From e3ce03230a650f6350ff13edf64c43a74b3bd27d Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Wed, 22 Feb 2012 15:38:24 -0500 Subject: [PATCH 1/9] 7145239: Finetune package definition restriction Reviewed-by: hawtin --- jdk/src/share/lib/security/java.security | 6 +++--- jdk/src/share/lib/security/java.security-solaris | 6 +++--- jdk/src/share/lib/security/java.security-windows | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/jdk/src/share/lib/security/java.security b/jdk/src/share/lib/security/java.security index a89d40e194b..1b5518054c3 100644 --- a/jdk/src/share/lib/security/java.security +++ b/jdk/src/share/lib/security/java.security @@ -132,10 +132,10 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun. # corresponding RuntimePermission ("defineClassInPackage."+package) has # been granted. # -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. +# by default, none of the class loaders supplied with the JDK call +# checkPackageDefinition. # -#package.definition= +package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio. # # Determines whether this properties file can be appended to diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris index 1a19f44d231..9ec6c64b4b5 100644 --- a/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris @@ -133,10 +133,10 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun. # corresponding RuntimePermission ("defineClassInPackage."+package) has # been granted. # -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. +# by default, none of the class loaders supplied with the JDK call +# checkPackageDefinition. # -#package.definition= +package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio. # # Determines whether this properties file can be appended to diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows index 3db627a4f32..fbaace84919 100644 --- a/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows @@ -133,10 +133,10 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun. # corresponding RuntimePermission ("defineClassInPackage."+package) has # been granted. # -# by default, no packages are restricted for definition, and none of -# the class loaders supplied with the JDK call checkPackageDefinition. +# by default, none of the class loaders supplied with the JDK call +# checkPackageDefinition. # -#package.definition= +package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio. # # Determines whether this properties file can be appended to From 39cf6b2fdc8611ddd5a35790f1e833f9d453ff1d Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Tue, 28 Feb 2012 10:44:56 +0400 Subject: [PATCH 2/9] 7143617: Improve fontmanager layout lookup operations Reviewed-by: igor, prr, mschoene --- .../native/sun/font/layout/LookupProcessor.cpp | 15 ++++++++++++++- .../native/sun/font/layout/LookupProcessor.h | 1 + 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp b/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp index eb5002ef8a2..60727aa3f3a 100644 --- a/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp +++ b/jdk/src/share/native/sun/font/layout/LookupProcessor.cpp @@ -95,6 +95,10 @@ le_int32 LookupProcessor::process(LEGlyphStorage &glyphStorage, GlyphPositionAdj if (selectMask != 0) { const LookupTable *lookupTable = lookupListTable->getLookupTable(lookup); + + if (!lookupTable) + continue; + le_uint16 lookupFlags = SWAPW(lookupTable->lookupFlags); glyphIterator.reset(lookupFlags, selectMask); @@ -136,6 +140,9 @@ le_int32 LookupProcessor::selectLookups(const FeatureTable *featureTable, Featur for (le_uint16 lookup = 0; lookup < lookupCount; lookup += 1) { le_uint16 lookupListIndex = SWAPW(featureTable->lookupListIndexArray[lookup]); + if (lookupListIndex >= lookupSelectCount) + continue; + lookupSelectArray[lookupListIndex] |= featureMask; lookupOrderArray[store++] = lookupListIndex; } @@ -147,7 +154,7 @@ LookupProcessor::LookupProcessor(const char *baseAddress, Offset scriptListOffset, Offset featureListOffset, Offset lookupListOffset, LETag scriptTag, LETag languageTag, const FeatureMap *featureMap, le_int32 featureMapCount, le_bool orderFeatures, LEErrorCode& success) - : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL), + : lookupListTable(NULL), featureListTable(NULL), lookupSelectArray(NULL), lookupSelectCount(0), lookupOrderArray(NULL), lookupOrderCount(0) { const ScriptListTable *scriptListTable = NULL; @@ -195,6 +202,8 @@ LookupProcessor::LookupProcessor(const char *baseAddress, lookupSelectArray[i] = 0; } + lookupSelectCount = lookupListCount; + le_int32 count, order = 0; le_int32 featureReferences = 0; const FeatureTable *featureTable = NULL; @@ -211,6 +220,10 @@ LookupProcessor::LookupProcessor(const char *baseAddress, le_uint16 featureIndex = SWAPW(langSysTable->featureIndexArray[feature]); featureTable = featureListTable->getFeatureTable(featureIndex, &featureTag); + + if (!featureTable) + continue; + featureReferences += SWAPW(featureTable->lookupCount); } diff --git a/jdk/src/share/native/sun/font/layout/LookupProcessor.h b/jdk/src/share/native/sun/font/layout/LookupProcessor.h index 73a44f05cdb..dc474c4f2bc 100644 --- a/jdk/src/share/native/sun/font/layout/LookupProcessor.h +++ b/jdk/src/share/native/sun/font/layout/LookupProcessor.h @@ -90,6 +90,7 @@ protected: const FeatureListTable *featureListTable; FeatureMask *lookupSelectArray; + le_uint32 lookupSelectCount; le_uint16 *lookupOrderArray; le_uint32 lookupOrderCount; From 54c7a4294991fce66e2d921dfd32d075ea616de7 Mon Sep 17 00:00:00 2001 From: Pavel Porvatov Date: Tue, 28 Feb 2012 16:09:15 +0200 Subject: [PATCH 3/9] 7143614: SynthLookAndFeel stability improvement Reviewed-by: malenkov --- .../javax/swing/plaf/synth/SynthButtonUI.java | 4 +- .../javax/swing/plaf/synth/SynthLabelUI.java | 4 +- .../swing/plaf/synth/SynthLookAndFeel.java | 57 ++++++----- .../swing/plaf/synth/7143614/bug7143614.java | 97 +++++++++++++++++++ 4 files changed, 133 insertions(+), 29 deletions(-) create mode 100644 jdk/test/javax/swing/plaf/synth/7143614/bug7143614.java diff --git a/jdk/src/share/classes/javax/swing/plaf/synth/SynthButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/synth/SynthButtonUI.java index 80d3eb15fe0..0f5df434c70 100644 --- a/jdk/src/share/classes/javax/swing/plaf/synth/SynthButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/synth/SynthButtonUI.java @@ -152,8 +152,8 @@ public class SynthButtonUI extends BasicButtonUI implements if (!c.isEnabled()) { state = DISABLED; } - if (SynthLookAndFeel.selectedUI == this) { - return SynthLookAndFeel.selectedUIState | SynthConstants.ENABLED; + if (SynthLookAndFeel.getSelectedUI() == this) { + return SynthLookAndFeel.getSelectedUIState() | SynthConstants.ENABLED; } AbstractButton button = (AbstractButton) c; ButtonModel model = button.getModel(); diff --git a/jdk/src/share/classes/javax/swing/plaf/synth/SynthLabelUI.java b/jdk/src/share/classes/javax/swing/plaf/synth/SynthLabelUI.java index 1c1927291b8..e0c50e166cd 100644 --- a/jdk/src/share/classes/javax/swing/plaf/synth/SynthLabelUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/synth/SynthLabelUI.java @@ -97,9 +97,9 @@ public class SynthLabelUI extends BasicLabelUI implements SynthUI { private int getComponentState(JComponent c) { int state = SynthLookAndFeel.getComponentState(c); - if (SynthLookAndFeel.selectedUI == this && + if (SynthLookAndFeel.getSelectedUI() == this && state == SynthConstants.ENABLED) { - state = SynthLookAndFeel.selectedUIState | SynthConstants.ENABLED; + state = SynthLookAndFeel.getSelectedUIState() | SynthConstants.ENABLED; } return state; } diff --git a/jdk/src/share/classes/javax/swing/plaf/synth/SynthLookAndFeel.java b/jdk/src/share/classes/javax/swing/plaf/synth/SynthLookAndFeel.java index 12121cc5038..bece289030f 100644 --- a/jdk/src/share/classes/javax/swing/plaf/synth/SynthLookAndFeel.java +++ b/jdk/src/share/classes/javax/swing/plaf/synth/SynthLookAndFeel.java @@ -76,28 +76,26 @@ public class SynthLookAndFeel extends BasicLookAndFeel { private static final Object STYLE_FACTORY_KEY = new StringBuffer("com.sun.java.swing.plaf.gtk.StyleCache"); + /** + * AppContext key to get selectedUI. + */ + private static final Object SELECTED_UI_KEY = new StringBuilder("selectedUI"); + + /** + * AppContext key to get selectedUIState. + */ + private static final Object SELECTED_UI_STATE_KEY = new StringBuilder("selectedUIState"); + /** * The last SynthStyleFactory that was asked for from AppContext * lastContext. */ private static SynthStyleFactory lastFactory; - /** - * If this is true it indicates there is more than one AppContext active - * and that we need to make sure in getStyleCache the requesting - * AppContext matches that of lastContext before returning - * it. - */ - private static boolean multipleApps; /** * AppContext lastLAF came from. */ private static AppContext lastContext; - // Refer to setSelectedUI - static ComponentUI selectedUI; - // Refer to setSelectedUI - static int selectedUIState; - /** * SynthStyleFactory for the this SynthLookAndFeel. */ @@ -111,6 +109,10 @@ public class SynthLookAndFeel extends BasicLookAndFeel { private Handler _handler; + static ComponentUI getSelectedUI() { + return (ComponentUI) AppContext.getAppContext().get(SELECTED_UI_KEY); + } + /** * Used by the renderers. For the most part the renderers are implemented * as Labels, which is problematic in so far as they are never selected. @@ -122,8 +124,8 @@ public class SynthLookAndFeel extends BasicLookAndFeel { static void setSelectedUI(ComponentUI uix, boolean selected, boolean focused, boolean enabled, boolean rollover) { - selectedUI = uix; - selectedUIState = 0; + int selectedUIState = 0; + if (selected) { selectedUIState = SynthConstants.SELECTED; if (focused) { @@ -140,19 +142,32 @@ public class SynthLookAndFeel extends BasicLookAndFeel { else { if (enabled) { selectedUIState |= SynthConstants.ENABLED; - selectedUIState = SynthConstants.FOCUSED; + if (focused) { + selectedUIState |= SynthConstants.FOCUSED; + } } else { selectedUIState |= SynthConstants.DISABLED; } } + + AppContext context = AppContext.getAppContext(); + + context.put(SELECTED_UI_KEY, uix); + context.put(SELECTED_UI_STATE_KEY, Integer.valueOf(selectedUIState)); + } + + static int getSelectedUIState() { + Integer result = (Integer) AppContext.getAppContext().get(SELECTED_UI_STATE_KEY); + + return result == null ? 