diff --git a/8139041-Redundant-DMB-instructions.patch b/8139041-Redundant-DMB-instructions.patch new file mode 100644 index 0000000000000000000000000000000000000000..f1dc7163547376d16d77c7175eeba137d513ce6b --- /dev/null +++ b/8139041-Redundant-DMB-instructions.patch @@ -0,0 +1,127 @@ +From f88d00280661d697440e40bf1300121bb704bb84 Mon Sep 17 00:00:00 2001 +From: wuyan +Date: Tue, 19 Nov 2019 11:38:36 +0800 +Subject: [PATCH] 8139041: Redundant DMB instructions + +Summary: : Redundant DMB instructions +LLT: jtreg +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8139041 +--- + hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp | 14 ++++++++++++++ + hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp | 7 +++++++ + hotspot/src/cpu/aarch64/vm/nativeInst_aarch64.hpp | 17 +++++++++++++++++ + hotspot/src/share/vm/asm/codeBuffer.hpp | 7 +++++++ + 4 files changed, 45 insertions(+) + +diff --git a/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp +index 178ec531b4..86abf44446 100644 +--- a/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp ++++ b/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp +@@ -1761,6 +1761,20 @@ int MacroAssembler::corrected_idivq(Register result, Register ra, Register rb, + return idivq_offset; + } + ++void MacroAssembler::membar(Membar_mask_bits order_constraint) { ++ address prev = pc() - NativeMembar::instruction_size; ++ if (prev == code()->last_membar()) { ++ NativeMembar *bar = NativeMembar_at(prev); ++ // We are merging two memory barrier instructions. On AArch64 we ++ // can do this simply by ORing them together. ++ bar->set_kind(bar->get_kind() | order_constraint); ++ BLOCK_COMMENT("merged membar"); ++ } else { ++ code()->set_last_membar(pc()); ++ dmb(Assembler::barrier(order_constraint)); ++ } ++} ++ + // MacroAssembler routines found actually to be needed + + void MacroAssembler::push(Register src) +diff --git a/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp b/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp +index 02216f1b10..388177589d 100644 +--- a/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp ++++ b/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp +@@ -153,6 +153,13 @@ class MacroAssembler: public Assembler { + strw(scratch, a); + } + ++ void bind(Label& L) { ++ Assembler::bind(L); ++ code()->clear_last_membar(); ++ } ++ ++ void membar(Membar_mask_bits order_constraint); ++ + // Frame creation and destruction shared between JITs. + void build_frame(int framesize); + void remove_frame(int framesize); +diff --git a/hotspot/src/cpu/aarch64/vm/nativeInst_aarch64.hpp b/hotspot/src/cpu/aarch64/vm/nativeInst_aarch64.hpp +index 20deea54c7..0176e41184 100644 +--- a/hotspot/src/cpu/aarch64/vm/nativeInst_aarch64.hpp ++++ b/hotspot/src/cpu/aarch64/vm/nativeInst_aarch64.hpp +@@ -103,6 +103,12 @@ class NativeInstruction VALUE_OBJ_CLASS_SPEC { + static bool maybe_cpool_ref(address instr) { + return is_adrp_at(instr) || is_ldr_literal_at(instr); + } ++ ++ bool is_Membar() { ++ unsigned int insn = uint_at(0); ++ return Instruction_aarch64::extract(insn, 31, 12) == 0b11010101000000110011 && ++ Instruction_aarch64::extract(insn, 7, 0) == 0b10111111; ++ } + }; + + inline NativeInstruction* nativeInstruction_at(address address) { +@@ -488,4 +494,15 @@ inline NativeCallTrampolineStub* nativeCallTrampolineStub_at(address addr) { + return (NativeCallTrampolineStub*)addr; + } + ++class NativeMembar : public NativeInstruction { ++public: ++ unsigned int get_kind() { return Instruction_aarch64::extract(uint_at(0), 11, 8); } ++ void set_kind(int order_kind) { Instruction_aarch64::patch(addr_at(0), 11, 8, order_kind); } ++}; ++ ++inline NativeMembar *NativeMembar_at(address addr) { ++ assert(nativeInstruction_at(addr)->is_Membar(), "no membar found"); ++ return (NativeMembar*)addr; ++} ++ + #endif // CPU_AARCH64_VM_NATIVEINST_AARCH64_HPP +diff --git a/hotspot/src/share/vm/asm/codeBuffer.hpp b/hotspot/src/share/vm/asm/codeBuffer.hpp +index 02b619ad77..a89f2c18b3 100644 +--- a/hotspot/src/share/vm/asm/codeBuffer.hpp ++++ b/hotspot/src/share/vm/asm/codeBuffer.hpp +@@ -368,6 +368,8 @@ class CodeBuffer: public StackObj { + OopRecorder _default_oop_recorder; // override with initialize_oop_recorder + Arena* _overflow_arena; + ++ address _last_membar; // used to merge consecutive memory barriers ++ + address _decode_begin; // start address for decode + address decode_begin(); + +@@ -380,6 +382,7 @@ class CodeBuffer: public StackObj { + _oop_recorder = NULL; + _decode_begin = NULL; + _overflow_arena = NULL; ++ _last_membar = NULL; + } + + void initialize(address code_start, csize_t code_size) { +@@ -567,6 +570,10 @@ class CodeBuffer: public StackObj { + OopRecorder* oop_recorder() const { return _oop_recorder; } + CodeStrings& strings() { return _code_strings; } + ++ address last_membar() const { return _last_membar; } ++ void set_last_membar(address a) { _last_membar = a; } ++ void clear_last_membar() { set_last_membar(NULL); } ++ + void free_strings() { + if (!_code_strings.is_null()) { + _code_strings.free(); // sets _strings Null as a side-effect. +-- +2.12.3 + diff --git a/8148754-C2-loop-unrolling-fails-due-to-unexpected-gr.patch b/8148754-C2-loop-unrolling-fails-due-to-unexpected-gr.patch index a211d54389f9e523e6f6929b06da43d5fad4b08f..f2762739592a2758fd0a81041052393ddb564526 100644 --- a/8148754-C2-loop-unrolling-fails-due-to-unexpected-gr.patch +++ b/8148754-C2-loop-unrolling-fails-due-to-unexpected-gr.patch @@ -9,14 +9,14 @@ Bug url: https://bugs.openjdk.java.net/browse/JDK-8148754 hotspot/src/share/vm/opto/loopTransform.cpp | 44 ++++++++------------- hotspot/src/share/vm/opto/loopnode.cpp | 36 +++++++++++++++++ hotspot/src/share/vm/opto/loopnode.hpp | 3 ++ - hotspot/src/share/vm/opto/superword.cpp | 18 ++++----- - 4 files changed, 64 insertions(+), 37 deletions(-) + hotspot/src/share/vm/opto/superword.cpp | 18 +++------ + 4 files changed, 61 insertions(+), 40 deletions(-) diff --git a/hotspot/src/share/vm/opto/loopTransform.cpp b/hotspot/src/share/vm/opto/loopTransform.cpp -index 2edc6f8e4..3148e5cae 100644 +index e3637b652..f6783b910 100644 --- a/hotspot/src/share/vm/opto/loopTransform.cpp +++ b/hotspot/src/share/vm/opto/loopTransform.cpp -@@ -1226,21 +1226,14 @@ void PhaseIdealLoop::do_unroll( IdealLoopTree *loop, Node_List &old_new, bool ad +@@ -1222,21 +1222,14 @@ void PhaseIdealLoop::do_unroll( IdealLoopTree *loop, Node_List &old_new, bool ad Node *opaq = NULL; if (adjust_min_trip) { // If not maximally unrolling, need adjustment @@ -46,7 +46,7 @@ index 2edc6f8e4..3148e5cae 100644 // Zero-trip test uses an 'opaque' node which is not shared. assert(opaq->outcnt() == 1 && opaq->in(1) == limit, ""); } -@@ -1810,7 +1803,6 @@ void PhaseIdealLoop::do_range_check( IdealLoopTree *loop, Node_List &old_new ) { +@@ -1806,7 +1799,6 @@ void PhaseIdealLoop::do_range_check( IdealLoopTree *loop, Node_List &old_new ) { #endif assert(RangeCheckElimination, ""); CountedLoopNode *cl = loop->_head->as_CountedLoop(); @@ -54,7 +54,7 @@ index 2edc6f8e4..3148e5cae 100644 // protect against stride not being a constant if (!cl->stride_is_con()) -@@ -1822,20 +1814,18 @@ void PhaseIdealLoop::do_range_check( IdealLoopTree *loop, Node_List &old_new ) { +@@ -1818,20 +1810,18 @@ void PhaseIdealLoop::do_range_check( IdealLoopTree *loop, Node_List &old_new ) { // to not ever trip end tests Node *main_limit = cl->limit(); @@ -85,10 +85,10 @@ index 2edc6f8e4..3148e5cae 100644 // Find the pre-loop limit; we will expand it's iterations to diff --git a/hotspot/src/share/vm/opto/loopnode.cpp b/hotspot/src/share/vm/opto/loopnode.cpp -index ce0a7393d..ef845ca93 100644 +index 37c56681d..e2c0645cf 100644 --- a/hotspot/src/share/vm/opto/loopnode.cpp +++ b/hotspot/src/share/vm/opto/loopnode.cpp -@@ -3278,6 +3278,42 @@ Node* PhaseIdealLoop::compute_lca_of_uses(Node* n, Node* early, bool verify) { +@@ -3284,6 +3284,42 @@ Node* PhaseIdealLoop::compute_lca_of_uses(Node* n, Node* early, bool verify) { return LCA; } @@ -132,10 +132,10 @@ index ce0a7393d..ef845ca93 100644 // Compute latest legal control. Node *PhaseIdealLoop::get_late_ctrl( Node *n, Node *early ) { diff --git a/hotspot/src/share/vm/opto/loopnode.hpp b/hotspot/src/share/vm/opto/loopnode.hpp -index aba285205..24926d047 100644 +index 150d1be0f..558b10504 100644 --- a/hotspot/src/share/vm/opto/loopnode.hpp +++ b/hotspot/src/share/vm/opto/loopnode.hpp -@@ -620,6 +620,9 @@ private: +@@ -621,6 +621,9 @@ private: bool cast_incr_before_loop(Node* incr, Node* ctrl, Node* loop); public: @@ -146,35 +146,36 @@ index aba285205..24926d047 100644 guarantee(n != NULL, "No Node."); return _nodes[n->_idx] != NULL; diff --git a/hotspot/src/share/vm/opto/superword.cpp b/hotspot/src/share/vm/opto/superword.cpp -index 543ffc035..53878000f 100644 +index 0bc171b5c..a14210ee2 100644 --- a/hotspot/src/share/vm/opto/superword.cpp +++ b/hotspot/src/share/vm/opto/superword.cpp -@@ -2208,15 +2208,18 @@ void SuperWord::align_initial_loop_index(MemNode* align_to_ref) { +@@ -2209,21 +2209,13 @@ void SuperWord::align_initial_loop_index(MemNode* align_to_ref) { //----------------------------get_pre_loop_end--------------------------- // Find pre loop end from main loop. Returns null if none. - CountedLoopEndNode* SuperWord::get_pre_loop_end(CountedLoopNode *cl) { -- Node *ctrl = cl->in(LoopNode::EntryControl); + CountedLoopEndNode* SuperWord::get_pre_loop_end(CountedLoopNode* cl) { +- Node* ctrl = cl->in(LoopNode::EntryControl); - if (!ctrl->is_IfTrue() && !ctrl->is_IfFalse()) return NULL; -- Node *iffm = ctrl->in(0); +- Node* iffm = ctrl->in(0); - if (!iffm->is_If()) return NULL; -- Node *p_f = iffm->in(0); +- Node* bolzm = iffm->in(1); +- if (!bolzm->is_Bool()) return NULL; +- Node* cmpzm = bolzm->in(1); +- if (!cmpzm->is_Cmp()) return NULL; +- Node* opqzm = cmpzm->in(2); +- // Can not optimize a loop if zero-trip Opaque1 node is optimized +- // away and then another round of loop opts attempted. +- if (opqzm->Opcode() != Op_Opaque1) { + // The loop cannot be optimized if the graph shape at + // the loop entry is inappropriate. + if (!PhaseIdealLoop::is_canonical_main_loop_entry(cl)) { -+ return NULL; -+ } + return NULL; + } +- Node* p_f = iffm->in(0); + + Node* p_f = cl->in(LoopNode::EntryControl)->in(0)->in(0); if (!p_f->is_IfFalse()) return NULL; if (!p_f->in(0)->is_CountedLoopEnd()) return NULL; -- CountedLoopEndNode *pre_end = p_f->in(0)->as_CountedLoopEnd(); -- if (!pre_end->loopnode()->is_pre_loop()) return NULL; -+ CountedLoopEndNode* pre_end = p_f->in(0)->as_CountedLoopEnd(); -+ CountedLoopNode* loop_node = pre_end->loopnode(); -+ if (loop_node == NULL || !loop_node->is_pre_loop()) return NULL; - return pre_end; - } - + CountedLoopEndNode* pre_end = p_f->in(0)->as_CountedLoopEnd(); -- 2.19.0 diff --git a/8154313.patch b/8154313.patch deleted file mode 100644 index 78bfa6a241a4fca45c1c16e9059d85c31053691e..0000000000000000000000000000000000000000 --- a/8154313.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- a/make/Javadoc.gmk 2016-04-01 16:53:41.069477682 +0200 -+++ b/make/Javadoc.gmk 2016-04-01 16:53:41.014477059 +0200 -@@ -220,6 +220,12 @@ - JRE_API_DOCSDIR = $(DOCSDIR)/jre/api - PLATFORM_DOCSDIR = $(DOCSDIR)/platform - -+ -+JAVADOC_ARCHIVE_NAME := jdk-$(FULL_VERSION)-docs.zip -+JAVADOC_ARCHIVE_ASSEMBLY_DIR := $(DOCSTMPDIR)/zip-docs -+JAVADOC_ARCHIVE_DIR := $(OUTPUT_ROOT)/bundles -+JAVADOC_ARCHIVE := $(JAVADOC_ARCHIVE_DIR)/$(JAVADOC_ARCHIVE_NAME) -+ - # The non-core api javadocs need to be able to access the root of the core - # api directory, so for jdk/api or jre/api to get to the core api/ - # directory we would use this: -@@ -319,6 +325,37 @@ - all: docs - docs: coredocs otherdocs - -+# -+# Optional target which bundles all generated javadocs into a zip -+# archive. The dependency on docs is handled in Main.gmk. Incremental -+# building of docs is currently broken so if you invoke zip-docs after -+# docs, the docs are always rebuilt. -+# -+ -+zip-docs: $(JAVADOC_ARCHIVE) -+ -+# -+# Add the core docs as prerequisite to the archive to trigger a rebuild -+# if the core docs were rebuilt. Ideally any doc rebuild should trigger -+# this, but the way prerequisites are currently setup in this file, that -+# is hard to achieve. -+# -+ -+$(JAVADOC_ARCHIVE): $(COREAPI_INDEX_FILE) -+ @$(ECHO) "Compressing javadoc to single $(JAVADOC_ARCHIVE_NAME)" ; -+ $(MKDIR) -p $(JAVADOC_ARCHIVE_DIR) ; -+ $(RM) -r $(JAVADOC_ARCHIVE_ASSEMBLY_DIR) ; -+ $(MKDIR) -p $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); -+ all_roots=`$(FIND) $(DOCSDIR) | $(GREP) index.html `; \ -+ pushd $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); \ -+ for index_file in $${all_roots} ; do \ -+ target_dir=`dirname $${index_file}`; \ -+ name=`$(ECHO) $${target_dir} | $(SED) "s;/spec;;" | $(SED) "s;.*/;;"`; \ -+ $(LN) -s $${target_dir} $${name}; \ -+ done; \ -+ $(ZIP) -q -r $(JAVADOC_ARCHIVE) * ; \ -+ popd ; -+ - ################################################################# - # Production Targets -- USE THESE TARGETS WHEN: - # a) You're generating docs outside of release engineering's ---- a/make/Main.gmk 2016-04-01 16:53:41.311480424 +0200 -+++ b/make/Main.gmk 2016-04-01 16:53:41.266479914 +0200 -@@ -165,6 +165,12 @@ - @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk docs) - @$(call TargetExit) - -+zip-docs: docs zip-docs-only -+zip-docs-only: start-make -+ @$(call TargetEnter) -+ @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk zip-docs) -+ @$(call TargetExit) -+ - sign-jars: jdk sign-jars-only - sign-jars-only: start-make - @$(call TargetEnter) diff --git a/8158946-JDK-8165808-JDK-8166583-JDK-.patch b/8158946-JDK-8165808-JDK-8166583-JDK-.patch index 21f4341460c63ecdf2d76dc1b6da5c675aa2cd64..1783ed1ed3eb649eee77a56d7e23c5c398a06215 100644 --- a/8158946-JDK-8165808-JDK-8166583-JDK-.patch +++ b/8158946-JDK-8165808-JDK-8166583-JDK-.patch @@ -8,22 +8,22 @@ LLT: Bug url: https://bugs.openjdk.java.net/browse/JDK-8158946 https://bugs.openjdk.java.net/browse/JDK-8165808 https://bugs.openjdk.java.net/browse/JDK-8166583 https://bugs.openjdk.java.net/browse/JDK-8166862 --- - hotspot/src/share/vm/classfile/javaClasses.cpp | 6 ++- - .../compactibleFreeListSpace.cpp | 23 ++------- - .../concurrentMarkSweepGeneration.cpp | 16 +++---- - .../src/share/vm/gc_interface/collectedHeap.cpp | 16 +++++++ - .../src/share/vm/gc_interface/collectedHeap.hpp | 6 +-- - .../share/vm/gc_interface/collectedHeap.inline.hpp | 54 ++++++++++++---------- - hotspot/src/share/vm/oops/instanceMirrorKlass.cpp | 7 ++- - hotspot/src/share/vm/oops/oop.hpp | 2 + - hotspot/src/share/vm/oops/oop.inline.hpp | 38 ++++++++++++--- - 9 files changed, 104 insertions(+), 64 deletions(-) + .../src/share/vm/classfile/javaClasses.cpp | 5 +- + .../compactibleFreeListSpace.cpp | 23 ++------ + .../concurrentMarkSweepGeneration.cpp | 16 +++--- + .../share/vm/gc_interface/collectedHeap.cpp | 16 ++++++ + .../share/vm/gc_interface/collectedHeap.hpp | 6 +-- + .../vm/gc_interface/collectedHeap.inline.hpp | 54 ++++++++++--------- + .../src/share/vm/oops/instanceMirrorKlass.cpp | 7 ++- + hotspot/src/share/vm/oops/oop.hpp | 2 + + hotspot/src/share/vm/oops/oop.inline.hpp | 38 ++++++++++--- + 9 files changed, 103 insertions(+), 64 deletions(-) diff --git a/hotspot/src/share/vm/classfile/javaClasses.cpp b/hotspot/src/share/vm/classfile/javaClasses.cpp -index a9b40d235e..cd28c758d0 100644 +index 1bad10334..719db22b7 100644 --- a/hotspot/src/share/vm/classfile/javaClasses.cpp +++ b/hotspot/src/share/vm/classfile/javaClasses.cpp -@@ -649,10 +649,14 @@ void java_lang_Class::create_mirror(KlassHandle k, Handle class_loader, +@@ -651,10 +651,13 @@ void java_lang_Class::create_mirror(KlassHandle k, Handle class_loader, int java_lang_Class::oop_size(oop java_class) { assert(_oop_size_offset != 0, "must be set"); @@ -31,16 +31,15 @@ index a9b40d235e..cd28c758d0 100644 + int size = java_class->int_field(_oop_size_offset); + assert(size > 0, "Oop size must be greater than zero"); + return size; -+ } void java_lang_Class::set_oop_size(oop java_class, int size) { assert(_oop_size_offset != 0, "must be set"); + assert(size > 0, "Oop size must be greater than zero"); - java_class->int_field_put_raw(_oop_size_offset, size); + java_class->int_field_put(_oop_size_offset, size); } int java_lang_Class::static_oop_field_count(oop java_class) { diff --git a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp -index e5a3a11069..2de68f7aeb 100644 +index e5a3a1106..2de68f7ae 100644 --- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp +++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp @@ -984,18 +984,13 @@ size_t CompactibleFreeListSpace::block_size(const HeapWord* p) const { @@ -98,7 +97,7 @@ index e5a3a11069..2de68f7aeb 100644 // Ignore mark word because it may have been used to // chain together promoted objects (the last one diff --git a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp -index 2d7791138c..e3fdb6cf89 100644 +index 701231b4a..e3c0048da 100644 --- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp @@ -6715,7 +6715,7 @@ size_t CMSCollector::block_size_if_printezis_bits(HeapWord* addr) const { @@ -174,11 +173,11 @@ index 2d7791138c..e3fdb6cf89 100644 // Ignore mark word because we are running concurrent with mutators assert(oop(addr)->is_oop(true), "live block should be an oop"); diff --git a/hotspot/src/share/vm/gc_interface/collectedHeap.cpp b/hotspot/src/share/vm/gc_interface/collectedHeap.cpp -index 4f5e93bbe2..90207a8a4d 100644 +index 3ae8d61d0..e79251e13 100644 --- a/hotspot/src/share/vm/gc_interface/collectedHeap.cpp +++ b/hotspot/src/share/vm/gc_interface/collectedHeap.cpp @@ -305,6 +305,22 @@ HeapWord* CollectedHeap::allocate_from_tlab_slow(KlassHandle klass, Thread* thre - return Universe::heap()->tlab_post_allocation_setup(obj); + return obj; } +void CollectedHeap::post_allocation_setup_class(KlassHandle klass, @@ -201,7 +200,7 @@ index 4f5e93bbe2..90207a8a4d 100644 MemRegion deferred = thread->deferred_card_mark(); if (!deferred.is_empty()) { diff --git a/hotspot/src/share/vm/gc_interface/collectedHeap.hpp b/hotspot/src/share/vm/gc_interface/collectedHeap.hpp -index 03956b036b..48fd7e7c0a 100644 +index 898a660f2..c13d29780 100644 --- a/hotspot/src/share/vm/gc_interface/collectedHeap.hpp +++ b/hotspot/src/share/vm/gc_interface/collectedHeap.hpp @@ -157,6 +157,8 @@ class CollectedHeap : public CHeapObj { @@ -213,7 +212,7 @@ index 03956b036b..48fd7e7c0a 100644 // Clears an allocated object. inline static void init_obj(HeapWord* obj, size_t size); -@@ -323,9 +325,7 @@ class CollectedHeap : public CHeapObj { +@@ -321,9 +323,7 @@ class CollectedHeap : public CHeapObj { inline static oop obj_allocate(KlassHandle klass, int size, TRAPS); inline static oop array_allocate(KlassHandle klass, int size, int length, TRAPS); inline static oop array_allocate_nozero(KlassHandle klass, int size, int length, TRAPS); @@ -222,10 +221,10 @@ index 03956b036b..48fd7e7c0a 100644 - oop obj); + inline static oop class_allocate(KlassHandle klass, int size, TRAPS); - virtual uint oop_extra_words(); - + // Raw memory allocation facilities + // The obj and array allocate methods are covers for these methods. diff --git a/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp b/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp -index 9f3b885a9e..17e02c8f90 100644 +index 302d0c7cb..bdc97575f 100644 --- a/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp +++ b/hotspot/src/share/vm/gc_interface/collectedHeap.inline.hpp @@ -39,14 +39,22 @@ @@ -298,7 +297,7 @@ index 9f3b885a9e..17e02c8f90 100644 assert(new_obj->is_array(), "must be an array"); // notify jvmti and dtrace (must be after length is set for dtrace) post_allocation_notify(klass, new_obj, new_obj->size()); -@@ -208,6 +204,16 @@ oop CollectedHeap::obj_allocate(KlassHandle klass, int size, TRAPS) { +@@ -206,6 +202,16 @@ oop CollectedHeap::obj_allocate(KlassHandle klass, int size, TRAPS) { return (oop)obj; } @@ -316,7 +315,7 @@ index 9f3b885a9e..17e02c8f90 100644 int size, int length, diff --git a/hotspot/src/share/vm/oops/instanceMirrorKlass.cpp b/hotspot/src/share/vm/oops/instanceMirrorKlass.cpp -index 5b4c7d0fd2..73da78e5a8 100644 +index 5b4c7d0fd..73da78e5a 100644 --- a/hotspot/src/share/vm/oops/instanceMirrorKlass.cpp +++ b/hotspot/src/share/vm/oops/instanceMirrorKlass.cpp @@ -363,13 +363,12 @@ instanceOop InstanceMirrorKlass::allocate_instance(KlassHandle k, TRAPS) { @@ -337,10 +336,10 @@ index 5b4c7d0fd2..73da78e5a8 100644 int InstanceMirrorKlass::oop_size(oop obj) const { diff --git a/hotspot/src/share/vm/oops/oop.hpp b/hotspot/src/share/vm/oops/oop.hpp -index 1643ba9f55..c8d1f99183 100644 +index 4b707abce..c1e9fd550 100644 --- a/hotspot/src/share/vm/oops/oop.hpp +++ b/hotspot/src/share/vm/oops/oop.hpp -@@ -104,10 +104,12 @@ class oopDesc { +@@ -83,10 +83,12 @@ class oopDesc { Klass* klass() const; Klass* klass_or_null() const volatile; @@ -354,10 +353,10 @@ index 1643ba9f55..c8d1f99183 100644 // For klass field compression int klass_gap() const; diff --git a/hotspot/src/share/vm/oops/oop.inline.hpp b/hotspot/src/share/vm/oops/oop.inline.hpp -index 535a7a8953..5d47e3f4dc 100644 +index 4632457bf..491f148b9 100644 --- a/hotspot/src/share/vm/oops/oop.inline.hpp +++ b/hotspot/src/share/vm/oops/oop.inline.hpp -@@ -97,7 +97,6 @@ inline Klass* oopDesc::klass() const { +@@ -85,7 +85,6 @@ inline Klass* oopDesc::klass() const { } inline Klass* oopDesc::klass_or_null() const volatile { @@ -365,7 +364,7 @@ index 535a7a8953..5d47e3f4dc 100644 if (UseCompressedClassPointers) { return Klass::decode_klass(_metadata._compressed_klass); } else { -@@ -110,6 +109,17 @@ inline int oopDesc::klass_gap_offset_in_bytes() { +@@ -98,6 +97,17 @@ inline int oopDesc::klass_gap_offset_in_bytes() { return oopDesc::klass_offset_in_bytes() + sizeof(narrowKlass); } @@ -383,7 +382,7 @@ index 535a7a8953..5d47e3f4dc 100644 inline Klass** oopDesc::klass_addr() { // Only used internally and with CMS and will not work with // UseCompressedOops -@@ -122,10 +132,14 @@ inline narrowKlass* oopDesc::compressed_klass_addr() { +@@ -110,10 +120,14 @@ inline narrowKlass* oopDesc::compressed_klass_addr() { return &_metadata._compressed_klass; } @@ -401,7 +400,7 @@ index 535a7a8953..5d47e3f4dc 100644 if (UseCompressedClassPointers) { *compressed_klass_addr() = Klass::encode_klass_not_null(k); } else { -@@ -133,6 +147,18 @@ inline void oopDesc::set_klass(Klass* k) { +@@ -121,6 +135,18 @@ inline void oopDesc::set_klass(Klass* k) { } } @@ -420,7 +419,7 @@ index 535a7a8953..5d47e3f4dc 100644 inline int oopDesc::klass_gap() const { return *(int*)(((intptr_t)this) + klass_gap_offset_in_bytes()); } -@@ -805,8 +831,8 @@ inline int oopDesc::size_given_klass(Klass* klass) { +@@ -511,8 +537,8 @@ inline int oopDesc::size_given_klass(Klass* klass) { } } @@ -432,5 +431,5 @@ index 535a7a8953..5d47e3f4dc 100644 } -- -2.12.3 +2.19.0 diff --git a/8171410-aarch64-long-multiplyExact-shifts-by-31-inst.patch b/8171410-aarch64-long-multiplyExact-shifts-by-31-inst.patch new file mode 100644 index 0000000000000000000000000000000000000000..7ea77078c7016d2d1d7bfe69bfe1200192e14dfc --- /dev/null +++ b/8171410-aarch64-long-multiplyExact-shifts-by-31-inst.patch @@ -0,0 +1,57 @@ +From 18161c97014b072d7c0628fada35f1ed050c7c78 Mon Sep 17 00:00:00 2001 +From: wuyan +Date: Thu, 16 Jan 2020 20:30:28 +0800 +Subject: [PATCH] 8171410: aarch64: long multiplyExact shifts by 31 instead of + 63 + +Summary: : long multiplyExact shifts by 31 instead of 63 +LLT: NA +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8171410 +--- + hotspot/src/cpu/aarch64/vm/aarch64.ad | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hotspot/src/cpu/aarch64/vm/aarch64.ad b/hotspot/src/cpu/aarch64/vm/aarch64.ad +index a82629edda..b010a690c4 100644 +--- a/hotspot/src/cpu/aarch64/vm/aarch64.ad ++++ b/hotspot/src/cpu/aarch64/vm/aarch64.ad +@@ -12438,7 +12438,7 @@ instruct overflowMulL_reg(rFlagsReg cr, iRegL op1, iRegL op2) + + format %{ "mul rscratch1, $op1, $op2\t#overflow check long\n\t" + "smulh rscratch2, $op1, $op2\n\t" +- "cmp rscratch2, rscratch1, ASR #31\n\t" ++ "cmp rscratch2, rscratch1, ASR #63\n\t" + "movw rscratch1, #0x80000000\n\t" + "cselw rscratch1, rscratch1, zr, NE\n\t" + "cmpw rscratch1, #1" %} +@@ -12446,7 +12446,7 @@ instruct overflowMulL_reg(rFlagsReg cr, iRegL op1, iRegL op2) + ins_encode %{ + __ mul(rscratch1, $op1$$Register, $op2$$Register); // Result bits 0..63 + __ smulh(rscratch2, $op1$$Register, $op2$$Register); // Result bits 64..127 +- __ cmp(rscratch2, rscratch1, Assembler::ASR, 31); // Top is pure sign ext ++ __ cmp(rscratch2, rscratch1, Assembler::ASR, 63); // Top is pure sign ext + __ movw(rscratch1, 0x80000000); // Develop 0 (EQ), + __ cselw(rscratch1, rscratch1, zr, Assembler::NE); // or 0x80000000 (NE) + __ cmpw(rscratch1, 1); // 0x80000000 - 1 => VS +@@ -12464,7 +12464,7 @@ instruct overflowMulL_reg_branch(cmpOp cmp, iRegL op1, iRegL op2, label labl, rF + + format %{ "mul rscratch1, $op1, $op2\t#overflow check long\n\t" + "smulh rscratch2, $op1, $op2\n\t" +- "cmp rscratch2, rscratch1, ASR #31\n\t" ++ "cmp rscratch2, rscratch1, ASR #63\n\t" + "b$cmp $labl" %} + ins_cost(4 * INSN_COST); // Branch is rare so treat as INSN_COST + ins_encode %{ +@@ -12472,7 +12472,7 @@ instruct overflowMulL_reg_branch(cmpOp cmp, iRegL op1, iRegL op2, label labl, rF + Assembler::Condition cond = (Assembler::Condition)$cmp$$cmpcode; + __ mul(rscratch1, $op1$$Register, $op2$$Register); // Result bits 0..63 + __ smulh(rscratch2, $op1$$Register, $op2$$Register); // Result bits 64..127 +- __ cmp(rscratch2, rscratch1, Assembler::ASR, 31); // Top is pure sign ext ++ __ cmp(rscratch2, rscratch1, Assembler::ASR, 63); // Top is pure sign ext + __ br(cond == Assembler::VS ? Assembler::NE : Assembler::EQ, *L); + %} + +-- +2.12.3 + diff --git a/8190332-PngReader-throws-NegativeArraySizeException-.patch b/8190332-PngReader-throws-NegativeArraySizeException-.patch new file mode 100644 index 0000000000000000000000000000000000000000..34a5543499553ed44e57062320c7df81cc1de58a --- /dev/null +++ b/8190332-PngReader-throws-NegativeArraySizeException-.patch @@ -0,0 +1,164 @@ +From 31cb3f58bf65518cf3b9e35cd09405af693a38bd Mon Sep 17 00:00:00 2001 +From: mashoubing +Date: Thu, 21 Nov 2019 11:49:57 +0000 +Subject: [PATCH] 8190332: PngReader throws NegativeArraySizeException/OOM + error when IHDR width is very large + +Summary: : PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large +LLT: +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8190332 +--- + .../sun/imageio/plugins/png/PNGImageReader.java | 27 +++++-- + .../plugins/png/PngLargeIHDRDimensionTest.java | 86 ++++++++++++++++++++++ + 2 files changed, 106 insertions(+), 7 deletions(-) + create mode 100644 test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java + +diff --git a/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java b/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java +index 7da36e14b1..02a11d45f4 100644 +--- a/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java ++++ b/jdk/src/share/classes/com/sun/imageio/plugins/png/PNGImageReader.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -1305,14 +1305,18 @@ public class PNGImageReader extends ImageReader { + this.pixelStream = new DataInputStream(is); + + /* +- * NB: the PNG spec declares that valid range for width ++ * PNG spec declares that valid range for width + * and height is [1, 2^31-1], so here we may fail to allocate + * a buffer for destination image due to memory limitation. + * +- * However, the recovery strategy for this case should be +- * defined on the level of application, so we will not +- * try to estimate the required amount of the memory and/or +- * handle OOM in any way. ++ * If the read operation triggers OutOfMemoryError, the same ++ * will be wrapped in an IIOException at PNGImageReader.read ++ * method. ++ * ++ * The recovery strategy for this case should be defined at ++ * the level of application, so we will not try to estimate ++ * the required amount of the memory and/or handle OOM in ++ * any way. + */ + theImage = getDestination(param, + getImageTypes(0), +@@ -1611,7 +1615,16 @@ public class PNGImageReader extends ImageReader { + throw new IndexOutOfBoundsException("imageIndex != 0!"); + } + +- readImage(param); ++ try { ++ readImage(param); ++ } catch (IOException | ++ IllegalStateException | ++ IllegalArgumentException e) ++ { ++ throw e; ++ } catch (Throwable e) { ++ throw new IIOException("Caught exception during read: ", e); ++ } + return theImage; + } + +diff --git a/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java b/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java +new file mode 100644 +index 0000000000..118a41f04f +--- /dev/null ++++ b/test/jdk/javax/imageio/plugins/png/PngLargeIHDRDimensionTest.java +@@ -0,0 +1,86 @@ ++/* ++ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8190332 ++ * @summary Test verifies whether PNGImageReader throws IIOException ++ * or not when IHDR width value is very high. ++ * @run main PngLargeIHDRDimensionTest ++ */ ++ ++import java.io.ByteArrayInputStream; ++import java.io.InputStream; ++import java.util.Base64; ++import javax.imageio.IIOException; ++import javax.imageio.ImageIO; ++ ++public class PngLargeIHDRDimensionTest { ++ ++ /* ++ * IHDR width is very large and when we try to create buffer to store ++ * image information of each row it overflows and we get ++ * NegativeArraySizeException without the fix for this bug. ++ */ ++ private static String negativeArraySizeExceptionInput = "iVBORw0KGgoAAAANS" ++ + "UhEUg////0AAAABEAIAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAAB" ++ + "JRU5ErkJgggo="; ++ ++ /* ++ * IHDR width is ((2 to the power of 31) - 2), which is the maximum VM ++ * limit to create an array we get OutOfMemoryError without the fix ++ * for this bug. ++ */ ++ private static String outOfMemoryErrorInput = "iVBORw0KGgoAAAANSUhEUgAAAAF/" ++ + "///+CAAAAAA6fptVAAAACklEQVQYV2P4DwABAQEAWk1v8QAAAABJRU5" ++ + "ErkJgggo="; ++ ++ private static InputStream input; ++ private static Boolean firstTestFailed = true, secondTestFailed = true; ++ public static void main(String[] args) throws java.io.IOException { ++ byte[] inputBytes = Base64.getDecoder(). ++ decode(negativeArraySizeExceptionInput); ++ input = new ByteArrayInputStream(inputBytes); ++ ++ try { ++ ImageIO.read(input); ++ } catch (IIOException e) { ++ firstTestFailed = false; ++ } ++ ++ inputBytes = Base64.getDecoder().decode(outOfMemoryErrorInput); ++ input = new ByteArrayInputStream(inputBytes); ++ ++ try { ++ ImageIO.read(input); ++ } catch (IIOException e) { ++ secondTestFailed = false; ++ } ++ ++ if (firstTestFailed || secondTestFailed) { ++ throw new RuntimeException("Test doesn't throw required" ++ + " IIOException"); ++ } ++ } ++} ++ +-- +2.12.3 + diff --git a/8191915-java.lang.Math.multiplyExact-not-throw-an-ex.patch b/8191915-java.lang.Math.multiplyExact-not-throw-an-ex.patch new file mode 100644 index 0000000000000000000000000000000000000000..e46eee79c560337e03485b229406f75c54a2c436 --- /dev/null +++ b/8191915-java.lang.Math.multiplyExact-not-throw-an-ex.patch @@ -0,0 +1,163 @@ +From eeb0317f3582ae74dd7d42d149fdc457cd01d835 Mon Sep 17 00:00:00 2001 +From: c00229008 +Date: Thu, 26 Dec 2019 20:04:58 +0000 +Subject: [PATCH] 8191915: java.lang.Math.multiplyExact not throw an exception + for certain values + +Summary: C2: java.lang.Math.multiplyExact not throw an exception for certain values +LLT: hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8191915 +--- + hotspot/src/share/vm/opto/mathexactnode.cpp | 42 +++++++++------ + hotspot/src/share/vm/opto/mathexactnode.hpp | 4 +- + .../intrinsics/mathexact/LongMulOverflowTest.java | 61 ++++++++++++++++++++++ + 3 files changed, 90 insertions(+), 17 deletions(-) + create mode 100644 hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java + +diff --git a/hotspot/src/share/vm/opto/mathexactnode.cpp b/hotspot/src/share/vm/opto/mathexactnode.cpp +index 00466ad3d5..661cc745bf 100644 +--- a/hotspot/src/share/vm/opto/mathexactnode.cpp ++++ b/hotspot/src/share/vm/opto/mathexactnode.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -117,23 +117,33 @@ bool OverflowSubLNode::will_overflow(jlong v1, jlong v2) const { + return SubHelper::will_overflow(v1, v2); + } + +-bool OverflowMulLNode::will_overflow(jlong val1, jlong val2) const { +- jlong result = val1 * val2; +- jlong ax = (val1 < 0 ? -val1 : val1); +- jlong ay = (val2 < 0 ? -val2 : val2); +- +- bool overflow = false; +- if ((ax | ay) & CONST64(0xFFFFFFFF00000000)) { +- // potential overflow if any bit in upper 32 bits are set +- if ((val1 == min_jlong && val2 == -1) || (val2 == min_jlong && val1 == -1)) { +- // -1 * Long.MIN_VALUE will overflow +- overflow = true; +- } else if (val2 != 0 && (result / val2 != val1)) { +- overflow = true; +- } ++bool OverflowMulLNode::is_overflow(jlong val1, jlong val2) { ++ // x * { 0, 1 } will never overflow. Even for x = min_jlong ++ if (val1 == 0 || val2 == 0 || val1 == 1 || val2 == 1) { ++ return false; ++ } ++ ++ // x * min_jlong for x not in { 0, 1 } overflows ++ // even -1 as -1 * min_jlong is an overflow ++ if (val1 == min_jlong || val2 == min_jlong) { ++ return true; + } + +- return overflow; ++ // if (x * y) / y == x there is no overflow ++ // ++ // the multiplication here is done as unsigned to avoid undefined behaviour which ++ // can be used by the compiler to assume that the check further down (result / val2 != val1) ++ // is always false and breaks the overflow check ++ julong v1 = (julong) val1; ++ julong v2 = (julong) val2; ++ julong tmp = v1 * v2; ++ jlong result = (jlong) tmp; ++ ++ if (result / val2 != val1) { ++ return true; ++ } ++ ++ return false; + } + + bool OverflowAddINode::can_overflow(const Type* t1, const Type* t2) const { +diff --git a/hotspot/src/share/vm/opto/mathexactnode.hpp b/hotspot/src/share/vm/opto/mathexactnode.hpp +index 3e037cf568..0a59ebd96e 100644 +--- a/hotspot/src/share/vm/opto/mathexactnode.hpp ++++ b/hotspot/src/share/vm/opto/mathexactnode.hpp +@@ -129,8 +129,10 @@ public: + OverflowMulLNode(Node* in1, Node* in2) : OverflowLNode(in1, in2) {} + virtual int Opcode() const; + +- virtual bool will_overflow(jlong v1, jlong v2) const; ++ virtual bool will_overflow(jlong v1, jlong v2) const { return is_overflow(v1, v2); } + virtual bool can_overflow(const Type* t1, const Type* t2) const; ++ ++ static bool is_overflow(jlong v1, jlong v2); + }; + + #endif +diff --git a/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java b/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java +new file mode 100644 +index 0000000000..69bd8f1579 +--- /dev/null ++++ b/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java +@@ -0,0 +1,61 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8191915 ++ * @summary Regression test for multiplyExact intrinsic ++ * @compile AddExactICondTest.java ++ * @run main/othervm -Xcomp -XX:-TieredCompilation compiler.intrinsics.mathexact.LongMulOverflowTest ++ */ ++ ++package compiler.intrinsics.mathexact; ++ ++public class LongMulOverflowTest { ++ public static void main(String[] args) { ++ LongMulOverflowTest test = new LongMulOverflowTest(); ++ for (int i = 0; i < 10; ++i) { ++ try { ++ test.runTest(); ++ throw new RuntimeException("Error, runTest() did not overflow!"); ++ } catch (ArithmeticException e) { ++ // success ++ } ++ ++ try { ++ test.runTestOverflow(); ++ throw new RuntimeException("Error, runTestOverflow() did not overflow!"); ++ } catch (ArithmeticException e) { ++ // success ++ } ++ } ++ } ++ ++ public void runTest() { ++ java.lang.Math.multiplyExact(Long.MIN_VALUE, 7); ++ } ++ ++ public void runTestOverflow() { ++ java.lang.Math.multiplyExact((Long.MAX_VALUE / 2) + 1, 2); ++ } ++} +-- +2.12.3 + diff --git a/8193255-Root-Certificates-should-be-stored-in-text-f.patch b/8193255-Root-Certificates-should-be-stored-in-text-f.patch new file mode 100644 index 0000000000000000000000000000000000000000..1ea7ce3c7e91cecf81a1c9f55e6f85c842f17049 --- /dev/null +++ b/8193255-Root-Certificates-should-be-stored-in-text-f.patch @@ -0,0 +1,3693 @@ +From b6d77009fecd179ff16c27f04fad44ce542a30e0 Mon Sep 17 00:00:00 2001 +From: c00229008 +Date: Mon, 10 Feb 2020 10:06:12 +0000 +Subject: [PATCH] 8193255: Root Certificates should be stored in text format + and assembled at build time + +Summary: Runtime: Root Certificates should be stored in text format and assembled at build time. +LLT: jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +Patch Type: backport(Community Backport Correction) +Bug url: https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/8d39522b0f75 +--- + common/autoconf/generated-configure.sh | 2 - + common/autoconf/jdk-options.m4 | 2 - + jdk/make/CopyFiles.gmk | 8 ++- + jdk/make/GenerateData.gmk | 16 +++++- + jdk/make/Tools.gmk | 5 +- + jdk/make/data/cacerts/README | 10 ++++ + jdk/make/data/cacerts/actalisauthenticationrootca | 40 +++++++++++++ + jdk/make/data/cacerts/addtrustclass1ca | 31 +++++++++++ + jdk/make/data/cacerts/addtrustexternalca | 32 +++++++++++ + jdk/make/data/cacerts/addtrustqualifiedca | 32 +++++++++++ + jdk/make/data/cacerts/affirmtrustcommercialca | 27 +++++++++ + jdk/make/data/cacerts/affirmtrustnetworkingca | 27 +++++++++ + jdk/make/data/cacerts/affirmtrustpremiumca | 38 +++++++++++++ + jdk/make/data/cacerts/affirmtrustpremiumeccca | 20 +++++++ + jdk/make/data/cacerts/amazonrootca1 | 27 +++++++++ + jdk/make/data/cacerts/amazonrootca2 | 38 +++++++++++++ + jdk/make/data/cacerts/amazonrootca3 | 19 +++++++ + jdk/make/data/cacerts/amazonrootca4 | 20 +++++++ + jdk/make/data/cacerts/baltimorecybertrustca | 28 ++++++++++ + jdk/make/data/cacerts/buypassclass2ca | 38 +++++++++++++ + jdk/make/data/cacerts/buypassclass3ca | 38 +++++++++++++ + jdk/make/data/cacerts/camerfirmachambersca | 49 ++++++++++++++++ + jdk/make/data/cacerts/camerfirmachamberscommerceca | 35 ++++++++++++ + jdk/make/data/cacerts/camerfirmachambersignca | 48 ++++++++++++++++ + jdk/make/data/cacerts/certumca | 26 +++++++++ + jdk/make/data/cacerts/certumtrustednetworkca | 29 ++++++++++ + jdk/make/data/cacerts/chunghwaepkirootca | 40 +++++++++++++ + jdk/make/data/cacerts/comodoaaaca | 32 +++++++++++ + jdk/make/data/cacerts/comodoeccca | 23 ++++++++ + jdk/make/data/cacerts/comodorsaca | 41 ++++++++++++++ + jdk/make/data/cacerts/digicertassuredidg2 | 29 ++++++++++ + jdk/make/data/cacerts/digicertassuredidg3 | 22 ++++++++ + jdk/make/data/cacerts/digicertassuredidrootca | 29 ++++++++++ + jdk/make/data/cacerts/digicertglobalrootca | 29 ++++++++++ + jdk/make/data/cacerts/digicertglobalrootg2 | 29 ++++++++++ + jdk/make/data/cacerts/digicertglobalrootg3 | 22 ++++++++ + .../data/cacerts/digicerthighassuranceevrootca | 30 ++++++++++ + jdk/make/data/cacerts/digicerttrustedrootg4 | 39 +++++++++++++ + jdk/make/data/cacerts/dtrustclass3ca2 | 32 +++++++++++ + jdk/make/data/cacerts/dtrustclass3ca2ev | 32 +++++++++++ + jdk/make/data/cacerts/entrust2048ca | 32 +++++++++++ + jdk/make/data/cacerts/entrustevca | 34 +++++++++++ + jdk/make/data/cacerts/entrustrootcaec1 | 25 +++++++++ + jdk/make/data/cacerts/entrustrootcag2 | 32 +++++++++++ + jdk/make/data/cacerts/geotrustglobalca | 27 +++++++++ + jdk/make/data/cacerts/geotrustprimaryca | 28 ++++++++++ + jdk/make/data/cacerts/geotrustprimarycag2 | 24 ++++++++ + jdk/make/data/cacerts/geotrustprimarycag3 | 31 +++++++++++ + jdk/make/data/cacerts/geotrustuniversalca | 38 +++++++++++++ + jdk/make/data/cacerts/globalsignca | 28 ++++++++++ + jdk/make/data/cacerts/globalsigneccrootcar4 | 20 +++++++ + jdk/make/data/cacerts/globalsigneccrootcar5 | 21 +++++++ + jdk/make/data/cacerts/globalsignr2ca | 29 ++++++++++ + jdk/make/data/cacerts/globalsignr3ca | 28 ++++++++++ + jdk/make/data/cacerts/globalsignrootcar6 | 39 +++++++++++++ + jdk/make/data/cacerts/godaddyclass2ca | 31 +++++++++++ + jdk/make/data/cacerts/godaddyrootg2ca | 30 ++++++++++ + jdk/make/data/cacerts/identrustcommercial | 38 +++++++++++++ + jdk/make/data/cacerts/identrustdstx3 | 27 +++++++++ + jdk/make/data/cacerts/identrustpublicca | 38 +++++++++++++ + jdk/make/data/cacerts/keynectisrootca | 30 ++++++++++ + jdk/make/data/cacerts/letsencryptisrgx1 | 38 +++++++++++++ + jdk/make/data/cacerts/luxtrustglobalroot2ca | 40 +++++++++++++ + jdk/make/data/cacerts/luxtrustglobalrootca | 28 ++++++++++ + jdk/make/data/cacerts/quovadisrootca | 41 ++++++++++++++ + jdk/make/data/cacerts/quovadisrootca1g3 | 38 +++++++++++++ + jdk/make/data/cacerts/quovadisrootca2 | 40 +++++++++++++ + jdk/make/data/cacerts/quovadisrootca2g3 | 38 +++++++++++++ + jdk/make/data/cacerts/quovadisrootca3 | 45 +++++++++++++++ + jdk/make/data/cacerts/quovadisrootca3g3 | 38 +++++++++++++ + jdk/make/data/cacerts/secomscrootca1 | 27 +++++++++ + jdk/make/data/cacerts/secomscrootca2 | 28 ++++++++++ + jdk/make/data/cacerts/securetrustca | 29 ++++++++++ + jdk/make/data/cacerts/soneraclass2ca | 26 +++++++++ + jdk/make/data/cacerts/starfieldclass2ca | 31 +++++++++++ + jdk/make/data/cacerts/starfieldrootg2ca | 30 ++++++++++ + jdk/make/data/cacerts/starfieldservicesrootg2ca | 31 +++++++++++ + jdk/make/data/cacerts/swisssigngoldg2ca | 40 +++++++++++++ + jdk/make/data/cacerts/swisssignplatinumg2ca | 40 +++++++++++++ + jdk/make/data/cacerts/swisssignsilverg2ca | 40 +++++++++++++ + jdk/make/data/cacerts/teliasonerarootcav1 | 37 ++++++++++++ + jdk/make/data/cacerts/thawteprimaryrootca | 32 +++++++++++ + jdk/make/data/cacerts/thawteprimaryrootcag2 | 23 ++++++++ + jdk/make/data/cacerts/thawteprimaryrootcag3 | 32 +++++++++++ + jdk/make/data/cacerts/ttelesecglobalrootclass2ca | 30 ++++++++++ + jdk/make/data/cacerts/ttelesecglobalrootclass3ca | 30 ++++++++++ + jdk/make/data/cacerts/usertrusteccca | 23 ++++++++ + jdk/make/data/cacerts/usertrustrsaca | 41 ++++++++++++++ + jdk/make/data/cacerts/verisignclass3g3ca | 31 +++++++++++ + jdk/make/data/cacerts/verisignclass3g4ca | 28 ++++++++++ + jdk/make/data/cacerts/verisignclass3g5ca | 35 ++++++++++++ + jdk/make/data/cacerts/verisignuniversalrootca | 35 ++++++++++++ + jdk/make/data/cacerts/xrampglobalca | 32 +++++++++++ + .../tools/generatecacerts/GenerateCacerts.java | 62 +++++++++++++++++++++ + 95 files changed, 2875 insertions(+), 8 deletions(-) + create mode 100644 jdk/make/data/cacerts/README + create mode 100644 jdk/make/data/cacerts/actalisauthenticationrootca + create mode 100644 jdk/make/data/cacerts/addtrustclass1ca + create mode 100644 jdk/make/data/cacerts/addtrustexternalca + create mode 100644 jdk/make/data/cacerts/addtrustqualifiedca + create mode 100644 jdk/make/data/cacerts/affirmtrustcommercialca + create mode 100644 jdk/make/data/cacerts/affirmtrustnetworkingca + create mode 100644 jdk/make/data/cacerts/affirmtrustpremiumca + create mode 100644 jdk/make/data/cacerts/affirmtrustpremiumeccca + create mode 100644 jdk/make/data/cacerts/amazonrootca1 + create mode 100644 jdk/make/data/cacerts/amazonrootca2 + create mode 100644 jdk/make/data/cacerts/amazonrootca3 + create mode 100644 jdk/make/data/cacerts/amazonrootca4 + create mode 100644 jdk/make/data/cacerts/baltimorecybertrustca + create mode 100644 jdk/make/data/cacerts/buypassclass2ca + create mode 100644 jdk/make/data/cacerts/buypassclass3ca + create mode 100644 jdk/make/data/cacerts/camerfirmachambersca + create mode 100644 jdk/make/data/cacerts/camerfirmachamberscommerceca + create mode 100644 jdk/make/data/cacerts/camerfirmachambersignca + create mode 100644 jdk/make/data/cacerts/certumca + create mode 100644 jdk/make/data/cacerts/certumtrustednetworkca + create mode 100644 jdk/make/data/cacerts/chunghwaepkirootca + create mode 100644 jdk/make/data/cacerts/comodoaaaca + create mode 100644 jdk/make/data/cacerts/comodoeccca + create mode 100644 jdk/make/data/cacerts/comodorsaca + create mode 100644 jdk/make/data/cacerts/digicertassuredidg2 + create mode 100644 jdk/make/data/cacerts/digicertassuredidg3 + create mode 100644 jdk/make/data/cacerts/digicertassuredidrootca + create mode 100644 jdk/make/data/cacerts/digicertglobalrootca + create mode 100644 jdk/make/data/cacerts/digicertglobalrootg2 + create mode 100644 jdk/make/data/cacerts/digicertglobalrootg3 + create mode 100644 jdk/make/data/cacerts/digicerthighassuranceevrootca + create mode 100644 jdk/make/data/cacerts/digicerttrustedrootg4 + create mode 100644 jdk/make/data/cacerts/dtrustclass3ca2 + create mode 100644 jdk/make/data/cacerts/dtrustclass3ca2ev + create mode 100644 jdk/make/data/cacerts/entrust2048ca + create mode 100644 jdk/make/data/cacerts/entrustevca + create mode 100644 jdk/make/data/cacerts/entrustrootcaec1 + create mode 100644 jdk/make/data/cacerts/entrustrootcag2 + create mode 100644 jdk/make/data/cacerts/geotrustglobalca + create mode 100644 jdk/make/data/cacerts/geotrustprimaryca + create mode 100644 jdk/make/data/cacerts/geotrustprimarycag2 + create mode 100644 jdk/make/data/cacerts/geotrustprimarycag3 + create mode 100644 jdk/make/data/cacerts/geotrustuniversalca + create mode 100644 jdk/make/data/cacerts/globalsignca + create mode 100644 jdk/make/data/cacerts/globalsigneccrootcar4 + create mode 100644 jdk/make/data/cacerts/globalsigneccrootcar5 + create mode 100644 jdk/make/data/cacerts/globalsignr2ca + create mode 100644 jdk/make/data/cacerts/globalsignr3ca + create mode 100644 jdk/make/data/cacerts/globalsignrootcar6 + create mode 100644 jdk/make/data/cacerts/godaddyclass2ca + create mode 100644 jdk/make/data/cacerts/godaddyrootg2ca + create mode 100644 jdk/make/data/cacerts/identrustcommercial + create mode 100644 jdk/make/data/cacerts/identrustdstx3 + create mode 100644 jdk/make/data/cacerts/identrustpublicca + create mode 100644 jdk/make/data/cacerts/keynectisrootca + create mode 100644 jdk/make/data/cacerts/letsencryptisrgx1 + create mode 100644 jdk/make/data/cacerts/luxtrustglobalroot2ca + create mode 100644 jdk/make/data/cacerts/luxtrustglobalrootca + create mode 100644 jdk/make/data/cacerts/quovadisrootca + create mode 100644 jdk/make/data/cacerts/quovadisrootca1g3 + create mode 100644 jdk/make/data/cacerts/quovadisrootca2 + create mode 100644 jdk/make/data/cacerts/quovadisrootca2g3 + create mode 100644 jdk/make/data/cacerts/quovadisrootca3 + create mode 100644 jdk/make/data/cacerts/quovadisrootca3g3 + create mode 100644 jdk/make/data/cacerts/secomscrootca1 + create mode 100644 jdk/make/data/cacerts/secomscrootca2 + create mode 100644 jdk/make/data/cacerts/securetrustca + create mode 100644 jdk/make/data/cacerts/soneraclass2ca + create mode 100644 jdk/make/data/cacerts/starfieldclass2ca + create mode 100644 jdk/make/data/cacerts/starfieldrootg2ca + create mode 100644 jdk/make/data/cacerts/starfieldservicesrootg2ca + create mode 100644 jdk/make/data/cacerts/swisssigngoldg2ca + create mode 100644 jdk/make/data/cacerts/swisssignplatinumg2ca + create mode 100644 jdk/make/data/cacerts/swisssignsilverg2ca + create mode 100644 jdk/make/data/cacerts/teliasonerarootcav1 + create mode 100644 jdk/make/data/cacerts/thawteprimaryrootca + create mode 100644 jdk/make/data/cacerts/thawteprimaryrootcag2 + create mode 100644 jdk/make/data/cacerts/thawteprimaryrootcag3 + create mode 100644 jdk/make/data/cacerts/ttelesecglobalrootclass2ca + create mode 100644 jdk/make/data/cacerts/ttelesecglobalrootclass3ca + create mode 100644 jdk/make/data/cacerts/usertrusteccca + create mode 100644 jdk/make/data/cacerts/usertrustrsaca + create mode 100644 jdk/make/data/cacerts/verisignclass3g3ca + create mode 100644 jdk/make/data/cacerts/verisignclass3g4ca + create mode 100644 jdk/make/data/cacerts/verisignclass3g5ca + create mode 100644 jdk/make/data/cacerts/verisignuniversalrootca + create mode 100644 jdk/make/data/cacerts/xrampglobalca + create mode 100644 jdk/make/src/classes/build/tools/generatecacerts/GenerateCacerts.java + +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 2e458ff0f1..0a4a315216 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -19776,8 +19776,6 @@ fi + + if test "x$with_cacerts_file" != x; then + CACERTS_FILE=$with_cacerts_file +- else +- CACERTS_FILE=${SRC_ROOT}/jdk/src/share/lib/security/cacerts + fi + + +diff --git a/common/autoconf/jdk-options.m4 b/common/autoconf/jdk-options.m4 +index e7657a14fe..08ee50d062 100644 +--- a/common/autoconf/jdk-options.m4 ++++ b/common/autoconf/jdk-options.m4 +@@ -386,8 +386,6 @@ AC_DEFUN_ONCE([JDKOPT_SETUP_JDK_OPTIONS], + [specify alternative cacerts file])]) + if test "x$with_cacerts_file" != x; then + CACERTS_FILE=$with_cacerts_file +- else +- CACERTS_FILE=${SRC_ROOT}/jdk/src/share/lib/security/cacerts + fi + AC_SUBST(CACERTS_FILE) + +diff --git a/jdk/make/CopyFiles.gmk b/jdk/make/CopyFiles.gmk +index 2be08dcdc4..41afa33113 100644 +--- a/jdk/make/CopyFiles.gmk ++++ b/jdk/make/CopyFiles.gmk +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -407,13 +407,17 @@ COPY_FILES += $(POLICY_DST) + + ########################################################################################## + ++# CACERTS_FILE is optionally set in configure to override the default cacerts ++# which is otherwise generated in GenerateData.gmk + CACERTS_SRC := $(CACERTS_FILE) + CACERTS_DST := $(JDK_OUTPUTDIR)/lib/security/cacerts + + $(CACERTS_DST): $(CACERTS_SRC) + $(call install-file) + +-COPY_FILES += $(CACERTS_DST) ++ifneq ($(CACERTS_FILE), ) ++ COPY_FILES += $(CACERTS_DST) ++endif + + ########################################################################################## + +diff --git a/jdk/make/GenerateData.gmk b/jdk/make/GenerateData.gmk +index 1dc18b3ee2..034acfd49e 100644 +--- a/jdk/make/GenerateData.gmk ++++ b/jdk/make/GenerateData.gmk +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -52,6 +52,20 @@ GENDATA += $(GENDATA_HTML32DTD) + + ########################################################################################## + ++GENDATA_CACERTS_SRC := $(JDK_TOPDIR)/make/data/cacerts/ ++GENDATA_CACERTS := $(JDK_OUTPUTDIR)/lib/security/cacerts ++ ++$(GENDATA_CACERTS): $(BUILD_TOOLS) $(wildcard $(GENDATA_CACERTS_SRC)/*) ++ $(ECHO) $(LOG_INFO) "Generating cacerts" ++ $(MKDIR) -p $(@D) ++ $(TOOL_GENERATECACERTS) $(GENDATA_CACERTS_SRC) $@ ++ ++ifeq ($(CACERTS_FILE), ) ++ GENDATA += $(GENDATA_CACERTS) ++endif ++ ++################################################################################ ++ + GENDATA_UNINAME := $(JDK_OUTPUTDIR)/classes/java/lang/uniName.dat + + $(GENDATA_UNINAME): $(JDK_TOPDIR)/make/data/unicodedata/UnicodeData.txt $(BUILD_TOOLS) +diff --git a/jdk/make/Tools.gmk b/jdk/make/Tools.gmk +index b03419a03f..8a9f127bba 100644 +--- a/jdk/make/Tools.gmk ++++ b/jdk/make/Tools.gmk +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 2011, 2020, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -96,6 +96,9 @@ TOOL_HASHER = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ + TOOL_TZDB = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ + build.tools.tzdb.TzdbZoneRulesCompiler + ++TOOL_GENERATECACERTS = $(JAVA_SMALL) -cp $(JDK_OUTPUTDIR)/btclasses \ ++ build.tools.generatecacerts.GenerateCacerts ++ + + # TODO: There are references to the jdwpgen.jar in jdk/make/netbeans/jdwpgen/build.xml + # and nbproject/project.properties in the same dir. Needs to be looked at. +diff --git a/jdk/make/data/cacerts/README b/jdk/make/data/cacerts/README +new file mode 100644 +index 0000000000..25d2d77900 +--- /dev/null ++++ b/jdk/make/data/cacerts/README +@@ -0,0 +1,10 @@ ++Each file in this directory (except for this README) contains a CA certificate in PEM format. It can be generated with ++ ++keytool -J-Duser.timezone=GMT -printcert -file ca.cert | sed -n '1,4p;8,10p' ++keytool -printcert -file ca.cert -rfc ++ ++Please note the textual part before the "-----BEGIN CERTIFICATE-----" line is just a suggestion and not arbitrary. ++ ++After any change in this directory, please remember to update the content of `test/jdk/sun/security/lib/cacerts/VerifyCACerts.java` as well. ++ ++All changes to this directory need to be approved by the Security group. +diff --git a/jdk/make/data/cacerts/actalisauthenticationrootca b/jdk/make/data/cacerts/actalisauthenticationrootca +new file mode 100644 +index 0000000000..9c1d9a939e +--- /dev/null ++++ b/jdk/make/data/cacerts/actalisauthenticationrootca +@@ -0,0 +1,40 @@ ++Owner: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT ++Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT ++Serial number: 570a119742c4e3cc ++Valid from: Thu Sep 22 11:22:02 GMT 2011 until: Sun Sep 22 11:22:02 GMT 2030 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE ++BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w ++MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 ++IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC ++SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 ++ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB ++MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv ++UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX ++4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 ++KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ ++gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb ++rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ ++51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F ++be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe ++KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F ++v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn ++fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 ++jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz ++ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt ++ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL ++e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 ++jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz ++WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V ++SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j ++pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX ++X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok ++fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R ++K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU ++ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU ++LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT ++LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/addtrustclass1ca b/jdk/make/data/cacerts/addtrustclass1ca +new file mode 100644 +index 0000000000..f96e625cc2 +--- /dev/null ++++ b/jdk/make/data/cacerts/addtrustclass1ca +@@ -0,0 +1,31 @@ ++Owner: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ++Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ++Serial number: 1 ++Valid from: Tue May 30 10:38:31 GMT 2000 until: Sat May 30 10:38:31 GMT 2020 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU ++MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 ++b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw ++MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML ++QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD ++VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA ++A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul ++CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n ++tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl ++dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch ++PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC +++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O ++BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E ++BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl ++MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk ++ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB ++IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X ++7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz ++43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY ++eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl ++pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA ++WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/addtrustexternalca b/jdk/make/data/cacerts/addtrustexternalca +new file mode 100644 +index 0000000000..ad84cad962 +--- /dev/null ++++ b/jdk/make/data/cacerts/addtrustexternalca +@@ -0,0 +1,32 @@ ++Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE ++Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE ++Serial number: 1 ++Valid from: Tue May 30 10:48:38 GMT 2000 until: Sat May 30 10:48:38 GMT 2020 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU ++MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs ++IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 ++MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux ++FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h ++bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v ++dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt ++H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 ++uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX ++mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX ++a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN ++E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 ++WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD ++VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 ++Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU ++cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx ++IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN ++AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH ++YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 ++6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC ++Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX ++c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a ++mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/addtrustqualifiedca b/jdk/make/data/cacerts/addtrustqualifiedca +new file mode 100644 +index 0000000000..0c62d44c76 +--- /dev/null ++++ b/jdk/make/data/cacerts/addtrustqualifiedca +@@ -0,0 +1,32 @@ ++Owner: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ++Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ++Serial number: 1 ++Valid from: Tue May 30 10:44:50 GMT 2000 until: Sat May 30 10:44:50 GMT 2020 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU ++MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 ++b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 ++MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK ++EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh ++BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B ++AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq ++xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G ++87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i ++2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U ++WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 ++0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G ++A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T ++AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr ++pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL ++ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm ++aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv ++hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm ++hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X ++dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 ++P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y ++iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no ++xqE= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/affirmtrustcommercialca b/jdk/make/data/cacerts/affirmtrustcommercialca +new file mode 100644 +index 0000000000..5caddfd3a0 +--- /dev/null ++++ b/jdk/make/data/cacerts/affirmtrustcommercialca +@@ -0,0 +1,27 @@ ++Owner: CN=AffirmTrust Commercial, O=AffirmTrust, C=US ++Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US ++Serial number: 7777062726a9b17c ++Valid from: Fri Jan 29 14:06:06 GMT 2010 until: Tue Dec 31 14:06:06 GMT 2030 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE ++BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz ++dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL ++MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp ++cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC ++AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP ++Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ++ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL ++MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 ++yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr ++VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ ++nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ ++KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG ++XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj ++vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt ++Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g ++N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC ++nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/affirmtrustnetworkingca b/jdk/make/data/cacerts/affirmtrustnetworkingca +new file mode 100644 +index 0000000000..c773326d4b +--- /dev/null ++++ b/jdk/make/data/cacerts/affirmtrustnetworkingca +@@ -0,0 +1,27 @@ ++Owner: CN=AffirmTrust Networking, O=AffirmTrust, C=US ++Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US ++Serial number: 7c4f04391cd4992d ++Valid from: Fri Jan 29 14:08:24 GMT 2010 until: Tue Dec 31 14:08:24 GMT 2030 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE ++BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz ++dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL ++MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp ++cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC ++AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y ++YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua ++kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL ++QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp ++6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG ++yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i ++QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ ++KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO ++tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu ++QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ ++Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u ++olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 ++x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/affirmtrustpremiumca b/jdk/make/data/cacerts/affirmtrustpremiumca +new file mode 100644 +index 0000000000..275b495a25 +--- /dev/null ++++ b/jdk/make/data/cacerts/affirmtrustpremiumca +@@ -0,0 +1,38 @@ ++Owner: CN=AffirmTrust Premium, O=AffirmTrust, C=US ++Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US ++Serial number: 6d8c1446b1a60aee ++Valid from: Fri Jan 29 14:10:36 GMT 2010 until: Mon Dec 31 14:10:36 GMT 2040 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE ++BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz ++dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG ++A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U ++cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf ++qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ ++JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ +++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS ++s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 ++HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 ++70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG ++V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S ++qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S ++5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia ++C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX ++OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE ++FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ ++BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 ++KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg ++Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B ++8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ ++MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc ++0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ ++u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF ++u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH ++YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 ++GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO ++RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e ++KeC2uAloGRwYQw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/affirmtrustpremiumeccca b/jdk/make/data/cacerts/affirmtrustpremiumeccca +new file mode 100644 +index 0000000000..d0fcc1e779 +--- /dev/null ++++ b/jdk/make/data/cacerts/affirmtrustpremiumeccca +@@ -0,0 +1,20 @@ ++Owner: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US ++Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US ++Serial number: 7497258ac73f7a54 ++Valid from: Fri Jan 29 14:20:24 GMT 2010 until: Mon Dec 31 14:20:24 GMT 2040 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC ++VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ ++cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ ++BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt ++VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D ++0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ++ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G ++A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G ++A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs ++aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I ++flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/amazonrootca1 b/jdk/make/data/cacerts/amazonrootca1 +new file mode 100644 +index 0000000000..9431a65c93 +--- /dev/null ++++ b/jdk/make/data/cacerts/amazonrootca1 +@@ -0,0 +1,27 @@ ++Owner: CN=Amazon Root CA 1, O=Amazon, C=US ++Issuer: CN=Amazon Root CA 1, O=Amazon, C=US ++Serial number: 66c9fcf99bf8c0a39e2f0788a43e696365bca ++Valid from: Tue May 26 00:00:00 GMT 2015 until: Sun Jan 17 00:00:00 GMT 2038 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF ++ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 ++b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL ++MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv ++b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj ++ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM ++9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw ++IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 ++VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L ++93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm ++jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC ++AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA ++A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI ++U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs ++N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv ++o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU ++5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy ++rqXRfboQnoZsG4q5WTP468SQvvG5 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/amazonrootca2 b/jdk/make/data/cacerts/amazonrootca2 +new file mode 100644 +index 0000000000..95e6f3270a +--- /dev/null ++++ b/jdk/make/data/cacerts/amazonrootca2 +@@ -0,0 +1,38 @@ ++Owner: CN=Amazon Root CA 2, O=Amazon, C=US ++Issuer: CN=Amazon Root CA 2, O=Amazon, C=US ++Serial number: 66c9fd29635869f0a0fe58678f85b26bb8a37 ++Valid from: Tue May 26 00:00:00 GMT 2015 until: Sat May 26 00:00:00 GMT 2040 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF ++ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 ++b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL ++MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv ++b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK ++gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ ++W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg ++1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K ++8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r ++2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me ++z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR ++8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj ++mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz ++7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 +++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI ++0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB ++Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm ++UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 ++LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY +++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS ++k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl ++7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm ++btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl ++urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ ++fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 ++n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE ++76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H ++9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT ++4PsJYGw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/amazonrootca3 b/jdk/make/data/cacerts/amazonrootca3 +new file mode 100644 +index 0000000000..96a5c6313e +--- /dev/null ++++ b/jdk/make/data/cacerts/amazonrootca3 +@@ -0,0 +1,19 @@ ++Owner: CN=Amazon Root CA 3, O=Amazon, C=US ++Issuer: CN=Amazon Root CA 3, O=Amazon, C=US ++Serial number: 66c9fd5749736663f3b0b9ad9e89e7603f24a ++Valid from: Tue May 26 00:00:00 GMT 2015 until: Sat May 26 00:00:00 GMT 2040 ++Signature algorithm name: SHA256withECDSA ++Subject Public Key Algorithm: 256-bit EC key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 ++MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g ++Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG ++A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg ++Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl ++ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j ++QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr ++ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr ++BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM ++YyRIHN8wfdVoOw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/amazonrootca4 b/jdk/make/data/cacerts/amazonrootca4 +new file mode 100644 +index 0000000000..9a59ca2494 +--- /dev/null ++++ b/jdk/make/data/cacerts/amazonrootca4 +@@ -0,0 +1,20 @@ ++Owner: CN=Amazon Root CA 4, O=Amazon, C=US ++Issuer: CN=Amazon Root CA 4, O=Amazon, C=US ++Serial number: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e ++Valid from: Tue May 26 00:00:00 GMT 2015 until: Sat May 26 00:00:00 GMT 2040 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 ++MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g ++Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG ++A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg ++Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi ++9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk ++M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB ++/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB ++MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw ++CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW ++1KyLa2tJElMzrdfkviT8tQp21KW8EA== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/baltimorecybertrustca b/jdk/make/data/cacerts/baltimorecybertrustca +new file mode 100644 +index 0000000000..b3cf6547c1 +--- /dev/null ++++ b/jdk/make/data/cacerts/baltimorecybertrustca +@@ -0,0 +1,28 @@ ++Owner: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE ++Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE ++Serial number: 20000b9 ++Valid from: Fri May 12 18:46:00 GMT 2000 until: Mon May 12 23:59:00 GMT 2025 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ ++RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD ++VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX ++DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ++ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy ++VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr ++mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr ++IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK ++mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu ++XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy ++dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye ++jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 ++BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 ++DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 ++9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx ++jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 ++Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ++ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS ++R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/buypassclass2ca b/jdk/make/data/cacerts/buypassclass2ca +new file mode 100644 +index 0000000000..a2e9b2fd01 +--- /dev/null ++++ b/jdk/make/data/cacerts/buypassclass2ca +@@ -0,0 +1,38 @@ ++Owner: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO ++Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO ++Serial number: 2 ++Valid from: Tue Oct 26 08:38:03 GMT 2010 until: Fri Oct 26 08:38:03 GMT 2040 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd ++MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg ++Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow ++TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw ++HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB ++BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr ++6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV ++L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 ++1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx ++MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ ++QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB ++arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr ++Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi ++FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS ++P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN ++9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP ++AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz ++uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h ++9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s ++A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t ++OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo +++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 ++KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 ++DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us ++H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ ++I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 ++5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h ++3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz ++Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/buypassclass3ca b/jdk/make/data/cacerts/buypassclass3ca +new file mode 100644 +index 0000000000..f74c6c2498 +--- /dev/null ++++ b/jdk/make/data/cacerts/buypassclass3ca +@@ -0,0 +1,38 @@ ++Owner: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO ++Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO ++Serial number: 2 ++Valid from: Tue Oct 26 08:28:58 GMT 2010 until: Fri Oct 26 08:28:58 GMT 2040 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd ++MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg ++Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow ++TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw ++HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB ++BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y ++ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E ++N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 ++tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX ++0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c ++/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X ++KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY ++zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS ++O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D ++34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP ++K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 ++AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv ++Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj ++QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV ++cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS ++IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 ++HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa ++O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv ++033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u ++dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE ++kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 ++3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD ++u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq ++4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/camerfirmachambersca b/jdk/make/data/cacerts/camerfirmachambersca +new file mode 100644 +index 0000000000..70d793e25a +--- /dev/null ++++ b/jdk/make/data/cacerts/camerfirmachambersca +@@ -0,0 +1,49 @@ ++Owner: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU ++Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU ++Serial number: a3da427ea4b1aeda ++Valid from: Fri Aug 01 12:29:50 GMT 2008 until: Sat Jul 31 12:29:50 GMT 2038 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD ++VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 ++IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 ++MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz ++IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz ++MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj ++dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw ++EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp ++MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G ++CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 ++28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq ++VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q ++DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR ++5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL ++ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a ++Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl ++UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s +++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 ++Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj ++ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx ++hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV ++HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 +++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN ++YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t ++L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy ++ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt ++IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV ++HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w ++DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW ++PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF ++5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 ++glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH ++FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 ++pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD ++xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG ++tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq ++jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De ++fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg ++OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ ++d0jQ ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/camerfirmachamberscommerceca b/jdk/make/data/cacerts/camerfirmachamberscommerceca +new file mode 100644 +index 0000000000..b92255f770 +--- /dev/null ++++ b/jdk/make/data/cacerts/camerfirmachamberscommerceca +@@ -0,0 +1,35 @@ ++Owner: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU ++Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU ++Serial number: 0 ++Valid from: Tue Sep 30 16:13:43 GMT 2003 until: Wed Sep 30 16:13:44 GMT 2037 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn ++MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ++ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg ++b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa ++MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB ++ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw ++IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B ++AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb ++unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d ++BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq ++7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 ++0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX ++roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG ++A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j ++aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p ++26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA ++BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud ++EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN ++BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz ++aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB ++AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd ++p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi ++1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc ++XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 ++eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu ++tGWaIZDgqtCYvDi1czyL+Nw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/camerfirmachambersignca b/jdk/make/data/cacerts/camerfirmachambersignca +new file mode 100644 +index 0000000000..935eea9c21 +--- /dev/null ++++ b/jdk/make/data/cacerts/camerfirmachambersignca +@@ -0,0 +1,48 @@ ++Owner: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU ++Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU ++Serial number: c9cdd3e9d57d23ce ++Valid from: Fri Aug 01 12:31:40 GMT 2008 until: Sat Jul 31 12:31:40 GMT 2038 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD ++VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 ++IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 ++MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD ++aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx ++MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy ++cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG ++A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl ++BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI ++hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed ++KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 ++G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 ++zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 ++ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG ++HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 ++Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V ++yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e ++beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r ++6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh ++wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog ++zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW ++BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr ++ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp ++ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk ++cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt ++YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC ++CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow ++KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI ++hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ ++UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz ++X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x ++fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz ++a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd ++Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd ++SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O ++AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso ++M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge ++v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z ++09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/certumca b/jdk/make/data/cacerts/certumca +new file mode 100644 +index 0000000000..4149653397 +--- /dev/null ++++ b/jdk/make/data/cacerts/certumca +@@ -0,0 +1,26 @@ ++Owner: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL ++Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL ++Serial number: 10020 ++Valid from: Tue Jun 11 10:46:39 GMT 2002 until: Fri Jun 11 10:46:39 GMT 2027 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM ++MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD ++QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM ++MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD ++QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E ++jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo ++ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI ++ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu ++Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg ++AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 ++HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA ++uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa ++TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg ++xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q ++CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x ++O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs ++6GAqm4VKQPNriiTsBhYscw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/certumtrustednetworkca b/jdk/make/data/cacerts/certumtrustednetworkca +new file mode 100644 +index 0000000000..db35af834b +--- /dev/null ++++ b/jdk/make/data/cacerts/certumtrustednetworkca +@@ -0,0 +1,29 @@ ++Owner: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL ++Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL ++Serial number: 444c0 ++Valid from: Wed Oct 22 12:07:37 GMT 2008 until: Mon Dec 31 12:07:37 GMT 2029 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM ++MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ++ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU ++cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 ++WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg ++Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw ++IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B ++AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH ++UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM ++TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU ++BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM ++kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x ++AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV ++HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV ++HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y ++sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL ++I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 ++J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY ++VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI ++03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/chunghwaepkirootca b/jdk/make/data/cacerts/chunghwaepkirootca +new file mode 100644 +index 0000000000..a755a44f30 +--- /dev/null ++++ b/jdk/make/data/cacerts/chunghwaepkirootca +@@ -0,0 +1,40 @@ ++Owner: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW ++Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW ++Serial number: 15c8bd65475cafb897005ee406d2bc9d ++Valid from: Mon Dec 20 02:31:27 GMT 2004 until: Wed Dec 20 02:31:27 GMT 2034 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe ++MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ++ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe ++Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw ++IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL ++SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF ++AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH ++SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh ++ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X ++DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 ++TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ ++fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA ++sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU ++WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS ++nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH ++dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip ++NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC ++AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF ++MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH ++ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB ++uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl ++PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP ++JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ ++gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 ++j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 ++5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB ++o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS ++/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z ++Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE ++W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D ++hNQ+IIX3Sj0rnP0qCglN6oH4EZw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/comodoaaaca b/jdk/make/data/cacerts/comodoaaaca +new file mode 100644 +index 0000000000..76fc7fcf5f +--- /dev/null ++++ b/jdk/make/data/cacerts/comodoaaaca +@@ -0,0 +1,32 @@ ++Owner: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Serial number: 1 ++Valid from: Thu Jan 01 00:00:00 GMT 2004 until: Sun Dec 31 23:59:59 GMT 2028 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb ++MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow ++GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj ++YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL ++MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE ++BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM ++GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP ++ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua ++BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe ++3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 ++YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR ++rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm ++ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU ++oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF ++MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v ++QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t ++b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF ++AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q ++GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz ++Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 ++G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi ++l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 ++smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/comodoeccca b/jdk/make/data/cacerts/comodoeccca +new file mode 100644 +index 0000000000..19f9f0b7ec +--- /dev/null ++++ b/jdk/make/data/cacerts/comodoeccca +@@ -0,0 +1,23 @@ ++Owner: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Serial number: 1f47afaa62007050544c019e9b63992a ++Valid from: Thu Mar 06 00:00:00 GMT 2008 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL ++MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE ++BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT ++IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw ++MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ++ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N ++T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv ++biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR ++FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J ++cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW ++BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ ++BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm ++fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv ++GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/comodorsaca b/jdk/make/data/cacerts/comodorsaca +new file mode 100644 +index 0000000000..f396f6d27d +--- /dev/null ++++ b/jdk/make/data/cacerts/comodorsaca +@@ -0,0 +1,41 @@ ++Owner: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB ++Serial number: 4caaf9cadb636fe01ff74ed85b03869d ++Valid from: Tue Jan 19 00:00:00 GMT 2010 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB ++hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G ++A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV ++BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 ++MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT ++EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR ++Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh ++dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR ++6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X ++pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC ++9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV ++/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf ++Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z +++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w ++qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah ++SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC ++u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf ++Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq ++crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E ++FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB ++/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl ++wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM ++4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV ++2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna ++FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ ++CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK ++boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke ++jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL ++S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb ++QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl ++0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB ++NVOFBkpdn627G190 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertassuredidg2 b/jdk/make/data/cacerts/digicertassuredidg2 +new file mode 100644 +index 0000000000..8b53c2c49f +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertassuredidg2 +@@ -0,0 +1,29 @@ ++Owner: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: b931c3ad63967ea6723bfc3af9af44b ++Valid from: Thu Aug 01 12:00:00 GMT 2013 until: Fri Jan 15 12:00:00 GMT 2038 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv ++b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG ++EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl ++cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi ++MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA ++n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc ++biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp ++EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA ++bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu ++YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB ++AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW ++BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI ++QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I ++0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni ++lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 ++B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv ++ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo ++IhNzbM8m9Yop5w== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertassuredidg3 b/jdk/make/data/cacerts/digicertassuredidg3 +new file mode 100644 +index 0000000000..120e0a5fff +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertassuredidg3 +@@ -0,0 +1,22 @@ ++Owner: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: ba15afa1ddfa0b54944afcd24a06cec ++Valid from: Thu Aug 01 12:00:00 GMT 2013 until: Fri Jan 15 12:00:00 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw ++CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ++ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg ++RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV ++UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu ++Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq ++hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf ++Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q ++RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ ++BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD ++AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY ++JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv ++6pZjamVFkpUBtA== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertassuredidrootca b/jdk/make/data/cacerts/digicertassuredidrootca +new file mode 100644 +index 0000000000..41edfc5580 +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertassuredidrootca +@@ -0,0 +1,29 @@ ++Owner: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: ce7e0e517d846fe8fe560fc1bf03039 ++Valid from: Fri Nov 10 00:00:00 GMT 2006 until: Mon Nov 10 00:00:00 GMT 2031 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv ++b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG ++EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl ++cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi ++MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c ++JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP ++mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ ++wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 ++VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ ++AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB ++AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW ++BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun ++pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC ++dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf ++fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm ++NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx ++H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertglobalrootca b/jdk/make/data/cacerts/digicertglobalrootca +new file mode 100644 +index 0000000000..2838b8ead5 +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertglobalrootca +@@ -0,0 +1,29 @@ ++Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: 83be056904246b1a1756ac95991c74a ++Valid from: Fri Nov 10 00:00:00 GMT 2006 until: Mon Nov 10 00:00:00 GMT 2031 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD ++QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT ++MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j ++b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG ++9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB ++CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 ++nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt ++43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P ++T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 ++gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO ++BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR ++TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw ++DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr ++hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg ++06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF ++PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls ++YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk ++CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertglobalrootg2 b/jdk/make/data/cacerts/digicertglobalrootg2 +new file mode 100644 +index 0000000000..99bc121c03 +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertglobalrootg2 +@@ -0,0 +1,29 @@ ++Owner: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: 33af1e6a711a9a0bb2864b11d09fae5 ++Valid from: Thu Aug 01 12:00:00 GMT 2013 until: Fri Jan 15 12:00:00 GMT 2038 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH ++MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT ++MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j ++b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG ++9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI ++2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx ++1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ ++q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz ++tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ ++vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP ++BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV ++5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY ++1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 ++NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG ++Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 ++8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe ++pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl ++MrY= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicertglobalrootg3 b/jdk/make/data/cacerts/digicertglobalrootg3 +new file mode 100644 +index 0000000000..fbcfd3fc6e +--- /dev/null ++++ b/jdk/make/data/cacerts/digicertglobalrootg3 +@@ -0,0 +1,22 @@ ++Owner: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: 55556bcf25ea43535c3a40fd5ab4572 ++Valid from: Thu Aug 01 12:00:00 GMT 2013 until: Fri Jan 15 12:00:00 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw ++CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ++ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe ++Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw ++EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x ++IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF ++K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG ++fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO ++Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd ++BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx ++AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ ++oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 ++sycX ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicerthighassuranceevrootca b/jdk/make/data/cacerts/digicerthighassuranceevrootca +new file mode 100644 +index 0000000000..13e6d85a54 +--- /dev/null ++++ b/jdk/make/data/cacerts/digicerthighassuranceevrootca +@@ -0,0 +1,30 @@ ++Owner: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: 2ac5c266a0b409b8f0b79f2ae462577 ++Valid from: Fri Nov 10 00:00:00 GMT 2006 until: Mon Nov 10 00:00:00 GMT 2031 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ++ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL ++MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 ++LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug ++RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm +++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW ++PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM ++xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB ++Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 ++hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg ++EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF ++MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA ++FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec ++nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z ++eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF ++hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 ++Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe ++vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep +++OkuE6N36B9K ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/digicerttrustedrootg4 b/jdk/make/data/cacerts/digicerttrustedrootg4 +new file mode 100644 +index 0000000000..3079e552a1 +--- /dev/null ++++ b/jdk/make/data/cacerts/digicerttrustedrootg4 +@@ -0,0 +1,39 @@ ++Owner: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US ++Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US ++Serial number: 59b1b579e8e2132e23907bda777755c ++Valid from: Thu Aug 01 12:00:00 GMT 2013 until: Fri Jan 15 12:00:00 GMT 2038 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi ++MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ++d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg ++RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV ++UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu ++Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG ++SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y ++ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If ++xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV ++ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO ++DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ ++jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ ++CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi ++EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM ++fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY ++uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK ++chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t ++9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB ++hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD ++ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 ++SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd +++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc ++fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa ++sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N ++cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N ++0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie ++4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI ++r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 ++/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm ++gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/dtrustclass3ca2 b/jdk/make/data/cacerts/dtrustclass3ca2 +new file mode 100644 +index 0000000000..321c8fd002 +--- /dev/null ++++ b/jdk/make/data/cacerts/dtrustclass3ca2 +@@ -0,0 +1,32 @@ ++Owner: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE ++Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE ++Serial number: 983f3 ++Valid from: Thu Nov 05 08:35:58 GMT 2009 until: Mon Nov 05 08:35:58 GMT 2029 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF ++MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD ++bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha ++ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM ++HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 ++UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 ++tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R ++ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM ++lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp ++/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G ++A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G ++A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj ++dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy ++MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl ++cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js ++L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL ++BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni ++acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 ++o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K ++zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 ++PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y ++Johw1+qRzT65ysCQblrGXnRl11z+o+I= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/dtrustclass3ca2ev b/jdk/make/data/cacerts/dtrustclass3ca2ev +new file mode 100644 +index 0000000000..191a1882a3 +--- /dev/null ++++ b/jdk/make/data/cacerts/dtrustclass3ca2ev +@@ -0,0 +1,32 @@ ++Owner: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE ++Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE ++Serial number: 983f4 ++Valid from: Thu Nov 05 08:50:46 GMT 2009 until: Mon Nov 05 08:50:46 GMT 2029 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF ++MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD ++bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw ++NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV ++BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn ++ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 ++3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z ++qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR ++p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 ++HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw ++ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea ++HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw ++Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh ++c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E ++RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt ++dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku ++Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp ++3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 ++nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF ++CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na ++xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX ++KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/entrust2048ca b/jdk/make/data/cacerts/entrust2048ca +new file mode 100644 +index 0000000000..0dd198d340 +--- /dev/null ++++ b/jdk/make/data/cacerts/entrust2048ca +@@ -0,0 +1,32 @@ ++Owner: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net ++Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net ++Serial number: 3863def8 ++Valid from: Fri Dec 24 17:50:51 GMT 1999 until: Tue Jul 24 14:15:12 GMT 2029 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML ++RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp ++bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 ++IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ++ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 ++MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 ++LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp ++YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG ++A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq ++K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe ++sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX ++MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT ++XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ ++HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH ++4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV ++HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub ++j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo ++U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf ++zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b ++u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ ++bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er ++fF6adulZkMV8gzURZVE= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/entrustevca b/jdk/make/data/cacerts/entrustevca +new file mode 100644 +index 0000000000..6c2c50968b +--- /dev/null ++++ b/jdk/make/data/cacerts/entrustevca +@@ -0,0 +1,34 @@ ++Owner: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US ++Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US ++Serial number: 456b5054 ++Valid from: Mon Nov 27 20:23:42 GMT 2006 until: Fri Nov 27 20:53:42 GMT 2026 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC ++VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 ++Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW ++KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl ++cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw ++NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw ++NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy ++ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV ++BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ ++KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo ++Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 ++4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 ++KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI ++rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi ++94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB ++sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi ++gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo ++kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE ++vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA ++A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t ++O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua ++AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP ++9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ ++eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m ++0vdXcDazv/wor3ElhVsT/h5/WrQ8 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/entrustrootcaec1 b/jdk/make/data/cacerts/entrustrootcaec1 +new file mode 100644 +index 0000000000..58d29d53ed +--- /dev/null ++++ b/jdk/make/data/cacerts/entrustrootcaec1 +@@ -0,0 +1,25 @@ ++Owner: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ++Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ++Serial number: a68b79290000000050d091f9 ++Valid from: Tue Dec 18 15:25:36 GMT 2012 until: Fri Dec 18 15:55:36 GMT 2037 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG ++A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 ++d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu ++dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq ++RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy ++MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD ++VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 ++L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g ++Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD ++ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi ++A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt ++ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH ++Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O ++BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC ++R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX ++hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/entrustrootcag2 b/jdk/make/data/cacerts/entrustrootcag2 +new file mode 100644 +index 0000000000..48ac89267b +--- /dev/null ++++ b/jdk/make/data/cacerts/entrustrootcag2 +@@ -0,0 +1,32 @@ ++Owner: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ++Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US ++Serial number: 4a538c28 ++Valid from: Tue Jul 07 17:25:54 GMT 2009 until: Sat Dec 07 17:55:54 GMT 2030 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC ++VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 ++cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs ++IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz ++dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy ++NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu ++dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt ++dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 ++aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj ++YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK ++AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T ++RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN ++cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW ++wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 ++U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 ++jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP ++BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN ++BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ ++jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ ++Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v ++1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R ++nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH ++VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustglobalca b/jdk/make/data/cacerts/geotrustglobalca +new file mode 100644 +index 0000000000..7f8bf9a663 +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustglobalca +@@ -0,0 +1,27 @@ ++Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Serial number: 23456 ++Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT ++MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i ++YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG ++EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg ++R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 ++9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq ++fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv ++iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU ++1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ ++bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW ++MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ++ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l ++uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn ++Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS ++tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF ++PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un ++hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV ++5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustprimaryca b/jdk/make/data/cacerts/geotrustprimaryca +new file mode 100644 +index 0000000000..0f680ca16a +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustprimaryca +@@ -0,0 +1,28 @@ ++Owner: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US ++Serial number: 18acb56afd69b6153a636cafdafac4a1 ++Valid from: Mon Nov 27 00:00:00 GMT 2006 until: Wed Jul 16 23:59:59 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY ++MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo ++R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx ++MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK ++Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp ++ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC ++AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 ++AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA ++ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 ++7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W ++kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI ++mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G ++A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ ++KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 ++6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl ++4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K ++oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj ++UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU ++AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustprimarycag2 b/jdk/make/data/cacerts/geotrustprimarycag2 +new file mode 100644 +index 0000000000..0d1020aac8 +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustprimarycag2 +@@ -0,0 +1,24 @@ ++Owner: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US ++Serial number: 3cb2f4480a00e2feeb243b5e603ec36b ++Valid from: Mon Nov 05 00:00:00 GMT 2007 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL ++MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj ++KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 ++MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 ++eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV ++BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw ++NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV ++BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH ++MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL ++So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal ++tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO ++BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG ++CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT ++qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz ++rD6ogRLQy7rQkgu2npaqBA+K ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustprimarycag3 b/jdk/make/data/cacerts/geotrustprimarycag3 +new file mode 100644 +index 0000000000..1ccb56fb17 +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustprimarycag3 +@@ -0,0 +1,31 @@ ++Owner: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US ++Serial number: 15ac6e9419b2794b41f627a9c3180f1f ++Valid from: Wed Apr 02 00:00:00 GMT 2008 until: Tue Dec 01 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB ++mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT ++MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s ++eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv ++cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ ++BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg ++MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 ++BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg ++LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz +++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm ++hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn ++5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W ++JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL ++DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC ++huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw ++HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB ++AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB ++zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN ++kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD ++AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH ++SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G ++spki4cErx5z481+oghLrGREt ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustuniversalca b/jdk/make/data/cacerts/geotrustuniversalca +new file mode 100644 +index 0000000000..6e049bf707 +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustuniversalca +@@ -0,0 +1,38 @@ ++Owner: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US ++Serial number: 1 ++Valid from: Thu Mar 04 05:00:00 GMT 2004 until: Sun Mar 04 05:00:00 GMT 2029 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW ++MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy ++c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE ++BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 ++IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV ++VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 ++cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT ++QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh ++F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v ++c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w ++mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd ++VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX ++teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ ++f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe ++Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ ++nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB ++/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY ++MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG ++9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc ++aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX ++IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn ++ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z ++uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN ++Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja ++QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW ++koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 ++ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt ++DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm ++bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsignca b/jdk/make/data/cacerts/globalsignca +new file mode 100644 +index 0000000000..48a7dec957 +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsignca +@@ -0,0 +1,28 @@ ++Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE ++Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE ++Serial number: 40000000001154b5ac394 ++Valid from: Tue Sep 01 12:00:00 GMT 1998 until: Fri Jan 28 12:00:00 GMT 2028 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG ++A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv ++b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw ++MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i ++YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT ++aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ ++jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp ++xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp ++1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG ++snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ ++U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 ++9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E ++BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B ++AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz ++yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE ++38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP ++AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad ++DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME ++HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsigneccrootcar4 b/jdk/make/data/cacerts/globalsigneccrootcar4 +new file mode 100644 +index 0000000000..135c0c046a +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsigneccrootcar4 +@@ -0,0 +1,20 @@ ++Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 ++Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 ++Serial number: 2a38a41c960a04de42b228a50be8349802 ++Valid from: Tue Nov 13 00:00:00 GMT 2012 until: Tue Jan 19 03:14:07 GMT 2038 ++Signature algorithm name: SHA256withECDSA ++Subject Public Key Algorithm: 256-bit EC (secp256r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk ++MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH ++bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX ++DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD ++QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu ++MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ ++FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw ++DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F ++uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX ++kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs ++ewv4n4Q= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsigneccrootcar5 b/jdk/make/data/cacerts/globalsigneccrootcar5 +new file mode 100644 +index 0000000000..7156e83b9f +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsigneccrootcar5 +@@ -0,0 +1,21 @@ ++Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 ++Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 ++Serial number: 605949e0262ebb55f90a778a71f94ad86c ++Valid from: Tue Nov 13 00:00:00 GMT 2012 until: Tue Jan 19 03:14:07 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk ++MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH ++bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX ++DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD ++QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu ++MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc ++8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke ++hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD ++VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI ++KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg ++515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO ++xwy8p2Fp8fc74SrL+SvzZpA3 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsignr2ca b/jdk/make/data/cacerts/globalsignr2ca +new file mode 100644 +index 0000000000..746d1fab98 +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsignr2ca +@@ -0,0 +1,29 @@ ++Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 ++Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 ++Serial number: 400000000010f8626e60d ++Valid from: Fri Dec 15 08:00:00 GMT 2006 until: Wed Dec 15 08:00:00 GMT 2021 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G ++A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp ++Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 ++MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG ++A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL ++v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 ++eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq ++tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd ++C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa ++zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB ++mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH ++V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n ++bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG ++3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs ++J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO ++291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS ++ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd ++AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 ++TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsignr3ca b/jdk/make/data/cacerts/globalsignr3ca +new file mode 100644 +index 0000000000..44dce028ab +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsignr3ca +@@ -0,0 +1,28 @@ ++Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 ++Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 ++Serial number: 4000000000121585308a2 ++Valid from: Wed Mar 18 10:00:00 GMT 2009 until: Sun Mar 18 10:00:00 GMT 2029 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G ++A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp ++Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 ++MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG ++A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 ++RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT ++gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm ++KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd ++QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ ++XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw ++DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o ++LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU ++RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp ++jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK ++6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX ++mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs ++Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH ++WD9f ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/globalsignrootcar6 b/jdk/make/data/cacerts/globalsignrootcar6 +new file mode 100644 +index 0000000000..50f748df22 +--- /dev/null ++++ b/jdk/make/data/cacerts/globalsignrootcar6 +@@ -0,0 +1,39 @@ ++Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 ++Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 ++Serial number: 45e6bb038333c3856548e6ff4551 ++Valid from: Wed Dec 10 00:00:00 GMT 2014 until: Sun Dec 10 00:00:00 GMT 2034 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg ++MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh ++bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx ++MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET ++MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ ++KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI ++xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k ++ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD ++aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw ++LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw ++1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX ++k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 ++SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h ++bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n ++WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY ++rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce ++MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD ++AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu ++bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN ++nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt ++Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 ++55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj ++vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf ++cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz ++oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp ++nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs ++pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v ++JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R ++8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 ++5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/godaddyclass2ca b/jdk/make/data/cacerts/godaddyclass2ca +new file mode 100644 +index 0000000000..a5f5746563 +--- /dev/null ++++ b/jdk/make/data/cacerts/godaddyclass2ca +@@ -0,0 +1,31 @@ ++Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US ++Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US ++Serial number: 0 ++Valid from: Tue Jun 29 17:06:20 GMT 2004 until: Thu Jun 29 17:06:20 GMT 2034 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh ++MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE ++YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 ++MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ++ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg ++MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ++ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA ++PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w ++wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi ++EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY ++avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ ++YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE ++sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h ++/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 ++IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj ++YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ++ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy ++OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P ++TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ ++HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER ++dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ++ReYNnyicsbkqWletNw+vHX/bvZ8= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/godaddyrootg2ca b/jdk/make/data/cacerts/godaddyrootg2ca +new file mode 100644 +index 0000000000..5d60b36193 +--- /dev/null ++++ b/jdk/make/data/cacerts/godaddyrootg2ca +@@ -0,0 +1,30 @@ ++Owner: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US ++Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US ++Serial number: 0 ++Valid from: Tue Sep 01 00:00:00 GMT 2009 until: Thu Dec 31 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx ++EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT ++EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ++ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz ++NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH ++EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE ++AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw ++DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD ++E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH ++/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy ++DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh ++GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR ++tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA ++AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE ++FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX ++WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu ++9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr ++gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo ++2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO ++LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI ++4uJEvlz36hz1 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/identrustcommercial b/jdk/make/data/cacerts/identrustcommercial +new file mode 100644 +index 0000000000..8623d4b9b5 +--- /dev/null ++++ b/jdk/make/data/cacerts/identrustcommercial +@@ -0,0 +1,38 @@ ++Owner: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US ++Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US ++Serial number: a0142800000014523c844b500000002 ++Valid from: Thu Jan 16 18:12:23 GMT 2014 until: Mon Jan 16 18:12:23 GMT 2034 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK ++MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu ++VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw ++MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw ++JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG ++SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT ++3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU +++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp ++S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 ++bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi ++T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL ++vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK ++Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK ++dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT ++c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv ++l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N ++iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB ++/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD ++ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH ++6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt ++LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 ++nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 +++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK ++W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT ++AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq ++l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG ++4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ ++mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A ++7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/identrustdstx3 b/jdk/make/data/cacerts/identrustdstx3 +new file mode 100644 +index 0000000000..87a0d0c4f6 +--- /dev/null ++++ b/jdk/make/data/cacerts/identrustdstx3 +@@ -0,0 +1,27 @@ ++Owner: CN=DST Root CA X3, O=Digital Signature Trust Co. ++Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. ++Serial number: 44afb080d6a327ba893039862ef8406b ++Valid from: Sat Sep 30 21:12:19 GMT 2000 until: Thu Sep 30 14:01:15 GMT 2021 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ ++MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT ++DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow ++PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD ++Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ++AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O ++rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq ++OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b ++xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw ++7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD ++aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV ++HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG ++SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ++ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr ++AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz ++R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 ++JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo ++Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/identrustpublicca b/jdk/make/data/cacerts/identrustpublicca +new file mode 100644 +index 0000000000..f4034ea6d8 +--- /dev/null ++++ b/jdk/make/data/cacerts/identrustpublicca +@@ -0,0 +1,38 @@ ++Owner: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US ++Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US ++Serial number: a0142800000014523cf467c00000002 ++Valid from: Thu Jan 16 17:53:32 GMT 2014 until: Mon Jan 16 17:53:32 GMT 2034 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN ++MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu ++VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN ++MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 ++MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi ++MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 ++ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy ++RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS ++bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF ++/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R ++3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw ++EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy ++9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V ++GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ ++2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV ++WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD ++W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ ++BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN ++AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj ++t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV ++DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 ++TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G ++lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW ++mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df ++WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 +++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ ++tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA ++GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv ++8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/keynectisrootca b/jdk/make/data/cacerts/keynectisrootca +new file mode 100644 +index 0000000000..44483b2a42 +--- /dev/null ++++ b/jdk/make/data/cacerts/keynectisrootca +@@ -0,0 +1,30 @@ ++Owner: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ++Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ++Serial number: 1121bc276c5547af584eefd4ced629b2a285 ++Valid from: Tue May 26 00:00:00 GMT 2009 until: Tue May 26 00:00:00 GMT 2020 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIID5TCCAs2gAwIBAgISESG8J2xVR69YTu/UztYpsqKFMA0GCSqGSIb3DQEBCwUA ++MEwxCzAJBgNVBAYTAkZSMRIwEAYDVQQKEwlLRVlORUNUSVMxDTALBgNVBAsTBFJP ++T1QxGjAYBgNVBAMTEUtFWU5FQ1RJUyBST09UIENBMB4XDTA5MDUyNjAwMDAwMFoX ++DTIwMDUyNjAwMDAwMFowTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJ ++UzENMAsGA1UECxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwggEi ++MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/bMXhaGtJhuVaTUhPaSI+t7b ++YDZAF2nCFGP7uNnCdBU3LpzQIM1pjYQyooVMFLSb8iWzVCqDPy2+D/M7ZNH/oFDv ++d087TuE/C2SFmrpYftLDYtNkJaLUspc8d11jKjOS/M2CDZtUlYf1teuMzVvRyjAv ++yYhGtc0NEbQYj+7RoT5dFegoz9/DkJtszNEMRXezOuuKkB3pr2RqiXupPUN0+uRn ++IqH73E3E9WLJyiW0yYBgM6nde6ACv5YlCl7JXyl7tBeBi22BGdDZg1wFj0FpGmlD ++gJ+or+DpjJGLJyuiJmDND/KkowKDjhiBwheKQxX5bfMdEKRanERhIyF62PvRAgMB ++AAGjgcAwgb0wEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwVwYD ++VR0fBFAwTjBMoEqgSIZGaHR0cDovL3RydXN0Y2VudGVyLWNybC5jZXJ0aWZpY2F0 ++Mi5jb20vS2V5bmVjdGlzL0tFWU5FQ1RJU19ST09UX0NBLmNybDAdBgNVHQ4EFgQU ++77cjl9CokX+mz6YhwDSfzHdB4dAwHwYDVR0jBBgwFoAU77cjl9CokX+mz6YhwDSf ++zHdB4dAwDQYJKoZIhvcNAQELBQADggEBABoxaZlCwuVAhaKfksNj1I8hOagZIf56 ++/MNNQPMr6EusW0xZk8bcfguvfF+VhWu9x2+6wb74xjpnS5PGBWk+JC3wG5HGPj/s ++QhiTbAMkim75IGcrfG2rNMkqIjMN132P7tI2ZELINZpuGWHLjWfwaKfQJAXmwxe6 ++Ra58Q7WAeANNIHMF/EMQnTVpQnWUJYIrpjuQGN7Bqa/zLZW/lafPGJfhWeKirxoW ++YQ33E3FTkzf9PK8AHWyLFK9Gloy2UnzMLU7N4elLCu6a/nqY5ym6G9ocutxrzQQO ++JkCp63M8/lCoESdVvduOS+9PGO0V/72GmGbumiVxNGxQ8bJRy2adTSk= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/letsencryptisrgx1 b/jdk/make/data/cacerts/letsencryptisrgx1 +new file mode 100644 +index 0000000000..9364e1df5d +--- /dev/null ++++ b/jdk/make/data/cacerts/letsencryptisrgx1 +@@ -0,0 +1,38 @@ ++Owner: CN=ISRG Root X1, O=Internet Security Research Group, C=US ++Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US ++Serial number: 8210cfb0d240e3594463e0bb63828b00 ++Valid from: Thu Jun 04 11:04:38 GMT 2015 until: Mon Jun 04 11:04:38 GMT 2035 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw ++TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh ++cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 ++WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ++ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY ++MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc ++h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ ++0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U ++A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW ++T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH ++B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC ++B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv ++KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn ++OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn ++jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw ++qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI ++rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV ++HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq ++hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ++ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ ++3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK ++NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ++ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur ++TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC ++jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc ++oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq ++4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA ++mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d ++emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/luxtrustglobalroot2ca b/jdk/make/data/cacerts/luxtrustglobalroot2ca +new file mode 100644 +index 0000000000..e04c3998ab +--- /dev/null ++++ b/jdk/make/data/cacerts/luxtrustglobalroot2ca +@@ -0,0 +1,40 @@ ++Owner: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU ++Issuer: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU ++Serial number: a7ea6df4b449eda6a24859ee6b815d3167fbbb1 ++Valid from: Thu Mar 05 13:21:57 GMT 2015 until: Mon Mar 05 13:21:57 GMT 2035 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL ++BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV ++BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw ++MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B ++LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN ++AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F ++ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem ++hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 ++EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn ++Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 ++zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ ++96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m ++j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g ++DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ ++8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j ++X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH ++hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB ++KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 ++Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT +++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL ++BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 ++BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO ++jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 ++loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c ++qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ ++2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ ++JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre ++zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf ++LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ ++x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 ++oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/luxtrustglobalrootca b/jdk/make/data/cacerts/luxtrustglobalrootca +new file mode 100644 +index 0000000000..7fb3d818f8 +--- /dev/null ++++ b/jdk/make/data/cacerts/luxtrustglobalrootca +@@ -0,0 +1,28 @@ ++Owner: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU ++Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU ++Serial number: bb8 ++Valid from: Thu Mar 17 09:51:37 GMT 2011 until: Wed Mar 17 09:51:37 GMT 2021 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDZDCCAkygAwIBAgICC7gwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCTFUx ++FjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0IEdsb2Jh ++bCBSb290MB4XDTExMDMxNzA5NTEzN1oXDTIxMDMxNzA5NTEzN1owRDELMAkGA1UE ++BhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0 ++IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn+n ++QPAiygz267Hxyw6VV0B1r6A/Ps7sqjJX5hmxZ0OYWmt8s7j6eJyqpoSyYBuAQc5j ++zR8XCJmk9e8+EsdMsFeaXHhAePxFjdqRZ9w6Ubltc+a3OY52OrQfBfVpVfmTz3iI ++Sr6qm9d7R1tGBEyCFqY19vx039a0r9jitScRdFmiwmYsaArhmIiIPIoFdRTjuK7z ++CISbasE/MRivJ6VLm6T9eTHemD0OYcqHmMH4ijCc+j4z1aXEAwfh95Z0GAAnOCfR ++K6qq4UFFi2/xJcLcopeVx0IUM115hCNq52XAV6DYXaljAeew5Ivo+MVjuOVsdJA9 ++x3f8K7p56aTGEnin/wIDAQABo2AwXjAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQE ++AwIBBjAfBgNVHSMEGDAWgBQXFYWJCS8kh28/HRvk8pZ5g0gTzjAdBgNVHQ4EFgQU ++FxWFiQkvJIdvPx0b5PKWeYNIE84wDQYJKoZIhvcNAQELBQADggEBAFrwHNDUUM9B ++fua4nX3DcNBeNv9ujnov3kgR1TQuPLdFwlQlp+HBHjeDtpSutkVIA+qVvuucarQ3 ++XB8u02uCgUNbCj8RVWOs+nwIAjegPDkEM/6XMshS5dklTbDG7mgfcKpzzlcD3H0K ++DTPy0lrfCmw7zBFRlxqkIaKFNQLXgCLShLL4wKpov9XrqsMLq6F8K/f1O4fhVFfs ++BSTveUJO84ton+Ruy4KZycwq3FPCH3CDqyEPVrRI/98HIrOM+R2mBN8tAza53W/+ ++MYhm/2xtRDSvCHc+JtJy9LtHVpM8mGPhM7uZI5K1g3noHZ9nrWLWidb2/CfeMifL ++hNp3hSGhEiE= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca b/jdk/make/data/cacerts/quovadisrootca +new file mode 100644 +index 0000000000..0c195ff51f +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca +@@ -0,0 +1,41 @@ ++Owner: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM ++Serial number: 3ab6508b ++Valid from: Mon Mar 19 18:33:33 GMT 2001 until: Wed Mar 17 18:33:33 GMT 2021 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC ++TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 ++aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 ++aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz ++MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw ++IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR ++dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG ++9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp ++li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D ++rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ ++WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug ++F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU ++xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC ++Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv ++dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw ++ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl ++IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh ++c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy ++ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh ++Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI ++KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T ++KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq ++y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p ++dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD ++VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL ++MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk ++fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 ++7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R ++cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y ++mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW ++xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK ++SnQ2+Q== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca1g3 b/jdk/make/data/cacerts/quovadisrootca1g3 +new file mode 100644 +index 0000000000..26e23ab8dc +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca1g3 +@@ -0,0 +1,38 @@ ++Owner: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM ++Serial number: 78585f2ead2c194be3370735341328b596d46593 ++Valid from: Thu Jan 12 17:27:44 GMT 2012 until: Sun Jan 12 17:27:44 GMT 2042 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL ++BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc ++BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 ++MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM ++aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG ++SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV ++wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe ++rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 ++68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh ++4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp ++UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o ++abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc ++3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G ++KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt ++hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO ++Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt ++zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB ++BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD ++ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC ++MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 ++cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN ++qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 ++YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv ++b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 ++8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k ++NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj ++ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp ++q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt ++nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca2 b/jdk/make/data/cacerts/quovadisrootca2 +new file mode 100644 +index 0000000000..c5b1f0709f +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca2 +@@ -0,0 +1,40 @@ ++Owner: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM ++Serial number: 509 ++Valid from: Fri Nov 24 18:27:00 GMT 2006 until: Mon Nov 24 18:23:33 GMT 2031 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x ++GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv ++b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV ++BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W ++YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa ++GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg ++Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J ++WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB ++rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp +++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 ++ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i ++Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz ++PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og ++/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH ++oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI ++yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud ++EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 ++A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL ++MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT ++ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f ++BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn ++g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl ++fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K ++WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha ++B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc ++hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR ++TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD ++mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z ++ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y ++4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza ++8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca2g3 b/jdk/make/data/cacerts/quovadisrootca2g3 +new file mode 100644 +index 0000000000..6d370f546b +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca2g3 +@@ -0,0 +1,38 @@ ++Owner: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM ++Serial number: 445734245b81899b35f2ceb82b3b5ba726f07528 ++Valid from: Thu Jan 12 18:59:32 GMT 2012 until: Sun Jan 12 18:59:32 GMT 2042 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL ++BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc ++BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 ++MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM ++aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG ++SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf ++qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW ++n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym ++c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ ++O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 ++o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j ++IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq ++IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz ++8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh ++vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l ++7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG ++cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB ++BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD ++ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 ++AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC ++roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga ++W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n ++lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE +++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV ++csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd ++dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg ++KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM ++HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 ++WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca3 b/jdk/make/data/cacerts/quovadisrootca3 +new file mode 100644 +index 0000000000..0452ad9218 +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca3 +@@ -0,0 +1,45 @@ ++Owner: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM ++Serial number: 5c6 ++Valid from: Fri Nov 24 19:11:23 GMT 2006 until: Mon Nov 24 19:06:44 GMT 2031 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x ++GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv ++b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV ++BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W ++YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM ++V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB ++4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr ++H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd ++8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv ++vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT ++mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe ++btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc ++T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt ++WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ ++c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A ++4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD ++VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG ++CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 ++aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 ++aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu ++dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw ++czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G ++A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC ++TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg ++Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 ++7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem ++d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd +++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B ++4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN ++t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x ++DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 ++k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s ++zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j ++Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT ++mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK ++4SVhM7JZG+Ju1zdXtg2pEto= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca3g3 b/jdk/make/data/cacerts/quovadisrootca3g3 +new file mode 100644 +index 0000000000..b4eccae9c1 +--- /dev/null ++++ b/jdk/make/data/cacerts/quovadisrootca3g3 +@@ -0,0 +1,38 @@ ++Owner: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM ++Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM ++Serial number: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d ++Valid from: Thu Jan 12 20:26:32 GMT 2012 until: Sun Jan 12 20:26:32 GMT 2042 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL ++BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc ++BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 ++MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM ++aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG ++SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR ++/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu ++FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR ++U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c ++ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR ++FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k ++A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw ++eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl ++sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp ++VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q ++A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ ++ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB ++BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD ++ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px ++KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI ++FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv ++oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg ++u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP ++0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf ++3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl ++8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ ++DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN ++PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ ++ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/secomscrootca1 b/jdk/make/data/cacerts/secomscrootca1 +new file mode 100644 +index 0000000000..d300e31195 +--- /dev/null ++++ b/jdk/make/data/cacerts/secomscrootca1 +@@ -0,0 +1,27 @@ ++Owner: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP ++Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP ++Serial number: 0 ++Valid from: Tue Sep 30 04:20:49 GMT 2003 until: Sat Sep 30 04:20:49 GMT 2023 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY ++MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t ++dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 ++WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD ++VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 ++DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 ++9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ ++DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 ++Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N ++QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ ++xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G ++A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T ++AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG ++kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr ++Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 ++Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU ++JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot ++RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/secomscrootca2 b/jdk/make/data/cacerts/secomscrootca2 +new file mode 100644 +index 0000000000..d80846d9f2 +--- /dev/null ++++ b/jdk/make/data/cacerts/secomscrootca2 +@@ -0,0 +1,28 @@ ++Owner: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP ++Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP ++Serial number: 0 ++Valid from: Fri May 29 05:00:39 GMT 2009 until: Tue May 29 05:00:39 GMT 2029 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl ++MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe ++U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX ++DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy ++dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj ++YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV ++OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr ++zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM ++VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ ++hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO ++ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw ++awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs ++OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 ++DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF ++coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc ++okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 ++t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy ++1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ ++SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/securetrustca b/jdk/make/data/cacerts/securetrustca +new file mode 100644 +index 0000000000..a08e2467f4 +--- /dev/null ++++ b/jdk/make/data/cacerts/securetrustca +@@ -0,0 +1,29 @@ ++Owner: CN=SecureTrust CA, O=SecureTrust Corporation, C=US ++Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US ++Serial number: cf08e5c0816a5ad427ff0eb271859d0 ++Valid from: Tue Nov 07 19:31:18 GMT 2006 until: Mon Dec 31 19:40:55 GMT 2029 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI ++MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x ++FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz ++MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv ++cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN ++AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz ++Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO ++0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao ++wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj ++7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS ++8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT ++BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB ++/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg ++JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC ++NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 ++6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ ++3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm ++D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS ++CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR ++3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/soneraclass2ca b/jdk/make/data/cacerts/soneraclass2ca +new file mode 100644 +index 0000000000..43faa5e211 +--- /dev/null ++++ b/jdk/make/data/cacerts/soneraclass2ca +@@ -0,0 +1,26 @@ ++Owner: CN=Sonera Class2 CA, O=Sonera, C=FI ++Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI ++Serial number: 1d ++Valid from: Fri Apr 06 07:29:40 GMT 2001 until: Tue Apr 06 07:29:40 GMT 2021 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP ++MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx ++MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV ++BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o ++Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt ++5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s ++3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej ++vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu ++8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw ++DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG ++MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil ++zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ ++3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD ++FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 ++Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 ++ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/starfieldclass2ca b/jdk/make/data/cacerts/starfieldclass2ca +new file mode 100644 +index 0000000000..d87e609ee3 +--- /dev/null ++++ b/jdk/make/data/cacerts/starfieldclass2ca +@@ -0,0 +1,31 @@ ++Owner: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US ++Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US ++Serial number: 0 ++Valid from: Tue Jun 29 17:39:16 GMT 2004 until: Thu Jun 29 17:39:16 GMT 2034 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl ++MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp ++U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw ++NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE ++ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp ++ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 ++DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf ++8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN +++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 ++X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa ++K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA ++1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G ++A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR ++zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 ++YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD ++bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w ++DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 ++L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D ++eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl ++xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp ++VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY ++WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/starfieldrootg2ca b/jdk/make/data/cacerts/starfieldrootg2ca +new file mode 100644 +index 0000000000..bea888c4a9 +--- /dev/null ++++ b/jdk/make/data/cacerts/starfieldrootg2ca +@@ -0,0 +1,30 @@ ++Owner: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US ++Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US ++Serial number: 0 ++Valid from: Tue Sep 01 00:00:00 GMT 2009 until: Thu Dec 31 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx ++EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT ++HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs ++ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw ++MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 ++b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj ++aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp ++Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ++ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg ++nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 ++HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N ++Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN ++dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 ++HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO ++BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G ++CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU ++sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 ++4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg ++8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K ++pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 ++mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/starfieldservicesrootg2ca b/jdk/make/data/cacerts/starfieldservicesrootg2ca +new file mode 100644 +index 0000000000..7303f09f6c +--- /dev/null ++++ b/jdk/make/data/cacerts/starfieldservicesrootg2ca +@@ -0,0 +1,31 @@ ++Owner: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US ++Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US ++Serial number: 0 ++Valid from: Tue Sep 01 00:00:00 GMT 2009 until: Thu Dec 31 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx ++EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT ++HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs ++ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 ++MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD ++VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy ++ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy ++dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI ++hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p ++OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 ++8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K ++Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe ++hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk ++6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw ++DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q ++AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI ++bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB ++ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z ++qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd ++iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn ++0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN ++sSi6 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/swisssigngoldg2ca b/jdk/make/data/cacerts/swisssigngoldg2ca +new file mode 100644 +index 0000000000..3558909b89 +--- /dev/null ++++ b/jdk/make/data/cacerts/swisssigngoldg2ca +@@ -0,0 +1,40 @@ ++Owner: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH ++Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH ++Serial number: bb401c43f55e4fb0 ++Valid from: Wed Oct 25 08:30:35 GMT 2006 until: Sat Oct 25 08:30:35 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV ++BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln ++biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF ++MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT ++d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC ++CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 ++76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ ++bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c ++6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE ++emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd ++MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt ++MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y ++MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y ++FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi ++aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM ++gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB ++qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 ++lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn ++8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov ++L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 ++45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO ++UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 ++O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC ++bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv ++GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a ++77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC ++hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 ++92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp ++Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w ++ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt ++Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/swisssignplatinumg2ca b/jdk/make/data/cacerts/swisssignplatinumg2ca +new file mode 100644 +index 0000000000..774bef80db +--- /dev/null ++++ b/jdk/make/data/cacerts/swisssignplatinumg2ca +@@ -0,0 +1,40 @@ ++Owner: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH ++Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH ++Serial number: 4eb200670c035d4f ++Valid from: Wed Oct 25 08:36:00 GMT 2006 until: Sat Oct 25 08:36:00 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE ++BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu ++IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw ++WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD ++ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD ++ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y ++IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn ++IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ ++6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob ++jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw ++izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl +++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY ++zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP ++pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF ++KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW ++ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB ++AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O ++BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 ++ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW ++IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA ++A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 ++uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ ++FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 ++jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ ++u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D ++YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 ++puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa ++icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG ++DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x ++kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z ++Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/swisssignsilverg2ca b/jdk/make/data/cacerts/swisssignsilverg2ca +new file mode 100644 +index 0000000000..7a1eed1c0f +--- /dev/null ++++ b/jdk/make/data/cacerts/swisssignsilverg2ca +@@ -0,0 +1,40 @@ ++Owner: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH ++Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH ++Serial number: 4f1bd42f54bb2f4b ++Valid from: Wed Oct 25 08:32:46 GMT 2006 until: Sat Oct 25 08:32:46 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE ++BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu ++IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow ++RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY ++U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A ++MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv ++Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br ++YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF ++nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH ++6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt ++eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ ++c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ ++MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH ++HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf ++jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 ++5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB ++rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU ++F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c ++wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 ++cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB ++AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp ++WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 ++xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ ++2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ ++IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 ++aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X ++em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR ++dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ ++OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ ++hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy ++tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/teliasonerarootcav1 b/jdk/make/data/cacerts/teliasonerarootcav1 +new file mode 100644 +index 0000000000..26512c9b11 +--- /dev/null ++++ b/jdk/make/data/cacerts/teliasonerarootcav1 +@@ -0,0 +1,37 @@ ++Owner: CN=TeliaSonera Root CA v1, O=TeliaSonera ++Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera ++Serial number: 95be16a0f72e46f17b398272fa8bcd96 ++Valid from: Thu Oct 18 12:00:50 GMT 2007 until: Mon Oct 18 12:00:50 GMT 2032 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw ++NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv ++b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD ++VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 ++MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F ++VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 ++7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X ++Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ ++/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs ++81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm ++dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe ++Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu ++sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 ++pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs ++slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ ++arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD ++VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG ++9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl ++dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx ++0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj ++TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed ++Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 ++Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI ++OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 ++vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW ++t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn ++HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx ++SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/thawteprimaryrootca b/jdk/make/data/cacerts/thawteprimaryrootca +new file mode 100644 +index 0000000000..9dc4dd8552 +--- /dev/null ++++ b/jdk/make/data/cacerts/thawteprimaryrootca +@@ -0,0 +1,32 @@ ++Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US ++Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US ++Serial number: 344ed55720d5edec49f42fce37db2b6d ++Valid from: Fri Nov 17 00:00:00 GMT 2006 until: Wed Jul 16 23:59:59 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB ++qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf ++Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw ++MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV ++BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw ++NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j ++LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG ++A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl ++IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG ++SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs ++W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta ++3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk ++6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 ++Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J ++NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA ++MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP ++r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU ++DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz ++YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX ++xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 ++/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ ++LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 ++jVaMaA== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/thawteprimaryrootcag2 b/jdk/make/data/cacerts/thawteprimaryrootcag2 +new file mode 100644 +index 0000000000..d604e2f345 +--- /dev/null ++++ b/jdk/make/data/cacerts/thawteprimaryrootcag2 +@@ -0,0 +1,23 @@ ++Owner: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US ++Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US ++Serial number: 35fc265cd9844fc93d263d579baed756 ++Valid from: Mon Nov 05 00:00:00 GMT 2007 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL ++MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp ++IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi ++BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw ++MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh ++d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig ++YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v ++dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ ++BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 ++papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E ++BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K ++DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 ++KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox ++XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/thawteprimaryrootcag3 b/jdk/make/data/cacerts/thawteprimaryrootcag3 +new file mode 100644 +index 0000000000..396fc17a0d +--- /dev/null ++++ b/jdk/make/data/cacerts/thawteprimaryrootcag3 +@@ -0,0 +1,32 @@ ++Owner: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US ++Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US ++Serial number: 600197b746a7eab4b49ad64b2ff790fb ++Valid from: Wed Apr 02 00:00:00 GMT 2008 until: Tue Dec 01 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB ++rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf ++Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw ++MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV ++BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa ++Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl ++LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u ++MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl ++ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz ++MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm ++gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 ++YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf ++b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 ++9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S ++zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk ++OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV ++HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA ++2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW ++oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu ++t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c ++KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM ++m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu ++MdRAGmI0Nj81Aa6sY6A= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/ttelesecglobalrootclass2ca b/jdk/make/data/cacerts/ttelesecglobalrootclass2ca +new file mode 100644 +index 0000000000..1e057df874 +--- /dev/null ++++ b/jdk/make/data/cacerts/ttelesecglobalrootclass2ca +@@ -0,0 +1,30 @@ ++Owner: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE ++Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE ++Serial number: 1 ++Valid from: Wed Oct 01 10:40:14 GMT 2008 until: Sat Oct 01 23:59:59 GMT 2033 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx ++KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd ++BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl ++YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 ++OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy ++aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ++ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G ++CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd ++AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC ++FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi ++1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq ++jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ ++wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj ++QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ ++WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy ++NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC ++uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw ++IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 ++g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN ++9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP ++BSeOE6Fuwg== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/ttelesecglobalrootclass3ca b/jdk/make/data/cacerts/ttelesecglobalrootclass3ca +new file mode 100644 +index 0000000000..8985014b09 +--- /dev/null ++++ b/jdk/make/data/cacerts/ttelesecglobalrootclass3ca +@@ -0,0 +1,30 @@ ++Owner: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE ++Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE ++Serial number: 1 ++Valid from: Wed Oct 01 10:29:56 GMT 2008 until: Sat Oct 01 23:59:59 GMT 2033 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx ++KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd ++BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl ++YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 ++OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy ++aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ++ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G ++CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN ++8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ ++RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 ++hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 ++ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM ++EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj ++QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 ++A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy ++WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ ++1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 ++6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT ++91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml ++e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p ++TpPDpFQUWw== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/usertrusteccca b/jdk/make/data/cacerts/usertrusteccca +new file mode 100644 +index 0000000000..9af9c946cf +--- /dev/null ++++ b/jdk/make/data/cacerts/usertrusteccca +@@ -0,0 +1,23 @@ ++Owner: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US ++Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US ++Serial number: 5c8b99c55a94c5d27156decd8980cc26 ++Valid from: Mon Feb 01 00:00:00 GMT 2010 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL ++MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl ++eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT ++JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx ++MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT ++Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg ++VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm ++aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo ++I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng ++o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G ++A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD ++VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB ++zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW ++RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/usertrustrsaca b/jdk/make/data/cacerts/usertrustrsaca +new file mode 100644 +index 0000000000..fe9ae79029 +--- /dev/null ++++ b/jdk/make/data/cacerts/usertrustrsaca +@@ -0,0 +1,41 @@ ++Owner: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US ++Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US ++Serial number: 1fd6d30fca3ca51a81bbc640e35032d ++Valid from: Mon Feb 01 00:00:00 GMT 2010 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withRSA ++Subject Public Key Algorithm: 4096-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB ++iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl ++cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV ++BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw ++MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV ++BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU ++aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy ++dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK ++AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B ++3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY ++tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ ++Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 ++VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT ++79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 ++c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT ++Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l ++c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee ++UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE ++Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd ++BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G ++A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF ++Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO ++VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ++ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs ++8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR ++iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze ++Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ ++XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ ++qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB ++VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB ++L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG ++jjxDah2nGN59PRbxYvnKkKj9 ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/verisignclass3g3ca b/jdk/make/data/cacerts/verisignclass3g3ca +new file mode 100644 +index 0000000000..b9c36ed50f +--- /dev/null ++++ b/jdk/make/data/cacerts/verisignclass3g3ca +@@ -0,0 +1,31 @@ ++Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Serial number: 9b7e0649a33e62b9d5ee90487129ef57 ++Valid from: Fri Oct 01 00:00:00 GMT 1999 until: Wed Jul 16 23:59:59 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 1 ++-----BEGIN CERTIFICATE----- ++MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw ++CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl ++cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu ++LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT ++aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp ++dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD ++VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT ++aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ ++bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu ++IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg ++LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b ++N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t ++KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu ++kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm ++CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ ++Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu ++imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te ++2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe ++DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC ++/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p ++F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt ++TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/verisignclass3g4ca b/jdk/make/data/cacerts/verisignclass3g4ca +new file mode 100644 +index 0000000000..b52ee80d50 +--- /dev/null ++++ b/jdk/make/data/cacerts/verisignclass3g4ca +@@ -0,0 +1,28 @@ ++Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Serial number: 2f80fe238c0e220f486712289187acb3 ++Valid from: Mon Nov 05 00:00:00 GMT 2007 until: Mon Jan 18 23:59:59 GMT 2038 ++Signature algorithm name: SHA384withECDSA ++Subject Public Key Algorithm: 384-bit EC (secp384r1) key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL ++MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ++ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln ++biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp ++U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y ++aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG ++A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp ++U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg ++SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln ++biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 ++IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm ++GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve ++fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw ++AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ ++aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj ++aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW ++kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC ++4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga ++FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/verisignclass3g5ca b/jdk/make/data/cacerts/verisignclass3g5ca +new file mode 100644 +index 0000000000..417c891517 +--- /dev/null ++++ b/jdk/make/data/cacerts/verisignclass3g5ca +@@ -0,0 +1,35 @@ ++Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Serial number: 18dad19e267de8bb4a2158cdcc6b3b4a ++Valid from: Wed Nov 08 00:00:00 GMT 2006 until: Wed Jul 16 23:59:59 GMT 2036 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB ++yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ++ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp ++U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ++ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 ++aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL ++MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ++ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln ++biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp ++U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y ++aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 ++nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex ++t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz ++SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG ++BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ ++rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ ++NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E ++BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH ++BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy ++aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv ++MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE ++p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y ++5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK ++WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ ++4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N ++hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/verisignuniversalrootca b/jdk/make/data/cacerts/verisignuniversalrootca +new file mode 100644 +index 0000000000..f364256a0e +--- /dev/null ++++ b/jdk/make/data/cacerts/verisignuniversalrootca +@@ -0,0 +1,35 @@ ++Owner: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US ++Serial number: 401ac46421b31321030ebbe4121ac51d ++Valid from: Wed Apr 02 00:00:00 GMT 2008 until: Tue Dec 01 23:59:59 GMT 2037 ++Signature algorithm name: SHA256withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB ++vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ++ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp ++U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W ++ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe ++Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX ++MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 ++IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y ++IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh ++bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF ++AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF ++9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH ++H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H ++LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN ++/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT ++rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud ++EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw ++WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs ++exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud ++DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 ++sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ ++seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz ++4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ ++BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR ++lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 ++7M2CYfE45k+XmCpajQ== ++-----END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/xrampglobalca b/jdk/make/data/cacerts/xrampglobalca +new file mode 100644 +index 0000000000..347f1437c2 +--- /dev/null ++++ b/jdk/make/data/cacerts/xrampglobalca +@@ -0,0 +1,32 @@ ++Owner: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US ++Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US ++Serial number: 50946cec18ead59c4dd597ef758fa0ad ++Valid from: Mon Nov 01 17:14:04 GMT 2004 until: Mon Jan 01 05:37:19 GMT 2035 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB ++gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk ++MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY ++UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx ++NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 ++dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy ++dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB ++dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 ++38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP ++KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q ++DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 ++qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa ++JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi ++PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P ++BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs ++jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 ++eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD ++ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR ++vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt ++qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa ++IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy ++i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ ++O+7ETPTsJ3xCwnR8gooJybQDJbw= ++-----END CERTIFICATE----- +diff --git a/jdk/make/src/classes/build/tools/generatecacerts/GenerateCacerts.java b/jdk/make/src/classes/build/tools/generatecacerts/GenerateCacerts.java +new file mode 100644 +index 0000000000..328179442f +--- /dev/null ++++ b/jdk/make/src/classes/build/tools/generatecacerts/GenerateCacerts.java +@@ -0,0 +1,62 @@ ++/* ++ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package build.tools.generatecacerts; ++ ++import java.io.FileOutputStream; ++import java.io.InputStream; ++import java.nio.file.DirectoryStream; ++import java.nio.file.Files; ++import java.nio.file.Path; ++import java.nio.file.Paths; ++import java.security.KeyStore; ++import java.security.cert.CertificateFactory; ++ ++/** ++ * Generate cacerts ++ * args[0]: Full path string to the directory that contains CA certs ++ * args[1]: Full path string to the generated cacerts ++ */ ++public class GenerateCacerts { ++ public static void main(String[] args) throws Exception { ++ KeyStore ks = KeyStore.getInstance("JKS"); ++ ks.load(null, null); ++ CertificateFactory cf = CertificateFactory.getInstance("X509"); ++ try (DirectoryStream ds = Files.newDirectoryStream(Paths.get(args[0]))) { ++ for (Path p : ds) { ++ String fName = p.getFileName().toString(); ++ if (!fName.equals("README")) { ++ String alias = fName + " [jdk]"; ++ try (InputStream fis = Files.newInputStream(p)) { ++ ks.setCertificateEntry(alias, cf.generateCertificate(fis)); ++ } ++ } ++ } ++ } ++ try (FileOutputStream fos = new FileOutputStream(args[1])) { ++ ks.store(fos, "changeit".toCharArray()); ++ } ++ } ++} + +-- +2.12.3 + diff --git a/8202076.patch b/8202076.patch deleted file mode 100644 index e5405e6a01c2a8facce2ab7ab82c660acddf48f9..0000000000000000000000000000000000000000 --- a/8202076.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 480c546fa5d07a92d09fbe669a7a36e718baedca Mon Sep 17 00:00:00 2001 -From: xuwei -Date: Fri, 19 Apr 2019 16:15:04 +0000 -Subject: [PATCH] 8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 - -Bug url: https://bugs.openjdk.java.net/browse/JDK-8202076 - ---- - .../native/java/io/WinNTFileSystem_md.c | 40 +++++++++++++++---- - 1 file changed, 33 insertions(+), 7 deletions(-) - -diff --git a/jdk/src/windows/native/java/io/WinNTFileSystem_md.c b/jdk/src/windows/native/java/io/WinNTFileSystem_md.c -index 4c61fa5817..8c8494743f 100644 ---- a/jdk/src/windows/native/java/io/WinNTFileSystem_md.c -+++ b/jdk/src/windows/native/java/io/WinNTFileSystem_md.c -@@ -35,6 +35,8 @@ - #include - #include - #include -+#include -+#include - - #include "jni.h" - #include "io_util.h" -@@ -525,13 +527,37 @@ Java_java_io_WinNTFileSystem_getLength(JNIEnv *env, jobject this, jobject file) - } - } else { - if (GetLastError() == ERROR_SHARING_VIOLATION) { -- /* The error is "share violation", which means the file/dir -- must exists. Try _wstati64, we know this at least works -- for pagefile.sys and hiberfil.sys. -- */ -- struct _stati64 sb; -- if (_wstati64(pathbuf, &sb) == 0) { -- rv = sb.st_size; -+ // The error is a "share violation", which means the file/dir -+ // must exist. Try FindFirstFile, we know this at least works -+ // for pagefile.sys. -+ WIN32_FIND_DATAW fileData; -+ HANDLE h = FindFirstFileW(pathbuf, &fileData); -+ if (h != INVALID_HANDLE_VALUE) { -+ if ((fileData.dwFileAttributes & -+ FILE_ATTRIBUTE_REPARSE_POINT) == 0) { -+ WCHAR backslash = L'\\'; -+ WCHAR *pslash = wcsrchr(pathbuf, backslash); -+ if (pslash == NULL) { -+ pslash = pathbuf; -+ } else { -+ pslash++; -+ } -+ WCHAR *fslash = wcsrchr(fileData.cFileName, backslash); -+ if (fslash == NULL) { -+ fslash = fileData.cFileName; -+ } else { -+ fslash++; -+ } -+ if (wcscmp(pslash, fslash) == 0) { -+ ULARGE_INTEGER length; -+ length.LowPart = fileData.nFileSizeLow; -+ length.HighPart = fileData.nFileSizeHigh; -+ if (length.QuadPart <= _I64_MAX) { -+ rv = (jlong)length.QuadPart; -+ } -+ } -+ } -+ FindClose(h); - } - } - } --- -2.19.0 - diff --git a/8203196-C1-emits-incorrect-code-due-to-integer-overf.patch b/8203196-C1-emits-incorrect-code-due-to-integer-overf.patch new file mode 100644 index 0000000000000000000000000000000000000000..5948e8efab00e2e12f0953f74c826f566882bc85 --- /dev/null +++ b/8203196-C1-emits-incorrect-code-due-to-integer-overf.patch @@ -0,0 +1,105 @@ +From 0e8b56655778da1200e06bb7138f86f8d395aec5 Mon Sep 17 00:00:00 2001 +From: wangkaihui +Date: Sat, 28 Dec 2019 12:41:30 +0000 +Subject: [PATCH] 8203196: C1 emits incorrect code due to integer overflow in + _tableswitch keys + +Summary: : C1 emits incorrect code due to integer overflow in _tableswitch keys +LLT: NA +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8203196 +--- + hotspot/src/share/vm/c1/c1_Instruction.hpp | 4 +-- + hotspot/src/share/vm/c1/c1_LIRGenerator.cpp | 2 +- + hotspot/test/compiler/c1/SwitchTest.java | 46 +++++++++++++++++++++++++++++ + 3 files changed, 49 insertions(+), 3 deletions(-) + create mode 100644 hotspot/test/compiler/c1/SwitchTest.java + +diff --git a/hotspot/src/share/vm/c1/c1_Instruction.hpp b/hotspot/src/share/vm/c1/c1_Instruction.hpp +index 789dba62b2..ee4adbc483 100644 +--- a/hotspot/src/share/vm/c1/c1_Instruction.hpp ++++ b/hotspot/src/share/vm/c1/c1_Instruction.hpp +@@ -2124,11 +2124,11 @@ LEAF(TableSwitch, Switch) + // creation + TableSwitch(Value tag, BlockList* sux, int lo_key, ValueStack* state_before, bool is_safepoint) + : Switch(tag, sux, state_before, is_safepoint) +- , _lo_key(lo_key) {} ++ , _lo_key(lo_key) { assert(_lo_key <= hi_key(), "integer overflow"); } + + // accessors + int lo_key() const { return _lo_key; } +- int hi_key() const { return _lo_key + length() - 1; } ++ int hi_key() const { return _lo_key + (length() - 1); } + }; + + +diff --git a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp +index 1cf9f0e8c4..3a48de9eb0 100644 +--- a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp ++++ b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp +@@ -2602,8 +2602,8 @@ void LIRGenerator::do_TableSwitch(TableSwitch* x) { + move_to_phi(x->state()); + + int lo_key = x->lo_key(); +- int hi_key = x->hi_key(); + int len = x->length(); ++ assert(lo_key <= (lo_key + (len - 1)), "integer overflow"); + LIR_Opr value = tag.result(); + if (UseTableRanges) { + do_SwitchRanges(create_lookup_ranges(x), value, x->default_sux()); +diff --git a/hotspot/test/compiler/c1/SwitchTest.java b/hotspot/test/compiler/c1/SwitchTest.java +new file mode 100644 +index 0000000000..d18eccc0fb +--- /dev/null ++++ b/hotspot/test/compiler/c1/SwitchTest.java +@@ -0,0 +1,46 @@ ++/* ++ * @test ++ * @bug 8203196 ++ * @summary C1 emits incorrect code due to integer overflow in _tableswitch keys ++ * @run main/othervm -Xcomp SwitchTest ++ */ ++public class SwitchTest { ++ public static void main(String args[]) throws Exception { ++ int test2 = 2147483647; ++ int check2 = 0; ++ switch (test2) { ++ case 2147483640: ++ check2 = 2147483640; ++ break; ++ case 2147483641: ++ check2 = 2147483641; ++ break; ++ case 2147483642: ++ check2 = 2147483642; ++ break; ++ case 2147483643: ++ check2 = 2147483643; ++ break; ++ case 2147483644: ++ check2 = 2147483644; ++ break; ++ case 2147483645: ++ check2 = 2147483645; ++ break; ++ case 2147483646: ++ check2 = 2147483646; ++ break; ++ case 2147483647: ++ check2 = 2147483647; ++ break; ++ default: ++ check2 = 123456; ++ break; ++ } ++ if (check2 != test2) { ++ System.out.println("choose a wrong case"); ++ throw new Exception(); ++ } ++ ++ } ++} +\ No newline at end of file +-- +2.12.3 + diff --git a/8203699-java-lang-invoke-SpecialInte.patch b/8203699-java-lang-invoke-SpecialInte.patch index 4d06c6ae729c620846b6ce47bf5d79aa7de26f56..84c2a0c2799e3e52e456584f88510ab91f45abda 100644 --- a/8203699-java-lang-invoke-SpecialInte.patch +++ b/8203699-java-lang-invoke-SpecialInte.patch @@ -9,9 +9,7 @@ Bug url: https://bugs.openjdk.java.net/browse/JDK-8203699 --- .../src/cpu/aarch64/vm/macroAssembler_aarch64.cpp | 6 +- - .../invoke/lookup/TestDefenderMethodLookup.java | 167 +++++++++++++++++++++ - 2 files changed, 172 insertions(+), 1 deletion(-) - create mode 100644 jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java + 1 files changed, 5 insertions(+), 1 deletion(-) diff --git a/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp index 42b732f37a..4659d628db 100644 @@ -38,177 +36,6 @@ index 42b732f37a..4659d628db 100644 mov(rscratch2, (address)&SharedRuntime::_partial_subtype_ctr); Address pst_counter_addr(rscratch2); diff --git a/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java b/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java -new file mode 100644 -index 0000000000..1d0ade9fe4 ---- /dev/null -+++ b/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java -@@ -0,0 +1,166 @@ -+/* -+ * @test -+ * @author zhangli -+ * @bug 8203699 -+ * @summary see https://code.huawei.com/HuaweiJDK/JVM-team/JVM/issues/1368 -+ * @run testng/othervm test.java.lang.invoke.lookup.TestDefenderMethodLookup -+ */ -+ -+package test.java.lang.invoke.lookup; -+ -+import org.testng.annotations.Test; -+import org.testng.Assert; -+import java.lang.invoke.*; -+import java.lang.invoke.MethodHandle; -+import java.lang.invoke.MethodHandles; -+import java.lang.invoke.MethodHandles.Lookup; -+ -+//@Test(groups = { "level.sanity" }) -+public class TestDefenderMethodLookup { -+ /** -+ * Get a SPECIAL MethodHandle for the method "test()V" in the DIRECT super interface DefenderInterface. The method -+ * has a default implementation in DefenderInterface and does NOT have an implementation in the class. -+ * Invoke the MethodHandle, and assert that the DefenderInterface.test was invoked (should return "default"). -+ * -+ * @throws Throwable No exceptions is expected. Any exception should be treated as an error. -+ */ -+ @Test -+ public void testDirectSuperInterface() throws Throwable { -+ DefenderInterface impl = new DefenderInterface() { -+ public MethodHandle run() throws Throwable { -+ Lookup l = DefenderInterface.lookup(); -+ Class defc = this.getClass(); -+ Class target = DefenderInterface.class; -+ MethodType mt = MethodType.methodType(String.class); -+ return l.findSpecial(defc, "test", mt, target); -+ } -+ }; -+ MethodHandle mh = impl.run(); -+ String result = (String)mh.invoke(impl); -+ Assert.assertEquals("default", result); -+ } -+ -+ /** -+ * Same as testDirectSuperInterface, but with the findSpecial arguments target and defc switched. -+ * -+ * @throws Throwable No exceptions is expected. Any exception should be treated as an error. -+ */ -+ @Test -+ public void testDirectSuperInterfaceSwitchedTargetDefc() throws Throwable { -+ DefenderInterface impl = new DefenderInterface() { -+ public MethodHandle run() throws Throwable { -+ Lookup l = MethodHandles.lookup(); -+ Class defc = this.getClass(); -+ Class target = DefenderInterface.class; -+ MethodType mt = MethodType.methodType(String.class); -+ // Switched target and defc -+ return l.findSpecial(target, "test", mt, defc); -+ } -+ }; -+ MethodHandle mh = impl.run(); -+ String result = (String)mh.invoke(impl); -+ Assert.assertEquals("default", result); -+ } -+ -+ /** -+ * Get a SPECIAL MethodHandle for the method "test()V" in the DIRECT super interface DefenderInterface. The method -+ * has a default implementation in DefenderInterface and does ALSO have an implementation in the class. -+ * Invoke the MethodHandle, and assert that the DefenderInterface.test was invoked (should return "default"). -+ * -+ * @throws Throwable No exceptions is expected. Any exception should be treated as an error. -+ */ -+ @Test -+ public void testDirectSuperInterfaceWithOverride() throws Throwable { -+ DefenderInterface impl = new DefenderInterface() { -+ @Test -+ @Override -+ public String test() { -+ return "impl"; -+ } -+ -+ public MethodHandle run() throws Throwable { -+ Lookup l = DefenderInterface.lookup(); -+ Class defc = DefenderInterface.class; -+ Class target = DefenderInterface.class; -+ MethodType mt = MethodType.methodType(String.class); -+ return l.findSpecial(defc, "test", mt, target); -+ } -+ }; -+ MethodHandle mh = impl.run(); -+ String result = (String)mh.invoke(impl); -+ Assert.assertEquals("default", result); -+ } -+ -+ /** -+ * Same as testDirectSuperInterfaceWithOverride, but with the findSpecial arguments target and defc switched. -+ * -+ * @throws Throwable No exceptions is expected. Any exception should be treated as an error. -+ */ -+ @Test -+ public void testDirectSuperInterfaceWithOverrideSwitchedTargetDefc() throws Throwable { -+ DefenderInterface impl = new DefenderInterface() { -+ @Override -+ public String test() { -+ return "impl"; -+ } -+ -+ public MethodHandle run() throws Throwable { -+ Lookup l = MethodHandles.lookup(); -+ Class defc = this.getClass(); -+ Class target = DefenderInterface.class; -+ MethodType mt = MethodType.methodType(String.class); -+ // Switched target and defc -+ return l.findSpecial(target, "test", mt, defc); -+ } -+ }; -+ MethodHandle mh = impl.run(); -+ String result = (String)mh.invoke(impl); -+ Assert.assertEquals("default", result); -+ } -+ -+ /** -+ * NEGATIVE
