Mercurial > hg > icedtea8-forest > jdk

changeset 14967:0a1dc6d7df21

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge jdk8u292-b05
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Mon, 19 Apr 2021 04:23:30 +0100
parents db954ee0f1e4 (current diff) 8fde3afece0d (diff)
children 2d5d2c77faa3
files .hgtags THIRD_PARTY_README make/data/lsrdata/language-subtag-registry.txt make/lib/SoundLibraries.gmk src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java src/macosx/native/sun/awt/AWTWindow.m src/share/classes/com/sun/java/swing/plaf/gtk/GTKPainter.java src/share/classes/java/lang/ClassValue.java src/share/classes/java/nio/Bits.java src/share/classes/javax/swing/plaf/basic/BasicComboBoxUI.java src/share/classes/javax/swing/plaf/metal/MetalIconFactory.java src/share/classes/sun/security/ec/CurveDB.java src/share/classes/sun/security/ec/ECParameters.java src/share/classes/sun/security/ec/ECPrivateKeyImpl.java src/share/classes/sun/security/ec/NamedCurve.java src/share/classes/sun/security/krb5/Config.java src/share/classes/sun/security/krb5/internal/CredentialsUtil.java src/share/classes/sun/security/pkcs11/P11AEADCipher.java src/share/classes/sun/security/pkcs11/P11Cipher.java src/share/classes/sun/security/pkcs11/P11Signature.java src/share/classes/sun/security/pkcs11/SunPKCS11.java src/share/classes/sun/security/provider/ByteArrayAccess.java src/share/classes/sun/security/ssl/SSLContextImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/share/classes/sun/security/tools/jarsigner/Main.java src/share/classes/sun/security/tools/keytool/Main.java src/share/classes/sun/security/tools/keytool/Resources.java src/share/classes/sun/security/util/HostnameChecker.java src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java src/share/lib/security/java.security-aix src/share/lib/security/java.security-linux src/share/lib/security/java.security-macosx src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows src/share/native/com/sun/media/sound/SoundDefs.h src/share/native/sun/font/freetypeScaler.c src/solaris/bin/aarch64/jvm.cfg src/solaris/classes/sun/awt/X11/XFramePeer.java src/windows/classes/sun/awt/windows/WWindowPeer.java src/windows/native/sun/windows/awt_Toolkit.cpp src/windows/native/sun/windows/awt_Window.cpp src/windows/native/sun/windows/awt_Window.h test/ProblemList.txt test/java/awt/print/PrinterJob/PrintTextTest.html test/javax/sound/midi/Gervill/ModelByteBuffer/GetInputStream.java test/javax/sound/midi/Gervill/ModelByteBuffer/GetRoot.java test/javax/sound/midi/Gervill/ModelByteBuffer/Load.java test/javax/sound/midi/Gervill/ModelByteBuffer/LoadAll.java test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArray.java test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArrayIntInt.java test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFile.java test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFileLongLong.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Available.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Close.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkReset.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkSupported.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Read.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByte.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByteIntInt.java test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Skip.java test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLong.java test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLong.java test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLongBoolean.java test/javax/sound/midi/Gervill/ModelByteBuffer/Unload.java test/javax/sound/midi/Gervill/ModelByteBuffer/WriteTo.java test/javax/sound/midi/Gervill/ModelByteBufferWavetable/OpenStream.java test/javax/sound/midi/MidiSystem/testdata/lib/conf/sound.properties test/javax/sound/sampled/AudioSystem/testdata/lib/conf/sound.properties test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.sh test/sun/security/tools/jarsigner/TimestampCheck.java
diffstat 188 files changed, 7796 insertions(+), 2661 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Feb 05 20:19:32 2021 +0000
+++ b/.hgtags	Mon Apr 19 04:23:30 2021 +0100
@@ -1157,3 +1157,9 @@
 6fe9792e7893a43c0718cf6d5082f62f9bc52787 jdk8u282-b08
 6fe9792e7893a43c0718cf6d5082f62f9bc52787 jdk8u282-ga
 d8a3d99c03500de64183f959d6bd0bcb6429b64f icedtea-3.18.0
+78c875107d40690f05751ea7bf16cb7766edd51d jdk8u292-b00
+09d51037f62f6bf58581753efa2fdb7758e4fb45 jdk8u292-b01
+883f758c85ab2824e73594a8dcba87711d311646 jdk8u292-b02
+daac853357a501b21955518977d11b9121ff3197 jdk8u292-b03
+37cc96fde9118f2422db288dcecc4b3f51c1dacf jdk8u292-b04
+7c8bbbfe6acbe08eadae04e1ec46d94e9f98b743 jdk8u292-b05
--- a/THIRD_PARTY_README	Fri Feb 05 20:19:32 2021 +0000
+++ b/THIRD_PARTY_README	Mon Apr 19 04:23:30 2021 +0100
@@ -155,7 +155,7 @@
 -------------------------------------------------------------------------------
 
 %% This notice is provided with respect to CUP Parser Generator for
-Java 0.10b, which may be included with JRE 8, JDK 8, and OpenJDK 8.
+Java 0.11b, which may be included with JRE 8, JDK 8, and OpenJDK 8.
 
 --- begin of LICENSE ---
 
--- a/make/data/lsrdata/language-subtag-registry.txt	Fri Feb 05 20:19:32 2021 +0000
+++ b/make/data/lsrdata/language-subtag-registry.txt	Mon Apr 19 04:23:30 2021 +0100
@@ -1,4 +1,4 @@
-File-Date: 2019-04-03
+File-Date: 2019-09-16
 %%
 Type: language
 Subtag: aa
@@ -2096,6 +2096,8 @@
 Subtag: ais
 Description: Nataoran Amis
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Comments: see ami, szy
 %%
 Type: language
 Subtag: ait
@@ -2633,6 +2635,7 @@
 Type: language
 Subtag: ant
 Description: Antakarinya
+Description: Antikarinya
 Added: 2009-07-29
 %%
 Type: language
@@ -3094,6 +3097,8 @@
 Subtag: asd
 Description: Asas
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Preferred-Value: snz
 %%
 Type: language
 Subtag: ase
@@ -4135,7 +4140,7 @@
 %%
 Type: language
 Subtag: bck
-Description: Bunaba
+Description: Bunuba
 Added: 2009-07-29
 %%
 Type: language
@@ -6930,7 +6935,7 @@
 %%
 Type: language
 Subtag: bym
-Description: Bidyara
+Description: Bidjara
 Added: 2009-07-29
 %%
 Type: language
@@ -7564,6 +7569,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: cey
+Description: Ekai Chin
+Added: 2019-04-16
+%%
+Type: language
 Subtag: cfa
 Description: Dijim-Bwilim
 Added: 2009-07-29
@@ -9439,6 +9449,7 @@
 Type: language
 Subtag: dif
 Description: Dieri
+Description: Diyari
 Added: 2009-07-29
 %%
 Type: language
@@ -9515,6 +9526,8 @@
 Subtag: dit
 Description: Dirari
 Added: 2009-07-29
+Deprecated: 2019-04-29
+Preferred-Value: dif
 %%
 Type: language
 Subtag: diu
@@ -9560,6 +9573,7 @@
 Type: language
 Subtag: djd
 Description: Djamindjung
+Description: Ngaliwurru
 Added: 2009-07-29
 %%
 Type: language
@@ -9603,6 +9617,7 @@
 %%
 Type: language
 Subtag: djn
+Description: Jawoyn
 Description: Djauan
 Added: 2009-07-29
 %%
@@ -10191,6 +10206,8 @@
 Subtag: dud
 Description: Hun-Saare
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Comments: see uth, uss
 %%
 Type: language
 Subtag: due
@@ -10382,6 +10399,7 @@
 Type: language
 Subtag: dyn
 Description: Dyangadi
+Description: Dhanggatti
 Added: 2009-07-29
 %%
 Type: language
@@ -10396,6 +10414,7 @@
 %%
 Type: language
 Subtag: dyy
+Description: Djabugay
 Description: Dyaabugay
 Added: 2009-07-29
 %%
@@ -11672,7 +11691,7 @@
 %%
 Type: language
 Subtag: gbd
-Description: Karadjeri
+Description: Karajarri
 Added: 2009-07-29
 %%
 Type: language
@@ -12056,7 +12075,7 @@
 %%
 Type: language
 Subtag: gge
-Description: Guragone
+Description: Gurr-goni
 Added: 2009-07-29
 %%
 Type: language
@@ -12169,7 +12188,7 @@
 %%
 Type: language
 Subtag: gia
-Description: Kitja
+Description: Kija
 Added: 2009-07-29
 %%
 Type: language
@@ -12955,7 +12974,7 @@
 %%
 Type: language
 Subtag: gue
-Description: Gurinji
+Description: Gurindji
 Added: 2009-07-29
 %%
 Type: language
@@ -15292,6 +15311,7 @@
 Type: language
 Subtag: jay
 Description: Yan-nhangu
+Description: Nhangu
 Added: 2009-07-29
 %%
 Type: language
@@ -15488,6 +15508,7 @@
 %%
 Type: language
 Subtag: jig
+Description: Jingulu
 Description: Djingili
 Added: 2009-07-29
 %%
@@ -17222,6 +17243,7 @@
 Type: language
 Subtag: kkp
 Description: Gugubera
+Description: Koko-Bera
 Added: 2009-07-29
 %%
 Type: language
@@ -17266,6 +17288,7 @@
 %%
 Type: language
 Subtag: kky
+Description: Guugu Yimidhirr
 Description: Guguyimidjir
 Added: 2009-07-29
 %%
@@ -18320,6 +18343,7 @@
 Type: language
 Subtag: ktd
 Description: Kokata
+Description: Kukatha
 Added: 2009-07-29
 %%
 Type: language
@@ -19341,6 +19365,7 @@
 Subtag: lba
 Description: Lui
 Added: 2009-07-29
+Deprecated: 2019-04-16
 %%
 Type: language
 Subtag: lbb
@@ -19396,7 +19421,7 @@
 %%
 Type: language
 Subtag: lbn
-Description: Lamet
+Description: Rmeet
 Added: 2009-07-29
 %%
 Type: language
@@ -19446,6 +19471,7 @@
 %%
 Type: language
 Subtag: lby
+Description: Lamalama
 Description: Lamu-Lamu
 Added: 2009-07-29
 %%
@@ -20162,6 +20188,8 @@
 Subtag: llo
 Description: Khlor
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Preferred-Value: ngt
 %%
 Type: language
 Subtag: llp
@@ -20654,6 +20682,11 @@
 Macrolanguage: luy
 %%
 Type: language
+Subtag: lsn
+Description: Tibetan Sign Language
+Added: 2019-04-16
+%%
+Type: language
 Subtag: lso
 Description: Laos Sign Language
 Added: 2009-07-29
@@ -20680,6 +20713,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: lsv
+Description: Sivia Sign Language
+Added: 2019-04-16
+%%
+Type: language
 Subtag: lsy
 Description: Mauritian Sign Language
 Added: 2010-03-11
@@ -20848,6 +20886,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: lvi
+Description: Lavi
+Added: 2019-04-16
+%%
+Type: language
 Subtag: lvk
 Description: Lavukaleve
 Added: 2009-07-29
@@ -21454,7 +21497,7 @@
 %%
 Type: language
 Subtag: mec
-Description: Mara
+Description: Marra
 Added: 2009-07-29
 %%
 Type: language
@@ -21523,7 +21566,7 @@
 %%
 Type: language
 Subtag: mep
-Description: Miriwung
+Description: Miriwoong
 Added: 2009-07-29
 %%
 Type: language
@@ -21660,7 +21703,7 @@
 %%
 Type: language
 Subtag: mfr
-Description: Marithiel
+Description: Marrithiyel
 Added: 2009-07-29
 %%
 Type: language
@@ -22853,12 +22896,13 @@
 %%
 Type: language
 Subtag: mpb
+Description: Malak Malak
 Description: Mullukmulluk
 Added: 2009-07-29
 %%
 Type: language
 Subtag: mpc
-Description: Mangarayi
+Description: Mangarrayi
 Added: 2009-07-29
 %%
 Type: language
@@ -22889,6 +22933,7 @@
 Type: language
 Subtag: mpj
 Description: Martu Wangka
+Description: Wangkajunga
 Added: 2009-07-29
 %%
 Type: language
@@ -24015,6 +24060,8 @@
 Subtag: myd
 Description: Maramba
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Preferred-Value: aog
 %%
 Type: language
 Subtag: mye
@@ -24040,6 +24087,7 @@
 Subtag: myi
 Description: Mina (India)
 Added: 2009-07-29
+Deprecated: 2019-04-16
 %%
 Type: language
 Subtag: myj
@@ -24375,7 +24423,7 @@
 %%
 Type: language
 Subtag: nay
-Description: Narrinyeri
+Description: Ngarrindjeri
 Added: 2009-07-29
 %%
 Type: language
@@ -24432,7 +24480,7 @@
 %%
 Type: language
 Subtag: nbj
-Description: Ngarinman
+Description: Ngarinyman
 Added: 2009-07-29
 %%
 Type: language
@@ -24467,7 +24515,7 @@
 %%
 Type: language
 Subtag: nbr
-Description: Numana-Nunku-Gbantu-Numbu
+Description: Numana
 Added: 2009-07-29
 %%
 Type: language
@@ -24559,7 +24607,7 @@
 %%
 Type: language
 Subtag: nck
-Description: Nakara
+Description: Na-kara
 Added: 2009-07-29
 %%
 Type: language
@@ -24931,7 +24979,7 @@
 %%
 Type: language
 Subtag: ngh
-Description: Nǀu
+Description: Nǁng
 Added: 2009-07-29
 %%
 Type: language
@@ -25176,7 +25224,7 @@
 %%
 Type: language
 Subtag: nig
-Description: Ngalakan
+Description: Ngalakgan
 Added: 2009-07-29
 %%
 Type: language
@@ -25798,6 +25846,8 @@
 Subtag: nns
 Description: Ningye
 Added: 2009-07-29
+Deprecated: 2019-04-16
+Preferred-Value: nbr
 %%
 Type: language
 Subtag: nnt
@@ -26658,7 +26708,7 @@
 %%
 Type: language
 Subtag: nyh
-Description: Nyigina
+Description: Nyikina
 Added: 2009-07-29
 %%
 Type: language
@@ -26713,7 +26763,7 @@
 %%
 Type: language
 Subtag: nys
-Description: Nyunga
+Description: Nyungar
 Added: 2009-07-29
 %%
 Type: language
@@ -28707,6 +28757,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: pnd
+Description: Mpinda
+Added: 2019-04-16
+%%
+Type: language
 Subtag: pne
 Description: Western Penan
 Added: 2009-07-29
@@ -28794,6 +28849,7 @@
 %%
 Type: language
 Subtag: pnw
+Description: Banyjima
 Description: Panytyima
 Added: 2009-07-29
 %%
@@ -29251,7 +29307,8 @@
 %%
 Type: language
 Subtag: pti
-Description: Pintiini
+Description: Pindiini
+Description: Wangkatha
 Added: 2009-07-29
 %%
 Type: language
@@ -30133,6 +30190,7 @@
 %%
 Type: language
 Subtag: ril
+Description: Riang Lang
 Description: Riang (Myanmar)
 Added: 2009-07-29
 %%
@@ -30153,7 +30211,7 @@
 %%
 Type: language
 Subtag: rit
-Description: Ritarungo
+Description: Ritharrngu
 Added: 2009-07-29
 %%
 Type: language
@@ -30219,7 +30277,7 @@
 %%
 Type: language
 Subtag: rmb
-Description: Rembarunga
+Description: Rembarrnga
 Added: 2009-07-29
 %%
 Type: language
@@ -30641,6 +30699,7 @@
 Type: language
 Subtag: rxw
 Description: Karuwali
+Description: Garuwali
 Added: 2013-09-10
 %%
 Type: language
@@ -32206,7 +32265,7 @@
 %%
 Type: language
 Subtag: snz
-Description: Sinsauru
+Description: Kou
 Added: 2009-07-29
 %%
 Type: language
@@ -32883,6 +32942,7 @@
 Subtag: suj
 Description: Shubi
 Added: 2009-07-29
+Comments: see also xsj
 %%
 Type: language
 Subtag: suk
@@ -33312,6 +33372,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: szy
+Description: Sakizaya
+Added: 2019-04-16
+%%
+Type: language
 Subtag: taa
 Description: Lower Tanana
 Added: 2009-07-29
@@ -33465,6 +33530,7 @@
 %%
 Type: language
 Subtag: tbh
+Description: Dharawal
 Description: Thurawal
 Added: 2009-07-29
 %%
@@ -33644,6 +33710,7 @@
 Type: language
 Subtag: tcs
 Description: Torres Strait Creole
+Description: Yumplatok
 Added: 2009-07-29
 %%
 Type: language
@@ -34067,6 +34134,7 @@
 %%
 Type: language
 Subtag: thd
+Description: Kuuk Thaayorre
 Description: Thayore
 Added: 2009-07-29
 %%
@@ -34310,6 +34378,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: tjj
+Description: Tjungundji
+Added: 2019-04-16
+%%
+Type: language
 Subtag: tjl
 Description: Tai Laing
 Added: 2012-08-12
@@ -34330,6 +34403,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: tjp
+Description: Tjupany
+Added: 2019-04-16
+%%
+Type: language
 Subtag: tjs
 Description: Southern Tujia
 Added: 2009-07-29
@@ -35679,6 +35757,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: tvx
+Description: Taivoan
+Added: 2019-04-16
+%%
+Type: language
 Subtag: tvy
 Description: Timor Pidgin
 Added: 2009-07-29
@@ -36230,7 +36313,7 @@
 %%
 Type: language
 Subtag: ulk
-Description: Meriam
+Description: Meriam Mir
 Added: 2009-07-29
 %%
 Type: language
@@ -36280,6 +36363,7 @@
 %%
 Type: language
 Subtag: umg
+Description: Morrobalama
 Description: Umbuygamu
 Added: 2009-07-29
 %%
@@ -36550,6 +36634,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: uss
+Description: us-Saare
+Added: 2019-04-16
+%%
+Type: language
 Subtag: usu
 Description: Uya
 Added: 2009-07-29
@@ -36565,6 +36654,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: uth
+Description: ut-Hun
+Added: 2019-04-16
+%%
+Type: language
 Subtag: utp
 Description: Amba (Solomon Islands)
 Added: 2009-07-29
@@ -37178,7 +37272,7 @@
 %%
 Type: language
 Subtag: waq
-Description: Wageman
+Description: Wagiman
 Added: 2009-07-29
 %%
 Type: language
@@ -37301,7 +37395,7 @@
 %%
 Type: language
 Subtag: wbt
-Description: Wanman
+Description: Warnman
 Added: 2009-07-29
 %%
 Type: language
@@ -37448,6 +37542,7 @@
 %%
 Type: language
 Subtag: wgg
+Description: Wangkangurru
 Description: Wangganguru
 Added: 2009-07-29
 %%
@@ -37521,7 +37616,7 @@
 %%
 Type: language
 Subtag: wig
-Description: Wik-Ngathana
+Description: Wik Ngathan
 Added: 2009-07-29
 %%
 Type: language
@@ -37625,6 +37720,11 @@
 Added: 2009-07-29
 %%
 Type: language
+Subtag: wkr
+Description: Keerray-Woorroong
+Added: 2019-04-16
+%%
+Type: language
 Subtag: wku
 Description: Kunduvadi
 Added: 2009-07-29
@@ -37857,10 +37957,12 @@
 Type: language
 Subtag: wny
 Description: Wanyi
+Description: Waanyi
 Added: 2012-08-12
 %%
 Type: language
 Subtag: woa
+Description: Kuwema
 Description: Tyaraity
 Added: 2009-07-29
 %%
@@ -37951,6 +38053,7 @@
 %%
 Type: language
 Subtag: wrb
+Description: Waluwarra
 Description: Warluwara
 Added: 2009-07-29
 %%
@@ -37962,11 +38065,12 @@
 Type: language
 Subtag: wrg
 Description: Warungu
+Description: Gudjal
 Added: 2009-07-29
 %%
 Type: language
 Subtag: wrh
-Description: Wiradhuri
+Description: Wiradjuri
 Added: 2009-07-29
 %%
 Type: language
@@ -38439,6 +38543,7 @@
 %%
 Type: language
 Subtag: xby
+Description: Batjala
 Description: Batyala
 Added: 2013-09-10
 %%
@@ -38998,7 +39103,7 @@
 %%
 Type: language
 Subtag: xmh
-Description: Kuku-Muminh
+Description: Kugu-Muminh
 Added: 2009-07-29
 %%
 Type: language
@@ -39423,8 +39528,7 @@
 Subtag: xsj
 Description: Subi
 Added: 2009-07-29
-Deprecated: 2015-02-12
-Preferred-Value: suj
+Comments: see also suj
 %%
 Type: language
 Subtag: xsl
@@ -40258,6 +40362,7 @@
 %%
 Type: language
 Subtag: yin
+Description: Riang Lai
 Description: Yinchia
 Added: 2009-07-29
 %%
@@ -41562,12 +41667,13 @@
 %%
 Type: language
 Subtag: zml
-Description: Madngele
+Description: Matngala
 Added: 2009-07-29
 %%
 Type: language
 Subtag: zmm
 Description: Marimanindji
+Description: Marramaninyshi
 Added: 2009-07-29
 %%
 Type: language
@@ -43019,6 +43125,13 @@
 Prefix: sgn
 %%
 Type: extlang
+Subtag: lsn
+Description: Tibetan Sign Language
+Added: 2019-04-16
+Preferred-Value: lsn
+Prefix: sgn
+%%
+Type: extlang
 Subtag: lso
 Description: Laos Sign Language
 Added: 2009-07-29
@@ -43041,6 +43154,13 @@
 Prefix: sgn
 %%
 Type: extlang
+Subtag: lsv
+Description: Sivia Sign Language
+Added: 2019-04-16
+Preferred-Value: lsv
+Prefix: sgn
+%%
+Type: extlang
 Subtag: lsy
 Description: Mauritian Sign Language
 Added: 2010-03-11
@@ -43966,6 +44086,11 @@
 Added: 2005-10-16
 %%
 Type: script
+Subtag: Chrs
+Description: Chorasmian
+Added: 2019-09-11
+%%
+Type: script
 Subtag: Cirt
 Description: Cirth
 Added: 2005-10-16
@@ -44002,6 +44127,11 @@
 Added: 2005-10-16
 %%
 Type: script
+Subtag: Diak
+Description: Dives Akuru
+Added: 2019-09-11
+%%
+Type: script
 Subtag: Dogr
 Description: Dogra
 Added: 2017-01-13
@@ -44839,6 +44969,11 @@
 Added: 2005-10-16
 %%
 Type: script
+Subtag: Yezi
+Description: Yezidi
+Added: 2019-09-11
+%%
+Type: script
 Subtag: Yiii
 Description: Yi
 Added: 2005-10-16
@@ -45683,7 +45818,7 @@
 %%
 Type: region
 Subtag: MK
-Description: The Former Yugoslav Republic of Macedonia
+Description: North Macedonia
 Added: 2005-10-16
 %%
 Type: region
--- a/make/lib/SoundLibraries.gmk	Fri Feb 05 20:19:32 2021 +0000
+++ b/make/lib/SoundLibraries.gmk	Mon Apr 19 04:23:30 2021 +0100
@@ -187,6 +187,10 @@
   ifeq ($(OPENJDK_TARGET_CPU), ppc64le)
        LIBJSOUND_CFLAGS += -DX_ARCH=X_PPC64LE
   endif
+
+  ifeq ($(OPENJDK_TARGET_CPU), aarch64)
+	LIBJSOUND_CFLAGS += -DX_ARCH=X_AARCH64
+  endif
 endif
 
 LIBJSOUND_CFLAGS += -DEXTRA_SOUND_JNI_LIBS='"$(EXTRA_SOUND_JNI_LIBS)"'
--- a/src/linux/classes/jdk/internal/platform/cgroupv1/Metrics.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/linux/classes/jdk/internal/platform/cgroupv1/Metrics.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,8 +26,8 @@
 
 package jdk.internal.platform.cgroupv1;
 
-import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -36,8 +36,10 @@
 import java.security.PrivilegedExceptionAction;
 import java.util.stream.Stream;
 
+import jdk.internal.platform.cgroupv1.SubSystem.MemorySubSystem;
+
 public class Metrics implements jdk.internal.platform.Metrics {
-    private SubSystem memory;
+    private MemorySubSystem memory;
     private SubSystem cpu;
     private SubSystem cpuacct;
     private SubSystem cpuset;
@@ -84,6 +86,8 @@
 
         } catch (IOException e) {
             return null;
+        } catch (UncheckedIOException e) {
+            return null;
         }
 
         /**
@@ -118,6 +122,8 @@
 
         } catch (IOException e) {
             return null;
+        } catch (UncheckedIOException e) {
+            return null;
         }
 
         // Return Metrics object if we found any subsystems.
@@ -135,6 +141,8 @@
         } catch (PrivilegedActionException e) {
             unwrapIOExceptionAndRethrow(e);
             throw new InternalError(e.getCause());
+        } catch (UncheckedIOException e) {
+            throw e.getCause();
         }
     }
 
@@ -159,7 +167,7 @@
         for (String subsystemName: subsystemNames) {
             switch (subsystemName) {
                 case "memory":
-                    metric.setMemorySubSystem(new SubSystem(mountentry[3], mountentry[4]));
+                    metric.setMemorySubSystem(new MemorySubSystem(mountentry[3], mountentry[4]));
                     break;
                 case "cpuset":
                     metric.setCpuSetSubSystem(new SubSystem(mountentry[3], mountentry[4]));
@@ -184,50 +192,58 @@
      * setSubSystemPath based on the contents of /proc/self/cgroup
      */
     private static void setSubSystemPath(Metrics metric, String[] entry) {
-        String controller;
-        String base;
-        SubSystem subsystem = null;
-        SubSystem subsystem2 = null;
-
-        controller = entry[1];
-        base = entry[2];
+        String controller = entry[1];
+        String base = entry[2];
         if (controller != null && base != null) {
-            switch (controller) {
-                case "memory":
-                    subsystem = metric.MemorySubSystem();
-                    break;
-                case "cpuset":
-                    subsystem = metric.CpuSetSubSystem();
-                    break;
-                case "cpu,cpuacct":
-                case "cpuacct,cpu":
-                    subsystem = metric.CpuSubSystem();
-                    subsystem2 = metric.CpuAcctSubSystem();
-                    break;
-                case "cpuacct":
-                    subsystem = metric.CpuAcctSubSystem();
-                    break;
-                case "cpu":
-                    subsystem = metric.CpuSubSystem();
-                    break;
-                case "blkio":
-                    subsystem = metric.BlkIOSubSystem();
-                    break;
-                // Ignore subsystems that we don't support
-                default:
-                    break;
+            for (String cName: controller.split(",")) {
+                switch (cName) {
+                    case "memory":
+                        setPath(metric, metric.MemorySubSystem(), base);
+                        break;
+                    case "cpuset":
+                        setPath(metric, metric.CpuSetSubSystem(), base);
+                        break;
+                    case "cpuacct":
+                        setPath(metric, metric.CpuAcctSubSystem(), base);
+                        break;
+                    case "cpu":
+                        setPath(metric, metric.CpuSubSystem(), base);
+                        break;
+                    case "blkio":
+                        setPath(metric, metric.BlkIOSubSystem(), base);
+                        break;
+                    // Ignore subsystems that we don't support
+                    default:
+                        break;
+                }
             }
         }
-
-        if (subsystem != null) {
-            subsystem.setPath(base);
-            metric.setActiveSubSystems();
-        }
-        if (subsystem2 != null) {
-            subsystem2.setPath(base);
-        }
     }
 
+    private static void setPath(Metrics metric, SubSystem subsystem, String base) {
+        if (subsystem != null) {
+            subsystem.setPath(base);
+            if (subsystem instanceof MemorySubSystem) {
+                MemorySubSystem memorySubSystem = (MemorySubSystem)subsystem;
+                boolean isHierarchial = getHierarchical(memorySubSystem);
+                memorySubSystem.setHierarchical(isHierarchial);
+                boolean isSwapEnabled = getSwapEnabled(memorySubSystem);
+                memorySubSystem.setSwapEnabled(isSwapEnabled);
+            }
+            metric.setActiveSubSystems();
+        }
+    }
+
+
+    private static boolean getHierarchical(MemorySubSystem subsystem) {
+        long hierarchical = SubSystem.getLongValue(subsystem, "memory.use_hierarchy");
+        return hierarchical > 0;
+    }
+
+    private static boolean getSwapEnabled(MemorySubSystem subsystem) {
+        long retval = SubSystem.getLongValue(subsystem, "memory.memsw.limit_in_bytes");
+        return retval > 0;
+    }
 
     private void setActiveSubSystems() {
         activeSubSystems = true;
@@ -237,7 +253,7 @@
         return activeSubSystems;
     }
 
-    private void setMemorySubSystem(SubSystem memory) {
+    private void setMemorySubSystem(MemorySubSystem memory) {
         this.memory = memory;
     }
 
@@ -392,9 +408,29 @@
 
     public long getMemoryLimit() {
         long retval = SubSystem.getLongValue(memory, "memory.limit_in_bytes");
+        if (retval > unlimited_minimum) {
+            if (memory.isHierarchical()) {
+                // memory.limit_in_bytes returned unlimited, attempt
+                // hierarchical memory limit
+                String match = "hierarchical_memory_limit";
+                retval = SubSystem.getLongValueMatchingLine(memory,
+                                                            "memory.stat",
+                                                            match,
+                                                            Metrics::convertHierachicalLimitLine);
+            }
+        }
         return retval > unlimited_minimum ? -1L : retval;
     }
 
+    public static long convertHierachicalLimitLine(String line) {
+        String[] tokens = line.split("\\s");
+        if (tokens.length == 2) {
+            String strVal = tokens[1];
+            return SubSystem.convertStringToLong(strVal);
+        }
+        return unlimited_minimum + 1; // unlimited
+    }
+
     public long getMemoryMaxUsage() {
         return SubSystem.getLongValue(memory, "memory.max_usage_in_bytes");
     }
@@ -438,19 +474,42 @@
     }
 
     public long getMemoryAndSwapFailCount() {
+        if (memory != null && !memory.isSwapEnabled()) {
+            return getMemoryFailCount();
+        }
         return SubSystem.getLongValue(memory, "memory.memsw.failcnt");
     }
 
     public long getMemoryAndSwapLimit() {
+        if (memory != null && !memory.isSwapEnabled()) {
+            return getMemoryLimit();
+        }
         long retval = SubSystem.getLongValue(memory, "memory.memsw.limit_in_bytes");
+        if (retval > unlimited_minimum) {
+            if (memory.isHierarchical()) {
+                // memory.memsw.limit_in_bytes returned unlimited, attempt
+                // hierarchical memory limit
+                String match = "hierarchical_memsw_limit";
+                retval = SubSystem.getLongValueMatchingLine(memory,
+                                                            "memory.stat",
+                                                            match,
+                                                            Metrics::convertHierachicalLimitLine);
+            }
+        }
         return retval > unlimited_minimum ? -1L : retval;
     }
 
     public long getMemoryAndSwapMaxUsage() {
+        if (memory != null && !memory.isSwapEnabled()) {
+            return getMemoryMaxUsage();
+        }
         return SubSystem.getLongValue(memory, "memory.memsw.max_usage_in_bytes");
     }
 
     public long getMemoryAndSwapUsage() {
+        if (memory != null && !memory.isSwapEnabled()) {
+            return getMemoryUsage();
+        }
         return SubSystem.getLongValue(memory, "memory.memsw.usage_in_bytes");
     }
 
--- a/src/linux/classes/jdk/internal/platform/cgroupv1/SubSystem.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/linux/classes/jdk/internal/platform/cgroupv1/SubSystem.java	Mon Apr 19 04:23:30 2021 +0100
@@ -27,6 +27,7 @@
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -34,7 +35,9 @@
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
+import java.util.List;
 import java.util.Optional;
+import java.util.function.Function;
 import java.util.stream.Stream;
 
 public class SubSystem {
@@ -108,12 +111,49 @@
         } catch (PrivilegedActionException e) {
             Metrics.unwrapIOExceptionAndRethrow(e);
             throw new InternalError(e.getCause());
+        } catch (UncheckedIOException e) {
+            throw e.getCause();
+        }
+    }
+
+    public static long getLongValueMatchingLine(SubSystem subsystem,
+                                                     String param,
+                                                     String match,
+                                                     Function<String, Long> conversion) {
+        long retval = Metrics.unlimited_minimum + 1; // default unlimited
+        try {
+            List<String> lines = subsystem.readMatchingLines(param);
+            for (String line: lines) {
+                if (line.contains(match)) {
+                    retval = conversion.apply(line);
+                    break;
+                }
+            }
+        } catch (IOException e) {
+            // Ignore. Default is unlimited.
+        }
+        return retval;
+    }
+
+    private List<String> readMatchingLines(String param) throws IOException {
+        try {
+            PrivilegedExceptionAction<List<String>> pea = () ->
+                    Files.readAllLines(Paths.get(path(), param));
+            return AccessController.doPrivileged(pea);
+        } catch (PrivilegedActionException e) {
+            Metrics.unwrapIOExceptionAndRethrow(e);
+            throw new InternalError(e.getCause());
+        } catch (UncheckedIOException e) {
+            throw e.getCause();
         }
     }
 
     public static long getLongValue(SubSystem subsystem, String parm) {
         String strval = getStringValue(subsystem, parm);
+        return convertStringToLong(strval);
+    }
 
+    public static long convertStringToLong(String strval) {
         if (strval == null) return 0L;
 
         long retval = Long.parseLong(strval);
@@ -158,8 +198,9 @@
                                            .findFirst();
 
             return result.isPresent() ? Long.parseLong(result.get()) : 0L;
-        }
-        catch (IOException e) {
+        } catch (IOException e) {
+            return 0L;
+        } catch (UncheckedIOException e) {
             return 0L;
         }
     }
@@ -218,4 +259,31 @@
 
         return ints;
     }
+
+    public static class MemorySubSystem extends SubSystem {
+
+        private boolean hierarchical;
+        private boolean swapenabled;
+
+        public MemorySubSystem(String root, String mountPoint) {
+            super(root, mountPoint);
+        }
+
+        boolean isHierarchical() {
+            return hierarchical;
+        }
+
+        void setHierarchical(boolean hierarchical) {
+            this.hierarchical = hierarchical;
+        }
+
+        boolean isSwapEnabled() {
+            return swapenabled;
+        }
+
+        void setSwapEnabled(boolean swapenabled) {
+            this.swapenabled = swapenabled;
+        }
+
+    }
 }
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java	Mon Apr 19 04:23:30 2021 +0100
@@ -102,7 +102,8 @@
     public static final String WINDOW_FADE_IN = "apple.awt._windowFadeIn";
     public static final String WINDOW_FADE_OUT = "apple.awt._windowFadeOut";
     public static final String WINDOW_FULLSCREENABLE = "apple.awt.fullscreenable";
-
+    public static final String WINDOW_FULL_CONTENT = "apple.awt.fullWindowContent";
+    public static final String WINDOW_TRANSPARENT_TITLE_BAR = "apple.awt.transparentTitleBar";
 
     // Yeah, I know. But it's easier to deal with ints from JNI
     static final int MODELESS = 0;
@@ -129,8 +130,10 @@
     static final int IS_DIALOG = 1 << 25;
     static final int IS_MODAL = 1 << 26;
     static final int IS_POPUP = 1 << 27;
+    static final int FULL_WINDOW_CONTENT = 1 << 14;
 
-    static final int _STYLE_PROP_BITMASK = DECORATED | TEXTURED | UNIFIED | UTILITY | HUD | SHEET | CLOSEABLE | MINIMIZABLE | RESIZABLE;
+    static final int _STYLE_PROP_BITMASK = DECORATED | TEXTURED | UNIFIED | UTILITY | HUD | SHEET | CLOSEABLE
+                                             | MINIMIZABLE | RESIZABLE | FULL_WINDOW_CONTENT;
 
     // corresponds to method-based properties
     static final int HAS_SHADOW = 1 << 10;
@@ -141,8 +144,11 @@
     static final int DRAGGABLE_BACKGROUND = 1 << 19;
     static final int DOCUMENT_MODIFIED = 1 << 21;
     static final int FULLSCREENABLE = 1 << 23;
+    static final int TRANSPARENT_TITLE_BAR = 1 << 18;
 
-    static final int _METHOD_PROP_BITMASK = RESIZABLE | HAS_SHADOW | ZOOMABLE | ALWAYS_ON_TOP | HIDES_ON_DEACTIVATE | DRAGGABLE_BACKGROUND | DOCUMENT_MODIFIED | FULLSCREENABLE;
+    static final int _METHOD_PROP_BITMASK = RESIZABLE | HAS_SHADOW | ZOOMABLE | ALWAYS_ON_TOP | HIDES_ON_DEACTIVATE
+                                              | DRAGGABLE_BACKGROUND | DOCUMENT_MODIFIED | FULLSCREENABLE
+                                              | TRANSPARENT_TITLE_BAR;
 
     // corresponds to callback-based properties
     static final int SHOULD_BECOME_KEY = 1 << 12;
@@ -197,7 +203,19 @@
 
             final String filename = ((java.io.File)value).getAbsolutePath();
             c.execute(ptr->nativeSetNSWindowRepresentedFilename(ptr, filename));
-        }}
+        }},
+        new Property<CPlatformWindow>(WINDOW_FULL_CONTENT) {
+            public void applyProperty(final CPlatformWindow c, final Object value) {
+                boolean isFullWindowContent = Boolean.parseBoolean(value.toString());
+                c.setStyleBits(FULL_WINDOW_CONTENT, isFullWindowContent);
+            }
+        },
+        new Property<CPlatformWindow>(WINDOW_TRANSPARENT_TITLE_BAR) {
+            public void applyProperty(final CPlatformWindow c, final Object value) {
+                boolean isTransparentTitleBar = Boolean.parseBoolean(value.toString());
+                c.setStyleBits(TRANSPARENT_TITLE_BAR, isTransparentTitleBar);
+            }
+        }
     }) {
         public CPlatformWindow convertJComponentToTarget(final JRootPane p) {
             Component root = SwingUtilities.getRoot(p);
@@ -417,6 +435,16 @@
             if (prop != null) {
                 styleBits = SET(styleBits, DRAGGABLE_BACKGROUND, Boolean.parseBoolean(prop.toString()));
             }
+
+            prop = rootpane.getClientProperty(WINDOW_FULL_CONTENT);
+            if (prop != null) {
+                styleBits = SET(styleBits, FULL_WINDOW_CONTENT, Boolean.parseBoolean(prop.toString()));
+            }
+
+            prop = rootpane.getClientProperty(WINDOW_TRANSPARENT_TITLE_BAR);
+            if (prop != null) {
+                styleBits = SET(styleBits, TRANSPARENT_TITLE_BAR, Boolean.parseBoolean(prop.toString()));
+            }
         }
 
         if (isDialog) {
--- a/src/macosx/native/sun/awt/AWTWindow.m	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/macosx/native/sun/awt/AWTWindow.m	Mon Apr 19 04:23:30 2021 +0100
@@ -202,9 +202,10 @@
     NSUInteger type = 0;
     if (IS(styleBits, DECORATED)) {
         type |= NSTitledWindowMask;
-        if (IS(styleBits, CLOSEABLE))   type |= NSClosableWindowMask;
-        if (IS(styleBits, MINIMIZABLE)) type |= NSMiniaturizableWindowMask;
-        if (IS(styleBits, RESIZABLE))   type |= NSResizableWindowMask;
+        if (IS(styleBits, CLOSEABLE))            type |= NSClosableWindowMask;
+        if (IS(styleBits, MINIMIZABLE))          type |= NSMiniaturizableWindowMask;
+        if (IS(styleBits, RESIZABLE))            type |= NSResizableWindowMask;
+        if (IS(styleBits, FULL_WINDOW_CONTENT))  type |= NSFullSizeContentViewWindowMask;
     } else {
         type |= NSBorderlessWindowMask;
     }
@@ -263,6 +264,9 @@
         }
     }
 
+    if (IS(mask, TRANSPARENT_TITLE_BAR) && [self.nsWindow respondsToSelector:@selector(setTitlebarAppearsTransparent:)]) {
+        [self.nsWindow setTitlebarAppearsTransparent:IS(bits, TRANSPARENT_TITLE_BAR)];
+    }
 }
 
 - (id) initWithPlatformWindow:(JNFWeakJObjectWrapper *)platformWindow
@@ -1016,9 +1020,28 @@
         AWTWindow *window = (AWTWindow*)[nsWindow delegate];
 
         // scans the bit field, and only updates the values requested by the mask
-        // (this implicity handles the _CALLBACK_PROP_BITMASK case, since those are passive reads)
+        // (this implicitly handles the _CALLBACK_PROP_BITMASK case, since those are passive reads)
         jint newBits = window.styleBits & ~mask | bits & mask;
 
+        BOOL resized = NO;
+
+        // Check for a change to the full window content view option.
+        // The content view must be resized first, otherwise the window will be resized to fit the existing
+        // content view.
+        if (IS(mask, FULL_WINDOW_CONTENT)) {
+            if (IS(newBits, FULL_WINDOW_CONTENT) != IS(window.styleBits, FULL_WINDOW_CONTENT)) {
+                NSRect frame = [nsWindow frame];
+                NSUInteger styleMask = [AWTWindow styleMaskForStyleBits:newBits];
+                NSRect screenContentRect = [NSWindow contentRectForFrameRect:frame styleMask:styleMask];
+                NSRect contentFrame = NSMakeRect(screenContentRect.origin.x - frame.origin.x,
+                    screenContentRect.origin.y - frame.origin.y,
+                    screenContentRect.size.width,
+                    screenContentRect.size.height);
+                nsWindow.contentView.frame = contentFrame;
+                resized = YES;
+            }
+        }
+
         // resets the NSWindow's style mask if the mask intersects any of those bits
         if (mask & MASK(_STYLE_PROP_BITMASK)) {
             [nsWindow setStyleMask:[AWTWindow styleMaskForStyleBits:newBits]];
@@ -1030,6 +1053,10 @@
         }
 
         window.styleBits = newBits;
+
+        if (resized) {
+            [window _deliverMoveResizeEvent];
+        }
     }];
 
 JNF_COCOA_EXIT(env);
--- a/src/macosx/native/sun/font/AWTFont.m	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/macosx/native/sun/font/AWTFont.m	Mon Apr 19 04:23:30 2021 +0100
@@ -97,11 +97,32 @@
     [super finalize];
 }
 
+static NSString* uiName = nil;
+static NSString* uiBoldName = nil;
+
 + (AWTFont *) awtFontForName:(NSString *)name
                        style:(int)style
 {
     // create font with family & size
-    NSFont *nsFont = [NSFont fontWithName:name size:1.0];
+    NSFont *nsFont = nil;
+
+    if ((uiName != nil && [name isEqualTo:uiName]) ||
+        (uiBoldName != nil && [name isEqualTo:uiBoldName])) {
+        if (style & java_awt_Font_BOLD) {
+            nsFont = [NSFont boldSystemFontOfSize:1.0];
+        } else {
+            nsFont = [NSFont systemFontOfSize:1.0];
+        }
+#ifdef DEBUG
+        NSLog(@"nsFont-name is : %@", nsFont.familyName);
+        NSLog(@"nsFont-family is : %@", nsFont.fontName);
+        NSLog(@"nsFont-desc-name is : %@", nsFont.fontDescriptor.postscriptName);
+#endif
+
+
+    } else {
+           nsFont = [NSFont fontWithName:name size:1.0];
+    }
 
     if (nsFont == nil) {
         // if can't get font of that name, substitute system default font
@@ -193,7 +214,7 @@
     return [sFontFamilyTable objectForKey:fontname];
 }
 
-static void addFont(CTFontUIFontType uiType, 
+static void addFont(CTFontUIFontType uiType,
                     NSMutableArray *allFonts,
                     NSMutableDictionary* fontFamilyTable) {
 
@@ -219,6 +240,12 @@
             CFRelease(font);
             return;
         }
+        if (uiType == kCTFontUIFontSystem) {
+            uiName = (NSString*)name;
+        }
+        if (uiType == kCTFontUIFontEmphasizedSystem) {
+            uiBoldName = (NSString*)name;
+        }
         [allFonts addObject:name];
         [fontFamilyTable setObject:family forKey:name];
 #ifdef DEBUG
@@ -230,7 +257,7 @@
         CFRelease(desc);
         CFRelease(font);
 }
- 
+
 static NSArray*
 GetFilteredFonts()
 {
@@ -273,7 +300,6 @@
          */
         addFont(kCTFontUIFontSystem, allFonts, fontFamilyTable);
         addFont(kCTFontUIFontEmphasizedSystem, allFonts, fontFamilyTable);
-        addFont(kCTFontUIFontUserFixedPitch, allFonts, fontFamilyTable);
 
         sFilteredFonts = allFonts;
         sFontFamilyTable = fontFamilyTable;
@@ -661,7 +687,7 @@
         NSLog(@"Font is : %@", (NSString*)fontname);
 #endif
         jstring jFontName = (jstring)JNFNSToJavaString(env, fontname);
-        (*env)->CallBooleanMethod(env, arrayListOfString, addMID, jFontName); 
+        (*env)->CallBooleanMethod(env, arrayListOfString, addMID, jFontName);
         (*env)->DeleteLocalRef(env, jFontName);
     }
 }
--- a/src/share/classes/com/sun/java/swing/plaf/gtk/GTKPainter.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/com/sun/java/swing/plaf/gtk/GTKPainter.java	Mon Apr 19 04:23:30 2021 +0100
@@ -185,6 +185,21 @@
         }
     }
 
+    //This is workaround used to draw the highlight
+    // when the MENU or MenuItem is selected on some platforms
+    //This should be properly fixed by reading color from css
+    private void paintComponentBackground(SynthContext context,
+                                          Graphics g, int x, int y,
+                                          int w, int h) {
+        GTKStyle style = (GTKStyle) context.getStyle();
+        Color highlightColor =
+                style.getGTKColor(GTKEngine.WidgetType.TEXT_AREA.ordinal(),
+                GTKLookAndFeel.synthStateToGTKStateType(SynthConstants.SELECTED).ordinal(),
+                ColorType.BACKGROUND.getID());
+        g.setColor(highlightColor);
+        g.fillRect(x, y, w, h);
+    }
+
     //
     // RADIO_BUTTON_MENU_ITEM
     //
@@ -196,6 +211,10 @@
         int gtkState = GTKLookAndFeel.synthStateToGTKState(
                 id, context.getComponentState());
         if (gtkState == SynthConstants.MOUSE_OVER) {
+            if (GTKLookAndFeel.is3()) {
+                paintComponentBackground(context, g, x, y, w, h);
+                return;
+            }
             synchronized (UNIXToolkit.GTK_LOCK) {
                 if (! ENGINE.paintCachedImage(g, x, y, w, h, id)) {
                     ShadowType shadow = (GTKLookAndFeel.is2_2() ?
@@ -535,34 +554,6 @@
         }
     }
 
-    private int getBrightness(Color c) {
-        return Math.max(c.getRed(), Math.max(c.getGreen(), c.getBlue()));
-    }
-
-    private int getMaxColorDiff(Color c1, Color c2) {
-        return Math.max(Math.abs(c1.getRed() - c2.getRed()),
-                Math.max(Math.abs(c1.getGreen() - c2.getGreen()),
-                        Math.abs(c1.getBlue() - c2.getBlue())));
-    }
-
-    private int scaleColorComponent(int color, double scaleFactor) {
-        return (int)(color + color * scaleFactor);
-    }
-    private Color deriveColor(Color originalColor, int originalBrightness,
-                              int targetBrightness) {
-        int r, g, b;
-        if (originalBrightness == 0) {
-            r = g = b = targetBrightness;
-        } else {
-            double scaleFactor = (targetBrightness - originalBrightness)
-                    / originalBrightness    ;
-            r = scaleColorComponent(originalColor.getRed(), scaleFactor);
-            g = scaleColorComponent(originalColor.getGreen(), scaleFactor);
-            b = scaleColorComponent(originalColor.getBlue(), scaleFactor);
-        }
-        return new Color(r, g, b);
-    }
-
     //
     // MENU
     //
@@ -579,56 +570,9 @@
         int gtkState = GTKLookAndFeel.synthStateToGTKState(
                 context.getRegion(), context.getComponentState());
         if (gtkState == SynthConstants.MOUSE_OVER) {
-            if (GTKLookAndFeel.is3() && context.getRegion() == Region.MENU) {
-                GTKStyle style = (GTKStyle)context.getStyle();
-                Color highlightColor = style.getGTKColor(
-                        GTKEngine.WidgetType.MENU_ITEM.ordinal(),
-                        gtkState, ColorType.BACKGROUND.getID());
-                Color backgroundColor = style.getGTKColor(
-                        GTKEngine.WidgetType.MENU_BAR.ordinal(),
-                        SynthConstants.ENABLED, ColorType.BACKGROUND.getID());
-
-                int minBrightness = 0, maxBrightness = 255;
-                int minBrightnessDifference = 100;
-                int actualBrightnessDifference =
-                        getMaxColorDiff(highlightColor, backgroundColor);
-                if (actualBrightnessDifference < minBrightnessDifference) {
-                    int highlightBrightness =
-                            getBrightness(highlightColor);
-                    int backgroundBrightness =
-                            getBrightness(backgroundColor);
-                    int originalHighlightBrightness =
-                            highlightBrightness;
-                    if (highlightBrightness >= backgroundBrightness) {
-                        if (backgroundBrightness + minBrightnessDifference <=
-                                maxBrightness) {
-                            highlightBrightness =
-                                    backgroundBrightness +
-                                            minBrightnessDifference;
-                        } else {
-                            highlightBrightness =
-                                    backgroundBrightness -
-                                            minBrightnessDifference;
-                        }
-                    } else {
-                        if (backgroundBrightness - minBrightnessDifference >=
-                                minBrightness) {
-                            highlightBrightness =
-                                    backgroundBrightness -
-                                            minBrightnessDifference;
-                        } else {
-                            highlightBrightness =
-                                    backgroundBrightness +
-                                            minBrightnessDifference;
-                        }
-                    }
-
-                    g.setColor(deriveColor(highlightColor,
-                            originalHighlightBrightness,
-                            highlightBrightness));
-                    g.fillRect(x, y, w, h);
-                    return;
-                }
+            if (GTKLookAndFeel.is3()) {
+                paintComponentBackground(context, g, x, y, w, h);
+                return;
             }
             Region id = Region.MENU_ITEM;
             synchronized (UNIXToolkit.GTK_LOCK) {
--- a/src/share/classes/com/sun/media/sound/ModelByteBuffer.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/com/sun/media/sound/ModelByteBuffer.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,11 +190,13 @@
 
     public void writeTo(OutputStream out) throws IOException {
         if (root.file != null && root.buffer == null) {
-            InputStream is = getInputStream();
-            byte[] buff = new byte[1024];
-            int ret;
-            while ((ret = is.read(buff)) != -1)
-                out.write(buff, 0, ret);
+            try (InputStream is = getInputStream()) {
+                byte[] buff = new byte[1024];
+                int ret;
+                while ((ret = is.read(buff)) != -1) {
+                    out.write(buff, 0, ret);
+                }
+            }
         } else
             out.write(array(), (int) arrayOffset(), (int) capacity());
     }
--- a/src/share/classes/java/lang/ClassValue.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/java/lang/ClassValue.java	Mon Apr 19 04:23:30 2021 +0100
@@ -30,6 +30,8 @@
 import java.lang.ref.WeakReference;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import sun.misc.Unsafe;
+
 import static java.lang.ClassValue.ClassValueMap.probeHomeLocation;
 import static java.lang.ClassValue.ClassValueMap.probeBackupLocations;
 
@@ -370,15 +372,25 @@
     }
 
     private static final Object CRITICAL_SECTION = new Object();
+    private static final Unsafe UNSAFE = Unsafe.getUnsafe();
     private static ClassValueMap initializeMap(Class<?> type) {
         ClassValueMap map;
         synchronized (CRITICAL_SECTION) {  // private object to avoid deadlocks
             // happens about once per type
-            if ((map = type.classValueMap) == null)
-                type.classValueMap = map = new ClassValueMap(type);
+            if ((map = type.classValueMap) == null) {
+                map = new ClassValueMap(type);
+                // Place a Store fence after construction and before publishing to emulate
+                // ClassValueMap containing final fields. This ensures it can be
+                // published safely in the non-volatile field Class.classValueMap,
+                // since stores to the fields of ClassValueMap will not be reordered
+                // to occur after the store to the field type.classValueMap
+                UNSAFE.storeFence();
+
+                type.classValueMap = map;
+            }
         }
-            return map;
-        }
+        return map;
+    }
 
     static <T> Entry<T> makeEntry(Version<T> explicitVersion, T value) {
         // Note that explicitVersion might be different from this.version.
--- a/src/share/classes/javax/imageio/metadata/IIOMetadataNode.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/javax/imageio/metadata/IIOMetadataNode.java	Mon Apr 19 04:23:30 2021 +0100
@@ -121,7 +121,7 @@
     }
 
     public Node item(int index) {
-        if (index < 0 || index > nodes.size()) {
+        if (index < 0 || index >= nodes.size()) {
             return null;
         }
         return (Node)nodes.get(index);
@@ -878,7 +878,7 @@
     }
 
     private void getElementsByTagName(String name, List l) {
-        if (nodeName.equals(name)) {
+        if (nodeName.equals(name) || "*".equals(name)) {
             l.add(this);
         }
 
--- a/src/share/classes/javax/swing/plaf/basic/BasicComboBoxUI.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/javax/swing/plaf/basic/BasicComboBoxUI.java	Mon Apr 19 04:23:30 2021 +0100
@@ -952,7 +952,7 @@
         getDisplaySize();
         if (sameBaseline) {
             Insets insets = c.getInsets();
-            height = height - insets.top - insets.bottom;
+            height = Math.max(height - insets.top - insets.bottom, 0);
             if (!comboBox.isEditable()) {
                 ListCellRenderer renderer = comboBox.getRenderer();
                 if (renderer == null)  {
--- a/src/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -93,10 +93,16 @@
      */
     public void setNewClient (URL url, boolean useCache)
         throws IOException {
+        int readTimeout = getReadTimeout();
         http = HttpsClient.New (getSSLSocketFactory(),
                                 url,
                                 getHostnameVerifier(),
-                                useCache, this);
+                                null,
+                                -1,
+                                useCache,
+                                getConnectTimeout(),
+                                this);
+        http.setReadTimeout(readTimeout);
         ((HttpsClient)http).afterConnect();
     }
 
@@ -146,10 +152,16 @@
             boolean useCache) throws IOException {
         if (connected)
             return;
+        int readTimeout = getReadTimeout();
         http = HttpsClient.New (getSSLSocketFactory(),
                                 url,
                                 getHostnameVerifier(),
-                                proxyHost, proxyPort, useCache, this);
+                                proxyHost,
+                                proxyPort,
+                                useCache,
+                                getConnectTimeout(),
+                                this);
+        http.setReadTimeout(readTimeout);
         connected = true;
     }
 