0 : result.intValue(); } /** * Clears out the selected UI that was last set in setSelectedUI. */ static void resetSelectedUI() { - selectedUI = null; + AppContext.getAppContext().remove(SELECTED_UI_KEY); } @@ -167,10 +182,6 @@ public class SynthLookAndFeel extends BasicLookAndFeel { // for a particular AppContext. synchronized(SynthLookAndFeel.class) { AppContext context = AppContext.getAppContext(); - if (!multipleApps && context != lastContext && - lastContext != null) { - multipleApps = true; - } lastFactory = cache; lastContext = context; context.put(STYLE_FACTORY_KEY, cache); @@ -184,17 +195,13 @@ public class SynthLookAndFeel extends BasicLookAndFeel { */ public static SynthStyleFactory getStyleFactory() { synchronized(SynthLookAndFeel.class) { - if (!multipleApps) { - return lastFactory; - } AppContext context = AppContext.getAppContext(); if (lastContext == context) { return lastFactory; } lastContext = context; - lastFactory = (SynthStyleFactory)AppContext.getAppContext().get - (STYLE_FACTORY_KEY); + lastFactory = (SynthStyleFactory) context.get(STYLE_FACTORY_KEY); return lastFactory; } } diff --git a/jdk/test/javax/swing/plaf/synth/7143614/bug7143614.java b/jdk/test/javax/swing/plaf/synth/7143614/bug7143614.java new file mode 100644 index 00000000000..a4f81fd031e --- /dev/null +++ b/jdk/test/javax/swing/plaf/synth/7143614/bug7143614.java @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7143614 + * @summary Issues with Synth Look&Feel + * @author Pavel Porvatov + */ + +import sun.awt.SunToolkit; + +import javax.swing.plaf.ComponentUI; +import javax.swing.plaf.basic.BasicButtonUI; +import javax.swing.plaf.synth.SynthConstants; +import javax.swing.plaf.synth.SynthLookAndFeel; +import java.lang.reflect.Method; + +public class bug7143614 { + private static Method setSelectedUIMethod; + + private static ComponentUI componentUI = new BasicButtonUI(); + + public static void main(String[] args) throws Exception { + setSelectedUIMethod = SynthLookAndFeel.class.getDeclaredMethod("setSelectedUI", ComponentUI.class, + boolean.class, boolean.class, boolean.class, boolean.class); + setSelectedUIMethod.setAccessible(true); + + setSelectedUIMethod.invoke(null, componentUI, true, true, true, true); + + validate(); + + Thread thread = new ThreadInAnotherAppContext(); + + thread.start(); + thread.join(); + + validate(); + + System.out.println("Test bug7143614 passed."); + } + + private static void validate() throws Exception { + Method getSelectedUIMethod = SynthLookAndFeel.class.getDeclaredMethod("getSelectedUI"); + + getSelectedUIMethod.setAccessible(true); + + Method getSelectedUIStateMethod = SynthLookAndFeel.class.getDeclaredMethod("getSelectedUIState"); + + getSelectedUIStateMethod.setAccessible(true); + + if (getSelectedUIMethod.invoke(null) != componentUI) { + throw new RuntimeException("getSelectedUI returns invalid value"); + } + if (((Integer) getSelectedUIStateMethod.invoke(null)).intValue() != + (SynthConstants.SELECTED | SynthConstants.FOCUSED)) { + throw new RuntimeException("getSelectedUIState returns invalid value"); + } + + } + + private static class ThreadInAnotherAppContext extends Thread { + public ThreadInAnotherAppContext() { + super(new ThreadGroup("7143614"), "ThreadInAnotherAppContext"); + } + + public void run() { + SunToolkit.createNewAppContext(); + + try { + setSelectedUIMethod.invoke(null, null, false, false, false, false); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + } +} From 7902f129f5a45a71f9af2ee7c03e7c2d96eb0ac2 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Wed, 29 Feb 2012 14:06:00 +0800 Subject: [PATCH 4/9] 7143872: Improve certificate extension processing Reviewed-by: mullan --- .../sun/security/x509/CRLExtensions.java | 9 +- .../security/x509/CertificateExtensions.java | 13 ++- .../sun/security/x509/X509CRLEntryImpl.java | 52 +++++++--- .../sun/security/x509/X509CRLImpl.java | 56 ++++++----- .../sun/security/x509/X509CertImpl.java | 22 +++-- .../x509/X509CRLImpl/OrderAndDup.java | 99 +++++++++++++++++++ 6 files changed, 201 insertions(+), 50 deletions(-) create mode 100644 jdk/test/sun/security/x509/X509CRLImpl/OrderAndDup.java diff --git a/jdk/src/share/classes/sun/security/x509/CRLExtensions.java b/jdk/src/share/classes/sun/security/x509/CRLExtensions.java index 7b6c34b54a0..dc1fc71968c 100644 --- a/jdk/src/share/classes/sun/security/x509/CRLExtensions.java +++ b/jdk/src/share/classes/sun/security/x509/CRLExtensions.java @@ -32,8 +32,10 @@ import java.lang.reflect.InvocationTargetException; import java.security.cert.CRLException; import java.security.cert.CertificateException; import java.util.Collection; +import java.util.Collections; import java.util.Enumeration; -import java.util.Hashtable; +import java.util.Map; +import java.util.TreeMap; import sun.security.util.*; import sun.misc.HexDumpEncoder; @@ -62,7 +64,8 @@ import sun.misc.HexDumpEncoder; */ public class CRLExtensions { - private Hashtable map = new Hashtable(); + private Map map = Collections.synchronizedMap( + new TreeMap()); private boolean unsupportedCritExt = false; /** @@ -215,7 +218,7 @@ public class CRLExtensions { * @return an enumeration of the extensions in this CRL. */ public Enumeration getElements() { - return map.elements(); + return Collections.enumeration(map.values()); } /** diff --git a/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java b/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java index b1dc9367512..65dcff1a3e1 100644 --- a/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java +++ b/jdk/src/share/classes/sun/security/x509/CertificateExtensions.java @@ -57,7 +57,8 @@ public class CertificateExtensions implements CertAttrSet { private static final Debug debug = Debug.getInstance("x509"); - private Hashtable map = new Hashtable(); + private Map map = Collections.synchronizedMap( + new TreeMap()); private boolean unsupportedCritExt = false; private Map unparseableExtensions; @@ -117,7 +118,7 @@ public class CertificateExtensions implements CertAttrSet { if (ext.isCritical() == false) { // ignore errors parsing non-critical extensions if (unparseableExtensions == null) { - unparseableExtensions = new HashMap(); + unparseableExtensions = new TreeMap(); } unparseableExtensions.put(ext.getExtensionId().toString(), new UnparseableExtension(ext, e)); @@ -218,6 +219,12 @@ public class CertificateExtensions implements CertAttrSet { return (obj); } + // Similar to get(String), but throw no exception, might return null. + // Used in X509CertImpl::getExtension(OID). + Extension getExtension(String name) { + return map.get(name); + } + /** * Delete the attribute value. * @param name the extension name used in the lookup. @@ -245,7 +252,7 @@ public class CertificateExtensions implements CertAttrSet { * attribute. */ public Enumeration getElements() { - return map.elements(); + return Collections.enumeration(map.values()); } /** diff --git a/jdk/src/share/classes/sun/security/x509/X509CRLEntryImpl.java b/jdk/src/share/classes/sun/security/x509/X509CRLEntryImpl.java index 495cc06e5be..a074c38720b 100644 --- a/jdk/src/share/classes/sun/security/x509/X509CRLEntryImpl.java +++ b/jdk/src/share/classes/sun/security/x509/X509CRLEntryImpl.java @@ -32,13 +32,7 @@ import java.security.cert.CRLReason; import java.security.cert.CertificateException; import java.security.cert.X509CRLEntry; import java.math.BigInteger; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.HashSet; +import java.util.*; import javax.security.auth.x500.X500Principal; @@ -75,7 +69,8 @@ import sun.misc.HexDumpEncoder; * @author Hemma Prafullchandra */ -public class X509CRLEntryImpl extends X509CRLEntry { +public class X509CRLEntryImpl extends X509CRLEntry + implements Comparable { private SerialNumber serialNumber = null; private Date revocationDate = null; @@ -196,9 +191,14 @@ public class X509CRLEntryImpl extends X509CRLEntry { * @exception CRLException if an encoding error occurs. */ public byte[] getEncoded() throws CRLException { + return getEncoded0().clone(); + } + + // Called internally to avoid clone + private byte[] getEncoded0() throws CRLException { if (revokedCert == null) this.encode(new DerOutputStream()); - return revokedCert.clone(); + return revokedCert; } @Override @@ -352,7 +352,7 @@ public class X509CRLEntryImpl extends X509CRLEntry { if (extensions == null) { return null; } - Set extSet = new HashSet(); + Set extSet = new TreeSet<>(); for (Extension ex : extensions.getAllExtensions()) { if (ex.isCritical()) { extSet.add(ex.getExtensionId().toString()); @@ -373,7 +373,7 @@ public class X509CRLEntryImpl extends X509CRLEntry { if (extensions == null) { return null; } - Set extSet = new HashSet(); + Set extSet = new TreeSet<>(); for (Extension ex : extensions.getAllExtensions()) { if (!ex.isCritical()) { extSet.add(ex.getExtensionId().toString()); @@ -501,13 +501,39 @@ public class X509CRLEntryImpl extends X509CRLEntry { getExtension(PKIXExtensions.CertificateIssuer_Id); } + /** + * Returns all extensions for this entry in a map + * @return the extension map, can be empty, but not null + */ public Map getExtensions() { + if (extensions == null) { + return Collections.emptyMap(); + } Collection exts = extensions.getAllExtensions(); - HashMap map = - new HashMap(exts.size()); + Map map = new TreeMap<>(); for (Extension ext : exts) { map.put(ext.getId(), ext); } return map; } + + @Override + public int compareTo(X509CRLEntryImpl that) { + int compSerial = getSerialNumber().compareTo(that.getSerialNumber()); + if (compSerial != 0) { + return compSerial; + } + try { + byte[] thisEncoded = this.getEncoded0(); + byte[] thatEncoded = that.getEncoded0(); + for (int i=0; i - * An implmentation for X509 CRL (Certificate Revocation List). + * An implementation for X509 CRL (Certificate Revocation List). *

