:5b:05:a5:5e:10:6f:46:
+#         8f:25:17:10:5c:33:7a:e8:70:6a:93:37:f7:75:4d:69:d3:3a:
+#         51:56:38:07:cd:42:70:09:92:ae:e8:8e:d8:52:b0:e9:3f:64:
+#         c2:0a:98:63:15:0c:d7:36:90:72:9f:fb:ac:4c:4d:cb:92:ce:
+#         87:54:b6:49:3b:a8:f5:9c:cd:9f:11:69:f1:af:68:c1:76:4a:
+#         c0:90:58:2e:81:e2:e9:28:af:83:06:c3:ae:34:95:ad:42:75:
+#         cd:7b:50:12:9c:3a:50:86:b4:36:36:ac:3f:27:2a:6f:06:31:
+#         cd:27:7f:f0:eb:8d:c2:e6:37:dd:39:03:e5:0e:a2:83:26:71:
+#         bf:dd:a6:4c:a0:fe:47:94:65:82:f3:27:89:78:e0:3b:a5:30:
+#         a6:12:9e:1d:0d:fc:c3:41:fc:53:29:e6:04:ab:c0:00:d2:2d:
+#         f8:13:d8:b9:e6:64:10:d2:a7:02:e7:3e:aa:ac:52:67:69:46:
+#         3b:8f:a2:96:4f:b3:55:fc:e8:c1:90:61:71:f5:a0:c8:3c:b6:
+#         48:60:c8:5c
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+
+MIILhAoBAKCCC30wggt5BgkrBgEFBQcwAQEEggtqMIILZjCB5qEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDc0MFowgYcw
+gYQwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDIy
+ODAwNDc0MFqhHDAaMBgGA1UdGAQRGA8yMDE1MDIxOTE0MDAwMFqhIzAhMB8GCSsG
+AQUFBzABAgQSBBDbWxxQ9mAdxFM9FZ2xl9iuMA0GCSqGSIb3DQEBBQUAA4IBAQDA
+QVUXPd8xpPabKiTNBUOy5RX7lc8ZqXA7WNBBFH24U/Ps1brh3vig+DoOsFxQgVsF
+pV4Qb0aPJRcQXDN66HBqkzf3dU1p0zpRVjgHzUJwCZKu6I7YUrDpP2TCCphjFQzX
+NpByn/usTE3Lks6HVLZJO6j1nM2fEWnxr2jBdkrAkFgugeLpKK+DBsOuNJWtQnXN
+e1ASnDpQhrQ2Nqw/JypvBjHNJ3/w643C5jfdOQPlDqKDJnG/3aZMoP5HlGWC8yeJ
+eOA7pTCmEp4dDfzDQfxTKeYEq8AA0i34E9i55mQQ0qcC5z6qrFJnaUY7j6KWT7NV
+/OjBkGFx9aDIPLZIYMhcoIIJZTCCCWEwggQ5MIICIaADAgECAgIBATANBgkqhkiG
+9w0BAQsFADAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwHhcN
+MTUwMjI0MDEyMjI0WhcNMTYwMjI0MDEyMjI0WjAiMQ0wCwYDVQQKDARUZXN0MREw
+DwYDVQQDDAhUZXN0T0NTUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANJcrhH2xq6XujHtK7bhx1gD5ZvueFPLM6UV/cZJFoMOyCF9z6jrGDEyCmIMTsel
+pXWd23KQ41quUwobWT+9Omexv5hkpIXwlxCLDn57XtQyq7Xvw94iwBGQyDfkSLBe
+/BoseoUrpr0YZAjT47jYqy612OgSLlhFaaxWlGLjwsQ8COqzu6SJfvuEXpVJb7kz
+ZhrCfzZVGKch5Bt1wOjJAhuc8YuxWLCM2lwkpfSlNlIcdtNace7wyEtlWAvW1mwj
+O9CP9Tpm1PT9NJDCNaFtcEk5pnE9DXyF09H1bjAFQqGIq5QfJfJ2hVfLd7aeowMm
+/7FHcWcgdY2DEBdsmpNL9jECAwEAAaN4MHYwHQYDVR0OBBYEFFh4gw5HYcLJ4Hen
+/q2cpF8A6KZsMB8GA1UdIwQYMBaAFJv5hAZq/NLrCJP75O4v2MHCiXqnMA4GA1Ud
+DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUA
+MA0GCSqGSIb3DQEBCwUAA4ICAQBVEwwLSjUUJe82SFmGB+jAzdCcGdE2Y4XR8Eb/
+rzk3gL0+xIj6Zi1XCJcbIAA3MDgUz/9dAcTgBqqCyWQ/7Yke2ioCxR1Pi9AV8yZD
+sagJ9x7UDze9UGzNsYundxrplez8RTE25CPGY15kYaypo6h8JvWRV6oNUdPfrSnT
+71irdC+B3J6XNQ2UiA80XbeA7UkqOfTJUbiNjdvm7AQ5umlVZyT+jybxHGIMrZXc
+3lx7bA7p1P7jz57RXdqq+ReNkqstVGcFwnpRhHLJq/Aya4bzH8STO5uNcxJPWC1Z
+QzIdCgylWFnazp0StNNPKZjcpUS9kyNlrRkwq3JEFUigep7q1fWanvpwMqpRswS2
+kcS412GuwEHsWpO0YrwJxATY1DMJ+WMg1QHtuWBHFHfR98VBOzvnXXPZra2VIJxA
+H+RHCvZUu7gJYwBJ2y58KnmWhhuWO1SXSLQ5RvIn74yWRs2vjlVwnWyP0RpM+uiQ
+pCkQBNG/st4EKCqvrt3fpvlKZhl2eqrPsGjD74M7e+lvEpcd2x4q2gcD0LrBhwLN
+Wb60ISI72F19tKPHKlY+CWxrb1QiA7uy15iKL1Hs+n0+3Mhv2ypvRlYuCLlBgdhY
+pG4qyEbbY1I4xkUaaqMEPkgOhD0pR4uA/O60yBLwA+97SC2UgKJRwxSSfleDzVZ+
+m43FwjCCBSAwggMIoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwIjENMAsGA1UECgwE
+VGVzdDERMA8GA1UEAwwIVGVzdFJvb3QwHhcNMTUwMjI0MDA1OTUxWhcNMTcwMjEz
+MDA1OTUxWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/CikCVACXw4HmM4l0A8yn9I1U
+FzZIl2oyTriHbWKOh3+RZDt11T2TGRfSANjbw5F8NSNZ1Cmj4dooZiiFa9NECTiC
+Qi8jq+YbL4zDEkCZjS6mlRacdbEHvXb2F7ykk4+fzettHIxcDCqNuHEs7a3+e+0+
+w+ck1K5TQjTFgvn6FXG6nhanHsVcp0izJvSpNHGEuHt3p/GijvXozSX5Y4mxmCqO
+TdqeLdKllsoyHuIisQu5D5gKrggvqP6QL9gNFnktyGIiafMYK6nH0YX3XdWrRG+R
+mhqGIgt+V5eYar27VR7mRGIYC6+kPrqnX/GmKFz+3xmazTnjml68qkkMIiS3HNQh
+mQvESJW43q1M4TnoNF3GDE8sIsjozRm304/TzXZ2D7G7CkW+nV8qXVEcR3m8ydG8
+MDOuLdsnuRv/LMuyr33lpptvI5h+dnRFX0EVc8Gc9YjGj8qbeHDui7rRvGBPKXZt
+KC87CeZHU0kEFWcdrw1R+EOSyKvq8AmeR4cuYtiRbkDerBvhakdBw33PkODpNIDQ
+VpqSgxgKxGG3YD2aTNthCtDQcfHu3hGt+u5Lj/4V7W3ksLpwnDDqUk0xpJU1oRzZ
+FZ+cqwZQ667Uuxd0J0S5NfoVYeET9h5GiJzTZ8q8pXzbuX4jHCR3+oSPOH8qQtVJ
+4DMJXSkoL5MzIPnPIQIDAQABo2AwXjAdBgNVHQ4EFgQUm/mEBmr80usIk/vk7i/Y
+wcKJeqcwHwYDVR0jBBgwFoAUErnDSHntfTDJeHhhlFg3B0B2OBgwDwYDVR0TAQH/
+BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHko1UaSH2sl
+3rAe4kTTe6NKbgVD3YVHTcrQ2UNlNDigwmz7SYVt89wQjHM3SSLDh90oirCyLKOc
+9hVNmDmVoSFyNv8EZ+W6Pr1e1IGs9Bz1q43dc+k32dKAOVv17P6cVuwQ94ZCF9Hx
+S8U4/g6FLG6sb1LlqLn+r/XcNQp0+HJPUdWV9P6P+j/V0h9EO2NgSuKZN78JQDJs
+6jxhhXe8Y24R+UFfy0yZOSo3ZnlNWn6TkVMzzrHAHGiXLlrhZllBUgfPSgIkVN0B
+ly/xhdtQnDsWldIIyvaTmgEzNkB8OePf+HuntepgBqV0OtzqNghrwVkDAXcXDmvh
+mkhoBjEDKAvL3WGTgAzxFuSHJoZytBIye/eFWZrjHMTYblWpfsXOi77Sv1c0YoPx
+0Dpz4XXh9Hdbo6M1evu2hWjVrSaVcWBikjDTXHuOQhToeycT5qrLNUIs2+kf//1M
+j/wE2AUW2qiT2zvyURf/3McRlxSs2FrnrTj6F7+9S5KEDZYgfRfuMaZWV16kDdLL
+R+hFFORqSqFA2re86KpgWUxKOwzvJjn8y4z+ecM1NPU6EdPm5/79vIlqxdBbormE
+nbRT0R/A9v2Aioj4qgSPXYNKke2Q8PYKuxoB16S7PMTB4TjKA4th2BirvO9+GKrf
+YdEfZBAE6SV9w7sQ4BFVKeZWh4C/lSDF
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-sr-cont-reverse.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-sr-cont-reverse.resp
new file mode 100644
index 00000000000..a54259d86c1
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-sr-cont-reverse.resp
@@ -0,0 +1,61 @@
+# This is an invalid OCSP response and cannot be displayed using openssl's
+# ocsp utility.  Below is an asn1parse of the BasicOCSPResponse.  In this
+# case the singleExtensions field (offset 170) precedes the nextUpdate
+# (offset 200).
+#
+#    0:d=0  hl=4 l= 528 cons: SEQUENCE          
+#    4:d=1  hl=3 l= 249 cons: SEQUENCE          
+#    7:d=2  hl=2 l=  36 cons: cont [ 1 ]        
+#    9:d=3  hl=2 l=  34 cons: SEQUENCE          
+#   11:d=4  hl=2 l=  13 cons: SET               
+#   13:d=5  hl=2 l=  11 cons: SEQUENCE          
+#   15:d=6  hl=2 l=   3 prim: OBJECT            :organizationName
+#   20:d=6  hl=2 l=   4 prim: UTF8STRING        :Test
+#   26:d=4  hl=2 l=  17 cons: SET               
+#   28:d=5  hl=2 l=  15 cons: SEQUENCE          
+#   30:d=6  hl=2 l=   3 prim: OBJECT            :commonName
+#   35:d=6  hl=2 l=   8 prim: UTF8STRING        :TestOCSP
+#   45:d=2  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#   62:d=2  hl=3 l= 154 cons: SEQUENCE          
+#   65:d=3  hl=3 l= 151 cons: SEQUENCE          
+#   68:d=4  hl=2 l=  59 cons: SEQUENCE          
+#   70:d=5  hl=2 l=   9 cons: SEQUENCE          
+#   72:d=6  hl=2 l=   5 prim: OBJECT            :sha1
+#   79:d=6  hl=2 l=   0 prim: NULL              
+#   81:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:1056578B741813261FD9712ADA60077FF7C61E8F
+#  103:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#  125:d=5  hl=2 l=   2 prim: INTEGER           :1500
+#  129:d=4  hl=2 l=  22 cons: cont [ 1 ]        
+#  131:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150219155030Z
+#  148:d=5  hl=2 l=   3 cons: cont [ 0 ]        
+#  150:d=6  hl=2 l=   1 prim: ENUMERATED        :01
+#  153:d=4  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#  170:d=4  hl=2 l=  28 cons: cont [ 1 ]        
+#  172:d=5  hl=2 l=  26 cons: SEQUENCE          
+#  174:d=6  hl=2 l=  24 cons: SEQUENCE          
+#  176:d=7  hl=2 l=   3 prim: OBJECT            :Invalidity Date
+#  181:d=7  hl=2 l=  17 prim: OCTET STRING      [HEX DUMP]:180F32303135303231393134303030305A
+#  200:d=4  hl=2 l=  17 cons: cont [ 0 ]        
+#  202:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150304165544Z
+#  219:d=2  hl=2 l=  35 cons: cont [ 1 ]        
+#  221:d=3  hl=2 l=  33 cons: SEQUENCE          
+#  223:d=4  hl=2 l=  31 cons: SEQUENCE          
+#  225:d=5  hl=2 l=   9 prim: OBJECT            :OCSP Nonce
+#  236:d=5  hl=2 l=  18 prim: OCTET STRING      [HEX DUMP]:0410381EF873C4A3B4C64B22873751071B53
+#  256:d=1  hl=2 l=  13 cons: SEQUENCE          
+#  258:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
+#  269:d=2  hl=2 l=   0 prim: NULL              
+#  271:d=1  hl=4 l= 257 prim: BIT STRING        
+
+MIICLgoBAKCCAicwggIjBgkrBgEFBQcwAQEEggIUMIICEDCB+aEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDMwMzE2NTU0NFowgZow
+gZcwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDMw
+MzE2NTU0NFqhHDAaMBgGA1UdGAQRGA8yMDE1MDIxOTE0MDAwMFqgERgPMjAxNTAz
+MDQxNjU1NDRaoSMwITAfBgkrBgEFBQcwAQIEEgQQOB74c8SjtMZLIoc3UQcbUzAN
+BgkqhkiG9w0BAQUFAAOCAQEAbcY28K9+oXtDfNb2yxlzauMaeEoD477ouC7DIwCb
+TgpkcjGCTjmvwg4A3sG95Z02x1xuW48XK2YkFytsBmdcfZvEnoK/WqG+qd9Aiytf
+NoecsMjF8MyatHcJdQ+jq59jPWAqMGWCPmPVZ6TxHF5Ag2DAU5aL5sAjY2zvxYnl
+Uc+FShl4K6Nk+mSSfu6ji8hkUEPx5rU1H0jBomMm4GMyNkxVj3NkOKSCxNWi/1Oe
+utUk8Eir8Krqfd7yOn0flfroHZ2I0zf95VduxvVCsN7pgAf8Q1BAkbuq/8JRNrDr
+a0kHSpO7QAv6iE7YT/SsHN5MDjtRJ780VEggV3td56R37g==
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-twonext.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-twonext.resp
new file mode 100644
index 00000000000..dc289c250f3
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-twonext.resp
@@ -0,0 +1,58 @@
+# This is an invalid OCSP response and cannot be displayed using openssl's
+# ocsp utility.  Below is an asn1parse of the BasicOCSPResponse.  Additional
+# bytes have been inserted into the SingleResponse which add a second
+# nextUpdate field (beginning at offset 189)
+#
+#    0:d=0  hl=4 l= 517 cons: SEQUENCE          
+#    4:d=1  hl=3 l= 238 cons: SEQUENCE          
+#    7:d=2  hl=2 l=  36 cons: cont [ 1 ]        
+#    9:d=3  hl=2 l=  34 cons: SEQUENCE          
+#   11:d=4  hl=2 l=  13 cons: SET               
+#   13:d=5  hl=2 l=  11 cons: SEQUENCE          
+#   15:d=6  hl=2 l=   3 prim: OBJECT            :organizationName
+#   20:d=6  hl=2 l=   4 prim: UTF8STRING        :Test
+#   26:d=4  hl=2 l=  17 cons: SET               
+#   28:d=5  hl=2 l=  15 cons: SEQUENCE          
+#   30:d=6  hl=2 l=   3 prim: OBJECT            :commonName
+#   35:d=6  hl=2 l=   8 prim: UTF8STRING        :TestOCSP
+#   45:d=2  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#   62:d=2  hl=3 l= 143 cons: SEQUENCE          
+#   65:d=3  hl=3 l= 140 cons: SEQUENCE          
+#   68:d=4  hl=2 l=  59 cons: SEQUENCE          
+#   70:d=5  hl=2 l=   9 cons: SEQUENCE          
+#   72:d=6  hl=2 l=   5 prim: OBJECT            :sha1
+#   79:d=6  hl=2 l=   0 prim: NULL              
+#   81:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:1056578B741813261FD9712ADA60077FF7C61E8F
+#  103:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#  125:d=5  hl=2 l=   2 prim: INTEGER           :1500
+#  129:d=4  hl=2 l=  22 cons: cont [ 1 ]        
+#  131:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150219155030Z
+#  148:d=5  hl=2 l=   3 cons: cont [ 0 ]        
+#  150:d=6  hl=2 l=   1 prim: ENUMERATED        :01
+#  153:d=4  hl=2 l=  15 prim: GENERALIZEDTIME   :20150303165544Z
+#  170:d=4  hl=2 l=  17 cons: cont [ 0 ]        
+#  172:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150304165544Z
+#  189:d=4  hl=2 l=  17 cons: cont [ 0 ]        
+#  191:d=5  hl=2 l=  15 prim: GENERALIZEDTIME   :20150304165544Z
+#  208:d=2  hl=2 l=  35 cons: cont [ 1 ]        
+#  210:d=3  hl=2 l=  33 cons: SEQUENCE          
+#  212:d=4  hl=2 l=  31 cons: SEQUENCE          
+#  214:d=5  hl=2 l=   9 prim: OBJECT            :OCSP Nonce
+#  225:d=5  hl=2 l=  18 prim: OCTET STRING      [HEX DUMP]:0410381EF873C4A3B4C64B22873751071B53
+#  245:d=1  hl=2 l=  13 cons: SEQUENCE          
+#  247:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
+#  258:d=2  hl=2 l=   0 prim: NULL              
+#  260:d=1  hl=4 l= 257 prim: BIT STRING        
+
+MIICIwoBAKCCAhwwggIYBgkrBgEFBQcwAQEEggIJMIICBTCB7qEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDMwMzE2NTU0NFowgY8w
+gYwwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDMw
+MzE2NTU0NFqgERgPMjAxNTAzMDQxNjU1NDRaoBEYDzIwMTUwMzA0MTY1NTQ0WqEj
+MCEwHwYJKwYBBQUHMAECBBIEEDge+HPEo7TGSyKHN1EHG1MwDQYJKoZIhvcNAQEF
+BQADggEBAG3GNvCvfqF7Q3zW9ssZc2rjGnhKA+O+6LguwyMAm04KZHIxgk45r8IO
+AN7BveWdNsdcbluPFytmJBcrbAZnXH2bxJ6Cv1qhvqnfQIsrXzaHnLDIxfDMmrR3
+CXUPo6ufYz1gKjBlgj5j1Wek8RxeQINgwFOWi+bAI2Ns78WJ5VHPhUoZeCujZPpk
+kn7uo4vIZFBD8ea1NR9IwaJjJuBjMjZMVY9zZDikgsTVov9TnrrVJPBIq/Cq6n3e
+8jp9H5X66B2diNM3/eVXbsb1QrDe6YAH/ENQQJG7qv/CUTaw62tJB0qTu0AL+ohO
+2E/0rBzeTA47USe/NFRIIFd7Xeekd+4=
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-noinv.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-noinv.resp
new file mode 100644
index 00000000000..3145186e581
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-noinv.resp
@@ -0,0 +1,319 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:46:08 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: revoked
+#    Revocation Time: Feb 19 15:50:30 2015 GMT
+#    This Update: Feb 28 00:46:08 2015 GMT
+#    Next Update: Mar  1 00:46:08 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            041024C5D6772FC53AE6DE208A1C1D6F0913
+#    Signature Algorithm: sha1WithRSAEncryption
+#         a6:dd:66:77:7d:99:3a:0d:41:21:1a:d6:5a:67:8c:51:88:6f:
+#         77:44:f8:fc:35:99:14:b9:ef:67:c1:fe:5e:36:a1:b8:78:93:
+#         6e:c6:11:08:96:fc:a3:37:55:3c:b3:08:c5:d2:ce:c4:c8:59:
+#         32:1b:05:7c:33:65:66:41:2e:71:2b:d0:25:8d:f4:91:ef:f1:
+#         c5:1e:16:55:6a:60:df:28:c8:3c:fe:44:74:4e:2f:80:36:58:
+#         62:56:d4:9a:00:82:49:81:b6:d7:ce:0a:b2:70:ae:69:8f:38:
+#         64:ff:c4:b4:52:34:ad:9d:50:d2:0a:d5:d0:93:2b:61:03:12:
+#         05:28:4f:91:b7:4c:f5:26:c3:a6:76:f9:62:d4:42:e1:ea:c1:
+#         13:e7:d8:a1:3a:49:fd:12:96:9d:c2:d0:45:fc:c1:fe:30:19:
+#         fe:ff:73:b4:e4:03:0b:dc:6f:bf:41:b2:fe:23:20:c9:02:d8:
+#         11:3c:8b:f4:a3:07:3a:fe:c2:3d:d9:54:b2:b6:36:5b:3a:24:
+#         cb:f3:e8:a7:97:de:62:5c:80:79:0d:cd:68:73:31:c8:ba:bc:
+#         7a:d3:26:04:2b:f0:08:45:ba:d3:21:2f:60:fc:c9:4b:24:8f:
+#         ff:e6:6c:11:81:69:87:5f:f9:28:b7:65:6b:f4:ee:f3:ed:6c:
+#         b4:c8:ae:0b
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILcgoBAKCCC2swggtnBgkrBgEFBQcwAQEEggtYMIILVDCB1KEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDYwOFowdjB0
+MDswCQYFKw4DAhoFAAQUEFZXi3QYEyYf2XEq2mAHf/fGHo8EFJv5hAZq/NLrCJP7
+5O4v2MHCiXqnAgIVAKERGA8yMDE1MDIxOTE1NTAzMFoYDzIwMTUwMjI4MDA0NjA4
+WqARGA8yMDE1MDMwMTAwNDYwOFqhIzAhMB8GCSsGAQUFBzABAgQSBBAkxdZ3L8U6
+5t4gihwdbwkTMA0GCSqGSIb3DQEBBQUAA4IBAQCm3WZ3fZk6DUEhGtZaZ4xRiG93
+RPj8NZkUue9nwf5eNqG4eJNuxhEIlvyjN1U8swjF0s7EyFkyGwV8M2VmQS5xK9Al
+jfSR7/HFHhZVamDfKMg8/kR0Ti+ANlhiVtSaAIJJgbbXzgqycK5pjzhk/8S0UjSt
+nVDSCtXQkythAxIFKE+Rt0z1JsOmdvli1ELh6sET59ihOkn9EpadwtBF/MH+MBn+
+/3O05AML3G+/QbL+IyDJAtgRPIv0owc6/sI92VSytjZbOiTL8+inl95iXIB5Dc1o
+czHIurx60yYEK/AIRbrTIS9g/MlLJI//5mwRgWmHX/kot2Vr9O7z7Wy0yK4LoIIJ
+ZTCCCWEwggQ5MIICIaADAgECAgIBATANBgkqhkiG9w0BAQsFADAjMQ0wCwYDVQQK
+DARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwHhcNMTUwMjI0MDEyMjI0WhcNMTYw
+MjI0MDEyMjI0WjAiMQ0wCwYDVQQKDARUZXN0MREwDwYDVQQDDAhUZXN0T0NTUDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJcrhH2xq6XujHtK7bhx1gD
+5ZvueFPLM6UV/cZJFoMOyCF9z6jrGDEyCmIMTselpXWd23KQ41quUwobWT+9Omex
+v5hkpIXwlxCLDn57XtQyq7Xvw94iwBGQyDfkSLBe/BoseoUrpr0YZAjT47jYqy61
+2OgSLlhFaaxWlGLjwsQ8COqzu6SJfvuEXpVJb7kzZhrCfzZVGKch5Bt1wOjJAhuc
+8YuxWLCM2lwkpfSlNlIcdtNace7wyEtlWAvW1mwjO9CP9Tpm1PT9NJDCNaFtcEk5
+pnE9DXyF09H1bjAFQqGIq5QfJfJ2hVfLd7aeowMm/7FHcWcgdY2DEBdsmpNL9jEC
+AwEAAaN4MHYwHQYDVR0OBBYEFFh4gw5HYcLJ4Hen/q2cpF8A6KZsMB8GA1UdIwQY
+MBaAFJv5hAZq/NLrCJP75O4v2MHCiXqnMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
+DDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBCwUAA4IC
+AQBVEwwLSjUUJe82SFmGB+jAzdCcGdE2Y4XR8Eb/rzk3gL0+xIj6Zi1XCJcbIAA3
+MDgUz/9dAcTgBqqCyWQ/7Yke2ioCxR1Pi9AV8yZDsagJ9x7UDze9UGzNsYundxrp
+lez8RTE25CPGY15kYaypo6h8JvWRV6oNUdPfrSnT71irdC+B3J6XNQ2UiA80XbeA
+7UkqOfTJUbiNjdvm7AQ5umlVZyT+jybxHGIMrZXc3lx7bA7p1P7jz57RXdqq+ReN
+kqstVGcFwnpRhHLJq/Aya4bzH8STO5uNcxJPWC1ZQzIdCgylWFnazp0StNNPKZjc
+pUS9kyNlrRkwq3JEFUigep7q1fWanvpwMqpRswS2kcS412GuwEHsWpO0YrwJxATY
+1DMJ+WMg1QHtuWBHFHfR98VBOzvnXXPZra2VIJxAH+RHCvZUu7gJYwBJ2y58KnmW
+hhuWO1SXSLQ5RvIn74yWRs2vjlVwnWyP0RpM+uiQpCkQBNG/st4EKCqvrt3fpvlK
+Zhl2eqrPsGjD74M7e+lvEpcd2x4q2gcD0LrBhwLNWb60ISI72F19tKPHKlY+CWxr
+b1QiA7uy15iKL1Hs+n0+3Mhv2ypvRlYuCLlBgdhYpG4qyEbbY1I4xkUaaqMEPkgO
+hD0pR4uA/O60yBLwA+97SC2UgKJRwxSSfleDzVZ+m43FwjCCBSAwggMIoAMCAQIC
+AQIwDQYJKoZIhvcNAQELBQAwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVz
+dFJvb3QwHhcNMTUwMjI0MDA1OTUxWhcNMTcwMjEzMDA1OTUxWjAjMQ0wCwYDVQQK
+DARUZXN0MRIwEAYDVQQDDAlUZXN0SW50Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQC/CikCVACXw4HmM4l0A8yn9I1UFzZIl2oyTriHbWKOh3+RZDt1
+1T2TGRfSANjbw5F8NSNZ1Cmj4dooZiiFa9NECTiCQi8jq+YbL4zDEkCZjS6mlRac
+dbEHvXb2F7ykk4+fzettHIxcDCqNuHEs7a3+e+0+w+ck1K5TQjTFgvn6FXG6nhan
+HsVcp0izJvSpNHGEuHt3p/GijvXozSX5Y4mxmCqOTdqeLdKllsoyHuIisQu5D5gK
+rggvqP6QL9gNFnktyGIiafMYK6nH0YX3XdWrRG+RmhqGIgt+V5eYar27VR7mRGIY
+C6+kPrqnX/GmKFz+3xmazTnjml68qkkMIiS3HNQhmQvESJW43q1M4TnoNF3GDE8s
+IsjozRm304/TzXZ2D7G7CkW+nV8qXVEcR3m8ydG8MDOuLdsnuRv/LMuyr33lpptv
+I5h+dnRFX0EVc8Gc9YjGj8qbeHDui7rRvGBPKXZtKC87CeZHU0kEFWcdrw1R+EOS
+yKvq8AmeR4cuYtiRbkDerBvhakdBw33PkODpNIDQVpqSgxgKxGG3YD2aTNthCtDQ
+cfHu3hGt+u5Lj/4V7W3ksLpwnDDqUk0xpJU1oRzZFZ+cqwZQ667Uuxd0J0S5NfoV
+YeET9h5GiJzTZ8q8pXzbuX4jHCR3+oSPOH8qQtVJ4DMJXSkoL5MzIPnPIQIDAQAB
+o2AwXjAdBgNVHQ4EFgQUm/mEBmr80usIk/vk7i/YwcKJeqcwHwYDVR0jBBgwFoAU
+ErnDSHntfTDJeHhhlFg3B0B2OBgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggIBAHko1UaSH2sl3rAe4kTTe6NKbgVD3YVHTcrQ
+2UNlNDigwmz7SYVt89wQjHM3SSLDh90oirCyLKOc9hVNmDmVoSFyNv8EZ+W6Pr1e
+1IGs9Bz1q43dc+k32dKAOVv17P6cVuwQ94ZCF9HxS8U4/g6FLG6sb1LlqLn+r/Xc
+NQp0+HJPUdWV9P6P+j/V0h9EO2NgSuKZN78JQDJs6jxhhXe8Y24R+UFfy0yZOSo3
+ZnlNWn6TkVMzzrHAHGiXLlrhZllBUgfPSgIkVN0Bly/xhdtQnDsWldIIyvaTmgEz
+NkB8OePf+HuntepgBqV0OtzqNghrwVkDAXcXDmvhmkhoBjEDKAvL3WGTgAzxFuSH
+JoZytBIye/eFWZrjHMTYblWpfsXOi77Sv1c0YoPx0Dpz4XXh9Hdbo6M1evu2hWjV
+rSaVcWBikjDTXHuOQhToeycT5qrLNUIs2+kf//1Mj/wE2AUW2qiT2zvyURf/3McR
+lxSs2FrnrTj6F7+9S5KEDZYgfRfuMaZWV16kDdLLR+hFFORqSqFA2re86KpgWUxK
+OwzvJjn8y4z+ecM1NPU6EdPm5/79vIlqxdBbormEnbRT0R/A9v2Aioj4qgSPXYNK
+ke2Q8PYKuxoB16S7PMTB4TjKA4th2BirvO9+GKrfYdEfZBAE6SV9w7sQ4BFVKeZW
+h4C/lSDF
diff --git a/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-withinv.resp b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-withinv.resp
new file mode 100644
index 00000000000..6122889c5ac
--- /dev/null
+++ b/jdk/test/sun/security/provider/certpath/OCSP/ocsp-rev-withnext-withinv.resp
@@ -0,0 +1,323 @@
+#OCSP Response Data:
+#    OCSP Response Status: successful (0x0)
+#    Response Type: Basic OCSP Response
+#    Version: 1 (0x0)
+#    Responder Id: O = Test, CN = TestOCSP
+#    Produced At: Feb 28 00:46:49 2015 GMT
+#    Responses:
+#    Certificate ID:
+#      Hash Algorithm: sha1
+#      Issuer Name Hash: 1056578B741813261FD9712ADA60077FF7C61E8F