--- a/src/share/classes/sun/security/ec/CurveDB.java	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,728 +0,0 @@
-/*
- * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.math.BigInteger;
-
-import java.security.spec.*;
-
-import java.util.*;
-import java.util.regex.Pattern;
-
-import sun.security.util.ECUtil;
-
-/**
- * Repository for well-known Elliptic Curve parameters. It is used by both
- * the SunPKCS11 and SunJSSE code.
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-public class CurveDB {
-    private final static int P  = 1; // prime curve
-    private final static int B  = 2; // binary curve
-    private final static int PD = 5; // prime curve, mark as default
-    private final static int BD = 6; // binary curve, mark as default
-
-    private static final Map<String,NamedCurve> oidMap =
-        new LinkedHashMap<String,NamedCurve>();
-    private static final Map<String,NamedCurve> nameMap =
-        new HashMap<String,NamedCurve>();
-    private static final Map<Integer,NamedCurve> lengthMap =
-        new HashMap<Integer,NamedCurve>();
-
-    private static Collection<? extends NamedCurve> specCollection;
-
-    static final String SPLIT_PATTERN = ",|\\[|\\]";
-
-    // Used by SunECEntries
-    static Collection<? extends NamedCurve>getSupportedCurves() {
-        return specCollection;
-    }
-
-    // Return a NamedCurve for the specified OID/name or null if unknown.
-    static NamedCurve lookup(String name) {
-        NamedCurve spec = oidMap.get(name);
-        if (spec != null) {
-            return spec;
-        }
-
-        return nameMap.get(name);
-    }
-
-    // Return EC parameters for the specified field size. If there are known
-    // NIST recommended parameters for the given length, they are returned.
-    // Otherwise, if there are multiple matches for the given size, an
-    // arbitrary one is returns.
-    // If no parameters are known, the method returns null.
-    // NOTE that this method returns both prime and binary curves.
-    static NamedCurve lookup(int length) {
-        return lengthMap.get(length);
-    }
-
-    // Convert the given ECParameterSpec object to a NamedCurve object.
-    // If params does not represent a known named curve, return null.
-    static NamedCurve lookup(ECParameterSpec params) {
-        if ((params instanceof NamedCurve) || (params == null)) {
-            return (NamedCurve)params;
-        }
-
-        // This is a hack to allow SunJSSE to work with 3rd party crypto
-        // providers for ECC and not just SunPKCS11.
-        // This can go away once we decide how to expose curve names in the
-        // public API.
-        // Note that it assumes that the 3rd party provider encodes named
-        // curves using the short form, not explicitly. If it did that, then
-        // the SunJSSE TLS ECC extensions are wrong, which could lead to
-        // interoperability problems.
-        int fieldSize = params.getCurve().getField().getFieldSize();
-        for (NamedCurve namedCurve : specCollection) {
-            // ECParameterSpec does not define equals, so check all the
-            // components ourselves.
-            // Quick field size check first
-            if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
-                continue;
-            }
-            if (ECUtil.equals(namedCurve, params)) {
-                // everything matches our named curve, return it
-                return namedCurve;
-            }
-        }
-        // no match found
-        return null;
-    }
-
-    private static BigInteger bi(String s) {
-        return new BigInteger(s, 16);
-    }
-
-    private static void add(String name, String soid, int type, String sfield,
-            String a, String b, String x, String y, String n, int h,
-            Pattern nameSplitPattern) {
-        BigInteger p = bi(sfield);
-        ECField field;
-        if ((type == P) || (type == PD)) {
-            field = new ECFieldFp(p);
-        } else if ((type == B) || (type == BD)) {
-            field = new ECFieldF2m(p.bitLength() - 1, p);
-        } else {
-            throw new RuntimeException("Invalid type: " + type);
-        }
-
-        EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
-        ECPoint g = new ECPoint(bi(x), bi(y));
-
-        NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
-        if (oidMap.put(soid, params) != null) {
-            throw new RuntimeException("Duplication oid: " + soid);
-        }
-
-        String[] commonNames = nameSplitPattern.split(name);
-        for (String commonName : commonNames) {
-            if (nameMap.put(commonName.trim(), params) != null) {
-                throw new RuntimeException("Duplication name: " + commonName);
-            }
-        }
-
-        int len = field.getFieldSize();
-        if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) {
-            // add entry if none present for this field size or if
-            // the curve is marked as a default curve.
-            lengthMap.put(len, params);
-        }
-    }
-
-    static {
-        Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
-
-        /* SEC2 prime curves */
-        add("secp112r1", "1.3.132.0.6", P,
-            "DB7C2ABF62E35E668076BEAD208B",
-            "DB7C2ABF62E35E668076BEAD2088",
-            "659EF8BA043916EEDE8911702B22",
-            "09487239995A5EE76B55F9C2F098",
-            "A89CE5AF8724C0A23E0E0FF77500",
-            "DB7C2ABF62E35E7628DFAC6561C5",
-            1, nameSplitPattern);
-
-        add("secp112r2", "1.3.132.0.7", P,
-            "DB7C2ABF62E35E668076BEAD208B",
-            "6127C24C05F38A0AAAF65C0EF02C",
-            "51DEF1815DB5ED74FCC34C85D709",
-            "4BA30AB5E892B4E1649DD0928643",
-            "adcd46f5882e3747def36e956e97",
-            "36DF0AAFD8B8D7597CA10520D04B",
-            4, nameSplitPattern);
-
-        add("secp128r1", "1.3.132.0.28", P,
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
-            "E87579C11079F43DD824993C2CEE5ED3",
-            "161FF7528B899B2D0C28607CA52C5B86",
-            "CF5AC8395BAFEB13C02DA292DDED7A83",
-            "FFFFFFFE0000000075A30D1B9038A115",
-            1, nameSplitPattern);
-
-        add("secp128r2", "1.3.132.0.29", P,
-            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-            "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
-            "5EEEFCA380D02919DC2C6558BB6D8A5D",
-            "7B6AA5D85E572983E6FB32A7CDEBC140",
-            "27B6916A894D3AEE7106FE805FC34B44",
-            "3FFFFFFF7FFFFFFFBE0024720613B5A3",
-            4, nameSplitPattern);
-
-        add("secp160k1", "1.3.132.0.9", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-            "0000000000000000000000000000000000000000",
-            "0000000000000000000000000000000000000007",
-            "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
-            "938CF935318FDCED6BC28286531733C3F03C4FEE",
-            "0100000000000000000001B8FA16DFAB9ACA16B6B3",
-            1, nameSplitPattern);
-
-        add("secp160r1", "1.3.132.0.8", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
-            "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
-            "4A96B5688EF573284664698968C38BB913CBFC82",
-            "23A628553168947D59DCC912042351377AC5FB32",
-            "0100000000000000000001F4C8F927AED3CA752257",
-            1, nameSplitPattern);
-
-        add("secp160r2", "1.3.132.0.30", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
-            "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
-            "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
-            "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
-            "0100000000000000000000351EE786A818F3A1A16B",
-            1, nameSplitPattern);
-
-        add("secp192k1", "1.3.132.0.31", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
-            "000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000003",
-            "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
-            "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
-            "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
-            1, nameSplitPattern);
-
-        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
-            "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
-            "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
-            "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
-            1, nameSplitPattern);
-
-        add("secp224k1", "1.3.132.0.32", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
-            "00000000000000000000000000000000000000000000000000000000",
-            "00000000000000000000000000000000000000000000000000000005",
-            "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
-            "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
-            "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
-            1, nameSplitPattern);
-
-        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-            "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-            "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-            "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
-            1, nameSplitPattern);
-
-        add("secp256k1", "1.3.132.0.10", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
-            "0000000000000000000000000000000000000000000000000000000000000000",
-            "0000000000000000000000000000000000000000000000000000000000000007",
-            "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
-            "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
-            1, nameSplitPattern);
-
-        add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
-            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
-            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
-            "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
-            "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
-            "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
-            "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
-            1, nameSplitPattern);
-
-        add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
-            "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
-            "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
-            "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
-            1, nameSplitPattern);
-
-        add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
-            "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
-            "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
-            "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
-            1, nameSplitPattern);
-
-        /* ANSI X9.62 prime curves */
-        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
-            "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
-            "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
-            "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
-            1, nameSplitPattern);
-
-        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-            "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
-            "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
-            "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
-            "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
-            "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
-            "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
-            "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
-            "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
-            "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
-            1, nameSplitPattern);
-
-        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-            "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
-            "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
-            "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
-            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
-            1, nameSplitPattern);
-
-        /* SEC2 binary curves */
-        add("sect113r1", "1.3.132.0.4", B,
-            "020000000000000000000000000201",
-            "003088250CA6E7C7FE649CE85820F7",
-            "00E8BEE4D3E2260744188BE0E9C723",
-            "009D73616F35F4AB1407D73562C10F",
-            "00A52830277958EE84D1315ED31886",
-            "0100000000000000D9CCEC8A39E56F",
-            2, nameSplitPattern);
-
-        add("sect113r2", "1.3.132.0.5", B,
-            "020000000000000000000000000201",
-            "00689918DBEC7E5A0DD6DFC0AA55C7",
-            "0095E9A9EC9B297BD4BF36E059184F",
-            "01A57A6A7B26CA5EF52FCDB8164797",
-            "00B3ADC94ED1FE674C06E695BABA1D",
-            "010000000000000108789B2496AF93",
-            2, nameSplitPattern);
-
-        add("sect131r1", "1.3.132.0.22", B,
-            "080000000000000000000000000000010D",
-            "07A11B09A76B562144418FF3FF8C2570B8",
-            "0217C05610884B63B9C6C7291678F9D341",
-            "0081BAF91FDF9833C40F9C181343638399",
-            "078C6E7EA38C001F73C8134B1B4EF9E150",
-            "0400000000000000023123953A9464B54D",
-            2, nameSplitPattern);
-
-        add("sect131r2", "1.3.132.0.23", B,
-            "080000000000000000000000000000010D",
-            "03E5A88919D7CAFCBF415F07C2176573B2",
-            "04B8266A46C55657AC734CE38F018F2192",
-            "0356DCD8F2F95031AD652D23951BB366A8",
-            "0648F06D867940A5366D9E265DE9EB240F",
-            "0400000000000000016954A233049BA98F",
-            2, nameSplitPattern);
-
-        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
-            "0800000000000000000000000000000000000000C9",
-            "000000000000000000000000000000000000000001",
-            "000000000000000000000000000000000000000001",
-            "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-            "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-            "04000000000000000000020108A2E0CC0D99F8A5EF",
-            2, nameSplitPattern);
-
-        add("sect163r1", "1.3.132.0.2", B,
-            "0800000000000000000000000000000000000000C9",
-            "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
-            "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
-            "0369979697AB43897789566789567F787A7876A654",
-            "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
-            "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
-            2, nameSplitPattern);
-
-        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
-            "0800000000000000000000000000000000000000C9",
-            "000000000000000000000000000000000000000001",
-            "020A601907B8C953CA1481EB10512F78744A3205FD",
-            "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-            "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-            "040000000000000000000292FE77E70C12A4234C33",
-            2, nameSplitPattern);
-
-        add("sect193r1", "1.3.132.0.24", B,
-            "02000000000000000000000000000000000000000000008001",
-            "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
-            "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
-            "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
-            "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
-            "01000000000000000000000000C7F34A778F443ACC920EBA49",
-            2, nameSplitPattern);
-
-        add("sect193r2", "1.3.132.0.25", B,
-            "02000000000000000000000000000000000000000000008001",
-            "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
-            "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
-            "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
-            "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
-            "010000000000000000000000015AAB561B005413CCD4EE99D5",
-            2, nameSplitPattern);
-
-        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
-            "020000000000000000000000000000000000000004000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-            "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-            "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-            4, nameSplitPattern);
-
-        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
-            "020000000000000000000000000000000000000004000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-            "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-            "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-            "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-            2, nameSplitPattern);
-
-        add("sect239k1", "1.3.132.0.3", B,
-            "800000000000000000004000000000000000000000000000000000000001",
-            "000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000001",
-            "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
-            "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
-            "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
-            4, nameSplitPattern);
-
-        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-            "000000000000000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
-            "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
-            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-            4, nameSplitPattern);
-
-        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
-            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-            "000000000000000000000000000000000000000000000000000000000000000000000001",
-            "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
-            "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
-            "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-            2, nameSplitPattern);
-
-        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
-            "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
-            "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-            4, nameSplitPattern);
-
-        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
-            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
-            "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
-            "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
-            "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-            2, nameSplitPattern);
-
-        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
-            "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
-            "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-            4, nameSplitPattern);
-
-        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
-            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-            "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
-            "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
-            "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
-            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-            2, nameSplitPattern);
-
-        /* ANSI X9.62 binary curves */
-        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
-            "800000000000000000000000000000000000000000000201",
-            "2866537B676752636A68F56554E12640276B649EF7526267",
-            "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
-            "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
-            "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
-            "40000000000000000000000004A20E90C39067C893BBB9A5",
-            2, nameSplitPattern);
-
-        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
-            "800000000000000000000000000000000000000000000201",
-            "401028774D7777C7B7666D1366EA432071274F89FF01E718",
-            "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
-            "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
-            "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
-            "20000000000000000000000050508CB89F652824E06B8173",
-            4, nameSplitPattern);
-
-        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
-            "800000000000000000000000000000000000000000000201",
-            "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
-            "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
-            "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
-            "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
-            "155555555555555555555555610C0B196812BFB6288A3EA3",
-            6, nameSplitPattern);
-
-        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
-            "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
-            "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
-            "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
-            "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
-            4, nameSplitPattern);
-
-        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
-            "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
-            "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
-            "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
-            "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
-            6, nameSplitPattern);
-
-        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
-            "800000000000000000000000000000000000000000000000001000000001",
-            "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
-            "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
-            "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
-            "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
-            "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
-            0xA, nameSplitPattern);
-
-        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
-            "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
-            "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
-            "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
-            "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
-            "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
-            "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
-            0x4C, nameSplitPattern);
-
-        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
-            "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
-            "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
-            "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
-            "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
-            "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
-            "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
-            0x2760, nameSplitPattern);
-
-        /* ANSI X9.62 binary curves from the 1998 standard but forbidden
-         * in the 2005 version of the standard.
-         * We don't register them but leave them here for the time being in
-         * case we need to support them after all.
-         */
-/*
-        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
-            "080000000000000000000000000000000000000107",
-            "072546B5435234A422E0789675F432C89435DE5242",
-            "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
-            "07AF69989546103D79329FCC3D74880F33BBE803CB",
-            "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
-            "0400000000000000000001E60FC8821CC74DAEAFC1",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
-            "080000000000000000000000000000000000000107",
-            "0108B39E77C4B108BED981ED0E890E117C511CF072",
-            "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
-            "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
-            "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
-            "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
-            "080000000000000000000000000000000000000107",
-            "07A526C63D3E25A256A007699F5447E32AE456B50E",
-            "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
-            "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
-            "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
-            "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
-            2, nameSplitPattern);
-
-        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
-            "0100000000000000000000000000000000080000000007",
-            "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
-            "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
-            "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
-            "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
-            "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
-            0xFF6E, nameSplitPattern);
-
-        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
-            "010000000000000000000000000000000800000000000000000007",
-            "0000000000000000000000000000000000000000000000000000",
-            "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
-            "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
-            "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
-            "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
-            0xFE48, nameSplitPattern);
-
-        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
-            "010000000000000000000000000000000000000000000000000000010000000000000B",
-            "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
-            "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
-            "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
-            "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
-            "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
-            0xFF06, nameSplitPattern);
-
-        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
-            "010000000000000000000000000000000000000000000000000000000000000000000000000807",
-            "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
-            "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
-            "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
-            "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
-            "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
-            0xFE2E, nameSplitPattern);
-
-        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
-            "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
-            "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
-            "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
-            "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
-            "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
-            "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
-            0xFF70, nameSplitPattern);
-*/
-
-        /*
-         * Brainpool curves (RFC 5639)
-         * (Twisted curves are not included)
-         */
-
-        add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
-            "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
-            "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
-            "1E589A8595423412134FAA2DBDEC95C8D8675E58",
-            "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
-            "1667CB477A1A8EC338F94741669C976316DA6321",
-            "E95E4A5F737059DC60DF5991D45029409E60FC09",
-            1, nameSplitPattern);
-
-        add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
-            "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
-            "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
-            "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
-            "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
-            "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
-            "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
-            1, nameSplitPattern);
-
-        add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
-            "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
-            "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
-            "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
-            "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
-            "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
-            "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
-            1, nameSplitPattern);
-
-        add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
-            "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
-            "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
-            "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
-            "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
-            "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
-            "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
-            1, nameSplitPattern);
-
-        add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
-            "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
-            "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
-            "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
-            "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
-            "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
-            "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
-            1, nameSplitPattern);
-
-        add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
-            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
-            "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
-            "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
-            "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
-            "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
-            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
-            1, nameSplitPattern);
-
-        add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
-            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
-            "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
-            "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
-            "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
-            "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
-            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
-            1, nameSplitPattern);
-
-        specCollection = Collections.unmodifiableCollection(oidMap.values());
-    }
-}
--- a/src/share/classes/sun/security/ec/ECKeyPairGenerator.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ec/ECKeyPairGenerator.java	Mon Apr 19 04:23:30 2021 +0100
@@ -35,7 +35,6 @@
 import java.security.spec.InvalidParameterSpecException;
 import java.util.Optional;
 
-import sun.security.ec.NamedCurve;
 import sun.security.jca.JCAUtil;
 import sun.security.util.ECUtil;
 import sun.security.util.math.*;
--- a/src/share/classes/sun/security/ec/ECParameters.java	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.io.IOException;
-
-import java.security.*;
-import java.security.spec.*;
-
-import sun.security.util.*;
-
-/**
- * This class implements encoding and decoding of Elliptic Curve parameters
- * as specified in RFC 3279.
- *
- * However, only named curves are currently supported.
- *
- * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional
- * options.
- *
- * <pre>
- *    EcpkParameters ::= CHOICE {
- *      ecParameters  ECParameters,
- *      namedCurve    OBJECT IDENTIFIER,
- *      implicitlyCA  NULL }
- *
- *    ECParameters ::= SEQUENCE {
- *       version   ECPVer,          -- version is always 1
- *       fieldID   FieldID,         -- identifies the finite field over
- *                                  -- which the curve is defined
- *       curve     Curve,           -- coefficients a and b of the
- *                                  -- elliptic curve
- *       base      ECPoint,         -- specifies the base point P
- *                                  -- on the elliptic curve
- *       order     INTEGER,         -- the order n of the base point
- *       cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
- *       }
- *
- *    ECPVer ::= INTEGER {ecpVer1(1)}
- *
- *    Curve ::= SEQUENCE {
- *       a         FieldElement,
- *       b         FieldElement,
- *       seed      BIT STRING OPTIONAL }
- *
- *    FieldElement ::= OCTET STRING
- *
- *    ECPoint ::= OCTET STRING
- * </pre>
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-public final class ECParameters extends AlgorithmParametersSpi {
-
-    // used by ECPublicKeyImpl and ECPrivateKeyImpl
-    static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec)
-            throws InvalidKeyException {
-        try {
-            AlgorithmParameters params =
-                AlgorithmParameters.getInstance("EC", "SunEC");
-            params.init(spec);
-            return params;
-        } catch (GeneralSecurityException e) {
-            throw new InvalidKeyException("EC parameters error", e);
-        }
-    }
-
-    /*
-     * The parameters these AlgorithmParameters object represents.
-     * Currently, it is always an instance of NamedCurve.
-     */
-    private NamedCurve namedCurve;
-
-    // A public constructor is required by AlgorithmParameters class.
-    public ECParameters() {
-        // empty
-    }
-
-    // AlgorithmParameterSpi methods
-
-    protected void engineInit(AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException {
-
-        if (paramSpec == null) {
-            throw new InvalidParameterSpecException
-                ("paramSpec must not be null");
-        }
-
-        if (paramSpec instanceof NamedCurve) {
-            namedCurve = (NamedCurve)paramSpec;
-            return;
-        }
-
-        if (paramSpec instanceof ECParameterSpec) {
-            namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec);
-        } else if (paramSpec instanceof ECGenParameterSpec) {
-            String name = ((ECGenParameterSpec)paramSpec).getName();
-            namedCurve = CurveDB.lookup(name);
-        } else if (paramSpec instanceof ECKeySizeParameterSpec) {
-            int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize();
-            namedCurve = CurveDB.lookup(keySize);
-        } else {
-            throw new InvalidParameterSpecException
-                ("Only ECParameterSpec and ECGenParameterSpec supported");
-        }
-
-        if (namedCurve == null) {
-            throw new InvalidParameterSpecException(
-                "Not a supported curve: " + paramSpec);
-        }
-    }
-
-    protected void engineInit(byte[] params) throws IOException {
-        DerValue encodedParams = new DerValue(params);
-        if (encodedParams.tag == DerValue.tag_ObjectId) {
-            ObjectIdentifier oid = encodedParams.getOID();
-            NamedCurve spec = CurveDB.lookup(oid.toString());
-            if (spec == null) {
-                throw new IOException("Unknown named curve: " + oid);
-            }
-
-            namedCurve = spec;
-            return;
-        }
-
-        throw new IOException("Only named ECParameters supported");
-
-        // The code below is incomplete.
-        // It is left as a starting point for a complete parsing implementation.
-
-/*
-        if (encodedParams.tag != DerValue.tag_Sequence) {
-            throw new IOException("Unsupported EC parameters, tag: " +
-                encodedParams.tag);
-        }
-
-        encodedParams.data.reset();
-
-        DerInputStream in = encodedParams.data;
-
-        int version = in.getInteger();
-        if (version != 1) {
-            throw new IOException("Unsupported EC parameters version: " +
-               version);
-        }
-        ECField field = parseField(in);
-        EllipticCurve curve = parseCurve(in, field);
-        ECPoint point = parsePoint(in, curve);
-
-        BigInteger order = in.getBigInteger();
-        int cofactor = 0;
-
-        if (in.available() != 0) {
-            cofactor = in.getInteger();
-        }
-
-        // XXX HashAlgorithm optional
-
-        if (encodedParams.data.available() != 0) {
-            throw new IOException("encoded params have " +
-                                  encodedParams.data.available() +
-                                  " extra bytes");
-        }
-
-        return new ECParameterSpec(curve, point, order, cofactor);
-*/
-    }
-
-    protected void engineInit(byte[] params, String decodingMethod)
-            throws IOException {
-        engineInit(params);
-    }
-
-    protected <T extends AlgorithmParameterSpec> T
-            engineGetParameterSpec(Class<T> spec)
-            throws InvalidParameterSpecException {
-
-        if (spec.isAssignableFrom(ECParameterSpec.class)) {
-            return spec.cast(namedCurve);
-        }
-
-        if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
-            // Ensure the name is the Object ID
-            String name = namedCurve.getObjectId();
-            return spec.cast(new ECGenParameterSpec(name));
-        }
-
-        if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) {
-            int keySize = namedCurve.getCurve().getField().getFieldSize();
-            return spec.cast(new ECKeySizeParameterSpec(keySize));
-        }
-
-        throw new InvalidParameterSpecException(
-            "Only ECParameterSpec and ECGenParameterSpec supported");
-    }
-
-    protected byte[] engineGetEncoded() throws IOException {
-        return namedCurve.getEncoded();
-    }
-
-    protected byte[] engineGetEncoded(String encodingMethod)
-            throws IOException {
-        return engineGetEncoded();
-    }
-
-    protected String engineToString() {
-        if (namedCurve == null) {
-            return "Not initialized";
-        }
-
-        return namedCurve.toString();
-    }
-}
-
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Mon Apr 19 04:23:30 2021 +0100
@@ -32,7 +32,12 @@
 import java.security.interfaces.*;
 import java.security.spec.*;
 
-import sun.security.util.*;
+import sun.security.util.ArrayUtil;
+import sun.security.util.DerInputStream;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.util.ECParameters;
+import sun.security.util.ECUtil;
 import sun.security.x509.AlgorithmId;
 import sun.security.pkcs.PKCS8Key;
 
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Mon Apr 19 04:23:30 2021 +0100
@@ -31,7 +31,9 @@
 import java.security.interfaces.*;
 import java.security.spec.*;
 
-import sun.security.util.*;
+import sun.security.util.ECParameters;
+import sun.security.util.ECUtil;
+
 import sun.security.x509.*;
 
 /**
--- a/src/share/classes/sun/security/ec/NamedCurve.java	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import java.security.spec.*;
-
-import sun.security.util.DerOutputStream;
-import sun.security.util.ObjectIdentifier;
-
-
-/**
- * Contains Elliptic Curve parameters.
- *
- * @since   1.6
- * @author  Andreas Sterbenz
- */
-class NamedCurve extends ECParameterSpec {
-
-    // friendly name for toString() output
-    private final String name;
-
-    // well known OID
-    private final String oid;
-
-    // encoded form (as NamedCurve identified via OID)
-    private final byte[] encoded;
-
-    NamedCurve(String name, String oid, EllipticCurve curve,
-            ECPoint g, BigInteger n, int h) {
-        super(curve, g, n, h);
-        this.name = name;
-        this.oid = oid;
-
-        DerOutputStream out = new DerOutputStream();
-
-        try {
-            out.putOID(new ObjectIdentifier(oid));
-        } catch (IOException e) {
-            throw new RuntimeException("Internal error", e);
-        }
-
-        encoded = out.toByteArray();
-    }
-
-    String getName() {
-        return name;
-    }
-
-    byte[] getEncoded() {
-        return encoded.clone();
-    }
-
-    String getObjectId() {
-        return oid;
-    }
-
-    public String toString() {
-        return name + " (" + oid + ")";
-    }
-}
--- a/src/share/classes/sun/security/ec/SunECEntries.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ec/SunECEntries.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@
 import java.util.Map;
 
 import java.util.regex.Pattern;
+import sun.security.util.CurveDB;
+import sun.security.util.NamedCurve;
 
 /**
  * Defines the entries of the SunEC provider.
@@ -55,7 +57,7 @@
         /*
          * Algorithm Parameter engine
          */
-        map.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters");
+        map.put("AlgorithmParameters.EC", "sun.security.util.ECParameters");
         map.put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC");
         map.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC");
 
--- a/src/share/classes/sun/security/krb5/Config.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/krb5/Config.java	Mon Apr 19 04:23:30 2021 +0100
@@ -146,8 +146,10 @@
      * java.security.krb5.kdc not specified, error reading configuration file.
      */
 
-    public static synchronized void refresh() throws KrbException {
-        singleton = new Config();
+    public static void refresh() throws KrbException {
+        synchronized (Config.class) {
+            singleton = new Config();
+        }
         KdcComm.initStatic();
         EType.initStatic();
         Checksum.initStatic();
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java	Mon Apr 19 04:23:30 2021 +0100
@@ -165,7 +165,7 @@
                 String service, Credentials ccreds)
             throws KrbException, IOException {
         PrincipalName sname = new PrincipalName(service,
-                PrincipalName.KRB_NT_SRV_HST);
+                PrincipalName.KRB_NT_UNKNOWN);
         return serviceCreds(sname, ccreds);
     }
 
--- a/src/share/classes/sun/security/pkcs11/P11AEADCipher.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11AEADCipher.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -347,6 +347,13 @@
                         0, buffer, 0, bufLen);
             }
         } catch (PKCS11Exception e) {
+            if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
+                // Cancel Operation may be invoked after an error on a PKCS#11
+                // call. If the operation inside the token was already cancelled,
+                // do not fail here. This is part of a defensive mechanism for
+                // PKCS#11 libraries that do not strictly follow the standard.
+                return;
+            }
             if (encrypt) {
                 throw new ProviderException("Cancel failed", e);
             }
@@ -614,6 +621,12 @@
             }
             return k;
         } catch (PKCS11Exception e) {
+            // As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only
+            // keep the operation active on CKR_BUFFER_TOO_SMALL errors or
+            // successful calls to determine the output length. However,
+            // these cases are not expected here because the output length
+            // is checked in the OpenJDK side before making the PKCS#11 call.
+            // Thus, doCancel can safely be 'false'.
             doCancel = false;
             handleException(e);
             throw new ProviderException("doFinal() failed", e);
@@ -700,6 +713,12 @@
             outBuffer.position(outBuffer.position() + k);
             return k;
         } catch (PKCS11Exception e) {
+            // As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only
+            // keep the operation active on CKR_BUFFER_TOO_SMALL errors or
+            // successful calls to determine the output length. However,
+            // these cases are not expected here because the output length
+            // is checked in the OpenJDK side before making the PKCS#11 call.
+            // Thus, doCancel can safely be 'false'.
             doCancel = false;
             handleException(e);
             throw new ProviderException("doFinal() failed", e);
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -439,6 +439,13 @@
                 token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen);
             }
         } catch (PKCS11Exception e) {
+            if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
+                // Cancel Operation may be invoked after an error on a PKCS#11
+                // call. If the operation inside the token was already cancelled,
+                // do not fail here. This is part of a defensive mechanism for
+                // PKCS#11 libraries that do not strictly follow the standard.
+                return;
+            }
             if (encrypt) {
                 throw new ProviderException("Cancel failed", e);
             }
@@ -628,7 +635,11 @@
                 throw (ShortBufferException)
                         (new ShortBufferException().initCause(e));
             }
-            reset(false);
+            // Some implementations such as the NSS Software Token do not
+            // cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate
+            // failure (as required by the PKCS#11 standard). See JDK-8258833
+            // for further information.
+            reset(true);
             throw new ProviderException("update() failed", e);
         }
     }
@@ -746,7 +757,11 @@
                 throw (ShortBufferException)
                         (new ShortBufferException().initCause(e));
             }
-            reset(false);
+            // Some implementations such as the NSS Software Token do not
+            // cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate
+            // failure (as required by the PKCS#11 standard). See JDK-8258833
+            // for further information.
+            reset(true);
             throw new ProviderException("update() failed", e);
         }
     }
@@ -770,9 +785,14 @@
                             0, padBuffer, 0, actualPadLen,
                             0, out, outOfs, outLen);
                 }
+                // Some implementations such as the NSS Software Token do not
+                // cancel the operation upon a C_EncryptUpdate failure (as
+                // required by the PKCS#11 standard). Cancel is not needed
+                // only after this point. See JDK-8258833 for further
+                // information.
+                doCancel = false;
                 k += token.p11.C_EncryptFinal(session.id(),
                         0, out, (outOfs + k), (outLen - k));
-                doCancel = false;
             } else {
                 // Special handling to match SunJCE provider behavior
                 if (bytesBuffered == 0 && padBufferLen == 0) {
@@ -784,22 +804,26 @@
                                 padBuffer, 0, padBufferLen, 0, padBuffer, 0,
                                 padBuffer.length);
                     }
+                    // Some implementations such as the NSS Software Token do not
+                    // cancel the operation upon a C_DecryptUpdate failure (as
+                    // required by the PKCS#11 standard). Cancel is not needed
+                    // only after this point. See JDK-8258833 for further
+                    // information.
+                    doCancel = false;
                     k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k,
                             padBuffer.length - k);
-                    doCancel = false;
 
                     int actualPadLen = paddingObj.unpad(padBuffer, k);
                     k -= actualPadLen;
                     System.arraycopy(padBuffer, 0, out, outOfs, k);
                 } else {
+                    doCancel = false;
                     k = token.p11.C_DecryptFinal(session.id(), 0, out, outOfs,
                             outLen);
-                    doCancel = false;
                 }
             }
             return k;
         } catch (PKCS11Exception e) {
-            doCancel = false;
             handleException(e);
             throw new ProviderException("doFinal() failed", e);
         } finally {
@@ -845,9 +869,14 @@
                             0, padBuffer, 0, actualPadLen,
                             outAddr, outArray, outOfs, outLen);
                 }
+                // Some implementations such as the NSS Software Token do not
+                // cancel the operation upon a C_EncryptUpdate failure (as
+                // required by the PKCS#11 standard). Cancel is not needed
+                // only after this point. See JDK-8258833 for further
+                // information.
+                doCancel = false;
                 k += token.p11.C_EncryptFinal(session.id(),
                         outAddr, outArray, (outOfs + k), (outLen - k));
-                doCancel = false;
             } else {
                 // Special handling to match SunJCE provider behavior
                 if (bytesBuffered == 0 && padBufferLen == 0) {
@@ -861,18 +890,23 @@
                                 0, padBuffer, 0, padBuffer.length);
                         padBufferLen = 0;
                     }
+                    // Some implementations such as the NSS Software Token do not
+                    // cancel the operation upon a C_DecryptUpdate failure (as
+                    // required by the PKCS#11 standard). Cancel is not needed
+                    // only after this point. See JDK-8258833 for further
+                    // information.
+                    doCancel = false;
                     k += token.p11.C_DecryptFinal(session.id(),
                             0, padBuffer, k, padBuffer.length - k);
-                    doCancel = false;
 
                     int actualPadLen = paddingObj.unpad(padBuffer, k);
                     k -= actualPadLen;
                     outArray = padBuffer;
                     outOfs = 0;
                 } else {
+                    doCancel = false;
                     k = token.p11.C_DecryptFinal(session.id(),
                             outAddr, outArray, outOfs, outLen);
-                    doCancel = false;
                 }
             }
             if ((!encrypt && paddingObj != null) ||
@@ -884,7 +918,6 @@
             }
             return k;
         } catch (PKCS11Exception e) {
-            doCancel = false;
             handleException(e);
             throw new ProviderException("doFinal() failed", e);
         } finally {
--- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java	Mon Apr 19 04:23:30 2021 +0100
@@ -67,8 +67,6 @@
 import sun.security.util.DerValue;
 import sun.security.util.ECUtil;
 
-import sun.security.ec.ECParameters;
-
 import sun.security.pkcs11.Secmod.*;
 import static sun.security.pkcs11.P11Util.*;
 
--- a/src/share/classes/sun/security/pkcs11/P11Mac.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11Mac.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -144,6 +144,13 @@
         try {
             token.p11.C_SignFinal(session.id(), 0);
         } catch (PKCS11Exception e) {
+            if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
+                // Cancel Operation may be invoked after an error on a PKCS#11
+                // call. If the operation inside the token was already cancelled,
+                // do not fail here. This is part of a defensive mechanism for
+                // PKCS#11 libraries that do not strictly follow the standard.
+                return;
+            }
             throw new ProviderException("Cancel failed", e);
         }
     }
@@ -206,6 +213,12 @@
             ensureInitialized();
             return token.p11.C_SignFinal(session.id(), 0);
         } catch (PKCS11Exception e) {
+            // As per the PKCS#11 standard, C_SignFinal may only
+            // keep the operation active on CKR_BUFFER_TOO_SMALL errors or
+            // successful calls to determine the output length. However,
+            // these cases are handled at OpenJDK's libj2pkcs11 native
+            // library. Thus, P11Mac::reset can be called with a 'false'
+            // doCancel argument from here.
             throw new ProviderException("doFinal() failed", e);
         } finally {
             reset(false);
--- a/src/share/classes/sun/security/pkcs11/P11PSSSignature.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11PSSSignature.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -271,6 +271,13 @@
                 }
             }
         } catch (PKCS11Exception e) {
+            if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
+                // Cancel Operation may be invoked after an error on a PKCS#11
+                // call. If the operation inside the token was already cancelled,
+                // do not fail here. This is part of a defensive mechanism for
+                // PKCS#11 libraries that do not strictly follow the standard.
+                return;
+            }
             if (mode == M_SIGN) {
                 throw new ProviderException("cancel failed", e);
             }
@@ -594,6 +601,11 @@
             doCancel = false;
             return signature;
         } catch (PKCS11Exception pe) {
+            // As per the PKCS#11 standard, C_Sign and C_SignFinal may only
+            // keep the operation active on CKR_BUFFER_TOO_SMALL errors or
+            // successful calls to determine the output length. However,
+            // these cases are handled at OpenJDK's libj2pkcs11 native
+            // library. Thus, doCancel can safely be 'false' here.
             doCancel = false;
             throw new ProviderException(pe);
         } catch (ProviderException e) {
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -297,6 +297,13 @@
                 }
             }
         } catch (PKCS11Exception e) {
+            if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
+                // Cancel Operation may be invoked after an error on a PKCS#11
+                // call. If the operation inside the token was already cancelled,
+                // do not fail here. This is part of a defensive mechanism for
+                // PKCS#11 libraries that do not strictly follow the standard.
+                return;
+            }
             if (mode == M_VERIFY) {
                 long errorCode = e.getErrorCode();
                 if ((errorCode == CKR_SIGNATURE_INVALID) ||
@@ -637,6 +644,11 @@
                 return signature;
             }
         } catch (PKCS11Exception e) {
+            // As per the PKCS#11 standard, C_Sign and C_SignFinal may only
+            // keep the operation active on CKR_BUFFER_TOO_SMALL errors or
+            // successful calls to determine the output length. However,
+            // these cases are handled at OpenJDK's libj2pkcs11 native
+            // library. Thus, doCancel can safely be 'false' here.
             doCancel = false;
             throw new ProviderException(e);
         } finally {
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Mon Apr 19 04:23:30 2021 +0100
@@ -622,7 +622,7 @@
 
         // AlgorithmParameters for EC.
         // Only needed until we have an EC implementation in the SUN provider.
-        d(AGP, "EC",            "sun.security.ec.ECParameters",
+        d(AGP, "EC",            "sun.security.util.ECParameters",
                 s("1.2.840.10045.2.1"),
                 m(CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE,
                     CKM_ECDSA, CKM_ECDSA_SHA1));
@@ -1102,7 +1102,7 @@
                 return token.getKeyStore();
             } else if (type == AGP) {
                 if (algorithm == "EC") {
-                    return new sun.security.ec.ECParameters();
+                    return new sun.security.util.ECParameters();
                 } else if (algorithm == "GCM") {
                     return new sun.security.util.GCMParameters();
                 } else {
--- a/src/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/CertSignAlgsExtension.java	Mon Apr 19 04:23:30 2021 +0100
@@ -101,6 +101,7 @@
             if (chc.localSupportedSignAlgs == null) {
                 chc.localSupportedSignAlgs =
                     SignatureScheme.getSupportedAlgorithms(
+                            chc.sslConfig,
                             chc.algorithmConstraints, chc.activeProtocols);
             }
 
@@ -194,6 +195,7 @@
             // update the context
             List<SignatureScheme> schemes =
                     SignatureScheme.getSupportedAlgorithms(
+                            shc.sslConfig,
                             shc.algorithmConstraints, shc.negotiatedProtocol,
                             spec.signatureSchemes);
             shc.peerRequestedCertSignSchemes = schemes;
@@ -248,7 +250,9 @@
             protocols = Collections.unmodifiableList(protocols);
             List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, protocols);
+                            shc.sslConfig,
+                            shc.algorithmConstraints,
+                            protocols);
 
             int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
@@ -338,6 +342,7 @@
             // update the context
             List<SignatureScheme> schemes =
                     SignatureScheme.getSupportedAlgorithms(
+                            chc.sslConfig,
                             chc.algorithmConstraints, chc.negotiatedProtocol,
                             spec.signatureSchemes);
             chc.peerRequestedCertSignSchemes = schemes;
--- a/src/share/classes/sun/security/ssl/CertificateRequest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/CertificateRequest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -601,6 +601,7 @@
             if (shc.localSupportedSignAlgs == null) {
                 shc.localSupportedSignAlgs =
                     SignatureScheme.getSupportedAlgorithms(
+                            shc.sslConfig,
                             shc.algorithmConstraints, shc.activeProtocols);
             }
 
--- a/src/share/classes/sun/security/ssl/CipherSuite.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/CipherSuite.java	Mon Apr 19 04:23:30 2021 +0100
@@ -388,7 +388,7 @@
             ProtocolVersion.PROTOCOLS_TO_TLS12,
             K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
 
-    // weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
+    // Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
     SSL_RSA_WITH_DES_CBC_SHA(
             0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
                            "TLS_RSA_WITH_DES_CBC_SHA",
@@ -410,7 +410,7 @@
             ProtocolVersion.PROTOCOLS_TO_11,
             K_DH_ANON, B_DES, M_SHA, H_NONE),
 
-    // weak cipher suites obsoleted in TLS 1.1  [RFC 4346]
+    // Weak cipher suites obsoleted in TLS 1.1  [RFC 4346]
     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
             0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
                            "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
@@ -442,7 +442,7 @@
             ProtocolVersion.PROTOCOLS_TO_10,
             K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
 
-    // no traffic encryption cipher suites
+    // No traffic encryption cipher suites
     TLS_RSA_WITH_NULL_SHA256(
             0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
             ProtocolVersion.PROTOCOLS_OF_12,
@@ -521,7 +521,7 @@
             ProtocolVersion.PROTOCOLS_TO_10,
             K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256),
 
-    // Definition of the CipherSuites that are not supported but the names
+    // Definition of the cipher suites that are not supported but the names
     // are known.
     TLS_CHACHA20_POLY1305_SHA256(                    // TLS 1.3
             "TLS_CHACHA20_POLY1305_SHA256", 0x1303),
@@ -530,7 +530,7 @@
     TLS_AES_128_CCM_8_SHA256(                        // TLS 1.3
             "TLS_AES_128_CCM_8_SHA256", 0x1305),
 
-    // remaining unsupported ciphersuites defined in RFC2246.
+    // Remaining unsupported cipher suites defined in RFC2246.
     CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",           0x0006),
     CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA",                    0x0007),
     CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",         0x000b),
@@ -540,18 +540,18 @@
     CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA",                  0x000f),
     CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA",             0x0010),
 
-    // SSL 3.0 Fortezza ciphersuites
+    // SSL 3.0 Fortezza cipher suites
     CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA",               0x001c),
     CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",       0x001d),
 
-    // 1024/56 bit exportable ciphersuites from expired internet draft
+    // 1024/56 bit exportable cipher suites from expired internet draft
     CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",          0x0062),
     CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",      0x0063),
     CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",           0x0064),
     CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",       0x0065),
     CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA",                 0x0066),
 
-    // Netscape old and new SSL 3.0 FIPS ciphersuites
+    // Netscape old and new SSL 3.0 FIPS cipher suites
     // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
     CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",      0xffe0),
     CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA",           0xffe1),
--- a/src/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Mon Apr 19 04:23:30 2021 +0100
@@ -420,6 +420,7 @@
         if (shc.localSupportedSignAlgs == null) {
             shc.localSupportedSignAlgs =
                     SignatureScheme.getSupportedAlgorithms(
+                            shc.sslConfig,
                             shc.algorithmConstraints, shc.activeProtocols);
         }
 
--- a/src/share/classes/sun/security/ssl/SSLConfiguration.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLConfiguration.java	Mon Apr 19 04:23:30 2021 +0100
@@ -29,8 +29,6 @@
 import java.security.AccessController;
 import java.security.AlgorithmConstraints;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -45,6 +43,7 @@
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 import sun.security.action.GetIntegerAction;
+import sun.security.action.GetPropertyAction;
 import sun.security.ssl.SSLExtension.ClientExtensions;
 import sun.security.ssl.SSLExtension.ServerExtensions;
 
@@ -64,6 +63,10 @@
     boolean                     preferLocalCipherSuites;
     int                         maximumPacketSize = 0;
 
+    // The configured signature schemes for "signature_algorithms" and
+    // "signature_algorithms_cert" extensions
+    List<SignatureScheme>       signatureSchemes;
+
     // the maximum protocol version of enabled protocols
     ProtocolVersion             maximumProtocolVersion;
 
@@ -140,6 +143,9 @@
 
         this.applicationProtocols = new String[0];
 
+        this.signatureSchemes = isClientMode ?
+                CustomizedClientSignatureSchemes.signatureSchemes :
+                CustomizedServerSignatureSchemes.signatureSchemes;
         this.maximumProtocolVersion = ProtocolVersion.NONE;
         for (ProtocolVersion pv : enabledProtocols) {
             if (pv.compareTo(maximumProtocolVersion) > 0) {
@@ -386,6 +392,15 @@
         return extensions.toArray(new SSLExtension[0]);
     }
 
+    void toggleClientMode() {
+        this.isClientMode ^= true;
+
+        // reset the signature schemes
+        this.signatureSchemes = isClientMode ?
+                CustomizedClientSignatureSchemes.signatureSchemes :
+                CustomizedServerSignatureSchemes.signatureSchemes;
+    }
+
     @Override
     @SuppressWarnings({"unchecked", "CloneDeclaresCloneNotSupported"})
     public Object clone() {
@@ -405,4 +420,72 @@
 
         return null;    // unlikely
     }
+
+
+    // lazy initialization holder class idiom for static default parameters
+    //
+    // See Effective Java Second Edition: Item 71.
+    private static final class CustomizedClientSignatureSchemes {
+        private static List<SignatureScheme> signatureSchemes =
+                getCustomizedSignatureScheme("jdk.tls.client.SignatureSchemes");
+    }
+
+    // lazy initialization holder class idiom for static default parameters
+    //
+    // See Effective Java Second Edition: Item 71.
+    private static final class CustomizedServerSignatureSchemes {
+        private static List<SignatureScheme> signatureSchemes =
+                getCustomizedSignatureScheme("jdk.tls.server.SignatureSchemes");
+    }
+
+    /*
+     * Get the customized signature schemes specified by the given
+     * system property.
+     */
+    private static List<SignatureScheme> getCustomizedSignatureScheme(
+            String propertyName) {
+
+        String property = GetPropertyAction.privilegedGetProperty(propertyName);
+        if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
+            SSLLogger.fine(
+                    "System property " + propertyName + " is set to '" +
+                    property + "'");
+        }
+        if (property != null && !property.isEmpty()) {
+            // remove double quote marks from beginning/end of the property
+            if (property.length() > 1 && property.charAt(0) == '"' &&
+                    property.charAt(property.length() - 1) == '"') {
+                property = property.substring(1, property.length() - 1);
+            }
+        }
+
+        if (property != null && !property.isEmpty()) {
+            String[] signatureSchemeNames = property.split(",");
+            List<SignatureScheme> signatureSchemes =
+                        new ArrayList<>(signatureSchemeNames.length);
+            for (int i = 0; i < signatureSchemeNames.length; i++) {
+                signatureSchemeNames[i] = signatureSchemeNames[i].trim();
+                if (signatureSchemeNames[i].isEmpty()) {
+                    continue;
+                }
+
+                SignatureScheme scheme =
+                    SignatureScheme.nameOf(signatureSchemeNames[i]);
+                if (scheme != null && scheme.isAvailable) {
+                    signatureSchemes.add(scheme);
+                } else {
+                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
+                        SSLLogger.fine(
+                                "The current installed providers do not " +
+                                "support signature scheme: " +
+                                signatureSchemeNames[i]);
+                    }
+                }
+            }
+
+            return signatureSchemes;
+        }
+
+        return Collections.emptyList();
+    }
 }
--- a/src/share/classes/sun/security/ssl/SSLContextImpl.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java	Mon Apr 19 04:23:30 2021 +0100
@@ -375,7 +375,7 @@
     private static List<CipherSuite> getApplicableCipherSuites(
             Collection<CipherSuite> allowedCipherSuites,
             List<ProtocolVersion> protocols) {
-        TreeSet<CipherSuite> suites = new TreeSet<>();
+        LinkedHashSet<CipherSuite> suites = new LinkedHashSet<>();
         if (protocols != null && (!protocols.isEmpty())) {
             for (CipherSuite suite : allowedCipherSuites) {
                 if (!suite.isAvailable()) {
--- a/src/share/classes/sun/security/ssl/SSLLogger.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLLogger.java	Mon Apr 19 04:23:30 2021 +0100
@@ -387,7 +387,7 @@
             for (int i=1; i<stElements.length; i++) {
                 StackTraceElement ste = stElements[i];
                 if (!ste.getClassName().startsWith(SSLLogger.class.getName()) &&
-                    !ste.getClassName().startsWith("java.lang.System")) {
+                    !ste.getClassName().startsWith(Logger.class.getName())) {
                    return ste.getFileName() + ":" + ste.getLineNumber();
                 }
             }
--- a/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLServerSocketImpl.java	Mon Apr 19 04:23:30 2021 +0100
@@ -62,7 +62,6 @@
         super();
         this.sslContext = sslContext;
         this.sslConfig = new SSLConfiguration(sslContext, false);
-        this.sslConfig.isClientMode = false;
     }
 
     SSLServerSocketImpl(SSLContextImpl sslContext,
@@ -71,7 +70,6 @@
         super(port, backlog);
         this.sslContext = sslContext;
         this.sslConfig = new SSLConfiguration(sslContext, false);
-        this.sslConfig.isClientMode = false;
     }
 
     SSLServerSocketImpl(SSLContextImpl sslContext,
@@ -80,7 +78,6 @@
         super(port, backlog, address);
         this.sslContext = sslContext;
         this.sslConfig = new SSLConfiguration(sslContext, false);
-        this.sslConfig.isClientMode = false;
     }
 
     @Override
@@ -166,7 +163,7 @@
                         sslContext.getDefaultCipherSuites(!useClientMode);
             }
 
-            sslConfig.isClientMode = useClientMode;
+            sslConfig.toggleClientMode();
         }
     }
 
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Mon Apr 19 04:23:30 2021 +0100
@@ -38,6 +38,7 @@
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.util.List;
+import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.BiFunction;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.SSLException;
@@ -83,6 +84,9 @@
     private boolean                 isConnected = false;
     private volatile boolean        tlsIsClosed = false;
 
+    private final ReentrantLock     socketLock = new ReentrantLock();
+    private final ReentrantLock     handshakeLock = new ReentrantLock();
+
     /*
      * Is the local name service trustworthy?
      *
@@ -291,14 +295,25 @@
     }
 
     @Override
-    public synchronized String[] getEnabledCipherSuites() {
-        return CipherSuite.namesOf(conContext.sslConfig.enabledCipherSuites);
+    public String[] getEnabledCipherSuites() {
+        socketLock.lock();
+        try {
+            return CipherSuite.namesOf(
+                    conContext.sslConfig.enabledCipherSuites);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized void setEnabledCipherSuites(String[] suites) {
-        conContext.sslConfig.enabledCipherSuites =
-                CipherSuite.validValuesOf(suites);
+    public void setEnabledCipherSuites(String[] suites) {
+        socketLock.lock();
+        try {
+            conContext.sslConfig.enabledCipherSuites =
+                    CipherSuite.validValuesOf(suites);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
@@ -308,19 +323,29 @@
     }
 
     @Override
-    public synchronized String[] getEnabledProtocols() {
-        return ProtocolVersion.toStringArray(
-                conContext.sslConfig.enabledProtocols);
+    public String[] getEnabledProtocols() {
+        socketLock.lock();
+        try {
+            return ProtocolVersion.toStringArray(
+                    conContext.sslConfig.enabledProtocols);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized void setEnabledProtocols(String[] protocols) {
+    public void setEnabledProtocols(String[] protocols) {
         if (protocols == null) {
             throw new IllegalArgumentException("Protocols cannot be null");
         }
 
-        conContext.sslConfig.enabledProtocols =
-                ProtocolVersion.namesOf(protocols);
+        socketLock.lock();
+        try {
+            conContext.sslConfig.enabledProtocols =
+                    ProtocolVersion.namesOf(protocols);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
@@ -340,29 +365,44 @@
     }
 
     @Override
-    public synchronized SSLSession getHandshakeSession() {
-        return conContext.handshakeContext == null ?
-                null : conContext.handshakeContext.handshakeSession;
+    public SSLSession getHandshakeSession() {
+        socketLock.lock();
+        try {
+            return conContext.handshakeContext == null ?
+                    null : conContext.handshakeContext.handshakeSession;
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized void addHandshakeCompletedListener(
+    public void addHandshakeCompletedListener(
             HandshakeCompletedListener listener) {
         if (listener == null) {
             throw new IllegalArgumentException("listener is null");
         }
 
-        conContext.sslConfig.addHandshakeCompletedListener(listener);
+        socketLock.lock();
+        try {
+            conContext.sslConfig.addHandshakeCompletedListener(listener);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized void removeHandshakeCompletedListener(
+    public void removeHandshakeCompletedListener(
             HandshakeCompletedListener listener) {
         if (listener == null) {
             throw new IllegalArgumentException("listener is null");
         }
 
-        conContext.sslConfig.removeHandshakeCompletedListener(listener);
+        socketLock.lock();
+        try {
+            conContext.sslConfig.removeHandshakeCompletedListener(listener);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
@@ -376,7 +416,8 @@
             throw new SocketException("Socket has been closed or broken");
         }
 
-        synchronized (conContext) {     // handshake lock
+        handshakeLock.lock();
+        try {
             // double check the context status
             if (conContext.isBroken || conContext.isInboundClosed() ||
                     conContext.isOutboundClosed()) {
@@ -399,53 +440,95 @@
             } catch (Exception oe) {    // including RuntimeException
                 handleException(oe);
             }
+        } finally {
+            handshakeLock.unlock();
+        }
+    }
+
+    @Override
+    public void setUseClientMode(boolean mode) {
+        socketLock.lock();
+        try {
+            conContext.setUseClientMode(mode);
+        } finally {
+            socketLock.unlock();
+        }
+    }
+
+    @Override
+    public boolean getUseClientMode() {
+        socketLock.lock();
+        try {
+            return conContext.sslConfig.isClientMode;
+        } finally {
+            socketLock.unlock();
+        }
+    }
+
+    @Override
+    public void setNeedClientAuth(boolean need) {
+        socketLock.lock();
+        try {
+            conContext.sslConfig.clientAuthType =
+                    (need ? ClientAuthType.CLIENT_AUTH_REQUIRED :
+                            ClientAuthType.CLIENT_AUTH_NONE);
+        } finally {
+            socketLock.unlock();
         }
     }
 
     @Override
-    public synchronized void setUseClientMode(boolean mode) {
-        conContext.setUseClientMode(mode);
+    public boolean getNeedClientAuth() {
+        socketLock.lock();
+        try {
+            return (conContext.sslConfig.clientAuthType ==
+                        ClientAuthType.CLIENT_AUTH_REQUIRED);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized boolean getUseClientMode() {
-        return conContext.sslConfig.isClientMode;
-    }
-
-    @Override
-    public synchronized void setNeedClientAuth(boolean need) {
-        conContext.sslConfig.clientAuthType =
-                (need ? ClientAuthType.CLIENT_AUTH_REQUIRED :
-                        ClientAuthType.CLIENT_AUTH_NONE);
+    public void setWantClientAuth(boolean want) {
+        socketLock.lock();
+        try {
+            conContext.sslConfig.clientAuthType =
+                    (want ? ClientAuthType.CLIENT_AUTH_REQUESTED :
+                            ClientAuthType.CLIENT_AUTH_NONE);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized boolean getNeedClientAuth() {
-        return (conContext.sslConfig.clientAuthType ==
-                        ClientAuthType.CLIENT_AUTH_REQUIRED);
-    }
-
-    @Override
-    public synchronized void setWantClientAuth(boolean want) {
-        conContext.sslConfig.clientAuthType =
-                (want ? ClientAuthType.CLIENT_AUTH_REQUESTED :
-                        ClientAuthType.CLIENT_AUTH_NONE);
+    public boolean getWantClientAuth() {
+        socketLock.lock();
+        try {
+            return (conContext.sslConfig.clientAuthType ==
+                        ClientAuthType.CLIENT_AUTH_REQUESTED);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized boolean getWantClientAuth() {
-        return (conContext.sslConfig.clientAuthType ==
-                        ClientAuthType.CLIENT_AUTH_REQUESTED);
+    public void setEnableSessionCreation(boolean flag) {
+        socketLock.lock();
+        try {
+            conContext.sslConfig.enableSessionCreation = flag;
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized void setEnableSessionCreation(boolean flag) {
-        conContext.sslConfig.enableSessionCreation = flag;
-    }
-
-    @Override
-    public synchronized boolean getEnableSessionCreation() {
-        return conContext.sslConfig.enableSessionCreation;
+    public boolean getEnableSessionCreation() {
+        socketLock.lock();
+        try {
+            return conContext.sslConfig.enableSessionCreation;
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
@@ -581,6 +664,7 @@
      * This method should only be called when the outbound has been closed,
      * but the inbound is still open.
      */
+    @SuppressWarnings("try")
     private void bruteForceCloseInput(
             boolean hasCloseReceipt) throws IOException {
         if (hasCloseReceipt) {
@@ -600,7 +684,12 @@
             }
         } else {
             if (!conContext.isInboundClosed()) {
-                conContext.inputRecord.close();
+                try (InputRecord ir = conContext.inputRecord) {
+                    // Try the best to use up the input records and close the
+                    // socket gracefully, without impact the performance too
+                    // much.
+                    appInput.deplete();
+                }
             }
 
             if ((autoClose || !isLayered()) && !super.isInputShutdown()) {
@@ -631,16 +720,17 @@
         // Is it ready to close inbound?
         //
         // No need to throw exception if the initial handshake is not started.
-        if (checkCloseNotify && !conContext.isInputCloseNotified &&
-            (conContext.isNegotiated || conContext.handshakeContext != null)) {
-
-            throw conContext.fatal(Alert.INTERNAL_ERROR,
+        try {
+            if (checkCloseNotify && !conContext.isInputCloseNotified &&
+                (conContext.isNegotiated || conContext.handshakeContext != null)) {
+            throw new SSLException(
                     "closing inbound before receiving peer's close_notify");
-        }
-
-        conContext.closeInbound();
-        if ((autoClose || !isLayered()) && !super.isInputShutdown()) {
-            super.shutdownInput();
+            }
+        } finally {
+            conContext.closeInbound();
+            if ((autoClose || !isLayered()) && !super.isInputShutdown()) {
+                super.shutdownInput();
+            }
         }
     }
 
@@ -675,20 +765,25 @@
     }
 
     @Override
-    public synchronized InputStream getInputStream() throws IOException {
-        if (isClosed()) {
-            throw new SocketException("Socket is closed");
-        }
+    public InputStream getInputStream() throws IOException {
+        socketLock.lock();
+        try {
+            if (isClosed()) {
+                throw new SocketException("Socket is closed");
+            }
 
-        if (!isConnected) {
-            throw new SocketException("Socket is not connected");
-        }
+            if (!isConnected) {
+                throw new SocketException("Socket is not connected");
+            }
 
-        if (conContext.isInboundClosed() || isInputShutdown()) {
-            throw new SocketException("Socket input is already shutdown");
+            if (conContext.isInboundClosed() || isInputShutdown()) {
+                throw new SocketException("Socket input is already shutdown");
+            }
+
+            return appInput;
+        } finally {
+            socketLock.unlock();
         }
-
-        return appInput;
     }
 
     private void ensureNegotiated() throws IOException {
@@ -697,7 +792,8 @@
             return;
         }
 
-        synchronized (conContext) {     // handshake lock
+        handshakeLock.lock();
+        try {
             // double check the context status
             if (conContext.isNegotiated || conContext.isBroken ||
                     conContext.isInboundClosed() ||
@@ -706,6 +802,8 @@
             }
 
             startHandshake();
+        } finally {
+            handshakeLock.unlock();
         }
     }
 
@@ -723,6 +821,13 @@
         // Is application data available in the stream?
         private volatile boolean appDataIsAvailable;
 
+        // reading lock
+        private final ReentrantLock readLock = new ReentrantLock();
+
+        // closing status
+        private volatile boolean isClosing;
+        private volatile boolean hasDepleted;
+
         AppInputStream() {
             this.appDataIsAvailable = false;
             this.buffer = ByteBuffer.allocate(4096);
@@ -768,8 +873,7 @@
          * and returning "-1" on non-fault EOF status.
          */
         @Override
-        public int read(byte[] b, int off, int len)
-                throws IOException {
+        public int read(byte[] b, int off, int len) throws IOException {
             if (b == null) {
                 throw new NullPointerException("the target buffer is null");
             } else if (off < 0 || len < 0 || len > b.length - off) {
@@ -797,11 +901,40 @@
                 throw new SocketException("Connection or inbound has closed");
             }
 
+            // Check if the input stream has been depleted.
+            //
+            // Note that the "hasDepleted" rather than the isClosing
+            // filed is checked here, in case the closing process is
+            // still in progress.
+            if (hasDepleted) {
+                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                    SSLLogger.fine("The input stream has been depleted");
+                }
+
+                return -1;
+            }
+
             // Read the available bytes at first.
             //
             // Note that the receiving and processing of post-handshake message
             // are also synchronized with the read lock.
-            synchronized (this) {
+            readLock.lock();
+            try {
+                // Double check if the Socket is invalid (error or closed).
+                if (conContext.isBroken || conContext.isInboundClosed()) {
+                    throw new SocketException(
+                            "Connection or inbound has closed");
+                }
+
+                // Double check if the input stream has been depleted.
+                if (hasDepleted) {
+                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                        SSLLogger.fine("The input stream is closing");
+                    }
+
+                    return -1;
+                }
+
                 int remains = available();
                 if (remains > 0) {
                     int howmany = Math.min(remains, len);
@@ -833,6 +966,18 @@
                     // dummy for compiler
                     return -1;
                 }
+            } finally {
+                // Check if the input stream is closing.
+                //
+                // If the deplete() did not hold the lock, clean up the
+                // input stream here.
+                try {
+                    if (isClosing) {
+                        readLockedDeplete();
+                    }
+                } finally {
+                    readLock.unlock();
+                }
             }
         }
 
@@ -844,19 +989,24 @@
          * things simpler.
          */
         @Override
-        public synchronized long skip(long n) throws IOException {
+        public long skip(long n) throws IOException {
             // dummy array used to implement skip()
             byte[] skipArray = new byte[256];
+            long skipped = 0;
 
-            long skipped = 0;
-            while (n > 0) {
-                int len = (int)Math.min(n, skipArray.length);
-                int r = read(skipArray, 0, len);
-                if (r <= 0) {
-                    break;
+            readLock.lock();
+            try {
+                while (n > 0) {
+                    int len = (int)Math.min(n, skipArray.length);
+                    int r = read(skipArray, 0, len);
+                    if (r <= 0) {
+                        break;
+                    }
+                    n -= r;
+                    skipped += r;
                 }
-                n -= r;
-                skipped += r;
+            } finally {
+                readLock.unlock();
             }
 
             return skipped;
@@ -899,23 +1049,78 @@
 
             return false;
         }
+
+        /**
+         * Try the best to use up the input records so as to close the
+         * socket gracefully, without impact the performance too much.
+         */
+        private void deplete() {
+            if (conContext.isInboundClosed() || isClosing) {
+                return;
+            }
+
+            isClosing = true;
+            if (readLock.tryLock()) {
+                try {
+                    readLockedDeplete();
+                } finally {
+                    readLock.unlock();
+                }
+            }
+        }
+
+        /**
+         * Try to use up the input records.
+         *
+         * Please don't call this method unless the readLock is held by
+         * the current thread.
+         */
+        private void readLockedDeplete() {
+            // double check
+            if (hasDepleted || conContext.isInboundClosed()) {
+                return;
+            }
+
+            if (!(conContext.inputRecord instanceof SSLSocketInputRecord)) {
+                return;
+            }
+
+            SSLSocketInputRecord socketInputRecord =
+                    (SSLSocketInputRecord)conContext.inputRecord;
+            try {
+                socketInputRecord.deplete(
+                    conContext.isNegotiated && (getSoTimeout() > 0));
+            } catch (Exception ex) {
+                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                    SSLLogger.warning(
+                        "input stream close depletion failed", ex);
+                }
+            } finally {
+                hasDepleted = true;
+            }
+        }
     }
 
     @Override
-    public synchronized OutputStream getOutputStream() throws IOException {
-        if (isClosed()) {
-            throw new SocketException("Socket is closed");
-        }
+    public OutputStream getOutputStream() throws IOException {
+        socketLock.lock();
+        try {
+            if (isClosed()) {
+                throw new SocketException("Socket is closed");
+            }
 
-        if (!isConnected) {
-            throw new SocketException("Socket is not connected");
-        }
+            if (!isConnected) {
+                throw new SocketException("Socket is not connected");
+            }
 
-        if (conContext.isOutboundDone() || isOutputShutdown()) {
-            throw new SocketException("Socket output is already shutdown");
+            if (conContext.isOutboundDone() || isOutputShutdown()) {
+                throw new SocketException("Socket output is already shutdown");
+            }
+
+            return appOutput;
+        } finally {
+            socketLock.unlock();
         }
-
-        return appOutput;
     }
 
 
@@ -975,9 +1180,11 @@
             } catch (SSLHandshakeException she) {
                 // may be record sequence number overflow
                 throw conContext.fatal(Alert.HANDSHAKE_FAILURE, she);
-            } catch (IOException e) {
-                throw conContext.fatal(Alert.UNEXPECTED_MESSAGE, e);
-            }
+            } catch (SSLException ssle) {
+                throw conContext.fatal(Alert.UNEXPECTED_MESSAGE, ssle);
+            }   // re-throw other IOException, which should be caused by
+                // the underlying plain socket and could be handled by
+                // applications (for example, re-try the connection).
 