* The X.509 v2 CRL format is described below in ASN.1: * 

@@ -104,7 +104,8 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
     private X500Principal    issuerPrincipal = null;
     private Date             thisUpdate = null;
     private Date             nextUpdate = null;
-    private Map revokedCerts = new LinkedHashMap();
+    private Map revokedMap = new TreeMap<>();
+    private List revokedList = new LinkedList<>();
     private CRLExtensions    extensions = null;
     private final static boolean isExplicit = true;
     private static final long YR_2050 = 2524636800000L;
@@ -223,7 +224,8 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
                 badCert.setCertificateIssuer(crlIssuer, badCertIssuer);
                 X509IssuerSerial issuerSerial = new X509IssuerSerial
                     (badCertIssuer, badCert.getSerialNumber());
-                this.revokedCerts.put(issuerSerial, badCert);
+                this.revokedMap.put(issuerSerial, badCert);
+                this.revokedList.add(badCert);
                 if (badCert.hasExtensions()) {
                     this.version = 1;
                 }
@@ -305,8 +307,8 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
                     tmp.putGeneralizedTime(nextUpdate);
             }
 
-            if (!revokedCerts.isEmpty()) {
-                for (X509CRLEntry entry : revokedCerts.values()) {
+            if (!revokedList.isEmpty()) {
+                for (X509CRLEntry entry : revokedList) {
                     ((X509CRLEntryImpl)entry).encode(rCerts);
                 }
                 tmp.write(DerValue.tag_Sequence, rCerts);
@@ -490,14 +492,14 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
             sb.append("\nThis Update: " + thisUpdate.toString() + "\n");
         if (nextUpdate != null)
             sb.append("Next Update: " + nextUpdate.toString() + "\n");
-        if (revokedCerts.isEmpty())
+        if (revokedList.isEmpty())
             sb.append("\nNO certificates have been revoked\n");
         else {
-            sb.append("\nRevoked Certificates: " + revokedCerts.size());
+            sb.append("\nRevoked Certificates: " + revokedList.size());
             int i = 1;
-            for (Iterator iter = revokedCerts.values().iterator();
-                                             iter.hasNext(); i++)
-                sb.append("\n[" + i + "] " + iter.next().toString());
+            for (X509CRLEntry entry: revokedList) {
+                sb.append("\n[" + i++ + "] " + entry.toString());
+            }
         }
         if (extensions != null) {
             Collection allExts = extensions.getAllExtensions();
@@ -543,12 +545,12 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
      * false otherwise.
      */
     public boolean isRevoked(Certificate cert) {
-        if (revokedCerts.isEmpty() || (!(cert instanceof X509Certificate))) {
+        if (revokedMap.isEmpty() || (!(cert instanceof X509Certificate))) {
             return false;
         }
         X509Certificate xcert = (X509Certificate) cert;
         X509IssuerSerial issuerSerial = new X509IssuerSerial(xcert);
-        return revokedCerts.containsKey(issuerSerial);
+        return revokedMap.containsKey(issuerSerial);
     }
 
     /**
@@ -638,24 +640,24 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
      * @see X509CRLEntry
      */
     public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) {
-        if (revokedCerts.isEmpty()) {
+        if (revokedMap.isEmpty()) {
             return null;
         }
         // assume this is a direct CRL entry (cert and CRL issuer are the same)
         X509IssuerSerial issuerSerial = new X509IssuerSerial
             (getIssuerX500Principal(), serialNumber);
-        return revokedCerts.get(issuerSerial);
+        return revokedMap.get(issuerSerial);
     }
 
     /**
      * Gets the CRL entry for the given certificate.
      */
     public X509CRLEntry getRevokedCertificate(X509Certificate cert) {
-        if (revokedCerts.isEmpty()) {
+        if (revokedMap.isEmpty()) {
             return null;
         }
         X509IssuerSerial issuerSerial = new X509IssuerSerial(cert);
-        return revokedCerts.get(issuerSerial);
+        return revokedMap.get(issuerSerial);
     }
 
     /**
@@ -667,10 +669,10 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
      * @see X509CRLEntry
      */
     public Set getRevokedCertificates() {
-        if (revokedCerts.isEmpty()) {
+        if (revokedList.isEmpty()) {
             return null;
         } else {
-            return new HashSet(revokedCerts.values());
+            return new TreeSet(revokedList);
         }
     }
 
@@ -905,7 +907,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
         if (extensions == null) {
             return null;
         }
-        Set extSet = new HashSet();
+        Set extSet = new TreeSet<>();
         for (Extension ex : extensions.getAllExtensions()) {
             if (ex.isCritical()) {
                 extSet.add(ex.getExtensionId().toString());
@@ -926,7 +928,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
         if (extensions == null) {
             return null;
         }
-        Set extSet = new HashSet();
+        Set extSet = new TreeSet<>();
         for (Extension ex : extensions.getAllExtensions()) {
             if (!ex.isCritical()) {
                 extSet.add(ex.getExtensionId().toString());
@@ -1103,7 +1105,8 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
                 entry.setCertificateIssuer(crlIssuer, badCertIssuer);
                 X509IssuerSerial issuerSerial = new X509IssuerSerial
                     (badCertIssuer, entry.getSerialNumber());
-                revokedCerts.put(issuerSerial, entry);
+                revokedMap.put(issuerSerial, entry);
+                revokedList.add(entry);
             }
         }
 
@@ -1208,7 +1211,8 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
     /**
      * Immutable X.509 Certificate Issuer DN and serial number pair
      */
-    private final static class X509IssuerSerial {
+    private final static class X509IssuerSerial
+            implements Comparable {
         final X500Principal issuer;
         final BigInteger serial;
         volatile int hashcode = 0;
@@ -1287,5 +1291,13 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
             }
             return hashcode;
         }
+
+        @Override
+        public int compareTo(X509IssuerSerial another) {
+            int cissuer = issuer.toString()
+                    .compareTo(another.issuer.toString());
+            if (cissuer != 0) return cissuer;
+            return this.serial.compareTo(another.serial);
+        }
     }
 }
diff --git a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
index eb7dc39c0bf..64ac1c36176 100644
--- a/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
+++ b/jdk/src/share/classes/sun/security/x509/X509CertImpl.java
@@ -1214,7 +1214,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
             if (exts == null) {
                 return null;
             }
-            Set extSet = new HashSet();
+            Set extSet = new TreeSet<>();
             for (Extension ex : exts.getAllExtensions()) {
                 if (ex.isCritical()) {
                     extSet.add(ex.getExtensionId().toString());
@@ -1244,7 +1244,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
             if (exts == null) {
                 return null;
             }
-            Set extSet = new HashSet();
+            Set extSet = new TreeSet<>();
             for (Extension ex : exts.getAllExtensions()) {
                 if (!ex.isCritical()) {
                     extSet.add(ex.getExtensionId().toString());
@@ -1278,10 +1278,14 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
             if (extensions == null) {
                 return null;
             } else {
-                for (Extension ex : extensions.getAllExtensions()) {
-                    if (ex.getExtensionId().equals(oid)) {
+                Extension ex = extensions.getExtension(oid.toString());
+                if (ex != null) {
+                    return ex;
+                }
+                for (Extension ex2: extensions.getAllExtensions()) {
+                    if (ex2.getExtensionId().equals((Object)oid)) {
                         //XXXX May want to consider cloning this
-                        return ex;
+                        return ex2;
                     }
                 }
                 /* no such extension in this certificate */
@@ -1480,10 +1484,10 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
         if (names.isEmpty()) {
             return Collections.>emptySet();
         }
-        Set> newNames = new HashSet>();
+        List> newNames = new ArrayList<>();
         for (GeneralName gname : names.names()) {
             GeneralNameInterface name = gname.getName();
-            List nameEntry = new ArrayList(2);
+            List nameEntry = new ArrayList<>(2);
             nameEntry.add(Integer.valueOf(name.getType()));
             switch (name.getType()) {
             case GeneralNameInterface.NAME_RFC822:
@@ -1541,12 +1545,12 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
             }
         }
         if (mustClone) {
-            Set> namesCopy = new HashSet>();
+            List> namesCopy = new ArrayList<>();
             for (List nameEntry : altNames) {
                 Object nameObject = nameEntry.get(1);
                 if (nameObject instanceof byte[]) {
                     List nameEntryCopy =
-                                        new ArrayList(nameEntry);
+                                        new ArrayList<>(nameEntry);
                     nameEntryCopy.set(1, ((byte[])nameObject).clone());
                     namesCopy.add(Collections.unmodifiableList(nameEntryCopy));
                 } else {
diff --git a/jdk/test/sun/security/x509/X509CRLImpl/OrderAndDup.java b/jdk/test/sun/security/x509/X509CRLImpl/OrderAndDup.java
new file mode 100644
index 00000000000..51610e61c7f
--- /dev/null
+++ b/jdk/test/sun/security/x509/X509CRLImpl/OrderAndDup.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7143872
+ * @summary Improve certificate extension processing
+ */
+import java.io.ByteArrayInputStream;
+import java.math.BigInteger;
+import java.security.KeyPairGenerator;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509CRLEntry;
+import java.util.Date;
+import sun.security.util.DerInputStream;
+import sun.security.util.DerValue;
+import sun.security.x509.*;
+
+public class OrderAndDup {
+    public static void main(String[] args) throws Exception {
+
+        // Generate 20 serial numbers with dup and a special order
+        int count = 20;
+        BigInteger[] serials = new BigInteger[count];
+        for (int i=0; i
Date: Mon, 26 Mar 2012 14:03:09 +0100
Subject: [PATCH 5/9] 7143851: Improve IIOP stub and tie generation in RMIC
 7149048: Changes to corba rmic stubGenerator class are not used during jdk
 build process

Reviewed-by: mschoene, robm
---
 jdk/make/com/sun/jmx/Makefile | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/jdk/make/com/sun/jmx/Makefile b/jdk/make/com/sun/jmx/Makefile
index 2f036de3576..62435751673 100644
--- a/jdk/make/com/sun/jmx/Makefile
+++ b/jdk/make/com/sun/jmx/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -100,6 +100,23 @@ FILES_ties   = $(subst javax/management/remote/rmi/,javax/management/remote/rmi/
 # so that *_tie classes are generated in package without the prefix
 # org.omg.stub (6375696)
 # 
+# To ensure the latest stub generator files are picked up from corba repo
+# when available, we need to run with latest rmic version available. rmic 
+# launch tool not built at this stage but we can invoke via rmi class.
+
+RMIC_JAVA = $(OUTPUTDIR)/bin/java
+# need to treat 64bit solaris differently
+ifeq ($(PLATFORM)-$(LIBARCH), solaris-amd64)
+RMIC_JAVA = $(OUTPUTDIR)/bin/amd64/java
+endif
+ifeq ($(PLATFORM)-$(LIBARCH), solaris-sparcv9)
+RMIC_JAVA = $(OUTPUTDIR)/bin/sparcv9/java
+endif
+
+ifeq ($(CROSS_COMPILE_ARCH),)
+RMIC = $(RMIC_JAVA) $(JAVA_TOOLS_FLAGS) -cp $(OUTPUTDIR)/classes sun.rmi.rmic.Main
+endif  
+
 $(CLASSDESTDIR)/%_Stub.class: $(CLASSDESTDIR)/%.class
 	$(prep-target)
 	$(RMIC) -classpath "$(CLASSDESTDIR)"    \

From c3a386ef6dac0a4c96472be976be0758238ab134 Mon Sep 17 00:00:00 2001
From: Rob McKenna 
Date: Wed, 11 Apr 2012 17:47:56 -0700
Subject: [PATCH 6/9] 7143606: File.createTempFile should be improved for
 temporary files created by the platform

Reviewed-by: sherman
---
 .../classes/apple/applescript/AppleScriptEngine.java  |  5 +++--
 .../classes/com/sun/java/util/jar/pack/Driver.java    |  7 +++----
 jdk/src/share/classes/java/awt/Font.java              |  7 ++++---
 .../imageio/stream/FileCacheImageInputStream.java     | 10 +++++++---
 .../imageio/stream/FileCacheImageOutputStream.java    | 10 +++++++---
 .../share/classes/javax/management/loading/MLet.java  |  8 +++++---
 jdk/src/share/classes/sun/print/PSPrinterJob.java     |  5 +++--
 jdk/src/share/classes/sun/rmi/server/Activation.java  |  5 +++--
 jdk/src/share/classes/sun/tools/jar/Main.java         |  4 ++--
 .../share/classes/sun/tools/native2ascii/Main.java    | 11 ++++-------
 .../solaris/classes/sun/font/FcFontConfiguration.java |  5 +++--
 jdk/src/solaris/classes/sun/print/UnixPrintJob.java   |  5 +++--
 .../classes/sun/print/UnixPrintServiceLookup.java     |  5 +++--
 13 files changed, 50 insertions(+), 37 deletions(-)

diff --git a/jdk/src/macosx/classes/apple/applescript/AppleScriptEngine.java b/jdk/src/macosx/classes/apple/applescript/AppleScriptEngine.java
index 06a20d79e7c..917037b7998 100644
--- a/jdk/src/macosx/classes/apple/applescript/AppleScriptEngine.java
+++ b/jdk/src/macosx/classes/apple/applescript/AppleScriptEngine.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package apple.applescript;
 
 import java.io.*;
+import java.nio.file.Files;
 import java.util.*;
 import java.util.Map.Entry;
 