+#      Issuer Key Hash: 9BF984066AFCD2EB0893FBE4EE2FD8C1C2897AA7
+#      Serial Number: 1500
+#    Cert Status: revoked
+#    Revocation Time: Feb 19 15:50:30 2015 GMT
+#    Revocation Reason: keyCompromise (0x1)
+#    This Update: Feb 28 00:46:49 2015 GMT
+#    Next Update: Mar  1 00:46:49 2015 GMT
+#        Response Single Extensions:
+#            Invalidity Date: 
+#                Feb 19 14:00:00 2015 GMT
+#
+#    Response Extensions:
+#        OCSP Nonce: 
+#            0410F17C49C52CC233FD13FDF79DE32B162D
+#    Signature Algorithm: sha1WithRSAEncryption
+#         54:58:00:0a:36:2e:f5:4e:ba:1c:aa:72:e0:be:40:7a:c8:84:
+#         62:5e:2c:ce:bd:e9:7f:fb:fc:f8:e6:d4:e5:19:d2:a5:cd:5b:
+#         31:a5:bf:52:d7:89:29:73:98:e9:1e:c2:dc:e5:e2:6d:18:f1:
+#         18:8a:03:c5:01:e9:c3:3c:d1:a6:22:d4:77:42:83:7b:82:27:
+#         f8:eb:89:b8:3f:50:10:fd:0b:59:6f:37:d4:2c:ef:cd:8f:83:
+#         4c:e1:92:e2:3b:cf:5c:b3:86:ed:c6:88:62:e1:53:3c:0f:e3:
+#         14:bb:3f:ad:53:de:d6:e3:4b:ab:e0:3f:c5:b9:2e:00:ec:67:
+#         01:6e:f4:3a:1f:e6:c3:78:b2:61:bd:7d:62:12:35:0e:ab:87:
+#         ce:5d:0e:9d:5b:96:21:67:66:da:e4:48:b6:aa:0d:bc:d1:78:
+#         ec:41:25:87:ee:d2:48:c1:d1:f5:59:17:1c:fb:43:89:df:4f:
+#         5a:d7:7a:62:a5:ef:aa:f4:b9:99:a5:34:f9:aa:15:d9:89:b2:
+#         d4:38:c1:cd:f8:2d:fc:07:dd:10:7a:20:75:bd:1a:0d:23:24:
+#         f8:59:0a:9b:56:ae:50:11:f6:b7:c6:8e:4a:c6:e5:f4:3f:5b:
+#         4b:a0:72:91:06:3e:a4:f1:6e:73:6f:d6:f3:3f:2b:6e:49:fb:
+#         b0:bc:8a:91
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 257 (0x101)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestIntCA
+#        Validity
+#            Not Before: Feb 24 01:22:24 2015 GMT
+#            Not After : Feb 24 01:22:24 2016 GMT
+#        Subject: O=Test, CN=TestOCSP
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (2048 bit)
+#                Modulus:
+#                    00:d2:5c:ae:11:f6:c6:ae:97:ba:31:ed:2b:b6:e1:
+#                    c7:58:03:e5:9b:ee:78:53:cb:33:a5:15:fd:c6:49:
+#                    16:83:0e:c8:21:7d:cf:a8:eb:18:31:32:0a:62:0c:
+#                    4e:c7:a5:a5:75:9d:db:72:90:e3:5a:ae:53:0a:1b:
+#                    59:3f:bd:3a:67:b1:bf:98:64:a4:85:f0:97:10:8b:
+#                    0e:7e:7b:5e:d4:32:ab:b5:ef:c3:de:22:c0:11:90:
+#                    c8:37:e4:48:b0:5e:fc:1a:2c:7a:85:2b:a6:bd:18:
+#                    64:08:d3:e3:b8:d8:ab:2e:b5:d8:e8:12:2e:58:45:
+#                    69:ac:56:94:62:e3:c2:c4:3c:08:ea:b3:bb:a4:89:
+#                    7e:fb:84:5e:95:49:6f:b9:33:66:1a:c2:7f:36:55:
+#                    18:a7:21:e4:1b:75:c0:e8:c9:02:1b:9c:f1:8b:b1:
+#                    58:b0:8c:da:5c:24:a5:f4:a5:36:52:1c:76:d3:5a:
+#                    71:ee:f0:c8:4b:65:58:0b:d6:d6:6c:23:3b:d0:8f:
+#                    f5:3a:66:d4:f4:fd:34:90:c2:35:a1:6d:70:49:39:
+#                    a6:71:3d:0d:7c:85:d3:d1:f5:6e:30:05:42:a1:88:
+#                    ab:94:1f:25:f2:76:85:57:cb:77:b6:9e:a3:03:26:
+#                    ff:b1:47:71:67:20:75:8d:83:10:17:6c:9a:93:4b:
+#                    f6:31
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                58:78:83:0E:47:61:C2:C9:E0:77:A7:FE:AD:9C:A4:5F:00:E8:A6:6C
+#            X509v3 Authority Key Identifier: 
+#                keyid:9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#
+#            X509v3 Key Usage: critical
+#                Digital Signature
+#            X509v3 Extended Key Usage: 
+#                OCSP Signing
+#            OCSP No Check: 
+#
+#    Signature Algorithm: sha256WithRSAEncryption
+#         55:13:0c:0b:4a:35:14:25:ef:36:48:59:86:07:e8:c0:cd:d0:
+#         9c:19:d1:36:63:85:d1:f0:46:ff:af:39:37:80:bd:3e:c4:88:
+#         fa:66:2d:57:08:97:1b:20:00:37:30:38:14:cf:ff:5d:01:c4:
+#         e0:06:aa:82:c9:64:3f:ed:89:1e:da:2a:02:c5:1d:4f:8b:d0:
+#         15:f3:26:43:b1:a8:09:f7:1e:d4:0f:37:bd:50:6c:cd:b1:8b:
+#         a7:77:1a:e9:95:ec:fc:45:31:36:e4:23:c6:63:5e:64:61:ac:
+#         a9:a3:a8:7c:26:f5:91:57:aa:0d:51:d3:df:ad:29:d3:ef:58:
+#         ab:74:2f:81:dc:9e:97:35:0d:94:88:0f:34:5d:b7:80:ed:49:
+#         2a:39:f4:c9:51:b8:8d:8d:db:e6:ec:04:39:ba:69:55:67:24:
+#         fe:8f:26:f1:1c:62:0c:ad:95:dc:de:5c:7b:6c:0e:e9:d4:fe:
+#         e3:cf:9e:d1:5d:da:aa:f9:17:8d:92:ab:2d:54:67:05:c2:7a:
+#         51:84:72:c9:ab:f0:32:6b:86:f3:1f:c4:93:3b:9b:8d:73:12:
+#         4f:58:2d:59:43:32:1d:0a:0c:a5:58:59:da:ce:9d:12:b4:d3:
+#         4f:29:98:dc:a5:44:bd:93:23:65:ad:19:30:ab:72:44:15:48:
+#         a0:7a:9e:ea:d5:f5:9a:9e:fa:70:32:aa:51:b3:04:b6:91:c4:
+#         b8:d7:61:ae:c0:41:ec:5a:93:b4:62:bc:09:c4:04:d8:d4:33:
+#         09:f9:63:20:d5:01:ed:b9:60:47:14:77:d1:f7:c5:41:3b:3b:
+#         e7:5d:73:d9:ad:ad:95:20:9c:40:1f:e4:47:0a:f6:54:bb:b8:
+#         09:63:00:49:db:2e:7c:2a:79:96:86:1b:96:3b:54:97:48:b4:
+#         39:46:f2:27:ef:8c:96:46:cd:af:8e:55:70:9d:6c:8f:d1:1a:
+#         4c:fa:e8:90:a4:29:10:04:d1:bf:b2:de:04:28:2a:af:ae:dd:
+#         df:a6:f9:4a:66:19:76:7a:aa:cf:b0:68:c3:ef:83:3b:7b:e9:
+#         6f:12:97:1d:db:1e:2a:da:07:03:d0:ba:c1:87:02:cd:59:be:
+#         b4:21:22:3b:d8:5d:7d:b4:a3:c7:2a:56:3e:09:6c:6b:6f:54:
+#         22:03:bb:b2:d7:98:8a:2f:51:ec:fa:7d:3e:dc:c8:6f:db:2a:
+#         6f:46:56:2e:08:b9:41:81:d8:58:a4:6e:2a:c8:46:db:63:52:
+#         38:c6:45:1a:6a:a3:04:3e:48:0e:84:3d:29:47:8b:80:fc:ee:
+#         b4:c8:12:f0:03:ef:7b:48:2d:94:80:a2:51:c3:14:92:7e:57:
+#         83:cd:56:7e:9b:8d:c5:c2
+#-----BEGIN CERTIFICATE-----
+#MIIEOTCCAiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVz
+#dDESMBAGA1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAx
+#MjIyNFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0G
+#CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhT
+#yzOlFf3GSRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF
+#8JcQiw5+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5Y
+#RWmsVpRi48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViw
+#jNpcJKX0pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18
+#hdPR9W4wBUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGj
+#eDB2MB0GA1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb
+#+YQGavzS6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+#KwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMM
+#C0o1FCXvNkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//
+#XQHE4AaqgslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUx
+#NuQjxmNeZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0
+#yVG4jY3b5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRn
+#BcJ6UYRyyavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMj
+#Za0ZMKtyRBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCflj
+#INUB7blgRxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtU
+#l0i0OUbyJ++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqq
+#z7Bow++DO3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7
+#steYii9R7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeL
+#gPzutMgS8APve0gtlICiUcMUkn5Xg81WfpuNxcI=
+#-----END CERTIFICATE-----
+#Certificate:
+#    Data:
+#        Version: 3 (0x2)
+#        Serial Number: 2 (0x2)
+#    Signature Algorithm: sha256WithRSAEncryption
+#        Issuer: O=Test, CN=TestRoot
+#        Validity
+#            Not Before: Feb 24 00:59:51 2015 GMT
+#            Not After : Feb 13 00:59:51 2017 GMT
+#        Subject: O=Test, CN=TestIntCA
+#        Subject Public Key Info:
+#            Public Key Algorithm: rsaEncryption
+#                Public-Key: (4096 bit)
+#                Modulus:
+#                    00:bf:0a:29:02:54:00:97:c3:81:e6:33:89:74:03:
+#                    cc:a7:f4:8d:54:17:36:48:97:6a:32:4e:b8:87:6d:
+#                    62:8e:87:7f:91:64:3b:75:d5:3d:93:19:17:d2:00:
+#                    d8:db:c3:91:7c:35:23:59:d4:29:a3:e1:da:28:66:
+#                    28:85:6b:d3:44:09:38:82:42:2f:23:ab:e6:1b:2f:
+#                    8c:c3:12:40:99:8d:2e:a6:95:16:9c:75:b1:07:bd:
+#                    76:f6:17:bc:a4:93:8f:9f:cd:eb:6d:1c:8c:5c:0c:
+#                    2a:8d:b8:71:2c:ed:ad:fe:7b:ed:3e:c3:e7:24:d4:
+#                    ae:53:42:34:c5:82:f9:fa:15:71:ba:9e:16:a7:1e:
+#                    c5:5c:a7:48:b3:26:f4:a9:34:71:84:b8:7b:77:a7:
+#                    f1:a2:8e:f5:e8:cd:25:f9:63:89:b1:98:2a:8e:4d:
+#                    da:9e:2d:d2:a5:96:ca:32:1e:e2:22:b1:0b:b9:0f:
+#                    98:0a:ae:08:2f:a8:fe:90:2f:d8:0d:16:79:2d:c8:
+#                    62:22:69:f3:18:2b:a9:c7:d1:85:f7:5d:d5:ab:44:
+#                    6f:91:9a:1a:86:22:0b:7e:57:97:98:6a:bd:bb:55:
+#                    1e:e6:44:62:18:0b:af:a4:3e:ba:a7:5f:f1:a6:28:
+#                    5c:fe:df:19:9a:cd:39:e3:9a:5e:bc:aa:49:0c:22:
+#                    24:b7:1c:d4:21:99:0b:c4:48:95:b8:de:ad:4c:e1:
+#                    39:e8:34:5d:c6:0c:4f:2c:22:c8:e8:cd:19:b7:d3:
+#                    8f:d3:cd:76:76:0f:b1:bb:0a:45:be:9d:5f:2a:5d:
+#                    51:1c:47:79:bc:c9:d1:bc:30:33:ae:2d:db:27:b9:
+#                    1b:ff:2c:cb:b2:af:7d:e5:a6:9b:6f:23:98:7e:76:
+#                    74:45:5f:41:15:73:c1:9c:f5:88:c6:8f:ca:9b:78:
+#                    70:ee:8b:ba:d1:bc:60:4f:29:76:6d:28:2f:3b:09:
+#                    e6:47:53:49:04:15:67:1d:af:0d:51:f8:43:92:c8:
+#                    ab:ea:f0:09:9e:47:87:2e:62:d8:91:6e:40:de:ac:
+#                    1b:e1:6a:47:41:c3:7d:cf:90:e0:e9:34:80:d0:56:
+#                    9a:92:83:18:0a:c4:61:b7:60:3d:9a:4c:db:61:0a:
+#                    d0:d0:71:f1:ee:de:11:ad:fa:ee:4b:8f:fe:15:ed:
+#                    6d:e4:b0:ba:70:9c:30:ea:52:4d:31:a4:95:35:a1:
+#                    1c:d9:15:9f:9c:ab:06:50:eb:ae:d4:bb:17:74:27:
+#                    44:b9:35:fa:15:61:e1:13:f6:1e:46:88:9c:d3:67:
+#                    ca:bc:a5:7c:db:b9:7e:23:1c:24:77:fa:84:8f:38:
+#                    7f:2a:42:d5:49:e0:33:09:5d:29:28:2f:93:33:20:
+#                    f9:cf:21
+#                Exponent: 65537 (0x10001)
+#        X509v3 extensions:
+#            X509v3 Subject Key Identifier: 
+#                9B:F9:84:06:6A:FC:D2:EB:08:93:FB:E4:EE:2F:D8:C1:C2:89:7A:A7
+#            X509v3 Authority Key Identifier: 
+#                keyid:12:B9:C3:48:79:ED:7D:30:C9:78:78:61:94:58:37:07:40:76:38:18
+#
+#            X509v3 Basic Constraints: critical
+#                CA:TRUE
+#            X509v3 Key Usage: 
+#                Certificate Sign, CRL Sign
+#    Signature Algorithm: sha256WithRSAEncryption
+#         79:28:d5:46:92:1f:6b:25:de:b0:1e:e2:44:d3:7b:a3:4a:6e:
+#         05:43:dd:85:47:4d:ca:d0:d9:43:65:34:38:a0:c2:6c:fb:49:
+#         85:6d:f3:dc:10:8c:73:37:49:22:c3:87:dd:28:8a:b0:b2:2c:
+#         a3:9c:f6:15:4d:98:39:95:a1:21:72:36:ff:04:67:e5:ba:3e:
+#         bd:5e:d4:81:ac:f4:1c:f5:ab:8d:dd:73:e9:37:d9:d2:80:39:
+#         5b:f5:ec:fe:9c:56:ec:10:f7:86:42:17:d1:f1:4b:c5:38:fe:
+#         0e:85:2c:6e:ac:6f:52:e5:a8:b9:fe:af:f5:dc:35:0a:74:f8:
+#         72:4f:51:d5:95:f4:fe:8f:fa:3f:d5:d2:1f:44:3b:63:60:4a:
+#         e2:99:37:bf:09:40:32:6c:ea:3c:61:85:77:bc:63:6e:11:f9:
+#         41:5f:cb:4c:99:39:2a:37:66:79:4d:5a:7e:93:91:53:33:ce:
+#         b1:c0:1c:68:97:2e:5a:e1:66:59:41:52:07:cf:4a:02:24:54:
+#         dd:01:97:2f:f1:85:db:50:9c:3b:16:95:d2:08:ca:f6:93:9a:
+#         01:33:36:40:7c:39:e3:df:f8:7b:a7:b5:ea:60:06:a5:74:3a:
+#         dc:ea:36:08:6b:c1:59:03:01:77:17:0e:6b:e1:9a:48:68:06:
+#         31:03:28:0b:cb:dd:61:93:80:0c:f1:16:e4:87:26:86:72:b4:
+#         12:32:7b:f7:85:59:9a:e3:1c:c4:d8:6e:55:a9:7e:c5:ce:8b:
+#         be:d2:bf:57:34:62:83:f1:d0:3a:73:e1:75:e1:f4:77:5b:a3:
+#         a3:35:7a:fb:b6:85:68:d5:ad:26:95:71:60:62:92:30:d3:5c:
+#         7b:8e:42:14:e8:7b:27:13:e6:aa:cb:35:42:2c:db:e9:1f:ff:
+#         fd:4c:8f:fc:04:d8:05:16:da:a8:93:db:3b:f2:51:17:ff:dc:
+#         c7:11:97:14:ac:d8:5a:e7:ad:38:fa:17:bf:bd:4b:92:84:0d:
+#         96:20:7d:17:ee:31:a6:56:57:5e:a4:0d:d2:cb:47:e8:45:14:
+#         e4:6a:4a:a1:40:da:b7:bc:e8:aa:60:59:4c:4a:3b:0c:ef:26:
+#         39:fc:cb:8c:fe:79:c3:35:34:f5:3a:11:d3:e6:e7:fe:fd:bc:
+#         89:6a:c5:d0:5b:a2:b9:84:9d:b4:53:d1:1f:c0:f6:fd:80:8a:
+#         88:f8:aa:04:8f:5d:83:4a:91:ed:90:f0:f6:0a:bb:1a:01:d7:
+#         a4:bb:3c:c4:c1:e1:38:ca:03:8b:61:d8:18:ab:bc:ef:7e:18:
+#         aa:df:61:d1:1f:64:10:04:e9:25:7d:c3:bb:10:e0:11:55:29:
+#         e6:56:87:80:bf:95:20:c5
+#-----BEGIN CERTIFICATE-----
+#MIIFIDCCAwigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAiMQ0wCwYDVQQKDARUZXN0
+#MREwDwYDVQQDDAhUZXN0Um9vdDAeFw0xNTAyMjQwMDU5NTFaFw0xNzAyMTMwMDU5
+#NTFaMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3RJbnRDQTCCAiIwDQYJ
+#KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL8KKQJUAJfDgeYziXQDzKf0jVQXNkiX
+#ajJOuIdtYo6Hf5FkO3XVPZMZF9IA2NvDkXw1I1nUKaPh2ihmKIVr00QJOIJCLyOr
+#5hsvjMMSQJmNLqaVFpx1sQe9dvYXvKSTj5/N620cjFwMKo24cSztrf577T7D5yTU
+#rlNCNMWC+foVcbqeFqcexVynSLMm9Kk0cYS4e3en8aKO9ejNJfljibGYKo5N2p4t
+#0qWWyjIe4iKxC7kPmAquCC+o/pAv2A0WeS3IYiJp8xgrqcfRhfdd1atEb5GaGoYi
+#C35Xl5hqvbtVHuZEYhgLr6Q+uqdf8aYoXP7fGZrNOeOaXryqSQwiJLcc1CGZC8RI
+#lbjerUzhOeg0XcYMTywiyOjNGbfTj9PNdnYPsbsKRb6dXypdURxHebzJ0bwwM64t
+#2ye5G/8sy7KvfeWmm28jmH52dEVfQRVzwZz1iMaPypt4cO6LutG8YE8pdm0oLzsJ
+#5kdTSQQVZx2vDVH4Q5LIq+rwCZ5Hhy5i2JFuQN6sG+FqR0HDfc+Q4Ok0gNBWmpKD
+#GArEYbdgPZpM22EK0NBx8e7eEa367kuP/hXtbeSwunCcMOpSTTGklTWhHNkVn5yr
+#BlDrrtS7F3QnRLk1+hVh4RP2HkaInNNnyrylfNu5fiMcJHf6hI84fypC1UngMwld
+#KSgvkzMg+c8hAgMBAAGjYDBeMB0GA1UdDgQWBBSb+YQGavzS6wiT++TuL9jBwol6
+#pzAfBgNVHSMEGDAWgBQSucNIee19MMl4eGGUWDcHQHY4GDAPBgNVHRMBAf8EBTAD
+#AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAeSjVRpIfayXesB7i
+#RNN7o0puBUPdhUdNytDZQ2U0OKDCbPtJhW3z3BCMczdJIsOH3SiKsLIso5z2FU2Y
+#OZWhIXI2/wRn5bo+vV7Ugaz0HPWrjd1z6TfZ0oA5W/Xs/pxW7BD3hkIX0fFLxTj+
+#DoUsbqxvUuWouf6v9dw1CnT4ck9R1ZX0/o/6P9XSH0Q7Y2BK4pk3vwlAMmzqPGGF
+#d7xjbhH5QV/LTJk5KjdmeU1afpORUzPOscAcaJcuWuFmWUFSB89KAiRU3QGXL/GF
+#21CcOxaV0gjK9pOaATM2QHw549/4e6e16mAGpXQ63Oo2CGvBWQMBdxcOa+GaSGgG
+#MQMoC8vdYZOADPEW5IcmhnK0EjJ794VZmuMcxNhuVal+xc6LvtK/VzRig/HQOnPh
+#deH0d1ujozV6+7aFaNWtJpVxYGKSMNNce45CFOh7JxPmqss1Qizb6R///UyP/ATY
+#BRbaqJPbO/JRF//cxxGXFKzYWuetOPoXv71LkoQNliB9F+4xplZXXqQN0stH6EUU
+#5GpKoUDat7zoqmBZTEo7DO8mOfzLjP55wzU09ToR0+bn/v28iWrF0FuiuYSdtFPR
+#H8D2/YCKiPiqBI9dg0qR7ZDw9gq7GgHXpLs8xMHhOMoDi2HYGKu8734Yqt9h0R9k
+#EATpJX3DuxDgEVUp5laHgL+VIMU=
+#-----END CERTIFICATE-----
+
+MIILlwoBAKCCC5AwgguMBgkrBgEFBQcwAQEEggt9MIILeTCB+aEkMCIxDTALBgNV
+BAoMBFRlc3QxETAPBgNVBAMMCFRlc3RPQ1NQGA8yMDE1MDIyODAwNDY0OVowgZow
+gZcwOzAJBgUrDgMCGgUABBQQVleLdBgTJh/ZcSraYAd/98YejwQUm/mEBmr80usI
+k/vk7i/YwcKJeqcCAhUAoRYYDzIwMTUwMjE5MTU1MDMwWqADCgEBGA8yMDE1MDIy
+ODAwNDY0OVqgERgPMjAxNTAzMDEwMDQ2NDlaoRwwGjAYBgNVHRgEERgPMjAxNTAy
+MTkxNDAwMDBaoSMwITAfBgkrBgEFBQcwAQIEEgQQ8XxJxSzCM/0T/fed4ysWLTAN
+BgkqhkiG9w0BAQUFAAOCAQEAVFgACjYu9U66HKpy4L5AesiEYl4szr3pf/v8+ObU
+5RnSpc1bMaW/UteJKXOY6R7C3OXibRjxGIoDxQHpwzzRpiLUd0KDe4In+OuJuD9Q
+EP0LWW831CzvzY+DTOGS4jvPXLOG7caIYuFTPA/jFLs/rVPe1uNLq+A/xbkuAOxn
+AW70Oh/mw3iyYb19YhI1DquHzl0OnVuWIWdm2uRItqoNvNF47EElh+7SSMHR9VkX
+HPtDid9PWtd6YqXvqvS5maU0+aoV2Ymy1DjBzfgt/AfdEHogdb0aDSMk+FkKm1au
+UBH2t8aOSsbl9D9bS6BykQY+pPFuc2/W8z8rbkn7sLyKkaCCCWUwgglhMIIEOTCC
+AiGgAwIBAgICAQEwDQYJKoZIhvcNAQELBQAwIzENMAsGA1UECgwEVGVzdDESMBAG
+A1UEAwwJVGVzdEludENBMB4XDTE1MDIyNDAxMjIyNFoXDTE2MDIyNDAxMjIyNFow
+IjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdE9DU1AwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDSXK4R9saul7ox7Su24cdYA+Wb7nhTyzOlFf3G
+SRaDDsghfc+o6xgxMgpiDE7HpaV1ndtykONarlMKG1k/vTpnsb+YZKSF8JcQiw5+
+e17UMqu178PeIsARkMg35EiwXvwaLHqFK6a9GGQI0+O42KsutdjoEi5YRWmsVpRi
+48LEPAjqs7ukiX77hF6VSW+5M2Yawn82VRinIeQbdcDoyQIbnPGLsViwjNpcJKX0
+pTZSHHbTWnHu8MhLZVgL1tZsIzvQj/U6ZtT0/TSQwjWhbXBJOaZxPQ18hdPR9W4w
+BUKhiKuUHyXydoVXy3e2nqMDJv+xR3FnIHWNgxAXbJqTS/YxAgMBAAGjeDB2MB0G
+A1UdDgQWBBRYeIMOR2HCyeB3p/6tnKRfAOimbDAfBgNVHSMEGDAWgBSb+YQGavzS
+6wiT++TuL9jBwol6pzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH
+AwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOCAgEAVRMMC0o1FCXv
+NkhZhgfowM3QnBnRNmOF0fBG/685N4C9PsSI+mYtVwiXGyAANzA4FM//XQHE4Aaq
+gslkP+2JHtoqAsUdT4vQFfMmQ7GoCfce1A83vVBszbGLp3ca6ZXs/EUxNuQjxmNe
+ZGGsqaOofCb1kVeqDVHT360p0+9Yq3QvgdyelzUNlIgPNF23gO1JKjn0yVG4jY3b
+5uwEObppVWck/o8m8RxiDK2V3N5ce2wO6dT+48+e0V3aqvkXjZKrLVRnBcJ6UYRy
+yavwMmuG8x/EkzubjXMST1gtWUMyHQoMpVhZ2s6dErTTTymY3KVEvZMjZa0ZMKty
+RBVIoHqe6tX1mp76cDKqUbMEtpHEuNdhrsBB7FqTtGK8CcQE2NQzCfljINUB7blg
+RxR30ffFQTs7511z2a2tlSCcQB/kRwr2VLu4CWMASdsufCp5loYbljtUl0i0OUby
+J++MlkbNr45VcJ1sj9EaTProkKQpEATRv7LeBCgqr67d36b5SmYZdnqqz7Bow++D
+O3vpbxKXHdseKtoHA9C6wYcCzVm+tCEiO9hdfbSjxypWPglsa29UIgO7steYii9R
+7Pp9PtzIb9sqb0ZWLgi5QYHYWKRuKshG22NSOMZFGmqjBD5IDoQ9KUeLgPzutMgS
+8APve0gtlICiUcMUkn5Xg81WfpuNxcIwggUgMIIDCKADAgECAgECMA0GCSqGSIb3
+DQEBCwUAMCIxDTALBgNVBAoMBFRlc3QxETAPBgNVBAMMCFRlc3RSb290MB4XDTE1
+MDIyNDAwNTk1MVoXDTE3MDIxMzAwNTk1MVowIzENMAsGA1UECgwEVGVzdDESMBAG
+A1UEAwwJVGVzdEludENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+vwopAlQAl8OB5jOJdAPMp/SNVBc2SJdqMk64h21ijod/kWQ7ddU9kxkX0gDY28OR
+fDUjWdQpo+HaKGYohWvTRAk4gkIvI6vmGy+MwxJAmY0uppUWnHWxB7129he8pJOP
+n83rbRyMXAwqjbhxLO2t/nvtPsPnJNSuU0I0xYL5+hVxup4Wpx7FXKdIsyb0qTRx
+hLh7d6fxoo716M0l+WOJsZgqjk3ani3SpZbKMh7iIrELuQ+YCq4IL6j+kC/YDRZ5
+LchiImnzGCupx9GF913Vq0RvkZoahiILfleXmGq9u1Ue5kRiGAuvpD66p1/xpihc
+/t8Zms0545pevKpJDCIktxzUIZkLxEiVuN6tTOE56DRdxgxPLCLI6M0Zt9OP0812
+dg+xuwpFvp1fKl1RHEd5vMnRvDAzri3bJ7kb/yzLsq995aabbyOYfnZ0RV9BFXPB
+nPWIxo/Km3hw7ou60bxgTyl2bSgvOwnmR1NJBBVnHa8NUfhDksir6vAJnkeHLmLY
+kW5A3qwb4WpHQcN9z5Dg6TSA0FaakoMYCsRht2A9mkzbYQrQ0HHx7t4RrfruS4/+
+Fe1t5LC6cJww6lJNMaSVNaEc2RWfnKsGUOuu1LsXdCdEuTX6FWHhE/YeRoic02fK
+vKV827l+Ixwkd/qEjzh/KkLVSeAzCV0pKC+TMyD5zyECAwEAAaNgMF4wHQYDVR0O
+BBYEFJv5hAZq/NLrCJP75O4v2MHCiXqnMB8GA1UdIwQYMBaAFBK5w0h57X0wyXh4
+YZRYNwdAdjgYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3
+DQEBCwUAA4ICAQB5KNVGkh9rJd6wHuJE03ujSm4FQ92FR03K0NlDZTQ4oMJs+0mF
+bfPcEIxzN0kiw4fdKIqwsiyjnPYVTZg5laEhcjb/BGfluj69XtSBrPQc9auN3XPp
+N9nSgDlb9ez+nFbsEPeGQhfR8UvFOP4OhSxurG9S5ai5/q/13DUKdPhyT1HVlfT+
+j/o/1dIfRDtjYErimTe/CUAybOo8YYV3vGNuEflBX8tMmTkqN2Z5TVp+k5FTM86x
+wBxoly5a4WZZQVIHz0oCJFTdAZcv8YXbUJw7FpXSCMr2k5oBMzZAfDnj3/h7p7Xq
+YAaldDrc6jYIa8FZAwF3Fw5r4ZpIaAYxAygLy91hk4AM8RbkhyaGcrQSMnv3hVma
+4xzE2G5VqX7Fzou+0r9XNGKD8dA6c+F14fR3W6OjNXr7toVo1a0mlXFgYpIw01x7
+jkIU6HsnE+aqyzVCLNvpH//9TI/8BNgFFtqok9s78lEX/9zHEZcUrNha5604+he/
+vUuShA2WIH0X7jGmVldepA3Sy0foRRTkakqhQNq3vOiqYFlMSjsM7yY5/MuM/nnD
+NTT1OhHT5uf+/byJasXQW6K5hJ20U9EfwPb9gIqI+KoEj12DSpHtkPD2CrsaAdek
+uzzEweE4ygOLYdgYq7zvfhiq32HRH2QQBOklfcO7EOARVSnmVoeAv5UgxQ==