             // Is the sequence number is nearly overflow, or has the key usage
             // limit been reached?
@@ -1005,44 +1212,74 @@
     }
 
     @Override
-    public synchronized SSLParameters getSSLParameters() {
-        return conContext.sslConfig.getSSLParameters();
-    }
-
-    @Override
-    public synchronized void setSSLParameters(SSLParameters params) {
-        conContext.sslConfig.setSSLParameters(params);
-
-        if (conContext.sslConfig.maximumPacketSize != 0) {
-            conContext.outputRecord.changePacketSize(
-                    conContext.sslConfig.maximumPacketSize);
+    public SSLParameters getSSLParameters() {
+        socketLock.lock();
+        try {
+            return conContext.sslConfig.getSSLParameters();
+        } finally {
+            socketLock.unlock();
         }
     }
 
     @Override
-    public synchronized String getApplicationProtocol() {
-        return conContext.applicationProtocol;
+    public void setSSLParameters(SSLParameters params) {
+        socketLock.lock();
+        try {
+            conContext.sslConfig.setSSLParameters(params);
+
+            if (conContext.sslConfig.maximumPacketSize != 0) {
+                conContext.outputRecord.changePacketSize(
+                        conContext.sslConfig.maximumPacketSize);
+            }
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized String getHandshakeApplicationProtocol() {
-        if (conContext.handshakeContext != null) {
-            return conContext.handshakeContext.applicationProtocol;
+    public String getApplicationProtocol() {
+        socketLock.lock();
+        try {
+            return conContext.applicationProtocol;
+        } finally {
+            socketLock.unlock();
+        }
+    }
+
+    @Override
+    public String getHandshakeApplicationProtocol() {
+        socketLock.lock();
+        try {
+            if (conContext.handshakeContext != null) {
+                return conContext.handshakeContext.applicationProtocol;
+            }
+        } finally {
+            socketLock.unlock();
         }
 
         return null;
     }
 
     @Override
-    public synchronized void setHandshakeApplicationProtocolSelector(
+    public void setHandshakeApplicationProtocolSelector(
             BiFunction<SSLSocket, List<String>, String> selector) {
-        conContext.sslConfig.socketAPSelector = selector;
+        socketLock.lock();
+        try {
+            conContext.sslConfig.socketAPSelector = selector;
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     @Override
-    public synchronized BiFunction<SSLSocket, List<String>, String>
+    public BiFunction<SSLSocket, List<String>, String>
             getHandshakeApplicationProtocolSelector() {
-        return conContext.sslConfig.socketAPSelector;
+        socketLock.lock();
+        try {
+            return conContext.sslConfig.socketAPSelector;
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     /**
@@ -1112,8 +1349,11 @@
 
             try {
                 Plaintext plainText;
-                synchronized (this) {
+                socketLock.lock();
+                try {
                     plainText = decode(buffer);
+                } finally {
+                    socketLock.unlock();
                 }
                 if (plainText.contentType == ContentType.APPLICATION_DATA.id &&
                         buffer.position() > 0) {
@@ -1192,27 +1432,33 @@
      *
      * Called by connect, the layered constructor, and SSLServerSocket.
      */
-    synchronized void doneConnect() throws IOException {
-        // In server mode, it is not necessary to set host and serverNames.
-        // Otherwise, would require a reverse DNS lookup to get the hostname.
-        if (peerHost == null || peerHost.isEmpty()) {
-            boolean useNameService =
-                    trustNameService && conContext.sslConfig.isClientMode;
-            useImplicitHost(useNameService);
-        } else {
-            conContext.sslConfig.serverNames =
-                    Utilities.addToSNIServerNameList(
-                            conContext.sslConfig.serverNames, peerHost);
+    void doneConnect() throws IOException {
+        socketLock.lock();
+        try {
+            // In server mode, it is not necessary to set host and serverNames.
+            // Otherwise, would require a reverse DNS lookup to get
+            // the hostname.
+            if (peerHost == null || peerHost.isEmpty()) {
+                boolean useNameService =
+                        trustNameService && conContext.sslConfig.isClientMode;
+                useImplicitHost(useNameService);
+            } else {
+                conContext.sslConfig.serverNames =
+                        Utilities.addToSNIServerNameList(
+                                conContext.sslConfig.serverNames, peerHost);
+            }
+
+            InputStream sockInput = super.getInputStream();
+            conContext.inputRecord.setReceiverStream(sockInput);
+
+            OutputStream sockOutput = super.getOutputStream();
+            conContext.inputRecord.setDeliverStream(sockOutput);
+            conContext.outputRecord.setDeliverStream(sockOutput);
+
+            this.isConnected = true;
+        } finally {
+            socketLock.unlock();
         }
-
-        InputStream sockInput = super.getInputStream();
-        conContext.inputRecord.setReceiverStream(sockInput);
-
-        OutputStream sockOutput = super.getOutputStream();
-        conContext.inputRecord.setDeliverStream(sockOutput);
-        conContext.outputRecord.setDeliverStream(sockOutput);
-
-        this.isConnected = true;
     }
 
     private void useImplicitHost(boolean useNameService) {
@@ -1256,11 +1502,16 @@
     // Please NOTE that this method MUST be called before calling to
     // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
     // may override SNIHostName in the customized server name indication.
-    public synchronized void setHost(String host) {
-        this.peerHost = host;
-        this.conContext.sslConfig.serverNames =
-                Utilities.addToSNIServerNameList(
-                        conContext.sslConfig.serverNames, host);
+    public void setHost(String host) {
+        socketLock.lock();
+        try {
+            this.peerHost = host;
+            this.conContext.sslConfig.serverNames =
+                    Utilities.addToSNIServerNameList(
+                            conContext.sslConfig.serverNames, host);
+        } finally {
+            socketLock.unlock();
+        }
     }
 
     /**
--- a/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java	Mon Apr 19 04:23:30 2021 +0100
@@ -472,4 +472,17 @@
 
         return n;
     }
+
+    // Try to use up the input stream without impact the performance too much.
+    void deplete(boolean tryToRead) throws IOException {
+        int remaining = is.available();
+        if (tryToRead && (remaining == 0)) {
+            // try to wait and read one byte if no buffered input
+            is.read();
+        }
+
+        while ((remaining = is.available()) != 0) {
+            is.skip(remaining);
+        }
+    }
 }
--- a/src/share/classes/sun/security/ssl/SSLTransport.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SSLTransport.java	Mon Apr 19 04:23:30 2021 +0100
@@ -28,6 +28,7 @@
 import java.io.EOFException;
 import java.io.IOException;
 import java.nio.ByteBuffer;
+import javax.crypto.AEADBadTagException;
 import javax.crypto.BadPaddingException;
 import javax.net.ssl.SSLHandshakeException;
 
@@ -114,6 +115,8 @@
             }
 
             throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe);
+        } catch (AEADBadTagException bte) {
+            throw context.fatal(Alert.BAD_RECORD_MAC, bte);
         } catch (BadPaddingException bpe) {
             /*
              * The basic SSLv3 record protection involves (optional)
@@ -121,9 +124,9 @@
              * data origin authentication.  We do them both here, and
              * throw a fatal alert if the integrity check fails.
              */
-            Alert alert = (context.handshakeContext != null) ?
-                    Alert.HANDSHAKE_FAILURE :
-                    Alert.BAD_RECORD_MAC;
+             Alert alert = (context.handshakeContext != null) ?
+                     Alert.HANDSHAKE_FAILURE :
+                     Alert.BAD_RECORD_MAC;
             throw context.fatal(alert, bpe);
         } catch (SSLHandshakeException she) {
             // may be record sequence number overflow
--- a/src/share/classes/sun/security/ssl/ServerHello.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/ServerHello.java	Mon Apr 19 04:23:30 2021 +0100
@@ -276,6 +276,7 @@
                 if (shc.localSupportedSignAlgs == null) {
                     shc.localSupportedSignAlgs =
                         SignatureScheme.getSupportedAlgorithms(
+                                shc.sslConfig,
                                 shc.algorithmConstraints, shc.activeProtocols);
                 }
 
@@ -504,6 +505,7 @@
                 if (shc.localSupportedSignAlgs == null) {
                     shc.localSupportedSignAlgs =
                         SignatureScheme.getSupportedAlgorithms(
+                                shc.sslConfig,
                                 shc.algorithmConstraints, shc.activeProtocols);
                 }
 
--- a/src/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java	Mon Apr 19 04:23:30 2021 +0100
@@ -186,6 +186,7 @@
             if (chc.localSupportedSignAlgs == null) {
                 chc.localSupportedSignAlgs =
                     SignatureScheme.getSupportedAlgorithms(
+                            chc.sslConfig,
                             chc.algorithmConstraints, chc.activeProtocols);
             }
 
@@ -278,6 +279,7 @@
             // update the context
             List<SignatureScheme> sss =
                     SignatureScheme.getSupportedAlgorithms(
+                            shc.sslConfig,
                             shc.algorithmConstraints, shc.negotiatedProtocol,
                             spec.signatureSchemes);
             shc.peerRequestedSignatureSchemes = sss;
@@ -413,7 +415,9 @@
             protocols = Collections.unmodifiableList(protocols);
             List<SignatureScheme> sigAlgs =
                     SignatureScheme.getSupportedAlgorithms(
-                            shc.algorithmConstraints, protocols);
+                            shc.sslConfig,
+                            shc.algorithmConstraints,
+                            protocols);
 
             int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();
             byte[] extData = new byte[vectorLen + 2];
@@ -512,6 +516,7 @@
             // update the context
             List<SignatureScheme> sss =
                     SignatureScheme.getSupportedAlgorithms(
+                            chc.sslConfig,
                             chc.algorithmConstraints, chc.negotiatedProtocol,
                             spec.signatureSchemes);
             chc.peerRequestedSignatureSchemes = sss;
--- a/src/share/classes/sun/security/ssl/SignatureScheme.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/SignatureScheme.java	Mon Apr 19 04:23:30 2021 +0100
@@ -341,6 +341,17 @@
         return signName + "_" + hashName;
     }
 
+    // Note: the signatureSchemeName is not case-sensitive.
+    static SignatureScheme nameOf(String signatureSchemeName) {
+        for (SignatureScheme ss: SignatureScheme.values()) {
+            if (ss.name.equalsIgnoreCase(signatureSchemeName)) {
+                return ss;
+            }
+        }
+
+        return null;
+    }
+
     // Return the size of a SignatureScheme structure in TLS record
     static int sizeInRecord() {
         return 2;
@@ -349,11 +360,19 @@
     // Get local supported algorithm collection complying to algorithm
     // constraints.
     static List<SignatureScheme> getSupportedAlgorithms(
+            SSLConfiguration config,
             AlgorithmConstraints constraints,
             List<ProtocolVersion> activeProtocols) {
         List<SignatureScheme> supported = new LinkedList<>();
         for (SignatureScheme ss: SignatureScheme.values()) {
-            if (!ss.isAvailable) {
+            if (!ss.isAvailable ||
+                    (!config.signatureSchemes.isEmpty() &&
+                        !config.signatureSchemes.contains(ss))) {
+                if (SSLLogger.isOn &&
+                        SSLLogger.isOn("ssl,handshake,verbose")) {
+                    SSLLogger.finest(
+                        "Ignore unsupported signature scheme: " + ss.name);
+                }
                 continue;
             }
 
@@ -385,6 +404,7 @@
     }
 
     static List<SignatureScheme> getSupportedAlgorithms(
+            SSLConfiguration config,
             AlgorithmConstraints constraints,
             ProtocolVersion protocolVersion, int[] algorithmIds) {
         List<SignatureScheme> supported = new LinkedList<>();
@@ -398,6 +418,8 @@
                 }
             } else if (ss.isAvailable &&
                     ss.supportedProtocols.contains(protocolVersion) &&
+                    (config.signatureSchemes.isEmpty() ||
+                        config.signatureSchemes.contains(ss)) &&
                     constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            ss.algorithm, null)) {
                 supported.add(ss);
--- a/src/share/classes/sun/security/ssl/TransportContext.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/ssl/TransportContext.java	Mon Apr 19 04:23:30 2021 +0100
@@ -426,7 +426,7 @@
                         sslContext.getDefaultCipherSuites(!useClientMode);
             }
 
-            sslConfig.isClientMode = useClientMode;
+            sslConfig.toggleClientMode();
         }
 
         isUnsureMode = false;
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java	Mon Apr 19 04:23:30 2021 +0100
@@ -108,6 +108,10 @@
             new DisabledAlgorithmConstraints(
                     DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS);
 
+    private static final DisabledAlgorithmConstraints LEGACY_CHECK =
+            new DisabledAlgorithmConstraints(
+                    DisabledAlgorithmConstraints.PROPERTY_SECURITY_LEGACY_ALGS);
+
     private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = Collections
             .unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST));
     private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
@@ -184,6 +188,11 @@
     // If there is a time stamp block inside the PKCS7 block file
     boolean hasTimestampBlock = false;
 
+    private PublicKey weakPublicKey = null;
+    private boolean disabledAlgFound = false;
+    private String legacyDigestAlg = null;
+    private String legacyTsaDigestAlg = null;
+    private String legacySigAlg = null;
 
     // Severe warnings.
 
@@ -194,7 +203,8 @@
     // only tsaChainNotValidated is set, i.e. has no affect on hasExpiredCert,
     // notYetValidCert, or any badXyzUsage.
 
-    private int weakAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg
+    private int legacyAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg, 8. key
+    private int disabledAlg = 0; // 1. digestalg, 2. sigalg, 4. tsadigestalg, 8. key
     private boolean hasExpiredCert = false;
     private boolean hasExpiredTsaCert = false;
     private boolean notYetValidCert = false;
@@ -211,8 +221,6 @@
     private Throwable chainNotValidatedReason = null;
     private Throwable tsaChainNotValidatedReason = null;
 
-    private boolean seeWeak = false;
-
     PKIXBuilderParameters pkixParameters;
     Set<X509Certificate> trustedCerts = new HashSet<>();
 
@@ -301,7 +309,7 @@
 
         if (strict) {
             int exitCode = 0;
-            if (weakAlg != 0 || chainNotValidated || hasExpiredCert
+            if (disabledAlg != 0 || chainNotValidated || hasExpiredCert
                     || hasExpiredTsaCert || notYetValidCert || signerSelfSigned) {
                 exitCode |= 4;
             }
@@ -838,7 +846,7 @@
             }
 
             // Even if the verbose option is not specified, all out strings
-            // must be generated so seeWeak can be updated.
+            // must be generated so disabledAlgFound can be updated.
             if (!digestMap.isEmpty()
                     || !sigMap.isEmpty()
                     || !unparsableSignatures.isEmpty()) {
@@ -882,21 +890,21 @@
                                 history = String.format(
                                         rb.getString("history.with.ts"),
                                         signer.getSubjectX500Principal(),
-                                        withWeak(digestAlg, DIGEST_PRIMITIVE_SET),
-                                        withWeak(sigAlg, SIG_PRIMITIVE_SET),
-                                        withWeak(key),
+                                        verifyWithWeak(digestAlg, DIGEST_PRIMITIVE_SET, false),
+                                        verifyWithWeak(sigAlg, SIG_PRIMITIVE_SET, false),
+                                        verifyWithWeak(key),
                                         c,
                                         tsSigner.getSubjectX500Principal(),
-                                        withWeak(tsDigestAlg, DIGEST_PRIMITIVE_SET),
-                                        withWeak(tsSigAlg, SIG_PRIMITIVE_SET),
-                                        withWeak(tsKey));
+                                        verifyWithWeak(tsDigestAlg, DIGEST_PRIMITIVE_SET, true),
+                                        verifyWithWeak(tsSigAlg, SIG_PRIMITIVE_SET, true),
+                                        verifyWithWeak(tsKey));
                             } else {
                                 history = String.format(
                                         rb.getString("history.without.ts"),
                                         signer.getSubjectX500Principal(),
-                                        withWeak(digestAlg, DIGEST_PRIMITIVE_SET),
-                                        withWeak(sigAlg, SIG_PRIMITIVE_SET),
-                                        withWeak(key));
+                                        verifyWithWeak(digestAlg, DIGEST_PRIMITIVE_SET, false),
+                                        verifyWithWeak(sigAlg, SIG_PRIMITIVE_SET, false),
+                                        verifyWithWeak(key));
                             }
                         } catch (Exception e) {
                             // The only usage of sigNameMap, remember the name
@@ -929,7 +937,7 @@
             }
 
             if (!anySigned) {
-                if (seeWeak) {
+                if (disabledAlgFound) {
                     if (verbose != null) {
                         System.out.println(rb.getString("jar.treated.unsigned.see.weak.verbose"));
                         System.out.println("\n  " +
@@ -972,8 +980,8 @@
 
         if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
                 notYetValidCert || chainNotValidated || hasExpiredCert ||
-                hasUnsignedEntry || signerSelfSigned || (weakAlg != 0) ||
-                aliasNotInStore || notSignedByAlias ||
+                hasUnsignedEntry || signerSelfSigned || (legacyAlg != 0) ||
+                (disabledAlg != 0) || aliasNotInStore || notSignedByAlias ||
                 tsaChainNotValidated ||
                 (hasExpiredTsaCert && !signerNotExpired)) {
 
@@ -1055,28 +1063,75 @@
                         : "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
             }
 
-            // weakAlg only detected in signing. The jar file is
-            // now simply treated unsigned in verifying.
-            if ((weakAlg & 1) == 1) {
-                errors.add(String.format(
-                        rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
-                        digestalg, "-digestalg"));
-            }
+            if (isSigning) {
+                if ((legacyAlg & 1) == 1) {
+                    warnings.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                            digestalg, "-digestalg"));
+                }
+
+                if ((disabledAlg & 1) == 1) {
+                    errors.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."),
+                            digestalg, "-digestalg"));
+                }
+
+                if ((legacyAlg & 2) == 2) {
+                    warnings.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                            sigalg, "-sigalg"));
+                }
+                if ((disabledAlg & 2) == 2) {
+                    errors.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."),
+                            sigalg, "-sigalg"));
+                }
+
+                if ((legacyAlg & 4) == 4) {
+                    warnings.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                            tSADigestAlg, "-tsadigestalg"));
+                }
+                if ((disabledAlg & 4) == 4) {
+                    errors.add(String.format(
+                            rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled."),
+                            tSADigestAlg, "-tsadigestalg"));
+                }
 
-            if ((weakAlg & 2) == 2) {
-                errors.add(String.format(
-                        rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
-                        sigalg, "-sigalg"));
-            }
-            if ((weakAlg & 4) == 4) {
-                errors.add(String.format(
-                        rb.getString("The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk."),
-                        tSADigestAlg, "-tsadigestalg"));
-            }
-            if ((weakAlg & 8) == 8) {
-                errors.add(String.format(
-                        rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk."),
-                        privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
+                if ((legacyAlg & 8) == 8) {
+                    warnings.add(String.format(
+                            rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
+                            privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
+                }
+                if ((disabledAlg & 8) == 8) {
+                    errors.add(String.format(
+                            rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."),
+                            privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
+                }
+            } else {
+                if ((legacyAlg & 1) != 0) {
+                    warnings.add(String.format(
+                            rb.getString("The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                            legacyDigestAlg));
+                }
+
+                if ((legacyAlg & 2) == 2) {
+                     warnings.add(String.format(
+                             rb.getString("The.signature.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                             legacySigAlg));
+                }
+
+                if ((legacyAlg & 4) != 0) {
+                    warnings.add(String.format(
+                            rb.getString("The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update."),
+                            legacyTsaDigestAlg));
+                }
+
+                if ((legacyAlg & 8) == 8) {
+                    warnings.add(String.format(
+                            rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
+                            weakPublicKey.getAlgorithm(), KeyUtil.getKeySize(weakPublicKey)));
+                }
             }
         } else {
             result = rb.getString(isSigning ? "jar.signed." : "jar.verified.");
@@ -1185,23 +1240,84 @@
         }
     }
 
-    private String withWeak(String alg, Set<CryptoPrimitive> primitiveSet) {
+    private String verifyWithWeak(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) {
         if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
-            return alg;
+            if (LEGACY_CHECK.permits(primitiveSet, alg, null)) {
+                return alg;
+            } else {
+                if (primitiveSet == SIG_PRIMITIVE_SET) {
+                   legacyAlg |= 2;
+                   legacySigAlg = alg;
+                } else {
+                    if (tsa) {
+                        legacyAlg |= 4;
+                        legacyTsaDigestAlg = alg;
+                    } else {
+                        legacyAlg |= 1;
+                        legacyDigestAlg = alg;
+                    }
+                }
+                return String.format(rb.getString("with.weak"), alg);
+            }
         } else {
-            seeWeak = true;
-            return String.format(rb.getString("with.weak"), alg);
+            disabledAlgFound = true;
+            return String.format(rb.getString("with.disabled"), alg);
         }
     }
 
-    private String withWeak(PublicKey key) {
+    private String verifyWithWeak(PublicKey key) {
+        int kLen = KeyUtil.getKeySize(key);
         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
-            return String.format(
-                    rb.getString("key.bit"), KeyUtil.getKeySize(key));
+            if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+                if (kLen >= 0) {
+                    return String.format(rb.getString("key.bit"), kLen);
+                } else {
+                    return rb.getString("unknown.size");
+                }
+            } else {
+                weakPublicKey = key;
+                legacyAlg |= 8;
+                return String.format(rb.getString("key.bit.weak"), kLen);
+            }
         } else {
-            seeWeak = true;
-            return String.format(
-                    rb.getString("key.bit.weak"), KeyUtil.getKeySize(key));
+           disabledAlgFound = true;
+           return String.format(rb.getString("key.bit.disabled"), kLen);
+        }
+    }
+
+    private void checkWeakSign(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) {
+        if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
+            if (!LEGACY_CHECK.permits(primitiveSet, alg, null)) {
+                if (primitiveSet == SIG_PRIMITIVE_SET) {
+                   legacyAlg |= 2;
+                } else {
+                    if (tsa) {
+                        legacyAlg |= 4;
+                    } else {
+                        legacyAlg |= 1;
+                    }
+                }
+            }
+        } else {
+           if (primitiveSet == SIG_PRIMITIVE_SET) {
+               disabledAlg |= 2;
+           } else {
+               if (tsa) {
+                   disabledAlg |= 4;
+               } else {
+                   disabledAlg |= 1;
+               }
+           }
+        }
+    }
+
+    private void checkWeakSign(PrivateKey key) {
+        if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+            if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+                legacyAlg |= 8;
+            }
+        } else {
+            disabledAlg |= 8;
         }
     }
 
@@ -1426,22 +1542,18 @@
     void signJar(String jarName, String alias, String[] args)
             throws Exception {
 
-        DisabledAlgorithmConstraints dac =
-                new DisabledAlgorithmConstraints(
-                        DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
-
-        if (digestalg != null && !dac.permits(
-                Collections.singleton(CryptoPrimitive.MESSAGE_DIGEST), digestalg, null)) {
-            weakAlg |= 1;
+        checkWeakSign(digestalg, DIGEST_PRIMITIVE_SET, false);
+        checkWeakSign(tSADigestAlg, DIGEST_PRIMITIVE_SET, true);
+        /*
+         * If no signature algorithm was specified, we choose a
+         * default that is compatible with the private key algorithm.
+         */
+        if (sigalg == null) {
+            sigalg = getDefaultSignatureAlgorithm(privateKey);
         }
-        if (tSADigestAlg != null && !dac.permits(
-                Collections.singleton(CryptoPrimitive.MESSAGE_DIGEST), tSADigestAlg, null)) {
-            weakAlg |= 4;
-        }
-        if (sigalg != null && !dac.permits(
-                Collections.singleton(CryptoPrimitive.SIGNATURE), sigalg, null)) {
-            weakAlg |= 2;
-        }
+        checkWeakSign(sigalg, SIG_PRIMITIVE_SET, false);
+
+        checkWeakSign(privateKey);
 
         boolean aliasUsed = false;
         X509Certificate tsaCert = null;
@@ -1833,10 +1945,22 @@
                 }
             }
         }
-
         displayMessagesAndResult(true);
     }
 
+    private static String getDefaultSignatureAlgorithm(PrivateKey privateKey) {
+        String keyAlgorithm = privateKey.getAlgorithm();
+        if (keyAlgorithm.equalsIgnoreCase("DSA"))
+            return "SHA256withDSA";
+        else if (keyAlgorithm.equalsIgnoreCase("RSA"))
+            return "SHA256withRSA";
+        else if (keyAlgorithm.equalsIgnoreCase("EC"))
+            return "SHA256withECDSA";
+        throw new RuntimeException("private key is not a DSA or "
+                                           + "RSA key");
+    }
+
+
     /**
      * Find the length of header inside bs. The header is a multiple (>=0)
      * lines of attributes plus an empty line. The empty line is included
@@ -2735,26 +2859,8 @@
                 }
             BigInteger serial = certChain[0].getSerialNumber();
 
-            String signatureAlgorithm;
+            String signatureAlgorithm = sigalg;
             String keyAlgorithm = privateKey.getAlgorithm();
-            /*
-             * If no signature algorithm was specified, we choose a
-             * default that is compatible with the private key algorithm.
-             */
-            if (sigalg == null) {
-
-                if (keyAlgorithm.equalsIgnoreCase("DSA"))
-                    signatureAlgorithm = "SHA256withDSA";
-                else if (keyAlgorithm.equalsIgnoreCase("RSA"))
-                    signatureAlgorithm = "SHA256withRSA";
-                else if (keyAlgorithm.equalsIgnoreCase("EC"))
-                    signatureAlgorithm = "SHA256withECDSA";
-                else
-                    throw new RuntimeException("private key is not a DSA or "
-                                               + "RSA key");
-            } else {
-                signatureAlgorithm = sigalg;
-            }
 
             // check common invalid key/signature algorithm combinations
             String sigAlgUpperCase = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
--- a/src/share/classes/sun/security/tools/jarsigner/Resources.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java	Mon Apr 19 04:23:30 2021 +0100
@@ -155,8 +155,11 @@
         {"history.nobk", "- Missing block file for signature-related file META-INF/%s.SF"},
 
         {"with.weak", "%s (weak)"},
+        {"with.disabled", "%s (disabled)"},
         {"key.bit", "%d-bit key"},
         {"key.bit.weak", "%d-bit key (weak)"},
+        {"key.bit.disabled", "%d-bit key (disabled)"},
+        {"unknown.size", "unknown size"},
 
         {"jarsigner.", "jarsigner: "},
         {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
@@ -268,8 +271,18 @@
                 "The TSA certificate chain is invalid. Reason: %s"},
         {"The.signer.s.certificate.is.self.signed.",
                 "The signer's certificate is self-signed."},
-        {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.",
-                "The %1$s algorithm specified for the %2$s option is considered a security risk."},
+        {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
+                "The %1$s algorithm specified for the %2$s option is considered a security risk. This algorithm will be disabled in a future update."},
+        {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled.",
+                "The %1$s algorithm specified for the %2$s option is considered a security risk and is disabled."},
+        {"The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
+                "The %1$s digest algorithm is considered a security risk. This algorithm will be disabled in a future update."},
+        {"The.signature.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
+                "The %1$s signature algorithm is considered a security risk. This algorithm will be disabled in a future update."},
+        {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update.",
+                "The %1$s signing key has a keysize of %2$d which is considered a security risk. This key size will be disabled in a future update."},
+        {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled.",
+                "The %1$s signing key has a keysize of %2$d which is considered a security risk and is disabled."},
         {"This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1",
                  "This jar contains entries whose certificate chain is invalid. Reason: %s"},
         {"This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1",
--- a/src/share/classes/sun/security/tools/keytool/Main.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/tools/keytool/Main.java	Mon Apr 19 04:23:30 2021 +0100
@@ -50,7 +50,9 @@
 import java.security.cert.CRL;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
+import java.security.interfaces.ECKey;
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECParameterSpec;
 import java.text.Collator;
 import java.text.MessageFormat;
 import java.util.*;
@@ -71,6 +73,7 @@
 
 import sun.security.util.DisabledAlgorithmConstraints;
 import sun.security.util.KeyUtil;
+import sun.security.util.NamedCurve;
 import sun.security.util.ObjectIdentifier;
 import sun.security.pkcs10.PKCS10;
 import sun.security.pkcs10.PKCS10Attribute;
@@ -182,6 +185,10 @@
             new DisabledAlgorithmConstraints(
                     DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
 
+    private static final DisabledAlgorithmConstraints LEGACY_CHECK =
+            new DisabledAlgorithmConstraints(
+                    DisabledAlgorithmConstraints.PROPERTY_SECURITY_LEGACY_ALGS);
+
     private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
             .unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
 
@@ -1937,8 +1944,8 @@
                 } else {
                     // Print the digest of the user cert only
                     out.println
-                        (rb.getString("Certificate.fingerprint.SHA1.") +
-                        getCertFingerPrint("SHA1", chain[0]));
+                        (rb.getString("Certificate.fingerprint.SHA.256.") +
+                        getCertFingerPrint("SHA-256", chain[0]));
                     checkWeak(label, chain[0]);
                 }
             }
@@ -1959,8 +1966,8 @@
                 out.println(cert.toString());
             } else {
                 out.println("trustedCertEntry, ");
-                out.println(rb.getString("Certificate.fingerprint.SHA1.")
-                            + getCertFingerPrint("SHA1", cert));
+                out.println(rb.getString("Certificate.fingerprint.SHA.256.")
+                            + getCertFingerPrint("SHA-256", cert));
             }
             checkWeak(label, cert);
         } else {
@@ -3087,19 +3094,42 @@
 
     private String withWeak(String alg) {
         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
-            return alg;
+            if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
+                return alg;
+            } else {
+                return String.format(rb.getString("with.weak"), alg);
+            }
         } else {
-            return String.format(rb.getString("with.weak"), alg);
+            return String.format(rb.getString("with.disabled"), alg);
         }
     }
 
+    private String fullDisplayAlgName(Key key) {
+        String result = key.getAlgorithm();
+        if (key instanceof ECKey) {
+            ECParameterSpec paramSpec = ((ECKey) key).getParams();
+            if (paramSpec instanceof NamedCurve) {
+                result += " (" + paramSpec.toString().split(" ")[0] + ")";
+            }
+        }
+        return result;
+    }
+
     private String withWeak(PublicKey key) {
+        int kLen = KeyUtil.getKeySize(key);
+        String displayAlg = fullDisplayAlgName(key);
         if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
-            return String.format(rb.getString("key.bit"),
-                    KeyUtil.getKeySize(key), key.getAlgorithm());
+            if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+                if (kLen >= 0) {
+                    return String.format(rb.getString("key.bit"), kLen, displayAlg);
+                } else {
+                    return String.format(rb.getString("unknown.size.1"), displayAlg);
+                }
+            } else {
+                return String.format(rb.getString("key.bit.weak"), kLen, displayAlg);
+            }
         } else {
-            return String.format(rb.getString("key.bit.weak"),
-                    KeyUtil.getKeySize(key), key.getAlgorithm());
+            return String.format(rb.getString("key.bit.disabled"), kLen, displayAlg);
         }
     }
 
@@ -3109,23 +3139,6 @@
     private void printX509Cert(X509Certificate cert, PrintStream out)
         throws Exception
     {
-        /*
-        out.println("Owner: "
-                    + cert.getSubjectDN().toString()
-                    + "\n"
-                    + "Issuer: "
-                    + cert.getIssuerDN().toString()
-                    + "\n"
-                    + "Serial number: " + cert.getSerialNumber().toString(16)
-                    + "\n"
-                    + "Valid from: " + cert.getNotBefore().toString()
-                    + " until: " + cert.getNotAfter().toString()
-                    + "\n"
-                    + "Certificate fingerprints:\n"
-                    + "\t MD5:  " + getCertFingerPrint("MD5", cert)
-                    + "\n"
-                    + "\t SHA1: " + getCertFingerPrint("SHA1", cert));
-        */
 
         MessageFormat form = new MessageFormat
                 (rb.getString(".PATTERN.printX509Cert.with.weak"));
@@ -3140,8 +3153,7 @@
                         cert.getSerialNumber().toString(16),
                         cert.getNotBefore().toString(),
                         cert.getNotAfter().toString(),
-                        getCertFingerPrint("MD5", cert),
-                        getCertFingerPrint("SHA1", cert),
+                        getCertFingerPrint("SHA-1", cert),
                         getCertFingerPrint("SHA-256", cert),
                         sigName,
                         withWeak(pkey),
@@ -4372,18 +4384,28 @@
     }
 
     private void checkWeak(String label, String sigAlg, Key key) {
-
-        if (sigAlg != null && !DISABLED_CHECK.permits(
-                SIG_PRIMITIVE_SET, sigAlg, null)) {
-            weakWarnings.add(String.format(
-                    rb.getString("whose.sigalg.risk"), label, sigAlg));
+        if (sigAlg != null) {
+            if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) {
+                weakWarnings.add(String.format(
+                    rb.getString("whose.sigalg.disabled"), label, sigAlg));
+            } else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) {
+                weakWarnings.add(String.format(
+                    rb.getString("whose.sigalg.weak"), label, sigAlg));
+            }
         }
-        if (key != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
-            weakWarnings.add(String.format(
-                    rb.getString("whose.key.risk"),
-                    label,
+
+        if (key != null) {
+            if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+                weakWarnings.add(String.format(
+                    rb.getString("whose.key.disabled"), label,
                     String.format(rb.getString("key.bit"),
-                            KeyUtil.getKeySize(key), key.getAlgorithm())));
+                    KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
+            } else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+                weakWarnings.add(String.format(
+                    rb.getString("whose.key.weak"), label,
+                    String.format(rb.getString("key.bit"),
+                    KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
+            }
         }
     }
 
--- a/src/share/classes/sun/security/tools/keytool/Resources.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/tools/keytool/Resources.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -308,7 +308,7 @@
         {"Entry.type.type.", "Entry type: {0}"},
         {"Certificate.chain.length.", "Certificate chain length: "},
         {"Certificate.i.1.", "Certificate[{0,number,integer}]:"},
-        {"Certificate.fingerprint.SHA1.", "Certificate fingerprint (SHA1): "},
+        {"Certificate.fingerprint.SHA.256.", "Certificate fingerprint (SHA-256): "},
         {"Keystore.type.", "Keystore type: "},
         {"Keystore.provider.", "Keystore provider: "},
         {"Your.keystore.contains.keyStore.size.entry",
@@ -445,16 +445,21 @@
         {"alias.in.cacerts", "Issuer <%s> in cacerts"},
         {"alias.in.keystore", "Issuer <%s>"},
         {"with.weak", "%s (weak)"},
+        {"with.disabled", "%s (disabled)"},
         {"key.bit", "%1$d-bit %2$s key"},
         {"key.bit.weak", "%1$d-bit %2$s key (weak)"},
+        {"key.bit.disabled", "%1$d-bit %2$s key (disabled)"},
+        {"unknown.size.1", "unknown size %s key"},
         {".PATTERN.printX509Cert.with.weak",
-                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t MD5:  {5}\n\t SHA1: {6}\n\t SHA256: {7}\nSignature algorithm name: {8}\nSubject Public Key Algorithm: {9}\nVersion: {10}"},
+                "Owner: {0}\nIssuer: {1}\nSerial number: {2}\nValid from: {3} until: {4}\nCertificate fingerprints:\n\t SHA1: {5}\n\t SHA256: {6}\nSignature algorithm name: {7}\nSubject Public Key Algorithm: {8} ({9,number,#})\nVersion: {10}"},
         {"PKCS.10.with.weak",
                 "PKCS #10 Certificate Request (Version 1.0)\n" +
                         "Subject: %1$s\nFormat: %2$s\nPublic Key: %3$s\nSignature algorithm: %4$s\n"},
         {"verified.by.s.in.s.weak", "Verified by %1$s in %2$s with a %3$s"},
-        {"whose.sigalg.risk", "%1$s uses the %2$s signature algorithm which is considered a security risk."},
-        {"whose.key.risk", "%1$s uses a %2$s which is considered a security risk."},
+        {"whose.sigalg.disabled", "%1$s uses the %2$s signature algorithm which is considered a security risk and is disabled."},
+        {"whose.sigalg.weak", "%1$s uses the %2$s signature algorithm which is considered a security risk. This algorithm will be disabled in a future update."},
+        {"whose.key.disabled", "%1$s uses a %2$s which is considered a security risk and is disabled."},
+        {"whose.key.weak", "%1$s uses a %2$s which is considered a security risk. This key size will be disabled in a future update."},
         {"jks.storetype.warning", "The %1$s keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."},
         {"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."},
         {"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."},
--- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,10 @@
 import java.security.AlgorithmConstraints;
 import java.security.PrivilegedAction;
 import java.security.Security;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -44,7 +48,7 @@
     }
 
     // Get algorithm constraints from the specified security property.
-    static String[] getAlgorithms(String propertyName) {
+    static List<String> getAlgorithms(String propertyName) {
         String property = AccessController.doPrivileged(
                 new PrivilegedAction<String>() {
                     @Override
@@ -68,12 +72,12 @@
 
         // map the disabled algorithms
         if (algorithmsInProperty == null) {
-            algorithmsInProperty = new String[0];
+            return Collections.emptyList();
         }
-        return algorithmsInProperty;
+        return new ArrayList<>(Arrays.asList(algorithmsInProperty));
     }
 
-    static boolean checkAlgorithm(String[] algorithms, String algorithm,
+    static boolean checkAlgorithm(List<String> algorithms, String algorithm,
             AlgorithmDecomposer decomposer) {
         if (algorithm == null || algorithm.length() == 0) {
             throw new IllegalArgumentException("No algorithm name specified");
--- a/src/share/classes/sun/security/util/ConstraintsParameters.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/util/ConstraintsParameters.java	Mon Apr 19 04:23:30 2021 +0100
@@ -31,6 +31,7 @@
 import java.security.Key;
 import java.security.Timestamp;
 import java.security.cert.X509Certificate;
+import java.security.interfaces.ECKey;
 import java.util.Date;
 
 /**
@@ -49,8 +50,8 @@
     private final String algorithm;
     // AlgorithmParameters to the algorithm being checked
     private final AlgorithmParameters algParams;
-    // Public Key being checked against constraints
-    private final Key publicKey;
+    // Key being checked against constraints
+    private final Key key;
 
     /*
      * New values that are checked against constraints that the current public
@@ -66,6 +67,9 @@
     // Timestamp of the signed JAR file
     private final Timestamp jarTimestamp;
     private final String variant;
+    // Named Curve
+    private final String[] curveStr;
+    private static final String[] EMPTYLIST = new String[0];
 
     public ConstraintsParameters(X509Certificate c, boolean match,
             Date pkixdate, Timestamp jarTime, String variant) {
@@ -76,14 +80,20 @@
         this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
         algorithm = null;
         algParams = null;
-        publicKey = null;
+        key = null;
+        if (c != null) {
+            curveStr = getNamedCurveFromKey(c.getPublicKey());
+        } else {
+            curveStr = EMPTYLIST;
+        }
     }
 
     public ConstraintsParameters(String algorithm, AlgorithmParameters params,
             Key key, String variant) {
         this.algorithm = algorithm;
         algParams = params;
-        this.publicKey = key;
+        this.key = key;
+        curveStr = getNamedCurveFromKey(key);
         cert = null;
         trustedMatch = false;
         pkixDate = null;
@@ -109,9 +119,10 @@
         return algParams;
     }
 
-    public Key getPublicKey() {
-        return publicKey;
+    public Key getKey() {
+        return key;
     }
+
     // Returns if the trust anchor has a match if anchor checking is enabled.
     public boolean isTrustedMatch() {
         return trustedMatch;
@@ -132,4 +143,42 @@
     public String getVariant() {
         return variant;
     }
+
+    public String[] getNamedCurve() {
+        return curveStr;
+    }
+
+    public static String[] getNamedCurveFromKey(Key key) {
+        if (key instanceof ECKey) {
+            NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
+            return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId()));
+        } else {
+            return EMPTYLIST;
+        }
+    }
+
+    public String toString() {
+        StringBuilder s = new StringBuilder();
+        s.append("Cert:       ");
+        if (cert != null) {
+            s.append(cert.toString());
+            s.append("\nSigAlgo:    ");
+            s.append(cert.getSigAlgName());
+        } else {
+            s.append("None");
+        }
+        s.append("\nAlgParams:  ");
+        if (getAlgParams() != null) {
+            getAlgParams().toString();
+        } else {
+            s.append("None");
+        }
+        s.append("\nNamedCurves: ");
+        for (String c : getNamedCurve()) {
+            s.append(c + " ");
+        }
+        s.append("\nVariant:    " + getVariant());
+        return s.toString();
+    }
+
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/CurveDB.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,747 @@
+/*
+ * Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+import java.util.*;
+import java.util.regex.Pattern;
+
+import sun.security.util.ECUtil;
+
+/**
+ * Repository for well-known Elliptic Curve parameters. It is used by both
+ * the SunPKCS11 and SunJSSE code.
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public class CurveDB {
+    private final static int P  = 1; // prime curve
+    private final static int B  = 2; // binary curve
+    private final static int PD = 5; // prime curve, mark as default
+    private final static int BD = 6; // binary curve, mark as default
+
+    private static final Map<String,NamedCurve> oidMap =
+        new LinkedHashMap<String,NamedCurve>();
+    private static final Map<String,NamedCurve> nameMap =
+        new HashMap<String,NamedCurve>();
+    private static final Map<Integer,NamedCurve> lengthMap =
+        new HashMap<Integer,NamedCurve>();
+
+    private static Collection<? extends NamedCurve> specCollection;
+
+    public static final String SPLIT_PATTERN = ",|\\[|\\]";
+
+    // Used by SunECEntries
+    public static Collection<? extends NamedCurve>getSupportedCurves() {
+        return specCollection;
+    }
+
+    // Return a NamedCurve for the specified OID/name or null if unknown.
+    static NamedCurve lookup(String name) {
+        NamedCurve spec = oidMap.get(name);
+        if (spec != null) {
+            return spec;
+        }
+
+        return nameMap.get(name);
+    }
+
+    // Return EC parameters for the specified field size. If there are known
+    // NIST recommended parameters for the given length, they are returned.
+    // Otherwise, if there are multiple matches for the given size, an
+    // arbitrary one is returns.
+    // If no parameters are known, the method returns null.
+    // NOTE that this method returns both prime and binary curves.
+    static NamedCurve lookup(int length) {
+        return lengthMap.get(length);
+    }
+
+    // Convert the given ECParameterSpec object to a NamedCurve object.
+    // If params does not represent a known named curve, return null.
+    static NamedCurve lookup(ECParameterSpec params) {
+        if ((params instanceof NamedCurve) || (params == null)) {
+            return (NamedCurve)params;
+        }
+
+        // This is a hack to allow SunJSSE to work with 3rd party crypto
+        // providers for ECC and not just SunPKCS11.
+        // This can go away once we decide how to expose curve names in the
+        // public API.
+        // Note that it assumes that the 3rd party provider encodes named
+        // curves using the short form, not explicitly. If it did that, then
+        // the SunJSSE TLS ECC extensions are wrong, which could lead to
+        // interoperability problems.
+        int fieldSize = params.getCurve().getField().getFieldSize();
+        for (NamedCurve namedCurve : specCollection) {
+            // ECParameterSpec does not define equals, so check all the
+            // components ourselves.
+            // Quick field size check first
+            if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
+                continue;
+            }
+            if (ECUtil.equals(namedCurve, params)) {
+                // everything matches our named curve, return it
+                return namedCurve;
+            }
+        }
+        // no match found
+        return null;
+    }
+
+    private static BigInteger bi(String s) {
+        return new BigInteger(s, 16);
+    }
+
+    private static void add(String name, String soid, int type, String sfield,
+            String a, String b, String x, String y, String n, int h,
+            Pattern nameSplitPattern) {
+        BigInteger p = bi(sfield);
+        ECField field;
+        if ((type == P) || (type == PD)) {
+            field = new ECFieldFp(p);
+        } else if ((type == B) || (type == BD)) {
+            field = new ECFieldF2m(p.bitLength() - 1, p);
+        } else {
+            throw new RuntimeException("Invalid type: " + type);
+        }
+
+        EllipticCurve curve = new EllipticCurve(field, bi(a), bi(b));
+        ECPoint g = new ECPoint(bi(x), bi(y));
+
+        NamedCurve params = new NamedCurve(name, soid, curve, g, bi(n), h);
+        if (oidMap.put(soid, params) != null) {
+            throw new RuntimeException("Duplication oid: " + soid);
+        }
+
+        String[] commonNames = nameSplitPattern.split(name);
+        for (String commonName : commonNames) {
+            if (nameMap.put(commonName.trim(), params) != null) {
+                throw new RuntimeException("Duplication name: " + commonName);
+            }
+        }
+
+        int len = field.getFieldSize();
+        if ((type == PD) || (type == BD) || (lengthMap.get(len) == null)) {
+            // add entry if none present for this field size or if
+            // the curve is marked as a default curve.
+            lengthMap.put(len, params);
+        }
+    }
+
+    private static class Holder {
+        private static final Pattern nameSplitPattern = Pattern.compile(
+                SPLIT_PATTERN);
+    }
+
+    // Return all the names the EC curve could be using.
+    static String[] getNamesByOID(String oid) {
+        NamedCurve nc = oidMap.get(oid);
+        if (nc == null) {
+            return new String[0];
+        }
+        String[] list = Holder.nameSplitPattern.split(nc.getName());
+        int i = 0;
+        do {
+            list[i] = list[i].trim();
+        } while (++i < list.length);
+        return list;
+    }
+
+    static {
+        Pattern nameSplitPattern = Holder.nameSplitPattern;
+
+        /* SEC2 prime curves */
+        add("secp112r1", "1.3.132.0.6", P,
+            "DB7C2ABF62E35E668076BEAD208B",
+            "DB7C2ABF62E35E668076BEAD2088",
+            "659EF8BA043916EEDE8911702B22",
+            "09487239995A5EE76B55F9C2F098",
+            "A89CE5AF8724C0A23E0E0FF77500",
+            "DB7C2ABF62E35E7628DFAC6561C5",
+            1, nameSplitPattern);
+
+        add("secp112r2", "1.3.132.0.7", P,
+            "DB7C2ABF62E35E668076BEAD208B",
+            "6127C24C05F38A0AAAF65C0EF02C",
+            "51DEF1815DB5ED74FCC34C85D709",
+            "4BA30AB5E892B4E1649DD0928643",
+            "adcd46f5882e3747def36e956e97",
+            "36DF0AAFD8B8D7597CA10520D04B",
+            4, nameSplitPattern);
+
+        add("secp128r1", "1.3.132.0.28", P,
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+            "E87579C11079F43DD824993C2CEE5ED3",
+            "161FF7528B899B2D0C28607CA52C5B86",
+            "CF5AC8395BAFEB13C02DA292DDED7A83",
+            "FFFFFFFE0000000075A30D1B9038A115",
+            1, nameSplitPattern);
+
+        add("secp128r2", "1.3.132.0.29", P,
+            "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+            "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+            "5EEEFCA380D02919DC2C6558BB6D8A5D",
+            "7B6AA5D85E572983E6FB32A7CDEBC140",
+            "27B6916A894D3AEE7106FE805FC34B44",
+            "3FFFFFFF7FFFFFFFBE0024720613B5A3",
+            4, nameSplitPattern);
+
+        add("secp160k1", "1.3.132.0.9", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+            "0000000000000000000000000000000000000000",
+            "0000000000000000000000000000000000000007",
+            "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+            "938CF935318FDCED6BC28286531733C3F03C4FEE",
+            "0100000000000000000001B8FA16DFAB9ACA16B6B3",
+            1, nameSplitPattern);
+
+        add("secp160r1", "1.3.132.0.8", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+            "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+            "4A96B5688EF573284664698968C38BB913CBFC82",
+            "23A628553168947D59DCC912042351377AC5FB32",
+            "0100000000000000000001F4C8F927AED3CA752257",
+            1, nameSplitPattern);
+
+        add("secp160r2", "1.3.132.0.30", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+            "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+            "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+            "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
+            "0100000000000000000000351EE786A818F3A1A16B",
+            1, nameSplitPattern);
+
+        add("secp192k1", "1.3.132.0.31", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+            "000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000003",
+            "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+            "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
+            "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
+            1, nameSplitPattern);
+
+        add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+            "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+            "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
+            "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+            1, nameSplitPattern);
+
+        add("secp224k1", "1.3.132.0.32", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+            "00000000000000000000000000000000000000000000000000000000",
+            "00000000000000000000000000000000000000000000000000000005",
+            "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+            "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
+            "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
+            1, nameSplitPattern);
+
+        add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+            "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+            "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+            "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+            1, nameSplitPattern);
+
+        add("secp256k1", "1.3.132.0.10", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+            "0000000000000000000000000000000000000000000000000000000000000000",
+            "0000000000000000000000000000000000000000000000000000000000000007",
+            "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+            "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
+            1, nameSplitPattern);
+
+        add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
+            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+            "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+            "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+            "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+            "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+            "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+            1, nameSplitPattern);
+
+        add("secp384r1 [NIST P-384]", "1.3.132.0.34", PD,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+            "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+            "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+            "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+            1, nameSplitPattern);
+
+        add("secp521r1 [NIST P-521]", "1.3.132.0.35", PD,
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+            "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+            "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+            "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+            1, nameSplitPattern);
+
+        /* ANSI X9.62 prime curves */
+        add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+            "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+            "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
+            "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
+            1, nameSplitPattern);
+
+        add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+            "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+            "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+            "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+            "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
+            "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+            "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+            "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+            "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+            "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
+            "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
+            1, nameSplitPattern);
+
+        add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+            "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+            "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+            "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
+            "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
+            1, nameSplitPattern);
+
+        /* SEC2 binary curves */
+        add("sect113r1", "1.3.132.0.4", B,
+            "020000000000000000000000000201",
+            "003088250CA6E7C7FE649CE85820F7",
+            "00E8BEE4D3E2260744188BE0E9C723",
+            "009D73616F35F4AB1407D73562C10F",
+            "00A52830277958EE84D1315ED31886",
+            "0100000000000000D9CCEC8A39E56F",
+            2, nameSplitPattern);
+
+        add("sect113r2", "1.3.132.0.5", B,
+            "020000000000000000000000000201",
+            "00689918DBEC7E5A0DD6DFC0AA55C7",
+            "0095E9A9EC9B297BD4BF36E059184F",
+            "01A57A6A7B26CA5EF52FCDB8164797",
+            "00B3ADC94ED1FE674C06E695BABA1D",
+            "010000000000000108789B2496AF93",
+            2, nameSplitPattern);
+
+        add("sect131r1", "1.3.132.0.22", B,
+            "080000000000000000000000000000010D",
+            "07A11B09A76B562144418FF3FF8C2570B8",
+            "0217C05610884B63B9C6C7291678F9D341",
+            "0081BAF91FDF9833C40F9C181343638399",
+            "078C6E7EA38C001F73C8134B1B4EF9E150",
+            "0400000000000000023123953A9464B54D",
+            2, nameSplitPattern);
+
+        add("sect131r2", "1.3.132.0.23", B,
+            "080000000000000000000000000000010D",
+            "03E5A88919D7CAFCBF415F07C2176573B2",
+            "04B8266A46C55657AC734CE38F018F2192",
+            "0356DCD8F2F95031AD652D23951BB366A8",
+            "0648F06D867940A5366D9E265DE9EB240F",
+            "0400000000000000016954A233049BA98F",
+            2, nameSplitPattern);
+
+        add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
+            "0800000000000000000000000000000000000000C9",
+            "000000000000000000000000000000000000000001",
+            "000000000000000000000000000000000000000001",
+            "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+            "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+            "04000000000000000000020108A2E0CC0D99F8A5EF",
+            2, nameSplitPattern);
+
+        add("sect163r1", "1.3.132.0.2", B,
+            "0800000000000000000000000000000000000000C9",
+            "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+            "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+            "0369979697AB43897789566789567F787A7876A654",
+            "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+            "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
+            2, nameSplitPattern);
+
+        add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
+            "0800000000000000000000000000000000000000C9",
+            "000000000000000000000000000000000000000001",
+            "020A601907B8C953CA1481EB10512F78744A3205FD",
+            "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+            "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+            "040000000000000000000292FE77E70C12A4234C33",
+            2, nameSplitPattern);
+
+        add("sect193r1", "1.3.132.0.24", B,
+            "02000000000000000000000000000000000000000000008001",
+            "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+            "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+            "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+            "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+            "01000000000000000000000000C7F34A778F443ACC920EBA49",
+            2, nameSplitPattern);
+
+        add("sect193r2", "1.3.132.0.25", B,
+            "02000000000000000000000000000000000000000000008001",
+            "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+            "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+            "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+            "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+            "010000000000000000000000015AAB561B005413CCD4EE99D5",
+            2, nameSplitPattern);
+
+        add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
+            "020000000000000000000000000000000000000004000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+            "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+            "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+            4, nameSplitPattern);
+
+        add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
+            "020000000000000000000000000000000000000004000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+            "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+            "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+            "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+            2, nameSplitPattern);
+
+        add("sect239k1", "1.3.132.0.3", B,
+            "800000000000000000004000000000000000000000000000000000000001",
+            "000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000001",
+            "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+            "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+            "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
+            4, nameSplitPattern);
+
+        add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
+            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+            "000000000000000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+            "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+            "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+            4, nameSplitPattern);
+
+        add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
+            "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+            "000000000000000000000000000000000000000000000000000000000000000000000001",
+            "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+            "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+            "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+            2, nameSplitPattern);
+
+        add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
+            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+            "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+            "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+            4, nameSplitPattern);
+
+        add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
+            "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+            "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+            "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+            "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+            "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+            2, nameSplitPattern);
+
+        add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
+            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+            "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+            "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+            4, nameSplitPattern);
+
+        add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
+            "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+            "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+            "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+            "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+            "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+            "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+            2, nameSplitPattern);
+
+        /* ANSI X9.62 binary curves */
+        add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
+            "800000000000000000000000000000000000000000000201",
+            "2866537B676752636A68F56554E12640276B649EF7526267",
+            "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+            "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+            "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+            "40000000000000000000000004A20E90C39067C893BBB9A5",
+            2, nameSplitPattern);
+
+        add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
+            "800000000000000000000000000000000000000000000201",
+            "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+            "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+            "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+            "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+            "20000000000000000000000050508CB89F652824E06B8173",
+            4, nameSplitPattern);
+
+        add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
+            "800000000000000000000000000000000000000000000201",
+            "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+            "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+            "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+            "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+            "155555555555555555555555610C0B196812BFB6288A3EA3",
+            6, nameSplitPattern);
+
+        add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+            "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+            "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+            "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+            "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
+            4, nameSplitPattern);
+
+        add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+            "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+            "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+            "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+            "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
+            6, nameSplitPattern);
+
+        add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
+            "800000000000000000000000000000000000000000000000001000000001",
+            "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+            "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+            "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+            "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+            "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
+            0xA, nameSplitPattern);
+
+        add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
+            "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
+            "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
+            "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
+            "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
+            "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
+            "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
+            0x4C, nameSplitPattern);
+
+        add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
+            "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
+            "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
+            "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
+            "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+            "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+            "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
+            0x2760, nameSplitPattern);
+
+        /* ANSI X9.62 binary curves from the 1998 standard but forbidden
+         * in the 2005 version of the standard.
+         * We don't register them but leave them here for the time being in
+         * case we need to support them after all.
+         */
+/*
+        add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
+            "080000000000000000000000000000000000000107",
+            "072546B5435234A422E0789675F432C89435DE5242",
+            "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+            "07AF69989546103D79329FCC3D74880F33BBE803CB",
+            "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+            "0400000000000000000001E60FC8821CC74DAEAFC1",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
+            "080000000000000000000000000000000000000107",
+            "0108B39E77C4B108BED981ED0E890E117C511CF072",
+            "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+            "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+            "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+            "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
+            "080000000000000000000000000000000000000107",
+            "07A526C63D3E25A256A007699F5447E32AE456B50E",
+            "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+            "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+            "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+            "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
+            2, nameSplitPattern);
+
+        add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
+            "0100000000000000000000000000000000080000000007",
+            "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+            "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+            "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+            "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+            "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
+            0xFF6E, nameSplitPattern);
+
+        add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
+            "010000000000000000000000000000000800000000000000000007",
+            "0000000000000000000000000000000000000000000000000000",
+            "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+            "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+            "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+            "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
+            0xFE48, nameSplitPattern);
+
+        add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
+            "010000000000000000000000000000000000000000000000000000010000000000000B",
+            "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+            "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+            "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+            "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+            "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+            0xFF06, nameSplitPattern);
+
+        add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
+            "010000000000000000000000000000000000000000000000000000000000000000000000000807",
+            "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
+            "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
+            "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
+            "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
+            "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
+            0xFE2E, nameSplitPattern);
+
+        add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
+            "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
+            "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
+            "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
+            "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
+            "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
+            "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
+            0xFF70, nameSplitPattern);
+*/
+
+        /*
+         * Brainpool curves (RFC 5639)
+         * (Twisted curves are not included)
+         */
+
+        add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
+            "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
+            "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
+            "1E589A8595423412134FAA2DBDEC95C8D8675E58",
+            "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
+            "1667CB477A1A8EC338F94741669C976316DA6321",
+            "E95E4A5F737059DC60DF5991D45029409E60FC09",
+            1, nameSplitPattern);
+
+        add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
+            "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
+            "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
+            "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
+            "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
+            "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
+            "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
+            1, nameSplitPattern);
+
+        add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
+            "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
+            "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
+            "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
+            "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
+            "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
+            "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
+            1, nameSplitPattern);
+
+        add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
+            "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
+            "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
+            "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
+            "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
+            "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
+            "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
+            1, nameSplitPattern);
+
+        add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
+            "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
+            "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
+            "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
+            "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
+            "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
+            "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
+            1, nameSplitPattern);
+
+        add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
+            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
+            "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
+            "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
+            "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
+            "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
+            "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
+            1, nameSplitPattern);
+
+        add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
+            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
+            "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
+            "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
+            "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
+            "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
+            "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
+            1, nameSplitPattern);
+
+        specCollection = Collections.unmodifiableCollection(oidMap.values());
+    }
+}
--- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,19 +60,27 @@
 public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
     private static final Debug debug = Debug.getInstance("certpath");
 
-    // the known security property, jdk.certpath.disabledAlgorithms
+    // Disabled algorithm security property for certificate path
     public static final String PROPERTY_CERTPATH_DISABLED_ALGS =
             "jdk.certpath.disabledAlgorithms";
 
-    // the known security property, jdk.tls.disabledAlgorithms
+    // Legacy algorithm security property for certificate path and jar
+    public static final String PROPERTY_SECURITY_LEGACY_ALGS =
+            "jdk.security.legacyAlgorithms";
+
+    // Disabled algorithm security property for TLS
     public static final String PROPERTY_TLS_DISABLED_ALGS =
             "jdk.tls.disabledAlgorithms";
 
-    // the known security property, jdk.jar.disabledAlgorithms
+    // Disabled algorithm security property for jar
     public static final String PROPERTY_JAR_DISABLED_ALGS =
             "jdk.jar.disabledAlgorithms";
 
-    private final String[] disabledAlgorithms;
+    // Property for disabled EC named curves
+    private static final String PROPERTY_DISABLED_EC_CURVES =
+            "jdk.disabled.namedCurves";
+
+    private final List<String> disabledAlgorithms;
     private final Constraints algorithmConstraints;
 
     /**
@@ -97,6 +105,24 @@
             AlgorithmDecomposer decomposer) {
         super(decomposer);
         disabledAlgorithms = getAlgorithms(propertyName);
+
+        // Check for alias
+        int ecindex = -1, i = 0;
+        for (String s : disabledAlgorithms) {
+            if (s.regionMatches(true, 0,"include ", 0, 8)) {
+                if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0,
+                        PROPERTY_DISABLED_EC_CURVES.length())) {
+                    ecindex = i;
+                    break;
+                }
+            }
+            i++;
+        }
+        if (ecindex > -1) {
+            disabledAlgorithms.remove(ecindex);
+            disabledAlgorithms.addAll(ecindex,
+                    getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
+        }
         algorithmConstraints = new Constraints(disabledAlgorithms);
     }
 
@@ -164,6 +190,19 @@
 
     public final void permits(String algorithm, ConstraintsParameters cp)
             throws CertPathValidatorException {
+
+        // Check if named curves in the ConstraintParameters are disabled.
+        if (cp.getNamedCurve() != null) {
+            for (String curve : cp.getNamedCurve()) {
+                if (!checkAlgorithm(disabledAlgorithms, curve, decomposer)) {
+                    throw new CertPathValidatorException(
+                            "Algorithm constraints check failed on disabled " +
+                                    "algorithm: " + curve,
+                            null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
+                }
+            }
+        }
+
         algorithmConstraints.permits(algorithm, cp);
     }
 
@@ -199,6 +238,13 @@
             return false;
         }
 
+        // If this is an elliptic curve, check disabled the named curve.
+        for (String curve : ConstraintsParameters.getNamedCurveFromKey(key)) {
+            if (!permits(primitives, curve, null)) {
+                return false;
+            }
+        }
+
         // check the key constraints
         return algorithmConstraints.permits(key);
     }
@@ -230,7 +276,7 @@
                     "denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})");
         }
 
-        public Constraints(String[] constraintArray) {
+        public Constraints(List<String> constraintArray) {
             for (String constraintEntry : constraintArray) {
                 if (constraintEntry == null || constraintEntry.isEmpty()) {
                     continue;
@@ -258,7 +304,9 @@
                             alias.toUpperCase(Locale.ENGLISH), constraintList);
                 }
 
-                if (space <= 0) {
+                // If there is no whitespace, it is a algorithm name; however,
+                // if there is a whitespace, could be a multi-word EC curve too.
+                if (space <= 0 || CurveDB.lookup(constraintEntry) != null) {
                     constraintList.add(new DisabledConstraint(algorithm));
                     continue;
                 }
@@ -357,7 +405,7 @@
             for (Constraint constraint : list) {
                 if (!constraint.permits(key)) {
                     if (debug != null) {
-                        debug.println("keySizeConstraint: failed key " +
+                        debug.println("Constraints: failed key size" +
                                 "constraint check " + KeyUtil.getKeySize(key));
                     }
                     return false;
@@ -376,7 +424,7 @@
             for (Constraint constraint : list) {
                 if (!constraint.permits(aps)) {
                     if (debug != null) {
-                        debug.println("keySizeConstraint: failed algorithm " +
+                        debug.println("Constraints: failed algorithm " +
                                 "parameters constraint check " + aps);
                     }
 
@@ -393,8 +441,7 @@
             X509Certificate cert = cp.getCertificate();
 
             if (debug != null) {
-                debug.println("Constraints.permits(): " + algorithm +
-                        " Variant: " + cp.getVariant());
+                debug.println("Constraints.permits(): " + cp.toString());
             }
 
             // Get all signature algorithms to check for constraints
@@ -408,8 +455,8 @@
             if (cert != null) {
                 algorithms.add(cert.getPublicKey().getAlgorithm());
             }
-            if (cp.getPublicKey() != null) {
-                algorithms.add(cp.getPublicKey().getAlgorithm());
+            if (cp.getKey() != null) {
+                algorithms.add(cp.getKey().getAlgorithm());
             }
             // Check all applicable constraints
             for (String alg : algorithms) {
@@ -548,10 +595,7 @@
          * the constraint denies the operation.
          */
         boolean next(Key key) {
-            if (nextConstraint != null && nextConstraint.permits(key)) {
-                return true;
-            }
-            return false;
+            return nextConstraint != null && nextConstraint.permits(key);
         }
 