@@ -297,7 +298,7 @@ public class AppleScriptEngine implements ScriptEngine {
         File tmpfile;
         FileWriter tmpwrite;
         try {
-            tmpfile = File.createTempFile("AppleScriptEngine.", ".scpt");
+            tmpfile = Files.createTempFile("AppleScriptEngine.", ".scpt").toFile();
             tmpwrite = new FileWriter(tmpfile);
 
             // read in our input and write directly to tmpfile
diff --git a/jdk/src/share/classes/com/sun/java/util/jar/pack/Driver.java b/jdk/src/share/classes/com/sun/java/util/jar/pack/Driver.java
index f2ab7f0f1d4..960e2d40432 100644
--- a/jdk/src/share/classes/com/sun/java/util/jar/pack/Driver.java
+++ b/jdk/src/share/classes/com/sun/java/util/jar/pack/Driver.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.text.MessageFormat;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -385,9 +386,7 @@ class Driver {
         if ( base.getParentFile() == null && suffix.equals(".bak"))
             where = new File(".").getAbsoluteFile();
 
-
-        File f = File.createTempFile(prefix, suffix, where);
-        return f;
+        return Files.createTempFile(where.toPath(), prefix, suffix).toFile();
     }
 
     static private
diff --git a/jdk/src/share/classes/java/awt/Font.java b/jdk/src/share/classes/java/awt/Font.java
index e3d48d6a236..4898c8aadc6 100644
--- a/jdk/src/share/classes/java/awt/Font.java
+++ b/jdk/src/share/classes/java/awt/Font.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@ import java.awt.geom.Rectangle2D;
 import java.awt.peer.FontPeer;
 import java.io.*;
 import java.lang.ref.SoftReference;
+import java.nio.file.Files;
 import java.security.AccessController;
 import java.security.PrivilegedExceptionAction;
 import java.text.AttributedCharacterIterator.Attribute;
@@ -831,7 +832,7 @@ public class Font implements java.io.Serializable
         File f = null;
         boolean hasPerm = false;
         try {
-            f = File.createTempFile("+~JT", ".tmp", null);
+            f = Files.createTempFile("+~JT", ".tmp").toFile();
             f.delete();
             f = null;
             hasPerm = true;
@@ -881,7 +882,7 @@ public class Font implements java.io.Serializable
             final File tFile = AccessController.doPrivileged(
                 new PrivilegedExceptionAction() {
                     public File run() throws IOException {
-                        return File.createTempFile("+~JF", ".tmp", null);
+                        return Files.createTempFile("+~JF", ".tmp").toFile();
                     }
                 }
             );
diff --git a/jdk/src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java b/jdk/src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java
index dc106cff921..b581de9d0f8 100644
--- a/jdk/src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java
+++ b/jdk/src/share/classes/javax/imageio/stream/FileCacheImageInputStream.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.File;
 import java.io.InputStream;
 import java.io.IOException;
 import java.io.RandomAccessFile;
+import java.nio.file.Files;
 import com.sun.imageio.stream.StreamCloser;
 import com.sun.imageio.stream.StreamFinalizer;
 import sun.java2d.Disposer;
@@ -97,8 +98,11 @@ public class FileCacheImageInputStream extends ImageInputStreamImpl {
             throw new IllegalArgumentException("Not a directory!");
         }
         this.stream = stream;
-        this.cacheFile =
-            File.createTempFile("imageio", ".tmp", cacheDir);
+        if (cacheDir == null)
+            this.cacheFile = Files.createTempFile("imageio", ".tmp").toFile();
+        else
+            this.cacheFile = Files.createTempFile(cacheDir.toPath(), "imageio", ".tmp")
+                                  .toFile();
         this.cache = new RandomAccessFile(cacheFile, "rw");
 
         this.closeAction = StreamCloser.createCloseAction(this);
diff --git a/jdk/src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java b/jdk/src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java
index 79ce155f23b..c5379b1652a 100644
--- a/jdk/src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java
+++ b/jdk/src/share/classes/javax/imageio/stream/FileCacheImageOutputStream.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.File;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.RandomAccessFile;
+import java.nio.file.Files;
 import com.sun.imageio.stream.StreamCloser;
 
 /**
@@ -83,8 +84,11 @@ public class FileCacheImageOutputStream extends ImageOutputStreamImpl {
             throw new IllegalArgumentException("Not a directory!");
         }
         this.stream = stream;
-        this.cacheFile =
-            File.createTempFile("imageio", ".tmp", cacheDir);
+        if (cacheDir == null)
+            this.cacheFile = Files.createTempFile("imageio", ".tmp").toFile();
+        else
+            this.cacheFile = Files.createTempFile(cacheDir.toPath(), "imageio", ".tmp")
+                                  .toFile();
         this.cache = new RandomAccessFile(cacheFile, "rw");
 
         this.closeAction = StreamCloser.createCloseAction(this);
diff --git a/jdk/src/share/classes/javax/management/loading/MLet.java b/jdk/src/share/classes/javax/management/loading/MLet.java
index 38e7dfad0cf..3d6a5b71aa2 100644
--- a/jdk/src/share/classes/javax/management/loading/MLet.java
+++ b/jdk/src/share/classes/javax/management/loading/MLet.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@ import java.lang.reflect.Constructor;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLStreamHandlerFactory;
+import java.nio.file.Files;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
@@ -1160,8 +1161,9 @@ public class MLet extends java.net.URLClassLoader
                  try {
                      File directory = new File(libraryDirectory);
                      directory.mkdirs();
-                     File file = File.createTempFile(libname + ".", null,
-                             directory);
+                     File file = Files.createTempFile(directory.toPath(),
+                                                      libname + ".", null)
+                                      .toFile();
                      file.deleteOnExit();
                      FileOutputStream fileOutput = new FileOutputStream(file);
                      try {
diff --git a/jdk/src/share/classes/sun/print/PSPrinterJob.java b/jdk/src/share/classes/sun/print/PSPrinterJob.java
index 49584f2f8a2..bae8a3e0acf 100644
--- a/jdk/src/share/classes/sun/print/PSPrinterJob.java
+++ b/jdk/src/share/classes/sun/print/PSPrinterJob.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -97,6 +97,7 @@ import sun.font.FontUtilities;
 import java.nio.charset.*;
 import java.nio.CharBuffer;
 import java.nio.ByteBuffer;
+import java.nio.file.Files;
 
 //REMIND: Remove use of this class when IPPPrintService is moved to share directory.
 import java.lang.reflect.Method;
@@ -659,7 +660,7 @@ public class PSPrinterJob extends RasterPrinterJob {
                      * is not removed for some reason, request that it is
                      * removed when the VM exits.
                      */
-                    spoolFile = File.createTempFile("javaprint", ".ps", null);
+                    spoolFile = Files.createTempFile("javaprint", ".ps").toFile();
                     spoolFile.deleteOnExit();
 
                 result = new FileOutputStream(spoolFile);
diff --git a/jdk/src/share/classes/sun/rmi/server/Activation.java b/jdk/src/share/classes/sun/rmi/server/Activation.java
index c1ec95e6784..d1946fafc2f 100644
--- a/jdk/src/share/classes/sun/rmi/server/Activation.java
+++ b/jdk/src/share/classes/sun/rmi/server/Activation.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,7 @@ import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketAddress;
 import java.net.SocketException;
+import java.nio.file.Files;
 import java.nio.channels.Channel;
 import java.nio.channels.ServerSocketChannel;
 import java.rmi.AccessException;
@@ -1940,7 +1941,7 @@ public class Activation implements Serializable {
                     new PrivilegedExceptionAction() {
                         public Void run() throws IOException {
                             File file =
-                                File.createTempFile("rmid-err", null, null);
+                                Files.createTempFile("rmid-err", null).toFile();
                             PrintStream errStream =
                                 new PrintStream(new FileOutputStream(file));
                             System.setErr(errStream);
diff --git a/jdk/src/share/classes/sun/tools/jar/Main.java b/jdk/src/share/classes/sun/tools/jar/Main.java
index 486b19319ab..22ef9f7aee6 100644
--- a/jdk/src/share/classes/sun/tools/jar/Main.java
+++ b/jdk/src/share/classes/sun/tools/jar/Main.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -137,7 +137,7 @@ class Main {
         File dir = file.getParentFile();
         if (dir == null)
             dir = new File(".");
-        return File.createTempFile("jartmp", null, dir);
+        return Files.createTempFile(dir.toPath(), "jartmp", null).toFile();
     }
 
     private boolean ok;
diff --git a/jdk/src/share/classes/sun/tools/native2ascii/Main.java b/jdk/src/share/classes/sun/tools/native2ascii/Main.java
index 0423699bba4..6a941fe2e88 100644
--- a/jdk/src/share/classes/sun/tools/native2ascii/Main.java
+++ b/jdk/src/share/classes/sun/tools/native2ascii/Main.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -71,6 +71,7 @@ import java.text.MessageFormat;
 import java.nio.charset.CharsetEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.IllegalCharsetNameException;
+import java.nio.file.Files;
 import java.io.UnsupportedEncodingException;
 import java.nio.charset.UnsupportedCharsetException;
 import sun.tools.native2ascii.A2NFilter;
@@ -240,9 +241,7 @@ public class Main {
             if (tempDir == null)
                 tempDir = new File(System.getProperty("user.dir"));
 