-+ * Try to get a SPECIAL MethodHandle for the method "test()V" in the INDIRECT super interface DefenderInterface -+ * (through the interface DefenderSubInterface). -+ * -+ * @throws Throwable Expected exceptions are caught. Any other exception should be treated as an error. -+ */ -+ @Test -+ public void testIndirectSuperInterface() throws Throwable { -+ DefenderSubInterface impl = new DefenderSubInterface() { -+ public MethodHandle run() throws Throwable { -+ Lookup l = DefenderSubInterface.lookup(); -+ Class defc = this.getClass(); -+ Class target = DefenderInterface.class; -+ MethodType mt = MethodType.methodType(String.class); -+ return l.findSpecial(defc, "test", mt, target); -+ } -+ }; -+ try { -+ impl.run(); -+ Assert.fail("Successfully created supersend MethodHandle to INDIRECT super interface. Should fail with IllegalAccessException."); -+ } catch (IllegalAccessException e) {} -+ } -+} -+ -+interface DefenderInterface { -+ public default String test() { -+ return "default"; -+ } -+ -+ public static Lookup lookup() { -+ return MethodHandles.lookup(); -+ } -+ -+ public MethodHandle run() throws Throwable; -+} -+ -+interface DefenderSubInterface extends DefenderInterface { -+ public default String test() { -+ return "subDefault"; -+ } -+ -+ public static Lookup lookup() { -+ return MethodHandles.lookup(); -+ } -+} -- 2.12.3 diff --git a/8204947-Port-ShenandoahTaskTerminator-to-mainline-an.patch b/8204947-Port-ShenandoahTaskTerminator-to-mainline-an.patch new file mode 100644 index 0000000000000000000000000000000000000000..d65ad816568a2e283aae00aca8c7d255d5db3ec2 --- /dev/null +++ b/8204947-Port-ShenandoahTaskTerminator-to-mainline-an.patch @@ -0,0 +1,888 @@ +From be9a6e1c3f15e798de03ef08c3bca91ef9589c80 Mon Sep 17 00:00:00 2001 +From: wuyan +Date: Thu, 12 Mar 2020 09:41:07 +0800 +Subject: [PATCH] 8204947: Port ShenandoahTaskTerminator to mainline and make + it default + +Summary: : Improve gc performance, port ShenandoahTaskTerminator to mainline and make it default +LLT: jtreg +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8204947 +--- + .../concurrentMarkSweepGeneration.cpp | 72 ++++++++- + .../vm/gc_implementation/g1/concurrentMark.cpp | 4 +- + .../vm/gc_implementation/g1/concurrentMark.hpp | 12 +- + .../vm/gc_implementation/g1/g1CollectedHeap.cpp | 10 +- + .../gc_implementation/parNew/parNewGeneration.cpp | 16 +- + .../gc_implementation/parNew/parNewGeneration.hpp | 2 +- + .../gc_implementation/parallelScavenge/pcTasks.cpp | 4 +- + .../parallelScavenge/psParallelCompact.cpp | 8 +- + .../parallelScavenge/psScavenge.cpp | 11 +- + .../shared/owstTaskTerminator.cpp | 173 +++++++++++++++++++++ + .../shared/owstTaskTerminator.hpp | 80 ++++++++++ + hotspot/src/share/vm/runtime/globals.hpp | 4 + + hotspot/src/share/vm/utilities/taskqueue.cpp | 23 +++ + hotspot/src/share/vm/utilities/taskqueue.hpp | 47 +++++- + hotspot/src/share/vm/utilities/workgroup.hpp | 4 +- + 15 files changed, 424 insertions(+), 46 deletions(-) + create mode 100644 hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp + create mode 100644 hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.hpp + +diff --git a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +index 9d457fd1d6..e42c8b5f39 100644 +--- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ++++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +@@ -41,6 +41,7 @@ + #include "gc_implementation/shared/gcTrace.hpp" + #include "gc_implementation/shared/gcTraceTime.hpp" + #include "gc_implementation/shared/isGCActiveMark.hpp" ++#include "gc_implementation/shared/owstTaskTerminator.hpp" + #include "gc_interface/collectedHeap.inline.hpp" + #include "memory/allocation.hpp" + #include "memory/cardTableRS.hpp" +@@ -3887,7 +3888,7 @@ bool CMSCollector::markFromRootsWork(bool asynch) { + // Forward decl + class CMSConcMarkingTask; + +-class CMSConcMarkingTerminator: public ParallelTaskTerminator { ++class CMSConcMarkingParallelTerminator: public ParallelTaskTerminator { + CMSCollector* _collector; + CMSConcMarkingTask* _task; + public: +@@ -3897,7 +3898,7 @@ class CMSConcMarkingTerminator: public ParallelTaskTerminator { + // "queue_set" is a set of work queues of other threads. + // "collector" is the CMS collector associated with this task terminator. + // "yield" indicates whether we need the gang as a whole to yield. +- CMSConcMarkingTerminator(int n_threads, TaskQueueSetSuper* queue_set, CMSCollector* collector) : ++ CMSConcMarkingParallelTerminator(int n_threads, TaskQueueSetSuper* queue_set, CMSCollector* collector) : + ParallelTaskTerminator(n_threads, queue_set), + _collector(collector) { } + +@@ -3906,6 +3907,45 @@ class CMSConcMarkingTerminator: public ParallelTaskTerminator { + } + }; + ++class CMSConcMarkingOWSTTerminator: public OWSTTaskTerminator { ++ CMSCollector* _collector; ++ CMSConcMarkingTask* _task; ++ public: ++ virtual void yield(); ++ ++ // "n_threads" is the number of threads to be terminated. ++ // "queue_set" is a set of work queues of other threads. ++ // "collector" is the CMS collector associated with this task terminator. ++ // "yield" indicates whether we need the gang as a whole to yield. ++ CMSConcMarkingOWSTTerminator(int n_threads, TaskQueueSetSuper* queue_set, CMSCollector* collector) : ++ OWSTTaskTerminator(n_threads, queue_set), ++ _collector(collector) { } ++ ++ void set_task(CMSConcMarkingTask* task) { ++ _task = task; ++ } ++}; ++ ++class CMSConcMarkingTaskTerminator { ++ private: ++ ParallelTaskTerminator* _term; ++ public: ++ CMSConcMarkingTaskTerminator(int n_threads, TaskQueueSetSuper* queue_set, CMSCollector* collector) { ++ if (UseOWSTTaskTerminator) { ++ _term = new CMSConcMarkingOWSTTerminator(n_threads, queue_set, collector); ++ } else { ++ _term = new CMSConcMarkingParallelTerminator(n_threads, queue_set, collector); ++ } ++ } ++ ~CMSConcMarkingTaskTerminator() { ++ assert(_term != NULL, "Must not be NULL"); ++ delete _term; ++ } ++ ++ void set_task(CMSConcMarkingTask* task); ++ ParallelTaskTerminator* terminator() const { return _term; } ++}; ++ + class CMSConcMarkingTerminatorTerminator: public TerminatorTerminator { + CMSConcMarkingTask* _task; + public: +@@ -3934,7 +3974,7 @@ class CMSConcMarkingTask: public YieldingFlexibleGangTask { + OopTaskQueueSet* _task_queues; + + // Termination (and yielding) support +- CMSConcMarkingTerminator _term; ++ CMSConcMarkingTaskTerminator _term; + CMSConcMarkingTerminatorTerminator _term_term; + + public: +@@ -3964,7 +4004,7 @@ class CMSConcMarkingTask: public YieldingFlexibleGangTask { + + HeapWord*volatile* global_finger_addr() { return &_global_finger; } + +- CMSConcMarkingTerminator* terminator() { return &_term; } ++ ParallelTaskTerminator* terminator() { return _term.terminator(); } + + virtual void set_for_termination(int active_workers) { + terminator()->reset_for_reuse(active_workers); +@@ -3983,7 +4023,7 @@ class CMSConcMarkingTask: public YieldingFlexibleGangTask { + void reset(HeapWord* ra) { + assert(_global_finger >= _cms_space->end(), "Postcondition of ::work(i)"); + _restart_addr = _global_finger = ra; +- _term.reset_for_reuse(); ++ _term.terminator()->reset_for_reuse(); + } + + static bool get_work_from_overflow_stack(CMSMarkStack* ovflw_stk, +@@ -4004,7 +4044,7 @@ bool CMSConcMarkingTerminatorTerminator::should_exit_termination() { + // thread has yielded. + } + +-void CMSConcMarkingTerminator::yield() { ++void CMSConcMarkingParallelTerminator::yield() { + if (_task->should_yield()) { + _task->yield(); + } else { +@@ -4012,6 +4052,22 @@ void CMSConcMarkingTerminator::yield() { + } + } + ++void CMSConcMarkingOWSTTerminator::yield() { ++ if (_task->should_yield()) { ++ _task->yield(); ++ } else { ++ OWSTTaskTerminator::yield(); ++ } ++} ++ ++void CMSConcMarkingTaskTerminator::set_task(CMSConcMarkingTask* task) { ++ if (UseOWSTTaskTerminator) { ++ ((CMSConcMarkingOWSTTerminator*)_term)->set_task(task); ++ } else { ++ ((CMSConcMarkingParallelTerminator*)_term)->set_task(task); ++ } ++} ++ + //////////////////////////////////////////////////////////////// + // Concurrent Marking Algorithm Sketch + //////////////////////////////////////////////////////////////// +@@ -5290,7 +5346,7 @@ class CMSParRemarkTask: public CMSParMarkTask { + + // The per-thread work queues, available here for stealing. + OopTaskQueueSet* _task_queues; +- ParallelTaskTerminator _term; ++ TaskTerminator _term; + + public: + // A value of 0 passed to n_workers will cause the number of +@@ -5309,7 +5365,7 @@ class CMSParRemarkTask: public CMSParMarkTask { + + OopTaskQueue* work_queue(int i) { return task_queues()->queue(i); } + +- ParallelTaskTerminator* terminator() { return &_term; } ++ ParallelTaskTerminator* terminator() { return _term.terminator(); } + int n_workers() { return _n_workers; } + + void work(uint worker_id); +diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +index 0c12478f2f..28dd5aadaa 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +@@ -549,7 +549,7 @@ ConcurrentMark::ConcurrentMark(G1CollectedHeap* g1h, G1RegionToSpaceMapper* prev + // _active_tasks set in set_non_marking_state + // _tasks set inside the constructor + _task_queues(new CMTaskQueueSet((int) _max_worker_id)), +- _terminator(ParallelTaskTerminator((int) _max_worker_id, _task_queues)), ++ _terminator((int) _max_worker_id, _task_queues), + + _has_overflown(false), + _concurrent(false), +@@ -816,7 +816,7 @@ void ConcurrentMark::set_concurrency(uint active_tasks) { + _active_tasks = active_tasks; + // Need to update the three data structures below according to the + // number of active threads for this phase. +- _terminator = ParallelTaskTerminator((int) active_tasks, _task_queues); ++ _terminator = TaskTerminator((int) active_tasks, _task_queues); + _first_overflow_barrier_sync.set_n_workers((int) active_tasks); + _second_overflow_barrier_sync.set_n_workers((int) active_tasks); + } +diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp +index 4c6262415e..02a0cb1843 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp +@@ -427,8 +427,8 @@ protected: + uint _max_worker_id;// maximum worker id + uint _active_tasks; // task num currently active + CMTask** _tasks; // task queue array (max_worker_id len) +- CMTaskQueueSet* _task_queues; // task queue set +- ParallelTaskTerminator _terminator; // for termination ++ CMTaskQueueSet* _task_queues; // Task queue set ++ TaskTerminator _terminator; // For termination + + // Two sync barriers that are used to synchronise tasks when an + // overflow occurs. The algorithm is the following. All tasks enter +@@ -528,10 +528,10 @@ protected: + return _parallel_workers != NULL; + } + +- HeapWord* finger() { return _finger; } +- bool concurrent() { return _concurrent; } +- uint active_tasks() { return _active_tasks; } +- ParallelTaskTerminator* terminator() { return &_terminator; } ++ HeapWord* finger() { return _finger; } ++ bool concurrent() { return _concurrent; } ++ uint active_tasks() { return _active_tasks; } ++ ParallelTaskTerminator* terminator() const { return _terminator.terminator(); } + + // It claims the next available region to be scanned by a marking + // task/thread. It might return NULL if the next region is empty or +diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp b/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +index 2380cf791e..6e575e07e4 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +@@ -4650,7 +4650,7 @@ protected: + G1CollectedHeap* _g1h; + RefToScanQueueSet *_queues; + G1RootProcessor* _root_processor; +- ParallelTaskTerminator _terminator; ++ TaskTerminator _terminator; + uint _n_workers; + + Mutex _stats_lock; +@@ -4672,7 +4672,7 @@ public: + return queues()->queue(i); + } + +- ParallelTaskTerminator* terminator() { return &_terminator; } ++ ParallelTaskTerminator* terminator() { return _terminator.terminator(); } + + virtual void set_for_termination(int active_workers) { + _root_processor->set_num_workers(active_workers); +@@ -4787,7 +4787,7 @@ public: + + { + double start = os::elapsedTime(); +- G1ParEvacuateFollowersClosure evac(_g1h, &pss, _queues, &_terminator); ++ G1ParEvacuateFollowersClosure evac(_g1h, &pss, _queues, _terminator.terminator()); + evac.do_void(); + double elapsed_sec = os::elapsedTime() - start; + double term_sec = pss.term_time(); +@@ -5484,8 +5484,8 @@ public: + void G1STWRefProcTaskExecutor::execute(ProcessTask& proc_task) { + assert(_workers != NULL, "Need parallel worker threads."); + +- ParallelTaskTerminator terminator(_active_workers, _queues); +- G1STWRefProcTaskProxy proc_task_proxy(proc_task, _g1h, _queues, &terminator); ++ TaskTerminator terminator(_active_workers, _queues); ++ G1STWRefProcTaskProxy proc_task_proxy(proc_task, _g1h, _queues, terminator.terminator()); + + _g1h->set_par_threads(_active_workers); + _workers->run_task(&proc_task_proxy); +diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +index 2b9fb53293..67867d4edb 100644 +--- a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +@@ -68,7 +68,7 @@ ParScanThreadState::ParScanThreadState(Space* to_space_, + ObjToScanQueueSet* work_queue_set_, + Stack* overflow_stacks_, + size_t desired_plab_sz_, +- ParallelTaskTerminator& term_) : ++ TaskTerminator& term_) : + _to_space(to_space_), _old_gen(old_gen_), _young_gen(gen_), _thread_num(thread_num_), + _work_queue(work_queue_set_->queue(thread_num_)), _to_space_full(false), + _overflow_stack(overflow_stacks_ ? overflow_stacks_ + thread_num_ : NULL), +@@ -79,7 +79,7 @@ ParScanThreadState::ParScanThreadState(Space* to_space_, + _older_gen_closure(gen_, this), + _evacuate_followers(this, &_to_space_closure, &_old_gen_closure, + &_to_space_root_closure, gen_, &_old_gen_root_closure, +- work_queue_set_, &term_), ++ work_queue_set_, term_.terminator()), + _is_alive_closure(gen_), _scan_weak_ref_closure(gen_, this), + _keep_alive_closure(&_scan_weak_ref_closure), + _strong_roots_time(0.0), _term_time(0.0) +@@ -309,7 +309,7 @@ public: + ObjToScanQueueSet& queue_set, + Stack* overflow_stacks_, + size_t desired_plab_sz, +- ParallelTaskTerminator& term); ++ TaskTerminator& term); + + ~ParScanThreadStateSet() { TASKQUEUE_STATS_ONLY(reset_stats()); } + +@@ -330,12 +330,12 @@ public: + #endif // TASKQUEUE_STATS + + private: +- ParallelTaskTerminator& _term; ++ TaskTerminator& _term; + ParNewGeneration& _gen; + Generation& _next_gen; + public: + bool is_valid(int id) const { return id < length(); } +- ParallelTaskTerminator* terminator() { return &_term; } ++ ParallelTaskTerminator* terminator() { return _term.terminator(); } + }; + + +@@ -343,7 +343,7 @@ ParScanThreadStateSet::ParScanThreadStateSet( + int num_threads, Space& to_space, ParNewGeneration& gen, + Generation& old_gen, ObjToScanQueueSet& queue_set, + Stack* overflow_stacks, +- size_t desired_plab_sz, ParallelTaskTerminator& term) ++ size_t desired_plab_sz, TaskTerminator& term) + : ResourceArray(sizeof(ParScanThreadState), num_threads), + _gen(gen), _next_gen(old_gen), _term(term) + { +@@ -375,7 +375,7 @@ void ParScanThreadStateSet::trace_promotion_failed(YoungGCTracer& gc_tracer) { + + void ParScanThreadStateSet::reset(int active_threads, bool promotion_failed) + { +- _term.reset_for_reuse(active_threads); ++ _term.terminator()->reset_for_reuse(active_threads); + if (promotion_failed) { + for (int i = 0; i < length(); ++i) { + thread_state(i).print_promotion_failure_size(); +@@ -983,7 +983,7 @@ void ParNewGeneration::collect(bool full, + + // Always set the terminator for the active number of workers + // because only those workers go through the termination protocol. +- ParallelTaskTerminator _term(n_workers, task_queues()); ++ TaskTerminator _term(n_workers, task_queues()); + ParScanThreadStateSet thread_state_set(workers->active_workers(), + *to(), *this, *_next_gen, *task_queues(), + _overflow_stacks, desired_plab_sz(), _term); +diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp +index 5c6b6181fa..fa4265a2dc 100644 +--- a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp +@@ -132,7 +132,7 @@ class ParScanThreadState { + ObjToScanQueueSet* work_queue_set_, + Stack* overflow_stacks_, + size_t desired_plab_sz_, +- ParallelTaskTerminator& term_); ++ TaskTerminator& term_); + + public: + ageTable* age_table() {return &_ageTable;} +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp +index 7d85c34947..35ea2992b7 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp +@@ -172,7 +172,7 @@ void RefProcTaskExecutor::execute(ProcessTask& task) + uint parallel_gc_threads = heap->gc_task_manager()->workers(); + uint active_gc_threads = heap->gc_task_manager()->active_workers(); + OopTaskQueueSet* qset = ParCompactionManager::stack_array(); +- ParallelTaskTerminator terminator(active_gc_threads, qset); ++ TaskTerminator terminator(active_gc_threads, qset); + GCTaskQueue* q = GCTaskQueue::create(); + for(uint i=0; ienqueue(new RefProcTaskProxy(task, i)); +@@ -180,7 +180,7 @@ void RefProcTaskExecutor::execute(ProcessTask& task) + if (task.marks_oops_alive()) { + if (parallel_gc_threads>1) { + for (uint j=0; jenqueue(new StealMarkingTask(&terminator)); ++ q->enqueue(new StealMarkingTask(terminator.terminator())); + } + } + } +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +index bdf254d61d..001b365d88 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +@@ -2356,7 +2356,7 @@ void PSParallelCompact::marking_phase(ParCompactionManager* cm, + uint parallel_gc_threads = heap->gc_task_manager()->workers(); + uint active_gc_threads = heap->gc_task_manager()->active_workers(); + TaskQueueSetSuper* qset = ParCompactionManager::stack_array(); +- ParallelTaskTerminator terminator(active_gc_threads, qset); ++ TaskTerminator terminator(active_gc_threads, qset); + + PSParallelCompact::MarkAndPushClosure mark_and_push_closure(cm); + PSParallelCompact::FollowStackClosure follow_stack_closure(cm); +@@ -2385,7 +2385,7 @@ void PSParallelCompact::marking_phase(ParCompactionManager* cm, + + if (active_gc_threads > 1) { + for (uint j = 0; j < active_gc_threads; j++) { +- q->enqueue(new StealMarkingTask(&terminator)); ++ q->enqueue(new StealMarkingTask(terminator.terminator())); + } + } + +@@ -2692,12 +2692,12 @@ void PSParallelCompact::compact() { + uint parallel_gc_threads = heap->gc_task_manager()->workers(); + uint active_gc_threads = heap->gc_task_manager()->active_workers(); + TaskQueueSetSuper* qset = ParCompactionManager::region_array(); +- ParallelTaskTerminator terminator(active_gc_threads, qset); ++ TaskTerminator terminator(active_gc_threads, qset); + + GCTaskQueue* q = GCTaskQueue::create(); + enqueue_region_draining_tasks(q, active_gc_threads); + enqueue_dense_prefix_tasks(q, active_gc_threads); +- enqueue_region_stealing_tasks(q, &terminator, active_gc_threads); ++ enqueue_region_stealing_tasks(q, terminator.terminator(), active_gc_threads); + + { + GCTraceTime tm_pc("par compact", print_phases(), true, &_gc_timer, _gc_tracer.gc_id()); +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp +index 5d7e99bd2c..12e282eeb1 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psScavenge.cpp +@@ -189,11 +189,11 @@ void PSRefProcTaskExecutor::execute(ProcessTask& task) + for(uint i=0; i < manager->active_workers(); i++) { + q->enqueue(new PSRefProcTaskProxy(task, i)); + } +- ParallelTaskTerminator terminator(manager->active_workers(), ++ TaskTerminator terminator(manager->active_workers(), + (TaskQueueSetSuper*) PSPromotionManager::stack_array_depth()); + if (task.marks_oops_alive() && manager->active_workers() > 1) { + for (uint j = 0; j < manager->active_workers(); j++) { +- q->enqueue(new StealTask(&terminator)); ++ q->enqueue(new StealTask(terminator.terminator())); + } + } + manager->execute_and_wait(q); +@@ -422,12 +422,11 @@ bool PSScavenge::invoke_no_policy() { + q->enqueue(new ScavengeRootsTask(ScavengeRootsTask::jvmti)); + q->enqueue(new ScavengeRootsTask(ScavengeRootsTask::code_cache)); + +- ParallelTaskTerminator terminator( +- active_workers, +- (TaskQueueSetSuper*) promotion_manager->stack_array_depth()); ++ TaskTerminator terminator(active_workers, ++ (TaskQueueSetSuper*) promotion_manager->stack_array_depth()); + if (active_workers > 1) { + for (uint j = 0; j < active_workers; j++) { +- q->enqueue(new StealTask(&terminator)); ++ q->enqueue(new StealTask(terminator.terminator())); + } + } + +diff --git a/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp +new file mode 100644 +index 0000000000..9438f6a9ea +--- /dev/null ++++ b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp +@@ -0,0 +1,173 @@ ++/* ++ * Copyright (c) 2018, Red Hat, Inc. All rights reserved. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ * ++ */ ++ ++#include "precompiled.hpp" ++ ++#include "owstTaskTerminator.hpp" ++ ++bool OWSTTaskTerminator::exit_termination(size_t tasks, TerminatorTerminator* terminator) { ++ return tasks > 0 || (terminator != NULL && terminator->should_exit_termination()); ++} ++ ++bool OWSTTaskTerminator::offer_termination(TerminatorTerminator* terminator) { ++ assert(_n_threads > 0, "Initialization is incorrect"); ++ assert(_offered_termination < _n_threads, "Invariant"); ++ assert(_blocker != NULL, "Invariant"); ++ ++ // Single worker, done ++ if (_n_threads == 1) { ++ _offered_termination = 1; ++ return true; ++ } ++ ++ _blocker->lock_without_safepoint_check(); ++ // All arrived, done ++ _offered_termination++; ++ if (_offered_termination == _n_threads) { ++ _blocker->notify_all(); ++ _blocker->unlock(); ++ return true; ++ } ++ ++ Thread* the_thread = Thread::current(); ++ while (true) { ++ if (_spin_master == NULL) { ++ _spin_master = the_thread; ++ ++ _blocker->unlock(); ++ ++ if (do_spin_master_work(terminator)) { ++ assert(_offered_termination == _n_threads, "termination condition"); ++ return true; ++ } else { ++ _blocker->lock_without_safepoint_check(); ++ } ++ } else { ++ _blocker->wait(true, WorkStealingSleepMillis); ++ ++ if (_offered_termination == _n_threads) { ++ _blocker->unlock(); ++ return true; ++ } ++ } ++ ++ size_t tasks = tasks_in_queue_set(); ++ if (exit_termination(tasks, terminator)) { ++ _offered_termination--; ++ _blocker->unlock(); ++ return false; ++ } ++ } ++} ++ ++bool OWSTTaskTerminator::do_spin_master_work(TerminatorTerminator* terminator) { ++ uint yield_count = 0; ++ // Number of hard spin loops done since last yield ++ uint hard_spin_count = 0; ++ // Number of iterations in the hard spin loop. ++ uint hard_spin_limit = WorkStealingHardSpins; ++ ++ // If WorkStealingSpinToYieldRatio is 0, no hard spinning is done. ++ // If it is greater than 0, then start with a small number ++ // of spins and increase number with each turn at spinning until ++ // the count of hard spins exceeds WorkStealingSpinToYieldRatio. ++ // Then do a yield() call and start spinning afresh. ++ if (WorkStealingSpinToYieldRatio > 0) { ++ hard_spin_limit = WorkStealingHardSpins >> WorkStealingSpinToYieldRatio; ++ hard_spin_limit = MAX2(hard_spin_limit, 1U); ++ } ++ // Remember the initial spin limit. ++ uint hard_spin_start = hard_spin_limit; ++ ++ // Loop waiting for all threads to offer termination or ++ // more work. ++ while (true) { ++ // Look for more work. ++ // Periodically sleep() instead of yield() to give threads ++ // waiting on the cores the chance to grab this code ++ if (yield_count <= WorkStealingYieldsBeforeSleep) { ++ // Do a yield or hardspin. For purposes of deciding whether ++ // to sleep, count this as a yield. ++ yield_count++; ++ ++ // Periodically call yield() instead spinning ++ // After WorkStealingSpinToYieldRatio spins, do a yield() call ++ // and reset the counts and starting limit. ++ if (hard_spin_count > WorkStealingSpinToYieldRatio) { ++ yield(); ++ hard_spin_count = 0; ++ hard_spin_limit = hard_spin_start; ++#ifdef TRACESPINNING ++ _total_yields++; ++#endif ++ } else { ++ // Hard spin this time ++ // Increase the hard spinning period but only up to a limit. ++ hard_spin_limit = MIN2(2*hard_spin_limit, ++ (uint) WorkStealingHardSpins); ++ for (uint j = 0; j < hard_spin_limit; j++) { ++ SpinPause(); ++ } ++ hard_spin_count++; ++#ifdef TRACESPINNING ++ _total_spins++; ++#endif ++ } ++ } else { ++ if (PrintGCDetails && Verbose) { ++ gclog_or_tty->print_cr("OWSTTaskTerminator::do_spin_master_work() thread " PTR_FORMAT " sleeps after %u yields", ++ p2i(Thread::current()), yield_count); ++ } ++ yield_count = 0; ++ ++ MonitorLockerEx locker(_blocker, Mutex::_no_safepoint_check_flag); ++ _spin_master = NULL; ++ locker.wait(Mutex::_no_safepoint_check_flag, WorkStealingSleepMillis); ++ if (_spin_master == NULL) { ++ _spin_master = Thread::current(); ++ } else { ++ return false; ++ } ++ } ++ ++#ifdef TRACESPINNING ++ _total_peeks++; ++#endif ++ size_t tasks = tasks_in_queue_set(); ++ if (exit_termination(tasks, terminator)) { ++ MonitorLockerEx locker(_blocker, Mutex::_no_safepoint_check_flag); ++ if ((int) tasks >= _offered_termination - 1) { ++ locker.notify_all(); ++ } else { ++ for (; tasks > 1; tasks--) { ++ locker.notify(); ++ } ++ } ++ _spin_master = NULL; ++ return false; ++ } else if (_offered_termination == _n_threads) { ++ return true; ++ } ++ } ++} ++ +diff --git a/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.hpp b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.hpp +new file mode 100644 +index 0000000000..ad50889d43 +--- /dev/null ++++ b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.hpp +@@ -0,0 +1,80 @@ ++/* ++ * Copyright (c) 2018, Red Hat, Inc. All rights reserved. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ * ++ */ ++#ifndef SHARE_VM_GC_SHARED_OWSTTASKTERMINATOR_HPP ++#define SHARE_VM_GC_SHARED_OWSTTASKTERMINATOR_HPP ++ ++#include "runtime/mutex.hpp" ++#include "runtime/thread.hpp" ++#include "utilities/taskqueue.hpp" ++ ++/* ++ * OWST stands for Optimized Work Stealing Threads ++ * ++ * This is an enhanced implementation of Google's work stealing ++ * protocol, which is described in the paper: ++ * "Wessam Hassanein. 2016. Understanding and improving JVM GC work ++ * stealing at the data center scale. In Proceedings of the 2016 ACM ++ * SIGPLAN International Symposium on Memory Management (ISMM 2016). ACM, ++ * New York, NY, USA, 46-54. DOI: https://doi.org/10.1145/2926697.2926706" ++ * ++ * Instead of a dedicated spin-master, our implementation will let spin-master relinquish ++ * the role before it goes to sleep/wait, allowing newly arrived threads to compete for the role. ++ * The intention of above enhancement is to reduce spin-master's latency on detecting new tasks ++ * for stealing and termination condition. ++ */ ++ ++class OWSTTaskTerminator: public ParallelTaskTerminator { ++private: ++ Monitor* _blocker; ++ Thread* _spin_master; ++ ++public: ++ OWSTTaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set) : ++ ParallelTaskTerminator(n_threads, queue_set), _spin_master(NULL) { ++ _blocker = new Monitor(Mutex::leaf, "OWSTTaskTerminator", false); ++ } ++ ++ virtual ~OWSTTaskTerminator() { ++ assert(_blocker != NULL, "Can not be NULL"); ++ delete _blocker; ++ } ++ ++ bool offer_termination(TerminatorTerminator* terminator); ++ ++protected: ++ // If should exit current termination protocol ++ virtual bool exit_termination(size_t tasks, TerminatorTerminator* terminator); ++ ++private: ++ size_t tasks_in_queue_set() { return _queue_set->tasks(); } ++ ++ /* ++ * Perform spin-master task. ++ * Return true if termination condition is detected, otherwise return false ++ */ ++ bool do_spin_master_work(TerminatorTerminator* terminator); ++}; ++ ++ ++#endif // SHARE_VM_GC_SHARED_OWSTTASKTERMINATOR_HPP ++ +diff --git a/hotspot/src/share/vm/runtime/globals.hpp b/hotspot/src/share/vm/runtime/globals.hpp +index 0cf5ac1a8c..28e1bfd8e1 100644 +--- a/hotspot/src/share/vm/runtime/globals.hpp ++++ b/hotspot/src/share/vm/runtime/globals.hpp +@@ -2020,6 +2020,10 @@ class CommandLineFlags { + develop(uintx, PromotionFailureALotInterval, 5, \ + "Total collections between promotion failures alot") \ + \ ++ diagnostic(bool, UseOWSTTaskTerminator, true, \ ++ "Use Optimized Work Stealing Threads task termination " \ ++ "protocol") \ ++ \ + experimental(uintx, WorkStealingSleepMillis, 1, \ + "Sleep time when sleep is used for yields") \ + \ +diff --git a/hotspot/src/share/vm/utilities/taskqueue.cpp b/hotspot/src/share/vm/utilities/taskqueue.cpp +index da2e928b8a..0f4dcc90ba 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.cpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.cpp +@@ -29,6 +29,7 @@ + #include "utilities/debug.hpp" + #include "utilities/stack.inline.hpp" + #include "utilities/taskqueue.hpp" ++#include "gc_implementation/shared/owstTaskTerminator.hpp" + + PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC + +@@ -268,3 +269,25 @@ void ParallelTaskTerminator::reset_for_reuse(int n_threads) { + reset_for_reuse(); + _n_threads = n_threads; + } ++ ++TaskTerminator::TaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set) : ++ _terminator(UseOWSTTaskTerminator ? new OWSTTaskTerminator(n_threads, queue_set) ++ : new ParallelTaskTerminator(n_threads, queue_set)) { ++} ++ ++TaskTerminator::~TaskTerminator() { ++ if (_terminator != NULL) { ++ delete _terminator; ++ } ++} ++ ++// Move assignment ++TaskTerminator& TaskTerminator::operator=(const TaskTerminator& o) { ++ if (_terminator != NULL) { ++ delete _terminator; ++ } ++ _terminator = o.terminator(); ++ const_cast(o)._terminator = NULL; ++ return *this; ++} ++ +diff --git a/hotspot/src/share/vm/utilities/taskqueue.hpp b/hotspot/src/share/vm/utilities/taskqueue.hpp +index 34ad795e62..dec76c51cc 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.hpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.hpp +@@ -500,6 +500,8 @@ protected: + public: + // Returns "true" if some TaskQueue in the set contains a task. + virtual bool peek() = 0; ++ // Tasks in queue ++ virtual uint tasks() const = 0; + virtual size_t tasks() = 0; + }; + +@@ -537,6 +539,7 @@ public: + bool steal(uint queue_num, int* seed, E& t); + + bool peek(); ++ uint tasks() const; + size_t tasks(); + + uint size() const { return _n; } +@@ -606,6 +609,15 @@ size_t GenericTaskQueueSet::tasks() { + return n; + } + ++template ++uint GenericTaskQueueSet::tasks() const { ++ uint n = 0; ++ for (uint j = 0; j < _n; j++) { ++ n += _queues[j]->size(); ++ } ++ return n; ++} ++ + // When to terminate from the termination protocol. + class TerminatorTerminator: public CHeapObj { + public: +@@ -617,7 +629,7 @@ public: + + #undef TRACESPINNING + +-class ParallelTaskTerminator: public StackObj { ++class ParallelTaskTerminator: public CHeapObj { + protected: + int _n_threads; + TaskQueueSetSuper* _queue_set; +@@ -653,7 +665,7 @@ public: + // As above, but it also terminates if the should_exit_termination() + // method of the terminator parameter returns true. If terminator is + // NULL, then it is ignored. +- bool offer_termination(TerminatorTerminator* terminator); ++ virtual bool offer_termination(TerminatorTerminator* terminator); + + // Reset the terminator, so that it may be reused again. + // The caller is responsible for ensuring that this is done +@@ -672,6 +684,37 @@ public: + #endif + }; + ++#ifdef _MSC_VER ++#pragma warning(push) ++// warning C4521: multiple copy constructors specified ++#pragma warning(disable:4521) ++// warning C4522: multiple assignment operators specified ++#pragma warning(disable:4522) ++#endif ++ ++class TaskTerminator : public StackObj { ++private: ++ ParallelTaskTerminator* _terminator; ++ ++ // Disable following copy constructors and assignment operator ++ TaskTerminator(TaskTerminator& o) { } ++ TaskTerminator(const TaskTerminator& o) { } ++ TaskTerminator& operator=(TaskTerminator& o) { return *this; } ++public: ++ TaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set); ++ ~TaskTerminator(); ++ ++ // Move assignment ++ TaskTerminator& operator=(const TaskTerminator& o); ++ ++ ParallelTaskTerminator* terminator() const { ++ return _terminator; ++ } ++}; ++#ifdef _MSC_VER ++#pragma warning(pop) ++#endif ++ + template inline bool + GenericTaskQueue::push(E t) { + uint localBot = _bottom; +diff --git a/hotspot/src/share/vm/utilities/workgroup.hpp b/hotspot/src/share/vm/utilities/workgroup.hpp +index ef2dff4932..dd95651572 100644 +--- a/hotspot/src/share/vm/utilities/workgroup.hpp ++++ b/hotspot/src/share/vm/utilities/workgroup.hpp +@@ -97,11 +97,11 @@ public: + + class AbstractGangTaskWOopQueues : public AbstractGangTask { + OopTaskQueueSet* _queues; +- ParallelTaskTerminator _terminator; ++ TaskTerminator _terminator; + public: + AbstractGangTaskWOopQueues(const char* name, OopTaskQueueSet* queues) : + AbstractGangTask(name), _queues(queues), _terminator(0, _queues) {} +- ParallelTaskTerminator* terminator() { return &_terminator; } ++ ParallelTaskTerminator* terminator() { return _terminator.terminator(); } + virtual void set_for_termination(int active_workers) { + terminator()->reset_for_reuse(active_workers); + } +-- +2.12.3 + diff --git a/8205921-Optimizing-best-of-2-work-stealing-queue-sel.patch b/8205921-Optimizing-best-of-2-work-stealing-queue-sel.patch new file mode 100644 index 0000000000000000000000000000000000000000..c95149e0529abb9af4d8d1715c0e78cf23596b92 --- /dev/null +++ b/8205921-Optimizing-best-of-2-work-stealing-queue-sel.patch @@ -0,0 +1,668 @@ +From b325bb23c804a9ff2e1b8bf67dfc421ba1bdd0ab Mon Sep 17 00:00:00 2001 +From: wuyan +Date: Thu, 12 Mar 2020 11:09:48 +0800 +Subject: [PATCH] 8205921: Optimizing best-of-2 work stealing queue selection + +Summary: : Improve gc performance, optimizing best-of-2 work stealing queue selection +LLT: jtreg +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8205921 +--- + .../concurrentMarkSweepGeneration.cpp | 29 ++---- + .../concurrentMarkSweepGeneration.hpp | 3 - + .../vm/gc_implementation/g1/concurrentMark.cpp | 4 +- + .../vm/gc_implementation/g1/concurrentMark.hpp | 6 +- + .../gc_implementation/g1/g1ParScanThreadState.cpp | 2 +- + .../gc_implementation/g1/g1ParScanThreadState.hpp | 2 - + .../g1/g1ParScanThreadState.inline.hpp | 2 +- + .../gc_implementation/parNew/parNewGeneration.cpp | 2 - + .../gc_implementation/parNew/parNewGeneration.hpp | 2 - + .../gc_implementation/parallelScavenge/pcTasks.cpp | 8 +- + .../parallelScavenge/psCompactionManager.hpp | 12 +-- + .../parallelScavenge/psPromotionManager.hpp | 4 +- + .../gc_implementation/parallelScavenge/psTasks.cpp | 3 +- + .../shenandoah/shenandoahConcurrentMark.cpp | 3 +- + .../shenandoah/shenandoahTraversalGC.cpp | 4 +- + hotspot/src/share/vm/memory/padded.hpp | 6 ++ + hotspot/src/share/vm/utilities/taskqueue.cpp | 18 ---- + hotspot/src/share/vm/utilities/taskqueue.hpp | 106 +++++++++++++++++---- + 18 files changed, 121 insertions(+), 95 deletions(-) + +diff --git a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +index e42c8b5f39..84bc2eeeb8 100644 +--- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ++++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +@@ -680,11 +680,6 @@ CMSCollector::CMSCollector(ConcurrentMarkSweepGeneration* cmsGen, + warning("task_queues allocation failure."); + return; + } +- _hash_seed = NEW_C_HEAP_ARRAY(int, num_queues, mtGC); +- if (_hash_seed == NULL) { +- warning("_hash_seed array allocation failure"); +- return; +- } + + typedef Padded PaddedOopTaskQueue; + for (i = 0; i < num_queues; i++) { +@@ -697,7 +692,6 @@ CMSCollector::CMSCollector(ConcurrentMarkSweepGeneration* cmsGen, + } + for (i = 0; i < num_queues; i++) { + _task_queues->queue(i)->initialize(); +- _hash_seed[i] = 17; // copied from ParNew + } + } + } +@@ -4394,7 +4388,6 @@ void CMSConcMarkingTask::do_work_steal(int i) { + oop obj_to_scan; + CMSBitMap* bm = &(_collector->_markBitMap); + CMSMarkStack* ovflw = &(_collector->_markStack); +- int* seed = _collector->hash_seed(i); + Par_ConcMarkingClosure cl(_collector, this, work_q, bm, ovflw); + while (true) { + cl.trim_queue(0); +@@ -4404,7 +4397,7 @@ void CMSConcMarkingTask::do_work_steal(int i) { + // overflow stack may already have been stolen from us. + // assert(work_q->size() > 0, "Work from overflow stack"); + continue; +- } else if (task_queues()->steal(i, seed, /* reference */ obj_to_scan)) { ++ } else if (task_queues()->steal(i, /* reference */ obj_to_scan)) { + assert(obj_to_scan->is_oop(), "Should be an oop"); + assert(bm->isMarked((HeapWord*)obj_to_scan), "Grey object"); + obj_to_scan->oop_iterate(&cl); +@@ -5376,7 +5369,7 @@ class CMSParRemarkTask: public CMSParMarkTask { + Par_MarkRefsIntoAndScanClosure* cl); + + // ... work stealing for the above +- void do_work_steal(int i, Par_MarkRefsIntoAndScanClosure* cl, int* seed); ++ void do_work_steal(int i, Par_MarkRefsIntoAndScanClosure* cl); + }; + + class RemarkKlassClosure : public KlassClosure { +@@ -5542,7 +5535,7 @@ void CMSParRemarkTask::work(uint worker_id) { + // ---------- ... and drain overflow list. + _timer.reset(); + _timer.start(); +- do_work_steal(worker_id, &par_mrias_cl, _collector->hash_seed(worker_id)); ++ do_work_steal(worker_id, &par_mrias_cl); + _timer.stop(); + if (PrintCMSStatistics != 0) { + gclog_or_tty->print_cr( +@@ -5699,8 +5692,7 @@ CMSParRemarkTask::do_dirty_card_rescan_tasks( + + // . see if we can share work_queues with ParNew? XXX + void +-CMSParRemarkTask::do_work_steal(int i, Par_MarkRefsIntoAndScanClosure* cl, +- int* seed) { ++CMSParRemarkTask::do_work_steal(int i, Par_MarkRefsIntoAndScanClosure* cl) { + OopTaskQueue* work_q = work_queue(i); + NOT_PRODUCT(int num_steals = 0;) + oop obj_to_scan; +@@ -5731,7 +5723,7 @@ CMSParRemarkTask::do_work_steal(int