From 1382affe60f0cab6ea8c159255ddb6d6d79e27cd Mon Sep 17 00:00:00 2001
From: Joe Darcy <darcy@openjdk.org>
Date: Fri, 13 Mar 2015 11:34:37 -0700
Subject: [PATCH 20/35] 8075160: Add javadoc to serialver class

Reviewed-by: lancea
---
 .../share/classes/sun/tools/serialver/SerialVer.java     | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/jdk/src/jdk.compiler/share/classes/sun/tools/serialver/SerialVer.java b/jdk/src/jdk.compiler/share/classes/sun/tools/serialver/SerialVer.java
index f031e110b46..268ed516474 100644
--- a/jdk/src/jdk.compiler/share/classes/sun/tools/serialver/SerialVer.java
+++ b/jdk/src/jdk.compiler/share/classes/sun/tools/serialver/SerialVer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,9 @@ import java.net.MalformedURLException;
 import java.util.StringTokenizer;
 import sun.net.www.ParseUtil;
 
+/**
+ * Supporting class for the serialver tool.
+ */
 public class SerialVer {
 
     /*
@@ -117,6 +120,10 @@ public class SerialVer {
         }
     }
 
+    /**
+     * Entry point for serialver tool.
+     * @param args the arguments
+     */
     public static void main(String[] args) {
         String envcp = null;
         int i = 0;

From 17f8ee8cf0ec64b243c634151a69c8370b28bce9 Mon Sep 17 00:00:00 2001
From: Brian Burkhalter <bpb@openjdk.org>
Date: Fri, 13 Mar 2015 14:54:40 -0700
Subject: [PATCH 21/35] 8073214: javadoc of Properties methods should specify
 NullPointerExceptions

Add test for null parameter and corresponding throws clause to load() methods

Reviewed-by: darcy
---
 .../share/classes/java/util/Properties.java   |  8 +-
 jdk/test/java/util/Properties/Basic.java      | 75 +++++++++++++++++++
 2 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 jdk/test/java/util/Properties/Basic.java

diff --git a/jdk/src/java.base/share/classes/java/util/Properties.java b/jdk/src/java.base/share/classes/java/util/Properties.java
index e313c9716d0..04397c3f9f2 100644
--- a/jdk/src/java.base/share/classes/java/util/Properties.java
+++ b/jdk/src/java.base/share/classes/java/util/Properties.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,8 +34,6 @@ import java.io.Reader;
 import java.io.Writer;
 import java.io.OutputStreamWriter;
 import java.io.BufferedWriter;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 import jdk.internal.util.xml.PropertiesDefaultHandler;
 
@@ -311,9 +309,11 @@ class Properties extends Hashtable<Object,Object> {
      *          input stream.
      * @throws  IllegalArgumentException if a malformed Unicode escape
      *          appears in the input.
+     * @throws NullPointerException if {@code reader} is null.
      * @since   1.6
      */
     public synchronized void load(Reader reader) throws IOException {
+        Objects.requireNonNull(reader, "reader parameter is null");
         load0(new LineReader(reader));
     }
 
@@ -335,9 +335,11 @@ class Properties extends Hashtable<Object,Object> {
      *             input stream.
      * @throws     IllegalArgumentException if the input stream contains a
      *             malformed Unicode escape sequence.
+     * @throws NullPointerException if {@code inStream} is null.
      * @since 1.2
      */
     public synchronized void load(InputStream inStream) throws IOException {
+        Objects.requireNonNull(inStream, "inStream parameter is null");
         load0(new LineReader(inStream));
     }
 
diff --git a/jdk/test/java/util/Properties/Basic.java b/jdk/test/java/util/Properties/Basic.java
new file mode 100644
index 00000000000..7827ed02957
--- /dev/null
+++ b/jdk/test/java/util/Properties/Basic.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.Reader;
+import java.io.Writer;
+import java.util.Properties;
+
+/*
+ * @test
+ * @bug 8073214
+ * @summary Basic tests of Properties methods.
+ */
+public class Basic
+{
+    public static void main(String[] args) throws Exception
+    {
+        int failures = 0;
+
+        Properties props = new Properties();
+
+        try {
+            props.store((OutputStream)null, "comments");
+            failures++;
+        } catch (NullPointerException e) {
+            // do nothing
+        }
+
+        try {
+            props.store((Writer)null, "comments");
+            failures++;
+        } catch (NullPointerException e) {
+            // do nothing
+        }
+
+        try {
+            props.load((InputStream)null);
+            failures++;
+        } catch (NullPointerException e) {
+            // do nothing
+        }
+
+        try {
+            props.load((Reader)null);
+            failures++;
+        } catch (NullPointerException e) {
+            // do nothing
+        }
+
+        if (failures != 0) {
+            throw new RuntimeException("Basic failed with "
+                + failures + " errors!");
+        }
+    }
+}

From 6290291b273e047a8a0fed33ff039842236030b8 Mon Sep 17 00:00:00 2001
From: Brian Burkhalter <bpb@openjdk.org>
Date: Fri, 13 Mar 2015 15:03:42 -0700
Subject: [PATCH 22/35] 8075110: (prefs) CodePointZeroPrefsTest fails on
 certain platforms

Contrain test to the Linux and Solaris OS families

Reviewed-by: darcy
---
 jdk/test/java/util/prefs/CodePointZeroPrefsTest.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jdk/test/java/util/prefs/CodePointZeroPrefsTest.java b/jdk/test/java/util/prefs/CodePointZeroPrefsTest.java
index 8a63b86caf9..eb7299b4d98 100644
--- a/jdk/test/java/util/prefs/CodePointZeroPrefsTest.java
+++ b/jdk/test/java/util/prefs/CodePointZeroPrefsTest.java
@@ -27,6 +27,7 @@ import java.util.prefs.PreferencesFactory;
 /*
  * @test
  * @bug 8068373
+ * @requires os.family == "linux" | os.family == "solaris"
  * @summary Ensure writing a code point U+0000 null control character is detected.
  */
 public class CodePointZeroPrefsTest

From 2349ff99bc1e696aafdde8c8d82eb0bb75f8219f Mon Sep 17 00:00:00 2001
From: Jamil Nimeh <jnimeh@openjdk.org>
Date: Sat, 14 Mar 2015 09:38:52 -0700
Subject: [PATCH 23/35] 6996366: convert MacAlg to an enum

Reviewed-by: xuelei
---
 .../classes/sun/security/ssl/CipherBox.java   |   4 +-
 .../classes/sun/security/ssl/CipherSuite.java | 495 ++++++++----------
 .../share/classes/sun/security/ssl/MAC.java   |   3 +-
 .../security/ssl/SSLAlgorithmConstraints.java |  10 +-
 4 files changed, 241 insertions(+), 271 deletions(-)

diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java b/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java
index e9f22055bb9..92f12ce9b67 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -257,7 +257,7 @@ final class CipherBox {
             throw new NoSuchAlgorithmException("Unsupported cipher " + cipher);
         }
 
-        if (cipher == B_NULL) {
+        if (cipher == BulkCipher.B_NULL) {
             return NULL;
         } else {
             return new CipherBox(version, cipher, key, iv, random, encrypt);
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
index 6d52cc68435..09e7afcae26 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,8 @@ import javax.crypto.spec.SecretKeySpec;
 import static sun.security.ssl.CipherSuite.KeyExchange.*;
 import static sun.security.ssl.CipherSuite.PRF.*;
 import static sun.security.ssl.CipherSuite.CipherType.*;
+import static sun.security.ssl.CipherSuite.MacAlg.*;
+import static sun.security.ssl.CipherSuite.BulkCipher.*;
 import static sun.security.ssl.JsseJce.*;
 
 /**
@@ -129,33 +131,15 @@ final class CipherSuite implements Comparable<CipherSuite> {
      * Constructor for implemented CipherSuites.
      */
     private CipherSuite(String name, int id, int priority,
-            KeyExchange keyExchange, BulkCipher cipher,
+            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
             boolean allowed, int obsoleted, int supported, PRF prfAlg) {
         this.name = name;
         this.id = id;
         this.priority = priority;
         this.keyExchange = keyExchange;
         this.cipher = cipher;
+        this.macAlg = mac;
         this.exportable = cipher.exportable;
-        if (cipher.cipherType == CipherType.AEAD_CIPHER) {
-            macAlg = M_NULL;
-        } else if (name.endsWith("_MD5")) {
-            macAlg = M_MD5;
-        } else if (name.endsWith("_SHA")) {
-            macAlg = M_SHA;
-        } else if (name.endsWith("_SHA256")) {
-            macAlg = M_SHA256;
-        } else if (name.endsWith("_SHA384")) {
-            macAlg = M_SHA384;
-        } else if (name.endsWith("_NULL")) {
-            macAlg = M_NULL;
-        } else if (name.endsWith("_SCSV")) {
-            macAlg = M_NULL;
-        } else {
-            throw new IllegalArgumentException
-                    ("Unknown MAC algorithm for ciphersuite " + name);
-        }
-
         allowed &= keyExchange.allowed;
         allowed &= cipher.allowed;
         this.allowed = allowed;
@@ -269,11 +253,11 @@ final class CipherSuite implements Comparable<CipherSuite> {
      * TLS 1.2+ that doesn't use the "default" PRF.
      */
     private static void add(String name, int id, int priority,
-            KeyExchange keyExchange, BulkCipher cipher,
+            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
             boolean allowed, int obsoleted, int supported, PRF prf) {
 
         CipherSuite c = new CipherSuite(name, id, priority, keyExchange,
-            cipher, allowed, obsoleted, supported, prf);
+            cipher, mac, allowed, obsoleted, supported, prf);
         if (idMap.put(id, c) != null) {
             throw new RuntimeException("Duplicate ciphersuite definition: "
                                         + id + ", " + name);
@@ -294,16 +278,13 @@ final class CipherSuite implements Comparable<CipherSuite> {
      *     All cipher suites in this document use P_SHA256.
      */
     private static void add(String name, int id, int priority,
-            KeyExchange keyExchange, BulkCipher cipher,
+            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
             boolean allowed, int obsoleted) {
         // If this is an obsoleted suite, then don't let the TLS 1.2
         // protocol have a valid PRF value.
-        PRF prf = P_SHA256;
-        if (obsoleted < ProtocolVersion.TLS12.v) {
-            prf = P_NONE;
-        }
+        PRF prf = obsoleted < ProtocolVersion.TLS12.v ? P_NONE : P_SHA256;
 
-        add(name, id, priority, keyExchange, cipher, allowed, obsoleted,
+        add(name, id, priority, keyExchange, cipher, mac, allowed, obsoleted,
             ProtocolVersion.LIMIT_MIN_VALUE, prf);
     }
 
@@ -312,9 +293,10 @@ final class CipherSuite implements Comparable<CipherSuite> {
      * suites which have not been obsoleted.
      */
     private static void add(String name, int id, int priority,
-            KeyExchange keyExchange, BulkCipher cipher, boolean allowed) {
-        add(name, id, priority, keyExchange,
-            cipher, allowed, ProtocolVersion.LIMIT_MAX_VALUE);
+            KeyExchange keyExchange, BulkCipher cipher, MacAlg mac,
+            boolean allowed) {
+        add(name, id, priority, keyExchange, cipher, mac, allowed,
+                ProtocolVersion.LIMIT_MAX_VALUE);
     }
 
     /*
@@ -402,7 +384,23 @@ final class CipherSuite implements Comparable<CipherSuite> {
      * Also contains a factory method to obtain in initialized CipherBox
      * for this algorithm.
      */
-    final static class BulkCipher {
+    static enum BulkCipher {
+
+        // export strength ciphers
+        B_NULL("NULL", STREAM_CIPHER, 0, 0, 0, 0, true),
+        B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true),
+        B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false),
+        B_DES_40(CIPHER_DES,  BLOCK_CIPHER, 5, 8, 8, 0, true),
+
+        // domestic strength ciphers
+        B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 0, 0, true),
+        B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 0, true),
+        B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 8, 0, true),
+        B_IDEA("IDEA", BLOCK_CIPHER, 16, 8, 0, false),
+        B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 0, true),
+        B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 16, 0, true),
+        B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 12, 4, true),
+        B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 12, 4, true);
 
         // Map BulkCipher -> Boolean(available)
         private final static Map<BulkCipher,Boolean> availableCache =
@@ -600,7 +598,13 @@ final class CipherSuite implements Comparable<CipherSuite> {
      * Also contains a factory method to obtain an initialized MAC
      * for this algorithm.
      */
-    final static class MacAlg {
+    static enum MacAlg {
+        // MACs
+        M_NULL      ("NULL",     0,   0,   0),
+        M_MD5       ("MD5",     16,  64,   9),
+        M_SHA       ("SHA",     20,  64,   9),
+        M_SHA256    ("SHA256",  32,  64,   9),
+        M_SHA384    ("SHA384",  48, 128,  17);
 
         // descriptive name, e.g. MD5
         final String name;
@@ -639,41 +643,6 @@ final class CipherSuite implements Comparable<CipherSuite> {
         }
     }
 
-    // export strength ciphers
-    final static BulkCipher B_NULL    =
-        new BulkCipher("NULL",          STREAM_CIPHER,    0,  0,  0, 0, true);
-    final static BulkCipher B_RC4_40  =
-        new BulkCipher(CIPHER_RC4,      STREAM_CIPHER,    5, 16,  0, 0, true);
-    final static BulkCipher B_RC2_40  =
-        new BulkCipher("RC2",           BLOCK_CIPHER,     5, 16,  8, 0, false);
-    final static BulkCipher B_DES_40  =
-        new BulkCipher(CIPHER_DES,      BLOCK_CIPHER,     5,  8,  8, 0, true);
-
-    // domestic strength ciphers
-    final static BulkCipher B_RC4_128 =
-        new BulkCipher(CIPHER_RC4,      STREAM_CIPHER,   16,  0,  0, true);
-    final static BulkCipher B_DES     =
-        new BulkCipher(CIPHER_DES,      BLOCK_CIPHER,     8,  8,  0, true);
-    final static BulkCipher B_3DES    =
-        new BulkCipher(CIPHER_3DES,     BLOCK_CIPHER,    24,  8,  0, true);
-    final static BulkCipher B_IDEA    =
-        new BulkCipher("IDEA",          BLOCK_CIPHER,    16,  8,  0, false);
-    final static BulkCipher B_AES_128 =
-        new BulkCipher(CIPHER_AES,      BLOCK_CIPHER,    16, 16,  0, true);
-    final static BulkCipher B_AES_256 =
-        new BulkCipher(CIPHER_AES,      BLOCK_CIPHER,    32, 16,  0, true);
-    final static BulkCipher B_AES_128_GCM =
-        new BulkCipher(CIPHER_AES_GCM,  AEAD_CIPHER,     16, 12,  4, true);
-    final static BulkCipher B_AES_256_GCM =
-        new BulkCipher(CIPHER_AES_GCM,  AEAD_CIPHER,     32, 12,  4, true);
-
-    // MACs
-    final static MacAlg M_NULL    = new MacAlg("NULL",     0,   0,   0);
-    final static MacAlg M_MD5     = new MacAlg("MD5",     16,  64,   9);
-    final static MacAlg M_SHA     = new MacAlg("SHA",     20,  64,   9);
-    final static MacAlg M_SHA256  = new MacAlg("SHA256",  32,  64,   9);
-    final static MacAlg M_SHA384  = new MacAlg("SHA384",  48, 128,  17);
-
     /**
      * PRFs (PseudoRandom Function) from TLS specifications.
      *
@@ -958,8 +927,8 @@ final class CipherSuite implements Comparable<CipherSuite> {
          * 0xFF,0x00-FF Reserved for Private Use                [RFC5246]
          */
 
-        add("SSL_NULL_WITH_NULL_NULL",
-                              0x0000,   1, K_NULL,       B_NULL,    F);
+        add("SSL_NULL_WITH_NULL_NULL", 0x0000,
+                1,      K_NULL,     B_NULL,     M_NULL,     F);
 
         /*
          * Definition of the CipherSuites that are enabled by default.
@@ -992,134 +961,134 @@ final class CipherSuite implements Comparable<CipherSuite> {
         // of RFC 6460.  In this section, only two cipher suites are listed
         // so that applications can make use of Suite-B compliant cipher
         // suite firstly.
-        add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-            0xc02c, --p, K_ECDHE_ECDSA, B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-            0xc02b, --p, K_ECDHE_ECDSA, B_AES_128_GCM, T, max, tls12, P_SHA256);
+        add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",  0xc02c, --p,
+            K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",  0xc02b, --p,
+            K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
 
         // AES_256(GCM)
-        add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-            0xc030, --p, K_ECDHE_RSA,   B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_RSA_WITH_AES_256_GCM_SHA384",
-            0x009d, --p, K_RSA,         B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
-            0xc02e, --p, K_ECDH_ECDSA,  B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
-            0xc032, --p, K_ECDH_RSA,    B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-            0x009f, --p, K_DHE_RSA,     B_AES_256_GCM, T, max, tls12, P_SHA384);
-        add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
-            0x00a3, --p, K_DHE_DSS,     B_AES_256_GCM, T, max, tls12, P_SHA384);
+        add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",    0xc030, --p,
+            K_ECDHE_RSA,   B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_RSA_WITH_AES_256_GCM_SHA384",          0x009d, --p,
+            K_RSA,         B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",   0xc02e, --p,
+            K_ECDH_ECDSA,  B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",     0xc032, --p,
+            K_ECDH_RSA,    B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",      0x009f, --p,
+            K_DHE_RSA,     B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
+        add("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",      0x00a3, --p,
+            K_DHE_DSS,     B_AES_256_GCM, M_NULL,   T, max, tls12, P_SHA384);
 
         // AES_128(GCM)
-        add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            0xc02f, --p, K_ECDHE_RSA,   B_AES_128_GCM, T, max, tls12, P_SHA256);
-        add("TLS_RSA_WITH_AES_128_GCM_SHA256",
-            0x009c, --p, K_RSA,         B_AES_128_GCM, T, max, tls12, P_SHA256);
-        add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
-            0xc02d, --p, K_ECDH_ECDSA,  B_AES_128_GCM, T, max, tls12, P_SHA256);
-        add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
-            0xc031, --p, K_ECDH_RSA,    B_AES_128_GCM, T, max, tls12, P_SHA256);
-        add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-            0x009e, --p, K_DHE_RSA,     B_AES_128_GCM, T, max, tls12, P_SHA256);
-        add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
-            0x00a2, --p, K_DHE_DSS,     B_AES_128_GCM, T, max, tls12, P_SHA256);
+        add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",    0xc02f, --p,
+            K_ECDHE_RSA,   B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
+        add("TLS_RSA_WITH_AES_128_GCM_SHA256",          0x009c, --p,
+            K_RSA,         B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
+        add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",   0xc02d, --p,
+            K_ECDH_ECDSA,  B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
+        add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",     0xc031, --p,
+            K_ECDH_RSA,    B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
+        add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",      0x009e, --p,
+            K_DHE_RSA,     B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
+        add("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",      0x00a2, --p,
+            K_DHE_DSS,     B_AES_128_GCM, M_NULL,   T, max, tls12, P_SHA256);
 
         // AES_256(CBC)
-        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-            0xc024, --p, K_ECDHE_ECDSA, B_AES_256, T, max, tls12, P_SHA384);
-        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-            0xc028, --p, K_ECDHE_RSA,   B_AES_256, T, max, tls12, P_SHA384);
-        add("TLS_RSA_WITH_AES_256_CBC_SHA256",
-            0x003d, --p, K_RSA,         B_AES_256, T, max, tls12, P_SHA256);
-        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
-            0xc026, --p, K_ECDH_ECDSA,  B_AES_256, T, max, tls12, P_SHA384);
-        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
-            0xc02a, --p, K_ECDH_RSA,    B_AES_256, T, max, tls12, P_SHA384);
-        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
-            0x006b, --p, K_DHE_RSA,     B_AES_256, T, max, tls12, P_SHA256);
-        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
-            0x006a, --p, K_DHE_DSS,     B_AES_256, T, max, tls12, P_SHA256);
+        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",  0xc024, --p,
+            K_ECDHE_ECDSA, B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
+        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",    0xc028, --p,
+            K_ECDHE_RSA,   B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
+        add("TLS_RSA_WITH_AES_256_CBC_SHA256",          0x003d, --p,
+            K_RSA,         B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",   0xc026, --p,
+            K_ECDH_ECDSA,  B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
+        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",     0xc02a, --p,
+            K_ECDH_RSA,    B_AES_256,     M_SHA384, T, max, tls12, P_SHA384);
+        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",      0x006b, --p,
+            K_DHE_RSA,     B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",      0x006a, --p,
+            K_DHE_DSS,     B_AES_256,     M_SHA256, T, max, tls12, P_SHA256);
 
-        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-            0xC00A, --p, K_ECDHE_ECDSA, B_AES_256, T);
-        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-            0xC014, --p, K_ECDHE_RSA,   B_AES_256, T);
-        add("TLS_RSA_WITH_AES_256_CBC_SHA",
-            0x0035, --p, K_RSA,         B_AES_256, T);
-        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-            0xC005, --p, K_ECDH_ECDSA,  B_AES_256, T);
-        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-            0xC00F, --p, K_ECDH_RSA,    B_AES_256, T);
-        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-            0x0039, --p, K_DHE_RSA,     B_AES_256, T);
-        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
-            0x0038, --p, K_DHE_DSS,     B_AES_256, T);
+        add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",     0xC00A, --p,
+            K_ECDHE_ECDSA, B_AES_256,     M_SHA,    T);
+        add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",       0xC014, --p,
+            K_ECDHE_RSA,   B_AES_256,     M_SHA,    T);
+        add("TLS_RSA_WITH_AES_256_CBC_SHA",             0x0035, --p,
+            K_RSA,         B_AES_256,     M_SHA,    T);
+        add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",      0xC005, --p,
+            K_ECDH_ECDSA,  B_AES_256,     M_SHA,    T);
+        add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",        0xC00F, --p,
+            K_ECDH_RSA,    B_AES_256,     M_SHA,    T);
+        add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",         0x0039, --p,
+            K_DHE_RSA,     B_AES_256,     M_SHA,    T);
+        add("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",         0x0038, --p,
+            K_DHE_DSS,     B_AES_256,     M_SHA,    T);
 
         // AES_128(CBC)
-        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-            0xc023, --p, K_ECDHE_ECDSA, B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-            0xc027, --p, K_ECDHE_RSA,   B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_RSA_WITH_AES_128_CBC_SHA256",
-            0x003c, --p, K_RSA,         B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
-            0xc025, --p, K_ECDH_ECDSA,  B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
-            0xc029, --p, K_ECDH_RSA,    B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
-            0x0067, --p, K_DHE_RSA,     B_AES_128, T, max, tls12, P_SHA256);
-        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
-            0x0040, --p, K_DHE_DSS,     B_AES_128, T, max, tls12, P_SHA256);
+        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",  0xc023, --p,
+            K_ECDHE_ECDSA, B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",    0xc027, --p,
+            K_ECDHE_RSA,   B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_RSA_WITH_AES_128_CBC_SHA256",          0x003c, --p,
+            K_RSA,         B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",   0xc025, --p,
+            K_ECDH_ECDSA,  B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",     0xc029, --p,
+            K_ECDH_RSA,    B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",      0x0067, --p,
+            K_DHE_RSA,     B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
+        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",      0x0040, --p,
+            K_DHE_DSS,     B_AES_128,     M_SHA256, T, max, tls12, P_SHA256);
 
-        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-            0xC009, --p, K_ECDHE_ECDSA, B_AES_128, T);
-        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-            0xC013, --p, K_ECDHE_RSA,   B_AES_128, T);
-        add("TLS_RSA_WITH_AES_128_CBC_SHA",
-            0x002f, --p, K_RSA,         B_AES_128, T);
-        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-            0xC004, --p, K_ECDH_ECDSA,  B_AES_128, T);
-        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-            0xC00E, --p, K_ECDH_RSA,    B_AES_128, T);
-        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-            0x0033, --p, K_DHE_RSA,     B_AES_128, T);
-        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-            0x0032, --p, K_DHE_DSS,     B_AES_128, T);
+        add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",     0xC009, --p,
+            K_ECDHE_ECDSA, B_AES_128,     M_SHA,    T);
+        add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",       0xC013, --p,
+            K_ECDHE_RSA,   B_AES_128,     M_SHA,    T);
+        add("TLS_RSA_WITH_AES_128_CBC_SHA",             0x002f, --p,
+            K_RSA,         B_AES_128,     M_SHA,    T);
+        add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",      0xC004, --p,
+            K_ECDH_ECDSA,  B_AES_128,     M_SHA,    T);
+        add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",        0xC00E, --p,
+            K_ECDH_RSA,    B_AES_128,     M_SHA,    T);
+        add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",         0x0033, --p,
+            K_DHE_RSA,     B_AES_128,     M_SHA,    T);
+        add("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",         0x0032, --p,
+            K_DHE_DSS,     B_AES_128,     M_SHA,    T);
 
         // 3DES_EDE
-        add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
-            0xC008, --p, K_ECDHE_ECDSA, B_3DES,    T);
-        add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
-            0xC012, --p, K_ECDHE_RSA,   B_3DES,    T);
-        add("SSL_RSA_WITH_3DES_EDE_CBC_SHA",
-            0x000a, --p, K_RSA,         B_3DES,    T);
-        add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
-            0xC003, --p, K_ECDH_ECDSA,  B_3DES,    T);
-        add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
-            0xC00D, --p, K_ECDH_RSA,    B_3DES,    T);
-        add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-            0x0016, --p, K_DHE_RSA,     B_3DES,    T);
-        add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
-            0x0013, --p, K_DHE_DSS,     B_3DES,    N);
+        add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",    0xC008, --p,
+            K_ECDHE_ECDSA, B_3DES,        M_SHA,    T);
+        add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",      0xC012, --p,
+            K_ECDHE_RSA,   B_3DES,        M_SHA,    T);
+        add("SSL_RSA_WITH_3DES_EDE_CBC_SHA",            0x000a, --p,
+            K_RSA,         B_3DES,        M_SHA,    T);
+        add("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",     0xC003, --p,
+            K_ECDH_ECDSA,  B_3DES,        M_SHA,    T);
+        add("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",       0xC00D, --p,
+            K_ECDH_RSA,    B_3DES,        M_SHA,    T);
+        add("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",        0x0016, --p,
+            K_DHE_RSA,     B_3DES,        M_SHA,    T);
+        add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",        0x0013, --p,
+            K_DHE_DSS,     B_3DES,        M_SHA,    N);
 
         // RC-4
-        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-            0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
-        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-            0xC011, --p, K_ECDHE_RSA,   B_RC4_128, N);
-        add("SSL_RSA_WITH_RC4_128_SHA",
-            0x0005, --p, K_RSA,         B_RC4_128, N);
-        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-            0xC002, --p, K_ECDH_ECDSA,  B_RC4_128, N);
-        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
-            0xC00C, --p, K_ECDH_RSA,    B_RC4_128, N);
-        add("SSL_RSA_WITH_RC4_128_MD5",
-            0x0004, --p, K_RSA,         B_RC4_128, N);
+        add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",         0xC007, --p,
+            K_ECDHE_ECDSA, B_RC4_128,     M_SHA,    N);
+        add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",           0xC011, --p,
+            K_ECDHE_RSA,   B_RC4_128,     M_SHA,    N);
+        add("SSL_RSA_WITH_RC4_128_SHA",                 0x0005, --p,
+            K_RSA,         B_RC4_128,     M_SHA,    N);
+        add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",          0xC002, --p,
+            K_ECDH_ECDSA,  B_RC4_128,     M_SHA,    N);
+        add("TLS_ECDH_RSA_WITH_RC4_128_SHA",            0xC00C, --p,
+            K_ECDH_RSA,    B_RC4_128,     M_SHA,    N);
+        add("SSL_RSA_WITH_RC4_128_MD5",                 0x0004, --p,
+            K_RSA,         B_RC4_128,     M_MD5,    N);
 