         String extendedMsg(ConstraintsParameters cp) {
@@ -803,8 +847,8 @@
         public void permits(ConstraintsParameters cp)
                 throws CertPathValidatorException {
             Key key = null;
-            if (cp.getPublicKey() != null) {
-                key = cp.getPublicKey();
+            if (cp.getKey() != null) {
+                key = cp.getKey();
             } else if (cp.getCertificate() != null) {
                 key = cp.getCertificate().getPublicKey();
             }
@@ -904,4 +948,3 @@
         }
     }
 }
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/ECParameters.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.IOException;
+
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This class implements encoding and decoding of Elliptic Curve parameters
+ * as specified in RFC 3279.
+ *
+ * However, only named curves are currently supported.
+ *
+ * ASN.1 from RFC 3279 follows. Note that X9.62 (2005) has added some additional
+ * options.
+ *
+ * <pre>
+ *    EcpkParameters ::= CHOICE {
+ *      ecParameters  ECParameters,
+ *      namedCurve    OBJECT IDENTIFIER,
+ *      implicitlyCA  NULL }
+ *
+ *    ECParameters ::= SEQUENCE {
+ *       version   ECPVer,          -- version is always 1
+ *       fieldID   FieldID,         -- identifies the finite field over
+ *                                  -- which the curve is defined
+ *       curve     Curve,           -- coefficients a and b of the
+ *                                  -- elliptic curve
+ *       base      ECPoint,         -- specifies the base point P
+ *                                  -- on the elliptic curve
+ *       order     INTEGER,         -- the order n of the base point
+ *       cofactor  INTEGER OPTIONAL -- The integer h = #E(Fq)/n
+ *       }
+ *
+ *    ECPVer ::= INTEGER {ecpVer1(1)}
+ *
+ *    Curve ::= SEQUENCE {
+ *       a         FieldElement,
+ *       b         FieldElement,
+ *       seed      BIT STRING OPTIONAL }
+ *
+ *    FieldElement ::= OCTET STRING
+ *
+ *    ECPoint ::= OCTET STRING
+ * </pre>
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public final class ECParameters extends AlgorithmParametersSpi {
+
+    // used by ECPublicKeyImpl and ECPrivateKeyImpl
+    public static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec)
+            throws InvalidKeyException {
+        try {
+            AlgorithmParameters params =
+                AlgorithmParameters.getInstance("EC", "SunEC");
+            params.init(spec);
+            return params;
+        } catch (GeneralSecurityException e) {
+            throw new InvalidKeyException("EC parameters error", e);
+        }
+    }
+
+    /*
+     * The parameters these AlgorithmParameters object represents.
+     * Currently, it is always an instance of NamedCurve.
+     */
+    private NamedCurve namedCurve;
+
+    // A public constructor is required by AlgorithmParameters class.
+    public ECParameters() {
+        // empty
+    }
+
+    // AlgorithmParameterSpi methods
+
+    protected void engineInit(AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException {
+
+        if (paramSpec == null) {
+            throw new InvalidParameterSpecException
+                ("paramSpec must not be null");
+        }
+
+        if (paramSpec instanceof NamedCurve) {
+            namedCurve = (NamedCurve)paramSpec;
+            return;
+        }
+
+        if (paramSpec instanceof ECParameterSpec) {
+            namedCurve = CurveDB.lookup((ECParameterSpec)paramSpec);
+        } else if (paramSpec instanceof ECGenParameterSpec) {
+            String name = ((ECGenParameterSpec)paramSpec).getName();
+            namedCurve = CurveDB.lookup(name);
+        } else if (paramSpec instanceof ECKeySizeParameterSpec) {
+            int keySize = ((ECKeySizeParameterSpec)paramSpec).getKeySize();
+            namedCurve = CurveDB.lookup(keySize);
+        } else {
+            throw new InvalidParameterSpecException
+                ("Only ECParameterSpec and ECGenParameterSpec supported");
+        }
+
+        if (namedCurve == null) {
+            throw new InvalidParameterSpecException(
+                "Not a supported curve: " + paramSpec);
+        }
+    }
+
+    protected void engineInit(byte[] params) throws IOException {
+        DerValue encodedParams = new DerValue(params);
+        if (encodedParams.tag == DerValue.tag_ObjectId) {
+            ObjectIdentifier oid = encodedParams.getOID();
+            NamedCurve spec = CurveDB.lookup(oid.toString());
+            if (spec == null) {
+                throw new IOException("Unknown named curve: " + oid);
+            }
+
+            namedCurve = spec;
+            return;
+        }
+
+        throw new IOException("Only named ECParameters supported");
+
+        // The code below is incomplete.
+        // It is left as a starting point for a complete parsing implementation.
+
+/*
+        if (encodedParams.tag != DerValue.tag_Sequence) {
+            throw new IOException("Unsupported EC parameters, tag: " +
+                encodedParams.tag);
+        }
+
+        encodedParams.data.reset();
+
+        DerInputStream in = encodedParams.data;
+
+        int version = in.getInteger();
+        if (version != 1) {
+            throw new IOException("Unsupported EC parameters version: " +
+               version);
+        }
+        ECField field = parseField(in);
+        EllipticCurve curve = parseCurve(in, field);
+        ECPoint point = parsePoint(in, curve);
+
+        BigInteger order = in.getBigInteger();
+        int cofactor = 0;
+
+        if (in.available() != 0) {
+            cofactor = in.getInteger();
+        }
+
+        // XXX HashAlgorithm optional
+
+        if (encodedParams.data.available() != 0) {
+            throw new IOException("encoded params have " +
+                                  encodedParams.data.available() +
+                                  " extra bytes");
+        }
+
+        return new ECParameterSpec(curve, point, order, cofactor);
+*/
+    }
+
+    protected void engineInit(byte[] params, String decodingMethod)
+            throws IOException {
+        engineInit(params);
+    }
+
+    protected <T extends AlgorithmParameterSpec> T
+            engineGetParameterSpec(Class<T> spec)
+            throws InvalidParameterSpecException {
+
+        if (spec.isAssignableFrom(ECParameterSpec.class)) {
+            return spec.cast(namedCurve);
+        }
+
+        if (spec.isAssignableFrom(ECGenParameterSpec.class)) {
+            // Ensure the name is the Object ID
+            String name = namedCurve.getObjectId();
+            return spec.cast(new ECGenParameterSpec(name));
+        }
+
+        if (spec.isAssignableFrom(ECKeySizeParameterSpec.class)) {
+            int keySize = namedCurve.getCurve().getField().getFieldSize();
+            return spec.cast(new ECKeySizeParameterSpec(keySize));
+        }
+
+        throw new InvalidParameterSpecException(
+            "Only ECParameterSpec and ECGenParameterSpec supported");
+    }
+
+    protected byte[] engineGetEncoded() throws IOException {
+        return namedCurve.getEncoded();
+    }
+
+    protected byte[] engineGetEncoded(String encodingMethod)
+            throws IOException {
+        return engineGetEncoded();
+    }
+
+    protected String engineToString() {
+        if (namedCurve == null) {
+            return "Not initialized";
+        }
+
+        return namedCurve.toString();
+    }
+}
+
--- a/src/share/classes/sun/security/util/HostnameChecker.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/util/HostnameChecker.java	Mon Apr 19 04:23:30 2021 +0100
@@ -96,6 +96,10 @@
      */
     public void match(String expectedName, X509Certificate cert,
                       boolean chainsToPublicCA) throws CertificateException {
+        if (expectedName == null) {
+            throw new CertificateException("Hostname or IP address is " +
+                    "undefined.");
+        }
         if (isIpAddress(expectedName)) {
            matchIP(expectedName, cert);
         } else {
--- a/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,8 +28,8 @@
 import java.security.AlgorithmParameters;
 import java.security.CryptoPrimitive;
 import java.security.Key;
+import java.util.List;
 import java.util.Set;
-import static sun.security.util.AbstractAlgorithmConstraints.getAlgorithms;
 
 /**
  * Algorithm constraints for legacy algorithms.
@@ -40,7 +40,7 @@
     public final static String PROPERTY_TLS_LEGACY_ALGS =
             "jdk.tls.legacyAlgorithms";
 
-    private final String[] legacyAlgorithms;
+    private final List<String> legacyAlgorithms;
 
     public LegacyAlgorithmConstraints(String propertyName,
             AlgorithmDecomposer decomposer) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/util/NamedCurve.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.spec.*;
+
+
+/**
+ * Contains Elliptic Curve parameters.
+ *
+ * @since   1.6
+ * @author  Andreas Sterbenz
+ */
+public final class NamedCurve extends ECParameterSpec {
+
+    // friendly name for toString() output
+    private final String name;
+
+    // well known OID
+    private final String oid;
+
+    // encoded form (as NamedCurve identified via OID)
+    private final byte[] encoded;
+
+    NamedCurve(String name, String oid, EllipticCurve curve,
+            ECPoint g, BigInteger n, int h) {
+        super(curve, g, n, h);
+        this.name = name;
+        this.oid = oid;
+
+        DerOutputStream out = new DerOutputStream();
+
+        try {
+            out.putOID(new ObjectIdentifier(oid));
+        } catch (IOException e) {
+            throw new RuntimeException("Internal error", e);
+        }
+
+        encoded = out.toByteArray();
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public byte[] getEncoded() {
+        return encoded.clone();
+    }
+
+    public String getObjectId() {
+        return oid;
+    }
+
+    public String toString() {
+        return name + " (" + oid + ")";
+    }
+}
--- a/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java	Mon Apr 19 04:23:30 2021 +0100
@@ -83,7 +83,7 @@
     private final ZipPath defaultdir;
     private boolean readOnly = false;
     private final Path zfpath;
-    private final ZipCoder zc;
+    final ZipCoder zc;
 
     // configurable by env map
     private final String  defaultDir;    // default dir for the file system
@@ -183,7 +183,7 @@
             }
             path = sb.toString();
         }
-        return new ZipPath(this, getBytes(path));
+        return new ZipPath(this, path);
     }
 
     @Override
--- a/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipPath.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipPath.java	Mon Apr 19 04:23:30 2021 +0100
@@ -67,13 +67,28 @@
         this(zfs, path, false);
     }
 
-    ZipPath(ZipFileSystem zfs, byte[] path, boolean normalized)
-    {
+    ZipPath(ZipFileSystem zfs, byte[] path, boolean normalized) {
         this.zfs = zfs;
-        if (normalized)
+        if (normalized) {
             this.path = path;
-        else
+        } else {
+            if (zfs.zc.isUTF8()) {
+                this.path = normalize(path);
+            } else {
+                // see normalize(String);
+                this.path = normalize(zfs.getString(path));
+            }
+        }
+    }
+
+    ZipPath(ZipFileSystem zfs, String path) {
+        this.zfs = zfs;
+        if (zfs.zc.isUTF8()) {
+            this.path = normalize(zfs.getBytes(path));
+        } else {
+            // see normalize(String);
             this.path = normalize(path);
+        }
     }
 
     @Override
@@ -478,6 +493,50 @@
         return (m == to.length)? to : Arrays.copyOf(to, m);
     }
 
+    // if zfs is NOT in utf8, normalize the path as "String"
+    // to avoid incorrectly normalizing byte '0x5c' (as '\')
+    // to '/'.
+    private byte[] normalize(String path) {
+        int len = path.length();
+        if (len == 0)
+            return new byte[0];
+        char prevC = 0;
+        for (int i = 0; i < len; i++) {
+            char c = path.charAt(i);
+            if (c == '\\' || c == '\u0000')
+                return normalize(path, i, len);
+            if (c == '/' && prevC == '/')
+                return normalize(path, i - 1, len);
+            prevC = c;
+        }
+        if (len > 1 && prevC == '/')
+            path = path.substring(0, len - 1);
+        return zfs.getBytes(path);
+    }
+
+    private byte[] normalize(String path, int off, int len) {
+        StringBuilder to = new StringBuilder(len);
+        to.append(path, 0, off);
+        int m = off;
+        char prevC = 0;
+        while (off < len) {
+            char c = path.charAt(off++);
+            if (c == '\\')
+                c = '/';
+            if (c == '/' && prevC == '/')
+                continue;
+            if (c == '\u0000')
+                throw new InvalidPathException(path,
+                                               "Path: nul character not allowed");
+            to.append(c);
+            prevC = c;
+        }
+        len = to.length();
+        if (len > 1 && prevC == '/')
+            to.delete(len -1, len);
+        return zfs.getBytes(to.toString());
+    }
+
     // Remove DotSlash(./) and resolve DotDot (..) components
     private byte[] getResolved() {
         if (path.length == 0)
--- a/src/share/lib/security/java.security-aix	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/lib/security/java.security-aix	Mon Apr 19 04:23:30 2021 +0100
@@ -459,6 +459,22 @@
 sun.security.krb5.maxReferrals=5
 
 #
+# This property contains a list of disabled EC Named Curves that can be included
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
+# list in any of the disabledAlgorithms properties, add the property name as
+# an entry.
+jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+
+#
 # Algorithm restrictions for certification path (CertPath) processing
 #
 # In some environments, certain algorithms or key lengths may be undesirable
@@ -472,7 +488,7 @@
 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 #
 #   DisabledAlgorithm:
-#       AlgorithmName [Constraint] { '&' Constraint }
+#       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 #
 #   AlgorithmName:
 #       (see below)
@@ -499,6 +515,9 @@
 #   UsageConstraint:
 #       usage [TLSServer] [TLSClient] [SignedJAR]
 #
+#   IncludeProperty:
+#       include <security property>
+#
 # The "AlgorithmName" is the standard algorithm name of the disabled
 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 # Documentation" for information about Standard Algorithm Names.  Matching
@@ -511,6 +530,14 @@
 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 # will not disable algorithms related to "ECDSA".
 #
+# The "IncludeProperty" allows a implementation-defined security property that
+# can be included in the disabledAlgorithms properties.  These properties are
+# to help manage common actions easier across multiple disabledAlgorithm
+# properties.
+# There is one defined security property:  jdk.disabled.NamedCurves
+# See the property for more specific details.
+#
+#
 # A "Constraint" defines restrictions on the keys and/or certificates for
 # a specified AlgorithmName:
 #
@@ -583,7 +610,28 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    include jdk.disabled.namedCurves
+
+#
+# Legacy algorithms for certification path (CertPath) processing and
+# signed JAR files.
+#
+# In some environments, a certain algorithm or key length may be undesirable
+# but is not yet disabled.
+#
+# Tools such as keytool and jarsigner may emit warnings when these legacy
+# algorithms are used. See the man pages for those tools for more information.
+#
+# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
+# "jdk.jar.disabledAlgorithms" security properties.
+#
+# Note: This property is currently used by the JDK Reference
+# implementation. It is not guaranteed to be examined and used by other
+# implementations.
+
+jdk.security.legacyAlgorithms=SHA1, \
+    RSA keySize < 2048, DSA keySize < 2048
 
 #
 # Algorithm restrictions for signed JAR files
@@ -626,7 +674,8 @@
 #
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -658,8 +707,9 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    include jdk.disabled.namedCurves
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-linux	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/lib/security/java.security-linux	Mon Apr 19 04:23:30 2021 +0100
@@ -459,6 +459,22 @@
 sun.security.krb5.maxReferrals=5
 
 #
+# This property contains a list of disabled EC Named Curves that can be included
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
+# list in any of the disabledAlgorithms properties, add the property name as
+# an entry.
+jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+
+#
 # Algorithm restrictions for certification path (CertPath) processing
 #
 # In some environments, certain algorithms or key lengths may be undesirable
@@ -472,7 +488,7 @@
 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 #
 #   DisabledAlgorithm:
-#       AlgorithmName [Constraint] { '&' Constraint }
+#       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 #
 #   AlgorithmName:
 #       (see below)
@@ -499,6 +515,9 @@
 #   UsageConstraint:
 #       usage [TLSServer] [TLSClient] [SignedJAR]
 #
+#   IncludeProperty:
+#       include <security property>
+#
 # The "AlgorithmName" is the standard algorithm name of the disabled
 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 # Documentation" for information about Standard Algorithm Names.  Matching
@@ -511,6 +530,14 @@
 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 # will not disable algorithms related to "ECDSA".
 #
+# The "IncludeProperty" allows a implementation-defined security property that
+# can be included in the disabledAlgorithms properties.  These properties are
+# to help manage common actions easier across multiple disabledAlgorithm
+# properties.
+# There is one defined security property:  jdk.disabled.NamedCurves
+# See the property for more specific details.
+#
+#
 # A "Constraint" defines restrictions on the keys and/or certificates for
 # a specified AlgorithmName:
 #
@@ -583,7 +610,28 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    include jdk.disabled.namedCurves
+
+#
+# Legacy algorithms for certification path (CertPath) processing and
+# signed JAR files.
+#
+# In some environments, a certain algorithm or key length may be undesirable
+# but is not yet disabled.
+#
+# Tools such as keytool and jarsigner may emit warnings when these legacy
+# algorithms are used. See the man pages for those tools for more information.
+#
+# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
+# "jdk.jar.disabledAlgorithms" security properties.
+#
+# Note: This property is currently used by the JDK Reference
+# implementation. It is not guaranteed to be examined and used by other
+# implementations.
+
+jdk.security.legacyAlgorithms=SHA1, \
+    RSA keySize < 2048, DSA keySize < 2048
 
 #
 # Algorithm restrictions for signed JAR files
@@ -626,7 +674,8 @@
 #
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -658,8 +707,9 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    include jdk.disabled.namedCurves
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-macosx	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/lib/security/java.security-macosx	Mon Apr 19 04:23:30 2021 +0100
@@ -462,6 +462,22 @@
 sun.security.krb5.maxReferrals=5
 
 #
+# This property contains a list of disabled EC Named Curves that can be included
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
+# list in any of the disabledAlgorithms properties, add the property name as
+# an entry.
+jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+
+#
 # Algorithm restrictions for certification path (CertPath) processing
 #
 # In some environments, certain algorithms or key lengths may be undesirable
@@ -475,7 +491,7 @@
 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 #
 #   DisabledAlgorithm:
-#       AlgorithmName [Constraint] { '&' Constraint }
+#       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 #
 #   AlgorithmName:
 #       (see below)
@@ -502,6 +518,9 @@
 #   UsageConstraint:
 #       usage [TLSServer] [TLSClient] [SignedJAR]
 #
+#   IncludeProperty:
+#       include <security property>
+#
 # The "AlgorithmName" is the standard algorithm name of the disabled
 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 # Documentation" for information about Standard Algorithm Names.  Matching
@@ -514,6 +533,14 @@
 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 # will not disable algorithms related to "ECDSA".
 #
+# The "IncludeProperty" allows a implementation-defined security property that
+# can be included in the disabledAlgorithms properties.  These properties are
+# to help manage common actions easier across multiple disabledAlgorithm
+# properties.
+# There is one defined security property:  jdk.disabled.NamedCurves
+# See the property for more specific details.
+#
+#
 # A "Constraint" defines restrictions on the keys and/or certificates for
 # a specified AlgorithmName:
 #
@@ -586,7 +613,28 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    include jdk.disabled.namedCurves
+
+#
+# Legacy algorithms for certification path (CertPath) processing and
+# signed JAR files.
+#
+# In some environments, a certain algorithm or key length may be undesirable
+# but is not yet disabled.
+#
+# Tools such as keytool and jarsigner may emit warnings when these legacy
+# algorithms are used. See the man pages for those tools for more information.
+#
+# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
+# "jdk.jar.disabledAlgorithms" security properties.
+#
+# Note: This property is currently used by the JDK Reference
+# implementation. It is not guaranteed to be examined and used by other
+# implementations.
+
+jdk.security.legacyAlgorithms=SHA1, \
+    RSA keySize < 2048, DSA keySize < 2048
 
 #
 # Algorithm restrictions for signed JAR files
@@ -629,7 +677,8 @@
 #
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -661,8 +710,9 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    include jdk.disabled.namedCurves
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-solaris	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/lib/security/java.security-solaris	Mon Apr 19 04:23:30 2021 +0100
@@ -460,6 +460,22 @@
 sun.security.krb5.maxReferrals=5
 
 #
+# This property contains a list of disabled EC Named Curves that can be included
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
+# list in any of the disabledAlgorithms properties, add the property name as
+# an entry.
+jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+
+#
 # Algorithm restrictions for certification path (CertPath) processing
 #
 # In some environments, certain algorithms or key lengths may be undesirable
@@ -473,7 +489,7 @@
 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 #
 #   DisabledAlgorithm:
-#       AlgorithmName [Constraint] { '&' Constraint }
+#       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 #
 #   AlgorithmName:
 #       (see below)
@@ -500,6 +516,9 @@
 #   UsageConstraint:
 #       usage [TLSServer] [TLSClient] [SignedJAR]
 #
+#   IncludeProperty:
+#       include <security property>
+#
 # The "AlgorithmName" is the standard algorithm name of the disabled
 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 # Documentation" for information about Standard Algorithm Names.  Matching
@@ -512,6 +531,14 @@
 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 # will not disable algorithms related to "ECDSA".
 #
+# The "IncludeProperty" allows a implementation-defined security property that
+# can be included in the disabledAlgorithms properties.  These properties are
+# to help manage common actions easier across multiple disabledAlgorithm
+# properties.
+# There is one defined security property:  jdk.disabled.NamedCurves
+# See the property for more specific details.
+#
+#
 # A "Constraint" defines restrictions on the keys and/or certificates for
 # a specified AlgorithmName:
 #
@@ -584,7 +611,28 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    include jdk.disabled.namedCurves
+
+#
+# Legacy algorithms for certification path (CertPath) processing and
+# signed JAR files.
+#
+# In some environments, a certain algorithm or key length may be undesirable
+# but is not yet disabled.
+#
+# Tools such as keytool and jarsigner may emit warnings when these legacy
+# algorithms are used. See the man pages for those tools for more information.
+#
+# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
+# "jdk.jar.disabledAlgorithms" security properties.
+#
+# Note: This property is currently used by the JDK Reference
+# implementation. It is not guaranteed to be examined and used by other
+# implementations.
+
+jdk.security.legacyAlgorithms=SHA1, \
+    RSA keySize < 2048, DSA keySize < 2048
 
 #
 # Algorithm restrictions for signed JAR files
@@ -627,7 +675,8 @@
 #
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -659,8 +708,9 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    include jdk.disabled.namedCurves
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-windows	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/lib/security/java.security-windows	Mon Apr 19 04:23:30 2021 +0100
@@ -462,6 +462,22 @@
 sun.security.krb5.maxReferrals=5
 
 #
+# This property contains a list of disabled EC Named Curves that can be included
+# in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
+# list in any of the disabledAlgorithms properties, add the property name as
+# an entry.
+jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+
+#
 # Algorithm restrictions for certification path (CertPath) processing
 #
 # In some environments, certain algorithms or key lengths may be undesirable
@@ -475,7 +491,7 @@
 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 #
 #   DisabledAlgorithm:
-#       AlgorithmName [Constraint] { '&' Constraint }
+#       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 #
 #   AlgorithmName:
 #       (see below)
@@ -502,6 +518,9 @@
 #   UsageConstraint:
 #       usage [TLSServer] [TLSClient] [SignedJAR]
 #
+#   IncludeProperty:
+#       include <security property>
+#
 # The "AlgorithmName" is the standard algorithm name of the disabled
 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 # Documentation" for information about Standard Algorithm Names.  Matching
@@ -514,6 +533,14 @@
 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 # will not disable algorithms related to "ECDSA".
 #
+# The "IncludeProperty" allows a implementation-defined security property that
+# can be included in the disabledAlgorithms properties.  These properties are
+# to help manage common actions easier across multiple disabledAlgorithm
+# properties.
+# There is one defined security property:  jdk.disabled.NamedCurves
+# See the property for more specific details.
+#
+#
 # A "Constraint" defines restrictions on the keys and/or certificates for
 # a specified AlgorithmName:
 #
@@ -586,7 +613,28 @@
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    include jdk.disabled.namedCurves
+
+#
+# Legacy algorithms for certification path (CertPath) processing and
+# signed JAR files.
+#
+# In some environments, a certain algorithm or key length may be undesirable
+# but is not yet disabled.
+#
+# Tools such as keytool and jarsigner may emit warnings when these legacy
+# algorithms are used. See the man pages for those tools for more information.
+#
+# The syntax is the same as the "jdk.certpath.disabledAlgorithms" and
+# "jdk.jar.disabledAlgorithms" security properties.
+#
+# Note: This property is currently used by the JDK Reference
+# implementation. It is not guaranteed to be examined and used by other
+# implementations.
+
+jdk.security.legacyAlgorithms=SHA1, \
+    RSA keySize < 2048, DSA keySize < 2048
 
 #
 # Algorithm restrictions for signed JAR files
@@ -629,7 +677,8 @@
 #
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
-jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
+      DSA keySize < 1024, include jdk.disabled.namedCurves
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
@@ -661,8 +710,9 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    include jdk.disabled.namedCurves
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
--- a/src/share/native/sun/font/freetypeScaler.c	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/share/native/sun/font/freetypeScaler.c	Mon Apr 19 04:23:30 2021 +0100
@@ -271,7 +271,7 @@
     const char* property = "interpreter-version";
 
     /* If some one is setting this, don't override it */
-    if (props != NULL && strstr(property, props)) {
+    if (props != NULL && strstr(props, property)) {
         return;
     }
     /*
--- a/src/solaris/classes/sun/awt/X11/XFramePeer.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/solaris/classes/sun/awt/X11/XFramePeer.java	Mon Apr 19 04:23:30 2021 +0100
@@ -339,6 +339,13 @@
             }
         }
         handleStateChange(old_state, state);
+
+        // RepaintManager does not repaint iconified windows. Window needs to be
+        // repainted explicitly, when it is deiconified.
+        if (((changed & Frame.ICONIFIED) != 0) &&
+            ((state & Frame.ICONIFIED) == 0)) {
+            repaint();
+        }
     }
 
     // NOTE: This method may be called by privileged threads.
--- a/src/windows/classes/sun/awt/windows/WWindowPeer.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/classes/sun/awt/windows/WWindowPeer.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -351,6 +351,40 @@
         }
     }
 
+    private void notifyWindowStateChanged(int oldState, int newState) {
+        int changed = oldState ^ newState;
+        if (changed == 0) {
+            return;
+        }
+        if (log.isLoggable(PlatformLogger.Level.FINE)) {
+            log.fine("Reporting state change %x -> %x", oldState, newState);
+        }
+
+        if (target instanceof Frame) {
+            // Sync target with peer.
+            AWTAccessor.getFrameAccessor().setExtendedState((Frame) target,
+                newState);
+        }
+
+        // Report (de)iconification to old clients.
+        if ((changed & Frame.ICONIFIED) > 0) {
+            if ((newState & Frame.ICONIFIED) > 0) {
+                postEvent(new TimedWindowEvent((Window) target,
+                        WindowEvent.WINDOW_ICONIFIED, null, 0, 0,
+                        System.currentTimeMillis()));
+            } else {
+                postEvent(new TimedWindowEvent((Window) target,
+                        WindowEvent.WINDOW_DEICONIFIED, null, 0, 0,
+                        System.currentTimeMillis()));
+            }
+        }
+
+        // New (since 1.4) state change event.
+        postEvent(new TimedWindowEvent((Window) target,
+                WindowEvent.WINDOW_STATE_CHANGED, null, oldState, newState,
+                System.currentTimeMillis()));
+    }
+
     synchronized void addWindowListener(WindowListener l) {
         windowListener = AWTEventMulticaster.add(windowListener, l);
     }
--- a/src/windows/native/sun/bridge/WinAccessBridge.cpp	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/bridge/WinAccessBridge.cpp	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -168,7 +168,7 @@
      * Our window proc
      *
      */
-    BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message, UINT wParam, LONG lParam) {
+    BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) {
         COPYDATASTRUCT *sentToUs;
         char *package;
 
@@ -296,7 +296,7 @@
 
     PrintDebugString("[INFO]:   finished deleting eventHandler, messageQueue, and javaVMs");
     PrintDebugString("[INFO]: GOODBYE CRUEL WORLD...");
-
+    finalizeFileLogger();
     DestroyWindow(theDialogWindow);
 }
 
--- a/src/windows/native/sun/bridge/WinAccessBridge.h	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/bridge/WinAccessBridge.h	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,15 +43,10 @@
                         LPVOID lpvReserved);
     void AppendToCallOutput(char *s);
     BOOL CALLBACK AccessBridgeDialogProc(HWND hDlg, UINT message,
-                                         UINT wParam, LONG lParam);
+                                         WPARAM wParam, LPARAM lParam);
     HWND getTopLevelHWND(HWND descendent);
 }
 
-LRESULT CALLBACK WinAccessBridgeWindowProc(HWND hWnd, UINT message,
-                                           UINT wParam, LONG lParam);
-
-BOOL CALLBACK DeleteItemProc(HWND hwndDlg, UINT message, WPARAM wParam, LPARAM lParam);
-
 /**
  * The WinAccessBridge class.  The core of the Windows AT AccessBridge dll
  */
--- a/src/windows/native/sun/windows/awt_Frame.cpp	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/windows/awt_Frame.cpp	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -99,7 +99,6 @@
 
 jfieldID AwtFrame::undecoratedID;
 jmethodID AwtFrame::getExtendedStateMID;
-jmethodID AwtFrame::setExtendedStateMID;
 
 jmethodID AwtFrame::activateEmbeddingTopLevelMID;
 jfieldID AwtFrame::isEmbeddedInIEID;
@@ -811,13 +810,6 @@
 }
 
 void
-AwtFrame::SendWindowStateEvent(int oldState, int newState)
-{
-    SendWindowEvent(java_awt_event_WindowEvent_WINDOW_STATE_CHANGED,
-                    NULL, oldState, newState);
-}
-
-void
 AwtFrame::ClearMaximizedBounds()
 {
     m_maxBoundsSet = FALSE;
@@ -955,24 +947,7 @@
 
     jint changed = oldState ^ newState;
     if (changed != 0) {
-        DTRACE_PRINTLN2("AwtFrame::WmSize: reporting state change %x -> %x",
-                oldState, newState);
-
-        // sync target with peer
-        JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
-        env->CallVoidMethod(GetPeer(env), AwtFrame::setExtendedStateMID, newState);
-
-        // report (de)iconification to old clients
-        if (changed & java_awt_Frame_ICONIFIED) {
-            if (newState & java_awt_Frame_ICONIFIED) {
-                SendWindowEvent(java_awt_event_WindowEvent_WINDOW_ICONIFIED);
-            } else {
-                SendWindowEvent(java_awt_event_WindowEvent_WINDOW_DEICONIFIED);
-            }
-        }
-
-        // New (since 1.4) state change event
-        SendWindowStateEvent(oldState, newState);
+        NotifyWindowStateChanged(oldState, newState);
     }
 
     // If window is in iconic state, do not send COMPONENT_RESIZED event
@@ -1679,10 +1654,6 @@
 {
     TRY;
 
-    AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V");
-    DASSERT(AwtFrame::setExtendedStateMID);
-    CHECK_NULL(AwtFrame::setExtendedStateMID);
-
     AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I");
     DASSERT(AwtFrame::getExtendedStateMID);
 
--- a/src/windows/native/sun/windows/awt_Frame.h	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/windows/awt_Frame.h	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,6 @@
     /* sun.awt.windows.WEmbeddedFrame fields and method IDs */
     static jfieldID handleID;
 
-    static jmethodID setExtendedStateMID;
     static jmethodID getExtendedStateMID;
 
     /* method id for WEmbeddedFrame.requestActivate() method */
@@ -88,8 +87,6 @@
     INLINE BOOL isZoomed() { return m_zoomed; }
     INLINE void setZoomed(BOOL b) { m_zoomed = b; }
 
-    void SendWindowStateEvent(int oldState, int newState);
-
     void Show();
 
     INLINE void DrawMenuBar() { VERIFY(::DrawMenuBar(GetHWnd())); }
--- a/src/windows/native/sun/windows/awt_Toolkit.cpp	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/windows/awt_Toolkit.cpp	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -3143,10 +3143,22 @@
  * instead of SendMessage().
  */
 LRESULT AwtToolkit::InvokeInputMethodFunction(UINT msg, WPARAM wParam, LPARAM lParam) {
+    /*
+     * DND runs on the main thread. So it is  necessary to use SendMessage() to call an IME
+     * function once the DND is active; otherwise a hang is possible since DND may wait for
+     * the IME completion.
+     */
     CriticalSection::Lock lock(m_inputMethodLock);
-    if (PostMessage(msg, wParam, lParam)) {
-        ::WaitForSingleObject(m_inputMethodWaitEvent, INFINITE);
+    if (isInDoDragDropLoop) {
+        SendMessage(msg, wParam, lParam);
+        ::ResetEvent(m_inputMethodWaitEvent);
         return m_inputMethodData;
+    } else {
+        if (PostMessage(msg, wParam, lParam)) {
+            ::WaitForSingleObject(m_inputMethodWaitEvent, INFINITE);
+            return m_inputMethodData;
+        }
+        return 0;
     }
-    return 0;
 }
+
--- a/src/windows/native/sun/windows/awt_Window.cpp	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/windows/awt_Window.cpp	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -168,6 +168,7 @@
 jfieldID AwtWindow::sysWID;
 jfieldID AwtWindow::sysHID;
 jfieldID AwtWindow::windowTypeID;
+jmethodID AwtWindow::notifyWindowStateChangedMID;
 
 jmethodID AwtWindow::getWarningStringMID;
 jmethodID AwtWindow::calculateSecurityWarningPositionMID;
@@ -1614,6 +1615,16 @@
     env->DeleteLocalRef(event);
 }
 
+void AwtWindow::NotifyWindowStateChanged(jint oldState, jint newState)
+{
+    JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
+    jobject peer = GetPeer(env);
+    if (peer != NULL) {
+        env->CallVoidMethod(peer, AwtWindow::notifyWindowStateChangedMID,
+            oldState, newState);
+    }
+}
+
 BOOL AwtWindow::AwtSetActiveWindow(BOOL isMouseEventCause, UINT hittest)
 {
     // We used to reject non mouse window activation if our app wasn't active.
@@ -3230,6 +3241,11 @@
     AwtWindow::windowTypeID = env->GetFieldID(cls, "windowType",
             "Ljava/awt/Window$Type;");
 
+    AwtWindow::notifyWindowStateChangedMID =
+        env->GetMethodID(cls, "notifyWindowStateChanged", "(II)V");
+    DASSERT(AwtWindow::notifyWindowStateChangedMID);
+    CHECK_NULL(AwtWindow::notifyWindowStateChangedMID);
+
     CATCH_BAD_ALLOC;
 }
 
--- a/src/windows/native/sun/windows/awt_Window.h	Fri Feb 05 20:19:32 2021 +0000
+++ b/src/windows/native/sun/windows/awt_Window.h	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,7 @@
     static jfieldID securityWarningWidthID;
     static jfieldID securityWarningHeightID;
 
+    /* sun.awt.windows.WWindowPeer field and method IDs */
     // The coordinates at the peer.
     static jfieldID sysXID;
     static jfieldID sysYID;
@@ -64,7 +65,9 @@
     static jfieldID sysHID;
 
     static jfieldID windowTypeID;
+    static jmethodID notifyWindowStateChangedMID;
 
+    /* java.awt.Window method IDs */
     static jmethodID getWarningStringMID;
     static jmethodID calculateSecurityWarningPositionMID;
     static jmethodID windowTypeNameMID;
@@ -149,6 +152,7 @@
     void SendComponentEvent(jint eventId);
     void SendWindowEvent(jint id, HWND opposite = NULL,
                          jint oldState = 0, jint newState = 0);
+    void NotifyWindowStateChanged(jint oldState, jint newState);
 
     BOOL IsFocusableWindow();
 
--- a/test/ProblemList.txt	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/ProblemList.txt	Mon Apr 19 04:23:30 2021 +0100
@@ -122,6 +122,12 @@
 
 # jdk_beans
 
+# 8060027
+java/beans/XMLEncoder/Test4903007.java                        generic-all
+java/beans/XMLEncoder/java_awt_GridBagLayout.java             generic-all
+java/beans/XMLDecoder/8028054/TestConstructorFinder.java      generic-all
+java/beans/XMLDecoder/8028054/TestMethodFinder.java           generic-all
+
 ############################################################################
 
 # jdk_lang
@@ -332,6 +338,9 @@
 
 javax/sound/sampled/Mixers/DisabledAssertionCrash.java 7067310 generic-all
 
+# 8059743
+javax/sound/midi/Gervill/SoftProvider/GetDevice.java            generic-all
+
 ############################################################################
 
 # jdk_swing
--- a/test/com/sun/java/swing/plaf/windows/Test8173145.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/com/sun/java/swing/plaf/windows/Test8173145.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,39 +22,56 @@
  */
 
 /* @test
+   @key headful
    @bug 8173145
+   @requires (os.family == "windows")
    @summary Menu is activated after using mnemonic Alt/Key combination
-   @modules java.desktop/com.sun.java.swing.plaf.windows
    @run main Test8173145
 */
 
-import java.awt.*;
+import java.awt.AWTException;
+import java.awt.Component;
+import java.awt.KeyboardFocusManager;
+import java.awt.Robot;
 import java.awt.event.KeyEvent;
 import java.lang.reflect.InvocationTargetException;
 
-import javax.swing.*;
+import javax.swing.JButton;
+import javax.swing.JFrame;
+import javax.swing.JMenu;
+import javax.swing.JMenuBar;
+import javax.swing.JMenuItem;
+import javax.swing.JPanel;
+import javax.swing.JTextField;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
 
 public class Test8173145 {
 
     private volatile static JButton btn;
+    private volatile static JFrame f;
     private volatile static boolean uiCreated;
 
     public static void main(String[] args) throws InvocationTargetException, InterruptedException, AWTException {
-        SwingUtilities.invokeAndWait(new Runnable() {
-            @Override
-            public void run() {
-                try {
-                    uiCreated = createGUI();
-                } catch (Exception e) {
-                    e.printStackTrace();
+        try {
+            SwingUtilities.invokeAndWait(new Runnable() {
+                @Override
+                public void run() {
+                    try {
+                        uiCreated = createGUI();
+                    } catch (Exception e) {
+                        throw new RuntimeException(e);
+                    }
                 }
-            }
-        });
+            });
 
-        if (uiCreated) {
-            test();
-        } else {
-            //no windows l&f, skip the test
+            if (uiCreated) {
+                test();
+            } else {
+                //no windows l&f, skip the test
+            }
+        }finally {
+            SwingUtilities.invokeAndWait(() -> f.dispose());
         }
     }
 
@@ -65,13 +82,14 @@
         } catch (AWTException e) {
             throw new RuntimeException(e);
         }
-        robot.setAutoDelay(100);
+        robot.setAutoDelay(150);
         robot.waitForIdle();
 
         robot.keyPress(KeyEvent.VK_ALT);
         robot.keyPress(KeyEvent.VK_M);
         robot.keyRelease(KeyEvent.VK_M);
         robot.keyRelease(KeyEvent.VK_ALT);
+        robot.waitForIdle();
 
         Component focusOwner = KeyboardFocusManager.getCurrentKeyboardFocusManager().getFocusOwner();
 
@@ -86,7 +104,7 @@
         } catch (Exception e) {
             return false;
         }
-        JFrame f = new JFrame();
+        f = new JFrame();
 
         JPanel panel = new JPanel();
         btn = new JButton("Mmmmm");
@@ -102,6 +120,7 @@
         f.add(panel);
         f.pack();
         f.setVisible(true);
+        f.setLocationRelativeTo(null);
         tf.requestFocus();
         return true;
     }
--- a/test/demo/zipfs/ZFSTests.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/demo/zipfs/ZFSTests.java	Mon Apr 19 04:23:30 2021 +0100
@@ -22,7 +22,7 @@
  */
 
 /* @test
-   @bug 7156873 8028480 8034773
+   @bug 7156873 8028480 8034773 8061777
    @summary ZipFileSystem regression tests
  */
 
@@ -38,6 +38,7 @@
 
     public static void main(String[] args) throws Throwable {
         test7156873();
+        test8061777();
         testOpenOptions();
     }
 
@@ -57,6 +58,34 @@
         }
     }
 
+    static void test8061777() throws Throwable {
+        Path path = Paths.get("file.zip");
+        try {
+            URI uri = URI.create("jar:" + path.toUri());
+            Map<String, Object> env = new HashMap<String, Object>();
+            env.put("create", "true");
+            env.put("encoding", "Shift_JIS");
+            try (FileSystem fs = FileSystems.newFileSystem(uri, env)) {
+                FileSystemProvider fsp = fs.provider();
+                Path p = fs.getPath("/\u8868\u7533.txt");  // 0x95 0x5c 0x90 0x5c
+                try (OutputStream os = fsp.newOutputStream(p)) {
+                    os.write("Hello!".getBytes("ASCII"));
+                }
+                Path dir = fs.getPath("/");
+                Files.list(dir)
+                     .forEach( child -> {
+                             System.out.println("child:" + child);
+                             if (!child.toString().equals(p.toString()))
+                                 throw new RuntimeException("wrong path name created");
+                          });
+                if (!"Hello!".equals(new String(Files.readAllBytes(p), "ASCII")))
+                    throw new RuntimeException("wrong content in newly created file");
+            }
+        } finally {
+            Files.deleteIfExists(path);
+        }
+    }
+
     static void testOpenOptions() throws Throwable {
         Path path = Paths.get("file.zip");
         try {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,45 @@
+<!--
+ Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+
+ This code is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License version 2 only, as
+ published by the Free Software Foundation.
+
+ This code is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ version 2 for more details (a copy is included in the LICENSE file that
+ accompanied this code).
+
+ You should have received a copy of the GNU General Public License version
+ 2 along with this work; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ or visit www.oracle.com if you need additional information or have any
+ questions.
+-->
+<html>
+<!--
+  @test
+  @bug 6200670
+  @summary MouseMoved events are triggered by Choice when mouse is moved outside the component, XToolkit
+  @library ../../regtesthelpers/
+  @author andrei.dmitriev area=choice
+  @build Util
+  @run applet PopdownGeneratesMouseEvents.html
+  -->
+<head>
+<title>  </title>
+</head>
+<body>
+
+<h1>PopdownGeneratesMouseEvents<br>Bug ID: 6200670 </h1>
+
+<p> This is an AUTOMATIC test, simply wait for completion </p>
+
+<APPLET CODE="PopdownGeneratesMouseEvents.class" WIDTH=200 HEIGHT=200></APPLET>
+</body>
+</html>
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+  test
+  @bug 6200670
+  @summary MouseMoved events are triggered by Choice when mouse is moved outside the component, XToolkit
+  @library ../../regtesthelpers/
+  @author andrei.dmitriev area=choice
+  @build Util
+  @run applet PopdownGeneratesMouseEvents.html
+*/
+
+import test.java.awt.regtesthelpers.Util;
+
+import java.applet.Applet;
+import java.awt.*;
+import java.awt.event.*;
+
+public class PopdownGeneratesMouseEvents extends Applet {
+    private volatile Robot robot;
+    private final Choice choice1 = new Choice();
+
+    private volatile MouseMotionHandler mmh;
+
+    public void init() {
+        for (int i = 1; i < 10; i++) {
+            choice1.add("item-0" + i);
+        }
+        choice1.setForeground(Color.RED);
+        choice1.setBackground(Color.RED);
+        mmh = new MouseMotionHandler();
+        choice1.addMouseMotionListener(mmh);
+        Button b1 = new Button("FirstButton");
+        Button b2 = new Button("SecondButton");
+        add(b1);
+        add(choice1);
+        add(b2);
+        setLayout (new FlowLayout());
+    }
+
+    public void start() {
+        setSize(300, 200);
+        setVisible(true);
+        validate();
+        String toolkit = Toolkit.getDefaultToolkit().getClass().getName();
+
+        /*
+         * Choice should not generate MouseEvents outside of Choice
+         * Test for XAWT only.
+         */
+        try{
+            robot = new Robot();
+            robot.setAutoWaitForIdle(true);
+            robot.setAutoDelay(50);
+
+            if (toolkit.equals("sun.awt.X11.XToolkit")) {
+                testMouseMoveOutside();
+            } else {
+                System.out.println("This test is for XToolkit only. Now using "
+                                        + toolkit + ". Automatically passed.");
+                return;
+            }
+        } catch (Throwable e) {
+            throw new RuntimeException("Test failed. Exception thrown: " + e);
+        }
+        System.out.println("Passed : Choice should not generate MouseEvents outside of Choice.");
+    }
+
+    private void testMouseMoveOutside() {
+        waitForIdle();
+        Point pt = choice1.getLocationOnScreen();
+        robot.mouseMove(pt.x + choice1.getWidth() / 2, pt.y + choice1.getHeight() / 2);
+        waitForIdle();
+        robot.mousePress(InputEvent.BUTTON1_MASK);
+        robot.mouseRelease(InputEvent.BUTTON1_MASK);
+        waitForIdle();
+
+        Color color = robot.getPixelColor(pt.x + choice1.getWidth() / 2,
+                                          pt.y + 3 * choice1.getHeight());
+        if (!color.equals(Color.RED)) {
+            throw new RuntimeException("Choice wasn't opened with LEFTMOUSE button");
+        }
+
+        pt = getLocationOnScreen();
+        robot.mouseMove(pt.x + getWidth() * 2, pt.y + getHeight() * 2);
+        mmh.testStarted = true;
+
+        int x0 = pt.x + getWidth() * 3 / 2;
+        int y0 = pt.y + getHeight() * 3 / 2;
+        int x1 = pt.x + getWidth() * 2;
+        int y1 = pt.y + getHeight() * 2;
+
+        Util.mouseMove(robot, new Point(x0, y0), new Point(x1, y0));
+        Util.mouseMove(robot, new Point(x1, y0), new Point(x1, y1));
+
+        waitForIdle();
+        //close opened choice
+        robot.keyPress(KeyEvent.VK_ESCAPE);
+        robot.keyRelease(KeyEvent.VK_ESCAPE);
+    }
+
+    private void waitForIdle() {
+        Util.waitForIdle(robot);
+        robot.delay(500);
+    }
+}
+
+class MouseMotionHandler extends MouseMotionAdapter {
+    public volatile boolean testStarted;
+    public void mouseMoved(MouseEvent ke) {
+        if (testStarted) {
+            throw new RuntimeException("Test failed: Choice generated MouseMove events while moving mouse outside of Choice");
+        }
+    }
+    public void mouseDragged(MouseEvent ke) {
+    }
+}
--- a/test/java/awt/FontClass/DebugFonts.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/awt/FontClass/DebugFonts.java	Mon Apr 19 04:23:30 2021 +0100
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4956241 80769790
+ * @bug 4956241 8076979 8080953
  * @summary NPE debugging fonts
  * @run main/othervm DebugFonts
  */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/FullScreen/NonExistentDisplayModeTest/NonExistentDisplayModeTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.DisplayMode;
+import java.awt.Frame;
+import java.awt.GraphicsDevice;
+import java.util.ArrayList;
+import java.util.Random;
+
+import static java.awt.DisplayMode.REFRESH_RATE_UNKNOWN;
+
+/**
+ * @test
+ * @bug 6430607
+ * @summary Test that we throw an exception for incorrect display modes
+ * @author Dmitri.Trembovetski@Sun.COM area=FullScreen
+ * @run main/othervm NonExistentDisplayModeTest
+ * @run main/othervm -Dsun.java2d.noddraw=true NonExistentDisplayModeTest
+ * @run main/othervm -Dsun.java2d.opengl=true NonExistentDisplayModeTest
+ */
+public class NonExistentDisplayModeTest {
+
+    public static void main(String[] args) {
+        new NonExistentDisplayModeTest().start();
+    }
+
+    private void start() {
+        Frame f = new Frame("Testing, please wait..");
+        f.pack();
+        GraphicsDevice gd = f.getGraphicsConfiguration().getDevice();
+        if (!gd.isFullScreenSupported()) {
+            System.out.println("Exclusive FS mode not supported, test passed.");
+            f.dispose();
+            return;
+        }
+
+        gd.setFullScreenWindow(f);
+        if (!gd.isDisplayChangeSupported()) {
+            System.out.println("DisplayMode change not supported, test passed.");
+            f.dispose();
+            return;
+        }
+
+        DisplayMode dms[] = gd.getDisplayModes();
+        ArrayList<DisplayMode> dmList = new ArrayList<DisplayMode>(dms.length);
+        for (DisplayMode dm : dms) {
+            dmList.add(dm);
+        }
+
+        ArrayList<DisplayMode> nonExistentDms = createNonExistentDMList(dmList);
+
+        for (DisplayMode dm : nonExistentDms) {
+            boolean exThrown = false;
+            try {
+                System.out.printf("Testing mode: (%4dx%4d) depth=%3d rate=%d\n",
+                                  dm.getWidth(), dm.getHeight(),
+                                  dm.getBitDepth(), dm.getRefreshRate());
+                gd.setDisplayMode(dm);
+            } catch (IllegalArgumentException e) {
+                exThrown = true;
+            }
+            if (!exThrown) {
+                gd.setFullScreenWindow(null);
+                f.dispose();
+                throw new
+                    RuntimeException("Failed: No exception thrown for dm "+dm);
+            }
+        }
+        gd.setFullScreenWindow(null);
+        f.dispose();
+        System.out.println("Test passed.");
+    }
+
+    private static final Random rnd = new Random();
+    private ArrayList<DisplayMode>
+        createNonExistentDMList(ArrayList<DisplayMode> dmList)
+    {
+        ArrayList<DisplayMode> newList =
+            new ArrayList<DisplayMode>(dmList.size());
+        // vary one parameter at a time
+        int param = 0;
+        for (DisplayMode dm : dmList) {
+            param = ++param % 3;
+            switch (param) {
+                case 0: {
+                    DisplayMode newDM = deriveSize(dm);
+                    if (!dmList.contains(newDM)) {
+                        newList.add(newDM);
+                    }
+                    break;
+                }
+                case 1: {
+                    DisplayMode newDM = deriveDepth(dm);
+                    if (!dmList.contains(newDM)) {
+                        newList.add(newDM);
+                    }
+                    break;
+                }
+                case 2: {
+                    if (dm.getRefreshRate() != REFRESH_RATE_UNKNOWN) {
+                        DisplayMode newDM = deriveRR(dm);
+                        if (!dmList.contains(newDM)) {
+                            newList.add(newDM);
+                        }
+                    }
+                    break;
+                }
+            }
+        }
+        return newList;
+    }
+
+    private static DisplayMode deriveSize(DisplayMode dm) {
+        int w = dm.getWidth() / 7;
+        int h = dm.getHeight() / 3;
+        return new DisplayMode(w, h, dm.getBitDepth(), dm.getRefreshRate());
+    }
+    private static DisplayMode deriveRR(DisplayMode dm) {
+        return new DisplayMode(dm.getWidth(), dm.getHeight(),
+                               dm.getBitDepth(), 777);
+    }
+    private static DisplayMode deriveDepth(DisplayMode dm) {
+        int depth;
+        if (dm.getBitDepth() == DisplayMode.BIT_DEPTH_MULTI) {
+            depth = 77;
+        } else {
+            depth = DisplayMode.BIT_DEPTH_MULTI;
+        }
+        return new DisplayMode(dm.getWidth(), dm.getHeight(),
+                               depth, dm.getRefreshRate());
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/Window/FullWindowContentTest/FullWindowContentTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,212 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @key headful
+ * @bug 8211301
+ * @summary [macosx] support full window content options
+ * @author Alan Snyder
+ * @run main FullWindowContentTest
+ * @requires (os.family == "mac")
+*/
+
+import java.awt.AWTException;
+import java.awt.Color;
+import java.awt.Rectangle;
+import java.awt.Robot;
+import java.awt.image.BufferedImage;
+import java.lang.reflect.InvocationTargetException;
+import javax.swing.JComponent;
+import javax.swing.JFrame;
+import javax.swing.JRootPane;
+import javax.swing.SwingUtilities;
+
+public class FullWindowContentTest
+{
+    static FullWindowContentTest theTest;
+    private Robot robot;
+    private JFrame frame;
+    private JRootPane rootPane;
+    static boolean isTransparentSupported = getOSVersion() >= 1010;
+
+    private int DELAY = 1000;
+
+    public FullWindowContentTest() {
+        try {
+            robot = new Robot();
+        } catch (AWTException ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    public void performTest() {
+
+        runSwing(() -> {
+            frame = new JFrame("Test");
+            frame.setBounds(200, 200, 300, 100);
+            rootPane = frame.getRootPane();
+            JComponent contentPane = (JComponent) frame.getContentPane();
+            contentPane.setBackground(Color.RED);
+            rootPane.putClientProperty("apple.awt.fullWindowContent", true);
+            rootPane.putClientProperty("apple.awt.transparentTitleBar", true);
+            frame.setVisible(true);
+        });
+
+        robot.delay(DELAY);
+        checkTransparent();
+
+        runSwing(() -> rootPane.putClientProperty("apple.awt.transparentTitleBar", false));
+
+        robot.delay(DELAY);
+        checkTranslucent();
+
+        runSwing(() -> rootPane.putClientProperty("apple.awt.fullWindowContent", false));
+
+        robot.delay(DELAY);
+        checkNormal();
+
+        runSwing(() -> rootPane.putClientProperty("apple.awt.fullWindowContent", true));
+
+        robot.delay(DELAY);
+        checkTranslucent();
+
+        runSwing(() -> rootPane.putClientProperty("apple.awt.transparentTitleBar", true));
+
+        robot.delay(DELAY);
+        checkTransparent();
+
+        runSwing(() -> frame.dispose());
+
+        frame = null;
+        rootPane = null;
+    }
+
+    private void checkTransparent() {
+        if (isTransparentSupported) {
+            Color c = getTestPixel();
+            int delta = c.getRed() - c.getBlue();
+            if (delta < 200) {
+                throw new RuntimeException("Test failed: did not find transparent title bar color");
+            }
+            checkContent();
+        } else {
+            checkTranslucent();
+        }
+    }
+
+    private void checkTranslucent() {
+        Color c = getTestPixel();
+        int delta = c.getRed() - c.getBlue();
+        if (delta < 50 || delta > 150) {
+            throw new RuntimeException("Test failed: did not find translucent title bar color");
+        }
+        checkContent();
+    }
+
+    private void checkNormal() {
+        Color c = getTestPixel();
+        int delta = c.getRed() - c.getBlue();
+        if (delta < -50 || delta > 50) {
+            throw new RuntimeException("Test failed: did not find normal title bar color");
+        }
+        checkContent();
+    }
+
+    private void checkContent() {
+        // Check the bottom of the content area to make sure the insets were changed.
+        Color c = getContentPixel();
+        int delta = c.getRed() - c.getBlue();
+        if (delta < 200) {
+            throw new RuntimeException("Test failed: did not find content color");
+        }
+    }
+
+    private Color getContentPixel() {
+        Rectangle bounds = frame.getBounds();
+        Color c = robot.getPixelColor(bounds.x + 80, bounds.y + bounds.height - 10);
+        return c;
+    }
+
+    private Color getTestPixel() {
+        Rectangle bounds = frame.getBounds();
+        BufferedImage screenImage = robot.createScreenCapture(bounds);
+        int rgb = screenImage.getRGB(80, 10);
+        int red = (rgb >> 16) & 0xFF;
+        int green = (rgb >> 8) & 0xFF;
+        int blue = rgb & 0xFF;
+        Color c = new Color(red, green, blue);
+
+        // Note: the following code returns significantly wrong values.
+        // For example, it returns 42 24 24 for a translucent red that should be more like 243 151 151.
+
+//        Color c = robot.getPixelColor(bounds.x + 80, bounds.y + 10);
+
+        return c;
+    }
+
+    public void dispose() {
+        if (frame != null) {
+            frame.dispose();
+            frame = null;
+        }
+    }
+
+    private static int getOSVersion() {
+        String s = System.getProperty("os.version");
+        int p = s.indexOf('.');
+        int major = Integer.parseInt(s.substring(0, p));
+        s = s.substring(p+1);
+        p = s.indexOf('.');
+        int minor = Integer.parseInt(p >= 0 ? s.substring(0, p) : s);
+        return major * 100 + minor;
+    }
+
+    private static void runSwing(Runnable r) {
+        try {
+            SwingUtilities.invokeAndWait(r);
+        } catch (InterruptedException e) {
+        } catch (InvocationTargetException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static void main(String[] args) {
+        if (!System.getProperty("os.name").contains("OS X")) {
+            System.out.println("This test is for MacOS only. Automatically passed on other platforms.");
+            return;
+        }
+
+        try {
+            runSwing(() -> theTest = new FullWindowContentTest());
+            theTest.performTest();
+            ;
+        } finally {
+            if (theTest != null) {
+                runSwing(() -> theTest.dispose());
+            }
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/AnotherInterface.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,3 @@
+import java.io.*;
+
+public interface AnotherInterface extends Serializable {}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/CustomClassLoaderTransferTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,63 @@
+/*
+  @test
+  @bug 4932376
+  @summary verifies that data transfer within one JVM works correctly if
+           the transfer data was created with a custom class loader.
+  @author das@sparc.spb.su area=datatransfer
+  @library ../../regtesthelpers
+  @build TransferableList AnotherInterface CopyClassFile CustomClassLoaderTransferTest
+  @run main CopyClassFile -r ListInterface subdir/
+  @run main CopyClassFile -r TransferableList subdir/
+  @run main CustomClassLoaderTransferTest
+*/
+
+import java.awt.*;
+import java.awt.datatransfer.*;
+import java.io.*;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+public class CustomClassLoaderTransferTest {
+    public static class DFTransferable implements Transferable {
+        private final DataFlavor df;
+        private final Object obj;
+        public DFTransferable(DataFlavor df, Object obj) {
+            this.df = df;
+            this.obj = obj;
+        }
+
+        @Override
+        public Object getTransferData(DataFlavor flavor)
+          throws UnsupportedFlavorException, IOException {
+            if (df.equals(flavor)) {
+                return obj;
+            } else {
+                throw new UnsupportedFlavorException(flavor);
+            }
+        }
+
+        @Override
+        public DataFlavor[] getTransferDataFlavors(){
+            return new DataFlavor[] { df };
+        }
+
+        @Override
+        public boolean isDataFlavorSupported(DataFlavor flavor) {
+            return df.equals(flavor);
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        Clipboard c = Toolkit.getDefaultToolkit().getSystemClipboard();
+        URL url = new File("./subdir/").toURL();
+        ClassLoader classLoader = new URLClassLoader(new URL[] { url },
+                CustomClassLoaderTransferTest.class.getClassLoader());
+        Class clazz = Class.forName("TransferableList", true, classLoader);
+        DataFlavor df = new DataFlavor(clazz, "Transferable List");
+        Object obj = clazz.newInstance();
+        Transferable t = new DFTransferable(df, obj);
+        c.setContents(t, null);
+        Transferable ct = c.getContents(null);
+        ct.getTransferData(df);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/datatransfer/CustomClassLoaderTransferTest/TransferableList.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,30 @@
+import java.io.Serializable;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.util.ArrayList;
+
+public class TransferableList extends ArrayList {
+    private static class NullInvocationHandler implements InvocationHandler, Serializable {
+        public Object invoke(Object proxy, Method method, Object[] args)
+          throws Throwable {
+            throw new Error("UNIMPLEMENTED");
+        }
+    }
+
+    public TransferableList() {
+        try {
+            InvocationHandler handler = new NullInvocationHandler();
+            Class<?> proxyClass = Proxy.getProxyClass(
+                ListInterface.class.getClassLoader(),
+                new Class[] { ListInterface.class, AnotherInterface.class });
+            AnotherInterface obj = (AnotherInterface) proxyClass.
+                    getConstructor(new Class[]{InvocationHandler.class}).
+                    newInstance(handler);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
+
+interface ListInterface extends Serializable {}
--- a/test/java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2016 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,10 @@
  */
 
 /**
- * @test @summary JVM crash if the frame is disposed in DropTargetListener
+ * @test
+ * @summary JVM crash if the frame is disposed in DropTargetListener
+ * @bug 8252470
+ * @key headful
  * @author Petr Pchelko
  * @library ../../regtesthelpers
  * @build Util
--- a/test/java/awt/print/PrinterJob/PrintTextTest.html	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-<!--
- Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-
- This code is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License version 2 only, as
- published by the Free Software Foundation.
-
- This code is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- version 2 for more details (a copy is included in the LICENSE file that
- accompanied this code).
-
- You should have received a copy of the GNU General Public License version
- 2 along with this work; if not, write to the Free Software Foundation,
- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-
- Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- or visit www.oracle.com if you need additional information or have any
- questions.
--->
-
-<html>
-<body>
-<applet  code="PrintTextTest.class" width=400 height=100></applet>
-This tests that printed text renders similarly to on-screen,
-under a variety of APIs and graphics and font transforms
-Print to your preferred printer. Collect the output.
-Refer to the onscreen buttons to cycle through the on-screen
-content
-For each page, confirm that the printed content corresponds to
-the on-screen rendering for that *same* page.
-Some cases may look odd but its intentional. Verify
-it looks the same on screen and on the printer.
-Note that text does not scale linearly from screen to printer
-so some differences are normal and not a bug.
-The easiest way to spot real problems is to check that
-any underlines are the same length as the underlined text
-and that any rotations are the same in each case.
-Note that each on-screen page is printed in both portrait
-and landscape mode
-So for example, Page 1/Portrait, and Page 1/Landscape when
-rotated to view properly, should both match Page 1 on screen.;
-</body>
-</html>
--- a/test/java/awt/regtesthelpers/CopyClassFile.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/awt/regtesthelpers/CopyClassFile.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
  *
  * @build CopyClassFile
  * @run main CopyClassFile package.class dest_directory
+ *
+ * In case the source file should be removed add -r option
  */
 public class CopyClassFile {
 
@@ -48,13 +50,17 @@
     private static String className;
     private static String classFile;
 
+    private static boolean removeSource = false;
+
     public static void main(String[] args) throws Exception {
-        if (args.length != 2) {
+        if (args.length < 2) {
             throw new IllegalArgumentException("Illegal usage: class name and destination directory should be specified");
         }
 
-        destinationDir = args[1];
-        className = args[0];
+        int classNameIndex = parseOptions(args);
+
+        className = args[classNameIndex];
+        destinationDir = args[classNameIndex + 1];
         classFile = className.replaceAll("\\.", File.separator) + ".class";
 
         URL url = cl.getResource(classFile);
@@ -69,6 +75,21 @@
         Arrays.stream(files).forEach(CopyClassFile::copyFile);
     }
 