-            tempFile = File.createTempFile("_N2A",
-                                           ".TMP",
-                                            tempDir);
+            tempFile = Files.createTempFile(tempDir.toPath(), "_N2A", ".TMP").toFile();
             tempFile.deleteOnExit();
 
             try {
@@ -292,9 +291,7 @@ public class Main {
             File tempDir = f.getParentFile();
             if (tempDir == null)
                 tempDir = new File(System.getProperty("user.dir"));
-            tempFile =  File.createTempFile("_N2A",
-                                            ".TMP",
-                                            tempDir);
+            tempFile =  Files.createTempFile(tempDir.toPath(), "_N2A", ".TMP").toFile();
             tempFile.deleteOnExit();
 
             try {
diff --git a/jdk/src/solaris/classes/sun/font/FcFontConfiguration.java b/jdk/src/solaris/classes/sun/font/FcFontConfiguration.java
index 14d8e7ed221..e33e08a867b 100644
--- a/jdk/src/solaris/classes/sun/font/FcFontConfiguration.java
+++ b/jdk/src/solaris/classes/sun/font/FcFontConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.nio.charset.Charset;
+import java.nio.file.Files;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Properties;
@@ -387,7 +388,7 @@ public class FcFontConfiguration extends FontConfiguration {
             File fcInfoFile = getFcInfoFile();
             File dir = fcInfoFile.getParentFile();
             dir.mkdirs();
-            File tempFile = File.createTempFile("fcinfo", null, dir);
+            File tempFile = Files.createTempFile(dir.toPath(), "fcinfo", null).toFile();
             FileOutputStream fos = new FileOutputStream(tempFile);
             props.store(fos,
                       "JDK Font Configuration Generated File: *Do Not Edit*");
diff --git a/jdk/src/solaris/classes/sun/print/UnixPrintJob.java b/jdk/src/solaris/classes/sun/print/UnixPrintJob.java
index 206650de40e..620cf1cdd44 100644
--- a/jdk/src/solaris/classes/sun/print/UnixPrintJob.java
+++ b/jdk/src/solaris/classes/sun/print/UnixPrintJob.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@ import java.io.PrintWriter;
 import java.io.Reader;
 import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
+import java.nio.file.Files;
 import java.util.Vector;
 
 import javax.print.CancelablePrintJob;
@@ -938,7 +939,7 @@ public class UnixPrintJob implements CancelablePrintJob {
                      * is not removed for some reason, request that it is
                      * removed when the VM exits.
                      */
-                    spoolFile = File.createTempFile("javaprint", ".ps", null);
+                    spoolFile = Files.createTempFile("javaprint", ".ps").toFile();
                     spoolFile.deleteOnExit();
                 }
                 result = new FileOutputStream(spoolFile);
diff --git a/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java b/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java
index c1de9bc1849..ba21006e0db 100644
--- a/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java
+++ b/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,7 @@ import javax.print.attribute.standard.PrinterName;
 import java.io.File;
 import java.io.FileReader;
 import java.net.URL;
+import java.nio.file.Files;
 
 /*
  * Remind: This class uses solaris commands. We also need a linux
@@ -714,7 +715,7 @@ public class UnixPrintServiceLookup extends PrintServiceLookup
 
                         Process proc;
                         BufferedReader bufferedReader = null;
-                        File f = File.createTempFile("prn","xc");
+                        File f = Files.createTempFile("prn","xc").toFile();
                         cmd[2] = cmd[2]+">"+f.getAbsolutePath();
 
                         proc = Runtime.getRuntime().exec(cmd);

From 6e3d96dc67f6d71b30f38b54b8130c8d818e100e Mon Sep 17 00:00:00 2001
From: Sean Coffey 
Date: Thu, 17 May 2012 12:21:16 +0100
Subject: [PATCH 7/9] 7123896: Unexpected behavior due to Solaris using
 separate IPv4 and IPv6 port spaces

Reviewed-by: alanb
---
 jdk/src/share/native/java/net/net_util.c      |  4 +-
 jdk/src/share/native/java/net/net_util.h      |  3 +-
 jdk/src/solaris/native/java/net/net_util_md.c | 42 ++++++++++++++-----
 jdk/src/windows/native/java/net/net_util_md.c |  1 +
 .../net/Socket/setReuseAddress/Basic.java     |  9 +++-
 .../net/Socket/setReuseAddress/Restart.java   |  8 ++++
 6 files changed, 54 insertions(+), 13 deletions(-)

diff --git a/jdk/src/share/native/java/net/net_util.c b/jdk/src/share/native/java/net/net_util.c
index 68776c1ce0c..d7a6de2073d 100644
--- a/jdk/src/share/native/java/net/net_util.c
+++ b/jdk/src/share/native/java/net/net_util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,6 +68,8 @@ JNI_OnLoad(JavaVM *vm, void *reserved)
     */
     IPv6_available = IPv6_supported() & (!preferIPv4Stack);
     initLocalAddrTable ();
+    parseExclusiveBindProperty(env);
+
     return JNI_VERSION_1_2;
 }
 
diff --git a/jdk/src/share/native/java/net/net_util.h b/jdk/src/share/native/java/net/net_util.h
index d87ffdad280..809cbba6eb2 100644
--- a/jdk/src/share/native/java/net/net_util.h
+++ b/jdk/src/share/native/java/net/net_util.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,7 @@ JNIEXPORT jobject JNICALL
 NET_SockaddrToInetAddress(JNIEnv *env, struct sockaddr *him, int *port);
 
 void initLocalAddrTable ();
+void parseExclusiveBindProperty(JNIEnv *env);
 
 void
 NET_SetTrafficClass(struct sockaddr *him, int trafficClass);
diff --git a/jdk/src/solaris/native/java/net/net_util_md.c b/jdk/src/solaris/native/java/net/net_util_md.c
index f7e6d6a02ab..469f4657adb 100644
--- a/jdk/src/solaris/native/java/net/net_util_md.c
+++ b/jdk/src/solaris/native/java/net/net_util_md.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -76,7 +76,7 @@ gai_strerror_f gai_strerror_ptr = NULL;
 getnameinfo_f getnameinfo_ptr = NULL;
 
 /*
- * EXCLBIND socket options only on Solaris 8 & 9.
+ * EXCLBIND socket options only on Solaris
  */
 #if defined(__solaris__) && !defined(TCP_EXCLBIND)
 #define TCP_EXCLBIND            0x21
@@ -113,6 +113,7 @@ void setDefaultScopeID(JNIEnv *env, struct sockaddr *him)
 static int init_tcp_max_buf, init_udp_max_buf;
 static int tcp_max_buf;
 static int udp_max_buf;
+static int useExclBind = 0;
 
 /*
  * Get the specified parameter from the specified driver. The value
@@ -747,6 +748,26 @@ void initLocalAddrTable () {}
 
 #endif
 
+void parseExclusiveBindProperty(JNIEnv *env) {
+#ifdef __solaris__
+    jstring s, flagSet;
+    jclass iCls;
+    jmethodID mid;
+
+    s = (*env)->NewStringUTF(env, "sun.net.useExclusiveBind");
+    CHECK_NULL(s);
+    iCls = (*env)->FindClass(env, "java/lang/System");
+    CHECK_NULL(iCls);
+    mid = (*env)->GetStaticMethodID(env, iCls, "getProperty",
+                "(Ljava/lang/String;)Ljava/lang/String;");
+    CHECK_NULL(mid);
+    flagSet = (*env)->CallStaticObjectMethod(env, iCls, mid, s);
+    if (flagSet != NULL) {
+        useExclBind = 1;
+    }
+#endif
+}
+
 /* In the case of an IPv4 Inetaddress this method will return an
  * IPv4 mapped address where IPv6 is available and v4MappedAddress is TRUE.
  * Otherwise it will return a sockaddr_in structure for an IPv4 InetAddress.
@@ -1450,8 +1471,8 @@ NET_SetSockOpt(int fd, int level, int  opt, const void *arg,
  * Linux allows a socket to bind to 127.0.0.255 which must be
  * caught.
  *
- * On Solaris 8/9 with IPv6 enabled we must use an exclusive
- * bind to guaranteed a unique port number across the IPv4 and
+ * On Solaris with IPv6 enabled we must use an exclusive
+ * bind to guarantee a unique port number across the IPv4 and
  * IPv6 port spaces.
  *
  */
@@ -1481,10 +1502,10 @@ NET_Bind(int fd, struct sockaddr *him, int len)
 
 #if defined(__solaris__) && defined(AF_INET6)
     /*
-     * Solaris 8/9 have seperate IPv4 and IPv6 port spaces so we
+     * Solaris has separate IPv4 and IPv6 port spaces so we
      * use an exclusive bind when SO_REUSEADDR is not used to
      * give the illusion of a unified port space.
-     * This also avoid problems with IPv6 sockets connecting
+     * This also avoids problems with IPv6 sockets connecting
      * to IPv4 mapped addresses whereby the socket conversion
      * results in a late bind that fails because the
      * corresponding IPv4 port is in use.
@@ -1493,11 +1514,12 @@ NET_Bind(int fd, struct sockaddr *him, int len)
         int arg, len;
 
         len = sizeof(arg);
-        if (getsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&arg,
-                       &len) == 0) {
-            if (arg == 0) {
+        if (useExclBind || getsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
+                       (char *)&arg, &len) == 0) {
+            if (useExclBind || arg == 0) {
                 /*
-                 * SO_REUSEADDR is disabled so enable TCP_EXCLBIND or
+                 * SO_REUSEADDR is disabled or sun.net.useExclusiveBind
+                 * property is true so enable TCP_EXCLBIND or
                  * UDP_EXCLBIND
                  */
                 len = sizeof(arg);
diff --git a/jdk/src/windows/native/java/net/net_util_md.c b/jdk/src/windows/native/java/net/net_util_md.c
index 4cf522e786a..cd3efe922bc 100644
--- a/jdk/src/windows/native/java/net/net_util_md.c
+++ b/jdk/src/windows/native/java/net/net_util_md.c
@@ -126,6 +126,7 @@ DllMain(HINSTANCE hinst, DWORD reason, LPVOID reserved)
 }
 
 void initLocalAddrTable () {}
+void parseExclusiveBindProperty (JNIEnv *env) {}
 
 /*
  * Since winsock doesn't have the equivalent of strerror(errno)
diff --git a/jdk/test/java/net/Socket/setReuseAddress/Basic.java b/jdk/test/java/net/Socket/setReuseAddress/Basic.java
index 37c3f3b70b8..1b5757589f9 100644
--- a/jdk/test/java/net/Socket/setReuseAddress/Basic.java
+++ b/jdk/test/java/net/Socket/setReuseAddress/Basic.java
@@ -26,6 +26,8 @@
  * @bug 4476378
  * @summary Check the specific behaviour of the setReuseAddress(boolean)
  * method.
+ * @run main Basic
+ * @run main/othervm -Dsun.net.useExclusiveBind Basic
  */
 import java.net.*;
 
@@ -170,7 +172,12 @@ public class Basic {
             s2.bind( new InetSocketAddress(s1.getLocalPort()) );
             passed();
         } catch (BindException e) {
-            failed();
+            if (System.getProperty("sun.net.useExclusiveBind") != null) {
+                // exclusive bind enabled - expected result
+                passed();
+            } else {
+                failed();
+            }
         }
         s2.close();
 
diff --git a/jdk/test/java/net/Socket/setReuseAddress/Restart.java b/jdk/test/java/net/Socket/setReuseAddress/Restart.java
index 051e322e43f..8287141af4c 100644
--- a/jdk/test/java/net/Socket/setReuseAddress/Restart.java
+++ b/jdk/test/java/net/Socket/setReuseAddress/Restart.java
@@ -26,6 +26,8 @@
  * @bug 4476378
  * @summary Check that SO_REUSEADDR allows a server to restart
  *          after a crash.
+ * @run main Restart
+ * @run main/othervm -Dsun.net.useExclusiveBind Restart
  */
 import java.net.*;
 
@@ -57,6 +59,12 @@ public class Restart {
 
             // close the client socket
             s1.close();
+        } catch (BindException be) {
+            if (System.getProperty("sun.net.useExclusiveBind") != null) {
+                // exclusive bind, expected exception
+            } else {
+                throw be;
+            }
         } finally {
             if (ss != null) ss.close();
             if (s1 != null) s1.close();

From 6b14cf6b82e48b06c8611d8856b2b7a7eec1457c Mon Sep 17 00:00:00 2001
From: John R Rose 
Date: Fri, 18 May 2012 20:31:28 -0700
Subject: [PATCH 8/9] 7165628: Issues with
 java.lang.invoke.MethodHandles.Lookup

Base SecurityManager checks on either of Lookup.lookupClass or caller class; also clarify Lookup access checks.