i, Par_MarkRefsIntoAndScanClosure* cl, + // Verify that we have no work before we resort to stealing + assert(work_q->size() == 0, "Have work, shouldn't steal"); + // Try to steal from other queues that have work +- if (task_queues()->steal(i, seed, /* reference */ obj_to_scan)) { ++ if (task_queues()->steal(i,/* reference */ obj_to_scan)) { + NOT_PRODUCT(num_steals++;) + assert(obj_to_scan->is_oop(), "Oops, not an oop!"); + assert(bm->isMarked((HeapWord*)obj_to_scan), "Stole an unmarked oop?"); +@@ -6144,8 +6136,7 @@ public: + + void do_work_steal(int i, + CMSParDrainMarkingStackClosure* drain, +- CMSParKeepAliveClosure* keep_alive, +- int* seed); ++ CMSParKeepAliveClosure* keep_alive); + + virtual void work(uint worker_id); + }; +@@ -6163,8 +6154,7 @@ void CMSRefProcTaskProxy::work(uint worker_id) { + CMSIsAliveClosure is_alive_closure(_span, _mark_bit_map); + _task.work(worker_id, is_alive_closure, par_keep_alive, par_drain_stack); + if (_task.marks_oops_alive()) { +- do_work_steal(worker_id, &par_drain_stack, &par_keep_alive, +- _collector->hash_seed(worker_id)); ++ do_work_steal(worker_id, &par_drain_stack, &par_keep_alive); + } + assert(work_queue(worker_id)->size() == 0, "work_queue should be empty"); + assert(_collector->_overflow_list == NULL, "non-empty _overflow_list"); +@@ -6199,8 +6189,7 @@ CMSParKeepAliveClosure::CMSParKeepAliveClosure(CMSCollector* collector, + // . see if we can share work_queues with ParNew? XXX + void CMSRefProcTaskProxy::do_work_steal(int i, + CMSParDrainMarkingStackClosure* drain, +- CMSParKeepAliveClosure* keep_alive, +- int* seed) { ++ CMSParKeepAliveClosure* keep_alive) { + OopTaskQueue* work_q = work_queue(i); + NOT_PRODUCT(int num_steals = 0;) + oop obj_to_scan; +@@ -6229,7 +6218,7 @@ void CMSRefProcTaskProxy::do_work_steal(int i, + // Verify that we have no work before we resort to stealing + assert(work_q->size() == 0, "Have work, shouldn't steal"); + // Try to steal from other queues that have work +- if (task_queues()->steal(i, seed, /* reference */ obj_to_scan)) { ++ if (task_queues()->steal(i, /* reference */ obj_to_scan)) { + NOT_PRODUCT(num_steals++;) + assert(obj_to_scan->is_oop(), "Oops, not an oop!"); + assert(_mark_bit_map->isMarked((HeapWord*)obj_to_scan), "Stole an unmarked oop?"); +diff --git a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp +index 8b65d34268..ca3fee21b8 100644 +--- a/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp ++++ b/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.hpp +@@ -563,8 +563,6 @@ class CMSCollector: public CHeapObj { + Stack _preserved_oop_stack; + Stack _preserved_mark_stack; + +- int* _hash_seed; +- + // In support of multi-threaded concurrent phases + YieldingFlexibleWorkGang* _conc_workers; + +@@ -741,7 +739,6 @@ class CMSCollector: public CHeapObj { + bool stop_world_and_do(CMS_op_type op); + + OopTaskQueueSet* task_queues() { return _task_queues; } +- int* hash_seed(int i) { return &_hash_seed[i]; } + YieldingFlexibleWorkGang* conc_workers() { return _conc_workers; } + + // Support for parallelizing Eden rescan in CMS remark phase +diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +index 28dd5aadaa..271b33a577 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +@@ -4421,7 +4421,7 @@ void CMTask::do_marking_step(double time_target_ms, + oop obj; + statsOnly( ++_steal_attempts ); + +- if (_cm->try_stealing(_worker_id, &_hash_seed, obj)) { ++ if (_cm->try_stealing(_worker_id, obj)) { + if (_cm->verbose_medium()) { + gclog_or_tty->print_cr("[%u] stolen " PTR_FORMAT " successfully", + _worker_id, p2i((void*) obj)); +@@ -4605,7 +4605,7 @@ CMTask::CMTask(uint worker_id, + : _g1h(G1CollectedHeap::heap()), + _worker_id(worker_id), _cm(cm), + _claimed(false), +- _nextMarkBitMap(NULL), _hash_seed(17), ++ _nextMarkBitMap(NULL), + _task_queue(task_queue), + _task_queues(task_queues), + _cm_oop_closure(NULL), +diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp +index 02a0cb1843..1d785c1962 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.hpp +@@ -679,8 +679,8 @@ public: + } + + // Attempts to steal an object from the task queues of other tasks +- bool try_stealing(uint worker_id, int* hash_seed, oop& obj) { +- return _task_queues->steal(worker_id, hash_seed, obj); ++ bool try_stealing(uint worker_id, oop& obj) { ++ return _task_queues->steal(worker_id, obj); + } + + ConcurrentMark(G1CollectedHeap* g1h, +@@ -1004,8 +1004,6 @@ private: + // it was decreased). + size_t _real_refs_reached_limit; + +- // used by the work stealing stuff +- int _hash_seed; + // if this is true, then the task has aborted for some reason + bool _has_aborted; + // set when the task aborts because it has met its time quota +diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.cpp b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.cpp +index fc86a50cf8..7e2a61c1a1 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.cpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.cpp +@@ -36,7 +36,7 @@ G1ParScanThreadState::G1ParScanThreadState(G1CollectedHeap* g1h, uint queue_num, + _dcq(&g1h->dirty_card_queue_set()), + _ct_bs(g1h->g1_barrier_set()), + _g1_rem(g1h->g1_rem_set()), +- _hash_seed(17), _queue_num(queue_num), ++ _queue_num(queue_num), + _term_attempts(0), + _tenuring_threshold(g1h->g1_policy()->tenuring_threshold()), + _age_table(false), _scanner(g1h, rp), +diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.hpp b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.hpp +index d5350310e1..ce6e85c4b0 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.hpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.hpp +@@ -59,7 +59,6 @@ class G1ParScanThreadState : public StackObj { + + OopsInHeapRegionClosure* _evac_failure_cl; + +- int _hash_seed; + uint _queue_num; + + size_t _term_attempts; +@@ -129,7 +128,6 @@ class G1ParScanThreadState : public StackObj { + + OopsInHeapRegionClosure* evac_failure_closure() { return _evac_failure_cl; } + +- int* hash_seed() { return &_hash_seed; } + uint queue_num() { return _queue_num; } + + size_t term_attempts() const { return _term_attempts; } +diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.inline.hpp b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.inline.hpp +index 1b03f8caae..7dedb15178 100644 +--- a/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.inline.hpp ++++ b/hotspot/src/share/vm/gc_implementation/g1/g1ParScanThreadState.inline.hpp +@@ -131,7 +131,7 @@ inline void G1ParScanThreadState::dispatch_reference(StarTask ref) { + + void G1ParScanThreadState::steal_and_trim_queue(RefToScanQueueSet *task_queues) { + StarTask stolen_task; +- while (task_queues->steal(queue_num(), hash_seed(), stolen_task)) { ++ while (task_queues->steal(queue_num(), stolen_task)) { + assert(verify_task(stolen_task), "sanity"); + dispatch_reference(stolen_task); + +diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +index 67867d4edb..107a10cab7 100644 +--- a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +@@ -92,7 +92,6 @@ ParScanThreadState::ParScanThreadState(Space* to_space_, + + _survivor_chunk_array = + (ChunkArray*) old_gen()->get_data_recorder(thread_num()); +- _hash_seed = 17; // Might want to take time-based random value. + _start = os::elapsedTime(); + _old_gen_closure.set_generation(old_gen_); + _old_gen_root_closure.set_generation(old_gen_); +@@ -560,7 +559,6 @@ void ParEvacuateFollowersClosure::do_void() { + + // attempt to steal work from promoted. + if (task_queues()->steal(par_scan_state()->thread_num(), +- par_scan_state()->hash_seed(), + obj_to_scan)) { + bool res = work_q->push(obj_to_scan); + assert(res, "Empty queue should have room for a push."); +diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp +index fa4265a2dc..ea527fdb56 100644 +--- a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.hpp +@@ -95,7 +95,6 @@ class ParScanThreadState { + + HeapWord *_young_old_boundary; + +- int _hash_seed; + int _thread_num; + ageTable _ageTable; + +@@ -161,7 +160,6 @@ class ParScanThreadState { + // Is new_obj a candidate for scan_partial_array_and_push_remainder method. + inline bool should_be_partially_scanned(oop new_obj, oop old_obj) const; + +- int* hash_seed() { return &_hash_seed; } + int thread_num() { return _thread_num; } + + // Allocate a to-space block of size "sz", or else return NULL. +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp +index 35ea2992b7..37610f3d14 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/pcTasks.cpp +@@ -217,14 +217,13 @@ void StealMarkingTask::do_it(GCTaskManager* manager, uint which) { + + oop obj = NULL; + ObjArrayTask task; +- int random_seed = 17; + do { +- while (ParCompactionManager::steal_objarray(which, &random_seed, task)) { ++ while (ParCompactionManager::steal_objarray(which, task)) { + ObjArrayKlass* k = (ObjArrayKlass*)task.obj()->klass(); + k->oop_follow_contents(cm, task.obj(), task.index()); + cm->follow_marking_stacks(); + } +- while (ParCompactionManager::steal(which, &random_seed, obj)) { ++ while (ParCompactionManager::steal(which, obj)) { + obj->follow_contents(cm); + cm->follow_marking_stacks(); + } +@@ -280,13 +279,12 @@ void StealRegionCompactionTask::do_it(GCTaskManager* manager, uint which) { + cm->drain_region_stacks(); + + size_t region_index = 0; +- int random_seed = 17; + + // If we're the termination task, try 10 rounds of stealing before + // setting the termination flag + + while(true) { +- if (ParCompactionManager::steal(which, &random_seed, region_index)) { ++ if (ParCompactionManager::steal(which, region_index)) { + PSParallelCompact::fill_and_update_region(cm, region_index); + cm->drain_region_stacks(); + } else { +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psCompactionManager.hpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psCompactionManager.hpp +index 7d7a9f495a..a16a167623 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psCompactionManager.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psCompactionManager.hpp +@@ -177,16 +177,16 @@ private: + // Access function for compaction managers + static ParCompactionManager* gc_thread_compaction_manager(int index); + +- static bool steal(int queue_num, int* seed, oop& t) { +- return stack_array()->steal(queue_num, seed, t); ++ static bool steal(int queue_num, oop& t) { ++ return stack_array()->steal(queue_num, t); + } + +- static bool steal_objarray(int queue_num, int* seed, ObjArrayTask& t) { +- return _objarray_queues->steal(queue_num, seed, t); ++ static bool steal_objarray(int queue_num, ObjArrayTask& t) { ++ return _objarray_queues->steal(queue_num, t); + } + +- static bool steal(int queue_num, int* seed, size_t& region) { +- return region_array()->steal(queue_num, seed, region); ++ static bool steal(int queue_num, size_t& region) { ++ return region_array()->steal(queue_num, region); + } + + // Process tasks remaining on any marking stack +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPromotionManager.hpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPromotionManager.hpp +index 69292400f3..6983249509 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPromotionManager.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPromotionManager.hpp +@@ -160,8 +160,8 @@ class PSPromotionManager VALUE_OBJ_CLASS_SPEC { + static PSPromotionManager* gc_thread_promotion_manager(int index); + static PSPromotionManager* vm_thread_promotion_manager(); + +- static bool steal_depth(int queue_num, int* seed, StarTask& t) { +- return stack_array_depth()->steal(queue_num, seed, t); ++ static bool steal_depth(int queue_num, StarTask& t) { ++ return stack_array_depth()->steal(queue_num, t); + } + + PSPromotionManager(); +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psTasks.cpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psTasks.cpp +index f829e93440..4fe869fd63 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psTasks.cpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psTasks.cpp +@@ -151,10 +151,9 @@ void StealTask::do_it(GCTaskManager* manager, uint which) { + guarantee(pm->stacks_empty(), + "stacks should be empty at this point"); + +- int random_seed = 17; + while(true) { + StarTask p; +- if (PSPromotionManager::steal_depth(which, &random_seed, p)) { ++ if (PSPromotionManager::steal_depth(which, p)) { + TASKQUEUE_STATS_ONLY(pm->record_steal(p)); + pm->process_popped_location_depth(p); + pm->drain_stacks_depth(true); +diff --git a/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahConcurrentMark.cpp b/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahConcurrentMark.cpp +index d26d25e102..a54ecf7451 100644 +--- a/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahConcurrentMark.cpp ++++ b/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahConcurrentMark.cpp +@@ -922,7 +922,6 @@ void ShenandoahConcurrentMark::mark_loop_prework(uint w, ShenandoahTaskTerminato + + template + void ShenandoahConcurrentMark::mark_loop_work(T* cl, jushort* live_data, uint worker_id, ShenandoahTaskTerminator *terminator) { +- int seed = 17; + uintx stride = ShenandoahMarkLoopStride; + + ShenandoahHeap* heap = ShenandoahHeap::heap(); +@@ -982,7 +981,7 @@ void ShenandoahConcurrentMark::mark_loop_work(T* cl, jushort* live_data, uint wo + uint work = 0; + for (uint i = 0; i < stride; i++) { + if (q->pop(t) || +- queues->steal(worker_id, &seed, t)) { ++ queues->steal(worker_id, t)) { + do_task(q, cl, live_data, &t); + work++; + } else { +diff --git a/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahTraversalGC.cpp b/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahTraversalGC.cpp +index 8c523f78e9..16aee14109 100644 +--- a/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahTraversalGC.cpp ++++ b/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahTraversalGC.cpp +@@ -605,8 +605,6 @@ void ShenandoahTraversalGC::main_loop_work(T* cl, jushort* live_data, uint worke + ShenandoahTraversalSATBBufferClosure drain_satb(q); + SATBMarkQueueSet& satb_mq_set = JavaThread::satb_mark_queue_set(); + +- int seed = 17; +- + while (true) { + if (_heap->cancelled_gc()) return; + +@@ -617,7 +615,7 @@ void ShenandoahTraversalGC::main_loop_work(T* cl, jushort* live_data, uint worke + uint work = 0; + for (uint i = 0; i < stride; i++) { + if (q->pop(task) || +- queues->steal(worker_id, &seed, task)) { ++ queues->steal(worker_id, task)) { + conc_mark->do_task(q, cl, live_data, &task); + work++; + } else { +diff --git a/hotspot/src/share/vm/memory/padded.hpp b/hotspot/src/share/vm/memory/padded.hpp +index 9ddd14f857..34eccd6646 100644 +--- a/hotspot/src/share/vm/memory/padded.hpp ++++ b/hotspot/src/share/vm/memory/padded.hpp +@@ -80,6 +80,12 @@ class PaddedEnd : public PaddedEndImpl { + // super class that is specialized for the pad_size == 0 case. + }; + ++// Similar to PaddedEnd, this macro defines a _pad_buf#id field ++// that is (alignment - size) bytes in size. This macro is used ++// to add padding in between non-class fields in a class or struct. ++#define DEFINE_PAD_MINUS_SIZE(id, alignment, size) \ ++ char _pad_buf##id[(alignment) - (size)] ++ + // Helper class to create an array of PaddedEnd objects. All elements will + // start at a multiple of alignment and the size will be aligned to alignment. + template +diff --git a/hotspot/src/share/vm/utilities/taskqueue.cpp b/hotspot/src/share/vm/utilities/taskqueue.cpp +index 0f4dcc90ba..37f4066ab9 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.cpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.cpp +@@ -112,24 +112,6 @@ void TaskQueueStats::verify() const + #endif // ASSERT + #endif // TASKQUEUE_STATS + +-int TaskQueueSetSuper::randomParkAndMiller(int *seed0) { +- const int a = 16807; +- const int m = 2147483647; +- const int q = 127773; /* m div a */ +- const int r = 2836; /* m mod a */ +- assert(sizeof(int) == 4, "I think this relies on that"); +- int seed = *seed0; +- int hi = seed / q; +- int lo = seed % q; +- int test = a * lo - r * hi; +- if (test > 0) +- seed = test; +- else +- seed = test + m; +- *seed0 = seed; +- return seed; +-} +- + ParallelTaskTerminator:: + ParallelTaskTerminator(int n_threads, TaskQueueSetSuper* queue_set) : + _n_threads(n_threads), +diff --git a/hotspot/src/share/vm/utilities/taskqueue.hpp b/hotspot/src/share/vm/utilities/taskqueue.hpp +index dec76c51cc..5b03ccfa82 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.hpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.hpp +@@ -27,6 +27,7 @@ + + #include "memory/allocation.hpp" + #include "memory/allocation.inline.hpp" ++#include "memory/padded.hpp" + #include "runtime/mutex.hpp" + #include "runtime/orderAccess.inline.hpp" + #include "utilities/globalDefinitions.hpp" +@@ -307,12 +308,30 @@ public: + void oops_do(OopClosure* f); + + private: ++ DEFINE_PAD_MINUS_SIZE(0, DEFAULT_CACHE_LINE_SIZE, 0); + // Element array. + volatile E* _elems; ++ ++ DEFINE_PAD_MINUS_SIZE(1, DEFAULT_CACHE_LINE_SIZE, sizeof(E*)); ++ // Queue owner local variables. Not to be accessed by other threads. ++ ++ static const uint InvalidQueueId = uint(-1); ++ uint _last_stolen_queue_id; // The id of the queue we last stole from ++ ++ int _seed; // Current random seed used for selecting a random queue during stealing. ++ ++ DEFINE_PAD_MINUS_SIZE(2, DEFAULT_CACHE_LINE_SIZE, sizeof(uint) + sizeof(int)); ++public: ++ int next_random_queue_id(); ++ ++ void set_last_stolen_queue_id(uint id) { _last_stolen_queue_id = id; } ++ uint last_stolen_queue_id() const { return _last_stolen_queue_id; } ++ bool is_last_stolen_queue_id_valid() const { return _last_stolen_queue_id != InvalidQueueId; } ++ void invalidate_last_stolen_queue_id() { _last_stolen_queue_id = InvalidQueueId; } + }; + + template +-GenericTaskQueue::GenericTaskQueue() { ++GenericTaskQueue::GenericTaskQueue() : _last_stolen_queue_id(InvalidQueueId), _seed(17 /* random number */) { + assert(sizeof(Age) == sizeof(size_t), "Depends on this."); + } + +@@ -426,6 +445,30 @@ bool GenericTaskQueue::pop_global(volatile E& t) { + return resAge == oldAge; + } + ++inline int randomParkAndMiller(int *seed0) { ++ const int a = 16807; ++ const int m = 2147483647; ++ const int q = 127773; /* m div a */ ++ const int r = 2836; /* m mod a */ ++ STATIC_ASSERT(sizeof(int) == 4); ++ int seed = *seed0; ++ int hi = seed / q; ++ int lo = seed % q; ++ int test = a * lo - r * hi; ++ if (test > 0) { ++ seed = test; ++ } else { ++ seed = test + m; ++ } ++ *seed0 = seed; ++ return seed; ++} ++ ++template ++int GenericTaskQueue::next_random_queue_id() { ++ return randomParkAndMiller(&_seed); ++} ++ + template + GenericTaskQueue::~GenericTaskQueue() { + FREE_C_HEAP_ARRAY(E, _elems, F); +@@ -495,8 +538,6 @@ bool OverflowTaskQueue::try_push_to_taskqueue(E t) { + return taskqueue_t::push(t); + } + class TaskQueueSetSuper { +-protected: +- static int randomParkAndMiller(int* seed0); + public: + // Returns "true" if some TaskQueue in the set contains a task. + virtual bool peek() = 0; +@@ -517,27 +558,23 @@ private: + public: + typedef typename T::element_type E; + +- GenericTaskQueueSet(int n) : _n(n) { ++ GenericTaskQueueSet(uint n) : _n(n) { + typedef T* GenericTaskQueuePtr; + _queues = NEW_C_HEAP_ARRAY(GenericTaskQueuePtr, n, F); +- for (int i = 0; i < n; i++) { ++ for (uint i = 0; i < n; i++) { + _queues[i] = NULL; + } + } + +- bool steal_best_of_2(uint queue_num, int* seed, E& t); ++ bool steal_best_of_2(uint queue_num, E& t); + + void register_queue(uint i, T* q); + + T* queue(uint n); + +- // The thread with queue number "queue_num" (and whose random number seed is +- // at "seed") is trying to steal a task from some other queue. (It may try +- // several queues, according to some configuration parameter.) If some steal +- // succeeds, returns "true" and sets "t" to the stolen task, otherwise returns +- // false. +- bool steal(uint queue_num, int* seed, E& t); +- ++ // Try to steal a task from some other queue than queue_num. It may perform several attempts at doing so. ++ // Returns if stealing succeeds, and sets "t" to the stolen task. ++ bool steal(uint queue_num, E& t); + bool peek(); + uint tasks() const; + size_t tasks(); +@@ -557,9 +594,9 @@ GenericTaskQueueSet::queue(uint i) { + } + + template bool +-GenericTaskQueueSet::steal(uint queue_num, int* seed, E& t) { ++GenericTaskQueueSet::steal(uint queue_num, E& t) { + for (uint i = 0; i < 2 * _n; i++) { +- if (steal_best_of_2(queue_num, seed, t)) { ++ if (steal_best_of_2(queue_num, t)) { + TASKQUEUE_STATS_ONLY(queue(queue_num)->stats.record_steal(true)); + return true; + } +@@ -569,17 +606,46 @@ GenericTaskQueueSet::steal(uint queue_num, int* seed, E& t) { + } + + template bool +-GenericTaskQueueSet::steal_best_of_2(uint queue_num, int* seed, E& t) { ++GenericTaskQueueSet::steal_best_of_2(uint queue_num, E& t) { + if (_n > 2) { ++ T* const local_queue = _queues[queue_num]; + uint k1 = queue_num; +- while (k1 == queue_num) k1 = TaskQueueSetSuper::randomParkAndMiller(seed) % _n; ++ ++ if (local_queue->is_last_stolen_queue_id_valid()) { ++ k1 = local_queue->last_stolen_queue_id(); ++ assert(k1 != queue_num, "Should not be the same"); ++ } else { ++ while (k1 == queue_num) { ++ k1 = local_queue->next_random_queue_id() % _n; ++ } ++ } ++ + uint k2 = queue_num; +- while (k2 == queue_num || k2 == k1) k2 = TaskQueueSetSuper::randomParkAndMiller(seed) % _n; ++ while (k2 == queue_num || k2 == k1) { ++ k2 = local_queue->next_random_queue_id() % _n; ++ } + // Sample both and try the larger. + uint sz1 = _queues[k1]->size(); + uint sz2 = _queues[k2]->size(); +- if (sz2 > sz1) return _queues[k2]->pop_global(t); +- else return _queues[k1]->pop_global(t); ++ ++ uint sel_k = 0; ++ bool suc = false; ++ ++ if (sz2 > sz1) { ++ sel_k = k2; ++ suc = _queues[k2]->pop_global(t); ++ } else if (sz1 > 0) { ++ sel_k = k1; ++ suc = _queues[k1]->pop_global(t); ++ } ++ ++ if (suc) { ++ local_queue->set_last_stolen_queue_id(sel_k); ++ } else { ++ local_queue->invalidate_last_stolen_queue_id(); ++ } ++ ++ return suc; + } else if (_n == 2) { + // Just try the other one. + uint k = (queue_num + 1) % 2; +-- +2.12.3 + diff --git a/8227662-freetype-seeks-to-index-at-the-end-of-the-fo.patch b/8227662-freetype-seeks-to-index-at-the-end-of-the-fo.patch new file mode 100644 index 0000000000000000000000000000000000000000..244360e195d012760337eac4dca02b5ec6b709e5 --- /dev/null +++ b/8227662-freetype-seeks-to-index-at-the-end-of-the-fo.patch @@ -0,0 +1,86 @@ +From df8278f141b2fa1ea2a685fb1352428ecf84d50b Mon Sep 17 00:00:00 2001 +From: hedongbo +Date: Thu, 13 Feb 2020 17:32:14 +0000 +Subject: [PATCH] 8227662: freetype seeks to index at the end of the font data + +Summary: : freetype seeks to index at the end of the font data +LLT: jdk/test/java/awt/FontMetrics/SpaceAdvance.java +Patch Type: backport +Bug url: https://bugs.openjdk.java.net/browse/JDK-8237400 +--- + jdk/src/share/native/sun/font/freetypeScaler.c | 2 +- + jdk/test/java/awt/FontMetrics/SpaceAdvance.java | 49 +++++++++++++++++++++++++ + 2 files changed, 50 insertions(+), 1 deletion(-) + create mode 100644 jdk/test/java/awt/FontMetrics/SpaceAdvance.java + +diff --git a/jdk/src/share/native/sun/font/freetypeScaler.c b/jdk/src/share/native/sun/font/freetypeScaler.c +index 48a024a3df..36a2b86271 100644 +--- a/jdk/src/share/native/sun/font/freetypeScaler.c ++++ b/jdk/src/share/native/sun/font/freetypeScaler.c +@@ -163,7 +163,7 @@ static unsigned long ReadTTFontFileFunc(FT_Stream stream, + */ + + if (numBytes == 0) { +- if (offset >= scalerInfo->fileSize) { ++ if (offset > scalerInfo->fileSize) { + return -1; + } else { + return 0; +diff --git a/jdk/test/java/awt/FontMetrics/SpaceAdvance.java b/jdk/test/java/awt/FontMetrics/SpaceAdvance.java +new file mode 100644 +index 0000000000..e2c7acb6f9 +--- /dev/null ++++ b/jdk/test/java/awt/FontMetrics/SpaceAdvance.java +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8227662 ++ */ ++ ++import java.awt.Font; ++import java.awt.FontMetrics ; ++import java.awt.Graphics2D; ++import java.awt.image.BufferedImage; ++ ++public class SpaceAdvance { ++ public static void main(String[] args) throws Exception { ++ ++ BufferedImage bi = new BufferedImage(1,1,1); ++ Graphics2D g2d = bi.createGraphics(); ++ Font font = new Font(Font.DIALOG, Font.PLAIN, 12); ++ if (!font.canDisplay(' ')) { ++ return; ++ } ++ g2d.setFont(font); ++ FontMetrics fm = g2d.getFontMetrics(); ++ if (fm.charWidth(' ') == 0) { ++ throw new RuntimeException("Space has char width of 0"); ++ } ++ } ++} +-- +2.12.3 + diff --git a/8229169.patch b/8229169.patch deleted file mode 100644 index 99016d3d390fb78e43d7e7b912c81f4cc3f887c5..0000000000000000000000000000000000000000 --- a/8229169.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b5af97426c82ead4df42f3824a32e9ee634585a4 Mon Sep 17 00:00:00 2001 -From: wuyan -Date: Sat, 21 Sep 2019 15:47:05 +0800 -Subject: [PATCH] Backport of JDK-8229169 - -Summary: [Backport of JDK-8229169] False failure of GenericTaskQueue::pop_local on architectures with weak memory model -LLT: -Bug url: https://bugs.openjdk.java.net/browse/JDK-8229169 - ---- - hotspot/src/share/vm/utilities/taskqueue.hpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hotspot/src/share/vm/utilities/taskqueue.hpp b/hotspot/src/share/vm/utilities/taskqueue.hpp -index 6ebd185b76..798f9aa183 100644 ---- a/hotspot/src/share/vm/utilities/taskqueue.hpp -+++ b/hotspot/src/share/vm/utilities/taskqueue.hpp -@@ -724,6 +724,11 @@ GenericTaskQueue::pop_local(volatile E& t) { - } else { - // Otherwise, the queue contained exactly one element; we take the slow - // path. -+ -+ // The barrier is required to prevent reordering the two reads of _age: -+ // one is the _age.get() below, and the other is _age.top() above the if-stmt. -+ // The algorithm may fail if _age.get() reads an older value than _age.top(). -+ OrderAccess::loadload(); - return pop_local_slow(localBot, _age.get()); - } - } --- -2.12.3 - diff --git a/8231584-Deadlock-with-ClassLoader.findLibrary-and-Sy.patch b/8231584-Deadlock-with-ClassLoader.findLibrary-and-Sy.patch deleted file mode 100644 index 30b7fd18b9346d8b82b914e03528ee60f8f34d18..0000000000000000000000000000000000000000 --- a/8231584-Deadlock-with-ClassLoader.findLibrary-and-Sy.patch +++ /dev/null @@ -1,376 +0,0 @@ -From 219a986b26fe9813730939038b3b1d70255d19a6 Mon Sep 17 00:00:00 2001 -From: wangshuai -Date: Mon, 11 Nov 2019 19:42:17 +0000 -Subject: [PATCH] 8231584:Deadlock with ClassLoader.findLibrary and - System.loadLibrary call - -Summary::Deadlock with ClassLoader.findLibrary and System.loadLibrary call -LLT:FileSystemsDeadlockTest.java -Patch Type:backport -bug url: https://bugs.openjdk.java.net/browse/JDK-8231584 ---- - jdk/src/share/classes/java/lang/ClassLoader.java | 32 +++-- - jdk/src/share/classes/java/lang/Runtime.java | 7 +- - jdk/src/share/classes/java/lang/System.java | 2 + - .../lang/Runtime/loadLibrary/LoadLibraryTest.java | 156 +++++++++++++++++++++ - jdk/test/java/lang/Runtime/loadLibrary/Target.java | 34 +++++ - .../java/lang/Runtime/loadLibrary/Target2.java | 29 ++++ - 6 files changed, 247 insertions(+), 13 deletions(-) - create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java - create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/Target.java - create mode 100644 jdk/test/java/lang/Runtime/loadLibrary/Target2.java - -diff --git a/jdk/src/share/classes/java/lang/ClassLoader.java b/jdk/src/share/classes/java/lang/ClassLoader.java -index 2e98092f63..925fdacce3 100644 ---- a/jdk/src/share/classes/java/lang/ClassLoader.java -+++ b/jdk/src/share/classes/java/lang/ClassLoader.java -@@ -1,5 +1,6 @@ - /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -1467,6 +1468,17 @@ public abstract class ClassLoader { - } - } - -+ /* -+ * Initialize default paths for native libraries search. -+ * Must be done early as JDK may load libraries during bootstrap. -+ * -+ * @see java.lang.System#initPhase1 -+ */ -+ static void initLibraryPaths() { -+ usr_paths = initializePath("java.library.path"); -+ sys_paths = initializePath("sun.boot.library.path"); -+ } -+ - // Returns true if the specified class loader can be found in this class - // loader's delegation chain. - boolean isAncestor(ClassLoader cl) { -@@ -1809,10 +1821,9 @@ public abstract class ClassLoader { - boolean isAbsolute) { - ClassLoader loader = - (fromClass == null) ? null : fromClass.getClassLoader(); -- if (sys_paths == null) { -- usr_paths = initializePath("java.library.path"); -- sys_paths = initializePath("sun.boot.library.path"); -- } -+ assert sys_paths != null : "should be initialized at this point"; -+ assert usr_paths != null : "should be initialized at this point"; -+ - if (isAbsolute) { - if (loadLibrary0(fromClass, new File(name))) { - return; -@@ -1902,13 +1913,14 @@ public abstract class ClassLoader { - name + - " already loaded in another classloader"); - } -- /* If the library is being loaded (must be by the same thread, -- * because Runtime.load and Runtime.loadLibrary are -- * synchronous). The reason is can occur is that the JNI_OnLoad -- * function can cause another loadLibrary invocation. -+ /* -+ * When a library is being loaded, JNI_OnLoad function can cause -+ * another loadLibrary invocation that should succeed. - * -- * Thus we can use a static stack to hold the list of libraries -- * we are loading. -+ * We use a static stack to hold the list of libraries we are -+ * loading because this can happen only when called by the -+ * same thread because Runtime.load and Runtime.loadLibrary -+ * are synchronous. - * - * If there is a pending load operation for the library, we - * immediately return success; otherwise, we raise -diff --git a/jdk/src/share/classes/java/lang/Runtime.java b/jdk/src/share/classes/java/lang/Runtime.java -index 9e53dc939e..5039059149 100644 ---- a/jdk/src/share/classes/java/lang/Runtime.java -+++ b/jdk/src/share/classes/java/lang/Runtime.java -@@ -1,5 +1,6 @@ - /* - * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -797,7 +798,7 @@ public class Runtime { - load0(Reflection.getCallerClass(), filename); - } - -- synchronized void load0(Class fromClass, String filename) { -+ void load0(Class fromClass, String filename) { - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkLink(filename); -@@ -858,14 +859,14 @@ public class Runtime { - loadLibrary0(Reflection.getCallerClass(), libname); - } - -- synchronized void loadLibrary0(Class fromClass, String libname) { -+ void loadLibrary0(Class fromClass, String libname) { - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkLink(libname); - } - if (libname.indexOf((int)File.separatorChar) != -1) { - throw new UnsatisfiedLinkError( -- "Directory separator should not appear in library name: " + libname); -+ "Directory separator should not appear in library name: " + libname); - } - ClassLoader.loadLibrary(fromClass, libname, false); - } -diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java -index b2747fa7a4..7bc235beff 100644 ---- a/jdk/src/share/classes/java/lang/System.java -+++ b/jdk/src/share/classes/java/lang/System.java -@@ -1192,6 +1192,8 @@ public final class System { - setOut0(newPrintStream(fdOut, props.getProperty("sun.stdout.encoding"))); - setErr0(newPrintStream(fdErr, props.getProperty("sun.stderr.encoding"))); - -+ ClassLoader.initLibraryPaths(); -+ - // Load the zip library now in order to keep java.util.zip.ZipFile - // from trying to use itself to load this library later. - loadLibrary("zip"); -diff --git a/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java b/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java -new file mode 100644 -index 0000000000..62eac12e18 ---- /dev/null -+++ b/jdk/test/java/lang/Runtime/loadLibrary/LoadLibraryTest.java -@@ -0,0 +1,156 @@ -+/* -+ * Copyright (c) 2018, Amazon and/or its affiliates. All rights reserved. -+ * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/** -+ * @test -+ * @bug 8231584 -+ * @library /lib/testlibrary -+ * @run main/othervm LoadLibraryTest -+ */ -+ -+import java.nio.file.FileSystems; -+import java.nio.file.Files; -+import java.nio.file.Paths; -+import java.nio.file.Path; -+import java.net.MalformedURLException; -+import java.net.URLClassLoader; -+import java.net.URL; -+ -+public class LoadLibraryTest { -+ static Thread thread1 = null; -+ static Thread thread2 = null; -+ -+ static volatile boolean thread1Ready = false; -+ -+ private static final String TEST_SRC = System.getProperty("test.src"); -+ private static final Path SRC_DIR = Paths.get(TEST_SRC, "src"); -+ private static final Path CLS_DIR = Paths.get("classes"); -+ -+ static TestClassLoader loader; -+ static void someLibLoad() { -+ try { -+/* -+ FileSystems.getDefault(); -+ -+ // jdk/jdk: loads directly from Bootstrap Classloader (doesn't take lock on Runtime) -+ java.net.NetworkInterface.getNetworkInterfaces(); -+ -+ System.out.println(jdk.net.ExtendedSocketOptions.SO_FLOW_SLA); -+*/ -+ Class c = Class.forName("Target2", true, loader); -+ } catch (Exception e) { -+ throw new RuntimeException(e); -+ } -+ } -+ -+ static class TestClassLoader extends URLClassLoader { -+ boolean passed = false; -+ -+ public boolean passed() { -+ return passed; -+ } -+ -+ TestClassLoader() throws MalformedURLException { -+ super(new URL[] { new URL("file://" + CLS_DIR.toAbsolutePath().toString() + '/') }); -+ } -+ -+ public String findLibrary(String name) { -+ System.out.println("findLibrary " + name); -+ -+ if ("someLibrary".equals(name)) { -+ try { -+ synchronized(thread1) { -+ while(!thread1Ready) { -+ thread1.wait(); -+ } -+ thread1.notifyAll(); -+ } -+ -+ Thread.sleep(10000); -+ -+ System.out.println("Thread2 load"); -+ someLibLoad(); -+ -+ // no deadlock happened -+ passed = true; -+ } catch (Exception e) { -+ throw new RuntimeException(e); -+ } -+ return null; -+ } -+ -+ return super.findLibrary(name); -+ } -+ } -+ -+ -+ public static void main(String[] args) throws Exception { -+ loader = new TestClassLoader(); -+ -+ if (!CompilerUtils.compile(SRC_DIR, CLS_DIR)) { -+ throw new Exception("Can't compile"); -+ } -+ -+ thread1 = new Thread() { -+ public void run() { -+ try { -+ synchronized(this) { -+ thread1Ready = true; -+ thread1.notifyAll(); -+ thread1.wait(); -+ } -+ } catch(InterruptedException e) { -+ throw new RuntimeException(e); -+ } -+ -+ System.out.println("Thread1 load"); -+ someLibLoad(); -+ }; -+ }; -+ -+ thread2 = new Thread() { -+ public void run() { -+ try { -+ Class c = Class.forName("Target", true, loader); -+ System.out.println(c); -+ } catch (Exception e) { -+ throw new RuntimeException(e); -+ } -+ }; -+ }; -+ -+ thread1.setDaemon(true); -+ thread2.setDaemon(true); -+ -+ thread1.start(); -+ thread2.start(); -+ -+ thread1.join(); -+ thread2.join(); -+ -+ if (!loader.passed()) { -+ throw new RuntimeException("FAIL"); -+ } -+ } -+} -diff --git a/jdk/test/java/lang/Runtime/loadLibrary/Target.java b/jdk/test/java/lang/Runtime/loadLibrary/Target.java -new file mode 100644 -index 0000000000..fc51481053 ---- /dev/null -+++ b/jdk/test/java/lang/Runtime/loadLibrary/Target.java -@@ -0,0 +1,34 @@ -+/* -+ * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+class Target { -+ static { -+ try { -+ System.loadLibrary("someLibrary"); -+ throw new RuntimeException("someLibrary was loaded"); -+ } catch (UnsatisfiedLinkError e) { -+ // expected: we do not have a someLibrary -+ } -+ } -+} -+ -diff --git a/jdk/test/java/lang/Runtime/loadLibrary/Target2.java b/jdk/test/java/lang/Runtime/loadLibrary/Target2.java -new file mode 100644 -index 0000000000..bc8dfc5e63 ---- /dev/null -+++ b/jdk/test/java/lang/Runtime/loadLibrary/Target2.java -@@ -0,0 +1,29 @@ -+/* -+ * Copyright (c) 2019, Azul Systems, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+class Target2 { -+ static { -+ System.loadLibrary("awt"); -+ } -+} -+ --- -2.12.3 - diff --git a/8231988.patch b/8231988.patch deleted file mode 100644 index e344caff378806bca1dd311f6c9b4eee3cae205a..0000000000000000000000000000000000000000 --- a/8231988.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d73c61c26fd00e3cb8daa24fa254b756c48309ca Mon Sep 17 00:00:00 2001 -From: wanghuang -Date: Sun, 29 Sep 2019 15:57:24 +0000 -Subject: [PATCH] 8231988: Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop - -Summary: Unexpected test result caused by C2 IdealLoopTree::do_remove_empty_loop -LLT: -Bug url: https://bugs.openjdk.java.net/browse/JDK-8231988 ---- - hotspot/src/share/vm/opto/loopTransform.cpp | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/hotspot/src/share/vm/opto/loopTransform.cpp b/hotspot/src/share/vm/opto/loopTransform.cpp -index caf7a9b758..c7bb19763c 100644 ---- a/hotspot/src/share/vm/opto/loopTransform.cpp -+++ b/hotspot/src/share/vm/opto/loopTransform.cpp -@@ -2215,6 +2215,12 @@ bool IdealLoopTree::policy_do_remove_empty_loop( PhaseIdealLoop *phase ) { - // We also need to replace the original limit to collapse loop exit. - Node* cmp = cl->loopexit()->cmp_node(); - assert(cl->limit() == cmp->in(2), "sanity"); -+ if (cmp->outcnt() > 1) { //we have more than one BoolNode here -+ cmp = cmp->clone(); -+ cmp = phase->_igvn.register_new_node_with_optimizer(cmp); -+ BoolNode *bl = cl->loopexit()->in(CountedLoopEndNode::TestValue)->as_Bool(); -+ phase->_igvn.replace_input_of(bl, 1, cmp); // put BoolNode on worklist -+ } - phase->_igvn._worklist.push(cmp->in(2)); // put limit on worklist - phase->_igvn.replace_input_of(cmp, 2, exact_limit); // put cmp on worklist - } --- -2.12.3 - diff --git a/8233839-aarch64-missing-memory-barrier-in-NewObjectA.patch b/8233839-aarch64-missing-memory-barrier-in-NewObjectA.patch deleted file mode 100644 index 15bdb28a2676da11d98a629b2c8b826e4bbfd954..0000000000000000000000000000000000000000 --- a/8233839-aarch64-missing-memory-barrier-in-NewObjectA.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 485dd83220fa3f41b979d5f6bc3fe5866f673ca7 Mon Sep 17 00:00:00 2001 -From: zhanggaofeng -Date: Mon, 11 Nov 2019 14:18:42 +0000 -Subject: [PATCH] 8233839-aarch64: missing memory barrier in NewObjectArrayStub - and NewTypeArrayStub - -Summary: aarch64: missing memory barrier in NewObjectArrayStub and NewTypeArrayStub -LLT: org.openjdk.jcstress.tests.defaultValues.arrays.small.plain.StringTest -Patch Type: backport -Bug url: https://bugs.openjdk.java.net/browse/JDK-8233839 ---- - hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -index 20a35432d1..c1e48ac97c 100644 ---- a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -@@ -877,6 +877,7 @@ OopMapSet* Runtime1::generate_code_for(StubID id, StubAssembler* sasm) { - __ sub(arr_size, arr_size, t1); // body length - __ add(t1, t1, obj); // body start - __ initialize_body(t1, arr_size, 0, t2); -+ __ membar(Assembler::StoreStore); - __ verify_oop(obj); - - __ ret(lr); -@@ -905,6 +906,7 @@ OopMapSet* Runtime1::generate_code_for(StubID id, StubAssembler* sasm) { - __ sub(arr_size, arr_size, t1); // body length - __ add(t1, t1, obj); // body start - __ initialize_body(t1, arr_size, 0, t2); -+ __ membar(Assembler::StoreStore); - __ verify_oop(obj); - - __ ret(lr); --- -2.12.3 - diff --git a/AARCH64-fix-itable-stub-code-size-limit.patch b/AARCH64-fix-itable-stub-code-size-limit.patch index 5f43968c930a6eb8936df9a4b01aae489728a072..80668ba0a6c6a3d0862e7890dc023bbb42f4b00a 100644 --- a/AARCH64-fix-itable-stub-code-size-limit.patch +++ b/AARCH64-fix-itable-stub-code-size-limit.patch @@ -33,7 +33,7 @@ index d8d1ec11ba..645b690dae 100644 - else - size += 176; + } else { -+ // itable code size limit, see issue ++ // itable code size limit + size += 192; + } return size; diff --git a/Add-ability-to-configure-third-port-for-remote-JMX.patch b/Add-ability-to-configure-third-port-for-remote-JMX.patch new file mode 100644 index 0000000000000000000000000000000000000000..3859edca8b5b0591dc74ca98bb140b217f4d9245 --- /dev/null +++ b/Add-ability-to-configure-third-port-for-remote-JMX.patch @@ -0,0 +1,68 @@ +From b3b4fb064edf3a9537e5580dfaec69761b49f717 Mon Sep 17 00:00:00 2001 +From: hedongbo +Date: Mon, 6 Jan 2020 15:49:40 +0000 +Subject: [PATCH] Add ability to configure third port for remote JMX + +Summary: : +LLT: NA +Bug url: NA +--- + .../sun/management/AgentConfigurationError.java | 2 ++ + .../sun/management/jmxremote/ConnectorBootstrap.java | 19 ++++++++++++++++++- + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/jdk/src/share/classes/sun/management/AgentConfigurationError.java b/jdk/src/share/classes/sun/management/AgentConfigurationError.java +index 56c4301611..d3d67ff313 100644 +--- a/jdk/src/share/classes/sun/management/AgentConfigurationError.java ++++ b/jdk/src/share/classes/sun/management/AgentConfigurationError.java +@@ -55,6 +55,8 @@ public class AgentConfigurationError extends Error { + "agent.err.invalid.jmxremote.port"; + public static final String INVALID_JMXREMOTE_RMI_PORT = + "agent.err.invalid.jmxremote.rmi.port"; ++ public static final String INVALID_JMXLOCAL_PORT = ++ "agent.err.invalid.jmxlocal.port"; + public static final String PASSWORD_FILE_NOT_SET = + "agent.err.password.file.notset"; + public static final String PASSWORD_FILE_NOT_READABLE = +diff --git a/jdk/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java b/jdk/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java +index 56287edbd0..0a82c65d10 100644 +--- a/jdk/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java ++++ b/jdk/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java +@@ -117,6 +117,8 @@ public final class ConnectorBootstrap { + "com.sun.management.jmxremote.host"; + public static final String RMI_PORT = + "com.sun.management.jmxremote.rmi.port"; ++ public static final String LOCAL_PORT = ++ "com.sun.management.jmxlocal.port"; + public static final String CONFIG_FILE_NAME = + "com.sun.management.config.file"; + public static final String USE_LOCAL_ONLY = +@@ -530,9 +532,24 @@ public final class ConnectorBootstrap { + localhost = "127.0.0.1"; + } + ++ // User can specify a port to be used to start Local Connector Server, ++ // if port is not specified random one will be allocated. ++ int localPort = 0; ++ String localPortStr = System.getProperty(PropertyNames.LOCAL_PORT); ++ try { ++ if (localPortStr != null) { ++ localPort = Integer.parseInt(localPortStr); ++ } ++ } catch (NumberFormatException x) { ++ throw new AgentConfigurationError(INVALID_JMXLOCAL_PORT, x, localPortStr); ++ } ++ if (localPort < 0) { ++ throw new AgentConfigurationError(INVALID_JMXLOCAL_PORT, localPortStr); ++ } ++ + MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); + try { +- JMXServiceURL url = new JMXServiceURL("rmi", localhost, 0); ++ JMXServiceURL url = new JMXServiceURL("rmi", localhost, localPort); + // Do we accept connections from local interfaces only? + Properties props = Agent.getManagementProperties(); + if (props == null) { +-- +2.12.3 + diff --git a/PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch b/PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch new file mode 100644 index 0000000000000000000000000000000000000000..de444c3fc6754d60490f4d683c8d70c605a4347e --- /dev/null +++ b/PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch @@ -0,0 +1,58 @@ +From 8f0acd949be2c01c445e402ae81421d4554f7d2b Mon Sep 17 00:00:00 2001 +From: zhanggaofeng +Date: Fri, 13 Dec 2019 12:02:23 +0000 +Subject: [PATCH] PS GC: adding acquire_size method for + PSParallelCompact::mark_obj. + +Summary: GC: adding acquire_size method for PSParallelCompact::mark_obj. +LLT: NA +Bug url: +--- + .../share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp | 2 +- + hotspot/src/share/vm/oops/oop.hpp | 1 + + hotspot/src/share/vm/oops/oop.inline.hpp | 4 ++++ + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp +index 881f380cea..f971383a09 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.hpp +@@ -1326,7 +1326,7 @@ class PSParallelCompact : AllStatic { + }; + + inline bool PSParallelCompact::mark_obj(oop obj) { +- const int obj_size = obj->size(); ++ const int obj_size = obj->acquire_size(); + if (mark_bitmap()->mark_obj(obj, obj_size)) { + _summary_data.add_obj(obj, obj_size); + return true; +diff --git a/hotspot/src/share/vm/oops/oop.hpp b/hotspot/src/share/vm/oops/oop.hpp +index 142ab2769c..42ad9307f7 100644 +--- a/hotspot/src/share/vm/oops/oop.hpp ++++ b/hotspot/src/share/vm/oops/oop.hpp +@@ -123,6 +123,7 @@ class oopDesc { + + // Returns the actual oop size of the object + int size(); ++ int acquire_size(); + + // Sometimes (for complicated concurrency-related reasons), it is useful + // to be able to figure out the size of an object knowing its klass. +diff --git a/hotspot/src/share/vm/oops/oop.inline.hpp b/hotspot/src/share/vm/oops/oop.inline.hpp +index b519d86118..803080c9e7 100644 +--- a/hotspot/src/share/vm/oops/oop.inline.hpp ++++ b/hotspot/src/share/vm/oops/oop.inline.hpp +@@ -839,6 +839,10 @@ inline int oopDesc::size() { + return size_given_klass(klass()); + } + ++inline int oopDesc::acquire_size() { ++ return size_given_klass(klass_or_null_acquire()); ++} ++ + inline void update_barrier_set(void* p, oop v, bool release = false) { + assert(oopDesc::bs() != NULL, "Uninitialized bs in oop!"); + oopDesc::bs()->write_ref_field(p, v, release); +-- +2.12.3 + diff --git a/Reduce-the-probability-of-the-crash-related-to-ciObj.patch b/Reduce-the-probability-of-the-crash-related-to-ciObj.patch index 1cf7d5760c63a7569e1187e637e5ce95b28607af..dcf86bfbf1e8801c274326b1b344e3e783562822 100644 --- a/Reduce-the-probability-of-the-crash-related-to-ciObj.patch +++ b/Reduce-the-probability-of-the-crash-related-to-ciObj.patch @@ -6,7 +6,6 @@ Subject: [PATCH] Reduce the probability of the crash related to Summary: : add load acquire barriers when profiling klass LLT: -Patch Type: huawei Bug url: --- hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.cpp | 10 ++++++++++ diff --git a/X500Name-implemation-change-to-avoid-OOM.patch b/X500Name-implemation-change-to-avoid-OOM.patch deleted file mode 100644 index 5150edab7b97cbb1b7dbee9906b1c3f5b7c626d1..0000000000000000000000000000000000000000 --- a/X500Name-implemation-change-to-avoid-OOM.