+    private static int parseOptions(String[] args) {
+        int optionsEnd = 0;
+        while (args[optionsEnd].startsWith("-")) {
+            switch (args[optionsEnd].substring(1)) {
+                case "r" :
+                    removeSource = true;
+                    break;
+                default:
+                    throw new RuntimeException("Unrecognized option passed to CopyClassFile: " + args[optionsEnd]);
+            }
+            optionsEnd++;
+        }
+        return optionsEnd;
+    }
+
     private static String cutPackageName(String className) {
         int dotIndex = className.lastIndexOf(".") + 1;
         if (dotIndex <= 0) {
@@ -87,6 +108,11 @@
             try (InputStream is = new FileInputStream(f)) {
                 Files.copy(is, p, StandardCopyOption.REPLACE_EXISTING);
             }
+
+            if (removeSource && !f.delete()) {
+                throw new RuntimeException("Failed to delete a file");
+            }
+
         } catch (IOException ex) {
             throw new RuntimeException("Could not copy file " + f, ex);
         }
--- a/test/java/beans/PropertyEditor/6380849/TestPropertyEditor.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/6380849/TestPropertyEditor.java	Mon Apr 19 04:23:30 2021 +0100
@@ -28,6 +28,7 @@
  * @author Sergey Malenkov
  * @compile -XDignore.symbol.file TestPropertyEditor.java
  * @run main TestPropertyEditor
+ * @key headful
  */
 
 import editors.SecondBeanEditor;
--- a/test/java/beans/PropertyEditor/TestColorClass.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestColorClass.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596 6258510
  * @summary Tests PropertyEditor for value of type Color with security manager
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassJava.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestColorClassJava.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596
  * @summary Tests PropertyEditor for value of type Color
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassNull.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestColorClassNull.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596 6498171
  * @summary Tests PropertyEditor for null value of type Color
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestColorClassValue.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestColorClassValue.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4222827 4506596
  * @summary Tests PropertyEditor for value of type Color
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Color;
--- a/test/java/beans/PropertyEditor/TestFontClass.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestFontClass.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596 6258510 6538853
  * @summary Tests PropertyEditor for value of type Font with security manager
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassJava.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestFontClassJava.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596 6538853
  * @summary Tests PropertyEditor for value of type Font
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassNull.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestFontClassNull.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4506596 6498171 6538853
  * @summary Tests PropertyEditor for null value of type Font
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Font;
--- a/test/java/beans/PropertyEditor/TestFontClassValue.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/PropertyEditor/TestFontClassValue.java	Mon Apr 19 04:23:30 2021 +0100
@@ -26,6 +26,7 @@
  * @bug 4222827 4506596 6538853
  * @summary Tests PropertyEditor for value of type Font
  * @author Sergey Malenkov
+ * @key headful
  */
 
 import java.awt.Font;
--- a/test/java/beans/XMLEncoder/java_awt_ScrollPane.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/beans/XMLEncoder/java_awt_ScrollPane.java	Mon Apr 19 04:23:30 2021 +0100
@@ -25,6 +25,7 @@
  * @test
  * @bug 6402062 6487891
  * @summary Tests ScrollPane encoding
+ * @key headful
  * @author Sergey Malenkov
  */
 
--- a/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -33,11 +33,9 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.nio.file.Files;
-import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.attribute.PosixFileAttributeView;
-import java.util.stream.Stream;
 
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
@@ -163,34 +161,66 @@
         tr.assertZero("Should still return 0");
     }
 
+    private static boolean isWriteableDirectory(Path p) {
+        if (!Files.isDirectory(p)) {
+            return false;
+        }
+        Path test = p.resolve(Paths.get("test"));
+        try {
+            Files.createFile(test);
+            assertTrue(Files.exists(test));
+            return true;
+        } catch (IOException e) {
+            assertFalse(Files.exists(test));
+            return false;
+        } finally {
+            if (Files.exists(test)) {
+                try {
+                    Files.delete(test);
+                } catch (IOException e) {
+                    throw new Error(e);
+                }
+            }
+        }
+    }
+
     @Test
     public void testDumpDirNotWritable() throws IOException {
-        if (! Files.getFileStore(Paths.get("."))
-                   .supportsFileAttributeView(PosixFileAttributeView.class)) {
+        if (!Files.getFileStore(Paths.get("."))
+                  .supportsFileAttributeView(PosixFileAttributeView.class)) {
             // No easy way to setup readonly directory without POSIX
             // We would like to skip the test with a cause with
             //     throw new SkipException("Posix not supported");
             // but jtreg will report failure so we just pass the test
             // which we can look at if jtreg changed its behavior
+            System.out.println("WARNING: POSIX is not supported. Skipping testDumpDirNotWritable test.");
             return;
         }
 
         Files.createDirectory(Paths.get("readOnly"),
                               asFileAttribute(fromString("r-xr-xr-x")));
+        try {
+            if (isWriteableDirectory(Paths.get("readOnly"))) {
+                // Skipping the test: it's allowed to write into read-only directory
+                // (e.g. current user is super user).
+                System.out.println("WARNING: readOnly directory is writeable. Skipping testDumpDirNotWritable test.");
+                return;
+            }
 
-        TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
-                               "-cp", ".",
-                               "-Djdk.internal.lambda.dumpProxyClasses=readOnly",
-                               "-Djava.security.manager",
-                               "com.example.TestLambda");
-        assertEquals(tr.testOutput.stream()
-                                  .filter(s -> s.startsWith("WARNING"))
-                                  .peek(s -> assertTrue(s.contains("not writable")))
-                                  .count(),
-                     1, "only show error once");
-        tr.assertZero("Should still return 0");
-
-        TestUtil.removeAll(Paths.get("readOnly"));
+            TestResult tr = doExec(JAVA_CMD.getAbsolutePath(),
+                                   "-cp", ".",
+                                   "-Djdk.internal.lambda.dumpProxyClasses=readOnly",
+                                   "-Djava.security.manager",
+                                   "com.example.TestLambda");
+            assertEquals(tr.testOutput.stream()
+                                      .filter(s -> s.startsWith("WARNING"))
+                                      .peek(s -> assertTrue(s.contains("not writable")))
+                                      .count(),
+                         1, "only show error once");
+            tr.assertZero("Should still return 0");
+        } finally {
+            TestUtil.removeAll(Paths.get("readOnly"));
+        }
     }
 
     @Test
--- a/test/java/lang/ref/SoftReference/Pin.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/lang/ref/SoftReference/Pin.java	Mon Apr 19 04:23:30 2021 +0100
@@ -76,6 +76,7 @@
                 Thread.sleep(100);              // yield, for what it's worth
             }
         } catch (OutOfMemoryError e) {
+            chain = null; // Free memory for further work.
             System.err.println("Got OutOfMemoryError, as expected.");
         }
 
--- a/test/java/net/CookieHandler/CookieManagerTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/net/CookieHandler/CookieManagerTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -25,6 +25,7 @@
  * @test
  * @summary Unit test for java.net.CookieManager
  * @bug 6244040 7150552 7051862
+ * @modules jdk.httpserver
  * @run main/othervm -ea CookieManagerTest
  * @author Edward Wang
  */
@@ -32,12 +33,31 @@
 import com.sun.net.httpserver.*;
 import java.io.IOException;
 import java.net.*;
+import static java.net.Proxy.NO_PROXY;
 
 public class CookieManagerTest {
 
     static CookieTransactionHandler httpTrans;
     static HttpServer server;
 
+    static final String hostAddress = getAddr();
+
+    /** Returns an IP literal suitable for use by the test. */
+    static String getAddr() {
+        try {
+            InetAddress lh = InetAddress.getLocalHost();
+            System.out.println("Trying: " + lh);
+            if (lh.isReachable(5_000)) {
+                System.out.println("Using: " + lh);
+                return lh.getHostAddress();
+            }
+        } catch (IOException x) {
+            System.out.println("Debug: caught:" + x);
+        }
+        System.out.println("Using: \"127.0.0.1\"");
+        return "127.0.0.1";
+    }
+
     public static void main(String[] args) throws Exception {
         startHttpServer();
         makeHttpCall();
@@ -78,8 +98,8 @@
 
     public static void makeHttpCall() throws IOException {
         try {
-            System.out.println("http server listenining on: "
-                    + server.getAddress().getPort());
+            int port = server.getAddress().getPort();
+            System.out.println("http server listenining on: " + port);
 
             // install CookieManager to use
             CookieHandler.setDefault(new CookieManager());
@@ -92,11 +112,12 @@
                 ((CookieManager)CookieHandler.getDefault())
                     .getCookieStore().removeAll();
                 URL url = new URL("http" ,
-                                  InetAddress.getLocalHost().getHostAddress(),
+                                  hostAddress,
                                   server.getAddress().getPort(),
                                   CookieTransactionHandler.testCases[i][0]
                                                           .serverPath);
-                HttpURLConnection uc = (HttpURLConnection)url.openConnection();
+                System.out.println("Requesting " + url);
+                HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY);
                 uc.getResponseCode();
                 uc.disconnect();
             }
@@ -116,8 +137,6 @@
     // to send http request
     public static final int testCount = 6;
 
-    private String localHostAddr = "127.0.0.1";
-
     @Override
     public void handle(HttpExchange exchange) throws IOException {
         if (testDone < testCases[testcaseDone].length) {
@@ -188,10 +207,8 @@
         testCases = new CookieTestCase[testCount][];
         testPolicies = new CookiePolicy[testCount];
 
-        try {
-            localHostAddr = InetAddress.getLocalHost().getHostAddress();
-        } catch (Exception ignored) {
-        };
+        String localHostAddr = CookieManagerTest.hostAddress;
+
         int count = 0;
 
         // an http session with Netscape cookies exchanged
--- a/test/java/net/HttpURLConnection/UnmodifiableMaps.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/net/HttpURLConnection/UnmodifiableMaps.java	Mon Apr 19 04:23:30 2021 +0100
@@ -24,11 +24,11 @@
 /**
  * @test
  * @bug 7128648
+ * @modules jdk.httpserver
  * @summary HttpURLConnection.getHeaderFields should return an unmodifiable Map
  */
 
 import java.io.IOException;
-import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.net.HttpURLConnection;
@@ -40,6 +40,7 @@
 import com.sun.net.httpserver.HttpHandler;
 import com.sun.net.httpserver.HttpServer;
 import com.sun.net.httpserver.Headers;
+import static java.net.Proxy.NO_PROXY;
 
 public class UnmodifiableMaps {
 
@@ -47,8 +48,7 @@
         HttpServer server = startHttpServer();
         try {
             InetSocketAddress address = server.getAddress();
-            URI uri = new URI("http://" + InetAddress.getLocalHost().getHostAddress()
-                              + ":" + address.getPort() + "/foo");
+            URI uri = new URI("http://localhost:" + address.getPort() + "/foo");
             doClient(uri);
         } finally {
             server.stop(0);
@@ -56,7 +56,7 @@
     }
 
     void doClient(URI uri) throws Exception {
-        HttpURLConnection uc = (HttpURLConnection) uri.toURL().openConnection();
+        HttpURLConnection uc = (HttpURLConnection) uri.toURL().openConnection(NO_PROXY);
 
         // Test1: getRequestProperties is unmodifiable
         System.out.println("Check getRequestProperties");
--- a/test/java/net/URLConnection/HandleContentTypeWithAttrs.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/net/URLConnection/HandleContentTypeWithAttrs.java	Mon Apr 19 04:23:30 2021 +0100
@@ -31,6 +31,7 @@
 import java.io.*;
 import sun.net.www.content.text.*;
 import sun.net.www.MessageHeader;
+import static java.net.Proxy.NO_PROXY;
 
 public class HandleContentTypeWithAttrs {
 
@@ -38,13 +39,11 @@
 
     public HandleContentTypeWithAttrs (int port) throws Exception {
 
-        String localHostName = InetAddress.getLocalHost().getHostName();
-
         // Request echo.html from myHttpServer.
         // In the header of the response, we make
         // the content type have some attributes.
-        url = new URL("http://" + localHostName + ":" + port + "/echo.html");
-        URLConnection urlConn = url.openConnection();
+        url = new URL("http://localhost:" + port + "/echo.html");
+        URLConnection urlConn = url.openConnection(NO_PROXY);
 
         // the method getContent() calls the method
         // getContentHandler(). With the fix, the method
--- a/test/java/nio/file/Files/probeContentType/Basic.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/nio/file/Files/probeContentType/Basic.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,14 +29,18 @@
  * @run main/othervm Basic
  */
 
+import java.io.*;
 import java.nio.file.*;
-import java.io.*;
+import java.util.stream.Stream;
 
 /**
- * Uses Files.probeContentType to probe html file and custom file type.
+ * Uses Files.probeContentType to probe html file, custom file type, and minimal
+ * set of file extension to content type mappings.
  */
+public class Basic {
 
-public class Basic {
+    private static final boolean IS_UNIX =
+        ! System.getProperty("os.name").startsWith("Windows");
 
     static Path createHtmlFile() throws IOException {
         Path file = Files.createTempFile("foo", ".html");
@@ -51,7 +55,58 @@
         return Files.createTempFile("red", ".grape");
     }
 
+    private static int checkContentTypes(String expected, String actual) {
+        assert expected != null;
+        assert actual != null;
+
+        if (!expected.equals(actual)) {
+            if (IS_UNIX) {
+                Path userMimeTypes =
+                    Paths.get(System.getProperty("user.home"), ".mime.types");
+                if (!Files.exists(userMimeTypes)) {
+                    System.out.println(userMimeTypes + " does not exist");
+                } else if (!Files.isReadable(userMimeTypes)) {
+                    System.out.println(userMimeTypes + " is not readable");
+                } else {
+                    System.out.println(userMimeTypes + " contents:");
+                    try (Stream<String> lines = Files.lines(userMimeTypes)) {
+                        lines.forEach(System.out::println);
+                        System.out.println("");
+                    } catch (IOException ioe) {
+                        System.err.println("Problem reading "
+                                           + userMimeTypes);
+                    }
+                }
+
+                Path etcMimeTypes = Paths.get("/etc/mime.types");
+                if (!Files.exists(etcMimeTypes)) {
+                    System.out.println(etcMimeTypes + " does not exist");
+                } else if (!Files.isReadable(etcMimeTypes)) {
+                    System.out.println(etcMimeTypes + " is not readable");
+                } else {
+                    System.out.println(etcMimeTypes + " contents:");
+                    try (Stream<String> lines = Files.lines(etcMimeTypes)) {
+                        lines.forEach(System.out::println);
+                        System.out.println("");
+                    } catch (IOException ioe) {
+                        System.err.println("Problem reading "
+                                           + etcMimeTypes);
+                    }
+                }
+            }
+
+            System.err.println("Expected \"" + expected
+                               + "\" but obtained \""
+                               + actual + "\"");
+
+            return 1;
+        }
+
+        return 0;
+    }
+
     public static void main(String[] args) throws IOException {
+        int failures = 0;
 
         // exercise default file type detector
         Path file = createHtmlFile();
@@ -60,8 +115,7 @@
             if (type == null) {
                 System.err.println("Content type cannot be determined - test skipped");
             } else {
-                if (!type.equals("text/html"))
-                    throw new RuntimeException("Unexpected type: " + type);
+                failures += checkContentTypes("text/html", type);
             }
         } finally {
             Files.delete(file);
@@ -73,11 +127,13 @@
             String type = Files.probeContentType(file);
             if (type == null)
                 throw new RuntimeException("Custom file type detector not installed?");
-            if (!type.equals("grape/unknown"))
-                throw new RuntimeException("Unexpected type: " + type);
+            failures += checkContentTypes("grape/unknown", type);
         } finally {
             Files.delete(file);
         }
 
+        if (failures > 0) {
+            throw new RuntimeException("Test failed!");
+        }
     }
 }
--- a/test/java/util/Locale/Bug8040211.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/java/util/Locale/Bug8040211.java	Mon Apr 19 04:23:30 2021 +0100
@@ -23,14 +23,16 @@
 
 /*
  * @test
- * @bug 8040211 8191404 8203872 8222980
+ * @bug 8040211 8191404 8203872 8222980 8225435
  * @summary Checks the IANA language subtag registry data update
- *          (LSR Revision: 2019-04-03) with Locale and Locale.LanguageRange
+ *          (LSR Revision: 2019-09-16) with Locale and Locale.LanguageRange
  *          class methods.
  * @run main Bug8040211
  */
 
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.Locale;
 import java.util.List;
@@ -42,6 +44,85 @@
 
     static boolean err = false;
 
+    private static final String ACCEPT_LANGUAGE =
+        "Accept-Language: aam, adp, aog, aue, bcg, cey, cqu, dif, ema,"
+        + " en-gb-oed, gti, kdz, koj, kwq, kxe, lii, lmm, lsn, lsv, lvi, mtm,"
+        + " ngv, nns, oyb, phr, pnd, pub, snz, suj, szy,taj, tjj, tjp, tvx,"
+        + " uss, uth, wkr;q=0.9, ar-hyw;q=0.8, yug;q=0.5, gfx;q=0.4";
+    private static final List<LanguageRange> EXPECTED_RANGE_LIST = Collections.unmodifiableList(
+       Arrays.asList(new LanguageRange[] {
+            new LanguageRange("aam", 1.0),
+            new LanguageRange("aas", 1.0),
+            new LanguageRange("adp", 1.0),
+            new LanguageRange("dz", 1.0),
+            new LanguageRange("aog", 1.0),
+            new LanguageRange("myd", 1.0),
+            new LanguageRange("aue", 1.0),
+            new LanguageRange("ktz", 1.0),
+            new LanguageRange("bcg", 1.0),
+            new LanguageRange("bgm", 1.0),
+            new LanguageRange("cey", 1.0),
+            new LanguageRange("cqu", 1.0),
+            new LanguageRange("quh", 1.0),
+            new LanguageRange("dif", 1.0),
+            new LanguageRange("dit", 1.0),
+            new LanguageRange("ema", 1.0),
+            new LanguageRange("uok", 1.0),
+            new LanguageRange("en-gb-oed", 1.0),
+            new LanguageRange("en-gb-oxendict", 1.0),
+            new LanguageRange("gti", 1.0),
+            new LanguageRange("nyc", 1.0),
+            new LanguageRange("kdz", 1.0),
+            new LanguageRange("ncp", 1.0),
+            new LanguageRange("koj", 1.0),
+            new LanguageRange("kwv", 1.0),
+            new LanguageRange("kwq", 1.0),
+            new LanguageRange("yam", 1.0),
+            new LanguageRange("kxe", 1.0),
+            new LanguageRange("tvd", 1.0),
+            new LanguageRange("lii", 1.0),
+            new LanguageRange("raq", 1.0),
+            new LanguageRange("lmm", 1.0),
+            new LanguageRange("rmx", 1.0),
+            new LanguageRange("lsn", 1.0),
+            new LanguageRange("lsv", 1.0),
+            new LanguageRange("lvi", 1.0),
+            new LanguageRange("mtm", 1.0),
+            new LanguageRange("ymt", 1.0),
+            new LanguageRange("ngv", 1.0),
+            new LanguageRange("nnx", 1.0),
+            new LanguageRange("nns", 1.0),
+            new LanguageRange("nbr", 1.0),
+            new LanguageRange("oyb", 1.0),
+            new LanguageRange("thx", 1.0),
+            new LanguageRange("skk", 1.0),
+            new LanguageRange("jeg", 1.0),
+            new LanguageRange("phr", 1.0),
+            new LanguageRange("pmu", 1.0),
+            new LanguageRange("pnd", 1.0),
+            new LanguageRange("pub", 1.0),
+            new LanguageRange("puz", 1.0),
+            new LanguageRange("snz", 1.0),
+            new LanguageRange("asd", 1.0),
+            new LanguageRange("suj", 1.0),
+            new LanguageRange("szy", 1.0),
+            new LanguageRange("taj", 1.0),
+            new LanguageRange("tsf", 1.0),
+            new LanguageRange("tjj", 1.0),
+            new LanguageRange("tjp", 1.0),
+            new LanguageRange("tvx", 1.0),
+            new LanguageRange("uss", 1.0),
+            new LanguageRange("uth", 1.0),
+            new LanguageRange("wkr", 0.9),
+            new LanguageRange("ar-hyw", 0.8),
+            new LanguageRange("yug", 0.5),
+            new LanguageRange("yuu", 0.5),
+            new LanguageRange("gfx", 0.4),
+            new LanguageRange("oun", 0.4),
+            new LanguageRange("mwj", 0.4),
+            new LanguageRange("vaj", 0.4)
+        }));
+
     public static void main(String[] args) {
         testLanguageRange();
         testLocale();
@@ -66,70 +147,15 @@
 
     private static void test_parse() {
         boolean error = false;
-        String str = "Accept-Language: aam, adp, aue, bcg, cqu, ema,"
-                + " en-gb-oed, gti, kdz, koj, kwq, kxe, lii, lmm, mtm, ngv,"
-                + " oyb, phr, pub, suj, taj;q=0.9, ar-hyw;q=0.8, yug;q=0.5, gfx;q=0.4";
-        ArrayList<LanguageRange> expected = new ArrayList<>();
-        expected.add(new LanguageRange("aam", 1.0));
-        expected.add(new LanguageRange("aas", 1.0));
-        expected.add(new LanguageRange("adp", 1.0));
-        expected.add(new LanguageRange("dz", 1.0));
-        expected.add(new LanguageRange("aue", 1.0));
-        expected.add(new LanguageRange("ktz", 1.0));
-        expected.add(new LanguageRange("bcg", 1.0));
-        expected.add(new LanguageRange("bgm", 1.0));
-        expected.add(new LanguageRange("cqu", 1.0));
-        expected.add(new LanguageRange("quh", 1.0));
-        expected.add(new LanguageRange("ema", 1.0));
-        expected.add(new LanguageRange("uok", 1.0));
-        expected.add(new LanguageRange("en-gb-oed", 1.0));
-        expected.add(new LanguageRange("en-gb-oxendict", 1.0));
-        expected.add(new LanguageRange("gti", 1.0));
-        expected.add(new LanguageRange("nyc", 1.0));
-        expected.add(new LanguageRange("kdz", 1.0));
-        expected.add(new LanguageRange("ncp", 1.0));
-        expected.add(new LanguageRange("koj", 1.0));
-        expected.add(new LanguageRange("kwv", 1.0));
-        expected.add(new LanguageRange("kwq", 1.0));
-        expected.add(new LanguageRange("yam", 1.0));
-        expected.add(new LanguageRange("kxe", 1.0));
-        expected.add(new LanguageRange("tvd", 1.0));
-        expected.add(new LanguageRange("lii", 1.0));
-        expected.add(new LanguageRange("raq", 1.0));
-        expected.add(new LanguageRange("lmm", 1.0));
-        expected.add(new LanguageRange("rmx", 1.0));
-        expected.add(new LanguageRange("mtm", 1.0));
-        expected.add(new LanguageRange("ymt", 1.0));
-        expected.add(new LanguageRange("ngv", 1.0));
-        expected.add(new LanguageRange("nnx", 1.0));
-        expected.add(new LanguageRange("oyb", 1.0));
-        expected.add(new LanguageRange("thx", 1.0));
-        expected.add(new LanguageRange("skk", 1.0));
-        expected.add(new LanguageRange("jeg", 1.0));
-        expected.add(new LanguageRange("phr", 1.0));
-        expected.add(new LanguageRange("pmu", 1.0));
-        expected.add(new LanguageRange("pub", 1.0));
-        expected.add(new LanguageRange("puz", 1.0));
-        expected.add(new LanguageRange("suj", 1.0));
-        expected.add(new LanguageRange("xsj", 1.0));
-        expected.add(new LanguageRange("taj", 0.9));
-        expected.add(new LanguageRange("tsf", 0.9));
-        expected.add(new LanguageRange("ar-hyw", 0.8));
-        expected.add(new LanguageRange("yug", 0.5));
-        expected.add(new LanguageRange("yuu", 0.5));
-        expected.add(new LanguageRange("gfx", 0.4));
-        expected.add(new LanguageRange("oun", 0.4));
-        expected.add(new LanguageRange("mwj", 0.4));
-        expected.add(new LanguageRange("vaj", 0.4));
-        List<LanguageRange> got = LanguageRange.parse(str);
-        if (!areEqual(expected, got)) {
+        List<LanguageRange> got = LanguageRange.parse(ACCEPT_LANGUAGE);
+        if (!areEqual(EXPECTED_RANGE_LIST, got)) {
             error = true;
             System.err.println("    language parse() test failed.");
         }
 
         if (error) {
             err = true;
-            System.err.println("  test_parse() failed.");
+            System.out.println("  test_parse() failed.");
         } else {
             System.out.println("  test_parse() passed.");
         }
@@ -152,7 +178,7 @@
                         + ", weight=" + lr.getWeight());
             }
 
-            System.out.println("  Actual size=" + actualSize);
+            System.err.println("  Actual size=" + actualSize);
             for (LanguageRange lr : got) {
                 System.err.println("    range=" + lr.getRange()
                         + ", weight=" + lr.getWeight());
@@ -351,11 +377,11 @@
             String tags,
             String expectedTags,
             String actualTags) {
-        System.out.println("\nIncorrect " + methodName + " result.");
-        System.out.println("  Priority list  :  " + priorityList);
-        System.out.println("  Language tags  :  " + tags);
-        System.out.println("  Expected value : " + expectedTags);
-        System.out.println("  Actual value   : " + actualTags);
+        System.err.println("\nIncorrect " + methodName + " result.");
+        System.err.println("  Priority list  :  " + priorityList);
+        System.err.println("  Language tags  :  " + tags);
+        System.err.println("  Expected value : " + expectedTags);
+        System.err.println("  Actual value   : " + actualTags);
     }
 
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/imageio/metadata/GetElementsByTagNameTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug     8167281
+ * @summary Test verifies that Element.getElementsByTagName("*") is not empty
+ *          for valid image.
+ * @run     main GetElementsByTagNameTest
+ */
+
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import javax.imageio.ImageIO;
+import javax.imageio.ImageReader;
+import javax.imageio.metadata.IIOMetadata;
+import javax.imageio.metadata.IIOMetadataFormatImpl;
+import javax.imageio.stream.ImageInputStream;
+import javax.imageio.stream.MemoryCacheImageInputStream;
+import org.w3c.dom.Element;
+
+public class GetElementsByTagNameTest {
+
+    public static void main(String[] args) throws IOException {
+        // Generate some trivial image and save it to a temporary array
+        ByteArrayOutputStream tmp = new ByteArrayOutputStream();
+        ImageIO.write(new BufferedImage(1, 1, BufferedImage.TYPE_INT_RGB),
+                "gif", tmp);
+
+        // Read the stream
+        ImageInputStream in = new MemoryCacheImageInputStream(
+                new ByteArrayInputStream(tmp.toByteArray()));
+        ImageReader reader = ImageIO.getImageReaders(in).next();
+        reader.setInput(in);
+
+        // Retrieve standard image metadata tree
+        IIOMetadata meta = reader.getImageMetadata(0);
+        if (meta == null || !meta.isStandardMetadataFormatSupported()) {
+            throw new Error("Test failure: Missing metadata");
+        }
+        Element root = (Element) meta.
+                getAsTree(IIOMetadataFormatImpl.standardMetadataFormatName);
+
+        // Test getElementsByTagName("*")
+        if (root.getElementsByTagName("*").getLength() == 0) {
+            throw new RuntimeException("getElementsByTagName(\"*\") returns"
+                    + " nothing");
+        }
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/imageio/metadata/NthItemNodeListTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug     8167281
+ * @summary Test verifies that accessing nth item in NodeList doesn't throw
+ *          IndexOutOfBoundsException.
+ * @run     main NthItemNodeListTest
+ */
+
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import javax.imageio.ImageIO;
+import javax.imageio.ImageReader;
+import javax.imageio.metadata.IIOMetadata;
+import javax.imageio.metadata.IIOMetadataFormatImpl;
+import javax.imageio.stream.ImageInputStream;
+import javax.imageio.stream.MemoryCacheImageInputStream;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+public class NthItemNodeListTest {
+
+    public static void main(String[] args) throws IOException {
+        // Generate some trivial image and save it to a temporary array
+        ByteArrayOutputStream tmp = new ByteArrayOutputStream();
+        ImageIO.write(new BufferedImage(1, 1, BufferedImage.TYPE_INT_RGB),
+                "gif", tmp);
+
+        // Read it back in
+        ImageInputStream in = new MemoryCacheImageInputStream(
+                new ByteArrayInputStream(tmp.toByteArray()));
+        ImageReader reader = ImageIO.getImageReaders(in).next();
+        reader.setInput(in);
+
+        // Retrieve standard image metadata tree
+        IIOMetadata meta = reader.getImageMetadata(0);
+        if (meta == null || !meta.isStandardMetadataFormatSupported()) {
+            throw new Error("Test failure: Missing metadata");
+        }
+        Element root = (Element) meta.
+                getAsTree(IIOMetadataFormatImpl.standardMetadataFormatName);
+
+        NodeList nodeList = root.
+                getElementsByTagName(root.getFirstChild().getNodeName());
+        /*
+         * Accessing the nth node should return null and not throw
+         * IndexOutOfBoundsException.
+         */
+        Node n = (nodeList.item(nodeList.getLength()));
+    }
+}
+
--- a/test/javax/imageio/stream/StreamFlush.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/imageio/stream/StreamFlush.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,8 @@
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.imageio.ImageIO;
 import javax.imageio.stream.ImageOutputStream;
@@ -44,14 +46,20 @@
         ImageIO.setUseCache(true);
 
         // Create a FileImageOutputStream from a FileOutputStream
-        File temp1 = File.createTempFile("imageio", ".tmp");
-        temp1.deleteOnExit();
-        ImageOutputStream fios = ImageIO.createImageOutputStream(temp1);
+        File temp1 = File.createTempFile("StreamFlush_fis_", ".tmp");
+        // Create a FileCacheImageOutputStream from a BufferedOutputStream
+        File temp2 = File.createTempFile("StreamFlush_bos_", ".tmp");
+        try (ImageOutputStream fios = ImageIO.createImageOutputStream(temp1);
+             FileOutputStream fos2 = new FileOutputStream(temp2)) {
+            test(temp1, fios, temp2, fos2);
+        } finally {
+            Files.delete(Paths.get(temp1.getAbsolutePath()));
+            Files.delete(Paths.get(temp2.getAbsolutePath()));
+        }
+    }
 
-        // Create a FileCacheImageOutputStream from a BufferedOutputStream
-        File temp2 = File.createTempFile("imageio", ".tmp");
-        temp2.deleteOnExit();
-        FileOutputStream fos2 = new FileOutputStream(temp2);
+    private static void test(File temp1, ImageOutputStream fios, File temp2,
+                             FileOutputStream fos2) throws IOException {
         BufferedOutputStream bos = new BufferedOutputStream(fos2);
         ImageOutputStream fcios1 = ImageIO.createImageOutputStream(bos);
 
--- a/test/javax/net/ssl/SSLEngine/Arrays.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/net/ssl/SSLEngine/Arrays.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 5019096
  * @summary Add scatter/gather APIs for SSLEngine
+ * @library /lib/security
  * @run main/othervm Arrays SSL
  * @run main/othervm Arrays TLS
  * @run main/othervm Arrays SSLv3
@@ -182,6 +183,14 @@
     private static String contextVersion;
     public static void main(String args[]) throws Exception {
         contextVersion = args[0];
+        // Re-enable context version if it is disabled.
+        // If context version is SSLv3, TLSv1 needs to be re-enabled.
+        if (contextVersion.equals("SSLv3")) {
+            SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
+        } else if (contextVersion.equals("TLSv1") ||
+                   contextVersion.equals("TLSv1.1")) {
+            SecurityUtils.removeFromDisabledTlsAlgs(contextVersion);
+        }
 
         Arrays test;
 
--- a/test/javax/net/ssl/TLS/TLSClientPropertyTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/net/ssl/TLS/TLSClientPropertyTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8049432 8069038 8234723
+ * @bug 8049432 8069038 8234723 8202343
  * @summary New tests for TLS property jdk.tls.client.protocols
  * @summary javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be
  *     updated for JDK-8061210
@@ -71,7 +71,7 @@
             }
             contextProtocol = null;
             expectedDefaultProtos = new String[] {
-                    "TLSv1", "TLSv1.1", "TLSv1.2"
+                    "TLSv1.2"
             };
             break;
         case "SSLv3":
@@ -82,26 +82,24 @@
         case "TLSv1":
             contextProtocol = "TLSv1";
             expectedDefaultProtos = new String[] {
-                    "TLSv1"
             };
             break;
         case "TLSv11":
             contextProtocol = "TLSv1.1";
             expectedDefaultProtos = new String[] {
-                    "TLSv1", "TLSv1.1"
             };
             break;
         case "TLSv12":
         case "TLS":
             contextProtocol = "TLSv1.2";
             expectedDefaultProtos = new String[] {
-                    "TLSv1", "TLSv1.1", "TLSv1.2"
+                    "TLSv1.2"
             };
             break;
         case "TLSv13":
             contextProtocol = "TLSv1.3";
             expectedDefaultProtos = new String[] {
-                    "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
+                    "TLSv1.2", "TLSv1.3"
             };
             break;
         case "WrongProperty":
--- a/test/javax/net/ssl/TLSv11/GenericBlockCipher.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/net/ssl/TLSv11/GenericBlockCipher.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
+ * @library /lib/security
  * @run main/othervm GenericBlockCipher
  *
  *     SunJSSE does not support dynamic system properties, no way to re-use
@@ -160,6 +161,9 @@
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        // Re-enable TLSv1.1 since test depends on it.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+
         String keyFilename =
             System.getProperty("test.src", ".") + "/" + pathToStores +
                 "/" + keyStoreFile;
--- a/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,21 @@
 
 /*
  * @test
- * @bug 7174244
- * @summary NPE in Krb5ProxyImpl.getServerKeys()
- * @ignore the dependent implementation details are changed
+ * @bug 7174244 8234728
+ * @summary Test for ciphersuites order
  * @run main/othervm CipherSuitesInOrder
  */
 
 import java.util.*;
 import javax.net.ssl.*;
-import java.security.Security;
 
 public class CipherSuitesInOrder {
 
-    // supported ciphersuites
-    private final static List<String> supportedCipherSuites =
-            Arrays.<String>asList(
+    // Supported ciphersuites
+    private final static List<String> supportedCipherSuites
+            = Arrays.<String>asList(
+        "TLS_AES_128_GCM_SHA256",
+        "TLS_AES_256_GCM_SHA384",
         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
         "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
@@ -152,19 +152,19 @@
     );
 
     private final static String[] protocols = {
-        "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"
+        "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
     };
 
 
     public static void main(String[] args) throws Exception {
         // show all of the supported cipher suites
         showSuites(supportedCipherSuites.toArray(new String[0]),
-                                "All supported cipher suites");
+                 "All supported cipher suites");
 
         for (String protocol : protocols) {
             System.out.println("//");
-            System.out.println("// " +
-                        "Testing for SSLContext of " + protocol);
+            System.out.println("// "
+                    + "Testing for SSLContext of " + protocol);
             System.out.println("//");
             checkForProtocols(protocol);
         }
@@ -189,7 +189,6 @@
         checkSuites(parameters.getCipherSuites(),
                 "Supported cipher suites in SSLContext");
 
-
         //
         // Check the cipher suites order of SSLEngine
         //
@@ -209,34 +208,34 @@
         // Check the cipher suites order of SSLSocket
         //
         SSLSocketFactory factory = context.getSocketFactory();
-        try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
+        try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
 
             // check the order of endabled cipher suites
             ciphers = socket.getEnabledCipherSuites();
             checkSuites(ciphers,
-                "Enabled cipher suites in SSLSocket");
+                    "Enabled cipher suites in SSLSocket");
 
             // check the order of supported cipher suites
             ciphers = socket.getSupportedCipherSuites();
             checkSuites(ciphers,
-                "Supported cipher suites in SSLSocket");
+                    "Supported cipher suites in SSLSocket");
         }
 
         //
         // Check the cipher suites order of SSLServerSocket
         //
         SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
-        try (SSLServerSocket serverSocket =
-                (SSLServerSocket)serverFactory.createServerSocket()) {
+        try (SSLServerSocket serverSocket
+                = (SSLServerSocket) serverFactory.createServerSocket()) {
             // check the order of endabled cipher suites
             ciphers = serverSocket.getEnabledCipherSuites();
             checkSuites(ciphers,
-                "Enabled cipher suites in SSLServerSocket");
+                    "Enabled cipher suites in SSLServerSocket");
 
             // check the order of supported cipher suites
             ciphers = serverSocket.getSupportedCipherSuites();
             checkSuites(ciphers,
-                "Supported cipher suites in SSLServerSocket");
+                    "Supported cipher suites in SSLServerSocket");
         }
     }
 
@@ -250,7 +249,6 @@
             if (index <= loc) {
                 throw new RuntimeException(suite + " is not in order");
             }
-
             loc = index;
         }
     }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.util.Arrays;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+
+/*
+ * @test
+ * @bug 8234728
+ * @library /javax/net/ssl/templates
+ *          /javax/net/ssl/TLSCommon
+ *          /lib/security
+ * @summary Test TLS ciphersuites order set through System properties
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
+ *      -Djdk.tls.server.cipherSuites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
+ *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
+ *      SystemPropCipherSuitesOrder TLSv1.3
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
+ *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
+ *      SystemPropCipherSuitesOrder TLSv1.3
+ * @run main/othervm
+ *      -Djdk.tls.server.cipherSuites=TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384
+ *      -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
+ *      SystemPropCipherSuitesOrder TLSv1.3
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      SystemPropCipherSuitesOrder TLSv1.2
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      SystemPropCipherSuitesOrder TLSv1.2
+ * @run main/othervm
+ *      -Djdk.tls.server.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      SystemPropCipherSuitesOrder TLSv1.2
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1.1
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1.1
+ * @run main/othervm
+ *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1.1
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1
+ * @run main/othervm
+ *      -Djdk.tls.client.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1
+ * @run main/othervm
+ *      -Djdk.tls.server.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
+ *      SystemPropCipherSuitesOrder TLSv1
+ */
+public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
+
+    private final String protocol;
+    private static String[] servercipherSuites;
+    private static String[] clientcipherSuites;
+
+    public static void main(String[] args) {
+        servercipherSuites
+                = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
+        clientcipherSuites
+                = toArray(System.getProperty("jdk.tls.client.cipherSuites"));
+        System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n",
+                Arrays.deepToString(servercipherSuites),
+                Arrays.deepToString(clientcipherSuites));
+
+        try {
+            new SystemPropCipherSuitesOrder(args[0]).run();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private SystemPropCipherSuitesOrder(String protocol) {
+        this.protocol = protocol;
+        // Re-enable protocol if disabled.
+        if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
+            SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+        }
+    }
+
+    // Servers are configured before clients, increment test case after.
+    @Override
+    protected void configureClientSocket(SSLSocket socket) {
+        socket.setEnabledProtocols(new String[]{protocol});
+    }
+
+    @Override
+    protected void configureServerSocket(SSLServerSocket serverSocket) {
+        serverSocket.setEnabledProtocols(new String[]{protocol});
+    }
+
+    protected void runServerApplication(SSLSocket socket) throws Exception {
+        if (servercipherSuites != null) {
+            System.out.printf("SERVER: SystemProperty:%s - "
+                    + "getEnabledCipherSuites:%s%n",
+                    Arrays.deepToString(servercipherSuites),
+                    Arrays.deepToString(socket.getEnabledCipherSuites()));
+        }
+        if (servercipherSuites != null && !Arrays.equals(
+                servercipherSuites, socket.getEnabledCipherSuites())) {
+            throw new RuntimeException("Unmatched server side CipherSuite order");
+        }
+        super.runServerApplication(socket);
+    }
+
+    protected void runClientApplication(SSLSocket socket) throws Exception {
+        if (clientcipherSuites != null) {
+            System.out.printf("CLIENT: SystemProperty:%s - "
+                    + "getEnabledCipherSuites:%s%n",
+                    Arrays.deepToString(clientcipherSuites),
+                    Arrays.deepToString(socket.getEnabledCipherSuites()));
+        }
+        if (clientcipherSuites != null && !Arrays.equals(clientcipherSuites,
+                socket.getEnabledCipherSuites())) {
+            throw new RuntimeException("Unmatched client side CipherSuite order");
+        }
+        super.runClientApplication(socket);
+    }
+
+    private static String[] toArray(String prop) {
+        return (prop != null) ? prop.split(",") : null;
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import java.util.Arrays;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
+
+/*
+ * @test
+ * @bug 8234728
+ * @library /javax/net/ssl/templates
+ *          /javax/net/ssl/TLSCommon
+ *          /lib/security
+ * @summary Test TLS ciphersuites order.
+ *      Parameter order: <protocol> <client cipher order> <server cipher order>
+ * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv13 UNORDERED UNORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv13 ORDERED ORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv12 UNORDERED UNORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv12 ORDERED ORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv11 UNORDERED UNORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv11 ORDERED ORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED default
+ * @run main/othervm TLSCipherSuitesOrder TLSv1 UNORDERED UNORDERED
+ * @run main/othervm TLSCipherSuitesOrder TLSv1 ORDERED ORDERED
+ */
+public class TLSCipherSuitesOrder extends SSLSocketTemplate {
+
+    private final String protocol;
+    private final String[] servercipherSuites;
+    private final String[] clientcipherSuites;
+
+    public static void main(String[] args) {
+        PROTOCOL protocol = PROTOCOL.valueOf(args[0]);
+        try {
+            new TLSCipherSuitesOrder(protocol.getProtocol(),
+                    protocol.getCipherSuite(args[1]),
+                    protocol.getCipherSuite(args[2])).run();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites,
+            String[] servercipherSuites) {
+        // Re-enable protocol if it is disabled.
+        if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
+            SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+        }
+        this.protocol = protocol;
+        this.clientcipherSuites = clientcipherSuites;
+        this.servercipherSuites = servercipherSuites;
+    }
+
+    // Servers are configured before clients, increment test case after.
+    @Override
+    protected void configureClientSocket(SSLSocket socket) {
+        socket.setEnabledProtocols(new String[]{protocol});
+        if (clientcipherSuites != null) {
+            socket.setEnabledCipherSuites(clientcipherSuites);
+        }
+    }
+
+    @Override
+    protected void configureServerSocket(SSLServerSocket serverSocket) {
+        serverSocket.setEnabledProtocols(new String[]{protocol});
+        if (servercipherSuites != null) {
+            serverSocket.setEnabledCipherSuites(servercipherSuites);
+        }
+    }
+
+    protected void runServerApplication(SSLSocket socket) throws Exception {
+        if (servercipherSuites != null) {
+            System.out.printf("SERVER: setEnabledCipherSuites:%s - "
+                    + "getEnabledCipherSuites:%s%n",
+                    Arrays.deepToString(servercipherSuites),
+                    Arrays.deepToString(socket.getEnabledCipherSuites()));
+        }
+        if (servercipherSuites != null && !Arrays.equals(servercipherSuites,
+                socket.getEnabledCipherSuites())) {
+            throw new RuntimeException("Unmatched server side CipherSuite order");
+        }
+        super.runServerApplication(socket);
+    }
+
+    protected void runClientApplication(SSLSocket socket) throws Exception {
+        if (clientcipherSuites != null) {
+            System.out.printf("CLIENT: setEnabledCipherSuites:%s - "
+                    + "getEnabledCipherSuites:%s%n",
+                    Arrays.deepToString(clientcipherSuites),
+                    Arrays.deepToString(socket.getEnabledCipherSuites()));
+        }
+        if (clientcipherSuites != null && !Arrays.equals(
+                clientcipherSuites, socket.getEnabledCipherSuites())) {
+            throw new RuntimeException("Unmatched client side CipherSuite order");
+        }
+        super.runClientApplication(socket);
+    }
+
+    enum PROTOCOL {
+        TLSv13("TLSv1.3",
+                new String[]{
+                    "TLS_AES_256_GCM_SHA384",
+                    "TLS_AES_128_GCM_SHA256"},
+                new String[]{
+                    "TLS_AES_128_GCM_SHA256",
+                    "TLS_AES_256_GCM_SHA384"}),
+        TLSv12("TLSv1.2",
+                new String[]{
+                    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+                new String[]{
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+                    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}),
+        TLSv11("TLSv1.1",
+                new String[]{
+                    "TLS_RSA_WITH_AES_256_CBC_SHA",
+                    "TLS_RSA_WITH_AES_128_CBC_SHA"},
+                new String[]{
+                    "TLS_RSA_WITH_AES_128_CBC_SHA",
+                    "TLS_RSA_WITH_AES_256_CBC_SHA"}),
+        TLSv1("TLSv1",
+                new String[]{
+                    "TLS_RSA_WITH_AES_256_CBC_SHA",
+                    "TLS_RSA_WITH_AES_128_CBC_SHA"},
+                new String[]{
+                    "TLS_RSA_WITH_AES_128_CBC_SHA",
+                    "TLS_RSA_WITH_AES_256_CBC_SHA"});
+
+        String protocol;
+        String[] orderedCiphers;
+        String[] unOrderedCiphers;
+
+        private PROTOCOL(String protocol, String[] orderedCiphers,
+                String[] unOrderedCiphers) {
+            this.protocol = protocol;
+            this.orderedCiphers = orderedCiphers;
+            this.unOrderedCiphers = unOrderedCiphers;
+        }
+
+        public String getProtocol() {
+            return protocol;
+        }
+
+        public String[] getOrderedCiphers() {
+            return orderedCiphers;
+        }
+
+        public String[] getUnOrderedCiphers() {
+            return unOrderedCiphers;
+        }
+
+        public String[] getCipherSuite(String order) {
+            switch (order) {
+                case "ORDERED":
+                    return getOrderedCiphers();
+                case "UNORDERED":
+                    return getUnOrderedCiphers();
+                default:
+                    return null;
+            }
+        }
+    }
+}
--- a/test/javax/net/ssl/templates/SSLSocketTemplate.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/net/ssl/templates/SSLSocketTemplate.java	Mon Apr 19 04:23:30 2021 +0100
@@ -188,10 +188,15 @@
     }
 
     /*
+     * Configure the client side socket.
+     */
+    protected void configureClientSocket(SSLSocket socket) {
+    }
+
+    /*
      * Configure the server side socket.
      */
     protected void configureServerSocket(SSLServerSocket socket) {
-
     }
 
     /*
@@ -316,6 +321,7 @@
 
         try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {
             try {
+                configureClientSocket(sslSocket);
                 sslSocket.connect(
                         new InetSocketAddress("localhost", serverPort), 15000);
             } catch (IOException ioe) {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/GetInputStream.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/GetInputStream.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -52,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
@@ -74,7 +76,9 @@
                     buff = new ModelByteBuffer(test_byte_array);
 
                 byte[] b = new byte[test_byte_array.length];
-                buff.getInputStream().read(b);
+                try (InputStream is = buff.getInputStream()) {
+                    is.read(b);
+                }
                 for (int j = 0; j < b.length; j++)
                     if(b[i] != test_byte_array[i])
                          throw new RuntimeException("Byte array compare fails!");
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/GetRoot.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/GetRoot.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/Load.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/Load.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -52,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/LoadAll.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/LoadAll.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -54,13 +55,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArray.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArray.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArrayIntInt.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferByteArrayIntInt.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFile.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFile.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFileLongLong.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/NewModelByteBufferFileLongLong.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Available.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Available.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Close.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Close.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkReset.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkReset.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkSupported.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/MarkSupported.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Read.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Read.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByte.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByte.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByteIntInt.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/ReadByteIntInt.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Skip.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/RandomFileInputStream/Skip.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,9 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +54,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLong.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLong.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLong.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLong.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLongBoolean.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/SubbufferLongLongBoolean.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -51,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/Unload.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/Unload.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,8 @@
 
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -52,13 +53,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBuffer/WriteTo.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBuffer/WriteTo.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,9 @@
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -53,13 +55,13 @@
         test_byte_array = new byte[testarray.length*2];
         AudioFloatConverter.getConverter(format).toByteArray(testarray, test_byte_array);
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(test_byte_array);
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(test_byte_array);
+        }
     }
 
     static void tearDown() throws Exception {
-        if(!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void main(String[] args) throws Exception {
--- a/test/javax/sound/midi/Gervill/ModelByteBufferWavetable/OpenStream.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/Gervill/ModelByteBufferWavetable/OpenStream.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,8 @@
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import javax.sound.sampled.*;
 
@@ -97,16 +99,15 @@
         buffer_wave = new ModelByteBuffer(baos.toByteArray());
 
         test_file = File.createTempFile("test", ".raw");
-        FileOutputStream fos = new FileOutputStream(test_file);
-        fos.write(baos.toByteArray());
-        fos.close();
+        try (FileOutputStream fos = new FileOutputStream(test_file)) {
+            fos.write(baos.toByteArray());
+        }
         buffer_wave_ondisk = new ModelByteBuffer(test_file);
 
     }
 
     static void tearDown() throws Exception {
-        if (!test_file.delete())
-            test_file.deleteOnExit();
+        Files.delete(Paths.get(test_file.getAbsolutePath()));
     }
 
     public static void testOpenStream(ModelByteBufferWavetable wavetable)
--- a/test/javax/sound/midi/MidiSystem/DefaultDevices.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/MidiSystem/DefaultDevices.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,6 @@
  * @bug 4776511
  * @bug 4934509
  * @bug 4938236
- * @modules java.desktop/com.sun.media.sound
  * @run main/timeout=600 DefaultDevices
  * @summary RFE: Setting the default MixerProvider
  */
--- a/test/javax/sound/midi/MidiSystem/DefaultProperties.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/MidiSystem/DefaultProperties.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,6 @@
  * @summary RFE: Setting the default MixerProvider. Test the retrieving and
  *          parsing of properties. This is a part of the test for 4776511.
  * @run main/othervm DefaultProperties
- * @modules java.desktop/com.sun.media.sound
  */
 public class DefaultProperties {
 
--- a/test/javax/sound/midi/MidiSystem/ProviderCacheing.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/midi/MidiSystem/ProviderCacheing.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@
  * @bug 4776511
  * @summary RFE: Setting the default MixerProvider. Test the cacheing of
  *          providers. This is a part of the test for 4776511.
- * @modules java.desktop/com.sun.media.sound
  */
 public class ProviderCacheing {
 
--- a/test/javax/sound/midi/MidiSystem/testdata/lib/conf/sound.properties	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-#
-# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-javax.sound.midi.Receiver=xyz#123
-javax.sound.midi.Transmitter=xyz#123
-javax.sound.midi.Sequencer=xyz#123
-javax.sound.midi.Synthesizer=xyz#123
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/sound/midi/MidiSystem/testdata/lib/sound.properties	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+javax.sound.midi.Receiver=xyz#123
+javax.sound.midi.Transmitter=xyz#123
+javax.sound.midi.Sequencer=xyz#123
+javax.sound.midi.Synthesizer=xyz#123
--- a/test/javax/sound/sampled/AudioSystem/DefaultMixers.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/sampled/AudioSystem/DefaultMixers.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,6 @@
  * @bug 4776511
  * @summary RFE: Setting the default MixerProvider. Test the retrieving of lines
  *          with defaut mixer properties.
- * @modules java.desktop/com.sun.media.sound
  */
 public class DefaultMixers {
 
--- a/test/javax/sound/sampled/AudioSystem/DefaultProperties.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/sampled/AudioSystem/DefaultProperties.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,7 +32,6 @@
  * @run main/othervm DefaultProperties
  * @summary RFE: Setting the default MixerProvider. Test the retrieving and
  *          parsing of properties.
- * @modules java.desktop/com.sun.media.sound
  */
 public class DefaultProperties {
 
--- a/test/javax/sound/sampled/AudioSystem/ProviderCacheing.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/sound/sampled/AudioSystem/ProviderCacheing.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,6 @@
  * @bug 4776511
  * @summary RFE: Setting the default MixerProvider. Test the cacheing of
  *          providers.
- * @modules java.desktop/com.sun.media.sound
  */
 public class ProviderCacheing {
 
--- a/test/javax/sound/sampled/AudioSystem/testdata/lib/conf/sound.properties	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-#
-# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-javax.sound.sampled.SourceDataLine=xyz#123
-javax.sound.sampled.TargetDataLine=xyz#123
-javax.sound.sampled.Clip=xyz#123
-javax.sound.sampled.Port=xyz#123
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/sound/sampled/AudioSystem/testdata/lib/sound.properties	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+javax.sound.sampled.SourceDataLine=xyz#123
+javax.sound.sampled.TargetDataLine=xyz#123
+javax.sound.sampled.Clip=xyz#123
+javax.sound.sampled.Port=xyz#123
--- a/test/javax/swing/JComboBox/6632953/bug6632953.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/javax/swing/JComboBox/6632953/bug6632953.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015 Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,23 +22,39 @@
  */
 
 /* @test
- * @bug 6632953
+ * @bug 6632953 8078614
  * @summary MetalComboBoxUI.getBaseline(JComponent, int, int) throws IAE for valid width/height
  * @author Alexander Potochkin
  */
-
 import javax.swing.JComboBox;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
 import javax.swing.plaf.metal.MetalComboBoxUI;
 
 public class bug6632953 {
 
     public static void main(String... args) throws Exception {
-        MetalComboBoxUI ui = new MetalComboBoxUI();
-        ui.installUI(new JComboBox());
-        ui.getBaseline(new JComboBox(), 0, 0);
-        ui.getBaseline(new JComboBox(), 1, 1);
-        ui.getBaseline(new JComboBox(), 2, 2);
-        ui.getBaseline(new JComboBox(), 3, 3);
-        ui.getBaseline(new JComboBox(), 4, 4);
+        SwingUtilities.invokeAndWait(new Runnable() {
+
+            @Override
+            public void run() {
+
+                for (UIManager.LookAndFeelInfo lafInfo
+                        : UIManager.getInstalledLookAndFeels()) {
+                    try {
+                        UIManager.setLookAndFeel(lafInfo.getClassName());
+                    } catch (Exception e) {
+                        throw new RuntimeException(e);
+                    }
+                    MetalComboBoxUI ui = new MetalComboBoxUI();
+                    ui.installUI(new JComboBox());
+                    ui.getBaseline(new JComboBox(), 0, 0);
+                    ui.getBaseline(new JComboBox(), 1, 1);
+                    ui.getBaseline(new JComboBox(), 2, 2);
+                    ui.getBaseline(new JComboBox(), 3, 3);
+                    ui.getBaseline(new JComboBox(), 4, 4);
+                }
+            }
+        });
     }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/swing/JFrame/8255880/RepaintOnFrameIconifiedStateChangeTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+   @bug 8255880
+   @key headful
+   @summary Swing components, whose internal state changed while a frame was
+            iconified, are not redrawn after the frame becomes deiconified.
+ */
+
+import java.awt.AWTException;
+import java.awt.Container;
+import java.awt.Dimension;
+import java.awt.FlowLayout;
+import java.awt.Graphics;
+import java.awt.Robot;
+import java.awt.Toolkit;
+import java.lang.reflect.InvocationTargetException;
+import javax.swing.JButton;
+import javax.swing.JComponent;
+import javax.swing.JFrame;
+import javax.swing.JLabel;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
+import javax.swing.plaf.metal.MetalLookAndFeel;
+
+public class RepaintOnFrameIconifiedStateChangeTest {
+    private static final String[][] strsForComps = new String[][] {
+        {"JLabel AAA", "JLabel BBB"},
+        {"JButton AAA", "JButton BBB"}};
+    private static final int lblIndex = 0;
+    private static final int btnIndex = 1;
+
+    private static volatile JFrame frame;
+    private static volatile JLabel label;
+    private static volatile JButton button;
+    private static volatile JComponent[] comps = new JComponent[2];
+    private static volatile boolean[] compRedrawn = new boolean[2];
+    private static volatile boolean compRedrawnFlagCanBeSet = false;
+
+    public static void main(String[] args) {
+        Toolkit toolkit = Toolkit.getDefaultToolkit();
+        if (!toolkit.isFrameStateSupported(JFrame.ICONIFIED) ||
+            !toolkit.isFrameStateSupported(JFrame.NORMAL)) {
+            System.out.println("ICONIFIED or NORMAL frame states are not" +
+                "supported by a toolkit.");
+            return;
+        }
+
+        try {
+            SwingUtilities.invokeAndWait(new Runnable() {
+                @Override
+                public void run() {
+                    System.out.println("Creating GUI...");
+                    createGUI();
+                }
+            });
+            Robot robot = new Robot();
+            robot.delay(2000);
+
+            SwingUtilities.invokeAndWait(new Runnable() {
+                @Override
+                public void run() {
+                    System.out.println("Minimizing the frame...");
+                    frame.setExtendedState(JFrame.ICONIFIED);
+                }
+            });
+            robot.delay(2000);
+
+            SwingUtilities.invokeAndWait(new Runnable() {
+                @Override
+                public void run() {
+                    System.out.println("Changing states of components...");
+                    label.setText(strsForComps[lblIndex][1]);
+                    button.setText(strsForComps[btnIndex][1]);
+                }
+            });
+            robot.delay(2000);
+
+            SwingUtilities.invokeAndWait(new Runnable() {
+                @Override
+                public void run() {
+                    System.out.println("Restoring the frame...");
+                    for (int i = 0; i < compRedrawn.length; i++) {
+                        compRedrawn[i] = false;
+                    }
+                    compRedrawnFlagCanBeSet = true;
+
+                    frame.setExtendedState(JFrame.NORMAL);
+                    frame.toFront();
+                }
+            });
+            robot.delay(2000);
+
+            int notRedrawnCompsCount = 0;
+            for (int i = 0; i < compRedrawn.length; i++) {
+                if (!compRedrawn[i]) {
+                    notRedrawnCompsCount++;
+                    System.out.println(String.format(
+                            "Not redrawn component #%d: '%s'", i, comps[i]));
+                }
+            }
+            if (notRedrawnCompsCount > 0) {
+                throw new RuntimeException(String.format(
+                        "'%d' components were not redrawn.",
+                        notRedrawnCompsCount));
+            }
+            System.out.println("Test passed.");
+        } catch (InterruptedException | InvocationTargetException |
+            AWTException e) {
+            throw new RuntimeException(e);
+        } finally {
+            try {
+                SwingUtilities.invokeAndWait(new Runnable() {
+                    @Override
+                    public void run() {
+                        if (frame != null) {
+                            frame.dispose();
+                            frame = null;
+                        }
+                    }
+                });
+            } catch (InterruptedException | InvocationTargetException e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
+    private static void createGUI() {
+        if (!(UIManager.getLookAndFeel() instanceof MetalLookAndFeel)) {
+            try {
+                UIManager.setLookAndFeel(new MetalLookAndFeel());
+            } catch (UnsupportedLookAndFeelException ulafe) {
+                throw new RuntimeException(ulafe);
+            }
+        }
+
+        frame = new JFrame("RepaintOnFrameIconifiedStateChangeTest");
+        frame.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
+        Container content = frame.getContentPane();
+        content.setLayout(new FlowLayout());
+
+        comps[lblIndex] = label = new JLabel(strsForComps[lblIndex][0]) {
+            @Override
+            public void paint(Graphics g) {
+                super.paint(g);
+                if (compRedrawnFlagCanBeSet) {
+                    compRedrawn[lblIndex] = true;
+                }
+            }
+        };
+        label.setPreferredSize(new Dimension(150, 50));
+        content.add(label);
+
+        comps[btnIndex] = button = new JButton(strsForComps[btnIndex][0]) {
+            @Override
+            public void paint(Graphics g) {
+                super.paint(g);
+                if (compRedrawnFlagCanBeSet) {
+                    compRedrawn[btnIndex] = true;
+                }
+            }
+        };
+        button.setPreferredSize(new Dimension(200, 50));
+        button.setFocusable(false);
+        content.add(button);
+
+        frame.pack();
+        frame.setVisible(true);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/swing/JMenu/JMenuSelectedColorTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,206 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @requires (os.family == "linux")
+ * @key headful
+ * @bug 8248637
+ * @summary Tests selected JMenu and JMenuitem is properly highlighted in GTKL&F
+ *  with gtk3 version
+ * @run main/othervm -Djdk.gtk.version=3 JMenuSelectedColorTest
+ */
+
+import javax.swing.JFrame;
+import javax.swing.JMenu;
+import javax.swing.JMenuBar;
+import javax.swing.JMenuItem;
+import javax.swing.JPanel;
+import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
+import java.awt.BorderLayout;
+import java.awt.Color;
+import java.awt.Component;
+import java.awt.FlowLayout;
+import java.awt.Point;
+import java.awt.Rectangle;
+import java.awt.Robot;
+import java.awt.event.InputEvent;
+
+public class JMenuSelectedColorTest {
+    private static JFrame frame;
+    private static JMenu menu;
+    private static JMenuItem menuitem;
+    private static Point point;
+    private static Rectangle rect;
+    private static Robot robot;
+    private static final String GTK_LAF_CLASS = "GTKLookAndFeel";
+    private static int minColorDifference = 100;
+
+    private static void blockTillDisplayed(Component comp) {
+        Point p = null;
+        while (p == null) {
+            try {
+                p = comp.getLocationOnScreen();
+            } catch (IllegalStateException e) {
+                try {
+                    Thread.sleep(500);
+                } catch (InterruptedException ie) {
+                }
+            }
+        }
+    }
+
+    private static int getMaxColorDiff(Color c1, Color c2) {
+        return Math.max(Math.abs(c1.getRed() - c2.getRed()),
+                Math.max(Math.abs(c1.getGreen() - c2.getGreen()),
+                        Math.abs(c1.getBlue() - c2.getBlue())));
+    }
+
+    public static void main(String[] args) throws Exception {
+        if (!System.getProperty("os.name").startsWith("Linux")) {
+            System.out.println("This test is meant for Linux platform only");
+            return;
+        }
+
+        for (UIManager.LookAndFeelInfo lookAndFeelInfo :
+                UIManager.getInstalledLookAndFeels()) {
+            if (lookAndFeelInfo.getClassName().contains(GTK_LAF_CLASS)) {
+                try {
+                    UIManager.setLookAndFeel(lookAndFeelInfo.getClassName());
+                } catch (final UnsupportedLookAndFeelException ignored) {
+                    System.out.println("GTK L&F could not be set, so this " +
+                            "test can not be run in this scenario ");
+                    return;
+                }
+            }
+        }
+
+        robot = new Robot();
+        robot.setAutoDelay(100);
+
+        try {
+            SwingUtilities.invokeAndWait(new Runnable() {
+                public void run() {
+                    menu = new JMenu("         ") ;
+                    menuitem = new JMenuItem("        ");
+                    menu.add(menuitem);
+
+                    JPanel panel = new JPanel();
+                    panel.setLayout(new BorderLayout());
+
+                    JMenuBar menuBar = new JMenuBar();
+                    JPanel menuPanel = new JPanel();
+
+                    menuPanel.setLayout(new FlowLayout());
+
+                    menuBar.add(menu);
+                    menuPanel.add(menuBar);
+                    panel.add(menuPanel, BorderLayout.CENTER);
+                    frame = new JFrame("JMenuSelectedColor");
+                    frame.add(panel);
+                    frame.setSize(200, 200);
+                    frame.setAlwaysOnTop(true);
+                    frame.setLocationRelativeTo(null);
+                    frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+                    frame.setVisible(true);
+                }
+            });
+
+            robot.waitForIdle();
+            robot.delay(500);
+
+            blockTillDisplayed(menu);
+            SwingUtilities.invokeAndWait(() -> {
+                point = menu.getLocationOnScreen();
+                rect = menu.getBounds();
+            });
+            robot.waitForIdle();
+            robot.delay(500);
+
+            Color backgroundColor = robot
+                    .getPixelColor(point.x+rect.width/2, point.y+rect.height/2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            menu.setSelected(true);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            Color highlightColor = robot
+                    .getPixelColor(point.x+rect.width/2, point.y+rect.height/2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            int actualColorDifference = getMaxColorDiff(backgroundColor, highlightColor);
+            if (actualColorDifference < minColorDifference) {
+                throw new RuntimeException("The expected highlight color for " +
+                        "Menu was not found");
+            }
+
+            robot.mouseMove(point.x + rect.width / 2,
+                    point.y + rect.height / 2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            robot.mousePress(InputEvent.BUTTON1_DOWN_MASK);
+            robot.mouseRelease(InputEvent.BUTTON1_DOWN_MASK);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            blockTillDisplayed(menuitem);
+            SwingUtilities.invokeAndWait(() -> {
+                point = menuitem.getLocationOnScreen();
+                rect = menuitem.getBounds();
+            });
+            robot.waitForIdle();
+            robot.delay(500);
+
+            backgroundColor = robot
+                    .getPixelColor(point.x+rect.width/2, point.y+rect.height/2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            robot.mouseMove(point.x + rect.width / 2,
+                    point.y + rect.height / 2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            highlightColor = robot
+                    .getPixelColor(point.x+rect.width/2, point.y+rect.height/2);
+            robot.waitForIdle();
+            robot.delay(500);
+
+            actualColorDifference = getMaxColorDiff(backgroundColor, highlightColor);
+            if (actualColorDifference < minColorDifference) {
+                throw new RuntimeException("The expected highlight color for " +
+                        "Menuitem was not found");
+            }
+        } finally {
+            if (frame != null) {
+                SwingUtilities.invokeAndWait(frame::dispose);
+            }
+        }
+    }
+}
--- a/test/jdk/internal/platform/docker/MetricsMemoryTester.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/jdk/internal/platform/docker/MetricsMemoryTester.java	Mon Apr 19 04:23:30 2021 +0100
@@ -61,26 +61,34 @@
     }
 
     private static void testMemoryFailCount() {
-        long count = Metrics.systemMetrics().getMemoryFailCount();
+        long memAndSwapLimit = Metrics.systemMetrics().getMemoryAndSwapLimit();
+        long memLimit = Metrics.systemMetrics().getMemoryLimit();
+
+        // We need swap to execute this test or will SEGV
+        if (memAndSwapLimit <= memLimit) {
+            System.out.println("No swap memory limits, test case skipped");
+        } else {
+            long count = Metrics.systemMetrics().getMemoryFailCount();
 