Reviewed-by: twisti
---
 .../java/lang/invoke/MethodHandles.java       |  33 +-
 .../classes/sun/invoke/util/VerifyAccess.java |  43 +-
 .../java/lang/invoke/AccessControlTest.java   | 495 ++++++++++++++++++
 .../Acquaintance_remote.java                  |  42 ++
 4 files changed, 591 insertions(+), 22 deletions(-)
 create mode 100644 jdk/test/java/lang/invoke/AccessControlTest.java
 create mode 100644 jdk/test/java/lang/invoke/AccessControlTest_subpkg/Acquaintance_remote.java

diff --git a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
index 58b7e6d507f..536ec64d8ac 100644
--- a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
+++ b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
@@ -407,7 +407,7 @@ public class MethodHandles {
          * an access$N method.
          */
         Lookup() {
-            this(getCallerClassAtEntryPoint(), ALL_MODES);
+            this(getCallerClassAtEntryPoint(false), ALL_MODES);
             // make sure we haven't accidentally picked up a privileged class:
             checkUnprivilegedlookupClass(lookupClass);
         }
@@ -461,8 +461,8 @@ public class MethodHandles {
                 && !VerifyAccess.isSamePackageMember(this.lookupClass, requestedLookupClass)) {
                 newModes &= ~PRIVATE;
             }
-            if (newModes == PUBLIC
-                && !VerifyAccess.isClassAccessible(requestedLookupClass, this.lookupClass)) {
+            if ((newModes & PUBLIC) != 0
+                && !VerifyAccess.isClassAccessible(requestedLookupClass, this.lookupClass, allowedModes)) {
                 // The requested class it not accessible from the lookup class.
                 // No permissions.
                 newModes = 0;
@@ -540,13 +540,17 @@ public class MethodHandles {
             }
         }
 
-        // call this from an entry point method in Lookup with extraFrames=0.
-        private static Class getCallerClassAtEntryPoint() {
+        /* Obtain the external caller class, when called from Lookup. or a first-level subroutine. */
+        private static Class getCallerClassAtEntryPoint(boolean inSubroutine) {
             final int CALLER_DEPTH = 4;
+            //  Stack for the constructor entry point (inSubroutine=false):
             // 0: Reflection.getCC, 1: getCallerClassAtEntryPoint,
             // 2: Lookup., 3: MethodHandles.*, 4: caller
+            //  The stack is slightly different for a subroutine of a Lookup.find* method:
+            // 2: Lookup.*, 3: Lookup.find*.*, 4: caller
             // Note:  This should be the only use of getCallerClass in this file.
-            assert(Reflection.getCallerClass(CALLER_DEPTH-1) == MethodHandles.class);
+            assert(Reflection.getCallerClass(CALLER_DEPTH-2) == Lookup.class);
+            assert(Reflection.getCallerClass(CALLER_DEPTH-1) == (inSubroutine ? Lookup.class : MethodHandles.class));
             return Reflection.getCallerClass(CALLER_DEPTH);
         }
 
@@ -1087,7 +1091,7 @@ return mh1;
 
         void checkSymbolicClass(Class refc) throws IllegalAccessException {
             Class caller = lookupClassOrNull();
-            if (caller != null && !VerifyAccess.isClassAccessible(refc, caller))
+            if (caller != null && !VerifyAccess.isClassAccessible(refc, caller, allowedModes))
                 throw new MemberName(refc).makeAccessException("symbolic reference class is not public", this);
         }
 
@@ -1102,7 +1106,13 @@ return mh1;
             // Step 1:
             smgr.checkMemberAccess(refc, Member.PUBLIC);
             // Step 2:
-            if (!VerifyAccess.classLoaderIsAncestor(lookupClass, refc))
+            Class callerClass = ((allowedModes & PRIVATE) != 0
+                                    ? lookupClass  // for strong access modes, no extra check
+                                    // next line does stack walk magic; do not refactor:
+                                    : getCallerClassAtEntryPoint(true));
+            if (!VerifyAccess.classLoaderIsAncestor(lookupClass, refc) ||
+                (callerClass != lookupClass &&
+                 !VerifyAccess.classLoaderIsAncestor(callerClass, refc)))
                 smgr.checkPackageAccess(VerifyAccess.getPackageName(refc));
             // Step 3:
             if (m.isPublic()) return;
@@ -1153,9 +1163,10 @@ return mh1;
             int requestedModes = fixmods(mods);  // adjust 0 => PACKAGE
             if ((requestedModes & allowedModes) != 0
                 && VerifyAccess.isMemberAccessible(refc, m.getDeclaringClass(),
-                                                   mods, lookupClass()))
+                                                   mods, lookupClass(), allowedModes))
                 return;
             if (((requestedModes & ~allowedModes) & PROTECTED) != 0
+                && (allowedModes & PACKAGE) != 0
                 && VerifyAccess.isSamePackage(m.getDeclaringClass(), lookupClass()))
                 // Protected members can also be checked as if they were package-private.
                 return;
@@ -1170,9 +1181,9 @@ return mh1;
                                (defc == refc ||
                                 Modifier.isPublic(refc.getModifiers())));
             if (!classOK && (allowedModes & PACKAGE) != 0) {
-                classOK = (VerifyAccess.isClassAccessible(defc, lookupClass()) &&
+                classOK = (VerifyAccess.isClassAccessible(defc, lookupClass(), ALL_MODES) &&
                            (defc == refc ||
-                            VerifyAccess.isClassAccessible(refc, lookupClass())));
+                            VerifyAccess.isClassAccessible(refc, lookupClass(), ALL_MODES)));
             }
             if (!classOK)
                 return "class is not public";
diff --git a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
index 608a991c086..bf946a884d0 100644
--- a/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
+++ b/jdk/src/share/classes/sun/invoke/util/VerifyAccess.java
@@ -37,6 +37,8 @@ public class VerifyAccess {
     private VerifyAccess() { }  // cannot instantiate
 
     private static final int PACKAGE_ONLY = 0;
+    private static final int PACKAGE_ALLOWED = java.lang.invoke.MethodHandles.Lookup.PACKAGE;
+    private static final int PROTECTED_OR_PACKAGE_ALLOWED = (PACKAGE_ALLOWED|PROTECTED);
     private static final int ALL_ACCESS_MODES = (PUBLIC|PRIVATE|PROTECTED|PACKAGE_ONLY);
     private static final boolean ALLOW_NESTMATE_ACCESS = false;
 
@@ -82,14 +84,19 @@ public class VerifyAccess {
     public static boolean isMemberAccessible(Class refc,  // symbolic ref class
                                              Class defc,  // actual def class
                                              int      mods,  // actual member mods
-                                             Class lookupClass) {
+                                             Class lookupClass,
+                                             int      allowedModes) {
+        if (allowedModes == 0)  return false;
+        assert((allowedModes & PUBLIC) != 0 &&
+               (allowedModes & ~(ALL_ACCESS_MODES|PACKAGE_ALLOWED)) == 0);
         // Usually refc and defc are the same, but if they differ, verify them both.
         if (refc != defc) {
-            if (!isClassAccessible(refc, lookupClass)) {
+            if (!isClassAccessible(refc, lookupClass, allowedModes)) {
                 // Note that defc is verified in the switch below.
                 return false;
             }
-            if ((mods & (ALL_ACCESS_MODES|STATIC)) == (PROTECTED|STATIC)) {
+            if ((mods & (ALL_ACCESS_MODES|STATIC)) == (PROTECTED|STATIC) &&
+                (allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0) {
                 // Apply the special rules for refc here.
                 if (!isRelatedClass(refc, lookupClass))
                     return isSamePackage(defc, lookupClass);
@@ -98,19 +105,28 @@ public class VerifyAccess {
                 // a superclass of the lookup class.
             }
         }
-        if (defc == lookupClass)
+        if (defc == lookupClass &&
+            (allowedModes & PRIVATE) != 0)
             return true;        // easy check; all self-access is OK
         switch (mods & ALL_ACCESS_MODES) {
         case PUBLIC:
             if (refc != defc)  return true;  // already checked above
-            return isClassAccessible(refc, lookupClass);
+            return isClassAccessible(refc, lookupClass, allowedModes);
         case PROTECTED:
-            return isSamePackage(defc, lookupClass) || isPublicSuperClass(defc, lookupClass);
-        case PACKAGE_ONLY:
-            return isSamePackage(defc, lookupClass);
+            if ((allowedModes & PROTECTED_OR_PACKAGE_ALLOWED) != 0 &&
+                isSamePackage(defc, lookupClass))
+                return true;
+            if ((allowedModes & PROTECTED) != 0 &&
+                isPublicSuperClass(defc, lookupClass))
+                return true;
+            return false;
+        case PACKAGE_ONLY:  // That is, zero.  Unmarked member is package-only access.
+            return ((allowedModes & PACKAGE_ALLOWED) != 0 &&
+                    isSamePackage(defc, lookupClass));
         case PRIVATE:
             // Loosened rules for privates follows access rules for inner classes.
             return (ALLOW_NESTMATE_ACCESS &&
+                    (allowedModes & PRIVATE) != 0 &&
                     isSamePackageMember(defc, lookupClass));
         default:
             throw new IllegalArgumentException("bad modifiers: "+Modifier.toString(mods));
@@ -138,11 +154,16 @@ public class VerifyAccess {
      * @param refc the symbolic reference class to which access is being checked (C)
      * @param lookupClass the class performing the lookup (D)
      */
-    public static boolean isClassAccessible(Class refc, Class lookupClass) {
+    public static boolean isClassAccessible(Class refc, Class lookupClass,
+                                            int allowedModes) {
+        if (allowedModes == 0)  return false;
+        assert((allowedModes & PUBLIC) != 0 &&
+               (allowedModes & ~(ALL_ACCESS_MODES|PACKAGE_ALLOWED)) == 0);
         int mods = refc.getModifiers();
         if (isPublic(mods))
             return true;
-        if (isSamePackage(lookupClass, refc))
+        if ((allowedModes & PACKAGE_ALLOWED) != 0 &&
+            isSamePackage(lookupClass, refc))
             return true;
         return false;
     }
@@ -157,7 +178,7 @@ public class VerifyAccess {
         assert(!class1.isArray() && !class2.isArray());
         if (class1 == class2)
             return true;
-        if (!loadersAreRelated(class1.getClassLoader(), class2.getClassLoader(), false))
+        if (class1.getClassLoader() != class2.getClassLoader())
             return false;
         String name1 = class1.getName(), name2 = class2.getName();
         int dot = name1.lastIndexOf('.');
diff --git a/jdk/test/java/lang/invoke/AccessControlTest.java b/jdk/test/java/lang/invoke/AccessControlTest.java
new file mode 100644
index 00000000000..d36b2251b4a
--- /dev/null
+++ b/jdk/test/java/lang/invoke/AccessControlTest.java
@@ -0,0 +1,495 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @summary test access checking by java.lang.invoke.MethodHandles.Lookup
+ * @library ../../../..
+ * @build test.java.lang.invoke.AccessControlTest
+ * @build test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote
+ * @run junit/othervm test.java.lang.invoke.AccessControlTest
+ */
+
+package test.java.lang.invoke;
+
+import java.lang.invoke.*;
+import java.lang.reflect.*;
+import java.util.*;
+import org.junit.*;
+
+import static java.lang.invoke.MethodHandles.*;
+import static java.lang.invoke.MethodHandles.Lookup.*;
+import static java.lang.invoke.MethodType.*;
+import static org.junit.Assert.*;
+import test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote;
+
+
+/**
+ * Test many combinations of Lookup access and cross-class lookupStatic.
+ * @author jrose
+ */
+public class AccessControlTest {
+    static final Class THIS_CLASS = AccessControlTest.class;
+    // How much output?
+    static int verbosity = 0;
+    static {
+        String vstr = System.getProperty(THIS_CLASS.getSimpleName()+".verbosity");
+        if (vstr == null)
+            vstr = System.getProperty(THIS_CLASS.getName()+".verbosity");
+        if (vstr != null)  verbosity = Integer.parseInt(vstr);
+    }
+
+    private class LookupCase implements Comparable {
+        final Lookup   lookup;
+        final Class lookupClass;
+        final int      lookupModes;
+        public LookupCase(Lookup lookup) {
+            this.lookup = lookup;
+            this.lookupClass = lookup.lookupClass();
+            this.lookupModes = lookup.lookupModes();
+            assert(lookupString().equals(lookup.toString()));
+            numberOf(lookupClass().getClassLoader()); // assign CL#
+        }
+        public LookupCase(Class lookupClass, int lookupModes) {
+            this.lookup = null;
+            this.lookupClass = lookupClass;
+            this.lookupModes = lookupModes;
+            numberOf(lookupClass().getClassLoader()); // assign CL#
+        }
+
+        public final Class lookupClass() { return lookupClass; }
+        public final int      lookupModes() { return lookupModes; }
+
+        public Lookup lookup() { lookup.getClass(); return lookup; }
+
+        @Override
+        public int compareTo(LookupCase that) {
+            Class c1 = this.lookupClass();
+            Class c2 = that.lookupClass();
+            if (c1 != c2) {
+                int cmp = c1.getName().compareTo(c2.getName());
+                if (cmp != 0)  return cmp;
+                cmp = numberOf(c1.getClassLoader()) - numberOf(c2.getClassLoader());
+                assert(cmp != 0);
+                return cmp;
+            }
+            return -(this.lookupModes() - that.lookupModes());
+        }
+
+        @Override
+        public boolean equals(Object that) {
+            return (that instanceof LookupCase && equals((LookupCase)that));
+        }
+        public boolean equals(LookupCase that) {
+            return (this.lookupClass() == that.lookupClass() &&
+                    this.lookupModes() == that.lookupModes());
+        }
+
+        @Override
+        public int hashCode() {
+            return lookupClass().hashCode() + (lookupModes() * 31);
+        }
+
+        /** Simulate all assertions in the spec. for Lookup.toString. */
+        private String lookupString() {
+            String name = lookupClass.getName();
+            String suffix = "";
+            if (lookupModes == 0)
+                suffix = "/noaccess";
+            else if (lookupModes == PUBLIC)
+                suffix = "/public";
+            else if (lookupModes == (PUBLIC|PACKAGE))
+                suffix = "/package";
+            else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE))
+                suffix = "/private";
+            else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE|PROTECTED))
+                suffix = "";
+            else
+                suffix = "/#"+Integer.toHexString(lookupModes);
+            return name+suffix;
+        }
+
+        /** Simulate all assertions from the spec. for Lookup.in:
+         * 