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6b96a97e8e04d62f4ab4b03c05682765516c0872 Mon Sep 17 00:00:00 2001 -From: zhanggaofeng -Date: Mon, 23 Sep 2019 10:43:46 +0000 -Subject: [PATCH] X500Name implemation change to avoid OOM - -Summary: X500Name implemation change. -LLT: -bug link: ---- - jdk/src/share/classes/sun/security/x509/X500Name.java | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jdk/src/share/classes/sun/security/x509/X500Name.java b/jdk/src/share/classes/sun/security/x509/X500Name.java -index 447395c503..2062dc9747 100644 ---- a/jdk/src/share/classes/sun/security/x509/X500Name.java -+++ b/jdk/src/share/classes/sun/security/x509/X500Name.java -@@ -1108,7 +1108,7 @@ public class X500Name implements GeneralNameInterface, Principal { - * and speed recognition of common X.500 attributes. - */ - static ObjectIdentifier intern(ObjectIdentifier oid) { -- ObjectIdentifier interned = internedOIDs.putIfAbsent(oid, oid); -+ ObjectIdentifier interned = internedOIDs.getOrDefault(oid, oid); - return (interned == null) ? oid : interned; - } - --- -2.12.3 - diff --git a/aarch64-shenandoah-jdk8u232-b09.tar.xz b/aarch64-shenandoah-jdk8u242-b08.tar.xz similarity index 81% rename from aarch64-shenandoah-jdk8u232-b09.tar.xz rename to aarch64-shenandoah-jdk8u242-b08.tar.xz index e8c58269ac974480f7c5e7f0afe0bd498ac2db50..941e8282b02c9f5da6cb04a7b10827796966ddf3 100644 Binary files a/aarch64-shenandoah-jdk8u232-b09.tar.xz and b/aarch64-shenandoah-jdk8u242-b08.tar.xz differ diff --git a/delete-read-write-barriers-in-ShenandoahGC.patch b/delete-read-write-barriers-in-ShenandoahGC.patch deleted file mode 100644 index f239574e12e8f16a1dd500a9d5fec900003e42ca..0000000000000000000000000000000000000000 --- a/delete-read-write-barriers-in-ShenandoahGC.patch +++ /dev/null @@ -1,608 +0,0 @@ -From 455904c69b9f3e7590559d7f3367bc4518fea74d Mon Sep 17 00:00:00 2001 -From: guoge -Date: Fri, 19 Apr 2019 22:40:50 +0000 -Subject: [PATCH] delete read/write barriers in ShenandoahGC - ---- - hotspot/src/share/vm/oops/oop.hpp | 16 +- - hotspot/src/share/vm/oops/oop.inline.hpp | 399 +++++++++++++++++------ - hotspot/src/share/vm/runtime/globals.hpp | 7 +- - 3 files changed, 311 insertions(+), 111 deletions(-) - -diff --git a/hotspot/src/share/vm/oops/oop.hpp b/hotspot/src/share/vm/oops/oop.hpp -index 7e31327a2b..a9461b45ba 100644 ---- a/hotspot/src/share/vm/oops/oop.hpp -+++ b/hotspot/src/share/vm/oops/oop.hpp -@@ -70,14 +70,22 @@ class oopDesc { - - public: - markOop mark() const { -- oop p = bs()->read_barrier((oop) this); -- return p->_mark; -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return p->_mark; -+ } else { -+ return _mark; -+ } - } - markOop* mark_addr() const { return (markOop*) &_mark; } - - void set_mark(volatile markOop m) { -- oop p = bs()->write_barrier(this); -- p->_mark = m; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ p->_mark = m; -+ } else { -+ _mark = m; -+ } - } - - void set_mark_raw(volatile markOop m) { -diff --git a/hotspot/src/share/vm/oops/oop.inline.hpp b/hotspot/src/share/vm/oops/oop.inline.hpp -index 93a803e830..e0ebd1edcf 100644 ---- a/hotspot/src/share/vm/oops/oop.inline.hpp -+++ b/hotspot/src/share/vm/oops/oop.inline.hpp -@@ -65,13 +65,21 @@ - // We need a separate file to avoid circular references - - inline void oopDesc::release_set_mark(markOop m) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store_ptr(&p->_mark, m); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store_ptr(&p->_mark, m); -+ } else { -+ OrderAccess::release_store_ptr(&_mark, m); -+ } - } - - inline markOop oopDesc::cas_set_mark(markOop new_mark, markOop old_mark) { -- oop p = bs()->write_barrier(this); -- return (markOop) Atomic::cmpxchg_ptr(new_mark, &p->_mark, old_mark); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ return (markOop) Atomic::cmpxchg_ptr(new_mark, &p->_mark, old_mark); -+ } else { -+ return (markOop) Atomic::cmpxchg_ptr(new_mark, &_mark, old_mark); -+ } - } - - inline Klass* oopDesc::klass() const { -@@ -307,10 +315,16 @@ inline oop oopDesc::atomic_exchange_oop(oop exchange_value, volatile HeapWord *d - // In order to put or get a field out of an instance, must first check - // if the field has been compressed and uncompress it. - inline oop oopDesc::obj_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return UseCompressedOops ? -- load_decode_heap_oop(p->obj_field_addr(offset)) : -- load_decode_heap_oop(p->obj_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return UseCompressedOops ? -+ load_decode_heap_oop(p->obj_field_addr(offset)) : -+ load_decode_heap_oop(p->obj_field_addr(offset)); -+ } else { -+ return UseCompressedOops ? -+ load_decode_heap_oop(obj_field_addr(offset)) : -+ load_decode_heap_oop(obj_field_addr(offset)); -+ } - } - inline volatile oop oopDesc::obj_field_volatile(int offset) const { - volatile oop value = obj_field(offset); -@@ -318,28 +332,47 @@ inline volatile oop oopDesc::obj_field_volatile(int offset) const { - return value; - } - inline void oopDesc::obj_field_put(int offset, oop value) { -- oop p = bs()->write_barrier(this); -- value = bs()->read_barrier(value); -- UseCompressedOops ? oop_store(p->obj_field_addr(offset), value) : -- oop_store(p->obj_field_addr(offset), value); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ value = bs()->read_barrier(value); -+ UseCompressedOops ? oop_store(p->obj_field_addr(offset), value) : -+ oop_store(p->obj_field_addr(offset), value); -+ } else { -+ UseCompressedOops ? oop_store(obj_field_addr(offset), value) : -+ oop_store(obj_field_addr(offset), value); -+ } - } - - inline Metadata* oopDesc::metadata_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->metadata_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->metadata_field_addr(offset); -+ } else { -+ return *metadata_field_addr(offset); -+ } - } - - inline void oopDesc::metadata_field_put(int offset, Metadata* value) { -- oop p = bs()->write_barrier(this); -- *p->metadata_field_addr(offset) = value; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->metadata_field_addr(offset) = value; -+ } else { -+ *metadata_field_addr(offset) = value; -+ } - } - - inline void oopDesc::obj_field_put_raw(int offset, oop value) { -- oop p = bs()->write_barrier(this); -- value = bs()->read_barrier(value); -- UseCompressedOops ? -- encode_store_heap_oop(p->obj_field_addr(offset), value) : -- encode_store_heap_oop(p->obj_field_addr(offset), value); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ value = bs()->read_barrier(value); -+ UseCompressedOops ? -+ encode_store_heap_oop(p->obj_field_addr(offset), value) : -+ encode_store_heap_oop(p->obj_field_addr(offset), value); -+ } else { -+ UseCompressedOops ? -+ encode_store_heap_oop(obj_field_addr(offset), value) : -+ encode_store_heap_oop(obj_field_addr(offset), value); -+ } - } - inline void oopDesc::obj_field_put_volatile(int offset, oop value) { - OrderAccess::release(); -@@ -348,184 +381,342 @@ inline void oopDesc::obj_field_put_volatile(int offset, oop value) { - } - - inline jbyte oopDesc::byte_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (jbyte) *p->byte_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (jbyte) *p->byte_field_addr(offset); -+ } else { -+ return (jbyte) *byte_field_addr(offset); -+ } - } - inline void oopDesc::byte_field_put(int offset, jbyte contents) { -- oop p = bs()->write_barrier(this); -- *p->byte_field_addr(offset) = (jint) contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->byte_field_addr(offset) = (jint) contents; -+ } else { -+ *byte_field_addr(offset) = (jint) contents; -+ } - } - - inline jboolean oopDesc::bool_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (jboolean) *p->bool_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (jboolean) *p->bool_field_addr(offset); -+ } else { -+ return (jboolean) *bool_field_addr(offset); -+ } - } - inline void oopDesc::bool_field_put(int offset, jboolean contents) { -- oop p = bs()->write_barrier(this); -- *p->bool_field_addr(offset) = (( (jint) contents) & 1); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->bool_field_addr(offset) = (((jint) contents) & 1); -+ } else { -+ *bool_field_addr(offset) = (((jint) contents) & 1); -+ } - } - - inline jchar oopDesc::char_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (jchar) *p->char_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (jchar) *p->char_field_addr(offset); -+ } else { -+ return (jchar) *char_field_addr(offset); -+ } - } - inline void oopDesc::char_field_put(int offset, jchar contents) { -- oop p = bs()->write_barrier(this); -- *p->char_field_addr(offset) = (jint) contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->char_field_addr(offset) = (jint) contents; -+ } else { -+ *char_field_addr(offset) = (jint) contents; -+ } - } - - inline jint oopDesc::int_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->int_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->int_field_addr(offset); -+ } else { -+ return *int_field_addr(offset); -+ } - } - inline void oopDesc::int_field_put(int offset, jint contents) { -- oop p = bs()->write_barrier(this); -- *p->int_field_addr(offset) = contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->int_field_addr(offset) = contents; -+ } else { -+ *int_field_addr(offset) = contents; -+ } - } - inline void oopDesc::int_field_put_raw(int offset, jint contents) { - *int_field_addr(offset) = contents; - } - - inline jshort oopDesc::short_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (jshort) *p->short_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (jshort) *p->short_field_addr(offset); -+ } else { -+ return (jshort) *short_field_addr(offset); -+ } - } - inline void oopDesc::short_field_put(int offset, jshort contents) { -- oop p = bs()->write_barrier(this); -- *p->short_field_addr(offset) = (jint) contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->short_field_addr(offset) = (jint) contents; -+ } else { -+ *short_field_addr(offset) = (jint) contents; -+ } - } - - inline jlong oopDesc::long_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->long_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->long_field_addr(offset); -+ } else { -+ return *long_field_addr(offset); -+ } - } - inline void oopDesc::long_field_put(int offset, jlong contents) { -- oop p = bs()->write_barrier(this); -- *p->long_field_addr(offset) = contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->long_field_addr(offset) = contents; -+ } else { -+ *long_field_addr(offset) = contents; -+ } - } - - inline jfloat oopDesc::float_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->float_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->float_field_addr(offset); -+ } else { -+ return *float_field_addr(offset); -+ } - } - inline void oopDesc::float_field_put(int offset, jfloat contents) { -- oop p = bs()->write_barrier(this); -- *p->float_field_addr(offset) = contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->float_field_addr(offset) = contents; -+ } else { -+ *float_field_addr(offset) = contents; -+ } - } - - inline jdouble oopDesc::double_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->double_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->double_field_addr(offset); -+ } else { -+ return *double_field_addr(offset); -+ } - } - inline void oopDesc::double_field_put(int offset, jdouble contents) { -- oop p = bs()->write_barrier(this); -- *p->double_field_addr(offset) = contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->double_field_addr(offset) = contents; -+ } else { -+ *double_field_addr(offset) = contents; -+ } - } - - inline address oopDesc::address_field(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return *p->address_field_addr(offset); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return *p->address_field_addr(offset); -+ } else { -+ return *address_field_addr(offset); -+ } - } - inline void oopDesc::address_field_put(int offset, address contents) { -- oop p = bs()->write_barrier(this); -- *p->address_field_addr(offset) = contents; -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ *p->address_field_addr(offset) = contents; -+ } else { -+ *address_field_addr(offset) = contents; -+ } - } - - inline oop oopDesc::obj_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return UseCompressedOops ? -- decode_heap_oop((narrowOop) -- OrderAccess::load_acquire(p->obj_field_addr(offset))) -- : decode_heap_oop((oop) -- OrderAccess::load_ptr_acquire(p->obj_field_addr(offset))); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return UseCompressedOops ? -+ decode_heap_oop((narrowOop) -+ OrderAccess::load_acquire(p->obj_field_addr(offset))) -+ : decode_heap_oop((oop) -+ OrderAccess::load_ptr_acquire(p->obj_field_addr(offset))); -+ } else { -+ return UseCompressedOops ? -+ decode_heap_oop((narrowOop) -+ OrderAccess::load_acquire(obj_field_addr(offset))) -+ : decode_heap_oop((oop) -+ OrderAccess::load_ptr_acquire(obj_field_addr(offset))); -+ } - } - inline void oopDesc::release_obj_field_put(int offset, oop value) { -- oop p = bs()->write_barrier(this); -- value = bs()->read_barrier(value); -- UseCompressedOops ? -- oop_store((volatile narrowOop*)p->obj_field_addr(offset), value) : -- oop_store((volatile oop*) p->obj_field_addr(offset), value); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ value = bs()->read_barrier(value); -+ UseCompressedOops ? -+ oop_store((volatile narrowOop*)p->obj_field_addr(offset), value) : -+ oop_store((volatile oop*) p->obj_field_addr(offset), value); -+ } else { -+ UseCompressedOops ? -+ oop_store((volatile narrowOop*)obj_field_addr(offset), value) : -+ oop_store((volatile oop*) obj_field_addr(offset), value); -+ } - } - - inline jbyte oopDesc::byte_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->byte_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->byte_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(byte_field_addr(offset)); -+ } - } - inline void oopDesc::release_byte_field_put(int offset, jbyte contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->byte_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->byte_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(byte_field_addr(offset), contents); -+ } - } - - inline jboolean oopDesc::bool_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->bool_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->bool_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(bool_field_addr(offset)); -+ } - } - inline void oopDesc::release_bool_field_put(int offset, jboolean contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->bool_field_addr(offset), (contents & 1)); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->bool_field_addr(offset), (contents & 1)); -+ } else { -+ OrderAccess::release_store(bool_field_addr(offset), (contents & 1)); -+ } - } - - inline jchar oopDesc::char_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->char_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->char_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(char_field_addr(offset)); -+ } - } - inline void oopDesc::release_char_field_put(int offset, jchar contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->char_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->char_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(char_field_addr(offset), contents); -+ } - } - - inline jint oopDesc::int_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->int_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->int_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(int_field_addr(offset)); -+ } - } - inline void oopDesc::release_int_field_put(int offset, jint contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->int_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->int_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(int_field_addr(offset), contents); -+ } - } - - inline jshort oopDesc::short_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (jshort)OrderAccess::load_acquire(p->short_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (jshort)OrderAccess::load_acquire(p->short_field_addr(offset)); -+ } else { -+ return (jshort)OrderAccess::load_acquire(short_field_addr(offset)); -+ } - } - inline void oopDesc::release_short_field_put(int offset, jshort contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->short_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->short_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(short_field_addr(offset), contents); -+ } - } - - inline jlong oopDesc::long_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->long_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->long_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(long_field_addr(offset)); -+ } - } - inline void oopDesc::release_long_field_put(int offset, jlong contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->long_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->long_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(long_field_addr(offset), contents); -+ } - } - - inline jfloat oopDesc::float_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->float_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->float_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(float_field_addr(offset)); -+ } - } - inline void oopDesc::release_float_field_put(int offset, jfloat contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->float_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->float_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(float_field_addr(offset), contents); -+ } - } - - inline jdouble oopDesc::double_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return OrderAccess::load_acquire(p->double_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return OrderAccess::load_acquire(p->double_field_addr(offset)); -+ } else { -+ return OrderAccess::load_acquire(double_field_addr(offset)); -+ } - } - inline void oopDesc::release_double_field_put(int offset, jdouble contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store(p->double_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store(p->double_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store(double_field_addr(offset), contents); -+ } - } - - inline address oopDesc::address_field_acquire(int offset) const { -- oop p = bs()->read_barrier((oop) this); -- return (address) OrderAccess::load_ptr_acquire(p->address_field_addr(offset)); -+ if (UseShenandoahGC) { -+ oop p = bs()->read_barrier((oop) this); -+ return (address) OrderAccess::load_ptr_acquire(p->address_field_addr(offset)); -+ } else { -+ return (address) OrderAccess::load_ptr_acquire(address_field_addr(offset)); -+ } - } - inline void oopDesc::release_address_field_put(int offset, address contents) { -- oop p = bs()->write_barrier(this); -- OrderAccess::release_store_ptr(p->address_field_addr(offset), contents); -+ if (UseShenandoahGC) { -+ oop p = bs()->write_barrier(this); -+ OrderAccess::release_store_ptr(p->address_field_addr(offset), contents); -+ } else { -+ OrderAccess::release_store_ptr(address_field_addr(offset), contents); -+ } - } - - inline int oopDesc::size_given_klass(Klass* klass) { -diff --git a/hotspot/src/share/vm/runtime/globals.hpp b/hotspot/src/share/vm/runtime/globals.hpp -index a45c522449..e7c1721c03 100644 ---- a/hotspot/src/share/vm/runtime/globals.hpp -+++ b/hotspot/src/share/vm/runtime/globals.hpp -@@ -216,6 +216,10 @@ define_pd_global(uint64_t,MaxRAM, 1ULL*G); - - #endif // no compilers - -+// Since Shenandoah GC will add read/write barrier, that wii affect the -+// performance of critical, it will disabled forcibly. -+#define UseShenandoahGC false -+ - // string type aliases used only in this file - typedef const char* ccstr; - typedef const char* ccstrlist; // represents string arguments which accumulate -@@ -1427,9 +1431,6 @@ class CommandLineFlags { - product(bool, UseParallelOldGC, false, \ - "Use the Parallel Old garbage collector") \ - \ -- product(bool, UseShenandoahGC, false, \ -- "Use the Shenandoah garbage collector") \ -- \ - product(uintx, HeapMaximumCompactionInterval, 20, \ - "How often should we maximally compact the heap (not allowing " \ - "any dead space)") \ --- -2.19.0 - diff --git a/disable-UseLSE-on-ARMv8.1-by-default.patch b/disable-UseLSE-on-ARMv8.1-by-default.patch index 42134f2063cd9998eb416f0bfc044beb52d813e6..fe71c1809bcb2fb1414fb89b4a7b202c0f448b10 100644 --- a/disable-UseLSE-on-ARMv8.1-by-default.patch +++ b/disable-UseLSE-on-ARMv8.1-by-default.patch @@ -6,7 +6,6 @@ Subject: [PATCH] disable UseLSE on ARMv8.1 by default Summary: : disable UseLSE by default and set UseLSE to experimental LLT: java -XX:+UnlockExperimentalVMOptions -XX:+PrintFlagsFinal -Patch Type: huawei Bug url: NA --- .../hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp | 2 +- diff --git a/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch b/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch new file mode 100644 index 0000000000000000000000000000000000000000..a96b4317cc979c8932150ed9fa2ec3db327da20b --- /dev/null +++ b/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch @@ -0,0 +1,38 @@ +From 7c73365615f00951272310db44dec2939b91b48e Mon Sep 17 00:00:00 2001 +From: songyaofei +Date: Wed, 19 Feb 2020 19:09:39 +0000 +Subject: [PATCH] fix incorrect offset for oop field with weak memory model + +Summary: : add loadload membar in fast_storefield and fast_accessfield to avoid loading a incorrect offset +LLT: N/A +Bug url: N/A +--- + hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp +index 5a619566ae..aa9545ee9c 100644 +--- a/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp ++++ b/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp +@@ -2922,6 +2922,8 @@ void TemplateTable::fast_storefield(TosState state) + // access constant pool cache + __ get_cache_and_index_at_bcp(r2, r1, 1); + ++ __ membar(MacroAssembler::LoadLoad); ++ + // test for volatile with r3 + __ ldrw(r3, Address(r2, in_bytes(base + + ConstantPoolCacheEntry::flags_offset()))); +@@ -3013,6 +3015,9 @@ void TemplateTable::fast_accessfield(TosState state) + + // access constant pool cache + __ get_cache_and_index_at_bcp(r2, r1, 1); ++ ++ __ membar(MacroAssembler::LoadLoad); ++ + __ ldr(r1, Address(r2, in_bytes(ConstantPoolCache::base_offset() + + ConstantPoolCacheEntry::f2_offset()))); + __ ldrw(r3, Address(r2, in_bytes(ConstantPoolCache::base_offset() + +-- +2.12.3 + diff --git a/fix-vendor-info.patch b/fix-vendor-info.patch index bf93e7d63cec162af7278ca51c45d02b2ebf0fd0..3c328dc7bad86c54b2e13e1ba946d17354ab0fc0 100644 --- a/fix-vendor-info.patch +++ b/fix-vendor-info.patch @@ -22,7 +22,7 @@ index c7d34aac64..fa721facea 100644 - return JDK_Version::is_gte_jdk17x_version() ? - "Oracle Corporation" : "Sun Microsystems Inc."; -#endif -+ return "openEuler"; ++ return "Huawei Technologies Co., Ltd"; } @@ -35,15 +35,15 @@ index ff80b0abdd..758cfabb39 100644 /* Third party may overwrite these values. */ #ifndef VENDOR -#define VENDOR "Oracle Corporation" -+#define VENDOR "openEuler" ++#define VENDOR "Huawei Technologies Co., Ltd" #endif #ifndef VENDOR_URL -#define VENDOR_URL "http://java.oracle.com/" -+#define VENDOR_URL "https://openeuler.org/" ++#define VENDOR_URL "http://jdk.rnd.huawei.com/" #endif #ifndef VENDOR_URL_BUG -#define VENDOR_URL_BUG "http://bugreport.sun.com/bugreport/" -+#define VENDOR_URL_BUG "https://gitee.com/openeuler/" ++#define VENDOR_URL_BUG "http://jdk.rnd.huawei.com/" #endif #define JAVA_MAX_SUPPORTED_VERSION 52 diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index e8728d6abfb46eeb8616ba27f72646486fdb464d..f271b7a6cb3c5a18105a3c8e7f83052eff6b32fe 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -167,7 +167,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u232-b09 +%global shenandoah_revision aarch64-shenandoah-jdk8u242-b08 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -190,7 +190,7 @@ # images stub %global jdkimage j2sdk-image # output dir stub -%define buildoutputdir() %{expand:aarch64-shenandoah-jdk8u232-b09/build/jdk8.build%{?1}} +%define buildoutputdir() %{expand:aarch64-shenandoah-jdk8u242-b08/build/jdk8.build%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}%{?1}} # main id and dir of this jdk @@ -427,24 +427,6 @@ exit 0 exit 0 } -%define post_javadoc_zip() %{expand: - -PRIORITY=%{priority} -if [ "%{?1}" == %{debug_suffix} ]; then - let PRIORITY=PRIORITY-1 -fi - -alternatives \\ - --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\ - $PRIORITY --family %{name} -exit 0 -} - -%define postun_javadoc_zip() %{expand: - alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip -exit 0 -} - %define files_jre() %{expand: %{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libjsoundalsa.so %{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libsplashscreen.so @@ -691,12 +673,6 @@ exit 0 %license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE } -%define files_javadoc_zip() %{expand: -%defattr(-,root,root,-) -%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE -} - # not-duplicated requires/provides/obsoletes for normal/debug packages %define java_rpo() %{expand: Requires: fontconfig%{?_isa} @@ -823,7 +799,7 @@ Provides: java-%{javaver}-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 1.h4 +Release: 1.h5 Epoch: 1 Summary: %{origin_nice} Runtime Environment %{majorver} Group: Development/Languages @@ -861,8 +837,6 @@ Source13: TestCryptoLevel.java Source14: TestECDSA.java Patch1: 8160300.patch -Patch2: 8202076.patch -Patch7: delete-read-write-barriers-in-ShenandoahGC.patch Patch8: replace-vector-to-improve-performance-of-xml.validat.patch Patch9: AARCH64-fix-itable-stub-code-size-limit.patch Patch10: 8221658.patch @@ -898,25 +872,32 @@ Patch48: 8158946-JDK-8165808-JDK-8166583-JDK-.patch Patch49: 8146792.patch Patch50: 8047212.patch Patch51: add-with-company-name-option.patch -Patch52: set_HongKong_timezone_to_CTT.patch -Patch53: 8229169.patch -Patch54: X500Name-implemation-change-to-avoid-OOM.patch -Patch55: 8231988.patch Patch56: 8160369.patch Patch57: 8031085.patch Patch58: Reduce-the-probability-of-the-crash-related-to-ciObj.patch -Patch60: 8233839-aarch64-missing-memory-barrier-in-NewObjectA.patch -Patch61: 8231584-Deadlock-with-ClassLoader.findLibrary-and-Sy.patch Patch62: 8165857-CMS-_overflow_list-is-missing-volatile-speci.patch Patch63: 8033552-Fix-missing-missing-volatile-specifiers-in-C.patch -Patch64: 8182397-race-in-field-updates.patch Patch65: 8234264-Incorrrect-8047434-JDK-8-backport-in-8219677.patch Patch67: 8165860-WorkGroup-classes-are-missing-volatile-speci.patch Patch68: 8194154-System-property-user.dir-should-not-be-chang.patch Patch70: 8164948.patch -Patch71: 8154313.patch Patch72: inline-optimize-for-aarch64.patch +# 8u242 +Patch73: PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch +Patch74: 8191915-java.lang.Math.multiplyExact-not-throw-an-ex.patch +Patch75: Add-ability-to-configure-third-port-for-remote-JMX.patch +Patch76: 8203196-C1-emits-incorrect-code-due-to-integer-overf.patch +Patch77: 8190332-PngReader-throws-NegativeArraySizeException-.patch +Patch78: 8171410-aarch64-long-multiplyExact-shifts-by-31-inst.patch +Patch79: 8193255-Root-Certificates-should-be-stored-in-text-f.patch +Patch80: 8227662-freetype-seeks-to-index-at-the-end-of-the-fo.patch +Patch81: fix-incorrect-offset-for-oop-field-with-weak-memory-.patch +Patch82: prohibition-of-irreducible-loop-in-mergers.patch +Patch83: 8204947-Port-ShenandoahTaskTerminator-to-mainline-an.patch +Patch84: 8205921-Optimizing-best-of-2-work-stealing-queue-sel.patch +Patch85: 8139041-Redundant-DMB-instructions.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: alsa-lib-devel @@ -1077,19 +1058,6 @@ BuildArch: noarch The %{origin_nice} %{majorver} API documentation. %endif -%if %{include_normal_build} -%package javadoc-zip -Summary: %{origin_nice} %{majorver} API documentation compressed in single archive -Group: Documentation -Requires: javapackages-filesystem -BuildArch: noarch - -%{java_javadoc_rpo %{nil}} - -%description javadoc-zip -The %{origin_nice} %{majorver} API documentation compressed in single archive. -%endif - %if %{include_debug_build} %package javadoc-slowdebug Summary: %{origin_nice} %{majorver} API documentation %{for_debug} @@ -1103,19 +1071,6 @@ BuildArch: noarch The %{origin_nice} %{majorver} API documentation %{for_debug}. %endif -%if %{include_debug_build} -%package javadoc-zip-slowdebug -Summary: %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug} -Group: Documentation -Requires: javapackages-filesystem -BuildArch: noarch - -%{java_javadoc_rpo -- %{debug_suffix_unquoted}} - -%description javadoc-zip-slowdebug -The %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug}. -%endif - %prep if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then echo "include_normal_build is %{include_normal_build}" @@ -1145,8 +1100,6 @@ pushd %{top_level_dir_name} # OpenJDK patches %patch1 -p1 -%patch2 -p1 -%patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 @@ -1182,24 +1135,29 @@ pushd %{top_level_dir_name} %patch49 -p1 %patch50 -p1 %patch51 -p1 -%patch52 -p1 -%patch53 -p1 -%patch54 -p1 -%patch55 -p1 %patch56 -p1 %patch57 -p1 %patch58 -p1 -%patch60 -p1 -%patch61 -p1 %patch62 -p1 %patch63 -p1 -%patch64 -p1 %patch65 -p1 %patch67 -p1 %patch68 -p1 %patch70 -p1 -%patch71 -p1 %patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 +%patch78 -p1 +%patch79 -p1 +%patch80 -p1 +%patch81 -p1 +%patch82 -p1 +%patch83 -p1 +%patch84 -p1 +%patch85 -p1 popd @@ -1266,8 +1224,6 @@ make \ SCTP_WERROR= \ %{targets} || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false ) -make zip-docs - # the build (erroneously) removes read permissions from some jars # this is a regression in OpenJDK 7 (our compiler): # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 @@ -1435,11 +1391,6 @@ popd # Install Javadoc documentation install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} -built_doc_archive=`echo "jdk-%{javaver}_%{updatever}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/` -cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip - -# FIXME: remove SONAME entries from demo DSOs. See -# https://bugzilla.redhat.com/show_bug.cgi?id=436497 # Find non-documentation demo files. find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ @@ -1540,11 +1491,6 @@ require "copy_jdk_configs.lua" %postun javadoc %{postun_javadoc %{nil}} -%post javadoc-zip -%{post_javadoc_zip %{nil}} - -%postun javadoc-zip -%{postun_javadoc_zip %{nil}} %endif %if %{include_debug_build} @@ -1578,11 +1524,6 @@ require "copy_jdk_configs.lua" %postun javadoc-slowdebug %{postun_javadoc -- %{debug_suffix_unquoted}} -%post javadoc-zip-slowdebug -%{post_javadoc_zip -- %{debug_suffix_unquoted}} - -%postun javadoc-zip-slowdebug -%{postun_javadoc_zip -- %{debug_suffix_unquoted}} %endif %if %{include_normal_build} @@ -1597,8 +1538,6 @@ require "copy_jdk_configs.lua" %if %{include_normal_build} %files headless -# important note, see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue -# all config/noreplace files (and more) have to be declared in pretrans. See pretrans %{files_jre_headless %{nil}} %files devel @@ -1613,15 +1552,12 @@ require "copy_jdk_configs.lua" %files javadoc %{files_javadoc %{nil}} -# this puts huge file to /usr/share -# unluckily ti is really a documentation file -# and unluckily it really is architecture-dependent, as eg. aot and grail are now x86_64 only -# same for debug variant -%files javadoc-zip -%{files_javadoc_zip %{nil}} %endif %changelog +* Tue Mar 20 2020 jdkboy - 1:1.8.0.242-b08.5 +- upgrade openjdk to jdk8u242-b08 + * Tue Mar 12 2020 jdkboy - 1:1.8.0.232-b09.4 - add inline optimize for aarch64 diff --git a/prohibition-of-irreducible-loop-in-mergers.patch b/prohibition-of-irreducible-loop-in-mergers.patch new file mode 100644 index 0000000000000000000000000000000000000000..f70c169cadf50b04d9d0f67f1890ec2ee3df99be --- /dev/null +++ b/prohibition-of-irreducible-loop-in-mergers.patch @@ -0,0 +1,28 @@ +From 34712f6bbc3c2c664ee641c78d4a2f8cfe427880 Mon Sep 17 00:00:00 2001 +From: zhouyong +Date: Fri, 28 Feb 2020 15:17:44 +0000 +Subject: [PATCH] prohibition of irreducible loop in mergers + +Summary: C2Compiler: irreducible loop should not enter merge_many_backedges +LLT: NA +Bug url: NA +--- + hotspot/src/share/vm/opto/loopnode.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hotspot/src/share/vm/opto/loopnode.cpp b/hotspot/src/share/vm/opto/loopnode.cpp +index e2c0645cf8..bbb2e2bf98 100644 +--- a/hotspot/src/share/vm/opto/loopnode.cpp ++++ b/hotspot/src/share/vm/opto/loopnode.cpp +@@ -1542,7 +1542,7 @@ bool IdealLoopTree::beautify_loops( PhaseIdealLoop *phase ) { + // If I am a shared header (multiple backedges), peel off the many + // backedges into a private merge point and use the merge point as + // the one true backedge. +- if( _head->req() > 3 ) { ++ if( _head->req() > 3 && !_irreducible) { + // Merge the many backedges into a single backedge but leave + // the hottest backedge as separate edge for the following peel. + merge_many_backedges( phase ); +-- +2.12.3 + diff --git a/set_HongKong_timezone_to_CTT.patch b/set_HongKong_timezone_to_CTT.patch deleted file mode 100644 index 5c576e0c340be8a5ca53611b79a58adba4a160ea..0000000000000000000000000000000000000000 --- a/set_HongKong_timezone_to_CTT.patch +++ /dev/null @@ -1,268 +0,0 @@ -From 09d4f8a17aff883e7937c048a2da6bcf3feb7894 Mon Sep 17 00:00:00 2001 -From: wangshuai -Date: Thu, 5 Sep 2019 21:45:57 +0000 -Subject: [PATCH] - -Summary: The timezone of HongKong is different from that of other cities in China. -LLT: Local passed the jcstress and JTREG -Bug url: - ---- - jdk/src/share/classes/sun/util/resources/TimeZoneNames.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java | 4 ++-- - jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java | 4 ++-- - 11 files changed, 22 insertions(+), 22 deletions(-) - -diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java -index 2c4b56da7e..27526e3928 100644 ---- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java -+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java -@@ -634,7 +634,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Hovd Time", "HOVT", - "Hovd Summer Time", "HOVST", - "Hovd Time", "HOVT"}}, -@@ -864,7 +864,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java b/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java -index e258618c9d..b8e3dde8ea 100644 ---- a/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java -+++ b/jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Hovd Zeit", "HOVT", - "Hovd Sommerzeit", "HOVST", - "Hovd Zeit", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java b/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java -index ea8887e139..93b24d893e 100644 ---- a/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java -+++ b/jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Hora de Hovd", "HOVT", - "Hora de verano de Hovd", "HOVST", - "Hora de Hovd", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java b/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java -index 58891022d3..f443a028d1 100644 ---- a/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java -+++ b/jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Heure de Hovd", "HOVT", - "Heure d'\u00e9t\u00e9 de Hovd", "HOVST", - "Heure de Hovd", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java b/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java -index 53ab4a6d73..fecfc9474e 100644 ---- a/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java -+++ b/jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Ora di Hovd", "HOVT", - "Ora estiva di Hovd", "HOVST", - "Ora di Hovd", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java b/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java -index 8bec0d7db0..7af8ffc042 100644 ---- a/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java -+++ b/jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"\u30db\u30d6\u30c9\u6642\u9593", "HOVT", - "\u30db\u30d6\u30c9\u590f\u6642\u9593", "HOVST", - "\u30DB\u30D6\u30C9\u6642\u9593", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java b/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java -index 7c72073b73..d8b90b4d3e 100644 ---- a/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java -+++ b/jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Hovd \uc2dc\uac04", "HOVT", - "Hovd \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "HOVST", - "\uD638\uBE0C\uB4DC \uD45C\uC900\uC2DC", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java b/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java -index c65dfa5da7..a202fec6b9 100644 ---- a/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java -+++ b/jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Fuso hor\u00e1rio de Hovd", "HOVT", - "Fuso hor\u00e1rio de ver\u00e3o de Hovd", "HOVST", - "Hor\u00E1rio de Hovd", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java b/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java -index 6ce81e8011..dcaaf6ddeb 100644 ---- a/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java -+++ b/jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"Hovd, normaltid", "HOVT", - "Hovd, sommartid", "HOVST", - "Hovd-tid", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java -index 3e81b6b42c..9360808ca5 100644 ---- a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java -+++ b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"\u79d1\u5e03\u591a\u65f6\u95f4", "HOVT", - "\u79d1\u5e03\u591a\u590f\u4ee4\u65f6", "HOVST", - "\u79D1\u5E03\u591A\u65F6\u95F4", "HOVT"}}, -@@ -862,7 +862,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, -diff --git a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java -index 0233a53f4f..1bfcee78d5 100644 ---- a/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java -+++ b/jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java -@@ -635,7 +635,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { - {"Asia/Harbin", CTT}, - {"Asia/Hebron", EET}, - {"Asia/Ho_Chi_Minh", ICT}, -- {"Asia/Hong_Kong", HKT}, -+ {"Asia/Hong_Kong", CTT}, - {"Asia/Hovd", new String[] {"\u4faf\u5fb7 (Hovd) \u6642\u9593", "HOVT", - "\u4faf\u5fb7 (Hovd) \u590f\u4ee4\u6642\u9593", "HOVST", - "\u4FAF\u5FB7 (Hovd) \u6642\u9593", "HOVT"}}, -@@ -864,7 +864,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { - {"GB", GMTBST}, - {"GB-Eire", GMTBST}, - {"Greenwich", GMT}, -- {"Hongkong", HKT}, -+ {"Hongkong", CTT}, - {"Iceland", GMT}, - {"Iran", IRT}, - {"IST", IST}, --- -2.12.3 -