-        // Allocate 512M of data
-        byte[][] bytes = new byte[64][];
-        for (int i = 0; i < 64; i++) {
-            try {
-                bytes[i] = new byte[8 * 1024 * 1024];
-                // Break out as soon as we see an increase in failcount
-                // to avoid getting killed by the OOM killer.
-                if (Metrics.systemMetrics().getMemoryFailCount() > count) {
+            // Allocate 512M of data
+            byte[][] bytes = new byte[64][];
+            for (int i = 0; i < 64; i++) {
+                try {
+                    bytes[i] = new byte[8 * 1024 * 1024];
+                    // Break out as soon as we see an increase in failcount
+                    // to avoid getting killed by the OOM killer.
+                    if (Metrics.systemMetrics().getMemoryFailCount() > count) {
+                        break;
+                    }
+                } catch (Error e) { // OOM error
                     break;
                 }
-            } catch (Error e) { // OOM error
-                break;
             }
-        }
-        if (Metrics.systemMetrics().getMemoryFailCount() <= count) {
-            throw new RuntimeException("Memory fail count : new : ["
-                    + Metrics.systemMetrics().getMemoryFailCount() + "]"
-                    + ", old : [" + count + "]");
+            if (Metrics.systemMetrics().getMemoryFailCount() <= count) {
+                throw new RuntimeException("Memory fail count : new : ["
+                        + Metrics.systemMetrics().getMemoryFailCount() + "]"
+                        + ", old : [" + count + "]");
+            }
         }
         System.out.println("TEST PASSED!!!");
     }
@@ -111,10 +119,12 @@
     private static void testMemoryAndSwapLimit(String memory, String memAndSwap) {
         long expectedMem = getMemoryValue(memory);
         long expectedMemAndSwap = getMemoryValue(memAndSwap);
+        long actualMemAndSwap = Metrics.systemMetrics().getMemoryAndSwapLimit();
 
         if (expectedMem != Metrics.systemMetrics().getMemoryLimit()
-                || expectedMemAndSwap != Metrics.systemMetrics().getMemoryAndSwapLimit()) {
-            System.err.println("Memory and swap limit not equal, expected : ["
+                || (expectedMemAndSwap != actualMemAndSwap
+                && expectedMem != actualMemAndSwap)) {
+            throw new RuntimeException("Memory and swap limit not equal, expected : ["
                     + expectedMem + ", " + expectedMemAndSwap + "]"
                     + ", got : [" + Metrics.systemMetrics().getMemoryLimit()
                     + ", " + Metrics.systemMetrics().getMemoryAndSwapLimit() + "]");
--- a/test/jdk/internal/platform/docker/TestUseContainerSupport.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/jdk/internal/platform/docker/TestUseContainerSupport.java	Mon Apr 19 04:23:30 2021 +0100
@@ -58,8 +58,7 @@
         DockerRunOptions opts =
                 new DockerRunOptions(imageName, "/jdk/bin/java", "CheckUseContainerSupport");
         opts.addClassOptions(Boolean.valueOf(useContainerSupport).toString());
-        opts.addDockerOpts("--memory", "200m")
-            .addDockerOpts("--volume", Utils.TEST_CLASSES + ":/test-classes/");
+        opts.addDockerOpts("--volume", Utils.TEST_CLASSES + ":/test-classes/");
         if (useContainerSupport) {
             opts.addJavaOpts("-XX:+UseContainerSupport");
         } else {
--- a/test/jdk/jfr/event/os/TestCPUInformation.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/jdk/jfr/event/os/TestCPUInformation.java	Mon Apr 19 04:23:30 2021 +0100
@@ -55,7 +55,7 @@
             Events.assertField(event, "cores").atLeast(1);
             Events.assertField(event, "sockets").atLeast(1);
             Events.assertField(event, "cpu").containsAny("Intel", "AMD", "Unknown x86", "sparc", "ARM", "PPC", "PowerPC", "AArch64", "s390");
-            Events.assertField(event, "description").containsAny("Intel", "AMD", "Unknown x86", "SPARC", "ARM", "PPC", "PowerPC", "AArch64", "zArch");
+            Events.assertField(event, "description").containsAny("Intel", "AMD", "Unknown x86", "SPARC", "ARM", "PPC", "PowerPC", "AArch64", "s390");
         }
     }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/lib/jdk/test/lib/Container.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2019, Red Hat Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.test.lib;
+
+public class Container {
+    // Use this property to specify docker location on your system.
+    // E.g.: "/usr/local/bin/docker". We define this constant here so
+    // that it can be used in VMProps as well which checks docker support
+    // via this command
+    public static final String ENGINE_COMMAND =
+        System.getProperty("jdk.test.container.command", "docker");
+}
--- a/test/lib/jdk/test/lib/containers/cgroup/MetricsTester.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/lib/jdk/test/lib/containers/cgroup/MetricsTester.java	Mon Apr 19 04:23:30 2021 +0100
@@ -291,29 +291,32 @@
         }
 
         //  Memory and Swap
-        oldVal = metrics.getMemoryAndSwapFailCount();
-        newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.failcnt");
-        if (!compareWithErrorMargin(oldVal, newVal)) {
-            fail(SubSystem.MEMORY, "memory.memsw.failcnt", oldVal, newVal);
-        }
+        // Skip swap tests if no swap is configured.
+        if (metrics.getMemoryAndSwapLimit() > metrics.getMemoryLimit()) {
+            oldVal = metrics.getMemoryAndSwapFailCount();
+            newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.failcnt");
+            if (!compareWithErrorMargin(oldVal, newVal)) {
+                fail(SubSystem.MEMORY, "memory.memsw.failcnt", oldVal, newVal);
+            }
 
-        oldVal = metrics.getMemoryAndSwapLimit();
-        newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.limit_in_bytes");
-        newVal = newVal > unlimited_minimum ? -1L : newVal;
-        if (!compareWithErrorMargin(oldVal, newVal)) {
-            fail(SubSystem.MEMORY, "memory.memsw.limit_in_bytes", oldVal, newVal);
-        }
+            oldVal = metrics.getMemoryAndSwapLimit();
+            newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.limit_in_bytes");
+            newVal = newVal > unlimited_minimum ? -1L : newVal;
+            if (!compareWithErrorMargin(oldVal, newVal)) {
+                fail(SubSystem.MEMORY, "memory.memsw.limit_in_bytes", oldVal, newVal);
+            }
 
-        oldVal = metrics.getMemoryAndSwapMaxUsage();
-        newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes");
-        if (!compareWithErrorMargin(oldVal, newVal)) {
-            fail(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes", oldVal, newVal);
-        }
+            oldVal = metrics.getMemoryAndSwapMaxUsage();
+            newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes");
+            if (!compareWithErrorMargin(oldVal, newVal)) {
+                fail(SubSystem.MEMORY, "memory.memsw.max_usage_in_bytes", oldVal, newVal);
+            }
 
-        oldVal = metrics.getMemoryAndSwapUsage();
-        newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.usage_in_bytes");
-        if (!compareWithErrorMargin(oldVal, newVal)) {
-            fail(SubSystem.MEMORY, "memory.memsw.usage_in_bytes", oldVal, newVal);
+            oldVal = metrics.getMemoryAndSwapUsage();
+            newVal = getLongValueFromFile(SubSystem.MEMORY, "memory.memsw.usage_in_bytes");
+            if (!compareWithErrorMargin(oldVal, newVal)) {
+                fail(SubSystem.MEMORY, "memory.memsw.usage_in_bytes", oldVal, newVal);
+            }
         }
 
         oldVal = metrics.getMemorySoftLimit();
@@ -531,16 +534,20 @@
         long newUsage = metrics.getCpuUsage();
         long[] newPerCpu = metrics.getPerCpuUsage();
 
-        if (newSysVal <= startSysVal) {
+        // system/user CPU usage counters may be slowly increasing.
+        // allow for equal values for a pass
+        if (newSysVal < startSysVal) {
             fail(SubSystem.CPU, "getCpuSystemUsage", newSysVal, startSysVal);
         }
 
-        if (newUserVal <= startUserVal) {
+        // system/user CPU usage counters may be slowly increasing.
+        // allow for equal values for a pass
+        if (newUserVal < startUserVal) {
             fail(SubSystem.CPU, "getCpuUserUsage", newUserVal, startUserVal);
         }
 
         if (newUsage <= startUsage) {
-            fail(SubSystem.CPU, "getCpuUserUsage", newUsage, startUsage);
+            fail(SubSystem.CPU, "getCpuUsage", newUsage, startUsage);
         }
 
         boolean success = false;
@@ -559,19 +566,28 @@
         Metrics metrics = Metrics.systemMetrics();
         long memoryMaxUsage = metrics.getMemoryMaxUsage();
         long memoryUsage = metrics.getMemoryUsage();
-
-        byte[] bb = new byte[64*1024*1024]; // 64M
+        long newMemoryMaxUsage = 0, newMemoryUsage = 0;
 
-        long newMemoryMaxUsage = metrics.getMemoryMaxUsage();
-        long newMemoryUsage = metrics.getMemoryUsage();
+        // allocate memory in a loop and check more than once for new values
+        // otherwise we might see seldom the effect of decreasing new memory values
+        // e.g. because the system could free up memory
+        byte[][] bytes = new byte[32][];
+        for (int i = 0; i < 32; i++) {
+            bytes[i] = new byte[8*1024*1024];
+            newMemoryUsage = metrics.getMemoryUsage();
+            if (newMemoryUsage > memoryUsage) {
+                break;
+            }
+        }
+        newMemoryMaxUsage = metrics.getMemoryMaxUsage();
 
-        if(newMemoryMaxUsage < memoryMaxUsage) {
-            fail(SubSystem.MEMORY, "getMemoryMaxUsage", newMemoryMaxUsage,
-                    memoryMaxUsage);
+        if (newMemoryMaxUsage < memoryMaxUsage) {
+            fail(SubSystem.MEMORY, "getMemoryMaxUsage", memoryMaxUsage,
+                    newMemoryMaxUsage);
         }
 
-        if(newMemoryUsage < memoryUsage) {
-            fail(SubSystem.MEMORY, "getMemoryUsage", newMemoryUsage, memoryUsage);
+        if (newMemoryUsage < memoryUsage) {
+            fail(SubSystem.MEMORY, "getMemoryUsage", memoryUsage, newMemoryUsage);
         }
     }
 
--- a/test/lib/jdk/test/lib/containers/docker/DockerTestUtils.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/lib/jdk/test/lib/containers/docker/DockerTestUtils.java	Mon Apr 19 04:23:30 2021 +0100
@@ -36,6 +36,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import jdk.test.lib.Container;
 import jdk.test.lib.Utils;
 import jdk.test.lib.process.OutputAnalyzer;
 import jdk.test.lib.process.ProcessTools;
@@ -46,11 +47,6 @@
     private static boolean isDockerEngineAvailable = false;
     private static boolean wasDockerEngineChecked = false;
 
-    // Use this property to specify docker location on your system.
-    // E.g.: "/usr/local/bin/docker".
-    private static final String DOCKER_COMMAND =
-        System.getProperty("jdk.test.docker.command", "docker");
-
     // Set this property to true to retain image after test. By default
     // images are removed after test execution completes.
     // Retaining the image can be useful for diagnostics and image inspection.
@@ -110,7 +106,7 @@
      */
     private static boolean isDockerEngineAvailableCheck() throws Exception {
         try {
-            execute(DOCKER_COMMAND, "ps")
+            execute(Container.ENGINE_COMMAND, "ps")
                 .shouldHaveExitValue(0)
                 .shouldContain("CONTAINER")
                 .shouldContain("IMAGE");
@@ -173,9 +169,8 @@
                            DockerfileConfig.getBaseImageVersion());
 
         // Build the docker
-        execute(DOCKER_COMMAND, "build", "--no-cache", "--tag", imageName, buildDir.toString())
-            .shouldHaveExitValue(0)
-            .shouldContain("Successfully built");
+        execute(Container.ENGINE_COMMAND, "build", "--no-cache", "--tag", imageName, buildDir.toString())
+            .shouldHaveExitValue(0);
     }
 
 
@@ -190,7 +185,7 @@
     public static OutputAnalyzer dockerRunJava(DockerRunOptions opts) throws Exception {
         ArrayList<String> cmd = new ArrayList<>();
 
-        cmd.add(DOCKER_COMMAND);
+        cmd.add(Container.ENGINE_COMMAND);
         cmd.add("run");
         if (opts.tty)
             cmd.add("--tty=true");
@@ -220,7 +215,7 @@
      * @throws Exception
      */
     public static void removeDockerImage(String imageNameAndTag) throws Exception {
-            execute(DOCKER_COMMAND, "rmi", "--force", imageNameAndTag);
+            execute(Container.ENGINE_COMMAND, "rmi", "--force", imageNameAndTag);
     }
 
 
--- a/test/lib/security/SecurityUtils.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/lib/security/SecurityUtils.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,11 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.security.KeyStore;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * Common library for various security test helper functions.
@@ -52,5 +57,25 @@
         return ks;
     }
 
+    /**
+     * Removes the specified protocols from the jdk.tls.disabledAlgorithms
+     * security property.
+     */
+    public static void removeFromDisabledTlsAlgs(String... protocols) {
+        List<String> protocolsList = Arrays.asList(protocols);
+        protocolsList = Collections.unmodifiableList(protocolsList);
+        removeFromDisabledAlgs("jdk.tls.disabledAlgorithms",
+                               protocolsList);
+    }
+
+    private static void removeFromDisabledAlgs(String prop, List<String> algs) {
+        String value = Security.getProperty(prop);
+        value = Arrays.stream(value.split(","))
+                      .map(s -> s.trim())
+                      .filter(s -> !algs.contains(s))
+                      .collect(Collectors.joining(","));
+        Security.setProperty(prop, value);
+    }
+
     private SecurityUtils() {}
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/java2d/OpenGL/CopyAreaOOB.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6430601
+ * @summary Verifies that copyArea() works properly when the
+ * destination parameters are outside the destination bounds.
+ * @run main/othervm CopyAreaOOB
+ * @run main/othervm -Dsun.java2d.opengl=True CopyAreaOOB
+ * @author campbelc
+ */
+
+import java.awt.*;
+import java.awt.image.*;
+
+public class CopyAreaOOB extends Canvas {
+
+    private static boolean done;
+
+    public void paint(Graphics g) {
+        synchronized (this) {
+            if (done) {
+                return;
+            }
+        }
+
+        int w = getWidth();
+        int h = getHeight();
+
+        Graphics2D g2d = (Graphics2D)g;
+        g2d.setColor(Color.black);
+        g2d.fillRect(0, 0, w, h);
+
+        g2d.setColor(Color.green);
+        g2d.fillRect(0, 0, w, 10);
+
+        g2d.setColor(Color.red);
+        g2d.fillRect(0, 10, 50, h-10);
+
+        // copy the region such that part of it goes below the bottom of the
+        // destination surface
+        g2d.copyArea(0, 10, 50, h-10, 60, 10);
+
+        Toolkit.getDefaultToolkit().sync();
+
+        synchronized (this) {
+            done = true;
+            notifyAll();
+        }
+    }
+
+    public Dimension getPreferredSize() {
+        return new Dimension(400, 400);
+    }
+
+    private static void testRegion(BufferedImage bi, String name,
+                                   int x1, int y1, int x2, int y2,
+                                   int expected)
+    {
+        for (int y = y1; y < y2; y++) {
+            for (int x = x1; x < x2; x++) {
+                int actual = bi.getRGB(x, y);
+                if (actual != expected) {
+                    throw new RuntimeException("Test failed for " + name +
+                                                       " region at x="+x+" y="+y+
+                                                       " (expected="+
+                                                       Integer.toHexString(expected) +
+                                                       " actual="+
+                                                       Integer.toHexString(actual) +
+                                                       ")");
+                }
+            }
+        }
+    }
+
+    public static void main(String[] args) {
+        boolean show = (args.length == 1) && ("-show".equals(args[0]));
+
+        CopyAreaOOB test = new CopyAreaOOB();
+        Frame frame = new Frame();
+        frame.setUndecorated(true);
+        frame.add(test);
+        frame.pack();
+        frame.setLocationRelativeTo(null);
+        frame.setVisible(true);
+
+        // Wait until the component's been painted
+        synchronized (test) {
+            while (!done) {
+                try {
+                    test.wait();
+                } catch (InterruptedException e) {
+                    throw new RuntimeException("Failed: Interrupted");
+                }
+            }
+        }
+
+        try {
+            Thread.sleep(2000);
+        } catch (InterruptedException ex) {}
+
+        // Grab the screen region
+        BufferedImage capture = null;
+        try {
+            Robot robot = new Robot();
+            Point pt1 = test.getLocationOnScreen();
+            Rectangle rect = new Rectangle(pt1.x, pt1.y, 400, 400);
+            capture = robot.createScreenCapture(rect);
+        } catch (Exception e) {
+            throw new RuntimeException("Problems creating Robot");
+        } finally {
+            if (!show) {
+                frame.dispose();
+            }
+        }
+
+        // Test pixels
+        testRegion(capture, "green",          0,   0, 400,  10, 0xff00ff00);
+        testRegion(capture, "original red",   0,  10,  50, 400, 0xffff0000);
+        testRegion(capture, "background",    50,  10,  60, 400, 0xff000000);
+        testRegion(capture, "in-between",    60,  10, 110,  20, 0xff000000);
+        testRegion(capture, "copied red",    60,  20, 110, 400, 0xffff0000);
+        testRegion(capture, "background",   110,  10, 400, 400, 0xff000000);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/java2d/SunGraphics2D/EmptyClipRenderingTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,299 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.AWTException;
+import java.awt.Canvas;
+import java.awt.Color;
+import java.awt.Component;
+import java.awt.Dimension;
+import java.awt.Frame;
+import java.awt.Graphics;
+import java.awt.Graphics2D;
+import java.awt.GraphicsConfiguration;
+import java.awt.GraphicsEnvironment;
+import java.awt.HeadlessException;
+import java.awt.Rectangle;
+import java.awt.Robot;
+import java.awt.Toolkit;
+import java.awt.event.WindowAdapter;
+import java.awt.event.WindowEvent;
+import java.awt.image.BufferedImage;
+import java.awt.image.VolatileImage;
+import java.io.File;
+import java.io.IOException;
+import java.util.HashSet;
+import javax.imageio.ImageIO;
+import sun.awt.ConstrainableGraphics;
+
+/**
+ * @test
+ * @bug 6335200 6419610
+ * @summary Tests that we don't render anything if specific empty clip is set
+ * @author Dmitri.Trembovetski@Sun.COM: area=Graphics
+ * @run main EmptyClipRenderingTest
+ * @run main/othervm -Dsun.java2d.noddraw=true EmptyClipRenderingTest
+ * @run main/othervm -Dsun.java2d.pmoffscreen=true EmptyClipRenderingTest
+ * @run main/othervm -Dsun.java2d.opengl=true EmptyClipRenderingTest
+ */
+public class EmptyClipRenderingTest {
+    static final int IMG_W = 400;
+    static final int IMG_H = 400;
+
+    // generated rectangles
+    static HashSet<Rectangle> rects;
+
+    volatile boolean isActivated = false;
+    volatile boolean isPainted;
+    private static boolean showErrors = false;
+
+    public EmptyClipRenderingTest() {
+        // initialize clip/render region rectangles
+        initClips();
+
+        HashSet<RuntimeException> errors = new HashSet<RuntimeException>();
+
+        BufferedImage screenResult = testOnscreen();
+        try {
+            testResult(screenResult, "Screen");
+        } catch (RuntimeException e) {
+            errors.add(e);
+        }
+
+        BufferedImage destBI =
+            new BufferedImage(IMG_W, IMG_H, BufferedImage.TYPE_INT_RGB);
+        runTest((Graphics2D)destBI.getGraphics());
+        try {
+            testResult(destBI, "BufferedImage");
+        } catch (RuntimeException e) {
+            errors.add(e);
+        }
+
+        GraphicsConfiguration gc =
+                GraphicsEnvironment.getLocalGraphicsEnvironment().
+                getDefaultScreenDevice().getDefaultConfiguration();
+        VolatileImage destVI = gc.createCompatibleVolatileImage(IMG_W, IMG_H);
+        destVI.validate(gc);
+        runTest((Graphics2D)destVI.getGraphics());
+        try {
+            testResult(destVI.getSnapshot(), "VolatileImage");
+        } catch (RuntimeException e) {
+            errors.add(e);
+        }
+
+        if (errors.isEmpty()) {
+            System.err.println("Test PASSED.");
+        } else {
+            for (RuntimeException re : errors) {
+                re.printStackTrace();
+            }
+            if (showErrors) {
+                System.err.println("Test FAILED: "+ errors.size() +
+                                   " subtest failures.");
+            } else {
+                throw new RuntimeException("Test FAILED: "+ errors.size() +
+                                           " subtest failures.");
+            }
+        }
+    }
+
+    /**
+     * Recursively adds 4 new rectangles: two vertical and two horizontal
+     * based on the passed rectangle area. The area is then shrunk and the
+     * process repeated for smaller area.
+     */
+    private static void add4Rects(HashSet<Rectangle> rects, Rectangle area) {
+        if (area.width < 10 || area.height < 10) {
+            rects.add(area);
+            return;
+        }
+        // two vertical rects
+        rects.add(new Rectangle(area.x, area.y, 5, area.height));
+        rects.add(new Rectangle(area.x + area.width - 5, area.y, 5, area.height));
+        // two horizontal rects
+        int width = area.width - 2*(5 + 1);
+        rects.add(new Rectangle(area.x+6, area.y, width, 5));
+        rects.add(new Rectangle(area.x+6, area.y + area.height - 5, width, 5));
+        // reduce the area and repeat
+        area.grow(-6, -6);
+        add4Rects(rects, area);
+    }
+
+    /**
+     * Generate a bunch of non-intersecting rectangles
+     */
+    private static void initClips() {
+        rects = new HashSet<Rectangle>();
+        add4Rects(rects, new Rectangle(0, 0, IMG_W, IMG_H));
+        System.err.println("Total number of test rects: " + rects.size());
+    }
+
+    /**
+     * Render the pattern to the screen, capture the output with robot and
+     * return it.
+     */
+    private BufferedImage testOnscreen() throws HeadlessException {
+        final Canvas destComponent;
+        final Object lock = new Object();
+        Frame f = new Frame("Test Frame");
+        f.setUndecorated(true);
+        f.add(destComponent = new Canvas() {
+            public void paint(Graphics g) {
+                isPainted = true;
+            }
+            public Dimension getPreferredSize() {
+                return new Dimension(IMG_W, IMG_H);
+            }
+        });
+        f.addWindowListener(new WindowAdapter() {
+            public void windowActivated(WindowEvent e) {
+                if (!isActivated) {
+                    synchronized (lock) {
+                        isActivated = true;
+                        lock.notify();
+                    }
+                }
+            }
+        });
+        f.pack();
+        f.setLocationRelativeTo(null);
+        f.setVisible(true);
+        synchronized(lock) {
+            while (!isActivated) {
+                try {
+                    lock.wait(100);
+                } catch (InterruptedException ex) {
+                    ex.printStackTrace();
+                }
+            }
+        }
+        Robot r;
+        try {
+            r = new Robot();
+        } catch (AWTException ex) {
+            throw new RuntimeException("Can't create Robot");
+        }
+        BufferedImage bi;
+        int attempt = 0;
+        do {
+            if (++attempt > 10) {
+                throw new RuntimeException("Too many attempts: " + attempt);
+            }
+            isPainted = false;
+            runTest((Graphics2D) destComponent.getGraphics());
+            r.waitForIdle();
+            Toolkit.getDefaultToolkit().sync();
+            bi = r.createScreenCapture(
+                    new Rectangle(destComponent.getLocationOnScreen().x,
+                            destComponent.getLocationOnScreen().y,
+                            destComponent.getWidth(),
+                            destComponent.getHeight()));
+        } while (isPainted);
+        f.setVisible(false);
+        f.dispose();
+        return bi;
+    }
+
+    /**
+     * Run the test: cycle through all the rectangles, use one as clip and
+     * another as the area to render to.
+     * Set the clip in the same way Swing does it when repainting:
+     * first constrain the graphics to the damaged area, and repaint everything
+     */
+    void runTest(Graphics2D destGraphics) {
+        destGraphics.setColor(Color.black);
+        destGraphics.fillRect(0, 0, IMG_W, IMG_H);
+
+        destGraphics.setColor(Color.red);
+        for (Rectangle clip : rects) {
+            Graphics2D g2d = (Graphics2D)destGraphics.create();
+            g2d.setColor(Color.red);
+            // mimic what swing does in BufferStrategyPaintManager
+            if (g2d instanceof ConstrainableGraphics) {
+                ((ConstrainableGraphics)g2d).constrain(clip.x, clip.y,
+                                                       clip.width, clip.height);
+            }
+            g2d.setClip(clip);
+
+            for (Rectangle renderRegion : rects) {
+                if (renderRegion != clip) {
+                    // from CellRendererPane's paintComponent
+                    Graphics2D rG = (Graphics2D)
+                        g2d.create(renderRegion.x, renderRegion.y,
+                                   renderRegion.width, renderRegion.height);
+                    rG.fillRect(0,0, renderRegion.width, renderRegion.height);
+                }
+            }
+        }
+    }
+
+    void testResult(final BufferedImage bi, final String desc) {
+        for (int y = 0; y < bi.getHeight(); y++) {
+            for (int x = 0; x < bi.getWidth(); x++) {
+                if (bi.getRGB(x, y) != Color.black.getRGB()) {
+                    if (showErrors) {
+                        Frame f = new Frame("Error: " + desc);
+                        f.add(new Component() {
+                            public void paint(Graphics g) {
+                                g.drawImage(bi, 0, 0, null);
+                            }
+                            public Dimension getPreferredSize() {
+                                return new Dimension(bi.getWidth(),
+                                                     bi.getHeight());
+                            }
+                        });
+                        f.pack();
+                        f.setVisible(true);
+                    }
+                    try {
+                        String fileName =
+                            "EmptyClipRenderingTest_"+desc+"_res.png";
+                        System.out.println("Writing resulting image: "+fileName);
+                        ImageIO.write(bi, "png", new File(fileName));
+                    } catch (IOException ex) {
+                        ex.printStackTrace();
+                    }
+                    throw new RuntimeException("Dest: "+desc+
+                        " was rendered to at x="+
+                        x + " y=" + y +
+                        " pixel="+Integer.toHexString(bi.getRGB(x,y)));
+                }
+            }
+        }
+    }
+
+    public static void main(String argv[]) {
+        for (String arg : argv) {
+            if (arg.equals("-show")) {
+                showErrors = true;
+            } else {
+                usage("Incorrect argument:" + arg);
+            }
+        }
+        new EmptyClipRenderingTest();
+    }
+
+    private static void usage(String string) {
+        System.out.println(string);
+        System.out.println("Usage: EmptyClipRenderingTest [-show]");
+    }
+}
--- a/test/sun/security/lib/cacerts/VerifyCACerts.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/lib/cacerts/VerifyCACerts.java	Mon Apr 19 04:23:30 2021 +0100
@@ -27,7 +27,7 @@
  * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
  *      8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
  *      8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
- *      8225072 8258630
+ *      8225072 8258630 8259312
  * @summary Check root CA entries in cacerts file
  */
 import java.io.ByteArrayInputStream;
@@ -277,6 +277,8 @@
             add("luxtrustglobalrootca [jdk]");
             // Valid until: Wed Mar 17 11:33:33 PDT 2021
             add("quovadisrootca [jdk]");
+            // Valid until: Tue Apr 06 00:29:40 PDT 2021
+            add("soneraclass2ca [jdk]");
         }
     };
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/pkcs11/Cipher/CancelMultipart.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8258833
+ * @library /lib/security ..
+ * @run main/othervm CancelMultipart
+ */
+
+import java.lang.reflect.Field;
+import java.nio.ByteBuffer;
+import java.security.Key;
+import java.security.Provider;
+import java.security.ProviderException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.spec.SecretKeySpec;
+
+public class CancelMultipart extends PKCS11Test {
+
+    private static Provider provider;
+    private static Key key;
+
+    static {
+        key = new SecretKeySpec(new byte[16], "AES");
+    }
+
+    private static class SessionLeaker {
+        private LeakOperation op;
+        private LeakInputType type;
+
+        SessionLeaker(LeakOperation op, LeakInputType type) {
+            this.op = op;
+            this.type = type;
+        }
+
+        private void leakAndTry() throws Exception {
+            Cipher cipher = op.getCipher();
+            try {
+                type.doOperation(cipher,
+                        (op instanceof LeakDecrypt ?
+                                LeakInputType.DECRYPT_MODE :
+                                null));
+                throw new Exception("PKCS11Exception expected, invalid block"
+                        + "size");
+            } catch (ProviderException | IllegalBlockSizeException e) {
+                // Exception expected - session returned to the SessionManager
+                // should be cancelled. That's what will be tested now.
+            }
+
+            tryCipherInit();
+        }
+    }
+
+    private static interface LeakOperation {
+        Cipher getCipher() throws Exception;
+    }
+
+    private static interface LeakInputType {
+        static int DECRYPT_MODE = 1;
+        void doOperation(Cipher cipher, int mode) throws Exception;
+    }
+
+    private static class LeakDecrypt implements LeakOperation {
+        public Cipher getCipher() throws Exception {
+            Cipher cipher = Cipher.getInstance(
+                    "AES/ECB/PKCS5Padding", provider);
+            cipher.init(Cipher.DECRYPT_MODE, key);
+            return cipher;
+        }
+    }
+
+    private static class LeakByteBuffer implements LeakInputType {
+        public void doOperation(Cipher cipher, int mode) throws Exception {
+            if (mode == DECRYPT_MODE) {
+                cipher.update(ByteBuffer.allocate(1), ByteBuffer.allocate(1));
+                cipher.doFinal(ByteBuffer.allocate(0), ByteBuffer.allocate(1));
+            }
+        }
+    }
+
+    private static class LeakByteArray implements LeakInputType {
+        public void doOperation(Cipher cipher, int mode) throws Exception {
+            if (mode == DECRYPT_MODE) {
+                cipher.update(new byte[1]);
+                cipher.doFinal(new byte[1], 0, 0);
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        main(new CancelMultipart(), args);
+    }
+
+    @Override
+    public void main(Provider p) throws Exception {
+        init(p);
+
+        // Try multiple paths:
+
+        executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteArray()),
+                "P11Cipher::implDoFinal(byte[], int, int)");
+
+        executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteBuffer()),
+                "P11Cipher::implDoFinal(ByteBuffer)");
+
+        System.out.println("TEST PASS - OK");
+    }
+
+    private static void executeTest(SessionLeaker sl, String testName)
+            throws Exception {
+        try {
+            sl.leakAndTry();
+            System.out.println(testName +  ": OK");
+        } catch (Exception e) {
+            System.out.println(testName +  ": FAILED");
+            throw e;
+        }
+    }
+
+    private static void init(Provider p) throws Exception {
+        provider = p;
+
+        // The max number of sessions is 2 because, in addition to the
+        // operation (i.e. PKCS11::getNativeKeyInfo), a session to hold
+        // the P11Key object is needed.
+        setMaxSessions(2);
+    }
+
+    /*
+     * This method is intended to generate pression on the number of sessions
+     * to be used from the NSS Software Token, so sessions with (potentially)
+     * active operations are reused.
+     */
+    private static void setMaxSessions(int maxSessions) throws Exception {
+        Field tokenField = Class.forName("sun.security.pkcs11.SunPKCS11")
+                .getDeclaredField("token");
+        tokenField.setAccessible(true);
+        Field sessionManagerField = Class.forName("sun.security.pkcs11.Token")
+                .getDeclaredField("sessionManager");
+        sessionManagerField.setAccessible(true);
+        Field maxSessionsField = Class.forName("sun.security.pkcs11.SessionManager")
+                .getDeclaredField("maxSessions");
+        maxSessionsField.setAccessible(true);
+        Object sessionManagerObj = sessionManagerField.get(
+                tokenField.get(provider));
+        maxSessionsField.setInt(sessionManagerObj, maxSessions);
+    }
+
+    private static void tryCipherInit() throws Exception {
+        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", provider);
+
+        // A CKR_OPERATION_ACTIVE error may be thrown if a session was
+        // returned to the Session Manager with an active operation, and
+        // we try to initialize the Cipher using it.
+        //
+        // Given that the maximum number of sessions was forced to 2, we know
+        // that the session to be used here was already used in a previous
+        // (failed) operation. Thus, the test asserts that the operation was
+        // properly cancelled.
+        cipher.init(Cipher.ENCRYPT_MODE, key);
+
+        // If initialization passes, finish gracefully so other paths can
+        // be tested under the current maximum number of sessions.
+        cipher.doFinal(new byte[16], 0, 0);
+    }
+}
--- a/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/ClientHandshaker/LengthCheckTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
  * @bug 8044860
  * @summary Vectors and fixed length fields should be verified
  *          for allowed sizes.
+ * @library /lib/security
  * @run main/othervm LengthCheckTest
  * @key randomness
  */
@@ -299,6 +300,9 @@
      * Main entry point for this test.
      */
     public static void main(String args[]) throws Exception {
+        // Re-enable TLSv1 since test depends on it.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
+
         List<LengthCheckTest> ccsTests = new ArrayList<>();
 
         if (debug) {
--- a/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,10 +22,13 @@
  */
 
 /*
- * test
+ * @test
  * @bug 7126889
  * @summary Incorrect SSLEngine debug output
- *
+ * @library /lib /lib/security
+ * @run main DebugReportsOneExtraByte
+ */
+/*
  * Debug output was reporting n+1 bytes of data was written when it was
  * really was n.
  *
@@ -75,6 +78,9 @@
 import java.security.*;
 import java.nio.*;
 
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
 public class DebugReportsOneExtraByte {
 
     /*
@@ -82,17 +88,6 @@
      */
     private static boolean logging = true;
 
-    /*
-     * Enables the JSSE system debugging system property:
-     *
-     *     -Djavax.net.debug=all
-     *
-     * This gives a lot of low-level information about operations underway,
-     * including specific handshake messages, and might be best examined
-     * after gaining some familiarity with this application.
-     */
-    private static boolean debug = false;
-
     private SSLContext sslc;
 
     private SSLEngine clientEngine;     // client Engine
@@ -130,14 +125,21 @@
      * Main entry point for this test.
      */
     public static void main(String args[]) throws Exception {
-        if (debug) {
-            System.setProperty("javax.net.debug", "all");
-        }
+
+        if (args.length == 0) {
+            OutputAnalyzer output = ProcessTools.executeTestJvm(
+                "-Dtest.src=" + System.getProperty("test.src"),
+                "-Djavax.net.debug=all", "DebugReportsOneExtraByte", "p");
+            output.shouldContain("WRITE: TLS10 application_data, length = 8");
 
-        DebugReportsOneExtraByte test = new DebugReportsOneExtraByte();
-        test.runTest();
+            System.out.println("Test Passed.");
+        } else {
+            // Re-enable TLSv1 since test depends on it
+            SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
 
-        System.out.println("Test Passed.");
+            DebugReportsOneExtraByte test = new DebugReportsOneExtraByte();
+            test.runTest();
+        }
     }
 
     /*
--- a/test/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.sh	Fri Feb 05 20:19:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-#! /bin/sh
-
-#
-# Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7126889
-# @summary Incorrect SSLEngine debug output
-#
-# ${TESTJAVA} is pointing to the JDK under test.
-#
-# set platform-dependent variables
-
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    PS=":"
-    FS="/"
-    ;;
-  CYGWIN* )
-    PS=";"
-    FS="/"
-    ;;
-  Windows* )
-    PS=";"
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized system!"
-    exit 1;
-    ;;
-esac
-
-${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . \
-    ${TESTSRC}${FS}DebugReportsOneExtraByte.java
-
-STRING='WRITE: TLS10 application_data, length = 8'
-
-echo "Examining debug output for the string:"
-echo "${STRING}"
-echo "========="
-
-${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -Djavax.net.debug=all \
-    -Dtest.src=${TESTSRC} \
-    DebugReportsOneExtraByte 2>&1 | \
-    grep "${STRING}"
-RETVAL=$?
-
-echo "========="
-
-if [ ${RETVAL} -ne 0 ]; then
-    echo "Did NOT see the expected debug output."
-    exit 1
-else
-    echo "Received the expected debug output."
-    exit 0
-fi
-else
-    echo "Received the expected debug output."
-    exit 0
-fi
--- a/test/sun/security/ssl/HandshakeHash/DigestBase.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/HandshakeHash/DigestBase.java	Mon Apr 19 04:23:30 2021 +0100
@@ -51,6 +51,11 @@
         digest.reset();
     }
 
+    @Override
+    protected int engineGetDigestLength() {
+        return digest.getDigestLength();
+    }
+
     public static final class MD5 extends DigestBase {
         public MD5() throws Exception {
             super("MD5", "SUN");
--- a/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,12 +28,15 @@
 
 /*
  * @test
- * @bug 8148421 8193683
+ * @bug 8148421 8193683 8234728
  * @summary Transport Layer Security (TLS) Session Hash and Extended
  *     Master Secret Extension
  * @summary Increase the number of clones in the CloneableDigest
  * @library /javax/net/ssl/templates
+ * @library /lib/security
  * @compile DigestBase.java
+ * @run main/othervm -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
+ *     HandshakeHashCloneExhaustion TLSv1.3 TLS_AES_128_GCM_SHA256
  * @run main/othervm HandshakeHashCloneExhaustion
  *     TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  * @run main/othervm HandshakeHashCloneExhaustion
@@ -77,6 +80,10 @@
         protocol = new String [] { args[0] };
         ciphersuite = new String[] { args[1] };
 
+        // Re-enable TLSv1.1 when test depends on it.
+        if (protocol[0].equals("TLSv1.1")) {
+            SecurityUtils.removeFromDisabledTlsAlgs(protocol[0]);
+        }
         (new HandshakeHashCloneExhaustion()).run();
     }
 
--- a/test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
  * @test
  * @bug 7093640
  * @summary Enable TLS 1.1 and TLS 1.2 by default in client side of SunJSSE
+ * @library /lib/security
  * @run main/othervm -Djdk.tls.client.protocols="XSLv3,TLSv1"
  *      IllegalProtocolProperty
  */
@@ -60,6 +61,9 @@
     }
 
     public static void main(String[] args) throws Exception {
+        // Re-enable TLSv1 and TLSv1.1 since test depends on them.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
+
         for (ContextVersion cv : ContextVersion.values()) {
             System.out.println("Checking SSLContext of " + cv.contextVersion);
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SSLContextImpl/SSLContextDefault.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8202343
+ * @summary Check that SSLv3, TLSv1 and TLSv1.1 are disabled by default
+ * @run main/othervm SSLContextDefault
+ */
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import javax.net.ssl.*;
+
+public class SSLContextDefault {
+
+    private final static String[] protocols = {
+        "", "SSL", "TLS", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"
+    };
+
+    private final static List<String> disabledProtocols =
+            Collections.unmodifiableList(
+                    Arrays.asList("SSLv3", "TLSv1", "TLSv1.1"));
+
+    public static void main(String[] args) throws Exception {
+        for (String protocol : protocols) {
+            System.out.println("//");
+            System.out.println("// " + "Testing for SSLContext of " +
+                    (protocol.isEmpty() ? "<default>" : protocol));
+            System.out.println("//");
+            checkForProtocols(protocol);
+            System.out.println();
+        }
+    }
+
+    public static void checkForProtocols(String protocol) throws Exception {
+        SSLContext context;
+        if (protocol.isEmpty()) {
+            context = SSLContext.getDefault();
+        } else {
+            context = SSLContext.getInstance(protocol);
+            context.init(null, null, null);
+        }
+
+        // check for the presence of supported protocols of SSLContext
+        SSLParameters parameters = context.getSupportedSSLParameters();
+        checkProtocols(parameters.getProtocols(),
+                "Supported protocols in SSLContext", false);
+
+
+        // check for the presence of default protocols of SSLContext
+        parameters = context.getDefaultSSLParameters();
+        checkProtocols(parameters.getProtocols(),
+                "Enabled protocols in SSLContext", true);
+
+        // check for the presence of supported protocols of SSLEngine
+        SSLEngine engine = context.createSSLEngine();
+        checkProtocols(engine.getSupportedProtocols(),
+                "Supported protocols in SSLEngine", false);
+
+        // Check for the presence of default protocols of SSLEngine
+        checkProtocols(engine.getEnabledProtocols(),
+                "Enabled protocols in SSLEngine", true);
+
+        SSLSocketFactory factory = context.getSocketFactory();
+        try (SSLSocket socket = (SSLSocket)factory.createSocket()) {
+            // check for the presence of supported protocols of SSLSocket
+            checkProtocols(socket.getSupportedProtocols(),
+                "Supported cipher suites in SSLSocket", false);
+
+            // Check for the presence of default protocols of SSLSocket
+            checkProtocols(socket.getEnabledProtocols(),
+                "Enabled protocols in SSLSocket", true);
+        }
+
+        SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
+        try (SSLServerSocket serverSocket =
+                (SSLServerSocket)serverFactory.createServerSocket()) {
+            // check for the presence of supported protocols of SSLServerSocket
+            checkProtocols(serverSocket.getSupportedProtocols(),
+                "Supported cipher suites in SSLServerSocket", false);
+
+            // Check for the presence of default protocols of SSLServerSocket
+            checkProtocols(serverSocket.getEnabledProtocols(),
+                "Enabled protocols in SSLServerSocket", true);
+        }
+    }
+
+    private static void checkProtocols(String[] protocols,
+            String title, boolean disabled) throws Exception {
+        showProtocols(protocols, title);
+
+        if (disabled) {
+            for (String protocol : protocols ) {
+                if (disabledProtocols.contains(protocol)) {
+                    throw new Exception(protocol +
+                                        " should not be enabled by default");
+                }
+            }
+        } else {
+            List<String> protocolsList = Collections.unmodifiableList(
+                    Arrays.asList(protocols));
+            for (String disabledProtocol : disabledProtocols) {
+                if (!protocolsList.contains(disabledProtocol)) {
+                    throw new Exception(disabledProtocol +
+                                        " should be supported by default");
+                }
+            }
+        }
+    }
+
+    private static void showProtocols(String[] protocols, String title) {
+        System.out.println(title + "[" + protocols.length + "]:");
+        for (String protocol : protocols) {
+            System.out.println("  " + protocol);
+        }
+    }
+}
--- a/test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/SSLContextImpl/SSLContextVersion.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
  * @bug 6976117
  * @summary SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets
  *          without TLSv1.1 enabled
+ * @library /lib/security
  * @run main/othervm SSLContextVersion
  */
 
@@ -57,6 +58,9 @@
     }
 
     public static void main(String[] args) throws Exception {
+        // Re-enable TLSv1 and TLSv1.1 since test depends on them.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
+
         for (ContextVersion cv : ContextVersion.values()) {
             System.out.println("Checking SSLContext of " + cv.contextVersion);
             SSLContext context = SSLContext.getInstance(cv.contextVersion);
--- a/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
  * @test
  * @bug 6728126
  * @summary Parsing Extensions in Client Hello message is done in a wrong way
+ * @library /lib/security
  * @run main/othervm EmptyExtensionData
  */
 
@@ -154,6 +155,8 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // Re-enable TLSv1 since test depends on it.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
 
         SSLEngine ssle = createSSLEngine(keyFilename, trustFilename);
         runTest(ssle);
--- a/test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
  * @test
  * @bug 7031830
  * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
+ * @library /lib/security
  * @run main/othervm SSLEngineBadBufferArrayAccess
  */
 
@@ -158,6 +159,9 @@
             System.setProperty("javax.net.debug", "all");
         }
 
+        // Re-enable TLSv1 and TLSv1.1 since test depends on them.
+        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1", "TLSv1.1");
+
         String [] protocols = new String [] {
             "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// Please run in othervm mode.  SunJSSE does not support dynamic system
+// properties, no way to re-use system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8209333
+ * @summary Socket reset issue for TLS 1.3 socket close
+ * @library /javax/net/ssl/templates
+ * @run main/othervm SSLSocketBruceForceClose
+ */
+
+import javax.net.ssl.*;
+import java.io.*;
+import java.net.InetAddress;
+
+public class SSLSocketBruceForceClose implements SSLContextTemplate {
+
+    public static void main(String[] args) throws Exception {
+        for (int i = 0; i<= 10; i++) {
+            System.err.println("===================================");
+            System.err.println("loop " + i);
+            System.err.println("===================================");
+            new SSLSocketBruceForceClose().test();
+        }
+    }
+
+    private void test() throws Exception {
+        SSLServerSocket listenSocket = null;
+        SSLSocket serverSocket = null;
+        ClientSocket clientSocket = null;
+        try {
+            SSLServerSocketFactory serversocketfactory =
+                    createServerSSLContext().getServerSocketFactory();
+            listenSocket =
+                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
+            listenSocket.setNeedClientAuth(false);
+            listenSocket.setEnableSessionCreation(true);
+            listenSocket.setUseClientMode(false);
+
+
+            System.err.println("Starting client");
+            clientSocket = new ClientSocket(listenSocket.getLocalPort());
+            clientSocket.start();
+
+            System.err.println("Accepting client requests");
+            serverSocket = (SSLSocket) listenSocket.accept();
+
+            System.err.println("Reading data from client");
+            BufferedReader serverReader = new BufferedReader(
+                    new InputStreamReader(serverSocket.getInputStream()));
+            String data = serverReader.readLine();
+            System.err.println("Received data from client: " + data);
+
+            System.err.println("Reading more data from client");
+            data = serverReader.readLine();
+            System.err.println("Received data from client: " + data);
+        } finally {
+            if (listenSocket != null) {
+                listenSocket.close();
+            }
+
+            if (serverSocket != null) {
+                serverSocket.close();
+            }
+        }
+
+        if (clientSocket != null && clientSocket.clientException != null) {
+            throw clientSocket.clientException;
+        }
+    }
+
+    private class ClientSocket extends Thread{
+        int serverPort = 0;
+        Exception clientException;
+
+        public ClientSocket(int serverPort) {
+            this.serverPort = serverPort;
+        }
+
+        @Override
+        public void run() {
+            SSLSocket clientSocket = null;
+            String clientData = "Hi, I am client";
+            try {
+                System.err.println(
+                        "Connecting to server at port " + serverPort);
+                SSLSocketFactory sslSocketFactory =
+                        createClientSSLContext().getSocketFactory();
+                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
+                        InetAddress.getLocalHost(), serverPort);
+                clientSocket.setSoLinger(true, 3);
+                clientSocket.setSoTimeout(1000);
+
+
+                System.err.println("Sending data to server ...");
+
+                BufferedWriter os = new BufferedWriter(
+                        new OutputStreamWriter(clientSocket.getOutputStream()));
+                os.write(clientData, 0, clientData.length());
+                os.newLine();
+                os.flush();
+
+                System.err.println("Sending more data to server ...");
+                os.write(clientData, 0, clientData.length());
+                os.newLine();
+                os.flush();
+            } catch (Exception e) {
+                clientException = e;
+            } finally {
+                if (clientSocket != null) {
+                    try{
+                        clientSocket.close();
+                        System.err.println("client socket closed");
+                    } catch (IOException ioe) {
+                        clientException = ioe;
+                    }
+                }
+            }
+        }
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketClose.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// Please run in othervm mode.  SunJSSE does not support dynamic system
+// properties, no way to re-use system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8209333
+ * @summary Socket reset issue for TLS 1.3 socket close
+ * @library /javax/net/ssl/templates
+ * @run main/othervm SSLSocketClose
+ */
+
+import javax.net.ssl.*;
+import java.io.*;
+import java.net.InetAddress;
+
+public class SSLSocketClose implements SSLContextTemplate {
+
+    public static void main(String[] args) throws Exception {
+        for (int i = 0; i<= 10; i++) {
+            System.err.println("===================================");
+            System.err.println("loop " + i);
+            System.err.println("===================================");
+            new SSLSocketClose().test();
+        }
+    }
+
+    private void test() throws Exception {
+        SSLServerSocket listenSocket = null;
+        SSLSocket serverSocket = null;
+        ClientSocket clientSocket = null;
+        try {
+            SSLServerSocketFactory serversocketfactory =
+                    createServerSSLContext().getServerSocketFactory();
+            listenSocket =
+                    (SSLServerSocket)serversocketfactory.createServerSocket(0);
+            listenSocket.setNeedClientAuth(false);
+            listenSocket.setEnableSessionCreation(true);
+            listenSocket.setUseClientMode(false);
+
+
+            System.err.println("Starting client");
+            clientSocket = new ClientSocket(listenSocket.getLocalPort());
+            clientSocket.start();
+
+            System.err.println("Accepting client requests");
+            serverSocket = (SSLSocket) listenSocket.accept();
+
+            System.err.println("Reading data from client");
+            BufferedReader serverReader = new BufferedReader(
+                    new InputStreamReader(serverSocket.getInputStream()));
+            String data = serverReader.readLine();
+            System.err.println("Received data from client: " + data);
+
+            System.err.println("Sending data to client ...");
+            String serverData = "Hi, I am server";
+            BufferedWriter os = new BufferedWriter(
+                    new OutputStreamWriter(serverSocket.getOutputStream()));
+            os.write(serverData, 0, serverData.length());
+            os.newLine();
+            os.flush();
+
+            System.err.println("Reading more data from client");
+            data = serverReader.readLine();
+            System.err.println("Received data from client: " + data);
+        } finally {
+            if (listenSocket != null) {
+                listenSocket.close();
+            }
+
+            if (serverSocket != null) {
+                serverSocket.close();
+            }
+        }
+
+        if (clientSocket != null && clientSocket.clientException != null) {
+            throw clientSocket.clientException;
+        }
+    }
+
+    private class ClientSocket extends Thread{
+        int serverPort = 0;
+        Exception clientException;
+
+        public ClientSocket(int serverPort) {
+            this.serverPort = serverPort;
+        }
+
+        @Override
+        public void run() {
+            SSLSocket clientSocket = null;
+            String clientData = "Hi, I am client";
+            try {
+                System.err.println(
+                        "Connecting to server at port " + serverPort);
+                SSLSocketFactory sslSocketFactory =
+                        createClientSSLContext().getSocketFactory();
+                clientSocket = (SSLSocket)sslSocketFactory.createSocket(
+                        InetAddress.getLocalHost(), serverPort);
+                clientSocket.setSoLinger(true, 3);
+
+                System.err.println("Sending data to server ...");
+
+                BufferedWriter os = new BufferedWriter(
+                        new OutputStreamWriter(clientSocket.getOutputStream()));
+                os.write(clientData, 0, clientData.length());
+                os.newLine();
+                os.flush();
+
+                System.err.println("Reading data from server");
+                BufferedReader is = new BufferedReader(
+                        new InputStreamReader(clientSocket.getInputStream()));
+                String data = is.readLine();
+                System.err.println("Received Data from server: " + data);
+
+                System.err.println("Sending more data to server ...");
+                os.write(clientData, 0, clientData.length());
+                os.newLine();
+                os.flush();
+            } catch (Exception e) {
+                clientException = e;
+            } finally {
+                if (clientSocket != null) {
+                    try{
+                        clientSocket.close();
+                        System.err.println("client socket closed");
+                    } catch (IOException ioe) {
+                        clientException = ioe;
+                    }
+                }
+            }
+        }
+    }
+}
+
--- a/test/sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,10 @@
 
 /*
  * @test
- * @bug 8184328
+ * @bug 8184328 8253368
  * @summary JDK8u131-b34-socketRead0 hang at SSL read
  * @run main/othervm SSLSocketCloseHang
+ * @run main/othervm SSLSocketCloseHang shutdownInputTest
  */
 
 import java.io.*;
@@ -72,6 +73,8 @@
      */
     static boolean debug = false;
 
+    static boolean shutdownInputTest = false;
+
     /*
      * If the client or server is doing some kind of object creation
      * that the other side depends on, and that thread prematurely
@@ -145,7 +148,26 @@
         Thread.sleep(500);
         System.err.println("Client closing: " + System.nanoTime());
 
-        sslSocket.close();
+        if (shutdownInputTest) {
+            try {
+                sslSocket.shutdownInput();
+            } catch (SSLException e) {
+                if (!e.getMessage().contains
+                        ("closing inbound before receiving peer's close_notify")) {
+                    throw new RuntimeException("expected different exception message. " +
+                        e.getMessage());
+                }
+            }
+            if (!sslSocket.getSession().isValid()) {
+                throw new RuntimeException("expected session to remain valid");
+            }
+
+        } else {
+            sslSocket.close();
+        }
+
+
+
         clientClosed = true;
         System.err.println("Client closed: " + System.nanoTime());
     }
@@ -179,6 +201,8 @@
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
+        shutdownInputTest = args.length > 0 ? true : false;
+
         /*
          * Start the tests.
          */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8242141
+ * @summary New System Properties to configure the default signature schemes
+ * @library /javax/net/ssl/templates
+ * @run main/othervm CustomizedClientSchemes
+ */
+
+import javax.net.ssl.SSLException;
+
+public class CustomizedClientSchemes extends SSLSocketTemplate {
+
+    public static void main(String[] args) throws Exception {
+        System.setProperty("jdk.tls.client.SignatureSchemes", "rsa_pkcs1_sha1");
+
+        try {
+            new CustomizedClientSchemes().run();
+            throw new Exception(
+                "The jdk.tls.client.SignatureSchemes System Property " +
+                "does not work");
+        } catch (SSLException e) {
+            // Got the expected exception.
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8242141
+ * @summary New System Properties to configure the default signature schemes
+ * @library /javax/net/ssl/templates
+ * @run main/othervm CustomizedServerSchemes
+ */
+
+import javax.net.ssl.SSLException;
+
+public class CustomizedServerSchemes extends SSLSocketTemplate {
+
+    public static void main(String[] args) throws Exception {
+        System.setProperty("jdk.tls.server.SignatureSchemes", "rsa_pkcs1_sha1");
+
+        try {
+            new CustomizedServerSchemes().run();
+            throw new Exception(
+                "The jdk.tls.server.SignatureSchemes System Property " +
+                "does not work");
+        } catch (SSLException e) {
+            // Got the expected exception.
+        }
+    }
+}
--- a/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,17 +35,14 @@
  * @run main/othervm BasicConstraints SunX509
  */
 
-import java.net.*;
 import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
-import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.*;
 import java.security.spec.*;
 import java.security.interfaces.*;
-import java.math.BigInteger;
 
 import java.util.Base64;
 