+         * Creates a lookup on the specified new lookup class.
+         * [A1] The resulting object will report the specified
+         * class as its own {@link #lookupClass lookupClass}.
+         * 

+         * [A2] However, the resulting {@code Lookup} object is guaranteed
+         * to have no more access capabilities than the original.
+         * In particular, access capabilities can be lost as follows:
    
+         * 
  • [A3] If the new lookup class differs from the old one,
+         * protected members will not be accessible by virtue of inheritance.
+         * (Protected members may continue to be accessible because of package sharing.)
+         * 
  • [A4] If the new lookup class is in a different package
+         * than the old one, protected and default (package) members will not be accessible.
+         * 
  • [A5] If the new lookup class is not within the same package member
+         * as the old one, private members will not be accessible.
+         * 
  • [A6] If the new lookup class is not accessible to the old lookup class,
+         * using the original access modes,
+         * then no members, not even public members, will be accessible.
+         * [A7] (In all other cases, public members will continue to be accessible.)
+         * 

+         * Other than the above cases, the new lookup will have the same
+         * access capabilities as the original. [A8]
+         * 

+         */
+        public LookupCase in(Class c2) {
+            Class c1 = lookupClass();
+            int m1 = lookupModes();
+            int changed = 0;
+            boolean samePackage = (c1.getClassLoader() == c2.getClassLoader() &&
+                                   packagePrefix(c1).equals(packagePrefix(c2)));
+            boolean sameTopLevel = (topLevelClass(c1) == topLevelClass(c2));
+            boolean sameClass = (c1 == c2);
+            assert(samePackage  || !sameTopLevel);
+            assert(sameTopLevel || !sameClass);
+            boolean accessible = sameClass;  // [A6]
+            if ((m1 & PACKAGE) != 0)  accessible |= samePackage;
+            if ((m1 & PUBLIC ) != 0)  accessible |= (c2.getModifiers() & PUBLIC) != 0;
+            if (!accessible) {
+                // Different package and no access to c2; lose all access.
+                changed |= (PUBLIC|PACKAGE|PRIVATE|PROTECTED);  // [A6]
+            }
+            if (!samePackage) {
+                // Different package; lose PACKAGE and lower access.
+                changed |= (PACKAGE|PRIVATE|PROTECTED);  // [A4]
+            }
+            if (!sameTopLevel) {
+                // Different top-level class.  Lose PRIVATE and lower access.
+                changed |= (PRIVATE|PROTECTED);  // [A5]
+            }
+            if (!sameClass) {
+                changed |= (PROTECTED);     // [A3]
+            } else {
+                assert(changed == 0);       // [A8] (no deprivation if same class)
+            }
+            if (accessible)  assert((changed & PUBLIC) == 0);  // [A7]
+            int m2 = m1 & ~changed;
+            LookupCase l2 = new LookupCase(c2, m2);
+            assert(l2.lookupClass() == c2); // [A1]
+            assert((m1 | m2) == m1);        // [A2] (no elevation of access)
+            return l2;
+        }
+
+        @Override
+        public String toString() {
+            String s = lookupClass().getSimpleName();
+            String lstr = lookupString();
+            int sl = lstr.indexOf('/');
+            if (sl >= 0)  s += lstr.substring(sl);
+            ClassLoader cld = lookupClass().getClassLoader();
+            if (cld != THIS_LOADER)  s += "/loader#"+numberOf(cld);
+            return s;
+        }
+
+        /** Predict the success or failure of accessing this method. */
+        public boolean willAccess(Method m) {
+            Class c1 = lookupClass();
+            Class c2 = m.getDeclaringClass();
+            LookupCase lc = this.in(c2);
+            int m1 = lc.lookupModes();
+            int m2 = fixMods(m.getModifiers());
+            // privacy is strictly enforced on lookups
+            if (c1 != c2)  m1 &= ~PRIVATE;
+            // protected access is sometimes allowed
+            if ((m2 & PROTECTED) != 0) {
+                int prev = m2;
+                m2 |= PACKAGE;  // it acts like a package method also
+                if ((lookupModes() & PROTECTED) != 0 &&
+                    c2.isAssignableFrom(c1))
+                    m2 |= PUBLIC;  // from a subclass, it acts like a public method also
+            }
+            if (verbosity >= 2)
+                System.out.println(this+" willAccess "+lc+" m1="+m1+" m2="+m2+" => "+((m2 & m1) != 0));
+            return (m2 & m1) != 0;
+        }
+    }
+
+    private static Class topLevelClass(Class cls) {
+        Class c = cls;
+        for (Class ec; (ec = c.getEnclosingClass()) != null; )
+            c = ec;
+        assert(c.getEnclosingClass() == null);
+        assert(c == cls || cls.getEnclosingClass() != null);
+        return c;
+    }
+
+    private static String packagePrefix(Class c) {
+        while (c.isArray())  c = c.getComponentType();
+        String s = c.getName();
+        assert(s.indexOf('/') < 0);
+        return s.substring(0, s.lastIndexOf('.')+1);
+    }
+
+
+    private final TreeSet CASES = new TreeSet<>();
+    private final TreeMap> CASE_EDGES = new TreeMap<>();
+    private final ArrayList LOADERS = new ArrayList<>();
+    private final ClassLoader THIS_LOADER = this.getClass().getClassLoader();
+    { if (THIS_LOADER != null)  LOADERS.add(THIS_LOADER); }  // #1
+
+    private LookupCase lookupCase(String name) {
+        for (LookupCase lc : CASES) {
+            if (lc.toString().equals(name))
+                return lc;
+        }
+        throw new AssertionError(name);
+    }
+
+    private int numberOf(ClassLoader cl) {
+        if (cl == null)  return 0;
+        int i = LOADERS.indexOf(cl);
+        if (i < 0) {
+            i = LOADERS.size();
+            LOADERS.add(cl);
+        }
+        return i+1;
+    }
+
+    private void addLookupEdge(LookupCase l1, Class c2, LookupCase l2) {
+        TreeSet edges = CASE_EDGES.get(l2);
+        if (edges == null)  CASE_EDGES.put(l2, edges = new TreeSet<>());
+        if (edges.add(l1)) {
+            Class c1 = l1.lookupClass();
+            assert(l2.lookupClass() == c2); // [A1]
+            int m1 = l1.lookupModes();
+            int m2 = l2.lookupModes();
+            assert((m1 | m2) == m1);        // [A2] (no elevation of access)
+            LookupCase expect = l1.in(c2);
+            if (!expect.equals(l2))
+                System.out.println("*** expect "+l1+" => "+expect+" but got "+l2);
+            assertEquals(expect, l2);
+        }
+    }
+
+    private void makeCases(Lookup[] originalLookups) {
+        // make initial set of lookup test cases
+        CASES.clear(); LOADERS.clear(); CASE_EDGES.clear();
+        ArrayList> classes = new ArrayList<>();
+        for (Lookup l : originalLookups) {
+            CASES.add(new LookupCase(l));
+            classes.remove(l.lookupClass());  // no dups please
+            classes.add(l.lookupClass());
+        }
+        System.out.println("loaders = "+LOADERS);
+        int rounds = 0;
+        for (int lastCount = -1; lastCount != CASES.size(); ) {
+            lastCount = CASES.size();  // if CASES grow in the loop we go round again
+            for (LookupCase lc1 : CASES.toArray(new LookupCase[0])) {
+                for (Class c2 : classes) {
+                    LookupCase lc2 = new LookupCase(lc1.lookup().in(c2));
+                    addLookupEdge(lc1, c2, lc2);
+                    CASES.add(lc2);
+                }
+            }
+            rounds++;
+        }
+        System.out.println("filled in "+CASES.size()+" cases from "+originalLookups.length+" original cases in "+rounds+" rounds");
+        if (false) {
+            System.out.println("CASES: {");
+            for (LookupCase lc : CASES) {
+                System.out.println(lc);
+                Set edges = CASE_EDGES.get(lc);
+                if (edges != null)
+                    for (LookupCase prev : edges) {
+                        System.out.println("\t"+prev);
+                    }
+            }
+            System.out.println("}");
+        }
+    }
+
+    @Test public void test() {
+        makeCases(lookups());
+        if (verbosity > 0) {
+            verbosity += 9;
+            Method pro_in_self = targetMethod(THIS_CLASS, PROTECTED, methodType(void.class));
+            testOneAccess(lookupCase("AccessControlTest/public"),  pro_in_self, "find");
+            testOneAccess(lookupCase("Remote_subclass/public"),    pro_in_self, "find");
+            testOneAccess(lookupCase("Remote_subclass"),           pro_in_self, "find");
+            verbosity -= 9;
+        }
+        Set> targetClassesDone = new HashSet<>();
+        for (LookupCase targetCase : CASES) {
+            Class targetClass = targetCase.lookupClass();
+            if (!targetClassesDone.add(targetClass))  continue;  // already saw this one
+            String targetPlace = placeName(targetClass);
+            if (targetPlace == null)  continue;  // Object, String, not a target
+            for (int targetAccess : ACCESS_CASES) {
+                MethodType methodType = methodType(void.class);
+                Method method = targetMethod(targetClass, targetAccess, methodType);
+                // Try to access target method from various contexts.
+                for (LookupCase sourceCase : CASES) {
+                    testOneAccess(sourceCase, method, "find");
+                    testOneAccess(sourceCase, method, "unreflect");