         // Renegotiation protection request Signalling Cipher Suite Value (SCSV)
-        add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
-            0x00ff, --p, K_SCSV,        B_NULL,    T);
+        add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",        0x00ff, --p,
+            K_SCSV,        B_NULL,        M_NULL,   T);
 
         /*
          * Definition of the CipherSuites that are supported but not enabled
@@ -1142,98 +1111,98 @@ final class CipherSuite implements Comparable<CipherSuite> {
          */
         p = DEFAULT_SUITES_PRIORITY;
 
-        add("TLS_DH_anon_WITH_AES_256_GCM_SHA384",
-            0x00a7, --p, K_DH_ANON,     B_AES_256_GCM, N, max, tls12, P_SHA384);
-        add("TLS_DH_anon_WITH_AES_128_GCM_SHA256",
-            0x00a6, --p, K_DH_ANON,     B_AES_128_GCM, N, max, tls12, P_SHA256);
+        add("TLS_DH_anon_WITH_AES_256_GCM_SHA384",      0x00a7, --p,
+            K_DH_ANON,     B_AES_256_GCM, M_NULL,   N, max, tls12, P_SHA384);
+        add("TLS_DH_anon_WITH_AES_128_GCM_SHA256",      0x00a6, --p,
+            K_DH_ANON,     B_AES_128_GCM, M_NULL,   N, max, tls12, P_SHA256);
 
-        add("TLS_DH_anon_WITH_AES_256_CBC_SHA256",
-            0x006d, --p, K_DH_ANON,     B_AES_256, N, max, tls12, P_SHA256);
-        add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
-            0xC019, --p, K_ECDH_ANON,   B_AES_256, N);
-        add("TLS_DH_anon_WITH_AES_256_CBC_SHA",
-            0x003a, --p, K_DH_ANON,     B_AES_256, N);
+        add("TLS_DH_anon_WITH_AES_256_CBC_SHA256",      0x006d, --p,
+            K_DH_ANON,     B_AES_256,     M_SHA256, N, max, tls12, P_SHA256);
+        add("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",       0xC019, --p,
+            K_ECDH_ANON,   B_AES_256,     M_SHA,    N);
+        add("TLS_DH_anon_WITH_AES_256_CBC_SHA",         0x003a, --p,
+            K_DH_ANON,     B_AES_256,     M_SHA,    N);
 
-        add("TLS_DH_anon_WITH_AES_128_CBC_SHA256",
-            0x006c, --p, K_DH_ANON,     B_AES_128, N, max, tls12, P_SHA256);
-        add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
-            0xC018, --p, K_ECDH_ANON,   B_AES_128, N);
-        add("TLS_DH_anon_WITH_AES_128_CBC_SHA",
-            0x0034, --p, K_DH_ANON,     B_AES_128, N);
+        add("TLS_DH_anon_WITH_AES_128_CBC_SHA256",      0x006c, --p,
+            K_DH_ANON,     B_AES_128,     M_SHA256, N, max, tls12, P_SHA256);
+        add("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",       0xC018, --p,
+            K_ECDH_ANON,   B_AES_128,     M_SHA,    N);
+        add("TLS_DH_anon_WITH_AES_128_CBC_SHA",         0x0034, --p,
+            K_DH_ANON,     B_AES_128,     M_SHA,    N);
 
-        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
-            0xC017, --p, K_ECDH_ANON,   B_3DES,    N);
-        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
-            0x001b, --p, K_DH_ANON,     B_3DES,    N);
+        add("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",      0xC017, --p,
+            K_ECDH_ANON,   B_3DES,        M_SHA,    N);
+        add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",        0x001b, --p,
+            K_DH_ANON,     B_3DES,        M_SHA,    N);
 
-        add("TLS_ECDH_anon_WITH_RC4_128_SHA",
-            0xC016, --p, K_ECDH_ANON,   B_RC4_128, N);
-        add("SSL_DH_anon_WITH_RC4_128_MD5",
-            0x0018, --p, K_DH_ANON,     B_RC4_128, N);
+        add("TLS_ECDH_anon_WITH_RC4_128_SHA",           0xC016, --p,
+            K_ECDH_ANON,   B_RC4_128,     M_SHA,    N);
+        add("SSL_DH_anon_WITH_RC4_128_MD5",             0x0018, --p,
+            K_DH_ANON,     B_RC4_128,     M_MD5,    N);
 
         // weak cipher suites obsoleted in TLS 1.2
-        add("SSL_RSA_WITH_DES_CBC_SHA",
-            0x0009, --p, K_RSA,         B_DES,     N, tls12);
-        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",
-            0x0015, --p, K_DHE_RSA,     B_DES,     N, tls12);
-        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",
-            0x0012, --p, K_DHE_DSS,     B_DES,     N, tls12);
-        add("SSL_DH_anon_WITH_DES_CBC_SHA",
-            0x001a, --p, K_DH_ANON,     B_DES,     N, tls12);
+        add("SSL_RSA_WITH_DES_CBC_SHA",                 0x0009, --p,
+            K_RSA,         B_DES,         M_SHA,    N, tls12);
+        add("SSL_DHE_RSA_WITH_DES_CBC_SHA",             0x0015, --p,
+            K_DHE_RSA,     B_DES,         M_SHA,    N, tls12);
+        add("SSL_DHE_DSS_WITH_DES_CBC_SHA",             0x0012, --p,
+            K_DHE_DSS,     B_DES,         M_SHA,    N, tls12);
+        add("SSL_DH_anon_WITH_DES_CBC_SHA",             0x001a, --p,
+            K_DH_ANON,     B_DES,         M_SHA,    N, tls12);
 
         // weak cipher suites obsoleted in TLS 1.1
-        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0008, --p, K_RSA_EXPORT,  B_DES_40,  N, tls11);
-        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-            0x0014, --p, K_DHE_RSA,     B_DES_40,  N, tls11);
-        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-            0x0011, --p, K_DHE_DSS,     B_DES_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
-            0x0019, --p, K_DH_ANON,     B_DES_40,  N, tls11);
+        add("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",        0x0008, --p,
+            K_RSA_EXPORT,  B_DES_40,      M_SHA,    N, tls11);
+        add("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",    0x0014, --p,
+            K_DHE_RSA,     B_DES_40,      M_SHA,    N, tls11);
+        add("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",    0x0011, --p,
+            K_DHE_DSS,     B_DES_40,      M_SHA,    N, tls11);
+        add("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",    0x0019, --p,
+            K_DH_ANON,     B_DES_40,      M_SHA,    N, tls11);
 
-        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",
-            0x0003, --p, K_RSA_EXPORT,  B_RC4_40,  N, tls11);
-        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
-            0x0017, --p, K_DH_ANON,     B_RC4_40,  N, tls11);
+        add("SSL_RSA_EXPORT_WITH_RC4_40_MD5",           0x0003, --p,
+            K_RSA_EXPORT,  B_RC4_40,      M_MD5,    N, tls11);
+        add("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",       0x0017, --p,
+            K_DH_ANON,     B_RC4_40,      M_MD5,    N, tls11);
 
-        add("TLS_RSA_WITH_NULL_SHA256",
-            0x003b, --p, K_RSA,         B_NULL,    N, max, tls12, P_SHA256);
-        add("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
-            0xC006, --p, K_ECDHE_ECDSA, B_NULL,    N);
-        add("TLS_ECDHE_RSA_WITH_NULL_SHA",
-            0xC010, --p, K_ECDHE_RSA,   B_NULL,    N);
-        add("SSL_RSA_WITH_NULL_SHA",
-            0x0002, --p, K_RSA,         B_NULL,    N);
-        add("TLS_ECDH_ECDSA_WITH_NULL_SHA",
-            0xC001, --p, K_ECDH_ECDSA,  B_NULL,    N);
-        add("TLS_ECDH_RSA_WITH_NULL_SHA",
-            0xC00B, --p, K_ECDH_RSA,    B_NULL,    N);
-        add("TLS_ECDH_anon_WITH_NULL_SHA",
-            0xC015, --p, K_ECDH_ANON,   B_NULL,    N);
-        add("SSL_RSA_WITH_NULL_MD5",
-            0x0001, --p, K_RSA,         B_NULL,    N);
+        add("TLS_RSA_WITH_NULL_SHA256",                 0x003b, --p,
+            K_RSA,         B_NULL,        M_SHA256, N, max, tls12, P_SHA256);
+        add("TLS_ECDHE_ECDSA_WITH_NULL_SHA",            0xC006, --p,
+            K_ECDHE_ECDSA, B_NULL,        M_SHA,    N);
+        add("TLS_ECDHE_RSA_WITH_NULL_SHA",              0xC010, --p,
+            K_ECDHE_RSA,   B_NULL,        M_SHA,    N);
+        add("SSL_RSA_WITH_NULL_SHA",                    0x0002, --p,
+            K_RSA,         B_NULL,        M_SHA,    N);
+        add("TLS_ECDH_ECDSA_WITH_NULL_SHA",             0xC001, --p,
+            K_ECDH_ECDSA,  B_NULL,        M_SHA,    N);
+        add("TLS_ECDH_RSA_WITH_NULL_SHA",               0xC00B, --p,
+            K_ECDH_RSA,    B_NULL,        M_SHA,    N);
+        add("TLS_ECDH_anon_WITH_NULL_SHA",              0xC015, --p,
+            K_ECDH_ANON,   B_NULL,        M_SHA,    N);
+        add("SSL_RSA_WITH_NULL_MD5",                    0x0001, --p,
+            K_RSA,         B_NULL,        M_MD5,    N);
 
         // Supported Kerberos ciphersuites from RFC2712
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
-            0x001f, --p, K_KRB5,        B_3DES,    N);
-        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
-            0x0023, --p, K_KRB5,        B_3DES,    N);
-        add("TLS_KRB5_WITH_RC4_128_SHA",
-            0x0020, --p, K_KRB5,        B_RC4_128, N);
-        add("TLS_KRB5_WITH_RC4_128_MD5",
-            0x0024, --p, K_KRB5,        B_RC4_128, N);
-        add("TLS_KRB5_WITH_DES_CBC_SHA",
-            0x001e, --p, K_KRB5,        B_DES,     N, tls12);
-        add("TLS_KRB5_WITH_DES_CBC_MD5",
-            0x0022, --p, K_KRB5,        B_DES,     N, tls12);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
-            0x0026, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
-            0x0029, --p, K_KRB5_EXPORT, B_DES_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
-            0x0028, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
-        add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
-            0x002b, --p, K_KRB5_EXPORT, B_RC4_40,  N, tls11);
+        add("TLS_KRB5_WITH_3DES_EDE_CBC_SHA",           0x001f, --p,
+            K_KRB5,        B_3DES,        M_SHA,    N);
+        add("TLS_KRB5_WITH_3DES_EDE_CBC_MD5",           0x0023, --p,
+            K_KRB5,        B_3DES,        M_MD5,    N);
+        add("TLS_KRB5_WITH_RC4_128_SHA",                0x0020, --p,
+            K_KRB5,        B_RC4_128,     M_SHA,    N);
+        add("TLS_KRB5_WITH_RC4_128_MD5",                0x0024, --p,
+            K_KRB5,        B_RC4_128,     M_MD5,    N);
+        add("TLS_KRB5_WITH_DES_CBC_SHA",                0x001e, --p,
+            K_KRB5,        B_DES,         M_SHA,    N, tls12);
+        add("TLS_KRB5_WITH_DES_CBC_MD5",                0x0022, --p,
+            K_KRB5,        B_DES,         M_MD5,    N, tls12);
+        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",      0x0026, --p,
+            K_KRB5_EXPORT, B_DES_40,      M_SHA,    N, tls11);
+        add("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",      0x0029, --p,
+            K_KRB5_EXPORT, B_DES_40,      M_MD5,    N, tls11);
+        add("TLS_KRB5_EXPORT_WITH_RC4_40_SHA",          0x0028, --p,
+            K_KRB5_EXPORT, B_RC4_40,      M_SHA,    N, tls11);
+        add("TLS_KRB5_EXPORT_WITH_RC4_40_MD5",          0x002b, --p,
+            K_KRB5_EXPORT, B_RC4_40,      M_MD5,    N, tls11);
 
         /*
          * Other values from the TLS Cipher Suite Registry, as of August 2010.
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java b/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java
index dc03a3a2bb0..f1d9b9e635b 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/MAC.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@ import javax.crypto.SecretKey;
 
 import sun.security.ssl.CipherSuite.MacAlg;
 import static sun.security.ssl.CipherSuite.*;
+import static sun.security.ssl.CipherSuite.MacAlg.*;
 
 /**
  * This class computes the "Message Authentication Code" (MAC) for each
diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java b/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
index 14d76d8a8f5..80cc7a5fae6 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -382,18 +382,18 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
         protected Set<String> decomposes(MacAlg macAlg) {
             Set<String> components = new HashSet<>();
 
-            if (macAlg == CipherSuite.M_MD5) {
+            if (macAlg == CipherSuite.MacAlg.M_MD5) {
                 components.add("MD5");
                 components.add("HmacMD5");
-            } else if (macAlg == CipherSuite.M_SHA) {
+            } else if (macAlg == CipherSuite.MacAlg.M_SHA) {
                 components.add("SHA1");
                 components.add("SHA-1");
                 components.add("HmacSHA1");
-            } else if (macAlg == CipherSuite.M_SHA256) {
+            } else if (macAlg == CipherSuite.MacAlg.M_SHA256) {
                 components.add("SHA256");
                 components.add("SHA-256");
                 components.add("HmacSHA256");
-            } else if (macAlg == CipherSuite.M_SHA384) {
+            } else if (macAlg == CipherSuite.MacAlg.M_SHA384) {
                 components.add("SHA384");
                 components.add("SHA-384");
                 components.add("HmacSHA384");

From cb566c6ce55ddeacbf7e3284113a8717a576c1da Mon Sep 17 00:00:00 2001
From: Aggelos Biboudis <biboudis@gmail.com>
Date: Mon, 16 Mar 2015 10:19:49 +0100
Subject: [PATCH 24/35] 8067969: Optimize Stream.count for SIZED Streams

Reviewed-by: psandoz, chegar
---
 .../java/util/stream/DoublePipeline.java      |   4 +-
 .../java/util/stream/DoubleStream.java        |  18 ++
 .../classes/java/util/stream/IntPipeline.java |   4 +-
 .../classes/java/util/stream/IntStream.java   |  18 ++
 .../java/util/stream/LongPipeline.java        |   4 +-
 .../classes/java/util/stream/LongStream.java  |  18 ++
 .../classes/java/util/stream/ReduceOps.java   | 189 +++++++++++++++++-
 .../java/util/stream/ReferencePipeline.java   |   5 +-
 .../classes/java/util/stream/Stream.java      |  19 ++
 .../java/util/stream/CountLargeTest.java      |  68 +++++--
 .../tests/java/util/stream/CountTest.java     |  52 ++++-
 11 files changed, 368 insertions(+), 31 deletions(-)

diff --git a/jdk/src/java.base/share/classes/java/util/stream/DoublePipeline.java b/jdk/src/java.base/share/classes/java/util/stream/DoublePipeline.java
index 3e9cddbd324..eb1d97195e5 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/DoublePipeline.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/DoublePipeline.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -447,7 +447,7 @@ abstract class DoublePipeline<E_IN>
 
     @Override
     public final long count() {
-        return mapToLong(e -> 1L).sum();
+        return evaluate(ReduceOps.makeDoubleCounting());
     }
 
     @Override
diff --git a/jdk/src/java.base/share/classes/java/util/stream/DoubleStream.java b/jdk/src/java.base/share/classes/java/util/stream/DoubleStream.java
index be6cc98aa60..8f272bf4b1d 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/DoubleStream.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/DoubleStream.java
@@ -581,6 +581,24 @@ public interface DoubleStream extends BaseStream<Double, DoubleStream> {
      *
      * <p>This is a <a href="package-summary.html#StreamOps">terminal operation</a>.
      *
+     * @apiNote
+     * An implementation may choose to not execute the stream pipeline (either
+     * sequentially or in parallel) if it is capable of computing the count
+     * directly from the stream source.  In such cases no source elements will
+     * be traversed and no intermediate operations will be evaluated.
+     * Behavioral parameters with side-effects, which are strongly discouraged
+     * except for harmless cases such as debugging, may be affected.  For
+     * example, consider the following stream:
+     * <pre>{@code
+     *     DoubleStream s = DoubleStream.of(1, 2, 3, 4);
+     *     long count = s.peek(System.out::println).count();
+     * }</pre>
+     * The number of elements covered by the stream source is known and the
+     * intermediate operation, {@code peek}, does not inject into or remove
+     * elements from the stream (as may be the case for {@code flatMap} or
+     * {@code filter} operations).  Thus the count is 4 and there is no need to
+     * execute the pipeline and, as a side-effect, print out the elements.
+     *
      * @return the count of elements in this stream
      */
     long count();
diff --git a/jdk/src/java.base/share/classes/java/util/stream/IntPipeline.java b/jdk/src/java.base/share/classes/java/util/stream/IntPipeline.java
index 313045f96c7..9c0162f1ce3 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/IntPipeline.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/IntPipeline.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -427,7 +427,7 @@ abstract class IntPipeline<E_IN>
 
     @Override
     public final long count() {
-        return mapToLong(e -> 1L).sum();
+        return evaluate(ReduceOps.makeIntCounting());
     }
 
     @Override
diff --git a/jdk/src/java.base/share/classes/java/util/stream/IntStream.java b/jdk/src/java.base/share/classes/java/util/stream/IntStream.java
index b68084b5d40..4bb1ab5b97e 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/IntStream.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/IntStream.java
@@ -504,6 +504,24 @@ public interface IntStream extends BaseStream<Integer, IntStream> {
      *
      * <p>This is a <a href="package-summary.html#StreamOps">terminal operation</a>.
      *
+     * @apiNote
+     * An implementation may choose to not execute the stream pipeline (either
+     * sequentially or in parallel) if it is capable of computing the count
+     * directly from the stream source.  In such cases no source elements will
+     * be traversed and no intermediate operations will be evaluated.
+     * Behavioral parameters with side-effects, which are strongly discouraged
+     * except for harmless cases such as debugging, may be affected.  For
+     * example, consider the following stream:
+     * <pre>{@code
+     *     IntStream s = IntStream.of(1, 2, 3, 4);
+     *     long count = s.peek(System.out::println).count();
+     * }</pre>
+     * The number of elements covered by the stream source is known and the
+     * intermediate operation, {@code peek}, does not inject into or remove
+     * elements from the stream (as may be the case for {@code flatMap} or
+     * {@code filter} operations).  Thus the count is 4 and there is no need to
+     * execute the pipeline and, as a side-effect, print out the elements.
+     *
      * @return the count of elements in this stream
      */
     long count();
diff --git a/jdk/src/java.base/share/classes/java/util/stream/LongPipeline.java b/jdk/src/java.base/share/classes/java/util/stream/LongPipeline.java
index fab01a21118..7a84ff997e7 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/LongPipeline.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/LongPipeline.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -425,7 +425,7 @@ abstract class LongPipeline<E_IN>
 
     @Override
     public final long count() {
-        return map(e -> 1L).sum();
+        return evaluate(ReduceOps.makeLongCounting());
     }
 
     @Override
diff --git a/jdk/src/java.base/share/classes/java/util/stream/LongStream.java b/jdk/src/java.base/share/classes/java/util/stream/LongStream.java
index 14d6d0b5eb9..4f9c72bef42 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/LongStream.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/LongStream.java
@@ -509,6 +509,24 @@ public interface LongStream extends BaseStream<Long, LongStream> {
      *
      * <p>This is a <a href="package-summary.html#StreamOps">terminal operation</a>.
      *
+     * @apiNote
+     * An implementation may choose to not execute the stream pipeline (either
+     * sequentially or in parallel) if it is capable of computing the count
+     * directly from the stream source.  In such cases no source elements will
+     * be traversed and no intermediate operations will be evaluated.
+     * Behavioral parameters with side-effects, which are strongly discouraged
+     * except for harmless cases such as debugging, may be affected.  For
+     * example, consider the following stream:
+     * <pre>{@code
+     *     LongStream s = LongStream.of(1, 2, 3, 4);
+     *     long count = s.peek(System.out::println).count();
+     * }</pre>
+     * The number of elements covered by the stream source is known and the
+     * intermediate operation, {@code peek}, does not inject into or remove
+     * elements from the stream (as may be the case for {@code flatMap} or
+     * {@code filter} operations).  Thus the count is 4 and there is no need to
+     * execute the pipeline and, as a side-effect, print out the elements.
+     *
      * @return the count of elements in this stream
      */
     long count();
diff --git a/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java b/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
index 3a0f81a0f72..97433010ec3 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -233,6 +233,40 @@ final class ReduceOps {
         };
     }
 
+    /**
+     * Constructs a {@code TerminalOp} that counts the number of stream
+     * elements.  If the size of the pipeline is known then count is the size
+     * and there is no need to evaluate the pipeline.  If the size of the
+     * pipeline is non known then count is produced, via reduction, using a
+     * {@link CountingSink}.
+     *
+     * @param <T> the type of the input elements
+     * @return a {@code TerminalOp} implementing the counting
+     */
+    public static <T> TerminalOp<T, Long>
+    makeRefCounting() {
+        return new ReduceOp<T, Long, CountingSink<T>>(StreamShape.REFERENCE) {
+            @Override
+            public CountingSink<T> makeSink() { return new CountingSink.OfRef<>(); }
+
+            @Override
+            public <P_IN> Long evaluateSequential(PipelineHelper<T> helper,
+                                                  Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateSequential(helper, spliterator);
+            }
+
+            @Override
+            public <P_IN> Long evaluateParallel(PipelineHelper<T> helper,
+                                                Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateParallel(helper, spliterator);
+            }
+        };
+    }
+
     /**
      * Constructs a {@code TerminalOp} that implements a functional reduce on
      * {@code int} values.
@@ -369,6 +403,39 @@ final class ReduceOps {
         };
     }
 
+    /**
+     * Constructs a {@code TerminalOp} that counts the number of stream
+     * elements.  If the size of the pipeline is known then count is the size
+     * and there is no need to evaluate the pipeline.  If the size of the
+     * pipeline is non known then count is produced, via reduction, using a
+     * {@link CountingSink}.
+     *
+     * @return a {@code TerminalOp} implementing the counting
+     */
+    public static TerminalOp<Integer, Long>
+    makeIntCounting() {
+        return new ReduceOp<Integer, Long, CountingSink<Integer>>(StreamShape.REFERENCE) {
+            @Override
+            public CountingSink<Integer> makeSink() { return new CountingSink.OfInt(); }
+
+            @Override
+            public <P_IN> Long evaluateSequential(PipelineHelper<Integer> helper,
+                                                  Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateSequential(helper, spliterator);
+            }
+
+            @Override
+            public <P_IN> Long evaluateParallel(PipelineHelper<Integer> helper,
+                                                Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateParallel(helper, spliterator);
+            }
+        };
+    }
+
     /**
      * Constructs a {@code TerminalOp} that implements a functional reduce on
      * {@code long} values.
@@ -505,6 +572,39 @@ final class ReduceOps {
         };
     }
 
+    /**
+     * Constructs a {@code TerminalOp} that counts the number of stream
+     * elements.  If the size of the pipeline is known then count is the size
+     * and there is no need to evaluate the pipeline.  If the size of the
+     * pipeline is non known then count is produced, via reduction, using a
+     * {@link CountingSink}.
+     *
+     * @return a {@code TerminalOp} implementing the counting
+     */
+    public static TerminalOp<Long, Long>
+    makeLongCounting() {
+        return new ReduceOp<Long, Long, CountingSink<Long>>(StreamShape.REFERENCE) {
+            @Override
+            public CountingSink<Long> makeSink() { return new CountingSink.OfLong(); }
+
+            @Override
+            public <P_IN> Long evaluateSequential(PipelineHelper<Long> helper,
+                                                  Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateSequential(helper, spliterator);
+            }
+
+            @Override
+            public <P_IN> Long evaluateParallel(PipelineHelper<Long> helper,
+                                                Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateParallel(helper, spliterator);
+            }
+        };
+    }
+
     /**
      * Constructs a {@code TerminalOp} that implements a functional reduce on
      * {@code double} values.
@@ -641,6 +741,91 @@ final class ReduceOps {
         };
     }
 
+    /**
+     * Constructs a {@code TerminalOp} that counts the number of stream
+     * elements.  If the size of the pipeline is known then count is the size
+     * and there is no need to evaluate the pipeline.  If the size of the
+     * pipeline is non known then count is produced, via reduction, using a
+     * {@link CountingSink}.
+     *
+     * @return a {@code TerminalOp} implementing the counting
+     */
+    public static TerminalOp<Double, Long>
+    makeDoubleCounting() {
+        return new ReduceOp<Double, Long, CountingSink<Double>>(StreamShape.REFERENCE) {
+            @Override
+            public CountingSink<Double> makeSink() { return new CountingSink.OfDouble(); }
+
+            @Override
+            public <P_IN> Long evaluateSequential(PipelineHelper<Double> helper,
+                                                  Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateSequential(helper, spliterator);
+            }
+
+            @Override
+            public <P_IN> Long evaluateParallel(PipelineHelper<Double> helper,
+                                                Spliterator<P_IN> spliterator) {
+                if (StreamOpFlag.SIZED.isKnown(helper.getStreamAndOpFlags()))
+                    return spliterator.getExactSizeIfKnown();
+                return super.evaluateParallel(helper, spliterator);
+            }
+        };
+    }
+
+    /**
+     * A sink that counts elements
+     */
+    static abstract class CountingSink<T>
+            extends Box<Long>
+            implements AccumulatingSink<T, Long, CountingSink<T>> {
+        long count;
+
+        @Override
+        public void begin(long size) {
+            count = 0L;
+        }
+
+        @Override
+        public Long get() {
+            return count;
+        }
+
+        @Override
+        public void combine(CountingSink<T> other) {
+            count += other.count;
+        }
+
+        static final class OfRef<T> extends CountingSink<T> {
+            @Override
+            public void accept(T t) {
+                count++;
+            }
+        }
+
+        static final class OfInt extends CountingSink<Integer> implements Sink.OfInt {
+            @Override
+            public void accept(int t) {
+                count++;
+            }
+        }
+
+        static final class OfLong extends CountingSink<Long> implements Sink.OfLong {
+            @Override
+            public void accept(long t) {
+                count++;
+            }
+        }
+
+        static final class OfDouble extends CountingSink<Double> implements Sink.OfDouble {
+            @Override
+            public void accept(double t) {
+                count++;
+            }
+        }
+    }
+
     /**
      * A type of {@code TerminalSink} that implements an associative reducing
      * operation on elements of type {@code T} and producing a result of type
@@ -652,7 +837,7 @@ final class ReduceOps {
      */
     private interface AccumulatingSink<T, R, K extends AccumulatingSink<T, R, K>>
             extends TerminalSink<T, R> {
-        public void combine(K other);
+        void combine(K other);
     }
 
     /**
diff --git a/jdk/src/java.base/share/classes/java/util/stream/ReferencePipeline.java b/jdk/src/java.base/share/classes/java/util/stream/ReferencePipeline.java
index 8f5da0e55e7..4402997958b 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/ReferencePipeline.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/ReferencePipeline.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -523,10 +523,9 @@ abstract class ReferencePipeline<P_IN, P_OUT>
 
     @Override
     public final long count() {
-        return mapToLong(e -> 1L).sum();
+        return evaluate(ReduceOps.makeRefCounting());
     }
 
-
     //
 
     /**
diff --git a/jdk/src/java.base/share/classes/java/util/stream/Stream.java b/jdk/src/java.base/share/classes/java/util/stream/Stream.java
index b5eb2c9f566..e0e26ff385f 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/Stream.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/Stream.java
@@ -851,6 +851,25 @@ public interface Stream<T> extends BaseStream<T, Stream<T>> {
      *
      * <p>This is a <a href="package-summary.html#StreamOps">terminal operation</a>.
      *
+     * @apiNote
+     * An implementation may choose to not execute the stream pipeline (either
+     * sequentially or in parallel) if it is capable of computing the count
+     * directly from the stream source.  In such cases no source elements will
+     * be traversed and no intermediate operations will be evaluated.
+     * Behavioral parameters with side-effects, which are strongly discouraged
+     * except for harmless cases such as debugging, may be affected.  For
+     * example, consider the following stream:
+     * <pre>{@code
+     *     List<String> l = Arrays.asList("A", "B", "C", "D");
+     *     long count = l.stream().peek(System.out::println).count();
+     * }</pre>
+     * The number of elements covered by the stream source, a {@code List}, is
+     * known and the intermediate operation, {@code peek}, does not inject into
+     * or remove elements from the stream (as may be the case for
+     * {@code flatMap} or {@code filter} operations).  Thus the count is the
+     * size of the {@code List} and there is no need to execute the pipeline
+     * and, as a side-effect, print out the list elements.
+     *
      * @return the count of elements in this stream
      */
     long count();
diff --git a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountLargeTest.java b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountLargeTest.java
index 9b87a09f344..8ddb3fc6890 100644
--- a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountLargeTest.java
+++ b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountLargeTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,7 @@
 /**
  * @test
  * @summary Tests counting of streams containing Integer.MAX_VALUE + 1 elements
- * @bug 8031187
+ * @bug 8031187 8067969
  */
 
 package org.openjdk.tests.java.util.stream;
@@ -41,30 +41,62 @@ public class CountLargeTest {
     static final long EXPECTED_LARGE_COUNT = 1L + Integer.MAX_VALUE;
 
     public void testRefLarge() {
-        long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
-                .mapToObj(e -> null).count();
-
-        assertEquals(count, EXPECTED_LARGE_COUNT);
+        // Test known sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToObj(e -> null).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
+        // Test unknown sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToObj(e -> null).filter(e -> true).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
     }
 
     public void testIntLarge() {
-        long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
-                .mapToInt(e -> 0).count();
-
-        assertEquals(count, EXPECTED_LARGE_COUNT);
+        // Test known sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToInt(e -> 0).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
+        // Test unknown sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToInt(e -> 0).filter(e -> true).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
     }
 
     public void testLongLarge() {
-        long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
-                .count();
-
-        assertEquals(count, EXPECTED_LARGE_COUNT);
+        // Test known sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
+        // Test unknown sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .filter(e -> true).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
     }
 
     public void testDoubleLarge() {
-        long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
-                .mapToDouble(e -> 0.0).count();
-
-        assertEquals(count, EXPECTED_LARGE_COUNT);
+        // Test known sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToDouble(e -> 0.0).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
+        // Test unknown sized stream
+        {
+            long count = LongStream.range(0, EXPECTED_LARGE_COUNT)
+                    .mapToDouble(e -> 0.0).filter(e -> true).count();
+            assertEquals(count, EXPECTED_LARGE_COUNT);
+        }
     }
 }
diff --git a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountTest.java b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountTest.java
index c5d337e8539..0ed5ddc1a17 100644
--- a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountTest.java
+++ b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CountTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,11 +24,12 @@
 /**
  * @test
  * @summary Tests counting of streams
- * @bug 8031187
+ * @bug 8031187 8067969
  */
 
 package org.openjdk.tests.java.util.stream;
 