@@ -70,93 +67,122 @@
     // Certificate information:
     // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
     // Validity
-    //     Not Before: May  5 02:40:50 2012 GMT
-    //     Not After : Apr 15 02:40:50 2033 GMT
+    //     Not Before: Dec 20 13:13:44 2019 GMT
+    //     Not After : Dec 17 13:13:44 2029 GMT
     // Subject: C=US, O=Java, OU=SunJSSE Test Serivce
     // X509v3 Subject Key Identifier:
-    //     DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
+    //     88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45
     // X509v3 Authority Key Identifier:
-    //     keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:00
+    //     keyid:88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45
     static String trusedCertStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
-        "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
-        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
-        "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" +
-        "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" +
-        "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" +
-        "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" +
-        "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" +
-        "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
-        "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" +
-        "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" +
-        "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" +
-        "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" +
+        "MIIDZDCCAkygAwIBAgIUSXd4x4/VUhfEFGgfxEt/BG2n8RIwDQYJKoZIhvcNAQEL\n" +
+        "BQAwOzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" +
+        "U0UgVGVzdCBTZXJpdmNlMB4XDTE5MTIyMDEzMTM0NFoXDTI5MTIxNzEzMTM0NFow\n" +
+        "OzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
+        "VGVzdCBTZXJpdmNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Cd4\n" +
+        "U//Y2P4vIu9BBGi+pm64YXYP2LNRNK/e5/nWWmNKJapCAYYda/FJClrbzpI/FgRU\n" +
+        "NLM9B4Uo065FRIrBi1vu8zyYgwT7UK0WsLwg6Z81KH50PfM0ClEx44tTqocYDc7C\n" +
+        "gsvbyIeTIbV9AnRlEnBA15WFJAJMTCglaNleXUZ9+A/tazRhHlsRp0Ob8j4tCMJa\n" +
+        "RDpGMYTy1XbG+WqC8wXP63a63cwjPrL5uzt/C4W1bgNBfTRwIHSUShNhfdc7ZJNS\n" +
+        "r2NFPcwodd7uVle5JePNag7oyhjOFFEaBGq21dl6/ozVRkqSWWAi1P7MRay9eYj3\n" +
+        "mLZiZaL6NlWxXnfzVwIDAQABo2AwXjAdBgNVHQ4EFgQUiKeNoU+FPJsyR4jodIFl\n" +
+        "RQDe3UUwHwYDVR0jBBgwFoAUiKeNoU+FPJsyR4jodIFlRQDe3UUwDwYDVR0TAQH/\n" +
+        "BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAI1Lgf1Sd/iR\n" +
+        "pXBW6OKE9Oa6WkZx/hKrtm3tw+m5OTU4veQijMPIIgnXw0QYXFMieWSjSz+OGq+v\n" +
+        "t5NJWj7afCOADrhswrfAY3q3XY9+HnoXv1OvANFhokos25w6fB9t0lrm5KR+3d8l\n" +
+        "RwQbxhr8I6tDn2pDExVXRe8k2PYqkabgG6IqPnLzt4iLhPx4ivzo4Zc+zfQZc672\n" +
+        "oyNJw2/iNufHRsoRa8QqHJM9vziYfChZqdSSlTiqaoyijT0Br6/2yyIKfjjt5Abt\n" +
+        "cwIDUWqQda62xV7ChkTh7ia3uvBXob2iiB0aI3gVTTqDfK9F5XXtW4BXfqx0hvwB\n" +
+        "6JzgmNyDQos=\n" +
         "-----END CERTIFICATE-----";
     static String trustedPrivateKey = // Private key in the format of PKCS#8
-        "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" +
-        "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" +
-        "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" +
-        "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" +
-        "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" +
-        "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" +
-        "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" +
-        "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" +
-        "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" +
-        "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" +
-        "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" +
-        "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" +
-        "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" +
-        "e7xWWZnJsErt2e+E";
+        "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDUJ3hT/9jY/i8i\n" +
+        "70EEaL6mbrhhdg/Ys1E0r97n+dZaY0olqkIBhh1r8UkKWtvOkj8WBFQ0sz0HhSjT\n" +
+        "rkVEisGLW+7zPJiDBPtQrRawvCDpnzUofnQ98zQKUTHji1OqhxgNzsKCy9vIh5Mh\n" +
+        "tX0CdGUScEDXlYUkAkxMKCVo2V5dRn34D+1rNGEeWxGnQ5vyPi0IwlpEOkYxhPLV\n" +
+        "dsb5aoLzBc/rdrrdzCM+svm7O38LhbVuA0F9NHAgdJRKE2F91ztkk1KvY0U9zCh1\n" +
+        "3u5WV7kl481qDujKGM4UURoEarbV2Xr+jNVGSpJZYCLU/sxFrL15iPeYtmJlovo2\n" +
+        "VbFed/NXAgMBAAECggEAUZvlQ5q1VbNhenTCc+m+/NK2hncd3WQNJtFIU7/dXuO2\n" +
+        "0ApQXbmzc6RbTmppB2tmbRe5NJSGM3BbpiHxb05Y6TyyDEsQ98Vgz0Xl5pJXrsaZ\n" +
+        "cjxChtoY+KcHI9qikoRpElaoqBu3LcpJJLxlnB4eCxu3NbbEgneH1fvTeCO1kvcp\n" +
+        "i3DDdyfY7WB9RW1yWAveiuqvtnbsPfJJLKEhFvZL2ArYCRTm/oIw64yukNe/QLR5\n" +
+        "bGzEJMT2ZNQMld1f+CW9tOrUKrnnPCGfMa351T5we+8B6sujWfftPutgEVx5TmHs\n" +
+        "AOW1SntMapbgg46K9EC/C5YQa5D1aNOH9ZTEMkgUMQKBgQDrpPQIHFozeeyZ0iiq\n" +
+        "HtReLPcqpkwr/9ELc3SjgUypSvpu0l/m++um0yLinlXMn25km/BP6Mv3t/+1uzAc\n" +
+        "qpopkcyek8X1hzNRhDkWuMv4KDOKk5c6qLx8FGSm6q8PYm5KbsiyeCM7CJoeoqJ5\n" +
+        "74IZjOIw7UrYLckCb6W8xGQLIwKBgQDmew3vGRR3JmCCSumtJQOqhF6bBYrNb6Qc\n" +
+        "r4vrng+QhNIquwGqHKPorAI1J8J1jOS+dkDWTxSz2xQKQ83nsOspzVPskpDh5mWL\n" +
+        "gGk5QCkX87jFsXfhvZFLksZMbIdpWze997Zs2fe/PWfPaH6o3erqo2zAhQV0eA9q\n" +
+        "C7tfImREPQKBgQDi2Xq/8CN52M9IScQx+dnyC5Gqckt0NCKXxn8sBIa7l129oDMI\n" +
+        "187FXA8CYPEyOu14V5KiKvdos66s0daAUlB04lI8+v+g3ZYuzH50/FQHwxPTPUBi\n" +
+        "DRzeyncXJWiAA/8vErWM8hDgfOh5w5Fsl4EEfdcmyNm7gWA4Qyknr1ysRwKBgQDC\n" +
+        "JSPepUy09VHUTxA59nT5HRmoEeoTFRizxTfi2LkZrphuwCotxoRXiRUu+3f1lyJU\n" +
+        "Qb5qCCFTQ5bE8squgTwGcVxhajC66V3ePePlAuPatkWN2ek28X1DoLaDR+Rk3h69\n" +
+        "Wb2EQbNMl4grkUUoMA8jaVhBb4vhyQSK+qjyAUFerQKBgQDXZPuflfsjH/d/O2yw\n" +
+        "qZbssKe9AKORjv795teblAc3vmsSlNwwVnPdS2aq1LHyoNbetc/OaZV151hTQ/9z\n" +
+        "bsA48oOojgrDD07Ovg3uDcNEIufxR0aGeSSvqhElp1r7wAYj8bAr6W/RH6MS16WW\n" +
+        "dRd+PH6hsap8BD2RlVCnrT3vIQ==";
 
     // Certificate information:
     // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
     // Validity
-    //     Not Before: May  5 02:40:53 2012 GMT
-    //     Not After : Jan 21 02:40:53 2032 GMT
+    //     Not Before: Dec 20 13:13:44 2019 GMT
+    //     Not After : Dec 17 13:13:44 2029 GMT
     // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner
     // X509v3 Subject Key Identifier:
-    //     13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A
+    //     4B:6D:B0:B0:E6:EF:45:15:35:B5:FC:6B:E2:C7:FC:A6:E6:C4:EC:95
     // X509v3 Authority Key Identifier:
-    //     keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:00
+    //     keyid:88:A7:8D:A1:4F:85:3C:9B:32:47:88:E8:74:81:65:45:00:DE:DD:45
     static String caSignerStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
-        "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" +
-        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" +
-        "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" +
-        "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" +
-        "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" +
-        "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" +
-        "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" +
-        "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" +
-        "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" +
-        "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" +
-        "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" +
-        "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" +
-        "Y/v1R5fZ4c+hXDfC\n" +
+        "MIIDdzCCAl+gAwIBAgIUDYDCpVXk72hlpeNam094GPxl9Z0wDQYJKoZIhvcNAQEL\n" +
+        "BQAwOzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" +
+        "U0UgVGVzdCBTZXJpdmNlMB4XDTE5MTIyMDEzMTM0NFoXDTI5MTIxNzEzMTM0NFow\n" +
+        "TjELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpTU0Ug\n" +
+        "VGVzdCBTZXJpdmNlMREwDwYDVQQDDAhjYXNpZ25lcjCCASIwDQYJKoZIhvcNAQEB\n" +
+        "BQADggEPADCCAQoCggEBAMC8Z4sqVbWWNp567w28MKN9bkE0rZzQLivLsiz7WYzg\n" +
+        "8LsUDhtGkxpAcoiMuxnkPWGgD3Xzdy/enVo/vn9lgw7LHWJ3+FeZt3eOnwFHTBu+\n" +
+        "srFrnf7iU7RLkAvl06lTYBWFx15Dv4PCgvqIC4eo1wAGDcKKOshwV5kdw8zBpkx3\n" +
+        "1jEkbpiuc0cxaNtdMYqmZrTY0wHVSdHGx02mGp9G3aCRSzXyXrr3uxInt5uW9JYR\n" +
+        "bDUGa2uD02jbxRSyIXyrSb2L8bRDNg6tLq+CG6blukcCLHF8D1n+jMes3yB/yA0N\n" +
+        "NGcbqmEPBVvVSP2c7Z/3JMCvHsrPkS1E2YPH1I0xL2sCAwEAAaNgMF4wHQYDVR0O\n" +
+        "BBYEFEttsLDm70UVNbX8a+LH/KbmxOyVMB8GA1UdIwQYMBaAFIinjaFPhTybMkeI\n" +
+        "6HSBZUUA3t1FMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" +
+        "DQEBCwUAA4IBAQBpwrPMDlCvxRvv91w4oFYhYTV2zj9BecsYQPhbqG9zRiHrJoNE\n" +
+        "dDPxZQnjb3P5u2LAe7Cp+Nah1ZSvjnF1oVk7ct+Usz02InojHxN72xDsZOMLWuAN\n" +
+        "3CJhjGp6WyYUstRWybpiJzPehZdYfk+FaMxwM54REAiipDTFO07PZrj1h/aDQ0Tl\n" +
+        "7D6w2v1pz1IR/ctuij7sFReFvjFEE4JoTNjfqzNWO4ML1vDHVi5MHeBgUckujOrI\n" +
+        "P0QqaqP+xJIY+sRrzdckxSfS9AOOrJk2VXY8qEoxCN4wCvHJWuHEAF/Lm65d/hq3\n" +
+        "2Uh8P+QHLeuEwF8RoTpjiGM9dXvaqcQz7w5G\n" +
         "-----END CERTIFICATE-----";
     static String caSignerPrivateKey = // Private key in the format of PKCS#8
-        "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" +
-        "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" +
-        "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" +
-        "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" +
-        "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" +
-        "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" +
-        "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" +
-        "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" +
-        "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" +
-        "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" +
-        "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" +
-        "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" +
-        "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" +
-        "iQ5tl6zrLlxQhg==";
+        "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAvGeLKlW1ljae\n" +
+        "eu8NvDCjfW5BNK2c0C4ry7Is+1mM4PC7FA4bRpMaQHKIjLsZ5D1hoA9183cv3p1a\n" +
+        "P75/ZYMOyx1id/hXmbd3jp8BR0wbvrKxa53+4lO0S5AL5dOpU2AVhcdeQ7+DwoL6\n" +
+        "iAuHqNcABg3CijrIcFeZHcPMwaZMd9YxJG6YrnNHMWjbXTGKpma02NMB1UnRxsdN\n" +
+        "phqfRt2gkUs18l6697sSJ7eblvSWEWw1Bmtrg9No28UUsiF8q0m9i/G0QzYOrS6v\n" +
+        "ghum5bpHAixxfA9Z/ozHrN8gf8gNDTRnG6phDwVb1Uj9nO2f9yTArx7Kz5EtRNmD\n" +
+        "x9SNMS9rAgMBAAECggEAZk6cF/8s5+sIqy9OXdgbaW1XbT1tOuQ23gCOX9o8Os/c\n" +
+        "eTG4GzpnM3QqV9l8J85D1uKD0nSeO8bLd/CGSlG0M9IVkwNjy/xIqyoFtUQHXmLn\n" +
+        "r84UXAv/qqDBoc8pf6RGSKZuodcMfgBuTlaQ6D3zgou0GiQN9//KP/jQyouwnr3A\n" +
+        "LyXQekxriwPuSYAPak8s5XLfugOebbSRm2UdGEgX3yrT9FVu9rtgeMKdRaCOU8T4\n" +
+        "G2UdpGaiDfm5yrR+2XEIv4oaH3WFxmmfQCxVcOFJ1iRvfKBbLb1UCgtJuCBD067y\n" +
+        "dq5PrwUTeAvd7hwZd0lxCSnWY7VvYFNr7iJfyElowQKBgQD8eosot+Th03hpkYDs\n" +
+        "BIVsw7oqhJmcrPV1bSZ+aQwqqrOGypNmb7nLGTC8Cj1sT+EzfGs7GqxiLOEn4NXr\n" +
+        "TYV//RUPBSEXVp2y+2dot1a9oq0BJ8FwGTYL0qSwJrIXJfkQFrYhVVz3JLIWJbwV\n" +
+        "cy4YCQr094BhXTS7joJOUDRsYwKBgQDDbI3Lv+bBK8lLfIBll1RY1k5Gqy/H+qxp\n" +
+        "sMN8FmadmIGzHhe9xml6b5EfAZphAUF4vZJhQXloT5Wm+NNIAf6X6dRjvzyw7N9B\n" +
+        "d48EFJF4ChqNGBocsQRNr2wPRzQ+k2caw9YyYMIjbhktDzO1U/FJGYW6/Vgr2v4K\n" +
+        "siROnXfLWQKBgBOVAZQP5z2opC8z7NbhZuPPrnG7xRpEw+jupUyqoxnwEWqD7bjF\n" +
+        "M5jQBFqhRLBQ5buTi9GSuQoIRxJLuuu8IH2TyH1YvX9M5YBLRXL2vVCJ/HcZeURT\n" +
+        "gECcfs92wNtQw6d+y3N8ZnB4tSNIm/Th8RJGKUZkp91lWECvxeWDDP3XAoGASfNq\n" +
+        "NRAJYlAPfGFAtTDu2i8+r79X9XUGiXg6gVp4umpbqkxY75eFkq9lWzZgFRVEkUwr\n" +
+        "eGIubyquluDSEw2uKg5yMMzNSqZYVY3IsOKXqbUpFvtn5jOWTU90tNNdEdD100sI\n" +
+        "Y0f6Ly4amNKH3rZFOERQNtJn6zCTsbh3xMgR7QECgYBhQTqxLU5eIu38MKobzRue\n" +
+        "RoUkMcoY3DePkKPSYjilFhkUDozIXf/xUGnB8kERZKO+44wUkuPGljiFL1/P/RO9\n" +
+        "zhHAV94Kw2ddtfxy05GVtUZ99miBmsMb2m8vumGJqfR8h2xpfc1Ra0zfrsPgLNru\n" +
+        "xDTDW+bNbM7XyPvg9mOf7Q==";
 
     // Certificate information:
     // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner
@@ -165,129 +191,178 @@
     //     Not After : Jan 21 02:40:57 2032 GMT
     // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
     // X509v3 Subject Key Identifier:
-    //     39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8
+    //     B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15
     // X509v3 Authority Key Identifier:
-    //     keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:02
+    //     keyid:4B:6D:B0:B0:E6:EF:45:15:35:B5:FC:6B:E2:C7:FC:A6:E6:C4:EC:95
     static String certIssuerStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" +
-        "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" +
-        "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" +
-        "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" +
-        "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" +
-        "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" +
-        "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" +
-        "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" +
-        "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" +
-        "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" +
-        "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" +
-        "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" +
-        "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" +
-        "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" +
+        "MIIDjDCCAnSgAwIBAgIUJWLHjJR9tY2/5DX3iOcZ2JRKY8cwDQYJKoZIhvcNAQEL\n" +
+        "BQAwTjELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" +
+        "U0UgVGVzdCBTZXJpdmNlMREwDwYDVQQDDAhjYXNpZ25lcjAeFw0xOTEyMjAxMzEz\n" +
+        "NDVaFw0yOTEyMTcxMzEzNDVaMFAxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKDARKYXZh\n" +
+        "MR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTETMBEGA1UEAwwKY2VydGlz\n" +
+        "c3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWUNWnObPBso4vI\n" +
+        "VaSM+Oq1f3EsyrtJWqhu+EG/5UKEwYaNBs1A9u1zM5xc05y4wXJfFj755djtzfsz\n" +
+        "OFt1ke/hjhpYSf4DcSJfb99MBvHHXrmrEqIdsPYSaUqT9DrIi+L0z0Rdev++IQJj\n" +
+        "j9J213gpi18RNrQWl8Xn9mlkxhCjwj1GoFA6aF+9cvWX8uh2Vrl6Vm28hTKnmTad\n" +
+        "FB7nwDF4/mGuKVsiB+YTJJ/2Y6RpNqVF/Z6kET/BE0DtCLlKvY7iljbHc892YzI0\n" +
+        "vhxlo4lOB3J4NhsQxJbq+mIlbbqZr+p4WA8hdnwI4UlktI4S7fXQzhA51JHVjZyX\n" +
+        "f9XYTRUCAwEAAaNgMF4wHQYDVR0OBBYEFLTo6oCpK/VitSym+P9lvM9RQJwVMB8G\n" +
+        "A1UdIwQYMBaAFEttsLDm70UVNbX8a+LH/KbmxOyVMA8GA1UdEwEB/wQFMAMBAf8w\n" +
+        "CwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCGrjnGs23pQkQoUu8+C2y/\n" +
+        "OAT5k9uyPCcLxFPM+Hon5WI6DACxpj7mu2ekN0fswu6B7beQVygpnNSQFVqLrJw1\n" +
+        "daYdhTMzkNCkPk6q0cUmj5k94jfCHBl4jw+qoZiIehuR9qFHhpLkT4zMTkFof+P+\n" +
+        "Lfc92QJppUAOh3jTvHK01YwP2sxK3KXhcbofQnxGS4WHrqmmZC2YO/LQRoYDZdUY\n" +
+        "zr4da2aIg9CKrH2QWoMkDfRKkJvrU3/VhVfVWpNbXFE2xZXftQl3hpFCJ3FkpciA\n" +
+        "l3hKeq4byY3LXxhAClHpk1KkXJkMnQdOfA5aGekj/Cjuaz1/iKYAG2vRq7YcuM/o\n" +
         "-----END CERTIFICATE-----";
     static String certIssuerPrivateKey = // Private key in the format of PKCS#8
-        "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" +
-        "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" +
-        "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" +
-        "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" +
-        "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" +
-        "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" +
-        "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" +
-        "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" +
-        "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" +
-        "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" +
-        "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" +
-        "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" +
-        "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" +
-        "5KMeGEpXMzgC7AscGA==";
+        "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC1lDVpzmzwbKOL\n" +
+        "yFWkjPjqtX9xLMq7SVqobvhBv+VChMGGjQbNQPbtczOcXNOcuMFyXxY++eXY7c37\n" +
+        "MzhbdZHv4Y4aWEn+A3EiX2/fTAbxx165qxKiHbD2EmlKk/Q6yIvi9M9EXXr/viEC\n" +
+        "Y4/Sdtd4KYtfETa0FpfF5/ZpZMYQo8I9RqBQOmhfvXL1l/Lodla5elZtvIUyp5k2\n" +
+        "nRQe58AxeP5hrilbIgfmEySf9mOkaTalRf2epBE/wRNA7Qi5Sr2O4pY2x3PPdmMy\n" +
+        "NL4cZaOJTgdyeDYbEMSW6vpiJW26ma/qeFgPIXZ8COFJZLSOEu310M4QOdSR1Y2c\n" +
+        "l3/V2E0VAgMBAAECggEBAJjfVrjl2kHwtSCSYchQB6FTfSBDnctgTrtP8iMo9FO0\n" +
+        "gVpOkVNtRndTbjhOzro7smIgPBJ5QlIIpErBLMmTinJza7gybNk2/KD7yKwuzgnw\n" +
+        "2IdoyB9E8B+8EHmBZzW2ck953KaqLUvzPsdMG2IOPAomr/gx/eRQwScVzBefiEGo\n" +
+        "sN+rGfUt/RNAHwWje1KuNDj21S84agQhN6hdYUnIMsvJLu/9mOwUb9ff+AzTUfFr\n" +
+        "zyx2MJL4Cx59DkUUMESCfinlHUc21llQjFWmX/zOoGY0X0qV/YM/GRsv1ZDFHw9o\n" +
+        "hQ6m8Ov7D9wB3TKZBI97sCyggjBfSeuYQlNbs99KWQECgYEA7IKNL0ME7FuIrKYu\n" +
+        "FCQ/Duz1N3oQXLzrTGKUSU1qSbrU2Jwk4SfJ8ZYCW1TP6vZkaQsTXmXun3yyCAqZ\n" +
+        "hcOtDBhI+b7Wpmmyf6nb83oYJtzHMRQZ5qS+9vOBfV9Uf1za8XI4p90EqkFHByCF\n" +
+        "tHfjVbjK39zN4CvaO3tqpOaYtL0CgYEAxIrTAhGWy9nBsxf8QeqDou0rV5Cw50Kl\n" +
+        "kQsE7KLmjvrMaFFpUc5lgWoC+pm/69VpNBUuN/38YozwxVjVi/nMJuuK150mhdWI\n" +
+        "B28FI7ORnFmVeSvTrP4mBX1ct2Tny9zpchXn3rpHR5NZUs7oBhjudHSfRMrHxeBs\n" +
+        "Kv2pr2s6uzkCgYAtrEh3iAm7WzHZpX3ghd9nknsIa5odTp5h8eeRAFI2Ss4vxneY\n" +
+        "w4ZMERwDZy1/wnVBk9H5uNWMFxiKVQGww0j3vPjawe/R0zeVT8gaDMn9N0WARNF7\n" +
+        "qPT3265196LptZTSa6xlPllYR6LfzXgEkeJk+3qyIIHheJZ8RikiDyYOQQKBgQC/\n" +
+        "rxlegiMNC4KDldf7vanGxAKqcz5lPbXWQOX7mGC+f9HNx+Cs3VxYHDltiXgJnOju\n" +
+        "191s1HRK9WR5REt5KhY2uzB9WxJQItJ5VYiwqhhQYXqLY/gdVv1kC0DayDndtMWk\n" +
+        "88JhklGkeAv83DikgbpGr9sJr6+oyFkWkLDmmfD82QKBgQCMgkZJzrdSNNlB0n5x\n" +
+        "xC3MzlsQ5aBJuUctnMfuyDi+11yLAuP1oLzGEJ7qEfFoGRO0V8zJWmHAfNhmVYEX\n" +
+        "ow5g0WbPT16GoRCiOAzq+ewH+TEELMF6HWqnDuTnCg28Jg0dw2kdVTqeyzKOQlLG\n" +
+        "ua9c2DY3PUTXQPNqLVhz+XxZKA==";
 
     // Certificate information:
     // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
     // Validity
-    //     Not Before: May  5 02:41:01 2012 GMT
-    //     Not After : Jan 21 02:41:01 2032 GMT
+    //     Not Before: Dec 20 13:13:45 2019 GMT
+    //     Not After : Dec 17 13:13:45 2029 GMT
     // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost
     // X509v3 Subject Key Identifier:
-    //     AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF
+    //     46:FC:94:7A:61:6D:BF:5F:AE:D7:20:EC:BF:6A:74:2A:26:F1:D4:4C
     // X509v3 Authority Key Identifier:
-    //     keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8
+    //     keyid:B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15
     static String serverCertStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" +
-        "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" +
-        "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" +
-        "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" +
-        "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" +
-        "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" +
-        "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" +
-        "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" +
-        "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" +
-        "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" +
-        "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" +
-        "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" +
-        "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" +
+        "MIIDfDCCAmSgAwIBAgIUHsJi1HTWpR3FCiOiG/qLK6BDluwwDQYJKoZIhvcNAQEL\n" +
+        "BQAwUDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" +
+        "U0UgVGVzdCBTZXJpdmNlMRMwEQYDVQQDDApjZXJ0aXNzdWVyMB4XDTE5MTIyMDEz\n" +
+        "MTM0NVoXDTI5MTIxNzEzMTM0NVowTzELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEph\n" +
+        "dmExHTAbBgNVBAsMFFN1bkpTU0UgVGVzdCBTZXJpdmNlMRIwEAYDVQQDDAlsb2Nh\n" +
+        "bGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaDgoxN2UQQero\n" +
+        "oBQ4JlQP1BFaZEtIkdIU2VJs4whz85J0LSB/68iEOS5e8wCz9wiQWr4isor7sl3e\n" +
+        "B2dnLGY28BthOTw2j/CYw/dRqyDbPZniooB233uLGarKjqQWXpRFQi6bgEQmNqWe\n" +
+        "C32w+V+Oq3CTkinwgPvA5mnSe0P8gpF9NLZBFn0TtxaY0bQIie2WNk/HjrVQIhq3\n" +
+        "qmG/zVxeBc3PVOOU/OKrwjHbim9YI+zdDRXjNm8siHi0RF2+fkxfyAm8Qg+mT8L4\n" +
+        "xdtr0a+eP4oIvkymRURxIrXNnvoX+MhYKSOQnizpW0NMOZ5L9nyw1cYX8j9Ed6eM\n" +
+        "kzxZwRrlAgMBAAGjTzBNMB0GA1UdDgQWBBRG/JR6YW2/X67XIOy/anQqJvHUTDAf\n" +
+        "BgNVHSMEGDAWgBS06OqAqSv1YrUspvj/ZbzPUUCcFTALBgNVHQ8EBAMCA+gwDQYJ\n" +
+        "KoZIhvcNAQELBQADggEBAGXHGefA1j136yenwK+j9K5VnG2kYGXCadi9bKtTXf/X\n" +
+        "6Xasb7QE2QWEIlq+78AaV9Dwc7qk1TuBsN05LbQUSe7h5UAfS4AZ5l/XSay2cxrZ\n" +
+        "TKoyuzh9kj38QkEBxZlrClyBzU8Mct0L9F8yEm4V7AqQOshn9gEQl9lzJUb2KHeZ\n" +
+        "AxblrQhPQDrWhmQjQkl/xaiOiU31sHKTnB/L2CKvJtmsKIyBdrQCQTlIOcRu4/PQ\n" +
+        "4z/sjecKP08Xkf5+p4RzPL+OZHkJoejSEjBndLC8BK9IZD94kHZYDz8ulWrQJ5Nr\n" +
+        "u/inkyf8NcG7zLBJJyuKfUXO/OzGPD5QMviVc+PCGTY=\n" +
         "-----END CERTIFICATE-----";
     static String serverPrivateKey = // Private key in the format of PKCS#8
-        "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" +
-        "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" +
-        "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" +
-        "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" +
-        "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" +
-        "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" +
-        "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" +
-        "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" +
-        "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" +
-        "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" +
-        "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" +
-        "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" +
-        "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" +
-        "sFkVZ3zg7As=";
+        "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCaDgoxN2UQQero\n" +
+        "oBQ4JlQP1BFaZEtIkdIU2VJs4whz85J0LSB/68iEOS5e8wCz9wiQWr4isor7sl3e\n" +
+        "B2dnLGY28BthOTw2j/CYw/dRqyDbPZniooB233uLGarKjqQWXpRFQi6bgEQmNqWe\n" +
+        "C32w+V+Oq3CTkinwgPvA5mnSe0P8gpF9NLZBFn0TtxaY0bQIie2WNk/HjrVQIhq3\n" +
+        "qmG/zVxeBc3PVOOU/OKrwjHbim9YI+zdDRXjNm8siHi0RF2+fkxfyAm8Qg+mT8L4\n" +
+        "xdtr0a+eP4oIvkymRURxIrXNnvoX+MhYKSOQnizpW0NMOZ5L9nyw1cYX8j9Ed6eM\n" +
+        "kzxZwRrlAgMBAAECggEBAIPF4p36ni3r1H2q/+CPmHP5l+ZTx7mJUcOXqNOO11on\n" +
+        "TGyndRc2ncvMBYgeH8nQUrj3hY+0XQGyrmwOtTohVkVD2IevJ3wcX1asuU5YLMCb\n" +
+        "zpd3HJ+RxeFT0S12GZEw0W70j11ft+tf7wZjGd5ZUI1+w8rWyZz5F18HOBlcauj/\n" +
+        "iqMgrlVLZ7qXEb6WV9zP5hWx5nZwrnuuiM1zXLVuO9rg7qk+zCts2oyM8KRTfQIi\n" +
+        "Zo3VDO0nwnEoxxTQ/2g2g/jBJ1GiFygiFm/i2SHQOJgaFS3Y3InjWEAiINIsdMIt\n" +
+        "yZk6twMG6ODjy8agZ4LLhZSyCkC33AN7MIkSCtvFubkCgYEAyRm+yvYxwiHCzZV8\n" +
+        "LZNuBBRliujgG41iuyUyRVBSaMyJMNRoOMm8XwDOF1BA44YPz4yCkfiiEk2ub/f0\n" +
+        "hDhfBW3EWvYHrWkEbx9Th2YmFq20JlgcBGaM2TiiL+qx4ct687idPbJVZnwc4HtR\n" +
+        "Kc0eTwRlFsf2O3rwIy52mvIf/48CgYEAxBxsllVz7+/nm0UcxwHNDN+bPyDBxsu9\n" +
+        "QuSyR+zSnfcL6xaS4SClBLKxHSjbJ2Hi+UOXezO+eozDp/zEFI6BygNRKTaLTVKr\n" +
+        "ezk9rbyKydRIXNlxFoX07U0KlD4lCrbrpsvcO/OlzJe6q5R0B/CIQmx2Y4wlRrE/\n" +
+        "Tu+hsf3tBEsCgYBBltsKmXerKJW/tbS1rLMiM4DW6JNHiTqdbUlTIBpwwd0xBuYj\n" +
+        "N3Dvz3RoWC2Bx9TaTaq8b0p1C88MB+RBR51+SMnVHQ9t+KWQlLgKnj9oACmUpAIn\n" +
+        "UUc5BeaoGDUCPvqQCTOHzuVZsrs8YBwdtR/gh79sybU+ux8damcWrEfRcwKBgEsU\n" +
+        "HrZHLMWU8PROtz+w/tGI4aR/Y/A5m9F6QI6sqc10AQoVcFHj74km6Auj0pL3NK/9\n" +
+        "Ioc2Phwou9caO+8qx6GRN4cxrI8DsUbRmT1kSzYNoU56qILY8fXPYtdyGzhI41rN\n" +
+        "/RiupLD4/awmf21ytpfHcmOWCcdQoE4WC69a6VyVAoGAboeogM5/TRKj80rXfUH2\n" +
+        "lFZzgX246XGwNyOVVgOuv/Oxa61b5FeeCpnFQcjpZmC5vd63X3w7oYSDe2wUt+Wh\n" +
+        "LhYunmcCEj+yb3of33loQb/FM2OLW9UoQakB7ewio9vtw+BAnWxnHFkEaqdxMXpy\n" +
+        "TiSXLpQ1Q9GvDpzngDzJzzY=";
 
     // Certificate information:
     // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
     // Validity
-    //     Not Before: May  5 02:41:02 2012 GMT
-    //     Not After : Jan 21 02:41:02 2032 GMT
+    //     Not Before: Dec 20 14:21:29 2019 GMT
+    //     Not After : Dec 17 14:21:29 2029 GMT
     // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=InterOp Tester
     // X509v3 Subject Key Identifier:
-    //     57:7D:E2:33:33:60:DF:DD:5E:ED:81:3F:EB:F2:1B:59:7F:50:9C:99
+    //     1F:E4:C0:F5:B8:68:DB:D2:EB:9E:6F:BB:B5:9E:92:6D:BA:7D:97:3A
     // X509v3 Authority Key Identifier:
-    //     keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8
+    //     keyid:B4:E8:EA:80:A9:2B:F5:62:B5:2C:A6:F8:FF:65:BC:CF:51:40:9C:15
     static String clientCertStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICaTCCAdKgAwIBAgIBBTANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" +
-        "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAyWhcNMzIwMTIxMDI0MTAy\n" +
-        "WjBUMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" +
-        "RSBUZXN0IFNlcml2Y2UxFzAVBgNVBAMTDkludGVyT3AgVGVzdGVyMIGfMA0GCSqG\n" +
-        "SIb3DQEBAQUAA4GNADCBiQKBgQC1pA71nDg1KhhnHjRdi/eVDUa7uFZAtN8R9huu\n" +
-        "pTwFoyqSX8lDMz8jDawOMmaI9dVZLjTh3hnf4KBEqQOearFVz45yBOjlgPLBuI4F\n" +
-        "D/ORhgmDaIu2NK+c1yj6YQlyiO0DPwh55GtPLVG3iuEpejU7gQyaMuTaddoXrO7s\n" +
-        "xwzanQIDAQABo08wTTALBgNVHQ8EBAMCA+gwHQYDVR0OBBYEFFd94jMzYN/dXu2B\n" +
-        "P+vyG1l/UJyZMB8GA1UdIwQYMBaAFDkOxjOxULxzBzHl2AT3u5dVz5vIMA0GCSqG\n" +
-        "SIb3DQEBBAUAA4GBAHTgB5W7wnl7Jnb4wNQcb6JdR8FRHIdslcRfnReFfZBHZZux\n" +
-        "ChpA1lf62KIzYohKoxQXXMul86vnVSHnXq5xctHEmxCBnALEnoAcCOv6wfWqEA7g\n" +
-        "2rX+ydmu+0ArbqKhSOypZ7K3ame0UOJJ6HDxdsgBYJuotmSou4KKq9e8GF+d\n" +
+        "MIIDgTCCAmmgAwIBAgIUHFQOStLURT5sQ57OWO2z8iNJ9P8wDQYJKoZIhvcNAQEL\n" +
+        "BQAwUDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEphdmExHTAbBgNVBAsMFFN1bkpT\n" +
+        "U0UgVGVzdCBTZXJpdmNlMRMwEQYDVQQDDApjZXJ0aXNzdWVyMB4XDTE5MTIyMDE0\n" +
+        "MjEyOVoXDTI5MTIxNzE0MjEyOVowVDELMAkGA1UEBhMCVVMxDTALBgNVBAoMBEph\n" +
+        "dmExHTAbBgNVBAsMFFN1bkpTU0UgVGVzdCBTZXJpdmNlMRcwFQYDVQQDDA5JbnRl\n" +
+        "ck9wIFRlc3RlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMXA3NV+\n" +
+        "pDnwnQgXFQ7WeDtcTe4qDQV9tDj9cRZFqQXo94C30lkuXzdH761bZB84DESV0qLI\n" +
+        "k6/n+D9SOsg7SPe7uejG24rph/VpPANrPXo8jxwh/KW+8y0pYNigFUZDi+mEDAOG\n" +
+        "gyqaAbahQePDYTa09uY3MTTOcaUnKZEJkfVZnmrwmcH7qapCCz0N4Mv6Xddi87Fk\n" +
+        "j9R225XXW5ZZ+jwVGi1WubjxqLpbQo9VwdTgozBfxwzjQQWDOlUIics3RRaV4Yz0\n" +
+        "F3Sr4xZiq09O4x8ZT8jrQgduzVZhWjc7rHHbBeMmVBhOveSCvu54onZ2Y+G7+xU/\n" +
+        "Zc1Z6s2Wb5N2I40CAwEAAaNPME0wHQYDVR0OBBYEFB/kwPW4aNvS655vu7Wekm26\n" +
+        "fZc6MB8GA1UdIwQYMBaAFLTo6oCpK/VitSym+P9lvM9RQJwVMAsGA1UdDwQEAwID\n" +
+        "6DANBgkqhkiG9w0BAQsFAAOCAQEAdgWs2wVkPoOrShdYTJM2/v7sDYENCsj3VGEq\n" +
+        "NvTeL98FCjRZhRmozVi0mli6z2LjDM/858vZoJWDJ08O0XvhXT4yJWWHCJz4xTY1\n" +
+        "GBern25Y8VjZGUwAIzK3EDjYzJCZpbhBREF8XZx46OxHt04BKtQwJKBtpJ1/6bRS\n" +
+        "wvia3wGspFLW78P2Y5rFXzqptaqBD06Dcc4xBgvFLSocSKUzLc8BdNsixtPBQZNs\n" +
+        "l3X3TUNYoYW677E7EWO8NHUJg+2Qbpo11tkb0AyScSxOu2aHuPfYIchRZXnDdq20\n" +
+        "tL85OZz8ov7d2jVet/w7FD4M5XfcogsNtpX4kaMsctyvQbDYRA==\n" +
         "-----END CERTIFICATE-----";
     static String clientPrivateKey = // Private key in the format of PKCS#8
-        "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALWkDvWcODUqGGce\n" +
-        "NF2L95UNRru4VkC03xH2G66lPAWjKpJfyUMzPyMNrA4yZoj11VkuNOHeGd/goESp\n" +
-        "A55qsVXPjnIE6OWA8sG4jgUP85GGCYNoi7Y0r5zXKPphCXKI7QM/CHnka08tUbeK\n" +
-        "4Sl6NTuBDJoy5Np12hes7uzHDNqdAgMBAAECgYEAjLwygwapXjfhdHQoqpp6F9iT\n" +
-        "h3sKCVSaybXgOO75lHyZzZO9wv1/288KEm3mmBOxXEm6245UievnAYvaq/GKt93O\n" +
-        "pj2zRefBzZjGbz0v84fmna/MN6zUUYX1PcVRMKWLx9HKKmQihzwoXdBX0o9PPXdi\n" +
-        "LfzujNa/q8/mpI5PmEECQQDZwLSaL7OReWZTY4NoQuNzwhx5IKJUOtCFQfmHKZSW\n" +
-        "wtXntZf+E5W9tGaDY5wjpq5cilKDAHdEAlFWxDe1PoE1AkEA1YuTBpctOLBfquFn\n" +
-        "Y/S3lzGVlnIHDk3dj4bFglkoJ2bCdlwRNUyBSjAjBDcbYhper8S7GlEN5SiEdz9I\n" +
-        "3OjIyQJBAKEPMgYhZjYhjxf6sQV7A/VpC9pj0u1uGzGVXNUmYisorUKXRHa/UbBh\n" +
-        "MLnaAXE1Jh54iRMwUwbQmA0PUQ0T0EkCQQCcr6/umwhkWw2nHYK2Vf5LoudGn15M\n" +
-        "AZg7UsEjVnXfC0hOfllmCT+ohs96rVCbWAv33lsHAUg3x9YChV3aMbf5AkAj1kuV\n" +
-        "jUTgFKjediyQC6uof7YdLn+gQGiXK1XE0GBN4WMkzcLiS0jC+MFTgKfFnFdh9K0y\n" +
-        "fswYKdTA/o8RKaa5";
+        "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFwNzVfqQ58J0I\n" +
+        "FxUO1ng7XE3uKg0FfbQ4/XEWRakF6PeAt9JZLl83R++tW2QfOAxEldKiyJOv5/g/\n" +
+        "UjrIO0j3u7noxtuK6Yf1aTwDaz16PI8cIfylvvMtKWDYoBVGQ4vphAwDhoMqmgG2\n" +
+        "oUHjw2E2tPbmNzE0znGlJymRCZH1WZ5q8JnB+6mqQgs9DeDL+l3XYvOxZI/UdtuV\n" +
+        "11uWWfo8FRotVrm48ai6W0KPVcHU4KMwX8cM40EFgzpVCInLN0UWleGM9Bd0q+MW\n" +
+        "YqtPTuMfGU/I60IHbs1WYVo3O6xx2wXjJlQYTr3kgr7ueKJ2dmPhu/sVP2XNWerN\n" +
+        "lm+TdiONAgMBAAECggEBAK3PX8n+L1YFl9++efG6q55w+MX2C8/htn/IspbCz1a0\n" +
+        "dqWZ67YavfGWtqCGDTArUQ0PKj2NUdFwb48oNSY8hVvIkhR4hApKTAd1YRwYK8a+\n" +
+        "Z4JwlOERPidZkReVTF2fjN/IAc8vcSYGiq78eS85UL6Gu+OIayVgth5Ul4I1CSa8\n" +
+        "+b0n/RAI+yk2HxKlkq40Ofn0VWiGg1dLP2MPwwPNIk+w7nKUysfPmXCHfyBr+CZv\n" +
+        "1BQ0E/tVau9wsyCjO6wxFsAKteBGdYa0ToEeT0D8MEeY9leKhAAxRneBVCz9AfHj\n" +
+        "wMGYucxwL0cDLi1IjZB5wlvm5JPqNCKrkHE2XE+UyTkCgYEA/iNP11cqHNPItoXP\n" +
+        "D2wN4uX60kLNbzZ2dOF1ItybS8OcQvTxA1XulARiCVDIT/+QDETbDQclfhgMOfhe\n" +
+        "ZCdMrL5RG0YTwg9OGbLcA+8gqd9e/3gs9g8pWNdCfuGIwsnJbpO7iBoCBzHaHHJJ\n" +
+        "PbWDFS6jxvsqKIGPPwrhL9yp4VMCgYEAxzPKNLclBHorUs9rYRqiG9NTkLRNx4ll\n" +
+        "LUh0FBItOnG85BxkjQaIlzimNvXZEzZnpOtblugAszxFyq2KTEE9qeB/V3w3FkXi\n" +
+        "PSpDG5sdRHnl5Qu4PuQ9WsmN7g193tOEdtWQ4NKxPqlC72ehqVDOY7In2quYLUiq\n" +
+        "C377esv0658CgYAJ0I1N0LT0pg0zV1mWy+KBZ8ZXBnNunxjWDLr8XK62r1hCkbkZ\n" +
+        "GuF63+x1VaRWypTilGotR6BgDUezmW7zyTzB0xvIxN0QeozWmzy5/isxxEmj7h02\n" +
+        "Z4F+R9nukoE4nJhl59ivOenoIzm8LYG8m1zznXh/v8VyCQbiNWZa9dettwKBgQDB\n" +
+        "Yz4DP2noltJIaqXMd5a5fMe7y89Wz8Qx2g0XDy5pdtHygr37S0R/yrdS1AoR5Ndp\n" +
+        "/DPGpSVI3FLFGQUSUqQSr6fwvt6b+OxShRzxR/155P2TB3WvWNVXtiTb3q08Dgyj\n" +
+        "cWJdYS5BrwEUen8vaQt1LhgS6lOqYsjysCxkYm078QKBgEJuq4RzecgiGx8srWDb\n" +
+        "pQKpxrdEt82Y7OXLVj+W9vixcW/xUYhDYGsfdUigZoOjo4nV8KVmMbuI48PIYwnw\n" +
+        "haLwWrBWlki4x9MRwuZUdewOYoo7hDZToZmIDescdiwv8CA/Dg9kOX3YYLPW+cWl\n" +
+        "i1pnyMPaloBOhz3Y07sWXxCz";
 
     static char passphrase[] = "passphrase".toCharArray();
 
@@ -312,7 +387,7 @@
         SSLServerSocketFactory sslssf = context.getServerSocketFactory();
 
         SSLServerSocket sslServerSocket =
-            (SSLServerSocket)sslssf.createServerSocket(serverPort);
+                (SSLServerSocket) sslssf.createServerSocket(serverPort);
         serverPort = sslServerSocket.getLocalPort();
         SSLSocket sslSocket = null;
         try {
@@ -356,8 +431,7 @@
         SSLSocketFactory sslsf = context.getSocketFactory();
 
         SSLSocket sslSocket =
-            (SSLSocket)sslsf.createSocket("localhost", serverPort);
-        sslSocket.setEnabledProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });
+                (SSLSocket) sslsf.createSocket("localhost", serverPort);
         try {
             InputStream sslIS = sslSocket.getInputStream();
             OutputStream sslOS = sslSocket.getOutputStream();
@@ -458,16 +532,9 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
-        // MD5 is used in this test case, don't disable MD5 algorithm.
-        Security.setProperty("jdk.certpath.disabledAlgorithms",
-                "MD2, RSA keySize < 1024");
-        Security.setProperty("jdk.tls.disabledAlgorithms",
-                "SSLv3, RC4, DH keySize < 768");
-
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
-
         /*
          * Get the customized arguments.
          */
@@ -561,5 +628,4 @@
             doClientSide();
         }
     }
-
 }
--- a/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,18 +35,14 @@
  * @author Xuelei Fan
  */
 
-import java.net.*;
-import java.util.*;
 import java.io.*;
 import javax.net.ssl.*;
-import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.spec.*;
 import java.security.interfaces.*;
-import java.math.BigInteger;
 
 import java.util.Base64;
 
@@ -71,78 +67,95 @@
     // Certificate information:
     // Issuer: C=US, O=Example, CN=localhost
     // Validity
-    //     Not Before: May 25 00:35:58 2009 GMT
-    //     Not After : May  5 00:35:58 2030 GMT
+    //     Not Before: Dec 19 06:11:58 2019 GMT
+    //     Not After : Dec 16 06:11:58 2029 GMT
     // Subject: C=US, O=Example, CN=localhost
     // X509v3 Subject Key Identifier:
-    //     56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF
+    //     80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1
     // X509v3 Authority Key Identifier:
-    //     keyid:56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF
-    //     DirName:/C=US/O=Example/CN=localhost
-    //     serial:00
+    //     keyid:80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1
     static String trusedCertStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICejCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQQFADAzMQswCQYDVQQGEwJVUzEQ\n" +
-        "MA4GA1UEChMHRXhhbXBsZTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MDUyNTAw\n" +
-        "MDQ0M1oXDTMwMDUwNTAwMDQ0M1owMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4\n" +
-        "YW1wbGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n" +
-        "gYkCgYEA0Wvh3FHYGQ3vvw59yTjUxT6QuY0fzwCGQTM9evXr/V9+pjWmaTkNDW+7\n" +
-        "S/LErlWz64gOWTgcMZN162sVgx4ct/q27brY+SlUO5eSud1fSac6SfefhOPBa965\n" +
-        "Xc4mnpDt5sgQPMDCuFK7Le6A+/S9J42BO2WYmNcmvcwWWrv+ehcCAwEAAaOBnTCB\n" +
-        "mjAdBgNVHQ4EFgQUq3q5fYEibdvLpab+JY4pmifj2vYwWwYDVR0jBFQwUoAUq3q5\n" +
-        "fYEibdvLpab+JY4pmifj2vahN6Q1MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdF\n" +
-        "eGFtcGxlMRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwDwYDVR0TAQH/BAUwAwEB/zAL\n" +
-        "BgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEEBQADgYEAHL8BSwtX6s8WPPG2FbQBX+K8\n" +
-        "GquAyQNtgfJNm60B4i+fVBkJiQJtLmE0emvHx/3sIaHmB0Gd0HKnk/cIQXY304vr\n" +
-        "QpqwudKcIZuzmj+pa7807joV+WzRDVIlt4HpYg7tiUvEoyw+X8jwY2lgiGR7mWu6\n" +
-        "jQU8PN/06+qgtvSGFpo=\n" +
+        "MIIDRzCCAi+gAwIBAgIUFjy13iZYWMGQcGF4svfix/9q4dcwDQYJKoZIhvcNAQEL\n" +
+        "BQAwMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxv\n" +
+        "Y2FsaG9zdDAeFw0xOTEyMTkwNjExNThaFw0yOTEyMTYwNjExNThaMDMxCzAJBgNV\n" +
+        "BAYTAlVTMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi\n" +
+        "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy57BG8Dt+a4ZwWGM07f0z/mzK\n" +
+        "T/myXM4W//3pkZxO0+4oyYM7G8ks9O64NPpA0CpTPCpfY6dI1Y/kwBUdSoqx2D8t\n" +
+        "OEfHOat2/AQvvWmEChFH4ZmmQFkLXBy0ueDq0TJbEd94+WhL3q9bA4uqvBsuuaTt\n" +
+        "bX/GyOC52bpjg0TWY4BRdRVhveISZvqOCoqqJ1aPOnfxqySaZIC34q9gdUCUNxZD\n" +
+        "qjhuQF3Q0xYsNGZSUmnKj3/0GS600BwQPqSHy287Vda88NvqJGFS4DKrw3HV3Wsk\n" +
+        "IHGN+tzB5THBy70XrE+XIdXJ/I86q+FvNcTnJygn2nVNG4+vUhW8S3BzTiKPAgMB\n" +
+        "AAGjUzBRMB0GA1UdDgQWBBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTAfBgNVHSMEGDAW\n" +
+        "gBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n" +
+        "DQEBCwUAA4IBAQBX7icKmR/iUPJhfnvNHiqsyTIcowY3JSAJAyJFrViKx2tdo+qq\n" +
+        "yA+EUsZlZsCwhiiG4/SjFxgaAp0Z3BBmsO/njWUEx3/fSufTHcs0+fPNkFLru5Lr\n" +
+        "das4wW9Cv/wO4rz2L6qK/x7+r/wkPccaqxTpdZvXqDid2va5Lv3F7jOW5ns13piZ\n" +
+        "z571RCpmhGSytYKFrAOGoI4ZBWXrkCiYQZ8KvhdBQP/MNJM+e6ajtF27rK08XTao\n" +
+        "mW3FXfK6SjKQDGVwtNJ7M1qGutIpe0pNBGwvDpQuY2mk0Le46OXdaQ7AAzE+OnRJ\n" +
+        "1uRDV+p95MzhtolPgB3I8Rzyd23nfrx6uxMA\n" +
         "-----END CERTIFICATE-----";
 
     // Certificate information:
     // Issuer: C=US, O=Example, CN=localhost
     // Validity
-    //     Not Before: May 25 00:35:58 2009 GMT
-    //     Not After : May  5 00:35:58 2030 GMT
+    //     Not Before: Dec 19 06:12:04 2019 GMT
+    //     Not After : Dec 16 06:12:04 2029 GMT
     // Subject: C=US, O=Example, CN=localhost
     // X509v3 Subject Key Identifier:
-    //     0D:30:76:22:D6:9D:75:EF:FD:83:50:31:18:08:83:CD:01:4E:6A:C4
+    //     73:79:B7:73:F5:41:BB:3A:90:07:87:F2:CA:A5:B3:C3:45:E0:18:E0
     // X509v3 Authority Key Identifier:
-    //     keyid:56:AB:FE:15:4C:9C:4A:70:90:DC:0B:9B:EB:BE:DC:03:CC:7F:CE:CF
-    //     DirName:/C=US/O=Example/CN=localhost
-    //     serial:00
+    //     keyid:80:67:BA:EE:10:6A:E3:8E:3E:8E:F7:2D:90:B6:FD:F9:54:87:47:B1
     static String targetCertStr =
         "-----BEGIN CERTIFICATE-----\n" +
-        "MIICaTCCAdKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAzMQswCQYDVQQGEwJVUzEQ\n" +
-        "MA4GA1UEChMHRXhhbXBsZTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA5MDUyNTAw\n" +
-        "MDQ0M1oXDTI5MDIwOTAwMDQ0M1owMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4\n" +
-        "YW1wbGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n" +
-        "gYkCgYEAzmPahrH9LTQv3HEWsua+hIpzyU1ACooSd5BtDjc7XnVzSdGW8QD9R8EA\n" +
-        "xko7TvfJo6IH6wwgHBspySwsl+6xvHhbwQjgtWlT71ksrUbqcUzmvSvcycQYA8RC\n" +
-        "yk9HK5pEJQgSxldpR3Kmy0V6CHC4dCm15trnJYWisTuezY3fjXECAwEAAaOBjDCB\n" +
-        "iTAdBgNVHQ4EFgQUQkiWFRkjKsfwFo7UMQfGEzNNW60wWwYDVR0jBFQwUoAUq3q5\n" +
-        "fYEibdvLpab+JY4pmifj2vahN6Q1MDMxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdF\n" +
-        "eGFtcGxlMRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwCwYDVR0PBAQDAgPoMA0GCSqG\n" +
-        "SIb3DQEBBAUAA4GBAIMz7c1R+6KEO7FmH4rnv9XE62xkg03ff0vKXLZMjjs0CX2z\n" +
-        "ybRttuTFafHA6/JS+Wz0G83FCRVeiw2WPU6BweMwwejzzIrQ/K6mbp6w6sRFcbNa\n" +
-        "eLBtzkjEtI/htOSSq3/0mbKmWn5uVJckO4QiB8kUR4F7ngM9l1uuI46ZfUsk\n" +
+        "MIIDNjCCAh6gAwIBAgIURM+bID1TFw41Z/Vz9tPp7HzpH7QwDQYJKoZIhvcNAQEL\n" +
+        "BQAwMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxv\n" +
+        "Y2FsaG9zdDAeFw0xOTEyMTkwNjEyMDRaFw0yOTEyMTYwNjEyMDRaMDMxCzAJBgNV\n" +
+        "BAYTAlVTMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi\n" +
+        "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtxQXQdTlZNoASIE0TM+tgtUY3\n" +
+        "jnu0EymO+RGljOIFYhz2MxN0OQ5ABofxdIhbSqtoCO9HbsVWIPKOvbACoAJ4HjTV\n" +
+        "antLPlvCqbUoR96q6JWbnbQ6uZOsgiQTveQMhLJ+k9BehzcwKvwCFGNY3qW0xwUv\n" +
+        "mXKWRveRAbTOjZ3i1YzcmkLOwYaeyt2Al3jPCbZySUlB94NRRAQZ4RzqfuetAvEd\n" +
+        "LFW1fXNwL5bHE7JbJkWInciLOqHf5GuyXDjKE8Oz2/Ywv/5C2K2LtWa1g5jIEQtB\n" +
+        "cjRa9Cjwcrs8peisC5OmL5cbJweNKr6H0mrVR8KFdFHUmM5X4uSiOMVFr/rTAgMB\n" +
+        "AAGjQjBAMB0GA1UdDgQWBBRzebdz9UG7OpAHh/LKpbPDReAY4DAfBgNVHSMEGDAW\n" +
+        "gBSAZ7ruEGrjjj6O9y2Qtv35VIdHsTANBgkqhkiG9w0BAQsFAAOCAQEAZ/Ijlics\n" +
+        "YGCw9k4he3ZkNfqCPFTJKgkbTuM1Cy+aCXzhhdGKCZ2R0Xyi3ma3snwPtqHy5Aru\n" +
+        "WwoGssxL6S8+Pb/BPZ9OelU7lEmS69AeBKOHHIEs+wEi2oco8J+WU1O4zekP8Clv\n" +
+        "hHuwPhoL6g0aAUXAISaqYpHYC15oXGOJcC539kgv4VrL9UZJekxtDERUXKyzW+UC\n" +
+        "ZBPalts1zM5wD43+9PuoeLiPdvMg1kH4obJYnj23zej41iwqPOWhgm0NuGoJVjSg\n" +
+        "4YqtS1ePD/I2oRV0bu4P7Q72cMYdcFHfPDoe3vCcEMxUTgGBaoPHw9GwEeRoWn/L\n" +
+        "whBwzXBsD0aZqQ==\n" +
         "-----END CERTIFICATE-----";
 
     // Private key in the format of PKCS#8
     static String targetPrivateKey =
-        "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAM5j2oax/S00L9xx\n" +
-        "FrLmvoSKc8lNQAqKEneQbQ43O151c0nRlvEA/UfBAMZKO073yaOiB+sMIBwbKcks\n" +
-        "LJfusbx4W8EI4LVpU+9ZLK1G6nFM5r0r3MnEGAPEQspPRyuaRCUIEsZXaUdypstF\n" +
-        "eghwuHQpteba5yWForE7ns2N341xAgMBAAECgYEAgZ8k98OBhopoJMLBxso0jXmH\n" +
-        "Dr59oiDlSEJku7DkkIajSZFggyxj5lTI78BfT1FASozQ/EY5RG2q6LXdq+41oU/U\n" +
-        "JVEQWhdIE1mQDwE0vgaYdjzMaVIsC3cZYOCOmCYvNxCiTt7e/z8yBMmAE5udqJMB\n" +
-        "pim4WXDfpy0ssK81oCECQQDwMC4xu+kn0yD/Qyi9Zn26gIRDv4bjzDQoJfSvMhrY\n" +
-        "a4duxLzh9u4gCDd0+wHxpPQvNxGCk0c1JUxBJ2rb4G3HAkEA2/oVRV6+xiRXUnoo\n" +
-        "bdPEO27zEJmdpE42yU/JLIy6DPu2IUhEqY45fU2ZERmwMdhpiK/vsf/CZKJ2j/ZU\n" +
-        "PdMLBwJBAJIYTFDWAqjFpCGAASzLRZiGiW0H941h7Suqgp159ZhEN5mps1Yis47q\n" +
-        "UIkoEHOiKSD69vychsiNykcrKbVaWosCQQC1UrYX4Vo1r5z/EkyjAwzcxL68rzM/\n" +
-        "TW1hkU/NVg7CRvXBB3X5oY+H1t/WNauD2tRa5FMbESwmkbhTQIP+FikfAkEA4goD\n" +
-        "HCxUn0Z1OQq9QL6y1Yoof6sHxicUwABosuCLJnDJmA5vhpemvdXQTzFII8g1hyQf\n" +
-        "z1yyDoxhddcleKlJvQ==";
+        "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCtxQXQdTlZNoAS\n" +
+        "IE0TM+tgtUY3jnu0EymO+RGljOIFYhz2MxN0OQ5ABofxdIhbSqtoCO9HbsVWIPKO\n" +
+        "vbACoAJ4HjTVantLPlvCqbUoR96q6JWbnbQ6uZOsgiQTveQMhLJ+k9BehzcwKvwC\n" +
+        "FGNY3qW0xwUvmXKWRveRAbTOjZ3i1YzcmkLOwYaeyt2Al3jPCbZySUlB94NRRAQZ\n" +
+        "4RzqfuetAvEdLFW1fXNwL5bHE7JbJkWInciLOqHf5GuyXDjKE8Oz2/Ywv/5C2K2L\n" +
+        "tWa1g5jIEQtBcjRa9Cjwcrs8peisC5OmL5cbJweNKr6H0mrVR8KFdFHUmM5X4uSi\n" +
+        "OMVFr/rTAgMBAAECggEAIFDvz+C9FZZJIxXWv6d8MrQDpvlckBSwOeKgIYWd0xp4\n" +
+        "AGFnUMn7mHSee40Mfs3YKrTeqw4yrN3bvigQv6w6SVR0xuvSmh+yuPUOt7sF8grn\n" +
+        "J9WgWvuANyjMxM8fxiQ3fcrHiYzj+pVD4K8h+rkNYB1THZMP+FqiV9lVYsR7hF+b\n" +
+        "1D967LB4oLmAaMExaSo23NZLGVTxZSxxGw6Qidz7CyKvIdVXnNIEzMnuXX60xiJm\n" +
+        "PnLyZUKDmlw5kI4KaDG+6OIOpDu2FGCFVLZmycs4Ri6h6xJp3jhKAVjCcZJUty80\n" +
+        "+rBfAx4BHfDrcgyEiTN7NA8gnnCzUc6uX6I/tm62gQKBgQDniWuFjSzhaAhj04+N\n" +
+        "vG8sQjfVmTbON6SfFfujR/Z57qamJ8zcS/REHfc5swdn9uUTJ2xoRRNCwKZyuMXo\n" +
+        "4B2/O9+sKfEPYGyjAyGo6E4rGLRNcw6Tb8hx/EFvfTOunwapynOJDDs2Z6FzWNIx\n" +
+        "x4+FHs9hStwL/OTdXF/OY2vGsQKBgQDAIR93LrCC6OpGi89/UDIwpT9pFLa8cvpr\n" +
+        "1MUNlHhcxQusPUgWT4pTucF/SQpPf77g3YNb5pt3DG0GELM8YAB0Uv9oZIWfJoFY\n" +
+        "ebYy6tMVxhHhT0OuryMj48BMHnQG78hq8+c0NnjK7jXV6t0iKjN8ANnFqAovm+U9\n" +
+        "VMobar5CwwKBgFCKN9GsCxmZg5meBQiLrKxbmGp/slXHe0cvcWoZ5T4C6wtPOu7C\n" +
+        "qQRs3AvBH+llM8gW5ZnbtVh6BSxQ498e3pof7K1JpaXwp7mIpFPKAy7wl/9872wP\n" +
+        "7UzhL63lgm3SuZGkb84TaCGDqOCj2/Ie9eibkA3K6YJuBPqPYHA9m0bxAoGARdcE\n" +
+        "iB9pvHyMRM6nw8DULciz7y+/aWtmSnJSmyggRKDAKIEyRiHtx5eblfhoDhQCv9zl\n" +
+        "1i9SzgivTOgfL1A6eg59l2YLCJpHpHDB4WppBt40O7HDialSXcZ5bXIYfTkGopI8\n" +
+        "tkciy6mh2jwA3F14z5fDkc0OvtWtlAjRWvwHY18CgYAPONVJtVFiMogBU5Iyv1LB\n" +
+        "oygn6AFvTI8Pjy2g5GsJBbRnKFjAJrP7HpgUxLdW+Mlnv3Xgtr/L6ep+VKoXTEwv\n" +
+        "Y83gliDwG2YRjaUbkMfQqcm20/Pi4XPwhy5pwTVsXVBfzKzqJjKAFk97BD9xCUIH\n" +
+        "FOGe+jaEsWvaEQrH5y17FQ==";
 
     static char passphrase[] = "passphrase".toCharArray();
 
@@ -209,7 +222,6 @@
 
         SSLSocket sslSocket =
             (SSLSocket)sslsf.createSocket("localhost", serverPort);
-        sslSocket.setEnabledProtocols(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });
 
         InputStream sslIS = sslSocket.getInputStream();
         OutputStream sslOS = sslSocket.getOutputStream();
@@ -306,16 +318,9 @@
     volatile Exception clientException = null;
 
     public static void main(String args[]) throws Exception {
-        // MD5 is used in this test case, don't disable MD5 algorithm.
-        Security.setProperty("jdk.certpath.disabledAlgorithms",
-                "MD2, RSA keySize < 1024");
-        Security.setProperty("jdk.tls.disabledAlgorithms",
-                "SSLv3, RC4, DH keySize < 768");
-
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
-
         /*
          * Get the customized arguments.
          */
--- a/test/sun/security/tools/jarsigner/TimestampCheck.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/TimestampCheck.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
 /*
  * @test
  * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8169688 8171121
- *      8180289
+ *      8180289 8172404
  * @summary checking response of timestamp
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.timestamp
@@ -221,7 +221,8 @@
 
             // Always use the same algorithm at timestamp signing
             // so it is different from the hash algorithm.
-            Signature sig = Signature.getInstance("SHA1withRSA");
+            String sigAlg = "SHA256withRSA";
+            Signature sig = Signature.getInstance(sigAlg);
             sig.initSign((PrivateKey)(ks.getKey(
                     alias, "changeit".toCharArray())));
             sig.update(tstInfo.toByteArray());
@@ -238,7 +239,9 @@
             SignerInfo signerInfo = new SignerInfo(
                     new X500Name(signer.getIssuerX500Principal().getName()),
                     signer.getSerialNumber(),
-                    AlgorithmId.get("SHA-1"), AlgorithmId.get("RSA"), sig.sign());
+                    AlgorithmId.get(AlgorithmId.getDigAlgFromSigAlg(sigAlg)),
+                    AlgorithmId.get(AlgorithmId.getEncAlgFromSigAlg(sigAlg)),
+                    sig.sign());
 
             SignerInfo[] signerInfos = {signerInfo};
             PKCS7 p7 = new PKCS7(algorithms, contentInfo,
@@ -415,43 +418,107 @@
                         .shouldContain("TSAPolicyID changed in timestamp token")
                         .shouldHaveExitValue(1);
 