+                }
+            }
+        }
+        System.out.println("tested "+testCount+" access scenarios; "+testCountFails+" accesses were denied");
+    }
+
+    private int testCount, testCountFails;
+
+    private void testOneAccess(LookupCase sourceCase, Method method, String kind) {
+        Class targetClass = method.getDeclaringClass();
+        String methodName = method.getName();
+        MethodType methodType = methodType(method.getReturnType(), method.getParameterTypes());
+        boolean willAccess = sourceCase.willAccess(method);
+        boolean didAccess = false;
+        ReflectiveOperationException accessError = null;
+        try {
+            switch (kind) {
+            case "find":
+                if ((method.getModifiers() & Modifier.STATIC) != 0)
+                    sourceCase.lookup().findStatic(targetClass, methodName, methodType);
+                else
+                    sourceCase.lookup().findVirtual(targetClass, methodName, methodType);
+                break;
+            case "unreflect":
+                sourceCase.lookup().unreflect(method);
+                break;
+            default:
+                throw new AssertionError(kind);
+            }
+            didAccess = true;
+        } catch (ReflectiveOperationException ex) {
+            accessError = ex;
+        }
+        if (willAccess != didAccess) {
+            System.out.println(sourceCase+" => "+targetClass.getSimpleName()+"."+methodName+methodType);
+            System.out.println("fail on "+method+" ex="+accessError);
+            assertEquals(willAccess, didAccess);
+        }
+        testCount++;
+        if (!didAccess)  testCountFails++;
+    }
+
+    static Method targetMethod(Class targetClass, int targetAccess, MethodType methodType) {
+        String methodName = accessName(targetAccess)+placeName(targetClass);
+        if (verbosity >= 2)
+            System.out.println(targetClass.getSimpleName()+"."+methodName+methodType);
+        try {
+            Method method = targetClass.getDeclaredMethod(methodName, methodType.parameterArray());
+            assertEquals(method.getReturnType(), methodType.returnType());
+            int haveMods = method.getModifiers();
+            assert(Modifier.isStatic(haveMods));
+            assert(targetAccess == fixMods(haveMods));
+            return method;
+        } catch (NoSuchMethodException ex) {
+            throw new AssertionError(methodName, ex);
+        }
+    }
+
+    static String placeName(Class cls) {
+        // return "self", "sibling", "nestmate", etc.
+        if (cls == AccessControlTest.class)  return "self";
+        String cln = cls.getSimpleName();
+        int under = cln.lastIndexOf('_');
+        if (under < 0)  return null;
+        return cln.substring(under+1);
+    }
+    static String accessName(int acc) {
+        switch (acc) {
+        case PUBLIC:     return "pub_in_";
+        case PROTECTED:  return "pro_in_";
+        case PACKAGE:    return "pkg_in_";
+        case PRIVATE:    return "pri_in_";
+        }
+        assert(false);
+        return "?";
+    }
+    private static final int[] ACCESS_CASES = {
+        PUBLIC, PACKAGE, PRIVATE, PROTECTED
+    };
+    /** Return one of the ACCESS_CASES. */
+    static int fixMods(int mods) {
+        mods &= (PUBLIC|PRIVATE|PROTECTED);
+        switch (mods) {
+        case PUBLIC: case PRIVATE: case PROTECTED: return mods;
+        case 0:  return PACKAGE;
+        }
+        throw new AssertionError(mods);
+    }
+
+    static Lookup[] lookups() {
+        ArrayList tem = new ArrayList<>();
+        Collections.addAll(tem,
+                           AccessControlTest.lookup_in_self(),
+                           Inner_nestmate.lookup_in_nestmate(),
+                           AccessControlTest_sibling.lookup_in_sibling());
+        if (true) {
+            Collections.addAll(tem,Acquaintance_remote.lookups());
+        } else {
+            try {
+                Class remc = Class.forName("test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote");
+                Lookup[] remls = (Lookup[]) remc.getMethod("lookups").invoke(null);
+                Collections.addAll(tem, remls);
+            } catch (ReflectiveOperationException ex) {
+                throw new LinkageError("reflection failed", ex);
+            }
+        }
+        tem.add(publicLookup());
+        tem.add(publicLookup().in(String.class));
+        tem.add(publicLookup().in(List.class));
+        return tem.toArray(new Lookup[0]);
+    }
+
+    static Lookup lookup_in_self() {
+        return MethodHandles.lookup();
+    }
+    static public      void pub_in_self() { }
+    static protected   void pro_in_self() { }
+    static /*package*/ void pkg_in_self() { }
+    static private     void pri_in_self() { }
+
+    static class Inner_nestmate {
+        static Lookup lookup_in_nestmate() {
+            return MethodHandles.lookup();
+        }
+        static public      void pub_in_nestmate() { }
+        static protected   void pro_in_nestmate() { }
+        static /*package*/ void pkg_in_nestmate() { }
+        static private     void pri_in_nestmate() { }
+    }
+}
+class AccessControlTest_sibling {
+    static Lookup lookup_in_sibling() {
+        return MethodHandles.lookup();
+    }
+    static public      void pub_in_sibling() { }
+    static protected   void pro_in_sibling() { }
+    static /*package*/ void pkg_in_sibling() { }
+    static private     void pri_in_sibling() { }
+}
+
+// This guy tests access from outside the package:
+/*
+package test.java.lang.invoke.AccessControlTest_subpkg;
+public class Acquaintance_remote {
+    public static Lookup[] lookups() { ...
+    }
+    ...
+}
+*/
diff --git a/jdk/test/java/lang/invoke/AccessControlTest_subpkg/Acquaintance_remote.java b/jdk/test/java/lang/invoke/AccessControlTest_subpkg/Acquaintance_remote.java
new file mode 100644
index 00000000000..5bbfcb50c0d
--- /dev/null
+++ b/jdk/test/java/lang/invoke/AccessControlTest_subpkg/Acquaintance_remote.java
@@ -0,0 +1,42 @@
+package test.java.lang.invoke.AccessControlTest_subpkg;
+import test.java.lang.invoke.AccessControlTest;
+import java.lang.invoke.*;
+import static java.lang.invoke.MethodHandles.*;
+
+// This guy tests access from outside the package test.java.lang.invoke:
+public class Acquaintance_remote {
+    public static Lookup[] lookups() {
+        return new Lookup[] {
+            Acquaintance_remote.lookup_in_remote(),
+            Remote_subclass.lookup_in_subclass(),
+            Remote_hidden.lookup_in_hidden()
+        };
+    }
+
+    public static Lookup lookup_in_remote() {
+        return MethodHandles.lookup();
+    }
+    static public      void pub_in_remote() { }
+    static protected   void pro_in_remote() { }
+    static /*package*/ void pkg_in_remote() { }
+    static private     void pri_in_remote() { }
+
+    static public class Remote_subclass extends AccessControlTest {
+        static Lookup lookup_in_subclass() {
+            return MethodHandles.lookup();
+        }
+        static public      void pub_in_subclass() { }
+        static protected   void pro_in_subclass() { }
+        static /*package*/ void pkg_in_subclass() { }
+        static private     void pri_in_subclass() { }
+    }
+    static /*package*/ class Remote_hidden {
+        static Lookup lookup_in_hidden() {
+            return MethodHandles.lookup();
+        }
+        static public      void pub_in_hidden() { }
+        static protected   void pro_in_hidden() { }
+        static /*package*/ void pkg_in_hidden() { }
+        static private     void pri_in_hidden() { }
+    }
+}

From 7fdf0dfa52e47a35005e153bbd1a651faefec6a6 Mon Sep 17 00:00:00 2001
From: Abhijit Saha 
Date: Thu, 24 May 2012 10:23:21 -0700
Subject: [PATCH 9/9] 7171228:
 closed/java/lang/SecurityManager/CheckPackageDefinition.java failure

Reviewed-by: mullan
---
 jdk/src/share/lib/security/java.security         | 2 +-
 jdk/src/share/lib/security/java.security-macosx  | 6 +++---
 jdk/src/share/lib/security/java.security-solaris | 2 +-
 jdk/src/share/lib/security/java.security-windows | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/jdk/src/share/lib/security/java.security b/jdk/src/share/lib/security/java.security
index d94930fb166..52f3067408d 100644
--- a/jdk/src/share/lib/security/java.security
+++ b/jdk/src/share/lib/security/java.security
@@ -135,7 +135,7 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 65be54c6db4..6c16c2ca0d6 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -133,10 +133,10 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.
 # corresponding RuntimePermission ("defineClassInPackage."+package) has
 # been granted.
 #
-# by default, no packages are restricted for definition, and none of
-# the class loaders supplied with the JDK call checkPackageDefinition.
+# by default, none of the class loaders supplied with the JDK call
+# checkPackageDefinition.
 #
-#package.definition=
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,apple.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index ef5c709c098..1191aff8403 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -137,7 +137,7 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index e093c93c748..3793e79be29 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -136,7 +136,7 @@ package.access=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.
 # by default, none of the class loaders supplied with the JDK call
 # checkPackageDefinition.
 #
-package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.
+package.definition=sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
 
 #
 # Determines whether this properties file can be appended to