+import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.DoubleStream;
 import java.util.stream.DoubleStreamTestDataProvider;
 import java.util.stream.IntStream;
@@ -52,6 +53,12 @@ public class CountTest extends OpTestCase {
                 terminal(Stream::count).
                 expectedResult(expectedCount).
                 exercise();
+
+        // Test with an unknown sized stream
+        withData(data).
+                terminal(s -> s.filter(e -> true), Stream::count).
+                expectedResult(expectedCount).
+                exercise();
     }
 
     @Test(dataProvider = "IntStreamTestData", dataProviderClass = IntStreamTestDataProvider.class)
@@ -62,6 +69,11 @@ public class CountTest extends OpTestCase {
                 terminal(IntStream::count).
                 expectedResult(expectedCount).
                 exercise();
+
+        withData(data).
+                terminal(s -> s.filter(e -> true), IntStream::count).
+                expectedResult(expectedCount).
+                exercise();
     }
 
     @Test(dataProvider = "LongStreamTestData", dataProviderClass = LongStreamTestDataProvider.class)
@@ -72,6 +84,11 @@ public class CountTest extends OpTestCase {
                 terminal(LongStream::count).
                 expectedResult(expectedCount).
                 exercise();
+
+        withData(data).
+                terminal(s -> s.filter(e -> true), LongStream::count).
+                expectedResult(expectedCount).
+                exercise();
     }
 
     @Test(dataProvider = "DoubleStreamTestData", dataProviderClass = DoubleStreamTestDataProvider.class)
@@ -82,5 +99,36 @@ public class CountTest extends OpTestCase {
                 terminal(DoubleStream::count).
                 expectedResult(expectedCount).
                 exercise();
+
+        withData(data).
+                terminal(s -> s.filter(e -> true), DoubleStream::count).
+                expectedResult(expectedCount).
+                exercise();
+    }
+
+    public void testNoEvaluationForSizedStream() {
+        {
+            AtomicInteger ai = new AtomicInteger();
+            Stream.of(1, 2, 3, 4).peek(e -> ai.getAndIncrement()).count();
+            assertEquals(ai.get(), 0);
+        }
+
+        {
+            AtomicInteger ai = new AtomicInteger();
+            IntStream.of(1, 2, 3, 4).peek(e -> ai.getAndIncrement()).count();
+            assertEquals(ai.get(), 0);
+        }
+
+        {
+            AtomicInteger ai = new AtomicInteger();
+            LongStream.of(1, 2, 3, 4).peek(e -> ai.getAndIncrement()).count();
+            assertEquals(ai.get(), 0);
+        }
+
+        {
+            AtomicInteger ai = new AtomicInteger();
+            DoubleStream.of(1, 2, 3, 4).peek(e -> ai.getAndIncrement()).count();
+            assertEquals(ai.get(), 0);
+        }
     }
 }

From b8770ac0354afdffa97016d9fb90f9cc5a8abd87 Mon Sep 17 00:00:00 2001
From: Amy Lu <amlu@openjdk.org>
Date: Mon, 16 Mar 2015 10:24:16 +0100
Subject: [PATCH 25/35] 8075111: Mark testFlatMappingClose (from
 CollectorsTest) as serialization hostile

Reviewed-by: psandoz
---
 .../test/org/openjdk/tests/java/util/stream/CollectorsTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CollectorsTest.java b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CollectorsTest.java
index 18ba487edec..08d731dc96e 100644
--- a/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CollectorsTest.java
+++ b/jdk/test/java/util/stream/test/org/openjdk/tests/java/util/stream/CollectorsTest.java
@@ -517,7 +517,7 @@ public class CollectorsTest extends OpTestCase {
                                                                                new ToListAssertion<>())));
     }
 
-    @Test
+    @Test(groups = { "serialization-hostile" })
     public void testFlatMappingClose() {
         Function<Integer, Integer> classifier = i -> i;
         AtomicInteger ai = new AtomicInteger();

From d5d207d635691e83ae9b96b0504f40c2d39d536c Mon Sep 17 00:00:00 2001
From: Weijun Wang <weijun@openjdk.org>
Date: Mon, 16 Mar 2015 18:08:01 +0800
Subject: [PATCH 26/35] 8074836: Resolve disabled warnings for libosxkrb5
 8074835: Resolve disabled warnings for libj2gss

Reviewed-by: erikj
---
 jdk/make/lib/Lib-java.security.jgss.gmk                      | 5 +++--
 .../macosx/native/libosxkrb5/nativeccache.c                  | 2 ++
 .../java.security.jgss/share/native/libj2gss/GSSLibStub.c    | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/jdk/make/lib/Lib-java.security.jgss.gmk b/jdk/make/lib/Lib-java.security.jgss.gmk
index a92212f4b0e..c2cee4e109b 100644
--- a/jdk/make/lib/Lib-java.security.jgss.gmk
+++ b/jdk/make/lib/Lib-java.security.jgss.gmk
@@ -41,7 +41,6 @@ ifneq ($(OPENJDK_TARGET_OS), windows)
       CFLAGS := $(CFLAGS_JDKLIB) $(addprefix -I, $(LIBJ2GSS_SRC)) \
           $(LIBJAVA_HEADER_FLAGS) \
           -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
-      DISABLED_WARNINGS_gcc := pointer-to-int-cast, \
       MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libj2gss/mapfile-vers, \
       LDFLAGS := $(LDFLAGS_JDKLIB) \
           $(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -74,6 +73,8 @@ ifneq ($(BUILD_CRYPTO), no)
   endif
 
   ifneq ($(BUILD_LIBKRB5_NAME), )
+    # libosxkrb5 needs to call deprecated krb5 APIs so that java
+    # can use the native credentials cache.
     $(eval $(call SetupNativeCompilation,BUILD_LIBKRB5, \
         LIBRARY := $(BUILD_LIBKRB5_NAME), \
         OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
@@ -83,7 +84,7 @@ ifneq ($(BUILD_CRYPTO), no)
         CFLAGS := $(CFLAGS_JDKLIB) \
             $(addprefix -I, $(BUILD_LIBKRB5_SRC)) \
             -I$(SUPPORT_OUTPUTDIR)/headers/java.security.jgss, \
-        DISABLED_WARNINGS_clang := implicit-function-declaration, \
+        DISABLED_WARNINGS_clang := deprecated-declarations, \
         LDFLAGS := $(LDFLAGS_JDKLIB) \
             $(call SET_SHARED_LIBRARY_ORIGIN), \
         LDFLAGS_SUFFIX := $(BUILD_LIBKRB5_LIBS), \
diff --git a/jdk/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c b/jdk/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
index 667313dcee1..518462e6ae2 100644
--- a/jdk/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
+++ b/jdk/src/java.security.jgss/macosx/native/libosxkrb5/nativeccache.c
@@ -25,6 +25,8 @@
 
 #import "sun_security_krb5_Credentials.h"
 #import <Kerberos/Kerberos.h>
+#import <string.h>
+#import <time.h>
 
 /*
  * Based largely on klist.c,
diff --git a/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c b/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
index b9bfb929830..b5abb9c0860 100644
--- a/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
+++ b/jdk/src/java.security.jgss/share/native/libj2gss/GSSLibStub.c
@@ -430,11 +430,11 @@ Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName(JNIEnv *env,
 
     checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]");
     if ((*env)->ExceptionCheck(env)) {
-      return (jlong) GSS_C_NO_NAME;
+      return ptr_to_jlong(GSS_C_NO_NAME);
     }
     return ptr_to_jlong(mnNameHdl);
   }
-  return (jlong) GSS_C_NO_NAME;
+  return ptr_to_jlong(GSS_C_NO_NAME);
 }
 
 /*

From 765a1e44350ed452bfac954ac9e5fb9552615040 Mon Sep 17 00:00:00 2001
From: Alexander Stepanov <avstepan@openjdk.org>
Date: Mon, 16 Mar 2015 19:09:13 +0400
Subject: [PATCH 27/35] 8028266: Tidy warnings cleanup for packages
 java.security/javax.security

Some tidy warnings in docs were fixed

Reviewed-by: mullan, wetmore
---
 .../java/security/AccessControlContext.java   | 12 ++---
 .../classes/java/security/AllPermission.java  |  5 +-
 .../java/security/BasicPermission.java        | 14 ++---
 .../classes/java/security/DomainCombiner.java |  6 +--
 .../share/classes/java/security/KeyRep.java   |  6 +--
 .../share/classes/java/security/KeyStore.java |  5 +-
 .../classes/java/security/KeyStoreSpi.java    |  3 +-
 .../classes/java/security/Permissions.java    |  6 +--
 .../java/security/ProtectionDomain.java       |  3 --
 .../java/security/SecureClassLoader.java      | 10 ++--
 .../java/security/UnresolvedPermission.java   |  6 +--
 .../java/security/cert/Certificate.java       | 10 ++--
 .../javax/crypto/CipherInputStream.java       |  3 +-
 .../share/classes/javax/crypto/package.html   | 10 ++--
 .../javax/net/ssl/KeyManagerFactory.java      |  3 +-
 .../classes/javax/net/ssl/SSLParameters.java  |  3 +-
 .../javax/security/auth/AuthPermission.java   | 10 ++--
 .../security/auth/DestroyFailedException.java |  4 +-
 .../javax/security/auth/Destroyable.java      |  4 +-
 .../classes/javax/security/auth/Policy.java   | 14 ++---
 .../auth/PrivateCredentialPermission.java     | 24 ++-------
 .../security/auth/RefreshFailedException.java |  4 +-
 .../javax/security/auth/Refreshable.java      |  8 +--
 .../classes/javax/security/auth/Subject.java  |  4 +-
 .../security/auth/SubjectDomainCombiner.java  | 22 +++-----
 .../auth/callback/CallbackHandler.java        |  4 +-
 .../auth/callback/ChoiceCallback.java         | 23 ++------
 .../auth/callback/ConfirmationCallback.java   | 44 ++++------------
 .../auth/callback/LanguageCallback.java       |  6 +--
 .../security/auth/callback/NameCallback.java  | 16 +-----
 .../auth/callback/PasswordCallback.java       | 16 ++----
 .../auth/callback/TextInputCallback.java      | 16 +-----
 .../auth/callback/TextOutputCallback.java     | 12 ++---
 .../UnsupportedCallbackException.java         | 10 +---
 .../security/auth/login/AccountException.java |  4 +-
 .../auth/login/AccountExpiredException.java   |  4 +-
 .../auth/login/AccountLockedException.java    |  4 +-
 .../auth/login/AccountNotFoundException.java  |  4 +-
 .../auth/login/AppConfigurationEntry.java     |  6 +--
 .../security/auth/login/Configuration.java    | 14 ++---
 .../security/auth/login/ConfigurationSpi.java |  8 ++-
 .../auth/login/CredentialException.java       |  4 +-
 .../login/CredentialExpiredException.java     |  4 +-
 .../login/CredentialNotFoundException.java    |  4 +-
 .../auth/login/FailedLoginException.java      |  4 +-
 .../security/auth/login/LoginContext.java     | 52 ++++++-------------
 .../security/auth/login/LoginException.java   |  4 +-
 .../javax/security/auth/spi/LoginModule.java  | 18 ++-----
 .../auth/x500/X500PrivateCredential.java      | 14 ++---
 .../auth/kerberos/DelegationPermission.java   |  9 ++--
 .../security/auth/kerberos/EncryptionKey.java |  4 +-
 .../auth/kerberos/KerberosCredMessage.java    |  4 +-
 .../security/auth/kerberos/KerberosKey.java   |  4 +-
 .../javax/security/auth/kerberos/KeyTab.java  |  4 +-
 .../auth/kerberos/ServicePermission.java      |  8 +--
 .../security/auth/kerberos/package-info.java  |  2 +-
 56 files changed, 159 insertions(+), 370 deletions(-)

diff --git a/jdk/src/java.base/share/classes/java/security/AccessControlContext.java b/jdk/src/java.base/share/classes/java/security/AccessControlContext.java
index 22cb1005ed7..feed0cf11e1 100644
--- a/jdk/src/java.base/share/classes/java/security/AccessControlContext.java
+++ b/jdk/src/java.base/share/classes/java/security/AccessControlContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -153,8 +153,6 @@ public final class AccessControlContext {
      * {@code DomainCombiner} with the provided
      * {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @param acc the {@code AccessControlContext} associated
      *          with the provided {@code DomainCombiner}.
      *
@@ -338,8 +336,6 @@ public final class AccessControlContext {
      * Get the {@code DomainCombiner} associated with this
      * {@code AccessControlContext}.
      *
-     * <p>
-     *
      * @return the {@code DomainCombiner} associated with this
      *          {@code AccessControlContext}, or {@code null}
      *          if there is none.
@@ -738,12 +734,12 @@ public final class AccessControlContext {
 
     /**
      * Checks two AccessControlContext objects for equality.
-     * Checks that <i>obj</i> is
+     * Checks that {@code obj} is
      * an AccessControlContext and has the same set of ProtectionDomains
      * as this context.
-     * <P>
+     *
      * @param obj the object we are testing for equality with this object.
-     * @return true if <i>obj</i> is an AccessControlContext, and has the
+     * @return true if {@code obj} is an AccessControlContext, and has the
      * same set of ProtectionDomains as this context, false otherwise.
      */
     public boolean equals(Object obj) {
diff --git a/jdk/src/java.base/share/classes/java/security/AllPermission.java b/jdk/src/java.base/share/classes/java/security/AllPermission.java
index c01b134f074..b830b884c59 100644
--- a/jdk/src/java.base/share/classes/java/security/AllPermission.java
+++ b/jdk/src/java.base/share/classes/java/security/AllPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,7 +96,7 @@ public final class AllPermission extends Permission {
      * objects are always equal.
      *
      * @param obj the object we are testing for equality with this object.
-     * @return true if <i>obj</i> is an AllPermission, false otherwise.
+     * @return true if {@code obj} is an AllPermission, false otherwise.
      */
     public boolean equals(Object obj) {
         return (obj instanceof AllPermission);
@@ -124,7 +124,6 @@ public final class AllPermission extends Permission {
     /**
      * Returns a new PermissionCollection object for storing AllPermission
      * objects.
-     * <p>
      *
      * @return a new PermissionCollection object suitable for
      * storing AllPermissions.
diff --git a/jdk/src/java.base/share/classes/java/security/BasicPermission.java b/jdk/src/java.base/share/classes/java/security/BasicPermission.java
index 0abbfa7c047..7e0f4fb85b4 100644
--- a/jdk/src/java.base/share/classes/java/security/BasicPermission.java
+++ b/jdk/src/java.base/share/classes/java/security/BasicPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,7 +56,7 @@ import java.io.IOException;
  * named permission or you don't.)
  * Subclasses may implement actions on top of BasicPermission,
  * if desired.
- * <p>
+ *
  * @see java.security.Permission
  * @see java.security.Permissions
  * @see java.security.PermissionCollection
@@ -154,8 +154,8 @@ public abstract class BasicPermission extends Permission
      * <P>
      * More specifically, this method returns true if:
      * <ul>
-     * <li> <i>p</i>'s class is the same as this object's class, and
-     * <li> <i>p</i>'s name equals or (in the case of wildcards)
+     * <li> {@code p}'s class is the same as this object's class, and
+     * <li> {@code p}'s name equals or (in the case of wildcards)
      *      is implied by this object's
      *      name. For example, "a.b.*" implies "a.b.c".
      * </ul>
@@ -193,11 +193,11 @@ public abstract class BasicPermission extends Permission
 
     /**
      * Checks two BasicPermission objects for equality.
-     * Checks that <i>obj</i>'s class is the same as this object's class
+     * Checks that {@code obj}'s class is the same as this object's class
      * and has the same name as this object.
-     * <P>
+     *
      * @param obj the object we are testing for equality with this object.
-     * @return true if <i>obj</i>'s class is the same as this object's class
+     * @return true if {@code obj}'s class is the same as this object's class
      *  and has the same name as this BasicPermission object, false otherwise.
      */
     public boolean equals(Object obj) {
diff --git a/jdk/src/java.base/share/classes/java/security/DomainCombiner.java b/jdk/src/java.base/share/classes/java/security/DomainCombiner.java
index 4785df4cd80..0e1ccf9112f 100644
--- a/jdk/src/java.base/share/classes/java/security/DomainCombiner.java
+++ b/jdk/src/java.base/share/classes/java/security/DomainCombiner.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,8 +87,6 @@ public interface DomainCombiner {
      * Individual ProtectionDomains may be modified (with a new
      * set of Permissions, for example).
      *
-     * <p>
-     *
      * @param currentDomains the ProtectionDomains associated with the
      *          current execution Thread, up to the most recent
      *          privileged {@code ProtectionDomain}.
@@ -96,7 +94,7 @@ public interface DomainCombiner {
      *          with the most recently executing {@code ProtectionDomain}
      *          residing at the beginning of the array. This parameter may
      *          be {@code null} if the current execution Thread
-     *          has no associated ProtectionDomains.<p>
+     *          has no associated ProtectionDomains.
      *
      * @param assignedDomains an array of inherited ProtectionDomains.
      *          ProtectionDomains may be inherited from a parent Thread,
diff --git a/jdk/src/java.base/share/classes/java/security/KeyRep.java b/jdk/src/java.base/share/classes/java/security/KeyRep.java
index 0b1412c1563..f97208f1083 100644
--- a/jdk/src/java.base/share/classes/java/security/KeyRep.java
+++ b/jdk/src/java.base/share/classes/java/security/KeyRep.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -112,8 +112,6 @@ public class KeyRep implements Serializable {
     /**
      * Construct the alternate Key class.
      *
-     * <p>
-     *
      * @param type either one of Type.SECRET, Type.PUBLIC, or Type.PRIVATE
      * @param algorithm the algorithm returned from
      *          {@code Key.getAlgorithm()}
@@ -157,8 +155,6 @@ public class KeyRep implements Serializable {
      * encoded key bytes, and generates a private key from the spec
      * </ul>
      *
-     * <p>
-     *
      * @return the resolved Key object
      *
      * @exception ObjectStreamException if the Type/format
diff --git a/jdk/src/java.base/share/classes/java/security/KeyStore.java b/jdk/src/java.base/share/classes/java/security/KeyStore.java
index 71df7dbd5a2..8fde796e041 100644
--- a/jdk/src/java.base/share/classes/java/security/KeyStore.java
+++ b/jdk/src/java.base/share/classes/java/security/KeyStore.java
@@ -120,7 +120,7 @@ import sun.security.util.Debug;
  *      KeyStore ks = KeyStore.getInstance("JKS");
  * </pre>
  * The system will return the most preferred implementation of the
- * specified keystore type available in the environment. <p>
+ * specified keystore type available in the environment.
  * </ul>
  *
  * <p> Before a keystore can be accessed, it must be
@@ -617,7 +617,6 @@ public class KeyStore {
 
         /**
          * Retrieves the attributes associated with an entry.
-         * <p>
          *
          * @return an unmodifiable {@code Set} of attributes, possibly empty
          *
@@ -708,7 +707,6 @@ public class KeyStore {
 
         /**
          * Retrieves the attributes associated with an entry.
-         * <p>
          *
          * @return an unmodifiable {@code Set} of attributes, possibly empty
          *
@@ -792,7 +790,6 @@ public class KeyStore {
 
         /**
          * Retrieves the attributes associated with an entry.
-         * <p>
          *
          * @return an unmodifiable {@code Set} of attributes, possibly empty
          *
diff --git a/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java b/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java
index ceb41d87063..ea11dab2e9a 100644
--- a/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java
+++ b/jdk/src/java.base/share/classes/java/security/KeyStoreSpi.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -595,7 +595,6 @@ public abstract class KeyStoreSpi {
      * Probes the specified input stream to determine whether it contains a
      * keystore that is supported by this implementation, or not.
      *
-     * <p>
      * @implSpec
      * This method returns false by default. Keystore implementations should
      * override this method to peek at the data stream directly or to use other
diff --git a/jdk/src/java.base/share/classes/java/security/Permissions.java b/jdk/src/java.base/share/classes/java/security/Permissions.java
index cce9f5f56f3..cc9c69358ee 100644
--- a/jdk/src/java.base/share/classes/java/security/Permissions.java
+++ b/jdk/src/java.base/share/classes/java/security/Permissions.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@ implements Serializable
      *
      * This method creates
      * a new PermissionCollection object (and adds the permission to it)
-     * if an appropriate collection does not yet exist. <p>
+     * if an appropriate collection does not yet exist.
      *
      * @param permission the Permission object to add.
      *
@@ -162,7 +162,7 @@ implements Serializable
      *
      * <p>Additionally, if this PermissionCollection contains the
      * AllPermission, this method will always return true.
-     * <p>
+     *
      * @param permission the Permission object to check.
      *
      * @return true if "permission" is implied by the permissions in the
diff --git a/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java b/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java
index 2e505d74554..6e7056ddc92 100644
--- a/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java
+++ b/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java
@@ -51,7 +51,6 @@ import sun.misc.SharedSecrets;
  * ProtectionDomain can also be constructed such that it is dynamically
  * mapped to a set of permissions by the current Policy whenever a permission
  * is checked.
- * <p>
  *
  * @author Li Gong
  * @author Roland Schemers
@@ -168,7 +167,6 @@ public class ProtectionDomain {
      * this domain. This constructor affords the
      * Policy provider the opportunity to augment the supplied
      * PermissionCollection to reflect policy changes.
-     * <p>
      *
      * @param codesource the CodeSource associated with this domain
      * @param permissions the permissions granted to this domain
@@ -263,7 +261,6 @@ public class ProtectionDomain {
      * permissions, then the permission will be checked against the
      * combination of the PermissionCollection supplied at construction and
      * the current Policy binding.
-     * <p>
      *
      * @param permission the Permission object to check.
      *
diff --git a/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java b/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java
index 145f4fc482b..41b84dbe683 100644
--- a/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java
+++ b/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -65,7 +65,7 @@ public class SecureClassLoader extends ClassLoader {
      * <p>If there is a security manager, this method first
      * calls the security manager's {@code checkCreateClassLoader}
      * method  to ensure creation of a class loader is allowed.
-     * <p>
+     *
      * @param parent the parent ClassLoader
      * @exception  SecurityException  if a security manager exists and its
      *             {@code checkCreateClassLoader} method doesn't allow
@@ -112,7 +112,7 @@ public class SecureClassLoader extends ClassLoader {
      * <p>
      * If a non-null CodeSource is supplied a ProtectionDomain is
      * constructed and associated with the class being defined.
-     * <p>
+     *
      * @param      name the expected name of the class, or {@code null}
      *                  if not known, using '.' and not '/' as the separator
      *                  and without a trailing ".class" suffix.
@@ -149,7 +149,7 @@ public class SecureClassLoader extends ClassLoader {
      * <p>
      * If a non-null CodeSource is supplied a ProtectionDomain is
      * constructed and associated with the class being defined.
-     * <p>
+     *
      * @param      name the expected name of the class, or {@code null}
      *                  if not known, using '.' and not '/' as the separator
      *                  and without a trailing ".class" suffix.
@@ -180,7 +180,7 @@ public class SecureClassLoader extends ClassLoader {
      * This method is invoked by the defineClass method which takes
      * a CodeSource as an argument when it is constructing the
      * ProtectionDomain for the class being defined.
-     * <p>
+     *
      * @param codesource the codesource.
      *
      * @return the permissions granted to the codesource.
diff --git a/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java b/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
index 98ab2d13f9f..9dff324920e 100644
--- a/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
+++ b/jdk/src/java.base/share/classes/java/security/UnresolvedPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -310,7 +310,7 @@ implements java.io.Serializable
 
     /**
      * Checks two UnresolvedPermission objects for equality.
-     * Checks that <i>obj</i> is an UnresolvedPermission, and has
+     * Checks that {@code obj} is an UnresolvedPermission, and has
      * the same type (class) name, permission name, actions, and
      * certificates as this object.
      *
@@ -491,7 +491,7 @@ implements java.io.Serializable
     /**
      * Returns a new PermissionCollection object for storing
      * UnresolvedPermission  objects.
-     * <p>
+     *
      * @return a new PermissionCollection object suitable for
      * storing UnresolvedPermissions.
      */
diff --git a/jdk/src/java.base/share/classes/java/security/cert/Certificate.java b/jdk/src/java.base/share/classes/java/security/cert/Certificate.java
index 10544983d2c..6923627ce7b 100644
--- a/jdk/src/java.base/share/classes/java/security/cert/Certificate.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/Certificate.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,7 @@ import sun.security.x509.X509CertImpl;
  * An identity certificate is a binding of a principal to a public key which
  * is vouched for by another principal.  (A principal represents
  * an entity such as an individual user, a group, or a corporation.)
- *<p>
+ * <p>
  * This class is an abstraction for certificates that have different
  * formats but important common uses.  For example, different types of
  * certificates, such as X.509 and PGP, share general certificate
@@ -248,9 +248,7 @@ public abstract class Certificate implements java.io.Serializable {
          * Construct the alternate Certificate class with the Certificate
          * type and Certificate encoding bytes.
          *
-         * <p>
-         *
-         * @param type the standard name of the Certificate type. <p>
+         * @param type the standard name of the Certificate type.
          *
          * @param data the Certificate data.
          */
@@ -262,8 +260,6 @@ public abstract class Certificate implements java.io.Serializable {
         /**
          * Resolve the Certificate Object.
          *
-         * <p>
-         *
          * @return the resolved Certificate Object
          *
          * @throws java.io.ObjectStreamException if the Certificate
diff --git a/jdk/src/java.base/share/classes/javax/crypto/CipherInputStream.java b/jdk/src/java.base/share/classes/javax/crypto/CipherInputStream.java
index 37520a1b5ec..691ce46078f 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/CipherInputStream.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/CipherInputStream.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -172,7 +172,6 @@ public class CipherInputStream extends FilterInputStream {
      * <code>-1</code> is returned. This method blocks until input data
      * is available, the end of the stream is detected, or an exception
      * is thrown.
-     * <p>
      *
      * @return  the next byte of data, or <code>-1</code> if the end of the
      *          stream is reached.
diff --git a/jdk/src/java.base/share/classes/javax/crypto/package.html b/jdk/src/java.base/share/classes/javax/crypto/package.html
index 15185738e59..c1d46ff528c 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/package.html
+++ b/jdk/src/java.base/share/classes/javax/crypto/package.html
@@ -1,5 +1,5 @@
 <!--
-Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
 This code is free software; you can redistribute it and/or modify it
@@ -47,8 +47,8 @@ provider-based implementations without having to add or rewrite code.
 <h2>Package Specification</h2>
 