-                sign("sha1alg", "-tsadigestalg", "SHA")
+                sign("sha384alg", "-tsadigestalg", "SHA-384")
                         .shouldHaveExitValue(0);
-                checkTimestamp("sha1alg.jar", defaultPolicyId, "SHA-1");
+                checkTimestamp("sha384alg.jar", defaultPolicyId, "SHA-384");
 
-                sign("tsweak", "-digestalg", "MD5",
+                // Legacy algorithms
+                signVerbose(null, "unsigned.jar", "sha1alg.jar", "signer",
+                        "-strict", "-digestalg", "SHA-1")
+                        .shouldHaveExitValue(0)
+                        .shouldContain("jar signed, with signer errors")
+                        .shouldMatch("SHA-1.*-digestalg.*will be disabled");
+                verify("sha1alg.jar", "-strict")
+                        .shouldHaveExitValue(0)
+                        .shouldContain("jar verified, with signer errors")
+                        .shouldContain("SHA-1 digest algorithm is considered a security risk")
+                        .shouldContain("This algorithm will be disabled in a future update")
+                        .shouldNotContain("is disabled");
+
+                sign("sha1tsaalg", "-tsadigestalg", "SHA-1", "-strict")
+                        .shouldHaveExitValue(0)
+                        .shouldContain("jar signed, with signer errors")
+                        .shouldMatch("SHA-1.*-tsadigestalg.*will be disabled")
+                        .shouldNotContain("is disabled");
+                verify("sha1tsaalg.jar", "-strict")
+                        .shouldHaveExitValue(0)
+                        .shouldContain("jar verified, with signer errors")
+                        .shouldContain("SHA-1 digest algorithm is considered a security risk")
+                        .shouldNotContain("is disabled");
+
+                // Disabled algorithms
+                sign("tsdisabled", "-digestalg", "MD5",
                                 "-sigalg", "MD5withRSA", "-tsadigestalg", "MD5")
                         .shouldHaveExitValue(68)
-                        .shouldContain("The timestamp is invalid. Without a valid timestamp");
-                checkWeak("tsweak.jar");
+                        .shouldContain("The timestamp is invalid. Without a valid timestamp")
+                        .shouldMatch("MD5.*-digestalg.*is disabled")
+                        .shouldMatch("MD5.*-tsadigestalg.*is disabled")
+                        .shouldMatch("MD5withRSA.*-sigalg.*is disabled");
+                checkDisabled("tsdisabled.jar");
 
-                signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer")
+                signVerbose("tsdisabled", "unsigned.jar", "tsdisabled2.jar", "signer")
                         .shouldHaveExitValue(64)
                         .shouldContain("The timestamp is invalid. Without a valid timestamp")
                         .shouldContain("TSA certificate chain is invalid");
 
-                // Weak timestamp is an error and jar treated unsigned
-                verify("tsweak2.jar", "-verbose")
+                // Disabled timestamp is an error and jar treated unsigned
+                verify("tsdisabled2.jar", "-verbose")
                         .shouldHaveExitValue(16)
                         .shouldContain("treated as unsigned")
-                        .shouldMatch("Timestamp.*512.*weak");
+                        .shouldMatch("Timestamp.*512.*(disabled)");
+
+                // Algorithm used in signing is disabled
+                signVerbose("normal", "unsigned.jar", "halfDisabled.jar", "signer",
+                        "-digestalg", "MD5")
+                        .shouldContain("-digestalg option is considered a security risk and is disabled")
+                        .shouldHaveExitValue(4);
+                checkHalfDisabled("halfDisabled.jar");
+
+                // sign with DSA key
+                signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey")
+                        .shouldHaveExitValue(0);
+
+                // sign with RSAkeysize < 1024
+                signVerbose("normal", "sign1.jar", "sign2.jar", "disabledkeysize")
+                        .shouldContain("Algorithm constraints check failed on keysize")
+                        .shouldHaveExitValue(4);
+                checkMultiple("sign2.jar");
+
+                // Legacy algorithms
+                sign("tsweak", "-digestalg", "SHA1",
+                                "-sigalg", "SHA1withRSA", "-tsadigestalg", "SHA1")
+                        .shouldHaveExitValue(0)
+                        .shouldMatch("SHA1.*-digestalg.*will be disabled")
+                        .shouldMatch("SHA1.*-tsadigestalg.*will be disabled")
+                        .shouldMatch("SHA1withRSA.*-sigalg.*will be disabled");
+                checkWeak("tsweak.jar");
+
+                signVerbose("tsweak", "unsigned.jar", "tsweak2.jar", "signer")
+                        .shouldHaveExitValue(0);
+
+                verify("tsweak2.jar", "-verbose")
+                        .shouldHaveExitValue(0)
+                        .shouldContain("jar verified")
+                        .shouldMatch("Timestamp.*1024.*(weak)");
 
                 // Algorithm used in signing is weak
                 signVerbose("normal", "unsigned.jar", "halfWeak.jar", "signer",
-                        "-digestalg", "MD5")
-                        .shouldContain("-digestalg option is considered a security risk")
-                        .shouldHaveExitValue(4);
+                        "-digestalg", "SHA1")
+                        .shouldContain("-digestalg option is considered a security risk.")
+                        .shouldContain("This algorithm will be disabled in a future update.")
+                        .shouldHaveExitValue(0);
                 checkHalfWeak("halfWeak.jar");
 
                 // sign with DSA key
                 signVerbose("normal", "unsigned.jar", "sign1.jar", "dsakey")
                         .shouldHaveExitValue(0);
 
-                // sign with RSAkeysize < 1024
+                // sign with RSAkeysize < 2048
                 signVerbose("normal", "sign1.jar", "sign2.jar", "weakkeysize")
-                        .shouldContain("Algorithm constraints check failed on keysize")
-                        .shouldHaveExitValue(4);
-                checkMultiple("sign2.jar");
+                        .shouldNotContain("Algorithm constraints check failed on keysize")
+                        .shouldHaveExitValue(0);
+                checkMultipleWeak("sign2.jar");
+
 
                 // 8191438: jarsigner should print when a timestamp will expire
                 checkExpiration();
@@ -687,7 +754,7 @@
                 .shouldContain("re-run jarsigner with debug enabled");
     }
 
-    static void checkWeak(String file) throws Exception {
+    static void checkDisabled(String file) throws Exception {
         verify(file)
                 .shouldHaveExitValue(16)
                 .shouldContain("treated as unsigned")
@@ -697,11 +764,11 @@
                 .shouldHaveExitValue(16)
                 .shouldContain("treated as unsigned")
                 .shouldMatch("weak algorithm that is now disabled by")
-                .shouldMatch("Digest algorithm: .*weak")
-                .shouldMatch("Signature algorithm: .*weak")
-                .shouldMatch("Timestamp digest algorithm: .*weak")
-                .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
-                .shouldMatch("Timestamp signature algorithm: .*key.*weak");
+                .shouldMatch("Digest algorithm: .*(disabled)")
+                .shouldMatch("Signature algorithm: .*(disabled)")
+                .shouldMatch("Timestamp digest algorithm: .*(disabled)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)")
+                .shouldMatch("Timestamp signature algorithm: .*key.*(disabled)");
         verify(file, "-J-Djava.security.debug=jar")
                 .shouldHaveExitValue(16)
                 .shouldMatch("SignatureException:.*disabled");
@@ -709,19 +776,19 @@
 
     static void checkHalfWeak(String file) throws Exception {
         verify(file)
-                .shouldHaveExitValue(16)
-                .shouldContain("treated as unsigned")
-                .shouldMatch("weak algorithm that is now disabled.")
-                .shouldMatch("Re-run jarsigner with the -verbose option for more details");
+                .shouldHaveExitValue(0)
+                .shouldNotContain("treated as unsigned");
         verify(file, "-verbose")
-                .shouldHaveExitValue(16)
-                .shouldContain("treated as unsigned")
-                .shouldMatch("weak algorithm that is now disabled by")
-                .shouldMatch("Digest algorithm: .*weak")
-                .shouldNotMatch("Signature algorithm: .*weak")
-                .shouldNotMatch("Timestamp digest algorithm: .*weak")
-                .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
-                .shouldNotMatch("Timestamp signature algorithm: .*key.*weak");
+                .shouldHaveExitValue(0)
+                .shouldNotContain("treated as unsigned")
+                .shouldMatch("Digest algorithm: .*(weak)")
+                .shouldNotMatch("Signature algorithm: .*(weak)")
+                .shouldNotMatch("Signature algorithm: .*(disabled)")
+                .shouldNotMatch("Timestamp digest algorithm: .*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(disabled).*(disabled)")
+                .shouldNotMatch("Timestamp signature algorithm: .*key.*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*key.*(disabled)");
      }
 
     static void checkMultiple(String file) throws Exception {
@@ -732,11 +799,73 @@
                 .shouldHaveExitValue(0)
                 .shouldContain("jar verified")
                 .shouldMatch("X.509.*CN=dsakey")
-                .shouldNotMatch("X.509.*CN=weakkeysize")
+                .shouldNotMatch("X.509.*CN=disabledkeysize")
+                .shouldMatch("Signed by .*CN=dsakey")
+                .shouldMatch("Signed by .*CN=disabledkeysize")
+                .shouldMatch("Signature algorithm: .*key.*(disabled)");
+    }
+
+    static void checkWeak(String file) throws Exception {
+        verify(file)
+                .shouldHaveExitValue(0)
+                .shouldNotContain("treated as unsigned");
+        verify(file, "-verbose")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("treated as unsigned")
+                .shouldMatch("Digest algorithm: .*(weak)")
+                .shouldMatch("Signature algorithm: .*(weak)")
+                .shouldMatch("Timestamp digest algorithm: .*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)")
+                .shouldMatch("Timestamp signature algorithm: .*key.*(weak)");
+        verify(file, "-J-Djava.security.debug=jar")
+                .shouldHaveExitValue(0)
+                .shouldNotMatch("SignatureException:.*disabled");
+
+        // keytool should print out warnings when reading or
+        // generating cert/cert req using legacy algorithms.
+        String sout = SecurityTools.keytool("-printcert -jarfile " + file)
+                .stderrShouldContain("The TSA certificate uses a 1024-bit RSA key" +
+                        " which is considered a security risk." +
+                        " This key size will be disabled in a future update.")
+                .getStdout();
+        if (sout.indexOf("weak", sout.indexOf("Timestamp:")) < 0) {
+            throw new RuntimeException("timestamp not weak: " + sout);
+        }
+    }
+
+    static void checkHalfDisabled(String file) throws Exception {
+        verify(file)
+                .shouldHaveExitValue(16)
+                .shouldContain("treated as unsigned")
+                .shouldMatch("weak algorithm that is now disabled.")
+                .shouldMatch("Re-run jarsigner with the -verbose option for more details");
+        verify(file, "-verbose")
+                .shouldHaveExitValue(16)
+                .shouldContain("treated as unsigned")
+                .shouldMatch("weak algorithm that is now disabled by")
+                .shouldMatch("Digest algorithm: .*(disabled)")
+                .shouldNotMatch("Signature algorithm: .*(weak)")
+                .shouldNotMatch("Signature algorithm: .*(disabled)")
+                .shouldNotMatch("Timestamp digest algorithm: .*(disabled)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(weak).*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*(disabled).*(disabled)")
+                .shouldNotMatch("Timestamp signature algorithm: .*key.*(weak)")
+                .shouldNotMatch("Timestamp signature algorithm: .*key.*(disabled)");
+    }
+
+    static void checkMultipleWeak(String file) throws Exception {
+        verify(file)
+                .shouldHaveExitValue(0)
+                .shouldContain("jar verified");
+        verify(file, "-verbose", "-certs")
+                .shouldHaveExitValue(0)
+                .shouldContain("jar verified")
+                .shouldMatch("X.509.*CN=dsakey")
+                .shouldMatch("X.509.*CN=weakkeysize")
                 .shouldMatch("Signed by .*CN=dsakey")
                 .shouldMatch("Signed by .*CN=weakkeysize")
-                .shouldMatch("Signature algorithm: .*key.*weak");
-     }
+                .shouldMatch("Signature algorithm: .*key.*(weak)");
+    }
 
     static void checkTimestamp(String file, String policyId, String digestAlg)
             throws Exception {
@@ -812,11 +941,13 @@
         keytool("-alias signer -genkeypair -ext bc -dname CN=signer");
         keytool("-alias oldsigner -genkeypair -dname CN=oldsigner");
         keytool("-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey");
-        keytool("-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize");
+        keytool("-alias weakkeysize -genkeypair -keysize 1024 -dname CN=weakkeysize");
+        keytool("-alias disabledkeysize -genkeypair -keysize 512 -dname CN=disabledkeysize");
         keytool("-alias badku -genkeypair -dname CN=badku");
         keytool("-alias ts -genkeypair -dname CN=ts");
         keytool("-alias tsold -genkeypair -dname CN=tsold");
-        keytool("-alias tsweak -genkeypair -keysize 512 -dname CN=tsweak");
+        keytool("-alias tsweak -genkeypair -keysize 1024 -dname CN=tsweak");
+        keytool("-alias tsdisabled -genkeypair -keysize 512 -dname CN=tsdisabled");
         keytool("-alias tsbad1 -genkeypair -dname CN=tsbad1");
         keytool("-alias tsbad2 -genkeypair -dname CN=tsbad2");
         keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
@@ -840,6 +971,7 @@
         gencert("oldsigner", "-startdate -30d -validity 20");
         gencert("dsakey");
         gencert("weakkeysize");
+        gencert("disabledkeysize");
         gencert("badku", "-ext ku:critical=keyAgreement");
         gencert("ts", "-ext eku:critical=ts -validity 500");
 
@@ -872,6 +1004,7 @@
         gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500");
 
         gencert("tsweak", "-ext eku:critical=ts");
+        gencert("tsdisabled", "-ext eku:critical=ts");
         gencert("tsbad1");
         gencert("tsbad2", "-ext eku=ts");
         gencert("tsbad3", "-ext eku:critical=cs");
--- a/test/sun/security/tools/jarsigner/TsacertOptionTest.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/TsacertOptionTest.java	Mon Apr 19 04:23:30 2021 +0100
@@ -146,7 +146,7 @@
 
             // sign jar file
             // specify -tsadigestalg option because
-            // TSA server uses SHA-1 digest algorithm
+            // TSA server uses SHA-512 digest algorithm
              OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
                     "-J-Dhttp.proxyHost=",
                     "-J-Dhttp.proxyPort=",
@@ -157,7 +157,7 @@
                     "-keypass", PASSWORD,
                     "-signedjar", SIGNED_JARFILE,
                     "-tsacert", TSA_KEY_ALIAS,
-                    "-tsadigestalg", "SHA-1",
+                    "-tsadigestalg", "SHA-512",
                     UNSIGNED_JARFILE,
                     SIGNING_KEY_ALIAS);
 
--- a/test/sun/security/tools/jarsigner/Warning.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/Warning.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -72,12 +72,12 @@
                 .shouldNotContain("is self-signed");
 
         run("jarsigner", "a.jar b -digestalg MD5")
-                .shouldContain("-digestalg option is considered a security risk.");
+                .shouldContain("-digestalg option is considered a security risk and is disabled.");
         run("jarsigner", "a.jar b -digestalg MD5 -strict")
                 .shouldHaveExitValue(4)
-                .shouldContain("-digestalg option is considered a security risk.");
+                .shouldContain("-digestalg option is considered a security risk and is disabled.");
         run("jarsigner", "a.jar b -sigalg MD5withRSA")
-                .shouldContain("-sigalg option is considered a security risk");
+                .shouldContain("-sigalg option is considered a security risk and is disabled.");
 
         issueCert("b", "-sigalg MD5withRSA");
         run("jarsigner", "a.jar b")
--- a/test/sun/security/tools/jarsigner/concise_jarsigner.sh	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/concise_jarsigner.sh	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,13 +44,13 @@
     ;;
 esac
 
-# Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In
+# Choose 2048-bit RSA to make sure it runs fine and fast on all platforms. In
 # fact, every keyalg/keysize combination is OK for this test.
 
 TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
 
 KS=js.ks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024"
+KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 2048"
 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -debug"
 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
--- a/test/sun/security/tools/jarsigner/ec.sh	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/ec.sh	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -69,7 +69,7 @@
 $KT -alias x -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias x || exit 141
 
 $JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 21
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA1withECDSA || exit 22
+$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA256withECDSA || exit 22
 $JARSIGNER -keystore $KS -storepass changeit $JFILE c -debug -strict -sigalg SHA512withECDSA || exit 23
 
 $JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict || exit 31
--- a/test/sun/security/tools/jarsigner/nameclash.sh	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/jarsigner/nameclash.sh	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -57,8 +57,8 @@
 echo A > A
 $JAR cvf $JFILE A
 
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA1 || exit 1
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-1 || exit 2
+$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA-256 || exit 1
+$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-256 || exit 2
 
 $JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
 
--- a/test/sun/security/tools/keytool/WeakAlg.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/sun/security/tools/keytool/WeakAlg.java	Mon Apr 19 04:23:30 2021 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8171319 8177569 8182879
+ * @bug 8171319 8177569 8182879 8172404
  * @summary keytool should print out warnings when reading or generating
   *         cert/cert req using weak algorithms
  * @library /lib/testlibrary
@@ -65,62 +65,63 @@
 
         rm("ks");
 
+        // Tests for "disabled" algorithms
         // -genkeypair, and -printcert, -list -alias, -exportcert
         // (w/ different formats)
-        checkGenKeyPair("a", "-keyalg RSA -sigalg MD5withRSA", "MD5withRSA");
-        checkGenKeyPair("b", "-keyalg RSA -keysize 512", "512-bit RSA key");
-        checkGenKeyPair("c", "-keyalg RSA", null);
+        checkDisabledGenKeyPair("a", "-keyalg RSA -sigalg MD5withRSA", "MD5withRSA");
+        checkDisabledGenKeyPair("b", "-keyalg RSA -keysize 512", "512-bit RSA key");
+        checkDisabledGenKeyPair("c", "-keyalg RSA", null);
 
         kt("-list")
                 .shouldContain("Warning:")
-                .shouldMatch("<a>.*MD5withRSA.*risk")
-                .shouldMatch("<b>.*512-bit RSA key.*risk");
+                .shouldMatch("<a>.*MD5withRSA.*is disabled")
+                .shouldMatch("<b>.*512-bit RSA key.*is disabled");
         kt("-list -v")
                 .shouldContain("Warning:")
-                .shouldMatch("<a>.*MD5withRSA.*risk")
-                .shouldContain("MD5withRSA (weak)")
-                .shouldMatch("<b>.*512-bit RSA key.*risk")
-                .shouldContain("512-bit RSA key (weak)");
+                .shouldMatch("<a>.*MD5withRSA.*is disabled")
+                .shouldContain("MD5withRSA (disabled)")
+                .shouldMatch("<b>.*512-bit RSA key.*is disabled")
+                .shouldContain("512-bit RSA key (disabled)");
 
         // Multiple warnings for multiple cert in -printcert
         // or -list or -exportcert
 
         // -certreq, -printcertreq, -gencert
-        checkCertReq("a", "", null);
+        checkDisabledCertReq("a", "", null);
         gencert("c-a", "")
                 .shouldNotContain("Warning"); // new sigalg is not weak
         gencert("c-a", "-sigalg MD2withRSA")
                 .shouldContain("Warning:")
-                .shouldMatch("The generated certificate.*MD2withRSA.*risk");
+                .shouldMatch("The generated certificate.*MD2withRSA.*is disabled");
 
-        checkCertReq("a", "-sigalg MD5withRSA", "MD5withRSA");
+        checkDisabledCertReq("a", "-sigalg MD5withRSA", "MD5withRSA");
         gencert("c-a", "")
                 .shouldContain("Warning:")
-                .shouldMatch("The certificate request.*MD5withRSA.*risk");
+                .shouldMatch("The certificate request.*MD5withRSA.*is disabled");
         gencert("c-a", "-sigalg MD2withRSA")
                 .shouldContain("Warning:")
-                .shouldMatch("The certificate request.*MD5withRSA.*risk")
-                .shouldMatch("The generated certificate.*MD2withRSA.*risk");
+                .shouldMatch("The certificate request.*MD5withRSA.*is disabled")
+                .shouldMatch("The generated certificate.*MD2withRSA.*is disabled");
 
-        checkCertReq("b", "", "512-bit RSA key");
+        checkDisabledCertReq("b", "", "512-bit RSA key");
         gencert("c-b", "")
                 .shouldContain("Warning:")
-                .shouldMatch("The certificate request.*512-bit RSA key.*risk")
-                .shouldMatch("The generated certificate.*512-bit RSA key.*risk");
+                .shouldMatch("The certificate request.*512-bit RSA key.*is disabled")
+                .shouldMatch("The generated certificate.*512-bit RSA key.*is disabled");
 
-        checkCertReq("c", "", null);
+        checkDisabledCertReq("c", "", null);
         gencert("a-c", "")
                 .shouldContain("Warning:")
-                .shouldMatch("The issuer.*MD5withRSA.*risk");
+                .shouldMatch("The issuer.*MD5withRSA.*is disabled");
 
         // but the new cert is not weak
         kt("-printcert -file a-c.cert")
                 .shouldNotContain("Warning")
-                .shouldNotContain("weak");
+                .shouldNotContain("(disabled)");
 
         gencert("b-c", "")
                 .shouldContain("Warning:")
-                .shouldMatch("The issuer.*512-bit RSA key.*risk");
+                .shouldMatch("The issuer.*512-bit RSA key.*is disabled");
 
         // -importcert
         checkImport();
@@ -130,10 +131,10 @@
 
         // -gencrl, -printcrl
 
-        checkGenCRL("a", "", null);
-        checkGenCRL("a", "-sigalg MD5withRSA", "MD5withRSA");
-        checkGenCRL("b", "", "512-bit RSA key");
-        checkGenCRL("c", "", null);
+        checkDisabledGenCRL("a", "", null);
+        checkDisabledGenCRL("a", "-sigalg MD5withRSA", "MD5withRSA");
+        checkDisabledGenCRL("b", "", "512-bit RSA key");
+        checkDisabledGenCRL("c", "", null);
 
         kt("-delete -alias b");
         kt("-printcrl -file b.crl")
@@ -142,6 +143,78 @@
         jksTypeCheck();
 
         checkInplaceImportKeyStore();
+
+        rm("ks");
+
+        // Tests for "legacy" algorithms
+        // -genkeypair, and -printcert, -list -alias, -exportcert
+        // (w/ different formats)
+        checkWeakGenKeyPair("x", "-keyalg RSA -sigalg SHA1withRSA", "SHA1withRSA");
+        checkWeakGenKeyPair("y", "-keyalg RSA -keysize 1024", "1024-bit RSA key");
+        checkWeakGenKeyPair("z", "-keyalg RSA", null);
+
+        kt("-list")
+                .shouldContain("Warning:")
+                .shouldMatch("<x>.*SHA1withRSA.*will be disabled")
+                .shouldMatch("<y>.*1024-bit RSA key.*will be disabled");
+        kt("-list -v")
+                .shouldContain("Warning:")
+                .shouldMatch("<x>.*SHA1withRSA.*will be disabled")
+                .shouldContain("SHA1withRSA (weak)")
+                .shouldMatch("<y>.*1024-bit RSA key.*will be disabled")
+                .shouldContain("1024-bit RSA key (weak)");
+
+        // Multiple warnings for multiple cert in -printcert
+        // or -list or -exportcert
+
+        // -certreq, -printcertreq, -gencert
+        checkWeakCertReq("x", "", null);
+        gencert("z-x", "")
+                .shouldNotContain("Warning"); // new sigalg is not weak
+        gencert("z-x", "-sigalg SHA1withRSA")
+                .shouldContain("Warning:")
+                .shouldMatch("The generated certificate.*SHA1withRSA.*will be disabled");
+
+        checkWeakCertReq("x", "-sigalg SHA1withRSA", "SHA1withRSA");
+        gencert("z-x", "")
+                .shouldContain("Warning:")
+                .shouldMatch("The certificate request.*SHA1withRSA.*will be disabled");
+        gencert("z-x", "-sigalg SHA1withRSA")
+                .shouldContain("Warning:")
+                .shouldMatch("The certificate request.*SHA1withRSA.*will be disabled")
+                .shouldMatch("The generated certificate.*SHA1withRSA.*will be disabled");
+
+        checkWeakCertReq("y", "", "1024-bit RSA key");
+        gencert("z-y", "")
+                .shouldContain("Warning:")
+                .shouldMatch("The certificate request.*1024-bit RSA key.*will be disabled")
+                .shouldMatch("The generated certificate.*1024-bit RSA key.*will be disabled");
+
+        checkWeakCertReq("z", "", null);
+        gencert("x-z", "")
+                .shouldContain("Warning:")
+                .shouldMatch("The issuer.*SHA1withRSA.*will be disabled");
+
+        // but the new cert is not weak
+        kt("-printcert -file x-z.cert")
+                .shouldNotContain("Warning")
+                .shouldNotContain("weak");
+
+        gencert("y-z", "")
+                .shouldContain("Warning:")
+                .shouldMatch("The issuer.*1024-bit RSA key.*will be disabled");
+
+        // -gencrl, -printcrl
+        checkWeakGenCRL("x", "", null);
+        checkWeakGenCRL("x", "-sigalg SHA1withRSA", "SHA1withRSA");
+        checkWeakGenCRL("y", "", "1024-bit RSA key");
+        checkWeakGenCRL("z", "", null);
+
+        kt("-delete -alias y");
+        kt("-printcrl -file y.crl")
+                .shouldContain("WARNING: not verified");
+
+        jksTypeCheck();
     }
 
     static void jksTypeCheck() throws Exception {
@@ -217,12 +290,12 @@
         importkeystore("ks", "ks2", "")
                 .shouldContain("3 entries successfully imported")
                 .shouldContain("Warning")
-                .shouldMatch("<b>.*512-bit RSA key.*risk")
-                .shouldMatch("<a>.*MD5withRSA.*risk");
+                .shouldMatch("<b>.*512-bit RSA key.*is disabled")
+                .shouldMatch("<a>.*MD5withRSA.*is disabled");
 
         importkeystore("ks", "ks3", "-srcalias a")
                 .shouldContain("Warning")
-                .shouldMatch("<a>.*MD5withRSA.*risk");
+                .shouldMatch("<a>.*MD5withRSA.*is disabled");
     }
 
     static void checkInplaceImportKeyStore() throws Exception {
@@ -305,11 +378,11 @@
         kt("-importcert -alias d -file a.cert", "no")
                 .shouldContain("Certificate already exists in keystore")
                 .shouldContain("Warning")
-                .shouldMatch("The input.*MD5withRSA.*risk")
+                .shouldMatch("The input.*MD5withRSA.*is disabled")
                 .shouldContain("Do you still want to add it?");
         kt("-importcert -alias d -file a.cert -noprompt")
                 .shouldContain("Warning")
-                .shouldMatch("The input.*MD5withRSA.*risk")
+                .shouldMatch("The input.*MD5withRSA.*is disabled")
                 .shouldNotContain("[no]");
 
         // cert is self-signed
@@ -317,12 +390,12 @@
         kt("-delete -alias d");
         kt("-importcert -alias d -file a.cert", "no")
                 .shouldContain("Warning")
-                .shouldContain("MD5withRSA (weak)")
-                .shouldMatch("The input.*MD5withRSA.*risk")
+                .shouldContain("MD5withRSA (disabled)")
+                .shouldMatch("The input.*MD5withRSA.*is disabled")
                 .shouldContain("Trust this certificate?");
         kt("-importcert -alias d -file a.cert -noprompt")
                 .shouldContain("Warning")
-                .shouldMatch("The input.*MD5withRSA.*risk")
+                .shouldMatch("The input.*MD5withRSA.*is disabled")
                 .shouldNotContain("[no]");
 
         // JDK-8177569: no warning for sigalg of trusted cert
@@ -358,13 +431,13 @@
 
             // -printcert will always show warnings
             kt("-printcert -file ca.cert")
-                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
+                    .shouldContain("name: " + weakSigAlgCA + " (disabled)")
                     .shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*is disabled");
             kt("-printcert -file ca.cert -trustcacerts") // -trustcacerts useless
-                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
+                    .shouldContain("name: " + weakSigAlgCA + " (disabled)")
                     .shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+                    .shouldMatch("The certificate.*" + weakSigAlgCA + ".*is disabled");
 
             // Importing with -trustcacerts ignore CA cert's sig alg
             kt("-delete -alias d");
@@ -379,13 +452,13 @@
             // but not without -trustcacerts
             kt("-delete -alias d");
             kt("-importcert -alias d -file ca.cert", "no")
-                    .shouldContain("name: " + weakSigAlgCA + " (weak)")
+                    .shouldContain("name: " + weakSigAlgCA + " (disabled)")
                     .shouldContain("Warning")
-                    .shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
+                    .shouldMatch("The input.*" + weakSigAlgCA + ".*is disabled")
                     .shouldContain("Trust this certificate?");
             kt("-importcert -alias d -file ca.cert -noprompt")
                     .shouldContain("Warning")
-                    .shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
+                    .shouldMatch("The input.*" + weakSigAlgCA + ".*is disabled")
                     .shouldNotContain("[no]");
         }
 
@@ -395,8 +468,8 @@
         gencert("c-b", "");
         kt("-importcert -alias d -file c-b.cert")   // weak only, no prompt
                 .shouldContain("Warning")
-                .shouldNotContain("512-bit RSA key (weak)")
-                .shouldMatch("The input.*512-bit RSA key.*risk")
+                .shouldNotContain("512-bit RSA key (disabled)")
+                .shouldMatch("The input.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         kt("-delete -alias b");
@@ -405,12 +478,12 @@
 
         kt("-importcert -alias d -file c-b.cert", "no") // weak and not trusted
                 .shouldContain("Warning")
-                .shouldContain("512-bit RSA key (weak)")
-                .shouldMatch("The input.*512-bit RSA key.*risk")
+                .shouldContain("512-bit RSA key (disabled)")
+                .shouldMatch("The input.*512-bit RSA key.*is disabled")
                 .shouldContain("Trust this certificate?");
         kt("-importcert -alias d -file c-b.cert -noprompt")
                 .shouldContain("Warning")
-                .shouldMatch("The input.*512-bit RSA key.*risk")
+                .shouldMatch("The input.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         // a non self-signed strong cert
@@ -439,7 +512,7 @@
         gencert("a-c", "");
         kt("-importcert -alias c -file a-c.cert")
                 .shouldContain("Warning")
-                .shouldMatch("Issuer <a>.*MD5withRSA.*risk");
+                .shouldMatch("Issuer <a>.*MD5withRSA.*is disabled");
 
         // JDK-8177569: no warning for sigalg of trusted cert
         reStore();
@@ -448,7 +521,7 @@
         kt("-delete -alias a");
         kt("-importcert -alias a -file a.cert -noprompt");
         kt("-list -alias a -v")
-                .shouldNotContain("weak")
+                .shouldNotContain("disabled")
                 .shouldNotContain("Warning");
         // This time a is trusted and no warning on its weak sig alg
         kt("-importcert -alias c -file a-c.cert")
@@ -463,16 +536,16 @@
         cat("a-a-b-c.cert", "b-c.cert", "a-b.cert", "a.cert");
         kt("-importcert -alias c -file a-a-b-c.cert")   // only weak
                 .shouldContain("Warning")
-                .shouldMatch("Reply #2 of 3.*512-bit RSA key.*risk")
-                .shouldMatch("Reply #3 of 3.*MD5withRSA.*risk")
+                .shouldMatch("Reply #2 of 3.*512-bit RSA key.*is disabled")
+                .shouldMatch("Reply #3 of 3.*MD5withRSA.*is disabled")
                 .shouldNotContain("[no]");
 
         // Without root
         cat("a-b-c.cert", "b-c.cert", "a-b.cert");
         kt("-importcert -alias c -file a-b-c.cert")     // only weak
                 .shouldContain("Warning")
-                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk")
-                .shouldMatch("Issuer <a>.*MD5withRSA.*risk")
+                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled")
+                .shouldMatch("Issuer <a>.*MD5withRSA.*is disabled")
                 .shouldNotContain("[no]");
 
         reStore();
@@ -480,7 +553,7 @@
 
         kt("-importcert -alias a -file b-a.cert")
                 .shouldContain("Warning")
-                .shouldMatch("Issuer <b>.*512-bit RSA key.*risk")
+                .shouldMatch("Issuer <b>.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         kt("-importcert -alias a -file c-a.cert")
@@ -488,7 +561,7 @@
 
         kt("-importcert -alias b -file c-b.cert")
                 .shouldContain("Warning")
-                .shouldMatch("The input.*512-bit RSA key.*risk")
+                .shouldMatch("The input.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         reStore();
@@ -498,25 +571,25 @@
 
         kt("-printcert -file c-b-a.cert")
                 .shouldContain("Warning")
-                .shouldMatch("The certificate #2 of 2.*512-bit RSA key.*risk");
+                .shouldMatch("The certificate #2 of 2.*512-bit RSA key.*is disabled");
 
         kt("-delete -alias b");
 
         kt("-importcert -alias a -file c-b-a.cert")
                 .shouldContain("Warning")
-                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk")
+                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         kt("-delete -alias c");
         kt("-importcert -alias a -file c-b-a.cert", "no")
                 .shouldContain("Top-level certificate in reply:")
-                .shouldContain("512-bit RSA key (weak)")
+                .shouldContain("512-bit RSA key (disabled)")
                 .shouldContain("Warning")
-                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk")
+                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled")
                 .shouldContain("Install reply anyway?");
         kt("-importcert -alias a -file c-b-a.cert -noprompt")
                 .shouldContain("Warning")
-                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*risk")
+                .shouldMatch("Reply #2 of 2.*512-bit RSA key.*is disabled")
                 .shouldNotContain("[no]");
 
         reStore();
@@ -535,7 +608,7 @@
         System.out.println("> " + dest);
     }
 
-    static void checkGenCRL(String alias, String options, String bad) {
+    static void checkDisabledGenCRL(String alias, String options, String bad) {
 
         OutputAnalyzer oa = kt("-gencrl -alias " + alias
                 + " -id 1 -file " + alias + ".crl " + options);
@@ -543,23 +616,23 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The generated CRL.*" + bad + ".*risk");
+                    .shouldMatch("The generated CRL.*" + bad + ".*is disabled");
         }
 
         oa = kt("-printcrl -file " + alias + ".crl");
         if (bad == null) {
             oa.shouldNotContain("Warning")
                     .shouldContain("Verified by " + alias + " in keystore")
-                    .shouldNotContain("(weak");
+                    .shouldNotContain("(disabled");
         } else {
             oa.shouldContain("Warning:")
-                    .shouldMatch("The CRL.*" + bad + ".*risk")
+                    .shouldMatch("The CRL.*" + bad + ".*is disabled")
                     .shouldContain("Verified by " + alias + " in keystore")
-                    .shouldContain(bad + " (weak)");
+                    .shouldContain(bad + " (disabled)");
         }
     }
 
-    static void checkCertReq(
+    static void checkDisabledCertReq(
             String alias, String options, String bad) {
 
         OutputAnalyzer oa = certreq(alias, options);
@@ -567,21 +640,21 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The generated certificate request.*" + bad + ".*risk");
+                    .shouldMatch("The generated certificate request.*" + bad + ".*is disabled");
         }
 
         oa = kt("-printcertreq -file " + alias + ".req");
         if (bad == null) {
             oa.shouldNotContain("Warning")
-                    .shouldNotContain("(weak)");
+                    .shouldNotContain("(disabled)");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate request.*" + bad + ".*risk")
-                    .shouldContain(bad + " (weak)");
+                    .shouldMatch("The certificate request.*" + bad + ".*is disabled")
+                    .shouldContain(bad + " (disabled)");
         }
     }
 
-    static void checkGenKeyPair(
+    static void checkDisabledGenKeyPair(
             String alias, String options, String bad) {
 
         OutputAnalyzer oa = genkeypair(alias, options);
@@ -589,7 +662,7 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The generated certificate.*" + bad + ".*risk");
+                    .shouldMatch("The generated certificate.*" + bad + ".*is disabled");
         }
 
         oa = kt("-exportcert -alias " + alias + " -file " + alias + ".cert");
@@ -597,7 +670,7 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
         }
 
         oa = kt("-exportcert -rfc -alias " + alias + " -file " + alias + ".cert");
@@ -605,7 +678,7 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
         }
 
         oa = kt("-printcert -rfc -file " + alias + ".cert");
@@ -613,7 +686,7 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
         }
 
         oa = kt("-list -alias " + alias);
@@ -621,7 +694,71 @@
             oa.shouldNotContain("Warning");
         } else {
             oa.shouldContain("Warning")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
+        }
+
+        // With cert content
+
+        oa = kt("-printcert -file " + alias + ".cert");
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldContain(bad + " (disabled)")
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
+        }
+
+        oa = kt("-list -v -alias " + alias);
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldContain(bad + " (disabled)")
+                    .shouldMatch("The certificate.*" + bad + ".*is disabled");
+        }
+    }
+
+    static void checkWeakGenKeyPair(
+            String alias, String options, String bad) {
+
+        OutputAnalyzer oa = genkeypair(alias, options);
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The generated certificate.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-exportcert -alias " + alias + " -file " + alias + ".cert");
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-exportcert -rfc -alias " + alias + " -file " + alias + ".cert");
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-printcert -rfc -file " + alias + ".cert");
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-list -alias " + alias);
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
         }
 
         // With cert content
@@ -632,7 +769,7 @@
         } else {
             oa.shouldContain("Warning")
                     .shouldContain(bad + " (weak)")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
         }
 
         oa = kt("-list -v -alias " + alias);
@@ -641,7 +778,54 @@
         } else {
             oa.shouldContain("Warning")
                     .shouldContain(bad + " (weak)")
-                    .shouldMatch("The certificate.*" + bad + ".*risk");
+                    .shouldMatch("The certificate.*" + bad + ".*will be disabled");
+        }
+    }
+
+
+    static void checkWeakGenCRL(String alias, String options, String bad) {
+
+        OutputAnalyzer oa = kt("-gencrl -alias " + alias
+                + " -id 1 -file " + alias + ".crl " + options);
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The generated CRL.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-printcrl -file " + alias + ".crl");
+        if (bad == null) {
+            oa.shouldNotContain("Warning")
+                    .shouldContain("Verified by " + alias + " in keystore")
+                    .shouldNotContain("(weak");
+        } else {
+            oa.shouldContain("Warning:")
+                    .shouldMatch("The CRL.*" + bad + ".*will be disabled")
+                    .shouldContain("Verified by " + alias + " in keystore")
+                    .shouldContain(bad + " (weak)");
+        }
+    }
+
+    static void checkWeakCertReq(
+            String alias, String options, String bad) {
+
+        OutputAnalyzer oa = certreq(alias, options);
+        if (bad == null) {
+            oa.shouldNotContain("Warning");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The generated certificate request.*" + bad + ".*will be disabled");
+        }
+
+        oa = kt("-printcertreq -file " + alias + ".req");
+        if (bad == null) {
+            oa.shouldNotContain("Warning")
+                    .shouldNotContain("(weak)");
+        } else {
+            oa.shouldContain("Warning")
+                    .shouldMatch("The certificate request.*" + bad + ".*will be disabled")
+                    .shouldContain(bad + " (weak)");
         }
     }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/util/HostnameMatcher/NullHostnameCheck.java	Mon Apr 19 04:23:30 2021 +0100
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.io.ByteArrayInputStream;
+import java.nio.ByteBuffer;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+
+/*
+ * @test
+ * @bug 8211339 8234728
+ * @summary Verify hostname returns an exception instead of null pointer when
+ * creating a new engine
+ * @library /lib/security
+ * @run main/othervm NullHostnameCheck TLSv1
+ * @run main/othervm NullHostnameCheck TLSv1.1
+ * @run main/othervm NullHostnameCheck TLSv1.2
+ * @run main/othervm NullHostnameCheck TLSv1.3
+ */
+
+
+public final class NullHostnameCheck {
+
+    public static void main(String[] args) throws Exception {
+        String protocol = args[0];
+
+        // Re-enable TLSv1 or TLSv1.1 when test depends on it.
+        if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
+            SecurityUtils.removeFromDisabledTlsAlgs(protocol);
+        }
+
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(
+                new ByteArrayInputStream(Base64.getDecoder().
+                        decode(keystoreB64)),
+                "123456".toCharArray());
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(
+                KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(keyStore, "123456".toCharArray());
+        SSLContext serverCtx = SSLContext.getInstance(protocol);
+        serverCtx.init(kmf.getKeyManagers(), null, null);
+        SSLEngine serverEngine = serverCtx.createSSLEngine("localhost", -1);
+        serverEngine.setUseClientMode(false);
+
+        SSLContext clientCtx = SSLContext.getInstance(protocol);
+        clientCtx.init(null, new TrustManager[] {
+                new X509TrustManager() {
+                    @Override
+                    public void checkClientTrusted(
+                            X509Certificate[] x509Certificates, String s) {
+                    }
+
+                    @Override
+                    public void checkServerTrusted(
+                            X509Certificate[] x509Certificates, String s) {
+                    }
+
+                    @Override
+                    public X509Certificate[] getAcceptedIssuers() {
+                        return new X509Certificate[0];
+                    }
+                }
+        }, null);
+
+        SSLEngine clientEngine = clientCtx.createSSLEngine();
+        clientEngine.setUseClientMode(true);
+
+        SSLParameters sslParameters = clientEngine.getSSLParameters();
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        clientEngine.setSSLParameters(sslParameters);
+        try {
+            handshake(clientEngine, serverEngine);
+            throw new Exception("Value was not null.  Unexpected.");
+        } catch (SSLHandshakeException e) {
+            if (e.getCause() instanceof CertificateException) {
+                System.out.println("Correct Exception class thrown:\n\t" +
+                        e.getMessage());
+                return;
+            }
+            throw e;
+        }
+    }
+
+    private static void handshake(SSLEngine clientEngine,
+            SSLEngine serverEngine) throws SSLException{
+        ByteBuffer cTOs = ByteBuffer.allocate(
+                clientEngine.getSession().getPacketBufferSize());
+        ByteBuffer sTOc = ByteBuffer.allocate(
+                serverEngine.getSession().getPacketBufferSize());
+
+        ByteBuffer serverAppReadBuffer = ByteBuffer.allocate(
+                serverEngine.getSession().getApplicationBufferSize());
+        ByteBuffer clientAppReadBuffer = ByteBuffer.allocate(
+                clientEngine.getSession().getApplicationBufferSize());
+
+        clientEngine.beginHandshake();
+        serverEngine.beginHandshake();
+
+        ByteBuffer empty = ByteBuffer.allocate(0);
+
+        SSLEngineResult clientResult;
+        SSLEngineResult serverResult;
+
+        boolean clientHandshakeFinished = false;
+        boolean serverHandshakeFinished = false;
+
+        do {
+            if (!clientHandshakeFinished) {
+                clientResult = clientEngine.wrap(empty, cTOs);
+                runDelegatedTasks(clientResult, clientEngine);
+
+                if (isHandshakeFinished(clientResult)) {
+                    clientHandshakeFinished = true;
+                }
+            }
+
+            if (!serverHandshakeFinished) {
+                serverResult = serverEngine.wrap(empty, sTOc);
+                runDelegatedTasks(serverResult, serverEngine);
+
+                if (isHandshakeFinished(serverResult)) {
+                    serverHandshakeFinished = true;
+                }
+            }
+
+            cTOs.flip();
+            sTOc.flip();
+
+            if (!clientHandshakeFinished) {
+                clientResult = clientEngine.unwrap(sTOc, clientAppReadBuffer);
+
+                runDelegatedTasks(clientResult, clientEngine);
+
+                if (isHandshakeFinished(clientResult)) {
+                    clientHandshakeFinished = true;
+                }
+            }
+
+            if (!serverHandshakeFinished) {
+                serverResult = serverEngine.unwrap(cTOs, serverAppReadBuffer);
+                runDelegatedTasks(serverResult, serverEngine);
+
+                if (isHandshakeFinished(serverResult)) {
+                    serverHandshakeFinished = true;
+                }
+            }
+
+            sTOc.compact();
+            cTOs.compact();
+        } while (!clientHandshakeFinished || !serverHandshakeFinished);
+    }
+
+    private static boolean isHandshakeFinished(SSLEngineResult result) {
+        return result.getHandshakeStatus() ==
+                SSLEngineResult.HandshakeStatus.FINISHED;
+    }
+
+    private static void runDelegatedTasks(SSLEngineResult result,
+            SSLEngine engine) {
+        if (result.getHandshakeStatus() ==
+                SSLEngineResult.HandshakeStatus.NEED_TASK) {
+            for (;;) {
+                Runnable task = engine.getDelegatedTask();
+                if (task == null) {
+                    break;
+                }
+                task.run();
+            }
+        }
+    }
+
+    // Base64 of PKCS12 Keystore
+    /*
+     * Certificate
+     * "signature algorithm": "SHA384withRSA",
+     * "issuer"             : "CN=test, OU=test, O=test, L=test, ST=test, C=test",
+     * "not before"         : "2019-12-05 12:43:23.000 IST",
+     * "not  after"         : "2049-11-27 12:43:23.000 IST",
+     * "subject"            : "CN=test, OU=test, O=test, L=test, ST=test, C=test",
+     * "subject public key" : "RSA",
+     */
+    static final String keystoreB64 =
+        "MIIQZwIBAzCCECAGCSqGSIb3DQEHAaCCEBEEghANMIIQCTCCCeUGCSqGSIb3DQEHA"
+        + "aCCCdYEggnSMIIJzjCCCcoGCyqGSIb3DQEMCgECoIIJezCCCXcwKQYKKoZIhvcNAQ"
+        + "wBAzAbBBSaZBiYmowTxFT4KJxZhMHTVOC9OQIDAMNQBIIJSBnoVGtJKPsoiSU095y"
+        + "50x27NJQd727oJwMXqA8kdxCcE1tBowtO8P44ctSEvwJQlB7dR9PxHB6LcfCdMfpa"
+        + "GObVCH1/6jHzhRolI9JMAfXlvliAHKZSjuQd2USw1Y65/+0VYvKslXGU4hWhGQWh2"
+        + "ksUCBIIcC2A3sA3afF/JPrlfLCEbzYpcfAsv+Z7wEEr6YD11HIHfbOgu2/HU6phL2"
+        + "RMJDK9iLgP9mu6FzRFk+93BSguWXfbeJyPlzA8dcTzkXDyfVDx4Wd+UExWq0fx179"
+        + "b74MWkwEk76TowEkcGkrnugwOKnqBmyvmBkbl1827+ChZprZ3zGw69IkuRsdDSYGb"
+        + "IWVAB/psB0zX3TvsKHcraZm34oNJdSNpYrS0OWA8lSm5NdcfTzi6WLxWwxz55PvZg"
+        + "OP3pVyXmtAalyBujs6AOsLkJIMLGvWAYeD+72ook8fqpW7s5e/HA7MshXrlMMflpD"
+        + "m708kK5VnfdgzQsAGr6YfOYOKnyhoqskmzDYccuSz59owKiuGMgHpum0zVE8yyVwb"
+        + "esXfP3v7eiPuGvsxzq5DE6jaY4F+GoxdLbL4jDWocnWiZewnuYxQwd1vKIKTww/TG"
+        + "8RObPUEB38+/LNpgb7+5Oap45rujygiPFWD9+mTzKkLGkM6ItRo4qOwtKAqbjPIVk"
+        + "MDCovcr2TCrZfE8ZbQnU/q2LR5eC6ZpOMFNRZggm92n0+FmDuEKjR7lu2mQF4IDan"
+        + "SiYgS1+nBhfG9pcNP3yCpwoBHIImtZX5GObKqgvMqQ746KXhv40xwnNqXGypBNKYN"
+        + "jRJQmG2/m++2A6DUo+xCTNbD7g0pQbNOjKsGVMXUBTyDiyGqSUHH2EDxe37wcPVih"
+        + "ezcv5L1X48y3tSVD9czhjCDJ54sd0B3+LoEXs5/0xYmMvQ74zUx6iwE87FZ/duMbs"
+        + "N3dDWvIgqgjaoGnfRLy4lRRxYhn2/r1lesQtzNlZ3YkHZKmpgQkLm+yChFqxi7qm+"
+        + "ec/y+GSTm+ascK1ju1NG3f/SUdl7KqZ/J7DnDfQwyg7jiY+QOcr7UNRSeddQozxu7"
+        + "j07y/wiGX4z3+JSGBlnlWtOyLo5YERbheVHh1LfCSM4KQDcjxUnIlmsCqILwDYbVm"
+        + "aNJ3crkU22I5IVFcoF30v7gvMj4VFXcBYPCSJrkqNIIgZs6YPYwht3akquIz2ovXV"
+        + "CqD3TH527dBRAgpeZNs3/L8xCaYiHNUKXv9CRaHVQMTKk9zi3CTJoKo5TCsWR8l9h"
+        + "cJpcQnmNs5Jv9Jnq/zoet230r3iHkiGNAoXTlekqSER7vBVLHwPY7rogXP6WyAi67"
+        + "AYK/B5iVQcplEHs3n+MeZJgj9C7S0Zslxmym0mWw7l+4YjvyX+RGJVUvk+3TkWO8E"
+        + "WHKOX1+hQH9RBbcNqH4FeRZrh3P8wZQDMFfcr3vD0tLAnuqdMy+qAPA+kKWpu5K0D"
+        + "0W/ifEizq4Zf8VyzYU6UZaAQbloJadSkruXIwvUpHBZ+M8MHQ2AmRNd0vwyTBlhOI"
+        + "CzWU5E5OXtW/f5jA/ugl7PSqjwe5IYTsZaYstKqqZJMIPTzB/IxPtzVyoN15fG9GR"
+        + "kk43U6HPS9SdeVTGVmNLn6SM8keLo1yUh5BZ0J0b+K/7C1GfJeNxcv0lGpkrh5wWc"
+        + "ABzJ86+3daky6+aR6ldY2CF7mr/dcc3MnjgDNnx86wYIysC3HOkhgyIXD28+O1aTY"
+        + "oAvlmidNC9wb2/JJk7cHQatL02LG4/ql5GQ+dS1wOU7S1MVVGYDlZ7uiFmKPqC1Tv"
+        + "qVxQnBqPnggKSLWucVKFcjsvXKasMvRl99f4Y7qRAjgM6EHa7rNyWIflRe6ZLNBlj"
+        + "16mW293a4FL1jTosNlZoCN8xb1zDdb/NCISqkX6/sq7wDOn4t+m+78ckof4GNmTOM"
+        + "WSaRDJIuLM9c1stLHpcyif37oZum86FnB9Zw9qlQGdgLYnRPeZXV1rZuC1L9fugCN"
+        + "M4WcUQ20fmPOgyO4RGLsxCbZZJBJj0y7CAMthepMnzaEO9Z2O9BFaM4zpL2ng7GvO"
+        + "a26DQiHO5RFVjUpslUdmPuX7U5xkRfjJ025pqTvHVLfzWmsU53ZbkgiJ/0xxa1Emd"
+        + "5y0X2keTVfm7q5duNVVN1A6r50++RANI7NJaSLFTMm8Y5P79g4o7UmtCLSesUdTsF"
+        + "8swVR5slE3O7ErNr3drLfYVEF9FaB7vcuMDqxCNuahX8TCMJg0vqpO8+EXRNkieb9"
+        + "KSgcLD5WRjzGm7e/B5uACxWc50iY6lYvIVW5Itot95OHWZ5xdq3a3fIIb4MDQ2/nx"
+        + "lozhRHaHTBI9GAwy1/XcDJWMr+tI9rLGCB7hX8dVqNtYO93/oF3gvBiiNSw5qmUQ2"
+        + "qxepZEih5KfhHAVq44RbQMiBA5E2bVBisuNTPUAaA/Fzzsvky8vBq/M5usy8+RXj6"
+        + "m+mSZCUPpSTTunIUnu0bRLb2inccthEielCThk1FLKQCLSpsAo1h7kzuNJIeeJSCM"
+        + "cWXpZEURziXwE5KCl3jcY+dOLLMEI05F/UyRwZ/k1a2qW78Bc3DivIh2w/4ZBAS9q"
+        + "hERIY52y8VcnJ/+/7u45bnpIjkJShZTM1qmzgDCHQa/G5OpnqtI2nDPSNzOpTWA47"
+        + "6+AH0ZQoUKxHt6MJP3QLpnrw6xPSE2gR19KRvFZr0NtGJ+SPy418eFYMtJgPvOyI4"
+        + "XwYYCLrmMCkSGrqfbhwKK6rgYMVDg0fsBT1OAZGKD8QM51hXFt8p0HQS0UuddwCTA"
+        + "/KwyIt6Iw7Leb70yoTEJz3CVU4X4faohXV48gNtZhquawRDvqyBSFS5F8M4s/pJZK"
+        + "C5UY3MXifF1+LhSXjdQK7RwNs9XcCbIy+6Fi2wAKDX9MasXnzfzFVuQq1XtMoPVVS"
+        + "9gSqWXGbYuadDIto3gGIKUt3BT9nj/B0J/ENqlSsGsT0+fiya+p5thXOkI8r7X82P"
+        + "SxV0048QnP7cbuDG97AjOOAcEMsBdCrF3jWGYNd1nK7eKQ8DCrXEKoQhY0IY2sHpU"
+        + "5Cu24KW9M1RwIb/XtOEBun89edaKhfk1uDLlvgQ4huYDmfcu4Ebh6DRbHzwSNMK17"
+        + "qDgp8/mbAui0ATZBW7bTQNw3WMS0ltbdCj0ki28Udg1udYY6r6wwWkXE/mccgbXz0"
+        + "L3g72JfEIO/A56+rFubofZCHuf5AVkDE8MBcGCSqGSIb3DQEJFDEKHggAdABlAHMA"
+        + "dDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTc1NTMwMDAzMjk3MIIGHAYJKoZIhvcNA"
+        + "QcGoIIGDTCCBgkCAQAwggYCBgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBRZLo"
+        + "kYmrJuiANzYxRFL9HmSVKYhQIDAMNQgIIFyPEfYqIJqAd13B5D4EFLs7VrUNaWoeO"
+        + "XNRVl5da6N7gMlG5gVpPRjRUCHyaBB066ZdGEquwkidgCdIAfIolcnyGv7a7PZvZM"
+        + "bJ8AUXjkf9q7zp0Uwc0k4zQ3Nmev5QxSx+f33J+AOQT4T1CRMxwpNOwrtzRoNVZFD"
+        + "oTCnxHBdTvmbCcuMsHYZQk+vLQpud4dI1AKccExjOc86ZAne2Df37LHB/2gxElSOn"
+        + "G9VkdIlKHLPbrk4JNcNSZs3VOOi3tEwAlBx9Xllg95aH3ziBPYKgk/u6M567tEnoH"
+        + "PDiss9+WeNJP9Tgsc6WPu33GTNxtxSLx4mffR3x0upSbFvhIP4t07aCtOZVwD/Hdw"
+        + "VmptatFvVSMiQSM1vf89zjAvdK3UFXTr/jDze4tF35y/UTlor8sbINQy3dZCEpCim"
+        + "G1MfDdSG+K5BZoHTny5bG2YM8a9EHtmZfq4i3GJE85M652UVlVDgDnk+PhgyIFWuJ"
+        + "6KFgWjUWio6RRhRvcTCJbk5soV+IFa4BppNMako9W8B2UvqIIV2XrxvFEh4QFkpsW"
+        + "13qEUGp33qUkAPhuz/NJ4InVh29CGSBnoWprIL/dKwdbTGudlrjnMs6pwURmlWVcJ"
+        + "FuPJFsBpyCQEeAtKS7TXaVJOTkfHdX4tYgN5SxEA0EGoddrKgWu48Dj1u2oC7ruZ9"
+        + "6J0zznFIr4FzBobv/woWx66EnCWyQLqjSCxipYeer+7ARDmHwgyj+CvgMsfkLa1VL"
+        + "LhFDDj0Efdt9IdKj4Nnhh+r9WkNsr+HGiwSgCDn/Hk1AWSvlxxsqFrUBCi6NMSG2l"
+        + "sM4MzCTrT47dJDPS0go0jIS5E4o3Hc/GMUlhaQaQX8iYaZQk4k1/OsRDoui+FuViU"
+        + "wIVuAne6AQhgy+9KMzmcgByFxAAoo5b0fDy/PgSG+C3wSs6brFmJIOw1exUIf2E/m"
+        + "9ATce4vT3CYKLvhk6dmHDK5jSvTrBU4njGVEW8DlW+GSf8jqABDW/PcAf0Y6T0hqv"
+        + "zTuWlpxv2O3QLeVbDTrIEe1bgRz8HaaiHznXe8oUbCC1xw5FaSAjXJLX0mlKtQ48z"
+        + "xdimSM7B4Pa6iz2q0m8PRzPaad+VyqD3xp53FaR3K9vNT0PXQwJIDZzxl3gYFisbN"
+        + "1KxUDtppnkrBwQx9iPH7zQvbNTQiyoUYnF4sAkECIduh/K+ZIAM8zGJH7NTNIrkK/"
+        + "piehq5/fVAXCr/tdSWeg88gsn0HjNRChuqYz1yFBaQvgMLQ7h/C7k0GP/l2pcUxr8"
+        + "/zDkFr1FFiUN9e2E0nlCO/FUxFZ3PO25D0ZrjAN7h4WLCybClC+Fdy+RhLAtK7Vuz"
+        + "zHwBMPNMMvlreXrSv/EE/37oN5OqA8YrDlPpiDuETS6xPkwkJti/ifrwzvakhBUbB"
+        + "dVd0De2QNctDQBnCFVb1lybbUtSF1Ol5Klcjt7UhFyq0ZkoVXhP2YqEJ7yLOaIKCk"
+        + "AdjOwCtb01L83/LhounfQLxIG8S2SQwMyxYua6k9BpQLJA36y2uu4+3OZIO4JRura"
+        + "drfjN6hGkGam8EvxM8UwrC//TDOHJUEy3IgNV4B4EJWs9lFTL9PO+kBlRFSeL5Son"
+        + "jLB/qZC+i8ssJ8oFkIrl+X7rRcooosbVaNvFIR2FpGCdx8bGoFV6pkfwpJ0hO4dOP"
+        + "nzFm24vBa6UrftojK/z234/h3W0yZScR5CvoSoU+tn1+3G3Q6a4+hdMwF6WjyO3Ne"
+        + "xfMRSvMkAqOqHiptdnz7QDQ7LgGIF6igtGEIpKo4urPAg+RnwqKG6NIYOA32QmU35"
+        + "B4+EJhhYZNINZm0NR5ZM0t9BpUiv6DGl8yZiRX1x4Nu35CLlAT8hWSqgMpb8mw5SQ"
+        + "rQ4dNggVaJ9lO1j1G4hV6umuyX6L1wtOyeQ9aNg3hIZGLPe4pkzahqI2KKlPWpksm"
+        + "MJVIi5WmlvEmFC/UkkUUICjo3KzKPHq7bYmdmDDNLwf9jOeAfq/UNxu4nO8wPjAhM"
+        + "AkGBSsOAwIaBQAEFJrJtKCo0WZ7ewFOiudk30HHA6e0BBRXe6IQoFcDFIzKAyXokh"
+        + "y3daZV4AIDAYag";
+}
--- a/test/tools/launcher/Settings.java	Fri Feb 05 20:19:32 2021 +0000
+++ b/test/tools/launcher/Settings.java	Mon Apr 19 04:23:30 2021 +0100
@@ -65,6 +65,7 @@
     private static final String VM_SETTINGS = "VM settings:";
     private static final String PROP_SETTINGS = "Property settings:";
     private static final String LOCALE_SETTINGS = "Locale settings:";
+    private static final String STACKSIZE_SETTINGS = "Stack Size:";
     private static final String SYSTEM_SETTINGS = "Operating System Metrics:";
 
     static void containsAllOptions(TestResult tr) {
@@ -80,10 +81,22 @@
         String stackSize = "256"; // in kb
         if (getArch().equals("ppc64") || getArch().equals("ppc64le")) {
             stackSize = "800";
+        } else if (getArch().equals("aarch64")) {
+            /*
+             * The max value of minimum stack size allowed for aarch64 can be estimated as
+             * such: suppose the vm page size is 64KB and the test runs with a debug build,
+             * the initial _java_thread_min_stack_allowed defined in os_linux_aarch64.cpp is
+             * 72K, stack guard zones could take 192KB, and the shadow zone needs 128KB,
+             * after aligning up all parts to the page size, the final size would be 448KB.
+             * See details in JDK-8163363
+             */
+            stackSize = "448";
         }
         TestResult tr = null;
         tr = doExec(javaCmd, "-Xms64m", "-Xmx512m",
                 "-Xss" + stackSize + "k", "-XshowSettings", "-jar", testJar.getAbsolutePath());
+        // Check the stack size logs printed by -XshowSettings to verify -Xss meaningfully.
+        checkContains(tr, STACKSIZE_SETTINGS);
         containsAllOptions(tr);
         if (!tr.isOK()) {
             System.out.println(tr.status);
@@ -91,6 +104,7 @@
         }
         tr = doExec(javaCmd, "-Xms65536k", "-Xmx712m",
                 "-Xss" + stackSize + "000", "-XshowSettings", "-jar", testJar.getAbsolutePath());
+        checkContains(tr, STACKSIZE_SETTINGS);
         containsAllOptions(tr);
         if (!tr.isOK()) {
             System.out.println(tr.status);