 <ul>
-  <li><a href="{@docRoot}/../technotes/guides/security/StandardNames.html"><b>
-    <b>Java<FONT SIZE=-2><SUP>TM</SUP></FONT>
+  <li><a href="{@docRoot}/../technotes/guides/security/StandardNames.html">
+    <b>Java&trade;
     Cryptography Architecture Standard Algorithm Name
     Documentation</b></a></li>
 </ul>
@@ -60,14 +60,14 @@ For further documentation, please see:
   <li>
     <a href=
       "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html">
-      <b>Java<FONT SIZE=-2><SUP>TM</SUP></FONT>
+      <b>Java&trade;
        Cryptography Architecture (JCA) Reference Guide
       </b></a></li>
   <li>
     <a href=
       "{@docRoot}/../technotes/guides/security/crypto/HowToImplAProvider.html">
       <b>How to Implement a Provider in the
-      Java<FONT SIZE=-2><SUP>TM</SUP></FONT> Cryptography Architecture
+      Java&trade; Cryptography Architecture
       </b></a></li>
 </ul>
 
diff --git a/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java b/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java
index 1fc94ee79c8..31149108c8f 100644
--- a/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -240,7 +240,6 @@ public class KeyManagerFactory {
      * <P>
      * For more flexible initialization, please see
      * {@link #init(ManagerFactoryParameters)}.
-     * <P>
      *
      * @param ks the key store or null
      * @param password the password for recovering keys in the KeyStore
diff --git a/jdk/src/java.base/share/classes/javax/net/ssl/SSLParameters.java b/jdk/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
index 5e0d403cd39..9d65155d87a 100644
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -339,7 +339,6 @@ public class SSLParameters {
      *     SSLEngine engine =
      *         sslContext.createSSLEngine("www.example.com", 443);
      * </pre>
-     * <P>
      *
      * @return null or an immutable list of non-null {@link SNIServerName}s
      *
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/AuthPermission.java b/jdk/src/java.base/share/classes/javax/security/auth/AuthPermission.java
index b1973e1286f..49f51481d17 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/AuthPermission.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/AuthPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,7 +80,7 @@ package javax.security.auth;
  *
  *      createLoginContext.{name} -  allow code to instantiate a
  *                              {@code LoginContext} with the
- *                              specified <i>name</i>.  <i>name</i>
+ *                              specified {@code name}.  {@code name}
  *                              is used as the index into the installed login
  *                              {@code Configuration}
  *                              (that returned by
@@ -135,8 +135,6 @@ java.security.BasicPermission {
      * Creates a new AuthPermission with the specified name.
      * The name is the symbolic name of the AuthPermission.
      *
-     * <p>
-     *
      * @param name the name of the AuthPermission
      *
      * @throws NullPointerException if {@code name} is {@code null}.
@@ -154,9 +152,7 @@ java.security.BasicPermission {
      * The name is the symbolic name of the AuthPermission, and the
      * actions String is currently unused and should be null.
      *
-     * <p>
-     *
-     * @param name the name of the AuthPermission <p>
+     * @param name the name of the AuthPermission
      *
      * @param actions should be null.
      *
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/DestroyFailedException.java b/jdk/src/java.base/share/classes/javax/security/auth/DestroyFailedException.java
index 41e99a33192..4c72dda0484 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/DestroyFailedException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/DestroyFailedException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,8 +50,6 @@ public class DestroyFailedException extends Exception {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public DestroyFailedException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/Destroyable.java b/jdk/src/java.base/share/classes/javax/security/auth/Destroyable.java
index 4d1afe56fd5..eeb2ba0541e 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/Destroyable.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/Destroyable.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,7 +44,7 @@ public interface Destroyable {
      * @implSpec
      * The default implementation throws {@code DestroyFailedException}.
      *
-     * @exception DestroyFailedException if the destroy operation fails. <p>
+     * @exception DestroyFailedException if the destroy operation fails.
      *
      * @exception SecurityException if the caller does not have permission
      *          to destroy this {@code Object}.
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/Policy.java b/jdk/src/java.base/share/classes/javax/security/auth/Policy.java
index 3536d743aed..2463102b266 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/Policy.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/Policy.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,8 +51,8 @@ import sun.security.util.Debug;
  * The {@code Policy} object consults the local policy and returns
  * and appropriate {@code Permissions} object with the
  * Permissions granted to the Principals associated with the
- * provided <i>subject</i>, and granted to the code specified
- * by the provided <i>codeSource</i>.
+ * provided {@code subject}, and granted to the code specified
+ * by the provided {@code codeSource}.
  *
  * <p> A {@code Policy} contains the following information.
  * Note that this example only represents the syntax for the default
@@ -181,8 +181,6 @@ public abstract class Policy {
      * {@code AuthPermission("getPolicy")} permission
      * to ensure the caller has permission to get the Policy object.
      *
-     * <p>
-     *
      * @return the installed Policy.  The return value cannot be
      *          {@code null}.
      *
@@ -263,8 +261,6 @@ public abstract class Policy {
      * {@code AuthPermission("setPolicy")}
      * permission to ensure the caller has permission to set the Policy.
      *
-     * <p>
-     *
      * @param policy the new system Policy object.
      *
      * @exception java.lang.SecurityException if the current thread does not
@@ -321,8 +317,6 @@ public abstract class Policy {
      * Retrieve the Permissions granted to the Principals associated with
      * the specified {@code CodeSource}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject}
      *                  whose associated Principals,
      *                  in conjunction with the provided
@@ -353,8 +347,6 @@ public abstract class Policy {
      * For example, if the Policy object is stored in
      * a file, calling {@code refresh} will cause the file to be re-read.
      *
-     * <p>
-     *
      * @exception SecurityException if the caller does not have permission
      *                          to refresh the Policy.
      */
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java b/jdk/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
index 9aa0e6352a2..217bf9ea95f 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -157,10 +157,8 @@ public final class PrivateCredentialPermission extends Permission {
      * with the specified {@code name}.  The {@code name}
      * specifies both a Credential class and a {@code Principal} Set.
      *
-     * <p>
-     *
      * @param name the name specifying the Credential class and
-     *          {@code Principal} Set. <p>
+     *          {@code Principal} Set.
      *
      * @param actions the actions specifying that the Credential can be read.
      *
@@ -180,8 +178,6 @@ public final class PrivateCredentialPermission extends Permission {
      * Returns the Class name of the Credential associated with this
      * {@code PrivateCredentialPermission}.
      *
-     * <p>
-     *
      * @return the Class name of the Credential associated with this
      *          {@code PrivateCredentialPermission}.
      */
@@ -202,8 +198,6 @@ public final class PrivateCredentialPermission extends Permission {
      * corresponds to the {@code Principal} name of the
      * first {@code Principal} in the array.
      *
-     * <p>
-     *
      * @return the {@code Principal} class and names associated
      *          with this {@code PrivateCredentialPermission}.
      */
@@ -229,8 +223,8 @@ public final class PrivateCredentialPermission extends Permission {
      *
      * This method returns true if:
      * <ul>
-     * <li> <i>p</i> is an instanceof PrivateCredentialPermission and
-     * <li> the target name for <i>p</i> is implied by this object's
+     * <li> {@code p} is an instanceof PrivateCredentialPermission and
+     * <li> the target name for {@code p} is implied by this object's
      *          target name.  For example:
      * <pre>
      *  [* P1 "duke"] implies [a.b.Credential P1 "duke"].
@@ -239,8 +233,6 @@ public final class PrivateCredentialPermission extends Permission {
      * </pre>
      * </ul>
      *
-     * <p>
-     *
      * @param p the {@code Permission} to check against.
      *
      * @return true if this {@code PrivateCredentialPermission} implies
@@ -261,15 +253,13 @@ public final class PrivateCredentialPermission extends Permission {
 
     /**
      * Checks two {@code PrivateCredentialPermission} objects for
-     * equality.  Checks that <i>obj</i> is a
+     * equality.  Checks that {@code obj} is a
      * {@code PrivateCredentialPermission},
      * and has the same credential class as this object,
      * as well as the same Principals as this object.
      * The order of the Principals in the respective Permission's
      * target names is not relevant.
      *
-     * <p>
-     *
      * @param obj the object we are testing for equality with this object.
      *
      * @return true if obj is a {@code PrivateCredentialPermission},
@@ -301,8 +291,6 @@ public final class PrivateCredentialPermission extends Permission {
      * Returns the "canonical string representation" of the actions.
      * This method always returns the String, "read".
      *
-     * <p>
-     *
      * @return the actions (always returns "read").
      */
     public String getActions() {
@@ -315,8 +303,6 @@ public final class PrivateCredentialPermission extends Permission {
      * No such {@code PermissionCollection} is defined,
      * so this method always returns {@code null}.
      *
-     * <p>
-     *
      * @return null in all cases.
      */
     public PermissionCollection newPermissionCollection() {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/RefreshFailedException.java b/jdk/src/java.base/share/classes/javax/security/auth/RefreshFailedException.java
index 86c3245a807..ff44d06f307 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/RefreshFailedException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/RefreshFailedException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,8 +50,6 @@ public class RefreshFailedException extends Exception {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public RefreshFailedException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/Refreshable.java b/jdk/src/java.base/share/classes/javax/security/auth/Refreshable.java
index 9ed85ace547..8f727eafc28 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/Refreshable.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/Refreshable.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,6 @@ public interface Refreshable {
     /**
      * Determine if this {@code Object} is current.
      *
-     * <p>
-     *
      * @return true if this {@code Object} is currently current,
      *          false otherwise.
      */
@@ -50,11 +48,9 @@ public interface Refreshable {
      * Update or extend the validity period for this
      * {@code Object}.
      *
-     * <p>
-     *
      * @exception SecurityException if the caller does not have permission
      *          to update or extend the validity period for this
-     *          {@code Object}. <p>
+     *          {@code Object}.
      *
      * @exception RefreshFailedException if the refresh attempt failed.
      */
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/Subject.java b/jdk/src/java.base/share/classes/javax/security/auth/Subject.java
index 0eee83c6083..f0ec16ced8f 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/Subject.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/Subject.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -105,8 +105,6 @@ public final class Subject implements java.io.Serializable {
      * A {@code Set} that provides a view of all of this
      * Subject's Principals
      *
-     * <p>
-     *
      * @serial Each element in this set is a
      *          {@code java.security.Principal}.
      *          The set is a {@code Subject.SecureSet}.
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java b/jdk/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java
index 187c8c7156f..37420eb8783 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -69,8 +69,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
      * Associate the provided {@code Subject} with this
      * {@code SubjectDomainCombiner}.
      *
-     * <p>
-     *
      * @param subject the {@code Subject} to be associated with
      *          with this {@code SubjectDomainCombiner}.
      */
@@ -88,8 +86,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
      * Get the {@code Subject} associated with this
      * {@code SubjectDomainCombiner}.
      *
-     * <p>
-     *
      * @return the {@code Subject} associated with this
      *          {@code SubjectDomainCombiner}, or {@code null}
      *          if no {@code Subject} is associated with this
@@ -115,25 +111,23 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
      *
      * <p> A new {@code ProtectionDomain} instance is created
      * for each {@code ProtectionDomain} in the
-     * <i>currentDomains</i> array.  Each new {@code ProtectionDomain}
+     * {@code currentDomains} array.  Each new {@code ProtectionDomain}
      * instance is created using the {@code CodeSource},
      * {@code Permission}s and {@code ClassLoader}
      * from the corresponding {@code ProtectionDomain} in
-     * <i>currentDomains</i>, as well as with the Principals from
+     * {@code currentDomains}, as well as with the Principals from
      * the {@code Subject} associated with this
      * {@code SubjectDomainCombiner}.
      *
      * <p> All of the newly instantiated ProtectionDomains are
      * combined into a new array.  The ProtectionDomains from the
-     * <i>assignedDomains</i> array are appended to this new array,
+     * {@code assignedDomains} array are appended to this new array,
      * and the result is returned.
      *
      * <p> Note that optimizations such as the removal of duplicate
      * ProtectionDomains may have occurred.
      * In addition, caching of ProtectionDomains may be permitted.
      *
-     * <p>
-     *
      * @param currentDomains the ProtectionDomains associated with the
      *          current execution Thread, up to the most recent
      *          privileged {@code ProtectionDomain}.
@@ -141,15 +135,15 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
      *          with the most recently executing {@code ProtectionDomain}
      *          residing at the beginning of the array. This parameter may
      *          be {@code null} if the current execution Thread
-     *          has no associated ProtectionDomains.<p>
+     *          has no associated ProtectionDomains.
      *
      * @param assignedDomains the ProtectionDomains inherited from the
      *          parent Thread, or the ProtectionDomains from the
-     *          privileged <i>context</i>, if a call to
-     *          AccessController.doPrivileged(..., <i>context</i>)
+     *          privileged {@code context}, if a call to
+     *          {@code AccessController.doPrivileged(..., context)}
      *          had occurred  This parameter may be {@code null}
      *          if there were no ProtectionDomains inherited from the
-     *          parent Thread, or from the privileged <i>context</i>.
+     *          parent Thread, or from the privileged {@code context}.
      *
      * @return a new array consisting of the updated ProtectionDomains,
      *          or {@code null}.
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/CallbackHandler.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/CallbackHandler.java
index af024962ec4..d9ef17a700f 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/CallbackHandler.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/CallbackHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -139,7 +139,7 @@ public interface CallbackHandler {
      *          by an underlying security service which contains
      *          the information requested to be retrieved or displayed.
      *
-     * @exception java.io.IOException if an input or output error occurs. <p>
+     * @exception java.io.IOException if an input or output error occurs.
      *
      * @exception UnsupportedCallbackException if the implementation of this
      *          method does not support one or more of the Callbacks
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/ChoiceCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/ChoiceCallback.java
index 215a8dd790e..26cfd23e30c 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/ChoiceCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/ChoiceCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -70,16 +70,15 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
      * a list of choices, a default choice, and a boolean specifying
      * whether or not multiple selections from the list of choices are allowed.
      *
-     * <p>
      *
-     * @param prompt the prompt used to describe the list of choices. <p>
+     * @param prompt the prompt used to describe the list of choices.
      *
-     * @param choices the list of choices. <p>
+     * @param choices the list of choices.
      *
      * @param defaultChoice the choice to be used as the default choice
      *                  when the list of choices are displayed.  This value
      *                  is represented as an index into the
-     *                  {@code choices} array. <p>
+     *                  {@code choices} array.
      *
      * @param multipleSelectionsAllowed boolean specifying whether or
      *                  not multiple selections can be made from the
@@ -117,8 +116,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Get the prompt.
      *
-     * <p>
-     *
      * @return the prompt.
      */
     public String getPrompt() {
@@ -128,8 +125,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Get the list of choices.
      *
-     * <p>
-     *
      * @return the list of choices.
      */
     public String[] getChoices() {
@@ -139,8 +134,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Get the defaultChoice.
      *
-     * <p>
-     *
      * @return the defaultChoice, represented as an index into
      *          the {@code choices} list.
      */
@@ -152,8 +145,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
      * Get the boolean determining whether multiple selections from
      * the {@code choices} list are allowed.
      *
-     * <p>
-     *
      * @return whether multiple selections are allowed.
      */
     public boolean allowMultipleSelections() {
@@ -163,8 +154,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Set the selected choice.
      *
-     * <p>
-     *
      * @param selection the selection represented as an index into the
      *          {@code choices} list.
      *
@@ -178,8 +167,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Set the selected choices.
      *
-     * <p>
-     *
      * @param selections the selections represented as indexes into the
      *          {@code choices} list.
      *
@@ -198,8 +185,6 @@ public class ChoiceCallback implements Callback, java.io.Serializable {
     /**
      * Get the selected choices.
      *
-     * <p>
-     *
      * @return the selected choices, represented as indexes into the
      *          {@code choices} list.
      *
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/ConfirmationCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/ConfirmationCallback.java
index 2d85c463ca9..56fead57f0c 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/ConfirmationCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/ConfirmationCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -159,14 +159,12 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
      * they require either a YES/NO, YES/NO/CANCEL or OK/CANCEL
      * confirmation.
      *
-     * <p>
-     *
      * @param messageType the message type ({@code INFORMATION},
-     *                  {@code WARNING} or {@code ERROR}). <p>
+     *                  {@code WARNING} or {@code ERROR}).
      *
      * @param optionType the option type ({@code YES_NO_OPTION},
      *                  {@code YES_NO_CANCEL_OPTION} or
-     *                  {@code OK_CANCEL_OPTION}). <p>
+     *                  {@code OK_CANCEL_OPTION}).
      *
      * @param defaultOption the default option
      *                  from the provided optionType ({@code YES},
@@ -222,12 +220,10 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
      * and are displayed by the {@code CallbackHandler} implementation
      * in a manner consistent with the way preset options are displayed.
      *
-     * <p>
-     *
      * @param messageType the message type ({@code INFORMATION},
-     *                  {@code WARNING} or {@code ERROR}). <p>
+     *                  {@code WARNING} or {@code ERROR}).
      *
-     * @param options the list of confirmation options. <p>
+     * @param options the list of confirmation options.
      *
      * @param defaultOption the default option, represented as an index
      *                  into the {@code options} array.
@@ -268,16 +264,14 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
      * they require either a YES/NO, YES/NO/CANCEL or OK/CANCEL
      * confirmation.
      *
-     * <p>
-     *
-     * @param prompt the prompt used to describe the list of options. <p>
+     * @param prompt the prompt used to describe the list of options.
      *
      * @param messageType the message type ({@code INFORMATION},
-     *                  {@code WARNING} or {@code ERROR}). <p>
+     *                  {@code WARNING} or {@code ERROR}).
      *
      * @param optionType the option type ({@code YES_NO_OPTION},
      *                  {@code YES_NO_CANCEL_OPTION} or
-     *                  {@code OK_CANCEL_OPTION}). <p>
+     *                  {@code OK_CANCEL_OPTION}).
      *
      * @param defaultOption the default option
      *                  from the provided optionType ({@code YES},
@@ -337,14 +331,12 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
      * and are displayed by the {@code CallbackHandler} implementation
      * in a manner consistent with the way preset options are displayed.
      *
-     * <p>
-     *
-     * @param prompt the prompt used to describe the list of options. <p>
+     * @param prompt the prompt used to describe the list of options.
      *
      * @param messageType the message type ({@code INFORMATION},
-     *                  {@code WARNING} or {@code ERROR}). <p>
+     *                  {@code WARNING} or {@code ERROR}).
      *
-     * @param options the list of confirmation options. <p>
+     * @param options the list of confirmation options.
      *
      * @param defaultOption the default option, represented as an index
      *                  into the {@code options} array.
@@ -384,8 +376,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Get the prompt.
      *
-     * <p>
-     *
      * @return the prompt, or null if this {@code ConfirmationCallback}
      *          was instantiated without a {@code prompt}.
      */
@@ -396,8 +386,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Get the message type.
      *
-     * <p>
-     *
      * @return the message type ({@code INFORMATION},
      *          {@code WARNING} or {@code ERROR}).
      */
@@ -414,8 +402,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
      * In this case, invoke the {@code getOptions} method
      * to determine which confirmation options to display.
      *
-     * <p>
-     *
      * @return the option type ({@code YES_NO_OPTION},
      *          {@code YES_NO_CANCEL_OPTION} or
      *          {@code OK_CANCEL_OPTION}), or
@@ -430,8 +416,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Get the confirmation options.
      *
-     * <p>
-     *
      * @return the list of confirmation options, or null if this
      *          {@code ConfirmationCallback} was instantiated with
      *          an {@code optionType} instead of {@code options}.
@@ -443,8 +427,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Get the default option.
      *
-     * <p>
-     *
      * @return the default option, represented as
      *          {@code YES}, {@code NO}, {@code OK} or
      *          {@code CANCEL} if an {@code optionType}
@@ -462,8 +444,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Set the selected confirmation option.
      *
-     * <p>
-     *
      * @param selection the selection represented as {@code YES},
      *          {@code NO}, {@code OK} or {@code CANCEL}
      *          if an {@code optionType} was specified to the constructor
@@ -481,8 +461,6 @@ public class ConfirmationCallback implements Callback, java.io.Serializable {
     /**
      * Get the selected confirmation option.
      *
-     * <p>
-     *
      * @return the selected confirmation option represented as
      *          {@code YES}, {@code NO}, {@code OK} or
      *          {@code CANCEL} if an {@code optionType}
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/LanguageCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/LanguageCallback.java
index 007b8993420..bcd2fdf0741 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/LanguageCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/LanguageCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,8 +53,6 @@ public class LanguageCallback implements Callback, java.io.Serializable {
     /**
      * Set the retrieved {@code Locale}.
      *
-     * <p>
-     *
      * @param locale the retrieved {@code Locale}.
      *
      * @see #getLocale
@@ -66,8 +64,6 @@ public class LanguageCallback implements Callback, java.io.Serializable {
     /**
      * Get the retrieved {@code Locale}.
      *
-     * <p>
-     *
      * @return the retrieved {@code Locale}, or null
      *          if no {@code Locale} could be retrieved.
      *
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/NameCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/NameCallback.java
index 3dd380dc57b..500f8d1ee10 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/NameCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/NameCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,8 +55,6 @@ public class NameCallback implements Callback, java.io.Serializable {
     /**
      * Construct a {@code NameCallback} with a prompt.
      *
-     * <p>
-     *
      * @param prompt the prompt used to request the name.
      *
      * @exception IllegalArgumentException if {@code prompt} is null
@@ -72,9 +70,7 @@ public class NameCallback implements Callback, java.io.Serializable {
      * Construct a {@code NameCallback} with a prompt
      * and default name.
      *
-     * <p>
-     *
-     * @param prompt the prompt used to request the information. <p>
+     * @param prompt the prompt used to request the information.
      *
      * @param defaultName the name to be used as the default name displayed
      *                  with the prompt.
@@ -96,8 +92,6 @@ public class NameCallback implements Callback, java.io.Serializable {
     /**
      * Get the prompt.
      *
-     * <p>
-     *
      * @return the prompt.
      */
     public String getPrompt() {
@@ -107,8 +101,6 @@ public class NameCallback implements Callback, java.io.Serializable {
     /**
      * Get the default name.
      *
-     * <p>
-     *
      * @return the default name, or null if this {@code NameCallback}
      *          was not instantiated with a {@code defaultName}.
      */
@@ -119,8 +111,6 @@ public class NameCallback implements Callback, java.io.Serializable {
     /**
      * Set the retrieved name.
      *
-     * <p>
-     *
      * @param name the retrieved name (which may be null).
      *
      * @see #getName
@@ -132,8 +122,6 @@ public class NameCallback implements Callback, java.io.Serializable {
     /**
      * Get the retrieved name.
      *
-     * <p>
-     *
      * @return the retrieved name (which may be null)
      *
      * @see #setName
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java
index 0e8fb7bd794..b35eaa8d0e4 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/PasswordCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,9 +57,7 @@ public class PasswordCallback implements Callback, java.io.Serializable {
      * and a boolean specifying whether the password should be displayed
      * as it is being typed.
      *
-     * <p>
-     *
-     * @param prompt the prompt used to request the password. <p>
+     * @param prompt the prompt used to request the password.
      *
      * @param echoOn true if the password should be displayed
      *                  as it is being typed.
@@ -78,8 +76,6 @@ public class PasswordCallback implements Callback, java.io.Serializable {
     /**
      * Get the prompt.
      *
-     * <p>
-     *
      * @return the prompt.
      */
     public String getPrompt() {
@@ -90,8 +86,6 @@ public class PasswordCallback implements Callback, java.io.Serializable {
      * Return whether the password
      * should be displayed as it is being typed.
      *
-     * <p>
-     *
      * @return the whether the password
      *          should be displayed as it is being typed.
      */
@@ -102,11 +96,9 @@ public class PasswordCallback implements Callback, java.io.Serializable {
     /**
      * Set the retrieved password.
      *
-     * <p> This method makes a copy of the input <i>password</i>
+     * <p> This method makes a copy of the input {@code password}
      * before storing it.
      *
-     * <p>
-     *
      * @param password the retrieved password, which may be null.
      *
      * @see #getPassword
@@ -120,8 +112,6 @@ public class PasswordCallback implements Callback, java.io.Serializable {
      *
      * <p> This method returns a copy of the retrieved password.
      *
-     * <p>
-     *
      * @return the retrieved password, which may be null.
      *
      * @see #setPassword
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/TextInputCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/TextInputCallback.java
index eb4e81eac51..b9f93b73e44 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/TextInputCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/TextInputCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,8 +56,6 @@ public class TextInputCallback implements Callback, java.io.Serializable {
     /**
      * Construct a {@code TextInputCallback} with a prompt.
      *
-     * <p>
-     *
      * @param prompt the prompt used to request the information.
      *
      * @exception IllegalArgumentException if {@code prompt} is null
@@ -73,9 +71,7 @@ public class TextInputCallback implements Callback, java.io.Serializable {
      * Construct a {@code TextInputCallback} with a prompt
      * and default input value.
      *
-     * <p>
-     *
-     * @param prompt the prompt used to request the information. <p>
+     * @param prompt the prompt used to request the information.
      *
      * @param defaultText the text to be used as the default text displayed
      *                  with the prompt.
@@ -97,8 +93,6 @@ public class TextInputCallback implements Callback, java.io.Serializable {
     /**
      * Get the prompt.
      *
-     * <p>
-     *
      * @return the prompt.
      */
     public String getPrompt() {
@@ -108,8 +102,6 @@ public class TextInputCallback implements Callback, java.io.Serializable {
     /**
      * Get the default text.
      *
-     * <p>
-     *
      * @return the default text, or null if this {@code TextInputCallback}
      *          was not instantiated with {@code defaultText}.
      */
@@ -120,8 +112,6 @@ public class TextInputCallback implements Callback, java.io.Serializable {
     /**
      * Set the retrieved text.
      *
-     * <p>
-     *
      * @param text the retrieved text, which may be null.
      *
      * @see #getText
@@ -133,8 +123,6 @@ public class TextInputCallback implements Callback, java.io.Serializable {
     /**
      * Get the retrieved text.
      *
-     * <p>
-     *
      * @return the retrieved text, which may be null.
      *
      * @see #setText
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/TextOutputCallback.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/TextOutputCallback.java
index f83295574c2..400a2c6e3ed 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/TextOutputCallback.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/TextOutputCallback.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,12 +59,10 @@ public class TextOutputCallback implements Callback, java.io.Serializable {
      * Construct a TextOutputCallback with a message type and message
      * to be displayed.
      *
-     * <p>
-     *
      * @param messageType the message type ({@code INFORMATION},
-     *                  {@code WARNING} or {@code ERROR}). <p>
+     *                  {@code WARNING} or {@code ERROR}).
      *
-     * @param message the message to be displayed. <p>
+     * @param message the message to be displayed.
      *
      * @exception IllegalArgumentException if {@code messageType}
      *                  is not either {@code INFORMATION},
@@ -85,8 +83,6 @@ public class TextOutputCallback implements Callback, java.io.Serializable {
     /**
      * Get the message type.
      *
-     * <p>
-     *
      * @return the message type ({@code INFORMATION},
      *                  {@code WARNING} or {@code ERROR}).
      */
@@ -97,8 +93,6 @@ public class TextOutputCallback implements Callback, java.io.Serializable {
     /**
      * Get the message to be displayed.
      *
-     * <p>
-     *
      * @return the message to be displayed.
      */
     public String getMessage() {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/callback/UnsupportedCallbackException.java b/jdk/src/java.base/share/classes/javax/security/auth/callback/UnsupportedCallbackException.java
index 0a9fa5120b1..9fb40cb575b 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/callback/UnsupportedCallbackException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/callback/UnsupportedCallbackException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,6 @@ public class UnsupportedCallbackException extends Exception {
      * Constructs a {@code UnsupportedCallbackException}
      * with no detail message.
      *
-     * <p>
-     *
      * @param callback the unrecognized {@code Callback}.
      */
     public UnsupportedCallbackException(Callback callback) {
@@ -57,9 +55,7 @@ public class UnsupportedCallbackException extends Exception {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
-     * @param callback the unrecognized {@code Callback}. <p>
+     * @param callback the unrecognized {@code Callback}.
      *
      * @param msg the detail message.
      */
@@ -71,8 +67,6 @@ public class UnsupportedCallbackException extends Exception {
     /**
      * Get the unrecognized {@code Callback}.
      *
-     * <p>
-     *
      * @return the unrecognized {@code Callback}.
      */
     public Callback getCallback() {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountException.java
index 90d9262956f..8b0caeed689 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,8 +47,6 @@ public class AccountException extends LoginException {
      * A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public AccountException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountExpiredException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountExpiredException.java
index e55536da025..43dd84eb527 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountExpiredException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountExpiredException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,8 +53,6 @@ public class AccountExpiredException extends AccountException {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public AccountExpiredException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountLockedException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountLockedException.java
index 18982e2fb46..7b635e03cb5 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountLockedException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountLockedException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,8 +51,6 @@ public class AccountLockedException extends AccountException {
      * detail message. A detail message is a String that describes
      * this particular exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public AccountLockedException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountNotFoundException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountNotFoundException.java
index d976bc85aa7..29ab54e5dc6 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/AccountNotFoundException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/AccountNotFoundException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,8 +50,6 @@ public class AccountNotFoundException extends AccountException {
      * detail message. A detail message is a String that describes
      * this particular exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public AccountNotFoundException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/AppConfigurationEntry.java b/jdk/src/java.base/share/classes/javax/security/auth/login/AppConfigurationEntry.java
index 05374db2e95..1e9acbf051a 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/AppConfigurationEntry.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/AppConfigurationEntry.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,10 +57,10 @@ public class AppConfigurationEntry {
      *
      * @param loginModuleName String representing the class name of the
      *                  {@code LoginModule} configured for the
-     *                  specified application. <p>
+     *                  specified application.
      *
      * @param controlFlag either REQUIRED, REQUISITE, SUFFICIENT,
-     *                  or OPTIONAL. <p>
+     *                  or OPTIONAL.
      *
      * @param options the options configured for this {@code LoginModule}.
      *
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java b/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java
index 6d442cfcdc2..ac8e301d7e0 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/Configuration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -209,8 +209,6 @@ public abstract class Configuration {
     /**
      * Get the installed login Configuration.
      *
-     * <p>
-     *
      * @return the login Configuration.  If a Configuration object was set
      *          via the {@code Configuration.setConfiguration} method,
      *          then that object is returned.  Otherwise, a default
@@ -287,8 +285,6 @@ public abstract class Configuration {
     /**
      * Set the login {@code Configuration}.
      *
-     * <p>
-     *
      * @param configuration the new {@code Configuration}
      *
      * @exception SecurityException if the current thread does not have
@@ -546,16 +542,14 @@ public abstract class Configuration {
     }
 
     /**
-     * Retrieve the AppConfigurationEntries for the specified <i>name</i>
+     * Retrieve the AppConfigurationEntries for the specified {@code name}
      * from this Configuration.
      *
-     * <p>
-     *
      * @param name the name used to index the Configuration.
      *
-     * @return an array of AppConfigurationEntries for the specified <i>name</i>
+     * @return an array of AppConfigurationEntries for the specified {@code name}
      *          from this Configuration, or null if there are no entries
-     *          for the specified <i>name</i>
+     *          for the specified {@code name}
      */
     public abstract AppConfigurationEntry[] getAppConfigurationEntry
                                                         (String name);
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java b/jdk/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java
index 70c3e93302e..c63b0efd75b 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,14 +44,12 @@ package javax.security.auth.login;
 
 public abstract class ConfigurationSpi {
     /**
-     * Retrieve the AppConfigurationEntries for the specified <i>name</i>.
-     *
-     * <p>
+     * Retrieve the AppConfigurationEntries for the specified {@code name}.
      *
      * @param name the name used to index the Configuration.
      *
      * @return an array of AppConfigurationEntries for the specified
-     *          <i>name</i>, or null if there are no entries.
+     *          {@code name}, or null if there are no entries.
      */
     protected abstract AppConfigurationEntry[] engineGetAppConfigurationEntry
                                                         (String name);
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialException.java
index 2f6bdf2acf5..7d770741304 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,8 +47,6 @@ public class CredentialException extends LoginException {
      * A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public CredentialException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialExpiredException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialExpiredException.java
index 1ab7ae8d52c..8e279bd604b 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialExpiredException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialExpiredException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,8 +55,6 @@ public class CredentialExpiredException extends CredentialException {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public CredentialExpiredException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialNotFoundException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialNotFoundException.java
index 0708fe70c5b..3c1ffac12a2 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialNotFoundException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/CredentialNotFoundException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,8 +50,6 @@ public class CredentialNotFoundException extends CredentialException {
      * detail message. A detail message is a String that describes
      * this particular exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public CredentialNotFoundException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/FailedLoginException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/FailedLoginException.java
index 4c6f74cc2de..895583138db 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/FailedLoginException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/FailedLoginException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,8 +50,6 @@ public class FailedLoginException extends LoginException {
      * message.  A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public FailedLoginException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/LoginContext.java b/jdk/src/java.base/share/classes/javax/security/auth/login/LoginContext.java
index 88510714060..d86a91443ff 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/LoginContext.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/LoginContext.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -108,7 +108,6 @@ import sun.security.util.ResourcesMgr;
  *
  * <li> If the constructor does <b>not</b> have a Subject
  * input parameter, the LoginContext instantiates a new Subject.
- * <p>
  * </ul>
  *
  * <li> {@code Configuration}
@@ -150,7 +149,6 @@ import sun.security.util.ResourcesMgr;
  * This means the caller context (stored when the LoginContext was created)
  * must have sufficient permissions to perform any security-sensitive tasks
  * that the modules may perform.
- * <p>
  * </ul>
  *
  * <li> {@code CallbackHandler}
@@ -332,15 +330,15 @@ public class LoginContext {
      * @exception LoginException if the caller-specified {@code name}
      *          does not appear in the {@code Configuration}
      *          and there is no {@code Configuration} entry
-     *          for "<i>other</i>", or if the
-     *          <i>auth.login.defaultCallbackHandler</i>
+     *          for "{@code other}", or if the
+     *          {@code auth.login.defaultCallbackHandler}
      *          security property was set, but the implementation
      *          class could not be loaded.
-     *          <p>
+     *
      * @exception SecurityException if a SecurityManager is set and
      *          the caller does not have
      *          AuthPermission("createLoginContext.<i>name</i>"),
-     *          or if a configuration entry for <i>name</i> does not exist and
+     *          or if a configuration entry for {@code name} does not exist and
      *          the caller does not additionally have
      *          AuthPermission("createLoginContext.other")
      */
@@ -353,10 +351,8 @@ public class LoginContext {
      * Instantiate a new {@code LoginContext} object with a name
      * and a {@code Subject} object.
      *
-     * <p>
-     *
      * @param name the name used as the index into the
-     *          {@code Configuration}. <p>
+     *          {@code Configuration}.
      *
      * @param subject the {@code Subject} to authenticate.
      *
@@ -368,7 +364,7 @@ public class LoginContext {
      *          <i>auth.login.defaultCallbackHandler</i>
      *          security property was set, but the implementation
      *          class could not be loaded.
-     *          <p>
+     *
      * @exception SecurityException if a SecurityManager is set and
      *          the caller does not have
      *          AuthPermission("createLoginContext.<i>name</i>"),
@@ -391,10 +387,8 @@ public class LoginContext {
      * Instantiate a new {@code LoginContext} object with a name
      * and a {@code CallbackHandler} object.
      *
-     * <p>
-     *
      * @param name the name used as the index into the
-     *          {@code Configuration}. <p>
+     *          {@code Configuration}.
      *
      * @param callbackHandler the {@code CallbackHandler} object used by
      *          LoginModules to communicate with the user.
@@ -402,9 +396,9 @@ public class LoginContext {
      * @exception LoginException if the caller-specified {@code name}
      *          does not appear in the {@code Configuration}
      *          and there is no {@code Configuration} entry
-     *          for "<i>other</i>", or if the caller-specified
+     *          for "{@code other}", or if the caller-specified
      *          {@code callbackHandler} is {@code null}.
-     *          <p>
+     *
      * @exception SecurityException if a SecurityManager is set and
      *          the caller does not have
      *          AuthPermission("createLoginContext.<i>name</i>"),
@@ -428,12 +422,10 @@ public class LoginContext {
      * a {@code Subject} to be authenticated, and a
      * {@code CallbackHandler} object.
      *
-     * <p>
-     *
      * @param name the name used as the index into the
-     *          {@code Configuration}. <p>
+     *          {@code Configuration}.
      *
-     * @param subject the {@code Subject} to authenticate. <p>
+     * @param subject the {@code Subject} to authenticate.
      *
      * @param callbackHandler the {@code CallbackHandler} object used by
      *          LoginModules to communicate with the user.
@@ -445,7 +437,7 @@ public class LoginContext {
      *          {@code subject} is {@code null},
      *          or if the caller-specified
      *          {@code callbackHandler} is {@code null}.
-     *          <p>
+     *
      * @exception SecurityException if a SecurityManager is set and
      *          the caller does not have
      *          AuthPermission("createLoginContext.<i>name</i>"),
@@ -467,20 +459,16 @@ public class LoginContext {
     /**
      * Instantiate a new {@code LoginContext} object with a name,
      * a {@code Subject} to be authenticated,
-     * a {@code CallbackHandler} object, and a login
-     * {@code Configuration}.
-     *
-     * <p>
+     * a {@code CallbackHandler} object, and a login {@code Configuration}.
      *
      * @param name the name used as the index into the caller-specified
-     *          {@code Configuration}. <p>
+     *          {@code Configuration}.
      *
      * @param subject the {@code Subject} to authenticate,
-     *          or {@code null}. <p>
+     *          or {@code null}.
      *
      * @param callbackHandler the {@code CallbackHandler} object used by
      *          LoginModules to communicate with the user, or {@code null}.
-     *          <p>
      *
      * @param config the {@code Configuration} that lists the
      *          login modules to be called to perform the authentication,
@@ -490,7 +478,7 @@ public class LoginContext {
      *          does not appear in the {@code Configuration}
      *          and there is no {@code Configuration} entry
      *          for "<i>other</i>".
-     *          <p>
+     *
      * @exception SecurityException if a SecurityManager is set,
      *          <i>config</i> is {@code null},
      *          and either the caller does not have
@@ -570,8 +558,6 @@ public class LoginContext {
      * {@code abort} phase.  This guarantees that proper cleanup
      * and state restoration can take place.
      *
-     * <p>
-     *
      * @exception LoginException if the authentication fails.
      */
     public void login() throws LoginException {
@@ -614,8 +600,6 @@ public class LoginContext {
      * ignored for this method.  This guarantees that proper cleanup
      * and state restoration can take place.
      *
-     * <p>
-     *
      * @exception LoginException if the logout fails.
      */
     public void logout() throws LoginException {
@@ -631,8 +615,6 @@ public class LoginContext {
     /**
      * Return the authenticated Subject.
      *
-     * <p>
-     *
      * @return the authenticated Subject.  If the caller specified a
      *          Subject to this LoginContext's constructor,
      *          this method returns the caller-specified Subject.
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/login/LoginException.java b/jdk/src/java.base/share/classes/javax/security/auth/login/LoginException.java
index 75eedecc1dc..065f57f986c 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/login/LoginException.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/login/LoginException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,8 +48,6 @@ public class LoginException extends java.security.GeneralSecurityException {
      * A detail message is a String that describes this particular
      * exception.
      *
-     * <p>
-     *
      * @param msg the detail message.
      */
     public LoginException(String msg) {
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java b/jdk/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java
index 37b99086120..871bbbc60d3 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/spi/LoginModule.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -139,15 +139,13 @@ public interface LoginModule {
      * any of the data stored in {@code sharedState} or
      * {@code options} parameters, they can be ignored.
      *
-     * <p>
-     *
-     * @param subject the {@code Subject} to be authenticated. <p>
+     * @param subject the {@code Subject} to be authenticated.
      *
      * @param callbackHandler a {@code CallbackHandler} for communicating
      *                  with the end user (prompting for usernames and
-     *                  passwords, for example). <p>
+     *                  passwords, for example).
      *
-     * @param sharedState state shared with other configured LoginModules. <p>
+     * @param sharedState state shared with other configured LoginModules.
      *
      * @param options options specified in the login
      *                  {@code Configuration} for this particular
@@ -167,8 +165,6 @@ public interface LoginModule {
      * This method saves the result of the authentication attempt
      * as private state within the LoginModule.
      *
-     * <p>
-     *
      * @exception LoginException if the authentication fails
      *
      * @return true if the authentication succeeded, or false if this
@@ -192,8 +188,6 @@ public interface LoginModule {
      * authentication attempted failed, then this method removes/destroys
      * any state that was originally saved.
      *
-     * <p>
-     *
      * @exception LoginException if the commit fails
      *
      * @return true if this method succeeded, or false if this
@@ -214,8 +208,6 @@ public interface LoginModule {
      * {@code login} method), then this method cleans up any state
      * that was originally saved.
      *
-     * <p>
-     *
      * @exception LoginException if the abort fails
      *
      * @return true if this method succeeded, or false if this
@@ -229,8 +221,6 @@ public interface LoginModule {
      * <p>An implementation of this method might remove/destroy a Subject's
      * Principals and Credentials.
      *
-     * <p>
-     *
      * @exception LoginException if the logout fails
      *
      * @return true if this method succeeded, or false if this
diff --git a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500PrivateCredential.java b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500PrivateCredential.java
index 56072eda5bc..e3a7fdbd7dc 100644
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500PrivateCredential.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500PrivateCredential.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ public final class X500PrivateCredential implements Destroyable {
     /**
      * Creates an X500PrivateCredential that associates an X.509 certificate,
      * a private key and the KeyStore alias.
-     * <p>
+     *
      * @param cert X509Certificate
      * @param key  PrivateKey for the certificate
      * @exception IllegalArgumentException if either {@code cert} or
@@ -64,7 +64,7 @@ public final class X500PrivateCredential implements Destroyable {
     /**
      * Creates an X500PrivateCredential that associates an X.509 certificate,
      * a private key and the KeyStore alias.
-     * <p>
+     *
      * @param cert X509Certificate
      * @param key  PrivateKey for the certificate
      * @param alias KeyStore alias
@@ -83,7 +83,7 @@ public final class X500PrivateCredential implements Destroyable {
 
     /**
      * Returns the X.509 certificate.
-     * <p>
+     *
      * @return the X509Certificate
      */
 
@@ -93,7 +93,7 @@ public final class X500PrivateCredential implements Destroyable {
 
     /**
      * Returns the PrivateKey.
-     * <p>
+     *
      * @return the PrivateKey
      */
     public PrivateKey getPrivateKey() {
@@ -102,7 +102,7 @@ public final class X500PrivateCredential implements Destroyable {
 
     /**
      * Returns the KeyStore alias.
-     * <p>
+     *
      * @return the KeyStore alias
      */
 
@@ -124,7 +124,7 @@ public final class X500PrivateCredential implements Destroyable {
     /**
      * Determines if the references to the X.509 certificate and private key
      * in this object have been cleared.
-     * <p>
+     *
      * @return true if X509Certificate and the PrivateKey are null
 
      */
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java
index bdd3ff9c4a9..f9a4ea14ecb 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/DelegationPermission.java
@@ -74,8 +74,6 @@ public final class DelegationPermission extends BasicPermission
      * Create a new {@code DelegationPermission}
      * with the specified subordinate and target principals.
      *
-     * <p>
-     *
      * @param principals the name of the subordinate and target principals
      *
      * @throws NullPointerException if {@code principals} is {@code null}.
@@ -89,10 +87,9 @@ public final class DelegationPermission extends BasicPermission
     /**
      * Create a new {@code DelegationPermission}
      * with the specified subordinate and target principals.
-     * <p>
      *
      * @param principals the name of the subordinate and target principals
-     * <p>
+     *
      * @param actions should be null.
      *
      * @throws NullPointerException if {@code principals} is {@code null}.
@@ -155,10 +152,10 @@ public final class DelegationPermission extends BasicPermission
 
     /**
      * Checks two DelegationPermission objects for equality.
-     * <P>
+     *
      * @param obj the object to test for equality with this object.
      *
-     * @return true if <i>obj</i> is a DelegationPermission, and
+     * @return true if {@code obj} is a DelegationPermission, and
      *  has the same subordinate and service principal as this.
      *  DelegationPermission object.
      */
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/EncryptionKey.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/EncryptionKey.java
index 08b9179a11f..3cd0c9b5055 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/EncryptionKey.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/EncryptionKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@ import javax.security.auth.DestroyFailedException;
  *     }
  * </pre>
  * The key material of an {@code EncryptionKey} is defined as the value
- * of the {@code keyValue} above.<p>
+ * of the {@code keyValue} above.
  *
  * @since 1.9
  */
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java
index e45ae2a4cee..ab079b8570b 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosCredMessage.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@ import java.util.Objects;
  *            tickets         [2] SEQUENCE OF Ticket,
  *            enc-part        [3] EncryptedData -- EncKrbCredPart
  *    }
- * </pre><p>
+ * </pre>
  *
  * @since 1.9
  */
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java
index 84a39e0e129..f171d56fabc 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,7 +72,7 @@ import javax.security.auth.DestroyFailedException;
  * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor,
  * an implementation may accept non-IANA algorithm names (For example,
  * "ArcFourMac" for "rc4-hmac"), but the {@link #getAlgorithm} method
- * must always return the IANA algorithm name.<p>
+ * must always return the IANA algorithm name.
  *
  * @implNote Old algorithm names used before JDK 9 are supported in the
  * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor in this
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java
index 3b636077b08..4084a4675e3 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KeyTab.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@ import sun.security.krb5.RealmException;
  * The keytab file format is described at
  * <a href="http://www.ioplex.com/utilities/keytab.txt">
  * http://www.ioplex.com/utilities/keytab.txt</a>.
- * <p>
+ *
  * @since 1.7
  */
 public final class KeyTab {
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
index 893284e548c..ea89c1f8ae8 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/ServicePermission.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -141,7 +141,7 @@ public final class ServicePermission extends Permission
      *
      * @param servicePrincipal the name of the service principal.
      * An asterisk may appear by itself, to signify any service principal.
-     * <p>
+     *
      * @param action the action string
      */
     public ServicePermission(String servicePrincipal, String action) {
@@ -193,10 +193,10 @@ public final class ServicePermission extends Permission
 
     /**
      * Checks two ServicePermission objects for equality.
-     * <P>
+     *
      * @param obj the object to test for equality with this object.
      *
-     * @return true if <i>obj</i> is a ServicePermission, and has the
+     * @return true if {@code obj} is a ServicePermission, and has the
      *  same service principal, and actions as this
      * ServicePermission object.
      */
diff --git a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/package-info.java b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/package-info.java
index bcf1856f245..b30004bcffe 100644
--- a/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/package-info.java
+++ b/jdk/src/java.security.jgss/share/classes/javax/security/auth/kerberos/package-info.java
@@ -52,7 +52,7 @@
  * which contains a series of relations grouped into different sections.
  * Each relation contains a key and a value, the value can be an arbitrary
  * string or a boolean value. A boolean value can be one of "true", "false",
- * "yes", or "no", case-insensitive.<p>
+ * "yes", or "no", and values are case-insensitive.
  *
  * @since 1.4
  */

From 7618752fd970dab6d6da1f2024a0e032945bf689 Mon Sep 17 00:00:00 2001
From: Paul Sandoz <psandoz@openjdk.org>
Date: Mon, 16 Mar 2015 17:44:34 +0100
Subject: [PATCH 28/35] 8075230: Optimized count operations incorrectly declare
 the stream shape

Reviewed-by: chegar
---
 .../java.base/share/classes/java/util/stream/ReduceOps.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java b/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
index 97433010ec3..e3cf2979f45 100644
--- a/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
+++ b/jdk/src/java.base/share/classes/java/util/stream/ReduceOps.java
@@ -414,7 +414,7 @@ final class ReduceOps {
      */
     public static TerminalOp<Integer, Long>
     makeIntCounting() {
-        return new ReduceOp<Integer, Long, CountingSink<Integer>>(StreamShape.REFERENCE) {
+        return new ReduceOp<Integer, Long, CountingSink<Integer>>(StreamShape.INT_VALUE) {
             @Override
             public CountingSink<Integer> makeSink() { return new CountingSink.OfInt(); }
 
@@ -583,7 +583,7 @@ final class ReduceOps {
      */
     public static TerminalOp<Long, Long>
     makeLongCounting() {
-        return new ReduceOp<Long, Long, CountingSink<Long>>(StreamShape.REFERENCE) {
+        return new ReduceOp<Long, Long, CountingSink<Long>>(StreamShape.LONG_VALUE) {
             @Override
             public CountingSink<Long> makeSink() { return new CountingSink.OfLong(); }
 
@@ -752,7 +752,7 @@ final class ReduceOps {
      */
     public static TerminalOp<Double, Long>
     makeDoubleCounting() {
-        return new ReduceOp<Double, Long, CountingSink<Double>>(StreamShape.REFERENCE) {
+        return new ReduceOp<Double, Long, CountingSink<Double>>(StreamShape.DOUBLE_VALUE) {
             @Override
             public CountingSink<Double> makeSink() { return new CountingSink.OfDouble(); }
 

From 7d1b3d72778c76f7480676a6fa692b64eb845afa Mon Sep 17 00:00:00 2001
From: Brian Burkhalter <bpb@openjdk.org>
Date: Mon, 16 Mar 2015 13:49:00 -0700
Subject: [PATCH 29/35] 8075222: RandomAccessFile.getChannel changed to
 non-final in error

Reinstate 'final' RandomAccessFile.getChannel() declaration.

Reviewed-by: alanb
---
 jdk/src/java.base/share/classes/java/io/RandomAccessFile.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java b/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
index ef5e76aea76..34f32f69421 100644
--- a/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
+++ b/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java
@@ -276,7 +276,7 @@ public class RandomAccessFile implements DataOutput, DataInput, Closeable {
      * @since 1.4
      * @spec JSR-51
      */
-    public FileChannel getChannel() {
+    public final FileChannel getChannel() {
         FileChannel fc = this.channel;
         if (fc == null) {
             synchronized (this) {

From cdeddbfbca4082baf26d9daaecde634eafb2a2c0 Mon Sep 17 00:00:00 2001
From: Magnus Ihse Bursie <ihse@openjdk.org>
Date: Tue, 17 Mar 2015 16:01:27 +0100
Subject: [PATCH 30/35] 8075176: DISABLED_WARNINGS caused C++ compiler flags to
 get lost

Reviewed-by: erikj, tbell
---
 jdk/make/lib/Lib-jdk.pack200.gmk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jdk/make/lib/Lib-jdk.pack200.gmk b/jdk/make/lib/Lib-jdk.pack200.gmk
index b8bab611310..37e32d0a725 100644
--- a/jdk/make/lib/Lib-jdk.pack200.gmk
+++ b/jdk/make/lib/Lib-jdk.pack200.gmk
@@ -42,6 +42,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \
     CFLAGS_release := -DPRODUCT, \
     DISABLED_WARNINGS_gcc := conversion-null sign-compare format-security \
         format-nonliteral parentheses, \
+    DISABLED_WARNINGS_clang := bool-conversion format-security, \
     DISABLED_WARNINGS_solstudio := truncwarn, \
     DISABLED_WARNINGS_microsoft := 4267 4018, \
     MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \

From f3a2e4480d19da3ad2371cb7a8b1aba8c61f264a Mon Sep 17 00:00:00 2001
From: Xueming Shen <sherman@openjdk.org>
Date: Tue, 17 Mar 2015 09:54:36 -0700
Subject: [PATCH 31/35] 8074678: JCK test
 java_util/regex/MatchResult/index.html starts failing after JDK-8071479

To add non-match sanity check

Reviewed-by: psandoz
---
 .../classes/java/util/regex/Matcher.java      | 12 +++++
 jdk/test/java/util/regex/RegExTest.java       | 44 ++++++++++++++++++-
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/jdk/src/java.base/share/classes/java/util/regex/Matcher.java b/jdk/src/java.base/share/classes/java/util/regex/Matcher.java
index 96cf39a6338..ded7215005d 100644
--- a/jdk/src/java.base/share/classes/java/util/regex/Matcher.java
+++ b/jdk/src/java.base/share/classes/java/util/regex/Matcher.java
@@ -292,11 +292,13 @@ public final class Matcher implements MatchResult {
 
         @Override
         public int start() {
+            checkMatch();
             return first;
         }
 
         @Override
         public int start(int group) {
+            checkMatch();
             if (group < 0 || group > groupCount)
                 throw new IndexOutOfBoundsException("No group " + group);
             return groups[group * 2];
@@ -304,11 +306,13 @@ public final class Matcher implements MatchResult {
 
         @Override
         public int end() {
+            checkMatch();
             return last;
         }
 
         @Override
         public int end(int group) {
+            checkMatch();
             if (group < 0 || group > groupCount)
                 throw new IndexOutOfBoundsException("No group " + group);
             return groups[group * 2 + 1];
@@ -321,17 +325,25 @@ public final class Matcher implements MatchResult {
 
         @Override
         public String group() {
+            checkMatch();
             return group(0);
         }
 
         @Override
         public String group(int group) {
+            checkMatch();
             if (group < 0 || group > groupCount)
                 throw new IndexOutOfBoundsException("No group " + group);
             if ((groups[group*2] == -1) || (groups[group*2+1] == -1))
                 return null;
             return text.subSequence(groups[group * 2], groups[group * 2 + 1]).toString();
         }
+
+        private void checkMatch() {
+            if (first < 0)
+                throw new IllegalStateException("No match found");
+
+        }
     }
 
     /**
diff --git a/jdk/test/java/util/regex/RegExTest.java b/jdk/test/java/util/regex/RegExTest.java
index d5f8123ef5a..f04f6f1e8c7 100644
--- a/jdk/test/java/util/regex/RegExTest.java
+++ b/jdk/test/java/util/regex/RegExTest.java
@@ -32,7 +32,7 @@
  * 6358731 6178785 6284152 6231989 6497148 6486934 6233084 6504326 6635133
  * 6350801 6676425 6878475 6919132 6931676 6948903 6990617 7014645 7039066
  * 7067045 7014640 7189363 8007395 8013252 8013254 8012646 8023647 6559590
- * 8027645 8035076 8039124 8035975
+ * 8027645 8035076 8039124 8035975 8074678
  */
 
 import java.util.function.Function;
@@ -138,6 +138,7 @@ public class RegExTest {
         wordSearchTest();
         hitEndTest();
         toMatchResultTest();
+        toMatchResultTest2();
         surrogatesInClassTest();
         removeQEQuotingTest();
         namedGroupCaptureTest();
@@ -371,6 +372,47 @@ public class RegExTest {
         report("toMatchResult is a copy");
     }
 
+    private static void checkExpectedISE(Runnable test) {
+        try {
+            test.run();
+            failCount++;
+        } catch (IllegalStateException x) {
+        } catch (IndexOutOfBoundsException xx) {
+            failCount++;
+        }
+    }
+
+    private static void checkExpectedIOOE(Runnable test) {
+        try {
+            test.run();
+            failCount++;
+        } catch (IndexOutOfBoundsException x) {}
+    }
+
+    // This is for bug 8074678
+    // Test the result of toMatchResult throws ISE if no match is availble
+    private static void toMatchResultTest2() throws Exception {
+        Matcher matcher = Pattern.compile("nomatch").matcher("hello world");
+        matcher.find();
+        MatchResult mr = matcher.toMatchResult();
+
+        checkExpectedISE(() -> mr.start());
+        checkExpectedISE(() -> mr.start(2));
+        checkExpectedISE(() -> mr.end());
+        checkExpectedISE(() -> mr.end(2));
+        checkExpectedISE(() -> mr.group());
+        checkExpectedISE(() -> mr.group(2));
+
+        matcher = Pattern.compile("(match)").matcher("there is a match");
+        matcher.find();
+        MatchResult mr2 = matcher.toMatchResult();
+        checkExpectedIOOE(() -> mr2.start(2));
+        checkExpectedIOOE(() -> mr2.end(2));
+        checkExpectedIOOE(() -> mr2.group(2));
+
+        report("toMatchResult2 appropriate exceptions");
+    }
+
     // This is for bug 5013885
     // Must test a slice to see if it reports hitEnd correctly
     private static void hitEndTest() throws Exception {

From 94cafa6c0e954a0a4b05e355143e14fe461a5c74 Mon Sep 17 00:00:00 2001
From: Staffan Larsen <sla@openjdk.org>
Date: Tue, 17 Mar 2015 20:45:23 +0100
Subject: [PATCH 32/35] 8075056: Remove Version.java.template from jconsole

Reviewed-by: egahlin, iris, ihse, alanb, erikj, mchung
---
 jdk/make/gensrc/Gensrc-jdk.jconsole.gmk       | 45 -------------------
 .../{Version.java.template => Version.java}   |  2 +-
 2 files changed, 1 insertion(+), 46 deletions(-)
 delete mode 100644 jdk/make/gensrc/Gensrc-jdk.jconsole.gmk
 rename jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/{Version.java.template => Version.java} (97%)

diff --git a/jdk/make/gensrc/Gensrc-jdk.jconsole.gmk b/jdk/make/gensrc/Gensrc-jdk.jconsole.gmk
deleted file mode 100644
index 2885540dfb4..00000000000
--- a/jdk/make/gensrc/Gensrc-jdk.jconsole.gmk
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include GensrcCommon.gmk
-
-##########################################################################################
-# Version file for jconsole
-
-$(SUPPORT_OUTPUTDIR)/gensrc/jdk.jconsole/sun/tools/jconsole/Version.java: \
-    $(JDK_TOPDIR)/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java.template
-	$(MKDIR) -p $(@D)
-	$(RM) $@ $@.tmp
-	$(ECHO) $(LOG_INFO) Generating sun/tools/jconsole/Version.java
-	$(SED) -e 's/@@jconsole_version@@/$(FULL_VERSION)/g' $< > $@.tmp
-	$(MV) $@.tmp $@
-
-GENSRC_JDK_JCONSOLE += $(SUPPORT_OUTPUTDIR)/gensrc/jdk.jconsole/sun/tools/jconsole/Version.java
-
-jdk.jconsole: $(GENSRC_JDK_JCONSOLE)
-
-all: jdk.jconsole
-
-.PHONY: all jdk.jconsole
diff --git a/jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java.template b/jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java
similarity index 97%
rename from jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java.template
rename to jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java
index d6ebdb67bd8..62190b4f6c8 100644
--- a/jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java.template
+++ b/jdk/src/jdk.jconsole/share/classes/sun/tools/jconsole/Version.java
@@ -30,7 +30,7 @@ import sun.tools.jconsole.Messages;
 
 public class Version {
     private static final String jconsole_version =
-        "@@jconsole_version@@";
+        System.getProperty("java.runtime.version");
 
     public static void print(PrintStream ps) {
         printFullVersion(ps);

From ca08065c341419180318ffa4a0c3ab2cd8b0765a Mon Sep 17 00:00:00 2001
From: Naoto Sato <naoto@openjdk.org>
Date: Tue, 17 Mar 2015 16:04:26 -0700
Subject: [PATCH 33/35] 8074350: Support ISO 4217 "Current funds codes" table
 (A.2) 8074351: Support for currencies with the 4 digits (or more) minor unit

Reviewed-by: okutsu
---
 .../data/currency/CurrencyData.properties     | 22 ++++---
 .../GenerateCurrencyData.java                 | 61 ++++++++++---------
 .../share/classes/java/util/Currency.java     | 44 +++++++------
 jdk/test/java/util/Currency/CurrencyTest.java | 42 ++++++++++++-
 .../java/util/Currency/PropertiesTest.java    | 16 +++--
 jdk/test/java/util/Currency/PropertiesTest.sh |  4 +-
 .../java/util/Currency/ValidateISO4217.java   |  6 +-
 .../java/util/Currency/currency.properties    | 30 ++++++---
 jdk/test/java/util/Currency/tablea1.txt       |  5 +-
 9 files changed, 150 insertions(+), 80 deletions(-)

diff --git a/jdk/make/data/currency/CurrencyData.properties b/jdk/make/data/currency/CurrencyData.properties
index 2b5a5704959..4123814c849 100644
--- a/jdk/make/data/currency/CurrencyData.properties
+++ b/jdk/make/data/currency/CurrencyData.properties
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,10 @@
 # questions.
 #
 
-formatVersion=1
+# Version of the currency data format.
+#   1: initial
+#   2: Change in minor unit (allowing 4-9 digits)
+formatVersion=2
 
 # Version of the currency code information in this class.
 # It is a serial number that accompanies with each amendment.
@@ -36,7 +39,7 @@ dataVersion=159
 all=ADP020-AED784-AFA004-AFN971-ALL008-AMD051-ANG532-AOA973-ARS032-ATS040-AUD036-\
     AWG533-AYM945-AZM031-AZN944-BAM977-BBD052-BDT050-BEF056-BGL100-BGN975-BHD048-BIF108-\
     BMD060-BND096-BOB068-BOV984-BRL986-BSD044-BTN064-BWP072-BYB112-BYR974-\
-    BZD084-CAD124-CDF976-CHF756-CLF990-CLP152-CNY156-COP170-CRC188-CSD891-CUP192-CUC931-\
+    BZD084-CAD124-CDF976-CHE947-CHF756-CHW948-CLF990-CLP152-CNY156-COP170-COU970-CRC188-CSD891-CUP192-CUC931-\
     CVE132-CYP196-CZK203-DEM276-DJF262-DKK208-DOP214-DZD012-EEK233-EGP818-\
     ERN232-ESP724-ETB230-EUR978-FIM246-FJD242-FKP238-FRF250-GBP826-GEL981-\
     GHC288-GHS936-GIP292-GMD270-GNF324-GRD300-GTQ320-GWP624-GYD328-HKD344-HNL340-\
@@ -49,7 +52,7 @@ all=ADP020-AED784-AFA004-AFN971-ALL008-AMD051-ANG532-AOA973-ARS032-ATS040-AUD036
     PKR586-PLN985-PTE620-PYG600-QAR634-ROL946-RON946-RSD941-RUB643-RUR810-RWF646-SAR682-\
     SBD090-SCR690-SDD736-SDG938-SEK752-SGD702-SHP654-SIT705-SKK703-SLL694-SOS706-\
     SRD968-SRG740-SSP728-STD678-SVC222-SYP760-SZL748-THB764-TJS972-TMM795-TMT934-TND788-TOP776-\
-    TPE626-TRL792-TRY949-TTD780-TWD901-TZS834-UAH980-UGX800-USD840-USN997-USS998-\
+    TPE626-TRL792-TRY949-TTD780-TWD901-TZS834-UAH980-UGX800-USD840-USN997-USS998-UYI940-\
     UYU858-UZS860-VEB862-VEF937-VND704-VUV548-WST882-XAF950-XAG961-XAU959-XBA955-\
     XBB956-XBC957-XBD958-XCD951-XDR960-XFO000-XFU000-XOF952-XPD964-XPF953-\
     XPT962-XSU994-XTS963-XUA965-XXX999-YER886-YUM891-ZAR710-ZMK894-ZMW967-ZWD716-ZWL932-\
@@ -579,16 +582,17 @@ ZM=ZMW
 ZW=ZWL
 
 
-# List of currencies with 0, 1, OR 3 decimals for minor units, or where there
-# are no minor units defined. All others use 2 decimals.
+# List of currencies with non-2digit decimals for minor units,
+# or where there are no minor units defined. All others use 2 decimals.
 
 minor0=\
-    ADP-BEF-BIF-BYB-BYR-CLF-CLP-DJF-ESP-GNF-\
+    ADP-BEF-BIF-BYB-BYR-CLP-DJF-ESP-GNF-\
     GRD-ISK-ITL-JPY-KMF-KRW-LUF-MGF-PYG-PTE-RWF-\
-    TPE-TRL-UGX-VND-VUV-XAF-XOF-XPF
-minor1=
+    TPE-TRL-UGX-UYI-VND-VUV-XAF-XOF-XPF
 minor3=\
     BHD-IQD-JOD-KWD-LYD-OMR-TND
+minor4=\
+    CLF
 minorUndefined=\
     XAG-XAU-XBA-XBB-XBC-XBD-XDR-XFO-XFU-XPD-\
     XPT-XSU-XTS-XUA-XXX
diff --git a/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java b/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java
index ca1271e6851..cc125638c96 100644
--- a/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java
+++ b/jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Locale;
+import java.util.Objects;
 import java.util.Properties;
 import java.util.TimeZone;
 
@@ -72,10 +73,6 @@ public class GenerateCurrencyData {
     private static String formatVersion;
     private static String dataVersion;
     private static String validCurrencyCodes;
-    private static String currenciesWith0MinorUnitDecimals;
-    private static String currenciesWith1MinorUnitDecimal;
-    private static String currenciesWith3MinorUnitDecimal;
-    private static String currenciesWithMinorUnitsUndefined;
 
     // handy constants - must match definitions in java.util.Currency
     // magic number
@@ -83,29 +80,31 @@ public class GenerateCurrencyData {
     // number of characters from A to Z
     private static final int A_TO_Z = ('Z' - 'A') + 1;
     // entry for invalid country codes
-    private static final int INVALID_COUNTRY_ENTRY = 0x007F;
+    private static final int INVALID_COUNTRY_ENTRY = 0x0000007F;
     // entry for countries without currency
-    private static final int COUNTRY_WITHOUT_CURRENCY_ENTRY = 0x0080;
+    private static final int COUNTRY_WITHOUT_CURRENCY_ENTRY = 0x00000200;
     // mask for simple case country entries
-    private static final int SIMPLE_CASE_COUNTRY_MASK = 0x0000;
+    private static final int SIMPLE_CASE_COUNTRY_MASK = 0x00000000;
     // mask for simple case country entry final character
-    private static final int SIMPLE_CASE_COUNTRY_FINAL_CHAR_MASK = 0x001F;
+    private static final int SIMPLE_CASE_COUNTRY_FINAL_CHAR_MASK = 0x0000001F;
     // mask for simple case country entry default currency digits
-    private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_MASK = 0x0060;
+    private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_MASK = 0x000001E0;
     // shift count for simple case country entry default currency digits
     private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_SHIFT = 5;
+    // maximum number for simple case country entry default currency digits
+    private static final int SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS = 9;
     // mask for special case country entries
-    private static final int SPECIAL_CASE_COUNTRY_MASK = 0x0080;
+    private static final int SPECIAL_CASE_COUNTRY_MASK = 0x00000200;
     // mask for special case country index
-    private static final int SPECIAL_CASE_COUNTRY_INDEX_MASK = 0x001F;
+    private static final int SPECIAL_CASE_COUNTRY_INDEX_MASK = 0x0000001F;
     // delta from entry index component in main table to index into special case tables
     private static final int SPECIAL_CASE_COUNTRY_INDEX_DELTA = 1;
     // mask for distinguishing simple and special case countries
     private static final int COUNTRY_TYPE_MASK = SIMPLE_CASE_COUNTRY_MASK | SPECIAL_CASE_COUNTRY_MASK;
     // mask for the numeric code of the currency
-    private static final int NUMERIC_CODE_MASK = 0x0003FF00;
+    private static final int NUMERIC_CODE_MASK = 0x000FFC00;
     // shift count for the numeric code of the currency
-    private static final int NUMERIC_CODE_SHIFT = 8;
+    private static final int NUMERIC_CODE_SHIFT = 10;
 
     // generated data
     private static int[] mainTable = new int[A_TO_Z * A_TO_Z];
@@ -120,7 +119,7 @@ public class GenerateCurrencyData {
     private static int[] specialCaseOldCurrenciesNumericCode = new int[maxSpecialCases];
     private static int[] specialCaseNewCurrenciesNumericCode = new int[maxSpecialCases];
 
-    private static final int maxOtherCurrencies = 70;
+    private static final int maxOtherCurrencies = 128;
     private static int otherCurrenciesCount = 0;
     private static StringBuffer otherCurrencies = new StringBuffer();
     private static int[] otherCurrenciesDefaultFractionDigits = new int[maxOtherCurrencies];
@@ -129,6 +128,11 @@ public class GenerateCurrencyData {
     // date format for parsing cut-over times
     private static SimpleDateFormat format;
 
+    // Minor Units
+    private static String[] currenciesWithDefinedMinorUnitDecimals =
+        new String[SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS + 1];
+    private static String currenciesWithMinorUnitsUndefined;
+
     public static void main(String[] args) {
 
         // Look for "-o outputfilename" option
@@ -171,16 +175,14 @@ public class GenerateCurrencyData {
         formatVersion = (String) currencyData.get("formatVersion");
         dataVersion = (String) currencyData.get("dataVersion");
         validCurrencyCodes = (String) currencyData.get("all");
-        currenciesWith0MinorUnitDecimals  = (String) currencyData.get("minor0");
-        currenciesWith1MinorUnitDecimal  = (String) currencyData.get("minor1");
-        currenciesWith3MinorUnitDecimal  = (String) currencyData.get("minor3");
+        for (int i = 0; i <= SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS; i++) {
+            currenciesWithDefinedMinorUnitDecimals[i]
+                = (String) currencyData.get("minor"+i);
+        }
         currenciesWithMinorUnitsUndefined  = (String) currencyData.get("minorUndefined");
         if (formatVersion == null ||
                 dataVersion == null ||
                 validCurrencyCodes == null ||
-                currenciesWith0MinorUnitDecimals == null ||
-                currenciesWith1MinorUnitDecimal == null ||
-                currenciesWith3MinorUnitDecimal == null ||
                 currenciesWithMinorUnitsUndefined == null) {
             throw new NullPointerException("not all required data is defined in input");
         }
@@ -207,7 +209,7 @@ public class GenerateCurrencyData {
                         if (currencyInfo.charAt(0) == firstChar && currencyInfo.charAt(1) == secondChar) {
                             checkCurrencyCode(currencyInfo);
                             int digits = getDefaultFractionDigits(currencyInfo);
-                            if (digits < 0 || digits > 3) {
+                            if (digits < 0 || digits > SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS) {
                                 throw new RuntimeException("fraction digits out of range for " + currencyInfo);
                             }
                             int numericCode= getNumericCode(currencyInfo);
@@ -231,13 +233,14 @@ public class GenerateCurrencyData {
     }
 
     private static int getDefaultFractionDigits(String currencyCode) {
-        if (currenciesWith0MinorUnitDecimals.indexOf(currencyCode) != -1) {
-            return 0;
-        } else if (currenciesWith1MinorUnitDecimal.indexOf(currencyCode) != -1) {
-            return 1;
-        } else if (currenciesWith3MinorUnitDecimal.indexOf(currencyCode) != -1) {
-            return 3;
-        } else if (currenciesWithMinorUnitsUndefined.indexOf(currencyCode) != -1) {
+        for (int i = 0; i <= SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS; i++) {
+            if (Objects.nonNull(currenciesWithDefinedMinorUnitDecimals[i]) &&
+                currenciesWithDefinedMinorUnitDecimals[i].indexOf(currencyCode) != -1) {
+                return i;
+            }
+        }
+
+        if (currenciesWithMinorUnitsUndefined.indexOf(currencyCode) != -1) {
             return -1;
         } else {
             return 2;
diff --git a/jdk/src/java.base/share/classes/java/util/Currency.java b/jdk/src/java.base/share/classes/java/util/Currency.java
index f5f67b2e58d..1ba8cc93e07 100644
--- a/jdk/src/java.base/share/classes/java/util/Currency.java
+++ b/jdk/src/java.base/share/classes/java/util/Currency.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -140,11 +140,11 @@ public final class Currency implements Serializable {
     //   - maps country code to 32-bit int
     //   - 26*26 entries, corresponding to [A-Z]*[A-Z]
     //   - \u007F -> not valid country
-    //   - bits 18-31: unused
-    //   - bits 8-17: numeric code (0 to 1023)
-    //   - bit 7: 1 - special case, bits 0-4 indicate which one
+    //   - bits 20-31: unused
+    //   - bits 10-19: numeric code (0 to 1023)
+    //   - bit 9: 1 - special case, bits 0-4 indicate which one
     //            0 - simple country, bits 0-4 indicate final char of currency code
-    //   - bits 5-6: fraction digits for simple countries, 0 for special cases
+    //   - bits 5-8: fraction digits for simple countries, 0 for special cases
     //   - bits 0-4: final char for currency code for simple country, or ID of special case
     // - special case IDs:
     //   - 0: country has no currency
@@ -182,32 +182,34 @@ public final class Currency implements Serializable {
     // number of characters from A to Z
     private static final int A_TO_Z = ('Z' - 'A') + 1;
     // entry for invalid country codes
-    private static final int INVALID_COUNTRY_ENTRY = 0x007F;
+    private static final int INVALID_COUNTRY_ENTRY = 0x0000007F;
     // entry for countries without currency
-    private static final int COUNTRY_WITHOUT_CURRENCY_ENTRY = 0x0080;
+    private static final int COUNTRY_WITHOUT_CURRENCY_ENTRY = 0x00000200;
     // mask for simple case country entries
-    private static final int SIMPLE_CASE_COUNTRY_MASK = 0x0000;
+    private static final int SIMPLE_CASE_COUNTRY_MASK = 0x00000000;
     // mask for simple case country entry final character
-    private static final int SIMPLE_CASE_COUNTRY_FINAL_CHAR_MASK = 0x001F;
+    private static final int SIMPLE_CASE_COUNTRY_FINAL_CHAR_MASK = 0x0000001F;
     // mask for simple case country entry default currency digits
-    private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_MASK = 0x0060;
+    private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_MASK = 0x000001E0;
     // shift count for simple case country entry default currency digits
     private static final int SIMPLE_CASE_COUNTRY_DEFAULT_DIGITS_SHIFT = 5;
+    // maximum number for simple case country entry default currency digits
+    private static final int SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS = 9;
     // mask for special case country entries
-    private static final int SPECIAL_CASE_COUNTRY_MASK = 0x0080;
+    private static final int SPECIAL_CASE_COUNTRY_MASK = 0x00000200;
     // mask for special case country index
-    private static final int SPECIAL_CASE_COUNTRY_INDEX_MASK = 0x001F;
+    private static final int SPECIAL_CASE_COUNTRY_INDEX_MASK = 0x0000001F;
     // delta from entry index component in main table to index into special case tables
     private static final int SPECIAL_CASE_COUNTRY_INDEX_DELTA = 1;
     // mask for distinguishing simple and special case countries
     private static final int COUNTRY_TYPE_MASK = SIMPLE_CASE_COUNTRY_MASK | SPECIAL_CASE_COUNTRY_MASK;
     // mask for the numeric code of the currency
-    private static final int NUMERIC_CODE_MASK = 0x0003FF00;
+    private static final int NUMERIC_CODE_MASK = 0x000FFC00;
     // shift count for the numeric code of the currency
-    private static final int NUMERIC_CODE_SHIFT = 8;
+    private static final int NUMERIC_CODE_SHIFT = 10;
 
     // Currency data format version
-    private static final int VALID_FORMAT_VERSION = 1;
+    private static final int VALID_FORMAT_VERSION = 2;
 
     static {
         AccessController.doPrivileged(new PrivilegedAction<Void>() {
@@ -261,7 +263,7 @@ public final class Currency implements Serializable {
                         Set<String> keys = props.stringPropertyNames();
                         Pattern propertiesPattern =
                             Pattern.compile("([A-Z]{3})\\s*,\\s*(\\d{3})\\s*,\\s*" +
-                                "([0-3])\\s*,?\\s*(\\d{4}-\\d{2}-\\d{2}T\\d{2}:" +
+                                "(\\d+)\\s*,?\\s*(\\d{4}-\\d{2}-\\d{2}T\\d{2}:" +
                                 "\\d{2}:\\d{2})?");
                         for (String key : keys) {
                            replaceCurrencyData(propertiesPattern,
@@ -682,7 +684,7 @@ public final class Currency implements Serializable {
      * @param ctry country code
      * @param curdata currency data.  This is a comma separated string that
      *    consists of "three-letter alphabet code", "three-digit numeric code",
-     *    and "one-digit (0,1,2, or 3) default fraction digit".
+     *    and "one-digit (0-9) default fraction digit".
      *    For example, "JPZ,392,0".
      *    An optional UTC date can be appended to the string (comma separated)
      *    to allow a currency change take effect after date specified.
@@ -721,8 +723,14 @@ public final class Currency implements Serializable {
 
         String code = m.group(1);
         int numeric = Integer.parseInt(m.group(2));
-        int fraction = Integer.parseInt(m.group(3));
         int entry = numeric << NUMERIC_CODE_SHIFT;
+        int fraction = Integer.parseInt(m.group(3));
+        if (fraction > SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS) {
+            info("currency.properties entry for " + ctry +
+                " ignored since the fraction is more than " +
+                SIMPLE_CASE_COUNTRY_MAX_DEFAULT_DIGITS + ":" + curdata, null);
+            return;
+        }
 
         int index;
         for (index = 0; index < scOldCurrencies.length; index++) {
diff --git a/jdk/test/java/util/Currency/CurrencyTest.java b/jdk/test/java/util/Currency/CurrencyTest.java
index 372071e9371..6edf0772eea 100644
--- a/jdk/test/java/util/Currency/CurrencyTest.java
+++ b/jdk/test/java/util/Currency/CurrencyTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 /*
  * @test
  * @bug 4290801 4692419 4693631 5101540 5104960 6296410 6336600 6371531
- *    6488442 7036905 8039317
+ *    6488442 7036905 8039317 8074350 8074351
  * @summary Basic tests for Currency class.
  */
 
@@ -49,6 +49,7 @@ public class CurrencyTest {
         testFractionDigits();
         testSerialization();
         testDisplayNames();
+        testFundsCodes();
     }
 
     static void testCurrencyCodeValidation() {
@@ -265,4 +266,41 @@ public class CurrencyTest {
         }
     }
 
+    static void testFundsCodes() {
+        testValidCurrency("BOV");
+        testValidCurrency("CHE");
+        testValidCurrency("CHW");
+        testValidCurrency("CLF");
+        testValidCurrency("COU");
+        testValidCurrency("MXV");
+        testValidCurrency("USN");
+        testValidCurrency("UYI");
+
+        testFractionDigits("BOV", 2);
+        testFractionDigits("CHE", 2);
+        testFractionDigits("CHW", 2);
+        testFractionDigits("CLF", 4);
+        testFractionDigits("COU", 2);
+        testFractionDigits("MXV", 2);
+        testFractionDigits("USN", 2);
+        testFractionDigits("UYI", 0);
+
+        testNumericCode("BOV", 984);
+        testNumericCode("CHE", 947);
+        testNumericCode("CHW", 948);
+        testNumericCode("CLF", 990);
+        testNumericCode("COU", 970);
+        testNumericCode("MXV", 979);
+        testNumericCode("USN", 997);
+        testNumericCode("UYI", 940);
+    }
+
+    static void testNumericCode(String currencyCode, int expectedNumeric) {
+        int numeric = Currency.getInstance(currencyCode).getNumericCode();
+        if (numeric != expectedNumeric) {
+            throw new RuntimeException("Wrong numeric code for currency " +
+                    currencyCode +": expected " + expectedNumeric +
+                    ", got " + numeric);
+        }
+    }
 }
diff --git a/jdk/test/java/util/Currency/PropertiesTest.java b/jdk/test/java/util/Currency/PropertiesTest.java
index 4b84e06584e..96127bf19fe 100644
--- a/jdk/test/java/util/Currency/PropertiesTest.java
+++ b/jdk/test/java/util/Currency/PropertiesTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -107,7 +107,7 @@ public class PropertiesTest {
         keys = p.stringPropertyNames();
         Pattern propertiesPattern =
             Pattern.compile("([A-Z]{3})\\s*,\\s*(\\d{3})\\s*,\\s*" +
-                "([0-3])\\s*,?\\s*(\\d{4}-\\d{2}-\\d{2}T\\d{2}:" +
+                "(\\d+)\\s*,?\\s*(\\d{4}-\\d{2}-\\d{2}T\\d{2}:" +
                 "\\d{2}:\\d{2})?");
         for (String key: keys) {
             String val = p.getProperty(key);
@@ -135,14 +135,20 @@ public class PropertiesTest {
                 // ignore this
                 continue;
             }
+
+            String code = m.group(1);
+            int numeric = Integer.parseInt(m.group(2));
+            int fraction = Integer.parseInt(m.group(3));
+            if (fraction > 9) {
+                System.out.println("Skipping since the fraction is greater than 9");
+                continue;
+            }
+
             Matcher mAfter = propertiesPattern.matcher(afterVal);
             mAfter.find();
 
-            String code = m.group(1);
             String codeAfter = mAfter.group(1);
-            int numeric = Integer.parseInt(m.group(2));
             int numericAfter = Integer.parseInt(mAfter.group(2));
-            int fraction = Integer.parseInt(m.group(3));
             int fractionAfter = Integer.parseInt(mAfter.group(3));
             if (code.equals(codeAfter) &&
                 (numeric == numericAfter)&&
diff --git a/jdk/test/java/util/Currency/PropertiesTest.sh b/jdk/test/java/util/Currency/PropertiesTest.sh
index 82810bd2f6d..c87788dfa42 100644
--- a/jdk/test/java/util/Currency/PropertiesTest.sh
+++ b/jdk/test/java/util/Currency/PropertiesTest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 #
 
 # @test
-# @bug 6332666 6863624 7180362 8003846
+# @bug 6332666 6863624 7180362 8003846 8074350 8074351
 # @summary tests the capability of replacing the currency data with user
 #     specified currency properties file
 # @build PropertiesTest
diff --git a/jdk/test/java/util/Currency/ValidateISO4217.java b/jdk/test/java/util/Currency/ValidateISO4217.java
index 17c76f79290..98fc0a00d8a 100644
--- a/jdk/test/java/util/Currency/ValidateISO4217.java
+++ b/jdk/test/java/util/Currency/ValidateISO4217.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 /*
  * @test
  * @bug 4691089 4819436 4942982 5104960 6544471 6627549 7066203 7195759
- *     8039317
+ *     8039317 8074350 8074351
  * @summary Validate ISO 4217 data for Currency class.
  */
 
@@ -93,7 +93,7 @@ public class ValidateISO4217 {
 
     /* Codes that are obsolete, do not have related country */
     static final String otherCodes =
-        "ADP-AFA-ATS-AYM-AZM-BEF-BGL-BOV-BYB-CLF-CUC-CYP-DEM-EEK-ESP-FIM-FRF-GHC-GRD-GWP-IEP-ITL-LUF-MGF-MTL-MXV-MZM-NLG-PTE-ROL-RUR-SDD-SIT-SKK-SRG-TMM-TPE-TRL-VEF-USN-USS-VEB-XAG-XAU-XBA-XBB-XBC-XBD-XDR-XFO-XFU-XPD-XPT-XSU-XTS-XUA-XXX-YUM-ZMK-ZWD-ZWN-ZWR";
+        "ADP-AFA-ATS-AYM-AZM-BEF-BGL-BOV-BYB-CHE-CHW-CLF-COU-CUC-CYP-DEM-EEK-ESP-FIM-FRF-GHC-GRD-GWP-IEP-ITL-LUF-MGF-MTL-MXV-MZM-NLG-PTE-ROL-RUR-SDD-SIT-SKK-SRG-TMM-TPE-TRL-VEF-UYI-USN-USS-VEB-XAG-XAU-XBA-XBB-XBC-XBD-XDR-XFO-XFU-XPD-XPT-XSU-XTS-XUA-XXX-YUM-ZMK-ZWD-ZWN-ZWR";
 
     static boolean err = false;
 
diff --git a/jdk/test/java/util/Currency/currency.properties b/jdk/test/java/util/Currency/currency.properties
index ce3c7bba79b..d8e874d819a 100644
--- a/jdk/test/java/util/Currency/currency.properties
+++ b/jdk/test/java/util/Currency/currency.properties
@@ -1,20 +1,30 @@
 #
 # Test data for replacing the currency data
 #
-JP=JPZ,123,2
-ES=ESD,877,2
-US=euR,978,2,2001-01-01T00:00:00
+
+# valid entries
+CL=CLF,990,4
 CM=IED,111,2, 2004-01-01T00:70:00
-SB=EUR,111,2, 2099-01-01T00:00:00
-ZZ	=	ZZZ	,	999	,	3
+ES=ESD,877,2
+JP=JPZ,123,2
+MA=MAA,555,5
+MC=MCC,555,6
+MD=MDD,555,7
+ME=MEE,555,8
+MF=MFF,555,9
 NO=EUR   ,978  ,2,  2099-01-01T00:00:00
+SB=EUR,111,2, 2099-01-01T00:00:00
+US=euR,978,2,2001-01-01T00:00:00
+ZZ	=	ZZZ	,	999	,	3
 
 # invalid entries
-GB=123
-FR=zzzzz.123
 DE=2009-01-01T00:00:00,EUR,111,2
-IE=euR,111,2,#testcomment
-=euR,111,2, 2099-01-01-00-00-00
 FM=DED,194,2,eeee-01-01T00:00:00
-PE=EUR   ,978  ,2,  20399-01-01T00:00:00
+FR=zzzzz.123
+GB=123
+IE=euR,111,2,#testcomment
+MG=MGG,990,10
 MX=SSS,493,2,2001-01-01-00-00-00
+PE=EUR   ,978  ,2,  20399-01-01T00:00:00
+MG=MGG,990,10
+=euR,111,2, 2099-01-01-00-00-00
diff --git a/jdk/test/java/util/Currency/tablea1.txt b/jdk/test/java/util/Currency/tablea1.txt
index 298856753b5..12c9f7e2024 100644
--- a/jdk/test/java/util/Currency/tablea1.txt
+++ b/jdk/test/java/util/Currency/tablea1.txt
@@ -5,7 +5,7 @@
 #
 
 # Version
-FILEVERSION=1
+FILEVERSION=2
 DATAVERSION=159
 
 # ISO 4217 currency data
@@ -55,7 +55,7 @@ KY	KYD	136	2
 CF	XAF	950	0
 TD	XAF	950	0
 CL	CLP	152	0
-#CL	CLF	990	0
+#CL	CLF	990	4
 CN	CNY	156	2
 CX	AUD	36	2
 CC	AUD	36	2
@@ -265,6 +265,7 @@ US	USD	840	2
 #US	USN	997	2
 UM	USD	840	2
 UY	UYU	858	2
+#UY	UYI	940	0
 UZ	UZS	860	2
 VU	VUV	548	0
 VE	VEF	937	2

From 40728fc162c82c5d3aded45cbcd2e7d382ecc3d3 Mon Sep 17 00:00:00 2001
From: Volker Simonis <simonis@openjdk.org>
Date: Wed, 18 Mar 2015 09:13:11 +0100
Subject: [PATCH 34/35] 8071687: AIX port of "8039173: Propagate errors from
 Diagnostic Commands as exceptions in the attach framework"

Reviewed-by: sla
---
 .../sun/tools/attach/VirtualMachineImpl.java       | 14 +++++++++++---
 .../aix/native/libattach/VirtualMachineImpl.c      |  8 ++++----
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/jdk/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java b/jdk/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
index cf96c51e9a9..afde9169993 100644
--- a/jdk/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/jdk/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2013 SAP AG. All rights reserved.
+ * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2015 SAP AG. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,9 +25,11 @@
  */
 package sun.tools.attach;
 
+import com.sun.tools.attach.AttachOperationFailedException;
 import com.sun.tools.attach.AgentLoadException;
 import com.sun.tools.attach.AttachNotSupportedException;
 import com.sun.tools.attach.spi.AttachProvider;
+
 import java.io.InputStream;
 import java.io.IOException;
 import java.io.File;
@@ -189,6 +191,8 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
         }
 
         if (completionStatus != 0) {
+            // read from the stream and use that as the error message
+            String message = readErrorMessage(sis);
             sis.close();
 
             // In the event of a protocol mismatch then the target VM
@@ -203,7 +207,11 @@ public class VirtualMachineImpl extends HotSpotVirtualMachine {
             if (cmd.equals("load")) {
                 throw new AgentLoadException("Failed to load agent library");
             } else {
-                throw new IOException("Command failed in target VM");
+                if (message == null) {
+                    throw new AttachOperationFailedException("Command failed in target VM");
+                } else {
+                    throw new AttachOperationFailedException(message);
+                }
             }
         }
 
diff --git a/jdk/src/jdk.attach/aix/native/libattach/VirtualMachineImpl.c b/jdk/src/jdk.attach/aix/native/libattach/VirtualMachineImpl.c
index df330549d8d..944998e8dda 100644
--- a/jdk/src/jdk.attach/aix/native/libattach/VirtualMachineImpl.c
+++ b/jdk/src/jdk.attach/aix/native/libattach/VirtualMachineImpl.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2014 SAP AG. All rights reserved.
+ * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2015 SAP AG. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -238,14 +238,14 @@ JNIEXPORT jint JNICALL Java_sun_tools_attach_VirtualMachineImpl_read
         len = remaining;
     }
 
-    RESTARTABLE(read(fd, buf+off, len), n);
+    RESTARTABLE(read(fd, buf, len), n);
     if (n == -1) {
         JNU_ThrowIOExceptionWithLastError(env, "read");
     } else {
         if (n == 0) {
             n = -1;     // EOF
         } else {
-            (*env)->SetByteArrayRegion(env, ba, off, (jint)n, (jbyte *)(buf+off));
+            (*env)->SetByteArrayRegion(env, ba, off, (jint)n, (jbyte *)(buf));
         }
     }
     return n;

From bd11f63b043ecfd9dac4a46c85279d0d567595d9 Mon Sep 17 00:00:00 2001
From: Joe Darcy <darcy@openjdk.org>
Date: Thu, 19 Mar 2015 13:18:49 -0700
Subject: [PATCH 35/35] 8075544: Add tiered testing definitions to the jdk repo

Reviewed-by: alanb
---
 jdk/test/TEST.groups | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/jdk/test/TEST.groups b/jdk/test/TEST.groups
index 94059833a86..2ee1007a5e7 100644
--- a/jdk/test/TEST.groups
+++ b/jdk/test/TEST.groups
@@ -20,6 +20,31 @@
 #  questions.
 #
 
+###############################################################################
+#
+# Tiered testing definitions
+#
+
+tier1 = \
+    :jdk_lang \
+    :jdk_util \
+    :jdk_math
+
+tier2 = \
+    :jdk_io \
+    :jdk_nio \
+    :jdk_net \
+    :jdk_rmi \
+    :jdk_time \
+    :jdk_security \
+    :jdk_text \
+    :core_tools
+
+###############################################################################
+#
+# Other test definitions; generally smaller granularity than tiers
+#
+
 # java.lang package and VM runtime support
 jdk_lang = \
     java/lang \